From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by mx.groups.io with SMTP id smtpd.web10.24058.1653285360652591392
 for <devel@edk2.groups.io>;
 Sun, 22 May 2022 22:56:09 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=liiA4n4P;
 spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1653285369; x=1684821369;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=sXPPE11uRaQc6rvFGHd9xmVAMjhV8I8yxEKAyXukFf0=;
  b=liiA4n4Pn254BXn8ZKsG/dS9BbCI8Mi3zF8kWtCmN0KZ/TqhrcCWMLmb
   /RP0W8SWjWR1H+1aKD0qdayvL2jwrF+dniVLz7JrdrbIpiRP3yJh/5WeN
   bVXlvQauch/DaLO8cQ6sot7Nbb/seioFqwTjmNAeMYpUtAfC3jydbylUU
   BuN+LmTK/eQurOQxdDUzllPMfIjBNqQ7Y/aLdu763DMczES52pMaed5V+
   O5JzP7tMAoI3RZtqxda4pcjD/RoJILJUO/RXqq0jMaVfejd2cI3UM0BPd
   bO8Ndwxhi52AB00C7288OLxZ+WNRdskfTl0rhZlAaChktWzehHkXCEC4U
   g==;
X-IronPort-AV: E=McAfee;i="6400,9594,10355"; a="272833088"
X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; 
   d="scan'208";a="272833088"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:08 -0700
X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; 
   d="scan'208";a="600459794"
Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.174.148])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:05 -0700
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ashish Kalra <ashish.kalra@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [PATCH 3/4] OvmfPkg: Implement BlobMeasurementLibTdx
Date: Mon, 23 May 2022 13:55:41 +0800
Message-Id: <aff1a118c55c67a4d8f42c3b7106c22de4b8bf68.1653284206.git.min.m.xu@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
In-Reply-To: <cover.1653284206.git.min.m.xu@intel.com>
References: <cover.1653284206.git.min.m.xu@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

OvmfPkg/IntelTdx/BlobMeasurementLibTdx is implemented for measurement
of Kernel blob. It calls EFI_CC_MEASUREMENT_PROTOCOL to do the
measurement.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 .../BlobMeasurementLibTdx/BlobMeasurement.c   | 87 +++++++++++++++++++
 .../BlobMeasurementLibTdx.inf                 | 30 +++++++
 2 files changed, 117 insertions(+)
 create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
 create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf

diff --git a/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
new file mode 100644
index 000000000000..33a2a3502109
--- /dev/null
+++ b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
@@ -0,0 +1,87 @@
+/** @file
+
+  Copyright (C) 2022, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <PiDxe.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Protocol/Tcg2Protocol.h>
+#include <Protocol/CcMeasurement.h>
+#include <Library/BlobVerifierLib.h>
+
+EFI_CC_MEASUREMENT_PROTOCOL  *mCcProtocol = NULL;
+
+/**
+  Measure blob from an external source.
+
+  @param[in] BlobName           The name of the blob
+  @param[in] BlobNameSize       Size of the blob name
+  @param[in] BlobBase           The data of the blob
+  @param[in] BlobSize           The size of the blob in bytes
+
+  @retval EFI_SUCCESS           The blob was measured successfully.
+  @retval Other errors
+**/
+EFI_STATUS
+EFIAPI
+MeasureKernelBlob (
+  IN  CONST CHAR16  *BlobName,
+  IN  UINT32        BlobNameSize,
+  IN  CONST VOID    *BlobBase,
+  IN  UINT32        BlobSize
+  )
+{
+  EFI_STATUS    Status;
+  UINT32        MrIndex;
+  EFI_CC_EVENT  *CcEvent;
+
+  if ((BlobBase == 0) || (BlobSize == 0)) {
+    ASSERT (FALSE);
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (mCcProtocol == NULL) {
+    Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **)&mCcProtocol);
+    if (EFI_ERROR (Status)) {
+      //
+      // EFI_CC_MEASUREMENT_PROTOCOL protocol is not installed.
+      //
+      DEBUG ((DEBUG_ERROR, "%a: EFI_CC_MEASUREMENT_PROTOCOL protocol is not installed.\n", __FUNCTION__));
+      return EFI_NOT_FOUND;
+    }
+  }
+
+  Status = mCcProtocol->MapPcrToMrIndex (mCcProtocol, 4, &MrIndex);
+  if (EFI_ERROR (Status)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  CcEvent = AllocateZeroPool (BlobNameSize + sizeof (EFI_CC_EVENT) - sizeof (CcEvent->Event));
+  if (CcEvent == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  CcEvent->Size                 = BlobNameSize + sizeof (EFI_CC_EVENT) - sizeof (CcEvent->Event);
+  CcEvent->Header.EventType     = EV_PLATFORM_CONFIG_FLAGS;
+  CcEvent->Header.MrIndex       = MrIndex;
+  CcEvent->Header.HeaderSize    = sizeof (EFI_TCG2_EVENT_HEADER);
+  CcEvent->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
+  CopyMem (&CcEvent->Event[0], BlobName, BlobNameSize);
+
+  Status = mCcProtocol->HashLogExtendEvent (
+                          mCcProtocol,
+                          0,
+                          (EFI_PHYSICAL_ADDRESS)(UINTN)BlobBase,
+                          BlobSize,
+                          CcEvent
+                          );
+
+  FreePool (CcEvent);
+
+  return Status;
+}
diff --git a/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
new file mode 100644
index 000000000000..880c60159c3d
--- /dev/null
+++ b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
@@ -0,0 +1,30 @@
+## @file
+#
+#  Copyright (C) 2022, Intel Corporation. All rights reserved.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = BlobMeasurementLibTdx
+  FILE_GUID                      = ac1a8997-9d91-47c4-b18a-dbe0d1a94fde
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BlobMeaurementLib
+
+[Sources]
+  BlobMeasurement.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+
+[Protocols]
+  gEfiCcMeasurementProtocolGuid
-- 
2.29.2.windows.2