From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by mx.groups.io with SMTP id smtpd.web10.24058.1653285360652591392
 for <devel@edk2.groups.io>;
 Sun, 22 May 2022 22:56:12 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=JmWTHiqG;
 spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: min.m.xu@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1653285372; x=1684821372;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=YP5zGbSi/PdoZOzz4hnpEKYpOKD0HTrKDJOowfXHuTY=;
  b=JmWTHiqGHZGFnKTXnNIkjuaUs7scWci2yOGnVQU7grWDRv05FXK6vBRu
   svNUYscQqN2iO9WJ9fqltdBpnuvuZI15Z6uzOgXrP8FPFk8GQSwj9VjYt
   vAl6aXzmg0C7P5htB6c77XywFJZJFjmnsajwZqjfiwujOy9ZboNWkR5PR
   gL3XXbQoqSTCa+iPnoeomEB+nmZz/smbqQO3uvzqwMcXHlwxUCuIBLzJu
   VQ4BnRusQJjZuX68hH/678QEMYZlY8AYfVBBxKa6GOQWD54mkSHCxumvI
   tIggBpSpCI65+9S/o0WzZvLM0WCHJaa/96jzqQChtqQj6ZHeQ30Q06Fp+
   g==;
X-IronPort-AV: E=McAfee;i="6400,9594,10355"; a="272833121"
X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; 
   d="scan'208";a="272833121"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:11 -0700
X-IronPort-AV: E=Sophos;i="5.91,245,1647327600"; 
   d="scan'208";a="600459821"
Received: from mxu9-mobl1.ccr.corp.intel.com ([10.249.174.148])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 May 2022 22:56:09 -0700
From: "Min Xu" <min.m.xu@intel.com>
To: devel@edk2.groups.io
Cc: Min Xu <min.m.xu@intel.com>,
	Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jordan Justen <jordan.l.justen@intel.com>,
	Ashish Kalra <ashish.kalra@amd.com>,
	Brijesh Singh <brijesh.singh@amd.com>,
	Erdem Aktas <erdemaktas@google.com>,
	James Bottomley <jejb@linux.ibm.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Sami Mujawar <sami.mujawar@arm.com>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [PATCH 4/4] OvmfPkg: Call MeasureKernelBlob after fetch from fw_cfg
Date: Mon, 23 May 2022 13:55:42 +0800
Message-Id: <c27a97ab34fb80a27f409ca6be8a618cf6415277.1653284206.git.min.m.xu@intel.com>
X-Mailer: git-send-email 2.29.2.windows.2
In-Reply-To: <cover.1653284206.git.min.m.xu@intel.com>
References: <cover.1653284206.git.min.m.xu@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

In QemuKernelLoaderFsDxeEntrypoint we use FetchBlob to read the content
of the kernel/initrd/cmdline from the QEMU fw_cfg interface.  Insert a
call to MeasureKernelBlob after fetching to allow BlobMeasurementLib
implementations to add a measurement step for these blobs.

This will allow confidential computing OVMF builds to add measurement
mechanisms for these blobs that originate from an untrusted source
(QEMU).

In current platforms in OvmfPkg, only IntelTdx supports blob measurement.
So OvmfPkg/IntelTdx/IntelTdxX64.dsc is updated to use
OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf. Other
dsc are using the null implementation of BlobMeasurementLibNull.inf.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
 OvmfPkg/IntelTdx/IntelTdxX64.dsc                    |  1 +
 .../QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c   | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 00bc1255bc4e..2887047316b6 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -611,6 +611,7 @@
   OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.inf {
     <LibraryClasses>
       NULL|OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
+      NULL|OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
   }
   OvmfPkg/VirtioPciDeviceDxe/VirtioPciDeviceDxe.inf
   OvmfPkg/Virtio10Dxe/Virtio10.inf
diff --git a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
index d4f3cd92255f..6720dae1d06c 100644
--- a/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
+++ b/OvmfPkg/QemuKernelLoaderFsDxe/QemuKernelLoaderFsDxe.c
@@ -18,6 +18,7 @@
 #include <Library/BaseLib.h>
 #include <Library/BaseMemoryLib.h>
 #include <Library/BlobVerifierLib.h>
+#include <Library/BlobMeasurementLib.h>
 #include <Library/DebugLib.h>
 #include <Library/DevicePathLib.h>
 #include <Library/MemoryAllocationLib.h>
@@ -1074,6 +1075,18 @@ QemuKernelLoaderFsDxeEntrypoint (
       goto FreeBlobs;
     }
 
+    if ((CurrentBlob->Data > 0) && (CurrentBlob->Size > 0)) {
+      Status = MeasureKernelBlob (
+                 CurrentBlob->Name,
+                 sizeof (CurrentBlob->Name),
+                 CurrentBlob->Data,
+                 CurrentBlob->Size
+                 );
+      if (EFI_ERROR (Status)) {
+        goto FreeBlobs;
+      }
+    }
+
     mTotalBlobBytes += CurrentBlob->Size;
   }
 
-- 
2.29.2.windows.2