From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web10.21317.1639228137939416724 for ; Sat, 11 Dec 2021 05:08:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.com header.s=intel header.b=M/ysj6Su; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1639228138; x=1670764138; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=8VwsvIJuwe8kuQ2z/r+VUzgFGxrMF+JBb2U6xg7qleE=; b=M/ysj6SuhmYITZ598VHBIlkzPX0Vj+yHv6p77mnUnVBrCeakJxyyt5m5 JGjlBxzoldbQ9OwfpXJD5KJTOYLeSSfnXqiZ/qBK6GtkAYOHMVW2dLoCa wk0J9TvB6Yop35Dc+aY6UKW/73dzMee3HURCiOcFgj6JtGpYrJeGV5qxp ZoZuSbWWwU7pUpqkAeQa0y6J5+iT+lXHqE5GoCEyIR8gcg3u+T6HkslMV MXTDrdykvoFQQTzdWN+cLe6ltNsOC5HaFLtRz2ym6XpDBNx3vZRc3l3NU nA4CaV7XFdgEVcFPhiLYrfAzebRn6AxmRxgCx3OJUtT/0hIU91g9bR+1u w==; X-IronPort-AV: E=McAfee;i="6200,9189,10194"; a="324799215" X-IronPort-AV: E=Sophos;i="5.88,198,1635231600"; d="scan'208";a="324799215" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Dec 2021 05:08:56 -0800 X-IronPort-AV: E=Sophos;i="5.88,198,1635231600"; d="scan'208";a="517141113" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.30.197]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Dec 2021 05:08:53 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min Xu , Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ken Lu , Sami Mujawar , Gerd Hoffmann Subject: [PATCH V7 0/3] Introduce CcMeasurementProtocol into EDK2 Date: Sat, 11 Dec 2021 21:08:39 +0800 Message-Id: X-Mailer: git-send-email 2.29.2.windows.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625 If Confidential Computing (Cc) firmware supports measurement and an event is created, CC-Guest firmware is designed to report the event log with the same data structure in TCG-Platform-Firmware-Profile specification with EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 format. The CC-Guest firmware supports measurement. It is designed to produce EFI_CC_MEASUREMENT_PROTOCOL with new GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID to report event log and provides hash capability. Patch #1: Introduce the CC Measurement Protocol definition into MdePkg. Patch #2: Update DxeTpm2MeasureBootLib to support CC based measure boot. Patch #3: Update DxeTpmMeasurementLib to support CC based measurement. Code is at https://github.com/mxu9/edk2/tree/td_protocol.v6 This patch-set has been tested in Intel's internal hardware platform. Both TD and TPM pass the tests. v7 changes: - Rebase the code base (commit: e81a81e5846e) and update patch-set with uncrustify. v6 changes: - Add ASSERT (sizeof (EFI_CC_EVENT) == sizeof (EFI_TCG2_EVENT)) check. - Update the CcMeasureAndLogData () to add CcProtocol pointer as the input parameter. - Tpm20MeasureAndLogData () / Tpm12MeasureAndLogDat () / CcMeasureAndLogData () are made static according to Sami's comments. v5 changes: - Add gEfiCcFinalEventsTableGuid in [Guids] section of MdePkg.dec - DxeTpm2MeasureBootLib and DxeTpmMeasurementLib will first call CC protocol to do the measure boot / measurement. If it is not installed, TCG2 protocol will be located and called. - CreateCcEventFromTcg2Event is removed. This is because CcEvent is similar to Tcg2Event except the MrIndex and PcrIndex. So in the code Tcg2Event will be first created and intialized. If CcMeasurementProtocol is called to do the measure boot, then CcEvent points to Tcg2Event and the MrIndex is adjusted. - Some other minor changes. v4 changes: - Rename TeeMeasurementProtocol to CcMeasurementProtocol based on the discussion in below links: https://edk2.groups.io/g/devel/message/82876 https://edk2.groups.io/g/devel/message/82999 https://edk2.groups.io/g/devel/message/83000 With this protocol, CC based measure boot is supported. TD based measure boot is one of the CC based measure boot. - The spec will be updated according to the changes later. - TdProtocol.h is deleted. Its content is merged into CcMeasurement.h. - Add gEfiCcFinalEventsTableGuid definition in MdePkg.dec - Update the description in DxeTpm2MeasureBootLib.inf and DxeTpmMeasurementLib.inf v3 changes: - Rename TdProtocol to TeeMeasurementProtocol which is a neutral name. With this protocol, TEE based measure boot is supported. TD based measure boot is one of the TEE based measure boot. - The spec will be updated according to the changes later. - Fix errors in DxeTpm2MeasureBootLib. v2 changes: - TD based measure boot is implemented in DxeTpm2MeasureBootLib. This minimize the code changes. - TD based measurement is added. It is implemented in DxeTpmMeasurementLib. - Fix the typo in comments. Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Cc: Jiewen Yao Cc: Jian J Wang Cc: Ken Lu Cc: Sami Mujawar Cc: Gerd Hoffmann Reviewed-by: Sami Mujawar Tested-by: Min Xu Signed-off-by: Min Xu Min Xu (3): MdePkg: Introduce CcMeasurementProtocol for CC Guest firmware SecurityPkg: Support CcMeasurementProtocol in DxeTpm2MeasureBootLib SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib MdePkg/Include/Protocol/CcMeasurement.h | 302 +++++++++++++++ MdePkg/MdePkg.dec | 6 + .../DxeTpm2MeasureBootLib.c | 343 ++++++++++++++---- .../DxeTpm2MeasureBootLib.inf | 3 +- .../DxeTpmMeasurementLib.c | 122 ++++++- .../DxeTpmMeasurementLib.inf | 9 +- 6 files changed, 686 insertions(+), 99 deletions(-) create mode 100644 MdePkg/Include/Protocol/CcMeasurement.h -- 2.29.2.windows.2