* [PATCH 1/3] Security: Add SecTpmMeasurementLibTdx
2022-06-05 1:02 [PATCH 0/3] Introduce SecTpmMeasurementLibTdx Min Xu
@ 2022-06-05 1:02 ` Min Xu
2022-06-05 1:02 ` [PATCH 2/3] OvmfPkg: Implement MeasureHobList/MeasureFvImage Min Xu
` (4 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Min Xu @ 2022-06-05 1:02 UTC (permalink / raw)
To: devel; +Cc: Min M Xu, Jiewen Yao, Jian J Wang
From: Min M Xu <min.m.xu@intel.com>
SecTpmMeasurementLitTdx is an instance of TpmMeasurementLib. It is
designed to used in a Td guest. This lib measures and logs data, and
extendx the measurement result into a specific RTMR.
SecTpmMeasurementLibTdx is a refactored lib of
OvmfPkg/Library/SecMeasurementLibTdx and it just copies
GetMappedRtmrIndex/TdxMeasureAndLogData from that lib. At the end of
this patch-set SecMeasurementLibTdx will be deleted.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
.../SecTpmMeasurementLibTdx.c | 176 ++++++++++++++++++
.../SecTpmMeasurementLibTdx.inf | 34 ++++
SecurityPkg/SecurityPkg.dsc | 2 +
3 files changed, 212 insertions(+)
create mode 100644 SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c
create mode 100644 SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf
diff --git a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c
new file mode 100644
index 000000000000..38887b172dc0
--- /dev/null
+++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c
@@ -0,0 +1,176 @@
+/** @file
+ This library is used by other modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Guid/CcEventHob.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HashLib.h>
+#include <Library/HobLib.h>
+#include <Library/PrintLib.h>
+#include <IndustryStandard/Tpm20.h>
+#include <Protocol/CcMeasurement.h>
+#include <Library/TpmMeasurementLib.h>
+
+#pragma pack(1)
+
+typedef struct {
+ UINT32 Count;
+ TPMI_ALG_HASH HashAlg;
+ BYTE Sha384[SHA384_DIGEST_SIZE];
+} TDX_DIGEST_VALUE;
+
+#pragma pack()
+
+#define INVALID_PCR2MR_INDEX 0xFF
+
+/**
+ Get the mapped RTMR index based on the input PCRIndex.
+ RTMR[0] => PCR[1,7]
+ RTMR[1] => PCR[2,3,4,5]
+ RTMR[2] => PCR[8~15]
+ RTMR[3] => NA
+ Note:
+ PCR[0] is mapped to MRTD and should not appear here.
+ PCR[6] is reserved for OEM. It is not used.
+
+ @param[in] PCRIndex The input PCR index
+
+ @retval UINT8 The mapped RTMR index.
+**/
+UINT8
+GetMappedRtmrIndex (
+ IN UINT32 PCRIndex
+ )
+{
+ UINT8 RtmrIndex;
+
+ if ((PCRIndex == 6) || (PCRIndex == 0) || (PCRIndex > 15)) {
+ DEBUG ((DEBUG_ERROR, "Invalid PCRIndex(%d) map to MR Index.\n", PCRIndex));
+ ASSERT (FALSE);
+ return INVALID_PCR2MR_INDEX;
+ }
+
+ RtmrIndex = 0;
+ if ((PCRIndex == 1) || (PCRIndex == 7)) {
+ RtmrIndex = 0;
+ } else if ((PCRIndex >= 2) && (PCRIndex < 6)) {
+ RtmrIndex = 1;
+ } else if ((PCRIndex >= 8) && (PCRIndex <= 15)) {
+ RtmrIndex = 2;
+ }
+
+ return RtmrIndex;
+}
+
+/**
+ Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TpmMeasureAndLogData (
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen
+ )
+{
+ EFI_STATUS Status;
+ UINT32 RtmrIndex;
+ VOID *EventHobData;
+ TCG_PCR_EVENT2 *TcgPcrEvent2;
+ UINT8 *DigestBuffer;
+ TDX_DIGEST_VALUE *TdxDigest;
+ TPML_DIGEST_VALUES DigestList;
+ UINT8 *Ptr;
+
+ if (!TdIsEnabled ()) {
+ return EFI_UNSUPPORTED;
+ }
+
+ RtmrIndex = GetMappedRtmrIndex (PcrIndex);
+ if (RtmrIndex == INVALID_PCR2MR_INDEX) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ DEBUG ((DEBUG_INFO, "Creating TdTcg2PcrEvent PCR[%d]/RTMR[%d] EventType 0x%x\n", PcrIndex, RtmrIndex, EventType));
+
+ Status = HashAndExtend (
+ RtmrIndex,
+ (VOID *)HashData,
+ HashDataLen,
+ &DigestList
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_INFO, "Failed to HashAndExtend. %r\n", Status));
+ return Status;
+ }
+
+ //
+ // Use TDX_DIGEST_VALUE in the GUID HOB DataLength calculation
+ // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary
+ // which is limited to a SHA384 digest list
+ //
+ EventHobData = BuildGuidHob (
+ &gCcEventEntryHobGuid,
+ sizeof (TcgPcrEvent2->PCRIndex) + sizeof (TcgPcrEvent2->EventType) +
+ sizeof (TDX_DIGEST_VALUE) +
+ sizeof (TcgPcrEvent2->EventSize) + LogLen
+ );
+
+ if (EventHobData == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ Ptr = (UINT8 *)EventHobData;
+ //
+ // Initialize PcrEvent data now
+ //
+ RtmrIndex++;
+ CopyMem (Ptr, &RtmrIndex, sizeof (UINT32));
+ Ptr += sizeof (UINT32);
+ CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE));
+ Ptr += sizeof (TCG_EVENTTYPE);
+
+ DigestBuffer = Ptr;
+
+ TdxDigest = (TDX_DIGEST_VALUE *)DigestBuffer;
+ TdxDigest->Count = 1;
+ TdxDigest->HashAlg = TPM_ALG_SHA384;
+ CopyMem (
+ TdxDigest->Sha384,
+ DigestList.digests[0].digest.sha384,
+ SHA384_DIGEST_SIZE
+ );
+
+ Ptr += sizeof (TDX_DIGEST_VALUE);
+
+ CopyMem (Ptr, &LogLen, sizeof (UINT32));
+ Ptr += sizeof (UINT32);
+ CopyMem (Ptr, EventLog, LogLen);
+ Ptr += LogLen;
+
+ Status = EFI_SUCCESS;
+ return Status;
+}
diff --git a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf
new file mode 100644
index 000000000000..047d3aa80da6
--- /dev/null
+++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf
@@ -0,0 +1,34 @@
+## @file
+# Provides RTMR based measurement functions for Intel Tdx guest.
+#
+# This library provides TpmMeasureAndLogData() in a TDX guest to measure and log data, and
+# extend the measurement result into a specific RTMR.
+#
+# Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = SecTpmMeasurementLibTdx
+ FILE_GUID = 1aeb641c-0324-47bd-b29d-e59671fc4106
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TpmMeasurementLib|SEC
+
+[Sources]
+ SecTpmMeasurementLibTdx.c
+
+[Packages]
+ CryptoPkg/CryptoPkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ MdePkg/MdePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[Guids]
+ gCcEventEntryHobGuid
+
+[LibraryClasses]
+ BaseLib
+ HashLib
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 0d8c997b2f40..d883747474e4 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -95,6 +95,7 @@
[LibraryClasses.X64.SEC]
HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
+ TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf
[LibraryClasses.X64.DXE_DRIVER]
HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
@@ -292,6 +293,7 @@
[Components.X64]
SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
+ SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf
[Components.IA32, Components.X64]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
--
2.29.2.windows.2
^ permalink raw reply related [flat|nested] 8+ messages in thread* [PATCH 2/3] OvmfPkg: Implement MeasureHobList/MeasureFvImage
2022-06-05 1:02 [PATCH 0/3] Introduce SecTpmMeasurementLibTdx Min Xu
2022-06-05 1:02 ` [PATCH 1/3] Security: Add SecTpmMeasurementLibTdx Min Xu
@ 2022-06-05 1:02 ` Min Xu
2022-06-05 1:02 ` [PATCH 3/3] OvmfPkg: Delete SecMeasurementLibTdx Min Xu
` (3 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Min Xu @ 2022-06-05 1:02 UTC (permalink / raw)
To: devel
Cc: Min M Xu, Erdem Aktas, James Bottomley, Jiewen Yao, Tom Lendacky,
Gerd Hoffmann
From: Min M Xu <min.m.xu@intel.com>
MeasureHobList and MeasureFvImage once were implemented in
SecMeasurementTdxLib. The intention of this patch-set is to refactor
SecMeasurementTdxLib to be an instance of TpmMeasurementLib. So these
2 functions (MeasureHobList/MeasureFvImage) are moved to
PeilessStartupLib. This is because:
1. RTMR based trusted boot is implemented in Config-B (See below link)
2. PeilessStartupLib is designed for PEI-less boot and it is the right
place to do the measurement for Hoblist and Config-FV.
Config-B: https://edk2.groups.io/g/devel/message/76367
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +-
OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 186 ++++++++++++++++++
.../PeilessStartupLib/PeilessStartup.c | 1 -
.../PeilessStartupInternal.h | 36 ++++
.../PeilessStartupLib/PeilessStartupLib.inf | 2 +-
5 files changed, 224 insertions(+), 3 deletions(-)
diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
index 43ab8bd089d9..a40f7228b98e 100644
--- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc
+++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc
@@ -527,7 +527,7 @@
OvmfPkg/IntelTdx/Sec/SecMain.inf {
<LibraryClasses>
NULL|MdeModulePkg/Library/LzmaCustomDecompressLib/LzmaCustomDecompressLib.inf
- SecMeasurementLib|OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf
+ TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf
BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf
HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
diff --git a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c b/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
index d240d3b7719f..484fd21057c8 100644
--- a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
+++ b/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
@@ -9,8 +9,34 @@
#include <Library/DebugLib.h>
#include <Guid/VariableFormat.h>
#include <Guid/SystemNvDataGuid.h>
+#include <IndustryStandard/Tpm20.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Library/HobLib.h>
+#include <Library/PrintLib.h>
+#include <Library/TpmMeasurementLib.h>
+
#include "PeilessStartupInternal.h"
+#pragma pack(1)
+
+#define HANDOFF_TABLE_DESC "TdxTable"
+typedef struct {
+ UINT8 TableDescriptionSize;
+ UINT8 TableDescription[sizeof (HANDOFF_TABLE_DESC)];
+ UINT64 NumberOfTables;
+ EFI_CONFIGURATION_TABLE TableEntry[1];
+} TDX_HANDOFF_TABLE_POINTERS2;
+
+#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
+typedef struct {
+ UINT8 BlobDescriptionSize;
+ UINT8 BlobDescription[sizeof (FV_HANDOFF_TABLE_DESC)];
+ EFI_PHYSICAL_ADDRESS BlobBase;
+ UINT64 BlobLength;
+} FV_HANDOFF_TABLE_POINTERS2;
+
+#pragma pack()
+
/**
Check padding data all bit should be 1.
@@ -161,3 +187,163 @@ TdxValidateCfv (
return TRUE;
}
+
+/**
+ Measure the Hoblist passed from the VMM.
+
+ @param[in] VmmHobList The Hoblist pass the firmware
+
+ @retval EFI_SUCCESS Fv image is measured successfully
+ or it has been already measured.
+ @retval Others Other errors as indicated
+**/
+EFI_STATUS
+EFIAPI
+MeasureHobList (
+ IN CONST VOID *VmmHobList
+ )
+{
+ EFI_PEI_HOB_POINTERS Hob;
+ TDX_HANDOFF_TABLE_POINTERS2 HandoffTables;
+ EFI_STATUS Status;
+
+ if (!TdIsEnabled ()) {
+ ASSERT (FALSE);
+ return EFI_UNSUPPORTED;
+ }
+
+ Hob.Raw = (UINT8 *)VmmHobList;
+
+ //
+ // Parse the HOB list until end of list.
+ //
+ while (!END_OF_HOB_LIST (Hob)) {
+ Hob.Raw = GET_NEXT_HOB (Hob);
+ }
+
+ //
+ // Init the log event for HOB measurement
+ //
+
+ HandoffTables.TableDescriptionSize = sizeof (HandoffTables.TableDescription);
+ CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (HandoffTables.TableDescription));
+ HandoffTables.NumberOfTables = 1;
+ CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenSpaceGuid);
+ HandoffTables.TableEntry[0].VendorTable = (VOID *)VmmHobList;
+
+ Status = TpmMeasureAndLogData (
+ 1, // PCRIndex
+ EV_EFI_HANDOFF_TABLES2, // EventType
+ (VOID *)&HandoffTables, // EventData
+ sizeof (HandoffTables), // EventSize
+ (UINT8 *)(UINTN)VmmHobList, // HashData
+ (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)VmmHobList) // HashDataLen
+ );
+
+ if (EFI_ERROR (Status)) {
+ ASSERT (FALSE);
+ }
+
+ return Status;
+}
+
+/**
+ Get the FvName from the FV header.
+
+ Causion: The FV is untrusted input.
+
+ @param[in] FvBase Base address of FV image.
+ @param[in] FvLength Length of FV image.
+
+ @return FvName pointer
+ @retval NULL FvName is NOT found
+**/
+VOID *
+GetFvName (
+ IN EFI_PHYSICAL_ADDRESS FvBase,
+ IN UINT64 FvLength
+ )
+{
+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
+
+ if (FvBase >= MAX_ADDRESS) {
+ return NULL;
+ }
+
+ if (FvLength >= MAX_ADDRESS - FvBase) {
+ return NULL;
+ }
+
+ if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
+ return NULL;
+ }
+
+ FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
+ if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
+ return NULL;
+ }
+
+ if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
+ return NULL;
+ }
+
+ FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
+
+ return &FvExtHeader->FvName;
+}
+
+/**
+ Measure FV image.
+
+ @param[in] FvBase Base address of FV image.
+ @param[in] FvLength Length of FV image.
+ @param[in] PcrIndex Index of PCR
+
+ @retval EFI_SUCCESS Fv image is measured successfully
+ or it has been already measured.
+ @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+
+**/
+EFI_STATUS
+EFIAPI
+MeasureFvImage (
+ IN EFI_PHYSICAL_ADDRESS FvBase,
+ IN UINT64 FvLength,
+ IN UINT8 PcrIndex
+ )
+{
+ EFI_STATUS Status;
+ FV_HANDOFF_TABLE_POINTERS2 FvBlob2;
+ VOID *FvName;
+
+ //
+ // Init the log event for FV measurement
+ //
+ FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
+ CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2.BlobDescription));
+ FvName = GetFvName (FvBase, FvLength);
+ if (FvName != NULL) {
+ AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
+ }
+
+ FvBlob2.BlobBase = FvBase;
+ FvBlob2.BlobLength = FvLength;
+
+ Status = TpmMeasureAndLogData (
+ 1, // PCRIndex
+ EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType
+ (VOID *)&FvBlob2, // EventData
+ sizeof (FvBlob2), // EventSize
+ (UINT8 *)(UINTN)FvBase, // HashData
+ (UINTN)(FvLength) // HashDataLen
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x%x\n", FvBase));
+ ASSERT (FALSE);
+ }
+
+ return Status;
+}
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
index 54236b956c52..fdfefd00d732 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
@@ -20,7 +20,6 @@
#include <ConfidentialComputingGuestAttr.h>
#include <Guid/MemoryTypeInformation.h>
#include <OvmfPlatforms.h>
-#include <Library/SecMeasurementLib.h>
#include "PeilessStartupInternal.h"
#define GET_GPAW_INIT_STATE(INFO) ((UINT8) ((INFO) & 0x3f))
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h
index dd79b8a06b44..74b5f46552c2 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h
@@ -69,4 +69,40 @@ TdxValidateCfv (
IN UINT32 TdxCfvSize
);
+/**
+ Measure the Hoblist passed from the VMM.
+
+ @param[in] VmmHobList The Hoblist pass the firmware
+
+ @retval EFI_SUCCESS Fv image is measured successfully
+ or it has been already measured.
+ @retval Others Other errors as indicated
+**/
+EFI_STATUS
+EFIAPI
+MeasureHobList (
+ IN CONST VOID *VmmHobList
+ );
+
+/**
+ Measure FV image.
+
+ @param[in] FvBase Base address of FV image.
+ @param[in] FvLength Length of FV image.
+ @param[in] PcrIndex Index of PCR
+
+ @retval EFI_SUCCESS Fv image is measured successfully
+ or it has been already measured.
+ @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+
+**/
+EFI_STATUS
+EFIAPI
+MeasureFvImage (
+ IN EFI_PHYSICAL_ADDRESS FvBase,
+ IN UINT64 FvLength,
+ IN UINT8 PcrIndex
+ );
+
#endif
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
index c5d291f02bcd..def50b4b019e 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
@@ -58,7 +58,7 @@
QemuFwCfgLib
PlatformInitLib
HashLib
- SecMeasurementLib
+ TpmMeasurementLib
[Guids]
gEfiHobMemoryAllocModuleGuid
--
2.29.2.windows.2
^ permalink raw reply related [flat|nested] 8+ messages in thread* [PATCH 3/3] OvmfPkg: Delete SecMeasurementLibTdx
2022-06-05 1:02 [PATCH 0/3] Introduce SecTpmMeasurementLibTdx Min Xu
2022-06-05 1:02 ` [PATCH 1/3] Security: Add SecTpmMeasurementLibTdx Min Xu
2022-06-05 1:02 ` [PATCH 2/3] OvmfPkg: Implement MeasureHobList/MeasureFvImage Min Xu
@ 2022-06-05 1:02 ` Min Xu
2022-06-05 2:09 ` [PATCH 0/3] Introduce SecTpmMeasurementLibTdx Yao, Jiewen
` (2 subsequent siblings)
5 siblings, 0 replies; 8+ messages in thread
From: Min Xu @ 2022-06-05 1:02 UTC (permalink / raw)
To: devel; +Cc: Min M Xu, Gerd Hoffmann, Jiewen Yao
From: Min M Xu <min.m.xu@intel.com>
The feature of SecMeasurementLibTdx is replaced by SecTpmMeasurementLibTdx
(which is in SecurityPkg). So SecMeasurementLibTdx is deleted.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
---
OvmfPkg/Include/Library/SecMeasurementLib.h | 46 ---
.../SecMeasurementLib/SecMeasurementLibTdx.c | 340 ------------------
.../SecMeasurementLibTdx.inf | 30 --
OvmfPkg/OvmfPkg.dec | 4 -
4 files changed, 420 deletions(-)
delete mode 100644 OvmfPkg/Include/Library/SecMeasurementLib.h
delete mode 100644 OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c
delete mode 100644 OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf
diff --git a/OvmfPkg/Include/Library/SecMeasurementLib.h b/OvmfPkg/Include/Library/SecMeasurementLib.h
deleted file mode 100644
index ca7a7dc3a9b2..000000000000
--- a/OvmfPkg/Include/Library/SecMeasurementLib.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/** @file
-
- Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
-
- SPDX-License-Identifier: BSD-2-Clause-Patent
-
-**/
-
-#ifndef SEC_MEASUREMENT_LIB_H_
-#define SEC_MEASUREMENT_LIB_H_
-
-/**
- Measure the Hoblist passed from the VMM.
-
- @param[in] VmmHobList The Hoblist pass the firmware
-
- @retval EFI_SUCCESS Fv image is measured successfully
- or it has been already measured.
- @retval Others Other errors as indicated
-**/
-EFI_STATUS
-EFIAPI
-MeasureHobList (
- IN CONST VOID *VmmHobList
- );
-
-/**
- Measure FV image.
-
- @param[in] FvBase Base address of FV image.
- @param[in] FvLength Length of FV image.
- @param[in] PcrIndex Index of PCR
-
- @retval EFI_SUCCESS Fv image is measured successfully
- or it has been already measured.
- @retval Others Other errors as indicated
-**/
-EFI_STATUS
-EFIAPI
-MeasureFvImage (
- IN EFI_PHYSICAL_ADDRESS FvBase,
- IN UINT64 FvLength,
- IN UINT8 PcrIndex
- );
-
-#endif
diff --git a/OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c b/OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c
deleted file mode 100644
index 274fda1e563e..000000000000
--- a/OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/** @file
-*
-* Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
-* SPDX-License-Identifier: BSD-2-Clause-Patent
-*
-**/
-
-#include <PiPei.h>
-#include <Guid/CcEventHob.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/DebugLib.h>
-#include <Library/HashLib.h>
-#include <Library/HobLib.h>
-#include <Library/PrintLib.h>
-#include <IndustryStandard/Tpm20.h>
-#include <Protocol/CcMeasurement.h>
-#include <Library/SecMeasurementLib.h>
-
-#pragma pack(1)
-
-typedef struct {
- UINT32 count;
- TPMI_ALG_HASH hashAlg;
- BYTE sha384[SHA384_DIGEST_SIZE];
-} TDX_DIGEST_VALUE;
-
-#define HANDOFF_TABLE_DESC "TdxTable"
-typedef struct {
- UINT8 TableDescriptionSize;
- UINT8 TableDescription[sizeof (HANDOFF_TABLE_DESC)];
- UINT64 NumberOfTables;
- EFI_CONFIGURATION_TABLE TableEntry[1];
-} TDX_HANDOFF_TABLE_POINTERS2;
-
-#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
-typedef struct {
- UINT8 BlobDescriptionSize;
- UINT8 BlobDescription[sizeof (FV_HANDOFF_TABLE_DESC)];
- EFI_PHYSICAL_ADDRESS BlobBase;
- UINT64 BlobLength;
-} FV_HANDOFF_TABLE_POINTERS2;
-
-#pragma pack()
-
-#define INVALID_PCR2MR_INDEX 0xFF
-
-/**
- RTMR[0] => PCR[1,7]
- RTMR[1] => PCR[2,3,4,5]
- RTMR[2] => PCR[8~15]
- RTMR[3] => NA
- Note:
- PCR[0] is mapped to MRTD and should not appear here.
- PCR[6] is reserved for OEM. It is not used.
-**/
-UINT8
-GetMappedRtmrIndex (
- UINT32 PCRIndex
- )
-{
- UINT8 RtmrIndex;
-
- if ((PCRIndex == 6) || (PCRIndex == 0) || (PCRIndex > 15)) {
- DEBUG ((DEBUG_ERROR, "Invalid PCRIndex(%d) map to MR Index.\n", PCRIndex));
- ASSERT (FALSE);
- return INVALID_PCR2MR_INDEX;
- }
-
- RtmrIndex = 0;
- if ((PCRIndex == 1) || (PCRIndex == 7)) {
- RtmrIndex = 0;
- } else if ((PCRIndex >= 2) && (PCRIndex < 6)) {
- RtmrIndex = 1;
- } else if ((PCRIndex >= 8) && (PCRIndex <= 15)) {
- RtmrIndex = 2;
- }
-
- return RtmrIndex;
-}
-
-/**
- Tpm measure and log data, and extend the measurement result into a specific PCR.
-
- @param[in] PcrIndex PCR Index.
- @param[in] EventType Event type.
- @param[in] EventLog Measurement event log.
- @param[in] LogLen Event log length in bytes.
- @param[in] HashData The start of the data buffer to be hashed, extended.
- @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_UNSUPPORTED TPM device not available.
- @retval EFI_OUT_OF_RESOURCES Out of memory.
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-TdxMeasureAndLogData (
- IN UINT32 PcrIndex,
- IN UINT32 EventType,
- IN VOID *EventLog,
- IN UINT32 LogLen,
- IN VOID *HashData,
- IN UINT64 HashDataLen
- )
-{
- EFI_STATUS Status;
- UINT32 RtmrIndex;
- VOID *EventHobData;
- TCG_PCR_EVENT2 *TcgPcrEvent2;
- UINT8 *DigestBuffer;
- TDX_DIGEST_VALUE *TdxDigest;
- TPML_DIGEST_VALUES DigestList;
- UINT8 *Ptr;
-
- RtmrIndex = GetMappedRtmrIndex (PcrIndex);
- if (RtmrIndex == INVALID_PCR2MR_INDEX) {
- return EFI_INVALID_PARAMETER;
- }
-
- DEBUG ((DEBUG_INFO, "Creating TdTcg2PcrEvent PCR[%d]/RTMR[%d] EventType 0x%x\n", PcrIndex, RtmrIndex, EventType));
-
- Status = HashAndExtend (
- RtmrIndex,
- (VOID *)HashData,
- HashDataLen,
- &DigestList
- );
-
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_INFO, "Failed to HashAndExtend. %r\n", Status));
- return Status;
- }
-
- //
- // Use TDX_DIGEST_VALUE in the GUID HOB DataLength calculation
- // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary
- // which is limited to a SHA384 digest list
- //
- EventHobData = BuildGuidHob (
- &gCcEventEntryHobGuid,
- sizeof (TcgPcrEvent2->PCRIndex) + sizeof (TcgPcrEvent2->EventType) +
- sizeof (TDX_DIGEST_VALUE) +
- sizeof (TcgPcrEvent2->EventSize) + LogLen
- );
-
- if (EventHobData == NULL) {
- return EFI_OUT_OF_RESOURCES;
- }
-
- Ptr = (UINT8 *)EventHobData;
- //
- // Initialize PcrEvent data now
- //
- RtmrIndex++;
- CopyMem (Ptr, &RtmrIndex, sizeof (UINT32));
- Ptr += sizeof (UINT32);
- CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE));
- Ptr += sizeof (TCG_EVENTTYPE);
-
- DigestBuffer = Ptr;
-
- TdxDigest = (TDX_DIGEST_VALUE *)DigestBuffer;
- TdxDigest->count = 1;
- TdxDigest->hashAlg = TPM_ALG_SHA384;
- CopyMem (
- TdxDigest->sha384,
- DigestList.digests[0].digest.sha384,
- SHA384_DIGEST_SIZE
- );
-
- Ptr += sizeof (TDX_DIGEST_VALUE);
-
- CopyMem (Ptr, &LogLen, sizeof (UINT32));
- Ptr += sizeof (UINT32);
- CopyMem (Ptr, EventLog, LogLen);
- Ptr += LogLen;
-
- Status = EFI_SUCCESS;
- return Status;
-}
-
-/**
- Measure the Hoblist passed from the VMM.
-
- @param[in] VmmHobList The Hoblist pass the firmware
-
- @retval EFI_SUCCESS Fv image is measured successfully
- or it has been already measured.
- @retval Others Other errors as indicated
-**/
-EFI_STATUS
-EFIAPI
-MeasureHobList (
- IN CONST VOID *VmmHobList
- )
-{
- EFI_PEI_HOB_POINTERS Hob;
- TDX_HANDOFF_TABLE_POINTERS2 HandoffTables;
- EFI_STATUS Status;
-
- if (!TdIsEnabled ()) {
- ASSERT (FALSE);
- return EFI_UNSUPPORTED;
- }
-
- Hob.Raw = (UINT8 *)VmmHobList;
-
- //
- // Parse the HOB list until end of list.
- //
- while (!END_OF_HOB_LIST (Hob)) {
- Hob.Raw = GET_NEXT_HOB (Hob);
- }
-
- //
- // Init the log event for HOB measurement
- //
-
- HandoffTables.TableDescriptionSize = sizeof (HandoffTables.TableDescription);
- CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (HandoffTables.TableDescription));
- HandoffTables.NumberOfTables = 1;
- CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenSpaceGuid);
- HandoffTables.TableEntry[0].VendorTable = (VOID *)VmmHobList;
-
- Status = TdxMeasureAndLogData (
- 1, // PCRIndex
- EV_EFI_HANDOFF_TABLES2, // EventType
- (VOID *)&HandoffTables, // EventData
- sizeof (HandoffTables), // EventSize
- (UINT8 *)(UINTN)VmmHobList, // HashData
- (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)VmmHobList) // HashDataLen
- );
-
- if (EFI_ERROR (Status)) {
- ASSERT (FALSE);
- }
-
- return Status;
-}
-
-/**
- Get the FvName from the FV header.
-
- Causion: The FV is untrusted input.
-
- @param[in] FvBase Base address of FV image.
- @param[in] FvLength Length of FV image.
-
- @return FvName pointer
- @retval NULL FvName is NOT found
-**/
-VOID *
-GetFvName (
- IN EFI_PHYSICAL_ADDRESS FvBase,
- IN UINT64 FvLength
- )
-{
- EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
- EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
-
- if (FvBase >= MAX_ADDRESS) {
- return NULL;
- }
-
- if (FvLength >= MAX_ADDRESS - FvBase) {
- return NULL;
- }
-
- if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
- return NULL;
- }
-
- FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
- if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
- return NULL;
- }
-
- if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
- return NULL;
- }
-
- FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
-
- return &FvExtHeader->FvName;
-}
-
-/**
- Measure FV image.
-
- @param[in] FvBase Base address of FV image.
- @param[in] FvLength Length of FV image.
- @param[in] PcrIndex Index of PCR
-
- @retval EFI_SUCCESS Fv image is measured successfully
- or it has been already measured.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-
-**/
-EFI_STATUS
-EFIAPI
-MeasureFvImage (
- IN EFI_PHYSICAL_ADDRESS FvBase,
- IN UINT64 FvLength,
- IN UINT8 PcrIndex
- )
-{
- EFI_STATUS Status;
- FV_HANDOFF_TABLE_POINTERS2 FvBlob2;
- VOID *FvName;
-
- //
- // Init the log event for FV measurement
- //
- FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
- CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2.BlobDescription));
- FvName = GetFvName (FvBase, FvLength);
- if (FvName != NULL) {
- AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
- }
-
- FvBlob2.BlobBase = FvBase;
- FvBlob2.BlobLength = FvLength;
-
- Status = TdxMeasureAndLogData (
- 1, // PCRIndex
- EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType
- (VOID *)&FvBlob2, // EventData
- sizeof (FvBlob2), // EventSize
- (UINT8 *)(UINTN)FvBase, // HashData
- (UINTN)(FvLength) // HashDataLen
- );
-
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x%x\n", FvBase));
- ASSERT (FALSE);
- }
-
- return Status;
-}
diff --git a/OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf b/OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf
deleted file mode 100644
index 6215df5af8fc..000000000000
--- a/OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf
+++ /dev/null
@@ -1,30 +0,0 @@
-#/** @file
-#
-# Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
-# SPDX-License-Identifier: BSD-2-Clause-Patent
-#
-#**/
-
-[Defines]
- INF_VERSION = 0x00010005
- BASE_NAME = SecMeasurementLibTdx
- FILE_GUID = 3e3fc69d-e834-40e9-96ed-e1e721f41883
- MODULE_TYPE = BASE
- VERSION_STRING = 1.0
- LIBRARY_CLASS = SecMeasurementLib
-
-[Sources]
- SecMeasurementLibTdx.c
-
-[Packages]
- MdePkg/MdePkg.dec
- OvmfPkg/OvmfPkg.dec
- CryptoPkg/CryptoPkg.dec
- SecurityPkg/SecurityPkg.dec
-
-[Guids]
- gCcEventEntryHobGuid
- gUefiOvmfPkgTokenSpaceGuid
-
-[LibraryClasses]
- HashLib
diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 5fe487f82d1a..7b114a5e63b2 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -125,10 +125,6 @@
#
PeilessStartupLib|Include/Library/PeilessStartupLib.h
- ## @libraryclass SecMeasurementLib
- #
- SecMeasurementLib|Include/Library/SecMeasurementLib.h
-
[Guids]
gUefiOvmfPkgTokenSpaceGuid = {0x93bb96af, 0xb9f2, 0x4eb8, {0x94, 0x62, 0xe0, 0xba, 0x74, 0x56, 0x42, 0x36}}
gEfiXenInfoGuid = {0xd3b46f3b, 0xd441, 0x1244, {0x9a, 0x12, 0x0, 0x12, 0x27, 0x3f, 0xc1, 0x4d}}
--
2.29.2.windows.2
^ permalink raw reply related [flat|nested] 8+ messages in thread* Re: [PATCH 0/3] Introduce SecTpmMeasurementLibTdx
2022-06-05 1:02 [PATCH 0/3] Introduce SecTpmMeasurementLibTdx Min Xu
` (2 preceding siblings ...)
2022-06-05 1:02 ` [PATCH 3/3] OvmfPkg: Delete SecMeasurementLibTdx Min Xu
@ 2022-06-05 2:09 ` Yao, Jiewen
2022-06-07 10:34 ` Gerd Hoffmann
[not found] ` <16F5977C8286B4B6.24312@groups.io>
5 siblings, 0 replies; 8+ messages in thread
From: Yao, Jiewen @ 2022-06-05 2:09 UTC (permalink / raw)
To: Xu, Min M, devel@edk2.groups.io
Cc: Wang, Jian J, Aktas, Erdem, James Bottomley, Tom Lendacky,
Gerd Hoffmann
Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
> -----Original Message-----
> From: Xu, Min M <min.m.xu@intel.com>
> Sent: Sunday, June 5, 2022 9:03 AM
> To: devel@edk2.groups.io
> Cc: Xu, Min M <min.m.xu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Aktas, Erdem
> <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>; Tom
> Lendacky <thomas.lendacky@amd.com>; Gerd Hoffmann <kraxel@redhat.com>
> Subject: [PATCH 0/3] Introduce SecTpmMeasurementLibTdx
>
> SecTpmMeasurementLibTdx is an instance of TpmMeasurement lib in SEC phase.
> It provides RTMR based measurement functions for Intel Tdx guest.
>
> Commit a708536dce introduces SecMeasurementLibTdx which provides the
> same
> functions. But it is not an instance of TpmMeasurementLib.
> We have updated DxeTpmMeasurementLib (which is an instance of
> TpmMeasurementLib) to support RTMR based measurement. To make the
> design
> consistent, SecTpmMeasurementLibTdx is introduced. After that
> SecMeasurementLibTdx is removed.
>
> Patch #1:
> Introduce SecMeasurementLibTdx
> Patch #2:
> Update OvmfPkg to support MeasureHobList/MeasureFvImage with
> SecMeasurementLibTdx.
> Patch #3:
> Remove SecMeasurementLibTdx.
>
> Code: https://github.com/mxu9/edk2/tree/secMeasurementLib.v1
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Erdem Aktas <erdemaktas@google.com>
> Cc: James Bottomley <jejb@linux.ibm.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> Signed-off-by: Min Xu <min.m.xu@intel.com>
>
> Min M Xu (3):
> Security: Add SecTpmMeasurementLibTdx
> OvmfPkg: Implement MeasureHobList/MeasureFvImage
> OvmfPkg: Delete SecMeasurementLibTdx
>
> OvmfPkg/Include/Library/SecMeasurementLib.h | 46 ---
> OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +-
> OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 186 ++++++++++
> .../PeilessStartupLib/PeilessStartup.c | 1 -
> .../PeilessStartupInternal.h | 36 ++
> .../PeilessStartupLib/PeilessStartupLib.inf | 2 +-
> .../SecMeasurementLib/SecMeasurementLibTdx.c | 340 ------------------
> .../SecMeasurementLibTdx.inf | 30 --
> OvmfPkg/OvmfPkg.dec | 4 -
> .../SecTpmMeasurementLibTdx.c | 176 +++++++++
> .../SecTpmMeasurementLibTdx.inf | 34 ++
> SecurityPkg/SecurityPkg.dsc | 2 +
> 12 files changed, 436 insertions(+), 423 deletions(-)
> delete mode 100644 OvmfPkg/Include/Library/SecMeasurementLib.h
> delete mode 100644
> OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c
> delete mode 100644
> OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf
> create mode 100644
> SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c
> create mode 100644
> SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf
>
> --
> 2.29.2.windows.2
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH 0/3] Introduce SecTpmMeasurementLibTdx
2022-06-05 1:02 [PATCH 0/3] Introduce SecTpmMeasurementLibTdx Min Xu
` (3 preceding siblings ...)
2022-06-05 2:09 ` [PATCH 0/3] Introduce SecTpmMeasurementLibTdx Yao, Jiewen
@ 2022-06-07 10:34 ` Gerd Hoffmann
2022-06-07 11:37 ` Yao, Jiewen
[not found] ` <16F5977C8286B4B6.24312@groups.io>
5 siblings, 1 reply; 8+ messages in thread
From: Gerd Hoffmann @ 2022-06-07 10:34 UTC (permalink / raw)
To: Min Xu
Cc: devel, Jiewen Yao, Jian J Wang, Erdem Aktas, James Bottomley,
Tom Lendacky
On Sun, Jun 05, 2022 at 09:02:45AM +0800, Min Xu wrote:
> SecTpmMeasurementLibTdx is an instance of TpmMeasurement lib in SEC phase.
> It provides RTMR based measurement functions for Intel Tdx guest.
>
> Commit a708536dce introduces SecMeasurementLibTdx which provides the same
> functions. But it is not an instance of TpmMeasurementLib.
> We have updated DxeTpmMeasurementLib (which is an instance of
> TpmMeasurementLib) to support RTMR based measurement. To make the design
> consistent, SecTpmMeasurementLibTdx is introduced. After that
> SecMeasurementLibTdx is removed.
So, what is the difference? Just make the calling convention compatible
with TpmMeasurementLib?
take care,
Gerd
^ permalink raw reply [flat|nested] 8+ messages in thread* Re: [PATCH 0/3] Introduce SecTpmMeasurementLibTdx
2022-06-07 10:34 ` Gerd Hoffmann
@ 2022-06-07 11:37 ` Yao, Jiewen
0 siblings, 0 replies; 8+ messages in thread
From: Yao, Jiewen @ 2022-06-07 11:37 UTC (permalink / raw)
To: Gerd Hoffmann, Xu, Min M
Cc: devel@edk2.groups.io, Wang, Jian J, Aktas, Erdem, James Bottomley,
Tom Lendacky
The previous patch created a new instance SecTpmMeasurementLibTdx, which is not a best idea.
If we can use the existing instance, there is no need to create a new one. Just create a new instance.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Gerd Hoffmann <kraxel@redhat.com>
> Sent: Tuesday, June 7, 2022 6:35 PM
> To: Xu, Min M <min.m.xu@intel.com>
> Cc: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>; Aktas, Erdem <erdemaktas@google.com>; James
> Bottomley <jejb@linux.ibm.com>; Tom Lendacky <thomas.lendacky@amd.com>
> Subject: Re: [PATCH 0/3] Introduce SecTpmMeasurementLibTdx
>
> On Sun, Jun 05, 2022 at 09:02:45AM +0800, Min Xu wrote:
> > SecTpmMeasurementLibTdx is an instance of TpmMeasurement lib in SEC
> phase.
> > It provides RTMR based measurement functions for Intel Tdx guest.
> >
> > Commit a708536dce introduces SecMeasurementLibTdx which provides the
> same
> > functions. But it is not an instance of TpmMeasurementLib.
> > We have updated DxeTpmMeasurementLib (which is an instance of
> > TpmMeasurementLib) to support RTMR based measurement. To make the
> design
> > consistent, SecTpmMeasurementLibTdx is introduced. After that
> > SecMeasurementLibTdx is removed.
>
> So, what is the difference? Just make the calling convention compatible
> with TpmMeasurementLib?
>
> take care,
> Gerd
^ permalink raw reply [flat|nested] 8+ messages in thread
[parent not found: <16F5977C8286B4B6.24312@groups.io>]
* Re: [edk2-devel] [PATCH 0/3] Introduce SecTpmMeasurementLibTdx
[not found] ` <16F5977C8286B4B6.24312@groups.io>
@ 2022-06-07 11:33 ` Yao, Jiewen
0 siblings, 0 replies; 8+ messages in thread
From: Yao, Jiewen @ 2022-06-07 11:33 UTC (permalink / raw)
To: devel@edk2.groups.io, Yao, Jiewen, Xu, Min M
Cc: Wang, Jian J, Aktas, Erdem, James Bottomley, Tom Lendacky,
Gerd Hoffmann
Merged https://github.com/tianocore/edk2/pull/2951
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
> Sent: Sunday, June 5, 2022 10:10 AM
> To: Xu, Min M <min.m.xu@intel.com>; devel@edk2.groups.io
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Aktas, Erdem
> <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>; Tom
> Lendacky <thomas.lendacky@amd.com>; Gerd Hoffmann <kraxel@redhat.com>
> Subject: Re: [edk2-devel] [PATCH 0/3] Introduce SecTpmMeasurementLibTdx
>
> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>
> > -----Original Message-----
> > From: Xu, Min M <min.m.xu@intel.com>
> > Sent: Sunday, June 5, 2022 9:03 AM
> > To: devel@edk2.groups.io
> > Cc: Xu, Min M <min.m.xu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> > Wang, Jian J <jian.j.wang@intel.com>; Aktas, Erdem
> > <erdemaktas@google.com>; James Bottomley <jejb@linux.ibm.com>; Tom
> > Lendacky <thomas.lendacky@amd.com>; Gerd Hoffmann
> <kraxel@redhat.com>
> > Subject: [PATCH 0/3] Introduce SecTpmMeasurementLibTdx
> >
> > SecTpmMeasurementLibTdx is an instance of TpmMeasurement lib in SEC
> phase.
> > It provides RTMR based measurement functions for Intel Tdx guest.
> >
> > Commit a708536dce introduces SecMeasurementLibTdx which provides the
> > same
> > functions. But it is not an instance of TpmMeasurementLib.
> > We have updated DxeTpmMeasurementLib (which is an instance of
> > TpmMeasurementLib) to support RTMR based measurement. To make the
> > design
> > consistent, SecTpmMeasurementLibTdx is introduced. After that
> > SecMeasurementLibTdx is removed.
> >
> > Patch #1:
> > Introduce SecMeasurementLibTdx
> > Patch #2:
> > Update OvmfPkg to support MeasureHobList/MeasureFvImage with
> > SecMeasurementLibTdx.
> > Patch #3:
> > Remove SecMeasurementLibTdx.
> >
> > Code: https://github.com/mxu9/edk2/tree/secMeasurementLib.v1
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Erdem Aktas <erdemaktas@google.com>
> > Cc: James Bottomley <jejb@linux.ibm.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > Cc: Gerd Hoffmann <kraxel@redhat.com>
> > Signed-off-by: Min Xu <min.m.xu@intel.com>
> >
> > Min M Xu (3):
> > Security: Add SecTpmMeasurementLibTdx
> > OvmfPkg: Implement MeasureHobList/MeasureFvImage
> > OvmfPkg: Delete SecMeasurementLibTdx
> >
> > OvmfPkg/Include/Library/SecMeasurementLib.h | 46 ---
> > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +-
> > OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 186 ++++++++++
> > .../PeilessStartupLib/PeilessStartup.c | 1 -
> > .../PeilessStartupInternal.h | 36 ++
> > .../PeilessStartupLib/PeilessStartupLib.inf | 2 +-
> > .../SecMeasurementLib/SecMeasurementLibTdx.c | 340 ------------------
> > .../SecMeasurementLibTdx.inf | 30 --
> > OvmfPkg/OvmfPkg.dec | 4 -
> > .../SecTpmMeasurementLibTdx.c | 176 +++++++++
> > .../SecTpmMeasurementLibTdx.inf | 34 ++
> > SecurityPkg/SecurityPkg.dsc | 2 +
> > 12 files changed, 436 insertions(+), 423 deletions(-)
> > delete mode 100644 OvmfPkg/Include/Library/SecMeasurementLib.h
> > delete mode 100644
> > OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.c
> > delete mode 100644
> > OvmfPkg/Library/SecMeasurementLib/SecMeasurementLibTdx.inf
> > create mode 100644
> > SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c
> > create mode 100644
> > SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.inf
> >
> > --
> > 2.29.2.windows.2
>
>
>
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread