TdxMeasurementHob.c@ 108793

Last change on this file since 108793 was 99404, checked in by vboxsync, 2 years ago
Devices/EFI/FirmwareNew: Update to edk2-stable202302 and make it build, bugref:4643
Property svn:eol-style set to `native`
File size: 7.7 KB

Line
1	/** @file
2	Build GuidHob for tdx measurement.
3
4	Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>
5
6	SPDX-License-Identifier: BSD-2-Clause-Patent
7
8	**/
9
10	#include <PiPei.h>
11	#include <Library/BaseLib.h>
12	#include <Library/BaseMemoryLib.h>
13	#include <Library/DebugLib.h>
14	#include <IndustryStandard/Tpm20.h>
15	#include <IndustryStandard/UefiTcgPlatform.h>
16	#include <Library/HobLib.h>
17	#include <Library/PrintLib.h>
18	#include <Library/TcgEventLogRecordLib.h>
19	#include <WorkArea.h>
20
21	#pragma pack(1)
22
23	#define HANDOFF_TABLE_DESC "TdxTable"
24	typedef struct {
25	UINT8 TableDescriptionSize;
26	UINT8 TableDescription[sizeof (HANDOFF_TABLE_DESC)];
27	UINT64 NumberOfTables;
28	EFI_CONFIGURATION_TABLE TableEntry[1];
29	} TDX_HANDOFF_TABLE_POINTERS2;
30
31	#pragma pack()
32
33	#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
34	typedef PLATFORM_FIRMWARE_BLOB2_STRUCT CFV_HANDOFF_TABLE_POINTERS2;
35
36	/**
37	* Build GuidHob for Tdx measurement.
38	*
39	* Tdx measurement includes the measurement of TdHob and CFV. They're measured
40	* and extended to RTMR registers in SEC phase. Because at that moment the Hob
41	* service are not available. So the values of the measurement are saved in
42	* workarea and will be built into GuidHob after the Hob service is ready.
43	*
44	* @param RtmrIndex RTMR index
45	* @param EventType Event type
46	* @param EventData Event data
47	* @param EventSize Size of event data
48	* @param HashValue Hash value
49	* @param HashSize Size of hash
50	*
51	* @retval EFI_SUCCESS Successfully build the GuidHobs
52	* @retval Others Other error as indicated
53	*/
54	STATIC
55	EFI_STATUS
56	BuildTdxMeasurementGuidHob (
57	UINT32 RtmrIndex,
58	UINT32 EventType,
59	UINT8 *EventData,
60	UINT32 EventSize,
61	UINT8 *HashValue,
62	UINT32 HashSize
63	)
64	{
65	VOID *EventHobData;
66	UINT8 *Ptr;
67	TPML_DIGEST_VALUES *TdxDigest;
68
69	if (HashSize != SHA384_DIGEST_SIZE) {
70	return EFI_INVALID_PARAMETER;
71	}
72
73	#define TDX_DIGEST_VALUE_LEN (sizeof (UINT32) + sizeof (TPMI_ALG_HASH) + SHA384_DIGEST_SIZE)
74
75	EventHobData = BuildGuidHob (
76	&gCcEventEntryHobGuid,
77	sizeof (TCG_PCRINDEX) + sizeof (TCG_EVENTTYPE) +
78	TDX_DIGEST_VALUE_LEN +
79	sizeof (UINT32) + EventSize
80	);
81
82	if (EventHobData == NULL) {
83	return EFI_OUT_OF_RESOURCES;
84	}
85
86	Ptr = (UINT8 *)EventHobData;
87
88	//
89	// There are 2 types of measurement registers in TDX: MRTD and RTMR[0-3].
90	// According to UEFI Spec 2.10 Section 38.4.1, RTMR[0-3] is mapped to MrIndex[1-4].
91	// So RtmrIndex must be increased by 1 before the event log is created.
92	//
93	RtmrIndex++;
94	CopyMem (Ptr, &RtmrIndex, sizeof (UINT32));
95	Ptr += sizeof (UINT32);
96
97	CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE));
98	Ptr += sizeof (TCG_EVENTTYPE);
99
100	TdxDigest = (TPML_DIGEST_VALUES *)Ptr;
101	TdxDigest->count = 1;
102	TdxDigest->digests[0].hashAlg = TPM_ALG_SHA384;
103	CopyMem (
104	TdxDigest->digests[0].digest.sha384,
105	HashValue,
106	SHA384_DIGEST_SIZE
107	);
108	Ptr += TDX_DIGEST_VALUE_LEN;
109
110	CopyMem (Ptr, &EventSize, sizeof (UINT32));
111	Ptr += sizeof (UINT32);
112
113	CopyMem (Ptr, (VOID *)EventData, EventSize);
114	Ptr += EventSize;
115
116	return EFI_SUCCESS;
117	}
118
119	/**
120	Get the FvName from the FV header.
121
122	Causion: The FV is untrusted input.
123
124	@param[in] FvBase Base address of FV image.
125	@param[in] FvLength Length of FV image.
126
127	@return FvName pointer
128	@retval NULL FvName is NOT found
129	**/
130	VOID *
131	GetFvName (
132	IN EFI_PHYSICAL_ADDRESS FvBase,
133	IN UINT64 FvLength
134	)
135	{
136	EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
137	EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
138
139	if (FvBase >= MAX_ADDRESS) {
140	return NULL;
141	}
142
143	if (FvLength >= MAX_ADDRESS - FvBase) {
144	return NULL;
145	}
146
147	if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
148	return NULL;
149	}
150
151	FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
152	if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
153	return NULL;
154	}
155
156	if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
157	return NULL;
158	}
159
160	FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
161
162	return &FvExtHeader->FvName;
163	}
164
165	/**
166	Build the GuidHob for tdx measurements which were done in SEC phase.
167	The measurement values are stored in WorkArea.
168
169	@retval EFI_SUCCESS The GuidHob is built successfully
170	@retval Others Other errors as indicated
171	**/
172	EFI_STATUS
173	InternalBuildGuidHobForTdxMeasurement (
174	VOID
175	)
176	{
177	EFI_STATUS Status;
178	OVMF_WORK_AREA *WorkArea;
179	VOID *TdHobList;
180	TDX_HANDOFF_TABLE_POINTERS2 HandoffTables;
181	VOID *FvName;
182	CFV_HANDOFF_TABLE_POINTERS2 FvBlob2;
183	EFI_PHYSICAL_ADDRESS FvBase;
184	UINT64 FvLength;
185	UINT8 *HashValue;
186
187	if (!TdIsEnabled ()) {
188	ASSERT (FALSE);
189	return EFI_UNSUPPORTED;
190	}
191
192	WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
193	if (WorkArea == NULL) {
194	return EFI_ABORTED;
195	}
196
197	Status = EFI_SUCCESS;
198
199	//
200	// Build the GuidHob for TdHob measurement
201	//
202	TdHobList = (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);
203	if (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap & TDX_MEASUREMENT_TDHOB_BITMASK) {
204	HashValue = WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.TdHobHashValue;
205	HandoffTables.TableDescriptionSize = sizeof (HandoffTables.TableDescription);
206	CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (HandoffTables.TableDescription));
207	HandoffTables.NumberOfTables = 1;
208	CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenSpaceGuid);
209	HandoffTables.TableEntry[0].VendorTable = TdHobList;
210
211	Status = BuildTdxMeasurementGuidHob (
212	0, // RtmrIndex
213	EV_EFI_HANDOFF_TABLES2, // EventType
214	(UINT8 *)(UINTN)&HandoffTables, // EventData
215	sizeof (HandoffTables), // EventSize
216	HashValue, // HashValue
217	SHA384_DIGEST_SIZE // HashSize
218	);
219	}
220
221	if (EFI_ERROR (Status)) {
222	ASSERT (FALSE);
223	return Status;
224	}
225
226	//
227	// Build the GuidHob for Cfv measurement
228	//
229	if (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap & TDX_MEASUREMENT_CFVIMG_BITMASK) {
230	HashValue = WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.CfvImgHashValue;
231	FvBase = (UINT64)PcdGet32 (PcdOvmfFlashNvStorageVariableBase);
232	FvLength = (UINT64)PcdGet32 (PcdCfvRawDataSize);
233	FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
234	CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2.BlobDescription));
235	FvName = GetFvName (FvBase, FvLength);
236	if (FvName != NULL) {
237	AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
238	}
239
240	FvBlob2.BlobBase = FvBase;
241	FvBlob2.BlobLength = FvLength;
242
243	Status = BuildTdxMeasurementGuidHob (
244	0, // RtmrIndex
245	EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType
246	(VOID *)&FvBlob2, // EventData
247	sizeof (FvBlob2), // EventSize
248	HashValue, // HashValue
249	SHA384_DIGEST_SIZE // HashSize
250	);
251	}
252
253	if (EFI_ERROR (Status)) {
254	ASSERT (FALSE);
255	return Status;
256	}
257
258	return EFI_SUCCESS;
259	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/Devices/EFI/FirmwareNew/OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c@ 108793

Download in other formats: