TdxMeasurementHob.c@ 108794

Last change on this file since 108794 was 108794, checked in by vboxsync, 2 weeks ago
Devices/EFI/FirmwareNew: Merge edk2-stable202502 from the vendor branch and make it build for the important platforms, bugref:4643
Property svn:eol-style set to `native`
File size: 5.4 KB

Line
1	/** @file
2	Build GuidHob for tdx measurement.
3
4	Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>
5
6	SPDX-License-Identifier: BSD-2-Clause-Patent
7
8	**/
9
10	#include <PiPei.h>
11	#include <Library/BaseLib.h>
12	#include <Library/BaseMemoryLib.h>
13	#include <Library/DebugLib.h>
14	#include <IndustryStandard/Tpm20.h>
15	#include <IndustryStandard/UefiTcgPlatform.h>
16	#include <Library/HobLib.h>
17	#include <Library/PrintLib.h>
18	#include <Library/TcgEventLogRecordLib.h>
19	#include <WorkArea.h>
20	#include <Library/TdxMeasurementLib.h>
21
22	#pragma pack(1)
23
24	#define HANDOFF_TABLE_DESC "TdxTable"
25	typedef struct {
26	UINT8 TableDescriptionSize;
27	UINT8 TableDescription[sizeof (HANDOFF_TABLE_DESC)];
28	UINT64 NumberOfTables;
29	EFI_CONFIGURATION_TABLE TableEntry[1];
30	} TDX_HANDOFF_TABLE_POINTERS2;
31
32	#pragma pack()
33
34	#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
35	typedef PLATFORM_FIRMWARE_BLOB2_STRUCT CFV_HANDOFF_TABLE_POINTERS2;
36
37	/**
38	Get the FvName from the FV header.
39
40	Causion: The FV is untrusted input.
41
42	@param[in] FvBase Base address of FV image.
43	@param[in] FvLength Length of FV image.
44
45	@return FvName pointer
46	@retval NULL FvName is NOT found
47	**/
48	VOID *
49	GetFvName (
50	IN EFI_PHYSICAL_ADDRESS FvBase,
51	IN UINT64 FvLength
52	)
53	{
54	EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
55	EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
56
57	if (FvBase >= MAX_ADDRESS) {
58	return NULL;
59	}
60
61	if (FvLength >= MAX_ADDRESS - FvBase) {
62	return NULL;
63	}
64
65	if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
66	return NULL;
67	}
68
69	FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
70	if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
71	return NULL;
72	}
73
74	if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
75	return NULL;
76	}
77
78	FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
79
80	return &FvExtHeader->FvName;
81	}
82
83	/**
84	Build the GuidHob for tdx measurements which were done in SEC phase.
85	The measurement values are stored in WorkArea.
86
87	@retval EFI_SUCCESS The GuidHob is built successfully
88	@retval Others Other errors as indicated
89	**/
90	EFI_STATUS
91	InternalBuildGuidHobForTdxMeasurement (
92	VOID
93	)
94	{
95	EFI_STATUS Status;
96	OVMF_WORK_AREA *WorkArea;
97	VOID *TdHobList;
98	TDX_HANDOFF_TABLE_POINTERS2 HandoffTables;
99	VOID *FvName;
100	CFV_HANDOFF_TABLE_POINTERS2 FvBlob2;
101	EFI_PHYSICAL_ADDRESS FvBase;
102	UINT64 FvLength;
103	UINT8 *HashValue;
104
105	if (!TdIsEnabled ()) {
106	ASSERT (FALSE);
107	return EFI_UNSUPPORTED;
108	}
109
110	WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
111	if (WorkArea == NULL) {
112	return EFI_ABORTED;
113	}
114
115	Status = EFI_SUCCESS;
116
117	//
118	// Build the GuidHob for TdHob measurement
119	//
120	TdHobList = (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);
121	if (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap & TDX_MEASUREMENT_TDHOB_BITMASK) {
122	HashValue = WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.TdHobHashValue;
123	HandoffTables.TableDescriptionSize = sizeof (HandoffTables.TableDescription);
124	CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (HandoffTables.TableDescription));
125	HandoffTables.NumberOfTables = 1;
126	CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenSpaceGuid);
127	HandoffTables.TableEntry[0].VendorTable = TdHobList;
128
129	Status = TdxMeasurementBuildGuidHob (
130	0, // RtmrIndex
131	EV_EFI_HANDOFF_TABLES2, // EventType
132	(UINT8 *)(UINTN)&HandoffTables, // EventData
133	sizeof (HandoffTables), // EventSize
134	HashValue, // HashValue
135	SHA384_DIGEST_SIZE // HashSize
136	);
137	}
138
139	if (EFI_ERROR (Status)) {
140	ASSERT (FALSE);
141	return Status;
142	}
143
144	//
145	// Build the GuidHob for Cfv measurement
146	//
147	if (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap & TDX_MEASUREMENT_CFVIMG_BITMASK) {
148	HashValue = WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.CfvImgHashValue;
149	FvBase = (UINT64)PcdGet32 (PcdOvmfFlashNvStorageVariableBase);
150	FvLength = (UINT64)PcdGet32 (PcdCfvRawDataSize);
151	FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
152	CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2.BlobDescription));
153	FvName = GetFvName (FvBase, FvLength);
154	if (FvName != NULL) {
155	AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
156	}
157
158	FvBlob2.BlobBase = FvBase;
159	FvBlob2.BlobLength = FvLength;
160
161	Status = TdxMeasurementBuildGuidHob (
162	0, // RtmrIndex
163	EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType
164	(VOID *)&FvBlob2, // EventData
165	sizeof (FvBlob2), // EventSize
166	HashValue, // HashValue
167	SHA384_DIGEST_SIZE // HashSize
168	);
169	}
170
171	if (EFI_ERROR (Status)) {
172	ASSERT (FALSE);
173	return Status;
174	}
175
176	return EFI_SUCCESS;
177	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/Devices/EFI/FirmwareNew/OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c@ 108794

Download in other formats: