OvmfPkg/TdTcg2Pei: Add TdTcg2Pei to install gEdkiiCcPpi

TdTcg2Pei is added to install the gEdkiiCcPpi for a TD-Guest. Cc: Erdem Aktas <erdemaktas@google.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Min Xu <min.m.xu@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
tianocore · Dec 10, 2024 · 7689c0d · 7689c0d
1 parent bdf3c91
commit 7689c0d
Show file tree

Hide file tree

Showing 2 changed files with 246 additions and 0 deletions.
diff --git a/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.c b/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.c
@@ -0,0 +1,196 @@
+/** @file
+  This module implements EDKII CC Measurement PPI.
+
+Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Ppi/CcMeasurement.h>
+#include <Library/DebugLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/TdxLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/HobLib.h>
+#include <Library/TdxHelperLib.h>
+
+/**
+  Do a hash operation on a data buffer, extend a specific RTMR with the hash result,
+  and build a GUIDed HOB recording the event.
+
+  @param[in]      Flags         Bitmap providing additional information.
+  @param[in]      HashData      Physical address of the start of the data buffer
+                                to be hashed, extended, and logged.
+  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData
+  @param[in]      EventType     Type of the Event.
+  @param[in]      MrIndex       CC Mr Index.
+  @param[in]      EventData     Physical address of the start of the data buffer.
+  @param[in]      EventSize     The length, in bytes, of the buffer referenced by EventData.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval Others                The operation failed with an unexpected error.
+
+**/
+EFI_STATUS
+TdxPeiHashLogExtendEvent (
+  IN      UINT64  Flags,
+  IN      UINT8   *HashData,
+  IN      UINT64  HashDataLen,
+  IN      UINT32  EventType,
+  IN      UINT32  MrIndex,
+  IN      UINT8   *EventData,
+  IN      UINT32  EventSize
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Digest[SHA384_DIGEST_SIZE];
+
+  Status = TdxHelperHashAndExtendToRtmr (
+             MrIndex - 1,
+             HashData,
+             (UINTN)HashDataLen,
+             Digest,
+             SHA384_DIGEST_SIZE
+             );
+
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a: HashAndExtendToRtmr failed with %r\n", __func__, Status));
+    return Status;
+  }
+
+  Status = TdxHelperBuildTdxMeasurementGuidHob (
+             MrIndex - 1,
+             EventType,
+             EventData,
+             EventSize,
+             Digest,
+             SHA384_DIGEST_SIZE
+             );
+
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a: BuildTdxMeasurementGuidHob failed with %r\n", __func__, Status));
+  }
+
+  return Status;
+}
+
+/**
+  Do a hash operation on a data buffer, extend a specific RTMR with the hash result,
+  and build a GUIDed HOB recording the event which will be passed to the DXE phase and
+  added into the Event Log.
+
+  @param[in]      This          Indicates the calling context
+  @param[in]      Flags         Bitmap providing additional information.
+  @param[in]      HashData      Physical address of the start of the data buffer to be hashed.
+  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData.
+  @param[in]      NewEventHdr   Pointer to a CC_EVENT_HDR data structure.
+  @param[in]      NewEventData  Pointer to the new event data.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval Others                The operation failed with an unexpected error.
+
+**/
+EFI_STATUS
+EFIAPI
+TdHashLogExtendEvent (
+  IN EDKII_CC_PPI          *This,
+  IN UINT64                Flags,
+  IN EFI_PHYSICAL_ADDRESS  DataToHash,
+  IN UINTN                 DataToHashLen,
+  IN CC_EVENT_HDR          *NewEventHdr,
+  IN UINT8                 *NewEventData
+  )
+{
+  EFI_STATUS  Status;
+
+  DEBUG ((DEBUG_VERBOSE, "TdHashLogExtendEvent ...\n"));
+
+  if ((This == NULL) || (NewEventHdr == NULL)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  //
+  // Do not check hash data size for EV_NO_ACTION event.
+  //
+  if ((NewEventHdr->EventType != EV_NO_ACTION) && (DataToHash == 0)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (NewEventHdr->MrIndex == CC_MR_INDEX_0_MRTD) {
+    DEBUG ((DEBUG_ERROR, "%a: MRTD cannot be extended in TDVF.\n", __func__));
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (NewEventHdr->MrIndex >= CC_MR_INDEX_INVALID) {
+    DEBUG ((DEBUG_ERROR, "%a: MrIndex is invalid. (%d)\n", __func__, NewEventHdr->MrIndex));
+    return EFI_INVALID_PARAMETER;
+  }
+
+  Status = TdxPeiHashLogExtendEvent (
+             Flags,
+             (UINT8 *)(UINTN)DataToHash,
+             DataToHashLen,
+             NewEventHdr->EventType,
+             NewEventHdr->MrIndex,
+             NewEventData,
+             NewEventHdr->EventSize
+             );
+
+  DEBUG ((DEBUG_VERBOSE, "TdHashLogExtendEvent - %r\n", Status));
+  return Status;
+}
+
+EFI_STATUS
+EFIAPI
+TdMapPcrToMrIndex (
+  IN  EDKII_CC_PPI  *This,
+  IN  UINT32        PCRIndex,
+  OUT UINT32        *MrIndex
+  )
+{
+  *MrIndex = TdxHelperMapPcrToMrIndex (PCRIndex);
+
+  return EFI_SUCCESS;
+}
+
+EDKII_CC_PPI  mEdkiiCcPpi = {
+  TdHashLogExtendEvent,
+  TdMapPcrToMrIndex
+};
+
+EFI_PEI_PPI_DESCRIPTOR  mCcPpiList = {
+  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+  &gEdkiiCcPpiGuid,
+  &mEdkiiCcPpi
+};
+
+/**
+  Entry point of this module.
+
+  @param[in] FileHandle   Handle of the file being invoked.
+  @param[in] PeiServices  Describes the list of possible PEI Services.
+
+  @return Status.
+
+**/
+EFI_STATUS
+EFIAPI
+PeimEntryMA (
+  IN       EFI_PEI_FILE_HANDLE  FileHandle,
+  IN CONST EFI_PEI_SERVICES     **PeiServices
+  )
+{
+  EFI_STATUS  Status;
+
+  if (!TdIsEnabled ()) {
+    return EFI_UNSUPPORTED;
+  }
+
+  Status = PeiServicesInstallPpi (&mCcPpiList);
+
+  DEBUG ((DEBUG_INFO, "%a::CC Measurement PPI install Status is %r.\n", __func__, Status));
+
+  return Status;
+}
diff --git a/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.inf b/OvmfPkg/Tcg/TdTcg2Pei/TdTcg2Pei.inf
@@ -0,0 +1,50 @@
+## @file
+#
+#  Produces EDKII_CC_MEASUREMENT_PPI
+#
+# Copyright (c) 2024, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = TdTcg2Pei
+  FILE_GUID                      = fcb3a3d6-6274-411c-a548-bd0e717d533a
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  ENTRY_POINT                    = PeimEntryMA
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = X64
+#
+
+[Sources]
+  TdTcg2Pei.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+  OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+  HobLib
+  PeimEntryPoint
+  PeiServicesLib
+  BaseMemoryLib
+  DebugLib
+  PrintLib
+  TdxLib
+  BaseCryptLib
+  TdxHelperLib
+
+[Ppis]
+  gEdkiiCcPpiGuid
+
+[Guids]
+  gCcEventEntryHobGuid
+
+[Depex]
+  TRUE