Google Git
Sign in
qemu/edk2/b98ccecdecec0bb768e6e5bd4df1694de87ad42f/./OvmfPkg/IntelTdx/TdxHelperLib/TdxMeasurementHob.c
blob: 9a2220be71ab1c477c6fee6e0441cff989ab92c0 [file] [log] [blame]
/** @file
Build GuidHob for tdx measurement.
Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiPei.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
#include <IndustryStandard/Tpm20.h>
#include <IndustryStandard/UefiTcgPlatform.h>
#include <Library/HobLib.h>
#include <Library/PrintLib.h>
#include <Library/TcgEventLogRecordLib.h>
#include <WorkArea.h>
#include <Library/TdxMeasurementLib.h>
#pragma pack(1)
#define HANDOFF_TABLE_DESC "TdxTable"
typedef struct {
UINT8 TableDescriptionSize;
UINT8 TableDescription[sizeof (HANDOFF_TABLE_DESC)];
UINT64 NumberOfTables;
EFI_CONFIGURATION_TABLE TableEntry[1];
} TDX_HANDOFF_TABLE_POINTERS2;
#pragma pack()
#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
typedef PLATFORM_FIRMWARE_BLOB2_STRUCT CFV_HANDOFF_TABLE_POINTERS2;
/**
Get the FvName from the FV header.
Causion: The FV is untrusted input.
@param[in] FvBase Base address of FV image.
@param[in] FvLength Length of FV image.
@return FvName pointer
@retval NULL FvName is NOT found
**/
VOID *
GetFvName (
IN EFI_PHYSICAL_ADDRESS FvBase,
IN UINT64 FvLength
)
{
EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
if (FvBase >= MAX_ADDRESS) {
return NULL;
}
if (FvLength >= MAX_ADDRESS - FvBase) {
return NULL;
}
if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL;
}
FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL;
}
if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
return NULL;
}
FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
return &FvExtHeader->FvName;
}
/**
Build the GuidHob for tdx measurements which were done in SEC phase.
The measurement values are stored in WorkArea.
@retval EFI_SUCCESS The GuidHob is built successfully
@retval Others Other errors as indicated
**/
EFI_STATUS
InternalBuildGuidHobForTdxMeasurement (
VOID
)
{
EFI_STATUS Status;
OVMF_WORK_AREA *WorkArea;
VOID *TdHobList;
TDX_HANDOFF_TABLE_POINTERS2 HandoffTables;
VOID *FvName;
CFV_HANDOFF_TABLE_POINTERS2 FvBlob2;
EFI_PHYSICAL_ADDRESS FvBase;
UINT64 FvLength;
UINT8 *HashValue;
if (!TdIsEnabled ()) {
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
if (WorkArea == NULL) {
return EFI_ABORTED;
}
Status = EFI_SUCCESS;
//
// Build the GuidHob for TdHob measurement
//
TdHobList = (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);
if (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap & TDX_MEASUREMENT_TDHOB_BITMASK) {
HashValue = WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.TdHobHashValue;
HandoffTables.TableDescriptionSize = sizeof (HandoffTables.TableDescription);
CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (HandoffTables.TableDescription));
HandoffTables.NumberOfTables = 1;
CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenSpaceGuid);
HandoffTables.TableEntry[0].VendorTable = TdHobList;
Status = TdxMeasurementBuildGuidHob (
0, // RtmrIndex
EV_EFI_HANDOFF_TABLES2, // EventType
(UINT8 *)(UINTN)&HandoffTables, // EventData
sizeof (HandoffTables), // EventSize
HashValue, // HashValue
SHA384_DIGEST_SIZE // HashSize
);
}
if (EFI_ERROR (Status)) {
ASSERT (FALSE);
return Status;
}
//
// Build the GuidHob for Cfv measurement
//
if (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap & TDX_MEASUREMENT_CFVIMG_BITMASK) {
HashValue = WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.CfvImgHashValue;
FvBase = (UINT64)PcdGet32 (PcdOvmfFlashNvStorageVariableBase);
FvLength = (UINT64)PcdGet32 (PcdCfvRawDataSize);
FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2.BlobDescription));
FvName = GetFvName (FvBase, FvLength);
if (FvName != NULL) {
AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
}
FvBlob2.BlobBase = FvBase;
FvBlob2.BlobLength = FvLength;
Status = TdxMeasurementBuildGuidHob (
0, // RtmrIndex
EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType
(VOID *)&FvBlob2, // EventData
sizeof (FvBlob2), // EventSize
HashValue, // HashValue
SHA384_DIGEST_SIZE // HashSize
);
}
if (EFI_ERROR (Status)) {
ASSERT (FALSE);
return Status;
}
return EFI_SUCCESS;
}