[edk2-devel] [PATCH V2 06/10] OvmfPkg/PeilessStartupLib: Build GuidHob for Tdx measurements
Min Xu
min.m.xu at intel.com
Thu Jan 19 03:28:18 UTC 2023
From: Min M Xu <min.m.xu at intel.com>
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243
With the introduction of TdxHelperBuildGuidHobForTdxMeasurement in
TdxHelperLib PeilessStartup should also be updated. It should call
TdxHelperBuildGuidHobForTdxMeasurement to build the GuidHob for Tdx
measurement.
The deprecated codes are deleted as well in this patch.
Cc: Erdem Aktas <erdemaktas at google.com>
Cc: James Bottomley <jejb at linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao at intel.com>
Cc: Gerd Hoffmann <kraxel at redhat.com>
Cc: Tom Lendacky <thomas.lendacky at amd.com>
Cc: Michael Roth <michael.roth at amd.com>
Signed-off-by: Min Xu <min.m.xu at intel.com>
---
OvmfPkg/Library/PeilessStartupLib/IntelTdx.c | 196 ------------------
.../PeilessStartupLib/PeilessStartup.c | 16 +-
.../PeilessStartupInternal.h | 36 ----
.../PeilessStartupLib/PeilessStartupLib.inf | 3 -
4 files changed, 3 insertions(+), 248 deletions(-)
delete mode 100644 OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
diff --git a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c b/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
deleted file mode 100644
index 216c413caad5..000000000000
--- a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
+++ /dev/null
@@ -1,196 +0,0 @@
-/** @file
- Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
- SPDX-License-Identifier: BSD-2-Clause-Patent
-**/
-
-#include <PiPei.h>
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/DebugLib.h>
-#include <IndustryStandard/Tpm20.h>
-#include <IndustryStandard/UefiTcgPlatform.h>
-#include <Library/HobLib.h>
-#include <Library/PrintLib.h>
-#include <Library/TpmMeasurementLib.h>
-
-#include "PeilessStartupInternal.h"
-
-#pragma pack(1)
-
-#define HANDOFF_TABLE_DESC "TdxTable"
-typedef struct {
- UINT8 TableDescriptionSize;
- UINT8 TableDescription[sizeof (HANDOFF_TABLE_DESC)];
- UINT64 NumberOfTables;
- EFI_CONFIGURATION_TABLE TableEntry[1];
-} TDX_HANDOFF_TABLE_POINTERS2;
-
-#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
-typedef struct {
- UINT8 BlobDescriptionSize;
- UINT8 BlobDescription[sizeof (FV_HANDOFF_TABLE_DESC)];
- EFI_PHYSICAL_ADDRESS BlobBase;
- UINT64 BlobLength;
-} FV_HANDOFF_TABLE_POINTERS2;
-
-#pragma pack()
-
-/**
- Measure the Hoblist passed from the VMM.
-
- @param[in] VmmHobList The Hoblist pass the firmware
-
- @retval EFI_SUCCESS Fv image is measured successfully
- or it has been already measured.
- @retval Others Other errors as indicated
-**/
-EFI_STATUS
-EFIAPI
-MeasureHobList (
- IN CONST VOID *VmmHobList
- )
-{
- EFI_PEI_HOB_POINTERS Hob;
- TDX_HANDOFF_TABLE_POINTERS2 HandoffTables;
- EFI_STATUS Status;
-
- if (!TdIsEnabled ()) {
- ASSERT (FALSE);
- return EFI_UNSUPPORTED;
- }
-
- Hob.Raw = (UINT8 *)VmmHobList;
-
- //
- // Parse the HOB list until end of list.
- //
- while (!END_OF_HOB_LIST (Hob)) {
- Hob.Raw = GET_NEXT_HOB (Hob);
- }
-
- //
- // Init the log event for HOB measurement
- //
-
- HandoffTables.TableDescriptionSize = sizeof (HandoffTables.TableDescription);
- CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (HandoffTables.TableDescription));
- HandoffTables.NumberOfTables = 1;
- CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenSpaceGuid);
- HandoffTables.TableEntry[0].VendorTable = (VOID *)VmmHobList;
-
- Status = TpmMeasureAndLogData (
- 1, // PCRIndex
- EV_EFI_HANDOFF_TABLES2, // EventType
- (VOID *)&HandoffTables, // EventData
- sizeof (HandoffTables), // EventSize
- (UINT8 *)(UINTN)VmmHobList, // HashData
- (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)VmmHobList) // HashDataLen
- );
-
- if (EFI_ERROR (Status)) {
- ASSERT (FALSE);
- }
-
- return Status;
-}
-
-/**
- Get the FvName from the FV header.
-
- Causion: The FV is untrusted input.
-
- @param[in] FvBase Base address of FV image.
- @param[in] FvLength Length of FV image.
-
- @return FvName pointer
- @retval NULL FvName is NOT found
-**/
-VOID *
-GetFvName (
- IN EFI_PHYSICAL_ADDRESS FvBase,
- IN UINT64 FvLength
- )
-{
- EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
- EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
-
- if (FvBase >= MAX_ADDRESS) {
- return NULL;
- }
-
- if (FvLength >= MAX_ADDRESS - FvBase) {
- return NULL;
- }
-
- if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
- return NULL;
- }
-
- FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
- if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
- return NULL;
- }
-
- if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
- return NULL;
- }
-
- FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
-
- return &FvExtHeader->FvName;
-}
-
-/**
- Measure FV image.
-
- @param[in] FvBase Base address of FV image.
- @param[in] FvLength Length of FV image.
- @param[in] PcrIndex Index of PCR
-
- @retval EFI_SUCCESS Fv image is measured successfully
- or it has been already measured.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-
-**/
-EFI_STATUS
-EFIAPI
-MeasureFvImage (
- IN EFI_PHYSICAL_ADDRESS FvBase,
- IN UINT64 FvLength,
- IN UINT8 PcrIndex
- )
-{
- EFI_STATUS Status;
- FV_HANDOFF_TABLE_POINTERS2 FvBlob2;
- VOID *FvName;
-
- //
- // Init the log event for FV measurement
- //
- FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
- CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2.BlobDescription));
- FvName = GetFvName (FvBase, FvLength);
- if (FvName != NULL) {
- AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
- }
-
- FvBlob2.BlobBase = FvBase;
- FvBlob2.BlobLength = FvLength;
-
- Status = TpmMeasureAndLogData (
- 1, // PCRIndex
- EV_EFI_PLATFORM_FIRMWARE_BLOB2, // EventType
- (VOID *)&FvBlob2, // EventData
- sizeof (FvBlob2), // EventSize
- (UINT8 *)(UINTN)FvBase, // HashData
- (UINTN)(FvLength) // HashDataLen
- );
-
- if (EFI_ERROR (Status)) {
- DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x%x\n", FvBase));
- ASSERT (FALSE);
- }
-
- return Status;
-}
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
index 928120d183ba..164aa2d61911 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
@@ -17,6 +17,7 @@
#include <Library/PrePiLib.h>
#include <Library/PeilessStartupLib.h>
#include <Library/PlatformInitLib.h>
+#include <Library/TdxHelperLib.h>
#include <ConfidentialComputingGuestAttr.h>
#include <Guid/MemoryTypeInformation.h>
#include <OvmfPlatforms.h>
@@ -139,13 +140,11 @@ PeilessStartup (
UINT32 DxeCodeSize;
TD_RETURN_DATA TdReturnData;
VOID *VmmHobList;
- UINT8 *CfvBase;
Status = EFI_SUCCESS;
BootFv = NULL;
VmmHobList = NULL;
SecCoreData = (EFI_SEC_PEI_HAND_OFF *)Context;
- CfvBase = (UINT8 *)(UINTN)FixedPcdGet32 (PcdCfvBase);
ZeroMem (&PlatformInfoHob, sizeof (PlatformInfoHob));
@@ -177,18 +176,9 @@ PeilessStartup (
if (TdIsEnabled ()) {
//
- // Measure HobList
+ // Build GuidHob for the tdx measurements which were done in SEC phase.
//
- Status = MeasureHobList (VmmHobList);
- if (EFI_ERROR (Status)) {
- ASSERT (FALSE);
- CpuDeadLoop ();
- }
-
- //
- // Measure Tdx CFV
- //
- Status = MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)CfvBase, FixedPcdGet32 (PcdCfvRawDataSize), 1);
+ Status = TdxHelperBuildGuidHobForTdxMeasurement ();
if (EFI_ERROR (Status)) {
ASSERT (FALSE);
CpuDeadLoop ();
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h
index 09cac3e26c67..23e9e0be53f1 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h
@@ -52,40 +52,4 @@ EFIAPI
ConstructSecHobList (
);
-/**
- Measure the Hoblist passed from the VMM.
-
- @param[in] VmmHobList The Hoblist pass the firmware
-
- @retval EFI_SUCCESS Fv image is measured successfully
- or it has been already measured.
- @retval Others Other errors as indicated
-**/
-EFI_STATUS
-EFIAPI
-MeasureHobList (
- IN CONST VOID *VmmHobList
- );
-
-/**
- Measure FV image.
-
- @param[in] FvBase Base address of FV image.
- @param[in] FvLength Length of FV image.
- @param[in] PcrIndex Index of PCR
-
- @retval EFI_SUCCESS Fv image is measured successfully
- or it has been already measured.
- @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-
-**/
-EFI_STATUS
-EFIAPI
-MeasureFvImage (
- IN EFI_PHYSICAL_ADDRESS FvBase,
- IN UINT64 FvLength,
- IN UINT8 PcrIndex
- );
-
#endif
diff --git a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
index def50b4b019e..9971a8cee356 100644
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf
@@ -29,7 +29,6 @@
PeilessStartup.c
Hob.c
DxeLoad.c
- IntelTdx.c
X64/VirtualMemory.c
[Packages]
@@ -57,8 +56,6 @@
PrePiLib
QemuFwCfgLib
PlatformInitLib
- HashLib
- TpmMeasurementLib
[Guids]
gEfiHobMemoryAllocModuleGuid
--
2.29.2.windows.2
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#98851): https://edk2.groups.io/g/devel/message/98851
Mute This Topic: https://groups.io/mt/96370901/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list