[edk2-devel] [PATCH 3/4] OvmfPkg: Implement BlobMeasurementLibTdx

Sun, 22 May 2022 22:56:12 -0700 

OvmfPkg/IntelTdx/BlobMeasurementLibTdx is implemented for measurement
of Kernel blob. It calls EFI_CC_MEASUREMENT_PROTOCOL to do the
measurement.

Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org>
Cc: Jordan Justen <jordan.l.jus...@intel.com>
Cc: Ashish Kalra <ashish.ka...@amd.com>
Cc: Brijesh Singh <brijesh.si...@amd.com>
Cc: Erdem Aktas <erdemak...@google.com>
Cc: James Bottomley <j...@linux.ibm.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Cc: Sami Mujawar <sami.muja...@arm.com>
Cc: Tom Lendacky <thomas.lenda...@amd.com>
Cc: Gerd Hoffmann <kra...@redhat.com>
Signed-off-by: Min Xu <min.m...@intel.com>
---
 .../BlobMeasurementLibTdx/BlobMeasurement.c   | 87 +++++++++++++++++++
 .../BlobMeasurementLibTdx.inf                 | 30 +++++++
 2 files changed, 117 insertions(+)
 create mode 100644 OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
 create mode 100644 
OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf

diff --git a/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c 
b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
new file mode 100644
index 000000000000..33a2a3502109
--- /dev/null
+++ b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurement.c
@@ -0,0 +1,87 @@
+/** @file
+
+  Copyright (C) 2022, Intel Corporation. All rights reserved.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+#include <PiDxe.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Protocol/Tcg2Protocol.h>
+#include <Protocol/CcMeasurement.h>
+#include <Library/BlobVerifierLib.h>
+
+EFI_CC_MEASUREMENT_PROTOCOL  *mCcProtocol = NULL;
+
+/**
+  Measure blob from an external source.
+
+  @param[in] BlobName           The name of the blob
+  @param[in] BlobNameSize       Size of the blob name
+  @param[in] BlobBase           The data of the blob
+  @param[in] BlobSize           The size of the blob in bytes
+
+  @retval EFI_SUCCESS           The blob was measured successfully.
+  @retval Other errors
+**/
+EFI_STATUS
+EFIAPI
+MeasureKernelBlob (
+  IN  CONST CHAR16  *BlobName,
+  IN  UINT32        BlobNameSize,
+  IN  CONST VOID    *BlobBase,
+  IN  UINT32        BlobSize
+  )
+{
+  EFI_STATUS    Status;
+  UINT32        MrIndex;
+  EFI_CC_EVENT  *CcEvent;
+
+  if ((BlobBase == 0) || (BlobSize == 0)) {
+    ASSERT (FALSE);
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (mCcProtocol == NULL) {
+    Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID 
**)&mCcProtocol);
+    if (EFI_ERROR (Status)) {
+      //
+      // EFI_CC_MEASUREMENT_PROTOCOL protocol is not installed.
+      //
+      DEBUG ((DEBUG_ERROR, "%a: EFI_CC_MEASUREMENT_PROTOCOL protocol is not 
installed.\n", __FUNCTION__));
+      return EFI_NOT_FOUND;
+    }
+  }
+
+  Status = mCcProtocol->MapPcrToMrIndex (mCcProtocol, 4, &MrIndex);
+  if (EFI_ERROR (Status)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  CcEvent = AllocateZeroPool (BlobNameSize + sizeof (EFI_CC_EVENT) - sizeof 
(CcEvent->Event));
+  if (CcEvent == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  CcEvent->Size                 = BlobNameSize + sizeof (EFI_CC_EVENT) - 
sizeof (CcEvent->Event);
+  CcEvent->Header.EventType     = EV_PLATFORM_CONFIG_FLAGS;
+  CcEvent->Header.MrIndex       = MrIndex;
+  CcEvent->Header.HeaderSize    = sizeof (EFI_TCG2_EVENT_HEADER);
+  CcEvent->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
+  CopyMem (&CcEvent->Event[0], BlobName, BlobNameSize);
+
+  Status = mCcProtocol->HashLogExtendEvent (
+                          mCcProtocol,
+                          0,
+                          (EFI_PHYSICAL_ADDRESS)(UINTN)BlobBase,
+                          BlobSize,
+                          CcEvent
+                          );
+
+  FreePool (CcEvent);
+
+  return Status;
+}
diff --git a/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf 
b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
new file mode 100644
index 000000000000..880c60159c3d
--- /dev/null
+++ b/OvmfPkg/IntelTdx/BlobMeasurementLibTdx/BlobMeasurementLibTdx.inf
@@ -0,0 +1,30 @@
+## @file
+#
+#  Copyright (C) 2022, Intel Corporation. All rights reserved.
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = BlobMeasurementLibTdx
+  FILE_GUID                      = ac1a8997-9d91-47c4-b18a-dbe0d1a94fde
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BlobMeaurementLib
+
+[Sources]
+  BlobMeasurement.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  OvmfPkg/OvmfPkg.dec
+
+[LibraryClasses]
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+
+[Protocols]
+  gEfiCcMeasurementProtocolGuid
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#89957): https://edk2.groups.io/g/devel/message/89957
Mute This Topic: https://groups.io/mt/91282949/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to