OvmfPkg/OvmfPkgX64: Measure TdHob and Configuration FV in SecMain

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243

TdHob and Configuration FV (Cfv) are external inputs from VMM. From the
security perspective, they should be measured before they're consumed.
This patch measures TdHob and Cfv and stores the measurement values in
WorkArea.

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

1 files changed, 13 insertions, 0 deletions

diff --git a/OvmfPkg/Sec/SecMain.c b/OvmfPkg/Sec/SecMain.c
index a27dc9406b..4bb3b64170 100644
--- a/OvmfPkg/Sec/SecMain.c
+++ b/OvmfPkg/Sec/SecMain.c
@@ -761,6 +761,19 @@ SecCoreStartupWithStack (
  #if defined (TDX_GUEST_SUPPORTED)

   if (CcProbe () == CcGuestTypeIntelTdx) {

     //

+    // From the security perspective all the external input should be measured before

+    // it is consumed. TdHob and Configuration FV (Cfv) image are passed from VMM

+    // and should be measured here.

+    //

+    if (EFI_ERROR (TdxHelperMeasureTdHob ())) {

+      CpuDeadLoop ();

+    }

+

+    if (EFI_ERROR (TdxHelperMeasureCfvImage ())) {

+      CpuDeadLoop ();

+    }

+

+    //

     // For Td guests, the memory map info is in TdHobLib. It should be processed

     // first so that the memory is accepted. Otherwise access to the unaccepted

     // memory will trigger tripple fault.