SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625

DxeTpmMeasurementLib supports TPM based measurement in DXE phase.
After CcMeasurementProtocol is introduced, CC based measurement needs
to be supported in DxeTpmMeasurementLib as well.

A platform should have only one RTS/RTR. Only one of (virtual)TPM1.2,
(virtual)TPM2.0 and CC MR exists. Then only one TCG_SERVICE_PROTOCOL,
TCG2_PROTOCOL, CC_MEASUREMENT_PROTOCOL is exposed.

In this library when do measurement only one of above 3 protocols will
be called.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Sami Mujawar <sami.mujawar@arm.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>

2 files changed, 111 insertions, 20 deletions

diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
index d014ea4aec..6f287b31fc 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
@@ -1,5 +1,6 @@
 /** @file

-  This library is used by other modules to measure data to TPM.

+  This library is used by other modules to measure data to TPM and Confidential

+  Computing (CC) measure registers.

 

 Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. <BR>

 SPDX-License-Identifier: BSD-2-Clause-Patent

@@ -19,6 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 

 #include <Guid/Acpi.h>

 #include <IndustryStandard/Acpi.h>

+#include <Protocol/CcMeasurement.h>

 

 /**

   Tpm12 measure and log data, and extend the measurement result into a specific PCR.

@@ -35,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
   @retval EFI_OUT_OF_RESOURCES  Out of memory.

   @retval EFI_DEVICE_ERROR      The operation was unsuccessful.

 **/

+STATIC

 EFI_STATUS

 Tpm12MeasureAndLogData (

   IN UINT32  PcrIndex,

@@ -101,6 +104,7 @@ Tpm12MeasureAndLogData (
   @retval EFI_OUT_OF_RESOURCES  Out of memory.

   @retval EFI_DEVICE_ERROR      The operation was unsuccessful.

 **/

+STATIC

 EFI_STATUS

 Tpm20MeasureAndLogData (

   IN UINT32  PcrIndex,

@@ -148,6 +152,73 @@ Tpm20MeasureAndLogData (
 }

 

 /**

+  Cc measure and log data, and extend the measurement result into a

+  specific CC MR.

+

+  @param[in]  CcProtocol       Instance of CC measurement protocol

+  @param[in]  PcrIndex         PCR Index.

+  @param[in]  EventType        Event type.

+  @param[in]  EventLog         Measurement event log.

+  @param[in]  LogLen           Event log length in bytes.

+  @param[in]  HashData         The start of the data buffer to be hashed, extended.

+  @param[in]  HashDataLen      The length, in bytes, of the buffer referenced by HashData

+

+  @retval EFI_SUCCESS           Operation completed successfully.

+  @retval EFI_UNSUPPORTED       CC guest not available.

+  @retval EFI_OUT_OF_RESOURCES  Out of memory.

+  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.

+  @retval EFI_INVALID_PARAMETER The input parameter is invalid.

+**/

+STATIC

+EFI_STATUS

+CcMeasureAndLogData (

+  IN EFI_CC_MEASUREMENT_PROTOCOL  *CcProtocol,

+  IN UINT32                       PcrIndex,

+  IN UINT32                       EventType,

+  IN VOID                         *EventLog,

+  IN UINT32                       LogLen,

+  IN VOID                         *HashData,

+  IN UINT64                       HashDataLen

+  )

+{

+  EFI_STATUS       Status;

+  EFI_CC_EVENT     *EfiCcEvent;

+  EFI_CC_MR_INDEX  MrIndex;

+

+  if (CcProtocol == NULL) {

+    return EFI_INVALID_PARAMETER;

+  }

+

+  Status = CcProtocol->MapPcrToMrIndex (CcProtocol, PcrIndex, &MrIndex);

+  if (EFI_ERROR (Status)) {

+    return Status;

+  }

+

+  EfiCcEvent = (EFI_CC_EVENT *)AllocateZeroPool (LogLen + sizeof (EFI_CC_EVENT));

+  if (EfiCcEvent == NULL) {

+    return EFI_OUT_OF_RESOURCES;

+  }

+

+  EfiCcEvent->Size                 = (UINT32)LogLen + sizeof (EFI_CC_EVENT) - sizeof (EfiCcEvent->Event);

+  EfiCcEvent->Header.HeaderSize    = sizeof (EFI_CC_EVENT_HEADER);

+  EfiCcEvent->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;

+  EfiCcEvent->Header.MrIndex       = MrIndex;

+  EfiCcEvent->Header.EventType     = EventType;

+  CopyMem (&EfiCcEvent->Event[0], EventLog, LogLen);

+

+  Status = CcProtocol->HashLogExtendEvent (

+                         CcProtocol,

+                         0,

+                         (EFI_PHYSICAL_ADDRESS)(UINTN)HashData,

+                         HashDataLen,

+                         EfiCcEvent

+                         );

+  FreePool (EfiCcEvent);

+

+  return Status;

+}

+

+/**

   Tpm measure and log data, and extend the measurement result into a specific PCR.

 

   @param[in]  PcrIndex         PCR Index.

@@ -173,25 +244,16 @@ TpmMeasureAndLogData (
   IN UINT64  HashDataLen

   )

 {

-  EFI_STATUS  Status;

-

-  //

-  // Try to measure using Tpm20 protocol

-  //

-  Status = Tpm20MeasureAndLogData (

-             PcrIndex,

-             EventType,

-             EventLog,

-             LogLen,

-             HashData,

-             HashDataLen

-             );

+  EFI_STATUS                   Status;

+  EFI_CC_MEASUREMENT_PROTOCOL  *CcProtocol;

 

-  if (EFI_ERROR (Status)) {

+  Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **)&CcProtocol);

+  if (!EFI_ERROR (Status)) {

     //

-    // Try to measure using Tpm1.2 protocol

+    // Try to measure using Cc measurement protocol

     //

-    Status = Tpm12MeasureAndLogData (

+    Status = CcMeasureAndLogData (

+               CcProtocol,

                PcrIndex,

                EventType,

                EventLog,

@@ -199,6 +261,32 @@ TpmMeasureAndLogData (
                HashData,

                HashDataLen

                );

+  } else {

+    //

+    // Try to measure using Tpm20 protocol

+    //

+    Status = Tpm20MeasureAndLogData (

+               PcrIndex,

+               EventType,

+               EventLog,

+               LogLen,

+               HashData,

+               HashDataLen

+               );

+

+    if (EFI_ERROR (Status)) {

+      //

+      // Try to measure using Tpm1.2 protocol

+      //

+      Status = Tpm12MeasureAndLogData (

+                 PcrIndex,

+                 EventType,

+                 EventLog,

+                 LogLen,

+                 HashData,

+                 HashDataLen

+                 );

+    }

   }

 

   return Status;

diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
index 7d41bc41f9..3af3d4e33b 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
@@ -1,5 +1,7 @@
 ## @file

-#  Provides TPM measurement functions for TPM1.2 and TPM 2.0

+#  Provides below measurement functions:

+#    1. TPM measurement functions for TPM1.2 and TPM 2.0

+#    2. Confidential Computing (CC) measurement functions

 #

 #  This library provides TpmMeasureAndLogData() to measure and log data, and

 #  extend the measurement result into a specific PCR.

@@ -40,5 +42,6 @@
   UefiBootServicesTableLib

 

 [Protocols]

-  gEfiTcgProtocolGuid           ## SOMETIMES_CONSUMES

-  gEfiTcg2ProtocolGuid          ## SOMETIMES_CONSUMES

+  gEfiTcgProtocolGuid               ## SOMETIMES_CONSUMES

+  gEfiTcg2ProtocolGuid              ## SOMETIMES_CONSUMES

+  gEfiCcMeasurementProtocolGuid     ## SOMETIMES_CONSUMES