summaryrefslogtreecommitdiffstats
path: root/SecurityPkg
diff options
context:
space:
mode:
authorMin Xu <min.m.xu@intel.com>2021-12-11 21:08:42 +0800
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2021-12-11 17:00:53 +0000
commit8c06c53b585a7443b1e0e6c0eff45a62d56472cc (patch)
tree5d87a00fd26c3912e188641ab869f6806ea8635b /SecurityPkg
parenta124cd4ef92a349a6c823ea6701fcfd3a17db255 (diff)
downloadedk2-8c06c53b585a7443b1e0e6c0eff45a62d56472cc.tar.gz
edk2-8c06c53b585a7443b1e0e6c0eff45a62d56472cc.tar.bz2
edk2-8c06c53b585a7443b1e0e6c0eff45a62d56472cc.zip
SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625 DxeTpmMeasurementLib supports TPM based measurement in DXE phase. After CcMeasurementProtocol is introduced, CC based measurement needs to be supported in DxeTpmMeasurementLib as well. A platform should have only one RTS/RTR. Only one of (virtual)TPM1.2, (virtual)TPM2.0 and CC MR exists. Then only one TCG_SERVICE_PROTOCOL, TCG2_PROTOCOL, CC_MEASUREMENT_PROTOCOL is exposed. In this library when do measurement only one of above 3 protocols will be called. Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Liming Gao <gaoliming@byosoft.com.cn> Cc: Zhiguang Liu <zhiguang.liu@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Cc: Sami Mujawar <sami.mujawar@arm.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
Diffstat (limited to 'SecurityPkg')
-rw-r--r--SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c122
-rw-r--r--SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf9
2 files changed, 111 insertions, 20 deletions
diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
index d014ea4aec..6f287b31fc 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
@@ -1,5 +1,6 @@
/** @file
- This library is used by other modules to measure data to TPM.
+ This library is used by other modules to measure data to TPM and Confidential
+ Computing (CC) measure registers.
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -19,6 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/Acpi.h>
#include <IndustryStandard/Acpi.h>
+#include <Protocol/CcMeasurement.h>
/**
Tpm12 measure and log data, and extend the measurement result into a specific PCR.
@@ -35,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@retval EFI_OUT_OF_RESOURCES Out of memory.
@retval EFI_DEVICE_ERROR The operation was unsuccessful.
**/
+STATIC
EFI_STATUS
Tpm12MeasureAndLogData (
IN UINT32 PcrIndex,
@@ -101,6 +104,7 @@ Tpm12MeasureAndLogData (
@retval EFI_OUT_OF_RESOURCES Out of memory.
@retval EFI_DEVICE_ERROR The operation was unsuccessful.
**/
+STATIC
EFI_STATUS
Tpm20MeasureAndLogData (
IN UINT32 PcrIndex,
@@ -148,6 +152,73 @@ Tpm20MeasureAndLogData (
}
/**
+ Cc measure and log data, and extend the measurement result into a
+ specific CC MR.
+
+ @param[in] CcProtocol Instance of CC measurement protocol
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED CC guest not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+ @retval EFI_INVALID_PARAMETER The input parameter is invalid.
+**/
+STATIC
+EFI_STATUS
+CcMeasureAndLogData (
+ IN EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol,
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen
+ )
+{
+ EFI_STATUS Status;
+ EFI_CC_EVENT *EfiCcEvent;
+ EFI_CC_MR_INDEX MrIndex;
+
+ if (CcProtocol == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ Status = CcProtocol->MapPcrToMrIndex (CcProtocol, PcrIndex, &MrIndex);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ EfiCcEvent = (EFI_CC_EVENT *)AllocateZeroPool (LogLen + sizeof (EFI_CC_EVENT));
+ if (EfiCcEvent == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ EfiCcEvent->Size = (UINT32)LogLen + sizeof (EFI_CC_EVENT) - sizeof (EfiCcEvent->Event);
+ EfiCcEvent->Header.HeaderSize = sizeof (EFI_CC_EVENT_HEADER);
+ EfiCcEvent->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
+ EfiCcEvent->Header.MrIndex = MrIndex;
+ EfiCcEvent->Header.EventType = EventType;
+ CopyMem (&EfiCcEvent->Event[0], EventLog, LogLen);
+
+ Status = CcProtocol->HashLogExtendEvent (
+ CcProtocol,
+ 0,
+ (EFI_PHYSICAL_ADDRESS)(UINTN)HashData,
+ HashDataLen,
+ EfiCcEvent
+ );
+ FreePool (EfiCcEvent);
+
+ return Status;
+}
+
+/**
Tpm measure and log data, and extend the measurement result into a specific PCR.
@param[in] PcrIndex PCR Index.
@@ -173,25 +244,16 @@ TpmMeasureAndLogData (
IN UINT64 HashDataLen
)
{
- EFI_STATUS Status;
-
- //
- // Try to measure using Tpm20 protocol
- //
- Status = Tpm20MeasureAndLogData (
- PcrIndex,
- EventType,
- EventLog,
- LogLen,
- HashData,
- HashDataLen
- );
+ EFI_STATUS Status;
+ EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
- if (EFI_ERROR (Status)) {
+ Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **)&CcProtocol);
+ if (!EFI_ERROR (Status)) {
//
- // Try to measure using Tpm1.2 protocol
+ // Try to measure using Cc measurement protocol
//
- Status = Tpm12MeasureAndLogData (
+ Status = CcMeasureAndLogData (
+ CcProtocol,
PcrIndex,
EventType,
EventLog,
@@ -199,6 +261,32 @@ TpmMeasureAndLogData (
HashData,
HashDataLen
);
+ } else {
+ //
+ // Try to measure using Tpm20 protocol
+ //
+ Status = Tpm20MeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ LogLen,
+ HashData,
+ HashDataLen
+ );
+
+ if (EFI_ERROR (Status)) {
+ //
+ // Try to measure using Tpm1.2 protocol
+ //
+ Status = Tpm12MeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ LogLen,
+ HashData,
+ HashDataLen
+ );
+ }
}
return Status;
diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
index 7d41bc41f9..3af3d4e33b 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
@@ -1,5 +1,7 @@
## @file
-# Provides TPM measurement functions for TPM1.2 and TPM 2.0
+# Provides below measurement functions:
+# 1. TPM measurement functions for TPM1.2 and TPM 2.0
+# 2. Confidential Computing (CC) measurement functions
#
# This library provides TpmMeasureAndLogData() to measure and log data, and
# extend the measurement result into a specific PCR.
@@ -40,5 +42,6 @@
UefiBootServicesTableLib
[Protocols]
- gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
- gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiCcMeasurementProtocolGuid ## SOMETIMES_CONSUMES