From efaf8931bbfa33a81b8792fbf9e2ccc239d53204 Mon Sep 17 00:00:00 2001 From: Min M Xu Date: Tue, 6 Aug 2024 02:01:55 -0400 Subject: OvmfPkg/TdTcg2Dxe: Fix the SeparatorEvent issue in RTMRs According to the TCG EFI platform specification, the firmware must measure the EV_SEPARATOR event into PCRs 0-7. As PCR[1] and PCR[7] map to RTMR[0], and PCRs [2-6] map to RTMR[1], it is necessary to measure one EV_SEPARATOR event into RTMR[0] and another one into RTMR[1]. An issue is found in TdTcg2Dxe that 2 EV_SEPARATOR events are measured to RTMR[0] but no EV_SEPARATOR event is measured to RTMR[1]. This patch fixes the above issue. Cc: Erdem Aktas Cc: Jiewen Yao Cc: Gerd Hoffmann Cc: Qinkun Bao Cc: Tom Lendacky Cc: Michael Roth Signed-off-by: Min Xu --- OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'OvmfPkg') diff --git a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c index 0a23bff5a1..6d2de0e838 100644 --- a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c +++ b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c @@ -2160,11 +2160,17 @@ OnReadyToBoot ( // // 2. Draw a line between pre-boot env and entering post-boot env. - // PCR[7] (is RTMR[0]) is already done. // - Status = MeasureSeparatorEvent (1); + // According to UEFI Spec 2.10 Section 38.4.1 the mapping between MrIndex and Intel + // TDX Measurement Register is: + // MrIndex 0 <--> MRTD + // MrIndex 1-3 <--> RTMR[0-2] + // RTMR[0] (i.e. MrIndex 1) is already done. So SepartorEvent shall be extended to + // RTMR[1] (i.e. MrIndex 2) as well. + // + Status = MeasureSeparatorEvent (CC_MR_INDEX_2_RTMR1); if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "Separator Event not Measured. Error!\n")); + DEBUG ((DEBUG_ERROR, "Separator Event not Measured to RTMR[1]. Error!\n")); } // -- cgit v1.2.3