Re: [PATCH V5 3/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib


Sami Mujawar
 

Hi Min,

Thank you for the updated patch.

I have a minor suggestion marked inline as [SAMI]. Otherwise, these changes look good to me.

Reviewed-by: Sami Mujawar <sami.mujawar@...>

Regards,

Sami Mujawar


On 07/11/2021 12:35 PM, Min Xu wrote:
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625

DxeTpmMeasurementLib supports TPM based measurement in DXE phase.
After CcMeasurementProtocol is introduced, CC based measurement needs
to be supported in DxeTpmMeasurementLib as well.

A platform should have only one RTS/RTR. Only one of (virtual)TPM1.2,
(virtual)TPM2.0 and CC MR exists. Then only one TCG_SERVICE_PROTOCOL,
TCG2_PROTOCOL, CC_MEASUREMENT_PROTOCOL is exposed.

In this library when do measurement only one of above 3 protocols will
be called.

Cc: Michael D Kinney <michael.d.kinney@...>
Cc: Liming Gao <gaoliming@...>
Cc: Zhiguang Liu <zhiguang.liu@...>
Cc: Jiewen Yao <jiewen.yao@...>
Cc: Jian J Wang <jian.j.wang@...>
Cc: Sami Mujawar <sami.mujawar@...>
Cc: Gerd Hoffmann <kraxel@...>
Signed-off-by: Min Xu <min.m.xu@...>
---
.../DxeTpmMeasurementLib.c | 120 +++++++++++++++---
.../DxeTpmMeasurementLib.inf | 9 +-
2 files changed, 107 insertions(+), 22 deletions(-)

diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
index 061136ee7860..a626d0f6ec38 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c
@@ -1,5 +1,6 @@
/** @file
- This library is used by other modules to measure data to TPM.
+ This library is used by other modules to measure data to TPM and Confidential
+ Computing (CC) measure registers.
Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -19,8 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/Acpi.h>
#include <IndustryStandard/Acpi.h>
-
-
+#include <Protocol/CcMeasurement.h>
/**
Tpm12 measure and log data, and extend the measurement result into a specific PCR.
@@ -149,6 +149,72 @@ Tpm20MeasureAndLogData (
return Status;
}
+/**
+ Cc measure and log data, and extend the measurement result into a
+ specific CC MR.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED CC guest not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+CcMeasureAndLogData (
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen
+ )
[SAMI] I think this function can be made static and the CcProtocol pointer could be passed as the first argument.
Similarly, the other functions Tpm20MeasureAndLogData() and Tpm12MeasureAndLogDat() could also be made static.
[/SAMI]
+{
+ EFI_STATUS Status;
+ EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
+ EFI_CC_EVENT *EfiCcEvent;
+ EFI_CC_MR_INDEX MrIndex;
+
+ Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **) &CcProtocol);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ Status = CcProtocol->MapPcrToMrIndex (CcProtocol, PcrIndex, &MrIndex);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ EfiCcEvent = (EFI_CC_EVENT *) AllocateZeroPool (LogLen + sizeof (EFI_CC_EVENT));
+ if(EfiCcEvent == NULL) {
+ return EFI_OUT_OF_RESOURCES;
+ }
+
+ EfiCcEvent->Size = (UINT32) LogLen + sizeof (EFI_CC_EVENT) - sizeof (EfiCcEvent->Event);
+ EfiCcEvent->Header.HeaderSize = sizeof (EFI_CC_EVENT_HEADER);
+ EfiCcEvent->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
+ EfiCcEvent->Header.MrIndex = MrIndex;
+ EfiCcEvent->Header.EventType = EventType;
+ CopyMem (&EfiCcEvent->Event[0], EventLog, LogLen);
+
+ Status = CcProtocol->HashLogExtendEvent (
+ CcProtocol,
+ 0,
+ (EFI_PHYSICAL_ADDRESS) (UINTN) HashData,
+ HashDataLen,
+ EfiCcEvent
+ );
+ FreePool (EfiCcEvent);
+
+ return Status;
+}
+
+
/**
Tpm measure and log data, and extend the measurement result into a specific PCR.
@@ -175,25 +241,15 @@ TpmMeasureAndLogData (
IN UINT64 HashDataLen
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;
- //
- // Try to measure using Tpm20 protocol
- //
- Status = Tpm20MeasureAndLogData(
- PcrIndex,
- EventType,
- EventLog,
- LogLen,
- HashData,
- HashDataLen
- );
-
- if (EFI_ERROR (Status)) {
+ Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **) &CcProtocol);
+ if (!EFI_ERROR (Status)) {
//
- // Try to measure using Tpm1.2 protocol
+ // Try to measure using Cc measurement protocol
//
- Status = Tpm12MeasureAndLogData(
+ Status = CcMeasureAndLogData (
PcrIndex,
EventType,
EventLog,
@@ -201,6 +257,32 @@ TpmMeasureAndLogData (
HashData,
HashDataLen
);
+ } else {
+ //
+ // Try to measure using Tpm20 protocol
+ //
+ Status = Tpm20MeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ LogLen,
+ HashData,
+ HashDataLen
+ );
+
+ if (EFI_ERROR (Status)) {
+ //
+ // Try to measure using Tpm1.2 protocol
+ //
+ Status = Tpm12MeasureAndLogData(
+ PcrIndex,
+ EventType,
+ EventLog,
+ LogLen,
+ HashData,
+ HashDataLen
+ );
+ }
}
return Status;
diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
index 7d41bc41f95d..3af3d4e33b25 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
@@ -1,5 +1,7 @@
## @file
-# Provides TPM measurement functions for TPM1.2 and TPM 2.0
+# Provides below measurement functions:
+# 1. TPM measurement functions for TPM1.2 and TPM 2.0
+# 2. Confidential Computing (CC) measurement functions
#
# This library provides TpmMeasureAndLogData() to measure and log data, and
# extend the measurement result into a specific PCR.
@@ -40,5 +42,6 @@
UefiBootServicesTableLib
[Protocols]
- gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
- gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
+ gEfiCcMeasurementProtocolGuid ## SOMETIMES_CONSUMES

Join devel@edk2.groups.io to automatically receive all group messages.