OvmfPkg/IntelTdx: Measure Td HobList and Configuration FV

RFC: https://bugzilla.tianocore.org/show_bug.cgi?id=3853 TdHobList and Configuration FV are external data provided by Host VMM. These are not trusted in Td guest. So they should be validated , measured and extended to Td RTMR registers. In the meantime 2 EFI_CC_EVENT_HOB are created. These 2 GUIDed HOBs carry the hash value of TdHobList and Configuration FV. In DXE phase EFI_CC_EVENT can be created based on these 2 GUIDed HOBs. Cc: Ard Biesheuvel <ardb+tianocore@kernel.org> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
2022-05-16 15:42:19 +08:00
parent a708536dce
commit 4b0a622635
5 changed files with 221 additions and 2 deletions
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
@@ -20,6 +20,7 @@
 #include <ConfidentialComputingGuestAttr.h>
 #include <Guid/MemoryTypeInformation.h>
 #include <OvmfPlatforms.h>
+#include <Library/SecMeasurementLib.h>
 #include "PeilessStartupInternal.h"

 #define GET_GPAW_INIT_STATE(INFO)  ((UINT8) ((INFO) & 0x3f))
@@ -133,11 +134,13 @@ PeilessStartup (
  UINT32                      DxeCodeSize;
  TD_RETURN_DATA              TdReturnData;
  VOID                        *VmmHobList;
+  UINT8                       *CfvBase;

  Status      = EFI_SUCCESS;
  BootFv      = NULL;
  VmmHobList  = NULL;
  SecCoreData = (EFI_SEC_PEI_HAND_OFF *)Context;
+  CfvBase     = (UINT8 *)(UINTN)FixedPcdGet32 (PcdCfvBase);

  ZeroMem (&PlatformInfoHob, sizeof (PlatformInfoHob));

@@ -167,6 +170,34 @@ PeilessStartup (

  DEBUG ((DEBUG_INFO, "HobList: %p\n", GetHobList ()));

+  if (TdIsEnabled ()) {
+    //
+    // Measure HobList
+    //
+    Status = MeasureHobList (VmmHobList);
+    if (EFI_ERROR (Status)) {
+      ASSERT (FALSE);
+      CpuDeadLoop ();
+    }
+
+    //
+    // Validate Tdx CFV
+    //
+    if (!TdxValidateCfv (CfvBase, FixedPcdGet32 (PcdCfvRawDataSize))) {
+      ASSERT (FALSE);
+      CpuDeadLoop ();
+    }
+
+    //
+    // Measure Tdx CFV
+    //
+    Status = MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)CfvBase, FixedPcdGet32 (PcdCfvRawDataSize), 1);
+    if (EFI_ERROR (Status)) {
+      ASSERT (FALSE);
+      CpuDeadLoop ();
+    }
+  }
+
  //
  // Initialize the Platform
  //