sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OvmfPkg: Refactor MeaureFvImage

Browse Source 
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243

MeasureFvImage once was implemented in PeilessStartupLib and it does
measurement and logging for Configuration FV (Cfv) image in one go,
using TpmMeasureAndLogData(). But it doesn't work in SEC.

This patch splits MeasureFvImage into 2 functions and implement them in
SecTdxHelperLib.
 - TdxHelperMeasureCfvImage
 - TdxHelperBuildGuidHobForTdxMeasurement

TdxHelperMeasureCfvImage measures the Cfv image and stores the hash value
in WorkArea. TdxHelperBuildGuidHobForTdxMeasurement builds GuidHob for the
measurement based on the hash value in WorkArea.

After these 2 functions are introduced, PeilessStartupLib should also be
updated:
 - Call these 2 functions instead of the MeasureFvImage
 - Delete the duplicated codes in PeilessStartupLib

Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Michael Roth <michael.roth@amd.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
This commit is contained in:
Min M Xu
2023-02-03 11:31:41 +08:00
committed by mergify[bot]
parent f41acc651f
commit 852ae4cd80
6 changed files with 119 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c
View File

@@ -175,7 +175,35 @@ TdxHelperMeasureCfvImage (
VOID
)
{
return EFI_UNSUPPORTED;
EFI_STATUS Status;
UINT8 Digest[SHA384_DIGEST_SIZE];
OVMF_WORK_AREA *WorkArea;
Status = HashAndExtendToRtmr (
0,
(UINT8 *)(UINTN)PcdGet32 (PcdOvmfFlashNvStorageVariableBase),
(UINT64)PcdGet32 (PcdCfvRawDataSize),
Digest,
SHA384_DIGEST_SIZE
);
if (EFI_ERROR (Status)) {
return Status;
}
//
// This function is called in SEC phase and at that moment the Hob service
// is not available. So CfvImage measurement value is stored in workarea.
//
WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
if (WorkArea == NULL) {
return EFI_DEVICE_ERROR;
}
WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap |= TDX_MEASUREMENT_CFVIMG_BITMASK;
CopyMem (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.CfvImgHashValue, Digest, SHA384_DIGEST_SIZE);
return EFI_SUCCESS;
}
/**