OvmfPkg: Refactor MeasureHobList

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4243 MeasureHobList once was implemented in PeilessStartupLib and it does measurement and logging for TdHob in one go, using TpmMeasureAndLogData(). But it doesn't work in SEC. This patch splits MeasureHobList into 2 functions and implement them in SecTdxHelperLib. - TdxHelperMeasureTdHob - TdxHelperBuildGuidHobForTdxMeasurement TdxHelperMeasureTdHob measures the TdHob and stores the hash value in WorkArea. TdxHelperBuildGuidHobForTdxMeasurement builds GuidHob for the measurement based on the hash value in WorkArea. After these 2 functions are introduced, PeilessStartupLib should also be updated: - Call these 2 functions instead of the MeasureHobList - Delete the duplicated codes in PeilessStartupLib Cc: Erdem Aktas <erdemaktas@google.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Michael Roth <michael.roth@amd.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com>
2023-02-03 11:31:40 +08:00
parent d59279f8ce
commit f41acc651f
7 changed files with 308 additions and 88 deletions
--- a/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
+++ b/OvmfPkg/Library/PeilessStartupLib/IntelTdx.c
@@ -16,80 +16,9 @@

 #include "PeilessStartupInternal.h"

-#pragma pack(1)
-
-#define HANDOFF_TABLE_DESC  "TdxTable"
-typedef struct {
-  UINT8                      TableDescriptionSize;
-  UINT8                      TableDescription[sizeof (HANDOFF_TABLE_DESC)];
-  UINT64                     NumberOfTables;
-  EFI_CONFIGURATION_TABLE    TableEntry[1];
-} TDX_HANDOFF_TABLE_POINTERS2;
-
-#pragma pack()
-
 #define FV_HANDOFF_TABLE_DESC  "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
 typedef PLATFORM_FIRMWARE_BLOB2_STRUCT CFV_HANDOFF_TABLE_POINTERS2;

-/**
-  Measure the Hoblist passed from the VMM.
-
-  @param[in] VmmHobList    The Hoblist pass the firmware
-
-  @retval EFI_SUCCESS           Fv image is measured successfully
-                                or it has been already measured.
-  @retval Others                Other errors as indicated
-**/
-EFI_STATUS
-EFIAPI
-MeasureHobList (
-  IN CONST VOID  *VmmHobList
-  )
-{
-  EFI_PEI_HOB_POINTERS         Hob;
-  TDX_HANDOFF_TABLE_POINTERS2  HandoffTables;
-  EFI_STATUS                   Status;
-
-  if (!TdIsEnabled ()) {
-    ASSERT (FALSE);
-    return EFI_UNSUPPORTED;
-  }
-
-  Hob.Raw = (UINT8 *)VmmHobList;
-
-  //
-  // Parse the HOB list until end of list.
-  //
-  while (!END_OF_HOB_LIST (Hob)) {
-    Hob.Raw = GET_NEXT_HOB (Hob);
-  }
-
-  //
-  // Init the log event for HOB measurement
-  //
-
-  HandoffTables.TableDescriptionSize = sizeof (HandoffTables.TableDescription);
-  CopyMem (HandoffTables.TableDescription, HANDOFF_TABLE_DESC, sizeof (HandoffTables.TableDescription));
-  HandoffTables.NumberOfTables = 1;
-  CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gUefiOvmfPkgTokenSpaceGuid);
-  HandoffTables.TableEntry[0].VendorTable = (VOID *)VmmHobList;
-
-  Status = TpmMeasureAndLogData (
-             1,                                              // PCRIndex
-             EV_EFI_HANDOFF_TABLES2,                         // EventType
-             (VOID *)&HandoffTables,                         // EventData
-             sizeof (HandoffTables),                         // EventSize
-             (UINT8 *)(UINTN)VmmHobList,                     // HashData
-             (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)VmmHobList) // HashDataLen
-             );
-
-  if (EFI_ERROR (Status)) {
-    ASSERT (FALSE);
-  }
-
-  return Status;
-}
-
 /**
  Get the FvName from the FV header.

--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartup.c
@@ -17,6 +17,7 @@
 #include <Library/PrePiLib.h>
 #include <Library/PeilessStartupLib.h>
 #include <Library/PlatformInitLib.h>
+#include <Library/TdxHelperLib.h>
 #include <ConfidentialComputingGuestAttr.h>
 #include <Guid/MemoryTypeInformation.h>
 #include <OvmfPlatforms.h>
@@ -179,7 +180,16 @@ PeilessStartup (
    //
    // Measure HobList
    //
-    Status = MeasureHobList (VmmHobList);
+    Status = TdxHelperMeasureTdHob ();
+    if (EFI_ERROR (Status)) {
+      ASSERT (FALSE);
+      CpuDeadLoop ();
+    }
+
+    //
+    // Build GuidHob for tdx measurement
+    //
+    Status = TdxHelperBuildGuidHobForTdxMeasurement ();
    if (EFI_ERROR (Status)) {
      ASSERT (FALSE);
      CpuDeadLoop ();
--- a/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h
+++ b/OvmfPkg/Library/PeilessStartupLib/PeilessStartupInternal.h
@@ -58,21 +58,6 @@ EFIAPI
 ConstructSecHobList (
  );

-/**
-  Measure the Hoblist passed from the VMM.
-
-  @param[in] VmmHobList    The Hoblist pass the firmware
-
-  @retval EFI_SUCCESS           Fv image is measured successfully
-                                or it has been already measured.
-  @retval Others                Other errors as indicated
-**/
-EFI_STATUS
-EFIAPI
-MeasureHobList (
-  IN CONST VOID  *VmmHobList
-  );
-
 /**
  Measure FV image.