SecurityPkg: Add TpmMeasurementLib for SEC phase

Add the SecTpmMeasurementLib to support TpmMeasurementAndLogData in Sec phase. Cc: Jiewen Yao <jiewen.yao@intel.com> Signed-off-by: Min Xu <min.m.xu@intel.com> Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
2024-09-27 13:12:16 +08:00 · 2024-09-27 13:12:16 +08:00 · ebba67b754
parent 425d97caef
commit ebba67b754
4 changed files with 215 additions and 1 deletions
--- a/SecurityPkg/Library/SecTpmMeasurementLib/IntelTdx.c
+++ b/SecurityPkg/Library/SecTpmMeasurementLib/IntelTdx.c
@ -0,0 +1,92 @@
+/** @file
+  Extend to RTMR and Build GuidHob for tdx measurement.
+
+  Copyright (c) 2025, Intel Corporation. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/PrintLib.h>
+#include <Library/TdxLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/TpmMeasurementLib.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Library/TdxMeasurementLib.h>
+
+/**
+  Do a hash operation on a data buffer, extend a specific RTMR with the hash result,
+  and add an entry to the Event Log.
+
+  @param[in]      PcrIndex      PCRIndex Index of the TPM PCR
+  @param[in]      EventType     Type of the Event.
+  @param[in]      EventLog      Physical address of the start of the data buffer.
+  @param[in]      EventSize     The length, in bytes, of the buffer referenced by EventLog.
+  @param[in]      HashData      Physical address of the start of the data buffer
+                                to be hashed, extended, and logged.
+  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData
+
+  @retval EFI_SUCCESS  The measurement is successful
+  @retval Others       Other errors as indicated
+**/
+EFI_STATUS
+EFIAPI
+TdxHashLogExtendEvent (
+  IN UINT32  PcrIndex,
+  IN UINT32  EventType,
+  IN VOID    *EventLog,
+  IN UINT32  LogLen,
+  IN VOID    *HashData,
+  IN UINT64  HashDataLen
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       Digest[SHA384_DIGEST_SIZE];
+  UINT32      MrIndex;
+
+  if ((EventLog == NULL) || (HashData == NULL)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  if (!TdIsEnabled ()) {
+    return EFI_UNSUPPORTED;
+  }
+
+  MrIndex = TdxMeasurementMapPcrToMrIndex (PcrIndex);
+  if (MrIndex == CC_MR_INDEX_INVALID) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  Status = TdxMeasurementHashAndExtendToRtmr (
+             MrIndex - 1,
+             (UINT8 *)HashData,
+             (UINTN)HashDataLen,
+             Digest,
+             SHA384_DIGEST_SIZE
+             );
+
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a: TdxMeasurementHashAndExtendToRtmr failed with %r\n", __func__, Status));
+    return Status;
+  }
+
+  Status = TdxMeasurementBuildGuidHob (
+             MrIndex - 1,
+             EventType,
+             EventLog,
+             LogLen,
+             Digest,
+             SHA384_DIGEST_SIZE
+             );
+
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "%a: TdxMeasurementBuildGuidHob failed with %r\n", __func__, Status));
+  }
+
+  return Status;
+}
--- a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLib.c
+++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLib.c
@ -0,0 +1,75 @@
+/** @file
+  TpmMeasurementLib SEC implementation.
+
+  Copyright (c) 2025, Intel Corporation. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/TpmMeasurementLib.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Library/CcProbeLib.h>
+
+/**
+  Do a hash operation on a data buffer, extend a specific RTMR with the hash result,
+  and add an entry to the Event Log.
+
+  @param[in]      PcrIndex      PCRIndex Index of the TPM PCR
+  @param[in]      EventType     Type of the Event.
+  @param[in]      EventLog      Physical address of the start of the data buffer.
+  @param[in]      EventSize     The length, in bytes, of the buffer referenced by EventLog.
+  @param[in]      HashData      Physical address of the start of the data buffer
+                                to be hashed, extended, and logged.
+  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData
+
+  @retval EFI_SUCCESS  The measurement is successful
+  @retval Others       Other errors as indicated
+**/
+EFI_STATUS
+EFIAPI
+TdxHashLogExtendEvent (
+  IN UINT32  PcrIndex,
+  IN UINT32  EventType,
+  IN VOID    *EventLog,
+  IN UINT32  LogLen,
+  IN VOID    *HashData,
+  IN UINT64  HashDataLen
+  );
+
+/**
+  Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+  @param[in]  PcrIndex         PCR Index.
+  @param[in]  EventType        Event type.
+  @param[in]  EventLog         Measurement event log.
+  @param[in]  LogLen           Event log length in bytes.
+  @param[in]  HashData         The start of the data buffer to be hashed, extended.
+  @param[in]  HashDataLen      The length, in bytes, of the buffer referenced by HashData
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_UNSUPPORTED       TPM device not available.
+  @retval EFI_OUT_OF_RESOURCES  Out of memory.
+  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TpmMeasureAndLogData (
+  IN UINT32  PcrIndex,
+  IN UINT32  EventType,
+  IN VOID    *EventLog,
+  IN UINT32  LogLen,
+  IN VOID    *HashData,
+  IN UINT64  HashDataLen
+  )
+{
+  if (CcProbe () == CcGuestTypeIntelTdx) {
+    return TdxHashLogExtendEvent (PcrIndex, EventType, EventLog, LogLen, HashData, HashDataLen);
+  }
+
+  return EFI_UNSUPPORTED;
+}
--- a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLib.inf
@ -0,0 +1,44 @@
+## @file
+#  TpmMeasurementLib SEC instance
+#
+#  Copyright (c) 2025, Intel Corporation. All rights reserved.<BR>
+#
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = SecTpmMeasurementLib
+  FILE_GUID                      = a608aadb-3809-4b7c-9ab9-c42ef79c508e
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = TpmMeasurementLib | SEC
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = X64
+#
+
+[Sources]
+  IntelTdx.c
+  SecTpmMeasurementLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  CryptoPkg/CryptoPkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  DebugLib
+  HobLib
+  PcdLib
+  CcProbeLib
+  TdxMeasurementLib
+  BaseCryptLib
+
+[Guids]
+  gCcEventEntryHobGuid
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@ -98,6 +98,9 @@
 [LibraryClasses.RISCV64]
  RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf

+[LibraryClasses.common.SEC]
+  TpmMeasurementLib|SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLib.inf
+
 [LibraryClasses.common.PEIM]
  PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
  PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
@ -267,7 +270,7 @@

  SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
  SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf
-
+  SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLib.inf
  SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
  SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
  SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf