diff --git a/Common/MU b/Common/MU index 0033f8e82d..f56ffd8214 160000 --- a/Common/MU +++ b/Common/MU @@ -1 +1 @@ -Subproject commit 0033f8e82d4d44c75439dafbca8616cecc665d42 +Subproject commit f56ffd82140660743d6578ba62dfff8f896f7f48 diff --git a/Platforms/QemuQ35Pkg/QemuQ35Pkg.dsc b/Platforms/QemuQ35Pkg/QemuQ35Pkg.dsc index 32debb6453..da0bc6ac75 100644 --- a/Platforms/QemuQ35Pkg/QemuQ35Pkg.dsc +++ b/Platforms/QemuQ35Pkg/QemuQ35Pkg.dsc @@ -967,6 +967,7 @@ QemuQ35Pkg/Library/ResetSystemLib/StandaloneMmResetSystemLib.inf TpmTestingPkg/TpmReplayPei/Pei/TpmReplayPei.inf { <LibraryClasses> FvMeasurementExclusionLib|QemuQ35Pkg/Library/PeiFvMeasurementExclusionLib/PeiFvMeasurementExclusionLib.inf + InputChannelLib|QemuPkg/Library/BaseFwCfgInputChannelLib/BaseFwCfgInputChannelLib.inf Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf <PcdsPatchableInModule> gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x3F @@ -1510,10 +1511,19 @@ QemuQ35Pkg/Library/ResetSystemLib/StandaloneMmResetSystemLib.inf # !if $(TPM_ENABLE) == TRUE !if $(TPM_REPLAY_ENABLED) == TRUE - TpmTestingPkg/Overrides/Tcg2Dxe/Tcg2Dxe.inf + TpmTestingPkg/Overrides/Tcg2Dxe/Tcg2Dxe.inf { + <LibraryClasses> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } !else SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { -!endif <LibraryClasses> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf @@ -1525,6 +1535,7 @@ QemuQ35Pkg/Library/ResetSystemLib/StandaloneMmResetSystemLib.inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } !endif +!endif !if $(TPM_CONFIG_ENABLE) == TRUE AND $(TPM_ENABLE) == TRUE SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif diff --git a/QemuPkg/Library/BaseFwCfgInputChannelLib/BaseFwCfgInputChannelLib.c b/QemuPkg/Library/BaseFwCfgInputChannelLib/BaseFwCfgInputChannelLib.c new file mode 100644 index 0000000000..548d9ad8df --- /dev/null +++ b/QemuPkg/Library/BaseFwCfgInputChannelLib/BaseFwCfgInputChannelLib.c @@ -0,0 +1,75 @@ +/** @file + QEMU FW CFG TPM Event Log Input Channel Library + + Allows a TPM replay log to be passed through the FW CFG interface on QEMU. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Uefi.h> + +#include <IndustryStandard/QemuFwCfg.h> + +#include <Library/DebugLib.h> +#include <Library/InputChannelLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/QemuFwCfgLib.h> + +/** + Retrieves a TPM Replay Event Log through a custom interface. + + This library instance returns a log from the QEMU FW CFG interface. + https://www.qemu.org/docs/master/specs/fw_cfg.html + + @param[out] ReplayEventLog A pointer to a pointer to the buffer to hold the event log data. + @param[out] ReplayEventLogSize The size of the data placed in the buffer. + + @retval EFI_SUCCESS The TPM Replay event log was returned successfully. + @retval EFI_INVALID_PARAMETER A pointer argument given is NULL. + @retval EFI_UNSUPPORTED The function is not implemented yet. The arguments are not used. + @retval EFI_COMPROMISED_DATA The event log data found is not valid. + @retval EFI_NOT_FOUND The event log data was not found. + +**/ +EFI_STATUS +EFIAPI +GetReplayEventLogFromCustomInterface ( + OUT VOID **ReplayEventLog, + OUT UINTN *ReplayEventLogSize + ) +{ + EFI_STATUS Status; + FIRMWARE_CONFIG_ITEM LogItem; + UINTN LogSize; + UINTN LogPageCount; + VOID *LogBase; + + if ((ReplayEventLog == NULL) || (ReplayEventLogSize == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Status = QemuFwCfgFindFile ("opt/tpmreplay", &LogItem, &LogSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] - TPM Replay FW CFG event log not found (%r).\n", __func__, Status)); + return EFI_NOT_FOUND; + } + + DEBUG ((DEBUG_INFO, "[%a] - TPM Replay FW CFG log found. Item 0x%x of size 0x%x.\n", __func__, LogItem, LogSize)); + + LogPageCount = EFI_SIZE_TO_PAGES (LogSize); + LogBase = AllocatePages (LogPageCount); + if (LogBase == NULL) { + ASSERT (LogBase != NULL); + return EFI_OUT_OF_RESOURCES; + } + + QemuFwCfgSelectItem (LogItem); + QemuFwCfgReadBytes (LogSize, LogBase); + + *ReplayEventLog = LogBase; + *ReplayEventLogSize = LogSize; + + return EFI_SUCCESS; +} diff --git a/QemuPkg/Library/BaseFwCfgInputChannelLib/BaseFwCfgInputChannelLib.inf b/QemuPkg/Library/BaseFwCfgInputChannelLib/BaseFwCfgInputChannelLib.inf new file mode 100644 index 0000000000..28c36e46e0 --- /dev/null +++ b/QemuPkg/Library/BaseFwCfgInputChannelLib/BaseFwCfgInputChannelLib.inf @@ -0,0 +1,30 @@ +## @file +# FW CFG TPM Event Log Input Channel Library +# +# Copyright (c) Microsoft Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = BaseFwCfgInputChannelLib + FILE_GUID = 8B3828C5-DC85-49F0-8AF2-0F50391EC0BC + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = InputChannelLib + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + QemuPkg/QemuPkg.dec + TpmTestingPkg/TpmTestingPkg.dec + +[LibraryClasses] + DebugLib + MemoryAllocationLib + QemuFwCfgLib + +[Sources] + BaseFwCfgInputChannelLib.c