OvmfPkg: Measure firware configuration from Qemu in DXE phase

mxu9 · Apr 14, 2021 · 2cb3f5a · 2cb3f5a
1 parent e66a6bf
commit 2cb3f5a
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 0 deletions.
diff --git a/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf b/OvmfPkg/AcpiPlatformDxe/AcpiPlatformDxe.inf
@@ -51,11 +51,13 @@
   DxeServicesTableLib
   OrderedCollectionLib
   XenPlatformLib
+  TdxProbeLib
 
 [Protocols]
   gEfiAcpiTableProtocolGuid                     # PROTOCOL ALWAYS_CONSUMED
   gEfiFirmwareVolume2ProtocolGuid               # PROTOCOL SOMETIMES_CONSUMED
   gEfiPciIoProtocolGuid                         # PROTOCOL SOMETIMES_CONSUMED
+  gTdTcg2ProtocolGuid                           # PROTOCOL SOMETIMES_CONSUMES
 
 [Guids]
   gRootBridgesConnectedEventGroupGuid

diff --git a/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c b/OvmfPkg/AcpiPlatformDxe/QemuFwCfgAcpi.c
@@ -19,6 +19,10 @@
 #include <Library/OrderedCollectionLib.h>
 #include <IndustryStandard/Acpi.h>
 #include <Library/TdxProbeLib.h>
+#include <Protocol/Tcg2Protocol.h>
+#include <Protocol/Tdx.h>
+
+EFI_TCG2_PROTOCOL *mTdTcg2Protocol = NULL;
 
 //
 // The user structure for the ordered collection that will track the fw_cfg
@@ -35,6 +39,71 @@ typedef struct {
                                         // part of ACPI tables.
 } BLOB;
 
+/**
+  Mesure firmware acpi configuration data from qemu.
+  @param[in] EventData    Pointer to the event data.
+  @param[in] EventSize    Size of event data.
+  @param[in] CfgDataBase  Configuration data base address.
+  @param[in] EventSize    Size of configuration data .
+  @retval  EFI_NOT_FOUND           Cannot locate protocol.
+  @retval  EFI_OUT_OF_RESOURCES    Allocate zero pool failure.
+  @return                          Status codes returned by
+                                   mTcg2Protocol->HashLogExtendEvent.
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+MeasureQemuFwCfgAcpi(
+  IN CHAR8                 *EventData,
+  IN UINT32                EventSize,
+  IN EFI_PHYSICAL_ADDRESS  CfgDataBase,
+  IN UINTN                 CfgDataLength
+)
+{
+  EFI_TCG2_EVENT  *Tcg2Event;
+  EFI_STATUS      Status;
+
+  if (ProbeTdGuest () == FALSE) {
+    return EFI_SUCCESS;
+  }
+
+  if (mTdTcg2Protocol == NULL) {
+    Status = gBS->LocateProtocol (&gTdTcg2ProtocolGuid, NULL, (VOID **) &mTdTcg2Protocol);
+    if (EFI_ERROR (Status)) {
+      //
+      // TdTcg2 protocol is not installed.
+      //
+      DEBUG ((EFI_D_ERROR, "MesureQemuFwCfgAcpi - TdTcg2 - %r\n", Status));
+      return EFI_NOT_FOUND;
+    }
+  }
+
+  Tcg2Event = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event));
+  if (Tcg2Event == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event);
+  Tcg2Event->Header.EventType = EV_PLATFORM_CONFIG_FLAGS;
+  Tcg2Event->Header.PCRIndex = 1;
+  Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);
+  Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
+  CopyMem (&Tcg2Event->Event[0], EventData, EventSize);
+
+  Status = mTdTcg2Protocol->HashLogExtendEvent (mTdTcg2Protocol,
+                                              0,
+                                              CfgDataBase,
+                                              CfgDataLength,
+                                              Tcg2Event
+                                              );
+
+  FreePool (Tcg2Event);
+
+  DEBUG ((DEBUG_INFO, "MeasureQemuFwCfg %s, %r\n", EventData, Status));
+
+  return Status;
+}
+
 
 /**
   Compare a standalone key against a user structure containing an embedded key.
@@ -382,6 +451,16 @@ ProcessCmdAllocate (
 
   QemuFwCfgSelectItem (FwCfgItem);
   QemuFwCfgReadBytes (FwCfgSize, Blob->Base);
+
+  Status = MeasureQemuFwCfgAcpi ((CHAR8 *) Allocate->File,
+                                sizeof(Allocate->File),
+                                (EFI_PHYSICAL_ADDRESS) Blob->Base,
+                                FwCfgSize
+                                );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Measure %s failure\n", Allocate->File));
+  }
+
   ZeroMem (Blob->Base + Blob->Size, EFI_PAGES_TO_SIZE (NumPages) - Blob->Size);
 
   DEBUG ((DEBUG_VERBOSE, "%a: File=\"%a\" Alignment=0x%x Zone=%d Size=0x%Lx "
@@ -999,6 +1078,17 @@ InstallQemuFwCfgTables (
   EnablePciDecoding (&OriginalPciAttributes, &OriginalPciAttributesCount);
   QemuFwCfgSelectItem (FwCfgItem);
   QemuFwCfgReadBytes (FwCfgSize, LoaderStart);
+
+  Status = MeasureQemuFwCfgAcpi (
+              "etc/table-loader",
+              sizeof ("etc/table-loader"),
+              (EFI_PHYSICAL_ADDRESS) LoaderStart,
+              FwCfgSize
+            );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, "Measure etc/table-loader failure\n"));
+  }
+
   RestorePciDecoding (OriginalPciAttributes, OriginalPciAttributesCount);
   LoaderEnd = LoaderStart + FwCfgSize / sizeof *LoaderEntry;