OvmfPkg: Measure firware configuration file data in SEC phase

mxu9 · Apr 14, 2021 · e66a6bf · e66a6bf
1 parent 4dc23f8
commit e66a6bf
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 2 deletions.
diff --git a/OvmfPkg/Include/Library/TdvfPlatformLib.h b/OvmfPkg/Include/Library/TdvfPlatformLib.h
@@ -8,7 +8,7 @@
 #include <Library/HobLib.h>
 
 #define EFI_RESOURCE_ATTRIBUTE_ENCRYPTED            0x04000000
-
+#pragma pack(1)
 typedef struct {
   ///
   EFI_HOB_GUID_TYPE       GuidHeader;
@@ -17,7 +17,7 @@ typedef struct {
   BOOLEAN                 SetNxForStack;
   UINT8                   SystemStates[6];
 } EFI_HOB_PLATFORM_INFO;
-
+#pragma pack()
 VOID
 EFIAPI
 TdvfPlatformInitialize (

diff --git a/OvmfPkg/Library/TdxStartupLib/Tcg.c b/OvmfPkg/Library/TdxStartupLib/Tcg.c
@@ -229,3 +229,37 @@ TdxMeasureFvImage (
   return Status;
 }
 
+/**
+  Measure SystemStates info.
+  Add it into RTMR[0] after the SystemStates info is measured successfully.
+  @param[in]  Base              Base address of SystemStates info.
+  @param[in]  Length            Length of SystemStates info.
+  @param[in]  PcrIndex          Index of PCR
+  @retval EFI_SUCCESS           SystemStates info is measured successfully
+                                or it has been already measured.
+  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.
+  @retval EFI_DEVICE_ERROR      The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TdxMeasureSystemStates (
+  IN EFI_PHYSICAL_ADDRESS           Base,
+  IN UINTN                          Length,
+  IN UINT8                          PcrIndex
+  )
+{
+  EFI_STATUS     Status;
+  CHAR8          *ConfigInfoTag = "etc/system-states";
+
+  Status = CreateTdxExtendEvent (
+              PcrIndex,                         // PCRIndex
+              EV_PLATFORM_CONFIG_FLAGS,         // EventType
+              (VOID *) ConfigInfoTag,           // EventData
+              sizeof (ConfigInfoTag),           // EventSize
+              (UINT8*) (UINTN) Base,            // HashData
+              (UINTN) Length                    // HashDataLen
+              );
+
+  return Status;
+}
+
diff --git a/OvmfPkg/Library/TdxStartupLib/TdxStartup.c b/OvmfPkg/Library/TdxStartupLib/TdxStartup.c
@@ -226,6 +226,8 @@ TdxStartup(
 
   BuildGuidDataHob (&gUefiOvmfPkgTdxPlatformGuid, &PlatformInfoHob, sizeof (EFI_HOB_PLATFORM_INFO));
 
+  TdxMeasureSystemStates ((EFI_PHYSICAL_ADDRESS) &PlatformInfoHob.SystemStates[0], 6, 1);
+
   BuildStackHob ((UINTN)SecCoreData->StackBase, SecCoreData->StackSize <<=1 );
 
   BuildResourceDescriptorHob (

diff --git a/OvmfPkg/Library/TdxStartupLib/TdxStartupInternal.h b/OvmfPkg/Library/TdxStartupLib/TdxStartupInternal.h
@@ -194,4 +194,12 @@ AsmGetRelocationMap (
   OUT MP_RELOCATION_MAP    *AddressMap
   );
 
+EFI_STATUS
+EFIAPI
+TdxMeasureSystemStates (
+  IN EFI_PHYSICAL_ADDRESS           Base,
+  IN UINT64                         Length,
+  IN UINT8                          PcrIndex
+  );
+
 #endif