OvmfPkg/IntelTdx: detect vTPM in SEC phase

For boot without PEI, detect the vTPM in SEC phase and build the TCG
event HOB for the RTM events.

Signed-off-by: Jiaqi Gao <[email protected]>

OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c

@@ -23,6 +23,7 @@
 #include <WorkArea.h>
 #include <ConfidentialComputingGuestAttr.h>
 #include <Library/TdxHelperLib.h>
+#include <Library/MemoryAllocationLib.h>
 
 #define ALIGNED_2MB_MASK  0x1fffff
 #define MEGABYTE_SHIFT    20
@@ -42,6 +43,22 @@ EFI_STATUS
 InternalBuildGuidHobForTdxMeasurement (
   VOID
   );
+/**
+  In TD Partitioning L2 guest, the vTPM is virtualized by a trusted L1 VMM. The
+  L1 VMM initializes the vTPM and extends its version and L2 TDVF image into the
+  PCR[0]. This function gets the hashes of events and records it into event log.
+ *
+ * @param Events Events return from SVSM that have been extended into vTPM PCR[0]
+ * 
+ * @retval EFI_SUCCESS Successfully measure the TdHob
+ * @retval Others      Other error as indicated
+ */
+EFI_STATUS
+EFIAPI
+TdxDetectVirtualTpm (
+  UINT8                  *Events,
+  UINT32                 *Size
+  );
 
 /**
   This function will be called to accept pages. Only BSP accepts pages.
@@ -958,6 +975,68 @@ TdxHelperMeasureCfvImage (
   return EFI_SUCCESS;
 }
 
+#ifdef TDX_PEI_LESS_BOOT
+/**
+ * Build the measurement HOB of the vRTM events
+ *
+ * @retval EFI_SUCCESS    Successfully detect vTPM and build the measurement HOB
+ * @retval Others         Other errors as indicated
+ */
+STATIC
+EFI_STATUS
+BuildVirtualRtmMeasurementHob (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+  UINT8       *HobList;
+  UINT32      HobListSize;
+  UINT32      Offset = 0;
+  VOID        *Event;
+  UINT32      EventSize;
+  VOID        *EventHobData;
+  EFI_PEI_HOB_POINTERS   Hob;
+  OVMF_WORK_AREA         *WorkArea;
+
+  HobList = AllocatePages(1);
+  if (HobList == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  Status = TdxDetectVirtualTpm(HobList, &HobListSize);
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
+
+  while ((Hob.Raw = GetNextGuidHob (&gTcgEvent2EntryHobGuid, HobList + Offset)) != NULL) {
+    Event = Hob.Raw + sizeof(EFI_HOB_GUID_TYPE);
+    EventSize = Hob.Guid->Header.HobLength - sizeof(EFI_HOB_GUID_TYPE);
+    EventHobData = BuildGuidHob (
+                &gCcEventEntryHobGuid,
+                EventSize
+                );
+    if (EventHobData == NULL) {
+      return EFI_OUT_OF_RESOURCES;
+    }
+
+    CopyMem (EventHobData, Event, EventSize);
+
+    Offset += Hob.Guid->Header.HobLength;
+    if (Offset >= HobListSize) {
+      break;
+    }
+  }
+
+  WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
+  if (WorkArea == NULL) {
+    return EFI_ABORTED;
+  }
+  WorkArea->TdxWorkArea.SecTdxWorkArea.MeasurementType = TDX_MEASUREMENT_TYPE_VTPM;
+
+  return EFI_SUCCESS;
+}
+#endif
+
 /**
   Build the GuidHob for tdx measurements which were done in SEC phase.
   The measurement values are stored in WorkArea.
@@ -972,6 +1051,11 @@ TdxHelperBuildGuidHobForTdxMeasurement (
   )
 {
  #ifdef TDX_PEI_LESS_BOOT
+  EFI_STATUS  Status;
+  Status = BuildVirtualRtmMeasurementHob();
+  if (EFI_ERROR (Status)) {
+    return Status;
+  }
   return InternalBuildGuidHobForTdxMeasurement ();
  #else
   return EFI_UNSUPPORTED;

OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelperLib.inf

@@ -25,6 +25,7 @@
 [Sources]
   SecTdxHelper.c
   TdxMeasurementHob.c
+  TdxVirtualTpmDetection.c
 
 [Packages]
   CryptoPkg/CryptoPkg.dec
@@ -41,6 +42,7 @@
   PcdLib
   TdxMailboxLib
   TdxLib
+  MemoryAllocationLib
 
 [FixedPcd]
   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfWorkAreaBase
@@ -51,3 +53,4 @@
 
 [Guids]
   gCcEventEntryHobGuid
+  gTcgEvent2EntryHobGuid              ## PRODUCES  ## HOB