From b098944abc76ef20f278370de2bc70b396aa77db Mon Sep 17 00:00:00 2001 From: Hongbin1 Zhang Date: Fri, 11 Oct 2024 19:07:41 +0800 Subject: [PATCH] IntelFsp2WrapperPkg/FspiWrapperPeim : Support FSP-I measurement Add code to support FSP-I binary measurement. Signed-off-by: Hongbin1 Zhang Cc: Chasel Chiu Cc: Nate DeSimone Cc: Duggapu Chinni B Cc: Chen Gang C Cc: Star Zeng Cc: Ted Kuo Cc: Ashraf Ali S Cc: Ray Ni Cc: Jiewen Yao --- .../FspiWrapperPeim/FspiWrapperPeim.c | 90 +++++++++++++++++++ .../FspiWrapperPeim/FspiWrapperPeim.inf | 5 ++ .../Include/Library/FspMeasurementLib.h | 1 + 3 files changed, 96 insertions(+) diff --git a/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.c b/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.c index f76f8249387c..211dd26060f7 100644 --- a/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.c +++ b/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.c @@ -26,6 +26,9 @@ #include #include #include +#include +#include +#include /** Call FspSmmInit API. @@ -135,6 +138,30 @@ FspiWrapperInitDispatchMode ( VOID ) { + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi; + EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList; + + MeasurementExcludedFvPpi = AllocatePool (sizeof (*MeasurementExcludedFvPpi)); + if (MeasurementExcludedFvPpi != NULL) { + MeasurementExcludedFvPpi->Count = 1; + MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspiBaseAddress); + MeasurementExcludedFvPpi->Fv[0].FvLength = ((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)PcdGet32 (PcdFspiBaseAddress))->FvLength; + } else { + ASSERT (MeasurementExcludedFvPpi != NULL); + } + + MeasurementExcludedPpiList = AllocatePool (sizeof (*MeasurementExcludedPpiList)); + if (MeasurementExcludedPpiList != NULL) { + MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST; + MeasurementExcludedPpiList->Guid = &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid; + MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi; + + Status = PeiServicesInstallPpi (MeasurementExcludedPpiList); + ASSERT_EFI_ERROR (Status); + } else { + ASSERT (MeasurementExcludedPpiList != NULL); + } // // FSP-I Wrapper running in Dispatch mode and reports FSP-I FV to PEI dispatcher. @@ -150,6 +177,66 @@ FspiWrapperInitDispatchMode ( return EFI_SUCCESS; } +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this function. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEdkiiTcgPpiGuid, + TcgPpiNotify +}; + +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this function. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + UINT32 FspMeasureMask; + + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPI\n")); + + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig); + + if ((FspMeasureMask & FSP_MEASURE_FSPI) != 0) { + MeasureFspFirmwareBlob ( + 0, + "FSPI", + PcdGet32 (PcdFspiBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)PcdGet32 (PcdFspiBaseAddress))->FvLength + ); + } + + return EFI_SUCCESS; +} + /** This is the entrypoint of PEIM. @@ -169,6 +256,9 @@ FspiWrapperPeimEntryPoint ( DEBUG ((DEBUG_INFO, "FspiWrapperPeimEntryPoint\n")); + Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + if (PcdGet8 (PcdFspModeSelection) == 1) { Status = FspiWrapperInitApiMode (); } else { diff --git a/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.inf b/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.inf index 346e500b6490..e03434cccacd 100644 --- a/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.inf +++ b/IntelFsp2WrapperPkg/FspiWrapperPeim/FspiWrapperPeim.inf @@ -40,19 +40,24 @@ PerformanceLib FspWrapperApiLib FspWrapperApiTestLib + FspMeasurementLib [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec + SecurityPkg/SecurityPkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec [Ppis] + gEdkiiTcgPpiGuid ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES [Pcd] gIntelFsp2WrapperTokenSpaceGuid.PcdFspiBaseAddress ## CONSUMES gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES gIntelFsp2WrapperTokenSpaceGuid.PcdFspiUpdDataAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES [Guids] gFspHobGuid ## CONSUMES ## HOB diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h index db599cc1f835..7b303dab3ed6 100644 --- a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h +++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h @@ -13,6 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #define FSP_MEASURE_FSPT BIT1 #define FSP_MEASURE_FSPM BIT2 #define FSP_MEASURE_FSPS BIT3 +#define FSP_MEASURE_FSPI BIT4 #define FSP_MEASURE_FSPUPD BIT31 /**