OvmfPkg: Create SP800155 HOBs from QemuFwCfgFileHEAD master

Signed firmware measurements are allowed to be passed along to in the TCG and CC event logs according to the TCG PC Client Platform Firware Profile. The event logs include events that Tcg2Dxe reads from appropriately GUIDed HOBs, so allow opt/org.tianocode/sp800155evt/%d to pass along events that the VMM sees fit to provide. One event per number, starting from 0, increasing by 1 until there are no more contiguous files. The VMM may provide reference measurements through UEFI variables that it references from the SP800-155 event3 structure given the appropriate RIM locator type, or via URL, etc. Each event read from fw_cfg, is written one-by-one to a EFI_HOB_GUID_TYPE HOB created for the event. The name they target gTcg800155PlatformIdEventHobGuid for the later Dxe driver to use to extend the event log. Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
author: Dionna Glaze <dionnaglaze@google.com> 2024-06-04 17:22:53 +0000
committer: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> 2024-07-02 16:10:29 +0000
commit: 6b256cef01825fd597ce31ec9343ea280c6114c9 (patch)
tree: 67e3ceb4869b5edfbc7a7b56eeffc95c73956348
parent: ff1c4fa1680d3f9a5f2be3e0048d2de15a5846fb (diff)
download: edk2-master.zip
edk2-master.tar.gz
edk2-master.tar.bz2
4 files changed, 155 insertions, 1 deletions
diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index df35726..0114529 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -40,6 +40,7 @@
 #include <OvmfPlatforms.h>
 
 #include "Platform.h"
+#include "PlatformId.h"
 
 EFI_PEI_PPI_DESCRIPTOR  mPpiBootMode[] = {
   {
@@ -363,6 +364,7 @@ InitializePlatform (
     MiscInitializationForMicrovm (PlatformInfoHob);
   } else {
     MiscInitialization (PlatformInfoHob);
+    PlatformIdInitialization (PeiServices);
   }
 
   IntelTdxInitialize ();
diff --git a/OvmfPkg/PlatformPei/PlatformId.c b/OvmfPkg/PlatformPei/PlatformId.c
new file mode 100644
index 0000000..afa2f81
--- /dev/null
+++ b/OvmfPkg/PlatformPei/PlatformId.c
@@ -0,0 +1,124 @@
+/**@file
+  PlatformId Event HOB creation
+
+  Copyright (c) 2024, Google LLC. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Guid/TcgEventHob.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/PrintLib.h>
+#include <Library/QemuFwCfgLib.h>
+
+#define DPREFIX  "sp800155evts: "
+
+/**
+ * Creates an EFI_HOB_TYPE_GUID_EXTENSION HOB for a given SP800155 event.
+ * Associates the string data with gTcg800155PlatformIdEventHobGuid. Any
+ * unused bytes or out-of-bounds event sizes are considered corrupted and
+ * are discarded.
+**/
+STATIC
+VOID
+PlatformIdRegisterSp800155 (
+  IN CONST EFI_PEI_SERVICES  **PeiServices,
+  IN       UINT8             *Evt,
+  IN       UINTN             EvtSize
+  )
+{
+  EFI_STATUS         Status;
+  VOID               *Hob;
+  EFI_HOB_GUID_TYPE  *GuidHob;
+  UINT8              *EvtDest;
+
+  Status = (*PeiServices)->CreateHob (
+                             PeiServices,
+                             EFI_HOB_TYPE_GUID_EXTENSION,
+                             sizeof (EFI_HOB_GUID_TYPE) + (UINT16)EvtSize,
+                             &Hob
+                             );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, DPREFIX "GUID HOB creation failed, skipping\n"));
+    return;
+  }
+
+  GuidHob = (EFI_HOB_GUID_TYPE *)Hob;
+  CopyGuid (&GuidHob->Name, &gTcg800155PlatformIdEventHobGuid);
+  EvtDest = (UINT8 *)GET_GUID_HOB_DATA (Hob);
+  CopyMem (EvtDest, Evt, EvtSize);
+  // Fill the remaining HOB padding bytes with 0s.
+  SetMem (EvtDest + EvtSize, GET_GUID_HOB_DATA_SIZE (Hob) - EvtSize, 0);
+}
+
+/**
+ * Reads the given path from the fw_cfg file and registers it as an
+ * EFI_HOB_GUID_EXTENSION HOB with gTcg800155PlatformIdEventHobGuid.
+ * Returns FALSE iff the file does not exist.
+**/
+BOOLEAN
+PlatformIdRegisterEvent (
+  IN CONST EFI_PEI_SERVICES  **PeiServices,
+  IN CONST CHAR8             *Path
+  )
+{
+  EFI_STATUS            Status;
+  UINTN                 NumPages;
+  EFI_PHYSICAL_ADDRESS  Pages;
+  FIRMWARE_CONFIG_ITEM  FdtItem;
+  UINTN                 FdtSize;
+  UINT8                 *Evt;
+
+  Status = QemuFwCfgFindFile (Path, &FdtItem, &FdtSize);
+  if (EFI_ERROR (Status)) {
+    return FALSE;
+  }
+
+  if (FdtSize > MAX_UINT16 - sizeof (EFI_HOB_GUID_TYPE)) {
+    DEBUG ((DEBUG_ERROR, DPREFIX "Eventdata too large for HOB, skipping\n"));
+    return TRUE;
+  }
+
+  NumPages = EFI_SIZE_TO_PAGES (FdtSize);
+  Status   = (*PeiServices)->AllocatePages (
+                               PeiServices,
+                               EfiBootServicesData,
+                               NumPages,
+                               &Pages
+                               );
+  if (EFI_ERROR (Status)) {
+    return TRUE;
+  }
+
+  Evt = (UINT8 *)(UINTN)Pages;
+  QemuFwCfgSelectItem (FdtItem);
+  QemuFwCfgReadBytes (FdtSize, Evt);
+  PlatformIdRegisterSp800155 (PeiServices, Evt, FdtSize);
+
+  Status = (*PeiServices)->FreePages (PeiServices, Pages, NumPages);
+  ASSERT_EFI_ERROR (Status);
+  return TRUE;
+}
+
+VOID
+PlatformIdInitialization (
+  IN CONST EFI_PEI_SERVICES  **PeiServices
+  )
+{
+  UINTN  Index;
+  CHAR8  Path[64];
+
+  for (Index = 0; ; Index++) {
+    AsciiSPrint (Path, sizeof (Path), "opt/org.tianocode/sp800155evt/%d", Index);
+    if (!PlatformIdRegisterEvent (PeiServices, Path)) {
+      break;
+    }
+  }
+}
diff --git a/OvmfPkg/PlatformPei/PlatformId.h b/OvmfPkg/PlatformPei/PlatformId.h
new file mode 100644
index 0000000..c8b5528
--- /dev/null
+++ b/OvmfPkg/PlatformPei/PlatformId.h
@@ -0,0 +1,26 @@
+/** @file
+  PlatformId internal header for PlatformPei
+
+  Copyright (c) 2024, Google LLC. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __PLATFORM_PEI_PLATFORMID_H__
+#define __PLATFORM_PEI_PLATFORMID_H__
+
+/**
+ * Reads opt/org.tianocode/sp800155evt/%d from 0 to the first positive integer
+ * where the file does not exist and registers each file's contents in an
+ * EFI_HOB_GUID_TYPE with name gTcg800155PlatformIdEventHobGuid. These HOBs
+ * are used by a later driver to write to the event log as unmeasured events.
+ * These events inform the event log analyzer of firmware provenance and
+ * reference integrity manifests.
+**/
+VOID
+PlatformIdInitialization (
+  IN CONST EFI_PEI_SERVICES  **PeiServices
+  );
+
+#endif // __PLATFORM_PEI_PLATFORMID_H__
diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index e036018..0bb1a46 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -31,6 +31,8 @@
   MemTypeInfo.c
   Platform.c
   Platform.h
+  PlatformId.c
+  PlatformId.h
   IntelTdx.c
   SmmRelocation.c
 
@@ -47,6 +49,7 @@
   gFdtHobGuid
   gUefiOvmfPkgPlatformInfoGuid
   gGhcbApicIdsGuid
+  gTcg800155PlatformIdEventHobGuid              ## SOMETIMES_PRODUCES
 
 [LibraryClasses]
   BaseLib
@@ -148,4 +151,3 @@
 
 [Depex]
   TRUE
-
author	Dionna Glaze <dionnaglaze@google.com>	2024-06-04 17:22:53 +0000
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2024-07-02 16:10:29 +0000
commit	6b256cef01825fd597ce31ec9343ea280c6114c9 (patch)
tree	67e3ceb4869b5edfbc7a7b56eeffc95c73956348
parent	ff1c4fa1680d3f9a5f2be3e0048d2de15a5846fb (diff)
download	edk2-master.zip edk2-master.tar.gz edk2-master.tar.bz2