4 files changed, 155 insertions, 1 deletions

diff --git a/OvmfPkg/PlatformPei/Platform.c b/OvmfPkg/PlatformPei/Platform.c
index df35726..0114529 100644
--- a/OvmfPkg/PlatformPei/Platform.c
+++ b/OvmfPkg/PlatformPei/Platform.c
@@ -40,6 +40,7 @@
 #include <OvmfPlatforms.h>

 

 #include "Platform.h"

+#include "PlatformId.h"

 

 EFI_PEI_PPI_DESCRIPTOR  mPpiBootMode[] = {

   {

@@ -363,6 +364,7 @@ InitializePlatform (
     MiscInitializationForMicrovm (PlatformInfoHob);

   } else {

     MiscInitialization (PlatformInfoHob);

+    PlatformIdInitialization (PeiServices);

   }

 

   IntelTdxInitialize ();

diff --git a/OvmfPkg/PlatformPei/PlatformId.c b/OvmfPkg/PlatformPei/PlatformId.c
new file mode 100644
index 0000000..afa2f81
--- /dev/null
+++ b/OvmfPkg/PlatformPei/PlatformId.c
@@ -0,0 +1,124 @@
+/**@file

+  PlatformId Event HOB creation

+

+  Copyright (c) 2024, Google LLC. All rights reserved.<BR>

+

+  SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#include <Base.h>

+#include <Guid/TcgEventHob.h>

+#include <IndustryStandard/UefiTcgPlatform.h>

+#include <Library/BaseMemoryLib.h>

+#include <Library/BaseLib.h>

+#include <Library/DebugLib.h>

+#include <Library/HobLib.h>

+#include <Library/PeiServicesLib.h>

+#include <Library/PrintLib.h>

+#include <Library/QemuFwCfgLib.h>

+

+#define DPREFIX  "sp800155evts: "

+

+/**

+ * Creates an EFI_HOB_TYPE_GUID_EXTENSION HOB for a given SP800155 event.

+ * Associates the string data with gTcg800155PlatformIdEventHobGuid. Any

+ * unused bytes or out-of-bounds event sizes are considered corrupted and

+ * are discarded.

+**/

+STATIC

+VOID

+PlatformIdRegisterSp800155 (

+  IN CONST EFI_PEI_SERVICES  **PeiServices,

+  IN       UINT8             *Evt,

+  IN       UINTN             EvtSize

+  )

+{

+  EFI_STATUS         Status;

+  VOID               *Hob;

+  EFI_HOB_GUID_TYPE  *GuidHob;

+  UINT8              *EvtDest;

+

+  Status = (*PeiServices)->CreateHob (

+                             PeiServices,

+                             EFI_HOB_TYPE_GUID_EXTENSION,

+                             sizeof (EFI_HOB_GUID_TYPE) + (UINT16)EvtSize,

+                             &Hob

+                             );

+  if (EFI_ERROR (Status)) {

+    DEBUG ((DEBUG_ERROR, DPREFIX "GUID HOB creation failed, skipping\n"));

+    return;

+  }

+

+  GuidHob = (EFI_HOB_GUID_TYPE *)Hob;

+  CopyGuid (&GuidHob->Name, &gTcg800155PlatformIdEventHobGuid);

+  EvtDest = (UINT8 *)GET_GUID_HOB_DATA (Hob);

+  CopyMem (EvtDest, Evt, EvtSize);

+  // Fill the remaining HOB padding bytes with 0s.

+  SetMem (EvtDest + EvtSize, GET_GUID_HOB_DATA_SIZE (Hob) - EvtSize, 0);

+}

+

+/**

+ * Reads the given path from the fw_cfg file and registers it as an

+ * EFI_HOB_GUID_EXTENSION HOB with gTcg800155PlatformIdEventHobGuid.

+ * Returns FALSE iff the file does not exist.

+**/

+BOOLEAN

+PlatformIdRegisterEvent (

+  IN CONST EFI_PEI_SERVICES  **PeiServices,

+  IN CONST CHAR8             *Path

+  )

+{

+  EFI_STATUS            Status;

+  UINTN                 NumPages;

+  EFI_PHYSICAL_ADDRESS  Pages;

+  FIRMWARE_CONFIG_ITEM  FdtItem;

+  UINTN                 FdtSize;

+  UINT8                 *Evt;

+

+  Status = QemuFwCfgFindFile (Path, &FdtItem, &FdtSize);

+  if (EFI_ERROR (Status)) {

+    return FALSE;

+  }

+

+  if (FdtSize > MAX_UINT16 - sizeof (EFI_HOB_GUID_TYPE)) {

+    DEBUG ((DEBUG_ERROR, DPREFIX "Eventdata too large for HOB, skipping\n"));

+    return TRUE;

+  }

+

+  NumPages = EFI_SIZE_TO_PAGES (FdtSize);

+  Status   = (*PeiServices)->AllocatePages (

+                               PeiServices,

+                               EfiBootServicesData,

+                               NumPages,

+                               &Pages

+                               );

+  if (EFI_ERROR (Status)) {

+    return TRUE;

+  }

+

+  Evt = (UINT8 *)(UINTN)Pages;

+  QemuFwCfgSelectItem (FdtItem);

+  QemuFwCfgReadBytes (FdtSize, Evt);

+  PlatformIdRegisterSp800155 (PeiServices, Evt, FdtSize);

+

+  Status = (*PeiServices)->FreePages (PeiServices, Pages, NumPages);

+  ASSERT_EFI_ERROR (Status);

+  return TRUE;

+}

+

+VOID

+PlatformIdInitialization (

+  IN CONST EFI_PEI_SERVICES  **PeiServices

+  )

+{

+  UINTN  Index;

+  CHAR8  Path[64];

+

+  for (Index = 0; ; Index++) {

+    AsciiSPrint (Path, sizeof (Path), "opt/org.tianocode/sp800155evt/%d", Index);

+    if (!PlatformIdRegisterEvent (PeiServices, Path)) {

+      break;

+    }

+  }

+}

diff --git a/OvmfPkg/PlatformPei/PlatformId.h b/OvmfPkg/PlatformPei/PlatformId.h
new file mode 100644
index 0000000..c8b5528
--- /dev/null
+++ b/OvmfPkg/PlatformPei/PlatformId.h
@@ -0,0 +1,26 @@
+/** @file

+  PlatformId internal header for PlatformPei

+

+  Copyright (c) 2024, Google LLC. All rights reserved.<BR>

+

+  SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#ifndef __PLATFORM_PEI_PLATFORMID_H__

+#define __PLATFORM_PEI_PLATFORMID_H__

+

+/**

+ * Reads opt/org.tianocode/sp800155evt/%d from 0 to the first positive integer

+ * where the file does not exist and registers each file's contents in an

+ * EFI_HOB_GUID_TYPE with name gTcg800155PlatformIdEventHobGuid. These HOBs

+ * are used by a later driver to write to the event log as unmeasured events.

+ * These events inform the event log analyzer of firmware provenance and

+ * reference integrity manifests.

+**/

+VOID

+PlatformIdInitialization (

+  IN CONST EFI_PEI_SERVICES  **PeiServices

+  );

+

+#endif // __PLATFORM_PEI_PLATFORMID_H__

diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
index e036018..0bb1a46 100644
--- a/OvmfPkg/PlatformPei/PlatformPei.inf
+++ b/OvmfPkg/PlatformPei/PlatformPei.inf
@@ -31,6 +31,8 @@
   MemTypeInfo.c

   Platform.c

   Platform.h

+  PlatformId.c

+  PlatformId.h

   IntelTdx.c

   SmmRelocation.c

 

@@ -47,6 +49,7 @@
   gFdtHobGuid

   gUefiOvmfPkgPlatformInfoGuid

   gGhcbApicIdsGuid

+  gTcg800155PlatformIdEventHobGuid              ## SOMETIMES_PRODUCES

 

 [LibraryClasses]

   BaseLib

@@ -148,4 +151,3 @@
 

 [Depex]

   TRUE

-