[mirror_edk2.git] / OvmfPkg / IntelTdx / TdxHelperLib / SecTdxHelper.c

/** @file\r
  TdxHelper Functions which are used in SEC phase\r
\r
  Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>\r
\r
  SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiPei.h>\r
#include <Library/BaseLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/HobLib.h>\r
#include <Library/BaseCryptLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <IndustryStandard/Tdx.h>\r
#include <IndustryStandard/IntelTdx.h>\r
#include <IndustryStandard/Tpm20.h>\r
#include <Library/TdxLib.h>\r
#include <Pi/PrePiHob.h>\r
#include <WorkArea.h>\r
#include <ConfidentialComputingGuestAttr.h>\r
#include <Library/TdxHelperLib.h>\r
\r
/**\r
  Build the GuidHob for tdx measurements which were done in SEC phase.\r
  The measurement values are stored in WorkArea.\r
\r
  @retval EFI_SUCCESS  The GuidHob is built successfully\r
  @retval Others       Other errors as indicated\r
**/\r
EFI_STATUS\r
InternalBuildGuidHobForTdxMeasurement (\r
  VOID\r
  );\r
\r
/**\r
  In Tdx guest, some information need to be passed from host VMM to guest\r
  firmware. For example, the memory resource, etc. These information are\r
  prepared by host VMM and put in TdHob which is described in TdxMetadata.\r
  TDVF processes the TdHob to accept memories.\r
\r
  @retval   EFI_SUCCESS   Successfully process the TdHob\r
  @retval   Others        Other error as indicated\r
**/\r
EFI_STATUS\r
EFIAPI\r
TdxHelperProcessTdHob (\r
  VOID\r
  )\r
{\r
  return EFI_UNSUPPORTED;\r
}\r
\r
/**\r
 * Calculate the sha384 of input Data and extend it to RTMR register.\r
 *\r
 * @param RtmrIndex       Index of the RTMR register\r
 * @param DataToHash      Data to be hashed\r
 * @param DataToHashLen   Length of the data\r
 * @param Digest          Hash value of the input data\r
 * @param DigestLen       Length of the hash value\r
 *\r
 * @retval EFI_SUCCESS    Successfully hash and extend to RTMR\r
 * @retval Others         Other errors as indicated\r
 */\r
STATIC\r
EFI_STATUS\r
HashAndExtendToRtmr (\r
  IN UINT32  RtmrIndex,\r
  IN VOID    *DataToHash,\r
  IN UINTN   DataToHashLen,\r
  OUT UINT8  *Digest,\r
  IN  UINTN  DigestLen\r
  )\r
{\r
  EFI_STATUS  Status;\r
\r
  if ((DataToHash == NULL) || (DataToHashLen == 0)) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  if ((Digest == NULL) || (DigestLen != SHA384_DIGEST_SIZE)) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  //\r
  // Calculate the sha384 of the data\r
  //\r
  if (!Sha384HashAll (DataToHash, DataToHashLen, Digest)) {\r
    return EFI_ABORTED;\r
  }\r
\r
  //\r
  // Extend to RTMR\r
  //\r
  Status = TdExtendRtmr (\r
             (UINT32 *)Digest,\r
             SHA384_DIGEST_SIZE,\r
             (UINT8)RtmrIndex\r
             );\r
\r
  ASSERT (!EFI_ERROR (Status));\r
  return Status;\r
}\r
\r
/**\r
  In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains\r
  the information of the memory resource. From the security perspective before\r
  it is consumed, it should be measured and extended.\r
 *\r
 * @retval EFI_SUCCESS Successfully measure the TdHob\r
 * @retval Others      Other error as indicated\r
 */\r
EFI_STATUS\r
EFIAPI\r
TdxHelperMeasureTdHob (\r
  VOID\r
  )\r
{\r
  EFI_PEI_HOB_POINTERS  Hob;\r
  EFI_STATUS            Status;\r
  UINT8                 Digest[SHA384_DIGEST_SIZE];\r
  OVMF_WORK_AREA        *WorkArea;\r
  VOID                  *TdHob;\r
\r
  TdHob   = (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);\r
  Hob.Raw = (UINT8 *)TdHob;\r
\r
  //\r
  // Walk thru the TdHob list until end of list.\r
  //\r
  while (!END_OF_HOB_LIST (Hob)) {\r
    Hob.Raw = GET_NEXT_HOB (Hob);\r
  }\r
\r
  Status = HashAndExtendToRtmr (\r
             0,\r
             (UINT8 *)TdHob,\r
             (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)TdHob),\r
             Digest,\r
             SHA384_DIGEST_SIZE\r
             );\r
\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  //\r
  // This function is called in SEC phase and at that moment the Hob service\r
  // is not available. So the TdHob measurement value is stored in workarea.\r
  //\r
  WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);\r
  if (WorkArea == NULL) {\r
    return EFI_DEVICE_ERROR;\r
  }\r
\r
  WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap |= TDX_MEASUREMENT_TDHOB_BITMASK;\r
  CopyMem (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.TdHobHashValue, Digest, SHA384_DIGEST_SIZE);\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
 * In Tdx guest, Configuration FV (CFV) is treated as external input because it\r
 * may contain the data provided by VMM. From the sucurity perspective Cfv image\r
 * should be measured before it is consumed.\r
 *\r
 * @retval EFI_SUCCESS Successfully measure the CFV image\r
 * @retval Others      Other error as indicated\r
 */\r
EFI_STATUS\r
EFIAPI\r
TdxHelperMeasureCfvImage (\r
  VOID\r
  )\r
{\r
  return EFI_UNSUPPORTED;\r
}\r
\r
/**\r
  Build the GuidHob for tdx measurements which were done in SEC phase.\r
  The measurement values are stored in WorkArea.\r
\r
  @retval EFI_SUCCESS  The GuidHob is built successfully\r
  @retval Others       Other errors as indicated\r
**/\r
EFI_STATUS\r
EFIAPI\r
TdxHelperBuildGuidHobForTdxMeasurement (\r
  VOID\r
  )\r
{\r
 #ifdef TDX_PEI_LESS_BOOT\r
  return InternalBuildGuidHobForTdxMeasurement ();\r
 #else\r
  return EFI_UNSUPPORTED;\r
 #endif\r
}\r
Commit	Line	Data
d09c1d4b MX	1	/** @file\r
	2	TdxHelper Functions which are used in SEC phase\r
	3	\r
	4	Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>\r
	5	\r
	6	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	7	\r
	8	**/\r
	9	\r
	10	#include <PiPei.h>\r
f41acc65 MX	11	#include <Library/BaseLib.h>\r
	12	#include <Library/DebugLib.h>\r
	13	#include <Library/HobLib.h>\r
	14	#include <Library/BaseCryptLib.h>\r
	15	#include <Library/BaseMemoryLib.h>\r
	16	#include <IndustryStandard/Tdx.h>\r
	17	#include <IndustryStandard/IntelTdx.h>\r
	18	#include <IndustryStandard/Tpm20.h>\r
	19	#include <Library/TdxLib.h>\r
	20	#include <Pi/PrePiHob.h>\r
	21	#include <WorkArea.h>\r
	22	#include <ConfidentialComputingGuestAttr.h>\r
	23	#include <Library/TdxHelperLib.h>\r
	24	\r
	25	/**\r
	26	Build the GuidHob for tdx measurements which were done in SEC phase.\r
	27	The measurement values are stored in WorkArea.\r
	28	\r
	29	@retval EFI_SUCCESS The GuidHob is built successfully\r
	30	@retval Others Other errors as indicated\r
	31	**/\r
	32	EFI_STATUS\r
	33	InternalBuildGuidHobForTdxMeasurement (\r
	34	VOID\r
	35	);\r
d09c1d4b MX	36	\r
	37	/**\r
	38	In Tdx guest, some information need to be passed from host VMM to guest\r
	39	firmware. For example, the memory resource, etc. These information are\r
	40	prepared by host VMM and put in TdHob which is described in TdxMetadata.\r
	41	TDVF processes the TdHob to accept memories.\r
	42	\r
	43	@retval EFI_SUCCESS Successfully process the TdHob\r
	44	@retval Others Other error as indicated\r
	45	**/\r
	46	EFI_STATUS\r
	47	EFIAPI\r
	48	TdxHelperProcessTdHob (\r
	49	VOID\r
	50	)\r
	51	{\r
	52	return EFI_UNSUPPORTED;\r
	53	}\r
	54	\r
f41acc65 MX	55	/**\r
	56	* Calculate the sha384 of input Data and extend it to RTMR register.\r
	57	*\r
	58	* @param RtmrIndex Index of the RTMR register\r
	59	* @param DataToHash Data to be hashed\r
	60	* @param DataToHashLen Length of the data\r
	61	* @param Digest Hash value of the input data\r
	62	* @param DigestLen Length of the hash value\r
	63	*\r
	64	* @retval EFI_SUCCESS Successfully hash and extend to RTMR\r
	65	* @retval Others Other errors as indicated\r
	66	*/\r
	67	STATIC\r
	68	EFI_STATUS\r
	69	HashAndExtendToRtmr (\r
	70	IN UINT32 RtmrIndex,\r
	71	IN VOID *DataToHash,\r
	72	IN UINTN DataToHashLen,\r
	73	OUT UINT8 *Digest,\r
	74	IN UINTN DigestLen\r
	75	)\r
	76	{\r
	77	EFI_STATUS Status;\r
	78	\r
	79	if ((DataToHash == NULL) \|\| (DataToHashLen == 0)) {\r
	80	return EFI_INVALID_PARAMETER;\r
	81	}\r
	82	\r
	83	if ((Digest == NULL) \|\| (DigestLen != SHA384_DIGEST_SIZE)) {\r
	84	return EFI_INVALID_PARAMETER;\r
	85	}\r
	86	\r
	87	//\r
	88	// Calculate the sha384 of the data\r
	89	//\r
	90	if (!Sha384HashAll (DataToHash, DataToHashLen, Digest)) {\r
	91	return EFI_ABORTED;\r
	92	}\r
	93	\r
	94	//\r
	95	// Extend to RTMR\r
	96	//\r
	97	Status = TdExtendRtmr (\r
	98	(UINT32 *)Digest,\r
	99	SHA384_DIGEST_SIZE,\r
	100	(UINT8)RtmrIndex\r
	101	);\r
	102	\r
	103	ASSERT (!EFI_ERROR (Status));\r
	104	return Status;\r
	105	}\r
	106	\r
d09c1d4b MX	107	/**\r
	108	In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains\r
	109	the information of the memory resource. From the security perspective before\r
	110	it is consumed, it should be measured and extended.\r
	111	*\r
	112	* @retval EFI_SUCCESS Successfully measure the TdHob\r
	113	* @retval Others Other error as indicated\r
	114	*/\r
	115	EFI_STATUS\r
	116	EFIAPI\r
	117	TdxHelperMeasureTdHob (\r
	118	VOID\r
	119	)\r
	120	{\r
f41acc65 MX	121	EFI_PEI_HOB_POINTERS Hob;\r
	122	EFI_STATUS Status;\r
	123	UINT8 Digest[SHA384_DIGEST_SIZE];\r
	124	OVMF_WORK_AREA *WorkArea;\r
	125	VOID *TdHob;\r
	126	\r
	127	TdHob = (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);\r
	128	Hob.Raw = (UINT8 *)TdHob;\r
	129	\r
	130	//\r
	131	// Walk thru the TdHob list until end of list.\r
	132	//\r
	133	while (!END_OF_HOB_LIST (Hob)) {\r
	134	Hob.Raw = GET_NEXT_HOB (Hob);\r
	135	}\r
	136	\r
	137	Status = HashAndExtendToRtmr (\r
	138	0,\r
	139	(UINT8 *)TdHob,\r
	140	(UINTN)((UINT8 )Hob.Raw - (UINT8 )TdHob),\r
	141	Digest,\r
	142	SHA384_DIGEST_SIZE\r
	143	);\r
	144	\r
	145	if (EFI_ERROR (Status)) {\r
	146	return Status;\r
	147	}\r
	148	\r
	149	//\r
	150	// This function is called in SEC phase and at that moment the Hob service\r
	151	// is not available. So the TdHob measurement value is stored in workarea.\r
	152	//\r
	153	WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);\r
	154	if (WorkArea == NULL) {\r
	155	return EFI_DEVICE_ERROR;\r
	156	}\r
	157	\r
	158	WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap \|= TDX_MEASUREMENT_TDHOB_BITMASK;\r
	159	CopyMem (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.TdHobHashValue, Digest, SHA384_DIGEST_SIZE);\r
	160	\r
	161	return EFI_SUCCESS;\r
d09c1d4b MX	162	}\r
	163	\r
	164	/**\r
	165	* In Tdx guest, Configuration FV (CFV) is treated as external input because it\r
	166	* may contain the data provided by VMM. From the sucurity perspective Cfv image\r
	167	* should be measured before it is consumed.\r
	168	*\r
	169	* @retval EFI_SUCCESS Successfully measure the CFV image\r
	170	* @retval Others Other error as indicated\r
	171	*/\r
	172	EFI_STATUS\r
	173	EFIAPI\r
	174	TdxHelperMeasureCfvImage (\r
	175	VOID\r
	176	)\r
	177	{\r
	178	return EFI_UNSUPPORTED;\r
	179	}\r
	180	\r
	181	/**\r
	182	Build the GuidHob for tdx measurements which were done in SEC phase.\r
	183	The measurement values are stored in WorkArea.\r
	184	\r
	185	@retval EFI_SUCCESS The GuidHob is built successfully\r
	186	@retval Others Other errors as indicated\r
	187	**/\r
	188	EFI_STATUS\r
	189	EFIAPI\r
	190	TdxHelperBuildGuidHobForTdxMeasurement (\r
	191	VOID\r
	192	)\r
	193	{\r
f41acc65 MX	194	#ifdef TDX_PEI_LESS_BOOT\r
	195	return InternalBuildGuidHobForTdxMeasurement ();\r
	196	#else\r
d09c1d4b	197	return EFI_UNSUPPORTED;\r
f41acc65	198	#endif\r
d09c1d4b	199	}\r