[mirror_edk2.git] / SecurityPkg / Library / SecTpmMeasurementLib / SecTpmMeasurementLibTdx.c

/** @file\r
  This library is used by other modules to measure data to TPM.\r
\r
Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiPei.h>\r
#include <Guid/CcEventHob.h>\r
#include <Library/BaseLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/DebugLib.h>\r
#include <Library/HashLib.h>\r
#include <Library/HobLib.h>\r
#include <Library/PrintLib.h>\r
#include <IndustryStandard/Tpm20.h>\r
#include <Protocol/CcMeasurement.h>\r
#include <Library/TpmMeasurementLib.h>\r
\r
#pragma pack(1)\r
\r
typedef struct {\r
  UINT32           Count;\r
  TPMI_ALG_HASH    HashAlg;\r
  BYTE             Sha384[SHA384_DIGEST_SIZE];\r
} TDX_DIGEST_VALUE;\r
\r
#pragma pack()\r
\r
#define INVALID_PCR2MR_INDEX  0xFF\r
\r
/**\r
  Get the mapped RTMR index based on the input PCRIndex.\r
  RTMR[0]  => PCR[1,7]\r
  RTMR[1]  => PCR[2,3,4,5,6]\r
  RTMR[2]  => PCR[8~15]\r
  RTMR[3]  => NA\r
  Note:\r
    PCR[0] is mapped to MRTD and should not appear here.\r
\r
   @param[in] PCRIndex The input PCR index\r
\r
   @retval UINT8   The mapped RTMR index.\r
**/\r
UINT8\r
GetMappedRtmrIndex (\r
  IN UINT32  PCRIndex\r
  )\r
{\r
  UINT8  RtmrIndex;\r
\r
  if ((PCRIndex == 0) || (PCRIndex > 15)) {\r
    DEBUG ((DEBUG_ERROR, "Invalid PCRIndex(%d) map to MR Index.\n", PCRIndex));\r
    ASSERT (FALSE);\r
    return INVALID_PCR2MR_INDEX;\r
  }\r
\r
  RtmrIndex = 0;\r
  if ((PCRIndex == 1) || (PCRIndex == 7)) {\r
    RtmrIndex = 0;\r
  } else if ((PCRIndex >= 2) && (PCRIndex <= 6)) {\r
    RtmrIndex = 1;\r
  } else if ((PCRIndex >= 8) && (PCRIndex <= 15)) {\r
    RtmrIndex = 2;\r
  }\r
\r
  return RtmrIndex;\r
}\r
\r
/**\r
  Tpm measure and log data, and extend the measurement result into a specific PCR.\r
\r
  @param[in]  PcrIndex         PCR Index.\r
  @param[in]  EventType        Event type.\r
  @param[in]  EventLog         Measurement event log.\r
  @param[in]  LogLen           Event log length in bytes.\r
  @param[in]  HashData         The start of the data buffer to be hashed, extended.\r
  @param[in]  HashDataLen      The length, in bytes, of the buffer referenced by HashData\r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_UNSUPPORTED       TPM device not available.\r
  @retval EFI_OUT_OF_RESOURCES  Out of memory.\r
  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.\r
**/\r
EFI_STATUS\r
EFIAPI\r
TpmMeasureAndLogData (\r
  IN UINT32  PcrIndex,\r
  IN UINT32  EventType,\r
  IN VOID    *EventLog,\r
  IN UINT32  LogLen,\r
  IN VOID    *HashData,\r
  IN UINT64  HashDataLen\r
  )\r
{\r
  EFI_STATUS          Status;\r
  UINT32              RtmrIndex;\r
  VOID                *EventHobData;\r
  TCG_PCR_EVENT2      *TcgPcrEvent2;\r
  UINT8               *DigestBuffer;\r
  TDX_DIGEST_VALUE    *TdxDigest;\r
  TPML_DIGEST_VALUES  DigestList;\r
  UINT8               *Ptr;\r
\r
  if (!TdIsEnabled ()) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  RtmrIndex = GetMappedRtmrIndex (PcrIndex);\r
  if (RtmrIndex == INVALID_PCR2MR_INDEX) {\r
    return EFI_INVALID_PARAMETER;\r
  }\r
\r
  DEBUG ((DEBUG_INFO, "Creating TdTcg2PcrEvent PCR[%d]/RTMR[%d] EventType 0x%x\n", PcrIndex, RtmrIndex, EventType));\r
\r
  Status = HashAndExtend (\r
             RtmrIndex,\r
             (VOID *)HashData,\r
             HashDataLen,\r
             &DigestList\r
             );\r
\r
  if (EFI_ERROR (Status)) {\r
    DEBUG ((DEBUG_INFO, "Failed to HashAndExtend. %r\n", Status));\r
    return Status;\r
  }\r
\r
  //\r
  // Use TDX_DIGEST_VALUE in the GUID HOB DataLength calculation\r
  // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary\r
  // which is limited to a SHA384 digest list\r
  //\r
  EventHobData = BuildGuidHob (\r
                   &gCcEventEntryHobGuid,\r
                   sizeof (TcgPcrEvent2->PCRIndex) + sizeof (TcgPcrEvent2->EventType) +\r
                   sizeof (TDX_DIGEST_VALUE) +\r
                   sizeof (TcgPcrEvent2->EventSize) + LogLen\r
                   );\r
\r
  if (EventHobData == NULL) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  Ptr = (UINT8 *)EventHobData;\r
  //\r
  // Initialize PcrEvent data now\r
  //\r
  RtmrIndex++;\r
  CopyMem (Ptr, &RtmrIndex, sizeof (UINT32));\r
  Ptr += sizeof (UINT32);\r
  CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE));\r
  Ptr += sizeof (TCG_EVENTTYPE);\r
\r
  DigestBuffer = Ptr;\r
\r
  TdxDigest          = (TDX_DIGEST_VALUE *)DigestBuffer;\r
  TdxDigest->Count   = 1;\r
  TdxDigest->HashAlg = TPM_ALG_SHA384;\r
  CopyMem (\r
    TdxDigest->Sha384,\r
    DigestList.digests[0].digest.sha384,\r
    SHA384_DIGEST_SIZE\r
    );\r
\r
  Ptr += sizeof (TDX_DIGEST_VALUE);\r
\r
  CopyMem (Ptr, &LogLen, sizeof (UINT32));\r
  Ptr += sizeof (UINT32);\r
  CopyMem (Ptr, EventLog, LogLen);\r
  Ptr += LogLen;\r
\r
  Status = EFI_SUCCESS;\r
  return Status;\r
}\r
Commit	Line	Data
2818fda9 MX	1	/** @file\r
	2	This library is used by other modules to measure data to TPM.\r
	3	\r
	4	Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>\r
	5	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	6	\r
	7	**/\r
	8	\r
	9	#include <PiPei.h>\r
	10	#include <Guid/CcEventHob.h>\r
	11	#include <Library/BaseLib.h>\r
	12	#include <Library/BaseMemoryLib.h>\r
	13	#include <Library/DebugLib.h>\r
	14	#include <Library/HashLib.h>\r
	15	#include <Library/HobLib.h>\r
	16	#include <Library/PrintLib.h>\r
	17	#include <IndustryStandard/Tpm20.h>\r
	18	#include <Protocol/CcMeasurement.h>\r
	19	#include <Library/TpmMeasurementLib.h>\r
	20	\r
	21	#pragma pack(1)\r
	22	\r
	23	typedef struct {\r
	24	UINT32 Count;\r
	25	TPMI_ALG_HASH HashAlg;\r
	26	BYTE Sha384[SHA384_DIGEST_SIZE];\r
	27	} TDX_DIGEST_VALUE;\r
	28	\r
	29	#pragma pack()\r
	30	\r
	31	#define INVALID_PCR2MR_INDEX 0xFF\r
	32	\r
	33	/**\r
	34	Get the mapped RTMR index based on the input PCRIndex.\r
	35	RTMR[0] => PCR[1,7]\r
01c0d3c0	36	RTMR[1] => PCR[2,3,4,5,6]\r
2818fda9 MX	37	RTMR[2] => PCR[8~15]\r
	38	RTMR[3] => NA\r
	39	Note:\r
	40	PCR[0] is mapped to MRTD and should not appear here.\r
2818fda9 MX	41	\r
	42	@param[in] PCRIndex The input PCR index\r
	43	\r
	44	@retval UINT8 The mapped RTMR index.\r
	45	**/\r
	46	UINT8\r
	47	GetMappedRtmrIndex (\r
	48	IN UINT32 PCRIndex\r
	49	)\r
	50	{\r
	51	UINT8 RtmrIndex;\r
	52	\r
01c0d3c0	53	if ((PCRIndex == 0) \|\| (PCRIndex > 15)) {\r
2818fda9 MX	54	DEBUG ((DEBUG_ERROR, "Invalid PCRIndex(%d) map to MR Index.\n", PCRIndex));\r
	55	ASSERT (FALSE);\r
	56	return INVALID_PCR2MR_INDEX;\r
	57	}\r
	58	\r
	59	RtmrIndex = 0;\r
	60	if ((PCRIndex == 1) \|\| (PCRIndex == 7)) {\r
	61	RtmrIndex = 0;\r
01c0d3c0	62	} else if ((PCRIndex >= 2) && (PCRIndex <= 6)) {\r
2818fda9 MX	63	RtmrIndex = 1;\r
	64	} else if ((PCRIndex >= 8) && (PCRIndex <= 15)) {\r
	65	RtmrIndex = 2;\r
	66	}\r
	67	\r
	68	return RtmrIndex;\r
	69	}\r
	70	\r
	71	/**\r
	72	Tpm measure and log data, and extend the measurement result into a specific PCR.\r
	73	\r
	74	@param[in] PcrIndex PCR Index.\r
	75	@param[in] EventType Event type.\r
	76	@param[in] EventLog Measurement event log.\r
	77	@param[in] LogLen Event log length in bytes.\r
	78	@param[in] HashData The start of the data buffer to be hashed, extended.\r
	79	@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData\r
	80	\r
	81	@retval EFI_SUCCESS Operation completed successfully.\r
	82	@retval EFI_UNSUPPORTED TPM device not available.\r
	83	@retval EFI_OUT_OF_RESOURCES Out of memory.\r
	84	@retval EFI_DEVICE_ERROR The operation was unsuccessful.\r
	85	**/\r
	86	EFI_STATUS\r
	87	EFIAPI\r
	88	TpmMeasureAndLogData (\r
	89	IN UINT32 PcrIndex,\r
	90	IN UINT32 EventType,\r
	91	IN VOID *EventLog,\r
	92	IN UINT32 LogLen,\r
	93	IN VOID *HashData,\r
	94	IN UINT64 HashDataLen\r
	95	)\r
	96	{\r
	97	EFI_STATUS Status;\r
	98	UINT32 RtmrIndex;\r
	99	VOID *EventHobData;\r
	100	TCG_PCR_EVENT2 *TcgPcrEvent2;\r
	101	UINT8 *DigestBuffer;\r
	102	TDX_DIGEST_VALUE *TdxDigest;\r
	103	TPML_DIGEST_VALUES DigestList;\r
	104	UINT8 *Ptr;\r
	105	\r
	106	if (!TdIsEnabled ()) {\r
	107	return EFI_UNSUPPORTED;\r
	108	}\r
	109	\r
	110	RtmrIndex = GetMappedRtmrIndex (PcrIndex);\r
	111	if (RtmrIndex == INVALID_PCR2MR_INDEX) {\r
	112	return EFI_INVALID_PARAMETER;\r
	113	}\r
	114	\r
	115	DEBUG ((DEBUG_INFO, "Creating TdTcg2PcrEvent PCR[%d]/RTMR[%d] EventType 0x%x\n", PcrIndex, RtmrIndex, EventType));\r
	116	\r
	117	Status = HashAndExtend (\r
	118	RtmrIndex,\r
	119	(VOID *)HashData,\r
	120	HashDataLen,\r
	121	&DigestList\r
	122	);\r
	123	\r
	124	if (EFI_ERROR (Status)) {\r
	125	DEBUG ((DEBUG_INFO, "Failed to HashAndExtend. %r\n", Status));\r
	126	return Status;\r
127	}\r
128	\r
129	//\r
130	// Use TDX_DIGEST_VALUE in the GUID HOB DataLength calculation\r
131	// to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary\r
132	// which is limited to a SHA384 digest list\r
133	//\r
134	EventHobData = BuildGuidHob (\r
135	&gCcEventEntryHobGuid,\r
136	sizeof (TcgPcrEvent2->PCRIndex) + sizeof (TcgPcrEvent2->EventType) +\r
137	sizeof (TDX_DIGEST_VALUE) +\r
138	sizeof (TcgPcrEvent2->EventSize) + LogLen\r
139	);\r
140	\r
141	if (EventHobData == NULL) {\r
142	return EFI_OUT_OF_RESOURCES;\r
143	}\r
144	\r
145	Ptr = (UINT8 *)EventHobData;\r
146	//\r
147	// Initialize PcrEvent data now\r
148	//\r
149	RtmrIndex++;\r
150	CopyMem (Ptr, &RtmrIndex, sizeof (UINT32));\r
151	Ptr += sizeof (UINT32);\r
152	CopyMem (Ptr, &EventType, sizeof (TCG_EVENTTYPE));\r
153	Ptr += sizeof (TCG_EVENTTYPE);\r
154	\r
155	DigestBuffer = Ptr;\r
156	\r
157	TdxDigest = (TDX_DIGEST_VALUE *)DigestBuffer;\r
158	TdxDigest->Count = 1;\r
159	TdxDigest->HashAlg = TPM_ALG_SHA384;\r
160	CopyMem (\r
161	TdxDigest->Sha384,\r
162	DigestList.digests[0].digest.sha384,\r
163	SHA384_DIGEST_SIZE\r
164	);\r
165	\r
166	Ptr += sizeof (TDX_DIGEST_VALUE);\r
167	\r
168	CopyMem (Ptr, &LogLen, sizeof (UINT32));\r
169	Ptr += sizeof (UINT32);\r
170	CopyMem (Ptr, EventLog, LogLen);\r
171	Ptr += LogLen;\r
172	\r
173	Status = EFI_SUCCESS;\r
174	return Status;\r
175	}\r