OvmfPkg/IntelTdx/TdxHelperLib/SecTdxHelper.c

   1 /** @file
   2   TdxHelper Functions which are used in SEC phase
   3
   4   Copyright (c) 2022 - 2023, Intel Corporation. All rights reserved.<BR>
   5
   6   SPDX-License-Identifier: BSD-2-Clause-Patent
   7
   8 **/
   9
  10 #include <PiPei.h>
  11 #include <Library/BaseLib.h>
  12 #include <Library/DebugLib.h>
  13 #include <Library/HobLib.h>
  14 #include <Library/BaseCryptLib.h>
  15 #include <Library/BaseMemoryLib.h>
  16 #include <IndustryStandard/Tdx.h>
  17 #include <IndustryStandard/IntelTdx.h>
  18 #include <IndustryStandard/Tpm20.h>
  19 #include <Library/TdxLib.h>
  20 #include <Pi/PrePiHob.h>
  21 #include <WorkArea.h>
  22 #include <ConfidentialComputingGuestAttr.h>
  23 #include <Library/TdxHelperLib.h>
  24
  25 /**
  26   Build the GuidHob for tdx measurements which were done in SEC phase.
  27   The measurement values are stored in WorkArea.
  28
  29   @retval EFI_SUCCESS  The GuidHob is built successfully
  30   @retval Others       Other errors as indicated
  31 **/
  32 EFI_STATUS
  33 InternalBuildGuidHobForTdxMeasurement (
  34   VOID
  35   );
  36
  37 /**
  38   In Tdx guest, some information need to be passed from host VMM to guest
  39   firmware. For example, the memory resource, etc. These information are
  40   prepared by host VMM and put in TdHob which is described in TdxMetadata.
  41   TDVF processes the TdHob to accept memories.
  42
  43   @retval   EFI_SUCCESS   Successfully process the TdHob
  44   @retval   Others        Other error as indicated
  45 **/
  46 EFI_STATUS
  47 EFIAPI
  48 TdxHelperProcessTdHob (
  49   VOID
  50   )
  51 {
  52   return EFI_UNSUPPORTED;
  53 }
  54
  55 /**
  56  * Calculate the sha384 of input Data and extend it to RTMR register.
  57  *
  58  * @param RtmrIndex       Index of the RTMR register
  59  * @param DataToHash      Data to be hashed
  60  * @param DataToHashLen   Length of the data
  61  * @param Digest          Hash value of the input data
  62  * @param DigestLen       Length of the hash value
  63  *
  64  * @retval EFI_SUCCESS    Successfully hash and extend to RTMR
  65  * @retval Others         Other errors as indicated
  66  */
  67 STATIC
  68 EFI_STATUS
  69 HashAndExtendToRtmr (
  70   IN UINT32  RtmrIndex,
  71   IN VOID    *DataToHash,
  72   IN UINTN   DataToHashLen,
  73   OUT UINT8  *Digest,
  74   IN  UINTN  DigestLen
  75   )
  76 {
  77   EFI_STATUS  Status;
  78
  79   if ((DataToHash == NULL) || (DataToHashLen == 0)) {
  80     return EFI_INVALID_PARAMETER;
  81   }
  82
  83   if ((Digest == NULL) || (DigestLen != SHA384_DIGEST_SIZE)) {
  84     return EFI_INVALID_PARAMETER;
  85   }
  86
  87   //
  88   // Calculate the sha384 of the data
  89   //
  90   if (!Sha384HashAll (DataToHash, DataToHashLen, Digest)) {
  91     return EFI_ABORTED;
  92   }
  93
  94   //
  95   // Extend to RTMR
  96   //
  97   Status = TdExtendRtmr (
  98              (UINT32 *)Digest,
  99              SHA384_DIGEST_SIZE,
 100              (UINT8)RtmrIndex
 101              );
 102
 103   ASSERT (!EFI_ERROR (Status));
 104   return Status;
 105 }
 106
 107 /**
 108   In Tdx guest, TdHob is passed from host VMM to guest firmware and it contains
 109   the information of the memory resource. From the security perspective before
 110   it is consumed, it should be measured and extended.
 111  *
 112  * @retval EFI_SUCCESS Successfully measure the TdHob
 113  * @retval Others      Other error as indicated
 114  */
 115 EFI_STATUS
 116 EFIAPI
 117 TdxHelperMeasureTdHob (
 118   VOID
 119   )
 120 {
 121   EFI_PEI_HOB_POINTERS  Hob;
 122   EFI_STATUS            Status;
 123   UINT8                 Digest[SHA384_DIGEST_SIZE];
 124   OVMF_WORK_AREA        *WorkArea;
 125   VOID                  *TdHob;
 126
 127   TdHob   = (VOID *)(UINTN)FixedPcdGet32 (PcdOvmfSecGhcbBase);
 128   Hob.Raw = (UINT8 *)TdHob;
 129
 130   //
 131   // Walk thru the TdHob list until end of list.
 132   //
 133   while (!END_OF_HOB_LIST (Hob)) {
 134     Hob.Raw = GET_NEXT_HOB (Hob);
 135   }
 136
 137   Status = HashAndExtendToRtmr (
 138              0,
 139              (UINT8 *)TdHob,
 140              (UINTN)((UINT8 *)Hob.Raw - (UINT8 *)TdHob),
 141              Digest,
 142              SHA384_DIGEST_SIZE
 143              );
 144
 145   if (EFI_ERROR (Status)) {
 146     return Status;
 147   }
 148
 149   //
 150   // This function is called in SEC phase and at that moment the Hob service
 151   // is not available. So the TdHob measurement value is stored in workarea.
 152   //
 153   WorkArea = (OVMF_WORK_AREA *)FixedPcdGet32 (PcdOvmfWorkAreaBase);
 154   if (WorkArea == NULL) {
 155     return EFI_DEVICE_ERROR;
 156   }
 157
 158   WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.MeasurementsBitmap |= TDX_MEASUREMENT_TDHOB_BITMASK;
 159   CopyMem (WorkArea->TdxWorkArea.SecTdxWorkArea.TdxMeasurementsData.TdHobHashValue, Digest, SHA384_DIGEST_SIZE);
 160
 161   return EFI_SUCCESS;
 162 }
 163
 164 /**
 165  * In Tdx guest, Configuration FV (CFV) is treated as external input because it
 166  * may contain the data provided by VMM. From the sucurity perspective Cfv image
 167  * should be measured before it is consumed.
 168  *
 169  * @retval EFI_SUCCESS Successfully measure the CFV image
 170  * @retval Others      Other error as indicated
 171  */
 172 EFI_STATUS
 173 EFIAPI
 174 TdxHelperMeasureCfvImage (
 175   VOID
 176   )
 177 {
 178   return EFI_UNSUPPORTED;
 179 }
 180
 181 /**
 182   Build the GuidHob for tdx measurements which were done in SEC phase.
 183   The measurement values are stored in WorkArea.
 184
 185   @retval EFI_SUCCESS  The GuidHob is built successfully
 186   @retval Others       Other errors as indicated
 187 **/
 188 EFI_STATUS
 189 EFIAPI
 190 TdxHelperBuildGuidHobForTdxMeasurement (
 191   VOID
 192   )
 193 {
 194  #ifdef TDX_PEI_LESS_BOOT
 195   return InternalBuildGuidHobForTdxMeasurement ();
 196  #else
 197   return EFI_UNSUPPORTED;
 198  #endif
 199 }