OvmfPkg/Library/PeilessStartupLib/IntelTdx.c

   1 /** @file
   2   Copyright (c) 2022, Intel Corporation. All rights reserved.<BR>
   3   SPDX-License-Identifier: BSD-2-Clause-Patent
   4 **/
   5
   6 #include <PiPei.h>
   7 #include <Library/BaseLib.h>
   8 #include <Library/BaseMemoryLib.h>
   9 #include <Library/DebugLib.h>
  10 #include <Guid/VariableFormat.h>
  11 #include <Guid/SystemNvDataGuid.h>
  12 #include "PeilessStartupInternal.h"
  13
  14 /**
  15   Check padding data all bit should be 1.
  16
  17   @param[in] Buffer     - A pointer to buffer header
  18   @param[in] BufferSize - Buffer size
  19
  20   @retval  TRUE   - The padding data is valid.
  21   @retval  TRUE  - The padding data is invalid.
  22
  23 **/
  24 BOOLEAN
  25 CheckPaddingData (
  26   IN UINT8   *Buffer,
  27   IN UINT32  BufferSize
  28   )
  29 {
  30   UINT32  index;
  31
  32   for (index = 0; index < BufferSize; index++) {
  33     if (Buffer[index] != 0xFF) {
  34       return FALSE;
  35     }
  36   }
  37
  38   return TRUE;
  39 }
  40
  41 /**
  42   Check the integrity of CFV data.
  43
  44   @param[in] TdxCfvBase - A pointer to CFV header
  45   @param[in] TdxCfvSize - CFV data size
  46
  47   @retval  TRUE   - The CFV data is valid.
  48   @retval  FALSE  - The CFV data is invalid.
  49
  50 **/
  51 BOOLEAN
  52 EFIAPI
  53 TdxValidateCfv (
  54   IN UINT8   *TdxCfvBase,
  55   IN UINT32  TdxCfvSize
  56   )
  57 {
  58   UINT16                         Checksum;
  59   UINTN                          VariableBase;
  60   UINT32                         VariableOffset;
  61   UINT32                         VariableOffsetBeforeAlign;
  62   EFI_FIRMWARE_VOLUME_HEADER     *CfvFvHeader;
  63   VARIABLE_STORE_HEADER          *CfvVariableStoreHeader;
  64   AUTHENTICATED_VARIABLE_HEADER  *VariableHeader;
  65
  66   static EFI_GUID  FvHdrGUID       = EFI_SYSTEM_NV_DATA_FV_GUID;
  67   static EFI_GUID  VarStoreHdrGUID = EFI_AUTHENTICATED_VARIABLE_GUID;
  68
  69   VariableOffset = 0;
  70
  71   if (TdxCfvBase == NULL) {
  72     DEBUG ((DEBUG_ERROR, "TDX CFV: CFV pointer is NULL\n"));
  73     return FALSE;
  74   }
  75
  76   //
  77   // Verify the header zerovetor, filesystemguid,
  78   // revision, signature, attributes, fvlength, checksum
  79   // HeaderLength cannot be an odd number
  80   //
  81   CfvFvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)TdxCfvBase;
  82
  83   if ((!IsZeroBuffer (CfvFvHeader->ZeroVector, 16)) ||
  84       (!CompareGuid (&FvHdrGUID, &CfvFvHeader->FileSystemGuid)) ||
  85       (CfvFvHeader->Signature != EFI_FVH_SIGNATURE) ||
  86       (CfvFvHeader->Attributes != 0x4feff) ||
  87       (CfvFvHeader->Revision != EFI_FVH_REVISION) ||
  88       (CfvFvHeader->FvLength != TdxCfvSize)
  89       )
  90   {
  91     DEBUG ((DEBUG_ERROR, "TDX CFV: Basic FV headers were invalid\n"));
  92     return FALSE;
  93   }
  94
  95   //
  96   // Verify the header checksum
  97   //
  98   Checksum = CalculateSum16 ((VOID *)CfvFvHeader, CfvFvHeader->HeaderLength);
  99
 100   if (Checksum != 0) {
 101     DEBUG ((DEBUG_ERROR, "TDX CFV: FV checksum was invalid\n"));
 102     return FALSE;
 103   }
 104
 105   //
 106   // Verify the header signature, size, format, state
 107   //
 108   CfvVariableStoreHeader = (VARIABLE_STORE_HEADER *)(TdxCfvBase + CfvFvHeader->HeaderLength);
 109   if ((!CompareGuid (&VarStoreHdrGUID, &CfvVariableStoreHeader->Signature)) ||
 110       (CfvVariableStoreHeader->Format != VARIABLE_STORE_FORMATTED) ||
 111       (CfvVariableStoreHeader->State != VARIABLE_STORE_HEALTHY) ||
 112       (CfvVariableStoreHeader->Size > (CfvFvHeader->FvLength - CfvFvHeader->HeaderLength)) ||
 113       (CfvVariableStoreHeader->Size < sizeof (VARIABLE_STORE_HEADER))
 114       )
 115   {
 116     DEBUG ((DEBUG_ERROR, "TDX CFV: Variable Store header was invalid\n"));
 117     return FALSE;
 118   }
 119
 120   //
 121   // Verify the header startId, state
 122   // Verify data to the end
 123   //
 124   VariableBase = (UINTN)TdxCfvBase + CfvFvHeader->HeaderLength + sizeof (VARIABLE_STORE_HEADER);
 125   while (VariableOffset  < (CfvVariableStoreHeader->Size - sizeof (VARIABLE_STORE_HEADER))) {
 126     VariableHeader = (AUTHENTICATED_VARIABLE_HEADER *)(VariableBase + VariableOffset);
 127     if (VariableHeader->StartId != VARIABLE_DATA) {
 128       if (!CheckPaddingData ((UINT8 *)VariableHeader, CfvVariableStoreHeader->Size - sizeof (VARIABLE_STORE_HEADER) - VariableOffset)) {
 129         DEBUG ((DEBUG_ERROR, "TDX CFV: Variable header was invalid\n"));
 130         return FALSE;
 131       }
 132
 133       VariableOffset = CfvVariableStoreHeader->Size - sizeof (VARIABLE_STORE_HEADER);
 134     } else {
 135       if (!((VariableHeader->State == VAR_IN_DELETED_TRANSITION) ||
 136             (VariableHeader->State == VAR_DELETED) ||
 137             (VariableHeader->State == VAR_HEADER_VALID_ONLY) ||
 138             (VariableHeader->State == VAR_ADDED)))
 139       {
 140         DEBUG ((DEBUG_ERROR, "TDX CFV: Variable header was invalid\n"));
 141         return FALSE;
 142       }
 143
 144       VariableOffset += sizeof (AUTHENTICATED_VARIABLE_HEADER) + VariableHeader->NameSize + VariableHeader->DataSize;
 145       // Verify VariableOffset should be less than or equal CfvVariableStoreHeader->Size - sizeof(VARIABLE_STORE_HEADER)
 146       if (VariableOffset > (CfvVariableStoreHeader->Size - sizeof (VARIABLE_STORE_HEADER))) {
 147         DEBUG ((DEBUG_ERROR, "TDX CFV: Variable header was invalid\n"));
 148         return FALSE;
 149       }
 150
 151       VariableOffsetBeforeAlign = VariableOffset;
 152       // 4 byte align
 153       VariableOffset = (VariableOffset  + 3) & (UINTN)(~3);
 154
 155       if (!CheckPaddingData ((UINT8 *)(VariableBase + VariableOffsetBeforeAlign), VariableOffset - VariableOffsetBeforeAlign)) {
 156         DEBUG ((DEBUG_ERROR, "TDX CFV: Variable header was invalid\n"));
 157         return FALSE;
 158       }
 159     }
 160   }
 161
 162   return TRUE;
 163 }