OvmfPkg: add library class BlobVerifierLib with null implementation

BlobVerifierLib will be used to verify blobs fetching them from QEMU's
firmware config (fw_cfg) in platforms that enable such verification.

The null implementation BlobVerifierLibNull treats all blobs as valid.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Ashish Kalra <ashish.kalra@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Erdem Aktas <erdemaktas@google.com>
Cc: James Bottomley <jejb@linux.ibm.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Min Xu <min.m.xu@intel.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3457
Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

diff --git a/OvmfPkg/Include/Library/BlobVerifierLib.h b/OvmfPkg/Include/Library/BlobVerifierLib.h
new file mode 100644 (file)
index 0000000..65c01af
--- /dev/null
+++ b/OvmfPkg/Include/Library/BlobVerifierLib.h
@@ -0,0 +1,38 @@
+/** @file\r
+\r
+  Blob verification library\r
+\r
+  This library class allows verifiying whether blobs from external sources\r
+  (such as QEMU's firmware config) are trusted.\r
+\r
+  Copyright (C) 2021, IBM Corporation\r
+\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+**/\r
+\r
+#ifndef BLOB_VERIFIER_LIB_H_\r
+#define BLOB_VERIFIER_LIB_H_\r
+\r
+#include <Uefi/UefiBaseType.h>\r
+#include <Base.h>\r
+\r
+/**\r
+  Verify blob from an external source.\r
+\r
+  @param[in] BlobName           The name of the blob\r
+  @param[in] Buf                The data of the blob\r
+  @param[in] BufSize            The size of the blob in bytes\r
+\r
+  @retval EFI_SUCCESS           The blob was verified successfully.\r
+  @retval EFI_ACCESS_DENIED     The blob could not be verified, and therefore\r
+                                should be considered non-secure.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+VerifyBlob (\r
+  IN  CONST CHAR16    *BlobName,\r
+  IN  CONST VOID      *Buf,\r
+  IN  UINT32          BufSize\r
+  );\r
+\r
+#endif\r

diff --git a/OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf b/OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
new file mode 100644 (file)
index 0000000..850d398
--- /dev/null
+++ b/OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierLibNull.inf
@@ -0,0 +1,24 @@
+## @file\r
+#\r
+#  Null implementation of the blob verifier library.\r
+#\r
+#  Copyright (C) 2021, IBM Corp\r
+#\r
+#  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+#\r
+##\r
+\r
+[Defines]\r
+  INF_VERSION                    = 1.29\r
+  BASE_NAME                      = BlobVerifierLibNull\r
+  FILE_GUID                      = b1b5533e-e01a-43bb-9e54-414f00ca036e\r
+  MODULE_TYPE                    = BASE\r
+  VERSION_STRING                 = 1.0\r
+  LIBRARY_CLASS                  = BlobVerifierLib\r
+\r
+[Sources]\r
+  BlobVerifierNull.c\r
+\r
+[Packages]\r
+  MdePkg/MdePkg.dec\r
+  OvmfPkg/OvmfPkg.dec\r

diff --git a/OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierNull.c b/OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierNull.c
new file mode 100644 (file)
index 0000000..975d4dd
--- /dev/null
+++ b/OvmfPkg/Library/BlobVerifierLibNull/BlobVerifierNull.c
@@ -0,0 +1,33 @@
+/** @file\r
+\r
+  Null implementation of the blob verifier library.\r
+\r
+  Copyright (C) 2021, IBM Corporation\r
+\r
+  SPDX-License-Identifier: BSD-2-Clause-Patent\r
+**/\r
+\r
+#include <Library/BaseLib.h>\r
+#include <Library/BlobVerifierLib.h>\r
+\r
+/**\r
+  Verify blob from an external source.\r
+\r
+  @param[in] BlobName           The name of the blob\r
+  @param[in] Buf                The data of the blob\r
+  @param[in] BufSize            The size of the blob in bytes\r
+\r
+  @retval EFI_SUCCESS           The blob was verified successfully.\r
+  @retval EFI_ACCESS_DENIED     The blob could not be verified, and therefore\r
+                                should be considered non-secure.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+VerifyBlob (\r
+  IN  CONST CHAR16    *BlobName,\r
+  IN  CONST VOID      *Buf,\r
+  IN  UINT32          BufSize\r
+  )\r
+{\r
+  return EFI_SUCCESS;\r
+}\r

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index 6ae733f6e39f449db2d95644b3f52332fb6dba61..f82228d69cc26a17ceb2d43707711f2a8426d9ce 100644 (file)
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -23,6 +23,9 @@
   ##  @libraryclass  Access bhyve's firmware control interface.\r
   BhyveFwCtlLib|Include/Library/BhyveFwCtlLib.h\r
 \r
+  ##  @libraryclass  Verify blobs read from the VMM\r
+  BlobVerifierLib|Include/Library/BlobVerifierLib.h\r
+\r
   ##  @libraryclass  Loads and boots a Linux kernel image\r
   #\r
   LoadLinuxLib|Include/Library/LoadLinuxLib.h\r