From f919709c865ad0a25aead848660d2e2eb1d59c9a Mon Sep 17 00:00:00 2001 From: Ceping Sun Date: Sun, 2 Mar 2025 23:07:05 -0500 Subject: [PATCH] MdeModulePkg: Move TdxMeasurementLib from UefiCpuPkg There are 2 reasons to move TdxMeasurementLib LibraryClass from UefiCpuPkg to MdeModulePkg: 1. TpmMeasurementLib.h is located at MdeModulePkg/Include/Library. It is similiar as TdxMeasurementLib.h. 2. TdxMeasurementLib is designed for TDX Measurement, it can be called from SecurityPkg. And it is not much related to UefiCpuPkg. Based upon above consideration, it's better to move TdxMeasurementLib LibraryClass from UefiCpuPkg to MdeModulePkg. Cc: Liming Gao Cc: Michael D Kinney Cc: Zhiguang Liu Cc: Jiewen Yao Cc: Min Xu Signed-off-by: Ceping Sun --- .../Include/Library/TdxMeasurementLib.h | 85 +++++++++++++++++++ .../TdxMeasurementLibNull.c | 85 +++++++++++++++++++ .../TdxMeasurementLibNull.inf | 32 +++++++ MdeModulePkg/MdeModulePkg.dec | 3 + MdeModulePkg/MdeModulePkg.dsc | 2 + 5 files changed, 207 insertions(+) create mode 100644 MdeModulePkg/Include/Library/TdxMeasurementLib.h create mode 100644 MdeModulePkg/Library/TdxMeasurementLibNull/TdxMeasurementLibNull.c create mode 100644 MdeModulePkg/Library/TdxMeasurementLibNull/TdxMeasurementLibNull.inf diff --git a/MdeModulePkg/Include/Library/TdxMeasurementLib.h b/MdeModulePkg/Include/Library/TdxMeasurementLib.h new file mode 100644 index 0000000000..f34318a898 --- /dev/null +++ b/MdeModulePkg/Include/Library/TdxMeasurementLib.h @@ -0,0 +1,85 @@ +/** @file + TdxMeasurementLib header file + Copyright (c) 2025, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef TDX_MEASUREMENT_LIB_H +#define TDX_MEASUREMENT_LIB_H + +#include + +#define CC_MR_INDEX_0_MRTD 0 +#define CC_MR_INDEX_1_RTMR0 1 +#define CC_MR_INDEX_2_RTMR1 2 +#define CC_MR_INDEX_3_RTMR2 3 +#define CC_MR_INDEX_INVALID 4 + +/** + According to UEFI Spec 2.10 Section 38.4.1: + The following table shows the TPM PCR index mapping and CC event log measurement + register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement + Register and RTMR means Runtime Measurement Register + // TPM PCR Index | CC Measurement Register Index | TDX-measurement register + // ------------------------------------------------------------------------ + // 0 | 0 | MRTD + // 1, 7 | 1 | RTMR[0] + // 2~6 | 2 | RTMR[1] + // 8~15 | 3 | RTMR[2] + @param[in] PCRIndex Index of the TPM PCR + @retval UINT32 Index of the CC Event Log Measurement Register Index + @retval CC_MR_INDEX_INVALID Invalid MR Index +**/ +UINT32 +EFIAPI +TdxMeasurementMapPcrToMrIndex ( + IN UINT32 PCRIndex + ); + +/** + * Build GuidHob for Tdx CC measurement event. + * + * @param RtmrIndex RTMR index + * @param EventType Event type + * @param EventData Event data + * @param EventSize Size of event data + * @param HashValue Hash value + * @param HashSize Size of hash + * + * @retval EFI_SUCCESS Successfully build the GuidHobs + * @retval Others Other error as indicated + */ +EFI_STATUS +EFIAPI +TdxMeasurementBuildGuidHob ( + UINT32 RtmrIndex, + UINT32 EventType, + UINT8 *EventData, + UINT32 EventSize, + UINT8 *HashValue, + UINT32 HashSize + ); + +/** + * Calculate the sha384 of input Data and extend it to RTMR register. + * + * @param RtmrIndex Index of the RTMR register + * @param DataToHash Data to be hashed + * @param DataToHashLen Length of the data + * @param Digest Hash value of the input data + * @param DigestLen Length of the hash value + * + * @retval EFI_SUCCESS Successfully hash and extend to RTMR + * @retval Others Other errors as indicated + */ +EFI_STATUS +EFIAPI +TdxMeasurementHashAndExtendToRtmr ( + IN UINT32 RtmrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT UINT8 *Digest, + IN UINTN DigestLen + ); + +#endif diff --git a/MdeModulePkg/Library/TdxMeasurementLibNull/TdxMeasurementLibNull.c b/MdeModulePkg/Library/TdxMeasurementLibNull/TdxMeasurementLibNull.c new file mode 100644 index 0000000000..1a2955700f --- /dev/null +++ b/MdeModulePkg/Library/TdxMeasurementLibNull/TdxMeasurementLibNull.c @@ -0,0 +1,85 @@ +/** @file + NULL instance of TdxMeasurementLib + Copyright (c) 2025, Intel Corporation. All rights reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include +#include +#include + +/** + According to UEFI Spec 2.10 Section 38.4.1: + The following table shows the TPM PCR index mapping and CC event log measurement + register index interpretation for Intel TDX, where MRTD means Trust Domain Measurement + Register and RTMR means Runtime Measurement Register + // TPM PCR Index | CC Measurement Register Index | TDX-measurement register + // ------------------------------------------------------------------------ + // 0 | 0 | MRTD + // 1, 7 | 1 | RTMR[0] + // 2~6 | 2 | RTMR[1] + // 8~15 | 3 | RTMR[2] + @param[in] PCRIndex Index of the TPM PCR + @retval UINT32 Index of the CC Event Log Measurement Register Index + @retval CC_MR_INDEX_INVALID Invalid MR Index +**/ +UINT32 +EFIAPI +TdxMeasurementMapPcrToMrIndex ( + IN UINT32 PCRIndex + ) +{ + return CC_MR_INDEX_INVALID; +} + +/** + * Calculate the sha384 of input Data and extend it to RTMR register. + * + * @param RtmrIndex Index of the RTMR register + * @param DataToHash Data to be hashed + * @param DataToHashLen Length of the data + * @param Digest Hash value of the input data + * @param DigestLen Length of the hash value + * + * @retval EFI_SUCCESS Successfully hash and extend to RTMR + * @retval Others Other errors as indicated + */ +EFI_STATUS +EFIAPI +TdxMeasurementHashAndExtendToRtmr ( + IN UINT32 RtmrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT UINT8 *Digest, + IN UINTN DigestLen + ) +{ + return EFI_UNSUPPORTED; +} + +/** + * Build GuidHob for Tdx CC measurement event. + * + * @param RtmrIndex RTMR index + * @param EventType Event type + * @param EventData Event data + * @param EventSize Size of event data + * @param HashValue Hash value + * @param HashSize Size of hash + * + * @retval EFI_SUCCESS Successfully build the GuidHobs + * @retval Others Other error as indicated + */ +EFI_STATUS +EFIAPI +TdxMeasurementBuildGuidHob ( + UINT32 RtmrIndex, + UINT32 EventType, + UINT8 *EventData, + UINT32 EventSize, + UINT8 *HashValue, + UINT32 HashSize + ) +{ + return EFI_UNSUPPORTED; +} diff --git a/MdeModulePkg/Library/TdxMeasurementLibNull/TdxMeasurementLibNull.inf b/MdeModulePkg/Library/TdxMeasurementLibNull/TdxMeasurementLibNull.inf new file mode 100644 index 0000000000..40e6f45775 --- /dev/null +++ b/MdeModulePkg/Library/TdxMeasurementLibNull/TdxMeasurementLibNull.inf @@ -0,0 +1,32 @@ +## @file +# TdxMeasurementLib NULL instance +# +# Copyright (c) 2025, Intel Corporation. All rights reserved.
+# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TdxMeasurementNullLib + FILE_GUID = 975d11ff-b11e-4cf4-b453-6d93a9ea8d7b + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = TdxMeasurementLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = X64 +# + +[Sources] + TdxMeasurementLibNull.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseLib diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index b9bc7041f2..aa21365ce3 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -95,6 +95,9 @@ # TpmMeasurementLib|Include/Library/TpmMeasurementLib.h + ## @libraryclass Provides functions for Tdx Measurement processing + TdxMeasurementLib|Include/Library/TdxMeasurementLib.h + ## @libraryclass Provides authenticated variable services. # AuthVariableLib|Include/Library/AuthVariableLib.h diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index ebceafcdd0..51596e582c 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -92,6 +92,7 @@ PlatformBootManagerLib|MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf PciHostBridgeLib|MdeModulePkg/Library/PciHostBridgeLibNull/PciHostBridgeLibNull.inf TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf + TdxMeasurementLib|MdeModulePkg/Library/TdxMeasurementLibNull/TdxMeasurementLibNull.inf AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf @@ -320,6 +321,7 @@ MdeModulePkg/Library/PlatformBootManagerLibNull/PlatformBootManagerLibNull.inf MdeModulePkg/Library/BootLogoLib/BootLogoLib.inf MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf + MdeModulePkg/Library/TdxMeasurementLibNull/TdxMeasurementLibNull.inf MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf