REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4415
Refer to the section 8.3.4 of tdx-virtual-firmware-design-guide spec, OVMF would uses FW_CFG_IO_SELECTOR(0x510) and FW_CFG_IO_DATA(0x511) to get configuration data from QEMU. From the security perspective, if TDVF uses this method, configuration data must be measured into RTMR[0]. Currently, the etc/boot-menu-wait is using in TDVF, it required to be measured into RTMR[0]. This is the first patch and will continue to be updated to measure additional configuration data. Refernce: spec: https://cdrdv2.intel.com/v1/dl/getContent/733585 Cc: Erdem Aktas <erdemak...@google.com> Cc: Jiewen Yao <jiewen....@intel.com> Cc: Min Xu <min.m...@intel.com> Cc: Gerd Hoffmann <kra...@redhat.com> Cc: Elena Reshetova <elena.reshet...@intel.com> Signed-off-by: Ceping Sun <cepingx....@intel.com> --- .../QemuBootOrderLib/QemuBootOrderLib.c | 21 ++++++++++++++++++- .../QemuBootOrderLib/QemuBootOrderLib.inf | 1 + 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c index 2fe6ab30c032..63a290712002 100644 --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c @@ -20,6 +20,8 @@ #include <Library/BaseMemoryLib.h> #include <Guid/GlobalVariable.h> #include <Guid/VirtioMmioTransport.h> +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/TpmMeasurementLib.h> #include "ExtraRootBusMap.h" @@ -41,6 +43,9 @@ #define REQUIRED_MMIO_OFW_NODES 1 #define EXAMINED_OFW_NODES 6 +#define EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA "QEMU BOOTMENU WAIT TIME" +#define QEMU_BOOTMENU_WAIT_DATA_LEN (sizeof(EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA) - 1) + /** Simple character classification routines, corresponding to POSIX class names and ASCII encoding. @@ -2418,5 +2423,19 @@ GetFrontPageTimeoutFromQemu ( // seconds, round N up. // QemuFwCfgSelectItem (BootMenuWaitItem); - return (UINT16)((QemuFwCfgRead16 () + 999) / 1000); + Timeout = QemuFwCfgRead16 (); + // + // Measure the Timeout which is downloaded from QEMU. + // It has to be done before it is consumed. + // + TpmMeasureAndLogData ( + 1, + EV_PLATFORM_CONFIG_FLAGS, + EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA, + QEMU_BOOTMENU_WAIT_DATA_LEN, + (VOID *)(UINTN)&Timeout, + BootMenuWaitSize + ); + + return (UINT16)((Timeout + 999) / 1000); } diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf index 6e320e3e8514..0231c9d5c5b8 100644 --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf @@ -45,6 +45,7 @@ DevicePathLib BaseMemoryLib OrderedCollectionLib + TpmMeasurementLib [Guids] gEfiGlobalVariableGuid -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116669): https://edk2.groups.io/g/devel/message/116669 Mute This Topic: https://groups.io/mt/104880546/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
