Thanks for the patch. Is this the only missing configuration data? Or do you have more on the way?
> -----Original Message----- > From: Sun, CepingX <cepingx....@intel.com> > Sent: Wednesday, March 13, 2024 7:52 AM > To: devel@edk2.groups.io > Cc: Sun, CepingX <cepingx....@intel.com>; Aktas, Erdem > <erdemak...@google.com>; Yao, Jiewen <jiewen....@intel.com>; Xu, Min M > <min.m...@intel.com>; Gerd Hoffmann <kra...@redhat.com>; Reshetova, Elena > <elena.reshet...@intel.com> > Subject: [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot- > menu-wait > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4415 > > Refer to the section 8.3.4 of tdx-virtual-firmware-design-guide spec, > OVMF would uses FW_CFG_IO_SELECTOR(0x510) and FW_CFG_IO_DATA(0x511) > to get configuration data from QEMU. From the security perspective, > if TDVF uses this method, configuration data must be measured into > RTMR[0]. > > Currently, the etc/boot-menu-wait is using in TDVF, it required to be > measured into RTMR[0]. > > This is the first patch and will continue to be updated to measure > additional configuration data. > > Refernce: > spec: https://cdrdv2.intel.com/v1/dl/getContent/733585 > > Cc: Erdem Aktas <erdemak...@google.com> > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Min Xu <min.m...@intel.com> > Cc: Gerd Hoffmann <kra...@redhat.com> > Cc: Elena Reshetova <elena.reshet...@intel.com> > Signed-off-by: Ceping Sun <cepingx....@intel.com> > --- > .../QemuBootOrderLib/QemuBootOrderLib.c | 21 ++++++++++++++++++- > .../QemuBootOrderLib/QemuBootOrderLib.inf | 1 + > 2 files changed, 21 insertions(+), 1 deletion(-) > > diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c > b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c > index 2fe6ab30c032..63a290712002 100644 > --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c > +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c > @@ -20,6 +20,8 @@ > #include <Library/BaseMemoryLib.h> > #include <Guid/GlobalVariable.h> > #include <Guid/VirtioMmioTransport.h> > +#include <IndustryStandard/UefiTcgPlatform.h> > +#include <Library/TpmMeasurementLib.h> > > #include "ExtraRootBusMap.h" > > @@ -41,6 +43,9 @@ > #define REQUIRED_MMIO_OFW_NODES 1 > #define EXAMINED_OFW_NODES 6 > > +#define EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA "QEMU > BOOTMENU WAIT TIME" > +#define QEMU_BOOTMENU_WAIT_DATA_LEN > (sizeof(EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA) - 1) > + > /** > Simple character classification routines, corresponding to POSIX class > names > and ASCII encoding. > @@ -2418,5 +2423,19 @@ GetFrontPageTimeoutFromQemu ( > // seconds, round N up. > // > QemuFwCfgSelectItem (BootMenuWaitItem); > - return (UINT16)((QemuFwCfgRead16 () + 999) / 1000); > + Timeout = QemuFwCfgRead16 (); > + // > + // Measure the Timeout which is downloaded from QEMU. > + // It has to be done before it is consumed. > + // > + TpmMeasureAndLogData ( > + 1, > + EV_PLATFORM_CONFIG_FLAGS, > + EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA, > + QEMU_BOOTMENU_WAIT_DATA_LEN, > + (VOID *)(UINTN)&Timeout, > + BootMenuWaitSize > + ); > + > + return (UINT16)((Timeout + 999) / 1000); > } > diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf > b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf > index 6e320e3e8514..0231c9d5c5b8 100644 > --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf > +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf > @@ -45,6 +45,7 @@ > DevicePathLib > BaseMemoryLib > OrderedCollectionLib > + TpmMeasurementLib > > [Guids] > gEfiGlobalVariableGuid > -- > 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#116670): https://edk2.groups.io/g/devel/message/116670 Mute This Topic: https://groups.io/mt/104880546/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
