Re: [edk2-devel] [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the etc/boot-menu-wait

Wed, 13 Mar 2024 01:39:54 -0700 

On Tuesday, March 12, 2024 3:58 PM Yao, Jiewen wrote:
> Subject: RE: [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the 
> etc/boot-menu-wait
> 
> Thanks for the patch.
> 
> Is this the only missing configuration data?
> Or do you have more on the way?
> 
This is not the only missing configuration data.
There are other configurations need to be measured.
We have a draft PR(https://github.com/tianocore/edk2/pull/5440)
 to measure the below items:
etc/system-states
opt/ovmf/X-PciMmio64Mb
etc/reserved-memory-end
etc/boot-menu-wait
etc./extra-pci-roots

According to Hoffmann's comments,  
we would prepare a single patch series with all measurements in next version.

Thanks
Ceping
> 
> > -----Original Message-----
> > From: Sun, CepingX <cepingx....@intel.com>
> > Sent: Wednesday, March 13, 2024 7:52 AM
> > To: devel@edk2.groups.io
> > Cc: Sun, CepingX <cepingx....@intel.com>; Aktas, Erdem
> > <erdemak...@google.com>; Yao, Jiewen <jiewen....@intel.com>; Xu, Min
> M
> > <min.m...@intel.com>; Gerd Hoffmann <kra...@redhat.com>; Reshetova,
> > Elena <elena.reshet...@intel.com>
> > Subject: [PATCH V1 1/1] OvmfPkg/QemuBootOrderLib: Measure the
> > etc/boot- menu-wait
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4415
> >
> > Refer to the section 8.3.4 of tdx-virtual-firmware-design-guide spec,
> > OVMF would uses FW_CFG_IO_SELECTOR(0x510) and
> FW_CFG_IO_DATA(0x511) to
> > get configuration data from QEMU. From the security perspective, if
> > TDVF uses this method, configuration data must be measured into
> > RTMR[0].
> >
> > Currently, the etc/boot-menu-wait is using in TDVF, it required to be
> > measured into RTMR[0].
> >
> > This is the first patch and will continue to be updated to measure
> > additional configuration data.
> >
> > Refernce:
> > spec: https://cdrdv2.intel.com/v1/dl/getContent/733585
> >
> > Cc: Erdem Aktas <erdemak...@google.com>
> > Cc: Jiewen Yao <jiewen....@intel.com>
> > Cc: Min Xu <min.m...@intel.com>
> > Cc: Gerd Hoffmann <kra...@redhat.com>
> > Cc: Elena Reshetova <elena.reshet...@intel.com>
> > Signed-off-by: Ceping Sun <cepingx....@intel.com>
> > ---
> >  .../QemuBootOrderLib/QemuBootOrderLib.c       | 21
> ++++++++++++++++++-
> >  .../QemuBootOrderLib/QemuBootOrderLib.inf     |  1 +
> >  2 files changed, 21 insertions(+), 1 deletion(-)
> >
> > diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c
> > b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c
> > index 2fe6ab30c032..63a290712002 100644
> > --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c
> > +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.c
> > @@ -20,6 +20,8 @@
> >  #include <Library/BaseMemoryLib.h>
> >  #include <Guid/GlobalVariable.h>
> >  #include <Guid/VirtioMmioTransport.h>
> > +#include <IndustryStandard/UefiTcgPlatform.h>
> > +#include <Library/TpmMeasurementLib.h>
> >
> >  #include "ExtraRootBusMap.h"
> >
> > @@ -41,6 +43,9 @@
> >  #define REQUIRED_MMIO_OFW_NODES  1
> >  #define EXAMINED_OFW_NODES       6
> >
> > +#define EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA
> "QEMU
> > BOOTMENU WAIT TIME"
> > +#define QEMU_BOOTMENU_WAIT_DATA_LEN
> > (sizeof(EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA) - 1)
> > +
> >  /**
> >    Simple character classification routines, corresponding to POSIX class
> names
> >    and ASCII encoding.
> > @@ -2418,5 +2423,19 @@ GetFrontPageTimeoutFromQemu (
> >    // seconds, round N up.
> >    //
> >    QemuFwCfgSelectItem (BootMenuWaitItem);
> > -  return (UINT16)((QemuFwCfgRead16 () + 999) / 1000);
> > +  Timeout = QemuFwCfgRead16 ();
> > +  //
> > +  // Measure the Timeout which is downloaded from QEMU.
> > +  // It has to be done before it is consumed.
> > +  //
> > +  TpmMeasureAndLogData (
> > +    1,
> > +    EV_PLATFORM_CONFIG_FLAGS,
> > +    EV_POSTCODE_INFO_QEMU_BOOTMENU_WAIT_TIME_DATA,
> > +    QEMU_BOOTMENU_WAIT_DATA_LEN,
> > +    (VOID *)(UINTN)&Timeout,
> > +    BootMenuWaitSize
> > +    );
> > +
> > +  return (UINT16)((Timeout + 999) / 1000);
> >  }
> > diff --git a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf
> > b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf
> > index 6e320e3e8514..0231c9d5c5b8 100644
> > --- a/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf
> > +++ b/OvmfPkg/Library/QemuBootOrderLib/QemuBootOrderLib.inf
> > @@ -45,6 +45,7 @@
> >    DevicePathLib
> >    BaseMemoryLib
> >    OrderedCollectionLib
> > +  TpmMeasurementLib
> >
> >  [Guids]
> >    gEfiGlobalVariableGuid
> > --
> > 2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116710): https://edk2.groups.io/g/devel/message/116710
Mute This Topic: https://groups.io/mt/104880546/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to