OvmfPkg: Create SP800155 HOBs from QemuFwCfgFile

MdePkg/Include/IndustryStandard/UefiTcgPlatform.h

@@ -473,8 +473,6 @@ typedef struct tdTCG_Sp800_155_PlatformId_Event2 {
   // UINT8               PlatformModel[PlatformModelSize];
   // UINT8               PlatformVersionSize;
   // UINT8               PlatformVersion[PlatformVersionSize];
-  // UINT8               PlatformModelSize;
-  // UINT8               PlatformModel[PlatformModelSize];
   // UINT8               FirmwareManufacturerStrSize;
   // UINT8               FirmwareManufacturerStr[FirmwareManufacturerStrSize];
   // UINT32              FirmwareManufacturerId;
@@ -499,8 +497,6 @@ typedef struct tdTCG_Sp800_155_PlatformId_Event3 {
   // UINT8               PlatformModel[PlatformModelSize];
   // UINT8               PlatformVersionSize;
   // UINT8               PlatformVersion[PlatformVersionSize];
-  // UINT8               PlatformModelSize;
-  // UINT8               PlatformModel[PlatformModelSize];
   // UINT8               FirmwareManufacturerStrSize;
   // UINT8               FirmwareManufacturerStr[FirmwareManufacturerStrSize];
   // UINT32              FirmwareManufacturerId;
@@ -517,6 +513,18 @@ typedef struct tdTCG_Sp800_155_PlatformId_Event3 {
   // UINT8               PlatformCertLocator[PlatformCertLocatorLength];
 } TCG_Sp800_155_PlatformId_Event3;
 
+/**
+ * TCG specifies a locator type with the following values
+ * 0 - Raw data in the locator itself.
+ * 1 - URI in rtf2396 format.
+ * 2 - local device path in EFI_DEVICE_PATH_PROTOCOL format.
+ * 3 - UEFI variable (16 byte EFI_GUID, then 00-terminated UCS2 string)
+**/
+#define TCG_LOCATOR_TYPE_RAW_DATA       0
+#define TCG_LOCATOR_TYPE_URI            1
+#define TCG_LOCATOR_TYPE_DEVICE_PATH    2
+#define TCG_LOCATOR_TYPE_UEFI_VARIABLE  3
+
 #define TCG_EfiStartupLocalityEvent_SIGNATURE  "StartupLocality"
 
 //

OvmfPkg/PlatformPei/Platform.c

@@ -40,6 +40,7 @@
 #include <OvmfPlatforms.h>
 
 #include "Platform.h"
+#include "PlatformId.h"
 
 EFI_PEI_PPI_DESCRIPTOR  mPpiBootMode[] = {
   {
@@ -363,6 +364,7 @@ InitializePlatform (
     MiscInitializationForMicrovm (PlatformInfoHob);
   } else {
     MiscInitialization (PlatformInfoHob);
+    PlatformIdInitialization (PeiServices);
   }
 
   IntelTdxInitialize ();

OvmfPkg/PlatformPei/PlatformId.c

@@ -0,0 +1,124 @@
+/**@file
+  PlatformId Event HOB creation
+
+  Copyright (c) 2024, Google LLC. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Base.h>
+#include <Guid/TcgEventHob.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/PrintLib.h>
+#include <Library/QemuFwCfgLib.h>
+
+#define DPREFIX  "sp800155evts: "
+
+/**
+ * Creates an EFI_HOB_TYPE_GUID_EXTENSION HOB for a given SP800155 event.
+ * Associates the string data with gTcg800155PlatformIdEventHobGuid. Any
+ * unused bytes or out-of-bounds event sizes are considered corrupted and
+ * are discarded.
+**/
+STATIC
+VOID
+PlatformIdRegisterSp800155 (
+  IN CONST EFI_PEI_SERVICES  **PeiServices,
+  IN       UINT8             *Evt,
+  IN       UINTN             EvtSize
+  )
+{
+  EFI_STATUS         Status;
+  VOID               *Hob;
+  EFI_HOB_GUID_TYPE  *GuidHob;
+  UINT8              *EvtDest;
+
+  Status = (*PeiServices)->CreateHob (
+                             PeiServices,
+                             EFI_HOB_TYPE_GUID_EXTENSION,
+                             sizeof (EFI_HOB_GUID_TYPE) + (UINT16)EvtSize,
+                             &Hob
+                             );
+  if (EFI_ERROR (Status)) {
+    DEBUG ((DEBUG_ERROR, DPREFIX "GUID HOB creation failed, skipping\n"));
+    return;
+  }
+
+  GuidHob = (EFI_HOB_GUID_TYPE *)Hob;
+  CopyGuid (&GuidHob->Name, &gTcg800155PlatformIdEventHobGuid);
+  EvtDest = (UINT8 *)GET_GUID_HOB_DATA (Hob);
+  CopyMem (EvtDest, Evt, EvtSize);
+  // Fill the remaining HOB padding bytes with 0s.
+  SetMem (EvtDest + EvtSize, GET_GUID_HOB_DATA_SIZE (Hob) - EvtSize, 0);
+}
+
+/**
+ * Reads the given path from the fw_cfg file and registers it as an
+ * EFI_HOB_GUID_EXTENSION HOB with gTcg800155PlatformIdEventHobGuid.
+ * Returns FALSE iff the file does not exist.
+**/
+BOOLEAN
+PlatformIdRegisterEvent (
+  IN CONST EFI_PEI_SERVICES  **PeiServices,
+  IN CONST CHAR8             *Path
+  )
+{
+  EFI_STATUS            Status;
+  UINTN                 NumPages;
+  EFI_PHYSICAL_ADDRESS  Pages;
+  FIRMWARE_CONFIG_ITEM  FdtItem;
+  UINTN                 FdtSize;
+  UINT8                 *Evt;
+
+  Status = QemuFwCfgFindFile (Path, &FdtItem, &FdtSize);
+  if (EFI_ERROR (Status)) {
+    return FALSE;
+  }
+
+  if (FdtSize > MAX_UINT16 - sizeof (EFI_HOB_GUID_TYPE)) {
+    DEBUG ((DEBUG_ERROR, DPREFIX "Eventdata too large for HOB, skipping\n"));
+    return TRUE;
+  }
+
+  NumPages = EFI_SIZE_TO_PAGES (FdtSize);
+  Status   = (*PeiServices)->AllocatePages (
+                               PeiServices,
+                               EfiBootServicesData,
+                               NumPages,
+                               &Pages
+                               );
+  if (EFI_ERROR (Status)) {
+    return TRUE;
+  }
+
+  Evt = (UINT8 *)(UINTN)Pages;
+  QemuFwCfgSelectItem (FdtItem);
+  QemuFwCfgReadBytes (FdtSize, Evt);
+  PlatformIdRegisterSp800155 (PeiServices, Evt, FdtSize);
+
+  Status = (*PeiServices)->FreePages (PeiServices, Pages, NumPages);
+  ASSERT_EFI_ERROR (Status);
+  return TRUE;
+}
+
+VOID
+PlatformIdInitialization (
+  IN CONST EFI_PEI_SERVICES  **PeiServices
+  )
+{
+  UINTN  Index;
+  CHAR8  Path[64];
+
+  for (Index = 0; ; Index++) {
+    AsciiSPrint (Path, sizeof (Path), "opt/org.tianocode/sp800155evt/%d", Index);
+    if (!PlatformIdRegisterEvent (PeiServices, Path)) {
+      break;
+    }
+  }
+}

OvmfPkg/PlatformPei/PlatformId.h

@@ -0,0 +1,26 @@
+/** @file
+  PlatformId internal header for PlatformPei
+
+  Copyright (c) 2024, Google LLC. All rights reserved.<BR>
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __PLATFORM_PEI_PLATFORMID_H__
+#define __PLATFORM_PEI_PLATFORMID_H__
+
+/**
+ * Reads opt/org.tianocode/sp800155evt/%d from 0 to the first positive integer
+ * where the file does not exist and registers each file's contents in an
+ * EFI_HOB_GUID_TYPE with name gTcg800155PlatformIdEventHobGuid. These HOBs
+ * are used by a later driver to write to the event log as unmeasured events.
+ * These events inform the event log analyzer of firmware provenance and
+ * reference integrity manifests.
+**/
+VOID
+PlatformIdInitialization (
+  IN CONST EFI_PEI_SERVICES  **PeiServices
+  );
+
+#endif // __PLATFORM_PEI_PLATFORMID_H__

OvmfPkg/PlatformPei/PlatformPei.inf

@@ -31,6 +31,8 @@
   MemTypeInfo.c
   Platform.c
   Platform.h
+  PlatformId.c
+  PlatformId.h
   IntelTdx.c
   SmmRelocation.c
 
@@ -47,6 +49,7 @@
   gFdtHobGuid
   gUefiOvmfPkgPlatformInfoGuid
   gGhcbApicIdsGuid
+  gTcg800155PlatformIdEventHobGuid              ## SOMETIMES_PRODUCES
 
 [LibraryClasses]
   BaseLib
@@ -148,4 +151,3 @@
 
 [Depex]
   TRUE
-