summaryrefslogtreecommitdiffstats
path: root/src/boot/efi/proto
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/boot/efi/proto/cc-measurement.h67
-rw-r--r--src/boot/efi/proto/tcg.h34
2 files changed, 67 insertions, 34 deletions
diff --git a/src/boot/efi/proto/cc-measurement.h b/src/boot/efi/proto/cc-measurement.h
new file mode 100644
index 0000000..9335ecf
--- /dev/null
+++ b/src/boot/efi/proto/cc-measurement.h
@@ -0,0 +1,67 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#pragma once
+
+#include "efi.h"
+
+/* The UEFI specification defines the interface between the confidential virtual guest OS and
+ * virtual firmware as EFI_CC_MEASUREMENT_PROTOCOL. The measurements are captured in the CC eventlog
+ * that follows the TCG2 format. TPM PCR registers are mapped to vendor specific measurement registers
+ * and the mapping can be queried using MapPcrToMrIndex service as part of the protocol.
+ *
+ * The "Confidential Computing" section in the UEFI specification covers the details. */
+
+#define EFI_CC_MEASUREMENT_PROTOCOL_GUID \
+ GUID_DEF(0x96751a3d, 0x72f4, 0x41a6, 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b)
+
+#define EFI_CC_EVENT_HEADER_VERSION 1
+#define EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002
+
+typedef struct {
+ uint8_t Type;
+ uint8_t SubType;
+} EFI_CC_TYPE;
+
+typedef struct {
+ uint8_t Major;
+ uint8_t Minor;
+} EFI_CC_VERSION;
+
+typedef struct {
+ uint8_t Size;
+ EFI_CC_VERSION StructureVersion;
+ EFI_CC_VERSION ProtocolVersion;
+ uint32_t HashAlgorithmBitmap;
+ uint32_t SupportedEventLogs;
+ EFI_CC_TYPE CcType;
+} EFI_CC_BOOT_SERVICE_CAPABILITY;
+
+typedef struct {
+ uint32_t HeaderSize;
+ uint16_t HeaderVersion;
+ uint32_t MrIndex;
+ uint32_t EventType;
+} _packed_ EFI_CC_EVENT_HEADER;
+
+typedef struct {
+ uint32_t Size;
+ EFI_CC_EVENT_HEADER Header;
+ uint8_t Event[];
+} _packed_ EFI_CC_EVENT;
+
+typedef struct EFI_CC_MEASUREMENT_PROTOCOL EFI_CC_MEASUREMENT_PROTOCOL;
+struct EFI_CC_MEASUREMENT_PROTOCOL {
+ EFI_STATUS (EFIAPI *GetCapability)(
+ EFI_CC_MEASUREMENT_PROTOCOL *This,
+ EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability);
+ void *GetEventLog;
+ EFI_STATUS (EFIAPI *HashLogExtendEvent)(
+ EFI_CC_MEASUREMENT_PROTOCOL *This,
+ uint64_t Flags,
+ EFI_PHYSICAL_ADDRESS DataToHash,
+ uint64_t DataToHashLen,
+ EFI_CC_EVENT *EfiCcEvent);
+ EFI_STATUS (EFIAPI *MapPcrToMrIndex)(
+ EFI_CC_MEASUREMENT_PROTOCOL *This,
+ uint32_t PcrIndex,
+ uint32_t *MrIndex);
+};
diff --git a/src/boot/efi/proto/tcg.h b/src/boot/efi/proto/tcg.h
index b4b8296..e243bf8 100644
--- a/src/boot/efi/proto/tcg.h
+++ b/src/boot/efi/proto/tcg.h
@@ -3,12 +3,9 @@
#include "efi.h"
-#define EFI_TCG_PROTOCOL_GUID \
- GUID_DEF(0xf541796d, 0xa62e, 0x4954, 0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd)
#define EFI_TCG2_PROTOCOL_GUID \
GUID_DEF(0x607f766c, 0x7455, 0x42be, 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f)
-#define TCG_ALG_SHA 0x4
#define EFI_TCG2_EVENT_HEADER_VERSION 1
#define EV_IPL 13
#define EV_EVENT_TAG UINT32_C(6)
@@ -49,16 +46,6 @@ typedef struct {
} EFI_TCG2_BOOT_SERVICE_CAPABILITY;
typedef struct {
- uint32_t PCRIndex;
- uint32_t EventType;
- struct {
- uint8_t Digest[20];
- } Digest;
- uint32_t EventSize;
- uint8_t Event[];
-} _packed_ TCG_PCR_EVENT;
-
-typedef struct {
uint32_t HeaderSize;
uint16_t HeaderVersion;
uint32_t PCRIndex;
@@ -77,27 +64,6 @@ typedef struct {
uint8_t Event[];
} _packed_ EFI_TCG2_TAGGED_EVENT;
-typedef struct EFI_TCG_PROTOCOL EFI_TCG_PROTOCOL;
-struct EFI_TCG_PROTOCOL {
- EFI_STATUS (EFIAPI *StatusCheck)(
- EFI_TCG_PROTOCOL *This,
- EFI_TCG_BOOT_SERVICE_CAPABILITY *ProtocolCapability,
- uint32_t *TCGFeatureFlags,
- EFI_PHYSICAL_ADDRESS *EventLogLocation,
- EFI_PHYSICAL_ADDRESS *EventLogLastEntry);
- void *HashAll;
- void *LogEvent;
- void *PassThroughToTpm;
- EFI_STATUS (EFIAPI *HashLogExtendEvent)(
- EFI_TCG_PROTOCOL *This,
- EFI_PHYSICAL_ADDRESS HashData,
- uint64_t HashDataLen,
- uint32_t AlgorithmId,
- TCG_PCR_EVENT *TCGLogData,
- uint32_t *EventNumber,
- EFI_PHYSICAL_ADDRESS *EventLogLastEntry);
-};
-
typedef struct EFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL;
struct EFI_TCG2_PROTOCOL {
EFI_STATUS (EFIAPI *GetCapability)(