efi/libstub: Add Confidential Computing (CC) measurement typedefs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

If the virtual firmware implements TPM support, TCG2 protocol will be
used for kernel measurements and event logging support. But in CC
environment, not all platforms support or enable the TPM feature. UEFI
specification [1] exposes protocol and interfaces used for kernel
measurements in CC platforms without TPM support.

More details about the EFI CC measurements and logging can be found
in [1].

Link: https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html#efi-cc-measurement-protocol [1]
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
[ardb: Drop code changes, keep typedefs and #define's only]
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

authored by

Kuppuswamy Sathyanarayanan and committed by

Ard Biesheuvel 2 years ago 0bbe5b0e 7a1381e8

+80

2 changed files

expand all

drivers

firmware

efi

libstub

efistub.h

include

linux

efi.h

+79

drivers/firmware/efi/libstub/efistub.h

··· 882 882 } mixed_mode; 883 883 }; 884 884 885 + typedef struct { 886 + u8 major; 887 + u8 minor; 888 + } efi_cc_version_t; 889 + 890 + typedef struct { 891 + u8 type; 892 + u8 sub_type; 893 + } efi_cc_type_t; 894 + 895 + /* EFI CC type/subtype defines */ 896 + #define EFI_CC_TYPE_NONE 0 897 + #define EFI_CC_TYPE_AMD_SEV 1 898 + #define EFI_CC_TYPE_INTEL_TDX 2 899 + 900 + typedef u32 efi_cc_mr_index_t; 901 + 902 + struct efi_cc_event { 903 + u32 event_size; 904 + struct { 905 + u32 header_size; 906 + u16 header_version; 907 + u32 mr_index; 908 + u32 event_type; 909 + } __packed event_header; 910 + /* u8[] event follows here */ 911 + } __packed; 912 + 913 + typedef struct efi_cc_event efi_cc_event_t; 914 + 915 + typedef u32 efi_cc_event_log_bitmap_t; 916 + typedef u32 efi_cc_event_log_format_t; 917 + typedef u32 efi_cc_event_algorithm_bitmap_t; 918 + 919 + typedef struct { 920 + u8 size; 921 + efi_cc_version_t structure_version; 922 + efi_cc_version_t protocol_version; 923 + efi_cc_event_algorithm_bitmap_t hash_algorithm_bitmap; 924 + efi_cc_event_log_bitmap_t supported_event_logs; 925 + efi_cc_type_t cc_type; 926 + } efi_cc_boot_service_cap_t; 927 + 928 + #define EFI_CC_EVENT_HEADER_VERSION 1 929 + 930 + #define EFI_CC_BOOT_HASH_ALG_SHA384 0x00000004 931 + 932 + typedef union efi_cc_protocol efi_cc_protocol_t; 933 + 934 + union efi_cc_protocol { 935 + struct { 936 + efi_status_t 937 + (__efiapi *get_capability)(efi_cc_protocol_t *, 938 + efi_cc_boot_service_cap_t *); 939 + 940 + efi_status_t 941 + (__efiapi *get_event_log)(efi_cc_protocol_t *, 942 + efi_cc_event_log_format_t, 943 + efi_physical_addr_t *, 944 + efi_physical_addr_t *, 945 + efi_bool_t *); 946 + 947 + efi_status_t 948 + (__efiapi *hash_log_extend_event)(efi_cc_protocol_t *, u64, 949 + efi_physical_addr_t, u64, 950 + const efi_cc_event_t *); 951 + 952 + efi_status_t 953 + (__efiapi *map_pcr_to_mr_index)(efi_cc_protocol_t *, u32, 954 + efi_cc_mr_index_t *); 955 + }; 956 + struct { 957 + u32 get_capability; 958 + u32 get_event_log; 959 + u32 hash_log_extend_event; 960 + u32 map_pcr_to_mr_index; 961 + } mixed_mode; 962 + }; 963 + 885 964 struct riscv_efi_boot_protocol { 886 965 u64 revision; 887 966

include/linux/efi.h

··· 401 401 #define EFI_CERT_X509_GUID EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72) 402 402 #define EFI_CERT_X509_SHA256_GUID EFI_GUID(0x3bd2a492, 0x96c0, 0x4079, 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed) 403 403 #define EFI_CC_BLOB_GUID EFI_GUID(0x067b1f5f, 0xcf26, 0x44c5, 0x85, 0x54, 0x93, 0xd7, 0x77, 0x91, 0x2d, 0x42) 404 + #define EFI_CC_MEASUREMENT_PROTOCOL_GUID EFI_GUID(0x96751a3d, 0x72f4, 0x41a6, 0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b) 404 405 405 406 /* 406 407 * This GUID is used to pass to the kernel proper the struct screen_info