On 25/11/24 20:56, Jean-Philippe Brucker wrote:
Provide a library allowing the VMM to create an event log that describes
what is loaded into memory. During remote attestation in confidential
computing this helps an independent verifier reconstruct the initial
measurements of a VM, which contain the initial state of memory and
CPUs.
We provide some definitions and structures described by the Trusted
Computing Group (TCG) in "TCG PC Client Platform Firmware Profile
Specification" Level 00 Version 1.06 Revision 52 [1]. This is the same
format used by UEFI, and UEFI could reuse this log after finding it in
DT or ACPI tables, but can also copy its content into a new one.
[1]
https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/
Cc: Stefan Berger <stef...@linux.vnet.ibm.com>
Signed-off-by: Jean-Philippe Brucker <jean-phili...@linaro.org>
---
v2->v3: New
---
qapi/tpm.json | 14 ++
include/hw/tpm/tpm_log.h | 89 +++++++++++
hw/tpm/tpm_log.c | 325 +++++++++++++++++++++++++++++++++++++++
hw/tpm/Kconfig | 4 +
hw/tpm/meson.build | 1 +
5 files changed, 433 insertions(+)
create mode 100644 include/hw/tpm/tpm_log.h
create mode 100644 hw/tpm/tpm_log.c
+/*
+ * Defined in: TCG PC Client Platform Firmware Profile Specification
+ * Version 1.06 revision 52
+ */
+#define TCG_EV_NO_ACTION 0x00000003
+#define TCG_EV_EVENT_TAG 0x00000006
+#define TCG_EV_POST_CODE2 0x00000013
+#define TCG_EV_EFI_PLATFORM_FIRMWARE_BLOB2 0x8000000A
+
+struct UefiPlatformFirmwareBlob2Head {
+ uint8_t blob_description_size;
+ uint8_t blob_description[];
+} __attribute__((packed));
We use QEMU_PACKED.
