1 files changed, 48 insertions, 0 deletions

diff --git a/tpm.c b/tpm.c
index 41f36651..388f8d12 100644
--- a/tpm.c
+++ b/tpm.c
@@ -108,6 +108,45 @@ static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm,
 	return EFI_NOT_FOUND;
 }
 
+static EFI_STATUS cc_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
+				   UINT8 pcr, const CHAR8 *log, UINTN logsize,
+				   UINT32 type, BOOLEAN is_pe_image)
+{
+	EFI_STATUS efi_status;
+	EFI_CC_EVENT *event;
+	efi_cc_protocol_t *cc;
+	EFI_CC_MR_INDEX mr;
+	uint64_t flags = is_pe_image ? EFI_CC_FLAG_PE_COFF_IMAGE : 0;
+
+	efi_status = LibLocateProtocol(&EFI_CC_MEASUREMENT_PROTOCOL_GUID,
+				       (VOID **)&cc);
+	if (EFI_ERROR(efi_status) || !cc)
+		return EFI_SUCCESS;
+
+	efi_status = cc->map_pcr_to_mr_index(cc, pcr, &mr);
+	if (EFI_ERROR(efi_status))
+		return EFI_NOT_FOUND;
+
+	UINTN event_size = sizeof(*event) - sizeof(event->Event) + logsize;
+
+	event = AllocatePool(event_size);
+	if (!event) {
+		perror(L"Unable to allocate event structure\n");
+		return EFI_OUT_OF_RESOURCES;
+	}
+
+	event->Header.HeaderSize = sizeof(EFI_CC_EVENT_HEADER);
+	event->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
+	event->Header.MrIndex = mr;
+	event->Header.EventType = type;
+	event->Size = event_size;
+	CopyMem(event->Event, (VOID *)log, logsize);
+	efi_status = cc->hash_log_extend_event(cc, flags, buf, (UINT64)size,
+					       event);
+	FreePool(event);
+	return efi_status;
+}
+
 static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
 				    UINT8 pcr, const CHAR8 *log, UINTN logsize,
 				    UINT32 type, CHAR8 *hash)
@@ -118,6 +157,15 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
 	BOOLEAN old_caps;
 	EFI_TCG2_BOOT_SERVICE_CAPABILITY caps;
 
+	/* CC guest like TDX or SEV will measure the buffer and log the event,
+	   extend the result into a specific CC MR like TCG's PCR. It could
+	   coexists with TCG's TPM 1.2 and TPM 2.
+	*/
+	efi_status = cc_log_event_raw(buf, size, pcr, log, logsize, type,
+				      (hash != NULL));
+	if (EFI_ERROR(efi_status))
+		return efi_status;
+
 	efi_status = tpm_locate_protocol(&tpm, &tpm2, &old_caps, &caps);
 	if (EFI_ERROR(efi_status)) {
 #ifdef REQUIRE_TPM