[edk2-devel] [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG definition.

Yao, Jiewen posted 1 patch 4 years, 3 months ago
Failed in applying to current master (apply log)
.../IntelPciDeviceSecurityDxe.c               |  19 ++--
.../IntelPciDeviceSecurityDxe.inf             |   1 -
.../TcgDeviceEvent.h                          | 101 ------------------
3 files changed, 9 insertions(+), 112 deletions(-)
delete mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h
[edk2-devel] [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG definition.
Posted by Yao, Jiewen 4 years, 3 months ago
Since official TCG definition is added to MdePkg, IntelPciDeviceSecurityDxe
should not define its own TCG event log.

Cc: Ray Ni <ray.ni@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 .../IntelPciDeviceSecurityDxe.c               |  19 ++--
 .../IntelPciDeviceSecurityDxe.inf             |   1 -
 .../TcgDeviceEvent.h                          | 101 ------------------
 3 files changed, 9 insertions(+), 112 deletions(-)
 delete mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h

diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c b/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c
index 2922fb8deb..d46862a1c4 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c
@@ -22,14 +22,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Protocol/PciIo.h>
 #include <Protocol/DeviceSecurity.h>
 #include <Protocol/PlatformDeviceSecurityPolicy.h>
-#include "TcgDeviceEvent.h"
 
 typedef struct {
-  EDKII_DEVICE_SECURITY_EVENT_DATA_HEADER       EventData;
+  TCG_DEVICE_SECURITY_EVENT_DATA_HEADER         EventData;
   SPDM_MEASUREMENT_BLOCK_COMMON_HEADER          CommonHeader;
   SPDM_MEASUREMENT_BLOCK_DMTF_HEADER            DmtfHeader;
   UINT8                                         Digest[SHA256_DIGEST_SIZE];
-  EDKII_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT  PciContext;
+  TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT    PciContext;
 } EDKII_DEVICE_SECURITY_PCI_EVENT_DATA;
 
 typedef struct {
@@ -327,14 +326,14 @@ ExtendDigestRegister (
   Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint8, 0, sizeof(PciData), &PciData);
   ASSERT_EFI_ERROR(Status);
 
-  PcrIndex = EDKII_DEVICE_MEASUREMENT_COMPONENT_PCR_INDEX;
-  EventType = EDKII_DEVICE_MEASUREMENT_COMPONENT_EVENT_TYPE;
+  PcrIndex = 2;
+  EventType = EV_EFI_SPDM_FIRMWARE_BLOB;
 
-  CopyMem (EventLog.EventData.Signature, EDKII_DEVICE_SECURITY_EVENT_DATA_SIGNATURE, sizeof(EventLog.EventData.Signature));
-  EventLog.EventData.Version                  = EDKII_DEVICE_SECURITY_EVENT_DATA_VERSION;
+  CopyMem (EventLog.EventData.Signature, TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE, sizeof(EventLog.EventData.Signature));
+  EventLog.EventData.Version                  = TCG_DEVICE_SECURITY_EVENT_DATA_VERSION;
   EventLog.EventData.Length                   = sizeof(EDKII_DEVICE_SECURITY_PCI_EVENT_DATA);
   EventLog.EventData.SpdmHashAlgo             = TcgAlgIdToSpdmHashAlgo (TcgAlgId);
-  EventLog.EventData.DeviceType               = EDKII_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_PCI;
+  EventLog.EventData.DeviceType               = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_PCI;
 
   EventLog.CommonHeader.Index                      = DigestSel;
   EventLog.CommonHeader.MeasurementSpecification   = SPDM_MEASUREMENT_BLOCK_HEADER_SPECIFICATION_DMTF;
@@ -343,8 +342,8 @@ ExtendDigestRegister (
   EventLog.DmtfHeader.DMTFSpecMeasurementValueSize = SHA256_DIGEST_SIZE;
   CopyMem (&EventLog.Digest, Digest, SHA256_DIGEST_SIZE);
 
-  EventLog.PciContext.Version           = EDKII_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT_VERSION;
-  EventLog.PciContext.Length            = sizeof(EDKII_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT);
+  EventLog.PciContext.Version           = TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT_VERSION;
+  EventLog.PciContext.Length            = sizeof(TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT);
   EventLog.PciContext.VendorId          = PciData.Hdr.VendorId;
   EventLog.PciContext.DeviceId          = PciData.Hdr.DeviceId;
   EventLog.PciContext.RevisionID        = PciData.Hdr.RevisionID;
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf b/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf
index 89a4c8fadd..b51b843bb5 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf
@@ -16,7 +16,6 @@
 
 [Sources]
   IntelPciDeviceSecurityDxe.c
-  TcgDeviceEvent.h
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h b/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h
deleted file mode 100644
index a0ce344112..0000000000
--- a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/** @file
-  TCG Device Event data structure
-Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-**/
-
-
-#ifndef __TCG_EVENT_DATA_H__
-#define __TCG_EVENT_DATA_H__
-
-#include <IndustryStandard/Spdm.h>
-
-#pragma pack(1)
-
-// -------------------------------------------
-// TCG Measurement for SPDM Device Measurement
-// -------------------------------------------
-
-//
-// Device Firmware Component (including immutable ROM or mutable firmware)
-//
-#define EDKII_DEVICE_MEASUREMENT_COMPONENT_PCR_INDEX        2
-#define EDKII_DEVICE_MEASUREMENT_COMPONENT_EVENT_TYPE       0x800000E1
-//
-// Device Firmware Configuration (including hardware configuration or firmware configuration)
-//
-#define EDKII_DEVICE_MEASUREMENT_CONFIGURATION_PCR_INDEX    4
-#define EDKII_DEVICE_MEASUREMENT_CONFIGURATION_EVENT_TYPE   0x800000E2
-
-//
-// Device Firmware Measurement Measurement Data
-// The measurement data is the device firmware measurement.
-//
-// In order to support crypto agile, the firmware will hash the DeviceMeasurement again.
-// As such the device measurement algo might be different with host firmware measurement algo.
-//
-
-//
-// Device Firmware Measurement Event Data
-//
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_SIGNATURE "SPDM Device Sec\0"
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_VERSION  0
-
-//
-// Device Type
-// 0x03 ~ 0xDF reserved by TCG.
-// 0xE0 ~ 0xFF reserved by OEM.
-//
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_NULL  0
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_PCI   1
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_USB   2
-
-//
-// Device Firmware Measurement Event Data Common Part
-// The device specific part should follow this data structure.
-//
-typedef struct {
-  //
-  // It must be EDKII_DEVICE_SECURITY_EVENT_DATA_SIGNATURE.
-  //
-  UINT8                          Signature[16];
-  //
-  // It must be EDKII_DEVICE_SECURITY_EVENT_DATA_VERSION.
-  //
-  UINT16                         Version;
-  //
-  // The length of whole data structure, including Device Context.
-  //
-  UINT16                         Length;
-  //
-  // The SpdmHashAlgo
-  //
-  UINT32                         SpdmHashAlgo;
-  //
-  // The type of device. This field is to determine the Device Context followed by.
-  //
-  UINT32                         DeviceType;
-  //
-  // The SPDM measurement block.
-  //
-//SPDM_MEASUREMENT_BLOCK         SpdmMeasurementBlock;
-} EDKII_DEVICE_SECURITY_EVENT_DATA_HEADER;
-
-//
-// PCI device specific context
-//
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT_VERSION  0
-typedef struct {
-  UINT16  Version;
-  UINT16  Length;
-  UINT16  VendorId;
-  UINT16  DeviceId;
-  UINT8   RevisionID;
-  UINT8   ClassCode[3];
-  UINT16  SubsystemVendorID;
-  UINT16  SubsystemID;
-} EDKII_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT;
-
-#pragma pack()
-
-#endif
-- 
2.19.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#52476): https://edk2.groups.io/g/devel/message/52476
Mute This Topic: https://groups.io/mt/68955508/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG definition.
Posted by Ni, Ray 4 years, 3 months ago
> 
> -  PcrIndex = EDKII_DEVICE_MEASUREMENT_COMPONENT_PCR_INDEX;
> +  PcrIndex = 2;

Jiewen, PcrIndex assignment is using magic value 2 here.
I am ok with this magic value. Can you please add comment to say that this
PCR is a device measurement component PCR?

With that, Reviewed-by: Ray Ni <ray.ni@intel.com>

Thanks,
Ray


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#52482): https://edk2.groups.io/g/devel/message/52482
Mute This Topic: https://groups.io/mt/68955508/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG definition.
Posted by Yao, Jiewen 4 years, 3 months ago
Yes. I will.

Thank you
Yao Jiewen

> -----Original Message-----
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Monday, December 23, 2019 10:00 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
> Subject: RE: [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG
> definition.
> 
> >
> > -  PcrIndex = EDKII_DEVICE_MEASUREMENT_COMPONENT_PCR_INDEX;
> > +  PcrIndex = 2;
> 
> Jiewen, PcrIndex assignment is using magic value 2 here.
> I am ok with this magic value. Can you please add comment to say that this
> PCR is a device measurement component PCR?
> 
> With that, Reviewed-by: Ray Ni <ray.ni@intel.com>
> 
> Thanks,
> Ray


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#52487): https://edk2.groups.io/g/devel/message/52487
Mute This Topic: https://groups.io/mt/68955508/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-