From nobody Sun May 5 04:33:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52624+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52624+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1577774665; cv=none; d=zohomail.com; s=zohoarc; b=JA+JMrCVBxeS3oiTmPx54X/yl4IQcSubhwUcQaQl3GmQbPSKPkEhdelGCm6qvv7uufavAXeXuV5ZUwjqzFhWNosZ5nOu2h4iHgMjskJmCdx3/nb+uKQ9Hlk99USZKGoM1EsSrnvQRtlajXa3dLdJaaQkNAMWLXsBInr9ED3w6Is= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1577774665; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=yf491vQBBgPImvK3xxW7RipjD34eQAFYG4nUERKOOT4=; b=lJviLVdmKnu6phPual7o3iS5kZIxNFwsUn1pzeCs+XnWZK6LWuN589FALcDOvJ9eF0ircOHz6ILr2xFKk87Eunqv33egQnC9jQ8tvEJxuVxI1ER4PiaQLH/baDEKp77G9BrRFkKedsQ5qyvElJVW8QhghDR72prgZeMwJtzgBM8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52624+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 157777466559566.92457940748193; Mon, 30 Dec 2019 22:44:25 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id KX7oYY1788612xTkBNuNkDRd; Mon, 30 Dec 2019 22:44:25 -0800 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web12.561.1577774662173275928 for ; Mon, 30 Dec 2019 22:44:24 -0800 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Dec 2019 22:44:24 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,378,1571727600"; d="scan'208";a="419160606" X-Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.209.225]) by fmsmga005.fm.intel.com with ESMTP; 30 Dec 2019 22:44:22 -0800 From: "Yao, Jiewen" To: devel@edk2.groups.io Cc: Jian J Wang , Chao Zhang Subject: [edk2-devel] [PATCH 1/6] SecurityPkg/Guid: Add TCG 800-155 event GUID definition. Date: Tue, 31 Dec 2019 14:44:07 +0800 Message-Id: <20191231064412.22988-2-jiewen.yao@intel.com> In-Reply-To: <20191231064412.22988-1-jiewen.yao@intel.com> References: <20191231064412.22988-1-jiewen.yao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com X-Gm-Message-State: nkRiq9mLhTABi4MCzCjUVySMx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1577774665; bh=V4JRv85sPxnMvSZ8OIrIfz4rvaI5QE06GeiZ2SzgMuI=; h=Cc:Date:From:Reply-To:Subject:To; b=u7KcADr2IeqLmSnJEM7NSNuXBmq40MQI5ugh0hED+AfFSWjfTN1doJpb2ZzZSXBu0FH GfY5wpxk01sBFYn7JWy4tIuX1iIfsEqQvotMd2t5Ln6XsetpXROCzfc1kMDOs5xSqJ6wO vzaoI8T8waEJYPNpze0/tjnMwQFSKE9AirQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2439 The PEIM can produce the 800-155 event and the event will be recorded to TCG event log by the TCG2 DXE. Cc: Jian J Wang Cc: Chao Zhang Signed-off-by: Jiewen Yao Reviewed-by: Jian J Wang --- SecurityPkg/Include/Guid/TcgEventHob.h | 11 +++++++++++ SecurityPkg/SecurityPkg.dec | 4 ++++ 2 files changed, 15 insertions(+) diff --git a/SecurityPkg/Include/Guid/TcgEventHob.h b/SecurityPkg/Include/G= uid/TcgEventHob.h index eef3f92abd..97e40b47d0 100644 --- a/SecurityPkg/Include/Guid/TcgEventHob.h +++ b/SecurityPkg/Include/Guid/TcgEventHob.h @@ -49,4 +49,15 @@ extern EFI_GUID gTpmErrorHobGuid; =20 extern EFI_GUID gTpm2StartupLocalityHobGuid; =20 +/// +/// The Global ID of a GUIDed HOB used to record TCG 800-155 PlatformId Ev= ent. +/// HOB payload is the whole TCG_Sp800_155_PlatformId_Event2 according to = TCG 800-155 PlatformId Event. +/// +#define EFI_TCG_800_155_PLATFORM_ID_EVENT_HOB_GUID \ + { \ + 0xe2c3bc69, 0x615c, 0x4b5b, { 0x8e, 0x5c, 0xa0, 0x33, 0xa9, 0xc2, 0x5e= , 0xd6 } \ + } + +extern EFI_GUID gTcg800155PlatformIdEventHobGuid; + #endif diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index cac36caf0a..5335cc5397 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -121,6 +121,10 @@ ## Include/Guid/TcgEventHob.h gTpm2StartupLocalityHobGuid =3D { 0x397b0c9, 0x22e8, 0x459e, { 0x= a4, 0xff, 0x99, 0xbc, 0x65, 0x27, 0x9, 0x29 }} =20 + ## HOB GUID used to record TCG 800-155 PlatformId Event + ## Include/Guid/TcgEventHob.h + gTcg800155PlatformIdEventHobGuid =3D { 0xe2c3bc69, 0x615c, 0x4b5b, { 0= x8e, 0x5c, 0xa0, 0x33, 0xa9, 0xc2, 0x5e, 0xd6 }} + ## HOB GUID used to pass all PEI measured FV info to DXE Driver. # Include/Guid/MeasuredFvHob.h gMeasuredFvHobGuid =3D { 0xb2360b42, 0x7173, 0x420a, { 0= x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }} --=20 2.19.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52624): https://edk2.groups.io/g/devel/message/52624 Mute This Topic: https://groups.io/mt/69344968/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 04:33:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52625+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52625+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1577774673; cv=none; d=zohomail.com; s=zohoarc; b=kmP7MwdUeLCdGpqUeEnm2m5o61Da6iFF9c5uHdmDRhHYFk2pO3qB0wzrFRs9BN+vVSwjHcgUfxn9eu1FeK7HgY8zeEzcm/J36djLxlhjU5qh7aUXL5dKqIp51mnMVrMxfUBAw8vblz+YHMqPqtILJKYQOUTZbdRrxdrsnA9Uwws= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1577774673; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=c1zpQXvRmFel3JY2VJrYmsuAFr0XPyOI0wYEo8vkeWY=; b=bX5/UKK3Qdx5fgjgwyixi5gUNYaAcoJDl5pnnaik5nQbNgkX2i6D+Pn7FsgPyAa2MwmJk952gd9fALfbj/6+VF0rVtJVHeJ2zuwGlbor58H8LltGqJwZFjJWCK89kqNvAS7iYfAMKsPkwO8eEtMnMGG0c5vzuWjPA1uoElNz+lQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52625+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 157777467335081.52109760251778; Mon, 30 Dec 2019 22:44:33 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id fuTjYY1788612xJQcrpp5hwY; Mon, 30 Dec 2019 22:44:32 -0800 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web09.558.1577774671219253761 for ; Mon, 30 Dec 2019 22:44:31 -0800 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Dec 2019 22:44:31 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,378,1571727600"; d="scan'208";a="419160637" X-Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.209.225]) by fmsmga005.fm.intel.com with ESMTP; 30 Dec 2019 22:44:26 -0800 From: "Yao, Jiewen" To: devel@edk2.groups.io Cc: Jian J Wang , Chao Zhang Subject: [edk2-devel] [PATCH 2/6] SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event. Date: Tue, 31 Dec 2019 14:44:08 +0800 Message-Id: <20191231064412.22988-3-jiewen.yao@intel.com> In-Reply-To: <20191231064412.22988-1-jiewen.yao@intel.com> References: <20191231064412.22988-1-jiewen.yao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com X-Gm-Message-State: aw7CeGJGMDoLp5TgHnLscLv6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1577774672; bh=6fBMgBccDlgUgemt1Q0oyE88/Gu5utPP0h8cMLPUoS8=; h=Cc:Date:From:Reply-To:Subject:To; b=wwL8G/x5IswkSjWRUfQUa1FeHADW/wGXdZZPppsQKOwKG2fA4Csh72sp8Bw31OT1Yv9 dqJbykdOEXgDab7leUOQZpIdlmAwm3RBAAFWhktOVxXLUzGc7T5zdbON2chifuHAFmrpw JepTJrk3TKv//gBPDzHviNKpfvaFvqenTMs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2439 The TCG2 DXE supports to parse the 800-155 event GUID from PEI and puts to the beginning of the TCG2 event. The TCG2 DXE also supports a DXE driver produces 800-155 event and let TCG2 DXE driver record. The 800-155 is a NO-ACTION event which does not need extend anything to TPM2. The TCG2 DXE also supports that. Multiple 800-155 events are supported. All of them will be put to the beginning of the TCG2 event, just after the SpecId event. Cc: Jian J Wang Cc: Chao Zhang Signed-off-by: Jiewen Yao Reviewed-by: Jian J Wang --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 157 +++++++++++++++++++++++----- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 + 2 files changed, 129 insertions(+), 29 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tc= g2Dxe.c index 3cd16c2fa3..b185b56703 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -75,6 +75,7 @@ typedef struct { UINT8 *LastEvent; BOOLEAN EventLogStarted; BOOLEAN EventLogTruncated; + UINTN Next800155EventOffset; } TCG_EVENT_LOG_AREA_STRUCT; =20 typedef struct _TCG_DXE_DATA { @@ -771,16 +772,42 @@ Tcg2GetEventLog ( return EFI_SUCCESS; } =20 +/* + Return if this is a Tcg800155PlatformIdEvent. + + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_P= CR_EVENT_EX data structure. + @param[in] NewEventHdrSize New event header size. + @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventSize New event data size. + + @retval TRUE This is a Tcg800155PlatformIdEvent. + @retval FALSE This is NOT a Tcg800155PlatformIdEvent. + +*/ +BOOLEAN +Is800155Event ( + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize + ) +{ + if ((((TCG_PCR_EVENT2_HDR *)NewEventHdr)->EventType =3D=3D EV_NO_ACTION)= && + (NewEventSize >=3D sizeof(TCG_Sp800_155_PlatformId_Event2)) && + (CompareMem (NewEventData, TCG_Sp800_155_PlatformId_Event2_SIGNATURE= , sizeof(TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1) =3D=3D 0)) { + return TRUE; + } + return FALSE; +} + /** Add a new entry to the Event Log. =20 - @param[in, out] EventLogPtr Pointer to the Event Log data. - @param[in, out] LogSize Size of the Event Log. - @param[in] MaxSize Maximum size of the Event Log. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_E= VENT_EX data structure. - @param[in] NewEventHdrSize New event header size. - @param[in] NewEventData Pointer to the new event data. - @param[in] NewEventSize New event data size. + @param[in, out] EventLogAreaStruct The event log area data structure + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_P= CR_EVENT_EX data structure. + @param[in] NewEventHdrSize New event header size. + @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventSize New event data size. =20 @retval EFI_SUCCESS The new event log entry was added. @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. @@ -788,9 +815,7 @@ Tcg2GetEventLog ( **/ EFI_STATUS TcgCommLogEvent ( - IN OUT UINT8 **EventLogPtr, - IN OUT UINTN *LogSize, - IN UINTN MaxSize, + IN OUT TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct, IN VOID *NewEventHdr, IN UINT32 NewEventHdrSize, IN UINT8 *NewEventData, @@ -798,6 +823,7 @@ TcgCommLogEvent ( ) { UINTN NewLogSize; + BOOLEAN Record800155Event; =20 if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) { return EFI_OUT_OF_RESOURCES; @@ -805,23 +831,55 @@ TcgCommLogEvent ( =20 NewLogSize =3D NewEventHdrSize + NewEventSize; =20 - if (NewLogSize > MAX_ADDRESS - *LogSize) { + if (NewLogSize > MAX_ADDRESS - EventLogAreaStruct->EventLogSize) { return EFI_OUT_OF_RESOURCES; } =20 - if (NewLogSize + *LogSize > MaxSize) { - DEBUG ((EFI_D_INFO, " MaxSize - 0x%x\n", MaxSize)); - DEBUG ((EFI_D_INFO, " NewLogSize - 0x%x\n", NewLogSize)); - DEBUG ((EFI_D_INFO, " LogSize - 0x%x\n", *LogSize)); - DEBUG ((EFI_D_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES)); + if (NewLogSize + EventLogAreaStruct->EventLogSize > EventLogAreaStruct->= Laml) { + DEBUG ((DEBUG_INFO, " Laml - 0x%x\n", EventLogAreaStruct->Laml)= ); + DEBUG ((DEBUG_INFO, " NewLogSize - 0x%x\n", NewLogSize)); + DEBUG ((DEBUG_INFO, " LogSize - 0x%x\n", EventLogAreaStruct->Event= LogSize)); + DEBUG ((DEBUG_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES)); return EFI_OUT_OF_RESOURCES; } =20 - *EventLogPtr +=3D *LogSize; - *LogSize +=3D NewLogSize; - CopyMem (*EventLogPtr, NewEventHdr, NewEventHdrSize); + // + // Check 800-155 event + // Record to 800-155 event offset only. + // If the offset is 0, no need to record. + // + Record800155Event =3D Is800155Event (NewEventHdr, NewEventHdrSize, NewEv= entData, NewEventSize); + if (Record800155Event) { + if (EventLogAreaStruct->Next800155EventOffset !=3D 0) { + CopyMem ( + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Nex= t800155EventOffset + NewLogSize, + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Nex= t800155EventOffset, + EventLogAreaStruct->EventLogSize - EventLogAreaStruct->Next800155E= ventOffset + ); + + CopyMem ( + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Nex= t800155EventOffset, + NewEventHdr, + NewEventHdrSize + ); + CopyMem ( + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Nex= t800155EventOffset + NewEventHdrSize, + NewEventData, + NewEventSize + ); + + EventLogAreaStruct->Next800155EventOffset +=3D NewLogSize; + EventLogAreaStruct->LastEvent +=3D NewLogSize; + EventLogAreaStruct->EventLogSize +=3D NewLogSize; + } + return EFI_SUCCESS; + } + + EventLogAreaStruct->LastEvent =3D (UINT8 *)(UINTN)EventLogAreaStruct->La= sa + EventLogAreaStruct->EventLogSize; + EventLogAreaStruct->EventLogSize +=3D NewLogSize; + CopyMem (EventLogAreaStruct->LastEvent, NewEventHdr, NewEventHdrSize); CopyMem ( - *EventLogPtr + NewEventHdrSize, + EventLogAreaStruct->LastEvent + NewEventHdrSize, NewEventData, NewEventSize ); @@ -873,11 +931,8 @@ TcgDxeLogEvent ( return EFI_VOLUME_FULL; } =20 - EventLogAreaStruct->LastEvent =3D (UINT8*)(UINTN)EventLogAreaStruct->Las= a; Status =3D TcgCommLogEvent ( - &EventLogAreaStruct->LastEvent, - &EventLogAreaStruct->EventLogSize, - (UINTN)EventLogAreaStruct->Laml, + EventLogAreaStruct, NewEventHdr, NewEventHdrSize, NewEventData, @@ -907,11 +962,8 @@ TcgDxeLogEvent ( return EFI_VOLUME_FULL; } =20 - EventLogAreaStruct->LastEvent =3D (UINT8*)(UINTN)EventLogAreaStruct->L= asa; Status =3D TcgCommLogEvent ( - &EventLogAreaStruct->LastEvent, - &EventLogAreaStruct->EventLogSize, - (UINTN)EventLogAreaStruct->Laml, + EventLogAreaStruct, NewEventHdr, NewEventHdrSize, NewEventData, @@ -1138,11 +1190,25 @@ TcgDxeHashLogExtendEvent ( { EFI_STATUS Status; TPML_DIGEST_VALUES DigestList; + TCG_PCR_EVENT2_HDR NoActionEvent; =20 if (!mTcgDxeData.BsCap.TPMPresentFlag) { return EFI_DEVICE_ERROR; } =20 + if (NewEventHdr->EventType =3D=3D EV_NO_ACTION) { + // + // Do not do TPM extend for EV_NO_ACTION + // + Status =3D EFI_SUCCESS; + InitNoActionEvent (&NoActionEvent, NewEventHdr->EventSize); + if ((Flags & EFI_TCG2_EXTEND_ONLY) =3D=3D 0) { + Status =3D TcgDxeLogHashEvent (&(NoActionEvent.Digests), NewEventHdr= , NewEventData); + } + + return Status; + } + Status =3D HashAndExtend ( NewEventHdr->PCRIndex, HashData, @@ -1202,7 +1268,13 @@ Tcg2HashLogExtendEvent ( =20 DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent ...\n")); =20 - if ((This =3D=3D NULL) || (DataToHash =3D=3D 0) || (Event =3D=3D NULL)) { + if ((This =3D=3D NULL) || (Event =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + // + // Do not check hash data size for EV_NO_ACTION event. + // + if ((Event->Header.EventType !=3D EV_NO_ACTION) && (DataToHash =3D=3D 0)= ) { return EFI_INVALID_PARAMETER; } =20 @@ -1487,6 +1559,7 @@ SetupEventLog ( } mTcgDxeData.EventLogAreaStruct[Index].Lasa =3D Lasa; mTcgDxeData.EventLogAreaStruct[Index].Laml =3D PcdGet32 (PcdTcgLogAr= eaMinLen); + mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset =3D 0; =20 if ((PcdGet8(PcdTpm2AcpiTableRev) >=3D 4) || (mTcg2EventInfo[Index].LogFormat =3D=3D EFI_TCG2_EVENT_LOG_FORMA= T_TCG_2)) { @@ -1577,6 +1650,30 @@ SetupEventLog ( (UINT8 *)TcgEfiSpecIdEventStruct, SpecIdEvent.EventSize ); + // + // record the offset at the end of 800-155 event. + // the future 800-155 event can be inserted here. + // + mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset =3D mT= cgDxeData.EventLogAreaStruct[Index].EventLogSize; + + // + // Tcg800155PlatformIdEvent. Event format is TCG_PCR_EVENT2 + // + GuidHob.Guid =3D GetFirstGuidHob (&gTcg800155PlatformIdEventHobGui= d); + while (GuidHob.Guid !=3D NULL) { + InitNoActionEvent(&NoActionEvent, GET_GUID_HOB_DATA_SIZE (GuidHo= b.Guid)); + + Status =3D TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + &NoActionEvent, + sizeof(NoActionEvent.PCRIndex) + sizeof(NoActionEvent= .EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof(NoActi= onEvent.EventSize), + GET_GUID_HOB_DATA (GuidHob.Guid), + GET_GUID_HOB_DATA_SIZE (GuidHob.Guid) + ); + + GuidHob.Guid =3D GET_NEXT_HOB (GuidHob); + GuidHob.Guid =3D GetNextGuidHob (&gTcg800155PlatformIdEventHobGu= id, GuidHob.Guid); + } =20 // // EfiStartupLocalityEvent. Event format is TCG_PCR_EVENT2 @@ -1643,6 +1740,7 @@ SetupEventLog ( mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent =3D (VOID *)(= UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted =3D FAL= SE; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated =3D F= ALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = =3D 0; =20 // // Install to configuration table for EFI_TCG2_EVENT_LOG_FORMAT_TC= G_2 @@ -1663,6 +1761,7 @@ SetupEventLog ( mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent =3D 0; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted =3D FAL= SE; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated =3D F= ALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = =3D 0; } } } diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/= Tcg2Dxe.inf index 0127a31e97..576cf80d06 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -85,6 +85,7 @@ =20 gTcgEvent2EntryHobGuid ## SOMETIMES_CONSUMES= ## HOB gTpm2StartupLocalityHobGuid ## SOMETIMES_CONSUMES= ## HOB + gTcg800155PlatformIdEventHobGuid ## SOMETIMES_CONSUMES= ## HOB =20 [Protocols] gEfiTcg2ProtocolGuid ## PRODUCES --=20 2.19.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52625): https://edk2.groups.io/g/devel/message/52625 Mute This Topic: https://groups.io/mt/69344969/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 04:33:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52626+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52626+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1577774673; cv=none; d=zohomail.com; s=zohoarc; b=VrT+Nmqv4A+lybnXvl3rlJZsBi5MwGsZWTi2hZqJUFXCcb2g/ZI1yeQq57k+kbIadoGhDhEoH5r3tj8hR8PYOT5eUdLYcrvu3+kjuBag8o61KBBTnYoMNf+PbvcS7oCCHhKOuIYo8anYU4lYSyaqHKFgH61ilzaJzPrwjM2ziDo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1577774673; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ki7ub+rj37pGjW1Loq+AqwMzWVtsnd8B0PrMK9GOjJE=; b=DBP5yFO9VuEV+1DizowUd8Weuumg0tKxiZk+KrR700UG8nb+oYBlWMrv7bGw6fCvuKAB8cF8k3Um99ebYYGbznu3Irt5Ij/uxA2UD6Vrb7TUFo2YDJyRS28ifg26OpovL4ZSV8dr8v+7oQ2+SDAyxC7b1rIkhzHzSZ3ZjKNTfFY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52626+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1577774673224382.8300330114008; Mon, 30 Dec 2019 22:44:33 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id hkwSYY1788612xsIKUGcOv7x; Mon, 30 Dec 2019 22:44:32 -0800 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web09.558.1577774671219253761 for ; Mon, 30 Dec 2019 22:44:32 -0800 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Dec 2019 22:44:32 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,378,1571727600"; d="scan'208";a="419160645" X-Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.209.225]) by fmsmga005.fm.intel.com with ESMTP; 30 Dec 2019 22:44:30 -0800 From: "Yao, Jiewen" To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Dandan Bi , Star Zeng Subject: [edk2-devel] [PATCH 3/6] MdeModulePkg/Smbios: Done measure Smbios multiple times. Date: Tue, 31 Dec 2019 14:44:09 +0800 Message-Id: <20191231064412.22988-4-jiewen.yao@intel.com> In-Reply-To: <20191231064412.22988-1-jiewen.yao@intel.com> References: <20191231064412.22988-1-jiewen.yao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com X-Gm-Message-State: 8EhN7kKYS8Ij34n6QYxUtopQx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1577774672; bh=FO85J7ud28oDfS98IvHJ/A2UwPTe192K8QIXZ1YDTqc=; h=Cc:Date:From:Reply-To:Subject:To; b=w8ic1H14W/O9NKIsPfVGv4Y/lubPlgW98e+srlgpWB+rBiBlnMQDwjlpD8OufTDhiur iVNkvvEFT6yewZevLYdcXfNQqHk2fbuPp8+Vt7pXrTbA79pB6ccX1JkLePyH1toVF+iP5 KLrKTsAIt69VVVbpwUDi5bQiPx2FLj7TsEM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2439 In current implementation, the SMBIOS table is measured multiple time in every readytoboot event. This causes Smbios Table record appears multiple time in the TCG event log and confuses people. This issue makes it hard to implement 800-155 reference measurement. This patch closes the event to make sure Smbios is measured only once. Cc: Jian J Wang Cc: Hao A Wu Cc: Dandan Bi Cc: Star Zeng Signed-off-by: Jiewen Yao Reviewed-by: Star Zeng --- .../Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementD= xe.c b/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c index 7b5d473146..5ec2aca095 100644 --- a/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c +++ b/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c @@ -577,8 +577,8 @@ MeasureSmbiosTable ( TableAddress, // HashData TableLength // HashDataLen ); - if (EFI_ERROR (Status)) { - return ; + if (!EFI_ERROR (Status)) { + gBS->CloseEvent (Event) ; } } =20 --=20 2.19.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52626): https://edk2.groups.io/g/devel/message/52626 Mute This Topic: https://groups.io/mt/69344970/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 04:33:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52627+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52627+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1577774691; cv=none; d=zohomail.com; s=zohoarc; b=e4RwlScPhLY1LJ7zo3p3hTrsqGDtBV03uXcYoK9N9gk6HOpaq5u9QX/h7TubafF1GcjiBeVMoJRNfkV4076n5/nMDvJGUlhQTM03CIIy9VcLetkuPKnrDaWHVoE9Onv9Sk92ZyDDzWU/lTlUilTN9tsL9D6vb3AghWWmuCOc4ow= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1577774691; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=LW87p0I5czkfuUSgvr3f+EDYpT+2Swy7qOvZmO3Nq8s=; b=lFlD6CykahFl16Xsc/x/PP7FZT/IIlQd3o12YYXKZb7oqkVEPZRu8lo+j8HRpSjdH6oJhvQh8z67g2IG/+C2+FrsiJXGSNs3Sz+TR3IevuMJjoIt31bI9z4JKtFtnBSci48oBVRgrbt0RSEHMMdSjL/FMwu3Fp6rTRSK+4EFmwc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52627+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1577774691590299.214496953242; Mon, 30 Dec 2019 22:44:51 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id Smp2YY1788612xc4YeatZk7F; Mon, 30 Dec 2019 22:44:51 -0800 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web11.624.1577774690588916528 for ; Mon, 30 Dec 2019 22:44:50 -0800 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Dec 2019 22:44:33 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,378,1571727600"; d="scan'208";a="419160668" X-Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.209.225]) by fmsmga005.fm.intel.com with ESMTP; 30 Dec 2019 22:44:32 -0800 From: "Yao, Jiewen" To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Chao Zhang Subject: [edk2-devel] [PATCH 4/6] MdeModulePkg/dec: add PcdTcgPfpMeasurementRevision PCD Date: Tue, 31 Dec 2019 14:44:10 +0800 Message-Id: <20191231064412.22988-5-jiewen.yao@intel.com> In-Reply-To: <20191231064412.22988-1-jiewen.yao@intel.com> References: <20191231064412.22988-1-jiewen.yao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com X-Gm-Message-State: jq1Q5nfegk9SmegsRnX0TlKex1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1577774691; bh=6I9km6cqcvgjhmDbzO+obyLhd3FTxKWCk2zTqhsRw50=; h=Cc:Date:From:Reply-To:Subject:To; b=aW2iZo8F/vwmGweDmkiBNP5pOT5bzlAK2d8TAceCDKBosizOpg21iiojjnXTqRACHgK w4F8vvqwaWqv85otk3N5nECF4wKTXAR6PTPAKhkU3uOKJk0my13QoKLvoygdcoBULkjlL lSuGKYKwK8/izXsto4pqatD75V03mvSP6wE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2439 This PCD is to control the TCG PFP spec revision. The PFP 105 added new event type to support NIST SP800-155, and deprecated old event type. Cc: Jian J Wang Cc: Hao A Wu Cc: Chao Zhang Signed-off-by: Jiewen Yao Reviewed-by: Jian J Wang --- MdeModulePkg/MdeModulePkg.dec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec index 41b9e70a1a..f75a74af25 100644 --- a/MdeModulePkg/MdeModulePkg.dec +++ b/MdeModulePkg/MdeModulePkg.dec @@ -2003,6 +2003,14 @@ # @Prompt Capsule On Disk relocation device path. gEfiMdeModulePkgTokenSpaceGuid.PcdCodRelocationDevPath|{0xFF}|VOID*|0x00= 00002f =20 + ## Indicates which TCG Platform Firmware Profile revision the EDKII firm= ware follows. + # The revision number is defined in MdePkg/Include/IndustryStandard/Uef= iTcgPlatform.h + # 0: This is for compatiblity support. + # 105: This is the first revision to support 800-155 is related event, = such as + # EV_EFI_PLATFORM_FIRMWARE_BLOB2 and EV_EFI_HANDOFF_TABLES2. + # @Prompt TCG Platform Firmware Profile revision. + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision|0|UINT32|0x0= 0010077 + [PcdsPatchableInModule] ## Specify memory size with page number for PEI code when # Loading Module at Fixed Address feature is enabled. --=20 2.19.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52627): https://edk2.groups.io/g/devel/message/52627 Mute This Topic: https://groups.io/mt/69344971/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 04:33:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52628+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52628+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1577774691; cv=none; d=zohomail.com; s=zohoarc; b=GcLD6Qq2jDammpK4z4IlIo6auJSImHq6gnCRmsBQk706IR9teY6AzYYGHLf66xb9dyQm+A1D/tKiX4ZZGDjcT6QNEV6UPTsn41lBEmh/VEsDDdRrXJhR9FdOKV1R/tiQfz2EuNyzEpijpixZGlztL4LjWAlnSYqsoG+eThgLDCo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1577774691; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=fX5AGokbrDVbqSjNs++giRFz+fHtJSQgoAsh8ONCGGg=; b=hJ5g25QXtpbzICI6LFrRz5u6ilkg7E9/DSs4U0bdHxXCyP17unUVNCFRiaBFWBPHnpJtarA3qV31wcEcZHxzDElcIAg2r8tooiFvALDQBJwGwWoH5EeGNygidS1tBXi0Af3WgbUl7JsaaQV20OUXKQsObXZrR+o/phk4LGBbGLI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52628+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1577774691806598.4812579998734; Mon, 30 Dec 2019 22:44:51 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id 6hTkYY1788612xvFDUAYddyj; Mon, 30 Dec 2019 22:44:51 -0800 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.624.1577774690588916528 for ; Mon, 30 Dec 2019 22:44:50 -0800 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Dec 2019 22:44:36 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,378,1571727600"; d="scan'208";a="419160691" X-Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.209.225]) by fmsmga005.fm.intel.com with ESMTP; 30 Dec 2019 22:44:33 -0800 From: "Yao, Jiewen" To: devel@edk2.groups.io Cc: Jian J Wang , Hao A Wu , Dandan Bi , Star Zeng Subject: [edk2-devel] [PATCH 5/6] MdeModulePkg/Smbios: Add TCG PFP rev 105 support. Date: Tue, 31 Dec 2019 14:44:11 +0800 Message-Id: <20191231064412.22988-6-jiewen.yao@intel.com> In-Reply-To: <20191231064412.22988-1-jiewen.yao@intel.com> References: <20191231064412.22988-1-jiewen.yao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com X-Gm-Message-State: vfW8zfMTNl1oA6K8uc0R5TPdx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1577774691; bh=j/EWAkYxNBh/xyBBodJWEk57dAIi0j0FjNop1IZGwNc=; h=Cc:Date:From:Reply-To:Subject:To; b=ejRWJFUpOGOzGTBWKo9sp2NZaqQyH0oFg91fnlzEx5x947JieQQEjFi+eSa/V3uS3O0 owUDgZFZT3oYYqXsiuM/uusu8/7oBEhyjT2MqNdb/nzpvw+DbrQ36Q19b4N6zPVlXNi/N Tu5mn0b+hPn9rOu/aFPtrz2pQm2MXBcUpr8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2439 Report EV_EFI_HANDOFF_TABLES2 if the platform chooses PFP >=3D 105. Cc: Jian J Wang Cc: Hao A Wu Cc: Dandan Bi Cc: Star Zeng Signed-off-by: Jiewen Yao Reviewed-by: Star Zeng --- .../SmbiosMeasurementDxe.c | 35 +++++++++++++++++-- .../SmbiosMeasurementDxe.inf | 3 ++ 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementD= xe.c b/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c index 5ec2aca095..a5839c09f1 100644 --- a/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c +++ b/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.c @@ -108,6 +108,18 @@ SMBIOS_FILTER_STRUCT mSmbiosFilterStandardTableBlackL= ist[] =3D { EFI_SMBIOS_PROTOCOL *mSmbios; UINTN mMaxLen; =20 +#pragma pack (1) + +#define SMBIOS_HANDOFF_TABLE_DESC "SmbiosTable" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof(SMBIOS_HANDOFF= _TABLE_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} SMBIOS_HANDOFF_TABLE_POINTERS2; + +#pragma pack () + /** =20 This function dump raw data. @@ -460,6 +472,10 @@ MeasureSmbiosTable ( { EFI_STATUS Status; EFI_HANDOFF_TABLE_POINTERS HandoffTables; + SMBIOS_HANDOFF_TABLE_POINTERS2 SmbiosHandoffTables2; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; SMBIOS_TABLE_ENTRY_POINT *SmbiosTable; SMBIOS_TABLE_3_0_ENTRY_POINT *Smbios3Table; VOID *SmbiosTableAddress; @@ -569,11 +585,24 @@ MeasureSmbiosTable ( CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), &gEfiSmbiosTabl= eGuid); HandoffTables.TableEntry[0].VendorTable =3D SmbiosTable; } + EventType =3D EV_EFI_HANDOFF_TABLES; + EventLog =3D &HandoffTables; + EventLogSize =3D sizeof (HandoffTables); + + if (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStru= ct_SPEC_ERRATA_TPM2_REV_105) { + SmbiosHandoffTables2.TableDescriptionSize =3D sizeof(SmbiosHandoffTa= bles2.TableDescription); + CopyMem (SmbiosHandoffTables2.TableDescription, SMBIOS_HANDOFF_TABLE= _DESC, sizeof(SmbiosHandoffTables2.TableDescription)); + SmbiosHandoffTables2.NumberOfTables =3D HandoffTables.NumberOfTables; + CopyMem (&(SmbiosHandoffTables2.TableEntry[0]), &(HandoffTables.Tabl= eEntry[0]), sizeof(SmbiosHandoffTables2.TableEntry[0])); + EventType =3D EV_EFI_HANDOFF_TABLES2; + EventLog =3D &SmbiosHandoffTables2; + EventLogSize =3D sizeof (SmbiosHandoffTables2); + } Status =3D TpmMeasureAndLogData ( 1, // PCRIndex - EV_EFI_HANDOFF_TABLES, // EventType - &HandoffTables, // EventLog - sizeof (HandoffTables), // LogLen + EventType, // EventType + EventLog, // EventLog + EventLogSize, // LogLen TableAddress, // HashData TableLength // HashDataLen ); diff --git a/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementD= xe.inf b/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.i= nf index a074044c84..81d3655dc7 100644 --- a/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf +++ b/MdeModulePkg/Universal/SmbiosMeasurementDxe/SmbiosMeasurementDxe.inf @@ -57,6 +57,9 @@ gEfiSmbiosTableGuid ## SOMETIMES_CONSUMES = ## SystemTable gEfiSmbios3TableGuid ## SOMETIMES_CONSUMES = ## SystemTable =20 +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision #= # CONSUMES + [Depex] gEfiSmbiosProtocolGuid =20 --=20 2.19.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52628): https://edk2.groups.io/g/devel/message/52628 Mute This Topic: https://groups.io/mt/69344972/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sun May 5 04:33:09 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52629+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52629+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1577774692; cv=none; d=zohomail.com; s=zohoarc; b=b7sHnXP2/ilpaLH4qv4TX3MWPyL0CNYQjhyUNT4ZgYv419wbdavHBwvdvxIJIl9EV6aFb5etukfBqk4NPx3VzLWkgXbhq9OkjXjYcTnoVIDGutkaiLaDWwUTLlj9Hl+d1CBkgxJqie+Vdnt+Db51heia+LugAIP2TtgbVZWBlWs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1577774692; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=L6dyUF6aCKGQLb7aXls2rcOhgknjibi25VCNRT4p6Xc=; b=I1Hc5t62C3ezt8RsoI6AHBP86mRzrILM9JqRKO9BWsdKtDwvAgXCyO8tajxkkGMQGZXTPw6GQok406nZCqL6iPVTKhd221tu6VbJsRci5d2VW3rLJU/weeyh8DY+xZFAhF6PZ3ArtgMvABWdPFaf6BU1UG9waEbQEprqVmEVYGA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52629+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1577774692250720.7256891628068; Mon, 30 Dec 2019 22:44:52 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id hjMXYY1788612xCWfCC8NS01; Mon, 30 Dec 2019 22:44:51 -0800 X-Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.624.1577774690588916528 for ; Mon, 30 Dec 2019 22:44:51 -0800 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Dec 2019 22:44:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,378,1571727600"; d="scan'208";a="419160702" X-Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.209.225]) by fmsmga005.fm.intel.com with ESMTP; 30 Dec 2019 22:44:36 -0800 From: "Yao, Jiewen" To: devel@edk2.groups.io Cc: Jian J Wang , Chao Zhang Subject: [edk2-devel] [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support. Date: Tue, 31 Dec 2019 14:44:12 +0800 Message-Id: <20191231064412.22988-7-jiewen.yao@intel.com> In-Reply-To: <20191231064412.22988-1-jiewen.yao@intel.com> References: <20191231064412.22988-1-jiewen.yao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com X-Gm-Message-State: 8HLvRZwy6brbi0KFEEzUu9YWx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1577774691; bh=Gh+7yTZCFN7YhKZNxVB+bD1aQ7DIu4sz22F9QIaBQ6Y=; h=Cc:Date:From:Reply-To:Subject:To; b=RnETa/Te84a2aawJvd6o0Zr5wj6onAT0Ntj+bUjj7QqEeVvguiamNvhbDR/4NWU6pWo EQxEyVNk/D8dBwSsFZWCJwpDUL9pMNylbV6JYaHVYBxQY8YiFwvWGDKPMEwhhCChjVzyv ErsyMOLD+j5FzQFH1plCQ7V964Y80oZz20Y= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2439 Use EV_EFI_PLATFORM_FIRMWARE_BLOB2 if the TCG PFP revision is >=3D 105. Use FvName as the description for the FV. Cc: Jian J Wang Cc: Chao Zhang Signed-off-by: Jiewen Yao Reviewed-by: Jian J Wang --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 91 ++++++++++++++++++++++++++--- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 2 + 2 files changed, 84 insertions(+), 9 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 1565d4e402..7d99c7906a 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include =20 #define PERF_ID_TCG2_PEI 0x3080 =20 @@ -78,6 +79,18 @@ EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; UINT32 mMeasuredMaxChildFvIndex =3D 0; UINT32 mMeasuredChildFvIndex =3D 0; =20 +#pragma pack (1) + +#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(FV_HANDOFF_TABL= E_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} FV_HANDOFF_TABLE_POINTERS2; + +#pragma pack () + /** Measure and record the Firmware Volume Information once FvInfoPPI instal= l. =20 @@ -447,6 +460,48 @@ MeasureCRTMVersion ( ); } =20 +/* + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +*/ +VOID * +GetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >=3D MAX_ADDRESS) { + return NULL; + } + if (FvLength >=3D MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) >= FvLength) { + return NULL; + } + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + /** Measure FV image. Add it into the measured FV list after the FV is measured successfully. @@ -469,6 +524,9 @@ MeasureFvImage ( UINT32 Index; EFI_STATUS Status; EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + FV_HANDOFF_TABLE_POINTERS2 FvBlob2; + VOID *EventData; + VOID *FvName; TCG_PCR_EVENT_HDR TcgEventHdr; UINT32 Instance; UINT32 Tpm2HashMask; @@ -571,6 +629,21 @@ MeasureFvImage ( TcgEventHdr.PCRIndex =3D 0; TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; TcgEventHdr.EventSize =3D sizeof (FvBlob); + EventData =3D &FvBlob; + + if (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruct= _SPEC_ERRATA_TPM2_REV_105) { + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof(FvBlob= 2.BlobDescription)); + FvName =3D GetFvName (FvBase, FvLength); + if (FvName !=3D NULL) { + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDe= scription), "Fv(%g)", FvName); + } + FvBlob2.BlobBase =3D FvBlob.BlobBase; + FvBlob2.BlobLength =3D FvBlob.BlobLength; + TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + TcgEventHdr.EventSize =3D sizeof (FvBlob2); + EventData =3D &FvBlob2; + } =20 if (Tpm2HashMask =3D=3D 0) { // @@ -583,9 +656,9 @@ MeasureFvImage ( ); =20 if (!EFI_ERROR(Status)) { - Status =3D LogHashEvent (&DigestList, &TcgEventHdr, (UINT8*) &FvBlo= b); - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged b= y Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase)); - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged b= y Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength)); + Status =3D LogHashEvent (&DigestList, &TcgEventHdr, EventData); + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged b= y Tcg2Pei starts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged b= y Tcg2Pei has the size: 0x%x\n", FvLength)); } else if (Status =3D=3D EFI_DEVICE_ERROR) { BuildGuidHob (&gTpmErrorHobGuid,0); REPORT_STATUS_CODE ( @@ -599,13 +672,13 @@ MeasureFvImage ( // Status =3D HashLogExtendEvent ( 0, - (UINT8*) (UINTN) FvBlob.BlobBase, - (UINTN) FvBlob.BlobLength, - &TcgEventHdr, - (UINT8*) &FvBlob + (UINT8*) (UINTN) FvBase, // HashData + (UINTN) FvLength, // HashDataLen + &TcgEventHdr, // EventHdr + EventData // EventData ); - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x= %x\n", FvBlob.BlobBase)); - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size:= 0x%x\n", FvBlob.BlobLength)); + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x= %x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size:= 0x%x\n", FvLength)); } =20 if (EFI_ERROR(Status)) { diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/= Tcg2Pei.inf index 30f985b6ea..3d361e8859 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -54,6 +54,7 @@ MemoryAllocationLib ReportStatusCodeLib ResetSystemLib + PrintLib =20 [Guids] gTcgEventEntryHobGuid ## = PRODUCES ## HOB @@ -74,6 +75,7 @@ =20 [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## = SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## = CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## = CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ## = CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## = SOMETIMES_CONSUMES --=20 2.19.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52629): https://edk2.groups.io/g/devel/message/52629 Mute This Topic: https://groups.io/mt/69344973/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-