From nobody Mon Feb 9 19:04:29 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+52625+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52625+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1577774673; cv=none; d=zohomail.com; s=zohoarc; b=kmP7MwdUeLCdGpqUeEnm2m5o61Da6iFF9c5uHdmDRhHYFk2pO3qB0wzrFRs9BN+vVSwjHcgUfxn9eu1FeK7HgY8zeEzcm/J36djLxlhjU5qh7aUXL5dKqIp51mnMVrMxfUBAw8vblz+YHMqPqtILJKYQOUTZbdRrxdrsnA9Uwws= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1577774673; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=c1zpQXvRmFel3JY2VJrYmsuAFr0XPyOI0wYEo8vkeWY=; b=bX5/UKK3Qdx5fgjgwyixi5gUNYaAcoJDl5pnnaik5nQbNgkX2i6D+Pn7FsgPyAa2MwmJk952gd9fALfbj/6+VF0rVtJVHeJ2zuwGlbor58H8LltGqJwZFjJWCK89kqNvAS7iYfAMKsPkwO8eEtMnMGG0c5vzuWjPA1uoElNz+lQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+52625+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 157777467335081.52109760251778; Mon, 30 Dec 2019 22:44:33 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id fuTjYY1788612xJQcrpp5hwY; Mon, 30 Dec 2019 22:44:32 -0800 X-Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by mx.groups.io with SMTP id smtpd.web09.558.1577774671219253761 for ; Mon, 30 Dec 2019 22:44:31 -0800 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Dec 2019 22:44:31 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,378,1571727600"; d="scan'208";a="419160637" X-Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.209.225]) by fmsmga005.fm.intel.com with ESMTP; 30 Dec 2019 22:44:26 -0800 From: "Yao, Jiewen" To: devel@edk2.groups.io Cc: Jian J Wang , Chao Zhang Subject: [edk2-devel] [PATCH 2/6] SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event. Date: Tue, 31 Dec 2019 14:44:08 +0800 Message-Id: <20191231064412.22988-3-jiewen.yao@intel.com> In-Reply-To: <20191231064412.22988-1-jiewen.yao@intel.com> References: <20191231064412.22988-1-jiewen.yao@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com X-Gm-Message-State: aw7CeGJGMDoLp5TgHnLscLv6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1577774672; bh=6fBMgBccDlgUgemt1Q0oyE88/Gu5utPP0h8cMLPUoS8=; h=Cc:Date:From:Reply-To:Subject:To; b=wwL8G/x5IswkSjWRUfQUa1FeHADW/wGXdZZPppsQKOwKG2fA4Csh72sp8Bw31OT1Yv9 dqJbykdOEXgDab7leUOQZpIdlmAwm3RBAAFWhktOVxXLUzGc7T5zdbON2chifuHAFmrpw JepTJrk3TKv//gBPDzHviNKpfvaFvqenTMs= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2439 The TCG2 DXE supports to parse the 800-155 event GUID from PEI and puts to the beginning of the TCG2 event. The TCG2 DXE also supports a DXE driver produces 800-155 event and let TCG2 DXE driver record. The 800-155 is a NO-ACTION event which does not need extend anything to TPM2. The TCG2 DXE also supports that. Multiple 800-155 events are supported. All of them will be put to the beginning of the TCG2 event, just after the SpecId event. Cc: Jian J Wang Cc: Chao Zhang Signed-off-by: Jiewen Yao Reviewed-by: Jian J Wang --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 157 +++++++++++++++++++++++----- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 + 2 files changed, 129 insertions(+), 29 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tc= g2Dxe.c index 3cd16c2fa3..b185b56703 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -75,6 +75,7 @@ typedef struct { UINT8 *LastEvent; BOOLEAN EventLogStarted; BOOLEAN EventLogTruncated; + UINTN Next800155EventOffset; } TCG_EVENT_LOG_AREA_STRUCT; =20 typedef struct _TCG_DXE_DATA { @@ -771,16 +772,42 @@ Tcg2GetEventLog ( return EFI_SUCCESS; } =20 +/* + Return if this is a Tcg800155PlatformIdEvent. + + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_P= CR_EVENT_EX data structure. + @param[in] NewEventHdrSize New event header size. + @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventSize New event data size. + + @retval TRUE This is a Tcg800155PlatformIdEvent. + @retval FALSE This is NOT a Tcg800155PlatformIdEvent. + +*/ +BOOLEAN +Is800155Event ( + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize + ) +{ + if ((((TCG_PCR_EVENT2_HDR *)NewEventHdr)->EventType =3D=3D EV_NO_ACTION)= && + (NewEventSize >=3D sizeof(TCG_Sp800_155_PlatformId_Event2)) && + (CompareMem (NewEventData, TCG_Sp800_155_PlatformId_Event2_SIGNATURE= , sizeof(TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1) =3D=3D 0)) { + return TRUE; + } + return FALSE; +} + /** Add a new entry to the Event Log. =20 - @param[in, out] EventLogPtr Pointer to the Event Log data. - @param[in, out] LogSize Size of the Event Log. - @param[in] MaxSize Maximum size of the Event Log. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_E= VENT_EX data structure. - @param[in] NewEventHdrSize New event header size. - @param[in] NewEventData Pointer to the new event data. - @param[in] NewEventSize New event data size. + @param[in, out] EventLogAreaStruct The event log area data structure + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_P= CR_EVENT_EX data structure. + @param[in] NewEventHdrSize New event header size. + @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventSize New event data size. =20 @retval EFI_SUCCESS The new event log entry was added. @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. @@ -788,9 +815,7 @@ Tcg2GetEventLog ( **/ EFI_STATUS TcgCommLogEvent ( - IN OUT UINT8 **EventLogPtr, - IN OUT UINTN *LogSize, - IN UINTN MaxSize, + IN OUT TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct, IN VOID *NewEventHdr, IN UINT32 NewEventHdrSize, IN UINT8 *NewEventData, @@ -798,6 +823,7 @@ TcgCommLogEvent ( ) { UINTN NewLogSize; + BOOLEAN Record800155Event; =20 if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) { return EFI_OUT_OF_RESOURCES; @@ -805,23 +831,55 @@ TcgCommLogEvent ( =20 NewLogSize =3D NewEventHdrSize + NewEventSize; =20 - if (NewLogSize > MAX_ADDRESS - *LogSize) { + if (NewLogSize > MAX_ADDRESS - EventLogAreaStruct->EventLogSize) { return EFI_OUT_OF_RESOURCES; } =20 - if (NewLogSize + *LogSize > MaxSize) { - DEBUG ((EFI_D_INFO, " MaxSize - 0x%x\n", MaxSize)); - DEBUG ((EFI_D_INFO, " NewLogSize - 0x%x\n", NewLogSize)); - DEBUG ((EFI_D_INFO, " LogSize - 0x%x\n", *LogSize)); - DEBUG ((EFI_D_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES)); + if (NewLogSize + EventLogAreaStruct->EventLogSize > EventLogAreaStruct->= Laml) { + DEBUG ((DEBUG_INFO, " Laml - 0x%x\n", EventLogAreaStruct->Laml)= ); + DEBUG ((DEBUG_INFO, " NewLogSize - 0x%x\n", NewLogSize)); + DEBUG ((DEBUG_INFO, " LogSize - 0x%x\n", EventLogAreaStruct->Event= LogSize)); + DEBUG ((DEBUG_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES)); return EFI_OUT_OF_RESOURCES; } =20 - *EventLogPtr +=3D *LogSize; - *LogSize +=3D NewLogSize; - CopyMem (*EventLogPtr, NewEventHdr, NewEventHdrSize); + // + // Check 800-155 event + // Record to 800-155 event offset only. + // If the offset is 0, no need to record. + // + Record800155Event =3D Is800155Event (NewEventHdr, NewEventHdrSize, NewEv= entData, NewEventSize); + if (Record800155Event) { + if (EventLogAreaStruct->Next800155EventOffset !=3D 0) { + CopyMem ( + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Nex= t800155EventOffset + NewLogSize, + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Nex= t800155EventOffset, + EventLogAreaStruct->EventLogSize - EventLogAreaStruct->Next800155E= ventOffset + ); + + CopyMem ( + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Nex= t800155EventOffset, + NewEventHdr, + NewEventHdrSize + ); + CopyMem ( + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Nex= t800155EventOffset + NewEventHdrSize, + NewEventData, + NewEventSize + ); + + EventLogAreaStruct->Next800155EventOffset +=3D NewLogSize; + EventLogAreaStruct->LastEvent +=3D NewLogSize; + EventLogAreaStruct->EventLogSize +=3D NewLogSize; + } + return EFI_SUCCESS; + } + + EventLogAreaStruct->LastEvent =3D (UINT8 *)(UINTN)EventLogAreaStruct->La= sa + EventLogAreaStruct->EventLogSize; + EventLogAreaStruct->EventLogSize +=3D NewLogSize; + CopyMem (EventLogAreaStruct->LastEvent, NewEventHdr, NewEventHdrSize); CopyMem ( - *EventLogPtr + NewEventHdrSize, + EventLogAreaStruct->LastEvent + NewEventHdrSize, NewEventData, NewEventSize ); @@ -873,11 +931,8 @@ TcgDxeLogEvent ( return EFI_VOLUME_FULL; } =20 - EventLogAreaStruct->LastEvent =3D (UINT8*)(UINTN)EventLogAreaStruct->Las= a; Status =3D TcgCommLogEvent ( - &EventLogAreaStruct->LastEvent, - &EventLogAreaStruct->EventLogSize, - (UINTN)EventLogAreaStruct->Laml, + EventLogAreaStruct, NewEventHdr, NewEventHdrSize, NewEventData, @@ -907,11 +962,8 @@ TcgDxeLogEvent ( return EFI_VOLUME_FULL; } =20 - EventLogAreaStruct->LastEvent =3D (UINT8*)(UINTN)EventLogAreaStruct->L= asa; Status =3D TcgCommLogEvent ( - &EventLogAreaStruct->LastEvent, - &EventLogAreaStruct->EventLogSize, - (UINTN)EventLogAreaStruct->Laml, + EventLogAreaStruct, NewEventHdr, NewEventHdrSize, NewEventData, @@ -1138,11 +1190,25 @@ TcgDxeHashLogExtendEvent ( { EFI_STATUS Status; TPML_DIGEST_VALUES DigestList; + TCG_PCR_EVENT2_HDR NoActionEvent; =20 if (!mTcgDxeData.BsCap.TPMPresentFlag) { return EFI_DEVICE_ERROR; } =20 + if (NewEventHdr->EventType =3D=3D EV_NO_ACTION) { + // + // Do not do TPM extend for EV_NO_ACTION + // + Status =3D EFI_SUCCESS; + InitNoActionEvent (&NoActionEvent, NewEventHdr->EventSize); + if ((Flags & EFI_TCG2_EXTEND_ONLY) =3D=3D 0) { + Status =3D TcgDxeLogHashEvent (&(NoActionEvent.Digests), NewEventHdr= , NewEventData); + } + + return Status; + } + Status =3D HashAndExtend ( NewEventHdr->PCRIndex, HashData, @@ -1202,7 +1268,13 @@ Tcg2HashLogExtendEvent ( =20 DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent ...\n")); =20 - if ((This =3D=3D NULL) || (DataToHash =3D=3D 0) || (Event =3D=3D NULL)) { + if ((This =3D=3D NULL) || (Event =3D=3D NULL)) { + return EFI_INVALID_PARAMETER; + } + // + // Do not check hash data size for EV_NO_ACTION event. + // + if ((Event->Header.EventType !=3D EV_NO_ACTION) && (DataToHash =3D=3D 0)= ) { return EFI_INVALID_PARAMETER; } =20 @@ -1487,6 +1559,7 @@ SetupEventLog ( } mTcgDxeData.EventLogAreaStruct[Index].Lasa =3D Lasa; mTcgDxeData.EventLogAreaStruct[Index].Laml =3D PcdGet32 (PcdTcgLogAr= eaMinLen); + mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset =3D 0; =20 if ((PcdGet8(PcdTpm2AcpiTableRev) >=3D 4) || (mTcg2EventInfo[Index].LogFormat =3D=3D EFI_TCG2_EVENT_LOG_FORMA= T_TCG_2)) { @@ -1577,6 +1650,30 @@ SetupEventLog ( (UINT8 *)TcgEfiSpecIdEventStruct, SpecIdEvent.EventSize ); + // + // record the offset at the end of 800-155 event. + // the future 800-155 event can be inserted here. + // + mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset =3D mT= cgDxeData.EventLogAreaStruct[Index].EventLogSize; + + // + // Tcg800155PlatformIdEvent. Event format is TCG_PCR_EVENT2 + // + GuidHob.Guid =3D GetFirstGuidHob (&gTcg800155PlatformIdEventHobGui= d); + while (GuidHob.Guid !=3D NULL) { + InitNoActionEvent(&NoActionEvent, GET_GUID_HOB_DATA_SIZE (GuidHo= b.Guid)); + + Status =3D TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + &NoActionEvent, + sizeof(NoActionEvent.PCRIndex) + sizeof(NoActionEvent= .EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof(NoActi= onEvent.EventSize), + GET_GUID_HOB_DATA (GuidHob.Guid), + GET_GUID_HOB_DATA_SIZE (GuidHob.Guid) + ); + + GuidHob.Guid =3D GET_NEXT_HOB (GuidHob); + GuidHob.Guid =3D GetNextGuidHob (&gTcg800155PlatformIdEventHobGu= id, GuidHob.Guid); + } =20 // // EfiStartupLocalityEvent. Event format is TCG_PCR_EVENT2 @@ -1643,6 +1740,7 @@ SetupEventLog ( mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent =3D (VOID *)(= UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted =3D FAL= SE; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated =3D F= ALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = =3D 0; =20 // // Install to configuration table for EFI_TCG2_EVENT_LOG_FORMAT_TC= G_2 @@ -1663,6 +1761,7 @@ SetupEventLog ( mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent =3D 0; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted =3D FAL= SE; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated =3D F= ALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = =3D 0; } } } diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/= Tcg2Dxe.inf index 0127a31e97..576cf80d06 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -85,6 +85,7 @@ =20 gTcgEvent2EntryHobGuid ## SOMETIMES_CONSUMES= ## HOB gTpm2StartupLocalityHobGuid ## SOMETIMES_CONSUMES= ## HOB + gTcg800155PlatformIdEventHobGuid ## SOMETIMES_CONSUMES= ## HOB =20 [Protocols] gEfiTcg2ProtocolGuid ## PRODUCES --=20 2.19.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52625): https://edk2.groups.io/g/devel/message/52625 Mute This Topic: https://groups.io/mt/69344969/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-