From nobody Mon Feb 9 09:32:48 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+61828+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+61828+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1593501880; cv=none; d=zohomail.com; s=zohoarc; b=Ru8avXLIBqFn1jutHrcMG2mMn9vCycy9T9C4IMjdgo9E7/OQ9jzRqmZ3rO2Jvpe5vFDCecfCN/FFy27cQLA5rwFYrfdd9iGMW3BdJUqOTAYbnsISV2BnnDKWIg0tnnSwaBrzEmH4HPdqR94q5lM69yxNCKFVs6YNPtMdui3pS9Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593501880; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=P9+WPQNq+AcbCIiXWCE/jMP1zFl16ENglbys6XKVa0Y=; b=Jhz9jCm4pxSJmOtyku9E3JSDMxJ2fOU9bMEJNNkBrDAUi99PfSXpeXHozPXmT4uy4ve2ZtI+J7Oeea++jOMYduBW2Dwzh2pfw+TbOGitGrxggQBFk7KS8zZeBBN+lnQ8iHS3zTtjs5ebJP9w8FEP1WmSeA4IU4E7qdswppphOuI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+61828+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1593501880163477.74187044717576; Tue, 30 Jun 2020 00:24:40 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 9hPBYY1788612xeBGBemmBiu; Tue, 30 Jun 2020 00:24:39 -0700 X-Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web12.10277.1593501867582751430 for ; Tue, 30 Jun 2020 00:24:39 -0700 IronPort-SDR: y1GcEP2M4oCfzLKA25tD38SrXQcwkogo/nd/NE9uQ4DNkfXHLWLuhYuWlIdh7vlDl2N+nLKFxe jT9Ujp0WgWSg== X-IronPort-AV: E=McAfee;i="6000,8403,9666"; a="126292115" X-IronPort-AV: E=Sophos;i="5.75,296,1589266800"; d="scan'208";a="126292115" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2020 00:24:39 -0700 IronPort-SDR: B4yRqhTQr/5U0FdEGsu20QrKiIrpDt3YLcgwFGzSUSnKXVuWnx3EPLTqpX3ByBU/aCk3ysW6Ko ECRNb9iO+mrQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,296,1589266800"; d="scan'208";a="320854015" X-Received: from guominji-mobl.ccr.corp.intel.com ([10.238.4.95]) by FMSMGA003.fm.intel.com with ESMTP; 30 Jun 2020 00:24:37 -0700 From: "Guomin Jiang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Chao Zhang , Qi Zhang , Rahul Kumar Subject: [edk2-devel] [PATCH 6/6] SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Date: Tue, 30 Jun 2020 15:24:22 +0800 Message-Id: <20200630072422.753-7-guomin.jiang@intel.com> In-Reply-To: <20200630072422.753-1-guomin.jiang@intel.com> References: <20200630072422.753-1-guomin.jiang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,guomin.jiang@intel.com X-Gm-Message-State: 7RXL5CYvMhXkMRe5yHhGirfkx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1593501879; bh=gjDUXiG8OPNywbvZA53/o3qup0LWi5QU9nW8zJ8dzQY=; h=Cc:Date:From:Reply-To:Subject:To; b=IUbw52KfuGwlnBx7UkQyA4Qz0o7YsWlsCkGPnGYJKD9THt9tqlcGHzbdA14zvVK0kLq kZ2GG4qqH+dRGbX9URR7ca/Wfk4MmC2p/g/01Guf49lvrxED1WHSIELBi20Ti6IE76uOw lDQT2FFjNyne4dL32Y0+sl5l5rFPCFJWl34= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614 When we allocate pool to save rebased the PEIMs, the address will change randomly, therefore the hash will change and result PCR0 change as well. To avoid this, we save the raw PEIMs and use it to calculate hash. The Tcg2Pei calculate the hash and it use the Migrated FV Info. Cc: Jiewen Yao Cc: Jian J Wang Cc: Chao Zhang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Guomin Jiang --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 ++++++++++++++++++++++++++--- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 4852d8690617..651a60c1f0e2 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -21,6 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include =20 #include #include @@ -536,6 +537,10 @@ MeasureFvImage ( EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PrehashedFvPpi; HASH_INFO *PreHashInfo; UINT32 HashAlgoMask; + EFI_PHYSICAL_ADDRESS FvOrgBase; + EFI_PHYSICAL_ADDRESS FvDataBase; + EFI_PEI_HOB_POINTERS Hob; + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; =20 // // Check Excluded FV list @@ -621,6 +626,26 @@ MeasureFvImage ( Instance++; } while (!EFI_ERROR(Status)); =20 + // + // Search the matched migration FV info + // + FvOrgBase =3D FvBase; + FvDataBase =3D FvBase; + Hob.Raw =3D GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); + while (Hob.Raw !=3D NULL) { + MigratedFvInfo =3D GET_GUID_HOB_DATA (Hob); + if ((MigratedFvInfo->FvNewBase =3D=3D (UINT32) FvBase) && (MigratedFvI= nfo->FvLength =3D=3D (UINT32) FvLength)) { + // + // Found the migrated FV info + // + FvOrgBase =3D (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvOrgB= ase; + FvDataBase =3D (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvData= Base; + break; + } + Hob.Raw =3D GET_NEXT_HOB (Hob); + Hob.Raw =3D GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); + } + // // Init the log event for FV measurement // @@ -631,13 +656,13 @@ MeasureFvImage ( if (FvName !=3D NULL) { AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDe= scription), "Fv(%g)", FvName); } - FvBlob2.BlobBase =3D FvBase; + FvBlob2.BlobBase =3D FvOrgBase; FvBlob2.BlobLength =3D FvLength; TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; TcgEventHdr.EventSize =3D sizeof (FvBlob2); EventData =3D &FvBlob2; } else { - FvBlob.BlobBase =3D FvBase; + FvBlob.BlobBase =3D FvOrgBase; FvBlob.BlobLength =3D FvLength; TcgEventHdr.PCRIndex =3D 0; TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; @@ -672,7 +697,7 @@ MeasureFvImage ( // Status =3D HashLogExtendEvent ( 0, - (UINT8*) (UINTN) FvBase, // HashData + (UINT8*) (UINTN) FvDataBase, // HashData (UINTN) FvLength, // HashDataLen &TcgEventHdr, // EventHdr EventData // EventData diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/= Tcg2Pei.inf index 3d361e8859e7..367df21eedaf 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -63,6 +63,7 @@ [Guids] gTcgEvent2EntryHobGuid ## = PRODUCES ## HOB gEfiTpmDeviceInstanceNoneGuid ## = SOMETIMES_PRODUCES ## GUID # TPM device identifier gEfiTpmDeviceInstanceTpm12Guid ## = SOMETIMES_PRODUCES ## GUID # TPM device identifier + gEdkiiMigratedFvInfoGuid ## = SOMETIMES_CONSUMES ## HOB =20 [Ppis] gEfiPeiFirmwareVolumeInfoPpiGuid ## = SOMETIMES_CONSUMES ## NOTIFY --=20 2.25.1.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#61828): https://edk2.groups.io/g/devel/message/61828 Mute This Topic: https://groups.io/mt/75209412/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-