From nobody Mon Feb 9 16:01:28 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63066+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63066+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1595391140; cv=none; d=zohomail.com; s=zohoarc; b=LWzrFHwszRP8vqOzii/fnKX9cHQ1hTF7fT7qgQjSMw6z5Ml8bczMgDGuOoLk1O0dsrFUoiRXHw1Pde9g8B+Ubltc6YIqlwDhe8vakKJHoyYYaD/bn4r5Z8kl+8lX8Stu3Z8ePX5B5dsAehrZKQLq+lSXNGkEQ3DstJ8N9kfc+Hs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1595391140; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=xvLYrS+eaSEsoLApRRGpDL83hAjfc3g1NTPD/seB6Uk=; b=Wq+Xder49ntbv7ffgLG/VrpUtTgAujgbGQ8avUQEGBOP3ConLJPxxYDw/fR/Iveukf9pOJh/2cwOG1Vx1Z54xQJw/gHoYjENa2sfA55+TEgm9Y3Lqkh0ebXFmWcLonpL8U5QoRGtWli/O2T3DdK1E+qqtE7cm5HsW5fJWPR4pig= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63066+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1595391140436214.17616176546187; Tue, 21 Jul 2020 21:12:20 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id fVPfYY1788612xitoeFGYLLc; Tue, 21 Jul 2020 21:12:20 -0700 X-Received: from mga01.intel.com (mga01.intel.com []) by mx.groups.io with SMTP id smtpd.web11.11889.1595391132846714831 for ; Tue, 21 Jul 2020 21:12:18 -0700 IronPort-SDR: raVTQzTWq3cxcloXZv/T1eFD09yd/ynNWKD7tiR+vRRJao6Y0lQppkTm731zjQV6mhhGDpqoNa Tiwql5Ghe7UQ== X-IronPort-AV: E=McAfee;i="6000,8403,9689"; a="168412625" X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="168412625" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jul 2020 21:12:18 -0700 IronPort-SDR: KcvrIQaItFS1bXW9WAbKhgjKSl/FWpUu2Of0dCGIOWkLVNZPHFvI4BR3KjKR6EQETquH3HCpqc 5wSELbv5t8UA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="432240933" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by orsmga004.jf.intel.com with ESMTP; 21 Jul 2020 21:12:16 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Qi Zhang , Rahul Kumar Subject: [edk2-devel] [PATCH v5 4/6] SecurityPkg/Tcg2: Add TcgPpi Date: Wed, 22 Jul 2020 12:12:04 +0800 Message-Id: <20200722041206.12199-5-qi1.zhang@intel.com> In-Reply-To: <20200722041206.12199-1-qi1.zhang@intel.com> References: <20200722041206.12199-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: UQ3FsRwSnzsVxt64XWKYq02Qx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1595391140; bh=dd6QM/vhlc2Q4rZAcez8J3/F2gTB2z4RjGJjHlVXPNg=; h=Cc:Date:From:Reply-To:Subject:To; b=cjysyi2E6xf5xPRs/EsyZ2VrS0tJ0a57pKEcEcPSGozdIwQck13DPOTvWuYW9Z+nEze 50XIN5/Wkf7ygeC0V5JFPFvypnAjPMVB381xaoJebfjIv4GHvDMZCBR2POILjxZfCPXXj Rg1fOsPLn/px2eGcZjGBGzyxJkiSj/UlnQI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao And do some code clean with updated function REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2841 Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Jiewen Yao --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 110 +++++++++++++++++++++------- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 3 +- 2 files changed, 86 insertions(+), 27 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 19b8e4b318..592f760057 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -1,7 +1,7 @@ /** @file Initialize TPM2 device and measure FVs before handing off control to DXE. =20 -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
Copyright (c) 2017, Microsoft Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include =20 #include #include @@ -66,6 +67,48 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = =3D { NULL }; =20 +/** + Do a hash operation on a data buffer, extend a specific TPM PCR with the= hash result, + and build a GUIDed HOB recording the event which will be passed to the D= XE phase and + added into the Event Log. + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information. + @param[in] HashData If BIT0 of Flags is 0, it is physical addr= ess of the + start of the data buffer to be hashed, ext= ended, and logged. + If BIT0 of Flags is 1, it is physical addr= ess of the + start of the pre-hash data buffter to be e= xtended, and logged. + The pre-hash data format is TPML_DIGEST_VA= LUES. + @param[in] HashDataLen The length, in bytes, of the buffer refere= nced by HashData. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data struct= ure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +HashLogExtendEvent ( + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ); + +EDKII_TCG_PPI mEdkiiTcgPpi =3D { + HashLogExtendEvent +}; + +EFI_PEI_PPI_DESCRIPTOR mTcgPpiList =3D { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gEdkiiTcgPpiGuid, + &mEdkiiTcgPpi +}; + // // Number of firmware blobs to grow by each time we run out of room // @@ -375,9 +418,13 @@ LogHashEvent ( and build a GUIDed HOB recording the event which will be passed to the D= XE phase and added into the Event Log. =20 + @param[in] This Indicates the calling context @param[in] Flags Bitmap providing additional information. - @param[in] HashData Physical address of the start of the data = buffer - to be hashed, extended, and logged. + @param[in] HashData If BIT0 of Flags is 0, it is physical addr= ess of the + start of the data buffer to be hashed, ext= ended, and logged. + If BIT0 of Flags is 1, it is physical addr= ess of the + start of the pre-hash data buffter to be e= xtended, and logged. + The pre-hash data format is TPML_DIGEST_VA= LUES. @param[in] HashDataLen The length, in bytes, of the buffer refere= nced by HashData. @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data struct= ure. @param[in] NewEventData Pointer to the new event data. @@ -388,7 +435,9 @@ LogHashEvent ( =20 **/ EFI_STATUS +EFIAPI HashLogExtendEvent ( + IN EDKII_TCG_PPI *This, IN UINT64 Flags, IN UINT8 *HashData, IN UINTN HashDataLen, @@ -403,16 +452,23 @@ HashLogExtendEvent ( return EFI_DEVICE_ERROR; } =20 - Status =3D HashAndExtend ( - NewEventHdr->PCRIndex, - HashData, - HashDataLen, + if(Flags & EDKII_TCG_PRE_HASH) { + ZeroMem (&DigestList, sizeof(DigestList)); + CopyMem(&DigestList, HashData, sizeof(DigestList)); + Status =3D Tpm2PcrExtend( + 0, &DigestList ); + } else { + Status =3D HashAndExtend ( + NewEventHdr->PCRIndex, + HashData, + HashDataLen, + &DigestList + ); + } if (!EFI_ERROR (Status)) { - if ((Flags & EFI_TCG2_EXTEND_ONLY) =3D=3D 0) { - Status =3D LogHashEvent (&DigestList, NewEventHdr, NewEventData); - } + Status =3D LogHashEvent (&DigestList, NewEventHdr, NewEventData); } =20 if (Status =3D=3D EFI_DEVICE_ERROR) { @@ -452,6 +508,7 @@ MeasureCRTMVersion ( TcgEventHdr.EventSize =3D (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwa= reVersionString)); =20 return HashLogExtendEvent ( + &mEdkiiTcgPpi, 0, (UINT8*)PcdGetPtr (PcdFirmwareVersionString), TcgEventHdr.EventSize, @@ -651,27 +708,22 @@ MeasureFvImage ( // FV pre-hash algos comply with current TPM hash requirement // Skip hashing step in measure, only extend DigestList to PCR and log= event // - Status =3D Tpm2PcrExtend( - 0, - &DigestList + Status =3D HashLogExtendEvent ( + &mEdkiiTcgPpi, + EDKII_TCG_PRE_HASH, + (UINT8*) &DigestList, // HashData + (UINTN) sizeof(DigestList), // HashDataLen + &TcgEventHdr, // EventHdr + EventData // EventData ); - - if (!EFI_ERROR(Status)) { - Status =3D LogHashEvent (&DigestList, &TcgEventHdr, EventData); - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged b= y Tcg2Pei starts at: 0x%x\n", FvBase)); - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged b= y Tcg2Pei has the size: 0x%x\n", FvLength)); - } else if (Status =3D=3D EFI_DEVICE_ERROR) { - BuildGuidHob (&gTpmErrorHobGuid,0); - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ER= ROR) - ); - } + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by T= cg2Pei starts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by T= cg2Pei has the size: 0x%x\n", FvLength)); } else { // // Hash the FV, extend digest to the TPM and log TCG event // Status =3D HashLogExtendEvent ( + &mEdkiiTcgPpi, 0, (UINT8*) (UINTN) FvBase, // HashData (UINTN) FvLength, // HashDataLen @@ -849,6 +901,12 @@ PeimEntryMP ( { EFI_STATUS Status; =20 + // + // install Tcg Services + // + Status =3D PeiServicesInstallPpi (&mTcgPpiList); + ASSERT_EFI_ERROR (Status); + if (PcdGet8 (PcdTpm2ScrtmPolicy) =3D=3D 1) { Status =3D MeasureCRTMVersion (); } @@ -893,7 +951,7 @@ MeasureSeparatorEventWithError ( TcgEvent.PCRIndex =3D PCRIndex; TcgEvent.EventType =3D EV_SEPARATOR; TcgEvent.EventSize =3D (UINT32)sizeof (EventData); - return HashLogExtendEvent(0,(UINT8 *)&EventData, TcgEvent.EventSize, &Tc= gEvent,(UINT8 *)&EventData); + return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEven= t.EventSize, &TcgEvent,(UINT8 *)&EventData); } =20 /** diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/= Tcg2Pei.inf index 3d361e8859..f64b29f1ae 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -8,7 +8,7 @@ # # This module will initialize TPM device, measure reported FVs and BIOS v= ersion. # -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
# Copyright (c) 2017, Microsoft Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -72,6 +72,7 @@ gPeiTpmInitializationDonePpiGuid ## = PRODUCES gEfiEndOfPeiSignalPpiGuid ## = SOMETIMES_CONSUMES ## NOTIFY gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## = SOMETIMES_CONSUMES + gEdkiiTcgPpiGuid ## = PRODUCES =20 [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## = SOMETIMES_CONSUMES --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63066): https://edk2.groups.io/g/devel/message/63066 Mute This Topic: https://groups.io/mt/75718617/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-