From nobody Sat Apr 20 11:42:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63559+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63559+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596185690; cv=none; d=zohomail.com; s=zohoarc; b=afMI28EZzzMXRwXa+/GlvcY4cVx+zPTp4DTxdi0nCI2jEzVRbYJbtZZ4zSlFXyWGlzGf0gN7CKLQ2LY0QopBS6pxbvaqgLdssWovhD56IvgLKXc11DsYshjCycckcbjacihzW8pfK5rq8CDtkkQAAX1BrhWCNllAD/8sTHzrDfM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596185690; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=8yuOGP5r+V/bWb6TkYm1ecmlSzZgpB6+BbYNt1o05EQ=; b=NLb/pgQBjepDaKne3i5MuiY/w54OYDvG968Bx8PTHwNiufHc3n9ZbmnG7FjNhnIqbph2FSFWT4+IGvrdl71aBMd/NioKIg494xsQHJXfLBfPsyUM98bmKSEskic+BcM02IatWXo2WbSgexNKdf7tnxeTT0c03EWkzaFqimx3oUA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63559+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596185690005220.86287385363357; Fri, 31 Jul 2020 01:54:50 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id TSxaYY1788612xiG2c2x9URD; Fri, 31 Jul 2020 01:54:49 -0700 X-Received: from mga06.intel.com (mga06.intel.com []) by mx.groups.io with SMTP id smtpd.web10.14640.1596185686866351555 for ; Fri, 31 Jul 2020 01:54:48 -0700 IronPort-SDR: ROXNb1BI2punQek6245dw1E1FetwnvfRa7ZBlRHPLQ1PeLtC/2bsQYrPIhwPUTcyxdOzVoD0ZR tCY0oPxc14MQ== X-IronPort-AV: E=McAfee;i="6000,8403,9698"; a="213281351" X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="213281351" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 01:54:47 -0700 IronPort-SDR: uN/RPihXbmZ64BPah3cjqxw6vsFPeeUpsP//05nydVG19RBj4cuQOofki6CeIcnGbO7kKc49M8 z53uvmUSQIAQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="490953538" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2020 01:54:45 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Hao A Wu , Qi Zhang Subject: [edk2-devel] [PATCH 1/9] MdeModulePkg/TpmMeasurementLib: Add new API to TpmMeasurmentLib. Date: Fri, 31 Jul 2020 16:54:29 +0800 Message-Id: <20200731085437.16070-2-qi1.zhang@intel.com> In-Reply-To: <20200731085437.16070-1-qi1.zhang@intel.com> References: <20200731085437.16070-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: nXb9jvTuQseYD1mqQ4aQKi89x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596185689; bh=VZZKLm+7HvD5Pqg4w6ydcyM9srWgi8K+Kr0/put/A30=; h=Cc:Date:From:Reply-To:Subject:To; b=t6ZPknzOYyJcgKOCfWfzD6AuCnnQ8GJCOt67fvY72CzBzq/6t+jMg7h+6ealFnNy69J E/pQAyJNkLHv8gc8vtx8A/3DKrFiecpvKqzKWG2h0F+EHixY5Fy/uZSe0QY+Q3CV1wtEw grgz32uRfoKjm+b9npHveYlfH9wPzrmWXgw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jian J Wang Cc: Hao A Wu Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../Include/Library/TpmMeasurementLib.h | 71 ++++++++++++++++++- 1 file changed, 70 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Include/Library/TpmMeasurementLib.h b/MdeModulePk= g/Include/Library/TpmMeasurementLib.h index ddf6723f03..cd4d175918 100644 --- a/MdeModulePkg/Include/Library/TpmMeasurementLib.h +++ b/MdeModulePkg/Include/Library/TpmMeasurementLib.h @@ -1,7 +1,7 @@ /** @file This library is used by other modules to measure data to TPM. =20 -Copyright (c) 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -35,4 +35,73 @@ TpmMeasureAndLogData ( IN UINT64 HashDataLen ); =20 +/** + Mesure a FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ); + +/** + Mesure a FirmwareBlob in separation mode of FV binary and configuration. + + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + @param[in] CfgRegionOffset Configuration region offset in bytes. + @param[in] CfgRegionSize Configuration region in bytes. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlobWithCfg ( + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength, + IN UINT32 CfgRegionOffset, + IN UINT32 CfgRegionSize + ); +/** + Mesure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ); + #endif --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63559): https://edk2.groups.io/g/devel/message/63559 Mute This Topic: https://groups.io/mt/75903678/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 11:42:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63560+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63560+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596185691; cv=none; d=zohomail.com; s=zohoarc; b=NVDIW4fHKdrxQg2fkSPZmFzd5lKH6QWvKQTN6/SC0jcKVaO8MH1yhr23yv+wL+ymFjj7Ff+rvPnnm0xNdqhremwTMqXN29Ls5/fScrj4V8RM6DmdfAy183Y+CjwIUej5qx7hmaifJx6Vc6bfrAzB755xdQi0UOnthLE46ZA25L8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596185691; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=/jPrce7n6MWVrHPbif8WR3MHFlMz2AqKXhpw1gt+cTU=; b=nrErHfttr07sEyVI/nFCdtc3PFn0jRrQYvqS0gTMluFFSi5YWSl0+wFzJiWIN8LGN5X/zwTDu7xDLpIaQp9fV8LdAZB4VyLiQmZE21SzImmz94Q41dUK/dqnJADsQ+LXAonsc3CbIg8RwBx8iYcpXEbvXgOGtFcEUlHnACiHHI4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63560+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596185691501525.3148345228345; Fri, 31 Jul 2020 01:54:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 4flNYY1788612xikDHFQuhTn; Fri, 31 Jul 2020 01:54:51 -0700 X-Received: from mga06.intel.com (mga06.intel.com []) by mx.groups.io with SMTP id smtpd.web10.14640.1596185686866351555 for ; Fri, 31 Jul 2020 01:54:50 -0700 IronPort-SDR: xgcIpnI/wEdW/teowhKrg/KsF2zIlLy2cQpQsvzQg9IAyxUrqpmmsjNRwTrXzQ0FrPyt0Ynyha LXsJP9Sr6/KQ== X-IronPort-AV: E=McAfee;i="6000,8403,9698"; a="213281369" X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="213281369" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 01:54:50 -0700 IronPort-SDR: i6yJxB7PoPvSZ2Yo8KMbaTd/d+8cnKTZQKcYtJ5BTjOZ4RVAsesjnFcyUM43Z0hPga9Z/cwaQs 1tQHr5yDuLpA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="490953543" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2020 01:54:48 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Hao A Wu , Qi Zhang Subject: [edk2-devel] [PATCH 2/9] MdeModulePkg/NullTpmMeasurementLib: Add new API. Date: Fri, 31 Jul 2020 16:54:30 +0800 Message-Id: <20200731085437.16070-3-qi1.zhang@intel.com> In-Reply-To: <20200731085437.16070-1-qi1.zhang@intel.com> References: <20200731085437.16070-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: 8mKfbObzp5TCSc4B6R1AXweDx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596185691; bh=RElSdcznly+YLijjhPeOI2Pq9s2VArzP52rYmiJNupE=; h=Cc:Date:From:Reply-To:Subject:To; b=F/dmZlXjhLX+qusFnZwvyIHw9rgnnNEGFjipYs06aMCca31mzvDbo14Hb2URosS2TBy WuwqE8TG3pUd7i7qi+gCFZ9jFpN6H+knCP7n8wzwBrWYGXh6fVefqoznjjqf/kgZgc1rc 5Tj/13IRdoNkSAWmgZOB2+30YoDVn470RJM= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Cc: Hao A Wu Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../TpmMeasurementLibNull.c | 61 ++++++++++++++++++- .../TpmMeasurementLibNull.inf | 6 +- 2 files changed, 63 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu= ll.c b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c index b9c5b68de8..2ce38d8258 100644 --- a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c +++ b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c @@ -1,11 +1,13 @@ /** @file This library is used by other modules to measure data to TPM. =20 -Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include + /** Tpm measure and log data, and extend the measurement result into a speci= fic PCR. =20 @@ -37,3 +39,60 @@ TpmMeasureAndLogData ( // return EFI_SUCCESS; } + +/** + Mesure a FirmwareBlob. + + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + // + // Do nothing, just return EFI_SUCCESS. + // + return EFI_SUCCESS; +} + +/** + Mesure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ) +{ + // + // Do nothing, just return EFI_SUCCESS. + // + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu= ll.inf b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.i= nf index 61abcfa2ec..1db2c0d6a7 100644 --- a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf +++ b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf @@ -1,7 +1,7 @@ ## @file # Provides NULL TPM measurement function. # -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -10,9 +10,9 @@ INF_VERSION =3D 0x00010005 BASE_NAME =3D TpmMeasurementLibNull FILE_GUID =3D 6DFD6E9F-9278-48D8-8F45-B6CFF2C2B69C - MODULE_TYPE =3D UEFI_DRIVER + MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D TpmMeasurementLib|DXE_DRIVER DXE_RUNT= IME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS =3D TpmMeasurementLib MODULE_UNI_FILE =3D TpmMeasurementLibNull.uni =20 # --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63560): https://edk2.groups.io/g/devel/message/63560 Mute This Topic: https://groups.io/mt/75903679/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 11:42:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63561+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63561+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596185717; cv=none; d=zohomail.com; s=zohoarc; b=VPqK6PrMJiu8qnNQIIOnEPqvJdGKywj1FUrOohVgIMY8pQjffq44wc8fbdjsy7awOujYAFtdzj0cL0Ru0GQ9GkQR2PYh/cH3OdRM0KegCVPQFKQEDfeHlbOsjJmfx2zp807PXGd52WJfIR2AGYUSCJfHE4WiIdWqU7iZNP8AK4Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596185717; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=QgRldKolLFRszsdtvzxU/UwWeyB0uEjZHmTkkKdxMeo=; b=jjrhSgEMGQPSHpL9F8u/xinsP/pTRpscrQAPuv/ATauXDx1UcR7RrfeeiXdAL1W+wbHREw6lraVfCTYdjxkjZcPIV+x3nSsTHyOS48eTKen/P8gG2dwpnmqsIIKEcOCLN9KDpmsrSiTw5DEQiD1L7dyUUCx7MuHKBDWFdi4+ia4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63561+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596185717723977.0346952185341; Fri, 31 Jul 2020 01:55:17 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id EIayYY1788612xDHuivwUaFb; Fri, 31 Jul 2020 01:55:17 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.14648.1596185716178503262 for ; Fri, 31 Jul 2020 01:55:16 -0700 IronPort-SDR: rzF7F7L3gFEy5zmMeKB/FWiQl5vcWDN0/2iGXWdabLasTkde+sWmxf87nup/oSBOaAleoOBip8 ohTraczw15Nw== X-IronPort-AV: E=McAfee;i="6000,8403,9698"; a="213281384" X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="213281384" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 01:54:52 -0700 IronPort-SDR: NQDpEGCrK5PSlvtNquROryM1F61xZazzRgu21p71CCLfx0WMLLW0TAQIlg0JFmU53ohbbNjGjK T1HGvJKHeE3A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="490953556" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2020 01:54:50 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Qi Zhang Subject: [edk2-devel] [PATCH 3/9] SecurityPkg/DxeTpmMeasurementLib: Add new API. Date: Fri, 31 Jul 2020 16:54:31 +0800 Message-Id: <20200731085437.16070-4-qi1.zhang@intel.com> In-Reply-To: <20200731085437.16070-1-qi1.zhang@intel.com> References: <20200731085437.16070-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: NmxE7Pb4CJESXVcKN0fy4wZhx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596185717; bh=7oVriIaE5Q5JnDM73rux4k4kW+2xf4A1DLFTIUWgSJE=; h=Cc:Date:From:Reply-To:Subject:To; b=P4rhbP2vCo9f0tx3mHuL1E85zRbuZqkyOpujjU1NgKVQHH5rF8wYpRBLhn12quz29fn G8fjKALXio5+dVT6jgdrFom4QzHYornfHw6z2L7yOHe8H7C/DdOr644MP+X5SUNsG1AAc x5CWR65Z745uIoQyCJlVDfs7d2OYIetMijI= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../DxeTpmMeasurementLib.inf | 6 +- .../DxeTpmMeasurementLib/EventLogRecord.c | 218 ++++++++++++++++++ 2 files changed, 223 insertions(+), 1 deletion(-) create mode 100644 SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord= .c diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.= inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf index 7d41bc41f9..39448f8ee8 100644 --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf @@ -4,7 +4,7 @@ # This library provides TpmMeasureAndLogData() to measure and log data, a= nd # extend the measurement result into a specific PCR. # -# Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -26,6 +26,7 @@ =20 [Sources] DxeTpmMeasurementLib.c + EventLogRecord.c =20 [Packages] MdePkg/MdePkg.dec @@ -42,3 +43,6 @@ [Protocols] gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## = CONSUMES diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c b/Se= curityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c new file mode 100644 index 0000000000..7b3726e44b --- /dev/null +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c @@ -0,0 +1,218 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +#pragma pack (1) + +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX= XX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(PLATFORM_FIRMWA= RE_BLOB_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} PLATFORM_FIRMWARE_BLOB2_STRUCT; + +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof(HANDOFF_TABLE_= POINTER_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} HANDOFF_TABLE_POINTERS2_STRUCT; + +#pragma pack () + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >=3D MAX_ADDRESS) { + return NULL; + } + if (FvLength >=3D MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->Signature !=3D EFI_FVH_SIGNATURE) { + return NULL; + } + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) >= FvLength) { + return NULL; + } + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Mesure a FirmwareBlob. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2; + VOID *FvName; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + ZeroMem (&FvBlob2, sizeof(FvBlob2)); + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + EventLog =3D &FvBlob2; + EventLogSize =3D sizeof(FvBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + EventLog =3D &FvBlob; + EventLogSize =3D sizeof(FvBlob); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + (VOID*)(UINTN)FirmwareBlobBase, + FirmwareBlobLength + ); + + return Status; +} + +/** + Mesure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ) +{ + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + if ((Description !=3D NULL) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + ZeroMem (&HandoffTables2, sizeof(HandoffTables2)); + AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTab= les2.TableDescription), "%a", Description); + + HandoffTables2.TableDescriptionSize =3D sizeof(HandoffTables2.TableDes= cription); + HandoffTables2.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid); + HandoffTables2.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES2; + EventLog =3D &HandoffTables2; + EventLogSize =3D sizeof(HandoffTables2); + } else { + HandoffTables.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid); + HandoffTables.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES; + EventLog =3D &HandoffTables; + EventLogSize =3D sizeof(HandoffTables); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + TableAddress, + TableLength + ); + return Status; +} --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63561): https://edk2.groups.io/g/devel/message/63561 Mute This Topic: https://groups.io/mt/75903682/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 11:42:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63563+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63563+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596185719; cv=none; d=zohomail.com; s=zohoarc; b=B97q663/YyT9/D4f/19UJ/qB/cAHk9bb+oBpxl/j0sxvVcecVW5NInfogm4z6PIKLSPa883pFXv3Y14my1zelDV6CVl1cUuw9esLSyQ/4bo3rQ5CtfnCToH9Q5hUEK7ZEiSYvAWJTt9zVG33G/USRcWOTfMaV5bp4b4ugAUH5dk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596185719; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=fmhogP1AtrYfu3aorajUf5DC6SKVE7FOFM3yUv6nJ4Q=; b=O2utuamUMDfbAqrHxgaXOx3GvB7J0/jLijAOeAslQKyy9u24tNOv0bVN/rTqWOKYlw3U2gi7MsCw0EEc2SBBY0ez8yUrEqTM+cUGUYqgR0BSAoJMPPk+ZZW5rtaBSvMbstO7McrILJuV1a67e+BpikGRxaoWbCoc808CGkSpNTw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63563+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596185719241299.1841312620022; Fri, 31 Jul 2020 01:55:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id w1WjYY1788612x1Mpy9FbBtD; Fri, 31 Jul 2020 01:55:18 -0700 X-Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web10.14650.1596185716899366598 for ; Fri, 31 Jul 2020 01:55:17 -0700 IronPort-SDR: /cwq2d+tOsHA4npLoiABTTh0AVAcmRvfAh/qhVOOpyHnUulZ3QR+LbXWNZ2uSRrO3632bnPpbD wlGDnlyaSh0A== X-IronPort-AV: E=McAfee;i="6000,8403,9698"; a="213281385" X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="213281385" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 01:54:54 -0700 IronPort-SDR: xqo7SNMDoaMOToHV0MFlekqJppsE8HyrD81YPClgFmycI0aiaLwblhSAAbQDhbbjHz5J1ZNA9p 4NqdEenkXYXA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="490953563" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2020 01:54:52 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Qi Zhang Subject: [edk2-devel] [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: Add new API. Date: Fri, 31 Jul 2020 16:54:32 +0800 Message-Id: <20200731085437.16070-5-qi1.zhang@intel.com> In-Reply-To: <20200731085437.16070-1-qi1.zhang@intel.com> References: <20200731085437.16070-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: oSjGizAWAXer2gSl1EgwKF52x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596185718; bh=maDhLpaYt/R8pT3OWSueDQ64ulnJvReuS7uQuvEp4co=; h=Cc:Date:From:Reply-To:Subject:To; b=YdIc3AmhWliQ/eh7zh2kH+drBkw9B/wIXj+wAOcnfywlt8v7Xas0PNCPmuG36Zn/AvZ ZiWcxVYXhol3E3V5HUi0a4AgbahKJ+EE4ozFsvEpBEGYwDCnoC8h2AzScWF2eROl7fAKu mcBaazavP5ztXaU/NVoFXcMnRmLf9nzcDs0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../PeiTpmMeasurementLib/EventLogRecord.c | 409 ++++++++++++++++++ .../PeiTpmMeasurementLib.inf | 5 + 2 files changed, 414 insertions(+) create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord= .c diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c b/Se= curityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c new file mode 100644 index 0000000000..bd3d7000a1 --- /dev/null +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c @@ -0,0 +1,409 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#pragma pack (1) + +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX= XX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(PLATFORM_FIRMWA= RE_BLOB_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} PLATFORM_FIRMWARE_BLOB2_STRUCT; + +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof(HANDOFF_TABLE_= POINTER_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} HANDOFF_TABLE_POINTERS2_STRUCT; + +#pragma pack () + +/** + Tpm measure and log data, and extend the measurement result into a speci= fic PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, = extended. + @param[in] HashDataLen The length, in bytes, of the buffer referen= ced by HashData + @param[in] Flags Bitmap providing additional information. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +TpmMeasureAndLogDataWithFlags ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen, + IN UINT64 Flags + ) +{ + EFI_STATUS Status; + EDKII_TCG_PPI *TcgPpi; + TCG_PCR_EVENT_HDR TcgEventHdr; + + Status =3D PeiServicesLocatePpi( + &gEdkiiTcgPpiGuid, + 0, + NULL, + (VOID**)&TcgPpi + ); + if (EFI_ERROR(Status)) { + return Status; + } + + TcgEventHdr.PCRIndex =3D PcrIndex; + TcgEventHdr.EventType =3D EventType; + TcgEventHdr.EventSize =3D LogLen; + + Status =3D TcgPpi->HashLogExtendEvent ( + TcgPpi, + Flags, + HashData, + (UINTN)HashDataLen, + &TcgEventHdr, + EventLog + ); + return Status; +} + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >=3D MAX_ADDRESS) { + return NULL; + } + if (FvLength >=3D MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->Signature !=3D EFI_FVH_SIGNATURE) { + return NULL; + } + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) >= FvLength) { + return NULL; + } + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Mesure a FirmwareBlob. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2; + VOID *FvName; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + ZeroMem (&FvBlob2, sizeof(FvBlob2)); + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + EventLog =3D &FvBlob2; + EventLogSize =3D sizeof(FvBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + EventLog =3D &FvBlob; + EventLogSize =3D sizeof(FvBlob); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + (VOID*)(UINTN)FirmwareBlobBase, + FirmwareBlobLength + ); + + return Status; +} + +/** + Mesure a FirmwareBlob in separation mode of FV binary and configuration. + + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + @param[in] CfgRegionOffset Configuration region offset in bytes. + @param[in] CfgRegionSize Configuration region in bytes. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlobWithCfg ( + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength, + IN UINT32 CfgRegionOffset, + IN UINT32 CfgRegionSize + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UPDBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UPDBlob2; + VOID *FvName; + UINT32 FvEventType; + VOID *FvEventLog, *UPDEventLog; + UINT32 FvEventLogSize, UPDEventLogSize; + EFI_STATUS Status; + HASH_HANDLE HashHandle; + UINT8 *HashBase; + UINTN HashSize; + TPML_DIGEST_VALUES DigestList; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + ZeroMem (&FvBlob2, sizeof(FvBlob2)); + ZeroMem (&UPDBlob2, sizeof(UPDBlob2)); + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription, sizeof(UPDBlob2.BlobDe= scription), "%aUDP", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription, sizeof(UPDBlob2.BlobDe= scription), "(%g)UDP", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + FvEventLog =3D &FvBlob2; + FvEventLogSize =3D sizeof(FvBlob2); + + UPDBlob2.BlobDescriptionSize =3D sizeof(UPDBlob2.BlobDescription); + UPDBlob2.BlobBase =3D CfgRegionOffset; + UPDBlob2.BlobLength =3D CfgRegionSize; + UPDEventLog =3D &UPDBlob2; + UPDEventLogSize =3D sizeof(UPDBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + FvEventLog =3D &FvBlob; + FvEventLogSize =3D sizeof(FvBlob); + + UPDBlob.BlobBase =3D CfgRegionOffset; + UPDBlob.BlobLength =3D CfgRegionSize; + UPDEventLog =3D &UPDBlob; + UPDEventLogSize =3D sizeof(UPDBlob); + } + + // Initialize a SHA hash context. + Status =3D HashStart (&HashHandle); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status)); + return Status; + } + + // Hash FSP binary before UDP + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase; + HashSize =3D (UINTN) CfgRegionOffset; + Status =3D HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); + return Status; + } + + // Hash FSP binary after UDP + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgR= egionSize; + HashSize =3D (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSiz= e); + Status =3D HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); + return Status; + } + + // Finalize the SHA hash. + Status =3D HashFinal(HashHandle, &DigestList); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashFinal failed - %r\n", Status)); + return Status; + } + + Status =3D TpmMeasureAndLogDataWithFlags ( + 0, + FvEventType, + FvEventLog, + FvEventLogSize, + (UINT8 *) &DigestList, + (UINTN) sizeof(DigestList), + EDKII_TCG_PRE_HASH + ); + DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogDataWithFlags - %r\n", Status)); + + Status =3D TpmMeasureAndLogData ( + 1, + EV_PLATFORM_CONFIG_FLAGS, + UPDEventLog, + UPDEventLogSize, + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset, + CfgRegionSize + ); + DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogData - %r\n", Status)); + + return Status; +} +/** + Mesure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ) +{ + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + if ((Description !=3D NULL) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + ZeroMem (&HandoffTables2, sizeof(HandoffTables2)); + AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTab= les2.TableDescription), "%a", Description); + + HandoffTables2.TableDescriptionSize =3D sizeof(HandoffTables2.TableDes= cription); + HandoffTables2.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid); + HandoffTables2.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES2; + EventLog =3D &HandoffTables2; + EventLogSize =3D sizeof(HandoffTables2); + } else { + HandoffTables.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid); + HandoffTables.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES; + EventLog =3D &HandoffTables; + EventLogSize =3D sizeof(HandoffTables); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + TableAddress, + TableLength + ); + return Status; +} diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.= inf b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf index 6625d0fd01..6ff32a2bdc 100644 --- a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf @@ -26,6 +26,7 @@ =20 [Sources] PeiTpmMeasurementLib.c + EventLogRecord.c =20 [Packages] MdePkg/MdePkg.dec @@ -41,10 +42,14 @@ PrintLib PeiServicesLib PeiServicesTablePointerLib + HashLib =20 [Ppis] gEdkiiTcgPpiGuid ## = CONSUMES =20 +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## = CONSUMES + [Depex] gEfiPeiMasterBootModePpiGuid AND gEfiTpmDeviceSelectedGuid --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63563): https://edk2.groups.io/g/devel/message/63563 Mute This Topic: https://groups.io/mt/75903684/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 11:42:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63562+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63562+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596185718; cv=none; d=zohomail.com; s=zohoarc; b=Xco+5nruHHRoNSEDjf194Xu5WBIFi+3gqb38taRcau3RjyEvFTGnHqqQq944m4ouGRmmT1VxqBLEPWs4NEIr2tqEoHiMNDk5AtpciKQo2kF5fmAEtnJ9c4UysZcQrolXH3DapsIrYhYAUJE65yraZ5NfHd2OSMHBwV7LWqpdaj8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596185718; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=D9L9KHWVcbWnJ1oCWs1RVANPIQIgLpa/WFEeW8iuMcs=; b=ejqSOmopLAaIxSaOi74/4P3DK1UjY3pkS3s5fLx7czkfyuwecuaBlk+BqITkG78UCotMin8Ror1zYjKrDZyNLgfypWhZwGZlJO0zcua4mGx6s/0hTuYMj8jjcAC2Qw6vpJ1kFgBHa3bptSKBQo2awbp7vyP+7Muqkc61wuc+Zsg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63562+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596185718216866.9301590618359; Fri, 31 Jul 2020 01:55:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id YponYY1788612xUa37cjfKlD; Fri, 31 Jul 2020 01:55:17 -0700 X-Received: from mga06.intel.com (mga06.intel.com []) by mx.groups.io with SMTP id smtpd.web10.14648.1596185716178503262 for ; Fri, 31 Jul 2020 01:55:16 -0700 IronPort-SDR: 1dy6qrS5HdhJSYSNXqs/Ouots+Mfw35Pjvne2SKNGiCAiRIAPGe2WtTUpF+4iOZsIPcNhQr0Ui 4PSx6YA/Belg== X-IronPort-AV: E=McAfee;i="6000,8403,9698"; a="213281389" X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="213281389" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 01:54:56 -0700 IronPort-SDR: vOkLVJtIEIjsmxrP3k+2KXBt+VHicqXyTvMl10HT6b+hPfx4wDPu/mBftWQQ9PxeMKr9nDhLVD KlT1SOgcDP/Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="490953570" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2020 01:54:54 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH 5/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file. Date: Fri, 31 Jul 2020 16:54:33 +0800 Message-Id: <20200731085437.16070-6-qi1.zhang@intel.com> In-Reply-To: <20200731085437.16070-1-qi1.zhang@intel.com> References: <20200731085437.16070-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: RJ5xUNrbMZi0TJomIKhGhjZKx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596185717; bh=9JROQtrl0gggeKZWA3hE50oplmHe20vKHhho0CGdK6Y=; h=Cc:Date:From:Reply-To:Subject:To; b=rjjQfEIf3NSoXi9H/ncAO6hhDTx8Smkq2I2QHo/s4EgHVcz3otVSUtpAw4bx8i32Una r/BCgCJ24VnPwimRzQxA2f4F/MOsJ4X92hE0N1jAfLr0ie/HVujo4QyaCLYbP6qRacj2G 0f/xn9KoJoTrK+/ZrZuF1V2RK/bgImRteeY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../Include/Library/FspMeasurementLib.h | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h b/Inte= lFsp2WrapperPkg/Include/Library/FspMeasurementLib.h new file mode 100644 index 0000000000..ca02ecdf1f --- /dev/null +++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h @@ -0,0 +1,65 @@ +/** @file + This library is used by FSP modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _FSP_MEASUREMENT_LIB_H_ +#define _FSP_MEASUREMENT_LIB_H_ + +#define FSP_MEASURE_FSP BIT0 +#define FSP_MEASURE_FSPT BIT1 +#define FSP_MEASURE_FSPM BIT2 +#define FSP_MEASURE_FSPS BIT3 +#define FSP_MEASURE_FSPUPD BIT31 + +/** + Mesure a FSP FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ); + +/** + Mesure a FSP FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + @param[in] CfgRegionOffset Configuration region offset in bytes. + @param[in] CfgRegionSize Configuration region in bytes. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlobWithCfg ( + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength, + IN UINT32 CfgRegionOffset, + IN UINT32 CfgRegionSize + ); + +#endif --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63562): https://edk2.groups.io/g/devel/message/63562 Mute This Topic: https://groups.io/mt/75903683/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 11:42:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63564+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63564+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596185718; cv=none; d=zohomail.com; s=zohoarc; b=J8EMF7bp+g3q40jIWiXXuKLtoZozu1sGUzJQ6Rd7U9mmWhgd0m44Ha2H6hLenk2Sr7CjvcVe2kjWJHgwRWcIfaAX3l8yE9CJC1yTd6aUpbRfVyisxCaQR/A+KEUShhbqkZrLgsBWMDDWipzgI8m7s4w2jTlAN6+TqKUhK/86EEI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596185718; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=QlNHBgfIKrfpRHOVjRy+a15hi9b4npkLdU8fAz0Z/2M=; b=d3O/UP47M2T3JOocjy/fCLjrzJHOqgrXujRWMtqB4uRKtgjjbxHR/yBTM6GEyINkdaKBRs7279nHM8OPK2iSdAO6AE0ZxEOIRrggkbrphkpkglnL5KxgkHjVEVC9ek+KYI090uvqIOS7fDCdQBEtjJQGZzzAjfKnFHSd7+piFGQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63564+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596185718677610.2305531472673; Fri, 31 Jul 2020 01:55:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id WZMdYY1788612xXN6j4I6lb8; Fri, 31 Jul 2020 01:55:18 -0700 X-Received: from mga06.intel.com (mga06.intel.com []) by mx.groups.io with SMTP id smtpd.web10.14648.1596185716178503262 for ; Fri, 31 Jul 2020 01:55:17 -0700 IronPort-SDR: JEueRIuzle3yb2QVxZLt1n9Qa/e+Ve5BYdVIYelHYX/S2Azz6MzcPP/o6zM5pdR39vxaF8IJQt LjRUYsWkLmJg== X-IronPort-AV: E=McAfee;i="6000,8403,9698"; a="213281390" X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="213281390" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 01:54:58 -0700 IronPort-SDR: S5WjmXJbTU0MPGAGg66CkSL9AhcakuFZm+jHVVJYL41X16ktMPYltLRlOXg6lujbttSK8+gM3l T3t69z2q+E/A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="490953577" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2020 01:54:56 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib. Date: Fri, 31 Jul 2020 16:54:34 +0800 Message-Id: <20200731085437.16070-7-qi1.zhang@intel.com> In-Reply-To: <20200731085437.16070-1-qi1.zhang@intel.com> References: <20200731085437.16070-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: NXqdKQ5fitIc2l8rLTqNUVnjx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596185718; bh=KLczvyBA2ZwuEqeUz4QRrhNutdMqqDw5bAm53TCWjaM=; h=Cc:Date:From:Reply-To:Subject:To; b=MmxycbKMcmKoq83OT7bCCtSTxbDM1UglWph0FXpmfojFj1T9IT/0tpNR1VQ8R9Y4fIg PJpemKBgLgkE2PJ2q7oE4NCVsBoc8nDEP/TBwoiTK7k1mClZdaR2TufDPOs4jJoFjfvOF 6dwoOPSW8c+sAkubJwxHuED3IY0xDq2Y1mU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../BaseFspMeasurementLib.inf | 37 ++++++++++ .../BaseFspMeasurementLib/FspMeasurementLib.c | 70 +++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseF= spMeasurementLib.inf create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMe= asurementLib.c diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasu= rementLib.inf b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMe= asurementLib.inf new file mode 100644 index 0000000000..2539164e40 --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementL= ib.inf @@ -0,0 +1,37 @@ +## @file +# Provides FSP measurement functions. +# +# This library provides MeasureFspFirmwareBlob() to measure FSP binary. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D FspMeasurementLib + FILE_GUID =3D 9A62C49D-C45A-4322-9F3C-45958DF0056B + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D FspMeasurementLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + FspMeasurementLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + TpmMeasurementLib diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasureme= ntLib.c b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementL= ib.c new file mode 100644 index 0000000000..8a33fe97c0 --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c @@ -0,0 +1,70 @@ +/** @file + This library is used by FSP modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include +#include + +#include + +/** + Mesure a FSP FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, Fir= mwareBlobLength); +} + +/** + Mesure a FSP FirmwareBlob. + + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + @param[in] CfgRegionOffset Configuration region offset in bytes. + @param[in] CfgRegionSize Configuration region in bytes. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlobWithCfg ( + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength, + IN UINT32 CfgRegionOffset, + IN UINT32 CfgRegionSize + ) +{ + return MeasureFirmwareBlobWithCfg (Description, FirmwareBlobBase, Firmwa= reBlobLength, CfgRegionOffset, CfgRegionSize); + +} + --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63564): https://edk2.groups.io/g/devel/message/63564 Mute This Topic: https://groups.io/mt/75903685/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 11:42:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63565+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63565+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596185719; cv=none; d=zohomail.com; s=zohoarc; b=A/VCzeDCxOzwoYUtwwIFbmOnlVc5FU8N/wZ8zSRypO/LbTb1MuPZ41+po+0X7pwlWSHphAZUFg1KRoxPqe8UwaZgMdi+obqFQfCrXhPflwDsJ11S6uAEoAtidALwXHmrqHbbAX+2xWcHqYa6xL5oOGN0J2pBLcccbORlKGHFXZs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596185719; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=gzbF13+hZsZP3stmYMegBfhhGRV6q8kjd73RfmIrWJI=; b=WFtuWynHABBk2Jz8symKZOpZ5clLq7LjY7klBp3PVqwfUPsbHp9Fau7j7uuERKfkxzwu/28Ussn+ssXGxgjnFZ1lx5001Dbnk/QrJujK9dPgJI60XvJwMrj+kyT3Ljpv3wwKi2EiZtBzK8VqNSg906YZRqre1SH7/Mg6d1HC7Ww= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63565+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596185719655880.7195211512554; Fri, 31 Jul 2020 01:55:19 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 01zaYY1788612xb3XGQMNfrl; Fri, 31 Jul 2020 01:55:19 -0700 X-Received: from mga06.intel.com (mga06.intel.com []) by mx.groups.io with SMTP id smtpd.web10.14650.1596185716899366598 for ; Fri, 31 Jul 2020 01:55:17 -0700 IronPort-SDR: qDCbpwRq+xE9rrA3FMel3U07dsGJKyn2XfYEPFP3kTuAP+3KRh7cpKQ+NqbTP2/WAeY0alHM0C aMPpy9jzrlWQ== X-IronPort-AV: E=McAfee;i="6000,8403,9698"; a="213281393" X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="213281393" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 01:55:01 -0700 IronPort-SDR: Vismm0oHmGzup22telZy+8Io+rx5XosJFpA1ykxKGHFlHRHY676BiyFXw+oadiDXuoDZ2SVE3w E7FjR3Sn1Neg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="490953582" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2020 01:54:59 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH 7/9] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement. Date: Fri, 31 Jul 2020 16:54:35 +0800 Message-Id: <20200731085437.16070-8-qi1.zhang@intel.com> In-Reply-To: <20200731085437.16070-1-qi1.zhang@intel.com> References: <20200731085437.16070-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: MFnFDCnb3ME1hRmNSiH2hBKCx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596185719; bh=s09nkJ6BP5WgU4TZCF89n8bIsKqHYsGmLI3/2PBzm4Q=; h=Cc:Date:From:Reply-To:Subject:To; b=IP2eSBaIUoR4I28m041Na2Hrq2sJlKNd4+DoBsSvPdfeDJgYk8b31NMko6uzZfSAI8j /ojfjmPIJugHSdCaW5Sjyx80CUV94ZJB1HIFdI/gmb5eQQIxlwc62tdaH5WaaoYfvFvtf dLa9x0wWl2xHXHc9hlkmv42tIG/Fma+35zA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../FspmWrapperPeim/FspmWrapperPeim.c | 115 +++++++++++++++++- .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 ++- .../FspsWrapperPeim/FspsWrapperPeim.c | 96 ++++++++++++++- .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 ++-- 4 files changed, 239 insertions(+), 19 deletions(-) diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c b/IntelF= sp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c index 265b77ed60..1533971d7f 100644 --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c @@ -3,7 +3,7 @@ register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi notify to call FspSiliconInit API. =20 - Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -25,11 +25,14 @@ #include #include #include +#include =20 #include #include #include #include +#include +#include #include #include #include @@ -147,7 +150,21 @@ FspmWrapperInit ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExclud= edFvPpi; + EFI_PEI_PPI_DESCRIPTOR *MeasurementExclud= edPpiList; + + MeasurementExcludedFvPpi =3D AllocatePool (sizeof(*MeasurementExcludedFv= Ppi)); + ASSERT(MeasurementExcludedFvPpi !=3D NULL); + MeasurementExcludedFvPpi->Count =3D 1; + MeasurementExcludedFvPpi->Fv[0].FvBase =3D PcdGet32 (PcdFspmBaseAddress); + MeasurementExcludedFvPpi->Fv[0].FvLength =3D ((EFI_FIRMWARE_VOLUME_HEADE= R *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength; + + MeasurementExcludedPpiList =3D AllocatePool (sizeof(*MeasurementExcluded= PpiList)); + ASSERT(MeasurementExcludedPpiList !=3D NULL); + MeasurementExcludedPpiList->Flags =3D EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_P= EI_PPI_DESCRIPTOR_TERMINATE_LIST; + MeasurementExcludedPpiList->Guid =3D &gEfiPeiFirmwareVolumeInfoMeasurem= entExcludedPpiGuid; + MeasurementExcludedPpiList->Ppi =3D MeasurementExcludedFvPpi; =20 Status =3D EFI_SUCCESS; =20 @@ -155,6 +172,9 @@ FspmWrapperInit ( Status =3D PeiFspMemoryInit (); ASSERT_EFI_ERROR (Status); } else { + Status =3D PeiServicesInstallPpi (MeasurementExcludedPpiList); + ASSERT_EFI_ERROR (Status); + PeiServicesInstallFvInfoPpi ( NULL, (VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress), @@ -167,6 +187,92 @@ FspmWrapperInit ( return Status; } =20 +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc =3D { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINA= TE_LIST), + &gEdkiiTcgPpiGuid, + TcgPpiNotify +}; + +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + UINT32 FspMeasureMask; + FSP_INFO_HEADER *FspHeaderPtr; + + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n")); + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + if (FspMeasureMask & FSP_MEASURE_FSP) { + if (FspMeasureMask & FSP_MEASURE_FSPT) { + if(FspMeasureMask & FSP_MEASURE_FSPUPD) { + FspHeaderPtr =3D (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32 (P= cdFsptBaseAddress)); + if (FspHeaderPtr =3D=3D NULL) { + return EFI_DEVICE_ERROR; + } + DEBUG ((DEBUG_INFO, "FSPT: CfgRegionOffset 0x%x, CfgRegionSize 0x%= x\n", FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize)); + DEBUG ((DEBUG_INFO, "FSPT: PcdFsptBaseAddress 0x%x, ImageBase 0x%x= \n", PcdGet32(PcdFsptBaseAddress), FspHeaderPtr->ImageBase)); + MeasureFspFirmwareBlobWithCfg ("FSPT", PcdGet32(PcdFsptBaseAddress= ), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADE= R *) (UINTN) PcdGet32 (PcdFsptBaseAddress))->FvLength, + FspHeaderPtr->CfgRegionOffset, FspH= eaderPtr->CfgRegionSize); + } else { + DEBUG ((DEBUG_ERROR, "\n QIZ: Measure FSPT\n")); + MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (U= INTN) PcdGet32 (PcdFsptBaseAddress))->FvLength); + } + } + if (FspMeasureMask & FSP_MEASURE_FSPM) { + if(FspMeasureMask & FSP_MEASURE_FSPUPD) { + FspHeaderPtr =3D (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32 (P= cdFspmBaseAddress)); + if (FspHeaderPtr =3D=3D NULL) { + return EFI_DEVICE_ERROR; + } + MeasureFspFirmwareBlobWithCfg ("FSPM", PcdGet32(PcdFspmBaseAddress= ), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADE= R *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength, + FspHeaderPtr->CfgRegionOffset, FspH= eaderPtr->CfgRegionSize); + } + else { + MeasureFspFirmwareBlob (0, "FSPM", PcdGet32(PcdFspmBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (U= INTN) PcdGet32 (PcdFspmBaseAddress))->FvLength); + } + } + } + + return EFI_SUCCESS; +} + /** This is the entrypoint of PEIM =20 @@ -182,8 +288,13 @@ FspmWrapperPeimEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { + EFI_STATUS Status; + DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n")); =20 + Status =3D PeiServicesNotifyPpi (&mTcgPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + FspmWrapperInit (); =20 return EFI_SUCCESS; diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf b/Inte= lFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf index dce7ef3d0b..c3578397b6 100644 --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf @@ -6,7 +6,7 @@ # register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi # notify to call FspSiliconInit API. # -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -44,17 +44,22 @@ TimerLib FspWrapperApiLib FspWrapperApiTestLib + FspMeasurementLib =20 [Packages] MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec UefiCpuPkg/UefiCpuPkg.dec + SecurityPkg/SecurityPkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec =20 [Pcd] - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES =20 [Sources] FspmWrapperPeim.c @@ -63,5 +68,10 @@ gFspHobGuid ## PRODUCES ## HOB gFspApiPerformanceGuid ## SOMETIMES_CONSUMES ## GUID =20 +[Ppis] + gEdkiiTcgPpiGuid ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES + [Depex] - gEfiPeiMasterBootModePpiGuid + gEfiPeiMasterBootModePpiGuid AND + gPeiTpmInitializationDonePpiGuid diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c b/IntelF= sp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c index b20f0805a0..688c82a6c8 100644 --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c @@ -3,7 +3,7 @@ register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi notify to call FspSiliconInit API. =20 - Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -24,12 +24,15 @@ #include #include #include +#include =20 #include #include #include #include #include +#include +#include #include #include #include @@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExclud= edFvPpi; + EFI_PEI_PPI_DESCRIPTOR *MeasurementExclud= edPpiList; + + MeasurementExcludedFvPpi =3D AllocatePool (sizeof(*MeasurementExcludedFv= Ppi)); + ASSERT(MeasurementExcludedFvPpi !=3D NULL); + MeasurementExcludedFvPpi->Count =3D 1; + MeasurementExcludedFvPpi->Fv[0].FvBase =3D PcdGet32 (PcdFspsBaseAddress); + MeasurementExcludedFvPpi->Fv[0].FvLength =3D ((EFI_FIRMWARE_VOLUME_HEADE= R *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength; + + MeasurementExcludedPpiList =3D AllocatePool (sizeof(*MeasurementExcluded= PpiList)); + ASSERT(MeasurementExcludedPpiList !=3D NULL); + MeasurementExcludedPpiList->Flags =3D EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_P= EI_PPI_DESCRIPTOR_TERMINATE_LIST; + MeasurementExcludedPpiList->Guid =3D &gEfiPeiFirmwareVolumeInfoMeasurem= entExcludedPpiGuid; + MeasurementExcludedPpiList->Ppi =3D MeasurementExcludedFvPpi; + + Status =3D PeiServicesInstallPpi (MeasurementExcludedPpiList); + ASSERT_EFI_ERROR (Status); + // // FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI di= spatcher. // @@ -398,6 +419,72 @@ FspsWrapperInitDispatchMode ( return Status; } =20 +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc =3D { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINA= TE_LIST), + &gEdkiiTcgPpiGuid, + TcgPpiNotify +}; + +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + UINT32 FspMeasureMask; + FSP_INFO_HEADER *FspHeaderPtr; + + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n")); + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + if ((FspMeasureMask & FSP_MEASURE_FSP) && (FspMeasureMask & FSP_MEASURE_= FSPS)) { + if(FspMeasureMask & FSP_MEASURE_FSPUPD) { + FspHeaderPtr =3D (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32 (Pcd= FspsBaseAddress)); + if (FspHeaderPtr =3D=3D NULL) { + return EFI_DEVICE_ERROR; + } + MeasureFspFirmwareBlobWithCfg ("FSPS", PcdGet32(PcdFspsBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER = *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength, + FspHeaderPtr->CfgRegionOffset, FspHea= derPtr->CfgRegionSize); + } else { + MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UIN= TN) PcdGet32 (PcdFspsBaseAddress))->FvLength); + } + } + + return EFI_SUCCESS; +} + /** This is the entrypoint of PEIM. =20 @@ -413,8 +500,13 @@ FspsWrapperPeimEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { + EFI_STATUS Status; + DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n")); =20 + Status =3D PeiServicesNotifyPpi (&mTcgPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + if (PcdGet8 (PcdFspModeSelection) =3D=3D 1) { FspsWrapperInitApiMode (); } else { diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf b/Inte= lFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf index 7da92991c8..884514747f 100644 --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf @@ -6,7 +6,7 @@ # register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi # notify to call FspSiliconInit API. # -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -44,24 +44,30 @@ PerformanceLib FspWrapperApiLib FspWrapperApiTestLib + FspMeasurementLib =20 [Packages] MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec UefiCpuPkg/UefiCpuPkg.dec + SecurityPkg/SecurityPkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec =20 [Ppis] - gTopOfTemporaryRamPpiGuid ## PRODUCES - gFspSiliconInitDonePpiGuid ## PRODUCES - gEfiEndOfPeiSignalPpiGuid ## PRODUCES - gEfiTemporaryRamDonePpiGuid ## PRODUCES - gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY + gTopOfTemporaryRamPpiGuid ## PRODUCES + gFspSiliconInitDonePpiGuid ## PRODUCES + gEfiEndOfPeiSignalPpiGuid ## PRODUCES + gEfiTemporaryRamDonePpiGuid ## PRODUCES + gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY + gEdkiiTcgPpiGuid ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES =20 [Pcd] - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES =20 [Guids] gFspHobGuid ## CONSUMES ## HOB @@ -71,4 +77,5 @@ FspsWrapperPeim.c =20 [Depex] - gEfiPeiMemoryDiscoveredPpiGuid + gEfiPeiMemoryDiscoveredPpiGuid AND + gPeiTpmInitializationDonePpiGuid --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63565): https://edk2.groups.io/g/devel/message/63565 Mute This Topic: https://groups.io/mt/75903686/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 11:42:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63566+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63566+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596185720; cv=none; d=zohomail.com; s=zohoarc; b=ivBxg4133+ZLkUGi92UqV3lb/BGRhhVqAtT5ivWnpidAfWuBL6yJeDr3dt1EAOPncDrMSOPCZJiKVOA2ZsD0XYimW5gLEGAjfwjlqDPObaJ7DVawCHAB9i+yjHjc6fIIDUItQuNvL6Pdafi7Ex029suBPNup/DdwTt/4fvpr+K0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596185720; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=hsIj58JetmBV1r/pI3kdeVZlhb2go9645mbhi77qxX8=; b=Q07WuKmSMAezD41eu+fzUwxZlR2+CbybcYn153fR84s2sjmTtiaTaiLtv19HVLlst82zXOYB3Z/gIeQf8VtO1JCO+PxJMC0+lqNqxQeBzAQyCeZLWjSmCvAUyliOYnzyY8jW8ZOwFJX32psUmkav5s2s8HTc20rSQXnDcOcExEI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63566+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596185720060511.2337385065292; Fri, 31 Jul 2020 01:55:20 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8h4XYY1788612xClIoS0Kkgq; Fri, 31 Jul 2020 01:55:19 -0700 X-Received: from mga06.intel.com (mga06.intel.com []) by mx.groups.io with SMTP id smtpd.web10.14648.1596185716178503262 for ; Fri, 31 Jul 2020 01:55:17 -0700 IronPort-SDR: 92X5mLVJehXlpjG1hEA41r//Z9mu0QJg+W+buPwyHXGYe6W787kx/bORxbrWmsKs5H3+1dbhFk LxQXql/yueow== X-IronPort-AV: E=McAfee;i="6000,8403,9698"; a="213281397" X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="213281397" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 01:55:03 -0700 IronPort-SDR: bZZsp2M0SCKYqPtUiEWu6XLUu7mag9PvBADc/FhxCYhYbzVgZ4DC+rynLqMQt0D8P91uDnJ/PU /EUZfB+Hcapg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="490953606" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2020 01:55:01 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH 8/9] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig. Date: Fri, 31 Jul 2020 16:54:36 +0800 Message-Id: <20200731085437.16070-9-qi1.zhang@intel.com> In-Reply-To: <20200731085437.16070-1-qi1.zhang@intel.com> References: <20200731085437.16070-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: o7bjp2cBfwQc3uYScMT2NEsux1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596185719; bh=CxCf9UCTC0Eo3ZLmoWJFdnA34Q9cheQAazgdY4Y1ac0=; h=Cc:Date:From:Reply-To:Subject:To; b=n86yKrcMx/N7OkZ3T02w3vg5lMkvvQ02dwHm1XGHT4zI02GWkCM6ODOG7k0ozSG0+Oa eMkpH7TajnXWjHQY0YJLCJ2eRtepA8RFLNIN72Zbv/Sa28avVi56Q04GWQecvX4OtjknM AhBqjQ8aUDZMqK5k2UPMnBajyATGkfhDJu8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 +++++++++++++++++ IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 5 ++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec b/IntelFsp2Wrapper= Pkg/IntelFsp2WrapperPkg.dec index faf2be621c..4bd3250571 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec @@ -92,6 +92,23 @@ # gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection|0x00000001|UINT8|0x4= 000000A =20 + ## This PCD decides how FSP is measured + # 1) The BootGuard ACM may already measured the FSP component, such as F= SPT/FSPM. + # We need a flag (PCD) to indicate if there is need to do such FSP measu= rement or NOT. + # 2) The FSP binary includes FSP code and FSP UPD region. The UPD region= is considered + # as configuration block, and it may be updated by OEM by design. + # This flag (PCD) is to indicate if we need isolate the the UPD region f= rom the FSP code region. + # BIT0: Need measure FSP. (for FSP1.x) - reserved in FSP2. + # BIT1: Need measure FSPT. (for FSP 2.x) + # BIT2: Need measure FSPM. (for FSP 2.x) + # BIT3: Need measure FSPS. (for FSP 2.x) + # BIT4~30: reserved. + # BIT31: Need isolate UPD region measurement. + #0: measure FSP[T|M|S] as one binary in one record (PCR0). + #1: measure FSP UPD region in one record (PCR1), the FSP code without = UPD in another record (PCR0). + # + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x0000000F|UINT3= 2|0x4000000B + [PcdsFixedAtBuild, PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] # ## These are the base address of FSP-M/S diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2Wrapper= Pkg/IntelFsp2WrapperPkg.dsc index cb4f69285d..5c0d509be4 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc @@ -1,7 +1,7 @@ ## @file # Provides drivers and definitions to support fsp in EDKII bios. # -# Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -45,6 +45,7 @@ # FSP Wrapper Lib FspWrapperApiLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/BaseFs= pWrapperApiLib.inf FspWrapperApiTestLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiTestLi= bNull/BaseFspWrapperApiTestLibNull.inf + FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Base= FspMeasurementLib.inf =20 # FSP platform sample FspWrapperPlatformLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperPlatform= LibSample/BaseFspWrapperPlatformLibSample.inf @@ -57,6 +58,7 @@ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasure= mentLib.inf =20 [LibraryClasses.common.DXE_DRIVER] UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf @@ -73,6 +75,7 @@ IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSample/SecFspWrap= perPlatformSecLibSample.inf IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProcessLibSample/PeiFspWrapp= erHobProcessLibSample.inf IntelFsp2WrapperPkg/Library/PeiFspWrapperApiTestLib/PeiFspWrapperApiTest= Lib.inf + IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.= inf =20 IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63566): https://edk2.groups.io/g/devel/message/63566 Mute This Topic: https://groups.io/mt/75903687/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Sat Apr 20 11:42:25 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63567+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63567+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596185720; cv=none; d=zohomail.com; s=zohoarc; b=BrywAft6dZTXml326YKAP+yHMK25wnpdaUnArtC66NGwLo4QrLbPFZPHlp8feMBhcjFTMgkemGDDkxW/LxKKrG9CtxH8nvzax8IKz6dxNmIqibgUyGZ7DKUM0g3UNcQ4XgDRTHwzpW5O9q3j5Dl/8gg+uNOZ3Bmr0T8TMLdSOlc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596185720; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=pLmZ5ypkKIxQc9te5QjXo7GVplR5872NZelgzxQ76Bs=; b=HG7FgzQ1C0dOVkzsfYbY29V+ero3bSJ6IUu/0OS1q+JkXO+J4aHtnbozYKz1sxYGKF4Z3GkTHlk5O2v563y0iThiAvaRZoRpWiuLX1cdkeHKwWVgzIXTp6IwQl6G68x858v8DVyZDNwKh3icbC0JArpCQnJMqMeiveCNM8l67y0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63567+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596185720587947.3651254010741; Fri, 31 Jul 2020 01:55:20 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id FzdEYY1788612xk3cvBaSgVR; Fri, 31 Jul 2020 01:55:20 -0700 X-Received: from mga06.intel.com (mga06.intel.com []) by mx.groups.io with SMTP id smtpd.web10.14650.1596185716899366598 for ; Fri, 31 Jul 2020 01:55:17 -0700 IronPort-SDR: n0KR/lhXs/pDatBVKzHw2bYXJE9ndR6pvRxEWH8CPODzkeoMyMZz9Gb8NSZCkFIdB1A6Yiba8O 7nfD3ze7TsIw== X-IronPort-AV: E=McAfee;i="6000,8403,9698"; a="213281399" X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="213281399" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 01:55:05 -0700 IronPort-SDR: lIHoR2YUYOf/usEsRrU7ek/gPtB1zEKFa8WIVy5OroXWhATbrnzEW208xXyt0McsxLRrNYoakg 36Teh4W0WO6Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,417,1589266800"; d="scan'208";a="490953616" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga006.fm.intel.com with ESMTP; 31 Jul 2020 01:55:04 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang Subject: [edk2-devel] [PATCH 9/9] SecurityPkg/HashLib: add API HashFinal Date: Fri, 31 Jul 2020 16:54:37 +0800 Message-Id: <20200731085437.16070-10-qi1.zhang@intel.com> In-Reply-To: <20200731085437.16070-1-qi1.zhang@intel.com> References: <20200731085437.16070-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: ltgun2PWAMyKqZRP1oBMkuEMx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596185720; bh=d3wbctGRQ2j68jW7CAsjEH7l1yUcTGzHKeM1SKkgUV0=; h=Cc:Date:From:Reply-To:Subject:To; b=XVbX+Tlum947KYAHrLJSlxCZIl3LzsXdTRO3LGZUPlF22HwB3LYoMWyo8ehS7pxlW5S n2D/YcAkHbC5Rzd6tvJCVRzb7AdckIJZYbg+keHWxo7GdADF/71WF3s28gCT005wDDrne VXH/EBQOfioF4fTZq1OpFhec2cfIyCFpPfE= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Signed-off-by: Qi Zhang --- SecurityPkg/Include/Library/HashLib.h | 15 ++++++ .../HashLibBaseCryptoRouterPei.c | 48 +++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Li= brary/HashLib.h index 6ad960ad70..e2d9a62a1d 100644 --- a/SecurityPkg/Include/Library/HashLib.h +++ b/SecurityPkg/Include/Library/HashLib.h @@ -47,6 +47,21 @@ HashUpdate ( IN UINTN DataToHashLen ); =20 +/** + Hash sequence complete and extend to PCR. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returne= d. +**/ +EFI_STATUS +EFIAPI +HashFinal ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ); + /** Hash sequence complete and extend to PCR. =20 diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoR= outerPei.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoR= outerPei.c index 42cb562f67..5b9719630d 100644 --- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPe= i.c +++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPe= i.c @@ -208,6 +208,54 @@ HashUpdate ( return EFI_SUCCESS; } =20 +/** + Hash sequence complete and extend to PCR. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returne= d. +**/ +EFI_STATUS +EFIAPI +HashFinal ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + TPML_DIGEST_VALUES Digest; + HASH_INTERFACE_HOB *HashInterfaceHob; + HASH_HANDLE *HashCtx; + UINTN Index; + UINT32 HashMask; + + HashInterfaceHob =3D InternalGetHashInterfaceHob (&gEfiCallerIdGuid); + if (HashInterfaceHob =3D=3D NULL) { + return EFI_UNSUPPORTED; + } + + if (HashInterfaceHob->HashInterfaceCount =3D=3D 0) { + return EFI_UNSUPPORTED; + } + + CheckSupportedHashMaskMismatch (HashInterfaceHob); + + HashCtx =3D (HASH_HANDLE *)HashHandle; + ZeroMem (DigestList, sizeof(*DigestList)); + + for (Index =3D 0; Index < HashInterfaceHob->HashInterfaceCount; Index++)= { + HashMask =3D Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface= [Index].HashGuid); + if ((HashMask & PcdGet32 (PcdTpm2HashMask)) !=3D 0) { + HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &D= igest); + Tpm2SetHashToDigestList (DigestList, &Digest); + } + } + + FreePool (HashCtx); + + return EFI_SUCCESS; +} + /** Hash sequence complete and extend to PCR. =20 --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63567): https://edk2.groups.io/g/devel/message/63567 Mute This Topic: https://groups.io/mt/75903688/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-