From nobody Mon Apr 29 18:49:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63752+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63752+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596674031; cv=none; d=zohomail.com; s=zohoarc; b=SN+Ee9bBogx7XNPVwgRJ8UMf6yzptUJqKnbsOaIcImAsaIJhwb1O5N8XEahcBxyYB20Q6YDX/SWTelo3yd759YXl5f14ENCOxuKhEJnmMDNJXjhMukCiI2aUI2BM4GJZ2aQ+6/2klD8Dr/M8Q3NGjSgZgSVd16Ton4hBLiNMPLg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596674031; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=4dhwl/1HgYqJugztRe3RFiVJrtq/mqmrQ4imiETA0eg=; b=mb80pyx3dy6z8P44Sd4ckBFBmZW28/+yGP+ZduMxwBe03NRWVawm+xdY0QZkw/GVnCpRwbvqMX1ro1ZeTeAW/nsgHYM8uOxTv7aj1pUsJ982KmC+Yt6VanyLmaPhwJi7LR6Jkj6ZxiruGkvMEBo6gh5b2E7z37npIopG6/vH5tI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63752+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596674031740105.24889140990956; Wed, 5 Aug 2020 17:33:51 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id DN8yYY1788612xwTyGUCKiRY; Wed, 05 Aug 2020 17:33:51 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3442.1596674029695996418 for ; Wed, 05 Aug 2020 17:33:50 -0700 IronPort-SDR: hiSiEoEycoJZzpvzP+hsbXv3ujrh3GQua7rLIAUkSXY+gp5o9lMURqFIasWeXEH92JTBHo5cUo udehLDj7n0mQ== X-IronPort-AV: E=McAfee;i="6000,8403,9704"; a="150152757" X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="150152757" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2020 17:33:50 -0700 IronPort-SDR: 4T2Bs38sePEykbAEIf/1CrPVKRjfcxP1pWkJTmbaPI+PV9oYHFUpotzaAhe/9Tffkn+J6e0p7u VVNdPJTLua3g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="274924368" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga007.fm.intel.com with ESMTP; 05 Aug 2020 17:33:48 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Hao A Wu , Qi Zhang Subject: [edk2-devel] [PATCH v2 1/9] MdeModulePkg/TpmMeasurementLib: Add new API to TpmMeasurmentLib. Date: Thu, 6 Aug 2020 08:33:34 +0800 Message-Id: <20200806003342.17866-2-qi1.zhang@intel.com> In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> References: <20200806003342.17866-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: Vef5S7wcp1YES8Zthxm6hqYGx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596674031; bh=AypXuVzqunf0PyZ0dCTgroHfqpi0kMDOIen8ZXjs5O0=; h=Cc:Date:From:Reply-To:Subject:To; b=U1A+7AogjsvlslISr0oFgQygYjmjV2U0YWOZmDjIofBDOpnEoiExx4IqJOnPjA56pFo sRJrbFaBPUtYn5VF54CTGOQXDLpXPX48b4IxLRuNXLyBOymAhethza5l3kKO0tuTh1ef1 6PQP6GJNyjAkY1mZ+XhP7Mdsl2n7K1BYzkY= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jian J Wang Cc: Hao A Wu Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../Include/Library/TpmMeasurementLib.h | 48 ++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Include/Library/TpmMeasurementLib.h b/MdeModulePk= g/Include/Library/TpmMeasurementLib.h index ddf6723f03..5a0f97d208 100644 --- a/MdeModulePkg/Include/Library/TpmMeasurementLib.h +++ b/MdeModulePkg/Include/Library/TpmMeasurementLib.h @@ -1,7 +1,7 @@ /** @file This library is used by other modules to measure data to TPM. =20 -Copyright (c) 2012, Intel Corporation. All rights reserved.
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -35,4 +35,50 @@ TpmMeasureAndLogData ( IN UINT64 HashDataLen ); =20 +/** + Mesure a FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ); + +/** + Mesure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ); + #endif --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63752): https://edk2.groups.io/g/devel/message/63752 Mute This Topic: https://groups.io/mt/76019582/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 18:49:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63753+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63753+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596674033; cv=none; d=zohomail.com; s=zohoarc; b=eM+eMxUcVupb13hy3udJmQyhzkJURj67NpYBMx79uf9ErD67Cw6eGo1J2D2vVSF81q7FFQrCij9m5PtOdu8GibRl/86qWjTgBZHK0od9+/jmndwf49MNzmt7BykKiYiNduVzvHW9ADC4kBoRtqFy0vU5GGXr61lipuBflJS4hG4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596674033; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=BvuaXuEvhbS0TTH+PxzsD28O1zGBTEhIqpmahR4KRHs=; b=QMoTrvJlTIiIZ2tWitmRhocoH7FL0iOeVILP9H8FG8iaUuy4aiUWc8Ua+fO6zRqBAHxognTbCDoUUBdb+FT25MjM4NNBhFLggRGxsxiZ9QHZjBCl8PR9qqA4w+fk5wL4TSDCEhyUJLGQ/F3uuzl6QNv/GYSzmaQ/br6jhmg8/9s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63753+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596674033013140.04797078815807; Wed, 5 Aug 2020 17:33:53 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id Tas4YY1788612xWg2Ieitipx; Wed, 05 Aug 2020 17:33:52 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3442.1596674029695996418 for ; Wed, 05 Aug 2020 17:33:52 -0700 IronPort-SDR: T4m9FPco6RyQ3HFHjglEZXsrIq7YHETn4PNWOmRUiJl/ZfiiT4/is1UlFERU6no8uQuehvbgsd UK6FiWpgU7gA== X-IronPort-AV: E=McAfee;i="6000,8403,9704"; a="150152777" X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="150152777" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2020 17:33:52 -0700 IronPort-SDR: NHwQDes8tJMfQCwzI3y33ky+2b6PPdsm+aR8ri1QNkTYOWnmZU4nM3EWPRjxuUIrj71ukgCczN Tu27PeBATEVw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="274924382" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga007.fm.intel.com with ESMTP; 05 Aug 2020 17:33:50 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Hao A Wu , Qi Zhang Subject: [edk2-devel] [PATCH v2 2/9] MdeModulePkg/NullTpmMeasurementLib: Add new API. Date: Thu, 6 Aug 2020 08:33:35 +0800 Message-Id: <20200806003342.17866-3-qi1.zhang@intel.com> In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> References: <20200806003342.17866-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: IS2hHb8dkf2DAZtqpGMYZe3Mx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596674032; bh=pSVuXXbRtFVKjGGlI2eXsDsLZUt287BjIEngMCiyW3U=; h=Cc:Date:From:Reply-To:Subject:To; b=n1eyLkw2s0V4q6pWZhezfLIjDzBd29jqXJGe9qeB4/eM628z71CpuMEcFCc3rMq/hnd dK2Idq1w9Xa0stnAyzEuaQXG2Fyj7h6oc8PWjpX1KdFGu5a6yuArxxRdQAVpxixZXPqhs oyLJAt03pQHptjwu2QCvwzy8vbrdUf/qkTA= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Cc: Hao A Wu Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../TpmMeasurementLibNull.c | 61 ++++++++++++++++++- .../TpmMeasurementLibNull.inf | 6 +- 2 files changed, 63 insertions(+), 4 deletions(-) diff --git a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu= ll.c b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c index b9c5b68de8..2ce38d8258 100644 --- a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c +++ b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c @@ -1,11 +1,13 @@ /** @file This library is used by other modules to measure data to TPM. =20 -Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ =20 +#include + /** Tpm measure and log data, and extend the measurement result into a speci= fic PCR. =20 @@ -37,3 +39,60 @@ TpmMeasureAndLogData ( // return EFI_SUCCESS; } + +/** + Mesure a FirmwareBlob. + + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + // + // Do nothing, just return EFI_SUCCESS. + // + return EFI_SUCCESS; +} + +/** + Mesure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ) +{ + // + // Do nothing, just return EFI_SUCCESS. + // + return EFI_SUCCESS; +} diff --git a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNu= ll.inf b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.i= nf index 61abcfa2ec..1db2c0d6a7 100644 --- a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf +++ b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf @@ -1,7 +1,7 @@ ## @file # Provides NULL TPM measurement function. # -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -10,9 +10,9 @@ INF_VERSION =3D 0x00010005 BASE_NAME =3D TpmMeasurementLibNull FILE_GUID =3D 6DFD6E9F-9278-48D8-8F45-B6CFF2C2B69C - MODULE_TYPE =3D UEFI_DRIVER + MODULE_TYPE =3D BASE VERSION_STRING =3D 1.0 - LIBRARY_CLASS =3D TpmMeasurementLib|DXE_DRIVER DXE_RUNT= IME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + LIBRARY_CLASS =3D TpmMeasurementLib MODULE_UNI_FILE =3D TpmMeasurementLibNull.uni =20 # --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63753): https://edk2.groups.io/g/devel/message/63753 Mute This Topic: https://groups.io/mt/76019583/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 18:49:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63754+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63754+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596674034; cv=none; d=zohomail.com; s=zohoarc; b=TZh6whn2rhqnvSCc1+7c7B/+BOccDeQdYpIkVH48RxzK3vhe4N45wa8EwtSe3IsJHdjGxCirRI+6LnwFvcg0tZRQXTwmsFlNmvWV1UEGpgYH99oXR6QRiHshQqxHRhRwZwQi/Eyn0G7vcyuD9UTTFJ+yGLcFCAKtAUJfCuMsAzc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596674034; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=IzOPoJcJZV+HrkDpM4ryNjmR8+4FyMWJGRKIpFWFe3A=; b=Vp7kAPv2dh1+2jtRVqdNVrDYVQrDqKo51tGBuQ8/N+qxj6pbS7v6oyDc+o3iYznAgCKMnMPz0gc4ew0MY5McYIJHfv+1FkOEQziydlBbDS8tQq1IHC6ofnBjiEk1QnlWFXWwOFhAqWB4vQ9dmcjFjTv8TxwpYIs+tnk7ZGvcKSk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63754+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596674034470445.17849575062894; Wed, 5 Aug 2020 17:33:54 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id bVFeYY1788612xddecTmpUS1; Wed, 05 Aug 2020 17:33:54 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3442.1596674029695996418 for ; Wed, 05 Aug 2020 17:33:53 -0700 IronPort-SDR: qeVUdlin2nclwWiPF0vnwSeIUool7Xs/by2IIsvps/3IBak8Fxqi415muDqgIQFUVzWiKW7c4t 0aa+Rz1l624w== X-IronPort-AV: E=McAfee;i="6000,8403,9704"; a="150152787" X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="150152787" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2020 17:33:53 -0700 IronPort-SDR: Z5/8rdOfzEVmpMzgAADNnGGrXXq/v28OzAL6XXHoMCjXE6WKyE+W0NsjITz+DiOzyNu3taBQIO Iqzo3/hff0sw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="274924394" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga007.fm.intel.com with ESMTP; 05 Aug 2020 17:33:52 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Qi Zhang Subject: [edk2-devel] [PATCH v2 3/9] SecurityPkg/DxeTpmMeasurementLib: Add new API. Date: Thu, 6 Aug 2020 08:33:36 +0800 Message-Id: <20200806003342.17866-4-qi1.zhang@intel.com> In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> References: <20200806003342.17866-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: UuABgJItDkL13KCbdselofmox1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596674034; bh=0EmDdbjJ4Mi6hx31nqZqeEwwghXskh4ih1lpnVEUWR0=; h=Cc:Date:From:Reply-To:Subject:To; b=JUG+lnOPezSQiJaDw9eORbcIHtSWOatFDUb0b5O/6yYQna1dxOj9zvSsOgXpLgRJZ9X mG6x3v8rVNaWn3Ldbtd0faSwcu1Y7zfoNuUnxEK8XIBRc2wNcf7I7Gah5X6eeNhkAXWXk mbCZvXf24kogeloCv2yHqnZcB4SoSTUr9Vk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../DxeTpmMeasurementLib.inf | 6 +- .../DxeTpmMeasurementLib/EventLogRecord.c | 218 ++++++++++++++++++ 2 files changed, 223 insertions(+), 1 deletion(-) create mode 100644 SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord= .c diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.= inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf index 7d41bc41f9..39448f8ee8 100644 --- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf @@ -4,7 +4,7 @@ # This library provides TpmMeasureAndLogData() to measure and log data, a= nd # extend the measurement result into a specific PCR. # -# Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -26,6 +26,7 @@ =20 [Sources] DxeTpmMeasurementLib.c + EventLogRecord.c =20 [Packages] MdePkg/MdePkg.dec @@ -42,3 +43,6 @@ [Protocols] gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## = CONSUMES diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c b/Se= curityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c new file mode 100644 index 0000000000..7b3726e44b --- /dev/null +++ b/SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c @@ -0,0 +1,218 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +#pragma pack (1) + +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX= XX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(PLATFORM_FIRMWA= RE_BLOB_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} PLATFORM_FIRMWARE_BLOB2_STRUCT; + +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof(HANDOFF_TABLE_= POINTER_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} HANDOFF_TABLE_POINTERS2_STRUCT; + +#pragma pack () + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >=3D MAX_ADDRESS) { + return NULL; + } + if (FvLength >=3D MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->Signature !=3D EFI_FVH_SIGNATURE) { + return NULL; + } + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) >= FvLength) { + return NULL; + } + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Mesure a FirmwareBlob. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2; + VOID *FvName; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + ZeroMem (&FvBlob2, sizeof(FvBlob2)); + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + EventLog =3D &FvBlob2; + EventLogSize =3D sizeof(FvBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + EventLog =3D &FvBlob; + EventLogSize =3D sizeof(FvBlob); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + (VOID*)(UINTN)FirmwareBlobBase, + FirmwareBlobLength + ); + + return Status; +} + +/** + Mesure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ) +{ + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + if ((Description !=3D NULL) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + ZeroMem (&HandoffTables2, sizeof(HandoffTables2)); + AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTab= les2.TableDescription), "%a", Description); + + HandoffTables2.TableDescriptionSize =3D sizeof(HandoffTables2.TableDes= cription); + HandoffTables2.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid); + HandoffTables2.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES2; + EventLog =3D &HandoffTables2; + EventLogSize =3D sizeof(HandoffTables2); + } else { + HandoffTables.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid); + HandoffTables.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES; + EventLog =3D &HandoffTables; + EventLogSize =3D sizeof(HandoffTables); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + TableAddress, + TableLength + ); + return Status; +} --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63754): https://edk2.groups.io/g/devel/message/63754 Mute This Topic: https://groups.io/mt/76019584/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 18:49:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63755+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63755+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596674037; cv=none; d=zohomail.com; s=zohoarc; b=VorPPUAg2YxcnyObZ5GhPKTZiNawjhjkPtsPWYED2SS6WQ9yNiVpwYuFh9Y0DJXtxvRTn7aKmM0ZHRZlKEm1mNJ3vGF3G+KeG7orVIHmcJYBzWtGZH8gLHO7NZnBFX78+iYH6ta5QQ75wltL6/c5BHSjILuDzQK6TfWetgzkDg8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596674037; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=npKilDhZM8FTD29/gTajlKvdXPJeJxEggOyO4sNTCV4=; b=aqzgAmLeJ9c9IPl7BSA2ASerA2r2/NKN7jxqALNvubzJtvsX/AOgZ9tLQTscfLC8upkXuX1ClLXrEFd/og89BfQp8AJmLVmKp1neUtjea8CK+FSW00H/KpdoimWJct90CVYK7gk6ZwNsxGD84xfwSVuIPjOYeULoGdMVw8zBH7w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63755+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596674037046677.3342044647251; Wed, 5 Aug 2020 17:33:57 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id DQFcYY1788612xz3wskpfBQX; Wed, 05 Aug 2020 17:33:55 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3442.1596674029695996418 for ; Wed, 05 Aug 2020 17:33:55 -0700 IronPort-SDR: GbZk4F8NVAldivNb+3dfcRnvSmYXcqpf4qIsPj++HnkVX8fDtYGnuhBCcNaSUNTmUuaOm6MyYl o+oAuorr0aWg== X-IronPort-AV: E=McAfee;i="6000,8403,9704"; a="150152803" X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="150152803" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2020 17:33:54 -0700 IronPort-SDR: NBMtS0mtSn7ORzS9n4VP6S3vGvb9LiZOW+O0qXELi9FQyhIGasSjnBd0zx4f4OtbULe5ColQLW SH7cLCks4fAw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="274924406" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga007.fm.intel.com with ESMTP; 05 Aug 2020 17:33:53 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Qi Zhang Subject: [edk2-devel] [PATCH v2 4/9] SecurityPkg/PeiTpmMeasurementLib: Add new API. Date: Thu, 6 Aug 2020 08:33:37 +0800 Message-Id: <20200806003342.17866-5-qi1.zhang@intel.com> In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> References: <20200806003342.17866-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: oeX1ATiSoe42vjHXGA9S5KJPx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596674035; bh=6LZcwtRQOFYrxTIew8T4wSiHh3rYTco26zPOdIx5BKo=; h=Cc:Date:From:Reply-To:Subject:To; b=sQyCVZNw2aJ6kohg4zn1C9ijJCEnR3teFPyuUILO8bLM45JENT8HxE7rn6LiSjl3pjZ MWDVXk6jjuXC47v8iCx/TBDezX+6NYcTyKvvQRqFOnbgPO+PikZisEx+W2jz4gMV3w5Eo fRrajzesBJQStQ3ji82L2gvRbe4DI14V1Xc= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../PeiTpmMeasurementLib/EventLogRecord.c | 218 ++++++++++++++++++ .../PeiTpmMeasurementLib.inf | 4 + 2 files changed, 222 insertions(+) create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord= .c diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c b/Se= curityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c new file mode 100644 index 0000000000..cececdf7b2 --- /dev/null +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c @@ -0,0 +1,218 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +#pragma pack (1) + +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX= XX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(PLATFORM_FIRMWA= RE_BLOB_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} PLATFORM_FIRMWARE_BLOB2_STRUCT; + +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof(HANDOFF_TABLE_= POINTER_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} HANDOFF_TABLE_POINTERS2_STRUCT; + +#pragma pack () + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >=3D MAX_ADDRESS) { + return NULL; + } + if (FvLength >=3D MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->Signature !=3D EFI_FVH_SIGNATURE) { + return NULL; + } + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) >= FvLength) { + return NULL; + } + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Mesure a FirmwareBlob. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2; + VOID *FvName; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + ZeroMem (&FvBlob2, sizeof(FvBlob2)); + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + EventLog =3D &FvBlob2; + EventLogSize =3D sizeof(FvBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + EventLog =3D &FvBlob; + EventLogSize =3D sizeof(FvBlob); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + (VOID*)(UINTN)FirmwareBlobBase, + FirmwareBlobLength + ); + + return Status; +} + +/** + Mesure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurment. + @param[in] Descrption Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ) +{ + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + if ((Description !=3D NULL) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + ZeroMem (&HandoffTables2, sizeof(HandoffTables2)); + AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTab= les2.TableDescription), "%a", Description); + + HandoffTables2.TableDescriptionSize =3D sizeof(HandoffTables2.TableDes= cription); + HandoffTables2.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid); + HandoffTables2.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES2; + EventLog =3D &HandoffTables2; + EventLogSize =3D sizeof(HandoffTables2); + } else { + HandoffTables.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid); + HandoffTables.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES; + EventLog =3D &HandoffTables; + EventLogSize =3D sizeof(HandoffTables); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + TableAddress, + TableLength + ); + return Status; +} diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.= inf b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf index 6625d0fd01..489353af2e 100644 --- a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf @@ -26,6 +26,7 @@ =20 [Sources] PeiTpmMeasurementLib.c + EventLogRecord.c =20 [Packages] MdePkg/MdePkg.dec @@ -45,6 +46,9 @@ [Ppis] gEdkiiTcgPpiGuid ## = CONSUMES =20 +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## = CONSUMES + [Depex] gEfiPeiMasterBootModePpiGuid AND gEfiTpmDeviceSelectedGuid --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63755): https://edk2.groups.io/g/devel/message/63755 Mute This Topic: https://groups.io/mt/76019585/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 18:49:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63756+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63756+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596674037; cv=none; d=zohomail.com; s=zohoarc; b=KP3JFKlfLbzredkfiUu3acQNaK++ieGIMu8JUQpYMLukkadhqRi7wyh+SqIOK8YeGgPqJgu5E1kV/M0U24414MqrTJUZbazD/aNS4z6bVqM9lWdATsHHlPSufyq2M3z9eY2P4+3cpYy8YQr3HYNnFxddGd5bHfCIIJcjxXjF7KI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596674037; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=Wh6rOTsfJboxM2tMzknUecI7ybjuf8/mlbpe16W958Q=; b=Y6qAsLfPsEMBdm+Z4eoIfJnDfoE8S/eLEZM9t8/tBIir1FCaY4j2ZVOTHqt7YRimqVW2nGeu6pOhmGBd9brs1GzQEmhW3dZHPbVgOV3QHEQNf1Lb7qJqGQHDwyz73Yzup7cn0+vMUqolCVAPOotP2Cu7+TrVoxA3IE4g1sPLrEI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63756+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596674037804421.41767248491317; Wed, 5 Aug 2020 17:33:57 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id NnwnYY1788612xB0ankW6Xqt; Wed, 05 Aug 2020 17:33:57 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3442.1596674029695996418 for ; Wed, 05 Aug 2020 17:33:57 -0700 IronPort-SDR: eimm5sA/BzC65F6c1FYm1asix/Ry31a/idllg6Nmuhfbr6f1aubc8CF+t2uWleOQQbir2sQRLO RMUGokjeGx+Q== X-IronPort-AV: E=McAfee;i="6000,8403,9704"; a="150152820" X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="150152820" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2020 17:33:56 -0700 IronPort-SDR: ZnMriX/uu8P/zxsxfZmO/nw++UwSD6O3MKaSYT2N7rvubrqWQWub/qyfltnebmrkHUO7bAvwKD H4cMUWXuY6XQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="274924414" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga007.fm.intel.com with ESMTP; 05 Aug 2020 17:33:54 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v2 5/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file. Date: Thu, 6 Aug 2020 08:33:38 +0800 Message-Id: <20200806003342.17866-6-qi1.zhang@intel.com> In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> References: <20200806003342.17866-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: pgom3qRXShrwNG7dGJONqMXSx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596674037; bh=GkTnM8vz6xDuZraBjjVrrEGkby/kIZObNKVqFstIDMQ=; h=Cc:Date:From:Reply-To:Subject:To; b=aCKbgPhH5RYYp3yCLQ18nnWNZEboc76CyrpflLbLr9P44pOZGse6FYneH2KTpNj40P6 4wSVwun+wot0SjGUTRWyN7/yFqBghH0hg09kkhjCYxN7YFTc9ndcu9LebVtcEn/vVYvcR GQ8jZxnt8KtUwXGe6kWA94jUpKJcM3Jgg8Y= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../Include/Library/FspMeasurementLib.h | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h b/Inte= lFsp2WrapperPkg/Include/Library/FspMeasurementLib.h new file mode 100644 index 0000000000..4ab40420ad --- /dev/null +++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h @@ -0,0 +1,39 @@ +/** @file + This library is used by FSP modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _FSP_MEASUREMENT_LIB_H_ +#define _FSP_MEASUREMENT_LIB_H_ + +#define FSP_MEASURE_FSP BIT0 +#define FSP_MEASURE_FSPT BIT1 +#define FSP_MEASURE_FSPM BIT2 +#define FSP_MEASURE_FSPS BIT3 +#define FSP_MEASURE_FSPUPD BIT31 + +/** + Mesure a FSP FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ); +#endif --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63756): https://edk2.groups.io/g/devel/message/63756 Mute This Topic: https://groups.io/mt/76019586/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 18:49:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63757+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63757+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596674039; cv=none; d=zohomail.com; s=zohoarc; b=SC1ORxnH84E+HHEXJE6rVAkgudohz+rv9+X6mhrw1Wpy7IJUX/AfJrQpiHr2MtkUFEw6b1aBT5SfbpfaHr3vcXbfp+w5/5k8yqR5aVy3Cb6AjO8U0sBxN+b4ZU+VfsShn92UrZ/cLMdYHTErObGWd3POK4573A0c+3J/+oTG++0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596674039; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=iQcOGbUwz+deNr0pnDN2g0vv6obwhEavB7bcXP4cx3w=; b=ffXzQTslAPJL7guRhV6UcknJaRy4jJGdvqXIB48YgTC89VvHRNvk8e2VZdudX5UfRsbfdt/cNxo1/ozBZdfKzO5MZBDNyMqBxg+A73NtUTwuiKN8N3xP2JepUAcwFDlhsGFnGB+fqs2f9e/5WHoijvLsYXyDx38r369U7Nea9GQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63757+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596674039611362.38670213248406; Wed, 5 Aug 2020 17:33:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id slAVYY1788612xP1qJ92ledN; Wed, 05 Aug 2020 17:33:59 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3442.1596674029695996418 for ; Wed, 05 Aug 2020 17:33:58 -0700 IronPort-SDR: ZmFhFS0Cg0EfOFMiw6ldxsy3CHHnG63BF9Rf4/JJv7PQ+a9E17PpSLKNewbrZ8GaVsVmSuXSY2 nkBsM2J5epvA== X-IronPort-AV: E=McAfee;i="6000,8403,9704"; a="150152826" X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="150152826" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2020 17:33:58 -0700 IronPort-SDR: cs7tNCFsapTZM/U1xM1AhmdyhOKNKJD89tiE/AdSHAd5ryrJTk3FMq/LZgtyfWaky/cLTOBTXP EmklzvhyVEFg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="274924420" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga007.fm.intel.com with ESMTP; 05 Aug 2020 17:33:56 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v2 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib. Date: Thu, 6 Aug 2020 08:33:39 +0800 Message-Id: <20200806003342.17866-7-qi1.zhang@intel.com> In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> References: <20200806003342.17866-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: JCs0ajx1bWGYNxjCm8QVMlHox1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596674039; bh=1DHG30R2ZvylZvuml4LZQ95Pg7lZZA5lKVffGbsJU38=; h=Cc:Date:From:Reply-To:Subject:To; b=EPgzomfdxySAjzROobT4HIOQJyxTFrZ6STaAEYNAlLuLryu0AueS7KV+9gmA1GqZhh9 fdo35gfHFu1a2zmNsJ6fzYFxaT6vwp3JgMh/sgOmmLdZB5di1gVNz6DuUtXB/qG9wKhLO K878JxtngjE+BRSFmpSezYeK6iwuVohAmjk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../BaseFspMeasurementLib.inf | 54 +++ .../BaseFspMeasurementLib/FspMeasurementLib.c | 349 ++++++++++++++++++ 2 files changed, 403 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseF= spMeasurementLib.inf create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMe= asurementLib.c diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasu= rementLib.inf b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMe= asurementLib.inf new file mode 100644 index 0000000000..d30168117d --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementL= ib.inf @@ -0,0 +1,54 @@ +## @file +# Provides FSP measurement functions. +# +# This library provides MeasureFspFirmwareBlob() to measure FSP binary. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D FspMeasurementLib + FILE_GUID =3D 9A62C49D-C45A-4322-9F3C-45958DF0056B + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D FspMeasurementLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + FspMeasurementLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + IntelFsp2Pkg/IntelFsp2Pkg.dec + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + PrintLib + PcdLib + PeiServicesLib + PeiServicesTablePointerLib + FspWrapperApiLib + TpmMeasurementLib + HashLib + +[Ppis] + gEdkiiTcgPpiGuid ## CO= NSUMES + +[Pcd] + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CO= NSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CO= NSUMES + diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasureme= ntLib.c b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementL= ib.c new file mode 100644 index 0000000000..316570cd2c --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c @@ -0,0 +1,349 @@ +/** @file + This library is used by FSP modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#pragma pack (1) + +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX= XX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(PLATFORM_FIRMWA= RE_BLOB_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} PLATFORM_FIRMWARE_BLOB2_STRUCT; + +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof(HANDOFF_TABLE_= POINTER_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} HANDOFF_TABLE_POINTERS2_STRUCT; + +#pragma pack () + +/** + Tpm measure and log data, and extend the measurement result into a speci= fic PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, = extended. + @param[in] HashDataLen The length, in bytes, of the buffer referen= ced by HashData + @param[in] Flags Bitmap providing additional information. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +TpmMeasureAndLogDataWithFlags ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen, + IN UINT64 Flags + ) +{ + EFI_STATUS Status; + EDKII_TCG_PPI *TcgPpi; + TCG_PCR_EVENT_HDR TcgEventHdr; + + Status =3D PeiServicesLocatePpi( + &gEdkiiTcgPpiGuid, + 0, + NULL, + (VOID**)&TcgPpi + ); + if (EFI_ERROR(Status)) { + return Status; + } + + TcgEventHdr.PCRIndex =3D PcrIndex; + TcgEventHdr.EventType =3D EventType; + TcgEventHdr.EventSize =3D LogLen; + + Status =3D TcgPpi->HashLogExtendEvent ( + TcgPpi, + Flags, + HashData, + (UINTN)HashDataLen, + &TcgEventHdr, + EventLog + ); + return Status; +} + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +STATIC +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >=3D MAX_ADDRESS) { + return NULL; + } + if (FvLength >=3D MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->Signature !=3D EFI_FVH_SIGNATURE) { + return NULL; + } + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) >= FvLength) { + return NULL; + } + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Mesure a FSP FirmwareBlob. + + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + @param[in] CfgRegionOffset Configuration region offset in bytes. + @param[in] CfgRegionSize Configuration region in bytes. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +STATIC +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlobWithCfg ( + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength, + IN UINT32 CfgRegionOffset, + IN UINT32 CfgRegionSize + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UPDBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UPDBlob2; + VOID *FvName; + UINT32 FvEventType; + VOID *FvEventLog, *UPDEventLog; + UINT32 FvEventLogSize, UPDEventLogSize; + EFI_STATUS Status; + HASH_HANDLE HashHandle; + UINT8 *HashBase; + UINTN HashSize; + TPML_DIGEST_VALUES DigestList; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + ZeroMem (&FvBlob2, sizeof(FvBlob2)); + ZeroMem (&UPDBlob2, sizeof(UPDBlob2)); + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription, sizeof(UPDBlob2.BlobDe= scription), "%aUDP", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription, sizeof(UPDBlob2.BlobDe= scription), "(%g)UDP", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + FvEventLog =3D &FvBlob2; + FvEventLogSize =3D sizeof(FvBlob2); + + UPDBlob2.BlobDescriptionSize =3D sizeof(UPDBlob2.BlobDescription); + UPDBlob2.BlobBase =3D CfgRegionOffset; + UPDBlob2.BlobLength =3D CfgRegionSize; + UPDEventLog =3D &UPDBlob2; + UPDEventLogSize =3D sizeof(UPDBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + FvEventLog =3D &FvBlob; + FvEventLogSize =3D sizeof(FvBlob); + + UPDBlob.BlobBase =3D CfgRegionOffset; + UPDBlob.BlobLength =3D CfgRegionSize; + UPDEventLog =3D &UPDBlob; + UPDEventLogSize =3D sizeof(UPDBlob); + } + + // Initialize a SHA hash context. + Status =3D HashStart (&HashHandle); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status)); + return Status; + } + + // Hash FSP binary before UDP + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase; + HashSize =3D (UINTN) CfgRegionOffset; + Status =3D HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); + return Status; + } + + // Hash FSP binary after UDP + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgR= egionSize; + HashSize =3D (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSiz= e); + Status =3D HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); + return Status; + } + + // Finalize the SHA hash. + Status =3D HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status)); + return Status; + } + + Status =3D TpmMeasureAndLogDataWithFlags ( + 0, + FvEventType, + FvEventLog, + FvEventLogSize, + (UINT8 *) &DigestList, + (UINTN) sizeof(DigestList), + EDKII_TCG_PRE_HASH_LOG_ONLY + ); + + Status =3D TpmMeasureAndLogData ( + 1, + EV_PLATFORM_CONFIG_FLAGS, + UPDEventLog, + UPDEventLogSize, + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset, + CfgRegionSize + ); + + return Status; +} + +FSP_INFO_HEADER * +EFIAPI +mFspFindFspHeader ( + IN EFI_PHYSICAL_ADDRESS FlashFvFspBase + ) +{ + UINT8 *CheckPointer; + + CheckPointer =3D (UINT8 *) (UINTN) FlashFvFspBase; + + if (((EFI_FIRMWARE_VOLUME_HEADER *)CheckPointer)->Signature !=3D EFI_FVH= _SIGNATURE) { + return NULL; + } + + if (((EFI_FIRMWARE_VOLUME_HEADER *)CheckPointer)->ExtHeaderOffset !=3D 0= ) { + CheckPointer =3D CheckPointer + ((EFI_FIRMWARE_VOLUME_HEADER *)CheckPo= inter)->ExtHeaderOffset; + CheckPointer =3D CheckPointer + ((EFI_FIRMWARE_VOLUME_EXT_HEADER *)Che= ckPointer)->ExtHeaderSize; + CheckPointer =3D (UINT8 *) ALIGN_POINTER (CheckPointer, 8); + } else { + CheckPointer =3D CheckPointer + ((EFI_FIRMWARE_VOLUME_HEADER *)CheckPo= inter)->HeaderLength; + } + + + CheckPointer =3D CheckPointer + sizeof (EFI_FFS_FILE_HEADER); + + if (((EFI_RAW_SECTION *)CheckPointer)->Type !=3D EFI_SECTION_RAW) { + return NULL; + } + + CheckPointer =3D CheckPointer + sizeof (EFI_RAW_SECTION); + + return (FSP_INFO_HEADER *)CheckPointer; +} +/** + Mesure a FSP FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Descrption Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + UINT32 FspMeasureMask; + FSP_INFO_HEADER *FspHeaderPtr; + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + if (FspMeasureMask & FSP_MEASURE_FSPUPD) { + FspHeaderPtr =3D (FSP_INFO_HEADER *) mFspFindFspHeader (FirmwareBlobBa= se); + if (FspHeaderPtr =3D=3D NULL) { + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase,= FirmwareBlobLength);; + } + return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, Fi= rmwareBlobLength, + FspHeaderPtr->CfgRegionOffset, Fs= pHeaderPtr->CfgRegionSize); + } else { + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, F= irmwareBlobLength); + } +} + --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63757): https://edk2.groups.io/g/devel/message/63757 Mute This Topic: https://groups.io/mt/76019588/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 18:49:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63758+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63758+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596674041; cv=none; d=zohomail.com; s=zohoarc; b=MZjmhWEulSjE+ieWB+Gp5kDn2c/EvCaXPLO5AkKJ1v4lHx4A8OHM7n97mix+jamGU1Kx996PpaQpl1DvA0gOKJPS6WqM0NNxpwumGFIA+tTlA6kEAdsJebl3VMBEeRA+ZC4GdrMiIX5Tar0CzbmZajwI58TYgcsxdkOinIGOe0c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596674041; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=IdR787ETRWYfrzHrkCOoQ1spB8ihFC+AfRH68Y+3VsY=; b=kF5ypfKuI0rxyBuksZz2fGrFMRQyS1Map9OPoc3+h7gxNR5ZZwq9QySz7ErU/tq8bdTtYhxBxe1C6NN/sYCUesTa1rD2gmZ6axS4y1QBM8m88t7ajvXq3DquoJv3QP2uNum7gpcXl4YKb3XpZ8NbIfzQJ5X4AsThVfnftyFa1cY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63758+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596674041356328.15064234570923; Wed, 5 Aug 2020 17:34:01 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id YTvgYY1788612xk0EmuXvs8X; Wed, 05 Aug 2020 17:34:01 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3442.1596674029695996418 for ; Wed, 05 Aug 2020 17:34:00 -0700 IronPort-SDR: 43RuQveh8BZjK/AjR/KjzLLE+UUQWNaBbIxs1fXLeRCroB5irl42ulBZhNlbOP61GGDXUyUlDm v5bz48Ag8k3Q== X-IronPort-AV: E=McAfee;i="6000,8403,9704"; a="150152841" X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="150152841" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2020 17:34:00 -0700 IronPort-SDR: TVjSEaKdgQa8GzfFslEwmJCmAK6EPzknffbS+j7ZgusC00crOzzN76CRR/3HlPoECCytBzE2+Y LhK4MASWjSKg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="274924424" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga007.fm.intel.com with ESMTP; 05 Aug 2020 17:33:58 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v2 7/9] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement. Date: Thu, 6 Aug 2020 08:33:40 +0800 Message-Id: <20200806003342.17866-8-qi1.zhang@intel.com> In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> References: <20200806003342.17866-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: AjMp7qKkplwjwA6yEs9ebTAJx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596674041; bh=Fn/lwu8MelBF/os8sQFXsGvwvaw5agPiJ/slflRliSw=; h=Cc:Date:From:Reply-To:Subject:To; b=FLkfxEtNyE2xFKpvGQNG2tyCJ1QGUFu9OvkJi1hwhaBq0UpFNI1f/Je4fhJVZeV5Fyk Snc0lBqpi0iHbl/PUdEvj3ela8T+HqUBUAvtaJqxKBMMVH2/1uro2mKIHYDaqk7bvAt/i KCvtPVxWzh3w9ySJr0/gfUHtPP1xLMy5s0E= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++++++++++++++- .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +++-- .../FspsWrapperPeim/FspsWrapperPeim.c | 85 +++++++++++++++++- .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +++--- 4 files changed, 203 insertions(+), 19 deletions(-) diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c b/IntelF= sp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c index 265b77ed60..f1bff46baa 100644 --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c @@ -3,7 +3,7 @@ register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi notify to call FspSiliconInit API. =20 - Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -25,11 +25,14 @@ #include #include #include +#include =20 #include #include #include #include +#include +#include #include #include #include @@ -147,7 +150,21 @@ FspmWrapperInit ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExclud= edFvPpi; + EFI_PEI_PPI_DESCRIPTOR *MeasurementExclud= edPpiList; + + MeasurementExcludedFvPpi =3D AllocatePool (sizeof(*MeasurementExcludedFv= Ppi)); + ASSERT(MeasurementExcludedFvPpi !=3D NULL); + MeasurementExcludedFvPpi->Count =3D 1; + MeasurementExcludedFvPpi->Fv[0].FvBase =3D PcdGet32 (PcdFspmBaseAddress); + MeasurementExcludedFvPpi->Fv[0].FvLength =3D ((EFI_FIRMWARE_VOLUME_HEADE= R *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength; + + MeasurementExcludedPpiList =3D AllocatePool (sizeof(*MeasurementExcluded= PpiList)); + ASSERT(MeasurementExcludedPpiList !=3D NULL); + MeasurementExcludedPpiList->Flags =3D EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_P= EI_PPI_DESCRIPTOR_TERMINATE_LIST; + MeasurementExcludedPpiList->Guid =3D &gEfiPeiFirmwareVolumeInfoMeasurem= entExcludedPpiGuid; + MeasurementExcludedPpiList->Ppi =3D MeasurementExcludedFvPpi; =20 Status =3D EFI_SUCCESS; =20 @@ -155,6 +172,9 @@ FspmWrapperInit ( Status =3D PeiFspMemoryInit (); ASSERT_EFI_ERROR (Status); } else { + Status =3D PeiServicesInstallPpi (MeasurementExcludedPpiList); + ASSERT_EFI_ERROR (Status); + PeiServicesInstallFvInfoPpi ( NULL, (VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress), @@ -167,6 +187,67 @@ FspmWrapperInit ( return Status; } =20 +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc =3D { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINA= TE_LIST), + &gEdkiiTcgPpiGuid, + TcgPpiNotify +}; + +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + UINT32 FspMeasureMask; + + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n")); + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + if (FspMeasureMask & FSP_MEASURE_FSP) { + if (FspMeasureMask & FSP_MEASURE_FSPT) { + MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UIN= TN) PcdGet32 (PcdFsptBaseAddress))->FvLength); + } + if (FspMeasureMask & FSP_MEASURE_FSPM) { + MeasureFspFirmwareBlob (0, "FSPM", PcdGet32(PcdFspmBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UIN= TN) PcdGet32 (PcdFspmBaseAddress))->FvLength); + } + } + + return EFI_SUCCESS; +} + /** This is the entrypoint of PEIM =20 @@ -182,8 +263,13 @@ FspmWrapperPeimEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { + EFI_STATUS Status; + DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n")); =20 + Status =3D PeiServicesNotifyPpi (&mTcgPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + FspmWrapperInit (); =20 return EFI_SUCCESS; diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf b/Inte= lFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf index dce7ef3d0b..c3578397b6 100644 --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf @@ -6,7 +6,7 @@ # register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi # notify to call FspSiliconInit API. # -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -44,17 +44,22 @@ TimerLib FspWrapperApiLib FspWrapperApiTestLib + FspMeasurementLib =20 [Packages] MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec UefiCpuPkg/UefiCpuPkg.dec + SecurityPkg/SecurityPkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec =20 [Pcd] - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES =20 [Sources] FspmWrapperPeim.c @@ -63,5 +68,10 @@ gFspHobGuid ## PRODUCES ## HOB gFspApiPerformanceGuid ## SOMETIMES_CONSUMES ## GUID =20 +[Ppis] + gEdkiiTcgPpiGuid ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES + [Depex] - gEfiPeiMasterBootModePpiGuid + gEfiPeiMasterBootModePpiGuid AND + gPeiTpmInitializationDonePpiGuid diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c b/IntelF= sp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c index b20f0805a0..6d023b75ef 100644 --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c @@ -3,7 +3,7 @@ register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi notify to call FspSiliconInit API. =20 - Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -24,12 +24,15 @@ #include #include #include +#include =20 #include #include #include #include #include +#include +#include #include #include #include @@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExclud= edFvPpi; + EFI_PEI_PPI_DESCRIPTOR *MeasurementExclud= edPpiList; + + MeasurementExcludedFvPpi =3D AllocatePool (sizeof(*MeasurementExcludedFv= Ppi)); + ASSERT(MeasurementExcludedFvPpi !=3D NULL); + MeasurementExcludedFvPpi->Count =3D 1; + MeasurementExcludedFvPpi->Fv[0].FvBase =3D PcdGet32 (PcdFspsBaseAddress); + MeasurementExcludedFvPpi->Fv[0].FvLength =3D ((EFI_FIRMWARE_VOLUME_HEADE= R *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength; + + MeasurementExcludedPpiList =3D AllocatePool (sizeof(*MeasurementExcluded= PpiList)); + ASSERT(MeasurementExcludedPpiList !=3D NULL); + MeasurementExcludedPpiList->Flags =3D EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_P= EI_PPI_DESCRIPTOR_TERMINATE_LIST; + MeasurementExcludedPpiList->Guid =3D &gEfiPeiFirmwareVolumeInfoMeasurem= entExcludedPpiGuid; + MeasurementExcludedPpiList->Ppi =3D MeasurementExcludedFvPpi; + + Status =3D PeiServicesInstallPpi (MeasurementExcludedPpiList); + ASSERT_EFI_ERROR (Status); + // // FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI di= spatcher. // @@ -398,6 +419,61 @@ FspsWrapperInitDispatchMode ( return Status; } =20 +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc =3D { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINA= TE_LIST), + &gEdkiiTcgPpiGuid, + TcgPpiNotify +}; + +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + UINT32 FspMeasureMask; + + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n")); + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + if ((FspMeasureMask & FSP_MEASURE_FSP) && (FspMeasureMask & FSP_MEASURE_= FSPS)) { + MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN= ) PcdGet32 (PcdFspsBaseAddress))->FvLength); + } + + return EFI_SUCCESS; +} + /** This is the entrypoint of PEIM. =20 @@ -413,8 +489,13 @@ FspsWrapperPeimEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { + EFI_STATUS Status; + DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n")); =20 + Status =3D PeiServicesNotifyPpi (&mTcgPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + if (PcdGet8 (PcdFspModeSelection) =3D=3D 1) { FspsWrapperInitApiMode (); } else { diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf b/Inte= lFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf index 7da92991c8..884514747f 100644 --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf @@ -6,7 +6,7 @@ # register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi # notify to call FspSiliconInit API. # -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -44,24 +44,30 @@ PerformanceLib FspWrapperApiLib FspWrapperApiTestLib + FspMeasurementLib =20 [Packages] MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec UefiCpuPkg/UefiCpuPkg.dec + SecurityPkg/SecurityPkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec =20 [Ppis] - gTopOfTemporaryRamPpiGuid ## PRODUCES - gFspSiliconInitDonePpiGuid ## PRODUCES - gEfiEndOfPeiSignalPpiGuid ## PRODUCES - gEfiTemporaryRamDonePpiGuid ## PRODUCES - gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY + gTopOfTemporaryRamPpiGuid ## PRODUCES + gFspSiliconInitDonePpiGuid ## PRODUCES + gEfiEndOfPeiSignalPpiGuid ## PRODUCES + gEfiTemporaryRamDonePpiGuid ## PRODUCES + gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY + gEdkiiTcgPpiGuid ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES =20 [Pcd] - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES =20 [Guids] gFspHobGuid ## CONSUMES ## HOB @@ -71,4 +77,5 @@ FspsWrapperPeim.c =20 [Depex] - gEfiPeiMemoryDiscoveredPpiGuid + gEfiPeiMemoryDiscoveredPpiGuid AND + gPeiTpmInitializationDonePpiGuid --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63758): https://edk2.groups.io/g/devel/message/63758 Mute This Topic: https://groups.io/mt/76019591/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 18:49:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63759+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63759+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596674043; cv=none; d=zohomail.com; s=zohoarc; b=G1Z8Zvr5zJcYnnW7SNY1gJHw7H3iU8Lp1r2cf0WlX1fNOD5MYWDfwveCziOseFFyXPzo1ofhBKLCXUsRY9wF9soNE9Ycc/99wIkRlhmG22H0YZX/St9YMZwH8T7h4WoCxMrSMml72cxpHdKrAEn9fY6h/G12Xf4z4JCW8lt+xDQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596674043; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=lHjBxAhEagD5Y/yUTCczG8okeMv8U2UvA1gWEBrkxws=; b=dzJ6KpanM2HU95vBEEavgedmZv7IOeUZ4kRasRD1j6wlnyZxFI7cI5sS/u3jImJuCuoSz5AtvHBVAig1LRReXzPAukiTgyBGgFURSE58EiSqE6gMG5QyYFAflOLfs44Vn7mpJI/XRVlSb1iATJl6HhaPeQq56SkDE7HNwhyWKQo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63759+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596674043105136.19110437072015; Wed, 5 Aug 2020 17:34:03 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id IJC1YY1788612xF9a2OEsR1M; Wed, 05 Aug 2020 17:34:02 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3442.1596674029695996418 for ; Wed, 05 Aug 2020 17:34:02 -0700 IronPort-SDR: ulzW3BdSLcdbfxhmVJui3cITga9+kQ/CZXpyziqQR4zvImr0VHgAd20eR/CeZ1IETyW//ic3Gh rv/DMFKRG9YQ== X-IronPort-AV: E=McAfee;i="6000,8403,9704"; a="150152852" X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="150152852" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2020 17:34:02 -0700 IronPort-SDR: I5bRaV1q6+0vtR9qXzQBqVQiynzcLjLMafrWO1C5DPfkPkHhGV4ihQhmirRdEWdy6tv/EEXMuG 3Vjd7NjD1MZg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="274924461" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga007.fm.intel.com with ESMTP; 05 Aug 2020 17:34:00 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v2 8/9] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig. Date: Thu, 6 Aug 2020 08:33:41 +0800 Message-Id: <20200806003342.17866-9-qi1.zhang@intel.com> In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> References: <20200806003342.17866-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: 8knaqbYsPN9z5oyq1hI9XbPTx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596674042; bh=Fk/+VypCknxXTtt56+OIKJNh5EFGQ8yMAovFHKvSXec=; h=Cc:Date:From:Reply-To:Subject:To; b=WDkzeDXo2G+GmsSho0iSTtmzcivSgzQ+cqIbkj1MGK8Kswyg3Kf0cJoeRpDpwYl+eyH wopujPvSmoYU4ETv9DkZCmpZv6W7M/ysHC4kTz+3O9ufCLrM+YRw6AAEV+OIrqGxwthX7 AdQMRTtyFLqQTSRoR/oaJQpEGp0F6FyawTo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 +++++++++++++++++ IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 5 ++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec b/IntelFsp2Wrapper= Pkg/IntelFsp2WrapperPkg.dec index faf2be621c..4bd3250571 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec @@ -92,6 +92,23 @@ # gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection|0x00000001|UINT8|0x4= 000000A =20 + ## This PCD decides how FSP is measured + # 1) The BootGuard ACM may already measured the FSP component, such as F= SPT/FSPM. + # We need a flag (PCD) to indicate if there is need to do such FSP measu= rement or NOT. + # 2) The FSP binary includes FSP code and FSP UPD region. The UPD region= is considered + # as configuration block, and it may be updated by OEM by design. + # This flag (PCD) is to indicate if we need isolate the the UPD region f= rom the FSP code region. + # BIT0: Need measure FSP. (for FSP1.x) - reserved in FSP2. + # BIT1: Need measure FSPT. (for FSP 2.x) + # BIT2: Need measure FSPM. (for FSP 2.x) + # BIT3: Need measure FSPS. (for FSP 2.x) + # BIT4~30: reserved. + # BIT31: Need isolate UPD region measurement. + #0: measure FSP[T|M|S] as one binary in one record (PCR0). + #1: measure FSP UPD region in one record (PCR1), the FSP code without = UPD in another record (PCR0). + # + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x0000000F|UINT3= 2|0x4000000B + [PcdsFixedAtBuild, PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] # ## These are the base address of FSP-M/S diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2Wrapper= Pkg/IntelFsp2WrapperPkg.dsc index cb4f69285d..5c0d509be4 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc @@ -1,7 +1,7 @@ ## @file # Provides drivers and definitions to support fsp in EDKII bios. # -# Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -45,6 +45,7 @@ # FSP Wrapper Lib FspWrapperApiLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/BaseFs= pWrapperApiLib.inf FspWrapperApiTestLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiTestLi= bNull/BaseFspWrapperApiTestLibNull.inf + FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Base= FspMeasurementLib.inf =20 # FSP platform sample FspWrapperPlatformLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperPlatform= LibSample/BaseFspWrapperPlatformLibSample.inf @@ -57,6 +58,7 @@ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasure= mentLib.inf =20 [LibraryClasses.common.DXE_DRIVER] UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf @@ -73,6 +75,7 @@ IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSample/SecFspWrap= perPlatformSecLibSample.inf IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProcessLibSample/PeiFspWrapp= erHobProcessLibSample.inf IntelFsp2WrapperPkg/Library/PeiFspWrapperApiTestLib/PeiFspWrapperApiTest= Lib.inf + IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.= inf =20 IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63759): https://edk2.groups.io/g/devel/message/63759 Mute This Topic: https://groups.io/mt/76019592/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon Apr 29 18:49:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+63760+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63760+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1596674047; cv=none; d=zohomail.com; s=zohoarc; b=TbURQV1VqvPCGg2Txlv7p0UEUWLjDaZgkZcJkY4Nvd/eks7OhiWEZwmJ3UHbQg7jYXOHaym49seWD6/T/VJtf8B+oGOhSbMTZ3lAZ6e80833wt6T15MEfKDoGPyoS25R3r/BUEcFWj1Z10WFUtKANcvI9iBIVqhC7NIMOgjx7wU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1596674047; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=1v6EkZYxq888HebiudnjPpoPcPQtTRW7lypSMV81Ieg=; b=TY9G8rm7NnpEw4UUguiGW3Lh0eklPgjXGNI4S+mlLJMV/WoFgLDA70DHfBalgrASg+fTwDIM6ohovB2RZHMG9Zmi0VpeVf1liemA547CZgWEEFLskgs0BdXDI/tV2yEpgL/u16bEIWcUBpW8fshvyRvscY6xJ+hN+nM8ECR02vU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+63760+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1596674047632268.98880778777516; Wed, 5 Aug 2020 17:34:07 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ChwIYY1788612xcKv5PqIouk; Wed, 05 Aug 2020 17:34:07 -0700 X-Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3442.1596674029695996418 for ; Wed, 05 Aug 2020 17:34:03 -0700 IronPort-SDR: vEGgnIVBrFir9zrJVWX3A6qQsd+CVosPeIbBnGdcVYCFujbJcyGNXWzUZj74IgZvGXDjQB0eKl 0i47h46J83EA== X-IronPort-AV: E=McAfee;i="6000,8403,9704"; a="150152862" X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="150152862" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2020 17:34:03 -0700 IronPort-SDR: N/851xkmH8VZik1HnBvMaFdrvtCDiNXqE3wtc0YEwOilWfxooOcr3Woj6SDR+FAqaCItb0ES0+ JlSkpLDOqk/g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="274924491" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga007.fm.intel.com with ESMTP; 05 Aug 2020 17:34:02 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Rahul Kumar Subject: [edk2-devel] [PATCH v2 9/9] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY Date: Thu, 6 Aug 2020 08:33:42 +0800 Message-Id: <20200806003342.17866-10-qi1.zhang@intel.com> In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> References: <20200806003342.17866-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: t50aZUgpMCLz8L4FWTeoFrFLx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1596674047; bh=//azuZ67AHZgpBbdhe6s0ime9BvXpmUi7EqCQ8fg6VM=; h=Cc:Date:From:Reply-To:Subject:To; b=rZKrMuvPxS61Y/2pMQHVdaqqBTQqpKIn9DFJBlbjHkcEN3zmFkJScaggG0hVDTl8u6o +qG1rFG6h8xLlEnvrTkqzrO1rvYFTq68y7TjiV9WLbMo/Aec9uRSMJ5rCFGF8UTnFs3+i Dm//gIzo7pWiy4nv3NdheCn0OBbA82EaRR4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Qi Zhang Reviewed-by: Jian J Wang --- SecurityPkg/Include/Ppi/Tcg.h | 5 +++++ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h index 0e943f2465..22f47f9817 100644 --- a/SecurityPkg/Include/Ppi/Tcg.h +++ b/SecurityPkg/Include/Ppi/Tcg.h @@ -18,6 +18,11 @@ typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI; // #define EDKII_TCG_PRE_HASH 0x0000000000000001 =20 +// +// This bit is shall be set when HashData is the pre-hash digest and log o= nly. +// +#define EDKII_TCG_PRE_HASH_LOG_ONLY 0x0000000000000002 + /** Tpm measure and log data, and extend the measurement result into a speci= fic PCR. =20 diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 246968bb7f..b56b03746c 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -453,13 +453,15 @@ HashLogExtendEvent ( return EFI_DEVICE_ERROR; } =20 - if(Flags & EDKII_TCG_PRE_HASH) { + if ((Flags & EDKII_TCG_PRE_HASH) || (Flags & EDKII_TCG_PRE_HASH_LOG_ONLY= )) { ZeroMem (&DigestList, sizeof(DigestList)); CopyMem (&DigestList, HashData, sizeof(DigestList)); - Status =3D Tpm2PcrExtend ( - 0, - &DigestList - ); + if (Flags & EDKII_TCG_PRE_HASH) { + Status =3D Tpm2PcrExtend ( + NewEventHdr->PCRIndex, + &DigestList + ); + } } else { Status =3D HashAndExtend ( NewEventHdr->PCRIndex, --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63760): https://edk2.groups.io/g/devel/message/63760 Mute This Topic: https://groups.io/mt/76019593/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-