From nobody Thu May 2 02:28:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64275+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64275+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597386732; cv=none; d=zohomail.com; s=zohoarc; b=EeMtQ8U5Z3dai0RdcoJ8i/01JxcyE2OR6Ok/zJBzba3IHueSdNrGho6XnO3GhcBfrCSKFmGP9VJk2QOtzLa4CAcXEqqWFKqj4HZy3Ny/yRnWzZ9WtcDpCbt2RdgYOb6w2IMmZ+vx67pErDwdlAEAxKKEtdChQ/VsMum00fOSzeE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597386732; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=RSL1dWww9omCFBItaSO8pgcfJwpy6nQUYBALNgxJRHU=; b=WYfpWcF6K4FbjwCQhAaUTBYti1iA4ACgSI8vnXmM83d8tkElhbofG8XAKkcdo9IehrogSQBny3Zy0SdgPDl61hT4J05Ku8NULnG+s8DG6ulgw/UWpQzEy2rzgCozSmzflXI5pF3lnWlhrXR+2NDwL+YrSNGRNvvHN1kuO0h5yro= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64275+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597386732248265.14156296024487; Thu, 13 Aug 2020 23:32:12 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id ZFTlYY1788612xeozst9qyzt; Thu, 13 Aug 2020 23:32:11 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web11.12912.1597386729279274811 for ; Thu, 13 Aug 2020 23:32:10 -0700 IronPort-SDR: LjyowQpfheZ2mpN3DJssqvoX0wAvuXF96zGUXhFSsjwtNqy6aortCHSM0Ae1N2F2RTuBO0/dfN QRiCeb5gjCgg== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="218695797" X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="218695797" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 23:32:10 -0700 IronPort-SDR: VEvaQ8sY0MWRSxnkU1XAWqVADh9aA4FFm6nY1sN2rzh/w82Kl/5/x7GuoaT1robDxbvd8IduaQ XyR6oddzptgA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="470494149" X-Received: from unknown (HELO shwdeSSSDDPDQI.ccr.corp.intel.com) ([10.239.158.153]) by orsmga005.jf.intel.com with ESMTP; 13 Aug 2020 23:32:08 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang Subject: [edk2-devel] [PATCH v3 1/8] SecurityPkg/FvEventLogRecordLib: add new lib for firmware measurement Date: Fri, 14 Aug 2020 14:31:52 +0800 Message-Id: <20200814063159.2477-2-qi1.zhang@intel.com> In-Reply-To: <20200814063159.2477-1-qi1.zhang@intel.com> References: <20200814063159.2477-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: TUwHko7D8kqhuQ4pITwlTcrHx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597386731; bh=1LFjq6dT+0L2Mg9qSM6VMvVBgjYffeyE4c7EWLR/fHM=; h=Cc:Date:From:Reply-To:Subject:To; b=W9zg8kbyi+0pnG6jbdI0HPZbCj7pkmCGjChijBrqLT3vlM+IeF1cHK6h7oSsnMbJyNV JyUksResm+Ai/LxsE3p3m68H7is79xxC3GgiQzBLhcrdhVGKra6JNAukIcaMN3vIRsFSK QIoL7mwsXoks5Tvr6ECnWgFghccsWbwxNTo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Qi Zhang --- .../Include/Library/FvEventLogRecordLib.h | 97 +++++++++ .../FvEventLogRecordLib/FvEventLogRecordLib.c | 197 ++++++++++++++++++ .../FvEventLogRecordLib.inf | 40 ++++ .../FvEventLogRecordLib.uni | 17 ++ 4 files changed, 351 insertions(+) create mode 100644 SecurityPkg/Include/Library/FvEventLogRecordLib.h create mode 100644 SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecor= dLib.c create mode 100644 SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecor= dLib.inf create mode 100644 SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecor= dLib.uni diff --git a/SecurityPkg/Include/Library/FvEventLogRecordLib.h b/SecurityPk= g/Include/Library/FvEventLogRecordLib.h new file mode 100644 index 0000000000..e70717ed1b --- /dev/null +++ b/SecurityPkg/Include/Library/FvEventLogRecordLib.h @@ -0,0 +1,97 @@ +/** @file + This library is used by other modules to measure Firmware to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _FV_EVENTLOGRECORD_LIB_H_ +#define _FV_EVENTLOGRECORD_LIB_H_ + +#include + +#pragma pack (1) + +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX= XX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(PLATFORM_FIRMWA= RE_BLOB_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} PLATFORM_FIRMWARE_BLOB2_STRUCT; + +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof(HANDOFF_TABLE_= POINTER_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} HANDOFF_TABLE_POINTERS2_STRUCT; + +#pragma pack () + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ); + +/** + Measure a FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ); + +/** + Measure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurement. + @param[in] Description Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ); + +#endif diff --git a/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.c = b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.c new file mode 100644 index 0000000000..93d708cde1 --- /dev/null +++ b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.c @@ -0,0 +1,197 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >=3D MAX_ADDRESS) { + return NULL; + } + if (FvLength >=3D MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->Signature !=3D EFI_FVH_SIGNATURE) { + return NULL; + } + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) >= FvLength) { + return NULL; + } + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Measure a FirmwareBlob. + + @param[in] PcrIndex PcrIndex of the measurement. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2; + VOID *FvName; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + EventLog =3D &FvBlob2; + EventLogSize =3D sizeof(FvBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + EventLog =3D &FvBlob; + EventLogSize =3D sizeof(FvBlob); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + (VOID*)(UINTN)FirmwareBlobBase, + FirmwareBlobLength + ); + + return Status; +} + +/** + Measure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurement. + @param[in] Description Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ) +{ + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + if ((Description !=3D NULL) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTab= les2.TableDescription), "%a", Description); + + HandoffTables2.TableDescriptionSize =3D sizeof(HandoffTables2.TableDes= cription); + HandoffTables2.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid); + HandoffTables2.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES2; + EventLog =3D &HandoffTables2; + EventLogSize =3D sizeof(HandoffTables2); + } else { + HandoffTables.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid); + HandoffTables.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES; + EventLog =3D &HandoffTables; + EventLogSize =3D sizeof(HandoffTables); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + TableAddress, + TableLength + ); + return Status; +} diff --git a/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.in= f b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf new file mode 100644 index 0000000000..4299c57e5b --- /dev/null +++ b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf @@ -0,0 +1,40 @@ +## @file +# Provides interface for firmwware TPM measurement +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D FvEventLogRecordLib + MODULE_UNI_FILE =3D FvEventLogRecordLib.uni + FILE_GUID =3D F8125B2A-3922-4A22-A6F8-3B6159A25A3B + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D NULL + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + FvEventLogRecordLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + PcdLib + TpmMeasurementLib + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## = CONSUMES diff --git a/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.un= i b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.uni new file mode 100644 index 0000000000..b1ca410074 --- /dev/null +++ b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.uni @@ -0,0 +1,17 @@ +// /** @file +// Provides interface for firmwware TPM measurement +// +// This library provides MeasureFirmwareBlob() and MeasureHandoffTable() +// to measure and log data, and extend the measurement result into a speci= fic PCR. +// +// Copyright (c) 2020, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides Firmware= TPM measurement functions for TPM1.2 and TPM 2.0" + +#string STR_MODULE_DESCRIPTION #language en-US "This library prov= ides MeasureFirmwareBlob() and MeasureHandoffTable() to measure and log dat= a, and extend the measurement result into a specific PCR." + --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64275): https://edk2.groups.io/g/devel/message/64275 Mute This Topic: https://groups.io/mt/76183466/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 02:28:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64276+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64276+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597386733; cv=none; d=zohomail.com; s=zohoarc; b=fVWTWxWFxwS3OUA/jKxXvBuE9Ykl7Nyd4Cj/1S+184AUvNh+FRDH+Y1ec0onnPzbmQay7QGZ7sklOKECLZkaCOuXJqzrPwT91AMxRHCIh+mEILNbG8beqLwtaORXZFFB86+ld5bzRuA77rLWJ8bvVqEvr747rGqjc948cJ2OPFc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597386733; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=UiMzxcdttMAWu8S/J2+EThU0WlblaoR3oAqWrq0C7sg=; b=PNdgED4aIESQZxNBpXwB1bDGCV9vlXsKjL2LezI6i76yyVj8JCmr5B623yq/x2RGsdCgMGX5lZPN85esEkF20NSLHdrT8wsN8ZvZD1mst56xEBQ4dUls+IaGTWDoV4UySrUUEYCjJ45QstUsXE0ZYPubb2ZEn5ZT+Zxcdvg6/ok= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64276+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597386733337681.0218770933916; Thu, 13 Aug 2020 23:32:13 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id HoxzYY1788612xzTOq9IyWrU; Thu, 13 Aug 2020 23:32:12 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web11.12912.1597386729279274811 for ; Thu, 13 Aug 2020 23:32:12 -0700 IronPort-SDR: RMpd/r+3kMaLei8ZJAfYM73V2iRo7SN8dQOX2yC2qpjLL+XZEF3YjlZMqmkp98hS6s8joY38hW Ox/Ltu76HpNA== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="218695822" X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="218695822" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 23:32:11 -0700 IronPort-SDR: HrejYCYa1VApCvJa8NJLtKeWCyHKST8WbUcb42Z8/eUTcd5HMQtRT99k628oUf1ISa1pL6+7TK sJpi/rvHkMAA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="470494154" X-Received: from unknown (HELO shwdeSSSDDPDQI.ccr.corp.intel.com) ([10.239.158.153]) by orsmga005.jf.intel.com with ESMTP; 13 Aug 2020 23:32:10 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v3 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file. Date: Fri, 14 Aug 2020 14:31:53 +0800 Message-Id: <20200814063159.2477-3-qi1.zhang@intel.com> In-Reply-To: <20200814063159.2477-1-qi1.zhang@intel.com> References: <20200814063159.2477-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: IhWKY22wZ9tsysEoTwJfWN5Nx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597386732; bh=1PYE2/GpSOohuVV97VmR583WrHmS536qbBNDmxh1YwQ=; h=Cc:Date:From:Reply-To:Subject:To; b=rHaLaSbZIjn0W2jhzIfYacccGOAdc5gijeboGVvGM1jo4PInCcApJT1XwVbrN0FLHp2 40K9PhUB+Usw/HuFOeWd1xa2XW7YjY/5YB3R1K7kqZEPuWScMTMf2G1QKmH3ohfU2warq snb19OPGOARcsfLA80hlJ2/xYWm6kwt+rgk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../Include/Library/FspMeasurementLib.h | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h b/Inte= lFsp2WrapperPkg/Include/Library/FspMeasurementLib.h new file mode 100644 index 0000000000..4620b4b08e --- /dev/null +++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h @@ -0,0 +1,39 @@ +/** @file + This library is used by FSP modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _FSP_MEASUREMENT_LIB_H_ +#define _FSP_MEASUREMENT_LIB_H_ + +#define FSP_MEASURE_FSP BIT0 +#define FSP_MEASURE_FSPT BIT1 +#define FSP_MEASURE_FSPM BIT2 +#define FSP_MEASURE_FSPS BIT3 +#define FSP_MEASURE_FSPUPD BIT31 + +/** + Measure a FSP FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ); +#endif --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64276): https://edk2.groups.io/g/devel/message/64276 Mute This Topic: https://groups.io/mt/76183468/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 02:28:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64277+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64277+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597386735; cv=none; d=zohomail.com; s=zohoarc; b=G1cV2+swg4qwrDV/mgx4NXjhz3t8Onb7vhU/0xi9zMCARoPnKKqmWXnCFz95JCUhAQgQacaAida/asdViLe33vfHypjwN2/HMMEN0nzW1qQqPbesUOvaMJWWX9uwEZTYQ4PMH6fhtzUfPPD7DOss48bVUy6i1ypPGCqPS7L7eLc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597386735; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=lmp06llbODr85QH++W41rX1tnN524dk5FBv+Rl+I3C8=; b=Oy4/VFwuY4XafHiBAvN2dwRuGdKF6KCsu9vdM2ho8pMtE8aHb1mW4L9z1t+V1gPsaOXcz+nBIVWWkUU3al3Itf1Dvf78fC4xArj/USYGLchFFipDxj6jTC951PD7y5MLCHqQgJqheiMy0HP+PtYmcCZJ4ZqwMb/A4JVBJYw8zkg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64277+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597386735398745.5767968408322; Thu, 13 Aug 2020 23:32:15 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8J0sYY1788612xex9pA6qWlD; Thu, 13 Aug 2020 23:32:14 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web11.12912.1597386729279274811 for ; Thu, 13 Aug 2020 23:32:14 -0700 IronPort-SDR: 2qKSTVWN5I2p/ymlUysLLHnWpdu6yee6KG8ineKG0iob0lgBkgRoHw1Uog+SlMXw+LdiPPQgL5 U4W5ljR2DtxA== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="218695839" X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="218695839" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 23:32:14 -0700 IronPort-SDR: oVU2PJ856mY/4+jwIkqPlda77poOLtJV4f/rQTehRwQkkqlEXVjmFhmfWT1efMlNeKJLKIaLQt pQJavryMPaMA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="470494173" X-Received: from unknown (HELO shwdeSSSDDPDQI.ccr.corp.intel.com) ([10.239.158.153]) by orsmga005.jf.intel.com with ESMTP; 13 Aug 2020 23:32:12 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v3 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib. Date: Fri, 14 Aug 2020 14:31:54 +0800 Message-Id: <20200814063159.2477-4-qi1.zhang@intel.com> In-Reply-To: <20200814063159.2477-1-qi1.zhang@intel.com> References: <20200814063159.2477-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: 1CoQMZHmYwOSYiQL7dvNaPBAx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597386734; bh=/8gvGSOtbVAl5DfjxUdZQ/iiU0TLYfUO5aJB6/QY8V8=; h=Cc:Date:From:Reply-To:Subject:To; b=qAqHws+bTp8RV042vTJRaH407UOA6lCZVMzDq5MO+svfSSPFLyVdGy5Dd9bS59lZUXv 8HKzbZSFvAfV2kdSdxZrRJqVsuUuEJFvMCwCEsyQ3NjJc1GBLSKudBUM6faXCZALmLBxW 6BVtJifXh/eMln0KS4LDTaKaX4ioU38GAgw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao Reviewed-by: Chasel Chiu --- .../BaseFspMeasurementLib.inf | 54 ++++ .../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++ 2 files changed, 302 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseF= spMeasurementLib.inf create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMe= asurementLib.c diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasu= rementLib.inf b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMe= asurementLib.inf new file mode 100644 index 0000000000..9c0dd9fb40 --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementL= ib.inf @@ -0,0 +1,54 @@ +## @file +# Provides FSP measurement functions. +# +# This library provides MeasureFspFirmwareBlob() to measure FSP binary. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D FspMeasurementLib + FILE_GUID =3D 9A62C49D-C45A-4322-9F3C-45958DF0056B + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D FspMeasurementLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + FspMeasurementLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + IntelFsp2Pkg/IntelFsp2Pkg.dec + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + PrintLib + PcdLib + PeiServicesLib + PeiServicesTablePointerLib + FspWrapperApiLib + FvEventLogRecordLib + HashLib + +[Ppis] + gEdkiiTcgPpiGuid ## CO= NSUMES + +[Pcd] + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CO= NSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CO= NSUMES + diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasureme= ntLib.c b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementL= ib.c new file mode 100644 index 0000000000..adb4393426 --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c @@ -0,0 +1,248 @@ +/** @file + This library is used by FSP modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +/** + Tpm measure and log data, and extend the measurement result into a speci= fic PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, = extended. + @param[in] HashDataLen The length, in bytes, of the buffer referen= ced by HashData + @param[in] Flags Bitmap providing additional information. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +TpmMeasureAndLogDataWithFlags ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen, + IN UINT64 Flags + ) +{ + EFI_STATUS Status; + EDKII_TCG_PPI *TcgPpi; + TCG_PCR_EVENT_HDR TcgEventHdr; + + Status =3D PeiServicesLocatePpi( + &gEdkiiTcgPpiGuid, + 0, + NULL, + (VOID**)&TcgPpi + ); + if (EFI_ERROR(Status)) { + return Status; + } + + TcgEventHdr.PCRIndex =3D PcrIndex; + TcgEventHdr.EventType =3D EventType; + TcgEventHdr.EventSize =3D LogLen; + + Status =3D TcgPpi->HashLogExtendEvent ( + TcgPpi, + Flags, + HashData, + (UINTN)HashDataLen, + &TcgEventHdr, + EventLog + ); + return Status; +} + +/** + Measure a FSP FirmwareBlob. + + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + @param[in] CfgRegionOffset Configuration region offset in bytes. + @param[in] CfgRegionSize Configuration region in bytes. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +STATIC +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlobWithCfg ( + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength, + IN UINT32 CfgRegionOffset, + IN UINT32 CfgRegionSize + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UpdBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UpdBlob2; + VOID *FvName; + UINT32 FvEventType; + VOID *FvEventLog, *UpdEventLog; + UINT32 FvEventLogSize, UpdEventLogSize; + EFI_STATUS Status; + HASH_HANDLE HashHandle; + UINT8 *HashBase; + UINTN HashSize; + TPML_DIGEST_VALUES DigestList; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDe= scription), "%aUDP", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDe= scription), "(%g)UDP", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + FvEventLog =3D &FvBlob2; + FvEventLogSize =3D sizeof(FvBlob2); + + UpdBlob2.BlobDescriptionSize =3D sizeof(UpdBlob2.BlobDescription); + UpdBlob2.BlobBase =3D CfgRegionOffset; + UpdBlob2.BlobLength =3D CfgRegionSize; + UpdEventLog =3D &UpdBlob2; + UpdEventLogSize =3D sizeof(UpdBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + FvEventLog =3D &FvBlob; + FvEventLogSize =3D sizeof(FvBlob); + + UpdBlob.BlobBase =3D CfgRegionOffset; + UpdBlob.BlobLength =3D CfgRegionSize; + UpdEventLog =3D &UpdBlob; + UpdEventLogSize =3D sizeof(UpdBlob); + } + + /** Initialize a SHA hash context. **/ + Status =3D HashStart (&HashHandle); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status)); + return Status; + } + + /** Hash FSP binary before UDP **/ + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase; + HashSize =3D (UINTN) CfgRegionOffset; + Status =3D HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); + return Status; + } + + /** Hash FSP binary after UDP **/ + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgR= egionSize; + HashSize =3D (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSiz= e); + Status =3D HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); + return Status; + } + + /** Finalize the SHA hash. **/ + Status =3D HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status)); + return Status; + } + + Status =3D TpmMeasureAndLogDataWithFlags ( + 0, + FvEventType, + FvEventLog, + FvEventLogSize, + (UINT8 *) &DigestList, + (UINTN) sizeof(DigestList), + EDKII_TCG_PRE_HASH_LOG_ONLY + ); + + Status =3D TpmMeasureAndLogData ( + 1, + EV_PLATFORM_CONFIG_FLAGS, + UpdEventLog, + UpdEventLogSize, + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset, + CfgRegionSize + ); + + return Status; +} + +/** + Measure a FSP FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + UINT32 FspMeasureMask; + FSP_INFO_HEADER *FspHeaderPtr; + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + if ((FspMeasureMask & FSP_MEASURE_FSPUPD) !=3D 0) { + FspHeaderPtr =3D (FSP_INFO_HEADER *) FspFindFspHeader (FirmwareBlobBas= e); + if (FspHeaderPtr !=3D NULL) { + return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, Fi= rmwareBlobLength, + FspHeaderPtr->CfgRegionOffset, Fs= pHeaderPtr->CfgRegionSize); + } + } + + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, Fir= mwareBlobLength); +} + --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64277): https://edk2.groups.io/g/devel/message/64277 Mute This Topic: https://groups.io/mt/76183469/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 02:28:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64278+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64278+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597386737; cv=none; d=zohomail.com; s=zohoarc; b=l0ohUAyqij2mMbVGrQg5qiIuNslerB0CVLA6e332BjpM8mGTo7rGGv8xfBYk1FPW3WtKElqkCyy5hqWwZeVJSmTBeSP2wvXvSFRATs6RAGq1OUNnllIM99d0SWJOhEzmqO88KOQYUhgMMd4Xd1cLBPaxKALR8HaDAtic6DxCnss= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597386737; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=mOozb3/E0RriAtJ5WqX/Y1anqetGvAPD92TxAkgKutc=; b=nslGbc+j7zk1i3OUj0+j6kX2VZ9qXl7J1zHjMUjK6KLeWPd0/MZhZgR1Bh0GvwCnRon+zh3b6XOZndU6kwRckrxLC1zOQ7GzF+J5ylsdZVJUhsgmTsaf5Ki3CEEhQkTIY/F5JLznKAuTt5OGRDF/l9QBsJAur7S1o9YsQK31bGI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64278+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597386737708994.1282569236301; Thu, 13 Aug 2020 23:32:17 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id RSzZYY1788612xYYvJO9N7dn; Thu, 13 Aug 2020 23:32:17 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web11.12912.1597386729279274811 for ; Thu, 13 Aug 2020 23:32:16 -0700 IronPort-SDR: Jb2NL9mMEebkwCPWQq0ACr+wfA2G2jQ1qPJKZNniTRwxxoDF3w2qwA/jufNpBU7regn1kMc2k/ xhbhVuQDHeaw== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="218695859" X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="218695859" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 23:32:16 -0700 IronPort-SDR: ZJfoq/A0sxZ+XyW5dSon9IDTim70dCM9ijFgQA0SbNNb1pIXK0XVU61KORA3n/fqmiczGTJLKk vf3VRkCsnYHg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="470494181" X-Received: from unknown (HELO shwdeSSSDDPDQI.ccr.corp.intel.com) ([10.239.158.153]) by orsmga005.jf.intel.com with ESMTP; 13 Aug 2020 23:32:14 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v3 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement. Date: Fri, 14 Aug 2020 14:31:55 +0800 Message-Id: <20200814063159.2477-5-qi1.zhang@intel.com> In-Reply-To: <20200814063159.2477-1-qi1.zhang@intel.com> References: <20200814063159.2477-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: z6arzgdabBV5yDl2aS5FnhPYx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597386737; bh=bPc53q3L1TLvEkxpoPUrdEoqUVLcIjbd1KDZYIZdPtU=; h=Cc:Date:From:Reply-To:Subject:To; b=QiHj7NcxmRyVa0SQxDRdjy0JgePgVF0WMi+5k5CBpdkQr3eMekXrDsmhY6rC10axD1n D3pj7CtM5dcUFahuZ208/SNbmVshptcy48R+gP2QXceYYG1pyzSH9rVps21c32mDwqCxz XoJgapc24yNQK+DQOPsltVc8xGYXl4F2Jmc= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao Reviewed-by: Chasel Chiu --- .../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++++++++++++++- .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +++-- .../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++++++++++++++- .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +++--- 4 files changed, 204 insertions(+), 19 deletions(-) diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c b/IntelF= sp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c index 265b77ed60..24ab534620 100644 --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c @@ -3,7 +3,7 @@ register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi notify to call FspSiliconInit API. =20 - Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -25,11 +25,14 @@ #include #include #include +#include =20 #include #include #include #include +#include +#include #include #include #include @@ -147,7 +150,21 @@ FspmWrapperInit ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExclud= edFvPpi; + EFI_PEI_PPI_DESCRIPTOR *MeasurementExclud= edPpiList; + + MeasurementExcludedFvPpi =3D AllocatePool (sizeof(*MeasurementExcludedFv= Ppi)); + ASSERT(MeasurementExcludedFvPpi !=3D NULL); + MeasurementExcludedFvPpi->Count =3D 1; + MeasurementExcludedFvPpi->Fv[0].FvBase =3D PcdGet32 (PcdFspmBaseAddress); + MeasurementExcludedFvPpi->Fv[0].FvLength =3D ((EFI_FIRMWARE_VOLUME_HEADE= R *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength; + + MeasurementExcludedPpiList =3D AllocatePool (sizeof(*MeasurementExcluded= PpiList)); + ASSERT(MeasurementExcludedPpiList !=3D NULL); + MeasurementExcludedPpiList->Flags =3D EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_P= EI_PPI_DESCRIPTOR_TERMINATE_LIST; + MeasurementExcludedPpiList->Guid =3D &gEfiPeiFirmwareVolumeInfoMeasurem= entExcludedPpiGuid; + MeasurementExcludedPpiList->Ppi =3D MeasurementExcludedFvPpi; =20 Status =3D EFI_SUCCESS; =20 @@ -155,6 +172,9 @@ FspmWrapperInit ( Status =3D PeiFspMemoryInit (); ASSERT_EFI_ERROR (Status); } else { + Status =3D PeiServicesInstallPpi (MeasurementExcludedPpiList); + ASSERT_EFI_ERROR (Status); + PeiServicesInstallFvInfoPpi ( NULL, (VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress), @@ -167,6 +187,67 @@ FspmWrapperInit ( return Status; } =20 +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc =3D { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINA= TE_LIST), + &gEdkiiTcgPpiGuid, + TcgPpiNotify +}; + +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + UINT32 FspMeasureMask; + + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n")); + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + + if ((FspMeasureMask & FSP_MEASURE_FSPT) !=3D 0) { + MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN= ) PcdGet32 (PcdFsptBaseAddress))->FvLength); + } + + if ((FspMeasureMask & FSP_MEASURE_FSPM) !=3D 0) { + MeasureFspFirmwareBlob (0, "FSPM", PcdGet32(PcdFspmBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN= ) PcdGet32 (PcdFspmBaseAddress))->FvLength); + } + + return EFI_SUCCESS; +} + /** This is the entrypoint of PEIM =20 @@ -182,8 +263,13 @@ FspmWrapperPeimEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { + EFI_STATUS Status; + DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n")); =20 + Status =3D PeiServicesNotifyPpi (&mTcgPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + FspmWrapperInit (); =20 return EFI_SUCCESS; diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf b/Inte= lFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf index dce7ef3d0b..c3578397b6 100644 --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf @@ -6,7 +6,7 @@ # register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi # notify to call FspSiliconInit API. # -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -44,17 +44,22 @@ TimerLib FspWrapperApiLib FspWrapperApiTestLib + FspMeasurementLib =20 [Packages] MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec UefiCpuPkg/UefiCpuPkg.dec + SecurityPkg/SecurityPkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec =20 [Pcd] - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES =20 [Sources] FspmWrapperPeim.c @@ -63,5 +68,10 @@ gFspHobGuid ## PRODUCES ## HOB gFspApiPerformanceGuid ## SOMETIMES_CONSUMES ## GUID =20 +[Ppis] + gEdkiiTcgPpiGuid ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES + [Depex] - gEfiPeiMasterBootModePpiGuid + gEfiPeiMasterBootModePpiGuid AND + gPeiTpmInitializationDonePpiGuid diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c b/IntelF= sp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c index b20f0805a0..9d4f279e81 100644 --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c @@ -3,7 +3,7 @@ register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi notify to call FspSiliconInit API. =20 - Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -24,12 +24,15 @@ #include #include #include +#include =20 #include #include #include #include #include +#include +#include #include #include #include @@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExclud= edFvPpi; + EFI_PEI_PPI_DESCRIPTOR *MeasurementExclud= edPpiList; + + MeasurementExcludedFvPpi =3D AllocatePool (sizeof(*MeasurementExcludedFv= Ppi)); + ASSERT(MeasurementExcludedFvPpi !=3D NULL); + MeasurementExcludedFvPpi->Count =3D 1; + MeasurementExcludedFvPpi->Fv[0].FvBase =3D PcdGet32 (PcdFspsBaseAddress); + MeasurementExcludedFvPpi->Fv[0].FvLength =3D ((EFI_FIRMWARE_VOLUME_HEADE= R *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength; + + MeasurementExcludedPpiList =3D AllocatePool (sizeof(*MeasurementExcluded= PpiList)); + ASSERT(MeasurementExcludedPpiList !=3D NULL); + MeasurementExcludedPpiList->Flags =3D EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_P= EI_PPI_DESCRIPTOR_TERMINATE_LIST; + MeasurementExcludedPpiList->Guid =3D &gEfiPeiFirmwareVolumeInfoMeasurem= entExcludedPpiGuid; + MeasurementExcludedPpiList->Ppi =3D MeasurementExcludedFvPpi; + + Status =3D PeiServicesInstallPpi (MeasurementExcludedPpiList); + ASSERT_EFI_ERROR (Status); + // // FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI di= spatcher. // @@ -398,6 +419,62 @@ FspsWrapperInitDispatchMode ( return Status; } =20 +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc =3D { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINA= TE_LIST), + &gEdkiiTcgPpiGuid, + TcgPpiNotify +}; + +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + UINT32 FspMeasureMask; + + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n")); + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + + if ((FspMeasureMask & FSP_MEASURE_FSPS) !=3D 0) { + MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN= ) PcdGet32 (PcdFspsBaseAddress))->FvLength); + } + + return EFI_SUCCESS; +} + /** This is the entrypoint of PEIM. =20 @@ -413,8 +490,13 @@ FspsWrapperPeimEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { + EFI_STATUS Status; + DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n")); =20 + Status =3D PeiServicesNotifyPpi (&mTcgPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + if (PcdGet8 (PcdFspModeSelection) =3D=3D 1) { FspsWrapperInitApiMode (); } else { diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf b/Inte= lFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf index 7da92991c8..884514747f 100644 --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf @@ -6,7 +6,7 @@ # register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi # notify to call FspSiliconInit API. # -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -44,24 +44,30 @@ PerformanceLib FspWrapperApiLib FspWrapperApiTestLib + FspMeasurementLib =20 [Packages] MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec UefiCpuPkg/UefiCpuPkg.dec + SecurityPkg/SecurityPkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec =20 [Ppis] - gTopOfTemporaryRamPpiGuid ## PRODUCES - gFspSiliconInitDonePpiGuid ## PRODUCES - gEfiEndOfPeiSignalPpiGuid ## PRODUCES - gEfiTemporaryRamDonePpiGuid ## PRODUCES - gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY + gTopOfTemporaryRamPpiGuid ## PRODUCES + gFspSiliconInitDonePpiGuid ## PRODUCES + gEfiEndOfPeiSignalPpiGuid ## PRODUCES + gEfiTemporaryRamDonePpiGuid ## PRODUCES + gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY + gEdkiiTcgPpiGuid ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES =20 [Pcd] - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES =20 [Guids] gFspHobGuid ## CONSUMES ## HOB @@ -71,4 +77,5 @@ FspsWrapperPeim.c =20 [Depex] - gEfiPeiMemoryDiscoveredPpiGuid + gEfiPeiMemoryDiscoveredPpiGuid AND + gPeiTpmInitializationDonePpiGuid --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64278): https://edk2.groups.io/g/devel/message/64278 Mute This Topic: https://groups.io/mt/76183470/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 02:28:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64279+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64279+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597386738; cv=none; d=zohomail.com; s=zohoarc; b=WYC4S3voJW0Hu+Okj2JdEiWJ+BxBy97ugh+yKk3f0bxAzn7mJRy5UexijMn7nMMLNVsiBukEjOEjKP12Vvg9BuClDoU5tf5y1DVbWXi721xTFHpDOn9vCy2F8WejilE/w2ou2fl9rMsfbv6/Udoe6bLQB8bUpX7ssaw7dTfYOlE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597386738; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=qc3F4Eqv1WmgCf2P3Hi3gnqYR70O62WNUpfeEBj9Gi4=; b=bIjABBqZ5RqcvD/YILNEdOkWbrjm1wkM9IniH8S3Ij9CSW5/z748JQWc+aYw3/DswoEGEKezd2ygNsw4dNgT7ZMKKgYxCsqh0xgkklsFLAlT1wWE1aOzV8Vs9OnVjo6O8UW6+3wZWTjp9KpKudVA5PXIyCzUogjHYi8TqDVU7oc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64279+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597386738916133.08926951426554; Thu, 13 Aug 2020 23:32:18 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id nXpiYY1788612xcZvmdMbxcZ; Thu, 13 Aug 2020 23:32:18 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web11.12912.1597386729279274811 for ; Thu, 13 Aug 2020 23:32:18 -0700 IronPort-SDR: B6g+bJSepLiSabDWbW+r9tI7wmgsyvg4KjMMCrgf0n0+z6gKmogkC9gJGjUMNooWHivx6PE0Rd ewYtH3K39bXQ== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="218695870" X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="218695870" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 23:32:17 -0700 IronPort-SDR: LBcPBmTgIQmA4JRYB3drDavC09Q+Gyawem8RnVIBRkr7U8Ao59TLijkaz4ND6Vu+0C4pwbYgAq h8GfRA07GU2g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="470494186" X-Received: from unknown (HELO shwdeSSSDDPDQI.ccr.corp.intel.com) ([10.239.158.153]) by orsmga005.jf.intel.com with ESMTP; 13 Aug 2020 23:32:16 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang Subject: [edk2-devel] [PATCH v3 5/8] SecurityPkg/dsc: add FvEventLogRecordLib Date: Fri, 14 Aug 2020 14:31:56 +0800 Message-Id: <20200814063159.2477-6-qi1.zhang@intel.com> In-Reply-To: <20200814063159.2477-1-qi1.zhang@intel.com> References: <20200814063159.2477-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: 9wbcmIxsVVU1aX05FXuCU5UTx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597386738; bh=jTC7CFqWlso/ovvX5rs96WNSBQBcgFS/OaVNo8wSIPY=; h=Cc:Date:From:Reply-To:Subject:To; b=ZImqK0PLaF9Xkes5vDpUpEDPb1ZO1IpRkX2zicG2LIgEKbSBmK/lWiOBKrHjvCkKK+E U9rs+PAlyURrGrNUr78II9znnY43cHpj+yoQlZvTzOQ1IGo5QgFRqpdogV9v7belQNgP7 9pIHwqQ3ixZ0l67RiOVBgLoUwnXOg8c/a0g= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Qi Zhang --- SecurityPkg/SecurityPkg.dec | 3 +++ SecurityPkg/SecurityPkg.dsc | 2 ++ 2 files changed, 5 insertions(+) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 42fc48cc1f..d20a800f68 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -84,6 +84,9 @@ # VariableKeyLib|Include/Library/VariableKeyLib.h =20 + ## @libraryclass Provides interfaces about firmware TPM measurement. + # + FvEventLogRecordLib|Include/Library/FvEventLogRecordLib.h [Guids] ## Security package token space guid. # Include/Guid/SecurityPkgTokenSpace.h diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 28effe3eda..38e6d0f1a5 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -66,6 +66,7 @@ ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSyst= emLibNull.inf VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull= .inf RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf + FvEventLogRecordLib|SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRe= cordLib.inf =20 [LibraryClasses.ARM] # @@ -240,6 +241,7 @@ SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf + SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf =20 [Components.IA32, Components.X64, Components.ARM, Components.AARCH64] SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64279): https://edk2.groups.io/g/devel/message/64279 Mute This Topic: https://groups.io/mt/76183471/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 02:28:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64280+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64280+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597386741; cv=none; d=zohomail.com; s=zohoarc; b=Bk/g2HKsSh/bmdvm2/jFiMxCE73VYmH4qTR25+HM5568sv9cmcaiY/RZrOkUUcaSE/TzMSgVPXFaogd2QAJZ+MO9EmBaMdneHuFmstM7RHOmAV5g2PZC1ryNH3TarNrI9pvqyStABKGgM6p0+koDMuLuUllQHhuNkCq2VE/SfYI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597386741; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=CBqpN2mAvvVZJYodhYmsRKlscy+eiUtU7ikKF9BUPHQ=; b=nZ30UAxQKVmMGMGEdjot7651XGaj3gHYQOfdYR8BXInQU6HAuv6gfUNcFcVHAQY/KH0ns+L0M4zwhCArkfDIcqkmQiTONlB70ZyU568xISyRV56Rky+Q1ziQ9E5ZoXjHbCb+N52D9exPKFz8KMmhueb3Ypka/6k5vFrYVDnlwRs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64280+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597386741216921.5961273657446; Thu, 13 Aug 2020 23:32:21 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id eQPTYY1788612xZ8JACW189e; Thu, 13 Aug 2020 23:32:20 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web11.12912.1597386729279274811 for ; Thu, 13 Aug 2020 23:32:20 -0700 IronPort-SDR: 261xBofm2TTsDlr55gZNzBDT5nARUvCWedV6m8Bmkzv0TEPh4YNDql1WenyWZMVW+IbOly1dYR bv4sbVpjVHPA== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="218695883" X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="218695883" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 23:32:19 -0700 IronPort-SDR: +uKQiDRcOX4YX/iV6fX3c5XOJoiFYd5KsG6fq3Do7coUBXpwah3hXXjQw7wLsg5O/8jzbJncKr RSQyQUs74eQA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="470494207" X-Received: from unknown (HELO shwdeSSSDDPDQI.ccr.corp.intel.com) ([10.239.158.153]) by orsmga005.jf.intel.com with ESMTP; 13 Aug 2020 23:32:17 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v3 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig. Date: Fri, 14 Aug 2020 14:31:57 +0800 Message-Id: <20200814063159.2477-7-qi1.zhang@intel.com> In-Reply-To: <20200814063159.2477-1-qi1.zhang@intel.com> References: <20200814063159.2477-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: m72ZUbMpU6eV2a276FbR3XChx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597386740; bh=h/d0CiHZt7arhbBzmDo8uKo01o/MTJMBr53ae5LVD+Y=; h=Cc:Date:From:Reply-To:Subject:To; b=DRpPtPYLTitMe1GsNqvjyS5eKcN9QCfvqMiZZO8seG5hTjAZ52y0OsouMKxL0CNub7C Ez3Ci17+qVM9aAemkFBKvzdn/833e2w8FPeGBvqc/98J/m1NjlPUj4e08J8/4fMItIN8w GvJV/Al5IEvJZ+e3VO4JwNsCKNi+nB+BOvw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 +++++++++++++++++ IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 6 +++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec b/IntelFsp2Wrapper= Pkg/IntelFsp2WrapperPkg.dec index faf2be621c..cb41ca9807 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec @@ -92,6 +92,23 @@ # gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection|0x00000001|UINT8|0x4= 000000A =20 + ## This PCD decides how FSP is measured + # 1) The BootGuard ACM may already measured the FSP component, such as F= SPT/FSPM. + # We need a flag (PCD) to indicate if there is need to do such FSP measu= rement or NOT. + # 2) The FSP binary includes FSP code and FSP UPD region. The UPD region= is considered + # as configuration block, and it may be updated by OEM by design. + # This flag (PCD) is to indicate if we need isolate the the UPD region f= rom the FSP code region. + # BIT0: Need measure FSP. (for FSP1.x) - reserved in FSP2. + # BIT1: Need measure FSPT. (for FSP 2.x) + # BIT2: Need measure FSPM. (for FSP 2.x) + # BIT3: Need measure FSPS. (for FSP 2.x) + # BIT4~30: reserved. + # BIT31: Need isolate UPD region measurement. + #0: measure FSP[T|M|S] as one binary in one record (PCR0). + #1: measure FSP UPD region in one record (PCR1), the FSP code without = UPD in another record (PCR0). + # + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x00000000|UINT3= 2|0x4000000B + [PcdsFixedAtBuild, PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] # ## These are the base address of FSP-M/S diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2Wrapper= Pkg/IntelFsp2WrapperPkg.dsc index cb4f69285d..9bed45b89b 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc @@ -1,7 +1,7 @@ ## @file # Provides drivers and definitions to support fsp in EDKII bios. # -# Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -45,6 +45,7 @@ # FSP Wrapper Lib FspWrapperApiLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/BaseFs= pWrapperApiLib.inf FspWrapperApiTestLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiTestLi= bNull/BaseFspWrapperApiTestLibNull.inf + FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Base= FspMeasurementLib.inf =20 # FSP platform sample FspWrapperPlatformLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperPlatform= LibSample/BaseFspWrapperPlatformLibSample.inf @@ -57,6 +58,8 @@ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasure= mentLib.inf + FvEventLogRecordLib|SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRe= cordLib.inf =20 [LibraryClasses.common.DXE_DRIVER] UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf @@ -73,6 +76,7 @@ IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSample/SecFspWrap= perPlatformSecLibSample.inf IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProcessLibSample/PeiFspWrapp= erHobProcessLibSample.inf IntelFsp2WrapperPkg/Library/PeiFspWrapperApiTestLib/PeiFspWrapperApiTest= Lib.inf + IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.= inf =20 IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64280): https://edk2.groups.io/g/devel/message/64280 Mute This Topic: https://groups.io/mt/76183472/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 02:28:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64281+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64281+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597386744; cv=none; d=zohomail.com; s=zohoarc; b=ciHRhkDxLkUJ9lYBJIzWQ4ZIn6zcJyjDZRXJrWTI287UwoDUgE2QGhNUZMm5XjWhzuWtiTYXRvUtAYoNvaqvHW6FfIrG92vNLe1+aTj4iNMKFeXIouRjBxuaGp7tWOVE2xmKVYV+C4FDi7+qXM1bfhxHEpSXJ/c/4cqbeDFvz+o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597386744; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=BihJ7QWWXJs5nFY745Vt9kFzR/TQMKjWHFCV5O9THM4=; b=khVwYcsI5OeU7c5OxHPp9NO69XhM8iHoWQ2AA59Jipp7G1GWMYPTojebq9HgHjQoL1l6n+/NnnmsprGKqpyAwG/+wZcDsiFwnXfH3N1VzGObdVtmwSq7c3Sza5l8FNwYH5TddgbkYD6lO39i2cX4tWCs2fTdpYXtoDCZsLghPtI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64281+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597386744705799.5849286380786; Thu, 13 Aug 2020 23:32:24 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 2ZktYY1788612xKnu72ETvKX; Thu, 13 Aug 2020 23:32:22 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web11.12912.1597386729279274811 for ; Thu, 13 Aug 2020 23:32:21 -0700 IronPort-SDR: yxmO4L76khsSa/Min8w1rr1kinCDxbVX/99pqldZkpfRfIcFpFiTp5OR09mvXNP/GIReMvW3M8 6KqObCFxX7aA== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="218695903" X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="218695903" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 23:32:21 -0700 IronPort-SDR: qxYm3O84wTgidTAsCfAG9yF01aN07k0i9Aij80AOvDXGJwyFvaanC1+8ohlYh5+YJzwJ0+VDZ0 kggH28ddXnjg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="470494228" X-Received: from unknown (HELO shwdeSSSDDPDQI.ccr.corp.intel.com) ([10.239.158.153]) by orsmga005.jf.intel.com with ESMTP; 13 Aug 2020 23:32:19 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Rahul Kumar Subject: [edk2-devel] [PATCH v3 7/8] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY Date: Fri, 14 Aug 2020 14:31:58 +0800 Message-Id: <20200814063159.2477-8-qi1.zhang@intel.com> In-Reply-To: <20200814063159.2477-1-qi1.zhang@intel.com> References: <20200814063159.2477-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: ShRUXtleIy78o1ts1UGgqCHxx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597386742; bh=hbEMrRhnPcJU80BCEOQxufcfvMF3qCvO2CBYV2M29MA=; h=Cc:Date:From:Reply-To:Subject:To; b=SgjwUqvLvBi802Q9sZ/dOl1R6agFjEfgoX0uWhlimtC8eG6LB7Z6mA2KOngKRd4WZOa pXyBQx+vdo5O99wPXksjTLnk6z6mLit2W9nwQqF6PHxXySgeQfq1pomJi5oKSCqCeexf6 s+4e5OE4Yld16nV82G3rBrnZ1F9EhbJD7rk= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Qi Zhang --- SecurityPkg/Include/Ppi/Tcg.h | 5 +++++ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h index 0e943f2465..22f47f9817 100644 --- a/SecurityPkg/Include/Ppi/Tcg.h +++ b/SecurityPkg/Include/Ppi/Tcg.h @@ -18,6 +18,11 @@ typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI; // #define EDKII_TCG_PRE_HASH 0x0000000000000001 =20 +// +// This bit is shall be set when HashData is the pre-hash digest and log o= nly. +// +#define EDKII_TCG_PRE_HASH_LOG_ONLY 0x0000000000000002 + /** Tpm measure and log data, and extend the measurement result into a speci= fic PCR. =20 diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 246968bb7f..0e770f4485 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -453,13 +453,15 @@ HashLogExtendEvent ( return EFI_DEVICE_ERROR; } =20 - if(Flags & EDKII_TCG_PRE_HASH) { + if ((Flags & EDKII_TCG_PRE_HASH) !=3D 0 || (Flags & EDKII_TCG_PRE_HASH_L= OG_ONLY) !=3D 0) { ZeroMem (&DigestList, sizeof(DigestList)); CopyMem (&DigestList, HashData, sizeof(DigestList)); - Status =3D Tpm2PcrExtend ( - 0, - &DigestList - ); + if ((Flags & EDKII_TCG_PRE_HASH) !=3D0 ) { + Status =3D Tpm2PcrExtend ( + NewEventHdr->PCRIndex, + &DigestList + ); + } } else { Status =3D HashAndExtend ( NewEventHdr->PCRIndex, --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64281): https://edk2.groups.io/g/devel/message/64281 Mute This Topic: https://groups.io/mt/76183473/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Thu May 2 02:28:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64282+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64282+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597386744; cv=none; d=zohomail.com; s=zohoarc; b=m1ra+FO5kDx5s93GYpVDmRl7auV3a49Eb87Z+yLLGclvX0PWX+avzVc5vd+Y144K/LyDqmW48QZBYR8vsxAQWTHKY03DgUES9ej0y2yptrrIhKybddtRZAECG3QE/7TGHqNT4Q9FpuKzA2D9zHI+wCeaPXyLwSXLlZlK7S/zeoo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597386744; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=4JSudW4uLnyZEhpYNeX8xRi14N/zaYzjY34eHWyXpxY=; b=HWml5ta2uBmVJXI9Lgk8+o7s9D2jjXcrWUBme53daDYqYwlYv4T7FDNSb2cdhzrkfYNuv0J7xOd0piOWiIKJxqQ26u2H11pTx8+ciRWYfDtNMkHvXbm8ufVkw/y3JajpA7ETLzRnZLvb58+d3X6QSUB3x3vlh4MmeEyXEWwVOU0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64282+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597386744470219.95473698405772; Thu, 13 Aug 2020 23:32:24 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id vhHDYY1788612xCqgoMckHnL; Thu, 13 Aug 2020 23:32:23 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web11.12912.1597386729279274811 for ; Thu, 13 Aug 2020 23:32:23 -0700 IronPort-SDR: oIv5vJfV2S8zdVm2iwSvaSeniBL7MOWAleCO3mTVJCYieRQ8QuROjLMpAKd7zNwE5Ra1KSeFe8 Jeorg1i5gYjA== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="218695916" X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="218695916" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 23:32:23 -0700 IronPort-SDR: MEZ09vPhxhUnHqFEfE8G+SadrcV4rSSN3U3J+OobR1cdnoFVQUeUTXITbEtLR5/QYdzVMX1U9A O6NLBx1YWd2g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="470494238" X-Received: from unknown (HELO shwdeSSSDDPDQI.ccr.corp.intel.com) ([10.239.158.153]) by orsmga005.jf.intel.com with ESMTP; 13 Aug 2020 23:32:21 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng Subject: [edk2-devel] [PATCH v3 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib Date: Fri, 14 Aug 2020 14:31:59 +0800 Message-Id: <20200814063159.2477-9-qi1.zhang@intel.com> In-Reply-To: <20200814063159.2477-1-qi1.zhang@intel.com> References: <20200814063159.2477-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: GjbBSqJMYOxwnsgrb1V2Pnlwx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597386743; bh=TQXk/Zjt8tru97MHvbPWCOC8bSbWUE5Fb+xVsynSOtI=; h=Cc:Date:From:Reply-To:Subject:To; b=aP/+R02WB4B+dy4cdiVHbRhYkOlxu2J+Nq/epIDoK3g+yTUkr9g0jUSuYmpHuBFy3oo JILX7gkHDwoi4rTeBPQpjSglxaOXSvyp6vd+1bUZKOlk2x6aamlrBbTuW3rbq/+CT9w8j QygsmWQighEmX7Bh0YFDAW4CSRtNRndii5s= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Signed-off-by: Qi Zhang Reviewed-by: Chasel Chiu --- IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2Wrapper= Pkg/IntelFsp2WrapperPkg.dsc index 9bed45b89b..767d547844 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc @@ -52,6 +52,8 @@ PlatformSecLib|IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSa= mple/SecFspWrapperPlatformSecLibSample.inf FspWrapperHobProcessLib|IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProc= essLibSample/PeiFspWrapperHobProcessLibSample.inf =20 + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + [LibraryClasses.common.PEIM,LibraryClasses.common.PEI_CORE] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/Pei= ServicesTablePointerLib.inf @@ -60,6 +62,8 @@ HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasure= mentLib.inf FvEventLogRecordLib|SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRe= cordLib.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRou= terPei.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf =20 [LibraryClasses.common.DXE_DRIVER] UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64282): https://edk2.groups.io/g/devel/message/64282 Mute This Topic: https://groups.io/mt/76183474/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-