From nobody Mon Feb 9 09:22:29 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64277+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64277+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597386735; cv=none; d=zohomail.com; s=zohoarc; b=G1cV2+swg4qwrDV/mgx4NXjhz3t8Onb7vhU/0xi9zMCARoPnKKqmWXnCFz95JCUhAQgQacaAida/asdViLe33vfHypjwN2/HMMEN0nzW1qQqPbesUOvaMJWWX9uwEZTYQ4PMH6fhtzUfPPD7DOss48bVUy6i1ypPGCqPS7L7eLc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597386735; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=lmp06llbODr85QH++W41rX1tnN524dk5FBv+Rl+I3C8=; b=Oy4/VFwuY4XafHiBAvN2dwRuGdKF6KCsu9vdM2ho8pMtE8aHb1mW4L9z1t+V1gPsaOXcz+nBIVWWkUU3al3Itf1Dvf78fC4xArj/USYGLchFFipDxj6jTC951PD7y5MLCHqQgJqheiMy0HP+PtYmcCZJ4ZqwMb/A4JVBJYw8zkg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64277+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597386735398745.5767968408322; Thu, 13 Aug 2020 23:32:15 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 8J0sYY1788612xex9pA6qWlD; Thu, 13 Aug 2020 23:32:14 -0700 X-Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web11.12912.1597386729279274811 for ; Thu, 13 Aug 2020 23:32:14 -0700 IronPort-SDR: 2qKSTVWN5I2p/ymlUysLLHnWpdu6yee6KG8ineKG0iob0lgBkgRoHw1Uog+SlMXw+LdiPPQgL5 U4W5ljR2DtxA== X-IronPort-AV: E=McAfee;i="6000,8403,9712"; a="218695839" X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="218695839" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Aug 2020 23:32:14 -0700 IronPort-SDR: oVU2PJ856mY/4+jwIkqPlda77poOLtJV4f/rQTehRwQkkqlEXVjmFhmfWT1efMlNeKJLKIaLQt pQJavryMPaMA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,311,1592895600"; d="scan'208";a="470494173" X-Received: from unknown (HELO shwdeSSSDDPDQI.ccr.corp.intel.com) ([10.239.158.153]) by orsmga005.jf.intel.com with ESMTP; 13 Aug 2020 23:32:12 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v3 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib. Date: Fri, 14 Aug 2020 14:31:54 +0800 Message-Id: <20200814063159.2477-4-qi1.zhang@intel.com> In-Reply-To: <20200814063159.2477-1-qi1.zhang@intel.com> References: <20200814063159.2477-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: 1CoQMZHmYwOSYiQL7dvNaPBAx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597386734; bh=/8gvGSOtbVAl5DfjxUdZQ/iiU0TLYfUO5aJB6/QY8V8=; h=Cc:Date:From:Reply-To:Subject:To; b=qAqHws+bTp8RV042vTJRaH407UOA6lCZVMzDq5MO+svfSSPFLyVdGy5Dd9bS59lZUXv 8HKzbZSFvAfV2kdSdxZrRJqVsuUuEJFvMCwCEsyQ3NjJc1GBLSKudBUM6faXCZALmLBxW 6BVtJifXh/eMln0KS4LDTaKaX4ioU38GAgw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao Reviewed-by: Chasel Chiu --- .../BaseFspMeasurementLib.inf | 54 ++++ .../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++ 2 files changed, 302 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseF= spMeasurementLib.inf create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMe= asurementLib.c diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasu= rementLib.inf b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMe= asurementLib.inf new file mode 100644 index 0000000000..9c0dd9fb40 --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementL= ib.inf @@ -0,0 +1,54 @@ +## @file +# Provides FSP measurement functions. +# +# This library provides MeasureFspFirmwareBlob() to measure FSP binary. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D FspMeasurementLib + FILE_GUID =3D 9A62C49D-C45A-4322-9F3C-45958DF0056B + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D FspMeasurementLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + FspMeasurementLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + IntelFsp2Pkg/IntelFsp2Pkg.dec + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + PrintLib + PcdLib + PeiServicesLib + PeiServicesTablePointerLib + FspWrapperApiLib + FvEventLogRecordLib + HashLib + +[Ppis] + gEdkiiTcgPpiGuid ## CO= NSUMES + +[Pcd] + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CO= NSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CO= NSUMES + diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasureme= ntLib.c b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementL= ib.c new file mode 100644 index 0000000000..adb4393426 --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c @@ -0,0 +1,248 @@ +/** @file + This library is used by FSP modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +/** + Tpm measure and log data, and extend the measurement result into a speci= fic PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, = extended. + @param[in] HashDataLen The length, in bytes, of the buffer referen= ced by HashData + @param[in] Flags Bitmap providing additional information. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +TpmMeasureAndLogDataWithFlags ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen, + IN UINT64 Flags + ) +{ + EFI_STATUS Status; + EDKII_TCG_PPI *TcgPpi; + TCG_PCR_EVENT_HDR TcgEventHdr; + + Status =3D PeiServicesLocatePpi( + &gEdkiiTcgPpiGuid, + 0, + NULL, + (VOID**)&TcgPpi + ); + if (EFI_ERROR(Status)) { + return Status; + } + + TcgEventHdr.PCRIndex =3D PcrIndex; + TcgEventHdr.EventType =3D EventType; + TcgEventHdr.EventSize =3D LogLen; + + Status =3D TcgPpi->HashLogExtendEvent ( + TcgPpi, + Flags, + HashData, + (UINTN)HashDataLen, + &TcgEventHdr, + EventLog + ); + return Status; +} + +/** + Measure a FSP FirmwareBlob. + + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + @param[in] CfgRegionOffset Configuration region offset in bytes. + @param[in] CfgRegionSize Configuration region in bytes. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +STATIC +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlobWithCfg ( + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength, + IN UINT32 CfgRegionOffset, + IN UINT32 CfgRegionSize + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UpdBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UpdBlob2; + VOID *FvName; + UINT32 FvEventType; + VOID *FvEventLog, *UpdEventLog; + UINT32 FvEventLogSize, UpdEventLogSize; + EFI_STATUS Status; + HASH_HANDLE HashHandle; + UINT8 *HashBase; + UINTN HashSize; + TPML_DIGEST_VALUES DigestList; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDe= scription), "%aUDP", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDe= scription), "(%g)UDP", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + FvEventLog =3D &FvBlob2; + FvEventLogSize =3D sizeof(FvBlob2); + + UpdBlob2.BlobDescriptionSize =3D sizeof(UpdBlob2.BlobDescription); + UpdBlob2.BlobBase =3D CfgRegionOffset; + UpdBlob2.BlobLength =3D CfgRegionSize; + UpdEventLog =3D &UpdBlob2; + UpdEventLogSize =3D sizeof(UpdBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + FvEventLog =3D &FvBlob; + FvEventLogSize =3D sizeof(FvBlob); + + UpdBlob.BlobBase =3D CfgRegionOffset; + UpdBlob.BlobLength =3D CfgRegionSize; + UpdEventLog =3D &UpdBlob; + UpdEventLogSize =3D sizeof(UpdBlob); + } + + /** Initialize a SHA hash context. **/ + Status =3D HashStart (&HashHandle); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status)); + return Status; + } + + /** Hash FSP binary before UDP **/ + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase; + HashSize =3D (UINTN) CfgRegionOffset; + Status =3D HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); + return Status; + } + + /** Hash FSP binary after UDP **/ + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgR= egionSize; + HashSize =3D (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSiz= e); + Status =3D HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); + return Status; + } + + /** Finalize the SHA hash. **/ + Status =3D HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status)); + return Status; + } + + Status =3D TpmMeasureAndLogDataWithFlags ( + 0, + FvEventType, + FvEventLog, + FvEventLogSize, + (UINT8 *) &DigestList, + (UINTN) sizeof(DigestList), + EDKII_TCG_PRE_HASH_LOG_ONLY + ); + + Status =3D TpmMeasureAndLogData ( + 1, + EV_PLATFORM_CONFIG_FLAGS, + UpdEventLog, + UpdEventLogSize, + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset, + CfgRegionSize + ); + + return Status; +} + +/** + Measure a FSP FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + UINT32 FspMeasureMask; + FSP_INFO_HEADER *FspHeaderPtr; + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + if ((FspMeasureMask & FSP_MEASURE_FSPUPD) !=3D 0) { + FspHeaderPtr =3D (FSP_INFO_HEADER *) FspFindFspHeader (FirmwareBlobBas= e); + if (FspHeaderPtr !=3D NULL) { + return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, Fi= rmwareBlobLength, + FspHeaderPtr->CfgRegionOffset, Fs= pHeaderPtr->CfgRegionSize); + } + } + + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, Fir= mwareBlobLength); +} + --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64277): https://edk2.groups.io/g/devel/message/64277 Mute This Topic: https://groups.io/mt/76183469/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-