From nobody Fri May 3 11:51:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64355+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64355+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597731990; cv=none; d=zohomail.com; s=zohoarc; b=mPgJr3binVIkOc7tOs5mUYY2HTdeoZzV1CsbKD5Rep2umxeJVLx4D1yH4NRny9hir8/M8RKokQBB97oBHBo6mFSBuveCwBS0C8ajPf12vR7YUdOS3N3dTfWFOhoy6/YD/QD1nNl5M0vQaAx75P5iSZLtHMF9RrlEUf8N2kv//lM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597731990; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=yNas/eYUruzvVtwBFDXcwY7Qou2GWgZH5W1ihvktpbI=; b=RU1nDNDJf0wJKToR7vpkF9Wu7scZPzo64Wf/HseDzejRnLdBelQ+6Y2K3NYafW0li9YDZMBNY7Dh9NwprFnIsDc49NwRTy40zUd0OZv9eH5XVp83r5jbL/4W82yeeeZKFO36yjORjFoG5qkiv7kKZrgaG8CAlSfRMU98gqoYK1Q= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64355+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597731990675152.41374125884624; Mon, 17 Aug 2020 23:26:30 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id A9JRYY1788612xSUtiriQxhL; Mon, 17 Aug 2020 23:26:30 -0700 X-Received: from mga09.intel.com (mga09.intel.com []) by mx.groups.io with SMTP id smtpd.web12.60531.1597731984824754947 for ; Mon, 17 Aug 2020 23:26:26 -0700 IronPort-SDR: DQ6rAGnQXy01MKnONAgUS0qD21m1y+dgwxrRDe9gPGNcEprAHbsYAZps5R/yYy3uLEYUoMbuFN 2ZqzXvb4sCQw== X-IronPort-AV: E=McAfee;i="6000,8403,9716"; a="155932618" X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="155932618" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Aug 2020 23:26:25 -0700 IronPort-SDR: sdY8x0jsayTq35uiUTO9yegbTi34UEL4zBRoJKWEQmrxOCv4Do4/UvYYZDSvHgRQLUhj4a5M0/ rLaFTA+PWboQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="441118158" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.158.153]) by orsmga004.jf.intel.com with ESMTP; 17 Aug 2020 23:26:24 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang Subject: [edk2-devel] [PATCH v4 1/8] SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement Date: Tue, 18 Aug 2020 14:26:11 +0800 Message-Id: <20200818062618.3698-2-qi1.zhang@intel.com> In-Reply-To: <20200818062618.3698-1-qi1.zhang@intel.com> References: <20200818062618.3698-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: Pi21cbg20WOynEtyxtkk67O2x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597731990; bh=ain6FBed5osFyNttXz5z+Jjh0r8y51a1HLbrZxSvJC8=; h=Cc:Date:From:Reply-To:Subject:To; b=van+Wy24MCy2G8U3BVWWAyqdJ44U1FuelkkiR5jCUmFfYoTcvUJLxrWWn/XdsZe5aXr SRHD472bUgKanJ94hfKEWMNBRzEEzHpxy2iBY5Ix0W9BXJEGE2QrbSwntL0lAnT32Yq7y EbnLMz1AO2aawQZrIutVeoXA5rFbwysWE+4= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Qi Zhang --- .../Include/Library/TcgEventLogRecordLib.h | 97 +++++++++ .../TcgEventLogRecordLib.c | 197 ++++++++++++++++++ .../TcgEventLogRecordLib.inf | 40 ++++ .../TcgEventLogRecordLib.uni | 17 ++ 4 files changed, 351 insertions(+) create mode 100644 SecurityPkg/Include/Library/TcgEventLogRecordLib.h create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRec= ordLib.c create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRec= ordLib.inf create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRec= ordLib.uni diff --git a/SecurityPkg/Include/Library/TcgEventLogRecordLib.h b/SecurityP= kg/Include/Library/TcgEventLogRecordLib.h new file mode 100644 index 0000000000..99d634c34e --- /dev/null +++ b/SecurityPkg/Include/Library/TcgEventLogRecordLib.h @@ -0,0 +1,97 @@ +/** @file + This library is used by other modules to measure Firmware to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TCG_EVENTLOGRECORD_LIB_H_ +#define _TCG_EVENTLOGRECORD_LIB_H_ + +#include + +#pragma pack (1) + +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX= XX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(PLATFORM_FIRMWA= RE_BLOB_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} PLATFORM_FIRMWARE_BLOB2_STRUCT; + +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof(HANDOFF_TABLE_= POINTER_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} HANDOFF_TABLE_POINTERS2_STRUCT; + +#pragma pack () + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ); + +/** + Measure a FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ); + +/** + Measure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurement. + @param[in] Description Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ); + +#endif diff --git a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.= c b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c new file mode 100644 index 0000000000..e8a53fca0d --- /dev/null +++ b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c @@ -0,0 +1,197 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >=3D MAX_ADDRESS) { + return NULL; + } + if (FvLength >=3D MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->Signature !=3D EFI_FVH_SIGNATURE) { + return NULL; + } + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) >= FvLength) { + return NULL; + } + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Measure a FirmwareBlob. + + @param[in] PcrIndex PcrIndex of the measurement. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2; + VOID *FvName; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + EventLog =3D &FvBlob2; + EventLogSize =3D sizeof(FvBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + EventLog =3D &FvBlob; + EventLogSize =3D sizeof(FvBlob); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + (VOID*)(UINTN)FirmwareBlobBase, + FirmwareBlobLength + ); + + return Status; +} + +/** + Measure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurement. + @param[in] Description Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ) +{ + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + if ((Description !=3D NULL) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTab= les2.TableDescription), "%a", Description); + + HandoffTables2.TableDescriptionSize =3D sizeof(HandoffTables2.TableDes= cription); + HandoffTables2.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid); + HandoffTables2.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES2; + EventLog =3D &HandoffTables2; + EventLogSize =3D sizeof(HandoffTables2); + } else { + HandoffTables.NumberOfTables =3D 1; + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid); + HandoffTables.TableEntry[0].VendorTable =3D TableAddress; + + EventType =3D EV_EFI_HANDOFF_TABLES; + EventLog =3D &HandoffTables; + EventLogSize =3D sizeof(HandoffTables); + } + + Status =3D TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + TableAddress, + TableLength + ); + return Status; +} diff --git a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.= inf b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf new file mode 100644 index 0000000000..71388f43f6 --- /dev/null +++ b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf @@ -0,0 +1,40 @@ +## @file +# Provides interface for firmwware TPM measurement +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D TcgEventLogRecordLib + MODULE_UNI_FILE =3D TcgEventLogRecordLib.uni + FILE_GUID =3D F8125B2A-3922-4A22-A6F8-3B6159A25A3B + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D NULL + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + TcgEventLogRecordLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + PcdLib + TpmMeasurementLib + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## = CONSUMES diff --git a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.= uni b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni new file mode 100644 index 0000000000..b1ca410074 --- /dev/null +++ b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni @@ -0,0 +1,17 @@ +// /** @file +// Provides interface for firmwware TPM measurement +// +// This library provides MeasureFirmwareBlob() and MeasureHandoffTable() +// to measure and log data, and extend the measurement result into a speci= fic PCR. +// +// Copyright (c) 2020, Intel Corporation. All rights reserved.
+// +// SPDX-License-Identifier: BSD-2-Clause-Patent +// +// **/ + + +#string STR_MODULE_ABSTRACT #language en-US "Provides Firmware= TPM measurement functions for TPM1.2 and TPM 2.0" + +#string STR_MODULE_DESCRIPTION #language en-US "This library prov= ides MeasureFirmwareBlob() and MeasureHandoffTable() to measure and log dat= a, and extend the measurement result into a specific PCR." + --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64355): https://edk2.groups.io/g/devel/message/64355 Mute This Topic: https://groups.io/mt/76260205/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 11:51:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64356+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64356+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597731991; cv=none; d=zohomail.com; s=zohoarc; b=jTaWhEjjBneM8VOw/8tJ0LX208KbXFRb5ZeOvRkcThDMdVBPrq/ekA/SMNBlNmcLHSKxYtY7x/cCSC3aicfH+ahSSxkpLyCw+x3lDHgUI99ahYyZWYXl74XcjyPHk03gZ4LNwZ0qRq1sPB4BS++nc+BHcMEO2nEXZvaEErJJz44= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597731991; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=co759E6MtPK91VgNVUk/HQec79U6BQXvE0K86p5lg5E=; b=Apu07rO7H+KkgP/1gO1tDrkaUMV8mu2QCE/jmHxrmFUe7xDOLpYdSiv72kgwLsY32G3Iw7+8e2g+wZbthqRivmB3Vfq6IbW8TeG9lLflpuMS/h9Osf+AJwYutyQDAojCQE2+lfywkL8P8FOYksKB4aU3/vISJtmqzKinq0AKk54= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64356+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597731991926582.0635096133276; Mon, 17 Aug 2020 23:26:31 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id KxYcYY1788612xdq2qNFNHOI; Mon, 17 Aug 2020 23:26:31 -0700 X-Received: from mga09.intel.com (mga09.intel.com []) by mx.groups.io with SMTP id smtpd.web12.60531.1597731984824754947 for ; Mon, 17 Aug 2020 23:26:28 -0700 IronPort-SDR: yscNdda+0IbsAwpx7829yNq30iSBJvgKrvo+Pv2nYnEcxSjNPXKSm43BIsmf9piUiEyWAbR9GS rq0Ts+Fl5tGg== X-IronPort-AV: E=McAfee;i="6000,8403,9716"; a="155932639" X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="155932639" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Aug 2020 23:26:27 -0700 IronPort-SDR: 9TT/kiyGSlJFxBhmeRFOvCVxY4ctPs4HfwFAQIYYYolMV2XtQgaZdYTqujMuBDcdPiKYki/mQo mQ8Hns8IQ71g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="441118165" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.158.153]) by orsmga004.jf.intel.com with ESMTP; 17 Aug 2020 23:26:26 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v4 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file. Date: Tue, 18 Aug 2020 14:26:12 +0800 Message-Id: <20200818062618.3698-3-qi1.zhang@intel.com> In-Reply-To: <20200818062618.3698-1-qi1.zhang@intel.com> References: <20200818062618.3698-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: 42NIlAFmr2BqpTialLAZnpvcx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597731991; bh=8AD+/qZeBgd3mMjd9RQUlVhvLytt2XqI3KMzCMkaLzo=; h=Cc:Date:From:Reply-To:Subject:To; b=Pl7WpADNb0Yqt7SsStRREOmGB2zlCgd9p2YS6VtPo/G5S/1XV8KVAQcCzJNf/Ob/VSH FlXyjTWMd2zYkTUDq9bEiePNfYIEJx/TbSUX7HnWNPfeKHaRlSdPy6uGyVZg1acN5DKQY PDJaeIiSN1irMtYivKnn0DGn5VNCh3RuRg8= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao Reviewed-by: Chasel Chiu --- .../Include/Library/FspMeasurementLib.h | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h b/Inte= lFsp2WrapperPkg/Include/Library/FspMeasurementLib.h new file mode 100644 index 0000000000..4620b4b08e --- /dev/null +++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h @@ -0,0 +1,39 @@ +/** @file + This library is used by FSP modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _FSP_MEASUREMENT_LIB_H_ +#define _FSP_MEASUREMENT_LIB_H_ + +#define FSP_MEASURE_FSP BIT0 +#define FSP_MEASURE_FSPT BIT1 +#define FSP_MEASURE_FSPM BIT2 +#define FSP_MEASURE_FSPS BIT3 +#define FSP_MEASURE_FSPUPD BIT31 + +/** + Measure a FSP FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ); +#endif --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64356): https://edk2.groups.io/g/devel/message/64356 Mute This Topic: https://groups.io/mt/76260206/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 11:51:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64357+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64357+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597731993; cv=none; d=zohomail.com; s=zohoarc; b=O9tC+/7C06gdEKpdhm8dcDF+BmAuwgbMArGbDzws9ruh1Ha6dzjenQF+971ipJOdPvW0br8f5ay0bCh12ngYK9qs7V6f5B9YekBHRaTXbKBi/xabA93hNaWdVcaO1opVkW1m9ejxPUx+WW0bkMjRZsXUSHxEY2OOAQMzZ7Q4Rk0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597731993; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=pFjxP9AL5b/LfQbrXnbrk7lqNiQeLhg2CUuQVlOm2Rs=; b=Kbf5rN+KjWVCrEMmT/Zf8vMdicYjKUcef/jpF6G50e+V4fovwj8JBr6bDlUb2a5KBTXnB80LJ2jqWIfyCF6yIhUJqGQGtewY4h/QjY8riJvOsnw45J9KFbjthoFb+7GhWhJaf5VmeYh0r3OZMFjpuqqIQGvsOU8CCUS5gMjki1o= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64357+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597731993360669.0454051233255; Mon, 17 Aug 2020 23:26:33 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id F0iAYY1788612xqDlo17WKbg; Mon, 17 Aug 2020 23:26:32 -0700 X-Received: from mga09.intel.com (mga09.intel.com []) by mx.groups.io with SMTP id smtpd.web12.60531.1597731984824754947 for ; Mon, 17 Aug 2020 23:26:29 -0700 IronPort-SDR: 5KbnIewDG09NS88e+bNoCWg41IDJficNf7WA4j934Pait8wchyS0JvWCmWs7Vc06Tlj4eSYsUk yxGNzUjs56rA== X-IronPort-AV: E=McAfee;i="6000,8403,9716"; a="155932644" X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="155932644" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Aug 2020 23:26:29 -0700 IronPort-SDR: n0A4KUxan13yZjzj+L1P7Ip7E3Easck6sBdCj7CZfaACGxCKwYAH3FfBjyTD4JzkgF0fKnkpk4 nkV3Qdkxt5zA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="441118185" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.158.153]) by orsmga004.jf.intel.com with ESMTP; 17 Aug 2020 23:26:27 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v4 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib. Date: Tue, 18 Aug 2020 14:26:13 +0800 Message-Id: <20200818062618.3698-4-qi1.zhang@intel.com> In-Reply-To: <20200818062618.3698-1-qi1.zhang@intel.com> References: <20200818062618.3698-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: dpcVYpHAzrkWdfWeKFSx0Dv3x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597731992; bh=GQga5JumQKm+VImjVutV8Gj8L7YV4DmJk1YDUlCMuSY=; h=Cc:Date:From:Reply-To:Subject:To; b=rWHPueEIRFEmbBFCbkJNoteaJXIcb6NReZ7i7Au+Q5Uz1IAT+0gLPd8IDaUUo88F7vd sG7H3iOGfKe+IIcMr/m+trFjVglWveEn1G1QhzXSGZWA6x9gJgE4R75/BHltqWclVbWqL Yv3/QdGsUCESpEOLePeruUhWQaMRXCissKQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao Reviewed-by: Chasel Chiu --- .../BaseFspMeasurementLib.inf | 54 ++++ .../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++ 2 files changed, 302 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseF= spMeasurementLib.inf create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMe= asurementLib.c diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasu= rementLib.inf b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMe= asurementLib.inf new file mode 100644 index 0000000000..1b5f0012aa --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementL= ib.inf @@ -0,0 +1,54 @@ +## @file +# Provides FSP measurement functions. +# +# This library provides MeasureFspFirmwareBlob() to measure FSP binary. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION =3D 0x00010005 + BASE_NAME =3D FspMeasurementLib + FILE_GUID =3D 890B12B4-56CC-453E-B062-4597FC6D3D8C + MODULE_TYPE =3D BASE + VERSION_STRING =3D 1.0 + LIBRARY_CLASS =3D FspMeasurementLib + +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 +# + +[Sources] + FspMeasurementLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + IntelFsp2Pkg/IntelFsp2Pkg.dec + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + PrintLib + PcdLib + PeiServicesLib + PeiServicesTablePointerLib + FspWrapperApiLib + TcgEventLogRecordLib + HashLib + +[Ppis] + gEdkiiTcgPpiGuid ## CO= NSUMES + +[Pcd] + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CO= NSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CO= NSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CO= NSUMES + diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasureme= ntLib.c b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementL= ib.c new file mode 100644 index 0000000000..0fe0606a6d --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c @@ -0,0 +1,248 @@ +/** @file + This library is used by FSP modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +/** + Tpm measure and log data, and extend the measurement result into a speci= fic PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, = extended. + @param[in] HashDataLen The length, in bytes, of the buffer referen= ced by HashData + @param[in] Flags Bitmap providing additional information. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +TpmMeasureAndLogDataWithFlags ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen, + IN UINT64 Flags + ) +{ + EFI_STATUS Status; + EDKII_TCG_PPI *TcgPpi; + TCG_PCR_EVENT_HDR TcgEventHdr; + + Status =3D PeiServicesLocatePpi( + &gEdkiiTcgPpiGuid, + 0, + NULL, + (VOID**)&TcgPpi + ); + if (EFI_ERROR(Status)) { + return Status; + } + + TcgEventHdr.PCRIndex =3D PcrIndex; + TcgEventHdr.EventType =3D EventType; + TcgEventHdr.EventSize =3D LogLen; + + Status =3D TcgPpi->HashLogExtendEvent ( + TcgPpi, + Flags, + HashData, + (UINTN)HashDataLen, + &TcgEventHdr, + EventLog + ); + return Status; +} + +/** + Measure a FSP FirmwareBlob. + + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + @param[in] CfgRegionOffset Configuration region offset in bytes. + @param[in] CfgRegionSize Configuration region in bytes. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +STATIC +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlobWithCfg ( + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength, + IN UINT32 CfgRegionOffset, + IN UINT32 CfgRegionSize + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UpdBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UpdBlob2; + VOID *FvName; + UINT32 FvEventType; + VOID *FvEventLog, *UpdEventLog; + UINT32 FvEventLogSize, UpdEventLogSize; + EFI_STATUS Status; + HASH_HANDLE HashHandle; + UINT8 *HashBase; + UINTN HashSize; + TPML_DIGEST_VALUES DigestList; + + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= ); + + if (((Description !=3D NULL) || (FvName !=3D NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) { + if (Description !=3D NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description); + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDe= scription), "%aUDP", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName); + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDe= scription), "(%g)UDP", FvName); + } + + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase =3D FirmwareBlobBase; + FvBlob2.BlobLength =3D FirmwareBlobLength; + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; + FvEventLog =3D &FvBlob2; + FvEventLogSize =3D sizeof(FvBlob2); + + UpdBlob2.BlobDescriptionSize =3D sizeof(UpdBlob2.BlobDescription); + UpdBlob2.BlobBase =3D CfgRegionOffset; + UpdBlob2.BlobLength =3D CfgRegionSize; + UpdEventLog =3D &UpdBlob2; + UpdEventLogSize =3D sizeof(UpdBlob2); + } else { + FvBlob.BlobBase =3D FirmwareBlobBase; + FvBlob.BlobLength =3D FirmwareBlobLength; + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; + FvEventLog =3D &FvBlob; + FvEventLogSize =3D sizeof(FvBlob); + + UpdBlob.BlobBase =3D CfgRegionOffset; + UpdBlob.BlobLength =3D CfgRegionSize; + UpdEventLog =3D &UpdBlob; + UpdEventLogSize =3D sizeof(UpdBlob); + } + + /** Initialize a SHA hash context. **/ + Status =3D HashStart (&HashHandle); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status)); + return Status; + } + + /** Hash FSP binary before UDP **/ + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase; + HashSize =3D (UINTN) CfgRegionOffset; + Status =3D HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); + return Status; + } + + /** Hash FSP binary after UDP **/ + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgR= egionSize; + HashSize =3D (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSiz= e); + Status =3D HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); + return Status; + } + + /** Finalize the SHA hash. **/ + Status =3D HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status)); + return Status; + } + + Status =3D TpmMeasureAndLogDataWithFlags ( + 0, + FvEventType, + FvEventLog, + FvEventLogSize, + (UINT8 *) &DigestList, + (UINTN) sizeof(DigestList), + EDKII_TCG_PRE_HASH_LOG_ONLY + ); + + Status =3D TpmMeasureAndLogData ( + 1, + EV_PLATFORM_CONFIG_FLAGS, + UpdEventLog, + UpdEventLogSize, + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset, + CfgRegionSize + ); + + return Status; +} + +/** + Measure a FSP FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +MeasureFspFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + UINT32 FspMeasureMask; + FSP_INFO_HEADER *FspHeaderPtr; + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + if ((FspMeasureMask & FSP_MEASURE_FSPUPD) !=3D 0) { + FspHeaderPtr =3D (FSP_INFO_HEADER *) FspFindFspHeader (FirmwareBlobBas= e); + if (FspHeaderPtr !=3D NULL) { + return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, = FirmwareBlobLength, + FspHeaderPtr->CfgRegionOffset, = FspHeaderPtr->CfgRegionSize); + } + } + + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, Fir= mwareBlobLength); +} + --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64357): https://edk2.groups.io/g/devel/message/64357 Mute This Topic: https://groups.io/mt/76260207/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 11:51:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64358+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64358+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597731994; cv=none; d=zohomail.com; s=zohoarc; b=YhAjKZv5DM6nMNjW8k+yl8ke9ghsEuzexKV6lGOZiA8UUOjmO+yTAm6aTV2VdOjb+JdbN8Qjr2gjZ9s8OSYUOoitt8Ema7bH+9jXuinukHmKBJmlXDAi1hcd2vmsBG/PRFze7XC3exIz2d7kuokbSmvFx/zk6BmaJfldEJXA1u4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597731994; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=WT2d/TQGvJyHmKAC5kKWCVm1NY0U5gvaRJePtQF7J0Y=; b=Yyt4+1gbZFzJ1YoWIS36QKozM7XmBgHlR2LPUjNvlcgOxtQIicuoVhiINy2oaUd/0GcwiTVQdgbpM2JvV3hQvOq83JXkD3m06Fvd1hp98Yjofi/Qvs99a/qRUqCNIFVUy0jk6NZikvWAt8vbs/0/9NMvInk1y+wsttnGV6Twnrs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64358+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597731994598224.129715377087; Mon, 17 Aug 2020 23:26:34 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id kNUsYY1788612xhA67qrmuhz; Mon, 17 Aug 2020 23:26:34 -0700 X-Received: from mga09.intel.com (mga09.intel.com []) by mx.groups.io with SMTP id smtpd.web12.60531.1597731984824754947 for ; Mon, 17 Aug 2020 23:26:31 -0700 IronPort-SDR: Kam4YLInUd6pO3ctlMhzAizVZWpVJQ5yNfDBlZKcYADFasmYklBvIpkorXxhg7DsDa3RmqmVWh 4dZAuy8briJg== X-IronPort-AV: E=McAfee;i="6000,8403,9716"; a="155932669" X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="155932669" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Aug 2020 23:26:31 -0700 IronPort-SDR: ngaIfl20B58SbylU2t1mFuJWhCnJkTdCevRA1tEeHjvf2/NzuJfJuNeGW4bb/UhWGUfW6N5Y5B ye3tebTYltrQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="441118194" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.158.153]) by orsmga004.jf.intel.com with ESMTP; 17 Aug 2020 23:26:29 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v4 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement. Date: Tue, 18 Aug 2020 14:26:14 +0800 Message-Id: <20200818062618.3698-5-qi1.zhang@intel.com> In-Reply-To: <20200818062618.3698-1-qi1.zhang@intel.com> References: <20200818062618.3698-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: OdEfSnQPbQa44LZMcv6eIqZWx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597731994; bh=U8TNrmMqpxsMKvyappzHKNS6+t8gZZ0yef3lTWKUke0=; h=Cc:Date:From:Reply-To:Subject:To; b=TTU9FwUhrEPXHnQPSeNXql1dhJyQBXHVGLro+uMHJxfcMy39j8h7+GP/Xz4u74hRHyE yZayeU8iGYREo/y1v32sxer3SUt62iTecRHdJ5CMmk2obRWkSpt3o5GE9Jx5Q1Ii2NrqV bSGMrpVB0fN5xKZ7Xv7VdTU7R6JZ7NHA0hw= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao Reviewed-by: Chasel Chiu --- .../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++++++++++++++- .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +++-- .../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++++++++++++++- .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +++--- 4 files changed, 204 insertions(+), 19 deletions(-) diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c b/IntelF= sp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c index 265b77ed60..24ab534620 100644 --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c @@ -3,7 +3,7 @@ register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi notify to call FspSiliconInit API. =20 - Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -25,11 +25,14 @@ #include #include #include +#include =20 #include #include #include #include +#include +#include #include #include #include @@ -147,7 +150,21 @@ FspmWrapperInit ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExclud= edFvPpi; + EFI_PEI_PPI_DESCRIPTOR *MeasurementExclud= edPpiList; + + MeasurementExcludedFvPpi =3D AllocatePool (sizeof(*MeasurementExcludedFv= Ppi)); + ASSERT(MeasurementExcludedFvPpi !=3D NULL); + MeasurementExcludedFvPpi->Count =3D 1; + MeasurementExcludedFvPpi->Fv[0].FvBase =3D PcdGet32 (PcdFspmBaseAddress); + MeasurementExcludedFvPpi->Fv[0].FvLength =3D ((EFI_FIRMWARE_VOLUME_HEADE= R *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength; + + MeasurementExcludedPpiList =3D AllocatePool (sizeof(*MeasurementExcluded= PpiList)); + ASSERT(MeasurementExcludedPpiList !=3D NULL); + MeasurementExcludedPpiList->Flags =3D EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_P= EI_PPI_DESCRIPTOR_TERMINATE_LIST; + MeasurementExcludedPpiList->Guid =3D &gEfiPeiFirmwareVolumeInfoMeasurem= entExcludedPpiGuid; + MeasurementExcludedPpiList->Ppi =3D MeasurementExcludedFvPpi; =20 Status =3D EFI_SUCCESS; =20 @@ -155,6 +172,9 @@ FspmWrapperInit ( Status =3D PeiFspMemoryInit (); ASSERT_EFI_ERROR (Status); } else { + Status =3D PeiServicesInstallPpi (MeasurementExcludedPpiList); + ASSERT_EFI_ERROR (Status); + PeiServicesInstallFvInfoPpi ( NULL, (VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress), @@ -167,6 +187,67 @@ FspmWrapperInit ( return Status; } =20 +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc =3D { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINA= TE_LIST), + &gEdkiiTcgPpiGuid, + TcgPpiNotify +}; + +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + UINT32 FspMeasureMask; + + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n")); + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + + if ((FspMeasureMask & FSP_MEASURE_FSPT) !=3D 0) { + MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN= ) PcdGet32 (PcdFsptBaseAddress))->FvLength); + } + + if ((FspMeasureMask & FSP_MEASURE_FSPM) !=3D 0) { + MeasureFspFirmwareBlob (0, "FSPM", PcdGet32(PcdFspmBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN= ) PcdGet32 (PcdFspmBaseAddress))->FvLength); + } + + return EFI_SUCCESS; +} + /** This is the entrypoint of PEIM =20 @@ -182,8 +263,13 @@ FspmWrapperPeimEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { + EFI_STATUS Status; + DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n")); =20 + Status =3D PeiServicesNotifyPpi (&mTcgPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + FspmWrapperInit (); =20 return EFI_SUCCESS; diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf b/Inte= lFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf index dce7ef3d0b..c3578397b6 100644 --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf @@ -6,7 +6,7 @@ # register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi # notify to call FspSiliconInit API. # -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -44,17 +44,22 @@ TimerLib FspWrapperApiLib FspWrapperApiTestLib + FspMeasurementLib =20 [Packages] MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec UefiCpuPkg/UefiCpuPkg.dec + SecurityPkg/SecurityPkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec =20 [Pcd] - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES =20 [Sources] FspmWrapperPeim.c @@ -63,5 +68,10 @@ gFspHobGuid ## PRODUCES ## HOB gFspApiPerformanceGuid ## SOMETIMES_CONSUMES ## GUID =20 +[Ppis] + gEdkiiTcgPpiGuid ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES + [Depex] - gEfiPeiMasterBootModePpiGuid + gEfiPeiMasterBootModePpiGuid AND + gPeiTpmInitializationDonePpiGuid diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c b/IntelF= sp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c index b20f0805a0..9d4f279e81 100644 --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c @@ -3,7 +3,7 @@ register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi notify to call FspSiliconInit API. =20 - Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -24,12 +24,15 @@ #include #include #include +#include =20 #include #include #include #include #include +#include +#include #include #include #include @@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode ( VOID ) { - EFI_STATUS Status; + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExclud= edFvPpi; + EFI_PEI_PPI_DESCRIPTOR *MeasurementExclud= edPpiList; + + MeasurementExcludedFvPpi =3D AllocatePool (sizeof(*MeasurementExcludedFv= Ppi)); + ASSERT(MeasurementExcludedFvPpi !=3D NULL); + MeasurementExcludedFvPpi->Count =3D 1; + MeasurementExcludedFvPpi->Fv[0].FvBase =3D PcdGet32 (PcdFspsBaseAddress); + MeasurementExcludedFvPpi->Fv[0].FvLength =3D ((EFI_FIRMWARE_VOLUME_HEADE= R *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength; + + MeasurementExcludedPpiList =3D AllocatePool (sizeof(*MeasurementExcluded= PpiList)); + ASSERT(MeasurementExcludedPpiList !=3D NULL); + MeasurementExcludedPpiList->Flags =3D EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_P= EI_PPI_DESCRIPTOR_TERMINATE_LIST; + MeasurementExcludedPpiList->Guid =3D &gEfiPeiFirmwareVolumeInfoMeasurem= entExcludedPpiGuid; + MeasurementExcludedPpiList->Ppi =3D MeasurementExcludedFvPpi; + + Status =3D PeiServicesInstallPpi (MeasurementExcludedPpiList); + ASSERT_EFI_ERROR (Status); + // // FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI di= spatcher. // @@ -398,6 +419,62 @@ FspsWrapperInitDispatchMode ( return Status; } =20 +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc =3D { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINA= TE_LIST), + &gEdkiiTcgPpiGuid, + TcgPpiNotify +}; + +/** + This function is called after TCG installed PPI. + + @param[in] PeiServices Pointer to PEI Services Table. + @param[in] NotifyDesc Pointer to the descriptor for the Notification= event that + caused this function to execute. + @param[in] Ppi Pointer to the PPI data associated with this f= unction. + + @retval EFI_STATUS Always return EFI_SUCCESS +**/ +EFI_STATUS +EFIAPI +TcgPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + UINT32 FspMeasureMask; + + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n")); + + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig); + + if ((FspMeasureMask & FSP_MEASURE_FSPS) !=3D 0) { + MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress), + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN= ) PcdGet32 (PcdFspsBaseAddress))->FvLength); + } + + return EFI_SUCCESS; +} + /** This is the entrypoint of PEIM. =20 @@ -413,8 +490,13 @@ FspsWrapperPeimEntryPoint ( IN CONST EFI_PEI_SERVICES **PeiServices ) { + EFI_STATUS Status; + DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n")); =20 + Status =3D PeiServicesNotifyPpi (&mTcgPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + if (PcdGet8 (PcdFspModeSelection) =3D=3D 1) { FspsWrapperInitApiMode (); } else { diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf b/Inte= lFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf index 7da92991c8..884514747f 100644 --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf @@ -6,7 +6,7 @@ # register TemporaryRamDonePpi to call TempRamExit API, and register Memor= yDiscoveredPpi # notify to call FspSiliconInit API. # -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -44,24 +44,30 @@ PerformanceLib FspWrapperApiLib FspWrapperApiTestLib + FspMeasurementLib =20 [Packages] MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec UefiCpuPkg/UefiCpuPkg.dec + SecurityPkg/SecurityPkg.dec IntelFsp2Pkg/IntelFsp2Pkg.dec IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec =20 [Ppis] - gTopOfTemporaryRamPpiGuid ## PRODUCES - gFspSiliconInitDonePpiGuid ## PRODUCES - gEfiEndOfPeiSignalPpiGuid ## PRODUCES - gEfiTemporaryRamDonePpiGuid ## PRODUCES - gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY + gTopOfTemporaryRamPpiGuid ## PRODUCES + gFspSiliconInitDonePpiGuid ## PRODUCES + gEfiEndOfPeiSignalPpiGuid ## PRODUCES + gEfiTemporaryRamDonePpiGuid ## PRODUCES + gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY + gEdkiiTcgPpiGuid ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES =20 [Pcd] - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES =20 [Guids] gFspHobGuid ## CONSUMES ## HOB @@ -71,4 +77,5 @@ FspsWrapperPeim.c =20 [Depex] - gEfiPeiMemoryDiscoveredPpiGuid + gEfiPeiMemoryDiscoveredPpiGuid AND + gPeiTpmInitializationDonePpiGuid --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64358): https://edk2.groups.io/g/devel/message/64358 Mute This Topic: https://groups.io/mt/76260208/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 11:51:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64359+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64359+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597731994; cv=none; d=zohomail.com; s=zohoarc; b=QHZmxhsY/KpLAPjk1xnfFVs5XbEFbWJh3LA/0eR49ToDK+ZoYalnzytRaWHvJ/mskS3Pn3cw0JwD88PHG6Fk62HT0X+JyqE7eOtDC49QkfZkG/nlWGacPJpZg+R0jqK2s/ppCGxARCnJLfxwG1/B8L7grnbeP1zZ0eL/ojmzBPg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597731994; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=k+lu/HwukRvJp8BxkdO0/KroR7eo1OtGYxRO2C7wnkM=; b=iuLtaIKv83f417raGMcfoacPvejx/O9WfggsYrGLwvw0Klp87FAL9lxq4Cz+mWy4QedJZnD2TYJt5tou8c42eONpd1cfEWdrjik96pWz0qvv/6IbbP3VELG4LTsdUbr6o2iuJ1GrwOi9lfpyHfgBEJlEvVRx8f5c16adq62UWCc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64359+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597731994731416.58763902162286; Mon, 17 Aug 2020 23:26:34 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 5Sm7YY1788612xHyTme8Qul1; Mon, 17 Aug 2020 23:26:34 -0700 X-Received: from mga09.intel.com (mga09.intel.com []) by mx.groups.io with SMTP id smtpd.web12.60531.1597731984824754947 for ; Mon, 17 Aug 2020 23:26:33 -0700 IronPort-SDR: e02wft+D3mNO9E+zV16C6At5cX5S2Ibbnn+n4uMmWHIJsQ7jTkf+0vub3lJbUZPxM+B9+rPGOE +Hm5ZhfjIBnA== X-IronPort-AV: E=McAfee;i="6000,8403,9716"; a="155932678" X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="155932678" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Aug 2020 23:26:32 -0700 IronPort-SDR: uasgRvOqA+msEJUBKN+VFttskUQcFgd9U98CxuJSPaMHc+otGK37GpIgDIhSJTKvrCeqoe4VTk zfSfO1+nLWvg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="441118199" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.158.153]) by orsmga004.jf.intel.com with ESMTP; 17 Aug 2020 23:26:31 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang Subject: [edk2-devel] [PATCH v4 5/8] SecurityPkg/dsc: add FvEventLogRecordLib Date: Tue, 18 Aug 2020 14:26:15 +0800 Message-Id: <20200818062618.3698-6-qi1.zhang@intel.com> In-Reply-To: <20200818062618.3698-1-qi1.zhang@intel.com> References: <20200818062618.3698-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: SMQKW8HrucLN3VtimG46u3Hjx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597731994; bh=+kU2dpteByx8Sfzvr7Jo4mIkXQhfoHtoE7rSZyc//2k=; h=Cc:Date:From:Reply-To:Subject:To; b=xVXJU7+zr5uONEByIInE6Ual4q+6JgOhDFXjNklmh4Hx81g+807wDisYlzxQ0orBHEq o1hjyh6ApiaUcXlxBpa8sfVCSrG2esTXn/ZvbHNEc5+iGJPe8FpL0PAzUtGf7KEkUMHKg DyQJILsXQCF07bZGTXZhy+JxGzLuM/xest0= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Signed-off-by: Qi Zhang --- SecurityPkg/SecurityPkg.dec | 3 +++ SecurityPkg/SecurityPkg.dsc | 2 ++ 2 files changed, 5 insertions(+) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 42fc48cc1f..1b7d62e802 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -84,6 +84,9 @@ # VariableKeyLib|Include/Library/VariableKeyLib.h =20 + ## @libraryclass Provides interfaces about firmware TPM measurement. + # + TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h [Guids] ## Security package token space guid. # Include/Guid/SecurityPkgTokenSpace.h diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 28effe3eda..36d15b79f9 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -66,6 +66,7 @@ ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSyst= emLibNull.inf VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull= .inf RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf + TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo= gRecordLib.inf =20 [LibraryClasses.ARM] # @@ -240,6 +241,7 @@ SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf + SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf =20 [Components.IA32, Components.X64, Components.ARM, Components.AARCH64] SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64359): https://edk2.groups.io/g/devel/message/64359 Mute This Topic: https://groups.io/mt/76260209/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 11:51:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64360+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64360+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597732019; cv=none; d=zohomail.com; s=zohoarc; b=ifNzBIqCmvr/km1mdRbb/P+KKjIRyI9ZIZ5kmgTIYbpsqe9AL3R8vy8NCyDkV6P8h7Yk6l3LkgSy3nmnMDCYUe5oKL4yVkS28v9YZ4vCQ8cWNnAoTZymuPQ7MhGEXbLr5PJ2y+12n+kJfRK9659WXvDjv34+9N9W8E+2/Qq0GRs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597732019; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=xuu3R6C9RmwTG0vbS7MVop8U+Cr7LliC46YbpeD7eiY=; b=ahbQrvZstX+jHgNhS9b6joIRwiyQfzV3Y1v+qd5kUW7FeRkbDsT7z5eUfC7YQ96gXO1HqAoUOAN8ykxh/BYbqyzHm0bLEe/UCW4UJsNh0GBWN9NPqBQZeFLNg8cgrWWiuSuJyVo/l5ON599bRK0+Rb8UUFqoKbTzsODx0Z9hHsM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64360+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597732019746944.8087863797609; Mon, 17 Aug 2020 23:26:59 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id 3LYpYY1788612xMF33fluRZg; Mon, 17 Aug 2020 23:26:59 -0700 X-Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web12.60539.1597732018649595849 for ; Mon, 17 Aug 2020 23:26:58 -0700 IronPort-SDR: iG2vfs3ApHTnq+j0osIUtoa5cefgUdmgd04O7ZaDa70Wt1F4d8hAulkUh//6l0mj0v/Gomr89H W0WD3eNEZLjA== X-IronPort-AV: E=McAfee;i="6000,8403,9716"; a="155932694" X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="155932694" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Aug 2020 23:26:34 -0700 IronPort-SDR: kR4GUY/FAwaXks4i0e4XbFVIzQfJALTvoaLYp4oEbzJPw0rMVvJer4daL1N0yxcma7x/nPrSmc zZX/FiDDt6pg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="441118205" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.158.153]) by orsmga004.jf.intel.com with ESMTP; 17 Aug 2020 23:26:32 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [edk2-devel] [PATCH v4 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig. Date: Tue, 18 Aug 2020 14:26:16 +0800 Message-Id: <20200818062618.3698-7-qi1.zhang@intel.com> In-Reply-To: <20200818062618.3698-1-qi1.zhang@intel.com> References: <20200818062618.3698-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: REjiZlkxhmjLbfKQRKtlOuQPx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597732019; bh=Kk8nXuJeAzCyFs8eQLzHLMrj+8iW2MOg9T4+Jec2zoA=; h=Cc:Date:From:Reply-To:Subject:To; b=Cygf6S/h5YihgRLwyD23ktC48mrODtUWlR9sjJa04SUN60g28GlniIQppv2kcEvFVll rm5lhOFrNl3+jJt0BksT0aw1emA0LoS5Q+2KApct/b3eOFJtcgbE5CmdYsTSZ/1mNGWHF GNzw82Gvbt7NmJfT2F+ti3YrtUd7F9OZKbQ= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao Reviewed-by: Chasel Chiu --- IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 +++++++++++++++++ IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 6 +++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec b/IntelFsp2Wrapper= Pkg/IntelFsp2WrapperPkg.dec index faf2be621c..cb41ca9807 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec @@ -92,6 +92,23 @@ # gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection|0x00000001|UINT8|0x4= 000000A =20 + ## This PCD decides how FSP is measured + # 1) The BootGuard ACM may already measured the FSP component, such as F= SPT/FSPM. + # We need a flag (PCD) to indicate if there is need to do such FSP measu= rement or NOT. + # 2) The FSP binary includes FSP code and FSP UPD region. The UPD region= is considered + # as configuration block, and it may be updated by OEM by design. + # This flag (PCD) is to indicate if we need isolate the the UPD region f= rom the FSP code region. + # BIT0: Need measure FSP. (for FSP1.x) - reserved in FSP2. + # BIT1: Need measure FSPT. (for FSP 2.x) + # BIT2: Need measure FSPM. (for FSP 2.x) + # BIT3: Need measure FSPS. (for FSP 2.x) + # BIT4~30: reserved. + # BIT31: Need isolate UPD region measurement. + #0: measure FSP[T|M|S] as one binary in one record (PCR0). + #1: measure FSP UPD region in one record (PCR1), the FSP code without = UPD in another record (PCR0). + # + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x00000000|UINT3= 2|0x4000000B + [PcdsFixedAtBuild, PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] # ## These are the base address of FSP-M/S diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2Wrapper= Pkg/IntelFsp2WrapperPkg.dsc index cb4f69285d..aa2eb26c33 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc @@ -1,7 +1,7 @@ ## @file # Provides drivers and definitions to support fsp in EDKII bios. # -# Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # ## @@ -45,6 +45,7 @@ # FSP Wrapper Lib FspWrapperApiLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/BaseFs= pWrapperApiLib.inf FspWrapperApiTestLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiTestLi= bNull/BaseFspWrapperApiTestLibNull.inf + FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/Base= FspMeasurementLib.inf =20 # FSP platform sample FspWrapperPlatformLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperPlatform= LibSample/BaseFspWrapperPlatformLibSample.inf @@ -57,6 +58,8 @@ PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAlloc= ationLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasure= mentLib.inf + TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo= gRecordLib.inf =20 [LibraryClasses.common.DXE_DRIVER] UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf @@ -73,6 +76,7 @@ IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSample/SecFspWrap= perPlatformSecLibSample.inf IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProcessLibSample/PeiFspWrapp= erHobProcessLibSample.inf IntelFsp2WrapperPkg/Library/PeiFspWrapperApiTestLib/PeiFspWrapperApiTest= Lib.inf + IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.= inf =20 IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64360): https://edk2.groups.io/g/devel/message/64360 Mute This Topic: https://groups.io/mt/76260213/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 11:51:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64361+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64361+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597732021; cv=none; d=zohomail.com; s=zohoarc; b=Y8QHcfuGHIzMFFKH1qHHgXMf4go0U+IGUAFBFGTWfR2NQkpz3iDPJFxhFEKbY+MEId9swI+ImjJVikm/pfqkchCC7y9WMi2FT9bWUDi7Fg4t+1dxWnAuFdEhndnUBbaCw7ODgbR7t7O7fkFLz6LKccM0mCWklAQ9JO+iHheUg8U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597732021; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=5IOoc2CSoOpAM0UFlZ7+kpKlqeMSn85+IpLFnn+2kMY=; b=IicHlPuOUZ0BIMHhpCtL2Zlaq3JoA6CKnK2tU4a7r8CK5hobrh0fuefQWQq/Vljj7kwN6sLBDL3YpJjmjEeRnJ/mBbadaMOq4J3qwVecXl+myZoV7GsKotrxvjzGx6i9RODGpleUHZrj/SqN5u60oLi6u1LQx+LUqQCM87EMf4w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64361+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597732021519897.3251709870882; Mon, 17 Aug 2020 23:27:01 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id kmfqYY1788612x4b2DcBDohH; Mon, 17 Aug 2020 23:27:00 -0700 X-Received: from mga09.intel.com (mga09.intel.com []) by mx.groups.io with SMTP id smtpd.web12.60539.1597732018649595849 for ; Mon, 17 Aug 2020 23:26:59 -0700 IronPort-SDR: NgyVmnNDIteMunjXqiMWDgR+eMYtgctRpKDod94dBI2ouq1s74GDnB0uqsDFcJXK+ayGweXz9G iQkqXHheZz6Q== X-IronPort-AV: E=McAfee;i="6000,8403,9716"; a="155932698" X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="155932698" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Aug 2020 23:26:35 -0700 IronPort-SDR: 9GXRTBqfEz4AKaGR6PdDxhq6B/mDChZzQxOCSEbrDC03asZcUZGSozQvdEOZuLXklnZZmR2Gl3 xLbkZfPmjnJQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="441118213" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.158.153]) by orsmga004.jf.intel.com with ESMTP; 17 Aug 2020 23:26:34 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Jian J Wang , Rahul Kumar Subject: [edk2-devel] [PATCH v4 7/8] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY Date: Tue, 18 Aug 2020 14:26:17 +0800 Message-Id: <20200818062618.3698-8-qi1.zhang@intel.com> In-Reply-To: <20200818062618.3698-1-qi1.zhang@intel.com> References: <20200818062618.3698-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: ogi7dSmYrHTCKuVOSTmbWonBx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597732020; bh=22xN6FZIAvHmTotUSob1n3B6XneHyOV3H5tmIE9UaE4=; h=Cc:Date:From:Reply-To:Subject:To; b=sGvEQAqgxc+NNc9eI61tVoecWtK/rk6+Dr6LWxDxHG4ToObG3cYkanKhi2OM4PQdles QZWr5VL5aHxPVYcW2HOSK+mSx9zFPLhTX7AWg+OkW7xE8x3ROlUcKCGoDnwp8q9Yeflzd yJrLPA2iqzwwOWBB/L73TzxjbgupJbYweVU= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Qi Zhang --- SecurityPkg/Include/Ppi/Tcg.h | 5 +++++ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h index 0e943f2465..22f47f9817 100644 --- a/SecurityPkg/Include/Ppi/Tcg.h +++ b/SecurityPkg/Include/Ppi/Tcg.h @@ -18,6 +18,11 @@ typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI; // #define EDKII_TCG_PRE_HASH 0x0000000000000001 =20 +// +// This bit is shall be set when HashData is the pre-hash digest and log o= nly. +// +#define EDKII_TCG_PRE_HASH_LOG_ONLY 0x0000000000000002 + /** Tpm measure and log data, and extend the measurement result into a speci= fic PCR. =20 diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 246968bb7f..0e770f4485 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -453,13 +453,15 @@ HashLogExtendEvent ( return EFI_DEVICE_ERROR; } =20 - if(Flags & EDKII_TCG_PRE_HASH) { + if ((Flags & EDKII_TCG_PRE_HASH) !=3D 0 || (Flags & EDKII_TCG_PRE_HASH_L= OG_ONLY) !=3D 0) { ZeroMem (&DigestList, sizeof(DigestList)); CopyMem (&DigestList, HashData, sizeof(DigestList)); - Status =3D Tpm2PcrExtend ( - 0, - &DigestList - ); + if ((Flags & EDKII_TCG_PRE_HASH) !=3D0 ) { + Status =3D Tpm2PcrExtend ( + NewEventHdr->PCRIndex, + &DigestList + ); + } } else { Status =3D HashAndExtend ( NewEventHdr->PCRIndex, --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64361): https://edk2.groups.io/g/devel/message/64361 Mute This Topic: https://groups.io/mt/76260214/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Fri May 3 11:51:34 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+64362+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64362+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1597732020; cv=none; d=zohomail.com; s=zohoarc; b=PytdHmPJ57pHohlHOLxZDxTP6Sz0sYwKBaLzFkWueUi/jzR42y6M3mPyLLgHoaEx/SMv1I9MD9F0sst5Q+WBVYk0LLc1FQmRM/1Ab0/NpvfzPrURomIEzrc4uz7dxn3v+FCMcD4Le7R35SvXRwOg/0+Si8rFxKoOaPk75lSplsQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1597732020; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Id:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ihUDnRDiqQFSR0884LTpnAvcjAPBsdoFLl2lV/l1HzI=; b=SmzW6qhgzlhbI4FqSACMoJuDDCP6vYxeWGrX9ZKH7QS4NAo0mWYPxDEwKIckvrHcm8+lwB9bdt9GdlqNOOZmw5CTHwU+OON+RCgEamtxvUStgeQkQEYDwfTbQ/eIZGOwfFBGUjAF/dwvFauJgU2kSXzGEdLrgpe4vmaJToHcaVc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+64362+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1597732020784647.123709723212; Mon, 17 Aug 2020 23:27:00 -0700 (PDT) Return-Path: X-Received: by 127.0.0.2 with SMTP id MsJMYY1788612xdv3Z3GfrGC; Mon, 17 Aug 2020 23:27:00 -0700 X-Received: from mga09.intel.com (mga09.intel.com []) by mx.groups.io with SMTP id smtpd.web12.60539.1597732018649595849 for ; Mon, 17 Aug 2020 23:26:59 -0700 IronPort-SDR: +xTdQFqEANwWL+nOQzLXQ5sBkaiJRWJ/i4sX+meg7NiH5OcRkfVjzKgsO7iHtQH5D9K9Imk0TG mFbywriZfuaA== X-IronPort-AV: E=McAfee;i="6000,8403,9716"; a="155932702" X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="155932702" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Aug 2020 23:26:37 -0700 IronPort-SDR: EUvhR3hgxH0NgY1Hsi7PNz8LO34ewCgGR/ZfkYZhLiCQn8sNjp+DrENN9CfZNURd6SuRVsMW7N 6x1ePBI+RwfQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="441118218" X-Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.158.153]) by orsmga004.jf.intel.com with ESMTP; 17 Aug 2020 23:26:36 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Qi Zhang , Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng Subject: [edk2-devel] [PATCH v4 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib Date: Tue, 18 Aug 2020 14:26:18 +0800 Message-Id: <20200818062618.3698-9-qi1.zhang@intel.com> In-Reply-To: <20200818062618.3698-1-qi1.zhang@intel.com> References: <20200818062618.3698-1-qi1.zhang@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,qi1.zhang@intel.com X-Gm-Message-State: KNchvHvoT72TJMwXiStsfFQWx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1597732020; bh=C4EIEn+AF4oOQyfBoIG2dK/wT3kO44Bzh/PnNf+7Xjg=; h=Cc:Date:From:Reply-To:Subject:To; b=vbV2qfexqY4UULTgX7v2FwTufOCntqL+hcyWw22lZdUiv6WEc7vYsrLHR0+iEJO2Bfo sk/pfmSSMU3N4kR9XIrx9UL76QDcrsl9uySVa6HJL++jGwHRWqlPU7HpHs2ORpe093cPC V1fXlkF2Ggg4Fh0kQssXwdD3UPdNa6Ph260= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Signed-off-by: Qi Zhang Reviewed-by: Chasel Chiu --- IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2Wrapper= Pkg/IntelFsp2WrapperPkg.dsc index aa2eb26c33..738342b69b 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc @@ -52,6 +52,8 @@ PlatformSecLib|IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSa= mple/SecFspWrapperPlatformSecLibSample.inf FspWrapperHobProcessLib|IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProc= essLibSample/PeiFspWrapperHobProcessLibSample.inf =20 + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + [LibraryClasses.common.PEIM,LibraryClasses.common.PEI_CORE] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/Pei= ServicesTablePointerLib.inf @@ -60,6 +62,8 @@ HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasure= mentLib.inf TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo= gRecordLib.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRou= terPei.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf =20 [LibraryClasses.common.DXE_DRIVER] UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry= Point.inf --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64362): https://edk2.groups.io/g/devel/message/64362 Mute This Topic: https://groups.io/mt/76260215/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-