From nobody Mon May 6 18:23:29 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+85038+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+85038+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1639709237; cv=none; d=zohomail.com; s=zohoarc; b=MtK0q71sdPGidNOhGPspLLvnUit/kbf0SfuTFYelyr43TRNhE7fwxguKNDsKyNgQhQoNpgy1s1XZZCC/ruGGX6nEOCx7B58Tj5UiFabnJ5u/auoCDYlI13muX9k73L7MHfV+QVHzxlYceVjv34c1tdyMsjIbAEDjD6Zb/ZT0hoY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639709237; h=Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Sender:Subject:To; bh=3feEhk837wm3JYmvoKkX02u3W8+gW1YAUcirGt0xgzI=; b=NqGlzGHGjp/EiLexffb+bt0eWRBjT1mBR5/majm+X8NrGs0P1RZ4KcTPoIbdno0M63X8E7te1t61LeC2u2l0Zk3kbM173YlP4Du439EgtUJv5eAxFGZ9rgBdLuJGgd8eEgMNBy6c0JZR20eVZ/Gej3x5UMSpK0OyBAi/fS+qFNI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+85038+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1639709237740920.0339984390388; Thu, 16 Dec 2021 18:47:17 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id D2DeYY1788612xEl78QVjazz; Thu, 16 Dec 2021 18:47:17 -0800 X-Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.1607.1639709236096934289 for ; Thu, 16 Dec 2021 18:47:16 -0800 X-IronPort-AV: E=McAfee;i="6200,9189,10200"; a="220344717" X-IronPort-AV: E=Sophos;i="5.88,213,1635231600"; d="scan'208";a="220344717" X-Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Dec 2021 18:47:15 -0800 X-IronPort-AV: E=Sophos;i="5.88,213,1635231600"; d="scan'208";a="568813050" X-Received: from fm73lab177-1.amr.corp.intel.com ([10.80.209.189]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Dec 2021 18:47:15 -0800 From: "Rodrigo Gonzalez del Cueto" To: devel@edk2.groups.io Cc: Rodrigo Gonzalez del Cueto , Jiewen Yao , Jian J Wang Subject: [edk2-devel] [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations Date: Thu, 16 Dec 2021 18:47:07 -0800 Message-Id: <20211217024707.1598-1-rodrigo.gonzalez.del.cueto@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,rodrigo.gonzalez.del.cueto@intel.com X-Gm-Message-State: lCQNAuM6JbIWZvdpAY9F3K9Xx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1639709237; bh=VohkAnA9TdQ35tRdNC8P2P9sDEz80rvDhJNwEY7oky8=; h=Cc:Date:From:Reply-To:Subject:To; b=Yv5rMaEIoZ4wMPypmf778V2sEHpheSbLY2yNvVVIogZHoWMoXnZoxThxSIpriKbOsoA Gm0CojiRP5Sln5Xz2fdwX6y6A66pSuamUv37MKdlbrpE4XsPtqkLpwW+47kW0Iq3p8qEI wZOc5JJQ4AXXB2Bu7u6aHtKp8+k6+PseQPg= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1639709238234100002 Content-Type: text/plain; charset="utf-8" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2858 In V2: Fixed patch format and uncrustify cleanup In V1: Add debug functionality to examine TPM extend operations performed by BIOS and inspect the PCR 00 value prior to any BIOS measurements. Signed-off-by: Rodrigo Gonzalez del Cueto Cc: Jiewen Yao Cc: Jian J Wang --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 33 +++++++++++++++++= ++++++++-------- SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 190 +++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++= ++++++++++++++++++++++- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 9 ++++++++- 3 files changed, 222 insertions(+), 10 deletions(-) diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Inc= lude/Library/Tpm2CommandLib.h index 2e83a2f474..a2fb97f18d 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -1,7 +1,7 @@ /** @file This library is used by other modules to send TPM2 command. =20 -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -503,9 +503,9 @@ Tpm2PcrExtend ( EFI_STATUS EFIAPI Tpm2PcrEvent ( - IN TPMI_DH_PCR PcrHandle, - IN TPM2B_EVENT *EventData, - OUT TPML_DIGEST_VALUES *Digests + IN TPMI_DH_PCR PcrHandle, + IN TPM2B_EVENT *EventData, + OUT TPML_DIGEST_VALUES *Digests ); =20 /** @@ -522,10 +522,10 @@ Tpm2PcrEvent ( EFI_STATUS EFIAPI Tpm2PcrRead ( - IN TPML_PCR_SELECTION *PcrSelectionIn, - OUT UINT32 *PcrUpdateCounter, - OUT TPML_PCR_SELECTION *PcrSelectionOut, - OUT TPML_DIGEST *PcrValues + IN TPML_PCR_SELECTION *PcrSelectionIn, + OUT UINT32 *PcrUpdateCounter, + OUT TPML_PCR_SELECTION *PcrSelectionOut, + OUT TPML_DIGEST *PcrValues ); =20 /** @@ -1113,4 +1113,21 @@ GetDigestFromDigestList ( OUT VOID *Digest ); =20 +/** + This function will query the TPM to determine which hashing algorithms = and + get the digests of all active and supported PCR banks of a specific PCR= register. + + @param[in] PcrHandle The index of the PCR register to be read. + @param[out] HashList List of digests from PCR register being re= ad. + + @retval EFI_SUCCESS The Pcr was read successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrReadForActiveBank ( + IN TPMI_DH_PCR PcrHandle, + OUT TPML_DIGEST *HashList + ); + #endif diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityP= kg/Library/Tpm2CommandLib/Tpm2Integrity.c index 8dde5f34a2..94e93b2642 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c @@ -1,7 +1,7 @@ /** @file Implement TPM2 Integrity related command. =20 -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -138,6 +138,23 @@ Tpm2PcrExtend ( &Digests->digests[Index].digest, DigestSize ); + + DEBUG_CODE_BEGIN (); + UINTN Index2; + DEBUG (( + DEBUG_VERBOSE, + "Tpm2PcrExtend - Hash =3D 0x%04x, Pcr[%02d], digest =3D ", + Digests->digests[Index].hashAlg, + (UINT8)PcrHandle + )); + + for (Index2 =3D 0; Index2 < DigestSize; Index2++) { + DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2])); + } + + DEBUG ((DEBUG_VERBOSE, "\n")); + DEBUG_CODE_END (); + Buffer +=3D DigestSize; } =20 @@ -172,6 +189,11 @@ Tpm2PcrExtend ( return EFI_DEVICE_ERROR; } =20 + DEBUG_CODE_BEGIN (); + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n")); + Tpm2PcrReadForActiveBank (PcrHandle, NULL); + DEBUG_CODE_END (); + // // Unmarshal the response // @@ -705,3 +727,169 @@ Done: ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac)); return Status; } + +/** + This function will query the TPM to determine which hashing algorithms = and + get the digests of all active and supported PCR banks of a specific PCR= register. + + @param[in] PcrHandle The index of the PCR register to be read. + @param[out] HashList List of digests from PCR register being re= ad. + + @retval EFI_SUCCESS The Pcr was read successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrReadForActiveBank ( + IN TPMI_DH_PCR PcrHandle, + OUT TPML_DIGEST *HashList + ) +{ + EFI_STATUS Status; + TPML_PCR_SELECTION Pcrs; + TPML_PCR_SELECTION PcrSelectionIn; + TPML_PCR_SELECTION PcrSelectionOut; + TPML_DIGEST PcrValues; + UINT32 PcrUpdateCounter; + UINT8 PcrIndex; + UINT32 TpmHashAlgorithmBitmap; + TPMI_ALG_HASH CurrentPcrBankHash; + UINT32 ActivePcrBanks; + UINT32 TcgRegistryHashAlg; + UINTN Index; + UINTN Index2; + + PcrIndex =3D (UINT8)PcrHandle; + + if ((PcrIndex < 0) || + (PcrIndex >=3D IMPLEMENTATION_PCR)) + { + return EFI_INVALID_PARAMETER; + } + + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn)); + ZeroMem (&PcrUpdateCounter, sizeof (UINT32)); + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut)); + ZeroMem (&PcrValues, sizeof (PcrValues)); + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); + + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex)); + + // + // Read TPM capabilities + // + Status =3D Tpm2GetCapabilityPcrs (&Pcrs); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n")); + return EFI_DEVICE_ERROR; + } + + // + // Get Active Pcrs + // + Status =3D Tpm2GetCapabilitySupportedAndActivePcrs ( + &TpmHashAlgorithmBitmap, + &ActivePcrBanks + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and act= ive PCRs\n")); + return EFI_DEVICE_ERROR; + } + + // + // Select from Active PCRs + // + for (Index =3D 0; Index < Pcrs.count; Index++) { + CurrentPcrBankHash =3D Pcrs.pcrSelections[Index].hash; + + switch (CurrentPcrBankHash) { + case TPM_ALG_SHA1: + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n")); + TcgRegistryHashAlg =3D HASH_ALG_SHA1; + break; + case TPM_ALG_SHA256: + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n")); + TcgRegistryHashAlg =3D HASH_ALG_SHA256; + break; + case TPM_ALG_SHA384: + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n")); + TcgRegistryHashAlg =3D HASH_ALG_SHA384; + break; + case TPM_ALG_SHA512: + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n")); + TcgRegistryHashAlg =3D HASH_ALG_SHA512; + break; + case TPM_ALG_SM3_256: + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n")); + TcgRegistryHashAlg =3D HASH_ALG_SM3_256; + break; + default: + // + // Unsupported algorithm + // + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n")); + TcgRegistryHashAlg =3D 0; + break; + } + + // + // Skip unsupported and inactive PCR banks + // + if ((TcgRegistryHashAlg & ActivePcrBanks) =3D=3D 0) { + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank: 0x%04= x\n", CurrentPcrBankHash)); + continue; + } + + // + // Select PCR from current active bank + // + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =3D Pc= rs.pcrSelections[Index].hash; + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =3D PC= R_SELECT_MAX; + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] =3D (P= crIndex < 8) ? 1 << PcrIndex : 0; + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] =3D (P= crIndex > 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0; + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] =3D (P= crIndex > 15) ? 1 << (PcrIndex - 16) : 0; + PcrSelectionIn.count++; + } + + // + // Read PCRs + // + Status =3D Tpm2PcrRead ( + &PcrSelectionIn, + &PcrUpdateCounter, + &PcrSelectionOut, + &PcrValues + ); + + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead failed Status =3D %r \n", Status)); + return EFI_DEVICE_ERROR; + } + + for (Index =3D 0; Index < PcrValues.count; Index++) { + DEBUG (( + DEBUG_INFO, + "ReadPcr - HashAlg =3D 0x%04x, Pcr[%02d], digest =3D ", + PcrSelectionOut.pcrSelections[Index].hash, + PcrIndex + )); + + for (Index2 =3D 0; Index2 < PcrValues.digests[Index].size; Index2++) { + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]= )); + } + + DEBUG ((DEBUG_INFO, "\n")); + } + + if (HashList !=3D NULL) { + CopyMem ( + HashList, + &PcrValues, + sizeof (TPML_DIGEST) + ); + } + + return EFI_SUCCESS; +} diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index a97a4e7f2d..622989aff3 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -1,7 +1,7 @@ /** @file Initialize TPM2 device and measure FVs before handing off control to DXE. =20 -Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.
Copyright (c) 2017, Microsoft Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 @@ -1106,6 +1106,13 @@ PeimEntryMA ( } } =20 + DEBUG_CODE_BEGIN (); + // + // Peek into TPM PCR 00 before any BIOS measurement. + // + Tpm2PcrReadForActiveBank (00, NULL); + DEBUG_CODE_END (); + // // Only install TpmInitializedPpi on success // --=20 2.26.2.windows.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#85038): https://edk2.groups.io/g/devel/message/85038 Mute This Topic: https://groups.io/mt/87782211/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-