public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: devel@edk2.groups.io
Cc: Chao Zhang <chao.b.zhang@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	"Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>,
	Harry Han <harry.han@intel.com>
Subject: [PATCH 1/3] SecurityPkg: add definitions for OBB verification
Date: Sat,  8 Jun 2019 05:06:06 +0800	[thread overview]
Message-ID: <20190607210608.5632-2-jian.j.wang@intel.com> (raw)
In-Reply-To: <20190607210608.5632-1-jian.j.wang@intel.com>

https://bugzilla.tianocore.org/show_bug.cgi?id=1617

gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid should be installed by
platform to pass FV hash information to the common FV verify/report
driver, in which the hash value will be calculated again based on the
information fed in and then verified.

The information passed in this PPI include:
  - FVs location in flash and length
  - Hash values for different boot mode

The hash value must be calculated in following way (if 3 FVs to calc):

  FV1 -> Hash1
  FV2 -> Hash2
  FV3 -> Hash3
  Hash1 + Hash2 + Hash3 -> HashAll

Only HashAll is stored in this PPI. The purposes for this algorithm
are two:

  1. To report each FV's hash to TCG driver and verify HashAll at the
     same time without the burden to calculate the hash twice;
  2. To save hash value storage due to potential hardware limitation

Different boot mode may have its own hash value so that each mode can
decide which FV will be verified. For example, for the sake of performance,
S3 may choose to skip some FVs verification and normal boot will verify
all FVs it concerns.

So in this PPI, each FV information has flag to indicate which boot mode
it will be taken into hash calculation.

And if multiple hash values passed in this PPI, each has a flag to indicate
which boot mode it's used for. Note one hash value supports more than one
boot modes if they're just the same.

PcdStatusCodeFvVerificationPass and PcdStatusCodeFvVerificationFail are
introduced to report status back to platform, and platform can choose how
to act upon verification success and failure.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
Cc: Harry Han <harry.han@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
---
 .../Ppi/FirmwareVolumeInfoStoredHashFv.h      | 61 +++++++++++++++++++
 SecurityPkg/SecurityPkg.dec                   |  9 +++
 2 files changed, 70 insertions(+)
 create mode 100644 SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h

diff --git a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
new file mode 100644
index 0000000000..71d10728c5
--- /dev/null
+++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
@@ -0,0 +1,61 @@
+/** @file
+PPI to describe stored hash digest for FVs.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_H__
+#define __PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_H__
+
+#include <Ppi/FirmwareVolumeInfoPrehashedFV.h>
+
+// {7F5E4E31-81B1-47E5-9E21-1E4B5BC2F61D}
+#define EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI_GUID \
+  {0x7f5e4e31, 0x81b1, 0x47e5, {0x9e, 0x21, 0x1e, 0x4b, 0x5b, 0xc2, 0xf6, 0x1d}}
+
+//
+// Hashed FV flags.
+//
+#define HASHED_FV_FLAG_REPORT_FV_INFO_PPI     0x0000000000000001
+#define HASHED_FV_FLAG_REPORT_FV_HOB          0x0000000000000002
+#define HASHED_FV_FLAG_VERIFIED_BOOT          0x0000000000000010
+#define HASHED_FV_FLAG_MEASURED_BOOT          0x0000000000000020
+#define HASHED_FV_FLAG_SKIP_ALL               0xFFFFFFFFFFFFFF00
+#define HASHED_FV_FLAG_SKIP_BOOT_MODE(Mode)   LShiftU64 (0x100, (Mode))
+
+#define HASHED_FV_MAX_NUMBER                  10
+
+#define FV_HASH_FLAG_BOOT_MODE(Mode)          LShiftU64 (1, (Mode))
+
+typedef struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI
+                EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI;
+
+typedef struct _HASHED_FV_INFO {
+  UINT32                  Base;
+  UINT32                  Length;
+  UINT64                  Flag;
+} HASHED_FV_INFO;
+
+typedef struct _FV_HASH_INFO {
+  UINT64                  HashFlag;
+  UINT16                  HashAlgoId;
+  UINT16                  HashSize;
+  UINT8                   Hash[64];
+} FV_HASH_INFO;
+
+//
+// PPI used to convey FVs and hash information of a specific platform.
+//
+struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
+  UINTN                   FvNumber;
+  HASHED_FV_INFO          FvInfo[HASHED_FV_MAX_NUMBER];
+  UINTN                   HashNumber;
+  FV_HASH_INFO            HashInfo[1];
+};
+
+extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid;
+
+#endif
+
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 3314f1854b..f0c0581b17 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -187,6 +187,9 @@
 
   ## Include/Ppi/FirmwareVolumeInfoPrehashedFV.h
   gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid = { 0x3ce1e631, 0x7008, 0x477c, { 0xad, 0xa7, 0x5d, 0xcf, 0xc7, 0xc1, 0x49, 0x4b } }
+ 
+  ## Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
+  gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid = {0x7f5e4e31, 0x81b1, 0x47e5, { 0x9e, 0x21, 0x1e, 0x4b, 0x5b, 0xc2, 0xf6, 0x1d } }
 
 #
 # [Error.gEfiSecurityPkgTokenSpaceGuid]
@@ -257,6 +260,12 @@
   # @ValidList  0x80000003 | 0x010D0000
   gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007
 
+  ## Progress Code for FV verification result.<BR><BR>
+  #  (EFI_SOFTWARE_PEI_MODULE | EFI_SUBCLASS_SPECIFIC | XXX)
+  # @Prompt Status Code for FV verification result
+  gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|UINT32|0x00010030
+  gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|UINT32|0x00010031
+
 [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
   ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>
   #  NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>
-- 
2.17.1.windows.2


  reply	other threads:[~2019-06-07 21:06 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-07 21:06 [PATCH 0/3] Common OBB verification feature Wang, Jian J
2019-06-07 21:06 ` Wang, Jian J [this message]
2019-06-07 21:06 ` [PATCH 2/3] SecurityPkg/FvReportPei: implement a common FV verifier and reporter Wang, Jian J
2019-06-07 21:06 ` [PATCH 3/3] SecurityPkg: add FvReportPei.inf in dsc for build validation Wang, Jian J

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190607210608.5632-2-jian.j.wang@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox