From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>, Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH 2/6] SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event.
Date: Tue, 31 Dec 2019 14:44:08 +0800 [thread overview]
Message-ID: <20191231064412.22988-3-jiewen.yao@intel.com> (raw)
In-Reply-To: <20191231064412.22988-1-jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439
The TCG2 DXE supports to parse the 800-155 event GUID from PEI
and puts to the beginning of the TCG2 event.
The TCG2 DXE also supports a DXE driver produces 800-155 event
and let TCG2 DXE driver record.
The 800-155 is a NO-ACTION event which does not need extend
anything to TPM2. The TCG2 DXE also supports that.
Multiple 800-155 events are supported. All of them will be put
to the beginning of the TCG2 event, just after the SpecId event.
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 157 +++++++++++++++++++++++-----
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 +
2 files changed, 129 insertions(+), 29 deletions(-)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 3cd16c2fa3..b185b56703 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -75,6 +75,7 @@ typedef struct {
UINT8 *LastEvent;
BOOLEAN EventLogStarted;
BOOLEAN EventLogTruncated;
+ UINTN Next800155EventOffset;
} TCG_EVENT_LOG_AREA_STRUCT;
typedef struct _TCG_DXE_DATA {
@@ -771,16 +772,42 @@ Tcg2GetEventLog (
return EFI_SUCCESS;
}
+/*
+ Return if this is a Tcg800155PlatformIdEvent.
+
+ @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
+ @param[in] NewEventHdrSize New event header size.
+ @param[in] NewEventData Pointer to the new event data.
+ @param[in] NewEventSize New event data size.
+
+ @retval TRUE This is a Tcg800155PlatformIdEvent.
+ @retval FALSE This is NOT a Tcg800155PlatformIdEvent.
+
+*/
+BOOLEAN
+Is800155Event (
+ IN VOID *NewEventHdr,
+ IN UINT32 NewEventHdrSize,
+ IN UINT8 *NewEventData,
+ IN UINT32 NewEventSize
+ )
+{
+ if ((((TCG_PCR_EVENT2_HDR *)NewEventHdr)->EventType == EV_NO_ACTION) &&
+ (NewEventSize >= sizeof(TCG_Sp800_155_PlatformId_Event2)) &&
+ (CompareMem (NewEventData, TCG_Sp800_155_PlatformId_Event2_SIGNATURE, sizeof(TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1) == 0)) {
+ return TRUE;
+ }
+ return FALSE;
+}
+
/**
Add a new entry to the Event Log.
- @param[in, out] EventLogPtr Pointer to the Event Log data.
- @param[in, out] LogSize Size of the Event Log.
- @param[in] MaxSize Maximum size of the Event Log.
- @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
- @param[in] NewEventHdrSize New event header size.
- @param[in] NewEventData Pointer to the new event data.
- @param[in] NewEventSize New event data size.
+ @param[in, out] EventLogAreaStruct The event log area data structure
+ @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
+ @param[in] NewEventHdrSize New event header size.
+ @param[in] NewEventData Pointer to the new event data.
+ @param[in] NewEventSize New event data size.
@retval EFI_SUCCESS The new event log entry was added.
@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
@@ -788,9 +815,7 @@ Tcg2GetEventLog (
**/
EFI_STATUS
TcgCommLogEvent (
- IN OUT UINT8 **EventLogPtr,
- IN OUT UINTN *LogSize,
- IN UINTN MaxSize,
+ IN OUT TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct,
IN VOID *NewEventHdr,
IN UINT32 NewEventHdrSize,
IN UINT8 *NewEventData,
@@ -798,6 +823,7 @@ TcgCommLogEvent (
)
{
UINTN NewLogSize;
+ BOOLEAN Record800155Event;
if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) {
return EFI_OUT_OF_RESOURCES;
@@ -805,23 +831,55 @@ TcgCommLogEvent (
NewLogSize = NewEventHdrSize + NewEventSize;
- if (NewLogSize > MAX_ADDRESS - *LogSize) {
+ if (NewLogSize > MAX_ADDRESS - EventLogAreaStruct->EventLogSize) {
return EFI_OUT_OF_RESOURCES;
}
- if (NewLogSize + *LogSize > MaxSize) {
- DEBUG ((EFI_D_INFO, " MaxSize - 0x%x\n", MaxSize));
- DEBUG ((EFI_D_INFO, " NewLogSize - 0x%x\n", NewLogSize));
- DEBUG ((EFI_D_INFO, " LogSize - 0x%x\n", *LogSize));
- DEBUG ((EFI_D_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES));
+ if (NewLogSize + EventLogAreaStruct->EventLogSize > EventLogAreaStruct->Laml) {
+ DEBUG ((DEBUG_INFO, " Laml - 0x%x\n", EventLogAreaStruct->Laml));
+ DEBUG ((DEBUG_INFO, " NewLogSize - 0x%x\n", NewLogSize));
+ DEBUG ((DEBUG_INFO, " LogSize - 0x%x\n", EventLogAreaStruct->EventLogSize));
+ DEBUG ((DEBUG_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES));
return EFI_OUT_OF_RESOURCES;
}
- *EventLogPtr += *LogSize;
- *LogSize += NewLogSize;
- CopyMem (*EventLogPtr, NewEventHdr, NewEventHdrSize);
+ //
+ // Check 800-155 event
+ // Record to 800-155 event offset only.
+ // If the offset is 0, no need to record.
+ //
+ Record800155Event = Is800155Event (NewEventHdr, NewEventHdrSize, NewEventData, NewEventSize);
+ if (Record800155Event) {
+ if (EventLogAreaStruct->Next800155EventOffset != 0) {
+ CopyMem (
+ (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset + NewLogSize,
+ (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset,
+ EventLogAreaStruct->EventLogSize - EventLogAreaStruct->Next800155EventOffset
+ );
+
+ CopyMem (
+ (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset,
+ NewEventHdr,
+ NewEventHdrSize
+ );
+ CopyMem (
+ (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset + NewEventHdrSize,
+ NewEventData,
+ NewEventSize
+ );
+
+ EventLogAreaStruct->Next800155EventOffset += NewLogSize;
+ EventLogAreaStruct->LastEvent += NewLogSize;
+ EventLogAreaStruct->EventLogSize += NewLogSize;
+ }
+ return EFI_SUCCESS;
+ }
+
+ EventLogAreaStruct->LastEvent = (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->EventLogSize;
+ EventLogAreaStruct->EventLogSize += NewLogSize;
+ CopyMem (EventLogAreaStruct->LastEvent, NewEventHdr, NewEventHdrSize);
CopyMem (
- *EventLogPtr + NewEventHdrSize,
+ EventLogAreaStruct->LastEvent + NewEventHdrSize,
NewEventData,
NewEventSize
);
@@ -873,11 +931,8 @@ TcgDxeLogEvent (
return EFI_VOLUME_FULL;
}
- EventLogAreaStruct->LastEvent = (UINT8*)(UINTN)EventLogAreaStruct->Lasa;
Status = TcgCommLogEvent (
- &EventLogAreaStruct->LastEvent,
- &EventLogAreaStruct->EventLogSize,
- (UINTN)EventLogAreaStruct->Laml,
+ EventLogAreaStruct,
NewEventHdr,
NewEventHdrSize,
NewEventData,
@@ -907,11 +962,8 @@ TcgDxeLogEvent (
return EFI_VOLUME_FULL;
}
- EventLogAreaStruct->LastEvent = (UINT8*)(UINTN)EventLogAreaStruct->Lasa;
Status = TcgCommLogEvent (
- &EventLogAreaStruct->LastEvent,
- &EventLogAreaStruct->EventLogSize,
- (UINTN)EventLogAreaStruct->Laml,
+ EventLogAreaStruct,
NewEventHdr,
NewEventHdrSize,
NewEventData,
@@ -1138,11 +1190,25 @@ TcgDxeHashLogExtendEvent (
{
EFI_STATUS Status;
TPML_DIGEST_VALUES DigestList;
+ TCG_PCR_EVENT2_HDR NoActionEvent;
if (!mTcgDxeData.BsCap.TPMPresentFlag) {
return EFI_DEVICE_ERROR;
}
+ if (NewEventHdr->EventType == EV_NO_ACTION) {
+ //
+ // Do not do TPM extend for EV_NO_ACTION
+ //
+ Status = EFI_SUCCESS;
+ InitNoActionEvent (&NoActionEvent, NewEventHdr->EventSize);
+ if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) {
+ Status = TcgDxeLogHashEvent (&(NoActionEvent.Digests), NewEventHdr, NewEventData);
+ }
+
+ return Status;
+ }
+
Status = HashAndExtend (
NewEventHdr->PCRIndex,
HashData,
@@ -1202,7 +1268,13 @@ Tcg2HashLogExtendEvent (
DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent ...\n"));
- if ((This == NULL) || (DataToHash == 0) || (Event == NULL)) {
+ if ((This == NULL) || (Event == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+ //
+ // Do not check hash data size for EV_NO_ACTION event.
+ //
+ if ((Event->Header.EventType != EV_NO_ACTION) && (DataToHash == 0)) {
return EFI_INVALID_PARAMETER;
}
@@ -1487,6 +1559,7 @@ SetupEventLog (
}
mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa;
mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen);
+ mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset = 0;
if ((PcdGet8(PcdTpm2AcpiTableRev) >= 4) ||
(mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)) {
@@ -1577,6 +1650,30 @@ SetupEventLog (
(UINT8 *)TcgEfiSpecIdEventStruct,
SpecIdEvent.EventSize
);
+ //
+ // record the offset at the end of 800-155 event.
+ // the future 800-155 event can be inserted here.
+ //
+ mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset = mTcgDxeData.EventLogAreaStruct[Index].EventLogSize;
+
+ //
+ // Tcg800155PlatformIdEvent. Event format is TCG_PCR_EVENT2
+ //
+ GuidHob.Guid = GetFirstGuidHob (&gTcg800155PlatformIdEventHobGuid);
+ while (GuidHob.Guid != NULL) {
+ InitNoActionEvent(&NoActionEvent, GET_GUID_HOB_DATA_SIZE (GuidHob.Guid));
+
+ Status = TcgDxeLogEvent (
+ mTcg2EventInfo[Index].LogFormat,
+ &NoActionEvent,
+ sizeof(NoActionEvent.PCRIndex) + sizeof(NoActionEvent.EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof(NoActionEvent.EventSize),
+ GET_GUID_HOB_DATA (GuidHob.Guid),
+ GET_GUID_HOB_DATA_SIZE (GuidHob.Guid)
+ );
+
+ GuidHob.Guid = GET_NEXT_HOB (GuidHob);
+ GuidHob.Guid = GetNextGuidHob (&gTcg800155PlatformIdEventHobGuid, GuidHob.Guid);
+ }
//
// EfiStartupLocalityEvent. Event format is TCG_PCR_EVENT2
@@ -1643,6 +1740,7 @@ SetupEventLog (
mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa;
mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE;
mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = 0;
//
// Install to configuration table for EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
@@ -1663,6 +1761,7 @@ SetupEventLog (
mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = 0;
mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE;
mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = 0;
}
}
}
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
index 0127a31e97..576cf80d06 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -85,6 +85,7 @@
gTcgEvent2EntryHobGuid ## SOMETIMES_CONSUMES ## HOB
gTpm2StartupLocalityHobGuid ## SOMETIMES_CONSUMES ## HOB
+ gTcg800155PlatformIdEventHobGuid ## SOMETIMES_CONSUMES ## HOB
[Protocols]
gEfiTcg2ProtocolGuid ## PRODUCES
--
2.19.2.windows.1
next prev parent reply other threads:[~2019-12-31 6:44 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-31 6:44 [PATCH 0/6] TCG: Add TCG PFP rev 105 and 800-155 event support Yao, Jiewen
2019-12-31 6:44 ` [PATCH 1/6] SecurityPkg/Guid: Add TCG 800-155 event GUID definition Yao, Jiewen
2020-01-06 3:22 ` Wang, Jian J
2019-12-31 6:44 ` Yao, Jiewen [this message]
2020-01-06 5:59 ` [edk2-devel] [PATCH 2/6] SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event Wang, Jian J
2019-12-31 6:44 ` [PATCH 3/6] MdeModulePkg/Smbios: Done measure Smbios multiple times Yao, Jiewen
2020-01-02 11:01 ` Zeng, Star
2019-12-31 6:44 ` [PATCH 4/6] MdeModulePkg/dec: add PcdTcgPfpMeasurementRevision PCD Yao, Jiewen
2020-01-06 3:13 ` Wang, Jian J
2019-12-31 6:44 ` [PATCH 5/6] MdeModulePkg/Smbios: Add TCG PFP rev 105 support Yao, Jiewen
2020-01-02 11:09 ` Zeng, Star
2020-01-02 14:16 ` Yao, Jiewen
2020-01-03 0:54 ` Zeng, Star
2019-12-31 6:44 ` [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP " Yao, Jiewen
2020-01-06 5:33 ` Wang, Jian J
2020-01-06 5:53 ` Yao, Jiewen
2020-01-06 5:57 ` Wang, Jian J
2020-01-06 6:00 ` Yao, Jiewen
2020-01-02 0:11 ` [edk2-devel] [PATCH 0/6] TCG: Add TCG PFP rev 105 and 800-155 event support Liming Gao
2020-01-02 0:39 ` Yao, Jiewen
2020-01-06 6:11 ` Wang, Jian J
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191231064412.22988-3-jiewen.yao@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox