From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga05.intel.com (mga05.intel.com []) by mx.groups.io with SMTP id smtpd.web11.624.1577774690588916528 for ; Mon, 30 Dec 2019 22:44:51 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: jiewen.yao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Dec 2019 22:44:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,378,1571727600"; d="scan'208";a="419160702" Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.209.225]) by fmsmga005.fm.intel.com with ESMTP; 30 Dec 2019 22:44:36 -0800 From: "Yao, Jiewen" To: devel@edk2.groups.io Cc: Jian J Wang , Chao Zhang Subject: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support. Date: Tue, 31 Dec 2019 14:44:12 +0800 Message-Id: <20191231064412.22988-7-jiewen.yao@intel.com> X-Mailer: git-send-email 2.19.2.windows.1 In-Reply-To: <20191231064412.22988-1-jiewen.yao@intel.com> References: <20191231064412.22988-1-jiewen.yao@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439 Use EV_EFI_PLATFORM_FIRMWARE_BLOB2 if the TCG PFP revision is >= 105. Use FvName as the description for the FV. Cc: Jian J Wang Cc: Chao Zhang Signed-off-by: Jiewen Yao --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 91 ++++++++++++++++++++++++++--- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 2 + 2 files changed, 84 insertions(+), 9 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index 1565d4e402..7d99c7906a 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #define PERF_ID_TCG2_PEI 0x3080 @@ -78,6 +79,18 @@ EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; UINT32 mMeasuredMaxChildFvIndex = 0; UINT32 mMeasuredChildFvIndex = 0; +#pragma pack (1) + +#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(FV_HANDOFF_TABLE_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} FV_HANDOFF_TABLE_POINTERS2; + +#pragma pack () + /** Measure and record the Firmware Volume Information once FvInfoPPI install. @@ -447,6 +460,48 @@ MeasureCRTMVersion ( ); } +/* + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +*/ +VOID * +GetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >= MAX_ADDRESS) { + return NULL; + } + if (FvLength >= MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) { + return NULL; + } + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + /** Measure FV image. Add it into the measured FV list after the FV is measured successfully. @@ -469,6 +524,9 @@ MeasureFvImage ( UINT32 Index; EFI_STATUS Status; EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + FV_HANDOFF_TABLE_POINTERS2 FvBlob2; + VOID *EventData; + VOID *FvName; TCG_PCR_EVENT_HDR TcgEventHdr; UINT32 Instance; UINT32 Tpm2HashMask; @@ -571,6 +629,21 @@ MeasureFvImage ( TcgEventHdr.PCRIndex = 0; TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB; TcgEventHdr.EventSize = sizeof (FvBlob); + EventData = &FvBlob; + + if (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105) { + FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription); + CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof(FvBlob2.BlobDescription)); + FvName = GetFvName (FvBase, FvLength); + if (FvName != NULL) { + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); + } + FvBlob2.BlobBase = FvBlob.BlobBase; + FvBlob2.BlobLength = FvBlob.BlobLength; + TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2; + TcgEventHdr.EventSize = sizeof (FvBlob2); + EventData = &FvBlob2; + } if (Tpm2HashMask == 0) { // @@ -583,9 +656,9 @@ MeasureFvImage ( ); if (!EFI_ERROR(Status)) { - Status = LogHashEvent (&DigestList, &TcgEventHdr, (UINT8*) &FvBlob); - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase)); - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength)); + Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData); + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength)); } else if (Status == EFI_DEVICE_ERROR) { BuildGuidHob (&gTpmErrorHobGuid,0); REPORT_STATUS_CODE ( @@ -599,13 +672,13 @@ MeasureFvImage ( // Status = HashLogExtendEvent ( 0, - (UINT8*) (UINTN) FvBlob.BlobBase, - (UINTN) FvBlob.BlobLength, - &TcgEventHdr, - (UINT8*) &FvBlob + (UINT8*) (UINTN) FvBase, // HashData + (UINTN) FvLength, // HashDataLen + &TcgEventHdr, // EventHdr + EventData // EventData ); - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase)); - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength)); + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size: 0x%x\n", FvLength)); } if (EFI_ERROR(Status)) { diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf index 30f985b6ea..3d361e8859 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -54,6 +54,7 @@ MemoryAllocationLib ReportStatusCodeLib ResetSystemLib + PrintLib [Guids] gTcgEventEntryHobGuid ## PRODUCES ## HOB @@ -74,6 +75,7 @@ [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## SOMETIMES_CONSUMES -- 2.19.2.windows.1