From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga05.intel.com (mga05.intel.com [])
 by mx.groups.io with SMTP id smtpd.web11.624.1577774690588916528
 for <devel@edk2.groups.io>;
 Mon, 30 Dec 2019 22:44:51 -0800
Authentication-Results: mx.groups.io;
 dkim=missing; spf=fail (domain: intel.com, ip: <nil>, mailfrom: jiewen.yao@intel.com)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
  by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Dec 2019 22:44:39 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.69,378,1571727600"; 
   d="scan'208";a="419160702"
Received: from jyao1-mobl2.ccr.corp.intel.com ([10.254.209.225])
  by fmsmga005.fm.intel.com with ESMTP; 30 Dec 2019 22:44:36 -0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: devel@edk2.groups.io
Cc: Jian J Wang <jian.j.wang@intel.com>,
	Chao Zhang <chao.b.zhang@intel.com>
Subject: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
Date: Tue, 31 Dec 2019 14:44:12 +0800
Message-Id: <20191231064412.22988-7-jiewen.yao@intel.com>
X-Mailer: git-send-email 2.19.2.windows.1
In-Reply-To: <20191231064412.22988-1-jiewen.yao@intel.com>
References: <20191231064412.22988-1-jiewen.yao@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439

Use EV_EFI_PLATFORM_FIRMWARE_BLOB2 if the TCG PFP revision is >= 105.
Use FvName as the description for the FV.

Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c   | 91 ++++++++++++++++++++++++++---
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf |  2 +
 2 files changed, 84 insertions(+), 9 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 1565d4e402..7d99c7906a 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/MemoryAllocationLib.h>
 #include <Library/ReportStatusCodeLib.h>
 #include <Library/ResetSystemLib.h>
+#include <Library/PrintLib.h>
 
 #define PERF_ID_TCG2_PEI  0x3080
 
@@ -78,6 +79,18 @@ EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;
 UINT32 mMeasuredMaxChildFvIndex = 0;
 UINT32 mMeasuredChildFvIndex = 0;
 
+#pragma pack (1)
+
+#define FV_HANDOFF_TABLE_DESC  "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
+typedef struct {
+  UINT8                             BlobDescriptionSize;
+  UINT8                             BlobDescription[sizeof(FV_HANDOFF_TABLE_DESC)];
+  EFI_PHYSICAL_ADDRESS              BlobBase;
+  UINT64                            BlobLength;
+} FV_HANDOFF_TABLE_POINTERS2;
+
+#pragma pack ()
+
 /**
   Measure and record the Firmware Volume Information once FvInfoPPI install.
 
@@ -447,6 +460,48 @@ MeasureCRTMVersion (
            );
 }
 
+/*
+  Get the FvName from the FV header.
+
+  Causion: The FV is untrusted input.
+
+  @param[in]  FvBase            Base address of FV image.
+  @param[in]  FvLength          Length of FV image.
+
+  @return FvName pointer
+  @retval NULL   FvName is NOT found
+*/
+VOID *
+GetFvName (
+  IN EFI_PHYSICAL_ADDRESS           FvBase,
+  IN UINT64                         FvLength
+  )
+{
+  EFI_FIRMWARE_VOLUME_HEADER      *FvHeader;
+  EFI_FIRMWARE_VOLUME_EXT_HEADER  *FvExtHeader;
+
+  if (FvBase >= MAX_ADDRESS) {
+    return NULL;
+  }
+  if (FvLength >= MAX_ADDRESS - FvBase) {
+    return NULL;
+  }
+  if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
+    return NULL;
+  }
+
+  FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
+  if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
+    return NULL;
+  }
+  if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
+    return NULL;
+  }
+  FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
+
+  return &FvExtHeader->FvName;
+}
+
 /**
   Measure FV image.
   Add it into the measured FV list after the FV is measured successfully.
@@ -469,6 +524,9 @@ MeasureFvImage (
   UINT32                                                Index;
   EFI_STATUS                                            Status;
   EFI_PLATFORM_FIRMWARE_BLOB                            FvBlob;
+  FV_HANDOFF_TABLE_POINTERS2                            FvBlob2;
+  VOID                                                  *EventData;
+  VOID                                                  *FvName;
   TCG_PCR_EVENT_HDR                                     TcgEventHdr;
   UINT32                                                Instance;
   UINT32                                                Tpm2HashMask;
@@ -571,6 +629,21 @@ MeasureFvImage (
   TcgEventHdr.PCRIndex  = 0;
   TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
   TcgEventHdr.EventSize = sizeof (FvBlob);
+  EventData             = &FvBlob;
+
+  if (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105) {
+    FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
+    CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof(FvBlob2.BlobDescription));
+    FvName = GetFvName (FvBase, FvLength);
+    if (FvName != NULL) {
+      AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
+    }
+    FvBlob2.BlobBase      = FvBlob.BlobBase;
+    FvBlob2.BlobLength    = FvBlob.BlobLength;
+    TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
+    TcgEventHdr.EventSize = sizeof (FvBlob2);
+    EventData             = &FvBlob2;
+  }
 
   if (Tpm2HashMask == 0) {
     //
@@ -583,9 +656,9 @@ MeasureFvImage (
                );
 
     if (!EFI_ERROR(Status)) {
-       Status = LogHashEvent (&DigestList, &TcgEventHdr, (UINT8*) &FvBlob);
-       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase));
-       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength));
+       Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData);
+       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase));
+       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength));
     } else if (Status == EFI_DEVICE_ERROR) {
       BuildGuidHob (&gTpmErrorHobGuid,0);
       REPORT_STATUS_CODE (
@@ -599,13 +672,13 @@ MeasureFvImage (
     //
     Status = HashLogExtendEvent (
                0,
-               (UINT8*) (UINTN) FvBlob.BlobBase,
-               (UINTN) FvBlob.BlobLength,
-               &TcgEventHdr,
-               (UINT8*) &FvBlob
+               (UINT8*) (UINTN) FvBase, // HashData
+               (UINTN) FvLength,        // HashDataLen
+               &TcgEventHdr,            // EventHdr
+               EventData                // EventData
                );
-    DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase));
-    DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength));
+    DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x%x\n", FvBase));
+    DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size: 0x%x\n", FvLength));
   }
 
   if (EFI_ERROR(Status)) {
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
index 30f985b6ea..3d361e8859 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -54,6 +54,7 @@
   MemoryAllocationLib
   ReportStatusCodeLib
   ResetSystemLib
+  PrintLib
 
 [Guids]
   gTcgEventEntryHobGuid                                                ## PRODUCES               ## HOB
@@ -74,6 +75,7 @@
 
 [Pcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString              ## SOMETIMES_CONSUMES
+  gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision          ## CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid                     ## CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy            ## CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy                  ## SOMETIMES_CONSUMES
-- 
2.19.2.windows.1