* [PATCH 0/6] Add capability to let PEIM extend TcgEvent
@ 2020-07-14 6:49 Qi Zhang
2020-07-14 6:49 ` [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
` (5 more replies)
0 siblings, 6 replies; 14+ messages in thread
From: Qi Zhang @ 2020-07-14 6:49 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Chao Zhang, Rahul Kumar
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Currently, we have TCG/TCG2 protocol and DxeTpmMeasurementLib to let DXE
module extend the TCG event.
There is more and more use case in PEI phase that a PEIM need extend TCG
event, such as BootGuard, FSP, Microcode measurement. Currently, we dont
have API to do that so that each module need create TCG/TCG2 event log,
which is a burden.
This bugzilla requests to add PeiTpmMeasurementLib instance.
The implementation includes:
1) A EDKII_TCG_PPI which abstracts the HashLogExtendEvent service.
2) A PeiTpmMeasurementLib instance, so that a PEIM can call this API to
add TCG event.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Jiewen Yao (6):
SecurityPkg/TcgPpi: Add TcgPpi header file.
SecurityPkg/dec: Add TcgPpi.
SecurityPkg/Tcg: Add TcgPpi
SecurityPkg/Tcg2: Add TcgPpi
SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
SecurityPkg/dsc: Add PeiTpmMeasurementLib.
SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++
.../PeiTpmMeasurementLib.c | 73 +++++++++++++++++++
.../PeiTpmMeasurementLib.inf | 50 +++++++++++++
.../PeiTpmMeasurementLib.uni | 17 +++++
SecurityPkg/SecurityPkg.dec | 3 +
SecurityPkg/SecurityPkg.dsc | 4 +-
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 61 +++++++++++++---
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 3 +-
SecurityPkg/Tcg/TcgPei/TcgPei.c | 53 +++++++++++++-
SecurityPkg/Tcg/TcgPei/TcgPei.inf | 3 +-
10 files changed, 301 insertions(+), 16 deletions(-)
create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
--
2.26.2.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
2020-07-14 6:49 [PATCH 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
@ 2020-07-14 6:49 ` Qi Zhang
2020-07-15 5:08 ` Yao, Jiewen
2020-07-14 6:49 ` [PATCH 2/6] SecurityPkg/dec: Add TcgPpi Qi Zhang
` (4 subsequent siblings)
5 siblings, 1 reply; 14+ messages in thread
From: Qi Zhang @ 2020-07-14 6:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Chao Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
new file mode 100644
index 0000000000..4eacd57166
--- /dev/null
+++ b/SecurityPkg/Include/Ppi/Tcg.h
@@ -0,0 +1,50 @@
+/** @file
+ TCG PPI services.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _TCG_PPI_H_
+#define _TCG_PPI_H_
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
+
+/**
+ Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+ @param[in] This Indicates the calling context
+ @param[in] HashData Physical address of the start of the data buffer
+ to be hashed, extended, and logged.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
+ @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
+ @param[in] NewEventData Pointer to the new event data.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
+ IN EDKII_TCG_PPI *This,
+ IN UINT8 *HashData,
+ IN UINTN HashDataLen,
+ IN TCG_PCR_EVENT_HDR *NewEventHdr,
+ IN UINT8 *NewEventData
+ );
+
+///
+/// The EFI_TCG Protocol abstracts TCG activity.
+///
+struct _EDKII_TCG_PPI {
+ EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
+};
+
+extern EFI_GUID gEdkiiTcgPpiGuid;
+
+#endif
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 2/6] SecurityPkg/dec: Add TcgPpi.
2020-07-14 6:49 [PATCH 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
2020-07-14 6:49 ` [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
@ 2020-07-14 6:49 ` Qi Zhang
2020-07-14 6:49 ` [PATCH 3/6] SecurityPkg/Tcg: " Qi Zhang
` (3 subsequent siblings)
5 siblings, 0 replies; 14+ messages in thread
From: Qi Zhang @ 2020-07-14 6:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Chao Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/SecurityPkg.dec | 3 +++
1 file changed, 3 insertions(+)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 79d46308ad..42fc48cc1f 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -203,6 +203,9 @@
## Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid = {0x7f5e4e31, 0x81b1, 0x47e5, { 0x9e, 0x21, 0x1e, 0x4b, 0x5b, 0xc2, 0xf6, 0x1d } }
+ ## Include/Ppi/Tcg.h
+ gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca, 0xc7, 0x17, 0x6c, 0xf1 } }
+
#
# [Error.gEfiSecurityPkgTokenSpaceGuid]
# 0x80000001 | Invalid value provided.
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 3/6] SecurityPkg/Tcg: Add TcgPpi
2020-07-14 6:49 [PATCH 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
2020-07-14 6:49 ` [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
2020-07-14 6:49 ` [PATCH 2/6] SecurityPkg/dec: Add TcgPpi Qi Zhang
@ 2020-07-14 6:49 ` Qi Zhang
2020-07-14 6:49 ` [PATCH 4/6] SecurityPkg/Tcg2: " Qi Zhang
` (2 subsequent siblings)
5 siblings, 0 replies; 14+ messages in thread
From: Qi Zhang @ 2020-07-14 6:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Chao Zhang, Qi Zhang, Rahul Kumar
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Tcg/TcgPei/TcgPei.c | 53 ++++++++++++++++++++++++++++---
SecurityPkg/Tcg/TcgPei/TcgPei.inf | 3 +-
2 files changed, 51 insertions(+), 5 deletions(-)
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c
index a9a808c9ec..193d96b640 100644
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.c
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c
@@ -1,7 +1,7 @@
/** @file
Initialize TPM device and measure FVs before handing off control to DXE.
-Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Ppi/FirmwareVolume.h>
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
+#include <Ppi/Tcg.h>
#include <Guid/TcgEventHob.h>
#include <Guid/MeasuredFvHob.h>
@@ -51,6 +52,43 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
NULL
};
+/**
+ Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
+ and build a GUIDed HOB recording the event which will be passed to the DXE phase and
+ added into the Event Log.
+
+ @param[in] This Indicates the calling context
+ @param[in] HashData Physical address of the start of the data buffer
+ to be hashed, extended, and logged.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
+ @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
+ @param[in] NewEventData Pointer to the new event data.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+
+**/
+EFI_STATUS
+EFIAPI
+HashLogExtendEvent (
+ IN EDKII_TCG_PPI *This,
+ IN UINT8 *HashData,
+ IN UINTN HashDataLen,
+ IN TCG_PCR_EVENT_HDR *NewEventHdr,
+ IN UINT8 *NewEventData
+ );
+
+EDKII_TCG_PPI mEdkiiTcgPpi = {
+ HashLogExtendEvent
+};
+
+EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gEdkiiTcgPpiGuid,
+ &mEdkiiTcgPpi
+};
+
//
// Number of firmware blobs to grow by each time we run out of room
//
@@ -256,8 +294,9 @@ TpmCommHashAll (
**/
EFI_STATUS
+EFIAPI
HashLogExtendEvent (
- IN EFI_PEI_SERVICES **PeiServices,
+ IN EDKII_TCG_PPI *This,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
@@ -346,7 +385,7 @@ MeasureCRTMVersion (
TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
return HashLogExtendEvent (
- PeiServices,
+ &mEdkiiTcgPpi,
(UINT8*)PcdGetPtr (PcdFirmwareVersionString),
TcgEventHdr.EventSize,
&TcgEventHdr,
@@ -415,7 +454,7 @@ MeasureFvImage (
TcgEventHdr.EventSize = sizeof (FvBlob);
Status = HashLogExtendEvent (
- (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),
+ &mEdkiiTcgPpi,
(UINT8*) (UINTN) FvBlob.BlobBase,
(UINTN) FvBlob.BlobLength,
&TcgEventHdr,
@@ -744,6 +783,12 @@ PeimEntryMP (
Status = PeiServicesNotifyPpi (&mNotifyList[0]);
ASSERT_EFI_ERROR (Status);
+ //
+ // install Tcg Services
+ //
+ Status = PeiServicesInstallPpi (&mTcgPpiList);
+ ASSERT_EFI_ERROR (Status);
+
return Status;
}
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
index c0bff6e85e..4ab4edd657 100644
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
@@ -4,7 +4,7 @@
# This module will initialize TPM device, measure reported FVs and BIOS version.
# This module may also lock TPM physical presence and physicalPresenceLifetimeLock.
#
-# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -67,6 +67,7 @@
gPeiTpmInitializedPpiGuid ## SOMETIMES_PRODUCES
gPeiTpmInitializationDonePpiGuid ## PRODUCES
gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
+ gEdkiiTcgPpiGuid ## PRODUCES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock ## SOMETIMES_CONSUMES
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 4/6] SecurityPkg/Tcg2: Add TcgPpi
2020-07-14 6:49 [PATCH 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
` (2 preceding siblings ...)
2020-07-14 6:49 ` [PATCH 3/6] SecurityPkg/Tcg: " Qi Zhang
@ 2020-07-14 6:49 ` Qi Zhang
2020-07-14 6:49 ` [PATCH 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance Qi Zhang
2020-07-14 6:49 ` [PATCH 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib Qi Zhang
5 siblings, 0 replies; 14+ messages in thread
From: Qi Zhang @ 2020-07-14 6:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Chao Zhang, Qi Zhang, Rahul Kumar
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 61 ++++++++++++++++++++++++-----
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 3 +-
2 files changed, 54 insertions(+), 10 deletions(-)
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 19b8e4b318..1313bbc9e1 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -1,7 +1,7 @@
/** @file
Initialize TPM2 device and measure FVs before handing off control to DXE.
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
#include <Ppi/FirmwareVolumeInfoPrehashedFV.h>
+#include <Ppi/Tcg.h>
#include <Guid/TcgEventHob.h>
#include <Guid/MeasuredFvHob.h>
@@ -66,6 +67,43 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
NULL
};
+/**
+ Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
+ and build a GUIDed HOB recording the event which will be passed to the DXE phase and
+ added into the Event Log.
+
+ @param[in] This Indicates the calling context
+ @param[in] HashData Physical address of the start of the data buffer
+ to be hashed, extended, and logged.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
+ @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
+ @param[in] NewEventData Pointer to the new event data.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+
+**/
+EFI_STATUS
+EFIAPI
+HashLogExtendEvent (
+ IN EDKII_TCG_PPI *This,
+ IN UINT8 *HashData,
+ IN UINTN HashDataLen,
+ IN TCG_PCR_EVENT_HDR *NewEventHdr,
+ IN UINT8 *NewEventData
+ );
+
+EDKII_TCG_PPI mEdkiiTcgPpi = {
+ HashLogExtendEvent
+};
+
+EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gEdkiiTcgPpiGuid,
+ &mEdkiiTcgPpi
+};
+
//
// Number of firmware blobs to grow by each time we run out of room
//
@@ -375,7 +413,7 @@ LogHashEvent (
and build a GUIDed HOB recording the event which will be passed to the DXE phase and
added into the Event Log.
- @param[in] Flags Bitmap providing additional information.
+ @param[in] This Indicates the calling context
@param[in] HashData Physical address of the start of the data buffer
to be hashed, extended, and logged.
@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
@@ -388,8 +426,9 @@ LogHashEvent (
**/
EFI_STATUS
+EFIAPI
HashLogExtendEvent (
- IN UINT64 Flags,
+ IN EDKII_TCG_PPI *This,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
@@ -410,9 +449,7 @@ HashLogExtendEvent (
&DigestList
);
if (!EFI_ERROR (Status)) {
- if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) {
- Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
- }
+ Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
}
if (Status == EFI_DEVICE_ERROR) {
@@ -452,7 +489,7 @@ MeasureCRTMVersion (
TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
return HashLogExtendEvent (
- 0,
+ &mEdkiiTcgPpi,
(UINT8*)PcdGetPtr (PcdFirmwareVersionString),
TcgEventHdr.EventSize,
&TcgEventHdr,
@@ -672,7 +709,7 @@ MeasureFvImage (
// Hash the FV, extend digest to the TPM and log TCG event
//
Status = HashLogExtendEvent (
- 0,
+ &mEdkiiTcgPpi,
(UINT8*) (UINTN) FvBase, // HashData
(UINTN) FvLength, // HashDataLen
&TcgEventHdr, // EventHdr
@@ -866,6 +903,12 @@ PeimEntryMP (
Status = PeiServicesNotifyPpi (&mNotifyList[0]);
ASSERT_EFI_ERROR (Status);
+ //
+ // install Tcg Services
+ //
+ Status = PeiServicesInstallPpi (&mTcgPpiList);
+ ASSERT_EFI_ERROR (Status);
+
return Status;
}
@@ -893,7 +936,7 @@ MeasureSeparatorEventWithError (
TcgEvent.PCRIndex = PCRIndex;
TcgEvent.EventType = EV_SEPARATOR;
TcgEvent.EventSize = (UINT32)sizeof (EventData);
- return HashLogExtendEvent(0,(UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
+ return HashLogExtendEvent(&mEdkiiTcgPpi,(UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
}
/**
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
index 3d361e8859..f64b29f1ae 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -8,7 +8,7 @@
#
# This module will initialize TPM device, measure reported FVs and BIOS version.
#
-# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -72,6 +72,7 @@
gPeiTpmInitializationDonePpiGuid ## PRODUCES
gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## SOMETIMES_CONSUMES
+ gEdkiiTcgPpiGuid ## PRODUCES
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
2020-07-14 6:49 [PATCH 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
` (3 preceding siblings ...)
2020-07-14 6:49 ` [PATCH 4/6] SecurityPkg/Tcg2: " Qi Zhang
@ 2020-07-14 6:49 ` Qi Zhang
2020-07-14 6:49 ` [PATCH 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib Qi Zhang
5 siblings, 0 replies; 14+ messages in thread
From: Qi Zhang @ 2020-07-14 6:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Chao Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../PeiTpmMeasurementLib.c | 73 +++++++++++++++++++
.../PeiTpmMeasurementLib.inf | 50 +++++++++++++
.../PeiTpmMeasurementLib.uni | 17 +++++
3 files changed, 140 insertions(+)
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
new file mode 100644
index 0000000000..7db22c568e
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
@@ -0,0 +1,73 @@
+/** @file
+ This library is used by other modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/PeiServicesTablePointerLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/TpmMeasurementLib.h>
+
+#include <Ppi/Tcg.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+/**
+ Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TpmMeasureAndLogData (
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen
+ )
+{
+ EFI_STATUS Status;
+ EDKII_TCG_PPI *TcgPpi;
+ TCG_PCR_EVENT_HDR TcgEventHdr;
+
+ Status = PeiServicesLocatePpi(
+ &gEdkiiTcgPpiGuid,
+ 0,
+ NULL,
+ (VOID**)&TcgPpi
+ );
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ TcgEventHdr.PCRIndex = PcrIndex;
+ TcgEventHdr.EventType = EventType;
+ TcgEventHdr.EventSize = LogLen;
+
+ Status = TcgPpi->HashLogExtendEvent (
+ TcgPpi,
+ HashData,
+ (UINTN)HashDataLen,
+ &TcgEventHdr,
+ EventLog
+ );
+ return Status;
+}
diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
new file mode 100644
index 0000000000..6625d0fd01
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
@@ -0,0 +1,50 @@
+## @file
+# Provides TPM measurement functions for TPM1.2 and TPM 2.0
+#
+# This library provides TpmMeasureAndLogData() to measure and log data, and
+# extend the measurement result into a specific PCR.
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = PeiTpmMeasurementLib
+ FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
+ MODULE_TYPE = PEIM
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TpmMeasurementLib|PEIM
+ MODULE_UNI_FILE = PeiTpmMeasurementLib.uni
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ PeiTpmMeasurementLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ HobLib
+ DebugLib
+ PcdLib
+ PrintLib
+ PeiServicesLib
+ PeiServicesTablePointerLib
+
+[Ppis]
+ gEdkiiTcgPpiGuid ## CONSUMES
+
+[Depex]
+ gEfiPeiMasterBootModePpiGuid AND
+ gEfiTpmDeviceSelectedGuid
diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
new file mode 100644
index 0000000000..7b4341b449
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
@@ -0,0 +1,17 @@
+// /** @file
+// Provides TPM measurement functions for TPM1.2 and TPM 2.0
+//
+// This library provides TpmMeasureAndLogData() to to measure and log data, and
+// extend the measurement result into a specific PCR.
+//
+// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides TPM measurement functions for TPM1.2 and TPM 2.0"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library provides TpmMeasureAndLogData() to to measure and log data, and extend the measurement result into a specific PCR."
+
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib.
2020-07-14 6:49 [PATCH 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
` (4 preceding siblings ...)
2020-07-14 6:49 ` [PATCH 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance Qi Zhang
@ 2020-07-14 6:49 ` Qi Zhang
5 siblings, 0 replies; 14+ messages in thread
From: Qi Zhang @ 2020-07-14 6:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Chao Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/SecurityPkg.dsc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 53fce05353..28effe3eda 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -1,7 +1,7 @@
## @file
# Security Module Package for All Architectures.
#
-# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -96,6 +96,7 @@
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
[LibraryClasses.common.DXE_DRIVER]
@@ -234,6 +235,7 @@
SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf
+ SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
2020-07-14 6:49 ` [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
@ 2020-07-15 5:08 ` Yao, Jiewen
2020-07-15 5:53 ` Bret Barkelew
0 siblings, 1 reply; 14+ messages in thread
From: Yao, Jiewen @ 2020-07-15 5:08 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J
Thanks Qi.
I just thought one use case that a PEIM may already have a calculated hash (https://github.com/tianocore/edk2/blob/master/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c#L652)
We may need add a flag to support this pre-hash use case. Such as:
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags, // new field. BIT0 = 0 means HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash digest.
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
> 1 file changed, 50 insertions(+)
> create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> + TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] HashData Physical address of the start of the data buffer
>
> + to be hashed, extended, and logged.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
2020-07-15 5:08 ` Yao, Jiewen
@ 2020-07-15 5:53 ` Bret Barkelew
2020-07-15 14:45 ` Yao, Jiewen
[not found] ` <1621F444E3AD18DD.16458@groups.io>
0 siblings, 2 replies; 14+ messages in thread
From: Bret Barkelew @ 2020-07-15 5:53 UTC (permalink / raw)
To: devel@edk2.groups.io, Yao, Jiewen, Zhang, Qi1; +Cc: Wang, Jian J
[-- Attachment #1: Type: text/plain, Size: 4993 bytes --]
Since we’re working on early boot TCG interfaces, is this a good time to discuss a standard way to init the log with measurements made by the HW root of trust prior to Tcg2Pei? We were using a NULL lib and a registration pattern on the PEIM, but I’m open to other ideas, too. Thoughts?
- Bret
________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Yao, Jiewen via groups.io <jiewen.yao=intel.com@groups.io>
Sent: Tuesday, July 14, 2020 10:08:30 PM
To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Thanks Qi.
I just thought one use case that a PEIM may already have a calculated hash (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=V3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&reserved=0)
We may need add a flag to support this pre-hash use case. Such as:
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags, // new field. BIT0 = 0 means HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash digest.
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=VgWc2LNPqJRlBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&reserved=0
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
> 1 file changed, 50 insertions(+)
> create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> + TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] HashData Physical address of the start of the data buffer
>
> + to be hashed, extended, and logged.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
[-- Attachment #2: Type: text/html, Size: 9514 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
2020-07-15 5:53 ` Bret Barkelew
@ 2020-07-15 14:45 ` Yao, Jiewen
[not found] ` <1621F444E3AD18DD.16458@groups.io>
1 sibling, 0 replies; 14+ messages in thread
From: Yao, Jiewen @ 2020-07-15 14:45 UTC (permalink / raw)
To: Bret Barkelew, devel@edk2.groups.io, Zhang, Qi1; +Cc: Wang, Jian J
[-- Attachment #1: Type: text/plain, Size: 6016 bytes --]
Hi Bret
Do you have a full problem statement or Bugzilla?
If we are resolving same problem, we can resolve altogether.
If we are talking different problem, we can resolve one by one.
Thank you
Yao Jiewen
From: Bret Barkelew <Bret.Barkelew@microsoft.com>
Sent: Wednesday, July 15, 2020 1:53 PM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Since we're working on early boot TCG interfaces, is this a good time to discuss a standard way to init the log with measurements made by the HW root of trust prior to Tcg2Pei? We were using a NULL lib and a registration pattern on the PEIM, but I'm open to other ideas, too. Thoughts?
- Bret
________________________________
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Yao, Jiewen via groups.io <jiewen.yao=intel.com@groups.io<mailto:jiewen.yao=intel.com@groups.io>>
Sent: Tuesday, July 14, 2020 10:08:30 PM
To: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Thanks Qi.
I just thought one use case that a PEIM may already have a calculated hash (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=V3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&reserved=0)
We may need add a flag to support this pre-hash use case. Such as:
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags, // new field. BIT0 = 0 means HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash digest.
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>;
> Zhang, Chao B <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>
> REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=VgWc2LNPqJRlBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&reserved=0
>
> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> ---
> SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
> 1 file changed, 50 insertions(+)
> create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> + TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] HashData Physical address of the start of the data buffer
>
> + to be hashed, extended, and logged.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
[-- Attachment #2: Type: text/html, Size: 13985 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
[not found] ` <1621F444E3AD18DD.16458@groups.io>
@ 2020-07-15 15:20 ` Yao, Jiewen
2020-07-15 15:32 ` Bret Barkelew
0 siblings, 1 reply; 14+ messages in thread
From: Yao, Jiewen @ 2020-07-15 15:20 UTC (permalink / raw)
To: devel@edk2.groups.io, Yao, Jiewen, Bret Barkelew, Zhang, Qi1; +Cc: Wang, Jian J
[-- Attachment #1: Type: text/plain, Size: 6701 bytes --]
Maybe we can let TCG PEIM install the TCG_PPI *before* any measurement record, then the other PEIM can register a callback to record the HW ROT measurement ?
Thank you
Yao Jiewen
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Wednesday, July 15, 2020 10:45 PM
To: Bret Barkelew <Bret.Barkelew@microsoft.com>; devel@edk2.groups.io; Zhang, Qi1 <qi1.zhang@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Hi Bret
Do you have a full problem statement or Bugzilla?
If we are resolving same problem, we can resolve altogether.
If we are talking different problem, we can resolve one by one.
Thank you
Yao Jiewen
From: Bret Barkelew <Bret.Barkelew@microsoft.com<mailto:Bret.Barkelew@microsoft.com>>
Sent: Wednesday, July 15, 2020 1:53 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Since we're working on early boot TCG interfaces, is this a good time to discuss a standard way to init the log with measurements made by the HW root of trust prior to Tcg2Pei? We were using a NULL lib and a registration pattern on the PEIM, but I'm open to other ideas, too. Thoughts?
- Bret
________________________________
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Yao, Jiewen via groups.io <jiewen.yao=intel.com@groups.io<mailto:jiewen.yao=intel.com@groups.io>>
Sent: Tuesday, July 14, 2020 10:08:30 PM
To: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Thanks Qi.
I just thought one use case that a PEIM may already have a calculated hash (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=V3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&reserved=0)
We may need add a flag to support this pre-hash use case. Such as:
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags, // new field. BIT0 = 0 means HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash digest.
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>;
> Zhang, Chao B <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>
> REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=VgWc2LNPqJRlBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&reserved=0
>
> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> ---
> SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
> 1 file changed, 50 insertions(+)
> create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> + TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] HashData Physical address of the start of the data buffer
>
> + to be hashed, extended, and logged.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
[-- Attachment #2: Type: text/html, Size: 15357 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
2020-07-15 15:20 ` [edk2-devel] " Yao, Jiewen
@ 2020-07-15 15:32 ` Bret Barkelew
2020-08-04 5:05 ` Bret Barkelew
0 siblings, 1 reply; 14+ messages in thread
From: Bret Barkelew @ 2020-07-15 15:32 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io, Zhang, Qi1; +Cc: Wang, Jian J
[-- Attachment #1.1: Type: text/plain, Size: 8069 bytes --]
Yeah, that’s kinda what I was thinking. It seemed like there was a little of overlap that might eliminate the need for the extra libs (in our current solution).
I’ll try to get a more detailed problem statement today, but I think you’ve got the right idea there.
- Bret
From: Yao, Jiewen<mailto:jiewen.yao@intel.com>
Sent: Wednesday, July 15, 2020 8:20 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen<mailto:jiewen.yao@intel.com>; Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>; Zhang, Qi1<mailto:qi1.zhang@intel.com>
Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Maybe we can let TCG PEIM install the TCG_PPI *before* any measurement record, then the other PEIM can register a callback to record the HW ROT measurement ?
Thank you
Yao Jiewen
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Wednesday, July 15, 2020 10:45 PM
To: Bret Barkelew <Bret.Barkelew@microsoft.com>; devel@edk2.groups.io; Zhang, Qi1 <qi1.zhang@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Hi Bret
Do you have a full problem statement or Bugzilla?
If we are resolving same problem, we can resolve altogether.
If we are talking different problem, we can resolve one by one.
Thank you
Yao Jiewen
From: Bret Barkelew <Bret.Barkelew@microsoft.com<mailto:Bret.Barkelew@microsoft.com>>
Sent: Wednesday, July 15, 2020 1:53 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Since we’re working on early boot TCG interfaces, is this a good time to discuss a standard way to init the log with measurements made by the HW root of trust prior to Tcg2Pei? We were using a NULL lib and a registration pattern on the PEIM, but I’m open to other ideas, too. Thoughts?
- Bret
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Yao, Jiewen via groups.io <jiewen.yao=intel.com@groups.io<mailto:jiewen.yao=intel.com@groups.io>>
Sent: Tuesday, July 14, 2020 10:08:30 PM
To: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Thanks Qi.
I just thought one use case that a PEIM may already have a calculated hash (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=V3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Ca3cc389e4877469925b908d828d29353%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304232169737207&sdata=VDTTNcNL01cMZSpHYavgGqM6joheAJUyRORoHPtmP%2Bg%3D&reserved=0>)
We may need add a flag to support this pre-hash use case. Such as:
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags, // new field. BIT0 = 0 means HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash digest.
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>;
> Zhang, Chao B <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>
> REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=VgWc2LNPqJRlBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Ca3cc389e4877469925b908d828d29353%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304232169737207&sdata=r8HugQQoIjOs4DLJC%2BqmVid%2Fm0qQjAFmoorfVHclaXw%3D&reserved=0>
>
> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> ---
> SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
> 1 file changed, 50 insertions(+)
> create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> + TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] HashData Physical address of the start of the data buffer
>
> + to be hashed, extended, and logged.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
[-- Attachment #1.2: Type: text/html, Size: 15537 bytes --]
[-- Attachment #2: 76AE0D9036A443C7808A55E592A91C3C.png --]
[-- Type: image/png, Size: 146 bytes --]
[-- Attachment #3: 3004F414C7B14A0FB160EDFAE258936F.png --]
[-- Type: image/png, Size: 146 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
2020-07-15 15:32 ` Bret Barkelew
@ 2020-08-04 5:05 ` Bret Barkelew
2020-08-04 5:52 ` Yao, Jiewen
0 siblings, 1 reply; 14+ messages in thread
From: Bret Barkelew @ 2020-08-04 5:05 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io, Zhang, Qi1, Bret Barkelew; +Cc: Wang, Jian J
[-- Attachment #1.1: Type: text/plain, Size: 8845 bytes --]
The more I think about it, the more I like your idea of registering early and allowing a PPI notification callback.
Is that something we could get in this change, or would it be best to open a new BZ to track that request? Thanks!
- Bret
________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io>
Sent: Wednesday, July 15, 2020 8:32 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io <devel@edk2.groups.io>; Zhang, Qi1 <qi1.zhang@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Yeah, that’s kinda what I was thinking. It seemed like there was a little of overlap that might eliminate the need for the extra libs (in our current solution).
I’ll try to get a more detailed problem statement today, but I think you’ve got the right idea there.
- Bret
From: Yao, Jiewen<mailto:jiewen.yao@intel.com>
Sent: Wednesday, July 15, 2020 8:20 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen<mailto:jiewen.yao@intel.com>; Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>; Zhang, Qi1<mailto:qi1.zhang@intel.com>
Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Maybe we can let TCG PEIM install the TCG_PPI *before* any measurement record, then the other PEIM can register a callback to record the HW ROT measurement ?
Thank you
Yao Jiewen
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Wednesday, July 15, 2020 10:45 PM
To: Bret Barkelew <Bret.Barkelew@microsoft.com>; devel@edk2.groups.io; Zhang, Qi1 <qi1.zhang@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Hi Bret
Do you have a full problem statement or Bugzilla?
If we are resolving same problem, we can resolve altogether.
If we are talking different problem, we can resolve one by one.
Thank you
Yao Jiewen
From: Bret Barkelew <Bret.Barkelew@microsoft.com<mailto:Bret.Barkelew@microsoft.com>>
Sent: Wednesday, July 15, 2020 1:53 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Since we’re working on early boot TCG interfaces, is this a good time to discuss a standard way to init the log with measurements made by the HW root of trust prior to Tcg2Pei? We were using a NULL lib and a registration pattern on the PEIM, but I’m open to other ideas, too. Thoughts?
- Bret
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Yao, Jiewen via groups.io <jiewen.yao=intel.com@groups.io<mailto:jiewen.yao=intel.com@groups.io>>
Sent: Tuesday, July 14, 2020 10:08:30 PM
To: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Thanks Qi.
I just thought one use case that a PEIM may already have a calculated hash (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=V3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cb085558d5f2f4302ec6e08d828d45a24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304239804005314&sdata=Mgd7fbYkhizLUstwfZHiMUwpvnyrzXO1fZLUvEXKvz8%3D&reserved=0>)
We may need add a flag to support this pre-hash use case. Such as:
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags, // new field. BIT0 = 0 means HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash digest.
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>;
> Zhang, Chao B <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>
> REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=VgWc2LNPqJRlBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cb085558d5f2f4302ec6e08d828d45a24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304239804015312&sdata=TjaDY1Uuklf6u8Eo989QiAwZA87XsuIiJ9Z6ygDA6FA%3D&reserved=0>
>
> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> ---
> SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
> 1 file changed, 50 insertions(+)
> create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> + TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] HashData Physical address of the start of the data buffer
>
> + to be hashed, extended, and logged.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
[-- Attachment #1.2: Type: text/html, Size: 19484 bytes --]
[-- Attachment #2: 76AE0D9036A443C7808A55E592A91C3C.png --]
[-- Type: image/png, Size: 146 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
2020-08-04 5:05 ` Bret Barkelew
@ 2020-08-04 5:52 ` Yao, Jiewen
0 siblings, 0 replies; 14+ messages in thread
From: Yao, Jiewen @ 2020-08-04 5:52 UTC (permalink / raw)
To: Bret Barkelew, devel@edk2.groups.io, Zhang, Qi1; +Cc: Wang, Jian J
[-- Attachment #1.1: Type: text/plain, Size: 9792 bytes --]
The code is already pushed after review.
Please take a look the latest one.
If it does not work, then you can file a new BZ.
Thank you
Yao Jiewen
From: Bret Barkelew <Bret.Barkelew@microsoft.com>
Sent: Tuesday, August 4, 2020 1:05 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Zhang, Qi1 <qi1.zhang@intel.com>; Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
The more I think about it, the more I like your idea of registering early and allowing a PPI notification callback.
Is that something we could get in this change, or would it be best to open a new BZ to track that request? Thanks!
- Bret
________________________________
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io<mailto:bret.barkelew=microsoft.com@groups.io>>
Sent: Wednesday, July 15, 2020 8:32 AM
To: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Yeah, that's kinda what I was thinking. It seemed like there was a little of overlap that might eliminate the need for the extra libs (in our current solution).
I'll try to get a more detailed problem statement today, but I think you've got the right idea there.
- Bret
From: Yao, Jiewen<mailto:jiewen.yao@intel.com>
Sent: Wednesday, July 15, 2020 8:20 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen<mailto:jiewen.yao@intel.com>; Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>; Zhang, Qi1<mailto:qi1.zhang@intel.com>
Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Maybe we can let TCG PEIM install the TCG_PPI *before* any measurement record, then the other PEIM can register a callback to record the HW ROT measurement ?
Thank you
Yao Jiewen
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Yao, Jiewen
Sent: Wednesday, July 15, 2020 10:45 PM
To: Bret Barkelew <Bret.Barkelew@microsoft.com<mailto:Bret.Barkelew@microsoft.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Hi Bret
Do you have a full problem statement or Bugzilla?
If we are resolving same problem, we can resolve altogether.
If we are talking different problem, we can resolve one by one.
Thank you
Yao Jiewen
From: Bret Barkelew <Bret.Barkelew@microsoft.com<mailto:Bret.Barkelew@microsoft.com>>
Sent: Wednesday, July 15, 2020 1:53 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Since we're working on early boot TCG interfaces, is this a good time to discuss a standard way to init the log with measurements made by the HW root of trust prior to Tcg2Pei? We were using a NULL lib and a registration pattern on the PEIM, but I'm open to other ideas, too. Thoughts?
- Bret
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Yao, Jiewen via groups.io <jiewen.yao=intel.com@groups.io<mailto:jiewen.yao=intel.com@groups.io>>
Sent: Tuesday, July 14, 2020 10:08:30 PM
To: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Thanks Qi.
I just thought one use case that a PEIM may already have a calculated hash (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=V3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cb085558d5f2f4302ec6e08d828d45a24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304239804005314&sdata=Mgd7fbYkhizLUstwfZHiMUwpvnyrzXO1fZLUvEXKvz8%3D&reserved=0>)
We may need add a flag to support this pre-hash use case. Such as:
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags, // new field. BIT0 = 0 means HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash digest.
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>;
> Zhang, Chao B <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>
> REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=VgWc2LNPqJRlBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cb085558d5f2f4302ec6e08d828d45a24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304239804015312&sdata=TjaDY1Uuklf6u8Eo989QiAwZA87XsuIiJ9Z6ygDA6FA%3D&reserved=0>
>
> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> ---
> SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
> 1 file changed, 50 insertions(+)
> create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> + TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] HashData Physical address of the start of the data buffer
>
> + to be hashed, extended, and logged.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
[-- Attachment #1.2: Type: text/html, Size: 19858 bytes --]
[-- Attachment #2: image002.png --]
[-- Type: image/png, Size: 157 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-08-04 5:53 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-07-14 6:49 [PATCH 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
2020-07-14 6:49 ` [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
2020-07-15 5:08 ` Yao, Jiewen
2020-07-15 5:53 ` Bret Barkelew
2020-07-15 14:45 ` Yao, Jiewen
[not found] ` <1621F444E3AD18DD.16458@groups.io>
2020-07-15 15:20 ` [edk2-devel] " Yao, Jiewen
2020-07-15 15:32 ` Bret Barkelew
2020-08-04 5:05 ` Bret Barkelew
2020-08-04 5:52 ` Yao, Jiewen
2020-07-14 6:49 ` [PATCH 2/6] SecurityPkg/dec: Add TcgPpi Qi Zhang
2020-07-14 6:49 ` [PATCH 3/6] SecurityPkg/Tcg: " Qi Zhang
2020-07-14 6:49 ` [PATCH 4/6] SecurityPkg/Tcg2: " Qi Zhang
2020-07-14 6:49 ` [PATCH 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance Qi Zhang
2020-07-14 6:49 ` [PATCH 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib Qi Zhang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox