From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com []) by mx.groups.io with SMTP id smtpd.web12.10675.1594885483457594320 for ; Thu, 16 Jul 2020 00:44:47 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: qi1.zhang@intel.com) IronPort-SDR: IKRkd0eEHB51uX3LdoiSC5Eclm1dRy4CGFTV6Gw5kSu2h9yxH/xthCrdYyOh+4aO4jrG3BdZQH h5+gL3XFMu/g== X-IronPort-AV: E=McAfee;i="6000,8403,9683"; a="214071699" X-IronPort-AV: E=Sophos;i="5.75,358,1589266800"; d="scan'208";a="214071699" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jul 2020 00:44:46 -0700 IronPort-SDR: K2bfM8YRK5XfsMXqQ2uibfJli+5iTJ+jxoaPDnWgLnOgBV7zEyXvSBtUYTT3NRWGrTH/q3bzQW fh7mNqJwjk8w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,358,1589266800"; d="scan'208";a="430407258" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by orsmga004.jf.intel.com with ESMTP; 16 Jul 2020 00:44:44 -0700 From: Qi Zhang To: devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Chao Zhang , Qi Zhang , Rahul Kumar Subject: [PATCH v2 4/7] SecurityPkg/Tcg2: Add TcgPpi Date: Thu, 16 Jul 2020 15:44:26 +0800 Message-Id: <20200716074430.9675-5-qi1.zhang@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: <20200716074430.9675-1-qi1.zhang@intel.com> References: <20200716074430.9675-1-qi1.zhang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2841 Cc: Jiewen Yao Cc: Jian J Wang Cc: Chao Zhang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Jiewen Yao --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 100 +++++++++++++++++++++------- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 3 +- 2 files changed, 78 insertions(+), 25 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 19b8e4b318..8114de45c7 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -1,7 +1,7 @@ /** @file=0D Initialize TPM2 device and measure FVs before handing off control to DXE= .=0D =0D -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
=0D +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
=0D Copyright (c) 2017, Microsoft Corporation. All rights reserved.
=0D SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include =0D #include =0D #include =0D +#include =0D =0D #include =0D #include =0D @@ -66,6 +67,45 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = =3D { NULL=0D };=0D =0D +/**=0D + Do a hash operation on a data buffer, extend a specific TPM PCR with the= hash result,=0D + and build a GUIDed HOB recording the event which will be passed to the D= XE phase and=0D + added into the Event Log.=0D +=0D + @param[in] This Indicates the calling context=0D + @param[in] Flags Bitmap providing additional information.=0D + @param[in] HashData Physical address of the start of the data = buffer=0D + to be hashed, extended, and logged.=0D + @param[in] HashDataLen The length, in bytes, of the buffer refere= nced by HashData.=0D + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data struct= ure.=0D + @param[in] NewEventData Pointer to the new event data.=0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.=0D + @retval EFI_DEVICE_ERROR The command was unsuccessful.=0D +=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +HashLogExtendEvent (=0D + IN EDKII_TCG_PPI *This,=0D + IN UINT64 Flags,=0D + IN UINT8 *HashData,=0D + IN UINTN HashDataLen,=0D + IN TCG_PCR_EVENT_HDR *NewEventHdr,=0D + IN UINT8 *NewEventData=0D + );=0D +=0D +EDKII_TCG_PPI mEdkiiTcgPpi =3D {=0D + HashLogExtendEvent=0D +};=0D +=0D +EFI_PEI_PPI_DESCRIPTOR mTcgPpiList =3D {=0D + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,=0D + &gEdkiiTcgPpiGuid,=0D + &mEdkiiTcgPpi=0D +};=0D +=0D //=0D // Number of firmware blobs to grow by each time we run out of room=0D //=0D @@ -375,6 +415,7 @@ LogHashEvent ( and build a GUIDed HOB recording the event which will be passed to the D= XE phase and=0D added into the Event Log.=0D =0D + @param[in] This Indicates the calling context=0D @param[in] Flags Bitmap providing additional information.=0D @param[in] HashData Physical address of the start of the data = buffer=0D to be hashed, extended, and logged.=0D @@ -388,7 +429,9 @@ LogHashEvent ( =0D **/=0D EFI_STATUS=0D +EFIAPI=0D HashLogExtendEvent (=0D + IN EDKII_TCG_PPI *This,=0D IN UINT64 Flags,=0D IN UINT8 *HashData,=0D IN UINTN HashDataLen,=0D @@ -403,16 +446,23 @@ HashLogExtendEvent ( return EFI_DEVICE_ERROR;=0D }=0D =0D - Status =3D HashAndExtend (=0D - NewEventHdr->PCRIndex,=0D - HashData,=0D - HashDataLen,=0D + if(Flags & EFI_TCG2_PRE_HASH) {=0D + ZeroMem (&DigestList, sizeof(DigestList));=0D + CopyMem(&DigestList, HashData, sizeof(DigestList));=0D + Status =3D Tpm2PcrExtend(=0D + 0,=0D &DigestList=0D );=0D + } else {=0D + Status =3D HashAndExtend (=0D + NewEventHdr->PCRIndex,=0D + HashData,=0D + HashDataLen,=0D + &DigestList=0D + );=0D + }=0D if (!EFI_ERROR (Status)) {=0D - if ((Flags & EFI_TCG2_EXTEND_ONLY) =3D=3D 0) {=0D - Status =3D LogHashEvent (&DigestList, NewEventHdr, NewEventData);=0D - }=0D + Status =3D LogHashEvent (&DigestList, NewEventHdr, NewEventData);=0D }=0D =0D if (Status =3D=3D EFI_DEVICE_ERROR) {=0D @@ -452,6 +502,7 @@ MeasureCRTMVersion ( TcgEventHdr.EventSize =3D (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwa= reVersionString));=0D =0D return HashLogExtendEvent (=0D + &mEdkiiTcgPpi,=0D 0,=0D (UINT8*)PcdGetPtr (PcdFirmwareVersionString),=0D TcgEventHdr.EventSize,=0D @@ -651,27 +702,22 @@ MeasureFvImage ( // FV pre-hash algos comply with current TPM hash requirement=0D // Skip hashing step in measure, only extend DigestList to PCR and log= event=0D //=0D - Status =3D Tpm2PcrExtend(=0D - 0,=0D - &DigestList=0D + Status =3D HashLogExtendEvent (=0D + &mEdkiiTcgPpi,=0D + EFI_TCG2_PRE_HASH,=0D + (UINT8*) &DigestList, // HashData=0D + (UINTN) sizeof(DigestList), // HashDataLen=0D + &TcgEventHdr, // EventHdr=0D + EventData // EventData=0D );=0D -=0D - if (!EFI_ERROR(Status)) {=0D - Status =3D LogHashEvent (&DigestList, &TcgEventHdr, EventData);=0D - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged b= y Tcg2Pei starts at: 0x%x\n", FvBase));=0D - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged b= y Tcg2Pei has the size: 0x%x\n", FvLength));=0D - } else if (Status =3D=3D EFI_DEVICE_ERROR) {=0D - BuildGuidHob (&gTpmErrorHobGuid,0);=0D - REPORT_STATUS_CODE (=0D - EFI_ERROR_CODE | EFI_ERROR_MINOR,=0D - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ER= ROR)=0D - );=0D - }=0D + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by T= cg2Pei starts at: 0x%x\n", FvBase));=0D + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by T= cg2Pei has the size: 0x%x\n", FvLength));=0D } else {=0D //=0D // Hash the FV, extend digest to the TPM and log TCG event=0D //=0D Status =3D HashLogExtendEvent (=0D + &mEdkiiTcgPpi,=0D 0,=0D (UINT8*) (UINTN) FvBase, // HashData=0D (UINTN) FvLength, // HashDataLen=0D @@ -866,6 +912,12 @@ PeimEntryMP ( Status =3D PeiServicesNotifyPpi (&mNotifyList[0]);=0D ASSERT_EFI_ERROR (Status);=0D =0D + //=0D + // install Tcg Services=0D + //=0D + Status =3D PeiServicesInstallPpi (&mTcgPpiList);=0D + ASSERT_EFI_ERROR (Status);=0D +=0D return Status;=0D }=0D =0D @@ -893,7 +945,7 @@ MeasureSeparatorEventWithError ( TcgEvent.PCRIndex =3D PCRIndex;=0D TcgEvent.EventType =3D EV_SEPARATOR;=0D TcgEvent.EventSize =3D (UINT32)sizeof (EventData);=0D - return HashLogExtendEvent(0,(UINT8 *)&EventData, TcgEvent.EventSize, &Tc= gEvent,(UINT8 *)&EventData);=0D + return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEven= t.EventSize, &TcgEvent,(UINT8 *)&EventData);=0D }=0D =0D /**=0D diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/= Tcg2Pei.inf index 3d361e8859..f64b29f1ae 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -8,7 +8,7 @@ #=0D # This module will initialize TPM device, measure reported FVs and BIOS v= ersion.=0D #=0D -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
=0D +# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
=0D # Copyright (c) 2017, Microsoft Corporation. All rights reserved.
=0D # SPDX-License-Identifier: BSD-2-Clause-Patent=0D #=0D @@ -72,6 +72,7 @@ gPeiTpmInitializationDonePpiGuid ## = PRODUCES=0D gEfiEndOfPeiSignalPpiGuid ## = SOMETIMES_CONSUMES ## NOTIFY=0D gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## = SOMETIMES_CONSUMES=0D + gEdkiiTcgPpiGuid ## = PRODUCES=0D =0D [Pcd]=0D gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## = SOMETIMES_CONSUMES=0D --=20 2.26.2.windows.1