[PATCH v2 0/7] Add capability to let PEIM extend TcgEvent

[PATCH v2 0/7] Add capability to let PEIM extend TcgEvent

[Qi Zhang]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Currently, we have TCG/TCG2 protocol and DxeTpmMeasurementLib to let DXE
module extend the TCG event.
There is more and more use case in PEI phase that a PEIM need extend TCG
event, such as BootGuard, FSP, Microcode measurement. Currently, we dont
have API to do that so that each module need create TCG/TCG2 event log,
which is a burden.

This bugzilla requests to add PeiTpmMeasurementLib instance.

The implementation includes:
1) A EDKII_TCG_PPI which abstracts the HashLogExtendEvent service.
2) A PeiTpmMeasurementLib instance, so that a PEIM can call this API to
  add TCG event.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>

Jiewen Yao (6):
  SecurityPkg/TcgPpi: Add TcgPpi header file.
  SecurityPkg/dec: Add TcgPpi.
  SecurityPkg/Tcg: Add TcgPpi
  SecurityPkg/Tcg2: Add TcgPpi
  SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
  SecurityPkg/dsc: Add PeiTpmMeasurementLib.

Qi Zhang (1):
  MdePkg/Tcg2Protocol: define Flag EFI_TCG2_PRE_HASH

 MdePkg/Include/Protocol/Tcg2Protocol.h        |   4 +
 SecurityPkg/Include/Ppi/Tcg.h                 |  52 +++++++++
 .../PeiTpmMeasurementLib.c                    |  74 +++++++++++++
 .../PeiTpmMeasurementLib.inf                  |  50 +++++++++
 .../PeiTpmMeasurementLib.uni                  |  17 +++
 SecurityPkg/SecurityPkg.dec                   |   3 +
 SecurityPkg/SecurityPkg.dsc                   |   4 +-
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c             | 100 +++++++++++++-----
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf           |   3 +-
 SecurityPkg/Tcg/TcgPei/TcgPei.c               |  61 ++++++++++-
 SecurityPkg/Tcg/TcgPei/TcgPei.inf             |   3 +-
 11 files changed, 339 insertions(+), 32 deletions(-)
 create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
 create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
 create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
 create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni

-- 
2.26.2.windows.1

[PATCH v2 1/7] SecurityPkg/TcgPpi: Add TcgPpi header file.

[Qi Zhang]

From: Jiewen Yao <jiewen.yao@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Include/Ppi/Tcg.h | 52 +++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 SecurityPkg/Include/Ppi/Tcg.h

diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
new file mode 100644
index 0000000000..2725a4ca71
--- /dev/null
+++ b/SecurityPkg/Include/Ppi/Tcg.h
@@ -0,0 +1,52 @@
+/** @file
+  TCG PPI services.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _TCG_PPI_H_
+#define _TCG_PPI_H_
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
+
+/**
+  Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+  @param[in]      This          Indicates the calling context
+  @param[in]      Flags         Bitmap providing additional information
+  @param[in]      HashData      Physical address of the start of the data buffer
+                                to be hashed, extended, and logged.
+  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData.
+  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data structure.
+  @param[in]      NewEventData  Pointer to the new event data.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_UNSUPPORTED       TPM device not available.
+  @retval EFI_OUT_OF_RESOURCES  Out of memory.
+  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
+  IN      EDKII_TCG_PPI             *This,
+  IN      UINT64                    Flags,
+  IN      UINT8                     *HashData,
+  IN      UINTN                     HashDataLen,
+  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
+  IN      UINT8                     *NewEventData
+  );
+
+///
+/// The EFI_TCG Protocol abstracts TCG activity.
+///
+struct _EDKII_TCG_PPI {
+  EDKII_TCG_HASH_LOG_EXTEND_EVENT     HashLogExtendEvent;
+};
+
+extern EFI_GUID gEdkiiTcgPpiGuid;
+
+#endif
-- 
2.26.2.windows.1

[PATCH v2 2/7] SecurityPkg/dec: Add TcgPpi.

[Qi Zhang]

From: Jiewen Yao <jiewen.yao@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/SecurityPkg.dec | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 79d46308ad..42fc48cc1f 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -203,6 +203,9 @@
   ## Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
   gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid = {0x7f5e4e31, 0x81b1, 0x47e5, { 0x9e, 0x21, 0x1e, 0x4b, 0x5b, 0xc2, 0xf6, 0x1d } }
 
+  ## Include/Ppi/Tcg.h
+  gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca, 0xc7, 0x17, 0x6c, 0xf1 } }
+
 #
 # [Error.gEfiSecurityPkgTokenSpaceGuid]
 #   0x80000001 | Invalid value provided.
-- 
2.26.2.windows.1

[PATCH v2 3/7] SecurityPkg/Tcg: Add TcgPpi

[Qi Zhang]

From: Jiewen Yao <jiewen.yao@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Tcg/TcgPei/TcgPei.c   | 61 ++++++++++++++++++++++++++++---
 SecurityPkg/Tcg/TcgPei/TcgPei.inf |  3 +-
 2 files changed, 58 insertions(+), 6 deletions(-)

diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c
index a9a808c9ec..2533388849 100644
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.c
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c
@@ -1,7 +1,7 @@
 /** @file
   Initialize TPM device and measure FVs before handing off control to DXE.
 
-Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Ppi/FirmwareVolume.h>
 #include <Ppi/EndOfPeiPhase.h>
 #include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
+#include <Ppi/Tcg.h>
 
 #include <Guid/TcgEventHob.h>
 #include <Guid/MeasuredFvHob.h>
@@ -51,6 +52,45 @@ EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList = {
   NULL
 };
 
+/**
+  Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
+  and build a GUIDed HOB recording the event which will be passed to the DXE phase and
+  added into the Event Log.
+
+  @param[in]      This          Indicates the calling context
+  @param[in]      Flags         Bitmap providing additional information.
+  @param[in]      HashData      Physical address of the start of the data buffer
+                                to be hashed, extended, and logged.
+  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData.
+  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data structure.
+  @param[in]      NewEventData  Pointer to the new event data.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.
+  @retval EFI_DEVICE_ERROR      The command was unsuccessful.
+
+**/
+EFI_STATUS
+EFIAPI
+HashLogExtendEvent (
+  IN      EDKII_TCG_PPI             *This,
+  IN      UINT64                    Flags,
+  IN      UINT8                     *HashData,
+  IN      UINTN                     HashDataLen,
+  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
+  IN      UINT8                     *NewEventData
+  );
+
+EDKII_TCG_PPI mEdkiiTcgPpi = {
+  HashLogExtendEvent
+};
+
+EFI_PEI_PPI_DESCRIPTOR  mTcgPpiList = {
+  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+  &gEdkiiTcgPpiGuid,
+  &mEdkiiTcgPpi
+};
+
 //
 // Number of firmware blobs to grow by each time we run out of room
 //
@@ -243,7 +283,8 @@ TpmCommHashAll (
   and build a GUIDed HOB recording the event which will be passed to the DXE phase and
   added into the Event Log.
 
-  @param[in]      PeiServices   Describes the list of possible PEI Services.
+  @param[in]      This          Indicates the calling context.
+  @param[in]      Flags         Bitmap providing additional information.
   @param[in]      HashData      Physical address of the start of the data buffer
                                 to be hashed, extended, and logged.
   @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData.
@@ -256,8 +297,10 @@ TpmCommHashAll (
 
 **/
 EFI_STATUS
+EFIAPI
 HashLogExtendEvent (
-  IN      EFI_PEI_SERVICES          **PeiServices,
+  IN      EDKII_TCG_PPI             *This,
+  IN      UINT64                    Flags,
   IN      UINT8                     *HashData,
   IN      UINTN                     HashDataLen,
   IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
@@ -346,7 +389,8 @@ MeasureCRTMVersion (
   TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
 
   return HashLogExtendEvent (
-           PeiServices,
+           &mEdkiiTcgPpi,
+           0,
            (UINT8*)PcdGetPtr (PcdFirmwareVersionString),
            TcgEventHdr.EventSize,
            &TcgEventHdr,
@@ -415,7 +459,8 @@ MeasureFvImage (
   TcgEventHdr.EventSize = sizeof (FvBlob);
 
   Status = HashLogExtendEvent (
-             (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),
+             &mEdkiiTcgPpi,
+             0,
              (UINT8*) (UINTN) FvBlob.BlobBase,
              (UINTN) FvBlob.BlobLength,
              &TcgEventHdr,
@@ -744,6 +789,12 @@ PeimEntryMP (
   Status = PeiServicesNotifyPpi (&mNotifyList[0]);
   ASSERT_EFI_ERROR (Status);
 
+  //
+  // install Tcg Services
+  //
+  Status = PeiServicesInstallPpi (&mTcgPpiList);
+  ASSERT_EFI_ERROR (Status);
+
   return Status;
 }
 
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
index c0bff6e85e..4ab4edd657 100644
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
@@ -4,7 +4,7 @@
 #  This module will initialize TPM device, measure reported FVs and BIOS version.
 #  This module may also lock TPM physical presence and physicalPresenceLifetimeLock.
 #
-# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -67,6 +67,7 @@
   gPeiTpmInitializedPpiGuid                                           ## SOMETIMES_PRODUCES
   gPeiTpmInitializationDonePpiGuid                                    ## PRODUCES
   gEfiEndOfPeiSignalPpiGuid                                           ## SOMETIMES_CONSUMES     ## NOTIFY
+  gEdkiiTcgPpiGuid                                                    ## PRODUCES
 
 [Pcd]
   gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock       ## SOMETIMES_CONSUMES
-- 
2.26.2.windows.1

[PATCH v2 4/7] SecurityPkg/Tcg2: Add TcgPpi

[Qi Zhang]

From: Jiewen Yao <jiewen.yao@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c   | 100 +++++++++++++++++++++-------
 SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf |   3 +-
 2 files changed, 78 insertions(+), 25 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 19b8e4b318..8114de45c7 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -1,7 +1,7 @@
 /** @file
   Initialize TPM2 device and measure FVs before handing off control to DXE.
 
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
 Copyright (c) 2017, Microsoft Corporation.  All rights reserved. <BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Ppi/EndOfPeiPhase.h>
 #include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
 #include <Ppi/FirmwareVolumeInfoPrehashedFV.h>
+#include <Ppi/Tcg.h>
 
 #include <Guid/TcgEventHob.h>
 #include <Guid/MeasuredFvHob.h>
@@ -66,6 +67,45 @@ EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList = {
   NULL
 };
 
+/**
+  Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
+  and build a GUIDed HOB recording the event which will be passed to the DXE phase and
+  added into the Event Log.
+
+  @param[in]      This          Indicates the calling context
+  @param[in]      Flags         Bitmap providing additional information.
+  @param[in]      HashData      Physical address of the start of the data buffer
+                                to be hashed, extended, and logged.
+  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData.
+  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data structure.
+  @param[in]      NewEventData  Pointer to the new event data.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.
+  @retval EFI_DEVICE_ERROR      The command was unsuccessful.
+
+**/
+EFI_STATUS
+EFIAPI
+HashLogExtendEvent (
+  IN      EDKII_TCG_PPI             *This,
+  IN      UINT64                    Flags,
+  IN      UINT8                     *HashData,
+  IN      UINTN                     HashDataLen,
+  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
+  IN      UINT8                     *NewEventData
+  );
+
+EDKII_TCG_PPI mEdkiiTcgPpi = {
+  HashLogExtendEvent
+};
+
+EFI_PEI_PPI_DESCRIPTOR  mTcgPpiList = {
+  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+  &gEdkiiTcgPpiGuid,
+  &mEdkiiTcgPpi
+};
+
 //
 // Number of firmware blobs to grow by each time we run out of room
 //
@@ -375,6 +415,7 @@ LogHashEvent (
   and build a GUIDed HOB recording the event which will be passed to the DXE phase and
   added into the Event Log.
 
+  @param[in]      This          Indicates the calling context
   @param[in]      Flags         Bitmap providing additional information.
   @param[in]      HashData      Physical address of the start of the data buffer
                                 to be hashed, extended, and logged.
@@ -388,7 +429,9 @@ LogHashEvent (
 
 **/
 EFI_STATUS
+EFIAPI
 HashLogExtendEvent (
+  IN      EDKII_TCG_PPI             *This,
   IN      UINT64                    Flags,
   IN      UINT8                     *HashData,
   IN      UINTN                     HashDataLen,
@@ -403,16 +446,23 @@ HashLogExtendEvent (
     return EFI_DEVICE_ERROR;
   }
 
-  Status = HashAndExtend (
-             NewEventHdr->PCRIndex,
-             HashData,
-             HashDataLen,
+  if(Flags & EFI_TCG2_PRE_HASH) {
+    ZeroMem (&DigestList, sizeof(DigestList));
+    CopyMem(&DigestList, HashData, sizeof(DigestList));
+    Status = Tpm2PcrExtend(
+             0,
              &DigestList
              );
+  } else {
+    Status = HashAndExtend (
+               NewEventHdr->PCRIndex,
+               HashData,
+               HashDataLen,
+               &DigestList
+               );
+  }
   if (!EFI_ERROR (Status)) {
-    if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) {
-      Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
-    }
+    Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
   }
 
   if (Status == EFI_DEVICE_ERROR) {
@@ -452,6 +502,7 @@ MeasureCRTMVersion (
   TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
 
   return HashLogExtendEvent (
+           &mEdkiiTcgPpi,
            0,
            (UINT8*)PcdGetPtr (PcdFirmwareVersionString),
            TcgEventHdr.EventSize,
@@ -651,27 +702,22 @@ MeasureFvImage (
     // FV pre-hash algos comply with current TPM hash requirement
     // Skip hashing step in measure, only extend DigestList to PCR and log event
     //
-    Status = Tpm2PcrExtend(
-               0,
-               &DigestList
+    Status = HashLogExtendEvent (
+               &mEdkiiTcgPpi,
+               EFI_TCG2_PRE_HASH,
+               (UINT8*) &DigestList,        // HashData
+               (UINTN) sizeof(DigestList),  // HashDataLen
+               &TcgEventHdr,                // EventHdr
+               EventData                    // EventData
                );
-
-    if (!EFI_ERROR(Status)) {
-       Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData);
-       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase));
-       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength));
-    } else if (Status == EFI_DEVICE_ERROR) {
-      BuildGuidHob (&gTpmErrorHobGuid,0);
-      REPORT_STATUS_CODE (
-        EFI_ERROR_CODE | EFI_ERROR_MINOR,
-        (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
-        );
-    }
+    DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase));
+    DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength));
   } else {
     //
     // Hash the FV, extend digest to the TPM and log TCG event
     //
     Status = HashLogExtendEvent (
+               &mEdkiiTcgPpi,
                0,
                (UINT8*) (UINTN) FvBase, // HashData
                (UINTN) FvLength,        // HashDataLen
@@ -866,6 +912,12 @@ PeimEntryMP (
   Status = PeiServicesNotifyPpi (&mNotifyList[0]);
   ASSERT_EFI_ERROR (Status);
 
+  //
+  // install Tcg Services
+  //
+  Status = PeiServicesInstallPpi (&mTcgPpiList);
+  ASSERT_EFI_ERROR (Status);
+
   return Status;
 }
 
@@ -893,7 +945,7 @@ MeasureSeparatorEventWithError (
   TcgEvent.PCRIndex  = PCRIndex;
   TcgEvent.EventType = EV_SEPARATOR;
   TcgEvent.EventSize = (UINT32)sizeof (EventData);
-  return HashLogExtendEvent(0,(UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
+  return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
 }
 
 /**
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
index 3d361e8859..f64b29f1ae 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -8,7 +8,7 @@
 #
 #  This module will initialize TPM device, measure reported FVs and BIOS version.
 #
-# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
 # Copyright (c) 2017, Microsoft Corporation.  All rights reserved. <BR>
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -72,6 +72,7 @@
   gPeiTpmInitializationDonePpiGuid                                     ## PRODUCES
   gEfiEndOfPeiSignalPpiGuid                                            ## SOMETIMES_CONSUMES     ## NOTIFY
   gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid                        ## SOMETIMES_CONSUMES
+  gEdkiiTcgPpiGuid                                                     ## PRODUCES
 
 [Pcd]
   gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString              ## SOMETIMES_CONSUMES
-- 
2.26.2.windows.1

[PATCH v2 5/7] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.

[Qi Zhang]

From: Jiewen Yao <jiewen.yao@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 .../PeiTpmMeasurementLib.c                    | 74 +++++++++++++++++++
 .../PeiTpmMeasurementLib.inf                  | 50 +++++++++++++
 .../PeiTpmMeasurementLib.uni                  | 17 +++++
 3 files changed, 141 insertions(+)
 create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
 create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
 create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni

diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
new file mode 100644
index 0000000000..1a590e0c9e
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
@@ -0,0 +1,74 @@
+/** @file
+  This library is used by other modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/PeiServicesTablePointerLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/TpmMeasurementLib.h>
+
+#include <Ppi/Tcg.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+/**
+  Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+  @param[in]  PcrIndex         PCR Index.
+  @param[in]  EventType        Event type.
+  @param[in]  EventLog         Measurement event log.
+  @param[in]  LogLen           Event log length in bytes.
+  @param[in]  HashData         The start of the data buffer to be hashed, extended.
+  @param[in]  HashDataLen      The length, in bytes, of the buffer referenced by HashData
+
+  @retval EFI_SUCCESS               Operation completed successfully.
+  @retval EFI_UNSUPPORTED       TPM device not available.
+  @retval EFI_OUT_OF_RESOURCES  Out of memory.
+  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TpmMeasureAndLogData (
+  IN UINT32             PcrIndex,
+  IN UINT32             EventType,
+  IN VOID               *EventLog,
+  IN UINT32             LogLen,
+  IN VOID               *HashData,
+  IN UINT64             HashDataLen
+  )
+{
+  EFI_STATUS                Status;
+  EDKII_TCG_PPI             *TcgPpi;
+  TCG_PCR_EVENT_HDR         TcgEventHdr;
+
+  Status = PeiServicesLocatePpi(
+             &gEdkiiTcgPpiGuid,
+             0,
+             NULL,
+             (VOID**)&TcgPpi
+             );
+  if (EFI_ERROR(Status)) {
+    return Status;
+  }
+
+  TcgEventHdr.PCRIndex  = PcrIndex;
+  TcgEventHdr.EventType = EventType;
+  TcgEventHdr.EventSize = LogLen;
+
+  Status = TcgPpi->HashLogExtendEvent (
+                     TcgPpi,
+                     0,
+                     HashData,
+                     (UINTN)HashDataLen,
+                     &TcgEventHdr,
+                     EventLog
+                     );
+  return Status;
+}
diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
new file mode 100644
index 0000000000..6625d0fd01
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
@@ -0,0 +1,50 @@
+## @file
+#  Provides TPM measurement functions for TPM1.2 and TPM 2.0
+#
+#  This library provides TpmMeasureAndLogData() to measure and log data, and
+#  extend the measurement result into a specific PCR.
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = PeiTpmMeasurementLib
+  FILE_GUID                      = 9A62C49D-C45A-4322-9F3C-45958DF0056B
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = TpmMeasurementLib|PEIM
+  MODULE_UNI_FILE                = PeiTpmMeasurementLib.uni
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  PeiTpmMeasurementLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  HobLib
+  DebugLib
+  PcdLib
+  PrintLib
+  PeiServicesLib
+  PeiServicesTablePointerLib
+
+[Ppis]
+  gEdkiiTcgPpiGuid                                                     ## CONSUMES
+
+[Depex]
+  gEfiPeiMasterBootModePpiGuid AND
+  gEfiTpmDeviceSelectedGuid
diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
new file mode 100644
index 0000000000..7b4341b449
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
@@ -0,0 +1,17 @@
+// /** @file
+// Provides TPM measurement functions for TPM1.2 and TPM 2.0
+//
+// This library provides TpmMeasureAndLogData() to to measure and log data, and
+// extend the measurement result into a specific PCR.
+//
+// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides TPM measurement functions for TPM1.2 and TPM 2.0"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library provides TpmMeasureAndLogData() to to measure and log data, and extend the measurement result into a specific PCR."
+
-- 
2.26.2.windows.1

[PATCH v2 6/7] SecurityPkg/dsc: Add PeiTpmMeasurementLib.

[Qi Zhang]

From: Jiewen Yao <jiewen.yao@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/SecurityPkg.dsc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 53fce05353..28effe3eda 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -1,7 +1,7 @@
 ## @file
 #  Security Module Package for All Architectures.
 #
-# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
 # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
@@ -96,6 +96,7 @@
   Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
   Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
+  TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
   RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
 
 [LibraryClasses.common.DXE_DRIVER]
@@ -234,6 +235,7 @@
   SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
   SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf
 
+  SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
   SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
   SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
   SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
-- 
2.26.2.windows.1

[PATCH v2 7/7] MdePkg/Tcg2Protocol: define Flag EFI_TCG2_PRE_HASH

[Qi Zhang]

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
 MdePkg/Include/Protocol/Tcg2Protocol.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/MdePkg/Include/Protocol/Tcg2Protocol.h b/MdePkg/Include/Protocol/Tcg2Protocol.h
index 5ef13cc607..4659802251 100644
--- a/MdePkg/Include/Protocol/Tcg2Protocol.h
+++ b/MdePkg/Include/Protocol/Tcg2Protocol.h
@@ -98,6 +98,10 @@ typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY {
 //
 #define EFI_TCG2_EXTEND_ONLY  0x0000000000000001
 //
+// This bit is shall be set when HashData is the pre-hash digest.
+//
+#define EFI_TCG2_PRE_HASH  0x0000000000000010
+//
 // This bit shall be set when the intent is to measure a PE/COFF image.
 //
 #define PE_COFF_IMAGE     0x0000000000000010
-- 
2.26.2.windows.1

Re: [PATCH v2 7/7] MdePkg/Tcg2Protocol: define Flag EFI_TCG2_PRE_HASH

[Yao, Jiewen]

Hi Qi
We should not add this attribute to TCG2_PROTOCOL, which is defined by TCG.
This attribute should be only applied to TCG_PPI. Please move it there.

> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Thursday, July 16, 2020 3:44 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Gao, Liming <liming.gao@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH v2 7/7] MdePkg/Tcg2Protocol: define Flag
> EFI_TCG2_PRE_HASH
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
> 
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> ---
>  MdePkg/Include/Protocol/Tcg2Protocol.h | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/MdePkg/Include/Protocol/Tcg2Protocol.h
> b/MdePkg/Include/Protocol/Tcg2Protocol.h
> index 5ef13cc607..4659802251 100644
> --- a/MdePkg/Include/Protocol/Tcg2Protocol.h
> +++ b/MdePkg/Include/Protocol/Tcg2Protocol.h
> @@ -98,6 +98,10 @@ typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY {
>  //
> 
>  #define EFI_TCG2_EXTEND_ONLY  0x0000000000000001
> 
>  //
> 
> +// This bit is shall be set when HashData is the pre-hash digest.
> 
> +//
> 
> +#define EFI_TCG2_PRE_HASH  0x0000000000000010
> 
> +//
> 
>  // This bit shall be set when the intent is to measure a PE/COFF image.
> 
>  //
> 
>  #define PE_COFF_IMAGE     0x0000000000000010
> 
> --
> 2.26.2.windows.1

Re: [PATCH v2 4/7] SecurityPkg/Tcg2: Add TcgPpi

[Yao, Jiewen]

Hi Qi
Per the conversation between Bret Barkelew and I, we should install the TCG_PPI *before* any measurement.
Please move it earlier.

Thank you
Yao Jiewen

> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Thursday, July 16, 2020 3:44 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Chao Zhang <chao.b.zhang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>;
> Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: [PATCH v2 4/7] SecurityPkg/Tcg2: Add TcgPpi
> 
> From: Jiewen Yao <jiewen.yao@intel.com>
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
>  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c   | 100 +++++++++++++++++++++-------
>  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf |   3 +-
>  2 files changed, 78 insertions(+), 25 deletions(-)
> 
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> index 19b8e4b318..8114de45c7 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> @@ -1,7 +1,7 @@
>  /** @file
> 
>    Initialize TPM2 device and measure FVs before handing off control to DXE.
> 
> 
> 
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> 
>  Copyright (c) 2017, Microsoft Corporation.  All rights reserved. <BR>
> 
>  SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> 
> 
> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  #include <Ppi/EndOfPeiPhase.h>
> 
>  #include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
> 
>  #include <Ppi/FirmwareVolumeInfoPrehashedFV.h>
> 
> +#include <Ppi/Tcg.h>
> 
> 
> 
>  #include <Guid/TcgEventHob.h>
> 
>  #include <Guid/MeasuredFvHob.h>
> 
> @@ -66,6 +67,45 @@ EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList
> = {
>    NULL
> 
>  };
> 
> 
> 
> +/**
> 
> +  Do a hash operation on a data buffer, extend a specific TPM PCR with the
> hash result,
> 
> +  and build a GUIDed HOB recording the event which will be passed to the DXE
> phase and
> 
> +  added into the Event Log.
> 
> +
> 
> +  @param[in]      This          Indicates the calling context
> 
> +  @param[in]      Flags         Bitmap providing additional information.
> 
> +  @param[in]      HashData      Physical address of the start of the data buffer
> 
> +                                to be hashed, extended, and logged.
> 
> +  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by
> HashData.
> 
> +  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data
> structure.
> 
> +  @param[in]      NewEventData  Pointer to the new event data.
> 
> +
> 
> +  @retval EFI_SUCCESS           Operation completed successfully.
> 
> +  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.
> 
> +  @retval EFI_DEVICE_ERROR      The command was unsuccessful.
> 
> +
> 
> +**/
> 
> +EFI_STATUS
> 
> +EFIAPI
> 
> +HashLogExtendEvent (
> 
> +  IN      EDKII_TCG_PPI             *This,
> 
> +  IN      UINT64                    Flags,
> 
> +  IN      UINT8                     *HashData,
> 
> +  IN      UINTN                     HashDataLen,
> 
> +  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
> 
> +  IN      UINT8                     *NewEventData
> 
> +  );
> 
> +
> 
> +EDKII_TCG_PPI mEdkiiTcgPpi = {
> 
> +  HashLogExtendEvent
> 
> +};
> 
> +
> 
> +EFI_PEI_PPI_DESCRIPTOR  mTcgPpiList = {
> 
> +  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
> 
> +  &gEdkiiTcgPpiGuid,
> 
> +  &mEdkiiTcgPpi
> 
> +};
> 
> +
> 
>  //
> 
>  // Number of firmware blobs to grow by each time we run out of room
> 
>  //
> 
> @@ -375,6 +415,7 @@ LogHashEvent (
>    and build a GUIDed HOB recording the event which will be passed to the DXE
> phase and
> 
>    added into the Event Log.
> 
> 
> 
> +  @param[in]      This          Indicates the calling context
> 
>    @param[in]      Flags         Bitmap providing additional information.
> 
>    @param[in]      HashData      Physical address of the start of the data buffer
> 
>                                  to be hashed, extended, and logged.
> 
> @@ -388,7 +429,9 @@ LogHashEvent (
> 
> 
>  **/
> 
>  EFI_STATUS
> 
> +EFIAPI
> 
>  HashLogExtendEvent (
> 
> +  IN      EDKII_TCG_PPI             *This,
> 
>    IN      UINT64                    Flags,
> 
>    IN      UINT8                     *HashData,
> 
>    IN      UINTN                     HashDataLen,
> 
> @@ -403,16 +446,23 @@ HashLogExtendEvent (
>      return EFI_DEVICE_ERROR;
> 
>    }
> 
> 
> 
> -  Status = HashAndExtend (
> 
> -             NewEventHdr->PCRIndex,
> 
> -             HashData,
> 
> -             HashDataLen,
> 
> +  if(Flags & EFI_TCG2_PRE_HASH) {
> 
> +    ZeroMem (&DigestList, sizeof(DigestList));
> 
> +    CopyMem(&DigestList, HashData, sizeof(DigestList));
> 
> +    Status = Tpm2PcrExtend(
> 
> +             0,
> 
>               &DigestList
> 
>               );
> 
> +  } else {
> 
> +    Status = HashAndExtend (
> 
> +               NewEventHdr->PCRIndex,
> 
> +               HashData,
> 
> +               HashDataLen,
> 
> +               &DigestList
> 
> +               );
> 
> +  }
> 
>    if (!EFI_ERROR (Status)) {
> 
> -    if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) {
> 
> -      Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
> 
> -    }
> 
> +    Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
> 
>    }
> 
> 
> 
>    if (Status == EFI_DEVICE_ERROR) {
> 
> @@ -452,6 +502,7 @@ MeasureCRTMVersion (
>    TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr
> (PcdFirmwareVersionString));
> 
> 
> 
>    return HashLogExtendEvent (
> 
> +           &mEdkiiTcgPpi,
> 
>             0,
> 
>             (UINT8*)PcdGetPtr (PcdFirmwareVersionString),
> 
>             TcgEventHdr.EventSize,
> 
> @@ -651,27 +702,22 @@ MeasureFvImage (
>      // FV pre-hash algos comply with current TPM hash requirement
> 
>      // Skip hashing step in measure, only extend DigestList to PCR and log event
> 
>      //
> 
> -    Status = Tpm2PcrExtend(
> 
> -               0,
> 
> -               &DigestList
> 
> +    Status = HashLogExtendEvent (
> 
> +               &mEdkiiTcgPpi,
> 
> +               EFI_TCG2_PRE_HASH,
> 
> +               (UINT8*) &DigestList,        // HashData
> 
> +               (UINTN) sizeof(DigestList),  // HashDataLen
> 
> +               &TcgEventHdr,                // EventHdr
> 
> +               EventData                    // EventData
> 
>                 );
> 
> -
> 
> -    if (!EFI_ERROR(Status)) {
> 
> -       Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData);
> 
> -       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by
> Tcg2Pei starts at: 0x%x\n", FvBase));
> 
> -       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by
> Tcg2Pei has the size: 0x%x\n", FvLength));
> 
> -    } else if (Status == EFI_DEVICE_ERROR) {
> 
> -      BuildGuidHob (&gTpmErrorHobGuid,0);
> 
> -      REPORT_STATUS_CODE (
> 
> -        EFI_ERROR_CODE | EFI_ERROR_MINOR,
> 
> -        (PcdGet32 (PcdStatusCodeSubClassTpmDevice) |
> EFI_P_EC_INTERFACE_ERROR)
> 
> -        );
> 
> -    }
> 
> +    DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by
> Tcg2Pei starts at: 0x%x\n", FvBase));
> 
> +    DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by
> Tcg2Pei has the size: 0x%x\n", FvLength));
> 
>    } else {
> 
>      //
> 
>      // Hash the FV, extend digest to the TPM and log TCG event
> 
>      //
> 
>      Status = HashLogExtendEvent (
> 
> +               &mEdkiiTcgPpi,
> 
>                 0,
> 
>                 (UINT8*) (UINTN) FvBase, // HashData
> 
>                 (UINTN) FvLength,        // HashDataLen
> 
> @@ -866,6 +912,12 @@ PeimEntryMP (
>    Status = PeiServicesNotifyPpi (&mNotifyList[0]);
> 
>    ASSERT_EFI_ERROR (Status);
> 
> 
> 
> +  //
> 
> +  // install Tcg Services
> 
> +  //
> 
> +  Status = PeiServicesInstallPpi (&mTcgPpiList);
> 
> +  ASSERT_EFI_ERROR (Status);
> 
> +
> 
>    return Status;
> 
>  }
> 
> 
> 
> @@ -893,7 +945,7 @@ MeasureSeparatorEventWithError (
>    TcgEvent.PCRIndex  = PCRIndex;
> 
>    TcgEvent.EventType = EV_SEPARATOR;
> 
>    TcgEvent.EventSize = (UINT32)sizeof (EventData);
> 
> -  return HashLogExtendEvent(0,(UINT8 *)&EventData, TcgEvent.EventSize,
> &TcgEvent,(UINT8 *)&EventData);
> 
> +  return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData,
> TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
> 
>  }
> 
> 
> 
>  /**
> 
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> index 3d361e8859..f64b29f1ae 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> @@ -8,7 +8,7 @@
>  #
> 
>  #  This module will initialize TPM device, measure reported FVs and BIOS version.
> 
>  #
> 
> -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> +# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> 
>  # Copyright (c) 2017, Microsoft Corporation.  All rights reserved. <BR>
> 
>  # SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  #
> 
> @@ -72,6 +72,7 @@
>    gPeiTpmInitializationDonePpiGuid                                     ## PRODUCES
> 
>    gEfiEndOfPeiSignalPpiGuid                                            ## SOMETIMES_CONSUMES
> ## NOTIFY
> 
>    gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid                        ##
> SOMETIMES_CONSUMES
> 
> +  gEdkiiTcgPpiGuid                                                     ## PRODUCES
> 
> 
> 
>  [Pcd]
> 
>    gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString              ##
> SOMETIMES_CONSUMES
> 
> --
> 2.26.2.windows.1

Re: [PATCH v2 3/7] SecurityPkg/Tcg: Add TcgPpi

[Yao, Jiewen]

Hi Qi
Per the conversation between Bret Barkelew and I, we should install the TCG_PPI *before* any measurement.
Please move it earlier.

Thank you
Yao Jiewen

> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Thursday, July 16, 2020 3:44 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Chao Zhang <chao.b.zhang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>;
> Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: [PATCH v2 3/7] SecurityPkg/Tcg: Add TcgPpi
> 
> From: Jiewen Yao <jiewen.yao@intel.com>
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
>  SecurityPkg/Tcg/TcgPei/TcgPei.c   | 61 ++++++++++++++++++++++++++++---
>  SecurityPkg/Tcg/TcgPei/TcgPei.inf |  3 +-
>  2 files changed, 58 insertions(+), 6 deletions(-)
> 
> diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c
> index a9a808c9ec..2533388849 100644
> --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c
> +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c
> @@ -1,7 +1,7 @@
>  /** @file
> 
>    Initialize TPM device and measure FVs before handing off control to DXE.
> 
> 
> 
> -Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> +Copyright (c) 2005 - 2020, Intel Corporation. All rights reserved.<BR>
> 
>  SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> 
> 
>  **/
> 
> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  #include <Ppi/FirmwareVolume.h>
> 
>  #include <Ppi/EndOfPeiPhase.h>
> 
>  #include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
> 
> +#include <Ppi/Tcg.h>
> 
> 
> 
>  #include <Guid/TcgEventHob.h>
> 
>  #include <Guid/MeasuredFvHob.h>
> 
> @@ -51,6 +52,45 @@ EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList
> = {
>    NULL
> 
>  };
> 
> 
> 
> +/**
> 
> +  Do a hash operation on a data buffer, extend a specific TPM PCR with the
> hash result,
> 
> +  and build a GUIDed HOB recording the event which will be passed to the DXE
> phase and
> 
> +  added into the Event Log.
> 
> +
> 
> +  @param[in]      This          Indicates the calling context
> 
> +  @param[in]      Flags         Bitmap providing additional information.
> 
> +  @param[in]      HashData      Physical address of the start of the data buffer
> 
> +                                to be hashed, extended, and logged.
> 
> +  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by
> HashData.
> 
> +  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data
> structure.
> 
> +  @param[in]      NewEventData  Pointer to the new event data.
> 
> +
> 
> +  @retval EFI_SUCCESS           Operation completed successfully.
> 
> +  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.
> 
> +  @retval EFI_DEVICE_ERROR      The command was unsuccessful.
> 
> +
> 
> +**/
> 
> +EFI_STATUS
> 
> +EFIAPI
> 
> +HashLogExtendEvent (
> 
> +  IN      EDKII_TCG_PPI             *This,
> 
> +  IN      UINT64                    Flags,
> 
> +  IN      UINT8                     *HashData,
> 
> +  IN      UINTN                     HashDataLen,
> 
> +  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
> 
> +  IN      UINT8                     *NewEventData
> 
> +  );
> 
> +
> 
> +EDKII_TCG_PPI mEdkiiTcgPpi = {
> 
> +  HashLogExtendEvent
> 
> +};
> 
> +
> 
> +EFI_PEI_PPI_DESCRIPTOR  mTcgPpiList = {
> 
> +  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
> 
> +  &gEdkiiTcgPpiGuid,
> 
> +  &mEdkiiTcgPpi
> 
> +};
> 
> +
> 
>  //
> 
>  // Number of firmware blobs to grow by each time we run out of room
> 
>  //
> 
> @@ -243,7 +283,8 @@ TpmCommHashAll (
>    and build a GUIDed HOB recording the event which will be passed to the DXE
> phase and
> 
>    added into the Event Log.
> 
> 
> 
> -  @param[in]      PeiServices   Describes the list of possible PEI Services.
> 
> +  @param[in]      This          Indicates the calling context.
> 
> +  @param[in]      Flags         Bitmap providing additional information.
> 
>    @param[in]      HashData      Physical address of the start of the data buffer
> 
>                                  to be hashed, extended, and logged.
> 
>    @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by
> HashData.
> 
> @@ -256,8 +297,10 @@ TpmCommHashAll (
> 
> 
>  **/
> 
>  EFI_STATUS
> 
> +EFIAPI
> 
>  HashLogExtendEvent (
> 
> -  IN      EFI_PEI_SERVICES          **PeiServices,
> 
> +  IN      EDKII_TCG_PPI             *This,
> 
> +  IN      UINT64                    Flags,
> 
>    IN      UINT8                     *HashData,
> 
>    IN      UINTN                     HashDataLen,
> 
>    IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
> 
> @@ -346,7 +389,8 @@ MeasureCRTMVersion (
>    TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr
> (PcdFirmwareVersionString));
> 
> 
> 
>    return HashLogExtendEvent (
> 
> -           PeiServices,
> 
> +           &mEdkiiTcgPpi,
> 
> +           0,
> 
>             (UINT8*)PcdGetPtr (PcdFirmwareVersionString),
> 
>             TcgEventHdr.EventSize,
> 
>             &TcgEventHdr,
> 
> @@ -415,7 +459,8 @@ MeasureFvImage (
>    TcgEventHdr.EventSize = sizeof (FvBlob);
> 
> 
> 
>    Status = HashLogExtendEvent (
> 
> -             (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),
> 
> +             &mEdkiiTcgPpi,
> 
> +             0,
> 
>               (UINT8*) (UINTN) FvBlob.BlobBase,
> 
>               (UINTN) FvBlob.BlobLength,
> 
>               &TcgEventHdr,
> 
> @@ -744,6 +789,12 @@ PeimEntryMP (
>    Status = PeiServicesNotifyPpi (&mNotifyList[0]);
> 
>    ASSERT_EFI_ERROR (Status);
> 
> 
> 
> +  //
> 
> +  // install Tcg Services
> 
> +  //
> 
> +  Status = PeiServicesInstallPpi (&mTcgPpiList);
> 
> +  ASSERT_EFI_ERROR (Status);
> 
> +
> 
>    return Status;
> 
>  }
> 
> 
> 
> diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> index c0bff6e85e..4ab4edd657 100644
> --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> @@ -4,7 +4,7 @@
>  #  This module will initialize TPM device, measure reported FVs and BIOS version.
> 
>  #  This module may also lock TPM physical presence and
> physicalPresenceLifetimeLock.
> 
>  #
> 
> -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
> 
> +# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
> 
>  # SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  #
> 
>  ##
> 
> @@ -67,6 +67,7 @@
>    gPeiTpmInitializedPpiGuid                                           ## SOMETIMES_PRODUCES
> 
>    gPeiTpmInitializationDonePpiGuid                                    ## PRODUCES
> 
>    gEfiEndOfPeiSignalPpiGuid                                           ## SOMETIMES_CONSUMES
> ## NOTIFY
> 
> +  gEdkiiTcgPpiGuid                                                    ## PRODUCES
> 
> 
> 
>  [Pcd]
> 
>    gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock       ##
> SOMETIMES_CONSUMES
> 
> --
> 2.26.2.windows.1

Re: [PATCH v2 1/7] SecurityPkg/TcgPpi: Add TcgPpi header file.

[Yao, Jiewen]

Hi Qi
Please move the PRE_HASH flag here, and add description on PreHashData format.

Thank you
Yao Jiewen

> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Thursday, July 16, 2020 3:44 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Chao Zhang <chao.b.zhang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v2 1/7] SecurityPkg/TcgPpi: Add TcgPpi header file.
> 
> From: Jiewen Yao <jiewen.yao@intel.com>
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
>  SecurityPkg/Include/Ppi/Tcg.h | 52 +++++++++++++++++++++++++++++++++++
>  1 file changed, 52 insertions(+)
>  create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
> 
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..2725a4ca71
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,52 @@
> +/** @file
> 
> +  TCG PPI services.
> 
> +
> 
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> 
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +
> 
> +**/
> 
> +
> 
> +#ifndef _TCG_PPI_H_
> 
> +#define _TCG_PPI_H_
> 
> +
> 
> +#include <IndustryStandard/UefiTcgPlatform.h>
> 
> +
> 
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
> 
> +
> 
> +/**
> 
> +  Tpm measure and log data, and extend the measurement result into a specific
> PCR.
> 
> +
> 
> +  @param[in]      This          Indicates the calling context
> 
> +  @param[in]      Flags         Bitmap providing additional information
> 
> +  @param[in]      HashData      Physical address of the start of the data buffer
> 
> +                                to be hashed, extended, and logged.
> 
> +  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by
> HashData.
> 
> +  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data
> structure.
> 
> +  @param[in]      NewEventData  Pointer to the new event data.
> 
> +
> 
> +  @retval EFI_SUCCESS           Operation completed successfully.
> 
> +  @retval EFI_UNSUPPORTED       TPM device not available.
> 
> +  @retval EFI_OUT_OF_RESOURCES  Out of memory.
> 
> +  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
> 
> +**/
> 
> +typedef
> 
> +EFI_STATUS
> 
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
> 
> +  IN      EDKII_TCG_PPI             *This,
> 
> +  IN      UINT64                    Flags,
> 
> +  IN      UINT8                     *HashData,
> 
> +  IN      UINTN                     HashDataLen,
> 
> +  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
> 
> +  IN      UINT8                     *NewEventData
> 
> +  );
> 
> +
> 
> +///
> 
> +/// The EFI_TCG Protocol abstracts TCG activity.
> 
> +///
> 
> +struct _EDKII_TCG_PPI {
> 
> +  EDKII_TCG_HASH_LOG_EXTEND_EVENT     HashLogExtendEvent;
> 
> +};
> 
> +
> 
> +extern EFI_GUID gEdkiiTcgPpiGuid;
> 
> +
> 
> +#endif
> 
> --
> 2.26.2.windows.1