public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Qi Zhang" <qi1.zhang@intel.com>
To: devel@edk2.groups.io
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>,
	Qi Zhang <qi1.zhang@intel.com>,
	Rahul Kumar <rahul1.kumar@intel.com>
Subject: [PATCH v4 3/6] SecurityPkg/Tcg: Add TcgPpi
Date: Fri, 17 Jul 2020 16:49:32 +0800	[thread overview]
Message-ID: <20200717084935.11067-4-qi1.zhang@intel.com> (raw)
In-Reply-To: <20200717084935.11067-1-qi1.zhang@intel.com>

From: Jiewen Yao <jiewen.yao@intel.com>

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
 SecurityPkg/Tcg/TcgPei/TcgPei.c   | 61 ++++++++++++++++++++++++++++---
 SecurityPkg/Tcg/TcgPei/TcgPei.inf |  3 +-
 2 files changed, 58 insertions(+), 6 deletions(-)

diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c
index a9a808c9ec..2533388849 100644
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.c
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c
@@ -1,7 +1,7 @@
 /** @file
   Initialize TPM device and measure FVs before handing off control to DXE.
 
-Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2020, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent
 
 **/
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Ppi/FirmwareVolume.h>
 #include <Ppi/EndOfPeiPhase.h>
 #include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
+#include <Ppi/Tcg.h>
 
 #include <Guid/TcgEventHob.h>
 #include <Guid/MeasuredFvHob.h>
@@ -51,6 +52,45 @@ EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList = {
   NULL
 };
 
+/**
+  Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
+  and build a GUIDed HOB recording the event which will be passed to the DXE phase and
+  added into the Event Log.
+
+  @param[in]      This          Indicates the calling context
+  @param[in]      Flags         Bitmap providing additional information.
+  @param[in]      HashData      Physical address of the start of the data buffer
+                                to be hashed, extended, and logged.
+  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData.
+  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data structure.
+  @param[in]      NewEventData  Pointer to the new event data.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.
+  @retval EFI_DEVICE_ERROR      The command was unsuccessful.
+
+**/
+EFI_STATUS
+EFIAPI
+HashLogExtendEvent (
+  IN      EDKII_TCG_PPI             *This,
+  IN      UINT64                    Flags,
+  IN      UINT8                     *HashData,
+  IN      UINTN                     HashDataLen,
+  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
+  IN      UINT8                     *NewEventData
+  );
+
+EDKII_TCG_PPI mEdkiiTcgPpi = {
+  HashLogExtendEvent
+};
+
+EFI_PEI_PPI_DESCRIPTOR  mTcgPpiList = {
+  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+  &gEdkiiTcgPpiGuid,
+  &mEdkiiTcgPpi
+};
+
 //
 // Number of firmware blobs to grow by each time we run out of room
 //
@@ -243,7 +283,8 @@ TpmCommHashAll (
   and build a GUIDed HOB recording the event which will be passed to the DXE phase and
   added into the Event Log.
 
-  @param[in]      PeiServices   Describes the list of possible PEI Services.
+  @param[in]      This          Indicates the calling context.
+  @param[in]      Flags         Bitmap providing additional information.
   @param[in]      HashData      Physical address of the start of the data buffer
                                 to be hashed, extended, and logged.
   @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData.
@@ -256,8 +297,10 @@ TpmCommHashAll (
 
 **/
 EFI_STATUS
+EFIAPI
 HashLogExtendEvent (
-  IN      EFI_PEI_SERVICES          **PeiServices,
+  IN      EDKII_TCG_PPI             *This,
+  IN      UINT64                    Flags,
   IN      UINT8                     *HashData,
   IN      UINTN                     HashDataLen,
   IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
@@ -346,7 +389,8 @@ MeasureCRTMVersion (
   TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
 
   return HashLogExtendEvent (
-           PeiServices,
+           &mEdkiiTcgPpi,
+           0,
            (UINT8*)PcdGetPtr (PcdFirmwareVersionString),
            TcgEventHdr.EventSize,
            &TcgEventHdr,
@@ -415,7 +459,8 @@ MeasureFvImage (
   TcgEventHdr.EventSize = sizeof (FvBlob);
 
   Status = HashLogExtendEvent (
-             (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),
+             &mEdkiiTcgPpi,
+             0,
              (UINT8*) (UINTN) FvBlob.BlobBase,
              (UINTN) FvBlob.BlobLength,
              &TcgEventHdr,
@@ -744,6 +789,12 @@ PeimEntryMP (
   Status = PeiServicesNotifyPpi (&mNotifyList[0]);
   ASSERT_EFI_ERROR (Status);
 
+  //
+  // install Tcg Services
+  //
+  Status = PeiServicesInstallPpi (&mTcgPpiList);
+  ASSERT_EFI_ERROR (Status);
+
   return Status;
 }
 
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
index c0bff6e85e..4ab4edd657 100644
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
@@ -4,7 +4,7 @@
 #  This module will initialize TPM device, measure reported FVs and BIOS version.
 #  This module may also lock TPM physical presence and physicalPresenceLifetimeLock.
 #
-# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
 # SPDX-License-Identifier: BSD-2-Clause-Patent
 #
 ##
@@ -67,6 +67,7 @@
   gPeiTpmInitializedPpiGuid                                           ## SOMETIMES_PRODUCES
   gPeiTpmInitializationDonePpiGuid                                    ## PRODUCES
   gEfiEndOfPeiSignalPpiGuid                                           ## SOMETIMES_CONSUMES     ## NOTIFY
+  gEdkiiTcgPpiGuid                                                    ## PRODUCES
 
 [Pcd]
   gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock       ## SOMETIMES_CONSUMES
-- 
2.26.2.windows.1


  parent reply	other threads:[~2020-07-17  8:49 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-17  8:49 [PATCH v4 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
2020-07-17  8:49 ` [PATCH v4 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
2020-07-21  8:37   ` Wang, Jian J
2020-07-17  8:49 ` [PATCH v4 2/6] SecurityPkg/dec: Add TcgPpi Qi Zhang
2020-07-21  8:37   ` Wang, Jian J
2020-07-17  8:49 ` Qi Zhang [this message]
2020-07-21  8:36   ` [PATCH v4 3/6] SecurityPkg/Tcg: " Wang, Jian J
2020-07-17  8:49 ` [PATCH v4 4/6] SecurityPkg/Tcg2: " Qi Zhang
2020-07-21  8:52   ` Wang, Jian J
2020-07-17  8:49 ` [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance Qi Zhang
2020-07-21  9:00   ` Wang, Jian J
     [not found]   ` <1623B8ED1BE72736.9882@groups.io>
2020-07-21  9:16     ` [edk2-devel] " Wang, Jian J
2020-07-21 15:05       ` Yao, Jiewen
2020-07-22  1:08         ` Wang, Jian J
2020-07-22  2:08           ` Qi Zhang
2020-07-22  2:13             ` Yao, Jiewen
2020-07-17  8:49 ` [PATCH v4 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib Qi Zhang
2020-07-21  9:00   ` Wang, Jian J

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200717084935.11067-4-qi1.zhang@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox