* [PATCH 1/9] MdeModulePkg/TpmMeasurementLib: Add new API to TpmMeasurmentLib.
2020-07-31 8:54 [PATCH 0/9] Need add a FSP binary measurement Qi Zhang
@ 2020-07-31 8:54 ` Qi Zhang
2020-08-02 8:36 ` Yao, Jiewen
2020-07-31 8:54 ` [PATCH 2/9] MdeModulePkg/NullTpmMeasurementLib: Add new API Qi Zhang
` (7 subsequent siblings)
8 siblings, 1 reply; 16+ messages in thread
From: Qi Zhang @ 2020-07-31 8:54 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Hao A Wu, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../Include/Library/TpmMeasurementLib.h | 71 ++++++++++++++++++-
1 file changed, 70 insertions(+), 1 deletion(-)
diff --git a/MdeModulePkg/Include/Library/TpmMeasurementLib.h b/MdeModulePkg/Include/Library/TpmMeasurementLib.h
index ddf6723f03..cd4d175918 100644
--- a/MdeModulePkg/Include/Library/TpmMeasurementLib.h
+++ b/MdeModulePkg/Include/Library/TpmMeasurementLib.h
@@ -1,7 +1,7 @@
/** @file
This library is used by other modules to measure data to TPM.
-Copyright (c) 2012, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -35,4 +35,73 @@ TpmMeasureAndLogData (
IN UINT64 HashDataLen
);
+/**
+ Mesure a FirmwareBlob.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] Descrption Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ );
+
+/**
+ Mesure a FirmwareBlob in separation mode of FV binary and configuration.
+
+ @param[in] Descrption Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+ @param[in] CfgRegionOffset Configuration region offset in bytes.
+ @param[in] CfgRegionSize Configuration region in bytes.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFirmwareBlobWithCfg (
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength,
+ IN UINT32 CfgRegionOffset,
+ IN UINT32 CfgRegionSize
+ );
+/**
+ Mesure a HandoffTable.
+
+ @param[in] PcrIndex PcrIndex of the measurment.
+ @param[in] Descrption Description for this HandoffTable.
+ @param[in] TableGuid GUID of this HandoffTable.
+ @param[in] TableAddress Base address of this HandoffTable.
+ @param[in] TableLength Size in bytes of this HandoffTable.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureHandoffTable (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_GUID *TableGuid,
+ IN VOID *TableAddress,
+ IN UINTN TableLength
+ );
+
#endif
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* Re: [PATCH 1/9] MdeModulePkg/TpmMeasurementLib: Add new API to TpmMeasurmentLib.
2020-07-31 8:54 ` [PATCH 1/9] MdeModulePkg/TpmMeasurementLib: Add new API to TpmMeasurmentLib Qi Zhang
@ 2020-08-02 8:36 ` Yao, Jiewen
0 siblings, 0 replies; 16+ messages in thread
From: Yao, Jiewen @ 2020-08-02 8:36 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J, Wu, Hao A
Hi Qi
The PEI FV does not have CfgRegion concept.
We should remove MeasureFirmwareBlobWithCfg().
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 31, 2020 4:54 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Wu, Hao A <hao.a.wu@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH 1/9] MdeModulePkg/TpmMeasurementLib: Add new API to
> TpmMeasurmentLib.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../Include/Library/TpmMeasurementLib.h | 71 ++++++++++++++++++-
> 1 file changed, 70 insertions(+), 1 deletion(-)
>
> diff --git a/MdeModulePkg/Include/Library/TpmMeasurementLib.h
> b/MdeModulePkg/Include/Library/TpmMeasurementLib.h
> index ddf6723f03..cd4d175918 100644
> --- a/MdeModulePkg/Include/Library/TpmMeasurementLib.h
> +++ b/MdeModulePkg/Include/Library/TpmMeasurementLib.h
> @@ -1,7 +1,7 @@
> /** @file
>
> This library is used by other modules to measure data to TPM.
>
>
>
> -Copyright (c) 2012, Intel Corporation. All rights reserved. <BR>
>
> +Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved. <BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -35,4 +35,73 @@ TpmMeasureAndLogData (
> IN UINT64 HashDataLen
>
> );
>
>
>
> +/**
>
> + Mesure a FirmwareBlob.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] Descrption Description for this FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFirmwareBlob (
>
> + IN UINT32 PcrIndex,
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength
>
> + );
>
> +
>
> +/**
>
> + Mesure a FirmwareBlob in separation mode of FV binary and configuration.
>
> +
>
> + @param[in] Descrption Description for this FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
>
> + @param[in] CfgRegionOffset Configuration region offset in bytes.
>
> + @param[in] CfgRegionSize Configuration region in bytes.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFirmwareBlobWithCfg (
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength,
>
> + IN UINT32 CfgRegionOffset,
>
> + IN UINT32 CfgRegionSize
>
> + );
>
> +/**
>
> + Mesure a HandoffTable.
>
> +
>
> + @param[in] PcrIndex PcrIndex of the measurment.
>
> + @param[in] Descrption Description for this HandoffTable.
>
> + @param[in] TableGuid GUID of this HandoffTable.
>
> + @param[in] TableAddress Base address of this HandoffTable.
>
> + @param[in] TableLength Size in bytes of this HandoffTable.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureHandoffTable (
>
> + IN UINT32 PcrIndex,
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_GUID *TableGuid,
>
> + IN VOID *TableAddress,
>
> + IN UINTN TableLength
>
> + );
>
> +
>
> #endif
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH 2/9] MdeModulePkg/NullTpmMeasurementLib: Add new API.
2020-07-31 8:54 [PATCH 0/9] Need add a FSP binary measurement Qi Zhang
2020-07-31 8:54 ` [PATCH 1/9] MdeModulePkg/TpmMeasurementLib: Add new API to TpmMeasurmentLib Qi Zhang
@ 2020-07-31 8:54 ` Qi Zhang
2020-07-31 8:54 ` [PATCH 3/9] SecurityPkg/DxeTpmMeasurementLib: " Qi Zhang
` (6 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Qi Zhang @ 2020-07-31 8:54 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Hao A Wu, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../TpmMeasurementLibNull.c | 61 ++++++++++++++++++-
.../TpmMeasurementLibNull.inf | 6 +-
2 files changed, 63 insertions(+), 4 deletions(-)
diff --git a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c
index b9c5b68de8..2ce38d8258 100644
--- a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c
+++ b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.c
@@ -1,11 +1,13 @@
/** @file
This library is used by other modules to measure data to TPM.
-Copyright (c) 2015, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
+#include <Uefi.h>
+
/**
Tpm measure and log data, and extend the measurement result into a specific PCR.
@@ -37,3 +39,60 @@ TpmMeasureAndLogData (
//
return EFI_SUCCESS;
}
+
+/**
+ Mesure a FirmwareBlob.
+
+ @param[in] Descrption Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ )
+{
+ //
+ // Do nothing, just return EFI_SUCCESS.
+ //
+ return EFI_SUCCESS;
+}
+
+/**
+ Mesure a HandoffTable.
+
+ @param[in] PcrIndex PcrIndex of the measurment.
+ @param[in] Descrption Description for this HandoffTable.
+ @param[in] TableGuid GUID of this HandoffTable.
+ @param[in] TableAddress Base address of this HandoffTable.
+ @param[in] TableLength Size in bytes of this HandoffTable.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureHandoffTable (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_GUID *TableGuid,
+ IN VOID *TableAddress,
+ IN UINTN TableLength
+ )
+{
+ //
+ // Do nothing, just return EFI_SUCCESS.
+ //
+ return EFI_SUCCESS;
+}
diff --git a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
index 61abcfa2ec..1db2c0d6a7 100644
--- a/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
+++ b/MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
@@ -1,7 +1,7 @@
## @file
# Provides NULL TPM measurement function.
#
-# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -10,9 +10,9 @@
INF_VERSION = 0x00010005
BASE_NAME = TpmMeasurementLibNull
FILE_GUID = 6DFD6E9F-9278-48D8-8F45-B6CFF2C2B69C
- MODULE_TYPE = UEFI_DRIVER
+ MODULE_TYPE = BASE
VERSION_STRING = 1.0
- LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
+ LIBRARY_CLASS = TpmMeasurementLib
MODULE_UNI_FILE = TpmMeasurementLibNull.uni
#
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [PATCH 3/9] SecurityPkg/DxeTpmMeasurementLib: Add new API.
2020-07-31 8:54 [PATCH 0/9] Need add a FSP binary measurement Qi Zhang
2020-07-31 8:54 ` [PATCH 1/9] MdeModulePkg/TpmMeasurementLib: Add new API to TpmMeasurmentLib Qi Zhang
2020-07-31 8:54 ` [PATCH 2/9] MdeModulePkg/NullTpmMeasurementLib: Add new API Qi Zhang
@ 2020-07-31 8:54 ` Qi Zhang
2020-07-31 8:54 ` [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: " Qi Zhang
` (5 subsequent siblings)
8 siblings, 0 replies; 16+ messages in thread
From: Qi Zhang @ 2020-07-31 8:54 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../DxeTpmMeasurementLib.inf | 6 +-
.../DxeTpmMeasurementLib/EventLogRecord.c | 218 ++++++++++++++++++
2 files changed, 223 insertions(+), 1 deletion(-)
create mode 100644 SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c
diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
index 7d41bc41f9..39448f8ee8 100644
--- a/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
@@ -4,7 +4,7 @@
# This library provides TpmMeasureAndLogData() to measure and log data, and
# extend the measurement result into a specific PCR.
#
-# Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2012 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -26,6 +26,7 @@
[Sources]
DxeTpmMeasurementLib.c
+ EventLogRecord.c
[Packages]
MdePkg/MdePkg.dec
@@ -42,3 +43,6 @@
[Protocols]
gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES
gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES
diff --git a/SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c b/SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c
new file mode 100644
index 0000000000..7b3726e44b
--- /dev/null
+++ b/SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c
@@ -0,0 +1,218 @@
+/** @file
+ This library is used by other modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiDxe.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/ReportStatusCodeLib.h>
+#include <Library/HobLib.h>
+#include <Library/PcdLib.h>
+#include <Library/PrintLib.h>
+#include <Library/TpmMeasurementLib.h>
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+#pragma pack (1)
+
+#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
+typedef struct {
+ UINT8 BlobDescriptionSize;
+ UINT8 BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)];
+ EFI_PHYSICAL_ADDRESS BlobBase;
+ UINT64 BlobLength;
+} PLATFORM_FIRMWARE_BLOB2_STRUCT;
+
+#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF"
+typedef struct {
+ UINT8 TableDescriptionSize;
+ UINT8 TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)];
+ UINT64 NumberOfTables;
+ EFI_CONFIGURATION_TABLE TableEntry[1];
+} HANDOFF_TABLE_POINTERS2_STRUCT;
+
+#pragma pack ()
+
+/**
+ Get the FvName from the FV header.
+
+ Causion: The FV is untrusted input.
+
+ @param[in] FvBase Base address of FV image.
+ @param[in] FvLength Length of FV image.
+
+ @return FvName pointer
+ @retval NULL FvName is NOT found
+**/
+VOID *
+TpmMeasurementGetFvName (
+ IN EFI_PHYSICAL_ADDRESS FvBase,
+ IN UINT64 FvLength
+ )
+{
+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
+
+ if (FvBase >= MAX_ADDRESS) {
+ return NULL;
+ }
+ if (FvLength >= MAX_ADDRESS - FvBase) {
+ return NULL;
+ }
+ if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
+ return NULL;
+ }
+
+ FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
+ if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
+ return NULL;
+ }
+ if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
+ return NULL;
+ }
+ if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
+ return NULL;
+ }
+ FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
+
+ return &FvExtHeader->FvName;
+}
+
+/**
+ Mesure a FirmwareBlob.
+
+ @param[in] PcrIndex PcrIndex of the measurment.
+ @param[in] Descrption Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ )
+{
+ EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
+ PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2;
+ VOID *FvName;
+ UINT32 EventType;
+ VOID *EventLog;
+ UINT32 EventLogSize;
+ EFI_STATUS Status;
+
+ FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
+
+ if (((Description != NULL) || (FvName != NULL)) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ ZeroMem (&FvBlob2, sizeof(FvBlob2));
+ if (Description != NULL) {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description);
+ } else {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
+ }
+
+ FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
+ FvBlob2.BlobBase = FirmwareBlobBase;
+ FvBlob2.BlobLength = FirmwareBlobLength;
+
+ EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
+ EventLog = &FvBlob2;
+ EventLogSize = sizeof(FvBlob2);
+ } else {
+ FvBlob.BlobBase = FirmwareBlobBase;
+ FvBlob.BlobLength = FirmwareBlobLength;
+
+ EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
+ EventLog = &FvBlob;
+ EventLogSize = sizeof(FvBlob);
+ }
+
+ Status = TpmMeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ EventLogSize,
+ (VOID*)(UINTN)FirmwareBlobBase,
+ FirmwareBlobLength
+ );
+
+ return Status;
+}
+
+/**
+ Mesure a HandoffTable.
+
+ @param[in] PcrIndex PcrIndex of the measurment.
+ @param[in] Descrption Description for this HandoffTable.
+ @param[in] TableGuid GUID of this HandoffTable.
+ @param[in] TableAddress Base address of this HandoffTable.
+ @param[in] TableLength Size in bytes of this HandoffTable.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureHandoffTable (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_GUID *TableGuid,
+ IN VOID *TableAddress,
+ IN UINTN TableLength
+ )
+{
+ EFI_HANDOFF_TABLE_POINTERS HandoffTables;
+ HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2;
+ UINT32 EventType;
+ VOID *EventLog;
+ UINT32 EventLogSize;
+ EFI_STATUS Status;
+
+ if ((Description != NULL) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ ZeroMem (&HandoffTables2, sizeof(HandoffTables2));
+ AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTables2.TableDescription), "%a", Description);
+
+ HandoffTables2.TableDescriptionSize = sizeof(HandoffTables2.TableDescription);
+ HandoffTables2.NumberOfTables = 1;
+ CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid);
+ HandoffTables2.TableEntry[0].VendorTable = TableAddress;
+
+ EventType = EV_EFI_HANDOFF_TABLES2;
+ EventLog = &HandoffTables2;
+ EventLogSize = sizeof(HandoffTables2);
+ } else {
+ HandoffTables.NumberOfTables = 1;
+ CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid);
+ HandoffTables.TableEntry[0].VendorTable = TableAddress;
+
+ EventType = EV_EFI_HANDOFF_TABLES;
+ EventLog = &HandoffTables;
+ EventLogSize = sizeof(HandoffTables);
+ }
+
+ Status = TpmMeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ EventLogSize,
+ TableAddress,
+ TableLength
+ );
+ return Status;
+}
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: Add new API.
2020-07-31 8:54 [PATCH 0/9] Need add a FSP binary measurement Qi Zhang
` (2 preceding siblings ...)
2020-07-31 8:54 ` [PATCH 3/9] SecurityPkg/DxeTpmMeasurementLib: " Qi Zhang
@ 2020-07-31 8:54 ` Qi Zhang
2020-08-02 8:43 ` Yao, Jiewen
2020-07-31 8:54 ` [PATCH 5/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file Qi Zhang
` (4 subsequent siblings)
8 siblings, 1 reply; 16+ messages in thread
From: Qi Zhang @ 2020-07-31 8:54 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../PeiTpmMeasurementLib/EventLogRecord.c | 409 ++++++++++++++++++
.../PeiTpmMeasurementLib.inf | 5 +
2 files changed, 414 insertions(+)
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c b/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
new file mode 100644
index 0000000000..bd3d7000a1
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
@@ -0,0 +1,409 @@
+/** @file
+ This library is used by other modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/PeiServicesTablePointerLib.h>
+#include <Library/DebugLib.h>
+#include <Library/ReportStatusCodeLib.h>
+#include <Library/HobLib.h>
+#include <Library/PcdLib.h>
+#include <Library/PrintLib.h>
+#include <Library/HashLib.h>
+#include <Library/TpmMeasurementLib.h>
+
+#include <Ppi/Tcg.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+#pragma pack (1)
+
+#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
+typedef struct {
+ UINT8 BlobDescriptionSize;
+ UINT8 BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)];
+ EFI_PHYSICAL_ADDRESS BlobBase;
+ UINT64 BlobLength;
+} PLATFORM_FIRMWARE_BLOB2_STRUCT;
+
+#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF"
+typedef struct {
+ UINT8 TableDescriptionSize;
+ UINT8 TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)];
+ UINT64 NumberOfTables;
+ EFI_CONFIGURATION_TABLE TableEntry[1];
+} HANDOFF_TABLE_POINTERS2_STRUCT;
+
+#pragma pack ()
+
+/**
+ Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+ @param[in] Flags Bitmap providing additional information.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TpmMeasureAndLogDataWithFlags (
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen,
+ IN UINT64 Flags
+ )
+{
+ EFI_STATUS Status;
+ EDKII_TCG_PPI *TcgPpi;
+ TCG_PCR_EVENT_HDR TcgEventHdr;
+
+ Status = PeiServicesLocatePpi(
+ &gEdkiiTcgPpiGuid,
+ 0,
+ NULL,
+ (VOID**)&TcgPpi
+ );
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ TcgEventHdr.PCRIndex = PcrIndex;
+ TcgEventHdr.EventType = EventType;
+ TcgEventHdr.EventSize = LogLen;
+
+ Status = TcgPpi->HashLogExtendEvent (
+ TcgPpi,
+ Flags,
+ HashData,
+ (UINTN)HashDataLen,
+ &TcgEventHdr,
+ EventLog
+ );
+ return Status;
+}
+
+/**
+ Get the FvName from the FV header.
+
+ Causion: The FV is untrusted input.
+
+ @param[in] FvBase Base address of FV image.
+ @param[in] FvLength Length of FV image.
+
+ @return FvName pointer
+ @retval NULL FvName is NOT found
+**/
+VOID *
+TpmMeasurementGetFvName (
+ IN EFI_PHYSICAL_ADDRESS FvBase,
+ IN UINT64 FvLength
+ )
+{
+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
+
+ if (FvBase >= MAX_ADDRESS) {
+ return NULL;
+ }
+ if (FvLength >= MAX_ADDRESS - FvBase) {
+ return NULL;
+ }
+ if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
+ return NULL;
+ }
+
+ FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
+ if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
+ return NULL;
+ }
+ if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
+ return NULL;
+ }
+ if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
+ return NULL;
+ }
+ FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
+
+ return &FvExtHeader->FvName;
+}
+
+/**
+ Mesure a FirmwareBlob.
+
+ @param[in] PcrIndex PcrIndex of the measurment.
+ @param[in] Descrption Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ )
+{
+ EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
+ PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2;
+ VOID *FvName;
+ UINT32 EventType;
+ VOID *EventLog;
+ UINT32 EventLogSize;
+ EFI_STATUS Status;
+
+ FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
+
+ if (((Description != NULL) || (FvName != NULL)) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ ZeroMem (&FvBlob2, sizeof(FvBlob2));
+ if (Description != NULL) {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description);
+ } else {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
+ }
+
+ FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
+ FvBlob2.BlobBase = FirmwareBlobBase;
+ FvBlob2.BlobLength = FirmwareBlobLength;
+
+ EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
+ EventLog = &FvBlob2;
+ EventLogSize = sizeof(FvBlob2);
+ } else {
+ FvBlob.BlobBase = FirmwareBlobBase;
+ FvBlob.BlobLength = FirmwareBlobLength;
+
+ EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
+ EventLog = &FvBlob;
+ EventLogSize = sizeof(FvBlob);
+ }
+
+ Status = TpmMeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ EventLogSize,
+ (VOID*)(UINTN)FirmwareBlobBase,
+ FirmwareBlobLength
+ );
+
+ return Status;
+}
+
+/**
+ Mesure a FirmwareBlob in separation mode of FV binary and configuration.
+
+ @param[in] Descrption Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+ @param[in] CfgRegionOffset Configuration region offset in bytes.
+ @param[in] CfgRegionSize Configuration region in bytes.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFirmwareBlobWithCfg (
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength,
+ IN UINT32 CfgRegionOffset,
+ IN UINT32 CfgRegionSize
+ )
+{
+ EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UPDBlob;
+ PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UPDBlob2;
+ VOID *FvName;
+ UINT32 FvEventType;
+ VOID *FvEventLog, *UPDEventLog;
+ UINT32 FvEventLogSize, UPDEventLogSize;
+ EFI_STATUS Status;
+ HASH_HANDLE HashHandle;
+ UINT8 *HashBase;
+ UINTN HashSize;
+ TPML_DIGEST_VALUES DigestList;
+
+ FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
+
+ if (((Description != NULL) || (FvName != NULL)) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ ZeroMem (&FvBlob2, sizeof(FvBlob2));
+ ZeroMem (&UPDBlob2, sizeof(UPDBlob2));
+ if (Description != NULL) {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description);
+ AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription, sizeof(UPDBlob2.BlobDescription), "%aUDP", Description);
+ } else {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
+ AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription, sizeof(UPDBlob2.BlobDescription), "(%g)UDP", FvName);
+ }
+
+ FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
+ FvBlob2.BlobBase = FirmwareBlobBase;
+ FvBlob2.BlobLength = FirmwareBlobLength;
+ FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
+ FvEventLog = &FvBlob2;
+ FvEventLogSize = sizeof(FvBlob2);
+
+ UPDBlob2.BlobDescriptionSize = sizeof(UPDBlob2.BlobDescription);
+ UPDBlob2.BlobBase = CfgRegionOffset;
+ UPDBlob2.BlobLength = CfgRegionSize;
+ UPDEventLog = &UPDBlob2;
+ UPDEventLogSize = sizeof(UPDBlob2);
+ } else {
+ FvBlob.BlobBase = FirmwareBlobBase;
+ FvBlob.BlobLength = FirmwareBlobLength;
+ FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
+ FvEventLog = &FvBlob;
+ FvEventLogSize = sizeof(FvBlob);
+
+ UPDBlob.BlobBase = CfgRegionOffset;
+ UPDBlob.BlobLength = CfgRegionSize;
+ UPDEventLog = &UPDBlob;
+ UPDEventLogSize = sizeof(UPDBlob);
+ }
+
+ // Initialize a SHA hash context.
+ Status = HashStart (&HashHandle);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));
+ return Status;
+ }
+
+ // Hash FSP binary before UDP
+ HashBase = (UINT8 *) (UINTN) FirmwareBlobBase;
+ HashSize = (UINTN) CfgRegionOffset;
+ Status = HashUpdate (HashHandle, HashBase, HashSize);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
+ return Status;
+ }
+
+ // Hash FSP binary after UDP
+ HashBase = (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgRegionSize;
+ HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSize);
+ Status = HashUpdate (HashHandle, HashBase, HashSize);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
+ return Status;
+ }
+
+ // Finalize the SHA hash.
+ Status = HashFinal(HashHandle, &DigestList);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashFinal failed - %r\n", Status));
+ return Status;
+ }
+
+ Status = TpmMeasureAndLogDataWithFlags (
+ 0,
+ FvEventType,
+ FvEventLog,
+ FvEventLogSize,
+ (UINT8 *) &DigestList,
+ (UINTN) sizeof(DigestList),
+ EDKII_TCG_PRE_HASH
+ );
+ DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogDataWithFlags - %r\n", Status));
+
+ Status = TpmMeasureAndLogData (
+ 1,
+ EV_PLATFORM_CONFIG_FLAGS,
+ UPDEventLog,
+ UPDEventLogSize,
+ (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset,
+ CfgRegionSize
+ );
+ DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogData - %r\n", Status));
+
+ return Status;
+}
+/**
+ Mesure a HandoffTable.
+
+ @param[in] PcrIndex PcrIndex of the measurment.
+ @param[in] Descrption Description for this HandoffTable.
+ @param[in] TableGuid GUID of this HandoffTable.
+ @param[in] TableAddress Base address of this HandoffTable.
+ @param[in] TableLength Size in bytes of this HandoffTable.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureHandoffTable (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_GUID *TableGuid,
+ IN VOID *TableAddress,
+ IN UINTN TableLength
+ )
+{
+ EFI_HANDOFF_TABLE_POINTERS HandoffTables;
+ HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2;
+ UINT32 EventType;
+ VOID *EventLog;
+ UINT32 EventLogSize;
+ EFI_STATUS Status;
+
+ if ((Description != NULL) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ ZeroMem (&HandoffTables2, sizeof(HandoffTables2));
+ AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTables2.TableDescription), "%a", Description);
+
+ HandoffTables2.TableDescriptionSize = sizeof(HandoffTables2.TableDescription);
+ HandoffTables2.NumberOfTables = 1;
+ CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid);
+ HandoffTables2.TableEntry[0].VendorTable = TableAddress;
+
+ EventType = EV_EFI_HANDOFF_TABLES2;
+ EventLog = &HandoffTables2;
+ EventLogSize = sizeof(HandoffTables2);
+ } else {
+ HandoffTables.NumberOfTables = 1;
+ CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid);
+ HandoffTables.TableEntry[0].VendorTable = TableAddress;
+
+ EventType = EV_EFI_HANDOFF_TABLES;
+ EventLog = &HandoffTables;
+ EventLogSize = sizeof(HandoffTables);
+ }
+
+ Status = TpmMeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ EventLogSize,
+ TableAddress,
+ TableLength
+ );
+ return Status;
+}
diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
index 6625d0fd01..6ff32a2bdc 100644
--- a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
@@ -26,6 +26,7 @@
[Sources]
PeiTpmMeasurementLib.c
+ EventLogRecord.c
[Packages]
MdePkg/MdePkg.dec
@@ -41,10 +42,14 @@
PrintLib
PeiServicesLib
PeiServicesTablePointerLib
+ HashLib
[Ppis]
gEdkiiTcgPpiGuid ## CONSUMES
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES
+
[Depex]
gEfiPeiMasterBootModePpiGuid AND
gEfiTpmDeviceSelectedGuid
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* Re: [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: Add new API.
2020-07-31 8:54 ` [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: " Qi Zhang
@ 2020-08-02 8:43 ` Yao, Jiewen
0 siblings, 0 replies; 16+ messages in thread
From: Yao, Jiewen @ 2020-08-02 8:43 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J
Please remove MeasureFirmwareBlobWithCfg() API here.
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 31, 2020 4:55 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: Add new API.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../PeiTpmMeasurementLib/EventLogRecord.c | 409 ++++++++++++++++++
> .../PeiTpmMeasurementLib.inf | 5 +
> 2 files changed, 414 insertions(+)
> create mode 100644
> SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
>
> diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
> b/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
> new file mode 100644
> index 0000000000..bd3d7000a1
> --- /dev/null
> +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
> @@ -0,0 +1,409 @@
> +/** @file
>
> + This library is used by other modules to measure data to TPM.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#include <PiPei.h>
>
> +
>
> +#include <Library/BaseMemoryLib.h>
>
> +#include <Library/PeiServicesLib.h>
>
> +#include <Library/PeiServicesTablePointerLib.h>
>
> +#include <Library/DebugLib.h>
>
> +#include <Library/ReportStatusCodeLib.h>
>
> +#include <Library/HobLib.h>
>
> +#include <Library/PcdLib.h>
>
> +#include <Library/PrintLib.h>
>
> +#include <Library/HashLib.h>
>
> +#include <Library/TpmMeasurementLib.h>
>
> +
>
> +#include <Ppi/Tcg.h>
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +#pragma pack (1)
>
> +
>
> +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-
> XXXXXXXXXXXX)"
>
> +typedef struct {
>
> + UINT8 BlobDescriptionSize;
>
> + UINT8
> BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)];
>
> + EFI_PHYSICAL_ADDRESS BlobBase;
>
> + UINT64 BlobLength;
>
> +} PLATFORM_FIRMWARE_BLOB2_STRUCT;
>
> +
>
> +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF"
>
> +typedef struct {
>
> + UINT8 TableDescriptionSize;
>
> + UINT8
> TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)];
>
> + UINT64 NumberOfTables;
>
> + EFI_CONFIGURATION_TABLE TableEntry[1];
>
> +} HANDOFF_TABLE_POINTERS2_STRUCT;
>
> +
>
> +#pragma pack ()
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] EventType Event type.
>
> + @param[in] EventLog Measurement event log.
>
> + @param[in] LogLen Event log length in bytes.
>
> + @param[in] HashData The start of the data buffer to be hashed,
> extended.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData
>
> + @param[in] Flags Bitmap providing additional information.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TpmMeasureAndLogDataWithFlags (
>
> + IN UINT32 PcrIndex,
>
> + IN UINT32 EventType,
>
> + IN VOID *EventLog,
>
> + IN UINT32 LogLen,
>
> + IN VOID *HashData,
>
> + IN UINT64 HashDataLen,
>
> + IN UINT64 Flags
>
> + )
>
> +{
>
> + EFI_STATUS Status;
>
> + EDKII_TCG_PPI *TcgPpi;
>
> + TCG_PCR_EVENT_HDR TcgEventHdr;
>
> +
>
> + Status = PeiServicesLocatePpi(
>
> + &gEdkiiTcgPpiGuid,
>
> + 0,
>
> + NULL,
>
> + (VOID**)&TcgPpi
>
> + );
>
> + if (EFI_ERROR(Status)) {
>
> + return Status;
>
> + }
>
> +
>
> + TcgEventHdr.PCRIndex = PcrIndex;
>
> + TcgEventHdr.EventType = EventType;
>
> + TcgEventHdr.EventSize = LogLen;
>
> +
>
> + Status = TcgPpi->HashLogExtendEvent (
>
> + TcgPpi,
>
> + Flags,
>
> + HashData,
>
> + (UINTN)HashDataLen,
>
> + &TcgEventHdr,
>
> + EventLog
>
> + );
>
> + return Status;
>
> +}
>
> +
>
> +/**
>
> + Get the FvName from the FV header.
>
> +
>
> + Causion: The FV is untrusted input.
>
> +
>
> + @param[in] FvBase Base address of FV image.
>
> + @param[in] FvLength Length of FV image.
>
> +
>
> + @return FvName pointer
>
> + @retval NULL FvName is NOT found
>
> +**/
>
> +VOID *
>
> +TpmMeasurementGetFvName (
>
> + IN EFI_PHYSICAL_ADDRESS FvBase,
>
> + IN UINT64 FvLength
>
> + )
>
> +{
>
> + EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
>
> + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
>
> +
>
> + if (FvBase >= MAX_ADDRESS) {
>
> + return NULL;
>
> + }
>
> + if (FvLength >= MAX_ADDRESS - FvBase) {
>
> + return NULL;
>
> + }
>
> + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
>
> + return NULL;
>
> + }
>
> +
>
> + FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
>
> + if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
>
> + return NULL;
>
> + }
>
> + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
>
> + return NULL;
>
> + }
>
> + if (FvHeader->ExtHeaderOffset +
> sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
>
> + return NULL;
>
> + }
>
> + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase +
> FvHeader->ExtHeaderOffset);
>
> +
>
> + return &FvExtHeader->FvName;
>
> +}
>
> +
>
> +/**
>
> + Mesure a FirmwareBlob.
>
> +
>
> + @param[in] PcrIndex PcrIndex of the measurment.
>
> + @param[in] Descrption Description for this FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFirmwareBlob (
>
> + IN UINT32 PcrIndex,
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength
>
> + )
>
> +{
>
> + EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
>
> + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2;
>
> + VOID *FvName;
>
> + UINT32 EventType;
>
> + VOID *EventLog;
>
> + UINT32 EventLogSize;
>
> + EFI_STATUS Status;
>
> +
>
> + FvName = TpmMeasurementGetFvName (FirmwareBlobBase,
> FirmwareBlobLength);
>
> +
>
> + if (((Description != NULL) || (FvName != NULL)) &&
>
> + (PcdGet32(PcdTcgPfpMeasurementRevision) >=
> TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
>
> + ZeroMem (&FvBlob2, sizeof(FvBlob2));
>
> + if (Description != NULL) {
>
> + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
> sizeof(FvBlob2.BlobDescription), "%a", Description);
>
> + } else {
>
> + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
> sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
>
> + }
>
> +
>
> + FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
>
> + FvBlob2.BlobBase = FirmwareBlobBase;
>
> + FvBlob2.BlobLength = FirmwareBlobLength;
>
> +
>
> + EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
>
> + EventLog = &FvBlob2;
>
> + EventLogSize = sizeof(FvBlob2);
>
> + } else {
>
> + FvBlob.BlobBase = FirmwareBlobBase;
>
> + FvBlob.BlobLength = FirmwareBlobLength;
>
> +
>
> + EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
>
> + EventLog = &FvBlob;
>
> + EventLogSize = sizeof(FvBlob);
>
> + }
>
> +
>
> + Status = TpmMeasureAndLogData (
>
> + PcrIndex,
>
> + EventType,
>
> + EventLog,
>
> + EventLogSize,
>
> + (VOID*)(UINTN)FirmwareBlobBase,
>
> + FirmwareBlobLength
>
> + );
>
> +
>
> + return Status;
>
> +}
>
> +
>
> +/**
>
> + Mesure a FirmwareBlob in separation mode of FV binary and configuration.
>
> +
>
> + @param[in] Descrption Description for this FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
>
> + @param[in] CfgRegionOffset Configuration region offset in bytes.
>
> + @param[in] CfgRegionSize Configuration region in bytes.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFirmwareBlobWithCfg (
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength,
>
> + IN UINT32 CfgRegionOffset,
>
> + IN UINT32 CfgRegionSize
>
> + )
>
> +{
>
> + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UPDBlob;
>
> + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UPDBlob2;
>
> + VOID *FvName;
>
> + UINT32 FvEventType;
>
> + VOID *FvEventLog, *UPDEventLog;
>
> + UINT32 FvEventLogSize, UPDEventLogSize;
>
> + EFI_STATUS Status;
>
> + HASH_HANDLE HashHandle;
>
> + UINT8 *HashBase;
>
> + UINTN HashSize;
>
> + TPML_DIGEST_VALUES DigestList;
>
> +
>
> + FvName = TpmMeasurementGetFvName (FirmwareBlobBase,
> FirmwareBlobLength);
>
> +
>
> + if (((Description != NULL) || (FvName != NULL)) &&
>
> + (PcdGet32(PcdTcgPfpMeasurementRevision) >=
> TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
>
> + ZeroMem (&FvBlob2, sizeof(FvBlob2));
>
> + ZeroMem (&UPDBlob2, sizeof(UPDBlob2));
>
> + if (Description != NULL) {
>
> + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
> sizeof(FvBlob2.BlobDescription), "%a", Description);
>
> + AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription,
> sizeof(UPDBlob2.BlobDescription), "%aUDP", Description);
>
> + } else {
>
> + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
> sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
>
> + AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription,
> sizeof(UPDBlob2.BlobDescription), "(%g)UDP", FvName);
>
> + }
>
> +
>
> + FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
>
> + FvBlob2.BlobBase = FirmwareBlobBase;
>
> + FvBlob2.BlobLength = FirmwareBlobLength;
>
> + FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
>
> + FvEventLog = &FvBlob2;
>
> + FvEventLogSize = sizeof(FvBlob2);
>
> +
>
> + UPDBlob2.BlobDescriptionSize = sizeof(UPDBlob2.BlobDescription);
>
> + UPDBlob2.BlobBase = CfgRegionOffset;
>
> + UPDBlob2.BlobLength = CfgRegionSize;
>
> + UPDEventLog = &UPDBlob2;
>
> + UPDEventLogSize = sizeof(UPDBlob2);
>
> + } else {
>
> + FvBlob.BlobBase = FirmwareBlobBase;
>
> + FvBlob.BlobLength = FirmwareBlobLength;
>
> + FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
>
> + FvEventLog = &FvBlob;
>
> + FvEventLogSize = sizeof(FvBlob);
>
> +
>
> + UPDBlob.BlobBase = CfgRegionOffset;
>
> + UPDBlob.BlobLength = CfgRegionSize;
>
> + UPDEventLog = &UPDBlob;
>
> + UPDEventLogSize = sizeof(UPDBlob);
>
> + }
>
> +
>
> + // Initialize a SHA hash context.
>
> + Status = HashStart (&HashHandle);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));
>
> + return Status;
>
> + }
>
> +
>
> + // Hash FSP binary before UDP
>
> + HashBase = (UINT8 *) (UINTN) FirmwareBlobBase;
>
> + HashSize = (UINTN) CfgRegionOffset;
>
> + Status = HashUpdate (HashHandle, HashBase, HashSize);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
>
> + return Status;
>
> + }
>
> +
>
> + // Hash FSP binary after UDP
>
> + HashBase = (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset +
> CfgRegionSize;
>
> + HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSize);
>
> + Status = HashUpdate (HashHandle, HashBase, HashSize);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
>
> + return Status;
>
> + }
>
> +
>
> + // Finalize the SHA hash.
>
> + Status = HashFinal(HashHandle, &DigestList);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashFinal failed - %r\n", Status));
>
> + return Status;
>
> + }
>
> +
>
> + Status = TpmMeasureAndLogDataWithFlags (
>
> + 0,
>
> + FvEventType,
>
> + FvEventLog,
>
> + FvEventLogSize,
>
> + (UINT8 *) &DigestList,
>
> + (UINTN) sizeof(DigestList),
>
> + EDKII_TCG_PRE_HASH
>
> + );
>
> + DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogDataWithFlags - %r\n",
> Status));
>
> +
>
> + Status = TpmMeasureAndLogData (
>
> + 1,
>
> + EV_PLATFORM_CONFIG_FLAGS,
>
> + UPDEventLog,
>
> + UPDEventLogSize,
>
> + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset,
>
> + CfgRegionSize
>
> + );
>
> + DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogData - %r\n", Status));
>
> +
>
> + return Status;
>
> +}
>
> +/**
>
> + Mesure a HandoffTable.
>
> +
>
> + @param[in] PcrIndex PcrIndex of the measurment.
>
> + @param[in] Descrption Description for this HandoffTable.
>
> + @param[in] TableGuid GUID of this HandoffTable.
>
> + @param[in] TableAddress Base address of this HandoffTable.
>
> + @param[in] TableLength Size in bytes of this HandoffTable.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureHandoffTable (
>
> + IN UINT32 PcrIndex,
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_GUID *TableGuid,
>
> + IN VOID *TableAddress,
>
> + IN UINTN TableLength
>
> + )
>
> +{
>
> + EFI_HANDOFF_TABLE_POINTERS HandoffTables;
>
> + HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2;
>
> + UINT32 EventType;
>
> + VOID *EventLog;
>
> + UINT32 EventLogSize;
>
> + EFI_STATUS Status;
>
> +
>
> + if ((Description != NULL) &&
>
> + (PcdGet32(PcdTcgPfpMeasurementRevision) >=
> TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
>
> + ZeroMem (&HandoffTables2, sizeof(HandoffTables2));
>
> + AsciiSPrint((CHAR8*)HandoffTables2.TableDescription,
> sizeof(HandoffTables2.TableDescription), "%a", Description);
>
> +
>
> + HandoffTables2.TableDescriptionSize =
> sizeof(HandoffTables2.TableDescription);
>
> + HandoffTables2.NumberOfTables = 1;
>
> + CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid);
>
> + HandoffTables2.TableEntry[0].VendorTable = TableAddress;
>
> +
>
> + EventType = EV_EFI_HANDOFF_TABLES2;
>
> + EventLog = &HandoffTables2;
>
> + EventLogSize = sizeof(HandoffTables2);
>
> + } else {
>
> + HandoffTables.NumberOfTables = 1;
>
> + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid);
>
> + HandoffTables.TableEntry[0].VendorTable = TableAddress;
>
> +
>
> + EventType = EV_EFI_HANDOFF_TABLES;
>
> + EventLog = &HandoffTables;
>
> + EventLogSize = sizeof(HandoffTables);
>
> + }
>
> +
>
> + Status = TpmMeasureAndLogData (
>
> + PcrIndex,
>
> + EventType,
>
> + EventLog,
>
> + EventLogSize,
>
> + TableAddress,
>
> + TableLength
>
> + );
>
> + return Status;
>
> +}
>
> diff --git
> a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> index 6625d0fd01..6ff32a2bdc 100644
> --- a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> @@ -26,6 +26,7 @@
>
>
> [Sources]
>
> PeiTpmMeasurementLib.c
>
> + EventLogRecord.c
>
>
>
> [Packages]
>
> MdePkg/MdePkg.dec
>
> @@ -41,10 +42,14 @@
> PrintLib
>
> PeiServicesLib
>
> PeiServicesTablePointerLib
>
> + HashLib
>
>
>
> [Ppis]
>
> gEdkiiTcgPpiGuid ## CONSUMES
>
>
>
> +[Pcd]
>
> + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ##
> CONSUMES
>
> +
>
> [Depex]
>
> gEfiPeiMasterBootModePpiGuid AND
>
> gEfiTpmDeviceSelectedGuid
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH 5/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
2020-07-31 8:54 [PATCH 0/9] Need add a FSP binary measurement Qi Zhang
` (3 preceding siblings ...)
2020-07-31 8:54 ` [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: " Qi Zhang
@ 2020-07-31 8:54 ` Qi Zhang
2020-08-02 8:39 ` Yao, Jiewen
2020-07-31 8:54 ` [PATCH 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
` (3 subsequent siblings)
8 siblings, 1 reply; 16+ messages in thread
From: Qi Zhang @ 2020-07-31 8:54 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../Include/Library/FspMeasurementLib.h | 65 +++++++++++++++++++
1 file changed, 65 insertions(+)
create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
new file mode 100644
index 0000000000..ca02ecdf1f
--- /dev/null
+++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
@@ -0,0 +1,65 @@
+/** @file
+ This library is used by FSP modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _FSP_MEASUREMENT_LIB_H_
+#define _FSP_MEASUREMENT_LIB_H_
+
+#define FSP_MEASURE_FSP BIT0
+#define FSP_MEASURE_FSPT BIT1
+#define FSP_MEASURE_FSPM BIT2
+#define FSP_MEASURE_FSPS BIT3
+#define FSP_MEASURE_FSPUPD BIT31
+
+/**
+ Mesure a FSP FirmwareBlob.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] Descrption Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFspFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ );
+
+/**
+ Mesure a FSP FirmwareBlob.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] Descrption Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+ @param[in] CfgRegionOffset Configuration region offset in bytes.
+ @param[in] CfgRegionSize Configuration region in bytes.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFspFirmwareBlobWithCfg (
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength,
+ IN UINT32 CfgRegionOffset,
+ IN UINT32 CfgRegionSize
+ );
+
+#endif
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* Re: [PATCH 5/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
2020-07-31 8:54 ` [PATCH 5/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file Qi Zhang
@ 2020-08-02 8:39 ` Yao, Jiewen
0 siblings, 0 replies; 16+ messages in thread
From: Yao, Jiewen @ 2020-08-02 8:39 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Chiu, Chasel, Desimone, Nathaniel L, Zeng, Star
Hi Qi
We should hide MeasureFspFirmwareBlobWithCfg() as an internal function.
The MeasureFspFirmwareBlob() should decide hash FV with or without CFG based upon PCD.
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 31, 2020 4:55 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chiu, Chasel <chasel.chiu@intel.com>;
> Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Zeng, Star
> <star.zeng@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH 5/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../Include/Library/FspMeasurementLib.h | 65 +++++++++++++++++++
> 1 file changed, 65 insertions(+)
> create mode 100644
> IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
>
> diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
> b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
> new file mode 100644
> index 0000000000..ca02ecdf1f
> --- /dev/null
> +++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
> @@ -0,0 +1,65 @@
> +/** @file
>
> + This library is used by FSP modules to measure data to TPM.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _FSP_MEASUREMENT_LIB_H_
>
> +#define _FSP_MEASUREMENT_LIB_H_
>
> +
>
> +#define FSP_MEASURE_FSP BIT0
>
> +#define FSP_MEASURE_FSPT BIT1
>
> +#define FSP_MEASURE_FSPM BIT2
>
> +#define FSP_MEASURE_FSPS BIT3
>
> +#define FSP_MEASURE_FSPUPD BIT31
>
> +
>
> +/**
>
> + Mesure a FSP FirmwareBlob.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] Descrption Description for this FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFspFirmwareBlob (
>
> + IN UINT32 PcrIndex,
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength
>
> + );
>
> +
>
> +/**
>
> + Mesure a FSP FirmwareBlob.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] Descrption Description for this FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
>
> + @param[in] CfgRegionOffset Configuration region offset in bytes.
>
> + @param[in] CfgRegionSize Configuration region in bytes.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFspFirmwareBlobWithCfg (
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength,
>
> + IN UINT32 CfgRegionOffset,
>
> + IN UINT32 CfgRegionSize
>
> + );
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
2020-07-31 8:54 [PATCH 0/9] Need add a FSP binary measurement Qi Zhang
` (4 preceding siblings ...)
2020-07-31 8:54 ` [PATCH 5/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file Qi Zhang
@ 2020-07-31 8:54 ` Qi Zhang
2020-08-02 8:45 ` Yao, Jiewen
2020-07-31 8:54 ` [PATCH 7/9] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
` (2 subsequent siblings)
8 siblings, 1 reply; 16+ messages in thread
From: Qi Zhang @ 2020-07-31 8:54 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../BaseFspMeasurementLib.inf | 37 ++++++++++
.../BaseFspMeasurementLib/FspMeasurementLib.c | 70 +++++++++++++++++++
2 files changed, 107 insertions(+)
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
new file mode 100644
index 0000000000..2539164e40
--- /dev/null
+++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
@@ -0,0 +1,37 @@
+## @file
+# Provides FSP measurement functions.
+#
+# This library provides MeasureFspFirmwareBlob() to measure FSP binary.
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = FspMeasurementLib
+ FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = FspMeasurementLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ FspMeasurementLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ TpmMeasurementLib
diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
new file mode 100644
index 0000000000..8a33fe97c0
--- /dev/null
+++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
@@ -0,0 +1,70 @@
+/** @file
+ This library is used by FSP modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/TpmMeasurementLib.h>
+#include <Library/FspMeasurementLib.h>
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+/**
+ Mesure a FSP FirmwareBlob.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] Descrption Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFspFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ )
+{
+ return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, FirmwareBlobLength);
+}
+
+/**
+ Mesure a FSP FirmwareBlob.
+
+ @param[in] Descrption Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+ @param[in] CfgRegionOffset Configuration region offset in bytes.
+ @param[in] CfgRegionSize Configuration region in bytes.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFspFirmwareBlobWithCfg (
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength,
+ IN UINT32 CfgRegionOffset,
+ IN UINT32 CfgRegionSize
+ )
+{
+ return MeasureFirmwareBlobWithCfg (Description, FirmwareBlobBase, FirmwareBlobLength, CfgRegionOffset, CfgRegionSize);
+
+}
+
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* Re: [PATCH 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
2020-07-31 8:54 ` [PATCH 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
@ 2020-08-02 8:45 ` Yao, Jiewen
0 siblings, 0 replies; 16+ messages in thread
From: Yao, Jiewen @ 2020-08-02 8:45 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Chiu, Chasel, Desimone, Nathaniel L, Zeng, Star
Please implement MeasureFspFirmwareBlobWithCfg() directly here.
MeasureFspFirmwareBlobWithCfg () should be an internal function.
MeasureFspFirmwareBlob() may call MeasureFspFirmwareBlobWithCfg() based upon PCD.
MeasureFirmwareBlobWithCfg() should not be used because it should not exist.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 31, 2020 4:55 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chiu, Chasel <chasel.chiu@intel.com>;
> Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Zeng, Star
> <star.zeng@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add
> BaseFspMeasurementLib.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../BaseFspMeasurementLib.inf | 37 ++++++++++
> .../BaseFspMeasurementLib/FspMeasurementLib.c | 70 +++++++++++++++++++
> 2 files changed, 107 insertions(+)
> create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLi
> b.inf
> create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
>
> diff --git
> a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurement
> Lib.inf
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurement
> Lib.inf
> new file mode 100644
> index 0000000000..2539164e40
> --- /dev/null
> +++
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurement
> Lib.inf
> @@ -0,0 +1,37 @@
> +## @file
>
> +# Provides FSP measurement functions.
>
> +#
>
> +# This library provides MeasureFspFirmwareBlob() to measure FSP binary.
>
> +#
>
> +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +#
>
> +##
>
> +
>
> +[Defines]
>
> + INF_VERSION = 0x00010005
>
> + BASE_NAME = FspMeasurementLib
>
> + FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
>
> + MODULE_TYPE = BASE
>
> + VERSION_STRING = 1.0
>
> + LIBRARY_CLASS = FspMeasurementLib
>
> +
>
> +#
>
> +# The following information is for reference only and not required by the build
> tools.
>
> +#
>
> +# VALID_ARCHITECTURES = IA32 X64
>
> +#
>
> +
>
> +[Sources]
>
> + FspMeasurementLib.c
>
> +
>
> +[Packages]
>
> + MdePkg/MdePkg.dec
>
> + MdeModulePkg/MdeModulePkg.dec
>
> + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
>
> +
>
> +[LibraryClasses]
>
> + BaseLib
>
> + BaseMemoryLib
>
> + DebugLib
>
> + TpmMeasurementLib
>
> diff --git
> a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
> new file mode 100644
> index 0000000000..8a33fe97c0
> --- /dev/null
> +++
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
> @@ -0,0 +1,70 @@
> +/** @file
>
> + This library is used by FSP modules to measure data to TPM.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#include <Uefi.h>
>
> +
>
> +#include <Library/BaseMemoryLib.h>
>
> +#include <Library/DebugLib.h>
>
> +#include <Library/TpmMeasurementLib.h>
>
> +#include <Library/FspMeasurementLib.h>
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +/**
>
> + Mesure a FSP FirmwareBlob.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] Descrption Description for this FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFspFirmwareBlob (
>
> + IN UINT32 PcrIndex,
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength
>
> + )
>
> +{
>
> + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase,
> FirmwareBlobLength);
>
> +}
>
> +
>
> +/**
>
> + Mesure a FSP FirmwareBlob.
>
> +
>
> + @param[in] Descrption Description for this FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
>
> + @param[in] CfgRegionOffset Configuration region offset in bytes.
>
> + @param[in] CfgRegionSize Configuration region in bytes.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFspFirmwareBlobWithCfg (
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength,
>
> + IN UINT32 CfgRegionOffset,
>
> + IN UINT32 CfgRegionSize
>
> + )
>
> +{
>
> + return MeasureFirmwareBlobWithCfg (Description, FirmwareBlobBase,
> FirmwareBlobLength, CfgRegionOffset, CfgRegionSize);
>
> +
>
> +}
>
> +
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH 7/9] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
2020-07-31 8:54 [PATCH 0/9] Need add a FSP binary measurement Qi Zhang
` (5 preceding siblings ...)
2020-07-31 8:54 ` [PATCH 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
@ 2020-07-31 8:54 ` Qi Zhang
2020-08-02 8:46 ` Yao, Jiewen
2020-07-31 8:54 ` [PATCH 8/9] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig Qi Zhang
2020-07-31 8:54 ` [PATCH 9/9] SecurityPkg/HashLib: add API HashFinal Qi Zhang
8 siblings, 1 reply; 16+ messages in thread
From: Qi Zhang @ 2020-07-31 8:54 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../FspmWrapperPeim/FspmWrapperPeim.c | 115 +++++++++++++++++-
.../FspmWrapperPeim/FspmWrapperPeim.inf | 20 ++-
.../FspsWrapperPeim/FspsWrapperPeim.c | 96 ++++++++++++++-
.../FspsWrapperPeim/FspsWrapperPeim.inf | 27 ++--
4 files changed, 239 insertions(+), 19 deletions(-)
diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
index 265b77ed60..1533971d7f 100644
--- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
+++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
@@ -3,7 +3,7 @@
register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
notify to call FspSiliconInit API.
- Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -25,11 +25,14 @@
#include <Library/FspWrapperPlatformLib.h>
#include <Library/FspWrapperHobProcessLib.h>
#include <Library/FspWrapperApiLib.h>
+#include <Library/FspMeasurementLib.h>
#include <Ppi/FspSiliconInitDone.h>
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/MemoryDiscovered.h>
#include <Ppi/SecPlatformInformation.h>
+#include <Ppi/Tcg.h>
+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
#include <Library/FspWrapperApiTestLib.h>
#include <FspEas.h>
#include <FspStatusCode.h>
@@ -147,7 +150,21 @@ FspmWrapperInit (
VOID
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi;
+ EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList;
+
+ MeasurementExcludedFvPpi = AllocatePool (sizeof(*MeasurementExcludedFvPpi));
+ ASSERT(MeasurementExcludedFvPpi != NULL);
+ MeasurementExcludedFvPpi->Count = 1;
+ MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspmBaseAddress);
+ MeasurementExcludedFvPpi->Fv[0].FvLength = ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength;
+
+ MeasurementExcludedPpiList = AllocatePool (sizeof(*MeasurementExcludedPpiList));
+ ASSERT(MeasurementExcludedPpiList != NULL);
+ MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
+ MeasurementExcludedPpiList->Guid = &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
+ MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
Status = EFI_SUCCESS;
@@ -155,6 +172,9 @@ FspmWrapperInit (
Status = PeiFspMemoryInit ();
ASSERT_EFI_ERROR (Status);
} else {
+ Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
+ ASSERT_EFI_ERROR (Status);
+
PeiServicesInstallFvInfoPpi (
NULL,
(VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress),
@@ -167,6 +187,92 @@ FspmWrapperInit (
return Status;
}
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ );
+
+EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEdkiiTcgPpiGuid,
+ TcgPpiNotify
+};
+
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ )
+{
+ UINT32 FspMeasureMask;
+ FSP_INFO_HEADER *FspHeaderPtr;
+
+ DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n"));
+
+ FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
+ if (FspMeasureMask & FSP_MEASURE_FSP) {
+ if (FspMeasureMask & FSP_MEASURE_FSPT) {
+ if(FspMeasureMask & FSP_MEASURE_FSPUPD) {
+ FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32 (PcdFsptBaseAddress));
+ if (FspHeaderPtr == NULL) {
+ return EFI_DEVICE_ERROR;
+ }
+ DEBUG ((DEBUG_INFO, "FSPT: CfgRegionOffset 0x%x, CfgRegionSize 0x%x\n", FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize));
+ DEBUG ((DEBUG_INFO, "FSPT: PcdFsptBaseAddress 0x%x, ImageBase 0x%x\n", PcdGet32(PcdFsptBaseAddress), FspHeaderPtr->ImageBase));
+ MeasureFspFirmwareBlobWithCfg ("FSPT", PcdGet32(PcdFsptBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFsptBaseAddress))->FvLength,
+ FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize);
+ } else {
+ DEBUG ((DEBUG_ERROR, "\n QIZ: Measure FSPT\n"));
+ MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFsptBaseAddress))->FvLength);
+ }
+ }
+ if (FspMeasureMask & FSP_MEASURE_FSPM) {
+ if(FspMeasureMask & FSP_MEASURE_FSPUPD) {
+ FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32 (PcdFspmBaseAddress));
+ if (FspHeaderPtr == NULL) {
+ return EFI_DEVICE_ERROR;
+ }
+ MeasureFspFirmwareBlobWithCfg ("FSPM", PcdGet32(PcdFspmBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength,
+ FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize);
+ }
+ else {
+ MeasureFspFirmwareBlob (0, "FSPM", PcdGet32(PcdFspmBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength);
+ }
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
This is the entrypoint of PEIM
@@ -182,8 +288,13 @@ FspmWrapperPeimEntryPoint (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
+ EFI_STATUS Status;
+
DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n"));
+ Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
+ ASSERT_EFI_ERROR (Status);
+
FspmWrapperInit ();
return EFI_SUCCESS;
diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
index dce7ef3d0b..c3578397b6 100644
--- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
@@ -6,7 +6,7 @@
# register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
# notify to call FspSiliconInit API.
#
-# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -44,17 +44,22 @@
TimerLib
FspWrapperApiLib
FspWrapperApiTestLib
+ FspMeasurementLib
[Packages]
MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
UefiCpuPkg/UefiCpuPkg.dec
+ SecurityPkg/SecurityPkg.dec
IntelFsp2Pkg/IntelFsp2Pkg.dec
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
[Pcd]
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES
[Sources]
FspmWrapperPeim.c
@@ -63,5 +68,10 @@
gFspHobGuid ## PRODUCES ## HOB
gFspApiPerformanceGuid ## SOMETIMES_CONSUMES ## GUID
+[Ppis]
+ gEdkiiTcgPpiGuid ## NOTIFY
+ gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES
+
[Depex]
- gEfiPeiMasterBootModePpiGuid
+ gEfiPeiMasterBootModePpiGuid AND
+ gPeiTpmInitializationDonePpiGuid
diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
index b20f0805a0..688c82a6c8 100644
--- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
+++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
@@ -3,7 +3,7 @@
register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
notify to call FspSiliconInit API.
- Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -24,12 +24,15 @@
#include <Library/TimerLib.h>
#include <Library/PerformanceLib.h>
#include <Library/FspWrapperApiLib.h>
+#include <Library/FspMeasurementLib.h>
#include <Ppi/FspSiliconInitDone.h>
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/MemoryDiscovered.h>
#include <Ppi/TemporaryRamDone.h>
#include <Ppi/SecPlatformInformation.h>
+#include <Ppi/Tcg.h>
+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
#include <Library/FspWrapperApiTestLib.h>
#include <FspEas.h>
#include <FspStatusCode.h>
@@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode (
VOID
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi;
+ EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList;
+
+ MeasurementExcludedFvPpi = AllocatePool (sizeof(*MeasurementExcludedFvPpi));
+ ASSERT(MeasurementExcludedFvPpi != NULL);
+ MeasurementExcludedFvPpi->Count = 1;
+ MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspsBaseAddress);
+ MeasurementExcludedFvPpi->Fv[0].FvLength = ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength;
+
+ MeasurementExcludedPpiList = AllocatePool (sizeof(*MeasurementExcludedPpiList));
+ ASSERT(MeasurementExcludedPpiList != NULL);
+ MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
+ MeasurementExcludedPpiList->Guid = &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
+ MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
+
+ Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
+ ASSERT_EFI_ERROR (Status);
+
//
// FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI dispatcher.
//
@@ -398,6 +419,72 @@ FspsWrapperInitDispatchMode (
return Status;
}
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ );
+
+EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEdkiiTcgPpiGuid,
+ TcgPpiNotify
+};
+
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ )
+{
+ UINT32 FspMeasureMask;
+ FSP_INFO_HEADER *FspHeaderPtr;
+
+ DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n"));
+
+ FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
+ if ((FspMeasureMask & FSP_MEASURE_FSP) && (FspMeasureMask & FSP_MEASURE_FSPS)) {
+ if(FspMeasureMask & FSP_MEASURE_FSPUPD) {
+ FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32 (PcdFspsBaseAddress));
+ if (FspHeaderPtr == NULL) {
+ return EFI_DEVICE_ERROR;
+ }
+ MeasureFspFirmwareBlobWithCfg ("FSPS", PcdGet32(PcdFspsBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength,
+ FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize);
+ } else {
+ MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength);
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
This is the entrypoint of PEIM.
@@ -413,8 +500,13 @@ FspsWrapperPeimEntryPoint (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
+ EFI_STATUS Status;
+
DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n"));
+ Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
+ ASSERT_EFI_ERROR (Status);
+
if (PcdGet8 (PcdFspModeSelection) == 1) {
FspsWrapperInitApiMode ();
} else {
diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
index 7da92991c8..884514747f 100644
--- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
@@ -6,7 +6,7 @@
# register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
# notify to call FspSiliconInit API.
#
-# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -44,24 +44,30 @@
PerformanceLib
FspWrapperApiLib
FspWrapperApiTestLib
+ FspMeasurementLib
[Packages]
MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
UefiCpuPkg/UefiCpuPkg.dec
+ SecurityPkg/SecurityPkg.dec
IntelFsp2Pkg/IntelFsp2Pkg.dec
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
[Ppis]
- gTopOfTemporaryRamPpiGuid ## PRODUCES
- gFspSiliconInitDonePpiGuid ## PRODUCES
- gEfiEndOfPeiSignalPpiGuid ## PRODUCES
- gEfiTemporaryRamDonePpiGuid ## PRODUCES
- gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY
+ gTopOfTemporaryRamPpiGuid ## PRODUCES
+ gFspSiliconInitDonePpiGuid ## PRODUCES
+ gEfiEndOfPeiSignalPpiGuid ## PRODUCES
+ gEfiTemporaryRamDonePpiGuid ## PRODUCES
+ gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY
+ gEdkiiTcgPpiGuid ## NOTIFY
+ gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES
[Pcd]
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES
[Guids]
gFspHobGuid ## CONSUMES ## HOB
@@ -71,4 +77,5 @@
FspsWrapperPeim.c
[Depex]
- gEfiPeiMemoryDiscoveredPpiGuid
+ gEfiPeiMemoryDiscoveredPpiGuid AND
+ gPeiTpmInitializationDonePpiGuid
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* Re: [PATCH 7/9] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
2020-07-31 8:54 ` [PATCH 7/9] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
@ 2020-08-02 8:46 ` Yao, Jiewen
0 siblings, 0 replies; 16+ messages in thread
From: Yao, Jiewen @ 2020-08-02 8:46 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Chiu, Chasel, Desimone, Nathaniel L, Zeng, Star
Please remove FSP_MEASURE_FSPUPD check here.
It should be checked in FspMeasurementLib.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 31, 2020 4:55 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chiu, Chasel <chasel.chiu@intel.com>;
> Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Zeng, Star
> <star.zeng@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH 7/9] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin
> measurement.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../FspmWrapperPeim/FspmWrapperPeim.c | 115 +++++++++++++++++-
> .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 ++-
> .../FspsWrapperPeim/FspsWrapperPeim.c | 96 ++++++++++++++-
> .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 ++--
> 4 files changed, 239 insertions(+), 19 deletions(-)
>
> diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> index 265b77ed60..1533971d7f 100644
> --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> @@ -3,7 +3,7 @@
> register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> notify to call FspSiliconInit API.
>
>
>
> - Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -25,11 +25,14 @@
> #include <Library/FspWrapperPlatformLib.h>
>
> #include <Library/FspWrapperHobProcessLib.h>
>
> #include <Library/FspWrapperApiLib.h>
>
> +#include <Library/FspMeasurementLib.h>
>
>
>
> #include <Ppi/FspSiliconInitDone.h>
>
> #include <Ppi/EndOfPeiPhase.h>
>
> #include <Ppi/MemoryDiscovered.h>
>
> #include <Ppi/SecPlatformInformation.h>
>
> +#include <Ppi/Tcg.h>
>
> +#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
>
> #include <Library/FspWrapperApiTestLib.h>
>
> #include <FspEas.h>
>
> #include <FspStatusCode.h>
>
> @@ -147,7 +150,21 @@ FspmWrapperInit (
> VOID
>
> )
>
> {
>
> - EFI_STATUS Status;
>
> + EFI_STATUS Status;
>
> + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI
> *MeasurementExcludedFvPpi;
>
> + EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList;
>
> +
>
> + MeasurementExcludedFvPpi = AllocatePool
> (sizeof(*MeasurementExcludedFvPpi));
>
> + ASSERT(MeasurementExcludedFvPpi != NULL);
>
> + MeasurementExcludedFvPpi->Count = 1;
>
> + MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspmBaseAddress);
>
> + MeasurementExcludedFvPpi->Fv[0].FvLength =
> ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFspmBaseAddress))->FvLength;
>
> +
>
> + MeasurementExcludedPpiList = AllocatePool
> (sizeof(*MeasurementExcludedPpiList));
>
> + ASSERT(MeasurementExcludedPpiList != NULL);
>
> + MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
>
> + MeasurementExcludedPpiList->Guid =
> &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
>
> + MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
>
>
>
> Status = EFI_SUCCESS;
>
>
>
> @@ -155,6 +172,9 @@ FspmWrapperInit (
> Status = PeiFspMemoryInit ();
>
> ASSERT_EFI_ERROR (Status);
>
> } else {
>
> + Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> PeiServicesInstallFvInfoPpi (
>
> NULL,
>
> (VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress),
>
> @@ -167,6 +187,92 @@ FspmWrapperInit (
> return Status;
>
> }
>
>
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the Notification event
> that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + );
>
> +
>
> +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
>
> + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
>
> + &gEdkiiTcgPpiGuid,
>
> + TcgPpiNotify
>
> +};
>
> +
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the Notification event
> that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + )
>
> +{
>
> + UINT32 FspMeasureMask;
>
> + FSP_INFO_HEADER *FspHeaderPtr;
>
> +
>
> + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n"));
>
> +
>
> + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
>
> + if (FspMeasureMask & FSP_MEASURE_FSP) {
>
> + if (FspMeasureMask & FSP_MEASURE_FSPT) {
>
> + if(FspMeasureMask & FSP_MEASURE_FSPUPD) {
>
> + FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32
> (PcdFsptBaseAddress));
>
> + if (FspHeaderPtr == NULL) {
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + DEBUG ((DEBUG_INFO, "FSPT: CfgRegionOffset 0x%x, CfgRegionSize
> 0x%x\n", FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize));
>
> + DEBUG ((DEBUG_INFO, "FSPT: PcdFsptBaseAddress 0x%x, ImageBase
> 0x%x\n", PcdGet32(PcdFsptBaseAddress), FspHeaderPtr->ImageBase));
>
> + MeasureFspFirmwareBlobWithCfg ("FSPT", PcdGet32(PcdFsptBaseAddress),
>
> + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
> PcdGet32 (PcdFsptBaseAddress))->FvLength,
>
> + FspHeaderPtr->CfgRegionOffset, FspHeaderPtr-
> >CfgRegionSize);
>
> + } else {
>
> + DEBUG ((DEBUG_ERROR, "\n QIZ: Measure FSPT\n"));
>
> + MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress),
>
> + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
> PcdGet32 (PcdFsptBaseAddress))->FvLength);
>
> + }
>
> + }
>
> + if (FspMeasureMask & FSP_MEASURE_FSPM) {
>
> + if(FspMeasureMask & FSP_MEASURE_FSPUPD) {
>
> + FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32
> (PcdFspmBaseAddress));
>
> + if (FspHeaderPtr == NULL) {
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + MeasureFspFirmwareBlobWithCfg ("FSPM",
> PcdGet32(PcdFspmBaseAddress),
>
> + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
> PcdGet32 (PcdFspmBaseAddress))->FvLength,
>
> + FspHeaderPtr->CfgRegionOffset, FspHeaderPtr-
> >CfgRegionSize);
>
> + }
>
> + else {
>
> + MeasureFspFirmwareBlob (0, "FSPM", PcdGet32(PcdFspmBaseAddress),
>
> + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
> PcdGet32 (PcdFspmBaseAddress))->FvLength);
>
> + }
>
> + }
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> /**
>
> This is the entrypoint of PEIM
>
>
>
> @@ -182,8 +288,13 @@ FspmWrapperPeimEntryPoint (
> IN CONST EFI_PEI_SERVICES **PeiServices
>
> )
>
> {
>
> + EFI_STATUS Status;
>
> +
>
> DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n"));
>
>
>
> + Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> FspmWrapperInit ();
>
>
>
> return EFI_SUCCESS;
>
> diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> index dce7ef3d0b..c3578397b6 100644
> --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> @@ -6,7 +6,7 @@
> # register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> # notify to call FspSiliconInit API.
>
> #
>
> -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> #
>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #
>
> @@ -44,17 +44,22 @@
> TimerLib
>
> FspWrapperApiLib
>
> FspWrapperApiTestLib
>
> + FspMeasurementLib
>
>
>
> [Packages]
>
> MdePkg/MdePkg.dec
>
> + MdeModulePkg/MdeModulePkg.dec
>
> UefiCpuPkg/UefiCpuPkg.dec
>
> + SecurityPkg/SecurityPkg.dec
>
> IntelFsp2Pkg/IntelFsp2Pkg.dec
>
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
>
>
>
> [Pcd]
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ## CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ##
> CONSUMES
>
>
>
> [Sources]
>
> FspmWrapperPeim.c
>
> @@ -63,5 +68,10 @@
> gFspHobGuid ## PRODUCES ## HOB
>
> gFspApiPerformanceGuid ## SOMETIMES_CONSUMES ## GUID
>
>
>
> +[Ppis]
>
> + gEdkiiTcgPpiGuid ## NOTIFY
>
> + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES
>
> +
>
> [Depex]
>
> - gEfiPeiMasterBootModePpiGuid
>
> + gEfiPeiMasterBootModePpiGuid AND
>
> + gPeiTpmInitializationDonePpiGuid
>
> diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> index b20f0805a0..688c82a6c8 100644
> --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> @@ -3,7 +3,7 @@
> register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> notify to call FspSiliconInit API.
>
>
>
> - Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -24,12 +24,15 @@
> #include <Library/TimerLib.h>
>
> #include <Library/PerformanceLib.h>
>
> #include <Library/FspWrapperApiLib.h>
>
> +#include <Library/FspMeasurementLib.h>
>
>
>
> #include <Ppi/FspSiliconInitDone.h>
>
> #include <Ppi/EndOfPeiPhase.h>
>
> #include <Ppi/MemoryDiscovered.h>
>
> #include <Ppi/TemporaryRamDone.h>
>
> #include <Ppi/SecPlatformInformation.h>
>
> +#include <Ppi/Tcg.h>
>
> +#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
>
> #include <Library/FspWrapperApiTestLib.h>
>
> #include <FspEas.h>
>
> #include <FspStatusCode.h>
>
> @@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode (
> VOID
>
> )
>
> {
>
> - EFI_STATUS Status;
>
> + EFI_STATUS Status;
>
> + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI
> *MeasurementExcludedFvPpi;
>
> + EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList;
>
> +
>
> + MeasurementExcludedFvPpi = AllocatePool
> (sizeof(*MeasurementExcludedFvPpi));
>
> + ASSERT(MeasurementExcludedFvPpi != NULL);
>
> + MeasurementExcludedFvPpi->Count = 1;
>
> + MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspsBaseAddress);
>
> + MeasurementExcludedFvPpi->Fv[0].FvLength =
> ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFspsBaseAddress))->FvLength;
>
> +
>
> + MeasurementExcludedPpiList = AllocatePool
> (sizeof(*MeasurementExcludedPpiList));
>
> + ASSERT(MeasurementExcludedPpiList != NULL);
>
> + MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
>
> + MeasurementExcludedPpiList->Guid =
> &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
>
> + MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
>
> +
>
> + Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> //
>
> // FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI
> dispatcher.
>
> //
>
> @@ -398,6 +419,72 @@ FspsWrapperInitDispatchMode (
> return Status;
>
> }
>
>
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the Notification event
> that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + );
>
> +
>
> +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
>
> + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
>
> + &gEdkiiTcgPpiGuid,
>
> + TcgPpiNotify
>
> +};
>
> +
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the Notification event
> that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + )
>
> +{
>
> + UINT32 FspMeasureMask;
>
> + FSP_INFO_HEADER *FspHeaderPtr;
>
> +
>
> + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n"));
>
> +
>
> + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
>
> + if ((FspMeasureMask & FSP_MEASURE_FSP) && (FspMeasureMask &
> FSP_MEASURE_FSPS)) {
>
> + if(FspMeasureMask & FSP_MEASURE_FSPUPD) {
>
> + FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (PcdGet32
> (PcdFspsBaseAddress));
>
> + if (FspHeaderPtr == NULL) {
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + MeasureFspFirmwareBlobWithCfg ("FSPS", PcdGet32(PcdFspsBaseAddress),
>
> + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
> PcdGet32 (PcdFspsBaseAddress))->FvLength,
>
> + FspHeaderPtr->CfgRegionOffset, FspHeaderPtr-
> >CfgRegionSize);
>
> + } else {
>
> + MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress),
>
> + (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN)
> PcdGet32 (PcdFspsBaseAddress))->FvLength);
>
> + }
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> /**
>
> This is the entrypoint of PEIM.
>
>
>
> @@ -413,8 +500,13 @@ FspsWrapperPeimEntryPoint (
> IN CONST EFI_PEI_SERVICES **PeiServices
>
> )
>
> {
>
> + EFI_STATUS Status;
>
> +
>
> DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n"));
>
>
>
> + Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> if (PcdGet8 (PcdFspModeSelection) == 1) {
>
> FspsWrapperInitApiMode ();
>
> } else {
>
> diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> index 7da92991c8..884514747f 100644
> --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> @@ -6,7 +6,7 @@
> # register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> # notify to call FspSiliconInit API.
>
> #
>
> -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> #
>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #
>
> @@ -44,24 +44,30 @@
> PerformanceLib
>
> FspWrapperApiLib
>
> FspWrapperApiTestLib
>
> + FspMeasurementLib
>
>
>
> [Packages]
>
> MdePkg/MdePkg.dec
>
> + MdeModulePkg/MdeModulePkg.dec
>
> UefiCpuPkg/UefiCpuPkg.dec
>
> + SecurityPkg/SecurityPkg.dec
>
> IntelFsp2Pkg/IntelFsp2Pkg.dec
>
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
>
>
>
> [Ppis]
>
> - gTopOfTemporaryRamPpiGuid ## PRODUCES
>
> - gFspSiliconInitDonePpiGuid ## PRODUCES
>
> - gEfiEndOfPeiSignalPpiGuid ## PRODUCES
>
> - gEfiTemporaryRamDonePpiGuid ## PRODUCES
>
> - gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY
>
> + gTopOfTemporaryRamPpiGuid ## PRODUCES
>
> + gFspSiliconInitDonePpiGuid ## PRODUCES
>
> + gEfiEndOfPeiSignalPpiGuid ## PRODUCES
>
> + gEfiTemporaryRamDonePpiGuid ## PRODUCES
>
> + gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY
>
> + gEdkiiTcgPpiGuid ## NOTIFY
>
> + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES
>
>
>
> [Pcd]
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ##
> CONSUMES
>
>
>
> [Guids]
>
> gFspHobGuid ## CONSUMES ## HOB
>
> @@ -71,4 +77,5 @@
> FspsWrapperPeim.c
>
>
>
> [Depex]
>
> - gEfiPeiMemoryDiscoveredPpiGuid
>
> + gEfiPeiMemoryDiscoveredPpiGuid AND
>
> + gPeiTpmInitializationDonePpiGuid
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [PATCH 8/9] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig.
2020-07-31 8:54 [PATCH 0/9] Need add a FSP binary measurement Qi Zhang
` (6 preceding siblings ...)
2020-07-31 8:54 ` [PATCH 7/9] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
@ 2020-07-31 8:54 ` Qi Zhang
2020-07-31 8:54 ` [PATCH 9/9] SecurityPkg/HashLib: add API HashFinal Qi Zhang
8 siblings, 0 replies; 16+ messages in thread
From: Qi Zhang @ 2020-07-31 8:54 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 +++++++++++++++++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 5 ++++-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
index faf2be621c..4bd3250571 100644
--- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
+++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
@@ -92,6 +92,23 @@
#
gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection|0x00000001|UINT8|0x4000000A
+ ## This PCD decides how FSP is measured
+ # 1) The BootGuard ACM may already measured the FSP component, such as FSPT/FSPM.
+ # We need a flag (PCD) to indicate if there is need to do such FSP measurement or NOT.
+ # 2) The FSP binary includes FSP code and FSP UPD region. The UPD region is considered
+ # as configuration block, and it may be updated by OEM by design.
+ # This flag (PCD) is to indicate if we need isolate the the UPD region from the FSP code region.
+ # BIT0: Need measure FSP. (for FSP1.x) - reserved in FSP2.
+ # BIT1: Need measure FSPT. (for FSP 2.x)
+ # BIT2: Need measure FSPM. (for FSP 2.x)
+ # BIT3: Need measure FSPS. (for FSP 2.x)
+ # BIT4~30: reserved.
+ # BIT31: Need isolate UPD region measurement.
+ #0: measure FSP[T|M|S] as one binary in one record (PCR0).
+ #1: measure FSP UPD region in one record (PCR1), the FSP code without UPD in another record (PCR0).
+ #
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x0000000F|UINT32|0x4000000B
+
[PcdsFixedAtBuild, PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx]
#
## These are the base address of FSP-M/S
diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
index cb4f69285d..5c0d509be4 100644
--- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
+++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
@@ -1,7 +1,7 @@
## @file
# Provides drivers and definitions to support fsp in EDKII bios.
#
-# Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -45,6 +45,7 @@
# FSP Wrapper Lib
FspWrapperApiLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/BaseFspWrapperApiLib.inf
FspWrapperApiTestLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiTestLibNull/BaseFspWrapperApiTestLibNull.inf
+ FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
# FSP platform sample
FspWrapperPlatformLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperPlatformLibSample/BaseFspWrapperPlatformLibSample.inf
@@ -57,6 +58,7 @@
PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
[LibraryClasses.common.DXE_DRIVER]
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
@@ -73,6 +75,7 @@
IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSample/SecFspWrapperPlatformSecLibSample.inf
IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProcessLibSample/PeiFspWrapperHobProcessLibSample.inf
IntelFsp2WrapperPkg/Library/PeiFspWrapperApiTestLib/PeiFspWrapperApiTestLib.inf
+ IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* [PATCH 9/9] SecurityPkg/HashLib: add API HashFinal
2020-07-31 8:54 [PATCH 0/9] Need add a FSP binary measurement Qi Zhang
` (7 preceding siblings ...)
2020-07-31 8:54 ` [PATCH 8/9] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig Qi Zhang
@ 2020-07-31 8:54 ` Qi Zhang
2020-08-02 8:48 ` Yao, Jiewen
8 siblings, 1 reply; 16+ messages in thread
From: Qi Zhang @ 2020-07-31 8:54 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
SecurityPkg/Include/Library/HashLib.h | 15 ++++++
.../HashLibBaseCryptoRouterPei.c | 48 +++++++++++++++++++
2 files changed, 63 insertions(+)
diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 6ad960ad70..e2d9a62a1d 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -47,6 +47,21 @@ HashUpdate (
IN UINTN DataToHashLen
);
+/**
+ Hash sequence complete and extend to PCR.
+
+ @param HashHandle Hash handle.
+ @param DigestList Digest list.
+
+ @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashFinal (
+ IN HASH_HANDLE HashHandle,
+ OUT TPML_DIGEST_VALUES *DigestList
+ );
+
/**
Hash sequence complete and extend to PCR.
diff --git a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
index 42cb562f67..5b9719630d 100644
--- a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
+++ b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
@@ -208,6 +208,54 @@ HashUpdate (
return EFI_SUCCESS;
}
+/**
+ Hash sequence complete and extend to PCR.
+
+ @param HashHandle Hash handle.
+ @param DigestList Digest list.
+
+ @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashFinal (
+ IN HASH_HANDLE HashHandle,
+ OUT TPML_DIGEST_VALUES *DigestList
+ )
+{
+ TPML_DIGEST_VALUES Digest;
+ HASH_INTERFACE_HOB *HashInterfaceHob;
+ HASH_HANDLE *HashCtx;
+ UINTN Index;
+ UINT32 HashMask;
+
+ HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid);
+ if (HashInterfaceHob == NULL) {
+ return EFI_UNSUPPORTED;
+ }
+
+ if (HashInterfaceHob->HashInterfaceCount == 0) {
+ return EFI_UNSUPPORTED;
+ }
+
+ CheckSupportedHashMaskMismatch (HashInterfaceHob);
+
+ HashCtx = (HASH_HANDLE *)HashHandle;
+ ZeroMem (DigestList, sizeof(*DigestList));
+
+ for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+ HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+ if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
+ HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &Digest);
+ Tpm2SetHashToDigestList (DigestList, &Digest);
+ }
+ }
+
+ FreePool (HashCtx);
+
+ return EFI_SUCCESS;
+}
+
/**
Hash sequence complete and extend to PCR.
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 16+ messages in thread* Re: [PATCH 9/9] SecurityPkg/HashLib: add API HashFinal
2020-07-31 8:54 ` [PATCH 9/9] SecurityPkg/HashLib: add API HashFinal Qi Zhang
@ 2020-08-02 8:48 ` Yao, Jiewen
0 siblings, 0 replies; 16+ messages in thread
From: Yao, Jiewen @ 2020-08-02 8:48 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Wang, Jian J
If you want to add one API for a library class, we need add implementation for all library instances.
Here the DXE version should also be updated to add such capability.
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 31, 2020 4:55 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>
> Subject: [PATCH 9/9] SecurityPkg/HashLib: add API HashFinal
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> ---
> SecurityPkg/Include/Library/HashLib.h | 15 ++++++
> .../HashLibBaseCryptoRouterPei.c | 48 +++++++++++++++++++
> 2 files changed, 63 insertions(+)
>
> diff --git a/SecurityPkg/Include/Library/HashLib.h
> b/SecurityPkg/Include/Library/HashLib.h
> index 6ad960ad70..e2d9a62a1d 100644
> --- a/SecurityPkg/Include/Library/HashLib.h
> +++ b/SecurityPkg/Include/Library/HashLib.h
> @@ -47,6 +47,21 @@ HashUpdate (
> IN UINTN DataToHashLen
>
> );
>
>
>
> +/**
>
> + Hash sequence complete and extend to PCR.
>
> +
>
> + @param HashHandle Hash handle.
>
> + @param DigestList Digest list.
>
> +
>
> + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +HashFinal (
>
> + IN HASH_HANDLE HashHandle,
>
> + OUT TPML_DIGEST_VALUES *DigestList
>
> + );
>
> +
>
> /**
>
> Hash sequence complete and extend to PCR.
>
>
>
> diff --git
> a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
> b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
> index 42cb562f67..5b9719630d 100644
> ---
> a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
> +++
> b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c
> @@ -208,6 +208,54 @@ HashUpdate (
> return EFI_SUCCESS;
>
> }
>
>
>
> +/**
>
> + Hash sequence complete and extend to PCR.
>
> +
>
> + @param HashHandle Hash handle.
>
> + @param DigestList Digest list.
>
> +
>
> + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +HashFinal (
>
> + IN HASH_HANDLE HashHandle,
>
> + OUT TPML_DIGEST_VALUES *DigestList
>
> + )
>
> +{
>
> + TPML_DIGEST_VALUES Digest;
>
> + HASH_INTERFACE_HOB *HashInterfaceHob;
>
> + HASH_HANDLE *HashCtx;
>
> + UINTN Index;
>
> + UINT32 HashMask;
>
> +
>
> + HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid);
>
> + if (HashInterfaceHob == NULL) {
>
> + return EFI_UNSUPPORTED;
>
> + }
>
> +
>
> + if (HashInterfaceHob->HashInterfaceCount == 0) {
>
> + return EFI_UNSUPPORTED;
>
> + }
>
> +
>
> + CheckSupportedHashMaskMismatch (HashInterfaceHob);
>
> +
>
> + HashCtx = (HASH_HANDLE *)HashHandle;
>
> + ZeroMem (DigestList, sizeof(*DigestList));
>
> +
>
> + for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
>
> + HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob-
> >HashInterface[Index].HashGuid);
>
> + if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) {
>
> + HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index],
> &Digest);
>
> + Tpm2SetHashToDigestList (DigestList, &Digest);
>
> + }
>
> + }
>
> +
>
> + FreePool (HashCtx);
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> /**
>
> Hash sequence complete and extend to PCR.
>
>
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 16+ messages in thread