From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com []) by mx.groups.io with SMTP id smtpd.web11.3442.1596674029695996418 for ; Wed, 05 Aug 2020 17:33:58 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: qi1.zhang@intel.com) IronPort-SDR: ZmFhFS0Cg0EfOFMiw6ldxsy3CHHnG63BF9Rf4/JJv7PQ+a9E17PpSLKNewbrZ8GaVsVmSuXSY2 nkBsM2J5epvA== X-IronPort-AV: E=McAfee;i="6000,8403,9704"; a="150152826" X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="150152826" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Aug 2020 17:33:58 -0700 IronPort-SDR: cs7tNCFsapTZM/U1xM1AhmdyhOKNKJD89tiE/AdSHAd5ryrJTk3FMq/LZgtyfWaky/cLTOBTXP EmklzvhyVEFg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,439,1589266800"; d="scan'208";a="274924420" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.9.10]) by fmsmga007.fm.intel.com with ESMTP; 05 Aug 2020 17:33:56 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [PATCH v2 6/9] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib. Date: Thu, 6 Aug 2020 08:33:39 +0800 Message-Id: <20200806003342.17866-7-qi1.zhang@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> References: <20200806003342.17866-1-qi1.zhang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../BaseFspMeasurementLib.inf | 54 +++ .../BaseFspMeasurementLib/FspMeasurementLib.c | 349 ++++++++++++++++++ 2 files changed, 403 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseF= spMeasurementLib.inf create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMe= asurementLib.c diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasu= rementLib.inf b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMe= asurementLib.inf new file mode 100644 index 0000000000..d30168117d --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementL= ib.inf @@ -0,0 +1,54 @@ +## @file=0D +# Provides FSP measurement functions.=0D +#=0D +# This library provides MeasureFspFirmwareBlob() to measure FSP binary.=0D +#=0D +# Copyright (c) 2020, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D FspMeasurementLib=0D + FILE_GUID =3D 9A62C49D-C45A-4322-9F3C-45958DF0056B= =0D + MODULE_TYPE =3D BASE=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D FspMeasurementLib=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64=0D +#=0D +=0D +[Sources]=0D + FspMeasurementLib.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + MdeModulePkg/MdeModulePkg.dec=0D + SecurityPkg/SecurityPkg.dec=0D + IntelFsp2Pkg/IntelFsp2Pkg.dec=0D + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec=0D +=0D +[LibraryClasses]=0D + BaseLib=0D + BaseMemoryLib=0D + DebugLib=0D + PrintLib=0D + PcdLib=0D + PeiServicesLib=0D + PeiServicesTablePointerLib=0D + FspWrapperApiLib=0D + TpmMeasurementLib=0D + HashLib=0D +=0D +[Ppis]=0D + gEdkiiTcgPpiGuid ## CO= NSUMES=0D +=0D +[Pcd]=0D + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CO= NSUMES=0D + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CO= NSUMES=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CO= NSUMES=0D +=0D diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasureme= ntLib.c b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementL= ib.c new file mode 100644 index 0000000000..316570cd2c --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c @@ -0,0 +1,349 @@ +/** @file=0D + This library is used by FSP modules to measure data to TPM.=0D +=0D +Copyright (c) 2020, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include =0D +#include =0D +=0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +=0D +#include =0D +#include =0D +=0D +#pragma pack (1)=0D +=0D +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX= XX)"=0D +typedef struct {=0D + UINT8 BlobDescriptionSize;=0D + UINT8 BlobDescription[sizeof(PLATFORM_FIRMWA= RE_BLOB_DESC)];=0D + EFI_PHYSICAL_ADDRESS BlobBase;=0D + UINT64 BlobLength;=0D +} PLATFORM_FIRMWARE_BLOB2_STRUCT;=0D +=0D +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF"=0D +typedef struct {=0D + UINT8 TableDescriptionSize;=0D + UINT8 TableDescription[sizeof(HANDOFF_TABLE_= POINTER_DESC)];=0D + UINT64 NumberOfTables;=0D + EFI_CONFIGURATION_TABLE TableEntry[1];=0D +} HANDOFF_TABLE_POINTERS2_STRUCT;=0D +=0D +#pragma pack ()=0D +=0D +/**=0D + Tpm measure and log data, and extend the measurement result into a speci= fic PCR.=0D +=0D + @param[in] PcrIndex PCR Index.=0D + @param[in] EventType Event type.=0D + @param[in] EventLog Measurement event log.=0D + @param[in] LogLen Event log length in bytes.=0D + @param[in] HashData The start of the data buffer to be hashed, = extended.=0D + @param[in] HashDataLen The length, in bytes, of the buffer referen= ced by HashData=0D + @param[in] Flags Bitmap providing additional information.=0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_UNSUPPORTED TPM device not available.=0D + @retval EFI_OUT_OF_RESOURCES Out of memory.=0D + @retval EFI_DEVICE_ERROR The operation was unsuccessful.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +TpmMeasureAndLogDataWithFlags (=0D + IN UINT32 PcrIndex,=0D + IN UINT32 EventType,=0D + IN VOID *EventLog,=0D + IN UINT32 LogLen,=0D + IN VOID *HashData,=0D + IN UINT64 HashDataLen,=0D + IN UINT64 Flags=0D + )=0D +{=0D + EFI_STATUS Status;=0D + EDKII_TCG_PPI *TcgPpi;=0D + TCG_PCR_EVENT_HDR TcgEventHdr;=0D +=0D + Status =3D PeiServicesLocatePpi(=0D + &gEdkiiTcgPpiGuid,=0D + 0,=0D + NULL,=0D + (VOID**)&TcgPpi=0D + );=0D + if (EFI_ERROR(Status)) {=0D + return Status;=0D + }=0D +=0D + TcgEventHdr.PCRIndex =3D PcrIndex;=0D + TcgEventHdr.EventType =3D EventType;=0D + TcgEventHdr.EventSize =3D LogLen;=0D +=0D + Status =3D TcgPpi->HashLogExtendEvent (=0D + TcgPpi,=0D + Flags,=0D + HashData,=0D + (UINTN)HashDataLen,=0D + &TcgEventHdr,=0D + EventLog=0D + );=0D + return Status;=0D +}=0D +=0D +/**=0D + Get the FvName from the FV header.=0D +=0D + Causion: The FV is untrusted input.=0D +=0D + @param[in] FvBase Base address of FV image.=0D + @param[in] FvLength Length of FV image.=0D +=0D + @return FvName pointer=0D + @retval NULL FvName is NOT found=0D +**/=0D +STATIC=0D +VOID *=0D +TpmMeasurementGetFvName (=0D + IN EFI_PHYSICAL_ADDRESS FvBase,=0D + IN UINT64 FvLength=0D + )=0D +{=0D + EFI_FIRMWARE_VOLUME_HEADER *FvHeader;=0D + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;=0D +=0D + if (FvBase >=3D MAX_ADDRESS) {=0D + return NULL;=0D + }=0D + if (FvLength >=3D MAX_ADDRESS - FvBase) {=0D + return NULL;=0D + }=0D + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {=0D + return NULL;=0D + }=0D +=0D + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;=0D + if (FvHeader->Signature !=3D EFI_FVH_SIGNATURE) {=0D + return NULL;=0D + }=0D + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {=0D + return NULL;=0D + }=0D + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) >= FvLength) {=0D + return NULL;=0D + }=0D + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHea= der->ExtHeaderOffset);=0D +=0D + return &FvExtHeader->FvName;=0D +}=0D +=0D +/**=0D + Mesure a FSP FirmwareBlob.=0D +=0D + @param[in] Descrption Description for this FirmwareBlob.=0D + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.=0D + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.= =0D + @param[in] CfgRegionOffset Configuration region offset in bytes= .=0D + @param[in] CfgRegionSize Configuration region in bytes.=0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_UNSUPPORTED TPM device not available.=0D + @retval EFI_OUT_OF_RESOURCES Out of memory.=0D + @retval EFI_DEVICE_ERROR The operation was unsuccessful.=0D +*/=0D +STATIC=0D +EFI_STATUS=0D +EFIAPI=0D +MeasureFspFirmwareBlobWithCfg (=0D + IN CHAR8 *Description OPTIONAL,=0D + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,=0D + IN UINT64 FirmwareBlobLength,=0D + IN UINT32 CfgRegionOffset,=0D + IN UINT32 CfgRegionSize=0D + )=0D +{=0D + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UPDBlob;=0D + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UPDBlob2;=0D + VOID *FvName;=0D + UINT32 FvEventType;=0D + VOID *FvEventLog, *UPDEventLog;=0D + UINT32 FvEventLogSize, UPDEventLogSize;=0D + EFI_STATUS Status;=0D + HASH_HANDLE HashHandle;=0D + UINT8 *HashBase;=0D + UINTN HashSize;=0D + TPML_DIGEST_VALUES DigestList;=0D +=0D + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= );=0D +=0D + if (((Description !=3D NULL) || (FvName !=3D NULL)) &&=0D + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) {=0D + ZeroMem (&FvBlob2, sizeof(FvBlob2));=0D + ZeroMem (&UPDBlob2, sizeof(UPDBlob2));=0D + if (Description !=3D NULL) {=0D + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description);=0D + AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription, sizeof(UPDBlob2.BlobDe= scription), "%aUDP", Description);=0D + } else {=0D + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName);=0D + AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription, sizeof(UPDBlob2.BlobDe= scription), "(%g)UDP", FvName);=0D + }=0D +=0D + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription);=0D + FvBlob2.BlobBase =3D FirmwareBlobBase;=0D + FvBlob2.BlobLength =3D FirmwareBlobLength;=0D + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2;=0D + FvEventLog =3D &FvBlob2;=0D + FvEventLogSize =3D sizeof(FvBlob2);=0D +=0D + UPDBlob2.BlobDescriptionSize =3D sizeof(UPDBlob2.BlobDescription);=0D + UPDBlob2.BlobBase =3D CfgRegionOffset;=0D + UPDBlob2.BlobLength =3D CfgRegionSize;=0D + UPDEventLog =3D &UPDBlob2;=0D + UPDEventLogSize =3D sizeof(UPDBlob2);=0D + } else {=0D + FvBlob.BlobBase =3D FirmwareBlobBase;=0D + FvBlob.BlobLength =3D FirmwareBlobLength;=0D + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB;=0D + FvEventLog =3D &FvBlob;=0D + FvEventLogSize =3D sizeof(FvBlob);=0D +=0D + UPDBlob.BlobBase =3D CfgRegionOffset;=0D + UPDBlob.BlobLength =3D CfgRegionSize;=0D + UPDEventLog =3D &UPDBlob;=0D + UPDEventLogSize =3D sizeof(UPDBlob);=0D + }=0D +=0D + // Initialize a SHA hash context.=0D + Status =3D HashStart (&HashHandle);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));=0D + return Status;=0D + }=0D +=0D + // Hash FSP binary before UDP=0D + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase;=0D + HashSize =3D (UINTN) CfgRegionOffset;=0D + Status =3D HashUpdate (HashHandle, HashBase, HashSize);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));=0D + return Status;=0D + }=0D +=0D + // Hash FSP binary after UDP=0D + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgR= egionSize;=0D + HashSize =3D (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSiz= e);=0D + Status =3D HashUpdate (HashHandle, HashBase, HashSize);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));=0D + return Status;=0D + }=0D +=0D + // Finalize the SHA hash.=0D + Status =3D HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList);= =0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status));= =0D + return Status;=0D + }=0D +=0D + Status =3D TpmMeasureAndLogDataWithFlags (=0D + 0,=0D + FvEventType,=0D + FvEventLog,=0D + FvEventLogSize,=0D + (UINT8 *) &DigestList,=0D + (UINTN) sizeof(DigestList),=0D + EDKII_TCG_PRE_HASH_LOG_ONLY=0D + );=0D +=0D + Status =3D TpmMeasureAndLogData (=0D + 1,=0D + EV_PLATFORM_CONFIG_FLAGS,=0D + UPDEventLog,=0D + UPDEventLogSize,=0D + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset,=0D + CfgRegionSize=0D + );=0D +=0D + return Status;=0D +}=0D +=0D +FSP_INFO_HEADER *=0D +EFIAPI=0D +mFspFindFspHeader (=0D + IN EFI_PHYSICAL_ADDRESS FlashFvFspBase=0D + )=0D +{=0D + UINT8 *CheckPointer;=0D +=0D + CheckPointer =3D (UINT8 *) (UINTN) FlashFvFspBase;=0D +=0D + if (((EFI_FIRMWARE_VOLUME_HEADER *)CheckPointer)->Signature !=3D EFI_FVH= _SIGNATURE) {=0D + return NULL;=0D + }=0D +=0D + if (((EFI_FIRMWARE_VOLUME_HEADER *)CheckPointer)->ExtHeaderOffset !=3D 0= ) {=0D + CheckPointer =3D CheckPointer + ((EFI_FIRMWARE_VOLUME_HEADER *)CheckPo= inter)->ExtHeaderOffset;=0D + CheckPointer =3D CheckPointer + ((EFI_FIRMWARE_VOLUME_EXT_HEADER *)Che= ckPointer)->ExtHeaderSize;=0D + CheckPointer =3D (UINT8 *) ALIGN_POINTER (CheckPointer, 8);=0D + } else {=0D + CheckPointer =3D CheckPointer + ((EFI_FIRMWARE_VOLUME_HEADER *)CheckPo= inter)->HeaderLength;=0D + }=0D +=0D +=0D + CheckPointer =3D CheckPointer + sizeof (EFI_FFS_FILE_HEADER);=0D +=0D + if (((EFI_RAW_SECTION *)CheckPointer)->Type !=3D EFI_SECTION_RAW) {=0D + return NULL;=0D + }=0D +=0D + CheckPointer =3D CheckPointer + sizeof (EFI_RAW_SECTION);=0D +=0D + return (FSP_INFO_HEADER *)CheckPointer;=0D +}=0D +/**=0D + Mesure a FSP FirmwareBlob.=0D +=0D + @param[in] PcrIndex PCR Index.=0D + @param[in] Descrption Description for this FirmwareBlob.=0D + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.=0D + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.= =0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_UNSUPPORTED TPM device not available.=0D + @retval EFI_OUT_OF_RESOURCES Out of memory.=0D + @retval EFI_DEVICE_ERROR The operation was unsuccessful.=0D +*/=0D +EFI_STATUS=0D +EFIAPI=0D +MeasureFspFirmwareBlob (=0D + IN UINT32 PcrIndex,=0D + IN CHAR8 *Description OPTIONAL,=0D + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,=0D + IN UINT64 FirmwareBlobLength=0D + )=0D +{=0D + UINT32 FspMeasureMask;=0D + FSP_INFO_HEADER *FspHeaderPtr;=0D +=0D + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig);=0D + if (FspMeasureMask & FSP_MEASURE_FSPUPD) {=0D + FspHeaderPtr =3D (FSP_INFO_HEADER *) mFspFindFspHeader (FirmwareBlobBa= se);=0D + if (FspHeaderPtr =3D=3D NULL) {=0D + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase,= FirmwareBlobLength);;=0D + }=0D + return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, Fi= rmwareBlobLength,=0D + FspHeaderPtr->CfgRegionOffset, Fs= pHeaderPtr->CfgRegionSize);=0D + } else {=0D + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, F= irmwareBlobLength);=0D + }=0D +}=0D +=0D --=20 2.26.2.windows.1