* [PATCH v3 0/8] Need add a FSP binary measurement
@ 2020-08-14 6:31 Qi Zhang
2020-08-14 6:31 ` [PATCH v3 1/8] SecurityPkg/FvEventLogRecordLib: add new lib for firmware measurement Qi Zhang
` (9 more replies)
0 siblings, 10 replies; 14+ messages in thread
From: Qi Zhang @ 2020-08-14 6:31 UTC (permalink / raw)
To: devel
Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Hao A Wu, Chasel Chiu,
Nate DeSimone, Star Zeng
v3 change:
add a new lib FvEventLogRecordLib for gerneric code.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
The EDKII BIOS calls FSP API in FSP Wrapper Pkg.
This FSP code need to be measured into TPM.
We need add a generic module in FSP Wrapper Pkg code to measure:
1) FSP-T, FSP-M, FSP-S in API mode.
2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported
as standard FV and they will be measured by TCG-PEI.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Jiewen Yao (4):
IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and
PcdFspMeasurementConfig.
Qi Zhang (4):
SecurityPkg/FvEventLogRecordLib: add new lib for firmware measurement
SecurityPkg/dsc: add FvEventLogRecordLib
SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
.../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++-
.../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +-
.../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++-
.../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +-
.../Include/Library/FspMeasurementLib.h | 39 +++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 ++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 10 +-
.../BaseFspMeasurementLib.inf | 54 ++++
.../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
.../Include/Library/FvEventLogRecordLib.h | 97 +++++++
SecurityPkg/Include/Ppi/Tcg.h | 5 +
.../FvEventLogRecordLib/FvEventLogRecordLib.c | 197 ++++++++++++++
.../FvEventLogRecordLib.inf | 40 +++
.../FvEventLogRecordLib.uni | 17 ++
SecurityPkg/SecurityPkg.dec | 3 +
SecurityPkg/SecurityPkg.dsc | 2 +
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +-
17 files changed, 939 insertions(+), 25 deletions(-)
create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
create mode 100644 SecurityPkg/Include/Library/FvEventLogRecordLib.h
create mode 100644 SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.c
create mode 100644 SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf
create mode 100644 SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.uni
--
2.26.2.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* [PATCH v3 1/8] SecurityPkg/FvEventLogRecordLib: add new lib for firmware measurement
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
@ 2020-08-14 6:31 ` Qi Zhang
2020-08-14 6:31 ` [PATCH v3 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file Qi Zhang
` (8 subsequent siblings)
9 siblings, 0 replies; 14+ messages in thread
From: Qi Zhang @ 2020-08-14 6:31 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
.../Include/Library/FvEventLogRecordLib.h | 97 +++++++++
.../FvEventLogRecordLib/FvEventLogRecordLib.c | 197 ++++++++++++++++++
.../FvEventLogRecordLib.inf | 40 ++++
.../FvEventLogRecordLib.uni | 17 ++
4 files changed, 351 insertions(+)
create mode 100644 SecurityPkg/Include/Library/FvEventLogRecordLib.h
create mode 100644 SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.c
create mode 100644 SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf
create mode 100644 SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.uni
diff --git a/SecurityPkg/Include/Library/FvEventLogRecordLib.h b/SecurityPkg/Include/Library/FvEventLogRecordLib.h
new file mode 100644
index 0000000000..e70717ed1b
--- /dev/null
+++ b/SecurityPkg/Include/Library/FvEventLogRecordLib.h
@@ -0,0 +1,97 @@
+/** @file
+ This library is used by other modules to measure Firmware to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _FV_EVENTLOGRECORD_LIB_H_
+#define _FV_EVENTLOGRECORD_LIB_H_
+
+#include <Uefi.h>
+
+#pragma pack (1)
+
+#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
+typedef struct {
+ UINT8 BlobDescriptionSize;
+ UINT8 BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)];
+ EFI_PHYSICAL_ADDRESS BlobBase;
+ UINT64 BlobLength;
+} PLATFORM_FIRMWARE_BLOB2_STRUCT;
+
+#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF"
+typedef struct {
+ UINT8 TableDescriptionSize;
+ UINT8 TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)];
+ UINT64 NumberOfTables;
+ EFI_CONFIGURATION_TABLE TableEntry[1];
+} HANDOFF_TABLE_POINTERS2_STRUCT;
+
+#pragma pack ()
+
+/**
+ Get the FvName from the FV header.
+
+ Causion: The FV is untrusted input.
+
+ @param[in] FvBase Base address of FV image.
+ @param[in] FvLength Length of FV image.
+
+ @return FvName pointer
+ @retval NULL FvName is NOT found
+**/
+VOID *
+TpmMeasurementGetFvName (
+ IN EFI_PHYSICAL_ADDRESS FvBase,
+ IN UINT64 FvLength
+ );
+
+/**
+ Measure a FirmwareBlob.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] Description Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ );
+
+/**
+ Measure a HandoffTable.
+
+ @param[in] PcrIndex PcrIndex of the measurement.
+ @param[in] Description Description for this HandoffTable.
+ @param[in] TableGuid GUID of this HandoffTable.
+ @param[in] TableAddress Base address of this HandoffTable.
+ @param[in] TableLength Size in bytes of this HandoffTable.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureHandoffTable (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_GUID *TableGuid,
+ IN VOID *TableAddress,
+ IN UINTN TableLength
+ );
+
+#endif
diff --git a/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.c b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.c
new file mode 100644
index 0000000000..93d708cde1
--- /dev/null
+++ b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.c
@@ -0,0 +1,197 @@
+/** @file
+ This library is used by other modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi/UefiBaseType.h>
+#include <Pi/PiFirmwareVolume.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/ReportStatusCodeLib.h>
+#include <Library/PcdLib.h>
+#include <Library/PrintLib.h>
+#include <Library/FvEventLogRecordLib.h>
+#include <Library/TpmMeasurementLib.h>
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+/**
+ Get the FvName from the FV header.
+
+ Causion: The FV is untrusted input.
+
+ @param[in] FvBase Base address of FV image.
+ @param[in] FvLength Length of FV image.
+
+ @return FvName pointer
+ @retval NULL FvName is NOT found
+**/
+VOID *
+TpmMeasurementGetFvName (
+ IN EFI_PHYSICAL_ADDRESS FvBase,
+ IN UINT64 FvLength
+ )
+{
+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
+
+ if (FvBase >= MAX_ADDRESS) {
+ return NULL;
+ }
+ if (FvLength >= MAX_ADDRESS - FvBase) {
+ return NULL;
+ }
+ if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
+ return NULL;
+ }
+
+ FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
+ if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
+ return NULL;
+ }
+ if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
+ return NULL;
+ }
+ if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
+ return NULL;
+ }
+ FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
+
+ return &FvExtHeader->FvName;
+}
+
+/**
+ Measure a FirmwareBlob.
+
+ @param[in] PcrIndex PcrIndex of the measurement.
+ @param[in] Description Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+MeasureFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ )
+{
+ EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
+ PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2;
+ VOID *FvName;
+ UINT32 EventType;
+ VOID *EventLog;
+ UINT32 EventLogSize;
+ EFI_STATUS Status;
+
+ FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
+
+ if (((Description != NULL) || (FvName != NULL)) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ if (Description != NULL) {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description);
+ } else {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
+ }
+
+ FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
+ FvBlob2.BlobBase = FirmwareBlobBase;
+ FvBlob2.BlobLength = FirmwareBlobLength;
+
+ EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
+ EventLog = &FvBlob2;
+ EventLogSize = sizeof(FvBlob2);
+ } else {
+ FvBlob.BlobBase = FirmwareBlobBase;
+ FvBlob.BlobLength = FirmwareBlobLength;
+
+ EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
+ EventLog = &FvBlob;
+ EventLogSize = sizeof(FvBlob);
+ }
+
+ Status = TpmMeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ EventLogSize,
+ (VOID*)(UINTN)FirmwareBlobBase,
+ FirmwareBlobLength
+ );
+
+ return Status;
+}
+
+/**
+ Measure a HandoffTable.
+
+ @param[in] PcrIndex PcrIndex of the measurement.
+ @param[in] Description Description for this HandoffTable.
+ @param[in] TableGuid GUID of this HandoffTable.
+ @param[in] TableAddress Base address of this HandoffTable.
+ @param[in] TableLength Size in bytes of this HandoffTable.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+MeasureHandoffTable (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_GUID *TableGuid,
+ IN VOID *TableAddress,
+ IN UINTN TableLength
+ )
+{
+ EFI_HANDOFF_TABLE_POINTERS HandoffTables;
+ HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2;
+ UINT32 EventType;
+ VOID *EventLog;
+ UINT32 EventLogSize;
+ EFI_STATUS Status;
+
+ if ((Description != NULL) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTables2.TableDescription), "%a", Description);
+
+ HandoffTables2.TableDescriptionSize = sizeof(HandoffTables2.TableDescription);
+ HandoffTables2.NumberOfTables = 1;
+ CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid);
+ HandoffTables2.TableEntry[0].VendorTable = TableAddress;
+
+ EventType = EV_EFI_HANDOFF_TABLES2;
+ EventLog = &HandoffTables2;
+ EventLogSize = sizeof(HandoffTables2);
+ } else {
+ HandoffTables.NumberOfTables = 1;
+ CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid);
+ HandoffTables.TableEntry[0].VendorTable = TableAddress;
+
+ EventType = EV_EFI_HANDOFF_TABLES;
+ EventLog = &HandoffTables;
+ EventLogSize = sizeof(HandoffTables);
+ }
+
+ Status = TpmMeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ EventLogSize,
+ TableAddress,
+ TableLength
+ );
+ return Status;
+}
diff --git a/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf
new file mode 100644
index 0000000000..4299c57e5b
--- /dev/null
+++ b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf
@@ -0,0 +1,40 @@
+## @file
+# Provides interface for firmwware TPM measurement
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = FvEventLogRecordLib
+ MODULE_UNI_FILE = FvEventLogRecordLib.uni
+ FILE_GUID = F8125B2A-3922-4A22-A6F8-3B6159A25A3B
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ FvEventLogRecordLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ PcdLib
+ TpmMeasurementLib
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES
diff --git a/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.uni b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.uni
new file mode 100644
index 0000000000..b1ca410074
--- /dev/null
+++ b/SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.uni
@@ -0,0 +1,17 @@
+// /** @file
+// Provides interface for firmwware TPM measurement
+//
+// This library provides MeasureFirmwareBlob() and MeasureHandoffTable()
+// to measure and log data, and extend the measurement result into a specific PCR.
+//
+// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides Firmware TPM measurement functions for TPM1.2 and TPM 2.0"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library provides MeasureFirmwareBlob() and MeasureHandoffTable() to measure and log data, and extend the measurement result into a specific PCR."
+
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v3 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
2020-08-14 6:31 ` [PATCH v3 1/8] SecurityPkg/FvEventLogRecordLib: add new lib for firmware measurement Qi Zhang
@ 2020-08-14 6:31 ` Qi Zhang
2020-08-14 6:31 ` [PATCH v3 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
` (7 subsequent siblings)
9 siblings, 0 replies; 14+ messages in thread
From: Qi Zhang @ 2020-08-14 6:31 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../Include/Library/FspMeasurementLib.h | 39 +++++++++++++++++++
1 file changed, 39 insertions(+)
create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
new file mode 100644
index 0000000000..4620b4b08e
--- /dev/null
+++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
@@ -0,0 +1,39 @@
+/** @file
+ This library is used by FSP modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _FSP_MEASUREMENT_LIB_H_
+#define _FSP_MEASUREMENT_LIB_H_
+
+#define FSP_MEASURE_FSP BIT0
+#define FSP_MEASURE_FSPT BIT1
+#define FSP_MEASURE_FSPM BIT2
+#define FSP_MEASURE_FSPS BIT3
+#define FSP_MEASURE_FSPUPD BIT31
+
+/**
+ Measure a FSP FirmwareBlob.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] Description Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFspFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ );
+#endif
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v3 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
2020-08-14 6:31 ` [PATCH v3 1/8] SecurityPkg/FvEventLogRecordLib: add new lib for firmware measurement Qi Zhang
2020-08-14 6:31 ` [PATCH v3 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file Qi Zhang
@ 2020-08-14 6:31 ` Qi Zhang
2020-08-18 3:15 ` Chiu, Chasel
2020-08-14 6:31 ` [PATCH v3 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
` (6 subsequent siblings)
9 siblings, 1 reply; 14+ messages in thread
From: Qi Zhang @ 2020-08-14 6:31 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../BaseFspMeasurementLib.inf | 54 ++++
.../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
2 files changed, 302 insertions(+)
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
new file mode 100644
index 0000000000..9c0dd9fb40
--- /dev/null
+++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
@@ -0,0 +1,54 @@
+## @file
+# Provides FSP measurement functions.
+#
+# This library provides MeasureFspFirmwareBlob() to measure FSP binary.
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = FspMeasurementLib
+ FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = FspMeasurementLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ FspMeasurementLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ IntelFsp2Pkg/IntelFsp2Pkg.dec
+ IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ PrintLib
+ PcdLib
+ PeiServicesLib
+ PeiServicesTablePointerLib
+ FspWrapperApiLib
+ FvEventLogRecordLib
+ HashLib
+
+[Ppis]
+ gEdkiiTcgPpiGuid ## CONSUMES
+
+[Pcd]
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES
+
diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
new file mode 100644
index 0000000000..adb4393426
--- /dev/null
+++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
@@ -0,0 +1,248 @@
+/** @file
+ This library is used by FSP modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Uefi.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/PeiServicesTablePointerLib.h>
+#include <Library/PcdLib.h>
+#include <Library/PrintLib.h>
+#include <Library/DebugLib.h>
+#include <Library/FspWrapperApiLib.h>
+#include <Library/TpmMeasurementLib.h>
+#include <Library/FspMeasurementLib.h>
+#include <Library/FvEventLogRecordLib.h>
+#include <Library/HashLib.h>
+
+#include <Ppi/Tcg.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+/**
+ Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+ @param[in] Flags Bitmap providing additional information.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TpmMeasureAndLogDataWithFlags (
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen,
+ IN UINT64 Flags
+ )
+{
+ EFI_STATUS Status;
+ EDKII_TCG_PPI *TcgPpi;
+ TCG_PCR_EVENT_HDR TcgEventHdr;
+
+ Status = PeiServicesLocatePpi(
+ &gEdkiiTcgPpiGuid,
+ 0,
+ NULL,
+ (VOID**)&TcgPpi
+ );
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ TcgEventHdr.PCRIndex = PcrIndex;
+ TcgEventHdr.EventType = EventType;
+ TcgEventHdr.EventSize = LogLen;
+
+ Status = TcgPpi->HashLogExtendEvent (
+ TcgPpi,
+ Flags,
+ HashData,
+ (UINTN)HashDataLen,
+ &TcgEventHdr,
+ EventLog
+ );
+ return Status;
+}
+
+/**
+ Measure a FSP FirmwareBlob.
+
+ @param[in] Description Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+ @param[in] CfgRegionOffset Configuration region offset in bytes.
+ @param[in] CfgRegionSize Configuration region in bytes.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+MeasureFspFirmwareBlobWithCfg (
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength,
+ IN UINT32 CfgRegionOffset,
+ IN UINT32 CfgRegionSize
+ )
+{
+ EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UpdBlob;
+ PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UpdBlob2;
+ VOID *FvName;
+ UINT32 FvEventType;
+ VOID *FvEventLog, *UpdEventLog;
+ UINT32 FvEventLogSize, UpdEventLogSize;
+ EFI_STATUS Status;
+ HASH_HANDLE HashHandle;
+ UINT8 *HashBase;
+ UINTN HashSize;
+ TPML_DIGEST_VALUES DigestList;
+
+ FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
+
+ if (((Description != NULL) || (FvName != NULL)) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ if (Description != NULL) {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description);
+ AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDescription), "%aUDP", Description);
+ } else {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
+ AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDescription), "(%g)UDP", FvName);
+ }
+
+ FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
+ FvBlob2.BlobBase = FirmwareBlobBase;
+ FvBlob2.BlobLength = FirmwareBlobLength;
+ FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
+ FvEventLog = &FvBlob2;
+ FvEventLogSize = sizeof(FvBlob2);
+
+ UpdBlob2.BlobDescriptionSize = sizeof(UpdBlob2.BlobDescription);
+ UpdBlob2.BlobBase = CfgRegionOffset;
+ UpdBlob2.BlobLength = CfgRegionSize;
+ UpdEventLog = &UpdBlob2;
+ UpdEventLogSize = sizeof(UpdBlob2);
+ } else {
+ FvBlob.BlobBase = FirmwareBlobBase;
+ FvBlob.BlobLength = FirmwareBlobLength;
+ FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
+ FvEventLog = &FvBlob;
+ FvEventLogSize = sizeof(FvBlob);
+
+ UpdBlob.BlobBase = CfgRegionOffset;
+ UpdBlob.BlobLength = CfgRegionSize;
+ UpdEventLog = &UpdBlob;
+ UpdEventLogSize = sizeof(UpdBlob);
+ }
+
+ /** Initialize a SHA hash context. **/
+ Status = HashStart (&HashHandle);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));
+ return Status;
+ }
+
+ /** Hash FSP binary before UDP **/
+ HashBase = (UINT8 *) (UINTN) FirmwareBlobBase;
+ HashSize = (UINTN) CfgRegionOffset;
+ Status = HashUpdate (HashHandle, HashBase, HashSize);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
+ return Status;
+ }
+
+ /** Hash FSP binary after UDP **/
+ HashBase = (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgRegionSize;
+ HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSize);
+ Status = HashUpdate (HashHandle, HashBase, HashSize);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
+ return Status;
+ }
+
+ /** Finalize the SHA hash. **/
+ Status = HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status));
+ return Status;
+ }
+
+ Status = TpmMeasureAndLogDataWithFlags (
+ 0,
+ FvEventType,
+ FvEventLog,
+ FvEventLogSize,
+ (UINT8 *) &DigestList,
+ (UINTN) sizeof(DigestList),
+ EDKII_TCG_PRE_HASH_LOG_ONLY
+ );
+
+ Status = TpmMeasureAndLogData (
+ 1,
+ EV_PLATFORM_CONFIG_FLAGS,
+ UpdEventLog,
+ UpdEventLogSize,
+ (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset,
+ CfgRegionSize
+ );
+
+ return Status;
+}
+
+/**
+ Measure a FSP FirmwareBlob.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] Description Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+MeasureFspFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ )
+{
+ UINT32 FspMeasureMask;
+ FSP_INFO_HEADER *FspHeaderPtr;
+
+ FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
+ if ((FspMeasureMask & FSP_MEASURE_FSPUPD) != 0) {
+ FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (FirmwareBlobBase);
+ if (FspHeaderPtr != NULL) {
+ return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, FirmwareBlobLength,
+ FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize);
+ }
+ }
+
+ return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, FirmwareBlobLength);
+}
+
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v3 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
` (2 preceding siblings ...)
2020-08-14 6:31 ` [PATCH v3 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
@ 2020-08-14 6:31 ` Qi Zhang
2020-08-18 3:15 ` Chiu, Chasel
2020-08-14 6:31 ` [PATCH v3 5/8] SecurityPkg/dsc: add FvEventLogRecordLib Qi Zhang
` (5 subsequent siblings)
9 siblings, 1 reply; 14+ messages in thread
From: Qi Zhang @ 2020-08-14 6:31 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++++++++++++++-
.../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +++--
.../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++++++++++++++-
.../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +++---
4 files changed, 204 insertions(+), 19 deletions(-)
diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
index 265b77ed60..24ab534620 100644
--- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
+++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
@@ -3,7 +3,7 @@
register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
notify to call FspSiliconInit API.
- Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -25,11 +25,14 @@
#include <Library/FspWrapperPlatformLib.h>
#include <Library/FspWrapperHobProcessLib.h>
#include <Library/FspWrapperApiLib.h>
+#include <Library/FspMeasurementLib.h>
#include <Ppi/FspSiliconInitDone.h>
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/MemoryDiscovered.h>
#include <Ppi/SecPlatformInformation.h>
+#include <Ppi/Tcg.h>
+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
#include <Library/FspWrapperApiTestLib.h>
#include <FspEas.h>
#include <FspStatusCode.h>
@@ -147,7 +150,21 @@ FspmWrapperInit (
VOID
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi;
+ EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList;
+
+ MeasurementExcludedFvPpi = AllocatePool (sizeof(*MeasurementExcludedFvPpi));
+ ASSERT(MeasurementExcludedFvPpi != NULL);
+ MeasurementExcludedFvPpi->Count = 1;
+ MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspmBaseAddress);
+ MeasurementExcludedFvPpi->Fv[0].FvLength = ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength;
+
+ MeasurementExcludedPpiList = AllocatePool (sizeof(*MeasurementExcludedPpiList));
+ ASSERT(MeasurementExcludedPpiList != NULL);
+ MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
+ MeasurementExcludedPpiList->Guid = &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
+ MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
Status = EFI_SUCCESS;
@@ -155,6 +172,9 @@ FspmWrapperInit (
Status = PeiFspMemoryInit ();
ASSERT_EFI_ERROR (Status);
} else {
+ Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
+ ASSERT_EFI_ERROR (Status);
+
PeiServicesInstallFvInfoPpi (
NULL,
(VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress),
@@ -167,6 +187,67 @@ FspmWrapperInit (
return Status;
}
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ );
+
+EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEdkiiTcgPpiGuid,
+ TcgPpiNotify
+};
+
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ )
+{
+ UINT32 FspMeasureMask;
+
+ DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n"));
+
+ FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
+
+ if ((FspMeasureMask & FSP_MEASURE_FSPT) != 0) {
+ MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFsptBaseAddress))->FvLength);
+ }
+
+ if ((FspMeasureMask & FSP_MEASURE_FSPM) != 0) {
+ MeasureFspFirmwareBlob (0, "FSPM", PcdGet32(PcdFspmBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength);
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
This is the entrypoint of PEIM
@@ -182,8 +263,13 @@ FspmWrapperPeimEntryPoint (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
+ EFI_STATUS Status;
+
DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n"));
+ Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
+ ASSERT_EFI_ERROR (Status);
+
FspmWrapperInit ();
return EFI_SUCCESS;
diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
index dce7ef3d0b..c3578397b6 100644
--- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
@@ -6,7 +6,7 @@
# register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
# notify to call FspSiliconInit API.
#
-# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -44,17 +44,22 @@
TimerLib
FspWrapperApiLib
FspWrapperApiTestLib
+ FspMeasurementLib
[Packages]
MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
UefiCpuPkg/UefiCpuPkg.dec
+ SecurityPkg/SecurityPkg.dec
IntelFsp2Pkg/IntelFsp2Pkg.dec
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
[Pcd]
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES
[Sources]
FspmWrapperPeim.c
@@ -63,5 +68,10 @@
gFspHobGuid ## PRODUCES ## HOB
gFspApiPerformanceGuid ## SOMETIMES_CONSUMES ## GUID
+[Ppis]
+ gEdkiiTcgPpiGuid ## NOTIFY
+ gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES
+
[Depex]
- gEfiPeiMasterBootModePpiGuid
+ gEfiPeiMasterBootModePpiGuid AND
+ gPeiTpmInitializationDonePpiGuid
diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
index b20f0805a0..9d4f279e81 100644
--- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
+++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
@@ -3,7 +3,7 @@
register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
notify to call FspSiliconInit API.
- Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -24,12 +24,15 @@
#include <Library/TimerLib.h>
#include <Library/PerformanceLib.h>
#include <Library/FspWrapperApiLib.h>
+#include <Library/FspMeasurementLib.h>
#include <Ppi/FspSiliconInitDone.h>
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/MemoryDiscovered.h>
#include <Ppi/TemporaryRamDone.h>
#include <Ppi/SecPlatformInformation.h>
+#include <Ppi/Tcg.h>
+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
#include <Library/FspWrapperApiTestLib.h>
#include <FspEas.h>
#include <FspStatusCode.h>
@@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode (
VOID
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi;
+ EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList;
+
+ MeasurementExcludedFvPpi = AllocatePool (sizeof(*MeasurementExcludedFvPpi));
+ ASSERT(MeasurementExcludedFvPpi != NULL);
+ MeasurementExcludedFvPpi->Count = 1;
+ MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspsBaseAddress);
+ MeasurementExcludedFvPpi->Fv[0].FvLength = ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength;
+
+ MeasurementExcludedPpiList = AllocatePool (sizeof(*MeasurementExcludedPpiList));
+ ASSERT(MeasurementExcludedPpiList != NULL);
+ MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
+ MeasurementExcludedPpiList->Guid = &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
+ MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
+
+ Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
+ ASSERT_EFI_ERROR (Status);
+
//
// FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI dispatcher.
//
@@ -398,6 +419,62 @@ FspsWrapperInitDispatchMode (
return Status;
}
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ );
+
+EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEdkiiTcgPpiGuid,
+ TcgPpiNotify
+};
+
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ )
+{
+ UINT32 FspMeasureMask;
+
+ DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n"));
+
+ FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
+
+ if ((FspMeasureMask & FSP_MEASURE_FSPS) != 0) {
+ MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength);
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
This is the entrypoint of PEIM.
@@ -413,8 +490,13 @@ FspsWrapperPeimEntryPoint (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
+ EFI_STATUS Status;
+
DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n"));
+ Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
+ ASSERT_EFI_ERROR (Status);
+
if (PcdGet8 (PcdFspModeSelection) == 1) {
FspsWrapperInitApiMode ();
} else {
diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
index 7da92991c8..884514747f 100644
--- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
@@ -6,7 +6,7 @@
# register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
# notify to call FspSiliconInit API.
#
-# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -44,24 +44,30 @@
PerformanceLib
FspWrapperApiLib
FspWrapperApiTestLib
+ FspMeasurementLib
[Packages]
MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
UefiCpuPkg/UefiCpuPkg.dec
+ SecurityPkg/SecurityPkg.dec
IntelFsp2Pkg/IntelFsp2Pkg.dec
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
[Ppis]
- gTopOfTemporaryRamPpiGuid ## PRODUCES
- gFspSiliconInitDonePpiGuid ## PRODUCES
- gEfiEndOfPeiSignalPpiGuid ## PRODUCES
- gEfiTemporaryRamDonePpiGuid ## PRODUCES
- gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY
+ gTopOfTemporaryRamPpiGuid ## PRODUCES
+ gFspSiliconInitDonePpiGuid ## PRODUCES
+ gEfiEndOfPeiSignalPpiGuid ## PRODUCES
+ gEfiTemporaryRamDonePpiGuid ## PRODUCES
+ gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY
+ gEdkiiTcgPpiGuid ## NOTIFY
+ gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES
[Pcd]
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES
[Guids]
gFspHobGuid ## CONSUMES ## HOB
@@ -71,4 +77,5 @@
FspsWrapperPeim.c
[Depex]
- gEfiPeiMemoryDiscoveredPpiGuid
+ gEfiPeiMemoryDiscoveredPpiGuid AND
+ gPeiTpmInitializationDonePpiGuid
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v3 5/8] SecurityPkg/dsc: add FvEventLogRecordLib
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
` (3 preceding siblings ...)
2020-08-14 6:31 ` [PATCH v3 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
@ 2020-08-14 6:31 ` Qi Zhang
2020-08-14 6:31 ` [PATCH v3 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig Qi Zhang
` (4 subsequent siblings)
9 siblings, 0 replies; 14+ messages in thread
From: Qi Zhang @ 2020-08-14 6:31 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
SecurityPkg/SecurityPkg.dec | 3 +++
SecurityPkg/SecurityPkg.dsc | 2 ++
2 files changed, 5 insertions(+)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 42fc48cc1f..d20a800f68 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -84,6 +84,9 @@
#
VariableKeyLib|Include/Library/VariableKeyLib.h
+ ## @libraryclass Provides interfaces about firmware TPM measurement.
+ #
+ FvEventLogRecordLib|Include/Library/FvEventLogRecordLib.h
[Guids]
## Security package token space guid.
# Include/Guid/SecurityPkgTokenSpace.h
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 28effe3eda..38e6d0f1a5 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -66,6 +66,7 @@
ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf
VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
+ FvEventLogRecordLib|SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf
[LibraryClasses.ARM]
#
@@ -240,6 +241,7 @@
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf
+ SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v3 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig.
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
` (4 preceding siblings ...)
2020-08-14 6:31 ` [PATCH v3 5/8] SecurityPkg/dsc: add FvEventLogRecordLib Qi Zhang
@ 2020-08-14 6:31 ` Qi Zhang
2020-08-14 6:31 ` [PATCH v3 7/8] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY Qi Zhang
` (3 subsequent siblings)
9 siblings, 0 replies; 14+ messages in thread
From: Qi Zhang @ 2020-08-14 6:31 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 +++++++++++++++++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 6 +++++-
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
index faf2be621c..cb41ca9807 100644
--- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
+++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
@@ -92,6 +92,23 @@
#
gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection|0x00000001|UINT8|0x4000000A
+ ## This PCD decides how FSP is measured
+ # 1) The BootGuard ACM may already measured the FSP component, such as FSPT/FSPM.
+ # We need a flag (PCD) to indicate if there is need to do such FSP measurement or NOT.
+ # 2) The FSP binary includes FSP code and FSP UPD region. The UPD region is considered
+ # as configuration block, and it may be updated by OEM by design.
+ # This flag (PCD) is to indicate if we need isolate the the UPD region from the FSP code region.
+ # BIT0: Need measure FSP. (for FSP1.x) - reserved in FSP2.
+ # BIT1: Need measure FSPT. (for FSP 2.x)
+ # BIT2: Need measure FSPM. (for FSP 2.x)
+ # BIT3: Need measure FSPS. (for FSP 2.x)
+ # BIT4~30: reserved.
+ # BIT31: Need isolate UPD region measurement.
+ #0: measure FSP[T|M|S] as one binary in one record (PCR0).
+ #1: measure FSP UPD region in one record (PCR1), the FSP code without UPD in another record (PCR0).
+ #
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x00000000|UINT32|0x4000000B
+
[PcdsFixedAtBuild, PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx]
#
## These are the base address of FSP-M/S
diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
index cb4f69285d..9bed45b89b 100644
--- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
+++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
@@ -1,7 +1,7 @@
## @file
# Provides drivers and definitions to support fsp in EDKII bios.
#
-# Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -45,6 +45,7 @@
# FSP Wrapper Lib
FspWrapperApiLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/BaseFspWrapperApiLib.inf
FspWrapperApiTestLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiTestLibNull/BaseFspWrapperApiTestLibNull.inf
+ FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
# FSP platform sample
FspWrapperPlatformLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperPlatformLibSample/BaseFspWrapperPlatformLibSample.inf
@@ -57,6 +58,8 @@
PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
+ FvEventLogRecordLib|SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf
[LibraryClasses.common.DXE_DRIVER]
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
@@ -73,6 +76,7 @@
IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSample/SecFspWrapperPlatformSecLibSample.inf
IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProcessLibSample/PeiFspWrapperHobProcessLibSample.inf
IntelFsp2WrapperPkg/Library/PeiFspWrapperApiTestLib/PeiFspWrapperApiTestLib.inf
+ IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v3 7/8] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
` (5 preceding siblings ...)
2020-08-14 6:31 ` [PATCH v3 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig Qi Zhang
@ 2020-08-14 6:31 ` Qi Zhang
2020-08-14 6:31 ` [PATCH v3 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib Qi Zhang
` (2 subsequent siblings)
9 siblings, 0 replies; 14+ messages in thread
From: Qi Zhang @ 2020-08-14 6:31 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Rahul Kumar
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
SecurityPkg/Include/Ppi/Tcg.h | 5 +++++
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +++++++-----
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
index 0e943f2465..22f47f9817 100644
--- a/SecurityPkg/Include/Ppi/Tcg.h
+++ b/SecurityPkg/Include/Ppi/Tcg.h
@@ -18,6 +18,11 @@ typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
//
#define EDKII_TCG_PRE_HASH 0x0000000000000001
+//
+// This bit is shall be set when HashData is the pre-hash digest and log only.
+//
+#define EDKII_TCG_PRE_HASH_LOG_ONLY 0x0000000000000002
+
/**
Tpm measure and log data, and extend the measurement result into a specific PCR.
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 246968bb7f..0e770f4485 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -453,13 +453,15 @@ HashLogExtendEvent (
return EFI_DEVICE_ERROR;
}
- if(Flags & EDKII_TCG_PRE_HASH) {
+ if ((Flags & EDKII_TCG_PRE_HASH) != 0 || (Flags & EDKII_TCG_PRE_HASH_LOG_ONLY) != 0) {
ZeroMem (&DigestList, sizeof(DigestList));
CopyMem (&DigestList, HashData, sizeof(DigestList));
- Status = Tpm2PcrExtend (
- 0,
- &DigestList
- );
+ if ((Flags & EDKII_TCG_PRE_HASH) !=0 ) {
+ Status = Tpm2PcrExtend (
+ NewEventHdr->PCRIndex,
+ &DigestList
+ );
+ }
} else {
Status = HashAndExtend (
NewEventHdr->PCRIndex,
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* [PATCH v3 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
` (6 preceding siblings ...)
2020-08-14 6:31 ` [PATCH v3 7/8] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY Qi Zhang
@ 2020-08-14 6:31 ` Qi Zhang
2020-08-18 3:15 ` Chiu, Chasel
2020-08-15 12:07 ` [PATCH v3 0/8] Need add a FSP binary measurement Yao, Jiewen
2020-08-18 1:37 ` Wang, Jian J
9 siblings, 1 reply; 14+ messages in thread
From: Qi Zhang @ 2020-08-14 6:31 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
index 9bed45b89b..767d547844 100644
--- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
+++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
@@ -52,6 +52,8 @@
PlatformSecLib|IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSample/SecFspWrapperPlatformSecLibSample.inf
FspWrapperHobProcessLib|IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProcessLibSample/PeiFspWrapperHobProcessLibSample.inf
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+
[LibraryClasses.common.PEIM,LibraryClasses.common.PEI_CORE]
PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
@@ -60,6 +62,8 @@
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
FvEventLogRecordLib|SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
[LibraryClasses.common.DXE_DRIVER]
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [PATCH v3 0/8] Need add a FSP binary measurement
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
` (7 preceding siblings ...)
2020-08-14 6:31 ` [PATCH v3 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib Qi Zhang
@ 2020-08-15 12:07 ` Yao, Jiewen
2020-08-18 1:37 ` Wang, Jian J
9 siblings, 0 replies; 14+ messages in thread
From: Yao, Jiewen @ 2020-08-15 12:07 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Wang, Jian J, Wu, Hao A, Chiu, Chasel, Desimone, Nathaniel L,
Zeng, Star
Hi Qi
Thanks for the update.
The name FvEventLogRecordLib is confusing. It is more than Fv.
Maybe we can rename it to TcgEventLogRecordLib ?
With naming change, the series reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
Thank you
Yao Jiewen
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, August 14, 2020 2:32 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Chiu,
> Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>
> Subject: [PATCH v3 0/8] Need add a FSP binary measurement
>
> v3 change:
> add a new lib FvEventLogRecordLib for gerneric code.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> The EDKII BIOS calls FSP API in FSP Wrapper Pkg.
> This FSP code need to be measured into TPM.
>
> We need add a generic module in FSP Wrapper Pkg code to measure:
> 1) FSP-T, FSP-M, FSP-S in API mode.
> 2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported
> as standard FV and they will be measured by TCG-PEI.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
>
> Jiewen Yao (4):
> IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
> IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
> IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
> IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and
> PcdFspMeasurementConfig.
>
> Qi Zhang (4):
> SecurityPkg/FvEventLogRecordLib: add new lib for firmware measurement
> SecurityPkg/dsc: add FvEventLogRecordLib
> SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
> IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
>
> .../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++-
> .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +-
> .../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++-
> .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +-
> .../Include/Library/FspMeasurementLib.h | 39 +++
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 ++
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 10 +-
> .../BaseFspMeasurementLib.inf | 54 ++++
> .../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
> .../Include/Library/FvEventLogRecordLib.h | 97 +++++++
> SecurityPkg/Include/Ppi/Tcg.h | 5 +
> .../FvEventLogRecordLib/FvEventLogRecordLib.c | 197 ++++++++++++++
> .../FvEventLogRecordLib.inf | 40 +++
> .../FvEventLogRecordLib.uni | 17 ++
> SecurityPkg/SecurityPkg.dec | 3 +
> SecurityPkg/SecurityPkg.dsc | 2 +
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +-
> 17 files changed, 939 insertions(+), 25 deletions(-)
> create mode 100644
> IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
> create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLi
> b.inf
> create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
> create mode 100644 SecurityPkg/Include/Library/FvEventLogRecordLib.h
> create mode 100644
> SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.c
> create mode 100644
> SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf
> create mode 100644
> SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.uni
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v3 0/8] Need add a FSP binary measurement
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
` (8 preceding siblings ...)
2020-08-15 12:07 ` [PATCH v3 0/8] Need add a FSP binary measurement Yao, Jiewen
@ 2020-08-18 1:37 ` Wang, Jian J
9 siblings, 0 replies; 14+ messages in thread
From: Wang, Jian J @ 2020-08-18 1:37 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Yao, Jiewen, Wu, Hao A, Chiu, Chasel, Desimone, Nathaniel L,
Zeng, Star
For the whole series,
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, August 14, 2020 2:32 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Chiu,
> Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>
> Subject: [PATCH v3 0/8] Need add a FSP binary measurement
>
> v3 change:
> add a new lib FvEventLogRecordLib for gerneric code.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> The EDKII BIOS calls FSP API in FSP Wrapper Pkg.
> This FSP code need to be measured into TPM.
>
> We need add a generic module in FSP Wrapper Pkg code to measure:
> 1) FSP-T, FSP-M, FSP-S in API mode.
> 2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported
> as standard FV and they will be measured by TCG-PEI.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
>
> Jiewen Yao (4):
> IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
> IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
> IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
> IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and
> PcdFspMeasurementConfig.
>
> Qi Zhang (4):
> SecurityPkg/FvEventLogRecordLib: add new lib for firmware measurement
> SecurityPkg/dsc: add FvEventLogRecordLib
> SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
> IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
>
> .../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++-
> .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +-
> .../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++-
> .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +-
> .../Include/Library/FspMeasurementLib.h | 39 +++
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 ++
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 10 +-
> .../BaseFspMeasurementLib.inf | 54 ++++
> .../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
> .../Include/Library/FvEventLogRecordLib.h | 97 +++++++
> SecurityPkg/Include/Ppi/Tcg.h | 5 +
> .../FvEventLogRecordLib/FvEventLogRecordLib.c | 197 ++++++++++++++
> .../FvEventLogRecordLib.inf | 40 +++
> .../FvEventLogRecordLib.uni | 17 ++
> SecurityPkg/SecurityPkg.dec | 3 +
> SecurityPkg/SecurityPkg.dsc | 2 +
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +-
> 17 files changed, 939 insertions(+), 25 deletions(-)
> create mode 100644
> IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
> create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLi
> b.inf
> create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
> create mode 100644 SecurityPkg/Include/Library/FvEventLogRecordLib.h
> create mode 100644
> SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.c
> create mode 100644
> SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.inf
> create mode 100644
> SecurityPkg/Library/FvEventLogRecordLib/FvEventLogRecordLib.uni
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v3 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
2020-08-14 6:31 ` [PATCH v3 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
@ 2020-08-18 3:15 ` Chiu, Chasel
0 siblings, 0 replies; 14+ messages in thread
From: Chiu, Chasel @ 2020-08-18 3:15 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Yao, Jiewen, Desimone, Nathaniel L, Zeng, Star
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, August 14, 2020 2:32 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chiu, Chasel
> <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>; Zhang,
> Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v3 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add
> BaseFspMeasurementLib.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../BaseFspMeasurementLib.inf | 54 ++++
> .../BaseFspMeasurementLib/FspMeasurementLib.c | 248
> ++++++++++++++++++
> 2 files changed, 302 insertions(+)
> create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasuremen
> tLib.inf
> create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.
> c
>
> diff --git
> a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurem
> entLib.inf
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurem
> entLib.inf
> new file mode 100644
> index 0000000000..9c0dd9fb40
> --- /dev/null
> +++
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurem
> entLib.inf
> @@ -0,0 +1,54 @@
> +## @file
>
> +# Provides FSP measurement functions.
>
> +#
>
> +# This library provides MeasureFspFirmwareBlob() to measure FSP binary.
>
> +#
>
> +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +#
>
> +##
>
> +
>
> +[Defines]
>
> + INF_VERSION = 0x00010005
>
> + BASE_NAME = FspMeasurementLib
>
> + FILE_GUID =
> 9A62C49D-C45A-4322-9F3C-45958DF0056B
>
> + MODULE_TYPE = BASE
>
> + VERSION_STRING = 1.0
>
> + LIBRARY_CLASS = FspMeasurementLib
>
> +
>
> +#
>
> +# The following information is for reference only and not required by the
> build tools.
>
> +#
>
> +# VALID_ARCHITECTURES = IA32 X64
>
> +#
>
> +
>
> +[Sources]
>
> + FspMeasurementLib.c
>
> +
>
> +[Packages]
>
> + MdePkg/MdePkg.dec
>
> + MdeModulePkg/MdeModulePkg.dec
>
> + SecurityPkg/SecurityPkg.dec
>
> + IntelFsp2Pkg/IntelFsp2Pkg.dec
>
> + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
>
> +
>
> +[LibraryClasses]
>
> + BaseLib
>
> + BaseMemoryLib
>
> + DebugLib
>
> + PrintLib
>
> + PcdLib
>
> + PeiServicesLib
>
> + PeiServicesTablePointerLib
>
> + FspWrapperApiLib
>
> + FvEventLogRecordLib
>
> + HashLib
>
> +
>
> +[Ppis]
>
> + gEdkiiTcgPpiGuid
> ## CONSUMES
>
> +
>
> +[Pcd]
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig
> ## CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress
> ## CONSUMES
>
> + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision
> ## CONSUMES
>
> +
>
> diff --git
> a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLi
> b.c
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLi
> b.c
> new file mode 100644
> index 0000000000..adb4393426
> --- /dev/null
> +++
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLi
> b.c
> @@ -0,0 +1,248 @@
> +/** @file
>
> + This library is used by FSP modules to measure data to TPM.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#include <PiPei.h>
>
> +#include <Uefi.h>
>
> +
>
> +#include <Library/BaseMemoryLib.h>
>
> +#include <Library/PeiServicesLib.h>
>
> +#include <Library/PeiServicesTablePointerLib.h>
>
> +#include <Library/PcdLib.h>
>
> +#include <Library/PrintLib.h>
>
> +#include <Library/DebugLib.h>
>
> +#include <Library/FspWrapperApiLib.h>
>
> +#include <Library/TpmMeasurementLib.h>
>
> +#include <Library/FspMeasurementLib.h>
>
> +#include <Library/FvEventLogRecordLib.h>
>
> +#include <Library/HashLib.h>
>
> +
>
> +#include <Ppi/Tcg.h>
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a
> specific PCR.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] EventType Event type.
>
> + @param[in] EventLog Measurement event log.
>
> + @param[in] LogLen Event log length in bytes.
>
> + @param[in] HashData The start of the data buffer to be
> hashed, extended.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer
> referenced by HashData
>
> + @param[in] Flags Bitmap providing additional
> information.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TpmMeasureAndLogDataWithFlags (
>
> + IN UINT32 PcrIndex,
>
> + IN UINT32 EventType,
>
> + IN VOID *EventLog,
>
> + IN UINT32 LogLen,
>
> + IN VOID *HashData,
>
> + IN UINT64 HashDataLen,
>
> + IN UINT64 Flags
>
> + )
>
> +{
>
> + EFI_STATUS Status;
>
> + EDKII_TCG_PPI *TcgPpi;
>
> + TCG_PCR_EVENT_HDR TcgEventHdr;
>
> +
>
> + Status = PeiServicesLocatePpi(
>
> + &gEdkiiTcgPpiGuid,
>
> + 0,
>
> + NULL,
>
> + (VOID**)&TcgPpi
>
> + );
>
> + if (EFI_ERROR(Status)) {
>
> + return Status;
>
> + }
>
> +
>
> + TcgEventHdr.PCRIndex = PcrIndex;
>
> + TcgEventHdr.EventType = EventType;
>
> + TcgEventHdr.EventSize = LogLen;
>
> +
>
> + Status = TcgPpi->HashLogExtendEvent (
>
> + TcgPpi,
>
> + Flags,
>
> + HashData,
>
> + (UINTN)HashDataLen,
>
> + &TcgEventHdr,
>
> + EventLog
>
> + );
>
> + return Status;
>
> +}
>
> +
>
> +/**
>
> + Measure a FSP FirmwareBlob.
>
> +
>
> + @param[in] Description Description for this
> FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this
> FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this
> FirmwareBlob.
>
> + @param[in] CfgRegionOffset Configuration region offset in
> bytes.
>
> + @param[in] CfgRegionSize Configuration region in bytes.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +STATIC
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFspFirmwareBlobWithCfg (
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength,
>
> + IN UINT32 CfgRegionOffset,
>
> + IN UINT32 CfgRegionSize
>
> + )
>
> +{
>
> + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UpdBlob;
>
> + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UpdBlob2;
>
> + VOID *FvName;
>
> + UINT32 FvEventType;
>
> + VOID *FvEventLog, *UpdEventLog;
>
> + UINT32 FvEventLogSize,
> UpdEventLogSize;
>
> + EFI_STATUS Status;
>
> + HASH_HANDLE HashHandle;
>
> + UINT8 *HashBase;
>
> + UINTN HashSize;
>
> + TPML_DIGEST_VALUES DigestList;
>
> +
>
> + FvName = TpmMeasurementGetFvName (FirmwareBlobBase,
> FirmwareBlobLength);
>
> +
>
> + if (((Description != NULL) || (FvName != NULL)) &&
>
> + (PcdGet32(PcdTcgPfpMeasurementRevision) >=
> TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
>
> + if (Description != NULL) {
>
> + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
> sizeof(FvBlob2.BlobDescription), "%a", Description);
>
> + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription,
> sizeof(UpdBlob2.BlobDescription), "%aUDP", Description);
>
> + } else {
>
> + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
> sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
>
> + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription,
> sizeof(UpdBlob2.BlobDescription), "(%g)UDP", FvName);
>
> + }
>
> +
>
> + FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
>
> + FvBlob2.BlobBase = FirmwareBlobBase;
>
> + FvBlob2.BlobLength = FirmwareBlobLength;
>
> + FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
>
> + FvEventLog = &FvBlob2;
>
> + FvEventLogSize = sizeof(FvBlob2);
>
> +
>
> + UpdBlob2.BlobDescriptionSize = sizeof(UpdBlob2.BlobDescription);
>
> + UpdBlob2.BlobBase = CfgRegionOffset;
>
> + UpdBlob2.BlobLength = CfgRegionSize;
>
> + UpdEventLog = &UpdBlob2;
>
> + UpdEventLogSize = sizeof(UpdBlob2);
>
> + } else {
>
> + FvBlob.BlobBase = FirmwareBlobBase;
>
> + FvBlob.BlobLength = FirmwareBlobLength;
>
> + FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
>
> + FvEventLog = &FvBlob;
>
> + FvEventLogSize = sizeof(FvBlob);
>
> +
>
> + UpdBlob.BlobBase = CfgRegionOffset;
>
> + UpdBlob.BlobLength = CfgRegionSize;
>
> + UpdEventLog = &UpdBlob;
>
> + UpdEventLogSize = sizeof(UpdBlob);
>
> + }
>
> +
>
> + /** Initialize a SHA hash context. **/
>
> + Status = HashStart (&HashHandle);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));
>
> + return Status;
>
> + }
>
> +
>
> + /** Hash FSP binary before UDP **/
>
> + HashBase = (UINT8 *) (UINTN) FirmwareBlobBase;
>
> + HashSize = (UINTN) CfgRegionOffset;
>
> + Status = HashUpdate (HashHandle, HashBase, HashSize);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
>
> + return Status;
>
> + }
>
> +
>
> + /** Hash FSP binary after UDP **/
>
> + HashBase = (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset +
> CfgRegionSize;
>
> + HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset -
> CfgRegionSize);
>
> + Status = HashUpdate (HashHandle, HashBase, HashSize);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
>
> + return Status;
>
> + }
>
> +
>
> + /** Finalize the SHA hash. **/
>
> + Status = HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n",
> Status));
>
> + return Status;
>
> + }
>
> +
>
> + Status = TpmMeasureAndLogDataWithFlags (
>
> + 0,
>
> + FvEventType,
>
> + FvEventLog,
>
> + FvEventLogSize,
>
> + (UINT8 *) &DigestList,
>
> + (UINTN) sizeof(DigestList),
>
> + EDKII_TCG_PRE_HASH_LOG_ONLY
>
> + );
>
> +
>
> + Status = TpmMeasureAndLogData (
>
> + 1,
>
> + EV_PLATFORM_CONFIG_FLAGS,
>
> + UpdEventLog,
>
> + UpdEventLogSize,
>
> + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset,
>
> + CfgRegionSize
>
> + );
>
> +
>
> + return Status;
>
> +}
>
> +
>
> +/**
>
> + Measure a FSP FirmwareBlob.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] Description Description for this
> FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this
> FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this
> FirmwareBlob.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFspFirmwareBlob (
>
> + IN UINT32 PcrIndex,
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength
>
> + )
>
> +{
>
> + UINT32 FspMeasureMask;
>
> + FSP_INFO_HEADER *FspHeaderPtr;
>
> +
>
> + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
>
> + if ((FspMeasureMask & FSP_MEASURE_FSPUPD) != 0) {
>
> + FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader
> (FirmwareBlobBase);
>
> + if (FspHeaderPtr != NULL) {
>
> + return MeasureFspFirmwareBlobWithCfg(Description,
> FirmwareBlobBase, FirmwareBlobLength,
>
> +
> FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize);
>
> + }
>
> + }
>
> +
>
> + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase,
> FirmwareBlobLength);
>
> +}
>
> +
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v3 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
2020-08-14 6:31 ` [PATCH v3 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
@ 2020-08-18 3:15 ` Chiu, Chasel
0 siblings, 0 replies; 14+ messages in thread
From: Chiu, Chasel @ 2020-08-18 3:15 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Yao, Jiewen, Desimone, Nathaniel L, Zeng, Star
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, August 14, 2020 2:32 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chiu, Chasel
> <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>; Zhang,
> Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v3 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add
> FspBin measurement.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../FspmWrapperPeim/FspmWrapperPeim.c | 90
> ++++++++++++++++++-
> .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +++--
> .../FspsWrapperPeim/FspsWrapperPeim.c | 86
> +++++++++++++++++-
> .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +++---
> 4 files changed, 204 insertions(+), 19 deletions(-)
>
> diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> index 265b77ed60..24ab534620 100644
> --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> @@ -3,7 +3,7 @@
> register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> notify to call FspSiliconInit API.
>
>
>
> - Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -25,11 +25,14 @@
> #include <Library/FspWrapperPlatformLib.h>
>
> #include <Library/FspWrapperHobProcessLib.h>
>
> #include <Library/FspWrapperApiLib.h>
>
> +#include <Library/FspMeasurementLib.h>
>
>
>
> #include <Ppi/FspSiliconInitDone.h>
>
> #include <Ppi/EndOfPeiPhase.h>
>
> #include <Ppi/MemoryDiscovered.h>
>
> #include <Ppi/SecPlatformInformation.h>
>
> +#include <Ppi/Tcg.h>
>
> +#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
>
> #include <Library/FspWrapperApiTestLib.h>
>
> #include <FspEas.h>
>
> #include <FspStatusCode.h>
>
> @@ -147,7 +150,21 @@ FspmWrapperInit (
> VOID
>
> )
>
> {
>
> - EFI_STATUS Status;
>
> + EFI_STATUS Status;
>
> + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI
> *MeasurementExcludedFvPpi;
>
> + EFI_PEI_PPI_DESCRIPTOR
> *MeasurementExcludedPpiList;
>
> +
>
> + MeasurementExcludedFvPpi = AllocatePool
> (sizeof(*MeasurementExcludedFvPpi));
>
> + ASSERT(MeasurementExcludedFvPpi != NULL);
>
> + MeasurementExcludedFvPpi->Count = 1;
>
> + MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32
> (PcdFspmBaseAddress);
>
> + MeasurementExcludedFvPpi->Fv[0].FvLength =
> ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFspmBaseAddress))->FvLength;
>
> +
>
> + MeasurementExcludedPpiList = AllocatePool
> (sizeof(*MeasurementExcludedPpiList));
>
> + ASSERT(MeasurementExcludedPpiList != NULL);
>
> + MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
>
> + MeasurementExcludedPpiList->Guid =
> &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
>
> + MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
>
>
>
> Status = EFI_SUCCESS;
>
>
>
> @@ -155,6 +172,9 @@ FspmWrapperInit (
> Status = PeiFspMemoryInit ();
>
> ASSERT_EFI_ERROR (Status);
>
> } else {
>
> + Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> PeiServicesInstallFvInfoPpi (
>
> NULL,
>
> (VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress),
>
> @@ -167,6 +187,67 @@ FspmWrapperInit (
> return Status;
>
> }
>
>
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the
> Notification event that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this
> function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + );
>
> +
>
> +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
>
> + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
>
> + &gEdkiiTcgPpiGuid,
>
> + TcgPpiNotify
>
> +};
>
> +
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the
> Notification event that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this
> function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + )
>
> +{
>
> + UINT32 FspMeasureMask;
>
> +
>
> + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n"));
>
> +
>
> + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
>
> +
>
> + if ((FspMeasureMask & FSP_MEASURE_FSPT) != 0) {
>
> + MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress),
>
> +
> (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFsptBaseAddress))->FvLength);
>
> + }
>
> +
>
> + if ((FspMeasureMask & FSP_MEASURE_FSPM) != 0) {
>
> + MeasureFspFirmwareBlob (0, "FSPM",
> PcdGet32(PcdFspmBaseAddress),
>
> +
> (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFspmBaseAddress))->FvLength);
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> /**
>
> This is the entrypoint of PEIM
>
>
>
> @@ -182,8 +263,13 @@ FspmWrapperPeimEntryPoint (
> IN CONST EFI_PEI_SERVICES **PeiServices
>
> )
>
> {
>
> + EFI_STATUS Status;
>
> +
>
> DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n"));
>
>
>
> + Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> FspmWrapperInit ();
>
>
>
> return EFI_SUCCESS;
>
> diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> index dce7ef3d0b..c3578397b6 100644
> --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> @@ -6,7 +6,7 @@
> # register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> # notify to call FspSiliconInit API.
>
> #
>
> -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> #
>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #
>
> @@ -44,17 +44,22 @@
> TimerLib
>
> FspWrapperApiLib
>
> FspWrapperApiTestLib
>
> + FspMeasurementLib
>
>
>
> [Packages]
>
> MdePkg/MdePkg.dec
>
> + MdeModulePkg/MdeModulePkg.dec
>
> UefiCpuPkg/UefiCpuPkg.dec
>
> + SecurityPkg/SecurityPkg.dec
>
> IntelFsp2Pkg/IntelFsp2Pkg.dec
>
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
>
>
>
> [Pcd]
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ##
> CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ##
> CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ##
> CONSUMES
>
>
>
> [Sources]
>
> FspmWrapperPeim.c
>
> @@ -63,5 +68,10 @@
> gFspHobGuid ## PRODUCES ## HOB
>
> gFspApiPerformanceGuid ## SOMETIMES_CONSUMES
> ## GUID
>
>
>
> +[Ppis]
>
> + gEdkiiTcgPpiGuid ##
> NOTIFY
>
> + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ##
> PRODUCES
>
> +
>
> [Depex]
>
> - gEfiPeiMasterBootModePpiGuid
>
> + gEfiPeiMasterBootModePpiGuid AND
>
> + gPeiTpmInitializationDonePpiGuid
>
> diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> index b20f0805a0..9d4f279e81 100644
> --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> @@ -3,7 +3,7 @@
> register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> notify to call FspSiliconInit API.
>
>
>
> - Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -24,12 +24,15 @@
> #include <Library/TimerLib.h>
>
> #include <Library/PerformanceLib.h>
>
> #include <Library/FspWrapperApiLib.h>
>
> +#include <Library/FspMeasurementLib.h>
>
>
>
> #include <Ppi/FspSiliconInitDone.h>
>
> #include <Ppi/EndOfPeiPhase.h>
>
> #include <Ppi/MemoryDiscovered.h>
>
> #include <Ppi/TemporaryRamDone.h>
>
> #include <Ppi/SecPlatformInformation.h>
>
> +#include <Ppi/Tcg.h>
>
> +#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
>
> #include <Library/FspWrapperApiTestLib.h>
>
> #include <FspEas.h>
>
> #include <FspStatusCode.h>
>
> @@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode (
> VOID
>
> )
>
> {
>
> - EFI_STATUS Status;
>
> + EFI_STATUS Status;
>
> + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI
> *MeasurementExcludedFvPpi;
>
> + EFI_PEI_PPI_DESCRIPTOR
> *MeasurementExcludedPpiList;
>
> +
>
> + MeasurementExcludedFvPpi = AllocatePool
> (sizeof(*MeasurementExcludedFvPpi));
>
> + ASSERT(MeasurementExcludedFvPpi != NULL);
>
> + MeasurementExcludedFvPpi->Count = 1;
>
> + MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32
> (PcdFspsBaseAddress);
>
> + MeasurementExcludedFvPpi->Fv[0].FvLength =
> ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFspsBaseAddress))->FvLength;
>
> +
>
> + MeasurementExcludedPpiList = AllocatePool
> (sizeof(*MeasurementExcludedPpiList));
>
> + ASSERT(MeasurementExcludedPpiList != NULL);
>
> + MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
>
> + MeasurementExcludedPpiList->Guid =
> &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
>
> + MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
>
> +
>
> + Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> //
>
> // FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI
> dispatcher.
>
> //
>
> @@ -398,6 +419,62 @@ FspsWrapperInitDispatchMode (
> return Status;
>
> }
>
>
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the
> Notification event that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this
> function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + );
>
> +
>
> +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
>
> + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
>
> + &gEdkiiTcgPpiGuid,
>
> + TcgPpiNotify
>
> +};
>
> +
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the
> Notification event that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this
> function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + )
>
> +{
>
> + UINT32 FspMeasureMask;
>
> +
>
> + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n"));
>
> +
>
> + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
>
> +
>
> + if ((FspMeasureMask & FSP_MEASURE_FSPS) != 0) {
>
> + MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress),
>
> +
> (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFspsBaseAddress))->FvLength);
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> /**
>
> This is the entrypoint of PEIM.
>
>
>
> @@ -413,8 +490,13 @@ FspsWrapperPeimEntryPoint (
> IN CONST EFI_PEI_SERVICES **PeiServices
>
> )
>
> {
>
> + EFI_STATUS Status;
>
> +
>
> DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n"));
>
>
>
> + Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> if (PcdGet8 (PcdFspModeSelection) == 1) {
>
> FspsWrapperInitApiMode ();
>
> } else {
>
> diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> index 7da92991c8..884514747f 100644
> --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> @@ -6,7 +6,7 @@
> # register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> # notify to call FspSiliconInit API.
>
> #
>
> -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> #
>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #
>
> @@ -44,24 +44,30 @@
> PerformanceLib
>
> FspWrapperApiLib
>
> FspWrapperApiTestLib
>
> + FspMeasurementLib
>
>
>
> [Packages]
>
> MdePkg/MdePkg.dec
>
> + MdeModulePkg/MdeModulePkg.dec
>
> UefiCpuPkg/UefiCpuPkg.dec
>
> + SecurityPkg/SecurityPkg.dec
>
> IntelFsp2Pkg/IntelFsp2Pkg.dec
>
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
>
>
>
> [Ppis]
>
> - gTopOfTemporaryRamPpiGuid ## PRODUCES
>
> - gFspSiliconInitDonePpiGuid ## PRODUCES
>
> - gEfiEndOfPeiSignalPpiGuid ## PRODUCES
>
> - gEfiTemporaryRamDonePpiGuid ## PRODUCES
>
> - gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY
>
> + gTopOfTemporaryRamPpiGuid ##
> PRODUCES
>
> + gFspSiliconInitDonePpiGuid ##
> PRODUCES
>
> + gEfiEndOfPeiSignalPpiGuid ##
> PRODUCES
>
> + gEfiTemporaryRamDonePpiGuid ##
> PRODUCES
>
> + gEfiPeiMemoryDiscoveredPpiGuid ##
> NOTIFY
>
> + gEdkiiTcgPpiGuid ##
> NOTIFY
>
> + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ##
> PRODUCES
>
>
>
> [Pcd]
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ##
> CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ##
> CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ##
> CONSUMES
>
>
>
> [Guids]
>
> gFspHobGuid ## CONSUMES ## HOB
>
> @@ -71,4 +77,5 @@
> FspsWrapperPeim.c
>
>
>
> [Depex]
>
> - gEfiPeiMemoryDiscoveredPpiGuid
>
> + gEfiPeiMemoryDiscoveredPpiGuid AND
>
> + gPeiTpmInitializationDonePpiGuid
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PATCH v3 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
2020-08-14 6:31 ` [PATCH v3 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib Qi Zhang
@ 2020-08-18 3:15 ` Chiu, Chasel
0 siblings, 0 replies; 14+ messages in thread
From: Chiu, Chasel @ 2020-08-18 3:15 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Yao, Jiewen, Desimone, Nathaniel L, Zeng, Star
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, August 14, 2020 2:32 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>
> Subject: [PATCH v3 8/8] IntelFsp2WrapperPkg/dsc: add HashLib,
> Tpm2CommandLib and Tpm2DeviceLib
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> ---
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> index 9bed45b89b..767d547844 100644
> --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> @@ -52,6 +52,8 @@
>
> PlatformSecLib|IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibS
> ample/SecFspWrapperPlatformSecLibSample.inf
>
>
> FspWrapperHobProcessLib|IntelFsp2WrapperPkg/Library/PeiFspWrapperHob
> ProcessLibSample/PeiFspWrapperHobProcessLibSample.inf
>
>
>
> +
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandL
> ib.inf
>
> +
>
> [LibraryClasses.common.PEIM,LibraryClasses.common.PEI_CORE]
>
> PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
>
>
> PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiSe
> rvicesTablePointerLib.inf
>
> @@ -60,6 +62,8 @@
> HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
>
>
> TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmM
> easurementLib.inf
>
>
> FvEventLogRecordLib|SecurityPkg/Library/FvEventLogRecordLib/FvEventLogR
> ecordLib.inf
>
> +
> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoR
> outerPei.inf
>
> +
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTp
> m.inf
>
>
>
> [LibraryClasses.common.DXE_DRIVER]
>
>
> UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryP
> oint.inf
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-08-18 3:15 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-08-14 6:31 [PATCH v3 0/8] Need add a FSP binary measurement Qi Zhang
2020-08-14 6:31 ` [PATCH v3 1/8] SecurityPkg/FvEventLogRecordLib: add new lib for firmware measurement Qi Zhang
2020-08-14 6:31 ` [PATCH v3 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file Qi Zhang
2020-08-14 6:31 ` [PATCH v3 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
2020-08-18 3:15 ` Chiu, Chasel
2020-08-14 6:31 ` [PATCH v3 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
2020-08-18 3:15 ` Chiu, Chasel
2020-08-14 6:31 ` [PATCH v3 5/8] SecurityPkg/dsc: add FvEventLogRecordLib Qi Zhang
2020-08-14 6:31 ` [PATCH v3 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig Qi Zhang
2020-08-14 6:31 ` [PATCH v3 7/8] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY Qi Zhang
2020-08-14 6:31 ` [PATCH v3 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib Qi Zhang
2020-08-18 3:15 ` Chiu, Chasel
2020-08-15 12:07 ` [PATCH v3 0/8] Need add a FSP binary measurement Yao, Jiewen
2020-08-18 1:37 ` Wang, Jian J
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox