From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com []) by mx.groups.io with SMTP id smtpd.web12.60531.1597731984824754947 for ; Mon, 17 Aug 2020 23:26:29 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: qi1.zhang@intel.com) IronPort-SDR: 5KbnIewDG09NS88e+bNoCWg41IDJficNf7WA4j934Pait8wchyS0JvWCmWs7Vc06Tlj4eSYsUk yxGNzUjs56rA== X-IronPort-AV: E=McAfee;i="6000,8403,9716"; a="155932644" X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="155932644" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Aug 2020 23:26:29 -0700 IronPort-SDR: n0A4KUxan13yZjzj+L1P7Ip7E3Easck6sBdCj7CZfaACGxCKwYAH3FfBjyTD4JzkgF0fKnkpk4 nkV3Qdkxt5zA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,326,1592895600"; d="scan'208";a="441118185" Received: from shwdesssddpdqi.ccr.corp.intel.com ([10.239.158.153]) by orsmga004.jf.intel.com with ESMTP; 17 Aug 2020 23:26:27 -0700 From: "Qi Zhang" To: devel@edk2.groups.io Cc: Jiewen Yao , Chasel Chiu , Nate DeSimone , Star Zeng , Qi Zhang Subject: [PATCH v4 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib. Date: Tue, 18 Aug 2020 14:26:13 +0800 Message-Id: <20200818062618.3698-4-qi1.zhang@intel.com> X-Mailer: git-send-email 2.26.2.windows.1 In-Reply-To: <20200818062618.3698-1-qi1.zhang@intel.com> References: <20200818062618.3698-1-qi1.zhang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Jiewen Yao REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 Cc: Jiewen Yao Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng Cc: Qi Zhang Signed-off-by: Jiewen Yao --- .../BaseFspMeasurementLib.inf | 54 ++++ .../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++ 2 files changed, 302 insertions(+) create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseF= spMeasurementLib.inf create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMe= asurementLib.c diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasu= rementLib.inf b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMe= asurementLib.inf new file mode 100644 index 0000000000..1b5f0012aa --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementL= ib.inf @@ -0,0 +1,54 @@ +## @file=0D +# Provides FSP measurement functions.=0D +#=0D +# This library provides MeasureFspFirmwareBlob() to measure FSP binary.=0D +#=0D +# Copyright (c) 2020, Intel Corporation. All rights reserved.
=0D +# SPDX-License-Identifier: BSD-2-Clause-Patent=0D +#=0D +##=0D +=0D +[Defines]=0D + INF_VERSION =3D 0x00010005=0D + BASE_NAME =3D FspMeasurementLib=0D + FILE_GUID =3D 890B12B4-56CC-453E-B062-4597FC6D3D8C= =0D + MODULE_TYPE =3D BASE=0D + VERSION_STRING =3D 1.0=0D + LIBRARY_CLASS =3D FspMeasurementLib=0D +=0D +#=0D +# The following information is for reference only and not required by the = build tools.=0D +#=0D +# VALID_ARCHITECTURES =3D IA32 X64=0D +#=0D +=0D +[Sources]=0D + FspMeasurementLib.c=0D +=0D +[Packages]=0D + MdePkg/MdePkg.dec=0D + MdeModulePkg/MdeModulePkg.dec=0D + SecurityPkg/SecurityPkg.dec=0D + IntelFsp2Pkg/IntelFsp2Pkg.dec=0D + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec=0D +=0D +[LibraryClasses]=0D + BaseLib=0D + BaseMemoryLib=0D + DebugLib=0D + PrintLib=0D + PcdLib=0D + PeiServicesLib=0D + PeiServicesTablePointerLib=0D + FspWrapperApiLib=0D + TcgEventLogRecordLib=0D + HashLib=0D +=0D +[Ppis]=0D + gEdkiiTcgPpiGuid ## CO= NSUMES=0D +=0D +[Pcd]=0D + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CO= NSUMES=0D + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CO= NSUMES=0D + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CO= NSUMES=0D +=0D diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasureme= ntLib.c b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementL= ib.c new file mode 100644 index 0000000000..0fe0606a6d --- /dev/null +++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c @@ -0,0 +1,248 @@ +/** @file=0D + This library is used by FSP modules to measure data to TPM.=0D +=0D +Copyright (c) 2020, Intel Corporation. All rights reserved.
=0D +SPDX-License-Identifier: BSD-2-Clause-Patent=0D +=0D +**/=0D +=0D +#include =0D +#include =0D +=0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +#include =0D +=0D +#include =0D +#include =0D +=0D +/**=0D + Tpm measure and log data, and extend the measurement result into a speci= fic PCR.=0D +=0D + @param[in] PcrIndex PCR Index.=0D + @param[in] EventType Event type.=0D + @param[in] EventLog Measurement event log.=0D + @param[in] LogLen Event log length in bytes.=0D + @param[in] HashData The start of the data buffer to be hashed, = extended.=0D + @param[in] HashDataLen The length, in bytes, of the buffer referen= ced by HashData=0D + @param[in] Flags Bitmap providing additional information.=0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_UNSUPPORTED TPM device not available.=0D + @retval EFI_OUT_OF_RESOURCES Out of memory.=0D + @retval EFI_DEVICE_ERROR The operation was unsuccessful.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +TpmMeasureAndLogDataWithFlags (=0D + IN UINT32 PcrIndex,=0D + IN UINT32 EventType,=0D + IN VOID *EventLog,=0D + IN UINT32 LogLen,=0D + IN VOID *HashData,=0D + IN UINT64 HashDataLen,=0D + IN UINT64 Flags=0D + )=0D +{=0D + EFI_STATUS Status;=0D + EDKII_TCG_PPI *TcgPpi;=0D + TCG_PCR_EVENT_HDR TcgEventHdr;=0D +=0D + Status =3D PeiServicesLocatePpi(=0D + &gEdkiiTcgPpiGuid,=0D + 0,=0D + NULL,=0D + (VOID**)&TcgPpi=0D + );=0D + if (EFI_ERROR(Status)) {=0D + return Status;=0D + }=0D +=0D + TcgEventHdr.PCRIndex =3D PcrIndex;=0D + TcgEventHdr.EventType =3D EventType;=0D + TcgEventHdr.EventSize =3D LogLen;=0D +=0D + Status =3D TcgPpi->HashLogExtendEvent (=0D + TcgPpi,=0D + Flags,=0D + HashData,=0D + (UINTN)HashDataLen,=0D + &TcgEventHdr,=0D + EventLog=0D + );=0D + return Status;=0D +}=0D +=0D +/**=0D + Measure a FSP FirmwareBlob.=0D +=0D + @param[in] Description Description for this FirmwareBlob.=0D + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.=0D + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.= =0D + @param[in] CfgRegionOffset Configuration region offset in bytes= .=0D + @param[in] CfgRegionSize Configuration region in bytes.=0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_UNSUPPORTED TPM device not available.=0D + @retval EFI_OUT_OF_RESOURCES Out of memory.=0D + @retval EFI_DEVICE_ERROR The operation was unsuccessful.=0D +**/=0D +STATIC=0D +EFI_STATUS=0D +EFIAPI=0D +MeasureFspFirmwareBlobWithCfg (=0D + IN CHAR8 *Description OPTIONAL,=0D + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,=0D + IN UINT64 FirmwareBlobLength,=0D + IN UINT32 CfgRegionOffset,=0D + IN UINT32 CfgRegionSize=0D + )=0D +{=0D + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UpdBlob;=0D + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UpdBlob2;=0D + VOID *FvName;=0D + UINT32 FvEventType;=0D + VOID *FvEventLog, *UpdEventLog;=0D + UINT32 FvEventLogSize, UpdEventLogSize;=0D + EFI_STATUS Status;=0D + HASH_HANDLE HashHandle;=0D + UINT8 *HashBase;=0D + UINTN HashSize;=0D + TPML_DIGEST_VALUES DigestList;=0D +=0D + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength= );=0D +=0D + if (((Description !=3D NULL) || (FvName !=3D NULL)) &&=0D + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D TCG_EfiSpecIDEventStruc= t_SPEC_ERRATA_TPM2_REV_105)) {=0D + if (Description !=3D NULL) {=0D + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "%a", Description);=0D + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDe= scription), "%aUDP", Description);=0D + } else {=0D + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDesc= ription), "Fv(%g)", FvName);=0D + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDe= scription), "(%g)UDP", FvName);=0D + }=0D +=0D + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription);=0D + FvBlob2.BlobBase =3D FirmwareBlobBase;=0D + FvBlob2.BlobLength =3D FirmwareBlobLength;=0D + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2;=0D + FvEventLog =3D &FvBlob2;=0D + FvEventLogSize =3D sizeof(FvBlob2);=0D +=0D + UpdBlob2.BlobDescriptionSize =3D sizeof(UpdBlob2.BlobDescription);=0D + UpdBlob2.BlobBase =3D CfgRegionOffset;=0D + UpdBlob2.BlobLength =3D CfgRegionSize;=0D + UpdEventLog =3D &UpdBlob2;=0D + UpdEventLogSize =3D sizeof(UpdBlob2);=0D + } else {=0D + FvBlob.BlobBase =3D FirmwareBlobBase;=0D + FvBlob.BlobLength =3D FirmwareBlobLength;=0D + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB;=0D + FvEventLog =3D &FvBlob;=0D + FvEventLogSize =3D sizeof(FvBlob);=0D +=0D + UpdBlob.BlobBase =3D CfgRegionOffset;=0D + UpdBlob.BlobLength =3D CfgRegionSize;=0D + UpdEventLog =3D &UpdBlob;=0D + UpdEventLogSize =3D sizeof(UpdBlob);=0D + }=0D +=0D + /** Initialize a SHA hash context. **/=0D + Status =3D HashStart (&HashHandle);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));=0D + return Status;=0D + }=0D +=0D + /** Hash FSP binary before UDP **/=0D + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase;=0D + HashSize =3D (UINTN) CfgRegionOffset;=0D + Status =3D HashUpdate (HashHandle, HashBase, HashSize);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));=0D + return Status;=0D + }=0D +=0D + /** Hash FSP binary after UDP **/=0D + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgR= egionSize;=0D + HashSize =3D (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSiz= e);=0D + Status =3D HashUpdate (HashHandle, HashBase, HashSize);=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));=0D + return Status;=0D + }=0D +=0D + /** Finalize the SHA hash. **/=0D + Status =3D HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList);= =0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status));= =0D + return Status;=0D + }=0D +=0D + Status =3D TpmMeasureAndLogDataWithFlags (=0D + 0,=0D + FvEventType,=0D + FvEventLog,=0D + FvEventLogSize,=0D + (UINT8 *) &DigestList,=0D + (UINTN) sizeof(DigestList),=0D + EDKII_TCG_PRE_HASH_LOG_ONLY=0D + );=0D +=0D + Status =3D TpmMeasureAndLogData (=0D + 1,=0D + EV_PLATFORM_CONFIG_FLAGS,=0D + UpdEventLog,=0D + UpdEventLogSize,=0D + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset,=0D + CfgRegionSize=0D + );=0D +=0D + return Status;=0D +}=0D +=0D +/**=0D + Measure a FSP FirmwareBlob.=0D +=0D + @param[in] PcrIndex PCR Index.=0D + @param[in] Description Description for this FirmwareBlob.=0D + @param[in] FirmwareBlobBase Base address of this FirmwareBlob.=0D + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.= =0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_UNSUPPORTED TPM device not available.=0D + @retval EFI_OUT_OF_RESOURCES Out of memory.=0D + @retval EFI_DEVICE_ERROR The operation was unsuccessful.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +MeasureFspFirmwareBlob (=0D + IN UINT32 PcrIndex,=0D + IN CHAR8 *Description OPTIONAL,=0D + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,=0D + IN UINT64 FirmwareBlobLength=0D + )=0D +{=0D + UINT32 FspMeasureMask;=0D + FSP_INFO_HEADER *FspHeaderPtr;=0D +=0D + FspMeasureMask =3D PcdGet32 (PcdFspMeasurementConfig);=0D + if ((FspMeasureMask & FSP_MEASURE_FSPUPD) !=3D 0) {=0D + FspHeaderPtr =3D (FSP_INFO_HEADER *) FspFindFspHeader (FirmwareBlobBas= e);=0D + if (FspHeaderPtr !=3D NULL) {=0D + return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, = FirmwareBlobLength,=0D + FspHeaderPtr->CfgRegionOffset, = FspHeaderPtr->CfgRegionSize);=0D + }=0D + }=0D +=0D + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, Fir= mwareBlobLength);=0D +}=0D +=0D --=20 2.26.2.windows.1