From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web10.96891.1671002139984151067 for ; Tue, 13 Dec 2022 23:15:43 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Hx6hjE2c; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: min.m.xu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1671002142; x=1702538142; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=5bySDEJvsQProC6w4Pdflv7DXOL39lEze9gt0wSXXMk=; b=Hx6hjE2c+HWGXSz1VZ95sAvHWRdsh4q7Z/1cF7loqYBWqnN7DtU6yibe 7WnJRx8EIhOp0B1nO/PlmN5LeWFKGXevbXass6uQ81tlbNjZf3g7qsTsk a5x7fc8x/5vMv6cEgp3lTdMh3qGYKb9HIEjqY+Ev6dPv5ppqoJ1vI99ee wihBsXtpRpZlhGd0DDah5NSjOFM5g4QpYRAFjsoA2GjVVrNv0/n4/GjI5 6ciEGzEBit1vQsmWrveGjMv1hrIvNGghqs4qASkafFV8iSGZvAjTXDMM0 qR9Cwz3S7k2g/UFGMhrhJyDdxIA4cd1DL6Rd4cUBEV0Cczfa4lapCN1kg A==; X-IronPort-AV: E=McAfee;i="6500,9779,10560"; a="317029435" X-IronPort-AV: E=Sophos;i="5.96,243,1665471600"; d="scan'208";a="317029435" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2022 23:15:27 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10560"; a="599134785" X-IronPort-AV: E=Sophos;i="5.96,243,1665471600"; d="scan'208";a="599134785" Received: from mxu9-mobl1.ccr.corp.intel.com ([10.255.31.173]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2022 23:15:25 -0800 From: "Min Xu" To: devel@edk2.groups.io Cc: Min M Xu , Erdem Aktas , James Bottomley , Jiewen Yao , Tom Lendacky , Arti Gupta Subject: [PATCH V1 3/3] OvmfPkg/SecTpmMeasurementLib: Fix the mapping error of PCR and RTMR index Date: Wed, 14 Dec 2022 15:14:19 +0800 Message-Id: <20221214071419.1813-4-min.m.xu@intel.com> X-Mailer: git-send-email 2.29.2.windows.2 In-Reply-To: <20221214071419.1813-1-min.m.xu@intel.com> References: <20221214071419.1813-1-min.m.xu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Min M Xu BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4179 TDVF has the feature to do RTMR measurement in SEC phase. In the same time it builds a GUID hob which carries the hash value of the measurement so that in DXE phase a td event can be created based on this GUID Hob. There is a mapping error between TPM PCR index and RTMR index according to UEFI 2.10. That PCR6 is missing in the mapping. This patch fixes this issue. Cc: Erdem Aktas [ruleof2] Cc: James Bottomley [jejb] Cc: Jiewen Yao [jyao1] Cc: Tom Lendacky [tlendacky] Cc: Arti Gupta Signed-off-by: Min Xu --- .../Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c index 38887b172dc0..36bfa373fe0f 100644 --- a/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c +++ b/SecurityPkg/Library/SecTpmMeasurementLib/SecTpmMeasurementLibTdx.c @@ -33,12 +33,11 @@ typedef struct { /** Get the mapped RTMR index based on the input PCRIndex. RTMR[0] => PCR[1,7] - RTMR[1] => PCR[2,3,4,5] + RTMR[1] => PCR[2,3,4,5,6] RTMR[2] => PCR[8~15] RTMR[3] => NA Note: PCR[0] is mapped to MRTD and should not appear here. - PCR[6] is reserved for OEM. It is not used. @param[in] PCRIndex The input PCR index @@ -51,7 +50,7 @@ GetMappedRtmrIndex ( { UINT8 RtmrIndex; - if ((PCRIndex == 6) || (PCRIndex == 0) || (PCRIndex > 15)) { + if ((PCRIndex == 0) || (PCRIndex > 15)) { DEBUG ((DEBUG_ERROR, "Invalid PCRIndex(%d) map to MR Index.\n", PCRIndex)); ASSERT (FALSE); return INVALID_PCR2MR_INDEX; @@ -60,7 +59,7 @@ GetMappedRtmrIndex ( RtmrIndex = 0; if ((PCRIndex == 1) || (PCRIndex == 7)) { RtmrIndex = 0; - } else if ((PCRIndex >= 2) && (PCRIndex < 6)) { + } else if ((PCRIndex >= 2) && (PCRIndex <= 6)) { RtmrIndex = 1; } else if ((PCRIndex >= 8) && (PCRIndex <= 15)) { RtmrIndex = 2; -- 2.29.2.windows.2