From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by mx.groups.io with SMTP id smtpd.web11.33155.1679450803170909254
 for <devel@edk2.groups.io>;
 Tue, 21 Mar 2023 19:06:43 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=EVFPhtCW;
 spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: michael.d.kinney@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1679450803; x=1710986803;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=Xfb/l6VEKMMsgbxnB5ZRsbXPVO/a0w5PYyg2RDCRd8w=;
  b=EVFPhtCWTs1RIMyIhh2DsQAaDwOI2bodnRqSHkMjdw2Sfl3McEb0S5dj
   CZpaOM+kowigz5JOMpz+yyLBs8vvcjwVCK+U1NC4msHsFDGmq2iWELxDK
   qmvpQnTGidMZ+bVsvALJUTYFkQcYJoqCg+VcBhNQVLggA6MldYmDvJdMA
   tRMXLMUvHD+YVBoaOpCeRmBOLl4G9PsfVa2bn9nhJsqvV55tLUjHB39Wh
   km+TMSivCIO+iVIpsScEG7zfK/i4F0QVJDpHSAaYY5w8z9IYZPdv3h/zs
   4vDMD6Cc/Ox/Sy/7rzGQ4wFRkGgvy8egWvgpRJBGqhHpqSX22aFtZp9H0
   A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="401676653"
X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; 
   d="scan'208";a="401676653"
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 19:06:34 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10656"; a="746123994"
X-IronPort-AV: E=Sophos;i="5.98,280,1673942400"; 
   d="scan'208";a="746123994"
Received: from mdkinney-mobl2.amr.corp.intel.com ([10.241.98.35])
  by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2023 19:06:34 -0700
From: "Michael D Kinney" <michael.d.kinney@intel.com>
To: devel@edk2.groups.io
Cc: Umang Patel <umang.patel@intel.com>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>
Subject: [Patch 2/2] SecurityPkg/FvReportPei: Use FirmwareVolumeShadowPpi
Date: Tue, 21 Mar 2023 19:06:26 -0700
Message-Id: <20230322020626.441-3-michael.d.kinney@intel.com>
X-Mailer: git-send-email 2.39.1.windows.1
In-Reply-To: <20230322020626.441-1-michael.d.kinney@intel.com>
References: <20230322020626.441-1-michael.d.kinney@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Umang Patel <umang.patel@intel.com>

If FirmwareVolumeShadow PPI is available, then use it to
shadow FVs to memory.  Otherwise fallback to CopyMem().

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Patel Umang <umang.patel@intel.com>
---
 SecurityPkg/FvReportPei/FvReportPei.c   | 37 ++++++++++++++++++++-----
 SecurityPkg/FvReportPei/FvReportPei.h   |  1 +
 SecurityPkg/FvReportPei/FvReportPei.inf |  1 +
 3 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/SecurityPkg/FvReportPei/FvReportPei.c b/SecurityPkg/FvReportPei/FvReportPei.c
index 846605cda1e4..6288dde16b2a 100644
--- a/SecurityPkg/FvReportPei/FvReportPei.c
+++ b/SecurityPkg/FvReportPei/FvReportPei.c
@@ -114,12 +114,13 @@ VerifyHashedFv (
   IN EFI_BOOT_MODE   BootMode
   )
 {
-  UINTN                FvIndex;
-  CONST HASH_ALG_INFO  *AlgInfo;
-  UINT8                *HashValue;
-  UINT8                *FvHashValue;
-  VOID                 *FvBuffer;
-  EFI_STATUS           Status;
+  UINTN                                 FvIndex;
+  CONST HASH_ALG_INFO                   *AlgInfo;
+  UINT8                                 *HashValue;
+  UINT8                                 *FvHashValue;
+  VOID                                  *FvBuffer;
+  EDKII_PEI_FIRMWARE_VOLUME_SHADOW_PPI  *FvShadowPpi;
+  EFI_STATUS                            Status;
 
   if ((HashInfo == NULL) ||
       (HashInfo->HashSize == 0) ||
@@ -191,8 +192,30 @@ VerifyHashedFv (
     // Copy FV to permanent memory to avoid potential TOC/TOU.
     //
     FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES ((UINTN)FvInfo[FvIndex].Length));
+
     ASSERT (FvBuffer != NULL);
-    CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length);
+    Status = PeiServicesLocatePpi (
+               &gEdkiiPeiFirmwareVolumeShadowPpiGuid,
+               0,
+               NULL,
+               (VOID **)&FvShadowPpi
+               );
+
+    if (!EFI_ERROR (Status)) {
+      Status = FvShadowPpi->FirmwareVolumeShadow (
+                              (EFI_PHYSICAL_ADDRESS)FvInfo[FvIndex].Base,
+                              FvBuffer,
+                              (UINTN)FvInfo[FvIndex].Length
+                              );
+    }
+
+    if (EFI_ERROR (Status)) {
+      CopyMem (
+        FvBuffer,
+        (CONST VOID *)(UINTN)FvInfo[FvIndex].Base,
+        (UINTN)FvInfo[FvIndex].Length
+        );
+    }
 
     if (!AlgInfo->HashAll (FvBuffer, (UINTN)FvInfo[FvIndex].Length, FvHashValue)) {
       Status = EFI_ABORTED;
diff --git a/SecurityPkg/FvReportPei/FvReportPei.h b/SecurityPkg/FvReportPei/FvReportPei.h
index 92504a3c51e1..07ffb2f5768c 100644
--- a/SecurityPkg/FvReportPei/FvReportPei.h
+++ b/SecurityPkg/FvReportPei/FvReportPei.h
@@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <IndustryStandard/Tpm20.h>
 
 #include <Ppi/FirmwareVolumeInfoStoredHashFv.h>
+#include <Ppi/FirmwareVolumeShadowPpi.h>
 
 #include <Library/PeiServicesLib.h>
 #include <Library/PcdLib.h>
diff --git a/SecurityPkg/FvReportPei/FvReportPei.inf b/SecurityPkg/FvReportPei/FvReportPei.inf
index 408406889765..4246fb75ebaa 100644
--- a/SecurityPkg/FvReportPei/FvReportPei.inf
+++ b/SecurityPkg/FvReportPei/FvReportPei.inf
@@ -46,6 +46,7 @@ [LibraryClasses]
 [Ppis]
   gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid   ## PRODUCES
   gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid  ## CONSUMES
+  gEdkiiPeiFirmwareVolumeShadowPpiGuid            ## CONSUMES
 
 [Pcd]
   gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass
-- 
2.39.1.windows.1