[edk2-devel] [PATCH 0/3] TCG_Sp800_155_PlatformId_Event3 support

[edk2-devel] [PATCH 0/3] TCG_Sp800_155_PlatformId_Event3 support

[Dionna Glaze via groups.io]

In December 2023, the TCG published the PC Client Platform Firmware
Profile version 1.06 revision 52. This revision includes a new event
type for NIST SP 800-155 recommended signed BIOS reference measurements.
The new type allows for the event log auditor to find local or remote
copies of the signed reference measurements.

Supporting this new event type eases the process of distributing signed
reference measurements since the machine can now simply report where
they can be found in a standard way.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Gerd Hoffmann <kraxel@redhat.com>


Dionna Glaze (3):
  MdePkg: Add TcgSp800155Event3 type info
  SecurityPkg: recognize sp800155Event3 event too
  OvmfPkg: add sp800155Event3 support

 MdePkg/Include/IndustryStandard/UefiTcgPlatform.h | 12 +++++++++++-
 OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c                 |  9 +++++++--
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c                 |  9 +++++++--
 3 files changed, 25 insertions(+), 5 deletions(-)

--
2.45.0.rc0.197.gbae5840b3b-goog


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118448): https://edk2.groups.io/g/devel/message/118448
Mute This Topic: https://groups.io/mt/105833236/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 1/3] MdePkg: Add TcgSp800155Event3 type info

[Dionna Glaze via groups.io]

TCG PC Client Platform Firmware Profile 1.06 revision 52 of December
2023 added a new event signature and extended information about where a
reference measurement document for the firmware can be found.

Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
 MdePkg/Include/IndustryStandard/UefiTcgPlatform.h | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
index 61bd4e4667..30df8302b1 100644
--- a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
+++ b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
@@ -451,6 +451,7 @@ typedef struct tdTCG_PCClientTaggedEvent {
 
 #define TCG_Sp800_155_PlatformId_Event_SIGNATURE   "SP800-155 Event"
 #define TCG_Sp800_155_PlatformId_Event2_SIGNATURE  "SP800-155 Event2"
+#define TCG_Sp800_155_PlatformId_Event3_SIGNATURE  "SP800-155 Event3"
 
 typedef struct tdTCG_Sp800_155_PlatformId_Event2 {
   UINT8       Signature[16];
@@ -478,7 +479,16 @@ typedef struct tdTCG_Sp800_155_PlatformId_Event2 {
   // UINT8               FirmwareManufacturerStr[FirmwareManufacturerStrSize];
   // UINT32              FirmwareManufacturerId;
   // UINT8               FirmwareVersion;
-  // UINT8               FirmwareVersion[FirmwareVersionSize]];
+  // UINT8               FirmwareVersion[FirmwareVersionSize];
+  //
+  // Below structure is newly added in TCG_Sp800_155_PlatformId_Event3
+  //
+  // UINT32              RimLocatorType;
+  // UINT32              RimLocatorLength;
+  // UINT8               RimLocator[RimLocatorLength];
+  // UINT32              PlatformCertLocatorType;
+  // UINT32              PlatformCertLocatorLength;
+  // UINT8               PlatformCertLocator[PlatformCertLocatorLength];
 } TCG_Sp800_155_PlatformId_Event2;
 
 #define TCG_EfiStartupLocalityEvent_SIGNATURE  "StartupLocality"
-- 
2.45.0.rc0.197.gbae5840b3b-goog



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118449): https://edk2.groups.io/g/devel/message/118449
Mute This Topic: https://groups.io/mt/105833238/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 2/3] SecurityPkg: recognize sp800155Event3 event too

[Dionna Glaze via groups.io]

The signatures for event2 or event3 are now valid TCG SP800155 event
types.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
 SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index b8f50e25df..2f73237984 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -812,11 +812,16 @@ Is800155Event (
 {
   if ((((TCG_PCR_EVENT2_HDR *)NewEventHdr)->EventType == EV_NO_ACTION) &&
       (NewEventSize >= sizeof (TCG_Sp800_155_PlatformId_Event2)) &&
-      (CompareMem (
+      ((CompareMem (
          NewEventData,
          TCG_Sp800_155_PlatformId_Event2_SIGNATURE,
          sizeof (TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1
-         ) == 0))
+         ) == 0) ||
+       (CompareMem (
+         NewEventData,
+         TCG_Sp800_155_PlatformId_Event3_SIGNATURE,
+         sizeof (TCG_Sp800_155_PlatformId_Event3_SIGNATURE) - 1
+         ) == 0)))
   {
     return TRUE;
   }
-- 
2.45.0.rc0.197.gbae5840b3b-goog



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118450): https://edk2.groups.io/g/devel/message/118450
Mute This Topic: https://groups.io/mt/105833239/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 3/3] OvmfPkg: add sp800155Event3 support

[Dionna Glaze via groups.io]

The signatures for event2 or event3 are now valid TCG SP800155 event
types.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>

Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
---
 OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
index 6ca29f5de0..d487f5c715 100644
--- a/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
+++ b/OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
@@ -821,11 +821,16 @@ Is800155Event (
 {
   if ((((TCG_PCR_EVENT2_HDR *)NewEventHdr)->EventType == EV_NO_ACTION) &&
       (NewEventSize >= sizeof (TCG_Sp800_155_PlatformId_Event2)) &&
-      (CompareMem (
+      ((CompareMem (
          NewEventData,
          TCG_Sp800_155_PlatformId_Event2_SIGNATURE,
          sizeof (TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1
-         ) == 0))
+         ) == 0) ||
+      (CompareMem (
+         NewEventData,
+         TCG_Sp800_155_PlatformId_Event3_SIGNATURE,
+         sizeof (TCG_Sp800_155_PlatformId_Event3_SIGNATURE) - 1
+         ) == 0))))
   {
     return TRUE;
   }
-- 
2.45.0.rc0.197.gbae5840b3b-goog



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118451): https://edk2.groups.io/g/devel/message/118451
Mute This Topic: https://groups.io/mt/105833240/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/3] TCG_Sp800_155_PlatformId_Event3 support

[Yao, Jiewen]

Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

> -----Original Message-----
> From: Dionna Glaze <dionnaglaze@google.com>
> Sent: Wednesday, May 1, 2024 8:53 AM
> To: devel@edk2.groups.io
> Cc: Dionna Glaze <dionnaglaze@google.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Liu,
> Zhiguang <zhiguang.liu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Kumar, Rahul R <rahul.r.kumar@intel.com>; Ard Biesheuvel
> <ardb+tianocore@kernel.org>; Gerd Hoffmann <kraxel@redhat.com>
> Subject: [PATCH 0/3] TCG_Sp800_155_PlatformId_Event3 support
> 
> In December 2023, the TCG published the PC Client Platform Firmware
> Profile version 1.06 revision 52. This revision includes a new event
> type for NIST SP 800-155 recommended signed BIOS reference measurements.
> The new type allows for the event log auditor to find local or remote
> copies of the signed reference measurements.
> 
> Supporting this new event type eases the process of distributing signed
> reference measurements since the machine can now simply report where
> they can be found in a standard way.
> 
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
> Cc: Gerd Hoffmann <kraxel@redhat.com>
> 
> 
> Dionna Glaze (3):
>   MdePkg: Add TcgSp800155Event3 type info
>   SecurityPkg: recognize sp800155Event3 event too
>   OvmfPkg: add sp800155Event3 support
> 
>  MdePkg/Include/IndustryStandard/UefiTcgPlatform.h | 12 +++++++++++-
>  OvmfPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c                 |  9 +++++++--
>  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c                 |  9 +++++++--
>  3 files changed, 25 insertions(+), 5 deletions(-)
> 
> --
> 2.45.0.rc0.197.gbae5840b3b-goog


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118452): https://edk2.groups.io/g/devel/message/118452
Mute This Topic: https://groups.io/mt/105833236/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 1/3] MdePkg: Add TcgSp800155Event3 type info

[Yao, Jiewen]

I think it is confusing to add "TCG_Sp800_155_PlatformId_Event3" field for "TCG_Sp800_155_PlatformId_Event2" structure.

Maybe just create a new "TCG_Sp800_155_PlatformId_Event3" structure?



> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Dionna Glaze
> via groups.io
> Sent: Wednesday, May 1, 2024 8:53 AM
> To: devel@edk2.groups.io
> Cc: Dionna Glaze <dionnaglaze@google.com>; Kinney, Michael D
> <michael.d.kinney@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>; Liu,
> Zhiguang <zhiguang.liu@intel.com>
> Subject: [edk2-devel] [PATCH 1/3] MdePkg: Add TcgSp800155Event3 type info
> 
> TCG PC Client Platform Firmware Profile 1.06 revision 52 of December
> 2023 added a new event signature and extended information about where a
> reference measurement document for the firmware can be found.
> 
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> 
> Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
> ---
>  MdePkg/Include/IndustryStandard/UefiTcgPlatform.h | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
> b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
> index 61bd4e4667..30df8302b1 100644
> --- a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
> +++ b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
> @@ -451,6 +451,7 @@ typedef struct tdTCG_PCClientTaggedEvent {
> 
>  #define TCG_Sp800_155_PlatformId_Event_SIGNATURE   "SP800-155 Event"
>  #define TCG_Sp800_155_PlatformId_Event2_SIGNATURE  "SP800-155 Event2"
> +#define TCG_Sp800_155_PlatformId_Event3_SIGNATURE  "SP800-155 Event3"
> 
>  typedef struct tdTCG_Sp800_155_PlatformId_Event2 {
>    UINT8       Signature[16];
> @@ -478,7 +479,16 @@ typedef struct tdTCG_Sp800_155_PlatformId_Event2 {
>    // UINT8               FirmwareManufacturerStr[FirmwareManufacturerStrSize];
>    // UINT32              FirmwareManufacturerId;
>    // UINT8               FirmwareVersion;
> -  // UINT8               FirmwareVersion[FirmwareVersionSize]];
> +  // UINT8               FirmwareVersion[FirmwareVersionSize];
> +  //
> +  // Below structure is newly added in TCG_Sp800_155_PlatformId_Event3
> +  //
> +  // UINT32              RimLocatorType;
> +  // UINT32              RimLocatorLength;
> +  // UINT8               RimLocator[RimLocatorLength];
> +  // UINT32              PlatformCertLocatorType;
> +  // UINT32              PlatformCertLocatorLength;
> +  // UINT8               PlatformCertLocator[PlatformCertLocatorLength];
>  } TCG_Sp800_155_PlatformId_Event2;
> 
>  #define TCG_EfiStartupLocalityEvent_SIGNATURE  "StartupLocality"
> --
> 2.45.0.rc0.197.gbae5840b3b-goog
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118453): https://edk2.groups.io/g/devel/message/118453
Mute This Topic: https://groups.io/mt/105833238/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-