From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 9255181E86 for ; Thu, 17 Nov 2016 04:19:46 -0800 (PST) Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga101.jf.intel.com with ESMTP; 17 Nov 2016 04:19:51 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,653,1473145200"; d="scan'208";a="32358151" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga005.jf.intel.com with ESMTP; 17 Nov 2016 04:19:51 -0800 Received: from fmsmsx121.amr.corp.intel.com (10.18.125.36) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 17 Nov 2016 04:19:51 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by fmsmsx121.amr.corp.intel.com (10.18.125.36) with Microsoft SMTP Server (TLS) id 14.3.248.2; Thu, 17 Nov 2016 04:19:51 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.239]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.96]) with mapi id 14.03.0248.002; Thu, 17 Nov 2016 20:19:47 +0800 From: "Yao, Jiewen" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" Thread-Topic: [PATCH 2/2] SecurityPkg Tcg2Dxe: Filter inactive digest in event2 log from PEI HOB Thread-Index: AQHSQLUmzxnL9vF07U67T4QRraHIQqDdFmEA Date: Thu, 17 Nov 2016 12:19:46 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386D6929@shsmsx102.ccr.corp.intel.com> References: <1479374969-63472-1-git-send-email-star.zeng@intel.com> <1479374969-63472-3-git-send-email-star.zeng@intel.com> In-Reply-To: <1479374969-63472-3-git-send-email-star.zeng@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 2/2] SecurityPkg Tcg2Dxe: Filter inactive digest in event2 log from PEI HOB X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2016 12:19:46 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Star 1) I am a little confused on below description. + @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES. I think the buffer is the *TPML_DIGEST_VALUES compact binary buffer*, inste= ad of *TPML_DIGEST_VALUES*, right? I suggest we describe it clearly. 2) I think the FILTER is great to report ERROR if the TCG event hob produce= r makes mistake. Do you think it is worthy to add more stronger check that: All required TCG= event log are reported ? > -----Original Message----- > From: Zeng, Star > Sent: Thursday, November 17, 2016 5:29 PM > To: edk2-devel@lists.01.org > Cc: Zeng, Star ; Yao, Jiewen ; > Zhang, Chao B > Subject: [PATCH 2/2] SecurityPkg Tcg2Dxe: Filter inactive digest in event= 2 log > from PEI HOB >=20 > Cc: Jiewen Yao > Cc: Chao Zhang > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Star Zeng > --- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 80 > +++++++++++++++++++++++++++++++++++++-- > 1 file changed, 76 insertions(+), 4 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > index db8d662f80dc..d5a32307db6e 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > @@ -898,6 +898,56 @@ GetDigestListBinSize ( > } >=20 > /** > + Copy TPML_DIGEST_VALUES compact binary into a buffer > + > + @param[in,out] Buffer Buffer to hold > TPML_DIGEST_VALUES. > + @param[in] DigestListBin TPML_DIGEST_VALUES compact > binary buffer. > + @param[in] HashAlgorithmMask HASH bits corresponding to the > desired digests to copy. > + > + @return The end of buffer to hold TPML_DIGEST_VALUES. > +**/ > +VOID * > +CopyDigestListBinToBuffer ( > + IN OUT VOID *Buffer, > + IN VOID *DigestListBin, > + IN UINT32 HashAlgorithmMask > + ) > +{ > + UINTN Index; > + UINT16 DigestSize; > + UINT32 Count; > + TPMI_ALG_HASH HashAlg; > + UINT32 DigestListCount; > + UINT32 *DigestListCountPtr; > + > + DigestListCountPtr =3D (UINT32 *) Buffer; > + DigestListCount =3D 0; > + > + Count =3D ReadUnaligned32 (DigestListBin); > + Buffer =3D (UINT8 *)Buffer + sizeof(Count); > + DigestListBin =3D (UINT8 *)DigestListBin + sizeof(Count); > + for (Index =3D 0; Index < Count; Index++) { > + HashAlg =3D ReadUnaligned16 (DigestListBin); > + DigestListBin =3D (UINT8 *)DigestListBin + sizeof(HashAlg); > + DigestSize =3D GetHashSizeFromAlgo (HashAlg); > + > + if (IsHashAlgSupportedInHashAlgorithmMask(HashAlg, > HashAlgorithmMask)) { > + CopyMem (Buffer, &HashAlg, sizeof(HashAlg)); > + Buffer =3D (UINT8 *)Buffer + sizeof(HashAlg); > + CopyMem (Buffer, DigestListBin, DigestSize); > + Buffer =3D (UINT8 *)Buffer + DigestSize; > + DigestListCount++; > + } else { > + DEBUG ((EFI_D_ERROR, "WARNING: CopyDigestListBinToBuffer > Event log has HashAlg unsupported by PCR bank (0x%x)\n", HashAlg)); > + } > + DigestListBin =3D (UINT8 *)DigestListBin + DigestSize; > + } > + WriteUnaligned32 (DigestListCountPtr, DigestListCount); > + > + return Buffer; > +} > + > +/** > Add a new entry to the Event Log. >=20 > @param[in] DigestList A list of digest. > @@ -1317,8 +1367,12 @@ SetupEventLog ( > EFI_PEI_HOB_POINTERS GuidHob; > EFI_PHYSICAL_ADDRESS Lasa; > UINTN Index; > + VOID *DigestListBin; > + TPML_DIGEST_VALUES TempDigestListBin; > UINT32 DigestListBinSize; > + UINT8 *Event; > UINT32 EventSize; > + UINT32 *EventSizePtr; > TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct; > UINT8 > TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + > (HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)]; > TCG_PCR_EVENT_HDR FirstPcrEvent; > @@ -1497,7 +1551,8 @@ SetupEventLog ( > Status =3D EFI_SUCCESS; > while (!EFI_ERROR (Status) && > (GuidHob.Raw =3D GetNextGuidHob > (mTcg2EventInfo[Index].EventGuid, GuidHob.Raw)) !=3D NULL) { > - TcgEvent =3D GET_GUID_HOB_DATA (GuidHob.Guid); > + TcgEvent =3D AllocateCopyPool (GET_GUID_HOB_DATA_SIZE > (GuidHob.Guid), GET_GUID_HOB_DATA (GuidHob.Guid)); > + ASSERT (TcgEvent !=3D NULL); > GuidHob.Raw =3D GET_NEXT_HOB (GuidHob); > switch (mTcg2EventInfo[Index].LogFormat) { > case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: > @@ -1510,17 +1565,34 @@ SetupEventLog ( > ); > break; > case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: > - DigestListBinSize =3D GetDigestListBinSize ((UINT8 *)TcgEvent = + > sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE)); > - CopyMem (&EventSize, (UINT8 *)TcgEvent + > sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize, > sizeof(UINT32)); > + DigestListBin =3D (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + > sizeof(TCG_EVENTTYPE); > + DigestListBinSize =3D GetDigestListBinSize (DigestListBin); > + // > + // Save event size. > + // > + CopyMem (&EventSize, (UINT8 *)DigestListBin + > DigestListBinSize, sizeof(UINT32)); > + Event =3D (UINT8 *)DigestListBin + DigestListBinSize + > sizeof(UINT32); > + // > + // Filter inactive digest in the event2 log from PEI HOB. > + // > + CopyMem (&TempDigestListBin, DigestListBin, > GetDigestListBinSize (DigestListBin)); > + EventSizePtr =3D CopyDigestListBinToBuffer (DigestListBin, > &TempDigestListBin, mTcgDxeData.BsCap.ActivePcrBanks); > + // > + // Restore event size. > + // > + CopyMem (EventSizePtr, &EventSize, sizeof(UINT32)); > + DigestListBinSize =3D GetDigestListBinSize (DigestListBin); > + > Status =3D TcgDxeLogEvent ( > mTcg2EventInfo[Index].LogFormat, > TcgEvent, > sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) > + DigestListBinSize + sizeof(UINT32), > - (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + > sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32), > + Event, > EventSize > ); > break; > } > + FreePool (TcgEvent); > } > } > } > -- > 2.7.0.windows.1