From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiewen.yao@intel.com>
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 6D77081EB6
 for <edk2-devel@lists.01.org>; Thu, 17 Nov 2016 17:42:39 -0800 (PST)
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
 by orsmga103.jf.intel.com with ESMTP; 17 Nov 2016 17:42:44 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.31,655,1473145200"; d="scan'208,217";a="32746668"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
 by fmsmga006.fm.intel.com with ESMTP; 17 Nov 2016 17:42:42 -0800
Received: from FMSMSX109.amr.corp.intel.com (10.18.116.9) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 17 Nov 2016 17:42:36 -0800
Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by
 fmsmsx109.amr.corp.intel.com (10.18.116.9) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Thu, 17 Nov 2016 17:42:35 -0800
Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.239]) by
 SHSMSX151.ccr.corp.intel.com ([169.254.3.96]) with mapi id 14.03.0248.002;
 Fri, 18 Nov 2016 09:40:39 +0800
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Zeng, Star" <star.zeng@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: "Zhang, Chao B" <chao.b.zhang@intel.com>, "Yao, Jiewen"
 <jiewen.yao@intel.com>
Thread-Topic: [edk2] [PATCH 2/2] SecurityPkg Tcg2Dxe: Filter inactive digest
 in event2 log from PEI HOB
Thread-Index: AQHSQLUmzxnL9vF07U67T4QRraHIQqDdFmEAgABY+YCAAIilIA==
Date: Fri, 18 Nov 2016 01:40:39 +0000
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C50386D704F@shsmsx102.ccr.corp.intel.com>
References: <1479374969-63472-1-git-send-email-star.zeng@intel.com>
 <1479374969-63472-3-git-send-email-star.zeng@intel.com>
 <74D8A39837DF1E4DA445A8C0B3885C50386D6929@shsmsx102.ccr.corp.intel.com>
 <df380d1c-129f-bb0f-1a1f-efdf8a753fab@intel.com>
In-Reply-To: <df380d1c-129f-bb0f-1a1f-efdf8a753fab@intel.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.21
Subject: Re: [PATCH 2/2] SecurityPkg Tcg2Dxe: Filter inactive digest in event2 log from PEI HOB
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Nov 2016 01:42:39 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

That's good idea. I like both. :)

From: Zeng, Star
Sent: Friday, November 18, 2016 9:31 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; edk2-devel@lists.01.org
Cc: Zhang, Chao B <chao.b.zhang@intel.com>; Zeng, Star <star.zeng@intel.com=
>
Subject: Re: [edk2] [PATCH 2/2] SecurityPkg Tcg2Dxe: Filter inactive digest=
 in event2 log from PEI HOB

On 2016/11/17 20:19, Yao, Jiewen wrote:
> Hi Star
> 1) I am a little confused on below description.
> +  @param[in,out] Buffer             Buffer to hold TPML_DIGEST_VALUES.
>
> I think the buffer is the *TPML_DIGEST_VALUES compact binary buffer*, ins=
tead of *TPML_DIGEST_VALUES*, right?
> I suggest we describe it clearly.

Oh, yes. The description was just copied from CopyDigestListToBuffer ()
of Tpm2CommandLib, do you think we also need to update the description
for CopyDigestListToBuffer ().

>
> 2) I think the FILTER is great to report ERROR if the TCG event hob produ=
cer makes mistake.
> Do you think it is worthy to add more stronger check that: All required T=
CG event log are reported ?

Yes, It can be done by adding a parameter to CopyDigestListBinToBuffer
() and compare if HashAlgorithmMaskCopied equals to HashAlgorithmMask to
know if all required TCG evente log are reported.

VOID *
CopyDigestListBinToBuffer (
   IN OUT VOID                       *Buffer,
   IN VOID                           *DigestListBin,
   IN UINT32                         HashAlgorithmMask,
*  OUT UINT32                        *HashAlgorithmMaskCopied*
   )

Thanks,
Star

>
>
>
>> -----Original Message-----
>> From: Zeng, Star
>> Sent: Thursday, November 17, 2016 5:29 PM
>> To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
>> Cc: Zeng, Star <star.zeng@intel.com<mailto:star.zeng@intel.com>>; Yao, J=
iewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>;
>> Zhang, Chao B <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
>> Subject: [PATCH 2/2] SecurityPkg Tcg2Dxe: Filter inactive digest in even=
t2 log
>> from PEI HOB
>>
>> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
>> Contributed-under: TianoCore Contribution Agreement 1.0
>> Signed-off-by: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com=
>>
>> ---
>>  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 80
>> +++++++++++++++++++++++++++++++++++++--
>>  1 file changed, 76 insertions(+), 4 deletions(-)
>>
>> diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
>> b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
>> index db8d662f80dc..d5a32307db6e 100644
>> --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
>> +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
>> @@ -898,6 +898,56 @@ GetDigestListBinSize (
>>  }
>>
>>  /**
>> +  Copy TPML_DIGEST_VALUES compact binary into a buffer
>> +
>> +  @param[in,out] Buffer             Buffer to hold
>> TPML_DIGEST_VALUES.
>> +  @param[in]     DigestListBin      TPML_DIGEST_VALUES compact
>> binary buffer.
>> +  @param[in]     HashAlgorithmMask  HASH bits corresponding to the
>> desired digests to copy.
>> +
>> +  @return The end of buffer to hold TPML_DIGEST_VALUES.
>> +**/
>> +VOID *
>> +CopyDigestListBinToBuffer (
>> +  IN OUT VOID                       *Buffer,
>> +  IN VOID                           *DigestListBin,
>> +  IN UINT32                         HashAlgorithmMask
>> +  )
>> +{
>> +  UINTN         Index;
>> +  UINT16        DigestSize;
>> +  UINT32        Count;
>> +  TPMI_ALG_HASH HashAlg;
>> +  UINT32        DigestListCount;
>> +  UINT32        *DigestListCountPtr;
>> +
>> +  DigestListCountPtr =3D (UINT32 *) Buffer;
>> +  DigestListCount =3D 0;
>> +
>> +  Count =3D ReadUnaligned32 (DigestListBin);
>> +  Buffer =3D (UINT8 *)Buffer + sizeof(Count);
>> +  DigestListBin =3D (UINT8 *)DigestListBin + sizeof(Count);
>> +  for (Index =3D 0; Index < Count; Index++) {
>> +    HashAlg =3D ReadUnaligned16 (DigestListBin);
>> +    DigestListBin =3D (UINT8 *)DigestListBin + sizeof(HashAlg);
>> +    DigestSize =3D GetHashSizeFromAlgo (HashAlg);
>> +
>> +    if (IsHashAlgSupportedInHashAlgorithmMask(HashAlg,
>> HashAlgorithmMask)) {
>> +      CopyMem (Buffer, &HashAlg, sizeof(HashAlg));
>> +      Buffer =3D (UINT8 *)Buffer + sizeof(HashAlg);
>> +      CopyMem (Buffer, DigestListBin, DigestSize);
>> +      Buffer =3D (UINT8 *)Buffer + DigestSize;
>> +      DigestListCount++;
>> +    } else {
>> +      DEBUG ((EFI_D_ERROR, "WARNING: CopyDigestListBinToBuffer
>> Event log has HashAlg unsupported by PCR bank (0x%x)\n", HashAlg));
>> +    }
>> +    DigestListBin =3D (UINT8 *)DigestListBin + DigestSize;
>> +  }
>> +  WriteUnaligned32 (DigestListCountPtr, DigestListCount);
>> +
>> +  return Buffer;
>> +}
>> +
>> +/**
>>    Add a new entry to the Event Log.
>>
>>    @param[in]     DigestList    A list of digest.
>> @@ -1317,8 +1367,12 @@ SetupEventLog (
>>    EFI_PEI_HOB_POINTERS            GuidHob;
>>    EFI_PHYSICAL_ADDRESS            Lasa;
>>    UINTN                           Index;
>> +  VOID                            *DigestListBin;
>> +  TPML_DIGEST_VALUES              TempDigestListBin;
>>    UINT32                          DigestListBinSize;
>> +  UINT8                           *Event;
>>    UINT32                          EventSize;
>> +  UINT32                          *EventSizePtr;
>>    TCG_EfiSpecIDEventStruct        *TcgEfiSpecIdEventStruct;
>>    UINT8
>> TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) +
>> (HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)];
>>    TCG_PCR_EVENT_HDR               FirstPcrEvent;
>> @@ -1497,7 +1551,8 @@ SetupEventLog (
>>        Status =3D EFI_SUCCESS;
>>        while (!EFI_ERROR (Status) &&
>>               (GuidHob.Raw =3D GetNextGuidHob
>> (mTcg2EventInfo[Index].EventGuid, GuidHob.Raw)) !=3D NULL) {
>> -        TcgEvent    =3D GET_GUID_HOB_DATA (GuidHob.Guid);
>> +        TcgEvent    =3D AllocateCopyPool (GET_GUID_HOB_DATA_SIZE
>> (GuidHob.Guid), GET_GUID_HOB_DATA (GuidHob.Guid));
>> +        ASSERT (TcgEvent !=3D NULL);
>>          GuidHob.Raw =3D GET_NEXT_HOB (GuidHob);
>>          switch (mTcg2EventInfo[Index].LogFormat) {
>>          case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
>> @@ -1510,17 +1565,34 @@ SetupEventLog (
>>                       );
>>            break;
>>          case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2:
>> -          DigestListBinSize =3D GetDigestListBinSize ((UINT8 *)TcgEvent=
 +
>> sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE));
>> -          CopyMem (&EventSize, (UINT8 *)TcgEvent +
>> sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize,
>> sizeof(UINT32));
>> +          DigestListBin =3D (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) +
>> sizeof(TCG_EVENTTYPE);
>> +          DigestListBinSize =3D GetDigestListBinSize (DigestListBin);
>> +          //
>> +          // Save event size.
>> +          //
>> +          CopyMem (&EventSize, (UINT8 *)DigestListBin +
>> DigestListBinSize, sizeof(UINT32));
>> +          Event =3D (UINT8 *)DigestListBin + DigestListBinSize +
>> sizeof(UINT32);
>> +          //
>> +          // Filter inactive digest in the event2 log from PEI HOB.
>> +          //
>> +          CopyMem (&TempDigestListBin, DigestListBin,
>> GetDigestListBinSize (DigestListBin));
>> +          EventSizePtr =3D CopyDigestListBinToBuffer (DigestListBin,
>> &TempDigestListBin, mTcgDxeData.BsCap.ActivePcrBanks);
>> +          //
>> +          // Restore event size.
>> +          //
>> +          CopyMem (EventSizePtr, &EventSize, sizeof(UINT32));
>> +          DigestListBinSize =3D GetDigestListBinSize (DigestListBin);
>> +
>>            Status =3D TcgDxeLogEvent (
>>                       mTcg2EventInfo[Index].LogFormat,
>>                       TcgEvent,
>>                       sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE)
>> + DigestListBinSize + sizeof(UINT32),
>> -                     (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) +
>> sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32),
>> +                     Event,
>>                       EventSize
>>                       );
>>            break;
>>          }
>> +        FreePool (TcgEvent);
>>        }
>>      }
>>    }
>> --
>> 2.7.0.windows.1