From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 44A3181EE3 for ; Mon, 23 Jan 2017 07:25:20 -0800 (PST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP; 23 Jan 2017 07:25:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,274,1477983600"; d="scan'208,217";a="812284805" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by FMSMGA003.fm.intel.com with ESMTP; 23 Jan 2017 07:25:19 -0800 Received: from fmsmsx114.amr.corp.intel.com (10.18.116.8) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 23 Jan 2017 07:25:19 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX114.amr.corp.intel.com (10.18.116.8) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 23 Jan 2017 07:25:18 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.177]) with mapi id 14.03.0248.002; Mon, 23 Jan 2017 23:25:16 +0800 From: "Yao, Jiewen" To: "Zhang, Chao B" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" , "Zeng, Star" Thread-Topic: [edk2] [PATCH 1/2] SecurityPkg: Tcg2Dxe: Log Startup Locality Event Thread-Index: AQHSdVX4/sbf2Yc4GUOUxy7g4X9SLKFFxFXg Date: Mon, 23 Jan 2017 15:25:16 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8E467A@shsmsx102.ccr.corp.intel.com> References: <20170123085155.21056-1-chao.b.zhang@intel.com> In-Reply-To: <20170123085155.21056-1-chao.b.zhang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 Subject: Re: [PATCH 1/2] SecurityPkg: Tcg2Dxe: Log Startup Locality Event X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2017 15:25:20 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi StartupLocality is a platform policy. We should not hardcode it. We may use one of below ways: 1) Define a new PCD. 2) Detect if there is an startuplocality event hob reported in PEI phase. Thank you Yao Jiewen > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Zh= ang, > Chao B > Sent: Monday, January 23, 2017 4:52 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Zhang, Chao B > ; Zeng, Star > Subject: [edk2] [PATCH 1/2] SecurityPkg: Tcg2Dxe: Log Startup Locality Ev= ent > > Log Startup Locality Event according to TCG PC Client PFP 00.21. > Event should be placed before any extend to PCR[0] > http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific > _Platform_Profile_for_TPM_2p0_Systems_v21.pdf > > Cc: Star Zeng > Cc: Yao Jiewen > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Chao Zhang > --- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 48 > ++++++++++++++++++++++++++++++--------- > 1 file changed, 37 insertions(+), 11 deletions(-) > > diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > index 3534fd1..2658944 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > @@ -1381,11 +1381,12 @@ SetupEventLog ( > UINT32 HashAlgorithmMaskCopied; > TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct; > UINT8 > TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (HASH_COUNT * > sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)]; > - TCG_PCR_EVENT_HDR FirstPcrEvent; > + TCG_PCR_EVENT_HDR NoActionEvent; > TCG_EfiSpecIdEventAlgorithmSize *DigestSize; > TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize; > UINT8 *VendorInfoSize; > UINT32 NumberOfAlgorithms; > + TCG_EfiStartupLocalityEvent StartupLocalityEvent; > > DEBUG ((EFI_D_INFO, "SetupEventLog\n")); > > @@ -1468,24 +1469,49 @@ SetupEventLog ( > VendorInfoSize =3D (UINT8 *)TempDigestSize; > *VendorInfoSize =3D 0; > > + NoActionEvent.PCRIndex =3D 0; > + NoActionEvent.EventType =3D EV_NO_ACTION; > + ZeroMem (&NoActionEvent.Digest, sizeof(NoActionEvent.Digest)); > + NoActionEvent.EventSize =3D (UINT32)GetTcgEfiSpecIdEventStructSi= ze > (TcgEfiSpecIdEventStruct); > + > // > - // FirstPcrEvent > + // Log TcgEfiSpecIdEventStruct as the first Event > + // TCG PC Client PFP spec. Section 9.2 Measurement Event Entri= es > and Log > // > - FirstPcrEvent.PCRIndex =3D 0; > - FirstPcrEvent.EventType =3D EV_NO_ACTION; > - ZeroMem (&FirstPcrEvent.Digest, sizeof(FirstPcrEvent.Digest)); > - FirstPcrEvent.EventSize =3D (UINT32)GetTcgEfiSpecIdEventStructSi= ze > (TcgEfiSpecIdEventStruct); > + Status =3D TcgDxeLogEvent ( > + mTcg2EventInfo[Index].LogFormat, > + &NoActionEvent, > + sizeof(NoActionEvent), > + (UINT8 *)TcgEfiSpecIdEventStruct, > + NoActionEvent.EventSize > + ); > > // > - // Record > + // EfiStartupLocalityEvent > + // > + CopyMem (StartupLocalityEvent.Signature, > TCG_EfiStartupLocalityEvent_SIGNATURE, > sizeof(StartupLocalityEvent.Signature)); > + // > + // SRTM uses Locality 0 to access the TPM according to PC Client= PFP > spec 2.2.1 > + // > + StartupLocalityEvent.StartupLocality =3D LOCALITY_0_INDICATOR; > + > + NoActionEvent.PCRIndex =3D 0; > + NoActionEvent.EventType =3D EV_NO_ACTION; > + ZeroMem (&NoActionEvent.Digest, sizeof(NoActionEvent.Digest)); > + NoActionEvent.EventSize =3D sizeof(StartupLocalityEvent); > + > + // > + // Log EfiStartupLocalityEvent as the second Event > + // TCG PC Client PFP spec. Section 9.3.4.3 Startup Locality Ev= ent > // > Status =3D TcgDxeLogEvent ( > mTcg2EventInfo[Index].LogFormat, > - &FirstPcrEvent, > - sizeof(FirstPcrEvent), > - (UINT8 *)TcgEfiSpecIdEventStruct, > - FirstPcrEvent.EventSize > + &NoActionEvent, > + sizeof(NoActionEvent), > + (UINT8 *)&StartupLocalityEvent, > + NoActionEvent.EventSize > ); > + > } > } > } > -- > 1.9.5.msysgit.1 > > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel