From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0DDF881EE4 for ; Mon, 23 Jan 2017 18:13:33 -0800 (PST) Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP; 23 Jan 2017 18:13:32 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,276,1477983600"; d="scan'208";a="1116886202" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga002.fm.intel.com with ESMTP; 23 Jan 2017 18:13:32 -0800 Received: from fmsmsx118.amr.corp.intel.com (10.18.116.18) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 23 Jan 2017 18:13:32 -0800 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx118.amr.corp.intel.com (10.18.116.18) with Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 23 Jan 2017 18:13:32 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.132]) with mapi id 14.03.0248.002; Tue, 24 Jan 2017 10:13:26 +0800 From: "Yao, Jiewen" To: "Zhang, Chao B" , "edk2-devel@lists.01.org" CC: "Zeng, Star" Thread-Topic: [PATCH V2 1/2] SecurityPkg: Tcg2Dxe: Log Startup Locality Event Thread-Index: AQHSdeTB1piwH+tlx0K3LZOqc/kL6qFG4w1w Date: Tue, 24 Jan 2017 02:13:25 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8E4A28@shsmsx102.ccr.corp.intel.com> References: <20170124015401.24540-1-chao.b.zhang@intel.com> In-Reply-To: <20170124015401.24540-1-chao.b.zhang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH V2 1/2] SecurityPkg: Tcg2Dxe: Log Startup Locality Event X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jan 2017 02:13:33 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: jiewen.yao@intel.com > -----Original Message----- > From: Zhang, Chao B > Sent: Tuesday, January 24, 2017 9:54 AM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen ; Zeng, Star ; > Zhang, Chao B > Subject: [PATCH V2 1/2] SecurityPkg: Tcg2Dxe: Log Startup Locality Event >=20 > Log Startup Locality Event according to TCG PC Client PFP 00.21. > Event should be placed before any extend to PCR[0] > http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific > _Platform_Profile_for_TPM_2p0_Systems_v21.pdf >=20 > Cc: Star Zeng > Cc: Yao Jiewen > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Chao Zhang > --- > SecurityPkg/Include/Guid/TcgEventHob.h | 12 +++++++- > SecurityPkg/SecurityPkg.dec | 4 +++ > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 54 > ++++++++++++++++++++++++++-------- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 3 +- > 4 files changed, 59 insertions(+), 14 deletions(-) >=20 > diff --git a/SecurityPkg/Include/Guid/TcgEventHob.h > b/SecurityPkg/Include/Guid/TcgEventHob.h > index 1082807..8be5cd0 100644 > --- a/SecurityPkg/Include/Guid/TcgEventHob.h > +++ b/SecurityPkg/Include/Guid/TcgEventHob.h > @@ -3,7 +3,7 @@ > a TPM DXE Driver. A GUIDed HOB is generated for each measurement > made in the PEI Phase. >=20 > -Copyright (c) 2007 - 2015, Intel Corporation. All rights reserved.
> +Copyright (c) 2007 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e found > at > @@ -44,4 +44,14 @@ extern EFI_GUID gTcgEvent2EntryHobGuid; >=20 > extern EFI_GUID gTpmErrorHobGuid; >=20 > +/// > +/// The Global ID of a GUIDed HOB used to record TPM2 Startup Locality. > +/// > +#define EFI_TPM2_STARTUP_LOCALITY_HOB_GUID \ > + { \ > + 0xef598499, 0xb25e, 0x473a, { 0xbf, 0xaf, 0xe7, 0xe5, 0x7d, 0xce, 0x= 82, 0xc4 } > \ > + } > + > +extern EFI_GUID gTpm2StartupLocalityHobGuid; > + > #endif > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 0c64d25..b556fb6 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -134,6 +134,10 @@ > # Include/Guid/TcgEventHob.h > gTpmErrorHobGuid =3D { 0xef598499, 0xb25e, 0x473a, > { 0xbf, 0xaf, 0xe7, 0xe5, 0x7d, 0xce, 0x82, 0xc4 }} >=20 > + ## HOB GUID used to record TPM2 startup locality > + ## Include/Guid/TcgEventHob.h > + gTpm2StartupLocalityHobGuid =3D { 0x397b0c9, 0x22e8, 0x459e, { = 0xa4, > 0xff, 0x99, 0xbc, 0x65, 0x27, 0x9, 0x29 }} > + > ## HOB GUID used to pass all PEI measured FV info to DXE Driver. > # Include/Guid/MeasuredFvHob.h > gMeasuredFvHobGuid =3D { 0xb2360b42, 0x7173, 0x420a, > { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }} > diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > index 3534fd1..99e2c48 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > @@ -1381,11 +1381,12 @@ SetupEventLog ( > UINT32 HashAlgorithmMaskCopied; > TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct; > UINT8 > TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (HASH_COUNT * > sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)]; > - TCG_PCR_EVENT_HDR FirstPcrEvent; > + TCG_PCR_EVENT_HDR NoActionEvent; > TCG_EfiSpecIdEventAlgorithmSize *DigestSize; > TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize; > UINT8 *VendorInfoSize; > UINT32 NumberOfAlgorithms; > + TCG_EfiStartupLocalityEvent StartupLocalityEvent; >=20 > DEBUG ((EFI_D_INFO, "SetupEventLog\n")); >=20 > @@ -1468,24 +1469,53 @@ SetupEventLog ( > VendorInfoSize =3D (UINT8 *)TempDigestSize; > *VendorInfoSize =3D 0; >=20 > - // > - // FirstPcrEvent > - // > - FirstPcrEvent.PCRIndex =3D 0; > - FirstPcrEvent.EventType =3D EV_NO_ACTION; > - ZeroMem (&FirstPcrEvent.Digest, sizeof(FirstPcrEvent.Digest)); > - FirstPcrEvent.EventSize =3D (UINT32)GetTcgEfiSpecIdEventStructSi= ze > (TcgEfiSpecIdEventStruct); > + NoActionEvent.PCRIndex =3D 0; > + NoActionEvent.EventType =3D EV_NO_ACTION; > + ZeroMem (&NoActionEvent.Digest, sizeof(NoActionEvent.Digest)); > + NoActionEvent.EventSize =3D (UINT32)GetTcgEfiSpecIdEventStructSi= ze > (TcgEfiSpecIdEventStruct); >=20 > // > - // Record > + // Log TcgEfiSpecIdEventStruct as the first Event > + // TCG PC Client PFP spec. Section 9.2 Measurement Event Entri= es > and Log > // > Status =3D TcgDxeLogEvent ( > mTcg2EventInfo[Index].LogFormat, > - &FirstPcrEvent, > - sizeof(FirstPcrEvent), > + &NoActionEvent, > + sizeof(NoActionEvent), > (UINT8 *)TcgEfiSpecIdEventStruct, > - FirstPcrEvent.EventSize > + NoActionEvent.EventSize > ); > + > + // > + // EfiStartupLocalityEvent > + // > + GuidHob.Guid =3D GetFirstGuidHob (&gTpm2StartupLocalityHobGuid); > + if (GuidHob.Guid !=3D NULL) { > + // > + // Get Locality Indicator from StartupLocality HOB > + // > + StartupLocalityEvent.StartupLocality =3D *(UINT8 > *)(GET_GUID_HOB_DATA (GuidHob.Guid)); > + CopyMem (StartupLocalityEvent.Signature, > TCG_EfiStartupLocalityEvent_SIGNATURE, > sizeof(StartupLocalityEvent.Signature)); > + > + NoActionEvent.PCRIndex =3D 0; > + NoActionEvent.EventType =3D EV_NO_ACTION; > + ZeroMem (&NoActionEvent.Digest, sizeof(NoActionEvent.Digest)); > + NoActionEvent.EventSize =3D sizeof(StartupLocalityEvent); > + > + DEBUG ((EFI_D_INFO, "SetupEventLog: Set Locality from HOB into > StartupLocalityEvent 0x%02x\n", StartupLocalityEvent.StartupLocality)); > + > + // > + // Log EfiStartupLocalityEvent as the second Event > + // TCG PC Client PFP spec. Section 9.3.4.3 Startup Locality = Event > + // > + Status =3D TcgDxeLogEvent ( > + mTcg2EventInfo[Index].LogFormat, > + &NoActionEvent, > + sizeof(NoActionEvent), > + (UINT8 *)&StartupLocalityEvent, > + NoActionEvent.EventSize > + ); > + } > } > } > } > diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > index 6b4c15f..8efc4e3 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > @@ -7,7 +7,7 @@ > # This external input must be validated carefully to avoid security iss= ue like > # buffer overflow, integer overflow. > # > -# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
> +# Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the = BSD > License > # which accompanies this distribution. The full text of the license may = be found > at > @@ -80,6 +80,7 @@ > gEfiTpmDeviceInstanceTpm12Guid ## > SOMETIMES_CONSUMES ## GUID # TPM device identifier >=20 > gTcgEvent2EntryHobGuid ## > SOMETIMES_CONSUMES ## HOB > + gTpm2StartupLocalityHobGuid ## > SOMETIMES_CONSUMES ## HOB >=20 > [Protocols] > gEfiTcg2ProtocolGuid ## PRODUCES > -- > 1.9.5.msysgit.1