From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A6A9582214 for ; Fri, 3 Mar 2017 06:09:38 -0800 (PST) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Mar 2017 06:09:37 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,237,1484035200"; d="scan'208";a="63926843" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga004.jf.intel.com with ESMTP; 03 Mar 2017 06:09:37 -0800 Received: from fmsmsx114.amr.corp.intel.com (10.18.116.8) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 3 Mar 2017 06:09:36 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX114.amr.corp.intel.com (10.18.116.8) with Microsoft SMTP Server (TLS) id 14.3.248.2; Fri, 3 Mar 2017 06:09:36 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX103.ccr.corp.intel.com ([10.239.4.69]) with mapi id 14.03.0248.002; Fri, 3 Mar 2017 22:09:34 +0800 From: "Yao, Jiewen" To: "Zhang, Chao B" , "edk2-devel@lists.01.org" CC: "Zeng, Star" Thread-Topic: [PATCH 1/2] SecurityPkg: Tcg2Dxe: Measure DBT into PCR[7] Thread-Index: AQHSk/mXGJ6hRFtGA0S2H07n5MGQ/6GDJ2/A Date: Fri, 3 Mar 2017 14:09:33 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8F90C5@shsmsx102.ccr.corp.intel.com> References: <20170303083836.37112-1-chao.b.zhang@intel.com> In-Reply-To: <20170303083836.37112-1-chao.b.zhang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 1/2] SecurityPkg: Tcg2Dxe: Measure DBT into PCR[7] X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Mar 2017 14:09:38 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Both patch are reviewed-by: Jiewen.yao@Intel.com > -----Original Message----- > From: Zhang, Chao B > Sent: Friday, March 3, 2017 4:39 PM > To: edk2-devel@lists.01.org > Cc: Zeng, Star ; Yao, Jiewen ; > Zhang, Chao B > Subject: [PATCH 1/2] SecurityPkg: Tcg2Dxe: Measure DBT into PCR[7] >=20 > Measure DBT into PCR[7] in initial measurement phase if present and > not empty by following TCG PC Client PFP 00.49. > The previous patch according to 00.21 is removed > 1404e3a1508473643efba89af34bd133ab082dd5 >=20 > Cc: Star Zeng > Cc: Yao Jiewen > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Chao Zhang > --- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 19 ++++++++++++++++++- > 1 file changed, 18 insertions(+), 1 deletion(-) >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > index 1d2ac9a..53de666 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > @@ -115,7 +115,6 @@ VARIABLE_TYPE mVariableType[] =3D { > {EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid}, > {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid}, > {EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid}, > - {EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid}, > }; >=20 > EFI_HANDLE mImageHandle; > @@ -2137,6 +2136,24 @@ MeasureAllSecureVariables ( > } > } >=20 > + // > + // Measure DBT if present and not empty > + // > + Status =3D GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, > &gEfiImageSecurityDatabaseGuid, &Data, &DataSize); > + if (!EFI_ERROR(Status)) { > + Status =3D MeasureVariable ( > + 7, > + EV_EFI_VARIABLE_DRIVER_CONFIG, > + EFI_IMAGE_SECURITY_DATABASE2, > + &gEfiImageSecurityDatabaseGuid, > + Data, > + DataSize > + ); > + FreePool(Data); > + } else { > + DEBUG((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n"= , > EFI_IMAGE_SECURITY_DATABASE2)); > + } > + > return EFI_SUCCESS; > } >=20 > -- > 1.9.5.msysgit.1