From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.31; helo=mga06.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 6E5612194D387 for ; Tue, 25 Sep 2018 23:17:02 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Sep 2018 23:17:01 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,305,1534834800"; d="scan'208";a="260306500" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by orsmga005.jf.intel.com with ESMTP; 25 Sep 2018 23:16:32 -0700 Received: from fmsmsx114.amr.corp.intel.com (10.18.116.8) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 25 Sep 2018 23:16:29 -0700 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX114.amr.corp.intel.com (10.18.116.8) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 25 Sep 2018 23:16:29 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.140]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.220]) with mapi id 14.03.0319.002; Wed, 26 Sep 2018 14:11:59 +0800 From: "Yao, Jiewen" To: Jorge Fernandez Monteagudo , "Zhang, Chao B" , "edk2-devel@lists.01.org" Thread-Topic: Tianocore and TPM2 pcr values Thread-Index: AQHUU+rT8A2Fo9tZ6UKOSIY+RzW2uqUA/67ggAAJuZSAAQa+V4AAAi1w Date: Wed, 26 Sep 2018 06:11:58 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AD9AC26@shsmsx102.ccr.corp.intel.com> References: , , In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOTA1NjQwYTItYmFkNi00MWRjLThhYjQtYjRiZTNjMDc3M2U2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiODZyTnJRdzlxZjBKQVwvRlpIR2oyNXkyZ3lpd1dQNnNQNmZtVk1tXC9FYXN5QTh3OGN2ODJyVGR6TjFWTU5FTE82In0= x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: Tianocore and TPM2 pcr values X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2018 06:17:02 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Jorge Yes, it is always good to enable serial port debug. There are lots of debug= message in Tcg2Dxe driver. We can know what is wrong. In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image measuremen= t lib extend to PCR2, PCR4, PCR5. The DXE driver extends variable to PCR1/7= , and exposes the TCG2 protocol to let OS use it. In your patch, since we are using UEFI as payload, and there is no PEI, I a= m not clear which driver you expect will extend something to PCR0. Do you t= hink coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be respo= nsible to extend coreboot image from flash, and who should extend UEFI payl= oad? Also, only *3rd part* image will change PCR2 and PCR4. Do you have such cas= e in your platform? Anyway, there should still be something measured - boot variable (PCR1), se= cure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you i= nclude Tcg2Dxe driver. I am not clear if coreboot already extends something to separator according= to TCG PFP spec. If that is the case, we probably need a special handing i= n DXE driver. I look forward to your serial debug message and design discussion. Thank you Yao Jiewen > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 1:46 PM > To: Zhang, Chao B ; edk2-devel@lists.01.org > Subject: Re: [edk2] Tianocore and TPM2 pcr values >=20 > Hi Chao! >=20 >=20 > Maybe the traces I get from the debug build and >=20 >=20 > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F >=20 > can help. >=20 >=20 > ________________________________ > De: edk2-devel en nombre de Jorge > Fernandez Monteagudo > Enviado: martes, 25 de septiembre de 2018 16:09:31 > Para: Zhang, Chao B; edk2-devel@lists.01.org > Asunto: Re: [edk2] Tianocore and TPM2 pcr values >=20 > Hi Chao! >=20 >=20 > PCR0 has not changed in any of the test I've done! What info do you need? >=20 >=20 > I'm using: >=20 > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch >=20 > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > branch >=20 > Attached are the changes I've done to tianocore to get TPM2 support and n= o > console. > PCR0 is always > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 >=20 > Thanks! > ________________________________ > De: Zhang, Chao B > Enviado: martes, 25 de septiembre de 2018 15:41:45 > Para: Jorge Fernandez Monteagudo; edk2-devel@lists.01.org > Cc: You, Benjamin > Asunto: RE: Tianocore and TPM2 pcr values >=20 > Hi Jorge: > PCR 0 should change if you use different core boot payload + UEFI. S= o > your case seems to be an issue. Can you provide more detailed info? >=20 >=20 > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Monday, September 24, 2018 5:57 PM > To: edk2-devel@lists.01.org > Subject: [edk2] Tianocore and TPM2 pcr values >=20 > Hi all, >=20 >=20 > This is my first message in this list. I'm using tianocore as a payload f= or a > Coreboot in order to >=20 > boot a custom board I'm working on it. Finally I've been able to enable t= he > TPM2 support in >=20 > coreboot and in tianocore but I have some questions regarding the values > I'm seeing in the PCRs. >=20 >=20 > I'm using Tianocore master branch as is selected by coreboot menuconfig > and x64 architecture. >=20 > Once the system is running I can read the PCRs and, if I'm not wrong, PCR= s 0 > to 7 are handled >=20 > by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release > mode and a coreboot+ >=20 > tianocore in debug mode and the PCRs are the same. Is it ok? I thought th= at > any change in the >=20 > coreboot.rom will made the PCR values to change... >=20 >=20 > pcr0: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr1: > a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 > pcr2: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr3: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr4: > 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871 > f > pcr5: > dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad > 8 > pcr6: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr7: > b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 >=20 > Another test I've done is using the Tianocore stable branch as selected b= y > coreboot > (STABLE_COMMIT_ID=3D315d9d08fd77db1024ccc5307823da8aaed85e2f) and > I get the same values from release and build coreboot.roms except that > PCR1 has the same value as PCR0, 2, 3 and 6, it seems it's not used in th= is > version. >=20 > Is this the expected behavior? >=20 > Thanks! > Jorge > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel