From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.100; helo=mga07.intel.com; envelope-from=jiewen.yao@intel.com; receiver=edk2-devel@lists.01.org Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 8C93421A07A80 for ; Wed, 26 Sep 2018 05:17:19 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Sep 2018 05:17:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,306,1534834800"; d="scan'208,217";a="83385400" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by FMSMGA003.fm.intel.com with ESMTP; 26 Sep 2018 05:17:16 -0700 Received: from fmsmsx124.amr.corp.intel.com (10.18.125.39) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 26 Sep 2018 05:17:15 -0700 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by fmsmsx124.amr.corp.intel.com (10.18.125.39) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 26 Sep 2018 05:17:15 -0700 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.140]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.220]) with mapi id 14.03.0319.002; Wed, 26 Sep 2018 20:17:12 +0800 From: "Yao, Jiewen" To: Jorge Fernandez Monteagudo , "Zhang, Chao B" , "edk2-devel@lists.01.org" Thread-Topic: Tianocore and TPM2 pcr values Thread-Index: AQHUU+rT8A2Fo9tZ6UKOSIY+RzW2uqUA/67ggAAJuZSAAQa+V4AAAi1wgAAImUyAAAWbQIAAAUkdgAABixCAACEtA4AAAPhQgAAB/OKAADYlQA== Date: Wed, 26 Sep 2018 12:17:12 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503AD9CB13@shsmsx102.ccr.corp.intel.com> References: , , , <74D8A39837DF1E4DA445A8C0B3885C503AD9AC26@shsmsx102.ccr.corp.intel.com> , <74D8A39837DF1E4DA445A8C0B3885C503AD9C2A3@shsmsx102.ccr.corp.intel.com> , <74D8A39837DF1E4DA445A8C0B3885C503AD9C411@shsmsx102.ccr.corp.intel.com> , <74D8A39837DF1E4DA445A8C0B3885C503AD9C8D3@shsmsx102.ccr.corp.intel.com> In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiM2RjNzc4MzItZmI3MC00OWFlLWE2ZDItNTVjMDI5ZGRmZDdjIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiRTZ5SUtabGZrY1BEZE9rNERHOEMza1lVSWJaY2NTRSt5YytqOUpQemQwbjJMaEJnYWZFVmJocVNtb1RQME45MyJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: Tianocore and TPM2 pcr values X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2018 12:17:19 -0000 Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable OK. So no issue in UEFI payload, right? Thank you Yao Jiewen From: Jorge Fernandez Monteagudo [mailto:jorgefm@cirsa.com] Sent: Wednesday, September 26, 2018 5:06 PM To: Yao, Jiewen ; Zhang, Chao B ; edk2-devel@lists.01.org Subject: Re: Tianocore and TPM2 pcr values > You still cannot get the right PCR hardware value? Sorry, what do you mean? I think the only remaining thing is extending the = tianocore payload from the coreboot once is loaded in order to detect changes in the payload = but it's related to coreboot no edk2... ________________________________ De: Yao, Jiewen > Enviado: mi=E9rcoles, 26 de septiembre de 2018 10:56:05 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org Asunto: RE: Tianocore and TPM2 pcr values OK. That means the PCR is extended successfully. You still cannot get the right PCR hardware value? > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 4:54 PM > To: Yao, Jiewen >; Zhan= g, Chao B > >; edk2-devel@lists= .01.org > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > I've added the Tcg2GetEventLog at the end of OnReadyToBoot from > Tcg2Dxe.c and I can see: > > > TPM2 Tcg2Dxe Measure Data when ReadyToBoot > Tcg2GetEventLog ... (0x2) > Tcg2GetEventLog (EventLogLocation - 8F3D2000) > Tcg2GetEventLog (EventLogLastEntry - 8F3D27AE) > Tcg2GetEventLog (EventLogTruncated - 0) > Tcg2GetEventLog - Success > EventLogFormat: (0x2) > Event: > PCRIndex - 0 > EventType - 0x00000003 > Digest - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 > EventSize - 0x00000025 > 0000: > 53706563204944204576656E74303300000000000002000202000000040014 > 00 > 0020: 0B00200000 > TCG_EfiSpecIDEventStruct: > signature - 'Spec ID Event03 ' > platformClass - 0x00000000 > specVersion - 2.00 > uintnSize - 0x02 > NumberOfAlgorithms - 0x00000002 > digest(0) > algorithmId - 0x0004 > digestSize - 0x0014 > digest(1) > algorithmId - 0x000B > digestSize - 0x0020 > VendorInfoSize - 0x00 > VendorInfo - > Event: > PCRIndex - 7 > EventType - 0x80000001 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 2F 20 11 2A 3F 55 39 8B 20 8E 0C 42 68 13 89 B4 CB 5B 18 > 23 > HashAlgo : 0x000B > Digest(1): CE 9C E3 86 B5 2E 09 9F 30 19 E5 12 A0 D6 06 2D 6B 56 0E > FE 4F F3 E5 66 1C 75 25 E2 F9 C2 63 DF > > EventSize - 0x00000034 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C0A00000000000000000000000000 > 0000 > 0020: 53006500630075007200650042006F006F007400 > Event: > PCRIndex - 7 > EventType - 0x80000001 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 9B 13 87 30 6E BB 7F F8 E7 95 E7 BE 77 56 36 66 BB F4 51 > 6E > HashAlgo : 0x000B > Digest(1): DE A7 B8 0A B5 3A 3D AA A2 4D 5C C4 6C 64 E1 FA 9F FD 03 > 73 9F 90 AA DB D8 C0 86 7C 4A 5B 48 90 > > EventSize - 0x00000024 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C02000000000000000000000000000 > 000 > 0020: 50004B00 > Event: > PCRIndex - 7 > EventType - 0x80000001 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 9A FA 86 C5 07 41 9B 85 70 C6 21 67 CB 94 86 D9 FC 80 97 > 58 > HashAlgo : 0x000B > Digest(1): E6 70 E1 21 FC EB D4 73 B8 BC 41 BB 80 13 01 FC 1D 9A FA > 33 90 4F 06 F7 14 9B 74 F1 2C 47 A6 8F > > EventSize - 0x00000026 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C03000000000000000000000000000 > 000 > 0020: 4B0045004B00 > Event: > PCRIndex - 7 > EventType - 0x80000001 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 5B F8 FA A0 78 D4 0F FB D0 33 17 C9 33 98 B0 12 29 A0 E1 > E0 > HashAlgo : 0x000B > Digest(1): BA F8 9A 3C CA CE 52 75 0C 5F 01 28 35 1E 04 22 A4 15 97 > A1 AD FD 50 82 2A A3 63 B9 D1 24 EA 7C > > EventSize - 0x00000024 > 0000: > CBB219D73A3D9645A3BCDAD00E67656F0200000000000000000000000000 > 0000 > 0020: 64006200 > Event: > PCRIndex - 7 > EventType - 0x80000001 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 73 44 24 C9 FE 8F C7 17 16 C4 20 96 F4 B7 4C 88 73 3B 17 > 5E > HashAlgo : 0x000B > Digest(1): 9F 75 B6 82 3B FF 6A F1 02 4A 4E 20 36 71 9C DD 54 8D 3C > BC 2B F1 DE 8E 7E F4 D0 ED 01 F9 4B F9 > > EventSize - 0x00000026 > 0000: > CBB219D73A3D9645A3BCDAD00E67656F0300000000000000000000000000 > 0000 > 0020: 640062007800 > Event: > PCRIndex - 7 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 1 > EventType - 0x80000002 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 1B 24 F7 F4 BB 84 00 03 02 20 9D 12 98 D6 2F 57 79 A9 4F > 45 > HashAlgo : 0x000B > Digest(1): 90 C2 69 89 21 CA 9F D0 29 50 BE 35 3F 72 18 88 76 0E 33 > AB 50 95 A2 1E 50 F1 E4 36 0B 6D E1 A0 > > EventSize - 0x00000038 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C09000000000000000600000000000 > 000 > 0020: 42006F006F0074004F007200640065007200000001000200 > Event: > PCRIndex - 1 > EventType - 0x80000002 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): E9 44 11 C7 28 F4 14 4F 9F 49 9D DE 4A BB F8 F0 48 3A BB > 66 > HashAlgo : 0x000B > Digest(1): 1F 7F 14 CE 8C 8E 85 5B 56 A0 FF 0D 87 FB 6E E6 78 98 37 > 76 FA BE 83 C4 9F E5 1F 07 36 D3 0E 9C > > EventSize - 0x00000070 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C08000000000000004000000000000 > 000 > 0020: > 42006F006F0074003000300030003000010000001C00450046004900200055 > 00 > 0040: > 530042002000440065007600690063006500000002010C00D041030A00000 > 000 > 0060: 0101060000100305060001007FFF0400 > Event: > PCRIndex - 1 > EventType - 0x80000002 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 2D 60 53 82 1E 28 AC 45 A6 64 84 57 06 57 48 7A C3 8B 9E > 3A > HashAlgo : 0x000B > Digest(1): A0 39 4A 61 B8 1E 84 4E 1C 13 6C 74 EC 15 56 0A CF 5C 69 > 0F 22 3E C3 22 1F F5 1E 18 3C 72 AF DA > > EventSize - 0x00000074 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C08000000000000004400000000000 > 000 > 0020: > 42006F006F0074003000300030003100010000002000450046004900200048 > 00 > 0040: > 610072006400200044007200690076006500000002010C00D041030A00000 > 000 > 0060: 01010600001103120A000100FFFF00007FFF0400 > Event: > PCRIndex - 1 > EventType - 0x80000002 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): CF A3 CA 37 28 69 A8 3E 5A 0A 29 2D 94 D9 03 32 3D F7 1E > 86 > HashAlgo : 0x000B > Digest(1): C1 B5 4E 82 C6 8B 86 A7 ED 70 DF E9 CB AC A8 1E 99 C0 8A > 42 13 DD FD 13 7A 54 12 45 C8 33 13 22 > > EventSize - 0x00000079 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C08000000000000004900000000000 > 000 > 0020: > 42006F006F007400300030003000320001000000230045004600490020004D > 00 > 0040: > 6900730063002000440065007600690063006500000002010C00D041030A0 > 000 > 0060: 0000010106000714031D05000001050800000000007FFF0400 > Event: > PCRIndex - 4 > EventType - 0x80000007 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): CD 0F DB 45 31 A6 EC 41 BE 27 53 BA 04 26 37 D6 E5 F7 F2 > 56 > HashAlgo : 0x000B > Digest(1): 3D 67 72 B4 F8 4E D4 75 95 D7 2A 2C 4C 5F FD 15 F5 BB 72 > C7 50 7F E2 6F 2A AE E2 C6 9D 56 33 BA > > EventSize - 0x00000028 > 0000: > 43616C6C696E6720454649204170706C69636174696F6E2066726F6D20426F > 6F > 0020: 74204F7074696F6E > Event: > PCRIndex - 0 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 1 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 2 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 3 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 4 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 5 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 6 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > FinalEventsTable: (0x8F408000) > Version: (0x1) > NumberOfEvents: (0x0) > PROGRESS CODE: V03051001 I0 > > > > > ________________________________ > De: Yao, Jiewen > > Enviado: mi=E9rcoles, 26 de septiembre de 2018 8:58:26 > Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org<= mailto:edk2-devel@lists.01.org> > Asunto: RE: Tianocore and TPM2 pcr values > > > That means the TPM2 device works well. > > > > We have code to dump the final event log at Tcg2GetEventLog(). > > // Dump Event Log for debug purpose > > if ((EventLogLocation !=3D NULL) && (EventLogLastEntry !=3D NULL)) { > > DumpEventLog (EventLogFormat, *EventLogLocation, > *EventLogLastEntry, mTcgDxeData.FinalEventsTable[Index]); > > } > > > > If your OS need consume the event log, I expect OS loader calls > Tcg2GetEventLog(). > > > > If you don't have such OS, then you can add Tcg2GetEventLog() call in the > end of OnReadyToBoot() - just for debug purpose to dump the event log. > > > > As such we can know how many events are extended. > > > > Thank you > > Yao Jiewen > > > > > > From: Jorge Fernandez Monteagudo [mailto:jorgefm@cirsa.com] > Sent: Wednesday, September 26, 2018 2:48 PM > To: Yao, Jiewen >; Zhan= g, Chao B > >; edk2-devel@lists= .01.org > Subject: Re: Tianocore and TPM2 pcr values > > > > Yes, from log I see: > > > > Loading driver at 0x0008F3F2000 EntryPoint=3D0x0008F3F2240 Tcg2Dxe.efi > InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF > 8F410C18 > ProtectUefiImageCommon - 0x8F4107C0 > - 0x000000008F3F2000 - 0x000000000000D800 > PROGRESS CODE: V03040002 I0 > InterfaceId - 0xFFFFFFFF > InterfaceType - 0x0F > InterfaceCapability - 0x300000FF > InterfaceVersion - 0x3 > StatusEx - 0xFF > TpmFamily - 0x3 > PtpInterface - 0 > VID - 0x15D1 > DID - 0x001A > RID - 0x10 > Tcg2.ProtocolVersion - 01.01 > Tcg2.StructureVersion - 01.01 > Tpm2GetCapabilityManufactureID - 00584649 > Tpm2GetCapabilityFirmwareVersion - 00050000 00044102 > Tpm2GetCapabilityMaxCommandResponseSize - 00000500, 00000500 > GetSupportedAndActivePcrs - Count =3D 00000002 > Tcg2.SupportedEventLogs - 0x00000003 > Tcg2.HashAlgorithmBitmap - 0x00000003 > Tcg2.NumberOfPCRBanks - 0x00000002 > Tcg2.ActivePcrBanks - 0x00000003 > ... > > > > ________________________________ > > De: Yao, Jiewen >> > Enviado: mi=E9rcoles, 26 de septiembre de 2018 8:44:54 > Para: Jorge Fernandez Monteagudo; Zhang, Chao B; > edk2-devel@lists.01.org> > Asunto: RE: Tianocore and TPM2 pcr values > > > > ProtectUefiImageCommon is not related. > > > > Below code is the Tcg2Dxe entrypoint, I expect you can see some message > there: > > > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > DriverEntry() > > if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), > &gEfiTpmDeviceInstanceNoneGuid) || > > CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), > &gEfiTpmDeviceInstanceTpm12Guid)){ > > DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); > > return EFI_UNSUPPORTED; > > } > > > > if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { > > DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); > > return EFI_DEVICE_ERROR; > > } > > > > Status =3D Tpm2RequestUseTpm (); > > if (EFI_ERROR (Status)) { > > DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n")); > > return Status; > > } > > > > // > > // Fill information > > // > > ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX =3D=3D > sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])); > > > > mTcgDxeData.BsCap.Size =3D > sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY); > > mTcgDxeData.BsCap.ProtocolVersion.Major =3D 1; > > mTcgDxeData.BsCap.ProtocolVersion.Minor =3D 1; > > mTcgDxeData.BsCap.StructureVersion.Major =3D 1; > > mTcgDxeData.BsCap.StructureVersion.Minor =3D 1; > > > > DEBUG ((EFI_D_INFO, "Tcg2.ProtocolVersion - %02x.%02x\n", > mTcgDxeData.BsCap.ProtocolVersion.Major, > mTcgDxeData.BsCap.ProtocolVersion.Minor)); > > DEBUG ((EFI_D_INFO, "Tcg2.StructureVersion - %02x.%02x\n", > mTcgDxeData.BsCap.StructureVersion.Major, > mTcgDxeData.BsCap.StructureVersion.Minor)); > > > > Status =3D Tpm2GetCapabilityManufactureID > (&mTcgDxeData.BsCap.ManufacturerID); > > if (EFI_ERROR (Status)) { > > DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityManufactureID fail!\n")); > > } else { > > DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityManufactureID - %08x\n", > mTcgDxeData.BsCap.ManufacturerID)); > > } > > > > > > > > > > > > From: Jorge Fernandez Monteagudo [mailto:jorgefm@cirsa.com] > Sent: Wednesday, September 26, 2018 2:40 PM > To: Yao, Jiewen >>; > Zhang, Chao B > >>; > edk2-devel@lists.01.org> > Subject: Re: Tianocore and TPM2 pcr values > > > > Hi Yao > > > > > Yes, it is always good to enable serial port debug. There are lots of d= ebug > message in Tcg2Dxe driver. We can know what is wrong. > > > > From the log I've been able to see that "measure" messages start once > Tcg2Dxe.efi. From the beggining I can only see "ProtectUefiImageCommon" > > messages but I don't know if they are related. > > > > >In your patch, since we are using UEFI as payload, and there is no PEI, = I am > not clear which driver you expect will extend something to PCR0. Do you > think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should > be >responsible to extend coreboot image from flash, and who should > extend UEFI payload? > > > > I think nothing is implemented in coreboot because when TPM2 was not > activated in edk2 PCR0-10 were all 0. It's only checking what device > > is available and sending the tpm2_startup command. I'll try to investigat= e the > coreboot project to see if the tianocore payload could be extended > > before loading because coreboot should be the CRTM. > > > > > Also, only *3rd part* image will change PCR2 and PCR4. Do you have such > case in your platform? > > > > First notice. No I don't have such case in my platform. > > > > Thanks! > > Jorge > > ________________________________ > > De: Yao, Jiewen >> > Enviado: mi=E9rcoles, 26 de septiembre de 2018 8:11:58 > Para: Jorge Fernandez Monteagudo; Zhang, Chao B; > edk2-devel@lists.01.org> > Asunto: RE: Tianocore and TPM2 pcr values > > > > Hi Jorge > Yes, it is always good to enable serial port debug. There are lots of deb= ug > message in Tcg2Dxe driver. We can know what is wrong. > > In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image > measurement lib extend to PCR2, PCR4, PCR5. The DXE driver extends > variable to PCR1/7, and exposes the TCG2 protocol to let OS use it. > > In your patch, since we are using UEFI as payload, and there is no PEI, I= am > not clear which driver you expect will extend something to PCR0. Do you > think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be > responsible to extend coreboot image from flash, and who should extend > UEFI payload? > > Also, only *3rd part* image will change PCR2 and PCR4. Do you have such > case in your platform? > > Anyway, there should still be something measured - boot variable (PCR1), > secure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if y= ou > include Tcg2Dxe driver. > > I am not clear if coreboot already extends something to separator accordi= ng > to TCG PFP spec. If that is the case, we probably need a special handing = in > DXE driver. > > > I look forward to your serial debug message and design discussion. > > Thank you > Yao Jiewen > > > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > > Jorge Fernandez Monteagudo > > Sent: Wednesday, September 26, 2018 1:46 PM > > To: Zhang, Chao B > >>; > edk2-devel@lists.01.org> > > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > > > Hi Chao! > > > > > > Maybe the traces I get from the debug build and > > > > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F > > > > can help. > > > > > > ________________________________ > > De: edk2-devel > > >> en nombre de Jorge > > Fernandez Monteagudo > >> > > Enviado: martes, 25 de septiembre de 2018 16:09:31 > > Para: Zhang, Chao B; > edk2-devel@lists.01.org> > > Asunto: Re: [edk2] Tianocore and TPM2 pcr values > > > > Hi Chao! > > > > > > PCR0 has not changed in any of the test I've done! What info do you nee= d? > > > > > > I'm using: > > > > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master > branch > > > > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > > branch > > > > Attached are the changes I've done to tianocore to get TPM2 support and > no > > console. > > PCR0 is always > > > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > > > Thanks! > > ________________________________ > > De: Zhang, Chao B > >> > > Enviado: martes, 25 de septiembre de 2018 15:41:45 > > Para: Jorge Fernandez Monteagudo; > edk2-devel@lists.01.org> > > Cc: You, Benjamin > > Asunto: RE: Tianocore and TPM2 pcr values > > > > Hi Jorge: > > PCR 0 should change if you use different core boot payload + UEFI. > So > > your case seems to be an issue. Can you provide more detailed info? > > > > > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > > Jorge Fernandez Monteagudo > > Sent: Monday, September 24, 2018 5:57 PM > > To: edk2-devel@lists.01.org> > > Subject: [edk2] Tianocore and TPM2 pcr values > > > > Hi all, > > > > > > This is my first message in this list. I'm using tianocore as a payload= for a > > Coreboot in order to > > > > boot a custom board I'm working on it. Finally I've been able to enable= the > > TPM2 support in > > > > coreboot and in tianocore but I have some questions regarding the value= s > > I'm seeing in the PCRs. > > > > > > I'm using Tianocore master branch as is selected by coreboot menuconfig > > and x64 architecture. > > > > Once the system is running I can read the PCRs and, if I'm not wrong, P= CRs > 0 > > to 7 are handled > > > > by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release > > mode and a coreboot+ > > > > tianocore in debug mode and the PCRs are the same. Is it ok? I thought > that > > any change in the > > > > coreboot.rom will made the PCR values to change... > > > > > > pcr0: > > > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > pcr1: > > > a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 > > pcr2: > > > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > pcr3: > > > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > pcr4: > > > 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871 > > f > > pcr5: > > > dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad > > 8 > > pcr6: > > > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > pcr7: > > > b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 > > > > Another test I've done is using the Tianocore stable branch as selected= by > > coreboot > > (STABLE_COMMIT_ID=3D315d9d08fd77db1024ccc5307823da8aaed85e2f) > and > > I get the same values from release and build coreboot.roms except that > > PCR1 has the same value as PCR0, 2, 3 and 6, it seems it's not used in = this > > version. > > > > Is this the expected behavior? > > > > Thanks! > > Jorge > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org> > > https://lists.01.org/mailman/listinfo/edk2-devel > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org> > > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel