* [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG definition.
@ 2019-12-21 7:07 Yao, Jiewen
2019-12-23 1:59 ` Ni, Ray
0 siblings, 1 reply; 3+ messages in thread
From: Yao, Jiewen @ 2019-12-21 7:07 UTC (permalink / raw)
To: devel; +Cc: Ray Ni, Rangasai V Chaganty
Since official TCG definition is added to MdePkg, IntelPciDeviceSecurityDxe
should not define its own TCG event log.
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rangasai V Chaganty <rangasai.v.chaganty@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../IntelPciDeviceSecurityDxe.c | 19 ++--
.../IntelPciDeviceSecurityDxe.inf | 1 -
.../TcgDeviceEvent.h | 101 ------------------
3 files changed, 9 insertions(+), 112 deletions(-)
delete mode 100644 Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c b/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c
index 2922fb8deb..d46862a1c4 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.c
@@ -22,14 +22,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Protocol/PciIo.h>
#include <Protocol/DeviceSecurity.h>
#include <Protocol/PlatformDeviceSecurityPolicy.h>
-#include "TcgDeviceEvent.h"
typedef struct {
- EDKII_DEVICE_SECURITY_EVENT_DATA_HEADER EventData;
+ TCG_DEVICE_SECURITY_EVENT_DATA_HEADER EventData;
SPDM_MEASUREMENT_BLOCK_COMMON_HEADER CommonHeader;
SPDM_MEASUREMENT_BLOCK_DMTF_HEADER DmtfHeader;
UINT8 Digest[SHA256_DIGEST_SIZE];
- EDKII_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT PciContext;
+ TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT PciContext;
} EDKII_DEVICE_SECURITY_PCI_EVENT_DATA;
typedef struct {
@@ -327,14 +326,14 @@ ExtendDigestRegister (
Status = PciIo->Pci.Read (PciIo, EfiPciIoWidthUint8, 0, sizeof(PciData), &PciData);
ASSERT_EFI_ERROR(Status);
- PcrIndex = EDKII_DEVICE_MEASUREMENT_COMPONENT_PCR_INDEX;
- EventType = EDKII_DEVICE_MEASUREMENT_COMPONENT_EVENT_TYPE;
+ PcrIndex = 2;
+ EventType = EV_EFI_SPDM_FIRMWARE_BLOB;
- CopyMem (EventLog.EventData.Signature, EDKII_DEVICE_SECURITY_EVENT_DATA_SIGNATURE, sizeof(EventLog.EventData.Signature));
- EventLog.EventData.Version = EDKII_DEVICE_SECURITY_EVENT_DATA_VERSION;
+ CopyMem (EventLog.EventData.Signature, TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE, sizeof(EventLog.EventData.Signature));
+ EventLog.EventData.Version = TCG_DEVICE_SECURITY_EVENT_DATA_VERSION;
EventLog.EventData.Length = sizeof(EDKII_DEVICE_SECURITY_PCI_EVENT_DATA);
EventLog.EventData.SpdmHashAlgo = TcgAlgIdToSpdmHashAlgo (TcgAlgId);
- EventLog.EventData.DeviceType = EDKII_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_PCI;
+ EventLog.EventData.DeviceType = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_PCI;
EventLog.CommonHeader.Index = DigestSel;
EventLog.CommonHeader.MeasurementSpecification = SPDM_MEASUREMENT_BLOCK_HEADER_SPECIFICATION_DMTF;
@@ -343,8 +342,8 @@ ExtendDigestRegister (
EventLog.DmtfHeader.DMTFSpecMeasurementValueSize = SHA256_DIGEST_SIZE;
CopyMem (&EventLog.Digest, Digest, SHA256_DIGEST_SIZE);
- EventLog.PciContext.Version = EDKII_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT_VERSION;
- EventLog.PciContext.Length = sizeof(EDKII_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT);
+ EventLog.PciContext.Version = TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT_VERSION;
+ EventLog.PciContext.Length = sizeof(TCG_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT);
EventLog.PciContext.VendorId = PciData.Hdr.VendorId;
EventLog.PciContext.DeviceId = PciData.Hdr.DeviceId;
EventLog.PciContext.RevisionID = PciData.Hdr.RevisionID;
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf b/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf
index 89a4c8fadd..b51b843bb5 100644
--- a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf
+++ b/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/IntelPciDeviceSecurityDxe.inf
@@ -16,7 +16,6 @@
[Sources]
IntelPciDeviceSecurityDxe.c
- TcgDeviceEvent.h
[Packages]
MdePkg/MdePkg.dec
diff --git a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h b/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h
deleted file mode 100644
index a0ce344112..0000000000
--- a/Silicon/Intel/IntelSiliconPkg/Feature/PcieSecurity/IntelPciDeviceSecurityDxe/TcgDeviceEvent.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/** @file
- TCG Device Event data structure
-Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
-**/
-
-
-#ifndef __TCG_EVENT_DATA_H__
-#define __TCG_EVENT_DATA_H__
-
-#include <IndustryStandard/Spdm.h>
-
-#pragma pack(1)
-
-// -------------------------------------------
-// TCG Measurement for SPDM Device Measurement
-// -------------------------------------------
-
-//
-// Device Firmware Component (including immutable ROM or mutable firmware)
-//
-#define EDKII_DEVICE_MEASUREMENT_COMPONENT_PCR_INDEX 2
-#define EDKII_DEVICE_MEASUREMENT_COMPONENT_EVENT_TYPE 0x800000E1
-//
-// Device Firmware Configuration (including hardware configuration or firmware configuration)
-//
-#define EDKII_DEVICE_MEASUREMENT_CONFIGURATION_PCR_INDEX 4
-#define EDKII_DEVICE_MEASUREMENT_CONFIGURATION_EVENT_TYPE 0x800000E2
-
-//
-// Device Firmware Measurement Measurement Data
-// The measurement data is the device firmware measurement.
-//
-// In order to support crypto agile, the firmware will hash the DeviceMeasurement again.
-// As such the device measurement algo might be different with host firmware measurement algo.
-//
-
-//
-// Device Firmware Measurement Event Data
-//
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_SIGNATURE "SPDM Device Sec\0"
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_VERSION 0
-
-//
-// Device Type
-// 0x03 ~ 0xDF reserved by TCG.
-// 0xE0 ~ 0xFF reserved by OEM.
-//
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_NULL 0
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_PCI 1
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_DEVICE_TYPE_USB 2
-
-//
-// Device Firmware Measurement Event Data Common Part
-// The device specific part should follow this data structure.
-//
-typedef struct {
- //
- // It must be EDKII_DEVICE_SECURITY_EVENT_DATA_SIGNATURE.
- //
- UINT8 Signature[16];
- //
- // It must be EDKII_DEVICE_SECURITY_EVENT_DATA_VERSION.
- //
- UINT16 Version;
- //
- // The length of whole data structure, including Device Context.
- //
- UINT16 Length;
- //
- // The SpdmHashAlgo
- //
- UINT32 SpdmHashAlgo;
- //
- // The type of device. This field is to determine the Device Context followed by.
- //
- UINT32 DeviceType;
- //
- // The SPDM measurement block.
- //
-//SPDM_MEASUREMENT_BLOCK SpdmMeasurementBlock;
-} EDKII_DEVICE_SECURITY_EVENT_DATA_HEADER;
-
-//
-// PCI device specific context
-//
-#define EDKII_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT_VERSION 0
-typedef struct {
- UINT16 Version;
- UINT16 Length;
- UINT16 VendorId;
- UINT16 DeviceId;
- UINT8 RevisionID;
- UINT8 ClassCode[3];
- UINT16 SubsystemVendorID;
- UINT16 SubsystemID;
-} EDKII_DEVICE_SECURITY_EVENT_DATA_PCI_CONTEXT;
-
-#pragma pack()
-
-#endif
--
2.19.2.windows.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG definition.
2019-12-21 7:07 [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG definition Yao, Jiewen
@ 2019-12-23 1:59 ` Ni, Ray
2019-12-23 5:35 ` Yao, Jiewen
0 siblings, 1 reply; 3+ messages in thread
From: Ni, Ray @ 2019-12-23 1:59 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io; +Cc: Chaganty, Rangasai V
>
> - PcrIndex = EDKII_DEVICE_MEASUREMENT_COMPONENT_PCR_INDEX;
> + PcrIndex = 2;
Jiewen, PcrIndex assignment is using magic value 2 here.
I am ok with this magic value. Can you please add comment to say that this
PCR is a device measurement component PCR?
With that, Reviewed-by: Ray Ni <ray.ni@intel.com>
Thanks,
Ray
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG definition.
2019-12-23 1:59 ` Ni, Ray
@ 2019-12-23 5:35 ` Yao, Jiewen
0 siblings, 0 replies; 3+ messages in thread
From: Yao, Jiewen @ 2019-12-23 5:35 UTC (permalink / raw)
To: Ni, Ray, devel@edk2.groups.io; +Cc: Chaganty, Rangasai V
Yes. I will.
Thank you
Yao Jiewen
> -----Original Message-----
> From: Ni, Ray <ray.ni@intel.com>
> Sent: Monday, December 23, 2019 10:00 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Chaganty, Rangasai V <rangasai.v.chaganty@intel.com>
> Subject: RE: [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG
> definition.
>
> >
> > - PcrIndex = EDKII_DEVICE_MEASUREMENT_COMPONENT_PCR_INDEX;
> > + PcrIndex = 2;
>
> Jiewen, PcrIndex assignment is using magic value 2 here.
> I am ok with this magic value. Can you please add comment to say that this
> PCR is a device measurement component PCR?
>
> With that, Reviewed-by: Ray Ni <ray.ni@intel.com>
>
> Thanks,
> Ray
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-12-23 5:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-12-21 7:07 [PATCH] IntelSiliconPkg/IntelPciDeviceSecurity: Use EDKII TCG definition Yao, Jiewen
2019-12-23 1:59 ` Ni, Ray
2019-12-23 5:35 ` Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox