From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Wang, Jian J" <jian.j.wang@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Zhang, Chao B" <chao.b.zhang@intel.com>
Subject: Re: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
Date: Mon, 6 Jan 2020 06:00:28 +0000 [thread overview]
Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503F8D091D@shsmsx102.ccr.corp.intel.com> (raw)
In-Reply-To: <D827630B58408649ACB04F44C5100036259EA7E7@SHSMSX107.ccr.corp.intel.com>
I see. Will do that.
> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: Monday, January 6, 2020 1:58 PM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: RE: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
>
> I mean putting all rev0 code in 'else' not just one line. For rev105, your patch
> will initialize FvBlob but never use it at all. It will confuse readers sometimes.
>
> Regards,
> Jian
>
> > -----Original Message-----
> > From: Yao, Jiewen <jiewen.yao@intel.com>
> > Sent: Monday, January 06, 2020 1:53 PM
> > To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io
> > Cc: Zhang, Chao B <chao.b.zhang@intel.com>
> > Subject: RE: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
> >
> > Hi Jian
> > I purposely put the line there, because I want to group all the rev 0 code
> > together and rev 105 code together in if statement. I don't want to move that
> > particular line to else statement.
> >
> > Thank you
> > Yao Jiewen
> >
> > > -----Original Message-----
> > > From: Wang, Jian J <jian.j.wang@intel.com>
> > > Sent: Monday, January 6, 2020 1:33 PM
> > > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> > > Cc: Zhang, Chao B <chao.b.zhang@intel.com>
> > > Subject: RE: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
> > >
> > > Jiewen,
> > >
> > > Just one minor comment. With it addressed,
> > >
> > > Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
> > >
> > >
> > > > -----Original Message-----
> > > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > > Sent: Tuesday, December 31, 2019 2:44 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Chao B
> > > > <chao.b.zhang@intel.com>
> > > > Subject: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
> > > >
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439
> > > >
> > > > Use EV_EFI_PLATFORM_FIRMWARE_BLOB2 if the TCG PFP revision is >=
> 105.
> > > > Use FvName as the description for the FV.
> > > >
> > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > Cc: Chao Zhang <chao.b.zhang@intel.com>
> > > > Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> > > > ---
> > > > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 91 ++++++++++++++++++++++++++-
> --
> > > > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 2 +
> > > > 2 files changed, 84 insertions(+), 9 deletions(-)
> > > >
> > > > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > > index 1565d4e402..7d99c7906a 100644
> > > > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > > @@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > #include <Library/MemoryAllocationLib.h>
> > > > #include <Library/ReportStatusCodeLib.h>
> > > > #include <Library/ResetSystemLib.h>
> > > > +#include <Library/PrintLib.h>
> > > >
> > > > #define PERF_ID_TCG2_PEI 0x3080
> > > >
> > > > @@ -78,6 +79,18 @@ EFI_PLATFORM_FIRMWARE_BLOB
> > > > *mMeasuredChildFvInfo;
> > > > UINT32 mMeasuredMaxChildFvIndex = 0;
> > > > UINT32 mMeasuredChildFvIndex = 0;
> > > >
> > > > +#pragma pack (1)
> > > > +
> > > > +#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-
> > > > XXXXXXXXXXXX)"
> > > > +typedef struct {
> > > > + UINT8 BlobDescriptionSize;
> > > > + UINT8
> BlobDescription[sizeof(FV_HANDOFF_TABLE_DESC)];
> > > > + EFI_PHYSICAL_ADDRESS BlobBase;
> > > > + UINT64 BlobLength;
> > > > +} FV_HANDOFF_TABLE_POINTERS2;
> > > > +
> > > > +#pragma pack ()
> > > > +
> > > > /**
> > > > Measure and record the Firmware Volume Information once FvInfoPPI
> > install.
> > > >
> > > > @@ -447,6 +460,48 @@ MeasureCRTMVersion (
> > > > );
> > > > }
> > > >
> > > > +/*
> > > > + Get the FvName from the FV header.
> > > > +
> > > > + Causion: The FV is untrusted input.
> > > > +
> > > > + @param[in] FvBase Base address of FV image.
> > > > + @param[in] FvLength Length of FV image.
> > > > +
> > > > + @return FvName pointer
> > > > + @retval NULL FvName is NOT found
> > > > +*/
> > > > +VOID *
> > > > +GetFvName (
> > > > + IN EFI_PHYSICAL_ADDRESS FvBase,
> > > > + IN UINT64 FvLength
> > > > + )
> > > > +{
> > > > + EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
> > > > + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
> > > > +
> > > > + if (FvBase >= MAX_ADDRESS) {
> > > > + return NULL;
> > > > + }
> > > > + if (FvLength >= MAX_ADDRESS - FvBase) {
> > > > + return NULL;
> > > > + }
> > > > + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
> > > > + return NULL;
> > > > + }
> > > > +
> > > > + FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
> > > > + if (FvHeader->ExtHeaderOffset <
> > sizeof(EFI_FIRMWARE_VOLUME_HEADER))
> > > {
> > > > + return NULL;
> > > > + }
> > > > + if (FvHeader->ExtHeaderOffset +
> > > > sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
> > > > + return NULL;
> > > > + }
> > > > + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER
> *)(UINTN)(FvBase
> > +
> > > > FvHeader->ExtHeaderOffset);
> > > > +
> > > > + return &FvExtHeader->FvName;
> > > > +}
> > > > +
> > > > /**
> > > > Measure FV image.
> > > > Add it into the measured FV list after the FV is measured successfully.
> > > > @@ -469,6 +524,9 @@ MeasureFvImage (
> > > > UINT32 Index;
> > > > EFI_STATUS Status;
> > > > EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
> > > > + FV_HANDOFF_TABLE_POINTERS2 FvBlob2;
> > > > + VOID *EventData;
> > > > + VOID *FvName;
> > > > TCG_PCR_EVENT_HDR TcgEventHdr;
> > > > UINT32 Instance;
> > > > UINT32 Tpm2HashMask;
> > > > @@ -571,6 +629,21 @@ MeasureFvImage (
> > > > TcgEventHdr.PCRIndex = 0;
> > > > TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
> > > > TcgEventHdr.EventSize = sizeof (FvBlob);
> > > > + EventData = &FvBlob;
> > > > +
> > >
> > > I'd suggest to put above code in 'else' block to make code easier to read,
> > > i.e. FvBlob for revision less than 105 and FvBlob2 for later ones.
> > >
> > > Regards,
> > > Jian
> > >
> > > > + if (PcdGet32(PcdTcgPfpMeasurementRevision) >=
> > > > TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105) {
> > > > + FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
> > > > + CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC,
> > > > sizeof(FvBlob2.BlobDescription));
> > > > + FvName = GetFvName (FvBase, FvLength);
> > > > + if (FvName != NULL) {
> > > > + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription,
> > > > sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
> > > > + }
> > > > + FvBlob2.BlobBase = FvBlob.BlobBase;
> > > > + FvBlob2.BlobLength = FvBlob.BlobLength;
> > > > + TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
> > > > + TcgEventHdr.EventSize = sizeof (FvBlob2);
> > > > + EventData = &FvBlob2;
> > > > + }
> > > >
> > > > if (Tpm2HashMask == 0) {
> > > > //
> > > > @@ -583,9 +656,9 @@ MeasureFvImage (
> > > > );
> > > >
> > > > if (!EFI_ERROR(Status)) {
> > > > - Status = LogHashEvent (&DigestList, &TcgEventHdr, (UINT8*)
> &FvBlob);
> > > > - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended &
> logged
> > > by
> > > > Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase));
> > > > - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended &
> logged
> > > by
> > > > Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength));
> > > > + Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData);
> > > > + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended &
> logged
> > > by
> > > > Tcg2Pei starts at: 0x%x\n", FvBase));
> > > > + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended &
> logged
> > > by
> > > > Tcg2Pei has the size: 0x%x\n", FvLength));
> > > > } else if (Status == EFI_DEVICE_ERROR) {
> > > > BuildGuidHob (&gTpmErrorHobGuid,0);
> > > > REPORT_STATUS_CODE (
> > > > @@ -599,13 +672,13 @@ MeasureFvImage (
> > > > //
> > > > Status = HashLogExtendEvent (
> > > > 0,
> > > > - (UINT8*) (UINTN) FvBlob.BlobBase,
> > > > - (UINTN) FvBlob.BlobLength,
> > > > - &TcgEventHdr,
> > > > - (UINT8*) &FvBlob
> > > > + (UINT8*) (UINTN) FvBase, // HashData
> > > > + (UINTN) FvLength, // HashDataLen
> > > > + &TcgEventHdr, // EventHdr
> > > > + EventData // EventData
> > > > );
> > > > - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at:
> > > > 0x%x\n", FvBlob.BlobBase));
> > > > - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the
> size:
> > > > 0x%x\n", FvBlob.BlobLength));
> > > > + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at:
> > > > 0x%x\n", FvBase));
> > > > + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the
> > size:
> > > > 0x%x\n", FvLength));
> > > > }
> > > >
> > > > if (EFI_ERROR(Status)) {
> > > > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > > index 30f985b6ea..3d361e8859 100644
> > > > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > > @@ -54,6 +54,7 @@
> > > > MemoryAllocationLib
> > > > ReportStatusCodeLib
> > > > ResetSystemLib
> > > > + PrintLib
> > > >
> > > > [Guids]
> > > > gTcgEventEntryHobGuid ## PRODUCES
> ##
> > > > HOB
> > > > @@ -74,6 +75,7 @@
> > > >
> > > > [Pcd]
> > > > gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ##
> > > > SOMETIMES_CONSUMES
> > > > + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision
> > > ##
> > > > CONSUMES
> > > > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ##
> > > > CONSUMES
> > > > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ##
> > > > CONSUMES
> > > > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ##
> > > > SOMETIMES_CONSUMES
> > > > --
> > > > 2.19.2.windows.1
next prev parent reply other threads:[~2020-01-06 6:00 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-31 6:44 [PATCH 0/6] TCG: Add TCG PFP rev 105 and 800-155 event support Yao, Jiewen
2019-12-31 6:44 ` [PATCH 1/6] SecurityPkg/Guid: Add TCG 800-155 event GUID definition Yao, Jiewen
2020-01-06 3:22 ` Wang, Jian J
2019-12-31 6:44 ` [PATCH 2/6] SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event Yao, Jiewen
2020-01-06 5:59 ` [edk2-devel] " Wang, Jian J
2019-12-31 6:44 ` [PATCH 3/6] MdeModulePkg/Smbios: Done measure Smbios multiple times Yao, Jiewen
2020-01-02 11:01 ` Zeng, Star
2019-12-31 6:44 ` [PATCH 4/6] MdeModulePkg/dec: add PcdTcgPfpMeasurementRevision PCD Yao, Jiewen
2020-01-06 3:13 ` Wang, Jian J
2019-12-31 6:44 ` [PATCH 5/6] MdeModulePkg/Smbios: Add TCG PFP rev 105 support Yao, Jiewen
2020-01-02 11:09 ` Zeng, Star
2020-01-02 14:16 ` Yao, Jiewen
2020-01-03 0:54 ` Zeng, Star
2019-12-31 6:44 ` [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP " Yao, Jiewen
2020-01-06 5:33 ` Wang, Jian J
2020-01-06 5:53 ` Yao, Jiewen
2020-01-06 5:57 ` Wang, Jian J
2020-01-06 6:00 ` Yao, Jiewen [this message]
2020-01-02 0:11 ` [edk2-devel] [PATCH 0/6] TCG: Add TCG PFP rev 105 and 800-155 event support Liming Gao
2020-01-02 0:39 ` Yao, Jiewen
2020-01-06 6:11 ` Wang, Jian J
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=74D8A39837DF1E4DA445A8C0B3885C503F8D091D@shsmsx102.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox