From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (EUR04-DB3-obe.outbound.protection.outlook.com [40.107.6.50]) by mx.groups.io with SMTP id smtpd.web09.9623.1634649758270234851 for ; Tue, 19 Oct 2021 06:22:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=Thsul7tZ; spf=pass (domain: arm.com, ip: 40.107.6.50, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CN5UBmCCAiGxBIms+0GWONaQU7xetx7Rq1aFKAieKTc=; b=Thsul7tZWVxk5zRqLTtJG/LqOrQftOVzjeX4tmRodg3DrVCERV9k9O7jR8EVlhR3L/YUo9oNKT9CkKwsFLmTS94pJsQVnF9XOs3kn4VoRiAhyMxkYCnHGJaG6+TzQAqx/iLuulS4O+9L0JuNR2bQU0Ef+1Rdsz0tactSjroj/7k= Received: from AS9PR06CA0014.eurprd06.prod.outlook.com (2603:10a6:20b:462::8) by DB7PR08MB3916.eurprd08.prod.outlook.com (2603:10a6:10:7e::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.18; Tue, 19 Oct 2021 13:22:33 +0000 Received: from VE1EUR03FT048.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:462:cafe::26) by AS9PR06CA0014.outlook.office365.com (2603:10a6:20b:462::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.16 via Frontend Transport; Tue, 19 Oct 2021 13:22:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT048.mail.protection.outlook.com (10.152.19.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.15 via Frontend Transport; Tue, 19 Oct 2021 13:22:33 +0000 Received: ("Tessian outbound b9598e0ead92:v103"); Tue, 19 Oct 2021 13:22:33 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 85657d373d68ac8d X-CR-MTA-TID: 64aa7808 Received: from eb1172c2657f.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 099C59DF-C86B-415F-86DB-D07FA6F19DF9.1; Tue, 19 Oct 2021 13:22:27 +0000 Received: from EUR01-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id eb1172c2657f.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 19 Oct 2021 13:22:27 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bHap7Uo8WEqwnRot5lcG0nQXfOPn8lUX63zzUxDnEGZEoF7jEjj788iSXM5IcXUcwZrk7VnjHeCOtLcylyoM+Z1qT4n3JmkOPyOg0MAqvwSbUMiyzHxG7S7aeHLU3NSIzo4l3uuQkLkxAy8f7733UOeMtKR3w3KtUIb68Ctijg4uResM6DesB+15MxrE4IHwH+VvEL/YjTpBpwUpOCfHap1y6kLpvBH3x2urSjv5ynYWeS0HvR72Q0byXWnuDhvufYXGdQgWzDmmBq6mVsl4Dzh6Xew1Ah+WtGKok/5VH4gzMbr2AmC7YlUVIY46INISw259wUhjE8t42h80QAJdcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CN5UBmCCAiGxBIms+0GWONaQU7xetx7Rq1aFKAieKTc=; b=nd+9vuXtPOnShxiU1O8rCgsr/ePLL5izD7GujbaDUc3Cl1P8DRvDU64QEuX+PChIFw7/oueHcuDOwPjE5LzNnPArFi72VyHXDdfNGgf5+YkFedVKRoG6e02ZboycNCVXpQVeGwDzmG6qDH3uAxcGzeoquGEV6EFaSs9iPpKqbcjCwDX12XGnw2Y5NOuZYZ8ikc5/pSEbJPyGUEeuJVpiJwHyk5JjrPLvQ+lrkwjjgrMwnT34hp+2/6GEKjN/ITNTmTLIvvQ6TAV8msNEtqNUYA8d2uIVuXA08hVLI00WHUK81mxKJJX0eRmSxAsb8djf6jjiaqYHnVzRnnoUa19mAA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CN5UBmCCAiGxBIms+0GWONaQU7xetx7Rq1aFKAieKTc=; b=Thsul7tZWVxk5zRqLTtJG/LqOrQftOVzjeX4tmRodg3DrVCERV9k9O7jR8EVlhR3L/YUo9oNKT9CkKwsFLmTS94pJsQVnF9XOs3kn4VoRiAhyMxkYCnHGJaG6+TzQAqx/iLuulS4O+9L0JuNR2bQU0Ef+1Rdsz0tactSjroj/7k= Authentication-Results-Original: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Received: from AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) by AM6PR08MB4915.eurprd08.prod.outlook.com (2603:10a6:20b:d1::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.15; Tue, 19 Oct 2021 13:22:24 +0000 Received: from AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::54b5:239d:9896:ee65]) by AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::54b5:239d:9896:ee65%4]) with mapi id 15.20.4608.018; Tue, 19 Oct 2021 13:22:24 +0000 Subject: Re: [edk2-devel] [PATCH V2 2/3] SecurityPkg: Support TdProtocol in DxeTpm2MeasureBootLib To: devel@edk2.groups.io, min.m.xu@intel.com Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , nd , Joey Gouly References: <09c7d8dd1c1856d8d0295064c8b833dd3d85e8c4.1633661591.git.min.m.xu@intel.com> From: "Sami Mujawar" Message-ID: <8f972fd2-30fb-9eb2-0ec4-f10031faff04@arm.com> Date: Tue, 19 Oct 2021 14:22:33 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.0.1 In-Reply-To: <09c7d8dd1c1856d8d0295064c8b833dd3d85e8c4.1633661591.git.min.m.xu@intel.com> X-ClientProxiedBy: LO4P123CA0126.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:192::23) To AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) MIME-Version: 1.0 Received: from [10.1.196.43] (217.140.106.52) by LO4P123CA0126.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:192::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4608.15 via Frontend Transport; Tue, 19 Oct 2021 13:22:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: db5a70da-858b-43e2-7690-08d9930382a0 X-MS-TrafficTypeDiagnostic: AM6PR08MB4915:|DB7PR08MB3916: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:6790;OLM:6790; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: VB2NL8Q7JchmC9pynPBHNfwS053v2ymu1zit8ui71WoRstpm49rFYzFsPAlNYfEO13BlORlt21ddb9/kzcD8qQ8s6hAij4H808eet5/E7tjrJM70/+Y5axcC6vqFWxq0KewvCrcV0nq5OEtqs6Ltrywoj3eEDx1GQlpO7RUt9u5YfRIg7YP92a/GTkZRU78rvaqwrBMc1mkf8rpMXq/6uqekRSFTAuJf5qkmDM4RMIhpbnHMxhg6VxNq++tq22BI8oSUDWFytlfQxMYtgJgM/9UKUfEbkzGAczyea/22/DEhyGuHjVnEZZ+Z11BwPeOIApkbcWZWsY/m1xsa8QaNb0AE2+iQuaoss1U6yBeUatsX7OSt6uridlHIrafjCYdwXjpkABPyMPSq2NQPuDydYwV3uzNQLapMP/xKOWPQ/ZbVV5Xk+522aYvuB1cusYpA4E8T0Nc1zmhoZRgjS/QmyQmFL3GfnvKaXvKT7JZLmEtWkL49GAOmiMzLxQCixfMtHMmDIm+fR6h2rxcDvTQxvsIpO92U0LTmQQQ1nO5Y95IkxFirKcj2/jM2XHSzD31K+KOLmXcXGvE2VlTVw0RCYNxGE2zbIETGDKbud6cpOmr1JbDxfp+4R4q5HfgRTCJhkQ2N7UanT6YJsm3DTEyk//gtI/82Va76y9r34l2HZ6RjGw0ZKkVVG1srGrvs2BxGjNbE/3g/ridQjERgSZrfQBP7eyetiwwCId3HR5NzluwxPm9tmKvw8676jQ+/P9XXXL/N9wG+NXPn+fRchA99qSN45UhSQLekPPNQGPMT+7QJ9vwZy4Gjlmz59ULmzg1TJdba4GjK3BnbH0p70bz+PFTAe6qWLF2Pf69Ilz8jn20= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR08MB6806.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(6029001)(4636009)(366004)(508600001)(966005)(6486002)(52116002)(31686004)(8676002)(30864003)(38100700002)(15650500001)(186003)(956004)(86362001)(8936002)(2616005)(2906002)(26005)(19627235002)(16576012)(36756003)(38350700002)(31696002)(83380400001)(66946007)(66556008)(54906003)(5660300002)(6666004)(316002)(66476007)(4326008)(44832011)(53546011)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4915 Original-Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT048.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 4c4b6922-a075-4767-c692-08d993037cc5 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ybPB5WM9fgjL3H+Shrynr1K4UnB0rsFoDEchtuuCotYCAAc6r+K2ftti73OMpbv5/EM0O53DZQ8LR1SSSApIzWOch5SAGY7msGnCcaE+bVAlP0LhN4QKC+N9Ct0I/PACroIl9acoN4k8nx7MIkc3k5oqAEBkgVk6lqUdB16CEA0hVho5M9/OrCDw9CAbGJvdwEdDAXxa0sOj4ik4/C3p0rvjrOtImU8sSTmW4tjkQgfBzz+ACeVvZn6dIcRmzgW7l5G8ebLC5Dojt1ClypM6ouuKNIf8YoQLyjq9X18x8RBVrbUS20RaPkg3XUzD3F+1STeChiMhz/HCaMMjuJ37Kz5pluYMlV3uQ0tHNFIYQuDG2eaE8KZi3Y8mFRahYbLCvcBmeWEuUusWlXMYEuiJocYYP3vbCxlQyOkoxpak8WkdMYBYgLFMTcaZWo85XP+xzs7g1sorBIH8zMSqTMRujKr63SWVvjOpkhII/555hjEKuiTq31hfafG6BueltEhZZS1FHTWaOxIiwFQPlnmkJ+uXxHJeQjWWQet1px3MqpIItELA1em5GXzxd2TV2ok/HkuwGlSkU5QcjhbhTwqwJO8Fv1a/eT609DQUQ9IbRWORnmd1eBfhewQ5ob0dki2AU5Of3TvgVCatEYjVDOoVEqMASU30u41h16NTXujfuJZUrPm0d0wNcGXif6ojc4i4bm93N8Vgrc35etBUv9H5XMtCSWqnfYJhM2gG01ZUX+aJqZZtX0Cdv1yBnFt9M3UUpLd3pK9beuNrXqn9JiOLI/JoQ5DFxDdarMdAMhnpE1T6MAciNn68n/7VeXvlugNv X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(6029001)(4636009)(36840700001)(46966006)(19627235002)(15650500001)(316002)(8676002)(356005)(186003)(44832011)(36860700001)(81166007)(26005)(53546011)(30864003)(5660300002)(83380400001)(2616005)(31696002)(2906002)(86362001)(966005)(47076005)(8936002)(36756003)(336012)(70206006)(4326008)(54906003)(16576012)(70586007)(956004)(508600001)(6666004)(31686004)(82310400003)(6486002)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2021 13:22:33.3965 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: db5a70da-858b-43e2-7690-08d9930382a0 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT048.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3916 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB Hi Min, Jiewen, Thank you for this patch. I think this patch would need updating based on the changes done to patch 1/3. Other than that I have some general feedback marked inline as [SAMI]. Regards, Sami Mujawar On 08/10/2021 06:21 AM, Min Xu via groups.io wrote: > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3625 > > DxeTpm2MeasureBootLib supports TPM2 based measure boot. After > Td protocol is introduced, TD based measure boot needs to be supported > in DxeTpm2MeasureBootLib as well. > > There are 2 major changes in this commit. > > 1. MEASURE_BOOT_PROTOCOLS is defined to store the instances of TCG2 > protocol and TD protocol. In the DxeTpm2MeasureBootHandler above 2 > measure boot protocol instances will be located. Then the located > protocol instances will be called to do the measure boot. > > 2. TdEvent is similar to Tcg2Event except the MrIndex and PcrIndex. > CreateTdEventFromTcg2Event is used to create the TdEvent based on the > Tcg2Event. > > Above 2 changes make the minimize changes to the existing code. > > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Zhiguang Liu > Cc: Jiewen Yao > Cc: Jian J Wang > Signed-off-by: Min Xu > --- > .../DxeTpm2MeasureBootLib.c | 346 ++++++++++++++---- > .../DxeTpm2MeasureBootLib.inf | 1 + > 2 files changed, 279 insertions(+), 68 deletions(-) > > diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c > index 92eac715800f..f523a1a7a9d6 100644 > --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c > +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c > @@ -41,6 +41,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include > #include > +#include > + > +typedef struct { > + EFI_TCG2_PROTOCOL *Tcg2Protocol; > + EFI_TD_PROTOCOL *TdProtocol; > +} MEASURE_BOOT_PROTOCOLS; > > // > // Flag to check GPT partition. It only need be measured once. > @@ -55,6 +61,56 @@ UINTN mTcg2ImageSize; > EFI_HANDLE mTcg2CacheMeasuredHandle = NULL; > MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL; > > +/** > + Create TdEvent from Tcg2Event. > + > + TdEvent is similar to Tcg2Event except the MrIndex. > + > + @param TdProtocol Pointer to the located Td protocol instance. > + @param Tcg2Event Pointer to the Tcg2Event. > + @param EventSize Size of the Event. > + > + @retval Pointer to the created TdEvent. > +**/ > +EFI_TD_EVENT * > +CreateTdEventFromTcg2Event ( > + IN EFI_TD_PROTOCOL *TdProtocol, > + IN EFI_TCG2_EVENT *Tcg2Event, > + IN UINT32 EventSize > + ) > +{ > + EFI_TD_EVENT *TdEvent; > + UINT32 MrIndex; > + EFI_STATUS Status; > + > + TdEvent = NULL; > + if (Tcg2Event == NULL || TdProtocol == NULL) { > + ASSERT (FALSE); > + return NULL; > + } > + > + Status = TdProtocol->MapPcrToMrIndex (TdProtocol, Tcg2Event->Header.PCRIndex, &MrIndex); > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "Cannot map PcrIndex(%d) to MrIndex\n", Tcg2Event->Header.PCRIndex)); > + return NULL; > + } > + > + TdEvent = (EFI_TD_EVENT *)AllocateZeroPool (Tcg2Event->Size); > + if (TdEvent == NULL) { > + ASSERT (FALSE); > + return NULL; > + } > + > + TdEvent->Size = Tcg2Event->Size; > + TdEvent->Header.HeaderSize = Tcg2Event->Header.HeaderSize; > + TdEvent->Header.HeaderVersion = Tcg2Event->Header.HeaderVersion; > + TdEvent->Header.MrIndex = MrIndex; > + TdEvent->Header.EventType = Tcg2Event->Header.EventType; > + CopyMem (TdEvent->Event, Tcg2Event->Event, EventSize); > + > + return TdEvent; > +} > + > /** > Reads contents of a PE/COFF image in memory buffer. > > @@ -109,7 +165,7 @@ DxeTpm2MeasureBootLibImageRead ( > Caution: This function may receive untrusted input. > The GPT partition table is external input, so this function should parse partition data carefully. > > - @param Tcg2Protocol Pointer to the located TCG2 protocol instance. > + @param MeasureBootProtocols Pointer to the located MeasureBoot protocol instances (i.e. TCG2/Td protocol). > @param GptHandle Handle that GPT partition was installed. > > @retval EFI_SUCCESS Successfully measure GPT table. > @@ -121,8 +177,8 @@ DxeTpm2MeasureBootLibImageRead ( > EFI_STATUS > EFIAPI > Tcg2MeasureGptTable ( > - IN EFI_TCG2_PROTOCOL *Tcg2Protocol, > - IN EFI_HANDLE GptHandle > + IN MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols, > + IN EFI_HANDLE GptHandle > ) > { > EFI_STATUS Status; > @@ -134,13 +190,24 @@ Tcg2MeasureGptTable ( > UINTN NumberOfPartition; > UINT32 Index; > EFI_TCG2_EVENT *Tcg2Event; > + EFI_TD_EVENT *TdEvent; > EFI_GPT_DATA *GptData; > UINT32 EventSize; > + EFI_TCG2_PROTOCOL *Tcg2Protocol; > + EFI_TD_PROTOCOL *TdProtocol; > > if (mTcg2MeasureGptCount > 0) { > return EFI_SUCCESS; > } > > + Tcg2Protocol = MeasureBootProtocols->Tcg2Protocol; > + TdProtocol = MeasureBootProtocols->TdProtocol; > + > + if (Tcg2Protocol == NULL && TdProtocol == NULL) { > + ASSERT (FALSE); > + return EFI_UNSUPPORTED; > + } > + > Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo); > if (EFI_ERROR (Status)) { > return EFI_UNSUPPORTED; > @@ -149,6 +216,7 @@ Tcg2MeasureGptTable ( > if (EFI_ERROR (Status)) { > return EFI_UNSUPPORTED; > } > + > // > // Read the EFI Partition Table Header > // > @@ -156,6 +224,15 @@ Tcg2MeasureGptTable ( > if (PrimaryHeader == NULL) { > return EFI_OUT_OF_RESOURCES; > } > + > + // > + // PrimaryHeader->SizeOfPartitionEntry should not be zero > + // > + if (PrimaryHeader->SizeOfPartitionEntry == 0) { > + DEBUG ((DEBUG_ERROR, "SizeOfPartitionEntry should not be zero!\n")); > + return EFI_BAD_BUFFER_SIZE; > + } [SAMI] I think this check is at an incorrect location. Should this be after the ReadDisk() below? Also, PrimaryHeader would need to be freed in the error scenario above. > + > Status = DiskIo->ReadDisk ( > DiskIo, > BlockIo->Media->MediaId, > @@ -164,7 +241,7 @@ Tcg2MeasureGptTable ( > (UINT8 *)PrimaryHeader > ); > if (EFI_ERROR (Status)) { > - DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n")); > + DEBUG ((DEBUG_ERROR, "Failed to Read Partition Table Header!\n")); > FreePool (PrimaryHeader); > return EFI_DEVICE_ERROR; > } > @@ -201,16 +278,18 @@ Tcg2MeasureGptTable ( > PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); > } > > + TdEvent = NULL; > + Tcg2Event = NULL; > + > // > - // Prepare Data for Measurement > + // Prepare Data for Measurement (TdProtocol and Tcg2Protocol) > // > EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) > + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); > Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event)); > if (Tcg2Event == NULL) { > - FreePool (PrimaryHeader); > - FreePool (EntryPtr); > - return EFI_OUT_OF_RESOURCES; > + Status = EFI_OUT_OF_RESOURCES; > + goto Exit; > } > > Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event); > @@ -242,23 +321,56 @@ Tcg2MeasureGptTable ( > PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); > } > > + if (TdProtocol != NULL) { > + TdEvent = CreateTdEventFromTcg2Event (TdProtocol, Tcg2Event, EventSize); > + if (TdEvent == NULL) { > + goto Exit; [SAMI] I think Status should be set to reflect an appropriate error code here. Also would it be possible to create this event just before calling TdProtocol->HashLogExtendEvent at line 351? I am trying to understand why is this done differently in Tcg2MeasurePeImage() i.e. The TdEvent is created and extended in the same if (TdProtocol != NULL) block. [/SAMI] > + } > + } > + > + // > + // Measure the GPT data by Tcg2Protocol > + // > + if (Tcg2Protocol != NULL) { > + Status = Tcg2Protocol->HashLogExtendEvent ( > + Tcg2Protocol, > + 0, > + (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, > + (UINT64) EventSize, > + Tcg2Event > + ); > + if (!EFI_ERROR (Status)) { > + mTcg2MeasureGptCount++; > + } > + DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Tcg2 MeasureGptTable - %r\n", Status)); > + } > + > + // > + // Measure the GPT data by TdProtocol > // > - // Measure the GPT data > - // > - Status = Tcg2Protocol->HashLogExtendEvent ( > - Tcg2Protocol, > - 0, > - (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, > - (UINT64) EventSize, > - Tcg2Event > - ); > - if (!EFI_ERROR (Status)) { > - mTcg2MeasureGptCount++; > + if (TdProtocol != NULL) { > + Status = TdProtocol->HashLogExtendEvent ( > + TdProtocol, > + 0, > + (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, > + (UINT64) EventSize, > + TdEvent > + ); > + if (!EFI_ERROR (Status)) { > + mTcg2MeasureGptCount++; > + } > + DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Td MeasureGptTable - %r\n", Status)); > } > > +Exit: > FreePool (PrimaryHeader); > FreePool (EntryPtr); > - FreePool (Tcg2Event); > + if (Tcg2Event != NULL) { > + FreePool (Tcg2Event); > + } > + if (TdEvent != NULL) { > + FreePool (TdEvent); > + } > > return Status; > } > @@ -271,12 +383,12 @@ Tcg2MeasureGptTable ( > PE/COFF image is external input, so this function will validate its data structure > within this image buffer before use. > > - @param[in] Tcg2Protocol Pointer to the located TCG2 protocol instance. > - @param[in] ImageAddress Start address of image buffer. > - @param[in] ImageSize Image size > - @param[in] LinkTimeBase Address that the image is loaded into memory. > - @param[in] ImageType Image subsystem type. > - @param[in] FilePath File path is corresponding to the input image. > + @param[in] MeasureBootProtocols Pointer to the located MeasureBoot protocol instances. > + @param[in] ImageAddress Start address of image buffer. > + @param[in] ImageSize Image size > + @param[in] LinkTimeBase Address that the image is loaded into memory. > + @param[in] ImageType Image subsystem type. > + @param[in] FilePath File path is corresponding to the input image. > > @retval EFI_SUCCESS Successfully measure image. > @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. > @@ -287,7 +399,7 @@ Tcg2MeasureGptTable ( > EFI_STATUS > EFIAPI > Tcg2MeasurePeImage ( > - IN EFI_TCG2_PROTOCOL *Tcg2Protocol, > + IN MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols, > IN EFI_PHYSICAL_ADDRESS ImageAddress, > IN UINTN ImageSize, > IN UINTN LinkTimeBase, > @@ -300,9 +412,22 @@ Tcg2MeasurePeImage ( > EFI_IMAGE_LOAD_EVENT *ImageLoad; > UINT32 FilePathSize; > UINT32 EventSize; > + EFI_TD_EVENT *TdEvent; > + EFI_TD_PROTOCOL *TdProtocol; > + EFI_TCG2_PROTOCOL *Tcg2Protocol; > > Status = EFI_UNSUPPORTED; > ImageLoad = NULL; > + TdEvent = NULL; > + > + Tcg2Protocol = MeasureBootProtocols->Tcg2Protocol; > + TdProtocol = MeasureBootProtocols->TdProtocol; > + > + if (Tcg2Protocol == NULL && TdProtocol == NULL) { > + ASSERT (FALSE); > + return EFI_UNSUPPORTED; > + } > + > FilePathSize = (UINT32) GetDevicePathSize (FilePath); > > // > @@ -334,7 +459,7 @@ Tcg2MeasurePeImage ( > break; > default: > DEBUG (( > - EFI_D_ERROR, > + DEBUG_ERROR, > "Tcg2MeasurePeImage: Unknown subsystem type %d", > ImageType > )); > @@ -352,28 +477,124 @@ Tcg2MeasurePeImage ( > // > // Log the PE data > // > - Status = Tcg2Protocol->HashLogExtendEvent ( > - Tcg2Protocol, > - PE_COFF_IMAGE, > - ImageAddress, > - ImageSize, > - Tcg2Event > - ); > - if (Status == EFI_VOLUME_FULL) { > - // > - // Volume full here means the image is hashed and its result is extended to PCR. > - // But the event log can't be saved since log area is full. > - // Just return EFI_SUCCESS in order not to block the image load. > - // > - Status = EFI_SUCCESS; > + if (Tcg2Protocol != NULL) { > + Status = Tcg2Protocol->HashLogExtendEvent ( > + Tcg2Protocol, > + PE_COFF_IMAGE, > + ImageAddress, > + ImageSize, > + Tcg2Event > + ); > + if (Status == EFI_VOLUME_FULL) { > + // > + // Volume full here means the image is hashed and its result is extended to PCR. > + // But the event log can't be saved since log area is full. > + // Just return EFI_SUCCESS in order not to block the image load. > + // > + Status = EFI_SUCCESS; > + } > + DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Tcg2 MeasurePeImage - %r\n", Status)); > + } > + > + if (TdProtocol != NULL) { > + TdEvent = CreateTdEventFromTcg2Event (TdProtocol, Tcg2Event, EventSize); > + if (TdEvent == NULL) { > + goto Finish; [SAMI] I think Status should be set to reflect an appropriate error code here. > + } > + > + Status = TdProtocol->HashLogExtendEvent ( > + TdProtocol, > + PE_COFF_IMAGE, > + ImageAddress, > + ImageSize, > + TdEvent > + ); > + if (Status == EFI_VOLUME_FULL) { > + // > + // Volume full here means the image is hashed and its result is extended to PCR. > + // But the event log can't be saved since log area is full. > + // Just return EFI_SUCCESS in order not to block the image load. > + // > + Status = EFI_SUCCESS; > + } > + DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Td MeasurePeImage - %r\n", Status)); > } > > Finish: > - FreePool (Tcg2Event); > + if (Tcg2Event != NULL) { > + FreePool (Tcg2Event); > + } > + > + if (TdEvent != NULL) { > + FreePool (TdEvent); > + } > > return Status; > } > > +/** > + Get the measure boot protocols. > + > + There are 2 measure boot, TCG2 protocol based and Td protocol based. > + > + @param MeasureBootProtocols Pointer to the located measure boot protocol instances. > + > + @retval EFI_SUCCESS Sucessfully locate the measure boot protocol instances (at least one instance). > + @retval EFI_UNSUPPORTED Measure boot is not supported. > +**/ > +EFI_STATUS > +EFIAPI > +GetMeasureBootProtocols ( > + MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols > + ) > +{ > + EFI_STATUS Status; > + EFI_TCG2_PROTOCOL *Tcg2Protocol; > + EFI_TD_PROTOCOL *TdProtocol; > + EFI_TCG2_BOOT_SERVICE_CAPABILITY Tcg2ProtocolCapability; > + EFI_TD_BOOT_SERVICE_CAPABILITY TdProtocolCapability; > + > + TdProtocol = NULL; > + Status = gBS->LocateProtocol (&gEfiTdProtocolGuid, NULL, (VOID **) &TdProtocol); > + if (EFI_ERROR (Status)) { > + // > + // TdTcg2 protocol is not installed. > + // > + DEBUG ((DEBUG_VERBOSE, "TdProtocol is not installed. - %r\n", Status)); > + } else { > + TdProtocolCapability.Size = sizeof (TdProtocolCapability); > + Status = TdProtocol->GetCapability (TdProtocol, &TdProtocolCapability); > + if (EFI_ERROR (Status) || !TdProtocolCapability.TdPresentFlag) { > + DEBUG ((DEBUG_ERROR, "TdPresentFlag=FALSE. %r\n", Status)); > + TdProtocol = NULL; > + } > + } > + > + Tcg2Protocol = NULL; > + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); > + if (EFI_ERROR (Status)) { > + // > + // Tcg2 protocol is not installed. So, TPM2 is not present. > + // > + DEBUG ((DEBUG_VERBOSE, "Tcg2Protocol is not installed. - %r\n", Status)); > + } else { > + Tcg2ProtocolCapability.Size = (UINT8) sizeof (Tcg2ProtocolCapability); > + Status = Tcg2Protocol->GetCapability (Tcg2Protocol, &Tcg2ProtocolCapability); > + if (EFI_ERROR (Status) || (!Tcg2ProtocolCapability.TPMPresentFlag)) { > + // > + // TPM device doesn't work or activate. > + // > + DEBUG ((DEBUG_ERROR, "TPMPresentFlag=FALSE %r\n", Status)); > + Tcg2Protocol = NULL; > + } > + } > + > + MeasureBootProtocols->Tcg2Protocol = Tcg2Protocol; > + MeasureBootProtocols->TdProtocol = TdProtocol; > + > + return (Tcg2Protocol == NULL && TdProtocol == NULL) ? EFI_UNSUPPORTED: EFI_SUCCESS; > +} > + > /** > The security handler is used to abstract platform-specific policy > from the DXE core response to an attempt to use a file that returns a > @@ -422,9 +643,8 @@ DxeTpm2MeasureBootHandler ( > IN BOOLEAN BootPolicy > ) > { > - EFI_TCG2_PROTOCOL *Tcg2Protocol; > + MEASURE_BOOT_PROTOCOLS MeasureBootProtocols; > EFI_STATUS Status; > - EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability; > EFI_DEVICE_PATH_PROTOCOL *DevicePathNode; > EFI_DEVICE_PATH_PROTOCOL *OrigDevicePathNode; > EFI_HANDLE Handle; > @@ -435,28 +655,19 @@ DxeTpm2MeasureBootHandler ( > EFI_PHYSICAL_ADDRESS FvAddress; > UINT32 Index; > > - Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); > + MeasureBootProtocols.Tcg2Protocol = NULL; > + MeasureBootProtocols.TdProtocol = NULL; > + > + Status = GetMeasureBootProtocols(&MeasureBootProtocols); > + > if (EFI_ERROR (Status)) { > - // > - // Tcg2 protocol is not installed. So, TPM2 is not present. > - // Don't do any measurement, and directly return EFI_SUCCESS. > - // [SAMI] It may be helpful to retain the oirginal comment with slight rewording. > - DEBUG ((EFI_D_VERBOSE, "DxeTpm2MeasureBootHandler - Tcg2 - %r\n", Status)); > + DEBUG ((DEBUG_INFO, "None of Tcg2Protocol/TdProtocol is installed.\n")); > return EFI_SUCCESS; > } > > - ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability); > - Status = Tcg2Protocol->GetCapability ( > - Tcg2Protocol, > - &ProtocolCapability > - ); > - if (EFI_ERROR (Status) || (!ProtocolCapability.TPMPresentFlag)) { > - // > - // TPM device doesn't work or activate. > - // > - DEBUG ((EFI_D_ERROR, "DxeTpm2MeasureBootHandler (%r) - TPMPresentFlag - %x\n", Status, ProtocolCapability.TPMPresentFlag)); > - return EFI_SUCCESS; > - } > + DEBUG ((DEBUG_INFO, "Tcg2Protocol = %p, TdProtocol = %p\n", > + MeasureBootProtocols.Tcg2Protocol, > + MeasureBootProtocols.TdProtocol)); > > // > // Copy File Device Path > @@ -502,8 +713,8 @@ DxeTpm2MeasureBootHandler ( > // > // Measure GPT disk. > // > - Status = Tcg2MeasureGptTable (Tcg2Protocol, Handle); > - DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - Tcg2MeasureGptTable - %r\n", Status)); > + Status = Tcg2MeasureGptTable (&MeasureBootProtocols, Handle); > + > if (!EFI_ERROR (Status)) { > // > // GPT disk check done. > @@ -647,14 +858,13 @@ DxeTpm2MeasureBootHandler ( > // Measure PE image into TPM log. > // > Status = Tcg2MeasurePeImage ( > - Tcg2Protocol, > + &MeasureBootProtocols, > (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, > FileSize, > (UINTN) ImageContext.ImageAddress, > ImageContext.ImageType, > DevicePathNode > ); > - DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - Tcg2MeasurePeImage - %r\n", Status)); > } > > // > @@ -665,7 +875,7 @@ Finish: > FreePool (OrigDevicePathNode); > } > > - DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - %r\n", Status)); > + DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - %r\n", Status)); > > return Status; > } > diff --git a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > index 2506abbe7c8b..29b62c3ba8fa 100644 > --- a/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > +++ b/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf > @@ -61,6 +61,7 @@ > > [Protocols] > gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES > + gEfiTdProtocolGuid > gEfiFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES > gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES > gEfiDiskIoProtocolGuid ## SOMETIMES_CONSUMES