From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=40.107.4.102; helo=eur03-db5-obe.outbound.protection.outlook.com; envelope-from=jorgefm@cirsa.com; receiver=edk2-devel@lists.01.org Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40102.outbound.protection.outlook.com [40.107.4.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 43642211575F4 for ; Tue, 25 Sep 2018 23:39:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cirsa.onmicrosoft.com; s=selector1-cirsa-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5kFsjY+bABsqbNBUHP7iEFX8L9TFMDKaPP8g/1tZNns=; b=jrcl2glj/KIDAgog5TQRL7hLaEYVddM7VTF8MJXG9XYBUWyqQk+E5NacQAvuYMYD9CQ++i3GvhND22E93QE4kL+F8CSM4na/6zwQqa7msIh3OPzRWbXgG0f92K5ObiWrwGTWq9G5m8xvrUWbbWLMtQxWH2lpfgHsj/QvbeFj86Q= Received: from AM4PR07MB3121.eurprd07.prod.outlook.com (10.171.188.30) by AM4PR07MB1235.eurprd07.prod.outlook.com (10.164.81.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1164.15; Wed, 26 Sep 2018 06:39:50 +0000 Received: from AM4PR07MB3121.eurprd07.prod.outlook.com ([fe80::84b3:fec7:9c3f:af4a]) by AM4PR07MB3121.eurprd07.prod.outlook.com ([fe80::84b3:fec7:9c3f:af4a%4]) with mapi id 15.20.1185.019; Wed, 26 Sep 2018 06:39:50 +0000 From: Jorge Fernandez Monteagudo To: "Yao, Jiewen" , "Zhang, Chao B" , "edk2-devel@lists.01.org" Thread-Topic: Tianocore and TPM2 pcr values Thread-Index: AQHUU+rT8A2Fo9tZ6UKOSIY+RzW2uqUA/67ggAAJuZSAAQa+V4AAAi1wgAAImUw= Date: Wed, 26 Sep 2018 06:39:50 +0000 Message-ID: References: , , , <74D8A39837DF1E4DA445A8C0B3885C503AD9AC26@shsmsx102.ccr.corp.intel.com> In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503AD9AC26@shsmsx102.ccr.corp.intel.com> Accept-Language: es-ES, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jorgefm@cirsa.com; x-originating-ip: [195.76.51.172] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR07MB1235; 6:rqA6LMveKrT1QDeQ5CDa1ZOFaDbz+R6sCJRg9Lr5ExV6rcUNa4CwJTCF1VfF2FNneGHCJ/gZaCLzmiUZ4UzdziSntjAjn/0P+INeB01cpktzB2DUF/tSL7oclhdeRe4AzW3sLtAeqhdZUUEQbdkwRwLDKvCVAVcdA/SCH2ob6/3CAAdVdyOSzKq2EzzJSKpNIzmAf11VXlDkPASETGiPOetPw43vlg42byL2vl4ExQzaSnipaKHJVRAg0pZgVdGmsIGW459kmfdtU3haDYJ32WvC2R0on3Tqb5tcwbNkDwpxPzVbix2nVsd97K4yQmPdmdsjeJ+tTTSv7M5W2bXx1G4cVyC6cVd5F9PiyADwH9bf8ZwFOt4QWEEFoyXoBHVBh3QERd7ciSlEth/AbAuFnI8Z35ydUjCFAu4A/iNuIKDAdIMOdEHOh/VXPTHDsByKPo4OlGOI1euk/rfJegqE9Q==; 5:VggDh+moYNOoF3E01OhEKgDQSIHJc4QH3UBEuR0m2Ko2WhVLWsDLM95Vj4CworKqLwkYwP1xbNBQ9mOnzNWonLwD8LD1GCXb42k23Us8p2XkP1YgTHEkU4i7n3kCBik2mXpaTNgH+mooMRLAAgzvf7RVcr2Owl/TqIXYnUFx/bw=; 7:wqtg/1ChRfCRaB0Nmj9pmZiTiLO6rRSpqHiuSr0MgXKM7qKCw7+rs/HtpbrpuCv2dNlkJ4w5tTjyRNxeV7kegVJMargcd5nU0YQ22Rn9Uqg77M1+3ZpjTGDA46CK+jb5plxvAUfYSRnVLHcjk4vVegPsmVCWo7GNsfzqM3SHs6Ip2u5baKoaUJ84lUPTI+whn1jv80b8Yy5b1j+ZFIztK5kF0xEcCjX1+OLgoOCYvvayaG5Awzed+/cik7pK9teD x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: 95184ebe-3d83-4b8a-8cb3-08d6237adc22 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534165)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:AM4PR07MB1235; x-ms-traffictypediagnostic: AM4PR07MB1235: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(228905959029699)(162533806227266); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231355)(944501410)(52105095)(149066)(150056)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051); SRVR:AM4PR07MB1235; BCL:0; PCL:0; RULEID:; SRVR:AM4PR07MB1235; x-forefront-prvs: 08076ABC99 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(366004)(39860400002)(396003)(346002)(376002)(13464003)(189003)(199004)(52314003)(53754006)(8936002)(26005)(236005)(6506007)(76176011)(6246003)(8676002)(25786009)(6116002)(93886005)(3846002)(81156014)(81166006)(102836004)(14454004)(68736007)(186003)(55016002)(6306002)(316002)(9686003)(106356001)(53936002)(34290500001)(105586002)(54896002)(74316002)(606006)(7736002)(33656002)(5250100002)(110136005)(229853002)(6606003)(966005)(19627405001)(53546011)(6436002)(2906002)(2501003)(66066001)(5024004)(5660300001)(575784001)(97736004)(476003)(14444005)(486006)(71200400001)(11346002)(446003)(99286004)(71190400001)(86362001)(256004)(7696005)(478600001)(2900100001); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR07MB1235; H:AM4PR07MB3121.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cirsa.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: Hmknze32G8AAYuDWVjynaUHn2FMrTugWpNz0Nicz/runUskIi+wtyhd9k2FJGKvOBHGq4zjTmU6y5xBb7F+kVeyumK03+nKdEoEo+i97yUnPdhC428aD59vb84GQkY32rLq7XCcZFGW+ysVb4BJIHCINVmh1DDsgmdhK0v72TIPg5hUCD7dq5E2pC3OSIEC/p5CIvf4tUn3W8fg5kJek/K1pujWoKfekjkW0PTJMCfA+TUDDuV6J6Xr8F9zfPD2x9h9Zx4YFzaRSbDCkxVUeYWgQUEfZRxakVM/uIr6P8m3HD2IbXQjFbZzZ3l6gvP+9o16i641rVWTxc2z/elspmz1urTuurLzbMEisM2098uI= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: cirsa.com X-MS-Exchange-CrossTenant-Network-Message-Id: 95184ebe-3d83-4b8a-8cb3-08d6237adc22 X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2018 06:39:50.4827 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: e6d255d9-7bfe-42f2-a01e-09634cc3a03b X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB1235 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: Tianocore and TPM2 pcr values X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2018 06:39:56 -0000 Content-Language: es-ES Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Yao > Yes, it is always good to enable serial port debug. There are lots of deb= ug message in Tcg2Dxe driver. We can know what is wrong. >>From the log I've been able to see that "measure" messages start once Tcg2D= xe.efi. From the beggining I can only see "ProtectUefiImageCommon" messages but I don't know if they are related. >In your patch, since we are using UEFI as payload, and there is no PEI, I = am not clear which driver you expect will extend something to PCR0. Do you = think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be >res= ponsible to extend coreboot image from flash, and who should extend UEFI pa= yload? I think nothing is implemented in coreboot because when TPM2 was not activa= ted in edk2 PCR0-10 were all 0. It's only checking what device is available and sending the tpm2_startup command. I'll try to investigate = the coreboot project to see if the tianocore payload could be extended before loading because coreboot should be the CRTM. > Also, only *3rd part* image will change PCR2 and PCR4. Do you have such c= ase in your platform? First notice. No I don't have such case in my platform. Thanks! Jorge ________________________________ De: Yao, Jiewen Enviado: mi=E9rcoles, 26 de septiembre de 2018 8:11:58 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org Asunto: RE: Tianocore and TPM2 pcr values Hi Jorge Yes, it is always good to enable serial port debug. There are lots of debug= message in Tcg2Dxe driver. We can know what is wrong. In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image measuremen= t lib extend to PCR2, PCR4, PCR5. The DXE driver extends variable to PCR1/7= , and exposes the TCG2 protocol to let OS use it. In your patch, since we are using UEFI as payload, and there is no PEI, I a= m not clear which driver you expect will extend something to PCR0. Do you t= hink coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be respo= nsible to extend coreboot image from flash, and who should extend UEFI payl= oad? Also, only *3rd part* image will change PCR2 and PCR4. Do you have such cas= e in your platform? Anyway, there should still be something measured - boot variable (PCR1), se= cure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you i= nclude Tcg2Dxe driver. I am not clear if coreboot already extends something to separator according= to TCG PFP spec. If that is the case, we probably need a special handing i= n DXE driver. I look forward to your serial debug message and design discussion. Thank you Yao Jiewen > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 1:46 PM > To: Zhang, Chao B ; edk2-devel@lists.01.org > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > Maybe the traces I get from the debug build and > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F > > can help. > > > ________________________________ > De: edk2-devel en nombre de Jorge > Fernandez Monteagudo > Enviado: martes, 25 de septiembre de 2018 16:09:31 > Para: Zhang, Chao B; edk2-devel@lists.01.org > Asunto: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > PCR0 has not changed in any of the test I've done! What info do you need? > > > I'm using: > > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch > > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > branch > > Attached are the changes I've done to tianocore to get TPM2 support and n= o > console. > PCR0 is always > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > Thanks! > ________________________________ > De: Zhang, Chao B > Enviado: martes, 25 de septiembre de 2018 15:41:45 > Para: Jorge Fernandez Monteagudo; edk2-devel@lists.01.org > Cc: You, Benjamin > Asunto: RE: Tianocore and TPM2 pcr values > > Hi Jorge: > PCR 0 should change if you use different core boot payload + UEFI. S= o > your case seems to be an issue. Can you provide more detailed info? > > > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Monday, September 24, 2018 5:57 PM > To: edk2-devel@lists.01.org > Subject: [edk2] Tianocore and TPM2 pcr values > > Hi all, > > > This is my first message in this list. I'm using tianocore as a payload f= or a > Coreboot in order to > > boot a custom board I'm working on it. Finally I've been able to enable t= he > TPM2 support in > > coreboot and in tianocore but I have some questions regarding the values > I'm seeing in the PCRs. > > > I'm using Tianocore master branch as is selected by coreboot menuconfig > and x64 architecture. > > Once the system is running I can read the PCRs and, if I'm not wrong, PCR= s 0 > to 7 are handled > > by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release > mode and a coreboot+ > > tianocore in debug mode and the PCRs are the same. Is it ok? I thought th= at > any change in the > > coreboot.rom will made the PCR values to change... > > > pcr0: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr1: > a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 > pcr2: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr3: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr4: > 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871 > f > pcr5: > dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad > 8 > pcr6: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr7: > b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 > > Another test I've done is using the Tianocore stable branch as selected b= y > coreboot > (STABLE_COMMIT_ID=3D315d9d08fd77db1024ccc5307823da8aaed85e2f) and > I get the same values from release and build coreboot.roms except that > PCR1 has the same value as PCR0, 2, 3 and 6, it seems it's not used in th= is > version. > > Is this the expected behavior? > > Thanks! > Jorge > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel