From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=40.107.6.101; helo=eur04-db3-obe.outbound.protection.outlook.com; envelope-from=jorgefm@cirsa.com; receiver=edk2-devel@lists.01.org Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60101.outbound.protection.outlook.com [40.107.6.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id BEF8B2194D387 for ; Wed, 26 Sep 2018 01:53:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cirsa.onmicrosoft.com; s=selector1-cirsa-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aPqg/hIyvRfIGDJTzVrFkaL78e04Uj1WPJ3LCkzs73o=; b=dt7V4MpLNnPuYcmZplyE1tCnS7IPL361lsB9sWBOn0KME80qxj0Lw1L5E3CqjP2D2NRxcMEkigJG8ylA1gPs3uavdyE73RiQHBQAkr77ITVgdD9adX2kecLJpwc0QQSyT2zFfNICQYFeorjPiBYuq4SWm3xt6PiqyCyAKOpRcrQ= Received: from AM4PR07MB3121.eurprd07.prod.outlook.com (10.171.188.30) by AM4PR07MB3508.eurprd07.prod.outlook.com (10.171.190.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1185.13; Wed, 26 Sep 2018 08:53:37 +0000 Received: from AM4PR07MB3121.eurprd07.prod.outlook.com ([fe80::84b3:fec7:9c3f:af4a]) by AM4PR07MB3121.eurprd07.prod.outlook.com ([fe80::84b3:fec7:9c3f:af4a%4]) with mapi id 15.20.1185.019; Wed, 26 Sep 2018 08:53:37 +0000 From: Jorge Fernandez Monteagudo To: "Yao, Jiewen" , "Zhang, Chao B" , "edk2-devel@lists.01.org" Thread-Topic: Tianocore and TPM2 pcr values Thread-Index: AQHUU+rT8A2Fo9tZ6UKOSIY+RzW2uqUA/67ggAAJuZSAAQa+V4AAAi1wgAAImUyAAAWbQIAAAUkdgAABixCAACEtAw== Date: Wed, 26 Sep 2018 08:53:37 +0000 Message-ID: References: , , , <74D8A39837DF1E4DA445A8C0B3885C503AD9AC26@shsmsx102.ccr.corp.intel.com> , <74D8A39837DF1E4DA445A8C0B3885C503AD9C2A3@shsmsx102.ccr.corp.intel.com> , <74D8A39837DF1E4DA445A8C0B3885C503AD9C411@shsmsx102.ccr.corp.intel.com> In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503AD9C411@shsmsx102.ccr.corp.intel.com> Accept-Language: es-ES, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jorgefm@cirsa.com; x-originating-ip: [195.76.51.172] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR07MB3508; 6:+u3ds5j9ed3q/C6Trm+nclPNTk1P0bplWw2TR41E0scugG84JQwVus56HTbEUKyEAYerRam4pKfPL9jDzqaWI4afCdRkvOT0tXfjVIIcSXAqEMl5ope6uraIwu92MAY1nfUcrGF1oj/ViKzIv7uAG66u1fkJWS1SiMKWCAcSjXHbvUnSPY34W01yLdW6DZ5umXmGunwPHScVy8Pk8NQMdgXzg9LwVbuAoznSx3mT3jLPRgRrv9a4ICEILBaabc0V5M9kopZax6vNB9UfO6AZxd/Ui3RMhoMCmtdKUgqLtLY3OpOuxtgxZgT/7DoFIr6Odnc+iYuLRApQ3wC48ty/bwB2ict48XLN3tHlml7xj2eq1yJfPNJ42CUlNP2y0qwQwOCVKtiScmXq72y0bM3DmR01S8xOPCByeumyjIQt5ayoSOkwvxIQS4ETQ7849sknQ/YbZYVLf43UeTxL+vEyUQ==; 5:65SAkSs4kEH8BNIZZA3+cBut/DWb5SkniVkWcYqP914qdJBXhgu8R8J35mjZP9PJdg4aPGf/RLXgeI9xgl52BJVJDfKOkNuoypfzER6QxipMwbIxRJyrPa7ypFj2Xx+G85O66p00fraTO0O3k0l4uVC4AEz+SDOceA07+frTonw=; 7:ShLaFISQJ9S65Zn1vmplaFDEmJfOSnSdKkb/ll85epaUC1Czj7nWzn5M06OrQLG1vF6Jxx624IVvoJJvlRDaAGII7wN7WeLCaaBc7EUwRxa+omXAMwLNYlfp/gm6zFm1PlhzI5eEveS9Z8lLLE/hileEe3iVdwPdIrBCPY4xh7/sTOAupCsYFboBkSnp48GI84RQc3RwDn7Py+2bz7LugTfyLbu5WWQYiKdHab4tV4CIZLcTDQaCYYEW7txWZ5c3 x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: 34bd43a4-f3b9-4262-d5a2-08d6238d8c5b x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534165)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:AM4PR07MB3508; x-ms-traffictypediagnostic: AM4PR07MB3508: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(228905959029699)(162533806227266); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(10201501046)(3231355)(944501410)(52105095)(149066)(150057)(6041310)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(201708071742011)(7699051); SRVR:AM4PR07MB3508; BCL:0; PCL:0; RULEID:; SRVR:AM4PR07MB3508; x-forefront-prvs: 08076ABC99 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39860400002)(366004)(396003)(376002)(346002)(199004)(189003)(53754006)(52314003)(13464003)(5660300001)(7736002)(102836004)(26005)(97736004)(186003)(76176011)(7696005)(5250100002)(6606003)(66066001)(2501003)(2906002)(11346002)(229853002)(74316002)(33656002)(106356001)(99286004)(476003)(446003)(105586002)(486006)(575784001)(86362001)(110136005)(6436002)(34290500001)(6246003)(55016002)(25786009)(6116002)(3846002)(478600001)(966005)(16200700003)(53946003)(606006)(256004)(5024004)(14444005)(2900100001)(53936002)(114624004)(236005)(6306002)(54896002)(9686003)(19627235002)(19627405001)(53546011)(6506007)(316002)(14454004)(68736007)(8936002)(93886005)(71200400001)(71190400001)(8676002)(81166006)(81156014)(579004)(569006); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR07MB3508; H:AM4PR07MB3121.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cirsa.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: GRC/xq5HzOdAEhydQDBHUxfuWnoPnImvinTj6KOue+w2UPm08/pl/NStYPWG1Mcxs4ciC2g72AjX2KaZlAulN+OZqul6Jk7sLW7lV1ikJMoMQiKa74w85S4RC40bRTRhZeqbncsNLBWTiVhKY2sM3QwoX0WHua729fWfJJj3hxKXOKh/F8v9SsD4CI7+HAMDe8qEeTyO+HQVEvRDnmGdAPv4VhSH5pSILWWo/ftuBZ6LBJGylYfB5tpYBwi6jJERWKCYWAuBrQgPlFUuhCRY3vyqZF0/dQmhvyJtdyQn4JfqlXnCWjJqrbVMOT3wJbWYMvF6gwqT+IdSDOxvUQBbnsjJLA2+fTvTeLxMn84d8Vk= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: cirsa.com X-MS-Exchange-CrossTenant-Network-Message-Id: 34bd43a4-f3b9-4262-d5a2-08d6238d8c5b X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2018 08:53:37.0492 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: e6d255d9-7bfe-42f2-a01e-09634cc3a03b X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB3508 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: Tianocore and TPM2 pcr values X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2018 08:53:42 -0000 Content-Language: es-ES Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable I've added the Tcg2GetEventLog at the end of OnReadyToBoot from Tcg2Dxe.c a= nd I can see: TPM2 Tcg2Dxe Measure Data when ReadyToBoot Tcg2GetEventLog ... (0x2) Tcg2GetEventLog (EventLogLocation - 8F3D2000) Tcg2GetEventLog (EventLogLastEntry - 8F3D27AE) Tcg2GetEventLog (EventLogTruncated - 0) Tcg2GetEventLog - Success EventLogFormat: (0x2) Event: PCRIndex - 0 EventType - 0x00000003 Digest - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EventSize - 0x00000025 0000: 53706563204944204576656E7430330000000000000200020200000004001400 0020: 0B00200000 TCG_EfiSpecIDEventStruct: signature - 'Spec ID Event03 ' platformClass - 0x00000000 specVersion - 2.00 uintnSize - 0x02 NumberOfAlgorithms - 0x00000002 digest(0) algorithmId - 0x0004 digestSize - 0x0014 digest(1) algorithmId - 0x000B digestSize - 0x0020 VendorInfoSize - 0x00 VendorInfo - Event: PCRIndex - 7 EventType - 0x80000001 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 2F 20 11 2A 3F 55 39 8B 20 8E 0C 42 68 13 89 B4 CB 5B 18 2= 3 HashAlgo : 0x000B Digest(1): CE 9C E3 86 B5 2E 09 9F 30 19 E5 12 A0 D6 06 2D 6B 56 0E F= E 4F F3 E5 66 1C 75 25 E2 F9 C2 63 DF EventSize - 0x00000034 0000: 61DFE48BCA93D211AA0D00E098032B8C0A000000000000000000000000000000 0020: 53006500630075007200650042006F006F007400 Event: PCRIndex - 7 EventType - 0x80000001 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 9B 13 87 30 6E BB 7F F8 E7 95 E7 BE 77 56 36 66 BB F4 51 6= E HashAlgo : 0x000B Digest(1): DE A7 B8 0A B5 3A 3D AA A2 4D 5C C4 6C 64 E1 FA 9F FD 03 7= 3 9F 90 AA DB D8 C0 86 7C 4A 5B 48 90 EventSize - 0x00000024 0000: 61DFE48BCA93D211AA0D00E098032B8C02000000000000000000000000000000 0020: 50004B00 Event: PCRIndex - 7 EventType - 0x80000001 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 9A FA 86 C5 07 41 9B 85 70 C6 21 67 CB 94 86 D9 FC 80 97 5= 8 HashAlgo : 0x000B Digest(1): E6 70 E1 21 FC EB D4 73 B8 BC 41 BB 80 13 01 FC 1D 9A FA 3= 3 90 4F 06 F7 14 9B 74 F1 2C 47 A6 8F EventSize - 0x00000026 0000: 61DFE48BCA93D211AA0D00E098032B8C03000000000000000000000000000000 0020: 4B0045004B00 Event: PCRIndex - 7 EventType - 0x80000001 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 5B F8 FA A0 78 D4 0F FB D0 33 17 C9 33 98 B0 12 29 A0 E1 E= 0 HashAlgo : 0x000B Digest(1): BA F8 9A 3C CA CE 52 75 0C 5F 01 28 35 1E 04 22 A4 15 97 A= 1 AD FD 50 82 2A A3 63 B9 D1 24 EA 7C EventSize - 0x00000024 0000: CBB219D73A3D9645A3BCDAD00E67656F02000000000000000000000000000000 0020: 64006200 Event: PCRIndex - 7 EventType - 0x80000001 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 73 44 24 C9 FE 8F C7 17 16 C4 20 96 F4 B7 4C 88 73 3B 17 5= E HashAlgo : 0x000B Digest(1): 9F 75 B6 82 3B FF 6A F1 02 4A 4E 20 36 71 9C DD 54 8D 3C B= C 2B F1 DE 8E 7E F4 D0 ED 01 F9 4B F9 EventSize - 0x00000026 0000: CBB219D73A3D9645A3BCDAD00E67656F03000000000000000000000000000000 0020: 640062007800 Event: PCRIndex - 7 EventType - 0x00000004 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 7= 3 HashAlgo : 0x000B Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A D= C 52 BC 49 8C E8 05 24 C0 14 B8 11 19 EventSize - 0x00000004 0000: 00000000 Event: PCRIndex - 1 EventType - 0x80000002 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 1B 24 F7 F4 BB 84 00 03 02 20 9D 12 98 D6 2F 57 79 A9 4F 4= 5 HashAlgo : 0x000B Digest(1): 90 C2 69 89 21 CA 9F D0 29 50 BE 35 3F 72 18 88 76 0E 33 A= B 50 95 A2 1E 50 F1 E4 36 0B 6D E1 A0 EventSize - 0x00000038 0000: 61DFE48BCA93D211AA0D00E098032B8C09000000000000000600000000000000 0020: 42006F006F0074004F007200640065007200000001000200 Event: PCRIndex - 1 EventType - 0x80000002 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): E9 44 11 C7 28 F4 14 4F 9F 49 9D DE 4A BB F8 F0 48 3A BB 6= 6 HashAlgo : 0x000B Digest(1): 1F 7F 14 CE 8C 8E 85 5B 56 A0 FF 0D 87 FB 6E E6 78 98 37 7= 6 FA BE 83 C4 9F E5 1F 07 36 D3 0E 9C EventSize - 0x00000070 0000: 61DFE48BCA93D211AA0D00E098032B8C08000000000000004000000000000000 0020: 42006F006F0074003000300030003000010000001C0045004600490020005500 0040: 530042002000440065007600690063006500000002010C00D041030A00000000 0060: 0101060000100305060001007FFF0400 Event: PCRIndex - 1 EventType - 0x80000002 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 2D 60 53 82 1E 28 AC 45 A6 64 84 57 06 57 48 7A C3 8B 9E 3= A HashAlgo : 0x000B Digest(1): A0 39 4A 61 B8 1E 84 4E 1C 13 6C 74 EC 15 56 0A CF 5C 69 0= F 22 3E C3 22 1F F5 1E 18 3C 72 AF DA EventSize - 0x00000074 0000: 61DFE48BCA93D211AA0D00E098032B8C08000000000000004400000000000000 0020: 42006F006F007400300030003000310001000000200045004600490020004800 0040: 610072006400200044007200690076006500000002010C00D041030A00000000 0060: 01010600001103120A000100FFFF00007FFF0400 Event: PCRIndex - 1 EventType - 0x80000002 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): CF A3 CA 37 28 69 A8 3E 5A 0A 29 2D 94 D9 03 32 3D F7 1E 8= 6 HashAlgo : 0x000B Digest(1): C1 B5 4E 82 C6 8B 86 A7 ED 70 DF E9 CB AC A8 1E 99 C0 8A 4= 2 13 DD FD 13 7A 54 12 45 C8 33 13 22 EventSize - 0x00000079 0000: 61DFE48BCA93D211AA0D00E098032B8C08000000000000004900000000000000 0020: 42006F006F007400300030003000320001000000230045004600490020004D00 0040: 6900730063002000440065007600690063006500000002010C00D041030A0000 0060: 0000010106000714031D05000001050800000000007FFF0400 Event: PCRIndex - 4 EventType - 0x80000007 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): CD 0F DB 45 31 A6 EC 41 BE 27 53 BA 04 26 37 D6 E5 F7 F2 5= 6 HashAlgo : 0x000B Digest(1): 3D 67 72 B4 F8 4E D4 75 95 D7 2A 2C 4C 5F FD 15 F5 BB 72 C= 7 50 7F E2 6F 2A AE E2 C6 9D 56 33 BA EventSize - 0x00000028 0000: 43616C6C696E6720454649204170706C69636174696F6E2066726F6D20426F6F 0020: 74204F7074696F6E Event: PCRIndex - 0 EventType - 0x00000004 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 7= 3 HashAlgo : 0x000B Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A D= C 52 BC 49 8C E8 05 24 C0 14 B8 11 19 EventSize - 0x00000004 0000: 00000000 Event: PCRIndex - 1 EventType - 0x00000004 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 7= 3 HashAlgo : 0x000B Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A D= C 52 BC 49 8C E8 05 24 C0 14 B8 11 19 EventSize - 0x00000004 0000: 00000000 Event: PCRIndex - 2 EventType - 0x00000004 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 7= 3 HashAlgo : 0x000B Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A D= C 52 BC 49 8C E8 05 24 C0 14 B8 11 19 EventSize - 0x00000004 0000: 00000000 Event: PCRIndex - 3 EventType - 0x00000004 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 7= 3 HashAlgo : 0x000B Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A D= C 52 BC 49 8C E8 05 24 C0 14 B8 11 19 EventSize - 0x00000004 0000: 00000000 Event: PCRIndex - 4 EventType - 0x00000004 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 7= 3 HashAlgo : 0x000B Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A D= C 52 BC 49 8C E8 05 24 C0 14 B8 11 19 EventSize - 0x00000004 0000: 00000000 Event: PCRIndex - 5 EventType - 0x00000004 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 7= 3 HashAlgo : 0x000B Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A D= C 52 BC 49 8C E8 05 24 C0 14 B8 11 19 EventSize - 0x00000004 0000: 00000000 Event: PCRIndex - 6 EventType - 0x00000004 DigestCount: 0x00000002 HashAlgo : 0x0004 Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 7= 3 HashAlgo : 0x000B Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A D= C 52 BC 49 8C E8 05 24 C0 14 B8 11 19 EventSize - 0x00000004 0000: 00000000 FinalEventsTable: (0x8F408000) Version: (0x1) NumberOfEvents: (0x0) PROGRESS CODE: V03051001 I0 ________________________________ De: Yao, Jiewen Enviado: mi=E9rcoles, 26 de septiembre de 2018 8:58:26 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org Asunto: RE: Tianocore and TPM2 pcr values That means the TPM2 device works well. We have code to dump the final event log at Tcg2GetEventLog(). // Dump Event Log for debug purpose if ((EventLogLocation !=3D NULL) && (EventLogLastEntry !=3D NULL)) { DumpEventLog (EventLogFormat, *EventLogLocation, *EventLogLastEntry, mT= cgDxeData.FinalEventsTable[Index]); } If your OS need consume the event log, I expect OS loader calls Tcg2GetEven= tLog(). If you don=92t have such OS, then you can add Tcg2GetEventLog() call in the= end of OnReadyToBoot() =96 just for debug purpose to dump the event log. As such we can know how many events are extended. Thank you Yao Jiewen From: Jorge Fernandez Monteagudo [mailto:jorgefm@cirsa.com] Sent: Wednesday, September 26, 2018 2:48 PM To: Yao, Jiewen ; Zhang, Chao B ; edk2-devel@lists.01.org Subject: Re: Tianocore and TPM2 pcr values Yes, from log I see: Loading driver at 0x0008F3F2000 EntryPoint=3D0x0008F3F2240 Tcg2Dxe.efi InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 8F410C18 ProtectUefiImageCommon - 0x8F4107C0 - 0x000000008F3F2000 - 0x000000000000D800 PROGRESS CODE: V03040002 I0 InterfaceId - 0xFFFFFFFF InterfaceType - 0x0F InterfaceCapability - 0x300000FF InterfaceVersion - 0x3 StatusEx - 0xFF TpmFamily - 0x3 PtpInterface - 0 VID - 0x15D1 DID - 0x001A RID - 0x10 Tcg2.ProtocolVersion - 01.01 Tcg2.StructureVersion - 01.01 Tpm2GetCapabilityManufactureID - 00584649 Tpm2GetCapabilityFirmwareVersion - 00050000 00044102 Tpm2GetCapabilityMaxCommandResponseSize - 00000500, 00000500 GetSupportedAndActivePcrs - Count =3D 00000002 Tcg2.SupportedEventLogs - 0x00000003 Tcg2.HashAlgorithmBitmap - 0x00000003 Tcg2.NumberOfPCRBanks - 0x00000002 Tcg2.ActivePcrBanks - 0x00000003 ... ________________________________ De: Yao, Jiewen > Enviado: mi=E9rcoles, 26 de septiembre de 2018 8:44:54 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org Asunto: RE: Tianocore and TPM2 pcr values ProtectUefiImageCommon is not related. Below code is the Tcg2Dxe entrypoint, I expect you can see some message the= re: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D DriverEntry() if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNon= eGuid) || CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm= 12Guid)){ DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); return EFI_UNSUPPORTED; } if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); return EFI_DEVICE_ERROR; } Status =3D Tpm2RequestUseTpm (); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n")); return Status; } // // Fill information // ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX =3D=3D sizeof(mTcg2EventInfo)/sizeof= (mTcg2EventInfo[0])); mTcgDxeData.BsCap.Size =3D sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY); mTcgDxeData.BsCap.ProtocolVersion.Major =3D 1; mTcgDxeData.BsCap.ProtocolVersion.Minor =3D 1; mTcgDxeData.BsCap.StructureVersion.Major =3D 1; mTcgDxeData.BsCap.StructureVersion.Minor =3D 1; DEBUG ((EFI_D_INFO, "Tcg2.ProtocolVersion - %02x.%02x\n", mTcgDxeData.Bs= Cap.ProtocolVersion.Major, mTcgDxeData.BsCap.ProtocolVersion.Minor)); DEBUG ((EFI_D_INFO, "Tcg2.StructureVersion - %02x.%02x\n", mTcgDxeData.Bs= Cap.StructureVersion.Major, mTcgDxeData.BsCap.StructureVersion.Minor)); Status =3D Tpm2GetCapabilityManufactureID (&mTcgDxeData.BsCap.Manufacture= rID); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityManufactureID fail!\n")); } else { DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityManufactureID - %08x\n", mTcgDxeD= ata.BsCap.ManufacturerID)); } From: Jorge Fernandez Monteagudo [mailto:jorgefm@cirsa.com] Sent: Wednesday, September 26, 2018 2:40 PM To: Yao, Jiewen >; Zhang,= Chao B >; edk2-devel= @lists.01.org Subject: Re: Tianocore and TPM2 pcr values Hi Yao > Yes, it is always good to enable serial port debug. There are lots of deb= ug message in Tcg2Dxe driver. We can know what is wrong. >>From the log I've been able to see that "measure" messages start once Tcg2D= xe.efi. From the beggining I can only see "ProtectUefiImageCommon" messages but I don't know if they are related. >In your patch, since we are using UEFI as payload, and there is no PEI, I = am not clear which driver you expect will extend something to PCR0. Do you = think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be >res= ponsible to extend coreboot image from flash, and who should extend UEFI pa= yload? I think nothing is implemented in coreboot because when TPM2 was not activa= ted in edk2 PCR0-10 were all 0. It's only checking what device is available and sending the tpm2_startup command. I'll try to investigate = the coreboot project to see if the tianocore payload could be extended before loading because coreboot should be the CRTM. > Also, only *3rd part* image will change PCR2 and PCR4. Do you have such c= ase in your platform? First notice. No I don't have such case in my platform. Thanks! Jorge ________________________________ De: Yao, Jiewen > Enviado: mi=E9rcoles, 26 de septiembre de 2018 8:11:58 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org Asunto: RE: Tianocore and TPM2 pcr values Hi Jorge Yes, it is always good to enable serial port debug. There are lots of debug= message in Tcg2Dxe driver. We can know what is wrong. In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image measuremen= t lib extend to PCR2, PCR4, PCR5. The DXE driver extends variable to PCR1/7= , and exposes the TCG2 protocol to let OS use it. In your patch, since we are using UEFI as payload, and there is no PEI, I a= m not clear which driver you expect will extend something to PCR0. Do you t= hink coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be respo= nsible to extend coreboot image from flash, and who should extend UEFI payl= oad? Also, only *3rd part* image will change PCR2 and PCR4. Do you have such cas= e in your platform? Anyway, there should still be something measured - boot variable (PCR1), se= cure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you i= nclude Tcg2Dxe driver. I am not clear if coreboot already extends something to separator according= to TCG PFP spec. If that is the case, we probably need a special handing i= n DXE driver. I look forward to your serial debug message and design discussion. Thank you Yao Jiewen > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 1:46 PM > To: Zhang, Chao B >= ; edk2-devel@lists.01.org > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > Maybe the traces I get from the debug build and > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F > > can help. > > > ________________________________ > De: edk2-devel > en nombre de Jorge > Fernandez Monteagudo > > Enviado: martes, 25 de septiembre de 2018 16:09:31 > Para: Zhang, Chao B; edk2-devel@lists.01.org > Asunto: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > PCR0 has not changed in any of the test I've done! What info do you need? > > > I'm using: > > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch > > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > branch > > Attached are the changes I've done to tianocore to get TPM2 support and n= o > console. > PCR0 is always > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > Thanks! > ________________________________ > De: Zhang, Chao B > > Enviado: martes, 25 de septiembre de 2018 15:41:45 > Para: Jorge Fernandez Monteagudo; edk2-devel@lists.01.org > Cc: You, Benjamin > Asunto: RE: Tianocore and TPM2 pcr values > > Hi Jorge: > PCR 0 should change if you use different core boot payload + UEFI. S= o > your case seems to be an issue. Can you provide more detailed info? > > > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Monday, September 24, 2018 5:57 PM > To: edk2-devel@lists.01.org > Subject: [edk2] Tianocore and TPM2 pcr values > > Hi all, > > > This is my first message in this list. I'm using tianocore as a payload f= or a > Coreboot in order to > > boot a custom board I'm working on it. Finally I've been able to enable t= he > TPM2 support in > > coreboot and in tianocore but I have some questions regarding the values > I'm seeing in the PCRs. > > > I'm using Tianocore master branch as is selected by coreboot menuconfig > and x64 architecture. > > Once the system is running I can read the PCRs and, if I'm not wrong, PCR= s 0 > to 7 are handled > > by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release > mode and a coreboot+ > > tianocore in debug mode and the PCRs are the same. Is it ok? I thought th= at > any change in the > > coreboot.rom will made the PCR values to change... > > > pcr0: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr1: > a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 > pcr2: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr3: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr4: > 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871 > f > pcr5: > dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad > 8 > pcr6: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr7: > b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 > > Another test I've done is using the Tianocore stable branch as selected b= y > coreboot > (STABLE_COMMIT_ID=3D315d9d08fd77db1024ccc5307823da8aaed85e2f) and > I get the same values from release and build coreboot.roms except that > PCR1 has the same value as PCR0, 2, 3 and 6, it seems it's not used in th= is > version. > > Is this the expected behavior? > > Thanks! > Jorge > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel