From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=40.107.5.120; helo=eur03-ve1-obe.outbound.protection.outlook.com; envelope-from=jorgefm@cirsa.com; receiver=edk2-devel@lists.01.org Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50120.outbound.protection.outlook.com [40.107.5.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A3E6E211575FE for ; Tue, 25 Sep 2018 23:48:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cirsa.onmicrosoft.com; s=selector1-cirsa-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yCDvTMjaIMd2ZQBbtJWHad2nlnRVdq8e+3m1CrWBFlQ=; b=NJtSW6ICDo7iqmg62cAFrasuhE04VvfaYvZKE7b7gX01ndi1yoB3lghZ/ppQF6NLxsGmP0NormDwB+7c8Sai6ZjOHvmN2JYsCwWg9nBM6LC0c3kEzA4PoLgKS+OtIp3oX5lXCUcNIceMf/q5yawsUfy7AMmsNklJSv0JmBeOv6I= Received: from AM4PR07MB3121.eurprd07.prod.outlook.com (10.171.188.30) by AM4PR07MB1556.eurprd07.prod.outlook.com (10.165.249.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1185.10; Wed, 26 Sep 2018 06:48:30 +0000 Received: from AM4PR07MB3121.eurprd07.prod.outlook.com ([fe80::84b3:fec7:9c3f:af4a]) by AM4PR07MB3121.eurprd07.prod.outlook.com ([fe80::84b3:fec7:9c3f:af4a%4]) with mapi id 15.20.1185.019; Wed, 26 Sep 2018 06:48:29 +0000 From: Jorge Fernandez Monteagudo To: "Yao, Jiewen" , "Zhang, Chao B" , "edk2-devel@lists.01.org" Thread-Topic: Tianocore and TPM2 pcr values Thread-Index: AQHUU+rT8A2Fo9tZ6UKOSIY+RzW2uqUA/67ggAAJuZSAAQa+V4AAAi1wgAAImUyAAAWbQIAAAUkd Date: Wed, 26 Sep 2018 06:48:29 +0000 Message-ID: References: , , , <74D8A39837DF1E4DA445A8C0B3885C503AD9AC26@shsmsx102.ccr.corp.intel.com> , <74D8A39837DF1E4DA445A8C0B3885C503AD9C2A3@shsmsx102.ccr.corp.intel.com> In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503AD9C2A3@shsmsx102.ccr.corp.intel.com> Accept-Language: es-ES, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=jorgefm@cirsa.com; x-originating-ip: [195.76.51.172] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; AM4PR07MB1556; 6:V7DhGYTgIahLyHcQhzIjtXpPq8TQkFUD2KJx+Nh2m+wAo3E3pBxpfOt132SgQHrqRG8yaer2EnjiQUUooV8HEDD+y9658BZKTZKapvQ4UxlLS4urN2LXpFfUk/bqcVYPgjYkKvkg1QCz31qyonqA0A2ysi7CGkdP73K5r40Pk6aiIcw/rfAgvtIIxVyznOhheb1r8bhzSafkEvrWy9LvOtSc6r9hZAewpTSB8/xunJtymHDCE64US8zbbTZ/20KnLOLcOx+sh7t2H8W1w7XineSorEnSgJDpijWytz1uEqhtWmyLOt/LBtyVD9dvduO1/HSU5Yow/5jt/Luv2Ku4TbauU0oiI/WIAU336+dFOjNWnZJ4nAWOTChi/S+5NwtboE5r4MbGhtwl7CYYKA+exxbOGUziyWEer6yboAo67jpte1bsbAgnwZY60xVKEN5z6kDX84T1QT+6+cqTWmbBqA==; 5:Jn4MFL+7G0+9bGPCLhFPAQALcsAJOpuALgf5NAYtvEaS+W5uPtC5x1rXPC7D9tcqF/0P2N0tgw3+Y+3bYj9tzyUPugsGtIOq4eVZ9vxR4V4r1YbfguKshCvxtwyHyPCutEjthruyryb7grDTWrXmh0oZQKGtuiBwyMi0zxMcA2A=; 7:Nj4RP9b8ZiKjfO3uZ3jUdX8Qdn2fx3n1/jjyxbOiZDSGRG8fp55Oed+3Wn9GHJjqI/iMLQEt24xV2lpFam4GBCavLuSV5lUV5h8uIirHm/gzbFOuuIb9dGhsskrKRDAlBRfOqzdeeLy/W4CG1aYKV45vGW1dJ4qy+KlXgS8TAeY6L+FtoipNkAdtXLL25tmkvlFVtwsh/A7hS4KLiG8YzzyJqxZQznscXR2riv4Dq2LB1t8esTlPTOjF3LcMirbB x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: a2dcea80-498c-4e0d-44ab-08d6237c118f x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534165)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:AM4PR07MB1556; x-ms-traffictypediagnostic: AM4PR07MB1556: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(228905959029699)(162533806227266); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(3002001)(3231355)(944501410)(52105095)(93006095)(93001095)(10201501046)(149066)(150057)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123564045)(201708071742011)(7699051); SRVR:AM4PR07MB1556; BCL:0; PCL:0; RULEID:; SRVR:AM4PR07MB1556; x-forefront-prvs: 08076ABC99 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(376002)(366004)(136003)(39860400002)(53754006)(13464003)(199004)(189003)(52314003)(11346002)(93886005)(81156014)(8676002)(446003)(478600001)(966005)(81166006)(14454004)(6246003)(33656002)(486006)(476003)(19627405001)(606006)(68736007)(71200400001)(71190400001)(2900100001)(74316002)(7736002)(8936002)(66066001)(9686003)(236005)(6506007)(102836004)(3846002)(53546011)(53936002)(54896002)(55016002)(6306002)(14444005)(256004)(53946003)(5024004)(229853002)(106356001)(105586002)(5660300001)(186003)(26005)(97736004)(76176011)(86362001)(110136005)(316002)(99286004)(2501003)(25786009)(6436002)(19627235002)(575784001)(6606003)(2906002)(5250100002)(34290500001)(6116002)(7696005)(559001)(579004); DIR:OUT; SFP:1102; SCL:1; SRVR:AM4PR07MB1556; H:AM4PR07MB3121.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cirsa.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: 3XHMiiLM7t+yq9oARQwm/e+6kaSWLst8Ls8gEBFm3BBHEouPbALHSrOoW3Bc91AP6LS2DGlHHS//W/64cxrxpXCt+S2hGjjn1JYqv//obeCsZ44ybboFwB9xiah6Bx7L3kljk406WEq3mkPu/I+HhVpUjVlSNsfDAGXfQsnMaHMElX1OdwutHEX/kd/dik0h9nfG/DqM+cg3c9jaTjbOEVniOdepc4V8Osc9KN9Gy2jSqNxWpKtWEUjqcGFQg3DEFZ3oCHyhYhuR/fPGLmOLGPgYHjEUhlJ6aO9mujC4FfRDQVsfemb0K9io4nk65HK10znusS8GZkMNmCqLqQcFQ7kPdmILCKqR2cOlKTImHq0= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-OriginatorOrg: cirsa.com X-MS-Exchange-CrossTenant-Network-Message-Id: a2dcea80-498c-4e0d-44ab-08d6237c118f X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2018 06:48:29.6462 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: e6d255d9-7bfe-42f2-a01e-09634cc3a03b X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR07MB1556 X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: Tianocore and TPM2 pcr values X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2018 06:48:35 -0000 Content-Language: es-ES Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Yes, from log I see: Loading driver at 0x0008F3F2000 EntryPoint=3D0x0008F3F2240 Tcg2Dxe.efi InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 8F410C18 ProtectUefiImageCommon - 0x8F4107C0 - 0x000000008F3F2000 - 0x000000000000D800 PROGRESS CODE: V03040002 I0 InterfaceId - 0xFFFFFFFF InterfaceType - 0x0F InterfaceCapability - 0x300000FF InterfaceVersion - 0x3 StatusEx - 0xFF TpmFamily - 0x3 PtpInterface - 0 VID - 0x15D1 DID - 0x001A RID - 0x10 Tcg2.ProtocolVersion - 01.01 Tcg2.StructureVersion - 01.01 Tpm2GetCapabilityManufactureID - 00584649 Tpm2GetCapabilityFirmwareVersion - 00050000 00044102 Tpm2GetCapabilityMaxCommandResponseSize - 00000500, 00000500 GetSupportedAndActivePcrs - Count =3D 00000002 Tcg2.SupportedEventLogs - 0x00000003 Tcg2.HashAlgorithmBitmap - 0x00000003 Tcg2.NumberOfPCRBanks - 0x00000002 Tcg2.ActivePcrBanks - 0x00000003 ... ________________________________ De: Yao, Jiewen Enviado: mi=E9rcoles, 26 de septiembre de 2018 8:44:54 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org Asunto: RE: Tianocore and TPM2 pcr values ProtectUefiImageCommon is not related. Below code is the Tcg2Dxe entrypoint, I expect you can see some message the= re: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D DriverEntry() if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNon= eGuid) || CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm= 12Guid)){ DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); return EFI_UNSUPPORTED; } if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); return EFI_DEVICE_ERROR; } Status =3D Tpm2RequestUseTpm (); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n")); return Status; } // // Fill information // ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX =3D=3D sizeof(mTcg2EventInfo)/sizeof= (mTcg2EventInfo[0])); mTcgDxeData.BsCap.Size =3D sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY); mTcgDxeData.BsCap.ProtocolVersion.Major =3D 1; mTcgDxeData.BsCap.ProtocolVersion.Minor =3D 1; mTcgDxeData.BsCap.StructureVersion.Major =3D 1; mTcgDxeData.BsCap.StructureVersion.Minor =3D 1; DEBUG ((EFI_D_INFO, "Tcg2.ProtocolVersion - %02x.%02x\n", mTcgDxeData.Bs= Cap.ProtocolVersion.Major, mTcgDxeData.BsCap.ProtocolVersion.Minor)); DEBUG ((EFI_D_INFO, "Tcg2.StructureVersion - %02x.%02x\n", mTcgDxeData.Bs= Cap.StructureVersion.Major, mTcgDxeData.BsCap.StructureVersion.Minor)); Status =3D Tpm2GetCapabilityManufactureID (&mTcgDxeData.BsCap.Manufacture= rID); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityManufactureID fail!\n")); } else { DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityManufactureID - %08x\n", mTcgDxeD= ata.BsCap.ManufacturerID)); } From: Jorge Fernandez Monteagudo [mailto:jorgefm@cirsa.com] Sent: Wednesday, September 26, 2018 2:40 PM To: Yao, Jiewen ; Zhang, Chao B ; edk2-devel@lists.01.org Subject: Re: Tianocore and TPM2 pcr values Hi Yao > Yes, it is always good to enable serial port debug. There are lots of deb= ug message in Tcg2Dxe driver. We can know what is wrong. >>From the log I've been able to see that "measure" messages start once Tcg2D= xe.efi. From the beggining I can only see "ProtectUefiImageCommon" messages but I don't know if they are related. >In your patch, since we are using UEFI as payload, and there is no PEI, I = am not clear which driver you expect will extend something to PCR0. Do you = think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be >res= ponsible to extend coreboot image from flash, and who should extend UEFI pa= yload? I think nothing is implemented in coreboot because when TPM2 was not activa= ted in edk2 PCR0-10 were all 0. It's only checking what device is available and sending the tpm2_startup command. I'll try to investigate = the coreboot project to see if the tianocore payload could be extended before loading because coreboot should be the CRTM. > Also, only *3rd part* image will change PCR2 and PCR4. Do you have such c= ase in your platform? First notice. No I don't have such case in my platform. Thanks! Jorge ________________________________ De: Yao, Jiewen > Enviado: mi=E9rcoles, 26 de septiembre de 2018 8:11:58 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org Asunto: RE: Tianocore and TPM2 pcr values Hi Jorge Yes, it is always good to enable serial port debug. There are lots of debug= message in Tcg2Dxe driver. We can know what is wrong. In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image measuremen= t lib extend to PCR2, PCR4, PCR5. The DXE driver extends variable to PCR1/7= , and exposes the TCG2 protocol to let OS use it. In your patch, since we are using UEFI as payload, and there is no PEI, I a= m not clear which driver you expect will extend something to PCR0. Do you t= hink coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be respo= nsible to extend coreboot image from flash, and who should extend UEFI payl= oad? Also, only *3rd part* image will change PCR2 and PCR4. Do you have such cas= e in your platform? Anyway, there should still be something measured - boot variable (PCR1), se= cure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you i= nclude Tcg2Dxe driver. I am not clear if coreboot already extends something to separator according= to TCG PFP spec. If that is the case, we probably need a special handing i= n DXE driver. I look forward to your serial debug message and design discussion. Thank you Yao Jiewen > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 1:46 PM > To: Zhang, Chao B >= ; edk2-devel@lists.01.org > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > Maybe the traces I get from the debug build and > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F > > can help. > > > ________________________________ > De: edk2-devel > en nombre de Jorge > Fernandez Monteagudo > > Enviado: martes, 25 de septiembre de 2018 16:09:31 > Para: Zhang, Chao B; edk2-devel@lists.01.org > Asunto: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > PCR0 has not changed in any of the test I've done! What info do you need? > > > I'm using: > > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch > > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > branch > > Attached are the changes I've done to tianocore to get TPM2 support and n= o > console. > PCR0 is always > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > Thanks! > ________________________________ > De: Zhang, Chao B > > Enviado: martes, 25 de septiembre de 2018 15:41:45 > Para: Jorge Fernandez Monteagudo; edk2-devel@lists.01.org > Cc: You, Benjamin > Asunto: RE: Tianocore and TPM2 pcr values > > Hi Jorge: > PCR 0 should change if you use different core boot payload + UEFI. S= o > your case seems to be an issue. Can you provide more detailed info? > > > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Monday, September 24, 2018 5:57 PM > To: edk2-devel@lists.01.org > Subject: [edk2] Tianocore and TPM2 pcr values > > Hi all, > > > This is my first message in this list. I'm using tianocore as a payload f= or a > Coreboot in order to > > boot a custom board I'm working on it. Finally I've been able to enable t= he > TPM2 support in > > coreboot and in tianocore but I have some questions regarding the values > I'm seeing in the PCRs. > > > I'm using Tianocore master branch as is selected by coreboot menuconfig > and x64 architecture. > > Once the system is running I can read the PCRs and, if I'm not wrong, PCR= s 0 > to 7 are handled > > by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release > mode and a coreboot+ > > tianocore in debug mode and the PCRs are the same. Is it ok? I thought th= at > any change in the > > coreboot.rom will made the PCR values to change... > > > pcr0: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr1: > a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 > pcr2: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr3: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr4: > 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871 > f > pcr5: > dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad > 8 > pcr6: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr7: > b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 > > Another test I've done is using the Tianocore stable branch as selected b= y > coreboot > (STABLE_COMMIT_ID=3D315d9d08fd77db1024ccc5307823da8aaed85e2f) and > I get the same values from release and build coreboot.roms except that > PCR1 has the same value as PCR0, 2, 3 and 6, it seems it's not used in th= is > version. > > Is this the expected behavior? > > Thanks! > Jorge > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org > https://lists.01.org/mailman/listinfo/edk2-devel