* [PATCH v4 0/6] Add capability to let PEIM extend TcgEvent
@ 2020-07-17 8:49 Qi Zhang
2020-07-17 8:49 ` [PATCH v4 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
` (5 more replies)
0 siblings, 6 replies; 18+ messages in thread
From: Qi Zhang @ 2020-07-17 8:49 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Rahul Kumar
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Currently, we have TCG/TCG2 protocol and DxeTpmMeasurementLib to let DXE
module extend the TCG event.
There is more and more use case in PEI phase that a PEIM need extend TCG
event, such as BootGuard, FSP, Microcode measurement. Currently, we dont
have API to do that so that each module need create TCG/TCG2 event log,
which is a burden.
This bugzilla requests to add PeiTpmMeasurementLib instance.
The implementation includes:
1) A EDKII_TCG_PPI which abstracts the HashLogExtendEvent service.
2) A PeiTpmMeasurementLib instance, so that a PEIM can call this API to
add TCG event.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Jiewen Yao (6):
SecurityPkg/TcgPpi: Add TcgPpi header file.
SecurityPkg/dec: Add TcgPpi.
SecurityPkg/Tcg: Add TcgPpi
SecurityPkg/Tcg2: Add TcgPpi
SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
SecurityPkg/dsc: Add PeiTpmMeasurementLib.
SecurityPkg/Include/Ppi/Tcg.h | 60 ++++++++++
.../PeiTpmMeasurementLib.c | 74 ++++++++++++
.../PeiTpmMeasurementLib.inf | 50 ++++++++
.../PeiTpmMeasurementLib.uni | 17 +++
SecurityPkg/SecurityPkg.dec | 3 +
SecurityPkg/SecurityPkg.dsc | 4 +-
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 110 +++++++++++++-----
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 3 +-
SecurityPkg/Tcg/TcgPei/TcgPei.c | 61 +++++++++-
SecurityPkg/Tcg/TcgPei/TcgPei.inf | 3 +-
10 files changed, 351 insertions(+), 34 deletions(-)
create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
--
2.26.2.windows.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH v4 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
2020-07-17 8:49 [PATCH v4 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
@ 2020-07-17 8:49 ` Qi Zhang
2020-07-21 8:37 ` Wang, Jian J
2020-07-17 8:49 ` [PATCH v4 2/6] SecurityPkg/dec: Add TcgPpi Qi Zhang
` (4 subsequent siblings)
5 siblings, 1 reply; 18+ messages in thread
From: Qi Zhang @ 2020-07-17 8:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Include/Ppi/Tcg.h | 60 +++++++++++++++++++++++++++++++++++
1 file changed, 60 insertions(+)
create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
new file mode 100644
index 0000000000..0e943f2465
--- /dev/null
+++ b/SecurityPkg/Include/Ppi/Tcg.h
@@ -0,0 +1,60 @@
+/** @file
+ TCG PPI services.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _TCG_PPI_H_
+#define _TCG_PPI_H_
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
+
+//
+// This bit is shall be set when HashData is the pre-hash digest.
+//
+#define EDKII_TCG_PRE_HASH 0x0000000000000001
+
+/**
+ Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+ @param[in] This Indicates the calling context
+ @param[in] Flags Bitmap providing additional information
+ @param[in] HashData If BIT0 of Flags is 0, it is physical address of the
+ start of the data buffer to be hashed, extended, and logged.
+ If BIT0 of Flags is 1, it is physical address of the
+ start of the pre-hash data buffter to be extended, and logged.
+ The pre-hash data format is TPML_DIGEST_VALUES.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
+ @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
+ @param[in] NewEventData Pointer to the new event data.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
+ IN EDKII_TCG_PPI *This,
+ IN UINT64 Flags,
+ IN UINT8 *HashData,
+ IN UINTN HashDataLen,
+ IN TCG_PCR_EVENT_HDR *NewEventHdr,
+ IN UINT8 *NewEventData
+ );
+
+///
+/// The EFI_TCG Protocol abstracts TCG activity.
+///
+struct _EDKII_TCG_PPI {
+ EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
+};
+
+extern EFI_GUID gEdkiiTcgPpiGuid;
+
+#endif
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v4 2/6] SecurityPkg/dec: Add TcgPpi.
2020-07-17 8:49 [PATCH v4 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
2020-07-17 8:49 ` [PATCH v4 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
@ 2020-07-17 8:49 ` Qi Zhang
2020-07-21 8:37 ` Wang, Jian J
2020-07-17 8:49 ` [PATCH v4 3/6] SecurityPkg/Tcg: " Qi Zhang
` (3 subsequent siblings)
5 siblings, 1 reply; 18+ messages in thread
From: Qi Zhang @ 2020-07-17 8:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/SecurityPkg.dec | 3 +++
1 file changed, 3 insertions(+)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 79d46308ad..42fc48cc1f 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -203,6 +203,9 @@
## Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid = {0x7f5e4e31, 0x81b1, 0x47e5, { 0x9e, 0x21, 0x1e, 0x4b, 0x5b, 0xc2, 0xf6, 0x1d } }
+ ## Include/Ppi/Tcg.h
+ gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca, 0xc7, 0x17, 0x6c, 0xf1 } }
+
#
# [Error.gEfiSecurityPkgTokenSpaceGuid]
# 0x80000001 | Invalid value provided.
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v4 3/6] SecurityPkg/Tcg: Add TcgPpi
2020-07-17 8:49 [PATCH v4 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
2020-07-17 8:49 ` [PATCH v4 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
2020-07-17 8:49 ` [PATCH v4 2/6] SecurityPkg/dec: Add TcgPpi Qi Zhang
@ 2020-07-17 8:49 ` Qi Zhang
2020-07-21 8:36 ` Wang, Jian J
2020-07-17 8:49 ` [PATCH v4 4/6] SecurityPkg/Tcg2: " Qi Zhang
` (2 subsequent siblings)
5 siblings, 1 reply; 18+ messages in thread
From: Qi Zhang @ 2020-07-17 8:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Qi Zhang, Rahul Kumar
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Tcg/TcgPei/TcgPei.c | 61 ++++++++++++++++++++++++++++---
SecurityPkg/Tcg/TcgPei/TcgPei.inf | 3 +-
2 files changed, 58 insertions(+), 6 deletions(-)
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c
index a9a808c9ec..2533388849 100644
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.c
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c
@@ -1,7 +1,7 @@
/** @file
Initialize TPM device and measure FVs before handing off control to DXE.
-Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2005 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Ppi/FirmwareVolume.h>
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
+#include <Ppi/Tcg.h>
#include <Guid/TcgEventHob.h>
#include <Guid/MeasuredFvHob.h>
@@ -51,6 +52,45 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
NULL
};
+/**
+ Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
+ and build a GUIDed HOB recording the event which will be passed to the DXE phase and
+ added into the Event Log.
+
+ @param[in] This Indicates the calling context
+ @param[in] Flags Bitmap providing additional information.
+ @param[in] HashData Physical address of the start of the data buffer
+ to be hashed, extended, and logged.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
+ @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
+ @param[in] NewEventData Pointer to the new event data.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+
+**/
+EFI_STATUS
+EFIAPI
+HashLogExtendEvent (
+ IN EDKII_TCG_PPI *This,
+ IN UINT64 Flags,
+ IN UINT8 *HashData,
+ IN UINTN HashDataLen,
+ IN TCG_PCR_EVENT_HDR *NewEventHdr,
+ IN UINT8 *NewEventData
+ );
+
+EDKII_TCG_PPI mEdkiiTcgPpi = {
+ HashLogExtendEvent
+};
+
+EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gEdkiiTcgPpiGuid,
+ &mEdkiiTcgPpi
+};
+
//
// Number of firmware blobs to grow by each time we run out of room
//
@@ -243,7 +283,8 @@ TpmCommHashAll (
and build a GUIDed HOB recording the event which will be passed to the DXE phase and
added into the Event Log.
- @param[in] PeiServices Describes the list of possible PEI Services.
+ @param[in] This Indicates the calling context.
+ @param[in] Flags Bitmap providing additional information.
@param[in] HashData Physical address of the start of the data buffer
to be hashed, extended, and logged.
@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
@@ -256,8 +297,10 @@ TpmCommHashAll (
**/
EFI_STATUS
+EFIAPI
HashLogExtendEvent (
- IN EFI_PEI_SERVICES **PeiServices,
+ IN EDKII_TCG_PPI *This,
+ IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
@@ -346,7 +389,8 @@ MeasureCRTMVersion (
TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
return HashLogExtendEvent (
- PeiServices,
+ &mEdkiiTcgPpi,
+ 0,
(UINT8*)PcdGetPtr (PcdFirmwareVersionString),
TcgEventHdr.EventSize,
&TcgEventHdr,
@@ -415,7 +459,8 @@ MeasureFvImage (
TcgEventHdr.EventSize = sizeof (FvBlob);
Status = HashLogExtendEvent (
- (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),
+ &mEdkiiTcgPpi,
+ 0,
(UINT8*) (UINTN) FvBlob.BlobBase,
(UINTN) FvBlob.BlobLength,
&TcgEventHdr,
@@ -744,6 +789,12 @@ PeimEntryMP (
Status = PeiServicesNotifyPpi (&mNotifyList[0]);
ASSERT_EFI_ERROR (Status);
+ //
+ // install Tcg Services
+ //
+ Status = PeiServicesInstallPpi (&mTcgPpiList);
+ ASSERT_EFI_ERROR (Status);
+
return Status;
}
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
index c0bff6e85e..4ab4edd657 100644
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
@@ -4,7 +4,7 @@
# This module will initialize TPM device, measure reported FVs and BIOS version.
# This module may also lock TPM physical presence and physicalPresenceLifetimeLock.
#
-# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -67,6 +67,7 @@
gPeiTpmInitializedPpiGuid ## SOMETIMES_PRODUCES
gPeiTpmInitializationDonePpiGuid ## PRODUCES
gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
+ gEdkiiTcgPpiGuid ## PRODUCES
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock ## SOMETIMES_CONSUMES
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v4 4/6] SecurityPkg/Tcg2: Add TcgPpi
2020-07-17 8:49 [PATCH v4 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
` (2 preceding siblings ...)
2020-07-17 8:49 ` [PATCH v4 3/6] SecurityPkg/Tcg: " Qi Zhang
@ 2020-07-17 8:49 ` Qi Zhang
2020-07-21 8:52 ` Wang, Jian J
2020-07-17 8:49 ` [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance Qi Zhang
2020-07-17 8:49 ` [PATCH v4 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib Qi Zhang
5 siblings, 1 reply; 18+ messages in thread
From: Qi Zhang @ 2020-07-17 8:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Qi Zhang, Rahul Kumar
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 110 +++++++++++++++++++++-------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 3 +-
2 files changed, 86 insertions(+), 27 deletions(-)
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 19b8e4b318..592f760057 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -1,7 +1,7 @@
/** @file
Initialize TPM2 device and measure FVs before handing off control to DXE.
-Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
#include <Ppi/FirmwareVolumeInfoPrehashedFV.h>
+#include <Ppi/Tcg.h>
#include <Guid/TcgEventHob.h>
#include <Guid/MeasuredFvHob.h>
@@ -66,6 +67,48 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
NULL
};
+/**
+ Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
+ and build a GUIDed HOB recording the event which will be passed to the DXE phase and
+ added into the Event Log.
+
+ @param[in] This Indicates the calling context
+ @param[in] Flags Bitmap providing additional information.
+ @param[in] HashData If BIT0 of Flags is 0, it is physical address of the
+ start of the data buffer to be hashed, extended, and logged.
+ If BIT0 of Flags is 1, it is physical address of the
+ start of the pre-hash data buffter to be extended, and logged.
+ The pre-hash data format is TPML_DIGEST_VALUES.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
+ @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
+ @param[in] NewEventData Pointer to the new event data.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+
+**/
+EFI_STATUS
+EFIAPI
+HashLogExtendEvent (
+ IN EDKII_TCG_PPI *This,
+ IN UINT64 Flags,
+ IN UINT8 *HashData,
+ IN UINTN HashDataLen,
+ IN TCG_PCR_EVENT_HDR *NewEventHdr,
+ IN UINT8 *NewEventData
+ );
+
+EDKII_TCG_PPI mEdkiiTcgPpi = {
+ HashLogExtendEvent
+};
+
+EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = {
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
+ &gEdkiiTcgPpiGuid,
+ &mEdkiiTcgPpi
+};
+
//
// Number of firmware blobs to grow by each time we run out of room
//
@@ -375,9 +418,13 @@ LogHashEvent (
and build a GUIDed HOB recording the event which will be passed to the DXE phase and
added into the Event Log.
+ @param[in] This Indicates the calling context
@param[in] Flags Bitmap providing additional information.
- @param[in] HashData Physical address of the start of the data buffer
- to be hashed, extended, and logged.
+ @param[in] HashData If BIT0 of Flags is 0, it is physical address of the
+ start of the data buffer to be hashed, extended, and logged.
+ If BIT0 of Flags is 1, it is physical address of the
+ start of the pre-hash data buffter to be extended, and logged.
+ The pre-hash data format is TPML_DIGEST_VALUES.
@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
@param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
@param[in] NewEventData Pointer to the new event data.
@@ -388,7 +435,9 @@ LogHashEvent (
**/
EFI_STATUS
+EFIAPI
HashLogExtendEvent (
+ IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
@@ -403,16 +452,23 @@ HashLogExtendEvent (
return EFI_DEVICE_ERROR;
}
- Status = HashAndExtend (
- NewEventHdr->PCRIndex,
- HashData,
- HashDataLen,
+ if(Flags & EDKII_TCG_PRE_HASH) {
+ ZeroMem (&DigestList, sizeof(DigestList));
+ CopyMem(&DigestList, HashData, sizeof(DigestList));
+ Status = Tpm2PcrExtend(
+ 0,
&DigestList
);
+ } else {
+ Status = HashAndExtend (
+ NewEventHdr->PCRIndex,
+ HashData,
+ HashDataLen,
+ &DigestList
+ );
+ }
if (!EFI_ERROR (Status)) {
- if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) {
- Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
- }
+ Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
}
if (Status == EFI_DEVICE_ERROR) {
@@ -452,6 +508,7 @@ MeasureCRTMVersion (
TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
return HashLogExtendEvent (
+ &mEdkiiTcgPpi,
0,
(UINT8*)PcdGetPtr (PcdFirmwareVersionString),
TcgEventHdr.EventSize,
@@ -651,27 +708,22 @@ MeasureFvImage (
// FV pre-hash algos comply with current TPM hash requirement
// Skip hashing step in measure, only extend DigestList to PCR and log event
//
- Status = Tpm2PcrExtend(
- 0,
- &DigestList
+ Status = HashLogExtendEvent (
+ &mEdkiiTcgPpi,
+ EDKII_TCG_PRE_HASH,
+ (UINT8*) &DigestList, // HashData
+ (UINTN) sizeof(DigestList), // HashDataLen
+ &TcgEventHdr, // EventHdr
+ EventData // EventData
);
-
- if (!EFI_ERROR(Status)) {
- Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData);
- DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase));
- DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength));
- } else if (Status == EFI_DEVICE_ERROR) {
- BuildGuidHob (&gTpmErrorHobGuid,0);
- REPORT_STATUS_CODE (
- EFI_ERROR_CODE | EFI_ERROR_MINOR,
- (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
- );
- }
+ DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase));
+ DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength));
} else {
//
// Hash the FV, extend digest to the TPM and log TCG event
//
Status = HashLogExtendEvent (
+ &mEdkiiTcgPpi,
0,
(UINT8*) (UINTN) FvBase, // HashData
(UINTN) FvLength, // HashDataLen
@@ -849,6 +901,12 @@ PeimEntryMP (
{
EFI_STATUS Status;
+ //
+ // install Tcg Services
+ //
+ Status = PeiServicesInstallPpi (&mTcgPpiList);
+ ASSERT_EFI_ERROR (Status);
+
if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {
Status = MeasureCRTMVersion ();
}
@@ -893,7 +951,7 @@ MeasureSeparatorEventWithError (
TcgEvent.PCRIndex = PCRIndex;
TcgEvent.EventType = EV_SEPARATOR;
TcgEvent.EventSize = (UINT32)sizeof (EventData);
- return HashLogExtendEvent(0,(UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
+ return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
}
/**
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
index 3d361e8859..f64b29f1ae 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -8,7 +8,7 @@
#
# This module will initialize TPM device, measure reported FVs and BIOS version.
#
-# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -72,6 +72,7 @@
gPeiTpmInitializationDonePpiGuid ## PRODUCES
gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## SOMETIMES_CONSUMES
+ gEdkiiTcgPpiGuid ## PRODUCES
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
2020-07-17 8:49 [PATCH v4 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
` (3 preceding siblings ...)
2020-07-17 8:49 ` [PATCH v4 4/6] SecurityPkg/Tcg2: " Qi Zhang
@ 2020-07-17 8:49 ` Qi Zhang
2020-07-21 9:00 ` Wang, Jian J
[not found] ` <1623B8ED1BE72736.9882@groups.io>
2020-07-17 8:49 ` [PATCH v4 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib Qi Zhang
5 siblings, 2 replies; 18+ messages in thread
From: Qi Zhang @ 2020-07-17 8:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../PeiTpmMeasurementLib.c | 74 +++++++++++++++++++
.../PeiTpmMeasurementLib.inf | 50 +++++++++++++
.../PeiTpmMeasurementLib.uni | 17 +++++
3 files changed, 141 insertions(+)
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
create mode 100644 SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
new file mode 100644
index 0000000000..1a590e0c9e
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
@@ -0,0 +1,74 @@
+/** @file
+ This library is used by other modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/PeiServicesTablePointerLib.h>
+#include <Library/DebugLib.h>
+#include <Library/HobLib.h>
+#include <Library/TpmMeasurementLib.h>
+
+#include <Ppi/Tcg.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+/**
+ Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TpmMeasureAndLogData (
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen
+ )
+{
+ EFI_STATUS Status;
+ EDKII_TCG_PPI *TcgPpi;
+ TCG_PCR_EVENT_HDR TcgEventHdr;
+
+ Status = PeiServicesLocatePpi(
+ &gEdkiiTcgPpiGuid,
+ 0,
+ NULL,
+ (VOID**)&TcgPpi
+ );
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ TcgEventHdr.PCRIndex = PcrIndex;
+ TcgEventHdr.EventType = EventType;
+ TcgEventHdr.EventSize = LogLen;
+
+ Status = TcgPpi->HashLogExtendEvent (
+ TcgPpi,
+ 0,
+ HashData,
+ (UINTN)HashDataLen,
+ &TcgEventHdr,
+ EventLog
+ );
+ return Status;
+}
diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
new file mode 100644
index 0000000000..6625d0fd01
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
@@ -0,0 +1,50 @@
+## @file
+# Provides TPM measurement functions for TPM1.2 and TPM 2.0
+#
+# This library provides TpmMeasureAndLogData() to measure and log data, and
+# extend the measurement result into a specific PCR.
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = PeiTpmMeasurementLib
+ FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
+ MODULE_TYPE = PEIM
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TpmMeasurementLib|PEIM
+ MODULE_UNI_FILE = PeiTpmMeasurementLib.uni
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ PeiTpmMeasurementLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ HobLib
+ DebugLib
+ PcdLib
+ PrintLib
+ PeiServicesLib
+ PeiServicesTablePointerLib
+
+[Ppis]
+ gEdkiiTcgPpiGuid ## CONSUMES
+
+[Depex]
+ gEfiPeiMasterBootModePpiGuid AND
+ gEfiTpmDeviceSelectedGuid
diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
new file mode 100644
index 0000000000..7b4341b449
--- /dev/null
+++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
@@ -0,0 +1,17 @@
+// /** @file
+// Provides TPM measurement functions for TPM1.2 and TPM 2.0
+//
+// This library provides TpmMeasureAndLogData() to to measure and log data, and
+// extend the measurement result into a specific PCR.
+//
+// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides TPM measurement functions for TPM1.2 and TPM 2.0"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library provides TpmMeasureAndLogData() to to measure and log data, and extend the measurement result into a specific PCR."
+
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH v4 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib.
2020-07-17 8:49 [PATCH v4 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
` (4 preceding siblings ...)
2020-07-17 8:49 ` [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance Qi Zhang
@ 2020-07-17 8:49 ` Qi Zhang
2020-07-21 9:00 ` Wang, Jian J
5 siblings, 1 reply; 18+ messages in thread
From: Qi Zhang @ 2020-07-17 8:49 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Jian J Wang, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
SecurityPkg/SecurityPkg.dsc | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 53fce05353..28effe3eda 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -1,7 +1,7 @@
## @file
# Security Module Package for All Architectures.
#
-# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -96,6 +96,7 @@
Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf
Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
[LibraryClasses.common.DXE_DRIVER]
@@ -234,6 +235,7 @@
SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf
+ SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH v4 3/6] SecurityPkg/Tcg: Add TcgPpi
2020-07-17 8:49 ` [PATCH v4 3/6] SecurityPkg/Tcg: " Qi Zhang
@ 2020-07-21 8:36 ` Wang, Jian J
0 siblings, 0 replies; 18+ messages in thread
From: Wang, Jian J @ 2020-07-21 8:36 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Yao, Jiewen, Kumar, Rahul1
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 17, 2020 4:50 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: [PATCH v4 3/6] SecurityPkg/Tcg: Add TcgPpi
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> SecurityPkg/Tcg/TcgPei/TcgPei.c | 61 ++++++++++++++++++++++++++++---
> SecurityPkg/Tcg/TcgPei/TcgPei.inf | 3 +-
> 2 files changed, 58 insertions(+), 6 deletions(-)
>
> diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c
> index a9a808c9ec..2533388849 100644
> --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c
> +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c
> @@ -1,7 +1,7 @@
> /** @file
>
> Initialize TPM device and measure FVs before handing off control to DXE.
>
>
>
> -Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
>
> +Copyright (c) 2005 - 2020, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> #include <Ppi/FirmwareVolume.h>
>
> #include <Ppi/EndOfPeiPhase.h>
>
> #include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
>
> +#include <Ppi/Tcg.h>
>
>
>
> #include <Guid/TcgEventHob.h>
>
> #include <Guid/MeasuredFvHob.h>
>
> @@ -51,6 +52,45 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList
> = {
> NULL
>
> };
>
>
>
> +/**
>
> + Do a hash operation on a data buffer, extend a specific TPM PCR with the
> hash result,
>
> + and build a GUIDed HOB recording the event which will be passed to the DXE
> phase and
>
> + added into the Event Log.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] Flags Bitmap providing additional information.
>
> + @param[in] HashData Physical address of the start of the data buffer
>
> + to be hashed, extended, and logged.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
>
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
>
> +
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +HashLogExtendEvent (
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +EDKII_TCG_PPI mEdkiiTcgPpi = {
>
> + HashLogExtendEvent
>
> +};
>
> +
>
> +EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = {
>
> + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
>
> + &gEdkiiTcgPpiGuid,
>
> + &mEdkiiTcgPpi
>
> +};
>
> +
>
> //
>
> // Number of firmware blobs to grow by each time we run out of room
>
> //
>
> @@ -243,7 +283,8 @@ TpmCommHashAll (
> and build a GUIDed HOB recording the event which will be passed to the DXE
> phase and
>
> added into the Event Log.
>
>
>
> - @param[in] PeiServices Describes the list of possible PEI Services.
>
> + @param[in] This Indicates the calling context.
>
> + @param[in] Flags Bitmap providing additional information.
>
> @param[in] HashData Physical address of the start of the data buffer
>
> to be hashed, extended, and logged.
>
> @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> @@ -256,8 +297,10 @@ TpmCommHashAll (
>
>
> **/
>
> EFI_STATUS
>
> +EFIAPI
>
> HashLogExtendEvent (
>
> - IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags,
>
> IN UINT8 *HashData,
>
> IN UINTN HashDataLen,
>
> IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> @@ -346,7 +389,8 @@ MeasureCRTMVersion (
> TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr
> (PcdFirmwareVersionString));
>
>
>
> return HashLogExtendEvent (
>
> - PeiServices,
>
> + &mEdkiiTcgPpi,
>
> + 0,
>
> (UINT8*)PcdGetPtr (PcdFirmwareVersionString),
>
> TcgEventHdr.EventSize,
>
> &TcgEventHdr,
>
> @@ -415,7 +459,8 @@ MeasureFvImage (
> TcgEventHdr.EventSize = sizeof (FvBlob);
>
>
>
> Status = HashLogExtendEvent (
>
> - (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),
>
> + &mEdkiiTcgPpi,
>
> + 0,
>
> (UINT8*) (UINTN) FvBlob.BlobBase,
>
> (UINTN) FvBlob.BlobLength,
>
> &TcgEventHdr,
>
> @@ -744,6 +789,12 @@ PeimEntryMP (
> Status = PeiServicesNotifyPpi (&mNotifyList[0]);
>
> ASSERT_EFI_ERROR (Status);
>
>
>
> + //
>
> + // install Tcg Services
>
> + //
>
> + Status = PeiServicesInstallPpi (&mTcgPpiList);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> return Status;
>
> }
>
>
>
> diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> index c0bff6e85e..4ab4edd657 100644
> --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> @@ -4,7 +4,7 @@
> # This module will initialize TPM device, measure reported FVs and BIOS version.
>
> # This module may also lock TPM physical presence and
> physicalPresenceLifetimeLock.
>
> #
>
> -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #
>
> ##
>
> @@ -67,6 +67,7 @@
> gPeiTpmInitializedPpiGuid ## SOMETIMES_PRODUCES
>
> gPeiTpmInitializationDonePpiGuid ## PRODUCES
>
> gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES
> ## NOTIFY
>
> + gEdkiiTcgPpiGuid ## PRODUCES
>
>
>
> [Pcd]
>
> gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock ##
> SOMETIMES_CONSUMES
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
2020-07-17 8:49 ` [PATCH v4 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
@ 2020-07-21 8:37 ` Wang, Jian J
0 siblings, 0 replies; 18+ messages in thread
From: Wang, Jian J @ 2020-07-21 8:37 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Yao, Jiewen
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 17, 2020 4:50 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v4 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> SecurityPkg/Include/Ppi/Tcg.h | 60 +++++++++++++++++++++++++++++++++++
> 1 file changed, 60 insertions(+)
> create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..0e943f2465
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,60 @@
> +/** @file
>
> + TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +//
>
> +// This bit is shall be set when HashData is the pre-hash digest.
>
> +//
>
> +#define EDKII_TCG_PRE_HASH 0x0000000000000001
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] Flags Bitmap providing additional information
>
> + @param[in] HashData If BIT0 of Flags is 0, it is physical address of the
>
> + start of the data buffer to be hashed, extended, and logged.
>
> + If BIT0 of Flags is 1, it is physical address of the
>
> + start of the pre-hash data buffter to be extended, and logged.
>
> + The pre-hash data format is TPML_DIGEST_VALUES.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 2/6] SecurityPkg/dec: Add TcgPpi.
2020-07-17 8:49 ` [PATCH v4 2/6] SecurityPkg/dec: Add TcgPpi Qi Zhang
@ 2020-07-21 8:37 ` Wang, Jian J
0 siblings, 0 replies; 18+ messages in thread
From: Wang, Jian J @ 2020-07-21 8:37 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Yao, Jiewen
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 17, 2020 4:50 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v4 2/6] SecurityPkg/dec: Add TcgPpi.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> SecurityPkg/SecurityPkg.dec | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
> index 79d46308ad..42fc48cc1f 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -203,6 +203,9 @@
> ## Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
>
> gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid = {0x7f5e4e31, 0x81b1,
> 0x47e5, { 0x9e, 0x21, 0x1e, 0x4b, 0x5b, 0xc2, 0xf6, 0x1d } }
>
>
>
> + ## Include/Ppi/Tcg.h
>
> + gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca,
> 0xc7, 0x17, 0x6c, 0xf1 } }
>
> +
>
> #
>
> # [Error.gEfiSecurityPkgTokenSpaceGuid]
>
> # 0x80000001 | Invalid value provided.
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 4/6] SecurityPkg/Tcg2: Add TcgPpi
2020-07-17 8:49 ` [PATCH v4 4/6] SecurityPkg/Tcg2: " Qi Zhang
@ 2020-07-21 8:52 ` Wang, Jian J
0 siblings, 0 replies; 18+ messages in thread
From: Wang, Jian J @ 2020-07-21 8:52 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Yao, Jiewen, Kumar, Rahul1
Qi,
A few comments below.
Regards,
Jian
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 17, 2020 4:50 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: [PATCH v4 4/6] SecurityPkg/Tcg2: Add TcgPpi
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 110 +++++++++++++++++++++-------
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 3 +-
> 2 files changed, 86 insertions(+), 27 deletions(-)
>
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> index 19b8e4b318..592f760057 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> @@ -1,7 +1,7 @@
> /** @file
>
> Initialize TPM2 device and measure FVs before handing off control to DXE.
>
>
>
> -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
>
> Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> #include <Ppi/EndOfPeiPhase.h>
>
> #include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
>
> #include <Ppi/FirmwareVolumeInfoPrehashedFV.h>
>
> +#include <Ppi/Tcg.h>
>
>
>
> #include <Guid/TcgEventHob.h>
>
> #include <Guid/MeasuredFvHob.h>
>
> @@ -66,6 +67,48 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList
> = {
> NULL
>
> };
>
>
>
> +/**
>
> + Do a hash operation on a data buffer, extend a specific TPM PCR with the
> hash result,
>
> + and build a GUIDed HOB recording the event which will be passed to the DXE
> phase and
>
> + added into the Event Log.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] Flags Bitmap providing additional information.
>
> + @param[in] HashData If BIT0 of Flags is 0, it is physical address of the
>
> + start of the data buffer to be hashed, extended, and logged.
>
> + If BIT0 of Flags is 1, it is physical address of the
>
> + start of the pre-hash data buffter to be extended, and logged.
>
> + The pre-hash data format is TPML_DIGEST_VALUES.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
>
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
>
> +
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +HashLogExtendEvent (
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +EDKII_TCG_PPI mEdkiiTcgPpi = {
>
> + HashLogExtendEvent
>
> +};
>
> +
>
> +EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = {
>
> + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
>
> + &gEdkiiTcgPpiGuid,
>
> + &mEdkiiTcgPpi
>
> +};
>
> +
>
> //
>
> // Number of firmware blobs to grow by each time we run out of room
>
> //
>
> @@ -375,9 +418,13 @@ LogHashEvent (
> and build a GUIDed HOB recording the event which will be passed to the DXE
> phase and
>
> added into the Event Log.
>
>
>
> + @param[in] This Indicates the calling context
>
> @param[in] Flags Bitmap providing additional information.
>
> - @param[in] HashData Physical address of the start of the data buffer
>
> - to be hashed, extended, and logged.
>
> + @param[in] HashData If BIT0 of Flags is 0, it is physical address of the
>
> + start of the data buffer to be hashed, extended, and logged.
>
> + If BIT0 of Flags is 1, it is physical address of the
>
> + start of the pre-hash data buffter to be extended, and logged.
>
> + The pre-hash data format is TPML_DIGEST_VALUES.
>
> @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> @param[in] NewEventData Pointer to the new event data.
>
> @@ -388,7 +435,9 @@ LogHashEvent (
>
>
> **/
>
> EFI_STATUS
>
> +EFIAPI
>
> HashLogExtendEvent (
>
> + IN EDKII_TCG_PPI *This,
>
> IN UINT64 Flags,
>
> IN UINT8 *HashData,
>
> IN UINTN HashDataLen,
>
> @@ -403,16 +452,23 @@ HashLogExtendEvent (
> return EFI_DEVICE_ERROR;
>
> }
>
>
>
> - Status = HashAndExtend (
>
> - NewEventHdr->PCRIndex,
>
> - HashData,
>
> - HashDataLen,
>
> + if(Flags & EDKII_TCG_PRE_HASH) {
>
> + ZeroMem (&DigestList, sizeof(DigestList));
>
> + CopyMem(&DigestList, HashData, sizeof(DigestList));
Missing a space before '('.
>
> + Status = Tpm2PcrExtend(
Missing a space before '('.
>
> + 0,
>
> &DigestList
>
> );
>
> + } else {
>
> + Status = HashAndExtend (
>
> + NewEventHdr->PCRIndex,
>
> + HashData,
>
> + HashDataLen,
>
> + &DigestList
>
> + );
>
> + }
>
> if (!EFI_ERROR (Status)) {
>
> - if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) {
>
> - Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
>
> - }
>
> + Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
>
> }
>
>
>
> if (Status == EFI_DEVICE_ERROR) {
>
> @@ -452,6 +508,7 @@ MeasureCRTMVersion (
> TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr
> (PcdFirmwareVersionString));
>
>
>
> return HashLogExtendEvent (
>
> + &mEdkiiTcgPpi,
>
> 0,
>
> (UINT8*)PcdGetPtr (PcdFirmwareVersionString),
>
> TcgEventHdr.EventSize,
>
> @@ -651,27 +708,22 @@ MeasureFvImage (
> // FV pre-hash algos comply with current TPM hash requirement
>
> // Skip hashing step in measure, only extend DigestList to PCR and log event
>
> //
>
> - Status = Tpm2PcrExtend(
>
> - 0,
>
> - &DigestList
>
> + Status = HashLogExtendEvent (
>
> + &mEdkiiTcgPpi,
>
> + EDKII_TCG_PRE_HASH,
>
> + (UINT8*) &DigestList, // HashData
>
> + (UINTN) sizeof(DigestList), // HashDataLen
>
> + &TcgEventHdr, // EventHdr
>
> + EventData // EventData
>
> );
>
> -
>
> - if (!EFI_ERROR(Status)) {
>
> - Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData);
>
> - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by
> Tcg2Pei starts at: 0x%x\n", FvBase));
>
> - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by
> Tcg2Pei has the size: 0x%x\n", FvLength));
>
> - } else if (Status == EFI_DEVICE_ERROR) {
>
> - BuildGuidHob (&gTpmErrorHobGuid,0);
>
> - REPORT_STATUS_CODE (
>
> - EFI_ERROR_CODE | EFI_ERROR_MINOR,
>
> - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) |
> EFI_P_EC_INTERFACE_ERROR)
>
> - );
>
> - }
Please explain the purpose of the removal of this part of code in commit message.
It looks that it's not a relevant change to this patch series.
>
> + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by
> Tcg2Pei starts at: 0x%x\n", FvBase));
>
> + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by
> Tcg2Pei has the size: 0x%x\n", FvLength));
>
> } else {
>
> //
>
> // Hash the FV, extend digest to the TPM and log TCG event
>
> //
>
> Status = HashLogExtendEvent (
>
> + &mEdkiiTcgPpi,
>
> 0,
>
> (UINT8*) (UINTN) FvBase, // HashData
>
> (UINTN) FvLength, // HashDataLen
>
> @@ -849,6 +901,12 @@ PeimEntryMP (
> {
>
> EFI_STATUS Status;
>
>
>
> + //
>
> + // install Tcg Services
>
> + //
>
> + Status = PeiServicesInstallPpi (&mTcgPpiList);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {
>
> Status = MeasureCRTMVersion ();
>
> }
>
> @@ -893,7 +951,7 @@ MeasureSeparatorEventWithError (
> TcgEvent.PCRIndex = PCRIndex;
>
> TcgEvent.EventType = EV_SEPARATOR;
>
> TcgEvent.EventSize = (UINT32)sizeof (EventData);
>
> - return HashLogExtendEvent(0,(UINT8 *)&EventData, TcgEvent.EventSize,
> &TcgEvent,(UINT8 *)&EventData);
>
> + return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData,
> TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
>
> }
>
>
>
> /**
>
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> index 3d361e8859..f64b29f1ae 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> @@ -8,7 +8,7 @@
> #
>
> # This module will initialize TPM device, measure reported FVs and BIOS version.
>
> #
>
> -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
>
> # Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #
>
> @@ -72,6 +72,7 @@
> gPeiTpmInitializationDonePpiGuid ## PRODUCES
>
> gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES
> ## NOTIFY
>
> gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ##
> SOMETIMES_CONSUMES
>
> + gEdkiiTcgPpiGuid ## PRODUCES
>
>
>
> [Pcd]
>
> gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ##
> SOMETIMES_CONSUMES
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
2020-07-17 8:49 ` [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance Qi Zhang
@ 2020-07-21 9:00 ` Wang, Jian J
[not found] ` <1623B8ED1BE72736.9882@groups.io>
1 sibling, 0 replies; 18+ messages in thread
From: Wang, Jian J @ 2020-07-21 9:00 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Yao, Jiewen
Qi,
Two format issues inlined below.
In addition, according to bz2841, following requirement is embodied in
this patch. Maybe there's discussion before deciding not to implement
it. If so, please update bz2841 to state it explicitly.
3) Add more API in TpmMeasurementLib, such as MeasureFirmwareBlob,
MeasureHandoffTable for TPM PFP rev 105 support - add description for
the FirmwareBlob and HandoffTable.
Regards,
Jian
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 17, 2020 4:50 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../PeiTpmMeasurementLib.c | 74 +++++++++++++++++++
> .../PeiTpmMeasurementLib.inf | 50 +++++++++++++
> .../PeiTpmMeasurementLib.uni | 17 +++++
> 3 files changed, 141 insertions(+)
> create mode 100644
> SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> create mode 100644
> SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> create mode 100644
> SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
>
> diff --git
> a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> new file mode 100644
> index 0000000000..1a590e0c9e
> --- /dev/null
> +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> @@ -0,0 +1,74 @@
> +/** @file
>
> + This library is used by other modules to measure data to TPM.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#include <PiPei.h>
>
> +
>
> +#include <Library/BaseMemoryLib.h>
>
> +#include <Library/PeiServicesLib.h>
>
> +#include <Library/PeiServicesTablePointerLib.h>
>
> +#include <Library/DebugLib.h>
>
> +#include <Library/HobLib.h>
>
> +#include <Library/TpmMeasurementLib.h>
>
> +
>
> +#include <Ppi/Tcg.h>
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] EventType Event type.
>
> + @param[in] EventLog Measurement event log.
>
> + @param[in] LogLen Event log length in bytes.
>
> + @param[in] HashData The start of the data buffer to be hashed,
> extended.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
The description of above retval is not aligned with below line.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TpmMeasureAndLogData (
>
> + IN UINT32 PcrIndex,
>
> + IN UINT32 EventType,
>
> + IN VOID *EventLog,
>
> + IN UINT32 LogLen,
>
> + IN VOID *HashData,
>
> + IN UINT64 HashDataLen
>
> + )
>
> +{
>
> + EFI_STATUS Status;
>
> + EDKII_TCG_PPI *TcgPpi;
>
> + TCG_PCR_EVENT_HDR TcgEventHdr;
>
> +
>
> + Status = PeiServicesLocatePpi(
Missing a space before '('
>
> + &gEdkiiTcgPpiGuid,
>
> + 0,
>
> + NULL,
>
> + (VOID**)&TcgPpi
>
> + );
>
> + if (EFI_ERROR(Status)) {
>
> + return Status;
>
> + }
>
> +
>
> + TcgEventHdr.PCRIndex = PcrIndex;
>
> + TcgEventHdr.EventType = EventType;
>
> + TcgEventHdr.EventSize = LogLen;
>
> +
>
> + Status = TcgPpi->HashLogExtendEvent (
>
> + TcgPpi,
>
> + 0,
>
> + HashData,
>
> + (UINTN)HashDataLen,
>
> + &TcgEventHdr,
>
> + EventLog
>
> + );
>
> + return Status;
>
> +}
>
> diff --git
> a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> new file mode 100644
> index 0000000000..6625d0fd01
> --- /dev/null
> +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> @@ -0,0 +1,50 @@
> +## @file
>
> +# Provides TPM measurement functions for TPM1.2 and TPM 2.0
>
> +#
>
> +# This library provides TpmMeasureAndLogData() to measure and log data,
> and
>
> +# extend the measurement result into a specific PCR.
>
> +#
>
> +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +#
>
> +##
>
> +
>
> +[Defines]
>
> + INF_VERSION = 0x00010005
>
> + BASE_NAME = PeiTpmMeasurementLib
>
> + FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
>
> + MODULE_TYPE = PEIM
>
> + VERSION_STRING = 1.0
>
> + LIBRARY_CLASS = TpmMeasurementLib|PEIM
>
> + MODULE_UNI_FILE = PeiTpmMeasurementLib.uni
>
> +
>
> +#
>
> +# The following information is for reference only and not required by the build
> tools.
>
> +#
>
> +# VALID_ARCHITECTURES = IA32 X64
>
> +#
>
> +
>
> +[Sources]
>
> + PeiTpmMeasurementLib.c
>
> +
>
> +[Packages]
>
> + MdePkg/MdePkg.dec
>
> + MdeModulePkg/MdeModulePkg.dec
>
> + SecurityPkg/SecurityPkg.dec
>
> +
>
> +[LibraryClasses]
>
> + BaseLib
>
> + BaseMemoryLib
>
> + HobLib
>
> + DebugLib
>
> + PcdLib
>
> + PrintLib
>
> + PeiServicesLib
>
> + PeiServicesTablePointerLib
>
> +
>
> +[Ppis]
>
> + gEdkiiTcgPpiGuid ## CONSUMES
>
> +
>
> +[Depex]
>
> + gEfiPeiMasterBootModePpiGuid AND
>
> + gEfiTpmDeviceSelectedGuid
>
> diff --git
> a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> new file mode 100644
> index 0000000000..7b4341b449
> --- /dev/null
> +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> @@ -0,0 +1,17 @@
> +// /** @file
>
> +// Provides TPM measurement functions for TPM1.2 and TPM 2.0
>
> +//
>
> +// This library provides TpmMeasureAndLogData() to to measure and log data,
> and
>
> +// extend the measurement result into a specific PCR.
>
> +//
>
> +// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +//
>
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +//
>
> +// **/
>
> +
>
> +
>
> +#string STR_MODULE_ABSTRACT #language en-US "Provides TPM
> measurement functions for TPM1.2 and TPM 2.0"
>
> +
>
> +#string STR_MODULE_DESCRIPTION #language en-US "This library
> provides TpmMeasureAndLogData() to to measure and log data, and extend the
> measurement result into a specific PCR."
>
> +
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH v4 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib.
2020-07-17 8:49 ` [PATCH v4 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib Qi Zhang
@ 2020-07-21 9:00 ` Wang, Jian J
0 siblings, 0 replies; 18+ messages in thread
From: Wang, Jian J @ 2020-07-21 9:00 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io; +Cc: Yao, Jiewen
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Friday, July 17, 2020 4:50 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v4 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> SecurityPkg/SecurityPkg.dsc | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 53fce05353..28effe3eda 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -1,7 +1,7 @@
> ## @file
>
> # Security Module Package for All Architectures.
>
> #
>
> -# Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
>
> # (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR>
>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #
>
> @@ -96,6 +96,7 @@
>
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDT
> pm.inf
>
>
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.
> inf
>
>
> Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTc
> g2PhysicalPresenceLib.inf
>
> +
> TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMea
> surementLib.inf
>
> RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
>
>
>
> [LibraryClasses.common.DXE_DRIVER]
>
> @@ -234,6 +235,7 @@
>
> SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf
>
>
> SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLi
> bRsa2048Sha256.inf
>
>
>
> + SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
>
> SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf
>
> SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
>
> SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
[not found] ` <1623B8ED1BE72736.9882@groups.io>
@ 2020-07-21 9:16 ` Wang, Jian J
2020-07-21 15:05 ` Yao, Jiewen
0 siblings, 1 reply; 18+ messages in thread
From: Wang, Jian J @ 2020-07-21 9:16 UTC (permalink / raw)
To: devel@edk2.groups.io, Wang, Jian J, Zhang, Qi1; +Cc: Yao, Jiewen
Sorry, missing word in previous email. It should be
"following requirement is not embodied in"
Regards,
Jian
> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wang, Jian
> J
> Sent: Tuesday, July 21, 2020 5:00 PM
> To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>
> Subject: Re: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib:
> Add PEI instance.
>
> Qi,
>
> Two format issues inlined below.
>
> In addition, according to bz2841, following requirement is embodied in
> this patch. Maybe there's discussion before deciding not to implement
> it. If so, please update bz2841 to state it explicitly.
>
> 3) Add more API in TpmMeasurementLib, such as MeasureFirmwareBlob,
> MeasureHandoffTable for TPM PFP rev 105 support - add description for
> the FirmwareBlob and HandoffTable.
>
> Regards,
> Jian
>
> > -----Original Message-----
> > From: Zhang, Qi1 <qi1.zhang@intel.com>
> > Sent: Friday, July 17, 2020 4:50 PM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> <jian.j.wang@intel.com>;
> > Zhang, Qi1 <qi1.zhang@intel.com>
> > Subject: [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
> >
> > From: Jiewen Yao <jiewen.yao@intel.com>
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
> >
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Qi Zhang <qi1.zhang@intel.com>
> > Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> > ---
> > .../PeiTpmMeasurementLib.c | 74 +++++++++++++++++++
> > .../PeiTpmMeasurementLib.inf | 50 +++++++++++++
> > .../PeiTpmMeasurementLib.uni | 17 +++++
> > 3 files changed, 141 insertions(+)
> > create mode 100644
> > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > create mode 100644
> > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > create mode 100644
> > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> >
> > diff --git
> > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > new file mode 100644
> > index 0000000000..1a590e0c9e
> > --- /dev/null
> > +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > @@ -0,0 +1,74 @@
> > +/** @file
> >
> > + This library is used by other modules to measure data to TPM.
> >
> > +
> >
> > +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
> >
> > +SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +
> >
> > +**/
> >
> > +
> >
> > +#include <PiPei.h>
> >
> > +
> >
> > +#include <Library/BaseMemoryLib.h>
> >
> > +#include <Library/PeiServicesLib.h>
> >
> > +#include <Library/PeiServicesTablePointerLib.h>
> >
> > +#include <Library/DebugLib.h>
> >
> > +#include <Library/HobLib.h>
> >
> > +#include <Library/TpmMeasurementLib.h>
> >
> > +
> >
> > +#include <Ppi/Tcg.h>
> >
> > +#include <IndustryStandard/UefiTcgPlatform.h>
> >
> > +
> >
> > +/**
> >
> > + Tpm measure and log data, and extend the measurement result into a
> specific
> > PCR.
> >
> > +
> >
> > + @param[in] PcrIndex PCR Index.
> >
> > + @param[in] EventType Event type.
> >
> > + @param[in] EventLog Measurement event log.
> >
> > + @param[in] LogLen Event log length in bytes.
> >
> > + @param[in] HashData The start of the data buffer to be hashed,
> > extended.
> >
> > + @param[in] HashDataLen The length, in bytes, of the buffer referenced
> by
> > HashData
> >
> > +
> >
> > + @retval EFI_SUCCESS Operation completed successfully.
>
> The description of above retval is not aligned with below line.
>
> >
> > + @retval EFI_UNSUPPORTED TPM device not available.
> >
> > + @retval EFI_OUT_OF_RESOURCES Out of memory.
> >
> > + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
> >
> > +**/
> >
> > +EFI_STATUS
> >
> > +EFIAPI
> >
> > +TpmMeasureAndLogData (
> >
> > + IN UINT32 PcrIndex,
> >
> > + IN UINT32 EventType,
> >
> > + IN VOID *EventLog,
> >
> > + IN UINT32 LogLen,
> >
> > + IN VOID *HashData,
> >
> > + IN UINT64 HashDataLen
> >
> > + )
> >
> > +{
> >
> > + EFI_STATUS Status;
> >
> > + EDKII_TCG_PPI *TcgPpi;
> >
> > + TCG_PCR_EVENT_HDR TcgEventHdr;
> >
> > +
> >
> > + Status = PeiServicesLocatePpi(
>
> Missing a space before '('
>
> >
> > + &gEdkiiTcgPpiGuid,
> >
> > + 0,
> >
> > + NULL,
> >
> > + (VOID**)&TcgPpi
> >
> > + );
> >
> > + if (EFI_ERROR(Status)) {
> >
> > + return Status;
> >
> > + }
> >
> > +
> >
> > + TcgEventHdr.PCRIndex = PcrIndex;
> >
> > + TcgEventHdr.EventType = EventType;
> >
> > + TcgEventHdr.EventSize = LogLen;
> >
> > +
> >
> > + Status = TcgPpi->HashLogExtendEvent (
> >
> > + TcgPpi,
> >
> > + 0,
> >
> > + HashData,
> >
> > + (UINTN)HashDataLen,
> >
> > + &TcgEventHdr,
> >
> > + EventLog
> >
> > + );
> >
> > + return Status;
> >
> > +}
> >
> > diff --git
> > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > new file mode 100644
> > index 0000000000..6625d0fd01
> > --- /dev/null
> > +++
> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > @@ -0,0 +1,50 @@
> > +## @file
> >
> > +# Provides TPM measurement functions for TPM1.2 and TPM 2.0
> >
> > +#
> >
> > +# This library provides TpmMeasureAndLogData() to measure and log data,
> > and
> >
> > +# extend the measurement result into a specific PCR.
> >
> > +#
> >
> > +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> >
> > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +#
> >
> > +##
> >
> > +
> >
> > +[Defines]
> >
> > + INF_VERSION = 0x00010005
> >
> > + BASE_NAME = PeiTpmMeasurementLib
> >
> > + FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
> >
> > + MODULE_TYPE = PEIM
> >
> > + VERSION_STRING = 1.0
> >
> > + LIBRARY_CLASS = TpmMeasurementLib|PEIM
> >
> > + MODULE_UNI_FILE = PeiTpmMeasurementLib.uni
> >
> > +
> >
> > +#
> >
> > +# The following information is for reference only and not required by the
> build
> > tools.
> >
> > +#
> >
> > +# VALID_ARCHITECTURES = IA32 X64
> >
> > +#
> >
> > +
> >
> > +[Sources]
> >
> > + PeiTpmMeasurementLib.c
> >
> > +
> >
> > +[Packages]
> >
> > + MdePkg/MdePkg.dec
> >
> > + MdeModulePkg/MdeModulePkg.dec
> >
> > + SecurityPkg/SecurityPkg.dec
> >
> > +
> >
> > +[LibraryClasses]
> >
> > + BaseLib
> >
> > + BaseMemoryLib
> >
> > + HobLib
> >
> > + DebugLib
> >
> > + PcdLib
> >
> > + PrintLib
> >
> > + PeiServicesLib
> >
> > + PeiServicesTablePointerLib
> >
> > +
> >
> > +[Ppis]
> >
> > + gEdkiiTcgPpiGuid ## CONSUMES
> >
> > +
> >
> > +[Depex]
> >
> > + gEfiPeiMasterBootModePpiGuid AND
> >
> > + gEfiTpmDeviceSelectedGuid
> >
> > diff --git
> > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > new file mode 100644
> > index 0000000000..7b4341b449
> > --- /dev/null
> > +++
> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > @@ -0,0 +1,17 @@
> > +// /** @file
> >
> > +// Provides TPM measurement functions for TPM1.2 and TPM 2.0
> >
> > +//
> >
> > +// This library provides TpmMeasureAndLogData() to to measure and log data,
> > and
> >
> > +// extend the measurement result into a specific PCR.
> >
> > +//
> >
> > +// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> >
> > +//
> >
> > +// SPDX-License-Identifier: BSD-2-Clause-Patent
> >
> > +//
> >
> > +// **/
> >
> > +
> >
> > +
> >
> > +#string STR_MODULE_ABSTRACT #language en-US "Provides TPM
> > measurement functions for TPM1.2 and TPM 2.0"
> >
> > +
> >
> > +#string STR_MODULE_DESCRIPTION #language en-US "This library
> > provides TpmMeasureAndLogData() to to measure and log data, and extend
> the
> > measurement result into a specific PCR."
> >
> > +
> >
> > --
> > 2.26.2.windows.1
>
>
>
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
2020-07-21 9:16 ` [edk2-devel] " Wang, Jian J
@ 2020-07-21 15:05 ` Yao, Jiewen
2020-07-22 1:08 ` Wang, Jian J
0 siblings, 1 reply; 18+ messages in thread
From: Yao, Jiewen @ 2020-07-21 15:05 UTC (permalink / raw)
To: Wang, Jian J, devel@edk2.groups.io, Zhang, Qi1; +Cc: Yao, Jiewen
Right. That can be implemented as separated patch.
> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: Tuesday, July 21, 2020 5:16 PM
> To: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1
> <qi1.zhang@intel.com>
> Cc: Yao, Jiewen <jiewen.yao@intel.com>
> Subject: RE: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib:
> Add PEI instance.
>
> Sorry, missing word in previous email. It should be
>
> "following requirement is not embodied in"
>
> Regards,
> Jian
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wang,
> Jian
> > J
> > Sent: Tuesday, July 21, 2020 5:00 PM
> > To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>
> > Subject: Re: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib:
> > Add PEI instance.
> >
> > Qi,
> >
> > Two format issues inlined below.
> >
> > In addition, according to bz2841, following requirement is embodied in
> > this patch. Maybe there's discussion before deciding not to implement
> > it. If so, please update bz2841 to state it explicitly.
> >
> > 3) Add more API in TpmMeasurementLib, such as MeasureFirmwareBlob,
> > MeasureHandoffTable for TPM PFP rev 105 support - add description for
> > the FirmwareBlob and HandoffTable.
> >
> > Regards,
> > Jian
> >
> > > -----Original Message-----
> > > From: Zhang, Qi1 <qi1.zhang@intel.com>
> > > Sent: Friday, July 17, 2020 4:50 PM
> > > To: devel@edk2.groups.io
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > <jian.j.wang@intel.com>;
> > > Zhang, Qi1 <qi1.zhang@intel.com>
> > > Subject: [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI
> instance.
> > >
> > > From: Jiewen Yao <jiewen.yao@intel.com>
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
> > >
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Qi Zhang <qi1.zhang@intel.com>
> > > Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> > > ---
> > > .../PeiTpmMeasurementLib.c | 74 +++++++++++++++++++
> > > .../PeiTpmMeasurementLib.inf | 50 +++++++++++++
> > > .../PeiTpmMeasurementLib.uni | 17 +++++
> > > 3 files changed, 141 insertions(+)
> > > create mode 100644
> > > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > > create mode 100644
> > > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > > create mode 100644
> > > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > >
> > > diff --git
> > > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > > new file mode 100644
> > > index 0000000000..1a590e0c9e
> > > --- /dev/null
> > > +++
> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > > @@ -0,0 +1,74 @@
> > > +/** @file
> > >
> > > + This library is used by other modules to measure data to TPM.
> > >
> > > +
> > >
> > > +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
> > >
> > > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > >
> > > +
> > >
> > > +**/
> > >
> > > +
> > >
> > > +#include <PiPei.h>
> > >
> > > +
> > >
> > > +#include <Library/BaseMemoryLib.h>
> > >
> > > +#include <Library/PeiServicesLib.h>
> > >
> > > +#include <Library/PeiServicesTablePointerLib.h>
> > >
> > > +#include <Library/DebugLib.h>
> > >
> > > +#include <Library/HobLib.h>
> > >
> > > +#include <Library/TpmMeasurementLib.h>
> > >
> > > +
> > >
> > > +#include <Ppi/Tcg.h>
> > >
> > > +#include <IndustryStandard/UefiTcgPlatform.h>
> > >
> > > +
> > >
> > > +/**
> > >
> > > + Tpm measure and log data, and extend the measurement result into a
> > specific
> > > PCR.
> > >
> > > +
> > >
> > > + @param[in] PcrIndex PCR Index.
> > >
> > > + @param[in] EventType Event type.
> > >
> > > + @param[in] EventLog Measurement event log.
> > >
> > > + @param[in] LogLen Event log length in bytes.
> > >
> > > + @param[in] HashData The start of the data buffer to be hashed,
> > > extended.
> > >
> > > + @param[in] HashDataLen The length, in bytes, of the buffer referenced
> > by
> > > HashData
> > >
> > > +
> > >
> > > + @retval EFI_SUCCESS Operation completed successfully.
> >
> > The description of above retval is not aligned with below line.
> >
> > >
> > > + @retval EFI_UNSUPPORTED TPM device not available.
> > >
> > > + @retval EFI_OUT_OF_RESOURCES Out of memory.
> > >
> > > + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
> > >
> > > +**/
> > >
> > > +EFI_STATUS
> > >
> > > +EFIAPI
> > >
> > > +TpmMeasureAndLogData (
> > >
> > > + IN UINT32 PcrIndex,
> > >
> > > + IN UINT32 EventType,
> > >
> > > + IN VOID *EventLog,
> > >
> > > + IN UINT32 LogLen,
> > >
> > > + IN VOID *HashData,
> > >
> > > + IN UINT64 HashDataLen
> > >
> > > + )
> > >
> > > +{
> > >
> > > + EFI_STATUS Status;
> > >
> > > + EDKII_TCG_PPI *TcgPpi;
> > >
> > > + TCG_PCR_EVENT_HDR TcgEventHdr;
> > >
> > > +
> > >
> > > + Status = PeiServicesLocatePpi(
> >
> > Missing a space before '('
> >
> > >
> > > + &gEdkiiTcgPpiGuid,
> > >
> > > + 0,
> > >
> > > + NULL,
> > >
> > > + (VOID**)&TcgPpi
> > >
> > > + );
> > >
> > > + if (EFI_ERROR(Status)) {
> > >
> > > + return Status;
> > >
> > > + }
> > >
> > > +
> > >
> > > + TcgEventHdr.PCRIndex = PcrIndex;
> > >
> > > + TcgEventHdr.EventType = EventType;
> > >
> > > + TcgEventHdr.EventSize = LogLen;
> > >
> > > +
> > >
> > > + Status = TcgPpi->HashLogExtendEvent (
> > >
> > > + TcgPpi,
> > >
> > > + 0,
> > >
> > > + HashData,
> > >
> > > + (UINTN)HashDataLen,
> > >
> > > + &TcgEventHdr,
> > >
> > > + EventLog
> > >
> > > + );
> > >
> > > + return Status;
> > >
> > > +}
> > >
> > > diff --git
> > > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > > new file mode 100644
> > > index 0000000000..6625d0fd01
> > > --- /dev/null
> > > +++
> > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > > @@ -0,0 +1,50 @@
> > > +## @file
> > >
> > > +# Provides TPM measurement functions for TPM1.2 and TPM 2.0
> > >
> > > +#
> > >
> > > +# This library provides TpmMeasureAndLogData() to measure and log data,
> > > and
> > >
> > > +# extend the measurement result into a specific PCR.
> > >
> > > +#
> > >
> > > +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> > >
> > > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> > >
> > > +#
> > >
> > > +##
> > >
> > > +
> > >
> > > +[Defines]
> > >
> > > + INF_VERSION = 0x00010005
> > >
> > > + BASE_NAME = PeiTpmMeasurementLib
> > >
> > > + FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
> > >
> > > + MODULE_TYPE = PEIM
> > >
> > > + VERSION_STRING = 1.0
> > >
> > > + LIBRARY_CLASS = TpmMeasurementLib|PEIM
> > >
> > > + MODULE_UNI_FILE = PeiTpmMeasurementLib.uni
> > >
> > > +
> > >
> > > +#
> > >
> > > +# The following information is for reference only and not required by the
> > build
> > > tools.
> > >
> > > +#
> > >
> > > +# VALID_ARCHITECTURES = IA32 X64
> > >
> > > +#
> > >
> > > +
> > >
> > > +[Sources]
> > >
> > > + PeiTpmMeasurementLib.c
> > >
> > > +
> > >
> > > +[Packages]
> > >
> > > + MdePkg/MdePkg.dec
> > >
> > > + MdeModulePkg/MdeModulePkg.dec
> > >
> > > + SecurityPkg/SecurityPkg.dec
> > >
> > > +
> > >
> > > +[LibraryClasses]
> > >
> > > + BaseLib
> > >
> > > + BaseMemoryLib
> > >
> > > + HobLib
> > >
> > > + DebugLib
> > >
> > > + PcdLib
> > >
> > > + PrintLib
> > >
> > > + PeiServicesLib
> > >
> > > + PeiServicesTablePointerLib
> > >
> > > +
> > >
> > > +[Ppis]
> > >
> > > + gEdkiiTcgPpiGuid ## CONSUMES
> > >
> > > +
> > >
> > > +[Depex]
> > >
> > > + gEfiPeiMasterBootModePpiGuid AND
> > >
> > > + gEfiTpmDeviceSelectedGuid
> > >
> > > diff --git
> > > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > > new file mode 100644
> > > index 0000000000..7b4341b449
> > > --- /dev/null
> > > +++
> > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > > @@ -0,0 +1,17 @@
> > > +// /** @file
> > >
> > > +// Provides TPM measurement functions for TPM1.2 and TPM 2.0
> > >
> > > +//
> > >
> > > +// This library provides TpmMeasureAndLogData() to to measure and log
> data,
> > > and
> > >
> > > +// extend the measurement result into a specific PCR.
> > >
> > > +//
> > >
> > > +// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> > >
> > > +//
> > >
> > > +// SPDX-License-Identifier: BSD-2-Clause-Patent
> > >
> > > +//
> > >
> > > +// **/
> > >
> > > +
> > >
> > > +
> > >
> > > +#string STR_MODULE_ABSTRACT #language en-US "Provides TPM
> > > measurement functions for TPM1.2 and TPM 2.0"
> > >
> > > +
> > >
> > > +#string STR_MODULE_DESCRIPTION #language en-US "This library
> > > provides TpmMeasureAndLogData() to to measure and log data, and extend
> > the
> > > measurement result into a specific PCR."
> > >
> > > +
> > >
> > > --
> > > 2.26.2.windows.1
> >
> >
> >
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
2020-07-21 15:05 ` Yao, Jiewen
@ 2020-07-22 1:08 ` Wang, Jian J
2020-07-22 2:08 ` Qi Zhang
0 siblings, 1 reply; 18+ messages in thread
From: Wang, Jian J @ 2020-07-22 1:08 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io, Zhang, Qi1
To avoid inconsistency, please add comments in the BZ or in commit message
of this patch.
With all comments addressed,
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
Regards,
Jian
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Tuesday, July 21, 2020 11:05 PM
> To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io; Zhang, Qi1
> <qi1.zhang@intel.com>
> Cc: Yao, Jiewen <jiewen.yao@intel.com>
> Subject: RE: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib:
> Add PEI instance.
>
> Right. That can be implemented as separated patch.
>
> > -----Original Message-----
> > From: Wang, Jian J <jian.j.wang@intel.com>
> > Sent: Tuesday, July 21, 2020 5:16 PM
> > To: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1
> > <qi1.zhang@intel.com>
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>
> > Subject: RE: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib:
> > Add PEI instance.
> >
> > Sorry, missing word in previous email. It should be
> >
> > "following requirement is not embodied in"
> >
> > Regards,
> > Jian
> >
> > > -----Original Message-----
> > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wang,
> > Jian
> > > J
> > > Sent: Tuesday, July 21, 2020 5:00 PM
> > > To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>
> > > Subject: Re: [edk2-devel] [PATCH v4 5/6]
> SecurityPkg/PeiTpmMeasurementLib:
> > > Add PEI instance.
> > >
> > > Qi,
> > >
> > > Two format issues inlined below.
> > >
> > > In addition, according to bz2841, following requirement is embodied in
> > > this patch. Maybe there's discussion before deciding not to implement
> > > it. If so, please update bz2841 to state it explicitly.
> > >
> > > 3) Add more API in TpmMeasurementLib, such as MeasureFirmwareBlob,
> > > MeasureHandoffTable for TPM PFP rev 105 support - add description for
> > > the FirmwareBlob and HandoffTable.
> > >
> > > Regards,
> > > Jian
> > >
> > > > -----Original Message-----
> > > > From: Zhang, Qi1 <qi1.zhang@intel.com>
> > > > Sent: Friday, July 17, 2020 4:50 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > <jian.j.wang@intel.com>;
> > > > Zhang, Qi1 <qi1.zhang@intel.com>
> > > > Subject: [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI
> > instance.
> > > >
> > > > From: Jiewen Yao <jiewen.yao@intel.com>
> > > >
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
> > > >
> > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > Cc: Qi Zhang <qi1.zhang@intel.com>
> > > > Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> > > > ---
> > > > .../PeiTpmMeasurementLib.c | 74 +++++++++++++++++++
> > > > .../PeiTpmMeasurementLib.inf | 50 +++++++++++++
> > > > .../PeiTpmMeasurementLib.uni | 17 +++++
> > > > 3 files changed, 141 insertions(+)
> > > > create mode 100644
> > > > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > > > create mode 100644
> > > > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > > > create mode 100644
> > > > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > > >
> > > > diff --git
> > > > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > > > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > > > new file mode 100644
> > > > index 0000000000..1a590e0c9e
> > > > --- /dev/null
> > > > +++
> > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > > > @@ -0,0 +1,74 @@
> > > > +/** @file
> > > >
> > > > + This library is used by other modules to measure data to TPM.
> > > >
> > > > +
> > > >
> > > > +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
> > > >
> > > > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > > >
> > > > +
> > > >
> > > > +**/
> > > >
> > > > +
> > > >
> > > > +#include <PiPei.h>
> > > >
> > > > +
> > > >
> > > > +#include <Library/BaseMemoryLib.h>
> > > >
> > > > +#include <Library/PeiServicesLib.h>
> > > >
> > > > +#include <Library/PeiServicesTablePointerLib.h>
> > > >
> > > > +#include <Library/DebugLib.h>
> > > >
> > > > +#include <Library/HobLib.h>
> > > >
> > > > +#include <Library/TpmMeasurementLib.h>
> > > >
> > > > +
> > > >
> > > > +#include <Ppi/Tcg.h>
> > > >
> > > > +#include <IndustryStandard/UefiTcgPlatform.h>
> > > >
> > > > +
> > > >
> > > > +/**
> > > >
> > > > + Tpm measure and log data, and extend the measurement result into a
> > > specific
> > > > PCR.
> > > >
> > > > +
> > > >
> > > > + @param[in] PcrIndex PCR Index.
> > > >
> > > > + @param[in] EventType Event type.
> > > >
> > > > + @param[in] EventLog Measurement event log.
> > > >
> > > > + @param[in] LogLen Event log length in bytes.
> > > >
> > > > + @param[in] HashData The start of the data buffer to be hashed,
> > > > extended.
> > > >
> > > > + @param[in] HashDataLen The length, in bytes, of the buffer
> referenced
> > > by
> > > > HashData
> > > >
> > > > +
> > > >
> > > > + @retval EFI_SUCCESS Operation completed successfully.
> > >
> > > The description of above retval is not aligned with below line.
> > >
> > > >
> > > > + @retval EFI_UNSUPPORTED TPM device not available.
> > > >
> > > > + @retval EFI_OUT_OF_RESOURCES Out of memory.
> > > >
> > > > + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
> > > >
> > > > +**/
> > > >
> > > > +EFI_STATUS
> > > >
> > > > +EFIAPI
> > > >
> > > > +TpmMeasureAndLogData (
> > > >
> > > > + IN UINT32 PcrIndex,
> > > >
> > > > + IN UINT32 EventType,
> > > >
> > > > + IN VOID *EventLog,
> > > >
> > > > + IN UINT32 LogLen,
> > > >
> > > > + IN VOID *HashData,
> > > >
> > > > + IN UINT64 HashDataLen
> > > >
> > > > + )
> > > >
> > > > +{
> > > >
> > > > + EFI_STATUS Status;
> > > >
> > > > + EDKII_TCG_PPI *TcgPpi;
> > > >
> > > > + TCG_PCR_EVENT_HDR TcgEventHdr;
> > > >
> > > > +
> > > >
> > > > + Status = PeiServicesLocatePpi(
> > >
> > > Missing a space before '('
> > >
> > > >
> > > > + &gEdkiiTcgPpiGuid,
> > > >
> > > > + 0,
> > > >
> > > > + NULL,
> > > >
> > > > + (VOID**)&TcgPpi
> > > >
> > > > + );
> > > >
> > > > + if (EFI_ERROR(Status)) {
> > > >
> > > > + return Status;
> > > >
> > > > + }
> > > >
> > > > +
> > > >
> > > > + TcgEventHdr.PCRIndex = PcrIndex;
> > > >
> > > > + TcgEventHdr.EventType = EventType;
> > > >
> > > > + TcgEventHdr.EventSize = LogLen;
> > > >
> > > > +
> > > >
> > > > + Status = TcgPpi->HashLogExtendEvent (
> > > >
> > > > + TcgPpi,
> > > >
> > > > + 0,
> > > >
> > > > + HashData,
> > > >
> > > > + (UINTN)HashDataLen,
> > > >
> > > > + &TcgEventHdr,
> > > >
> > > > + EventLog
> > > >
> > > > + );
> > > >
> > > > + return Status;
> > > >
> > > > +}
> > > >
> > > > diff --git
> > > > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > > > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > > > new file mode 100644
> > > > index 0000000000..6625d0fd01
> > > > --- /dev/null
> > > > +++
> > > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
> > > > @@ -0,0 +1,50 @@
> > > > +## @file
> > > >
> > > > +# Provides TPM measurement functions for TPM1.2 and TPM 2.0
> > > >
> > > > +#
> > > >
> > > > +# This library provides TpmMeasureAndLogData() to measure and log
> data,
> > > > and
> > > >
> > > > +# extend the measurement result into a specific PCR.
> > > >
> > > > +#
> > > >
> > > > +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> > > >
> > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> > > >
> > > > +#
> > > >
> > > > +##
> > > >
> > > > +
> > > >
> > > > +[Defines]
> > > >
> > > > + INF_VERSION = 0x00010005
> > > >
> > > > + BASE_NAME = PeiTpmMeasurementLib
> > > >
> > > > + FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
> > > >
> > > > + MODULE_TYPE = PEIM
> > > >
> > > > + VERSION_STRING = 1.0
> > > >
> > > > + LIBRARY_CLASS = TpmMeasurementLib|PEIM
> > > >
> > > > + MODULE_UNI_FILE = PeiTpmMeasurementLib.uni
> > > >
> > > > +
> > > >
> > > > +#
> > > >
> > > > +# The following information is for reference only and not required by the
> > > build
> > > > tools.
> > > >
> > > > +#
> > > >
> > > > +# VALID_ARCHITECTURES = IA32 X64
> > > >
> > > > +#
> > > >
> > > > +
> > > >
> > > > +[Sources]
> > > >
> > > > + PeiTpmMeasurementLib.c
> > > >
> > > > +
> > > >
> > > > +[Packages]
> > > >
> > > > + MdePkg/MdePkg.dec
> > > >
> > > > + MdeModulePkg/MdeModulePkg.dec
> > > >
> > > > + SecurityPkg/SecurityPkg.dec
> > > >
> > > > +
> > > >
> > > > +[LibraryClasses]
> > > >
> > > > + BaseLib
> > > >
> > > > + BaseMemoryLib
> > > >
> > > > + HobLib
> > > >
> > > > + DebugLib
> > > >
> > > > + PcdLib
> > > >
> > > > + PrintLib
> > > >
> > > > + PeiServicesLib
> > > >
> > > > + PeiServicesTablePointerLib
> > > >
> > > > +
> > > >
> > > > +[Ppis]
> > > >
> > > > + gEdkiiTcgPpiGuid ## CONSUMES
> > > >
> > > > +
> > > >
> > > > +[Depex]
> > > >
> > > > + gEfiPeiMasterBootModePpiGuid AND
> > > >
> > > > + gEfiTpmDeviceSelectedGuid
> > > >
> > > > diff --git
> > > >
> a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > > >
> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > > > new file mode 100644
> > > > index 0000000000..7b4341b449
> > > > --- /dev/null
> > > > +++
> > > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > > > @@ -0,0 +1,17 @@
> > > > +// /** @file
> > > >
> > > > +// Provides TPM measurement functions for TPM1.2 and TPM 2.0
> > > >
> > > > +//
> > > >
> > > > +// This library provides TpmMeasureAndLogData() to to measure and log
> > data,
> > > > and
> > > >
> > > > +// extend the measurement result into a specific PCR.
> > > >
> > > > +//
> > > >
> > > > +// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
> > > >
> > > > +//
> > > >
> > > > +// SPDX-License-Identifier: BSD-2-Clause-Patent
> > > >
> > > > +//
> > > >
> > > > +// **/
> > > >
> > > > +
> > > >
> > > > +
> > > >
> > > > +#string STR_MODULE_ABSTRACT #language en-US "Provides TPM
> > > > measurement functions for TPM1.2 and TPM 2.0"
> > > >
> > > > +
> > > >
> > > > +#string STR_MODULE_DESCRIPTION #language en-US "This library
> > > > provides TpmMeasureAndLogData() to to measure and log data, and
> extend
> > > the
> > > > measurement result into a specific PCR."
> > > >
> > > > +
> > > >
> > > > --
> > > > 2.26.2.windows.1
> > >
> > >
> > >
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
2020-07-22 1:08 ` Wang, Jian J
@ 2020-07-22 2:08 ` Qi Zhang
2020-07-22 2:13 ` Yao, Jiewen
0 siblings, 1 reply; 18+ messages in thread
From: Qi Zhang @ 2020-07-22 2:08 UTC (permalink / raw)
To: Wang, Jian J, Yao, Jiewen, devel@edk2.groups.io
Can we move this requirement implementation to https://bugzilla.tianocore.org/show_bug.cgi?id=2376: Need add a FSP binary measurement.
3) Add more API in TpmMeasurementLib, such as MeasureFirmwareBlob, MeasureHandoffTable for TPM PFP rev 105 support - add description for the FirmwareBlob and HandoffTable.
> -----Original Message-----
> From: Wang, Jian J <jian.j.wang@intel.com>
> Sent: Wednesday, July 22, 2020 9:08 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Zhang, Qi1
> <qi1.zhang@intel.com>
> Subject: RE: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib:
> Add PEI instance.
>
> To avoid inconsistency, please add comments in the BZ or in commit message
> of this patch.
>
> With all comments addressed,
> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
>
> Regards,
> Jian
>
> > -----Original Message-----
> > From: Yao, Jiewen <jiewen.yao@intel.com>
> > Sent: Tuesday, July 21, 2020 11:05 PM
> > To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io; Zhang,
> > Qi1 <qi1.zhang@intel.com>
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>
> > Subject: RE: [edk2-devel] [PATCH v4 5/6]
> SecurityPkg/PeiTpmMeasurementLib:
> > Add PEI instance.
> >
> > Right. That can be implemented as separated patch.
> >
> > > -----Original Message-----
> > > From: Wang, Jian J <jian.j.wang@intel.com>
> > > Sent: Tuesday, July 21, 2020 5:16 PM
> > > To: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>;
> > > Zhang, Qi1 <qi1.zhang@intel.com>
> > > Cc: Yao, Jiewen <jiewen.yao@intel.com>
> > > Subject: RE: [edk2-devel] [PATCH v4 5/6]
> SecurityPkg/PeiTpmMeasurementLib:
> > > Add PEI instance.
> > >
> > > Sorry, missing word in previous email. It should be
> > >
> > > "following requirement is not embodied in"
> > >
> > > Regards,
> > > Jian
> > >
> > > > -----Original Message-----
> > > > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
> > > > Wang,
> > > Jian
> > > > J
> > > > Sent: Tuesday, July 21, 2020 5:00 PM
> > > > To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io
> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>
> > > > Subject: Re: [edk2-devel] [PATCH v4 5/6]
> > SecurityPkg/PeiTpmMeasurementLib:
> > > > Add PEI instance.
> > > >
> > > > Qi,
> > > >
> > > > Two format issues inlined below.
> > > >
> > > > In addition, according to bz2841, following requirement is
> > > > embodied in this patch. Maybe there's discussion before deciding
> > > > not to implement it. If so, please update bz2841 to state it explicitly.
> > > >
> > > > 3) Add more API in TpmMeasurementLib, such as MeasureFirmwareBlob,
> > > > MeasureHandoffTable for TPM PFP rev 105 support - add description
> > > > for the FirmwareBlob and HandoffTable.
> > > >
> > > > Regards,
> > > > Jian
> > > >
> > > > > -----Original Message-----
> > > > > From: Zhang, Qi1 <qi1.zhang@intel.com>
> > > > > Sent: Friday, July 17, 2020 4:50 PM
> > > > > To: devel@edk2.groups.io
> > > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
> > > > <jian.j.wang@intel.com>;
> > > > > Zhang, Qi1 <qi1.zhang@intel.com>
> > > > > Subject: [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add
> > > > > PEI
> > > instance.
> > > > >
> > > > > From: Jiewen Yao <jiewen.yao@intel.com>
> > > > >
> > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
> > > > >
> > > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > > > Cc: Qi Zhang <qi1.zhang@intel.com>
> > > > > Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> > > > > ---
> > > > > .../PeiTpmMeasurementLib.c | 74 +++++++++++++++++++
> > > > > .../PeiTpmMeasurementLib.inf | 50 +++++++++++++
> > > > > .../PeiTpmMeasurementLib.uni | 17 +++++
> > > > > 3 files changed, 141 insertions(+) create mode 100644
> > > > > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > > > > create mode 100644
> > > > > SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.in
> > > > > f
> > > > > create mode 100644
> > > > >
> SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.un
> > > > > i
> > > > >
> > > > > diff --git
> > > > > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.
> > > > > c
> > > > > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.
> > > > > c
> > > > > new file mode 100644
> > > > > index 0000000000..1a590e0c9e
> > > > > --- /dev/null
> > > > > +++
> > > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
> > > > > @@ -0,0 +1,74 @@
> > > > > +/** @file
> > > > >
> > > > > + This library is used by other modules to measure data to TPM.
> > > > >
> > > > > +
> > > > >
> > > > > +Copyright (c) 2020, Intel Corporation. All rights reserved.
> > > > > +<BR>
> > > > >
> > > > > +SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > >
> > > > > +
> > > > >
> > > > > +**/
> > > > >
> > > > > +
> > > > >
> > > > > +#include <PiPei.h>
> > > > >
> > > > > +
> > > > >
> > > > > +#include <Library/BaseMemoryLib.h>
> > > > >
> > > > > +#include <Library/PeiServicesLib.h>
> > > > >
> > > > > +#include <Library/PeiServicesTablePointerLib.h>
> > > > >
> > > > > +#include <Library/DebugLib.h>
> > > > >
> > > > > +#include <Library/HobLib.h>
> > > > >
> > > > > +#include <Library/TpmMeasurementLib.h>
> > > > >
> > > > > +
> > > > >
> > > > > +#include <Ppi/Tcg.h>
> > > > >
> > > > > +#include <IndustryStandard/UefiTcgPlatform.h>
> > > > >
> > > > > +
> > > > >
> > > > > +/**
> > > > >
> > > > > + Tpm measure and log data, and extend the measurement result
> > > > > + into a
> > > > specific
> > > > > PCR.
> > > > >
> > > > > +
> > > > >
> > > > > + @param[in] PcrIndex PCR Index.
> > > > >
> > > > > + @param[in] EventType Event type.
> > > > >
> > > > > + @param[in] EventLog Measurement event log.
> > > > >
> > > > > + @param[in] LogLen Event log length in bytes.
> > > > >
> > > > > + @param[in] HashData The start of the data buffer to be hashed,
> > > > > extended.
> > > > >
> > > > > + @param[in] HashDataLen The length, in bytes, of the buffer
> > referenced
> > > > by
> > > > > HashData
> > > > >
> > > > > +
> > > > >
> > > > > + @retval EFI_SUCCESS Operation completed successfully.
> > > >
> > > > The description of above retval is not aligned with below line.
> > > >
> > > > >
> > > > > + @retval EFI_UNSUPPORTED TPM device not available.
> > > > >
> > > > > + @retval EFI_OUT_OF_RESOURCES Out of memory.
> > > > >
> > > > > + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
> > > > >
> > > > > +**/
> > > > >
> > > > > +EFI_STATUS
> > > > >
> > > > > +EFIAPI
> > > > >
> > > > > +TpmMeasureAndLogData (
> > > > >
> > > > > + IN UINT32 PcrIndex,
> > > > >
> > > > > + IN UINT32 EventType,
> > > > >
> > > > > + IN VOID *EventLog,
> > > > >
> > > > > + IN UINT32 LogLen,
> > > > >
> > > > > + IN VOID *HashData,
> > > > >
> > > > > + IN UINT64 HashDataLen
> > > > >
> > > > > + )
> > > > >
> > > > > +{
> > > > >
> > > > > + EFI_STATUS Status;
> > > > >
> > > > > + EDKII_TCG_PPI *TcgPpi;
> > > > >
> > > > > + TCG_PCR_EVENT_HDR TcgEventHdr;
> > > > >
> > > > > +
> > > > >
> > > > > + Status = PeiServicesLocatePpi(
> > > >
> > > > Missing a space before '('
> > > >
> > > > >
> > > > > + &gEdkiiTcgPpiGuid,
> > > > >
> > > > > + 0,
> > > > >
> > > > > + NULL,
> > > > >
> > > > > + (VOID**)&TcgPpi
> > > > >
> > > > > + );
> > > > >
> > > > > + if (EFI_ERROR(Status)) {
> > > > >
> > > > > + return Status;
> > > > >
> > > > > + }
> > > > >
> > > > > +
> > > > >
> > > > > + TcgEventHdr.PCRIndex = PcrIndex;
> > > > >
> > > > > + TcgEventHdr.EventType = EventType;
> > > > >
> > > > > + TcgEventHdr.EventSize = LogLen;
> > > > >
> > > > > +
> > > > >
> > > > > + Status = TcgPpi->HashLogExtendEvent (
> > > > >
> > > > > + TcgPpi,
> > > > >
> > > > > + 0,
> > > > >
> > > > > + HashData,
> > > > >
> > > > > + (UINTN)HashDataLen,
> > > > >
> > > > > + &TcgEventHdr,
> > > > >
> > > > > + EventLog
> > > > >
> > > > > + );
> > > > >
> > > > > + return Status;
> > > > >
> > > > > +}
> > > > >
> > > > > diff --git
> > > > > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.
> > > > > inf
> > > > > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.
> > > > > inf
> > > > > new file mode 100644
> > > > > index 0000000000..6625d0fd01
> > > > > --- /dev/null
> > > > > +++
> > > >
> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.in
> > > > f
> > > > > @@ -0,0 +1,50 @@
> > > > > +## @file
> > > > >
> > > > > +# Provides TPM measurement functions for TPM1.2 and TPM 2.0
> > > > >
> > > > > +#
> > > > >
> > > > > +# This library provides TpmMeasureAndLogData() to measure and
> > > > > +log
> > data,
> > > > > and
> > > > >
> > > > > +# extend the measurement result into a specific PCR.
> > > > >
> > > > > +#
> > > > >
> > > > > +# Copyright (c) 2020, Intel Corporation. All rights
> > > > > +reserved.<BR>
> > > > >
> > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > >
> > > > > +#
> > > > >
> > > > > +##
> > > > >
> > > > > +
> > > > >
> > > > > +[Defines]
> > > > >
> > > > > + INF_VERSION = 0x00010005
> > > > >
> > > > > + BASE_NAME = PeiTpmMeasurementLib
> > > > >
> > > > > + FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
> > > > >
> > > > > + MODULE_TYPE = PEIM
> > > > >
> > > > > + VERSION_STRING = 1.0
> > > > >
> > > > > + LIBRARY_CLASS = TpmMeasurementLib|PEIM
> > > > >
> > > > > + MODULE_UNI_FILE = PeiTpmMeasurementLib.uni
> > > > >
> > > > > +
> > > > >
> > > > > +#
> > > > >
> > > > > +# The following information is for reference only and not
> > > > > +required by the
> > > > build
> > > > > tools.
> > > > >
> > > > > +#
> > > > >
> > > > > +# VALID_ARCHITECTURES = IA32 X64
> > > > >
> > > > > +#
> > > > >
> > > > > +
> > > > >
> > > > > +[Sources]
> > > > >
> > > > > + PeiTpmMeasurementLib.c
> > > > >
> > > > > +
> > > > >
> > > > > +[Packages]
> > > > >
> > > > > + MdePkg/MdePkg.dec
> > > > >
> > > > > + MdeModulePkg/MdeModulePkg.dec
> > > > >
> > > > > + SecurityPkg/SecurityPkg.dec
> > > > >
> > > > > +
> > > > >
> > > > > +[LibraryClasses]
> > > > >
> > > > > + BaseLib
> > > > >
> > > > > + BaseMemoryLib
> > > > >
> > > > > + HobLib
> > > > >
> > > > > + DebugLib
> > > > >
> > > > > + PcdLib
> > > > >
> > > > > + PrintLib
> > > > >
> > > > > + PeiServicesLib
> > > > >
> > > > > + PeiServicesTablePointerLib
> > > > >
> > > > > +
> > > > >
> > > > > +[Ppis]
> > > > >
> > > > > + gEdkiiTcgPpiGuid ## CONSUMES
> > > > >
> > > > > +
> > > > >
> > > > > +[Depex]
> > > > >
> > > > > + gEfiPeiMasterBootModePpiGuid AND
> > > > >
> > > > > + gEfiTpmDeviceSelectedGuid
> > > > >
> > > > > diff --git
> > > > >
> > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > > > >
> > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
> > > > > new file mode 100644
> > > > > index 0000000000..7b4341b449
> > > > > --- /dev/null
> > > > > +++
> > > >
> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.un
> > > > i
> > > > > @@ -0,0 +1,17 @@
> > > > > +// /** @file
> > > > >
> > > > > +// Provides TPM measurement functions for TPM1.2 and TPM 2.0
> > > > >
> > > > > +//
> > > > >
> > > > > +// This library provides TpmMeasureAndLogData() to to measure
> > > > > +and log
> > > data,
> > > > > and
> > > > >
> > > > > +// extend the measurement result into a specific PCR.
> > > > >
> > > > > +//
> > > > >
> > > > > +// Copyright (c) 2020, Intel Corporation. All rights
> > > > > +reserved.<BR>
> > > > >
> > > > > +//
> > > > >
> > > > > +// SPDX-License-Identifier: BSD-2-Clause-Patent
> > > > >
> > > > > +//
> > > > >
> > > > > +// **/
> > > > >
> > > > > +
> > > > >
> > > > > +
> > > > >
> > > > > +#string STR_MODULE_ABSTRACT #language en-US "Provides
> TPM
> > > > > measurement functions for TPM1.2 and TPM 2.0"
> > > > >
> > > > > +
> > > > >
> > > > > +#string STR_MODULE_DESCRIPTION #language en-US "This library
> > > > > provides TpmMeasureAndLogData() to to measure and log data, and
> > extend
> > > > the
> > > > > measurement result into a specific PCR."
> > > > >
> > > > > +
> > > > >
> > > > > --
> > > > > 2.26.2.windows.1
> > > >
> > > >
> > > >
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance.
2020-07-22 2:08 ` Qi Zhang
@ 2020-07-22 2:13 ` Yao, Jiewen
0 siblings, 0 replies; 18+ messages in thread
From: Yao, Jiewen @ 2020-07-22 2:13 UTC (permalink / raw)
To: Zhang, Qi1; +Cc: Wang, Jian J, devel@edk2.groups.io
yes, i am ok with that.
thank you!
Yao, Jiewen
> 在 2020年7月22日,上午10:08,Zhang, Qi1 <qi1.zhang@intel.com> 写道:
>
> Can we move this requirement implementation to https://bugzilla.tianocore.org/show_bug.cgi?id=2376: Need add a FSP binary measurement.
>
> 3) Add more API in TpmMeasurementLib, such as MeasureFirmwareBlob, MeasureHandoffTable for TPM PFP rev 105 support - add description for the FirmwareBlob and HandoffTable.
>
>> -----Original Message-----
>> From: Wang, Jian J <jian.j.wang@intel.com>
>> Sent: Wednesday, July 22, 2020 9:08 AM
>> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Zhang, Qi1
>> <qi1.zhang@intel.com>
>> Subject: RE: [edk2-devel] [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib:
>> Add PEI instance.
>>
>> To avoid inconsistency, please add comments in the BZ or in commit message
>> of this patch.
>>
>> With all comments addressed,
>> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
>>
>> Regards,
>> Jian
>>
>>> -----Original Message-----
>>> From: Yao, Jiewen <jiewen.yao@intel.com>
>>> Sent: Tuesday, July 21, 2020 11:05 PM
>>> To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io; Zhang,
>>> Qi1 <qi1.zhang@intel.com>
>>> Cc: Yao, Jiewen <jiewen.yao@intel.com>
>>> Subject: RE: [edk2-devel] [PATCH v4 5/6]
>> SecurityPkg/PeiTpmMeasurementLib:
>>> Add PEI instance.
>>>
>>> Right. That can be implemented as separated patch.
>>>
>>>> -----Original Message-----
>>>> From: Wang, Jian J <jian.j.wang@intel.com>
>>>> Sent: Tuesday, July 21, 2020 5:16 PM
>>>> To: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>;
>>>> Zhang, Qi1 <qi1.zhang@intel.com>
>>>> Cc: Yao, Jiewen <jiewen.yao@intel.com>
>>>> Subject: RE: [edk2-devel] [PATCH v4 5/6]
>> SecurityPkg/PeiTpmMeasurementLib:
>>>> Add PEI instance.
>>>>
>>>> Sorry, missing word in previous email. It should be
>>>>
>>>> "following requirement is not embodied in"
>>>>
>>>> Regards,
>>>> Jian
>>>>
>>>>> -----Original Message-----
>>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>>>>> Wang,
>>>> Jian
>>>>> J
>>>>> Sent: Tuesday, July 21, 2020 5:00 PM
>>>>> To: Zhang, Qi1 <qi1.zhang@intel.com>; devel@edk2.groups.io
>>>>> Cc: Yao, Jiewen <jiewen.yao@intel.com>
>>>>> Subject: Re: [edk2-devel] [PATCH v4 5/6]
>>> SecurityPkg/PeiTpmMeasurementLib:
>>>>> Add PEI instance.
>>>>>
>>>>> Qi,
>>>>>
>>>>> Two format issues inlined below.
>>>>>
>>>>> In addition, according to bz2841, following requirement is
>>>>> embodied in this patch. Maybe there's discussion before deciding
>>>>> not to implement it. If so, please update bz2841 to state it explicitly.
>>>>>
>>>>> 3) Add more API in TpmMeasurementLib, such as MeasureFirmwareBlob,
>>>>> MeasureHandoffTable for TPM PFP rev 105 support - add description
>>>>> for the FirmwareBlob and HandoffTable.
>>>>>
>>>>> Regards,
>>>>> Jian
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Zhang, Qi1 <qi1.zhang@intel.com>
>>>>>> Sent: Friday, July 17, 2020 4:50 PM
>>>>>> To: devel@edk2.groups.io
>>>>>> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J
>>>>> <jian.j.wang@intel.com>;
>>>>>> Zhang, Qi1 <qi1.zhang@intel.com>
>>>>>> Subject: [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add
>>>>>> PEI
>>>> instance.
>>>>>>
>>>>>> From: Jiewen Yao <jiewen.yao@intel.com>
>>>>>>
>>>>>> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841
>>>>>>
>>>>>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>>>>>> Cc: Jian J Wang <jian.j.wang@intel.com>
>>>>>> Cc: Qi Zhang <qi1.zhang@intel.com>
>>>>>> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
>>>>>> ---
>>>>>> .../PeiTpmMeasurementLib.c | 74 +++++++++++++++++++
>>>>>> .../PeiTpmMeasurementLib.inf | 50 +++++++++++++
>>>>>> .../PeiTpmMeasurementLib.uni | 17 +++++
>>>>>> 3 files changed, 141 insertions(+) create mode 100644
>>>>>> SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
>>>>>> create mode 100644
>>>>>> SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.in
>>>>>> f
>>>>>> create mode 100644
>>>>>>
>> SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.un
>>>>>> i
>>>>>>
>>>>>> diff --git
>>>>>> a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.
>>>>>> c
>>>>>> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.
>>>>>> c
>>>>>> new file mode 100644
>>>>>> index 0000000000..1a590e0c9e
>>>>>> --- /dev/null
>>>>>> +++
>>>> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c
>>>>>> @@ -0,0 +1,74 @@
>>>>>> +/** @file
>>>>>>
>>>>>> + This library is used by other modules to measure data to TPM.
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +Copyright (c) 2020, Intel Corporation. All rights reserved.
>>>>>> +<BR>
>>>>>>
>>>>>> +SPDX-License-Identifier: BSD-2-Clause-Patent
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +**/
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +#include <PiPei.h>
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +#include <Library/BaseMemoryLib.h>
>>>>>>
>>>>>> +#include <Library/PeiServicesLib.h>
>>>>>>
>>>>>> +#include <Library/PeiServicesTablePointerLib.h>
>>>>>>
>>>>>> +#include <Library/DebugLib.h>
>>>>>>
>>>>>> +#include <Library/HobLib.h>
>>>>>>
>>>>>> +#include <Library/TpmMeasurementLib.h>
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +#include <Ppi/Tcg.h>
>>>>>>
>>>>>> +#include <IndustryStandard/UefiTcgPlatform.h>
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +/**
>>>>>>
>>>>>> + Tpm measure and log data, and extend the measurement result
>>>>>> + into a
>>>>> specific
>>>>>> PCR.
>>>>>>
>>>>>> +
>>>>>>
>>>>>> + @param[in] PcrIndex PCR Index.
>>>>>>
>>>>>> + @param[in] EventType Event type.
>>>>>>
>>>>>> + @param[in] EventLog Measurement event log.
>>>>>>
>>>>>> + @param[in] LogLen Event log length in bytes.
>>>>>>
>>>>>> + @param[in] HashData The start of the data buffer to be hashed,
>>>>>> extended.
>>>>>>
>>>>>> + @param[in] HashDataLen The length, in bytes, of the buffer
>>> referenced
>>>>> by
>>>>>> HashData
>>>>>>
>>>>>> +
>>>>>>
>>>>>> + @retval EFI_SUCCESS Operation completed successfully.
>>>>>
>>>>> The description of above retval is not aligned with below line.
>>>>>
>>>>>>
>>>>>> + @retval EFI_UNSUPPORTED TPM device not available.
>>>>>>
>>>>>> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>>>>>>
>>>>>> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>>>>>>
>>>>>> +**/
>>>>>>
>>>>>> +EFI_STATUS
>>>>>>
>>>>>> +EFIAPI
>>>>>>
>>>>>> +TpmMeasureAndLogData (
>>>>>>
>>>>>> + IN UINT32 PcrIndex,
>>>>>>
>>>>>> + IN UINT32 EventType,
>>>>>>
>>>>>> + IN VOID *EventLog,
>>>>>>
>>>>>> + IN UINT32 LogLen,
>>>>>>
>>>>>> + IN VOID *HashData,
>>>>>>
>>>>>> + IN UINT64 HashDataLen
>>>>>>
>>>>>> + )
>>>>>>
>>>>>> +{
>>>>>>
>>>>>> + EFI_STATUS Status;
>>>>>>
>>>>>> + EDKII_TCG_PPI *TcgPpi;
>>>>>>
>>>>>> + TCG_PCR_EVENT_HDR TcgEventHdr;
>>>>>>
>>>>>> +
>>>>>>
>>>>>> + Status = PeiServicesLocatePpi(
>>>>>
>>>>> Missing a space before '('
>>>>>
>>>>>>
>>>>>> + &gEdkiiTcgPpiGuid,
>>>>>>
>>>>>> + 0,
>>>>>>
>>>>>> + NULL,
>>>>>>
>>>>>> + (VOID**)&TcgPpi
>>>>>>
>>>>>> + );
>>>>>>
>>>>>> + if (EFI_ERROR(Status)) {
>>>>>>
>>>>>> + return Status;
>>>>>>
>>>>>> + }
>>>>>>
>>>>>> +
>>>>>>
>>>>>> + TcgEventHdr.PCRIndex = PcrIndex;
>>>>>>
>>>>>> + TcgEventHdr.EventType = EventType;
>>>>>>
>>>>>> + TcgEventHdr.EventSize = LogLen;
>>>>>>
>>>>>> +
>>>>>>
>>>>>> + Status = TcgPpi->HashLogExtendEvent (
>>>>>>
>>>>>> + TcgPpi,
>>>>>>
>>>>>> + 0,
>>>>>>
>>>>>> + HashData,
>>>>>>
>>>>>> + (UINTN)HashDataLen,
>>>>>>
>>>>>> + &TcgEventHdr,
>>>>>>
>>>>>> + EventLog
>>>>>>
>>>>>> + );
>>>>>>
>>>>>> + return Status;
>>>>>>
>>>>>> +}
>>>>>>
>>>>>> diff --git
>>>>>> a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.
>>>>>> inf
>>>>>> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.
>>>>>> inf
>>>>>> new file mode 100644
>>>>>> index 0000000000..6625d0fd01
>>>>>> --- /dev/null
>>>>>> +++
>>>>>
>> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.in
>>>>> f
>>>>>> @@ -0,0 +1,50 @@
>>>>>> +## @file
>>>>>>
>>>>>> +# Provides TPM measurement functions for TPM1.2 and TPM 2.0
>>>>>>
>>>>>> +#
>>>>>>
>>>>>> +# This library provides TpmMeasureAndLogData() to measure and
>>>>>> +log
>>> data,
>>>>>> and
>>>>>>
>>>>>> +# extend the measurement result into a specific PCR.
>>>>>>
>>>>>> +#
>>>>>>
>>>>>> +# Copyright (c) 2020, Intel Corporation. All rights
>>>>>> +reserved.<BR>
>>>>>>
>>>>>> +# SPDX-License-Identifier: BSD-2-Clause-Patent
>>>>>>
>>>>>> +#
>>>>>>
>>>>>> +##
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +[Defines]
>>>>>>
>>>>>> + INF_VERSION = 0x00010005
>>>>>>
>>>>>> + BASE_NAME = PeiTpmMeasurementLib
>>>>>>
>>>>>> + FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B
>>>>>>
>>>>>> + MODULE_TYPE = PEIM
>>>>>>
>>>>>> + VERSION_STRING = 1.0
>>>>>>
>>>>>> + LIBRARY_CLASS = TpmMeasurementLib|PEIM
>>>>>>
>>>>>> + MODULE_UNI_FILE = PeiTpmMeasurementLib.uni
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +#
>>>>>>
>>>>>> +# The following information is for reference only and not
>>>>>> +required by the
>>>>> build
>>>>>> tools.
>>>>>>
>>>>>> +#
>>>>>>
>>>>>> +# VALID_ARCHITECTURES = IA32 X64
>>>>>>
>>>>>> +#
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +[Sources]
>>>>>>
>>>>>> + PeiTpmMeasurementLib.c
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +[Packages]
>>>>>>
>>>>>> + MdePkg/MdePkg.dec
>>>>>>
>>>>>> + MdeModulePkg/MdeModulePkg.dec
>>>>>>
>>>>>> + SecurityPkg/SecurityPkg.dec
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +[LibraryClasses]
>>>>>>
>>>>>> + BaseLib
>>>>>>
>>>>>> + BaseMemoryLib
>>>>>>
>>>>>> + HobLib
>>>>>>
>>>>>> + DebugLib
>>>>>>
>>>>>> + PcdLib
>>>>>>
>>>>>> + PrintLib
>>>>>>
>>>>>> + PeiServicesLib
>>>>>>
>>>>>> + PeiServicesTablePointerLib
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +[Ppis]
>>>>>>
>>>>>> + gEdkiiTcgPpiGuid ## CONSUMES
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +[Depex]
>>>>>>
>>>>>> + gEfiPeiMasterBootModePpiGuid AND
>>>>>>
>>>>>> + gEfiTpmDeviceSelectedGuid
>>>>>>
>>>>>> diff --git
>>>>>>
>>> a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
>>>>>>
>>> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni
>>>>>> new file mode 100644
>>>>>> index 0000000000..7b4341b449
>>>>>> --- /dev/null
>>>>>> +++
>>>>>
>> b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.un
>>>>> i
>>>>>> @@ -0,0 +1,17 @@
>>>>>> +// /** @file
>>>>>>
>>>>>> +// Provides TPM measurement functions for TPM1.2 and TPM 2.0
>>>>>>
>>>>>> +//
>>>>>>
>>>>>> +// This library provides TpmMeasureAndLogData() to to measure
>>>>>> +and log
>>>> data,
>>>>>> and
>>>>>>
>>>>>> +// extend the measurement result into a specific PCR.
>>>>>>
>>>>>> +//
>>>>>>
>>>>>> +// Copyright (c) 2020, Intel Corporation. All rights
>>>>>> +reserved.<BR>
>>>>>>
>>>>>> +//
>>>>>>
>>>>>> +// SPDX-License-Identifier: BSD-2-Clause-Patent
>>>>>>
>>>>>> +//
>>>>>>
>>>>>> +// **/
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +#string STR_MODULE_ABSTRACT #language en-US "Provides
>> TPM
>>>>>> measurement functions for TPM1.2 and TPM 2.0"
>>>>>>
>>>>>> +
>>>>>>
>>>>>> +#string STR_MODULE_DESCRIPTION #language en-US "This library
>>>>>> provides TpmMeasureAndLogData() to to measure and log data, and
>>> extend
>>>>> the
>>>>>> measurement result into a specific PCR."
>>>>>>
>>>>>> +
>>>>>>
>>>>>> --
>>>>>> 2.26.2.windows.1
>>>>>
>>>>>
>>>>>
>
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2020-07-22 2:13 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-07-17 8:49 [PATCH v4 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
2020-07-17 8:49 ` [PATCH v4 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
2020-07-21 8:37 ` Wang, Jian J
2020-07-17 8:49 ` [PATCH v4 2/6] SecurityPkg/dec: Add TcgPpi Qi Zhang
2020-07-21 8:37 ` Wang, Jian J
2020-07-17 8:49 ` [PATCH v4 3/6] SecurityPkg/Tcg: " Qi Zhang
2020-07-21 8:36 ` Wang, Jian J
2020-07-17 8:49 ` [PATCH v4 4/6] SecurityPkg/Tcg2: " Qi Zhang
2020-07-21 8:52 ` Wang, Jian J
2020-07-17 8:49 ` [PATCH v4 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance Qi Zhang
2020-07-21 9:00 ` Wang, Jian J
[not found] ` <1623B8ED1BE72736.9882@groups.io>
2020-07-21 9:16 ` [edk2-devel] " Wang, Jian J
2020-07-21 15:05 ` Yao, Jiewen
2020-07-22 1:08 ` Wang, Jian J
2020-07-22 2:08 ` Qi Zhang
2020-07-22 2:13 ` Yao, Jiewen
2020-07-17 8:49 ` [PATCH v4 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib Qi Zhang
2020-07-21 9:00 ` Wang, Jian J
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox