From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: Bret Barkelew <Bret.Barkelew@microsoft.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Zhang, Qi1" <qi1.zhang@intel.com>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Date: Tue, 4 Aug 2020 05:52:57 +0000 [thread overview]
Message-ID: <CY4PR11MB12882B8CC1DC7BF6DB3C6ACE8C4A0@CY4PR11MB1288.namprd11.prod.outlook.com> (raw)
In-Reply-To: <CY4PR21MB07436BD5FD8881B119F27AAFEF4A0@CY4PR21MB0743.namprd21.prod.outlook.com>
[-- Attachment #1.1: Type: text/plain, Size: 9792 bytes --]
The code is already pushed after review.
Please take a look the latest one.
If it does not work, then you can file a new BZ.
Thank you
Yao Jiewen
From: Bret Barkelew <Bret.Barkelew@microsoft.com>
Sent: Tuesday, August 4, 2020 1:05 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; Zhang, Qi1 <qi1.zhang@intel.com>; Bret Barkelew <Bret.Barkelew@microsoft.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
The more I think about it, the more I like your idea of registering early and allowing a PPI notification callback.
Is that something we could get in this change, or would it be best to open a new BZ to track that request? Thanks!
- Bret
________________________________
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io<mailto:bret.barkelew=microsoft.com@groups.io>>
Sent: Wednesday, July 15, 2020 8:32 AM
To: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Yeah, that's kinda what I was thinking. It seemed like there was a little of overlap that might eliminate the need for the extra libs (in our current solution).
I'll try to get a more detailed problem statement today, but I think you've got the right idea there.
- Bret
From: Yao, Jiewen<mailto:jiewen.yao@intel.com>
Sent: Wednesday, July 15, 2020 8:20 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen<mailto:jiewen.yao@intel.com>; Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>; Zhang, Qi1<mailto:qi1.zhang@intel.com>
Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Maybe we can let TCG PEIM install the TCG_PPI *before* any measurement record, then the other PEIM can register a callback to record the HW ROT measurement ?
Thank you
Yao Jiewen
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Yao, Jiewen
Sent: Wednesday, July 15, 2020 10:45 PM
To: Bret Barkelew <Bret.Barkelew@microsoft.com<mailto:Bret.Barkelew@microsoft.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Hi Bret
Do you have a full problem statement or Bugzilla?
If we are resolving same problem, we can resolve altogether.
If we are talking different problem, we can resolve one by one.
Thank you
Yao Jiewen
From: Bret Barkelew <Bret.Barkelew@microsoft.com<mailto:Bret.Barkelew@microsoft.com>>
Sent: Wednesday, July 15, 2020 1:53 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Since we're working on early boot TCG interfaces, is this a good time to discuss a standard way to init the log with measurements made by the HW root of trust prior to Tcg2Pei? We were using a NULL lib and a registration pattern on the PEIM, but I'm open to other ideas, too. Thoughts?
- Bret
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Yao, Jiewen via groups.io <jiewen.yao=intel.com@groups.io<mailto:jiewen.yao=intel.com@groups.io>>
Sent: Tuesday, July 14, 2020 10:08:30 PM
To: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Thanks Qi.
I just thought one use case that a PEIM may already have a calculated hash (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=V3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cb085558d5f2f4302ec6e08d828d45a24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304239804005314&sdata=Mgd7fbYkhizLUstwfZHiMUwpvnyrzXO1fZLUvEXKvz8%3D&reserved=0>)
We may need add a flag to support this pre-hash use case. Such as:
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags, // new field. BIT0 = 0 means HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash digest.
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>;
> Zhang, Chao B <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
>
> REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=VgWc2LNPqJRlBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cb085558d5f2f4302ec6e08d828d45a24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304239804015312&sdata=TjaDY1Uuklf6u8Eo989QiAwZA87XsuIiJ9Z6ygDA6FA%3D&reserved=0>
>
> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Cc: Chao Zhang <chao.b.zhang@intel.com<mailto:chao.b.zhang@intel.com>>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> ---
> SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
> 1 file changed, 50 insertions(+)
> create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> + TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] HashData Physical address of the start of the data buffer
>
> + to be hashed, extended, and logged.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
[-- Attachment #1.2: Type: text/html, Size: 19858 bytes --]
[-- Attachment #2: image002.png --]
[-- Type: image/png, Size: 157 bytes --]
next prev parent reply other threads:[~2020-08-04 5:53 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-14 6:49 [PATCH 0/6] Add capability to let PEIM extend TcgEvent Qi Zhang
2020-07-14 6:49 ` [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file Qi Zhang
2020-07-15 5:08 ` Yao, Jiewen
2020-07-15 5:53 ` Bret Barkelew
2020-07-15 14:45 ` Yao, Jiewen
[not found] ` <1621F444E3AD18DD.16458@groups.io>
2020-07-15 15:20 ` [edk2-devel] " Yao, Jiewen
2020-07-15 15:32 ` Bret Barkelew
2020-08-04 5:05 ` Bret Barkelew
2020-08-04 5:52 ` Yao, Jiewen [this message]
2020-07-14 6:49 ` [PATCH 2/6] SecurityPkg/dec: Add TcgPpi Qi Zhang
2020-07-14 6:49 ` [PATCH 3/6] SecurityPkg/Tcg: " Qi Zhang
2020-07-14 6:49 ` [PATCH 4/6] SecurityPkg/Tcg2: " Qi Zhang
2020-07-14 6:49 ` [PATCH 5/6] SecurityPkg/PeiTpmMeasurementLib: Add PEI instance Qi Zhang
2020-07-14 6:49 ` [PATCH 6/6] SecurityPkg/dsc: Add PeiTpmMeasurementLib Qi Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CY4PR11MB12882B8CC1DC7BF6DB3C6ACE8C4A0@CY4PR11MB1288.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox