From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web11.13461.1596520382656387166 for ; Mon, 03 Aug 2020 22:53:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=pzFzdzfr; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiewen.yao@intel.com) IronPort-SDR: GRPbg2BqswTBue0i2Of55GWTuqHbt3ZS1Y9Zy4A3IN9OtIeR/HPmWkjaMCE+N4DeO868AsWQNJ XUBamh6lRAVQ== X-IronPort-AV: E=McAfee;i="6000,8403,9702"; a="152220418" X-IronPort-AV: E=Sophos;i="5.75,433,1589266800"; d="png'150?scan'150,208,217,150";a="152220418" X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Aug 2020 22:53:01 -0700 IronPort-SDR: LQF3fYf1ZFp3OPoFR1QWL0o7XS39UHqd9wYZ6esNmwPkRdbeH6GqDr2X8irfwJ8MzKVVwMtwJz be9Yfvpb0cZA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,433,1589266800"; d="png'150?scan'150,208,217,150";a="330491669" Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84]) by FMSMGA003.fm.intel.com with ESMTP; 03 Aug 2020 22:53:00 -0700 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 3 Aug 2020 22:53:00 -0700 Received: from fmsmsx108.amr.corp.intel.com (10.18.124.206) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Mon, 3 Aug 2020 22:53:00 -0700 Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 3 Aug 2020 22:52:59 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.169) by edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 3 Aug 2020 22:52:59 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l4h7sfQpF27zKs9kpq5z7WGBDgZ+HsvcvIhISWqBBn+GGCAZ4mRwDxDSyeGsJl6r6npFkv3KHct8EbpsmKz70Jg/0Ga59ULy/4fD39M0W1Lee/1MTkK7yvT59secq32nmeHXBv/xiJRthkjOpOBRlFtU2g8VY49TzgjDZwjx4rhMDBnDmCuBI2OxoUvyQNc+f3U4F+98pkpDerYTMCflVpA6Z1ka1hb6A7MahBleWsG238JazL8lBQgH9ylA3CqxPhCvWj9KmkmQLa30q+i96RsiALbO6cU22Zcs/Q9wNzDSicJhaqqbKFP3cO5K7ULSy3CZ8GeIXj2GKt6FxS5jpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MzVb9lKLflseg5tbVS5MhT/Tcj5Fr2tkTIRLXYTEZhA=; b=VjS/OF0RDUnWUH7V4C9V4KGZ+OAzj8P196ggNebla8y0WjxWrJ4+HitJzuRLhfkiq2KcllDdoDs3zWYzTRrGb9pK3RK3nDXcckHyXiRsIXOsn1UmlGDKyRN16edhqxnW68j5ZR7btSAH4XeIKtzB1cfdx951t6cfkpBZ0HOfQx2ahxwygZ2R27bxEp8BqHRWAzHjsvXC8zQp5qa8SsGTq3Llc5tnLd5El8PKB11L3yQmg3MXEUjG2GhrZX7ol0Zrt0IjZJdlHD4gTUgISeDRdpYCPIbgDUWpYxFcITEaezjaRs7iO1uD8RI5730tdDs8XwJjefUREDx+i1hGi5bKmA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MzVb9lKLflseg5tbVS5MhT/Tcj5Fr2tkTIRLXYTEZhA=; b=pzFzdzfr6oFjBOAbnG2jnwPgw2DB1ThapzRRz6dZv+5kKFMIYoUFp9EW9DXbhhQkUfS9vJTyiEKBXBXfS2PLvk3nMSzhzOBHeBQioezGVFIwkVwfLf/ZfM2eQuAuxuo1hHVv2y9r2ci3GDf0ATOzA/QTP4qS0NGaSWNkLFCu9sM= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR11MB1815.namprd11.prod.outlook.com (2603:10b6:903:125::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.20; Tue, 4 Aug 2020 05:52:57 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::8cfa:f914:1ef2:9bbf]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::8cfa:f914:1ef2:9bbf%7]) with mapi id 15.20.3239.021; Tue, 4 Aug 2020 05:52:57 +0000 From: "Yao, Jiewen" To: Bret Barkelew , "devel@edk2.groups.io" , "Zhang, Qi1" CC: "Wang, Jian J" Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file. Thread-Topic: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file. Thread-Index: AQHWWar5Wq9MxN8Sv02u5OkL57B49akIFgLAgAAPF4CAAJOIMIAAClzQgAAEGICAHr9CgIAADSVg Date: Tue, 4 Aug 2020 05:52:57 +0000 Message-ID: References: <20200714064922.7025-1-qi1.zhang@intel.com> <20200714064922.7025-2-qi1.zhang@intel.com>, <1621F444E3AD18DD.16458@groups.io>,, In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-08-04T05:05:16.486Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZWEzYmZjODgtYjlmMS00YWU4LWFmZDAtNDgzYjdkNDQzNmMwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiXC9IVVdpK0hmd0tVNlJ0UmFqNk1qM3R2SThaeEdla0o1TDFKOWZhTVFkVGZrcHlzcFlBcU5xaDJ5MDJZZXkrUUYifQ== x-ctpclassification: CTP_NT dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: microsoft.com; dkim=none (message not signed) header.d=none;microsoft.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.208] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: de430bdc-826a-471b-4133-08d8383aa3b0 x-ms-traffictypediagnostic: CY4PR11MB1815: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: bF+KtNFLaELS2sAGCZXFj49PHG4F7Ia27ObBxVVpShjufUwasajGY9fU6rhhtKFATSakE2CVYzLZ+aftE+cwZwK9xkTztnRqh5NEb1Hoc885amhznTYcFMlXp7krC7++xv2WSaAwCkoSxFbAoPc8fEMZM/r0JunroXX78ldyB2E17+iA8jirIcAB17K2CjNkozzjPKqxZVYJcMC0IJino1k8cX4E0rSsjwszB7oxnUoWByefa+AR8gxfZkrWnQcuRk4+v1+hRLpNpNbsO6Et17N+5TP5g2X+TBxtZU6X0cavtd+3p4zwpfVUCYXoviZ6/FaE14XQnMU8o3gPTegnua7RiieAt6f/rjsT+ODkQIVpr466e5Irx5IpeNzotn44uD+OTo9zx6003xI6zMzGew== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(39860400002)(366004)(396003)(346002)(136003)(376002)(66946007)(66476007)(9686003)(66556008)(66446008)(64756008)(33656002)(66616009)(316002)(76236003)(26005)(55016002)(76116006)(6636002)(107886003)(5660300002)(52536014)(83380400001)(4326008)(8936002)(110136005)(15650500001)(7696005)(8676002)(71200400001)(45080400002)(166002)(186003)(99936003)(966005)(2906002)(478600001)(6506007)(86362001)(53546011);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: nJLyw3u0Crjv6McDH5QGEL841VYTUcwoPM95Z6VqCm3XHKBb24AdCkz1iSDzpx42cxa9NQ8AjbM5tRLz+XLlM2nmDQgFzAX99iwyumbwZFUFmsJ23C/MoJQ+fYo0Qu5BuR68H6ogYhaexEzxSG5B2DPlgMnKZii8nFepX4fNgcwY8WJrOusMF6hpgOpubL5lWXdSVgAxUnS7ufrD/4PCrC3xhnmSymPekV3Xz4tLyIkGMlUSNLXDfH7qIBysED9J3eyEtffZ5q+X0r7SLsSBgtGQA7Q53h1EvGdgYscAPi23aLV/6mHstN3iW2BrevOshn+yPDWkoFJ3ybHvJ1DlLas4F3vJOkZ3P/8EZ5OfGRghXU/lZIG8BDT5T/YVSIIfhp1qT78qNY/tCRjO2dOfBrbtfHQIC7F9xX5iOypnXq2yNGxdfIC/3lrdIXEr/kFbN8rsgC5+fnwMQPpT8nK3fkHvDE0WAvsRXmzwJIvRH6TgLq/K8hAZvPLha/HFR/426y9wNNiEJ+7Xi6ebJGOtBKi2tLAGViqscl+hqjMyTJWKdvxheeERc/4djgGwFkhhNB8cHBm0AoZOdfDlYlNum3QMa2xctsAnpWMwUUQhE8+ylI6cUa3dferwBqv5MPlartCdPDgZQsJGh4njNmFMdg== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: de430bdc-826a-471b-4133-08d8383aa3b0 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Aug 2020 05:52:57.7561 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SGGhzdg67zfIpjwwankfLcW4pOSfi0oMbmCQWGCU/0S92pIcYGS4z3l5LpTNwiESLeXR2fceF8zOXK/XKe6zfQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1815 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com X-Groupsio-MsgNum: 63692 Content-Language: en-US Content-Type: multipart/related; boundary="_004_CY4PR11MB12882B8CC1DC7BF6DB3C6ACE8C4A0CY4PR11MB1288namp_"; type="multipart/alternative" --_004_CY4PR11MB12882B8CC1DC7BF6DB3C6ACE8C4A0CY4PR11MB1288namp_ Content-Type: multipart/alternative; boundary="_000_CY4PR11MB12882B8CC1DC7BF6DB3C6ACE8C4A0CY4PR11MB1288namp_" --_000_CY4PR11MB12882B8CC1DC7BF6DB3C6ACE8C4A0CY4PR11MB1288namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable The code is already pushed after review. Please take a look the latest one. If it does not work, then you can file a new BZ. Thank you Yao Jiewen From: Bret Barkelew Sent: Tuesday, August 4, 2020 1:05 PM To: Yao, Jiewen ; devel@edk2.groups.io; Zhang, Qi1 <= qi1.zhang@intel.com>; Bret Barkelew Cc: Wang, Jian J Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi heade= r file. The more I think about it, the more I like your idea of registering early = and allowing a PPI notification callback. Is that something we could get in this change, or would it be best to open= a new BZ to track that request? Thanks! - Bret ________________________________ From: devel@edk2.groups.io > on behalf of Bret Barkelew via groups.io = > Sent: Wednesday, July 15, 2020 8:32 AM To: Yao, Jiewen >; devel= @edk2.groups.io >; Zhang, Qi1 > Cc: Wang, Jian J > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add T= cgPpi header file. Yeah, that's kinda what I was thinking. It seemed like there was a little = of overlap that might eliminate the need for the extra libs (in our current= solution). I'll try to get a more detailed problem statement today, but I think you'v= e got the right idea there. - Bret From: Yao, Jiewen Sent: Wednesday, July 15, 2020 8:20 AM To: devel@edk2.groups.io; Yao, Jiewen; Bret Barkelew; Z= hang, Qi1 Cc: Wang, Jian J Subject: [EXTERNAL] RE: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add T= cgPpi header file. Maybe we can let TCG PEIM install the TCG_PPI *before* any measurement rec= ord, then the other PEIM can register a callback to record the HW ROT measu= rement ? Thank you Yao Jiewen From: devel@edk2.groups.io > On Behalf Of Yao, Jiewen Sent: Wednesday, July 15, 2020 10:45 PM To: Bret Barkelew >; devel@edk2.groups.io; Zhang, Qi1 > Cc: Wang, Jian J > Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi heade= r file. Hi Bret Do you have a full problem statement or Bugzilla? If we are resolving same problem, we can resolve altogether. If we are talking different problem, we can resolve one by one. Thank you Yao Jiewen From: Bret Barkelew > Sent: Wednesday, July 15, 2020 1:53 PM To: devel@edk2.groups.io; Yao, Jiewen >; Zhang, Qi1 > Cc: Wang, Jian J > Subject: Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file. Since we're working on early boot TCG interfaces, is this a good time to d= iscuss a standard way to init the log with measurements made by the HW root= of trust prior to Tcg2Pei? We were using a NULL lib and a registration pat= tern on the PEIM, but I'm open to other ideas, too. Thoughts? - Bret From: devel@edk2.groups.io > on behalf of Yao, Jiewen via groups.io > Sent: Tuesday, July 14, 2020 10:08:30 PM To: Zhang, Qi1 >; devel@ed= k2.groups.io > Cc: Wang, Jian J > Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add T= cgPpi header file. Thanks Qi. I just thought one use case that a PEIM may already have a calculated hash= (https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgith= ub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FT= cg2Pei.c%23L652&data=3D02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9= ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637= 303865193113145&sdata=3DV3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc= %3D&reserved=3D0) We may need add a flag to support this pre-hash use case. Such as: > +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)( > > + IN EDKII_TCG_PPI *This, > > + IN UINT64 Flags, // new field. BIT0 =3D 0 mea= ns HashData is the data to be hashed; BIT0 =3D 1 means HashData is the pre-= hash digest. > > + IN UINT8 *HashData, > > + IN UINTN HashDataLen, > > + IN TCG_PCR_EVENT_HDR *NewEventHdr, > > + IN UINT8 *NewEventData > > + ); > -----Original Message----- > From: Zhang, Qi1 > > Sent: Tuesday, July 14, 2020 2:49 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen >; Wan= g, Jian J >; > Zhang, Chao B > > Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file. > > From: Jiewen Yao > > > REF: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2= Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=3D02%7C01%7CBre= t.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f= 141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=3DVgWc2LNPqJRl= Bisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&reserved=3D0 > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Chao Zhang > > Signed-off-by: Jiewen Yao > > --- > SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++ > 1 file changed, 50 insertions(+) > create mode 100644 SecurityPkg/Include/Ppi/Tcg.h > > diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg= .h > new file mode 100644 > index 0000000000..4eacd57166 > --- /dev/null > +++ b/SecurityPkg/Include/Ppi/Tcg.h > @@ -0,0 +1,50 @@ > +/** @file > > + TCG PPI services. > > + > > +Copyright (c) 2020, Intel Corporation. All rights reserved.
> > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#ifndef _TCG_PPI_H_ > > +#define _TCG_PPI_H_ > > + > > +#include > > + > > +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI; > > + > > +/** > > + Tpm measure and log data, and extend the measurement result into a sp= ecific > PCR. > > + > > + @param[in] This Indicates the calling context > > + @param[in] HashData Physical address of the start of the da= ta buffer > > + to be hashed, extended, and logged. > > + @param[in] HashDataLen The length, in bytes, of the buffer ref= erenced by > HashData. > > + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data > structure. > > + @param[in] NewEventData Pointer to the new event data. > > + > > + @retval EFI_SUCCESS Operation completed successfully. > > + @retval EFI_UNSUPPORTED TPM device not available. > > + @retval EFI_OUT_OF_RESOURCES Out of memory. > > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. > > +**/ > > +typedef > > +EFI_STATUS > > +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)( > > + IN EDKII_TCG_PPI *This, > > + IN UINT8 *HashData, > > + IN UINTN HashDataLen, > > + IN TCG_PCR_EVENT_HDR *NewEventHdr, > > + IN UINT8 *NewEventData > > + ); > > + > > +/// > > +/// The EFI_TCG Protocol abstracts TCG activity. > > +/// > > +struct _EDKII_TCG_PPI { > > + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent; > > +}; > > + > > +extern EFI_GUID gEdkiiTcgPpiGuid; > > + > > +#endif > > -- > 2.26.2.windows.1 --_000_CY4PR11MB12882B8CC1DC7BF6DB3C6ACE8C4A0CY4PR11MB1288namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

The code is already pushed after review.=

 

Please take a look the latest one.

 

If it does not work, then you can file a new BZ.

 

Thank you

Yao Jiewen

 

 

From: Br= et Barkelew <Bret.Barkelew@microsoft.com>
Sent: Tuesday, August 4, 2020 1:05 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;= Zhang, Qi1 <qi1.zhang@intel.com>; Bret Barkelew <Bret.Barkelew@mi= crosoft.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPp= i header file.

 

The mo= re I think about it, the more I like your idea of registering early an= d allowing a PPI notification callback.

&= nbsp;

Is tha= t something we could get in this change, or would it be best to open a new = BZ to track that request? Thanks!

&= nbsp;

- Bret <= /p>

&= nbsp;

From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf o= f Bret Barkelew via groups.io <bret.barkelew=3Dmicrosoft.com@groups.io>
Sent: Wednesday, July 15, 2020 8:32 AM
To: Yao, Jiewen <jiewen.= yao@intel.com>; devel@edk2.groups.io <devel@edk2.groups.io>; Zhang, Qi1= <qi1.zhang@intel.com>
Cc: Wang, Jian J <jian.= j.wang@intel.com>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi= : Add TcgPpi header file.

 

Yeah, that’s kinda what I was thinking. It s= eemed like there was a little of overlap that might eliminate the need for = the extra libs (in our current solution).

 

I’ll try to get a more detailed problem stat= ement today, but I think you’ve got the right idea there.<= /p>

 

- Bret

 

From: Yao, Jiewen
Sent: Wednesday, July 15, 2020 8:20 AM
To: devel@edk2.groups.io; Yao, Jiewen; Bret Barke= lew; Zhang, Qi1
Cc: Wang, Jian J
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi= : Add TcgPpi header file.

 

Maybe we can let TCG PEIM install the TCG_PPI *= before* any measurement record, then the other PEIM can register a call= back to record the HW ROT measurement ?

 

Thank you

Yao Jiewen

 

From:= devel@edk2.groups.io <devel= @edk2.groups.io> On Behalf Of Yao, Jiewen
Sent: Wednesday, July 15, 2020 10:45 PM
To: Bret Barkelew <Bret.Barkelew@microsoft.com>; devel@edk2.groups.io; Zhang, Q= i1 <qi1.zhang@intel.com> Cc: Wang, Jian J <jian.= j.wang@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPp= i header file.

 

Hi Bret

Do you have a full problem statement or Bugzilla?<= o:p>

 

If we are resolving same problem, we can resolve a= ltogether.

If we are talking different problem, we can resolv= e one by one.

 

Thank you

Yao Jiewen

 

From: Bret Barkelew <Bret.Barkelew@microsoft.com>
Sent: Wednesday, July 15, 2020 1:53 PM
To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel= .com>; Zhang, Qi1 <qi1.zha= ng@intel.com>
Cc: Wang, Jian J <jian.= j.wang@intel.com>
Subject: Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file= .

 

Since we’re working on early boot TCG interf= aces, is this a good time to discuss a standard way to init the log with me= asurements made by the HW root of trust prior to Tcg2Pei? We were using a N= ULL lib and a registration pattern on the PEIM, but I’m open to other ideas, too. Thoughts?

 

- Bret

From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf o= f Yao, Jiewen via groups.io <jiewen.yao=3Dintel.com@groups.io>
Sent: Tuesday, July 14, 2020 10:08:30 PM
To: Zhang, Qi1 <qi1.zhang= @intel.com>; devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Wang, Jian J <jian.= j.wang@intel.com>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi= : Add TcgPpi header file.

 

Thanks Qi.

I just thought one use case that a PEIM may already have a calculated hash=   (https://nam06.safelinks.protection.outloo= k.com/?url=3Dhttps%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2F= SecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&amp;data=3D02%7C01%7CBre= t.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f= 141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&amp;sdata=3DV3ofX%2F= vs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&amp;reserved=3D0)
We may need add a flag to support this pre-hash use case. Such as:

> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> +  IN      EDKII_TCG_PPI  &nb= sp;          *This,
>
> +  IN      UINT64   &nbs= p;            &= nbsp;  Flags,  // new field. BIT0 =3D 0 means HashData is the dat= a to be hashed; BIT0 =3D 1 means HashData is the pre-hash digest.
>
> +  IN      UINT8    = ;            &n= bsp;    *HashData,
>
> +  IN      UINTN    = ;            &n= bsp;    HashDataLen,
>
> +  IN      TCG_PCR_EVENT_HDR  = ;       *NewEventHdr,
>
> +  IN      UINT8    = ;            &n= bsp;    *NewEventData
>
> +  );

> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang= @intel.com>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel@edk2.groups.io<= br> > Cc: Yao, Jiewen <jiewen.ya= o@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Chao B <chao.b.zh= ang@intel.com>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.y= ao@intel.com>
>
> REF: https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fbugzil= la.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&amp;data=3D02%7C01%7CBret.B= arkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141= af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&amp;sdata=3DVgWc2LNPqJR= lBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&amp;reserved=3D0
>
> Cc: Jiewen Yao <jiewen.yao= @intel.com>
> Cc: Jian J Wang <jian.j.w= ang@intel.com>
> Cc: Chao Zhang <chao.b.z= hang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
>  SecurityPkg/Include/Ppi/Tcg.h | 50 ++++++++++++++++++++++++++++= +++++++
>  1 file changed, 50 insertions(+)
>  create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/= Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> +  TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>= ;
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> +  Tpm measure and log data, and extend the measurement result i= nto a specific
> PCR.
>
> +
>
> +  @param[in]      This  &nbs= p;       Indicates the calling context
>
> +  @param[in]      HashData  =     Physical address of the start of the data buffer
>
> +           &n= bsp;            = ;        to be hashed, extended, and log= ged.
>
> +  @param[in]      HashDataLen &nb= sp; The length, in bytes, of the buffer referenced by
> HashData.
>
> +  @param[in]      NewEventHdr &nb= sp; Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> +  @param[in]      NewEventData  P= ointer to the new event data.
>
> +
>
> +  @retval EFI_SUCCESS       =     Operation completed successfully.
>
> +  @retval EFI_UNSUPPORTED       T= PM device not available.
>
> +  @retval EFI_OUT_OF_RESOURCES  Out of memory.
>
> +  @retval EFI_DEVICE_ERROR      The op= eration was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> +  IN      EDKII_TCG_PPI  &nb= sp;          *This,
>
> +  IN      UINT8    = ;            &n= bsp;    *HashData,
>
> +  IN      UINTN    = ;            &n= bsp;    HashDataLen,
>
> +  IN      TCG_PCR_EVENT_HDR  = ;       *NewEventHdr,
>
> +  IN      UINT8    = ;            &n= bsp;    *NewEventData
>
> +  );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> +  EDKII_TCG_HASH_LOG_EXTEND_EVENT     HashL= ogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1

 

--_000_CY4PR11MB12882B8CC1DC7BF6DB3C6ACE8C4A0CY4PR11MB1288namp_-- --_004_CY4PR11MB12882B8CC1DC7BF6DB3C6ACE8C4A0CY4PR11MB1288namp_ Content-Type: image/png; name="image002.png" Content-Description: image002.png Content-Disposition: inline; filename="image002.png"; size=157; creation-date="Tue, 04 Aug 2020 05:52:56 GMT"; modification-date="Tue, 04 Aug 2020 05:52:56 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAfAAAAABCAMAAAAWywzcAAAAAXNSR0IArs4c6QAAAANQTFRFv83b Bi0mqAAAAAlwSFlzAAASdAAAEnQB3mYfeAAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmlj ZX/tNXEAAAAOSURBVChTY2AYBSMqBAAB8QABSLudZgAAAABJRU5ErkJggg== --_004_CY4PR11MB12882B8CC1DC7BF6DB3C6ACE8C4A0CY4PR11MB1288namp_--