From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web12.5773.1596357790530370233 for ; Sun, 02 Aug 2020 01:43:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=QnVRfBEA; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jiewen.yao@intel.com) IronPort-SDR: VsIckty7fJVdEOhwY2dTVEFHl1HR/TX05kv9nkNwwsgHVujKRDb0BDDizEyuAT8usbPQmDeZ+C SiZLVTdTWNKA== X-IronPort-AV: E=McAfee;i="6000,8403,9700"; a="149791076" X-IronPort-AV: E=Sophos;i="5.75,425,1589266800"; d="scan'208";a="149791076" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Aug 2020 01:43:09 -0700 IronPort-SDR: 9sTEeIdOKz1km/XiOV/83lTiTybC2nQkPvqXIfEpGLsbFDM3qUV5eAURdDHcwuNLNkDM/Aar1S 7KNau5IhEUag== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,425,1589266800"; d="scan'208";a="466132302" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga005.jf.intel.com with ESMTP; 02 Aug 2020 01:43:09 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Sun, 2 Aug 2020 01:43:09 -0700 Received: from orsmsx109.amr.corp.intel.com (10.22.240.7) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Sun, 2 Aug 2020 01:43:09 -0700 Received: from ORSEDG002.ED.cps.intel.com (10.7.248.5) by ORSMSX109.amr.corp.intel.com (10.22.240.7) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sun, 2 Aug 2020 01:43:08 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.173) by edgegateway.intel.com (134.134.137.101) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sun, 2 Aug 2020 01:43:08 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bLaFNA2ZOr1K7gvgphC8cM+TW+g6cP6if0Ik97fsyI4DoYoS+3T1yTeWW4LTKaPAJPuw0KAZ2h0HpFD/SFwgSkX4v7Gqe1wR5Ico1+3a72xBqA3ZfQ8i0Koam1PJTPV8us5KkF9u1oMNxDuMCS3koknqKqfCIUt6zBxVqafAaObbfs1bu2vekLHaAZaItbKQH0OdL25785XpjMeMbhCGhyK3rQca3qck0lpUMh+bGzl5LqIA0ADk6HNKOi4x8keML88arbKRI44l+yCXRXwboGnFSYpj37fFj1r0wNWQtPUVKuZVwGnWFmA8RVszhHOdY/L5SrG++Rpm5Ekn3uZDCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zn1l3M0YZbJcT8M2r0ilTJK1NLwGFUQ003HL4FQE/60=; b=Te8ZJ2AyGo34TwCDOMbfeBIVcFm0Cu4rJx6RYM5N/X52g5DCq8Z/WwCa4Ci/0S1UOy6vi1O4M1YG3NVXbUEMf/cbonBL0FfLvfqrqc50Di6Nfid6bG3/Qe8EUG3dEWqQbxbQLhUOeG3GIBwyO5HVXo3FBJnH/RsklfQuv7YkuoYCI/rUjn52CMnZBXDk3psLFEeZzXEZd8xUdkEGS2gZ9ljTq0qMMSyU8oJ7XfeezSVzSRdvVeyOdHe3fSaGkNnARegUv3dW1s3uyxwvgU8/809SehH3mp02I4TU2c242uVEtChFqb3UMckgnggjOvvG2EJ9gRZ5Q/7cTY0PxO7Tow== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zn1l3M0YZbJcT8M2r0ilTJK1NLwGFUQ003HL4FQE/60=; b=QnVRfBEAnL62n59h2P99bBJ9KSrJAw/GucPpHODeOEAFIb3Pff2YJB84GWbG8jgdcN3FjMPW2DnQlglyLQ7BUS9E3D6uHbvbeCDQ66JB/G9eRpNp3kBfCm8rjnEFmGUswnejmtPZ35cE9RJCFF1oMlpM3mHHhBmoyiDNNWvJavs= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR11MB1640.namprd11.prod.outlook.com (2603:10b6:910:8::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3239.20; Sun, 2 Aug 2020 08:43:06 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::8cfa:f914:1ef2:9bbf]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::8cfa:f914:1ef2:9bbf%7]) with mapi id 15.20.3239.021; Sun, 2 Aug 2020 08:43:06 +0000 From: "Yao, Jiewen" To: "Zhang, Qi1" , "devel@edk2.groups.io" CC: "Wang, Jian J" Subject: Re: [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: Add new API. Thread-Topic: [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: Add new API. Thread-Index: AQHWZxhJZf0SOYK6b06ILSZ8yQuWcKkkg6Dg Date: Sun, 2 Aug 2020 08:43:06 +0000 Message-ID: References: <20200731085437.16070-1-qi1.zhang@intel.com> <20200731085437.16070-5-qi1.zhang@intel.com> In-Reply-To: <20200731085437.16070-5-qi1.zhang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZmY3NmYyMTUtOWJkYS00NDc5LTkzODYtNjYwMDE1ZGM4MTIzIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiNHZtNVFxdWJVMlBFQWQyaEVlSW9HV3dYOFQzNHoxWWJqUloyWnAyRFpMd2NyRitYYVhTXC9HRGNOTU0rQmU3Q24ifQ== x-ctpclassification: CTP_NT dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.216] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9f028a9b-9ae2-4e46-f13f-08d836c013e2 x-ms-traffictypediagnostic: CY4PR11MB1640: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:2399; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: XTNWZmOvFIEXJV3U8mnfGVT5WUrhu+PLIX5XUNN7U1KY/DNr205oGXcf//feK1SewwExQB4IUzy9uLAmGgRGPflrh1Rsx36ZFU7SRj8tI4wuF7aiBP2MJzV9cOXKNCFWAY3vTgyJYYWecRN1l9z/E2d668xmHSVTsZsmQ57n0+U3W4SHU9rtIyRJ9Jq2WoVANKKHnWBgkOi/st8lvFQJJ8mF3kjNxK+FcrJzyYLX6n7OsGGFNLkl7AiVxCbE+kAn0njr+i0XySFJxyo4xBspAOWDTwHo4/P8oURS8ZFSFUcsxTrmso7yiPtIHNJ2ltf86SNYUPAGM65kdP5+lPcwYVeeShNqEy1SgMvgQYC8VT0qBVDOexb+o2fi4wYJOaQgxW5Lt6IGzrQ2MNI5vnjohA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(376002)(346002)(39860400002)(366004)(136003)(396003)(966005)(26005)(186003)(53546011)(15650500001)(86362001)(2906002)(33656002)(52536014)(55016002)(66446008)(66556008)(71200400001)(8936002)(4326008)(64756008)(66476007)(76116006)(8676002)(19627235002)(107886003)(9686003)(7696005)(6506007)(110136005)(478600001)(66946007)(30864003)(316002)(5660300002)(83380400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: QEcbWSk7x84E6tmLgCk5bDjvEMz5mGccqMpKUc+YAJ4wFrncG94SFcebh72bX7TYlqt7MxMAoLlyK63Jy0EX5eysb1HHC/kPbkwBlImuloYuBL4TysRy0yDVxJHBLdXkS2oJXqKl7EaS3wO9Nh5/mSr49c3DzsqoMr16gV9cGlB99iBZZCpkJiGTUOv2UJiG3CLRPiEyTv7yaI/X9NUjNwZzOoi6HttuXem8N2hkIG3LP2CVCJKKyjvdVDK2tKlWGocVopREvF/2qq2/t0q018We9T4aGlqm9v4NsCzlFV0dwOc8VC0sFMR/hBgFADytYuINWEXfEEfRMyCFplX4Ojhw5Q2SWVMu8RRP8JMLo12j3DxYt76fNHENI09Fvhk4vMFDfVs5YQACGgDN1OVivDJv0TcOc2avqO4MuacdUO4MxsLDFv3B0hFKGZL14IcYLWr5jg7yg/qPfnn5MAWM2vFkb3NMyYtnO6yQMFxpXbdii1yFhNBvZ9gPPC68S2Z+gO/Y5kpxwq+/uXdQBUoMDLOeqGo+G0KlT43qYVwESDL2xHJzolaztoK4fuspfEK0asWoWgsh8cv/Q3243mmlfYJ4op3gZeZYiV4hqBbCwF7YHIYxvMTG3OPcXpHpY61DnpFjVztaLClFC4rL+Zv0yQ== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9f028a9b-9ae2-4e46-f13f-08d836c013e2 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Aug 2020 08:43:06.6886 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: yqM5EagkKRjH/4HOjWnVS8oBxc198GN2DwqZUHp+hkLyZMLtyS97trGo/GHKTF4z+8rFyugN82c2IgtuGkAwKA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1640 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Please remove MeasureFirmwareBlobWithCfg() API here. > -----Original Message----- > From: Zhang, Qi1 > Sent: Friday, July 31, 2020 4:55 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Zhang, Qi1 > Subject: [PATCH 4/9] SecurityPkg/PeiTpmMeasurementLib: Add new API. >=20 > From: Jiewen Yao >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Qi Zhang > Signed-off-by: Jiewen Yao > --- > .../PeiTpmMeasurementLib/EventLogRecord.c | 409 ++++++++++++++++++ > .../PeiTpmMeasurementLib.inf | 5 + > 2 files changed, 414 insertions(+) > create mode 100644 > SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c >=20 > diff --git a/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c > b/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c > new file mode 100644 > index 0000000000..bd3d7000a1 > --- /dev/null > +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c > @@ -0,0 +1,409 @@ > +/** @file >=20 > + This library is used by other modules to measure data to TPM. >=20 > + >=20 > +Copyright (c) 2020, Intel Corporation. All rights reserved.
>=20 > +SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > + >=20 > +**/ >=20 > + >=20 > +#include >=20 > + >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > +#include >=20 > + >=20 > +#include >=20 > +#include >=20 > + >=20 > +#pragma pack (1) >=20 > + >=20 > +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX- > XXXXXXXXXXXX)" >=20 > +typedef struct { >=20 > + UINT8 BlobDescriptionSize; >=20 > + UINT8 > BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)]; >=20 > + EFI_PHYSICAL_ADDRESS BlobBase; >=20 > + UINT64 BlobLength; >=20 > +} PLATFORM_FIRMWARE_BLOB2_STRUCT; >=20 > + >=20 > +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" >=20 > +typedef struct { >=20 > + UINT8 TableDescriptionSize; >=20 > + UINT8 > TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)]; >=20 > + UINT64 NumberOfTables; >=20 > + EFI_CONFIGURATION_TABLE TableEntry[1]; >=20 > +} HANDOFF_TABLE_POINTERS2_STRUCT; >=20 > + >=20 > +#pragma pack () >=20 > + >=20 > +/** >=20 > + Tpm measure and log data, and extend the measurement result into a spe= cific > PCR. >=20 > + >=20 > + @param[in] PcrIndex PCR Index. >=20 > + @param[in] EventType Event type. >=20 > + @param[in] EventLog Measurement event log. >=20 > + @param[in] LogLen Event log length in bytes. >=20 > + @param[in] HashData The start of the data buffer to be hashed= , > extended. >=20 > + @param[in] HashDataLen The length, in bytes, of the buffer refer= enced by > HashData >=20 > + @param[in] Flags Bitmap providing additional information. >=20 > + >=20 > + @retval EFI_SUCCESS Operation completed successfully. >=20 > + @retval EFI_UNSUPPORTED TPM device not available. >=20 > + @retval EFI_OUT_OF_RESOURCES Out of memory. >=20 > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. >=20 > +**/ >=20 > +EFI_STATUS >=20 > +EFIAPI >=20 > +TpmMeasureAndLogDataWithFlags ( >=20 > + IN UINT32 PcrIndex, >=20 > + IN UINT32 EventType, >=20 > + IN VOID *EventLog, >=20 > + IN UINT32 LogLen, >=20 > + IN VOID *HashData, >=20 > + IN UINT64 HashDataLen, >=20 > + IN UINT64 Flags >=20 > + ) >=20 > +{ >=20 > + EFI_STATUS Status; >=20 > + EDKII_TCG_PPI *TcgPpi; >=20 > + TCG_PCR_EVENT_HDR TcgEventHdr; >=20 > + >=20 > + Status =3D PeiServicesLocatePpi( >=20 > + &gEdkiiTcgPpiGuid, >=20 > + 0, >=20 > + NULL, >=20 > + (VOID**)&TcgPpi >=20 > + ); >=20 > + if (EFI_ERROR(Status)) { >=20 > + return Status; >=20 > + } >=20 > + >=20 > + TcgEventHdr.PCRIndex =3D PcrIndex; >=20 > + TcgEventHdr.EventType =3D EventType; >=20 > + TcgEventHdr.EventSize =3D LogLen; >=20 > + >=20 > + Status =3D TcgPpi->HashLogExtendEvent ( >=20 > + TcgPpi, >=20 > + Flags, >=20 > + HashData, >=20 > + (UINTN)HashDataLen, >=20 > + &TcgEventHdr, >=20 > + EventLog >=20 > + ); >=20 > + return Status; >=20 > +} >=20 > + >=20 > +/** >=20 > + Get the FvName from the FV header. >=20 > + >=20 > + Causion: The FV is untrusted input. >=20 > + >=20 > + @param[in] FvBase Base address of FV image. >=20 > + @param[in] FvLength Length of FV image. >=20 > + >=20 > + @return FvName pointer >=20 > + @retval NULL FvName is NOT found >=20 > +**/ >=20 > +VOID * >=20 > +TpmMeasurementGetFvName ( >=20 > + IN EFI_PHYSICAL_ADDRESS FvBase, >=20 > + IN UINT64 FvLength >=20 > + ) >=20 > +{ >=20 > + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; >=20 > + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; >=20 > + >=20 > + if (FvBase >=3D MAX_ADDRESS) { >=20 > + return NULL; >=20 > + } >=20 > + if (FvLength >=3D MAX_ADDRESS - FvBase) { >=20 > + return NULL; >=20 > + } >=20 > + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { >=20 > + return NULL; >=20 > + } >=20 > + >=20 > + FvHeader =3D (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; >=20 > + if (FvHeader->Signature !=3D EFI_FVH_SIGNATURE) { >=20 > + return NULL; >=20 > + } >=20 > + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { >=20 > + return NULL; >=20 > + } >=20 > + if (FvHeader->ExtHeaderOffset + > sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) { >=20 > + return NULL; >=20 > + } >=20 > + FvExtHeader =3D (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + > FvHeader->ExtHeaderOffset); >=20 > + >=20 > + return &FvExtHeader->FvName; >=20 > +} >=20 > + >=20 > +/** >=20 > + Mesure a FirmwareBlob. >=20 > + >=20 > + @param[in] PcrIndex PcrIndex of the measurment. >=20 > + @param[in] Descrption Description for this FirmwareBlob. >=20 > + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. >=20 > + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob= . >=20 > + >=20 > + @retval EFI_SUCCESS Operation completed successfully. >=20 > + @retval EFI_UNSUPPORTED TPM device not available. >=20 > + @retval EFI_OUT_OF_RESOURCES Out of memory. >=20 > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. >=20 > +*/ >=20 > +EFI_STATUS >=20 > +EFIAPI >=20 > +MeasureFirmwareBlob ( >=20 > + IN UINT32 PcrIndex, >=20 > + IN CHAR8 *Description OPTIONAL, >=20 > + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, >=20 > + IN UINT64 FirmwareBlobLength >=20 > + ) >=20 > +{ >=20 > + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; >=20 > + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2; >=20 > + VOID *FvName; >=20 > + UINT32 EventType; >=20 > + VOID *EventLog; >=20 > + UINT32 EventLogSize; >=20 > + EFI_STATUS Status; >=20 > + >=20 > + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, > FirmwareBlobLength); >=20 > + >=20 > + if (((Description !=3D NULL) || (FvName !=3D NULL)) && >=20 > + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D > TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) { >=20 > + ZeroMem (&FvBlob2, sizeof(FvBlob2)); >=20 > + if (Description !=3D NULL) { >=20 > + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, > sizeof(FvBlob2.BlobDescription), "%a", Description); >=20 > + } else { >=20 > + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, > sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); >=20 > + } >=20 > + >=20 > + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); >=20 > + FvBlob2.BlobBase =3D FirmwareBlobBase; >=20 > + FvBlob2.BlobLength =3D FirmwareBlobLength; >=20 > + >=20 > + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; >=20 > + EventLog =3D &FvBlob2; >=20 > + EventLogSize =3D sizeof(FvBlob2); >=20 > + } else { >=20 > + FvBlob.BlobBase =3D FirmwareBlobBase; >=20 > + FvBlob.BlobLength =3D FirmwareBlobLength; >=20 > + >=20 > + EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; >=20 > + EventLog =3D &FvBlob; >=20 > + EventLogSize =3D sizeof(FvBlob); >=20 > + } >=20 > + >=20 > + Status =3D TpmMeasureAndLogData ( >=20 > + PcrIndex, >=20 > + EventType, >=20 > + EventLog, >=20 > + EventLogSize, >=20 > + (VOID*)(UINTN)FirmwareBlobBase, >=20 > + FirmwareBlobLength >=20 > + ); >=20 > + >=20 > + return Status; >=20 > +} >=20 > + >=20 > +/** >=20 > + Mesure a FirmwareBlob in separation mode of FV binary and configuratio= n. >=20 > + >=20 > + @param[in] Descrption Description for this FirmwareBlob. >=20 > + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. >=20 > + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob= . >=20 > + @param[in] CfgRegionOffset Configuration region offset in byt= es. >=20 > + @param[in] CfgRegionSize Configuration region in bytes. >=20 > + >=20 > + @retval EFI_SUCCESS Operation completed successfully. >=20 > + @retval EFI_UNSUPPORTED TPM device not available. >=20 > + @retval EFI_OUT_OF_RESOURCES Out of memory. >=20 > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. >=20 > +*/ >=20 > +EFI_STATUS >=20 > +EFIAPI >=20 > +MeasureFirmwareBlobWithCfg ( >=20 > + IN CHAR8 *Description OPTIONAL, >=20 > + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, >=20 > + IN UINT64 FirmwareBlobLength, >=20 > + IN UINT32 CfgRegionOffset, >=20 > + IN UINT32 CfgRegionSize >=20 > + ) >=20 > +{ >=20 > + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UPDBlob; >=20 > + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UPDBlob2; >=20 > + VOID *FvName; >=20 > + UINT32 FvEventType; >=20 > + VOID *FvEventLog, *UPDEventLog; >=20 > + UINT32 FvEventLogSize, UPDEventLogSize; >=20 > + EFI_STATUS Status; >=20 > + HASH_HANDLE HashHandle; >=20 > + UINT8 *HashBase; >=20 > + UINTN HashSize; >=20 > + TPML_DIGEST_VALUES DigestList; >=20 > + >=20 > + FvName =3D TpmMeasurementGetFvName (FirmwareBlobBase, > FirmwareBlobLength); >=20 > + >=20 > + if (((Description !=3D NULL) || (FvName !=3D NULL)) && >=20 > + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D > TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) { >=20 > + ZeroMem (&FvBlob2, sizeof(FvBlob2)); >=20 > + ZeroMem (&UPDBlob2, sizeof(UPDBlob2)); >=20 > + if (Description !=3D NULL) { >=20 > + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, > sizeof(FvBlob2.BlobDescription), "%a", Description); >=20 > + AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription, > sizeof(UPDBlob2.BlobDescription), "%aUDP", Description); >=20 > + } else { >=20 > + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, > sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); >=20 > + AsciiSPrint((CHAR8*)UPDBlob2.BlobDescription, > sizeof(UPDBlob2.BlobDescription), "(%g)UDP", FvName); >=20 > + } >=20 > + >=20 > + FvBlob2.BlobDescriptionSize =3D sizeof(FvBlob2.BlobDescription); >=20 > + FvBlob2.BlobBase =3D FirmwareBlobBase; >=20 > + FvBlob2.BlobLength =3D FirmwareBlobLength; >=20 > + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; >=20 > + FvEventLog =3D &FvBlob2; >=20 > + FvEventLogSize =3D sizeof(FvBlob2); >=20 > + >=20 > + UPDBlob2.BlobDescriptionSize =3D sizeof(UPDBlob2.BlobDescription); >=20 > + UPDBlob2.BlobBase =3D CfgRegionOffset; >=20 > + UPDBlob2.BlobLength =3D CfgRegionSize; >=20 > + UPDEventLog =3D &UPDBlob2; >=20 > + UPDEventLogSize =3D sizeof(UPDBlob2); >=20 > + } else { >=20 > + FvBlob.BlobBase =3D FirmwareBlobBase; >=20 > + FvBlob.BlobLength =3D FirmwareBlobLength; >=20 > + FvEventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; >=20 > + FvEventLog =3D &FvBlob; >=20 > + FvEventLogSize =3D sizeof(FvBlob); >=20 > + >=20 > + UPDBlob.BlobBase =3D CfgRegionOffset; >=20 > + UPDBlob.BlobLength =3D CfgRegionSize; >=20 > + UPDEventLog =3D &UPDBlob; >=20 > + UPDEventLogSize =3D sizeof(UPDBlob); >=20 > + } >=20 > + >=20 > + // Initialize a SHA hash context. >=20 > + Status =3D HashStart (&HashHandle); >=20 > + if (EFI_ERROR (Status)) { >=20 > + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status)); >=20 > + return Status; >=20 > + } >=20 > + >=20 > + // Hash FSP binary before UDP >=20 > + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase; >=20 > + HashSize =3D (UINTN) CfgRegionOffset; >=20 > + Status =3D HashUpdate (HashHandle, HashBase, HashSize); >=20 > + if (EFI_ERROR (Status)) { >=20 > + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); >=20 > + return Status; >=20 > + } >=20 > + >=20 > + // Hash FSP binary after UDP >=20 > + HashBase =3D (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + > CfgRegionSize; >=20 > + HashSize =3D (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionS= ize); >=20 > + Status =3D HashUpdate (HashHandle, HashBase, HashSize); >=20 > + if (EFI_ERROR (Status)) { >=20 > + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); >=20 > + return Status; >=20 > + } >=20 > + >=20 > + // Finalize the SHA hash. >=20 > + Status =3D HashFinal(HashHandle, &DigestList); >=20 > + if (EFI_ERROR (Status)) { >=20 > + DEBUG ((DEBUG_ERROR, "HashFinal failed - %r\n", Status)); >=20 > + return Status; >=20 > + } >=20 > + >=20 > + Status =3D TpmMeasureAndLogDataWithFlags ( >=20 > + 0, >=20 > + FvEventType, >=20 > + FvEventLog, >=20 > + FvEventLogSize, >=20 > + (UINT8 *) &DigestList, >=20 > + (UINTN) sizeof(DigestList), >=20 > + EDKII_TCG_PRE_HASH >=20 > + ); >=20 > + DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogDataWithFlags - %r\n", > Status)); >=20 > + >=20 > + Status =3D TpmMeasureAndLogData ( >=20 > + 1, >=20 > + EV_PLATFORM_CONFIG_FLAGS, >=20 > + UPDEventLog, >=20 > + UPDEventLogSize, >=20 > + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset, >=20 > + CfgRegionSize >=20 > + ); >=20 > + DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogData - %r\n", Status)); >=20 > + >=20 > + return Status; >=20 > +} >=20 > +/** >=20 > + Mesure a HandoffTable. >=20 > + >=20 > + @param[in] PcrIndex PcrIndex of the measurment. >=20 > + @param[in] Descrption Description for this HandoffTable. >=20 > + @param[in] TableGuid GUID of this HandoffTable. >=20 > + @param[in] TableAddress Base address of this HandoffTable. >=20 > + @param[in] TableLength Size in bytes of this HandoffTable= . >=20 > + >=20 > + @retval EFI_SUCCESS Operation completed successfully. >=20 > + @retval EFI_UNSUPPORTED TPM device not available. >=20 > + @retval EFI_OUT_OF_RESOURCES Out of memory. >=20 > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. >=20 > +*/ >=20 > +EFI_STATUS >=20 > +EFIAPI >=20 > +MeasureHandoffTable ( >=20 > + IN UINT32 PcrIndex, >=20 > + IN CHAR8 *Description OPTIONAL, >=20 > + IN EFI_GUID *TableGuid, >=20 > + IN VOID *TableAddress, >=20 > + IN UINTN TableLength >=20 > + ) >=20 > +{ >=20 > + EFI_HANDOFF_TABLE_POINTERS HandoffTables; >=20 > + HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2; >=20 > + UINT32 EventType; >=20 > + VOID *EventLog; >=20 > + UINT32 EventLogSize; >=20 > + EFI_STATUS Status; >=20 > + >=20 > + if ((Description !=3D NULL) && >=20 > + (PcdGet32(PcdTcgPfpMeasurementRevision) >=3D > TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) { >=20 > + ZeroMem (&HandoffTables2, sizeof(HandoffTables2)); >=20 > + AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, > sizeof(HandoffTables2.TableDescription), "%a", Description); >=20 > + >=20 > + HandoffTables2.TableDescriptionSize =3D > sizeof(HandoffTables2.TableDescription); >=20 > + HandoffTables2.NumberOfTables =3D 1; >=20 > + CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid); >=20 > + HandoffTables2.TableEntry[0].VendorTable =3D TableAddress; >=20 > + >=20 > + EventType =3D EV_EFI_HANDOFF_TABLES2; >=20 > + EventLog =3D &HandoffTables2; >=20 > + EventLogSize =3D sizeof(HandoffTables2); >=20 > + } else { >=20 > + HandoffTables.NumberOfTables =3D 1; >=20 > + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid); >=20 > + HandoffTables.TableEntry[0].VendorTable =3D TableAddress; >=20 > + >=20 > + EventType =3D EV_EFI_HANDOFF_TABLES; >=20 > + EventLog =3D &HandoffTables; >=20 > + EventLogSize =3D sizeof(HandoffTables); >=20 > + } >=20 > + >=20 > + Status =3D TpmMeasureAndLogData ( >=20 > + PcrIndex, >=20 > + EventType, >=20 > + EventLog, >=20 > + EventLogSize, >=20 > + TableAddress, >=20 > + TableLength >=20 > + ); >=20 > + return Status; >=20 > +} >=20 > diff --git > a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf > b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf > index 6625d0fd01..6ff32a2bdc 100644 > --- a/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf > +++ b/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf > @@ -26,6 +26,7 @@ >=20 >=20 > [Sources] >=20 > PeiTpmMeasurementLib.c >=20 > + EventLogRecord.c >=20 >=20 >=20 > [Packages] >=20 > MdePkg/MdePkg.dec >=20 > @@ -41,10 +42,14 @@ > PrintLib >=20 > PeiServicesLib >=20 > PeiServicesTablePointerLib >=20 > + HashLib >=20 >=20 >=20 > [Ppis] >=20 > gEdkiiTcgPpiGuid #= # CONSUMES >=20 >=20 >=20 > +[Pcd] >=20 > + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision #= # > CONSUMES >=20 > + >=20 > [Depex] >=20 > gEfiPeiMasterBootModePpiGuid AND >=20 > gEfiTpmDeviceSelectedGuid >=20 > -- > 2.26.2.windows.1