From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.6754.1597111233557272627 for ; Mon, 10 Aug 2020 19:00:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=A5TwTGhW; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jiewen.yao@intel.com) IronPort-SDR: cH+dCcLMgGvBtv3Sw6VcceajSL8Fqm++ZMQ2KxPmq7TV3zq+EM0YlxZqJ0sqD576x5ZDOI1VgU ZrpQJ1lKCWqQ== X-IronPort-AV: E=McAfee;i="6000,8403,9709"; a="171692856" X-IronPort-AV: E=Sophos;i="5.75,459,1589266800"; d="scan'208";a="171692856" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Aug 2020 19:00:32 -0700 IronPort-SDR: d2qXABjSQLcf6XIJ1jqlq9pihCGnINFiw4JjXyx4UFGxqVUXyb4+6V2sFj/WBAOfR8UeSX6cL2 qiNdLQNRiVug== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,459,1589266800"; d="scan'208";a="469258170" Received: from orsmsx606-2.jf.intel.com (HELO ORSMSX606.amr.corp.intel.com) ([10.22.229.86]) by orsmga005.jf.intel.com with ESMTP; 10 Aug 2020 19:00:32 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 10 Aug 2020 19:00:31 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 10 Aug 2020 19:00:31 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Mon, 10 Aug 2020 19:00:31 -0700 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (104.47.37.55) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 10 Aug 2020 19:00:14 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eG8U3rJN3rkaMPVvC8S2mmegYBBZwTTAXhEMpu6J5uTFUViZvZxNA5gnKmmTHPMkx5gmnea3Rer9BPW0o2UToKDdBvctq0m2YYl5BnVyU+BaNuUZGsynPb2W465PNov7cZqJ8mk7IMa5GIbCCS0X9CUb1RQkTO5sJ+Ez0AxuGQc59IcVfXujsbJgJ5ZBWs6SI1wo5E5I8kUrybwt5gjkF/UW2cJgHjy87X15RYeUfmjr/Dpy5fmQdJoxQfudMCnG1kZpj0D6dA1F45par+QJ8Q1bYFca2xlGnTof58dLMEJX2gWwCo7G9u5zeNp+RsO9HdXGVfiRqv+4Gbyn+dsj1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ONBWBgQpRWZmeI11H+1hUOSuynilvsxfTYbYK7sbouU=; b=mv+xza2GjAV9aFNYXgD62Jtkbxy8xzXndxluU8g6Yv+liuHwKNbdZvJRcvPGCzJaFIkw0bxURn/a3j5xTsYZTepjSPlQx6YFf2EU8xc0sRDAS9cvxAP1JSsbvElPeic6dhUCs7fUSILt0i5zyjfJ6P+ikCm0eD8AWGFyshBjH/uswazW6zYZNusjLnMYJ9Sbd5oFeRCn03qPAgW66k+jxkhLA0EQKl8CRVEt4p59wpsHwWWh7me07aLGcRuS81F4u8DvKxtOo+U2dfiq5Wrp4ZHISSKtR2YBE1GM305Vs/DsPZE7EDismWlmNsywDu2yKmhcOJI6usbMeyXsQM+gyw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ONBWBgQpRWZmeI11H+1hUOSuynilvsxfTYbYK7sbouU=; b=A5TwTGhWqMhf+x8UH2Mwo3BSzBINHV0NfWQLEKGFby+F9QKd3n1uI4FA1sJhERMSGK045kfJvb1UaxbTtvVjMLQKLK089BqkoWNFyDxuKJUgemGR1FFOjkxeRuOK3jeDgREVQjaG23r6R8GVrjiJ21gbyPUb+IXtnH8E/IIgWwg= Received: from CY4PR11MB1288.namprd11.prod.outlook.com (2603:10b6:903:23::8) by CY4PR11MB1366.namprd11.prod.outlook.com (2603:10b6:903:2b::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.19; Tue, 11 Aug 2020 02:00:13 +0000 Received: from CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::8cfa:f914:1ef2:9bbf]) by CY4PR11MB1288.namprd11.prod.outlook.com ([fe80::8cfa:f914:1ef2:9bbf%7]) with mapi id 15.20.3261.024; Tue, 11 Aug 2020 02:00:12 +0000 From: "Yao, Jiewen" To: "Zhang, Qi1" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Wu, Hao A" , "Chiu, Chasel" , "Desimone, Nathaniel L" , "Zeng, Star" Subject: Re: [PATCH v2 0/9] Need add a FSP binary measurement Thread-Topic: [PATCH v2 0/9] Need add a FSP binary measurement Thread-Index: AQHWa4lCx/HutBlhlUCCvtPHWyNdLKkyK9pw Date: Tue, 11 Aug 2020 02:00:12 +0000 Message-ID: References: <20200806003342.17866-1-qi1.zhang@intel.com> In-Reply-To: <20200806003342.17866-1-qi1.zhang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNTY3OTZmZjYtYzI1Zi00YTcyLTk0MDItZGRhZGMzMjQxZjczIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiU2xXemtJb3UyUjJOVFh2ZUMwc3d5WFZlaGpXSm9BWm9jQVYya3RQWXVUaDh1Y1B3S1hTdGxmMk1kcG9IOExrdCJ9 x-ctpclassification: CTP_NT dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [101.87.137.65] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: a58fcf33-22ed-42c5-501a-08d83d9a48e0 x-ms-traffictypediagnostic: CY4PR11MB1366: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: SXqI1MpLplTbrAfe5WEqOv1ElqdbvZiSY0nJ20OD+30erGPTvgRfcRc8Pyzsoracfya5YudFpObNbsr9cx0rffxgP+WbVsaMjQOqQ3BeDLY5DUJr8rrpb13D5ySENhJFLnnpJv6DECvC3daw3e5E0s8hJnC+yzeH2b1499LznnZxdJKusE2Fnje6qBoCV707Jf8Xonwlt+KWAlJTVQfISQ82pu5zmJTQaLG/drsAys4PQfeDbPT4th6zDwec8qrQiy2k+sBZeQX7js+tjI8qvRb9as1HsdMtuJfWas2SFOUqlcJERcjc8tQV/w45OfmCR6CdLlyJSfGPmK6XfyIy9GyT+t/fqKzFokLErnipS0ii/I1Kzso2vMNmXTLq7yfb/x7ysAhouMJCzXrJicys6Q== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR11MB1288.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(396003)(366004)(136003)(376002)(346002)(39860400002)(66476007)(66446008)(66556008)(9686003)(52536014)(33656002)(7696005)(316002)(54906003)(66946007)(8936002)(64756008)(71200400001)(110136005)(76116006)(83380400001)(107886003)(53546011)(8676002)(55016002)(5660300002)(966005)(4326008)(19627235002)(2906002)(6506007)(86362001)(26005)(186003)(478600001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: TT8f4254hnRv5YOxpEhm92z4T144YnmZskV+pKWKt8MX+jUSueMWBwGap1Kk1sU8YRoPaSA+w+09OAwElN0vGrdCSyE9O69KI1ln1NKKXxczkGoHISqAUfm2YaFUyyKdnZMFEGyAQqvXwcXf6MY8zom2Dy+30wBD/Y/LUnt539vmbW4QVUhqDujOpro+eOC+gLZcdQoPVsqEhpSjPvFmUxX95Wz4aEkXVe7t7Pbf0YYakrbpy9yRg9Qv+Ys9fCOtKrMRvzPNIdHTqdpkYRUjHkUMVI4jE7bJydZWCXsCPUEiqDhnB5yeIqvqaY5DF6/KCMxrFdDBuPlwn4+oFEwrykXL/95rVPQnSr+P42vkdKausM3KAonMEMA4PzOiA0TObm5DlIPIygAaFLseQzEG42iJnyT1w6h4/5qDG9SSmphWcqq+PR3L9A3Anlj6F0wO+NMFbgWjaxAVI1jG5K/F5ffhpYACky4jvQODbX9IEXlCI54iWuyN7uw9x+4m4N1GBcIqBObij9n/0uo9m/45Ep3y9kucg1TzSPe04r7y8MJVU6bbqUt34qB/42Lw/GdTWFWmwrpwwguyQE1FOTNTk87cCqHgT9ASMnB7Ks8/O+S5ZcaSCzaSyXXb785Ccj4JDIdpGmvFN3kXmmQOujnK/w== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CY4PR11MB1288.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a58fcf33-22ed-42c5-501a-08d83d9a48e0 X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Aug 2020 02:00:12.7874 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: cg681VGLIyzmTvUJIEcu4QUPInaAW6DAiV9iFl9kINDK6YPHkaOCOQlLL8HC6ocY5frGsCkw3bL40gCDRuZmHQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1366 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Qi Thanks for the update. 1) Since this is a new feature, a platform may already measure FSP binary i= n some ways, I recommend we change the default policy to: gIntelFsp2Wrapper= TokenSpaceGuid.PcdFspMeasurementConfig|0x00000000. 2) We should not check FSP_MEASURE_FSP in IntelFsp2WrappePkg, because it is= reserved bit. Below code should be removed. if (FspMeasureMask & FSP_MEASURE_FSP) { 3) I think " CheckPointer =3D (UINT8 *) ALIGN_POINTER (CheckPointer, 8);" s= hould also be present in "else" branch below. if (((EFI_FIRMWARE_VOLUME_HEADER *)CheckPointer)->ExtHeaderOffset !=3D 0)= { CheckPointer =3D CheckPointer + ((EFI_FIRMWARE_VOLUME_HEADER *)CheckPoi= nter)->ExtHeaderOffset; CheckPointer =3D CheckPointer + ((EFI_FIRMWARE_VOLUME_EXT_HEADER *)Chec= kPointer)->ExtHeaderSize; CheckPointer =3D (UINT8 *) ALIGN_POINTER (CheckPointer, 8); } else { CheckPointer =3D CheckPointer + ((EFI_FIRMWARE_VOLUME_HEADER *)CheckPoi= nter)->HeaderLength; } 4) Below logic can be simplified to: if (FspMeasureMask & FSP_MEASURE_FSPUPD) { FspHeaderPtr =3D (FSP_INFO_HEADER *) mFspFindFspHeader (FirmwareBlobBas= e); if (FspHeaderPtr =3D=3D NULL) { return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, = FirmwareBlobLength);; } return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, Fir= mwareBlobLength, FspHeaderPtr->CfgRegionOffset, Fsp= HeaderPtr->CfgRegionSize); } else { return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, Fi= rmwareBlobLength); } To: if (FspMeasureMask & FSP_MEASURE_FSPUPD) { FspHeaderPtr =3D (FSP_INFO_HEADER *) mFspFindFspHeader (FirmwareBlobBas= e); if (FspHeaderPtr !=3D NULL) { return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, F= irmwareBlobLength, FspHeaderPtr->CfgRegionOffset, Fsp= HeaderPtr->CfgRegionSize); } } return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, Firm= wareBlobLength); Thank you Yao Jiewen > -----Original Message----- > From: Zhang, Qi1 > Sent: Thursday, August 6, 2020 8:34 AM > To: devel@edk2.groups.io > Cc: Zhang, Qi1 ; Yao, Jiewen ; > Wang, Jian J ; Wu, Hao A ; Chi= u, > Chasel ; Desimone, Nathaniel L > ; Zeng, Star > Subject: [PATCH v2 0/9] Need add a FSP binary measurement >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2376 >=20 > The EDKII BIOS calls FSP API in FSP Wrapper Pkg. > This FSP code need to be measured into TPM. >=20 > We need add a generic module in FSP Wrapper Pkg code to measure: > 1) FSP-T, FSP-M, FSP-S in API mode. > 2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported > as standard FV and they will be measured by TCG-PEI. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Hao A Wu > Cc: Chasel Chiu > Cc: Nate DeSimone > Cc: Star Zeng > Cc: Qi Zhang >=20 > Jiewen Yao (8): > MdeModulePkg/TpmMeasurementLib: Add new API to TpmMeasurmentLib. > MdeModulePkg/NullTpmMeasurementLib: Add new API. > SecurityPkg/DxeTpmMeasurementLib: Add new API. > SecurityPkg/PeiTpmMeasurementLib: Add new API. > IntelFsp2WrapperPkg/FspMeasurementLib: Add header file. > IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib. > IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement. > IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and > PcdFspMeasurementConfig. >=20 > Qi Zhang (1): > SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY >=20 > .../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++- > .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +- > .../FspsWrapperPeim/FspsWrapperPeim.c | 85 ++++- > .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +- > .../Include/Library/FspMeasurementLib.h | 39 ++ > IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 + > IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 5 +- > .../BaseFspMeasurementLib.inf | 54 +++ > .../BaseFspMeasurementLib/FspMeasurementLib.c | 349 ++++++++++++++++++ > .../Include/Library/TpmMeasurementLib.h | 48 ++- > .../TpmMeasurementLibNull.c | 61 ++- > .../TpmMeasurementLibNull.inf | 6 +- > SecurityPkg/Include/Ppi/Tcg.h | 5 + > .../DxeTpmMeasurementLib.inf | 6 +- > .../DxeTpmMeasurementLib/EventLogRecord.c | 218 +++++++++++ > .../PeiTpmMeasurementLib/EventLogRecord.c | 218 +++++++++++ > .../PeiTpmMeasurementLib.inf | 4 + > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +- > 18 files changed, 1233 insertions(+), 31 deletions(-) > create mode 100644 > IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h > create mode 100644 > IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLi > b.inf > create mode 100644 > IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c > create mode 100644 > SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c > create mode 100644 > SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c >=20 > -- > 2.26.2.windows.1