Since we’re working on early boot TCG interfaces, is this a good time to discuss a standard way to init the log with measurements made by the HW root of trust prior to Tcg2Pei? We were using a NULL lib and a registration pattern on the PEIM, but I’m open to other ideas, too. Thoughts? - Bret ________________________________ From: devel@edk2.groups.io on behalf of Yao, Jiewen via groups.io Sent: Tuesday, July 14, 2020 10:08:30 PM To: Zhang, Qi1 ; devel@edk2.groups.io Cc: Wang, Jian J Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file. Thanks Qi. I just thought one use case that a PEIM may already have a calculated hash (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=V3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&reserved=0) We may need add a flag to support this pre-hash use case. Such as: > +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)( > > + IN EDKII_TCG_PPI *This, > > + IN UINT64 Flags, // new field. BIT0 = 0 means HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash digest. > > + IN UINT8 *HashData, > > + IN UINTN HashDataLen, > > + IN TCG_PCR_EVENT_HDR *NewEventHdr, > > + IN UINT8 *NewEventData > > + ); > -----Original Message----- > From: Zhang, Qi1 > Sent: Tuesday, July 14, 2020 2:49 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Zhang, Chao B > Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file. > > From: Jiewen Yao > > REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=VgWc2LNPqJRlBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&reserved=0 > > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Chao Zhang > Signed-off-by: Jiewen Yao > --- > SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++ > 1 file changed, 50 insertions(+) > create mode 100644 SecurityPkg/Include/Ppi/Tcg.h > > diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h > new file mode 100644 > index 0000000000..4eacd57166 > --- /dev/null > +++ b/SecurityPkg/Include/Ppi/Tcg.h > @@ -0,0 +1,50 @@ > +/** @file > > + TCG PPI services. > > + > > +Copyright (c) 2020, Intel Corporation. All rights reserved.
> > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#ifndef _TCG_PPI_H_ > > +#define _TCG_PPI_H_ > > + > > +#include > > + > > +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI; > > + > > +/** > > + Tpm measure and log data, and extend the measurement result into a specific > PCR. > > + > > + @param[in] This Indicates the calling context > > + @param[in] HashData Physical address of the start of the data buffer > > + to be hashed, extended, and logged. > > + @param[in] HashDataLen The length, in bytes, of the buffer referenced by > HashData. > > + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data > structure. > > + @param[in] NewEventData Pointer to the new event data. > > + > > + @retval EFI_SUCCESS Operation completed successfully. > > + @retval EFI_UNSUPPORTED TPM device not available. > > + @retval EFI_OUT_OF_RESOURCES Out of memory. > > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. > > +**/ > > +typedef > > +EFI_STATUS > > +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)( > > + IN EDKII_TCG_PPI *This, > > + IN UINT8 *HashData, > > + IN UINTN HashDataLen, > > + IN TCG_PCR_EVENT_HDR *NewEventHdr, > > + IN UINT8 *NewEventData > > + ); > > + > > +/// > > +/// The EFI_TCG Protocol abstracts TCG activity. > > +/// > > +struct _EDKII_TCG_PPI { > > + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent; > > +}; > > + > > +extern EFI_GUID gEdkiiTcgPpiGuid; > > + > > +#endif > > -- > 2.26.2.windows.1