* [PATCH v4 0/8] Need add a FSP binary measurement
@ 2020-08-18 6:26 Qi Zhang
2020-08-18 6:26 ` [PATCH v4 1/8] SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement Qi Zhang
` (9 more replies)
0 siblings, 10 replies; 19+ messages in thread
From: Qi Zhang @ 2020-08-18 6:26 UTC (permalink / raw)
To: devel
Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Hao A Wu, Chasel Chiu,
Nate DeSimone, Star Zeng
v4 change:
rename FvEventLogRecordLib to TcgEventLogRecordLib.
v3 change:
add a new lib FvEventLogRecordLib for gerneric code.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
The EDKII BIOS calls FSP API in FSP Wrapper Pkg.
This FSP code need to be measured into TPM.
We need add a generic module in FSP Wrapper Pkg code to measure:
1) FSP-T, FSP-M, FSP-S in API mode.
2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported
as standard FV and they will be measured by TCG-PEI.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Jiewen Yao (4):
IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and
PcdFspMeasurementConfig.
Qi Zhang (4):
SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement
SecurityPkg/dsc: add FvEventLogRecordLib
SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
.../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++-
.../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +-
.../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++-
.../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +-
.../Include/Library/FspMeasurementLib.h | 39 +++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 ++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 10 +-
.../BaseFspMeasurementLib.inf | 54 ++++
.../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
.../Include/Library/TcgEventLogRecordLib.h | 97 +++++++
SecurityPkg/Include/Ppi/Tcg.h | 5 +
.../TcgEventLogRecordLib.c | 197 ++++++++++++++
.../TcgEventLogRecordLib.inf | 40 +++
.../TcgEventLogRecordLib.uni | 17 ++
SecurityPkg/SecurityPkg.dec | 3 +
SecurityPkg/SecurityPkg.dsc | 2 +
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +-
17 files changed, 939 insertions(+), 25 deletions(-)
create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
create mode 100644 SecurityPkg/Include/Library/TcgEventLogRecordLib.h
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni
--
2.26.2.windows.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* [PATCH v4 1/8] SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
@ 2020-08-18 6:26 ` Qi Zhang
2020-08-18 6:26 ` [PATCH v4 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file Qi Zhang
` (8 subsequent siblings)
9 siblings, 0 replies; 19+ messages in thread
From: Qi Zhang @ 2020-08-18 6:26 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
.../Include/Library/TcgEventLogRecordLib.h | 97 +++++++++
.../TcgEventLogRecordLib.c | 197 ++++++++++++++++++
.../TcgEventLogRecordLib.inf | 40 ++++
.../TcgEventLogRecordLib.uni | 17 ++
4 files changed, 351 insertions(+)
create mode 100644 SecurityPkg/Include/Library/TcgEventLogRecordLib.h
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni
diff --git a/SecurityPkg/Include/Library/TcgEventLogRecordLib.h b/SecurityPkg/Include/Library/TcgEventLogRecordLib.h
new file mode 100644
index 0000000000..99d634c34e
--- /dev/null
+++ b/SecurityPkg/Include/Library/TcgEventLogRecordLib.h
@@ -0,0 +1,97 @@
+/** @file
+ This library is used by other modules to measure Firmware to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _TCG_EVENTLOGRECORD_LIB_H_
+#define _TCG_EVENTLOGRECORD_LIB_H_
+
+#include <Uefi.h>
+
+#pragma pack (1)
+
+#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
+typedef struct {
+ UINT8 BlobDescriptionSize;
+ UINT8 BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)];
+ EFI_PHYSICAL_ADDRESS BlobBase;
+ UINT64 BlobLength;
+} PLATFORM_FIRMWARE_BLOB2_STRUCT;
+
+#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF"
+typedef struct {
+ UINT8 TableDescriptionSize;
+ UINT8 TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)];
+ UINT64 NumberOfTables;
+ EFI_CONFIGURATION_TABLE TableEntry[1];
+} HANDOFF_TABLE_POINTERS2_STRUCT;
+
+#pragma pack ()
+
+/**
+ Get the FvName from the FV header.
+
+ Causion: The FV is untrusted input.
+
+ @param[in] FvBase Base address of FV image.
+ @param[in] FvLength Length of FV image.
+
+ @return FvName pointer
+ @retval NULL FvName is NOT found
+**/
+VOID *
+TpmMeasurementGetFvName (
+ IN EFI_PHYSICAL_ADDRESS FvBase,
+ IN UINT64 FvLength
+ );
+
+/**
+ Measure a FirmwareBlob.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] Description Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ );
+
+/**
+ Measure a HandoffTable.
+
+ @param[in] PcrIndex PcrIndex of the measurement.
+ @param[in] Description Description for this HandoffTable.
+ @param[in] TableGuid GUID of this HandoffTable.
+ @param[in] TableAddress Base address of this HandoffTable.
+ @param[in] TableLength Size in bytes of this HandoffTable.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureHandoffTable (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_GUID *TableGuid,
+ IN VOID *TableAddress,
+ IN UINTN TableLength
+ );
+
+#endif
diff --git a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
new file mode 100644
index 0000000000..e8a53fca0d
--- /dev/null
+++ b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
@@ -0,0 +1,197 @@
+/** @file
+ This library is used by other modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi/UefiBaseType.h>
+#include <Pi/PiFirmwareVolume.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/ReportStatusCodeLib.h>
+#include <Library/PcdLib.h>
+#include <Library/PrintLib.h>
+#include <Library/TcgEventLogRecordLib.h>
+#include <Library/TpmMeasurementLib.h>
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+/**
+ Get the FvName from the FV header.
+
+ Causion: The FV is untrusted input.
+
+ @param[in] FvBase Base address of FV image.
+ @param[in] FvLength Length of FV image.
+
+ @return FvName pointer
+ @retval NULL FvName is NOT found
+**/
+VOID *
+TpmMeasurementGetFvName (
+ IN EFI_PHYSICAL_ADDRESS FvBase,
+ IN UINT64 FvLength
+ )
+{
+ EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
+ EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
+
+ if (FvBase >= MAX_ADDRESS) {
+ return NULL;
+ }
+ if (FvLength >= MAX_ADDRESS - FvBase) {
+ return NULL;
+ }
+ if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
+ return NULL;
+ }
+
+ FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
+ if (FvHeader->Signature != EFI_FVH_SIGNATURE) {
+ return NULL;
+ }
+ if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
+ return NULL;
+ }
+ if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
+ return NULL;
+ }
+ FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
+
+ return &FvExtHeader->FvName;
+}
+
+/**
+ Measure a FirmwareBlob.
+
+ @param[in] PcrIndex PcrIndex of the measurement.
+ @param[in] Description Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+MeasureFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ )
+{
+ EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
+ PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2;
+ VOID *FvName;
+ UINT32 EventType;
+ VOID *EventLog;
+ UINT32 EventLogSize;
+ EFI_STATUS Status;
+
+ FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
+
+ if (((Description != NULL) || (FvName != NULL)) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ if (Description != NULL) {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description);
+ } else {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
+ }
+
+ FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
+ FvBlob2.BlobBase = FirmwareBlobBase;
+ FvBlob2.BlobLength = FirmwareBlobLength;
+
+ EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
+ EventLog = &FvBlob2;
+ EventLogSize = sizeof(FvBlob2);
+ } else {
+ FvBlob.BlobBase = FirmwareBlobBase;
+ FvBlob.BlobLength = FirmwareBlobLength;
+
+ EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
+ EventLog = &FvBlob;
+ EventLogSize = sizeof(FvBlob);
+ }
+
+ Status = TpmMeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ EventLogSize,
+ (VOID*)(UINTN)FirmwareBlobBase,
+ FirmwareBlobLength
+ );
+
+ return Status;
+}
+
+/**
+ Measure a HandoffTable.
+
+ @param[in] PcrIndex PcrIndex of the measurement.
+ @param[in] Description Description for this HandoffTable.
+ @param[in] TableGuid GUID of this HandoffTable.
+ @param[in] TableAddress Base address of this HandoffTable.
+ @param[in] TableLength Size in bytes of this HandoffTable.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+MeasureHandoffTable (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_GUID *TableGuid,
+ IN VOID *TableAddress,
+ IN UINTN TableLength
+ )
+{
+ EFI_HANDOFF_TABLE_POINTERS HandoffTables;
+ HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2;
+ UINT32 EventType;
+ VOID *EventLog;
+ UINT32 EventLogSize;
+ EFI_STATUS Status;
+
+ if ((Description != NULL) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTables2.TableDescription), "%a", Description);
+
+ HandoffTables2.TableDescriptionSize = sizeof(HandoffTables2.TableDescription);
+ HandoffTables2.NumberOfTables = 1;
+ CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid);
+ HandoffTables2.TableEntry[0].VendorTable = TableAddress;
+
+ EventType = EV_EFI_HANDOFF_TABLES2;
+ EventLog = &HandoffTables2;
+ EventLogSize = sizeof(HandoffTables2);
+ } else {
+ HandoffTables.NumberOfTables = 1;
+ CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid);
+ HandoffTables.TableEntry[0].VendorTable = TableAddress;
+
+ EventType = EV_EFI_HANDOFF_TABLES;
+ EventLog = &HandoffTables;
+ EventLogSize = sizeof(HandoffTables);
+ }
+
+ Status = TpmMeasureAndLogData (
+ PcrIndex,
+ EventType,
+ EventLog,
+ EventLogSize,
+ TableAddress,
+ TableLength
+ );
+ return Status;
+}
diff --git a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
new file mode 100644
index 0000000000..71388f43f6
--- /dev/null
+++ b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
@@ -0,0 +1,40 @@
+## @file
+# Provides interface for firmwware TPM measurement
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TcgEventLogRecordLib
+ MODULE_UNI_FILE = TcgEventLogRecordLib.uni
+ FILE_GUID = F8125B2A-3922-4A22-A6F8-3B6159A25A3B
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = NULL
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ TcgEventLogRecordLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ PcdLib
+ TpmMeasurementLib
+
+[Pcd]
+ gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES
diff --git a/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni
new file mode 100644
index 0000000000..b1ca410074
--- /dev/null
+++ b/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni
@@ -0,0 +1,17 @@
+// /** @file
+// Provides interface for firmwware TPM measurement
+//
+// This library provides MeasureFirmwareBlob() and MeasureHandoffTable()
+// to measure and log data, and extend the measurement result into a specific PCR.
+//
+// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides Firmware TPM measurement functions for TPM1.2 and TPM 2.0"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library provides MeasureFirmwareBlob() and MeasureHandoffTable() to measure and log data, and extend the measurement result into a specific PCR."
+
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
2020-08-18 6:26 ` [PATCH v4 1/8] SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement Qi Zhang
@ 2020-08-18 6:26 ` Qi Zhang
2020-08-18 13:06 ` Chiu, Chasel
2020-08-18 6:26 ` [PATCH v4 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
` (7 subsequent siblings)
9 siblings, 1 reply; 19+ messages in thread
From: Qi Zhang @ 2020-08-18 6:26 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../Include/Library/FspMeasurementLib.h | 39 +++++++++++++++++++
1 file changed, 39 insertions(+)
create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
new file mode 100644
index 0000000000..4620b4b08e
--- /dev/null
+++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
@@ -0,0 +1,39 @@
+/** @file
+ This library is used by FSP modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _FSP_MEASUREMENT_LIB_H_
+#define _FSP_MEASUREMENT_LIB_H_
+
+#define FSP_MEASURE_FSP BIT0
+#define FSP_MEASURE_FSPT BIT1
+#define FSP_MEASURE_FSPM BIT2
+#define FSP_MEASURE_FSPS BIT3
+#define FSP_MEASURE_FSPUPD BIT31
+
+/**
+ Measure a FSP FirmwareBlob.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] Description Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+*/
+EFI_STATUS
+EFIAPI
+MeasureFspFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ );
+#endif
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
2020-08-18 6:26 ` [PATCH v4 1/8] SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement Qi Zhang
2020-08-18 6:26 ` [PATCH v4 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file Qi Zhang
@ 2020-08-18 6:26 ` Qi Zhang
2020-08-18 13:06 ` Chiu, Chasel
2020-08-18 6:26 ` [PATCH v4 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
` (6 subsequent siblings)
9 siblings, 1 reply; 19+ messages in thread
From: Qi Zhang @ 2020-08-18 6:26 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../BaseFspMeasurementLib.inf | 54 ++++
.../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
2 files changed, 302 insertions(+)
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
new file mode 100644
index 0000000000..1b5f0012aa
--- /dev/null
+++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
@@ -0,0 +1,54 @@
+## @file
+# Provides FSP measurement functions.
+#
+# This library provides MeasureFspFirmwareBlob() to measure FSP binary.
+#
+# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = FspMeasurementLib
+ FILE_GUID = 890B12B4-56CC-453E-B062-4597FC6D3D8C
+ MODULE_TYPE = BASE
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = FspMeasurementLib
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+# VALID_ARCHITECTURES = IA32 X64
+#
+
+[Sources]
+ FspMeasurementLib.c
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ IntelFsp2Pkg/IntelFsp2Pkg.dec
+ IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
+
+[LibraryClasses]
+ BaseLib
+ BaseMemoryLib
+ DebugLib
+ PrintLib
+ PcdLib
+ PeiServicesLib
+ PeiServicesTablePointerLib
+ FspWrapperApiLib
+ TcgEventLogRecordLib
+ HashLib
+
+[Ppis]
+ gEdkiiTcgPpiGuid ## CONSUMES
+
+[Pcd]
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
+ gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES
+
diff --git a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
new file mode 100644
index 0000000000..0fe0606a6d
--- /dev/null
+++ b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
@@ -0,0 +1,248 @@
+/** @file
+ This library is used by FSP modules to measure data to TPM.
+
+Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Uefi.h>
+
+#include <Library/BaseMemoryLib.h>
+#include <Library/PeiServicesLib.h>
+#include <Library/PeiServicesTablePointerLib.h>
+#include <Library/PcdLib.h>
+#include <Library/PrintLib.h>
+#include <Library/DebugLib.h>
+#include <Library/FspWrapperApiLib.h>
+#include <Library/TpmMeasurementLib.h>
+#include <Library/FspMeasurementLib.h>
+#include <Library/TcgEventLogRecordLib.h>
+#include <Library/HashLib.h>
+
+#include <Ppi/Tcg.h>
+#include <IndustryStandard/UefiTcgPlatform.h>
+
+/**
+ Tpm measure and log data, and extend the measurement result into a specific PCR.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] EventType Event type.
+ @param[in] EventLog Measurement event log.
+ @param[in] LogLen Event log length in bytes.
+ @param[in] HashData The start of the data buffer to be hashed, extended.
+ @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
+ @param[in] Flags Bitmap providing additional information.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+TpmMeasureAndLogDataWithFlags (
+ IN UINT32 PcrIndex,
+ IN UINT32 EventType,
+ IN VOID *EventLog,
+ IN UINT32 LogLen,
+ IN VOID *HashData,
+ IN UINT64 HashDataLen,
+ IN UINT64 Flags
+ )
+{
+ EFI_STATUS Status;
+ EDKII_TCG_PPI *TcgPpi;
+ TCG_PCR_EVENT_HDR TcgEventHdr;
+
+ Status = PeiServicesLocatePpi(
+ &gEdkiiTcgPpiGuid,
+ 0,
+ NULL,
+ (VOID**)&TcgPpi
+ );
+ if (EFI_ERROR(Status)) {
+ return Status;
+ }
+
+ TcgEventHdr.PCRIndex = PcrIndex;
+ TcgEventHdr.EventType = EventType;
+ TcgEventHdr.EventSize = LogLen;
+
+ Status = TcgPpi->HashLogExtendEvent (
+ TcgPpi,
+ Flags,
+ HashData,
+ (UINTN)HashDataLen,
+ &TcgEventHdr,
+ EventLog
+ );
+ return Status;
+}
+
+/**
+ Measure a FSP FirmwareBlob.
+
+ @param[in] Description Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+ @param[in] CfgRegionOffset Configuration region offset in bytes.
+ @param[in] CfgRegionSize Configuration region in bytes.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+MeasureFspFirmwareBlobWithCfg (
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength,
+ IN UINT32 CfgRegionOffset,
+ IN UINT32 CfgRegionSize
+ )
+{
+ EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UpdBlob;
+ PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UpdBlob2;
+ VOID *FvName;
+ UINT32 FvEventType;
+ VOID *FvEventLog, *UpdEventLog;
+ UINT32 FvEventLogSize, UpdEventLogSize;
+ EFI_STATUS Status;
+ HASH_HANDLE HashHandle;
+ UINT8 *HashBase;
+ UINTN HashSize;
+ TPML_DIGEST_VALUES DigestList;
+
+ FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
+
+ if (((Description != NULL) || (FvName != NULL)) &&
+ (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
+ if (Description != NULL) {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description);
+ AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDescription), "%aUDP", Description);
+ } else {
+ AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
+ AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDescription), "(%g)UDP", FvName);
+ }
+
+ FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
+ FvBlob2.BlobBase = FirmwareBlobBase;
+ FvBlob2.BlobLength = FirmwareBlobLength;
+ FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
+ FvEventLog = &FvBlob2;
+ FvEventLogSize = sizeof(FvBlob2);
+
+ UpdBlob2.BlobDescriptionSize = sizeof(UpdBlob2.BlobDescription);
+ UpdBlob2.BlobBase = CfgRegionOffset;
+ UpdBlob2.BlobLength = CfgRegionSize;
+ UpdEventLog = &UpdBlob2;
+ UpdEventLogSize = sizeof(UpdBlob2);
+ } else {
+ FvBlob.BlobBase = FirmwareBlobBase;
+ FvBlob.BlobLength = FirmwareBlobLength;
+ FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
+ FvEventLog = &FvBlob;
+ FvEventLogSize = sizeof(FvBlob);
+
+ UpdBlob.BlobBase = CfgRegionOffset;
+ UpdBlob.BlobLength = CfgRegionSize;
+ UpdEventLog = &UpdBlob;
+ UpdEventLogSize = sizeof(UpdBlob);
+ }
+
+ /** Initialize a SHA hash context. **/
+ Status = HashStart (&HashHandle);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));
+ return Status;
+ }
+
+ /** Hash FSP binary before UDP **/
+ HashBase = (UINT8 *) (UINTN) FirmwareBlobBase;
+ HashSize = (UINTN) CfgRegionOffset;
+ Status = HashUpdate (HashHandle, HashBase, HashSize);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
+ return Status;
+ }
+
+ /** Hash FSP binary after UDP **/
+ HashBase = (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgRegionSize;
+ HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSize);
+ Status = HashUpdate (HashHandle, HashBase, HashSize);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
+ return Status;
+ }
+
+ /** Finalize the SHA hash. **/
+ Status = HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList);
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status));
+ return Status;
+ }
+
+ Status = TpmMeasureAndLogDataWithFlags (
+ 0,
+ FvEventType,
+ FvEventLog,
+ FvEventLogSize,
+ (UINT8 *) &DigestList,
+ (UINTN) sizeof(DigestList),
+ EDKII_TCG_PRE_HASH_LOG_ONLY
+ );
+
+ Status = TpmMeasureAndLogData (
+ 1,
+ EV_PLATFORM_CONFIG_FLAGS,
+ UpdEventLog,
+ UpdEventLogSize,
+ (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset,
+ CfgRegionSize
+ );
+
+ return Status;
+}
+
+/**
+ Measure a FSP FirmwareBlob.
+
+ @param[in] PcrIndex PCR Index.
+ @param[in] Description Description for this FirmwareBlob.
+ @param[in] FirmwareBlobBase Base address of this FirmwareBlob.
+ @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_UNSUPPORTED TPM device not available.
+ @retval EFI_OUT_OF_RESOURCES Out of memory.
+ @retval EFI_DEVICE_ERROR The operation was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+MeasureFspFirmwareBlob (
+ IN UINT32 PcrIndex,
+ IN CHAR8 *Description OPTIONAL,
+ IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
+ IN UINT64 FirmwareBlobLength
+ )
+{
+ UINT32 FspMeasureMask;
+ FSP_INFO_HEADER *FspHeaderPtr;
+
+ FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
+ if ((FspMeasureMask & FSP_MEASURE_FSPUPD) != 0) {
+ FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (FirmwareBlobBase);
+ if (FspHeaderPtr != NULL) {
+ return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, FirmwareBlobLength,
+ FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize);
+ }
+ }
+
+ return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, FirmwareBlobLength);
+}
+
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
` (2 preceding siblings ...)
2020-08-18 6:26 ` [PATCH v4 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
@ 2020-08-18 6:26 ` Qi Zhang
2020-08-18 13:07 ` Chiu, Chasel
2020-08-18 6:26 ` [PATCH v4 5/8] SecurityPkg/dsc: add FvEventLogRecordLib Qi Zhang
` (5 subsequent siblings)
9 siblings, 1 reply; 19+ messages in thread
From: Qi Zhang @ 2020-08-18 6:26 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
.../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++++++++++++++-
.../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +++--
.../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++++++++++++++-
.../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +++---
4 files changed, 204 insertions(+), 19 deletions(-)
diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
index 265b77ed60..24ab534620 100644
--- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
+++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
@@ -3,7 +3,7 @@
register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
notify to call FspSiliconInit API.
- Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -25,11 +25,14 @@
#include <Library/FspWrapperPlatformLib.h>
#include <Library/FspWrapperHobProcessLib.h>
#include <Library/FspWrapperApiLib.h>
+#include <Library/FspMeasurementLib.h>
#include <Ppi/FspSiliconInitDone.h>
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/MemoryDiscovered.h>
#include <Ppi/SecPlatformInformation.h>
+#include <Ppi/Tcg.h>
+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
#include <Library/FspWrapperApiTestLib.h>
#include <FspEas.h>
#include <FspStatusCode.h>
@@ -147,7 +150,21 @@ FspmWrapperInit (
VOID
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi;
+ EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList;
+
+ MeasurementExcludedFvPpi = AllocatePool (sizeof(*MeasurementExcludedFvPpi));
+ ASSERT(MeasurementExcludedFvPpi != NULL);
+ MeasurementExcludedFvPpi->Count = 1;
+ MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspmBaseAddress);
+ MeasurementExcludedFvPpi->Fv[0].FvLength = ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength;
+
+ MeasurementExcludedPpiList = AllocatePool (sizeof(*MeasurementExcludedPpiList));
+ ASSERT(MeasurementExcludedPpiList != NULL);
+ MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
+ MeasurementExcludedPpiList->Guid = &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
+ MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
Status = EFI_SUCCESS;
@@ -155,6 +172,9 @@ FspmWrapperInit (
Status = PeiFspMemoryInit ();
ASSERT_EFI_ERROR (Status);
} else {
+ Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
+ ASSERT_EFI_ERROR (Status);
+
PeiServicesInstallFvInfoPpi (
NULL,
(VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress),
@@ -167,6 +187,67 @@ FspmWrapperInit (
return Status;
}
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ );
+
+EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEdkiiTcgPpiGuid,
+ TcgPpiNotify
+};
+
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ )
+{
+ UINT32 FspMeasureMask;
+
+ DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n"));
+
+ FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
+
+ if ((FspMeasureMask & FSP_MEASURE_FSPT) != 0) {
+ MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFsptBaseAddress))->FvLength);
+ }
+
+ if ((FspMeasureMask & FSP_MEASURE_FSPM) != 0) {
+ MeasureFspFirmwareBlob (0, "FSPM", PcdGet32(PcdFspmBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspmBaseAddress))->FvLength);
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
This is the entrypoint of PEIM
@@ -182,8 +263,13 @@ FspmWrapperPeimEntryPoint (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
+ EFI_STATUS Status;
+
DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n"));
+ Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
+ ASSERT_EFI_ERROR (Status);
+
FspmWrapperInit ();
return EFI_SUCCESS;
diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
index dce7ef3d0b..c3578397b6 100644
--- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
@@ -6,7 +6,7 @@
# register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
# notify to call FspSiliconInit API.
#
-# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -44,17 +44,22 @@
TimerLib
FspWrapperApiLib
FspWrapperApiTestLib
+ FspMeasurementLib
[Packages]
MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
UefiCpuPkg/UefiCpuPkg.dec
+ SecurityPkg/SecurityPkg.dec
IntelFsp2Pkg/IntelFsp2Pkg.dec
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
[Pcd]
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES
[Sources]
FspmWrapperPeim.c
@@ -63,5 +68,10 @@
gFspHobGuid ## PRODUCES ## HOB
gFspApiPerformanceGuid ## SOMETIMES_CONSUMES ## GUID
+[Ppis]
+ gEdkiiTcgPpiGuid ## NOTIFY
+ gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES
+
[Depex]
- gEfiPeiMasterBootModePpiGuid
+ gEfiPeiMasterBootModePpiGuid AND
+ gPeiTpmInitializationDonePpiGuid
diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
index b20f0805a0..9d4f279e81 100644
--- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
+++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
@@ -3,7 +3,7 @@
register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
notify to call FspSiliconInit API.
- Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -24,12 +24,15 @@
#include <Library/TimerLib.h>
#include <Library/PerformanceLib.h>
#include <Library/FspWrapperApiLib.h>
+#include <Library/FspMeasurementLib.h>
#include <Ppi/FspSiliconInitDone.h>
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/MemoryDiscovered.h>
#include <Ppi/TemporaryRamDone.h>
#include <Ppi/SecPlatformInformation.h>
+#include <Ppi/Tcg.h>
+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
#include <Library/FspWrapperApiTestLib.h>
#include <FspEas.h>
#include <FspStatusCode.h>
@@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode (
VOID
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
+ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi;
+ EFI_PEI_PPI_DESCRIPTOR *MeasurementExcludedPpiList;
+
+ MeasurementExcludedFvPpi = AllocatePool (sizeof(*MeasurementExcludedFvPpi));
+ ASSERT(MeasurementExcludedFvPpi != NULL);
+ MeasurementExcludedFvPpi->Count = 1;
+ MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32 (PcdFspsBaseAddress);
+ MeasurementExcludedFvPpi->Fv[0].FvLength = ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength;
+
+ MeasurementExcludedPpiList = AllocatePool (sizeof(*MeasurementExcludedPpiList));
+ ASSERT(MeasurementExcludedPpiList != NULL);
+ MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
+ MeasurementExcludedPpiList->Guid = &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
+ MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
+
+ Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
+ ASSERT_EFI_ERROR (Status);
+
//
// FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI dispatcher.
//
@@ -398,6 +419,62 @@ FspsWrapperInitDispatchMode (
return Status;
}
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ );
+
+EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEdkiiTcgPpiGuid,
+ TcgPpiNotify
+};
+
+/**
+ This function is called after TCG installed PPI.
+
+ @param[in] PeiServices Pointer to PEI Services Table.
+ @param[in] NotifyDesc Pointer to the descriptor for the Notification event that
+ caused this function to execute.
+ @param[in] Ppi Pointer to the PPI data associated with this function.
+
+ @retval EFI_STATUS Always return EFI_SUCCESS
+**/
+EFI_STATUS
+EFIAPI
+TcgPpiNotify (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
+ IN VOID *Ppi
+ )
+{
+ UINT32 FspMeasureMask;
+
+ DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n"));
+
+ FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
+
+ if ((FspMeasureMask & FSP_MEASURE_FSPS) != 0) {
+ MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress),
+ (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32 (PcdFspsBaseAddress))->FvLength);
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
This is the entrypoint of PEIM.
@@ -413,8 +490,13 @@ FspsWrapperPeimEntryPoint (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
+ EFI_STATUS Status;
+
DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n"));
+ Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
+ ASSERT_EFI_ERROR (Status);
+
if (PcdGet8 (PcdFspModeSelection) == 1) {
FspsWrapperInitApiMode ();
} else {
diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
index 7da92991c8..884514747f 100644
--- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
+++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
@@ -6,7 +6,7 @@
# register TemporaryRamDonePpi to call TempRamExit API, and register MemoryDiscoveredPpi
# notify to call FspSiliconInit API.
#
-# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -44,24 +44,30 @@
PerformanceLib
FspWrapperApiLib
FspWrapperApiTestLib
+ FspMeasurementLib
[Packages]
MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
UefiCpuPkg/UefiCpuPkg.dec
+ SecurityPkg/SecurityPkg.dec
IntelFsp2Pkg/IntelFsp2Pkg.dec
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
[Ppis]
- gTopOfTemporaryRamPpiGuid ## PRODUCES
- gFspSiliconInitDonePpiGuid ## PRODUCES
- gEfiEndOfPeiSignalPpiGuid ## PRODUCES
- gEfiTemporaryRamDonePpiGuid ## PRODUCES
- gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY
+ gTopOfTemporaryRamPpiGuid ## PRODUCES
+ gFspSiliconInitDonePpiGuid ## PRODUCES
+ gEfiEndOfPeiSignalPpiGuid ## PRODUCES
+ gEfiTemporaryRamDonePpiGuid ## PRODUCES
+ gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY
+ gEdkiiTcgPpiGuid ## NOTIFY
+ gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## PRODUCES
[Pcd]
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES
- gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ## CONSUMES
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES
[Guids]
gFspHobGuid ## CONSUMES ## HOB
@@ -71,4 +77,5 @@
FspsWrapperPeim.c
[Depex]
- gEfiPeiMemoryDiscoveredPpiGuid
+ gEfiPeiMemoryDiscoveredPpiGuid AND
+ gPeiTpmInitializationDonePpiGuid
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 5/8] SecurityPkg/dsc: add FvEventLogRecordLib
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
` (3 preceding siblings ...)
2020-08-18 6:26 ` [PATCH v4 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
@ 2020-08-18 6:26 ` Qi Zhang
2020-08-18 6:26 ` [PATCH v4 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig Qi Zhang
` (4 subsequent siblings)
9 siblings, 0 replies; 19+ messages in thread
From: Qi Zhang @ 2020-08-18 6:26 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
SecurityPkg/SecurityPkg.dec | 3 +++
SecurityPkg/SecurityPkg.dsc | 2 ++
2 files changed, 5 insertions(+)
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 42fc48cc1f..1b7d62e802 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -84,6 +84,9 @@
#
VariableKeyLib|Include/Library/VariableKeyLib.h
+ ## @libraryclass Provides interfaces about firmware TPM measurement.
+ #
+ TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h
[Guids]
## Security package token space guid.
# Include/Guid/SecurityPkgTokenSpace.h
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 28effe3eda..36d15b79f9 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -66,6 +66,7 @@
ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf
VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf
RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf
+ TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
[LibraryClasses.ARM]
#
@@ -240,6 +241,7 @@
SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf
SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf
SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf
+ SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
[Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig.
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
` (4 preceding siblings ...)
2020-08-18 6:26 ` [PATCH v4 5/8] SecurityPkg/dsc: add FvEventLogRecordLib Qi Zhang
@ 2020-08-18 6:26 ` Qi Zhang
2020-08-18 13:09 ` Chiu, Chasel
2020-08-18 6:26 ` [PATCH v4 7/8] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY Qi Zhang
` (3 subsequent siblings)
9 siblings, 1 reply; 19+ messages in thread
From: Qi Zhang @ 2020-08-18 6:26 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng, Qi Zhang
From: Jiewen Yao <jiewen.yao@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
---
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 +++++++++++++++++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 6 +++++-
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
index faf2be621c..cb41ca9807 100644
--- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
+++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
@@ -92,6 +92,23 @@
#
gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection|0x00000001|UINT8|0x4000000A
+ ## This PCD decides how FSP is measured
+ # 1) The BootGuard ACM may already measured the FSP component, such as FSPT/FSPM.
+ # We need a flag (PCD) to indicate if there is need to do such FSP measurement or NOT.
+ # 2) The FSP binary includes FSP code and FSP UPD region. The UPD region is considered
+ # as configuration block, and it may be updated by OEM by design.
+ # This flag (PCD) is to indicate if we need isolate the the UPD region from the FSP code region.
+ # BIT0: Need measure FSP. (for FSP1.x) - reserved in FSP2.
+ # BIT1: Need measure FSPT. (for FSP 2.x)
+ # BIT2: Need measure FSPM. (for FSP 2.x)
+ # BIT3: Need measure FSPS. (for FSP 2.x)
+ # BIT4~30: reserved.
+ # BIT31: Need isolate UPD region measurement.
+ #0: measure FSP[T|M|S] as one binary in one record (PCR0).
+ #1: measure FSP UPD region in one record (PCR1), the FSP code without UPD in another record (PCR0).
+ #
+ gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x00000000|UINT32|0x4000000B
+
[PcdsFixedAtBuild, PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx]
#
## These are the base address of FSP-M/S
diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
index cb4f69285d..aa2eb26c33 100644
--- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
+++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
@@ -1,7 +1,7 @@
## @file
# Provides drivers and definitions to support fsp in EDKII bios.
#
-# Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
@@ -45,6 +45,7 @@
# FSP Wrapper Lib
FspWrapperApiLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/BaseFspWrapperApiLib.inf
FspWrapperApiTestLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiTestLibNull/BaseFspWrapperApiTestLibNull.inf
+ FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
# FSP platform sample
FspWrapperPlatformLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperPlatformLibSample/BaseFspWrapperPlatformLibSample.inf
@@ -57,6 +58,8 @@
PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
+ TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
+ TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
[LibraryClasses.common.DXE_DRIVER]
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
@@ -73,6 +76,7 @@
IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSample/SecFspWrapperPlatformSecLibSample.inf
IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProcessLibSample/PeiFspWrapperHobProcessLibSample.inf
IntelFsp2WrapperPkg/Library/PeiFspWrapperApiTestLib/PeiFspWrapperApiTestLib.inf
+ IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 7/8] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
` (5 preceding siblings ...)
2020-08-18 6:26 ` [PATCH v4 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig Qi Zhang
@ 2020-08-18 6:26 ` Qi Zhang
2020-08-18 6:26 ` [PATCH v4 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib Qi Zhang
` (2 subsequent siblings)
9 siblings, 0 replies; 19+ messages in thread
From: Qi Zhang @ 2020-08-18 6:26 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Jian J Wang, Rahul Kumar
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
SecurityPkg/Include/Ppi/Tcg.h | 5 +++++
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +++++++-----
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
index 0e943f2465..22f47f9817 100644
--- a/SecurityPkg/Include/Ppi/Tcg.h
+++ b/SecurityPkg/Include/Ppi/Tcg.h
@@ -18,6 +18,11 @@ typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
//
#define EDKII_TCG_PRE_HASH 0x0000000000000001
+//
+// This bit is shall be set when HashData is the pre-hash digest and log only.
+//
+#define EDKII_TCG_PRE_HASH_LOG_ONLY 0x0000000000000002
+
/**
Tpm measure and log data, and extend the measurement result into a specific PCR.
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 246968bb7f..0e770f4485 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -453,13 +453,15 @@ HashLogExtendEvent (
return EFI_DEVICE_ERROR;
}
- if(Flags & EDKII_TCG_PRE_HASH) {
+ if ((Flags & EDKII_TCG_PRE_HASH) != 0 || (Flags & EDKII_TCG_PRE_HASH_LOG_ONLY) != 0) {
ZeroMem (&DigestList, sizeof(DigestList));
CopyMem (&DigestList, HashData, sizeof(DigestList));
- Status = Tpm2PcrExtend (
- 0,
- &DigestList
- );
+ if ((Flags & EDKII_TCG_PRE_HASH) !=0 ) {
+ Status = Tpm2PcrExtend (
+ NewEventHdr->PCRIndex,
+ &DigestList
+ );
+ }
} else {
Status = HashAndExtend (
NewEventHdr->PCRIndex,
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* [PATCH v4 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
` (6 preceding siblings ...)
2020-08-18 6:26 ` [PATCH v4 7/8] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY Qi Zhang
@ 2020-08-18 6:26 ` Qi Zhang
2020-08-18 13:10 ` Chiu, Chasel
2020-08-21 5:55 ` [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement Bret Barkelew
2020-08-26 16:01 ` Laszlo Ersek
9 siblings, 1 reply; 19+ messages in thread
From: Qi Zhang @ 2020-08-18 6:26 UTC (permalink / raw)
To: devel; +Cc: Qi Zhang, Jiewen Yao, Chasel Chiu, Nate DeSimone, Star Zeng
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
---
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
index aa2eb26c33..738342b69b 100644
--- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
+++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
@@ -52,6 +52,8 @@
PlatformSecLib|IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSample/SecFspWrapperPlatformSecLibSample.inf
FspWrapperHobProcessLib|IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProcessLibSample/PeiFspWrapperHobProcessLibSample.inf
+ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf
+
[LibraryClasses.common.PEIM,LibraryClasses.common.PEI_CORE]
PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf
@@ -60,6 +62,8 @@
HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf
TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
+ HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf
+ Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
[LibraryClasses.common.DXE_DRIVER]
UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 19+ messages in thread
* Re: [PATCH v4 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
2020-08-18 6:26 ` [PATCH v4 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file Qi Zhang
@ 2020-08-18 13:06 ` Chiu, Chasel
0 siblings, 0 replies; 19+ messages in thread
From: Chiu, Chasel @ 2020-08-18 13:06 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Yao, Jiewen, Desimone, Nathaniel L, Zeng, Star
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 18, 2020 2:26 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chiu, Chasel
> <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>; Zhang,
> Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v4 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add
> header file.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../Include/Library/FspMeasurementLib.h | 39
> +++++++++++++++++++
> 1 file changed, 39 insertions(+)
> create mode 100644
> IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
>
> diff --git a/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
> b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
> new file mode 100644
> index 0000000000..4620b4b08e
> --- /dev/null
> +++ b/IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
> @@ -0,0 +1,39 @@
> +/** @file
>
> + This library is used by FSP modules to measure data to TPM.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _FSP_MEASUREMENT_LIB_H_
>
> +#define _FSP_MEASUREMENT_LIB_H_
>
> +
>
> +#define FSP_MEASURE_FSP BIT0
>
> +#define FSP_MEASURE_FSPT BIT1
>
> +#define FSP_MEASURE_FSPM BIT2
>
> +#define FSP_MEASURE_FSPS BIT3
>
> +#define FSP_MEASURE_FSPUPD BIT31
>
> +
>
> +/**
>
> + Measure a FSP FirmwareBlob.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] Description Description for this
> FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this
> FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this
> FirmwareBlob.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +*/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFspFirmwareBlob (
>
> + IN UINT32 PcrIndex,
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength
>
> + );
>
> +#endif
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
2020-08-18 6:26 ` [PATCH v4 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
@ 2020-08-18 13:06 ` Chiu, Chasel
0 siblings, 0 replies; 19+ messages in thread
From: Chiu, Chasel @ 2020-08-18 13:06 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Yao, Jiewen, Desimone, Nathaniel L, Zeng, Star
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 18, 2020 2:26 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chiu, Chasel
> <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>; Zhang,
> Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v4 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add
> BaseFspMeasurementLib.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../BaseFspMeasurementLib.inf | 54 ++++
> .../BaseFspMeasurementLib/FspMeasurementLib.c | 248
> ++++++++++++++++++
> 2 files changed, 302 insertions(+)
> create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasuremen
> tLib.inf
> create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.
> c
>
> diff --git
> a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurem
> entLib.inf
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurem
> entLib.inf
> new file mode 100644
> index 0000000000..1b5f0012aa
> --- /dev/null
> +++
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurem
> entLib.inf
> @@ -0,0 +1,54 @@
> +## @file
>
> +# Provides FSP measurement functions.
>
> +#
>
> +# This library provides MeasureFspFirmwareBlob() to measure FSP binary.
>
> +#
>
> +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +#
>
> +##
>
> +
>
> +[Defines]
>
> + INF_VERSION = 0x00010005
>
> + BASE_NAME = FspMeasurementLib
>
> + FILE_GUID =
> 890B12B4-56CC-453E-B062-4597FC6D3D8C
>
> + MODULE_TYPE = BASE
>
> + VERSION_STRING = 1.0
>
> + LIBRARY_CLASS = FspMeasurementLib
>
> +
>
> +#
>
> +# The following information is for reference only and not required by the
> build tools.
>
> +#
>
> +# VALID_ARCHITECTURES = IA32 X64
>
> +#
>
> +
>
> +[Sources]
>
> + FspMeasurementLib.c
>
> +
>
> +[Packages]
>
> + MdePkg/MdePkg.dec
>
> + MdeModulePkg/MdeModulePkg.dec
>
> + SecurityPkg/SecurityPkg.dec
>
> + IntelFsp2Pkg/IntelFsp2Pkg.dec
>
> + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
>
> +
>
> +[LibraryClasses]
>
> + BaseLib
>
> + BaseMemoryLib
>
> + DebugLib
>
> + PrintLib
>
> + PcdLib
>
> + PeiServicesLib
>
> + PeiServicesTablePointerLib
>
> + FspWrapperApiLib
>
> + TcgEventLogRecordLib
>
> + HashLib
>
> +
>
> +[Ppis]
>
> + gEdkiiTcgPpiGuid
> ## CONSUMES
>
> +
>
> +[Pcd]
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig
> ## CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress
> ## CONSUMES
>
> + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision
> ## CONSUMES
>
> +
>
> diff --git
> a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLi
> b.c
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLi
> b.c
> new file mode 100644
> index 0000000000..0fe0606a6d
> --- /dev/null
> +++
> b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLi
> b.c
> @@ -0,0 +1,248 @@
> +/** @file
>
> + This library is used by FSP modules to measure data to TPM.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#include <PiPei.h>
>
> +#include <Uefi.h>
>
> +
>
> +#include <Library/BaseMemoryLib.h>
>
> +#include <Library/PeiServicesLib.h>
>
> +#include <Library/PeiServicesTablePointerLib.h>
>
> +#include <Library/PcdLib.h>
>
> +#include <Library/PrintLib.h>
>
> +#include <Library/DebugLib.h>
>
> +#include <Library/FspWrapperApiLib.h>
>
> +#include <Library/TpmMeasurementLib.h>
>
> +#include <Library/FspMeasurementLib.h>
>
> +#include <Library/TcgEventLogRecordLib.h>
>
> +#include <Library/HashLib.h>
>
> +
>
> +#include <Ppi/Tcg.h>
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a
> specific PCR.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] EventType Event type.
>
> + @param[in] EventLog Measurement event log.
>
> + @param[in] LogLen Event log length in bytes.
>
> + @param[in] HashData The start of the data buffer to be
> hashed, extended.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer
> referenced by HashData
>
> + @param[in] Flags Bitmap providing additional
> information.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TpmMeasureAndLogDataWithFlags (
>
> + IN UINT32 PcrIndex,
>
> + IN UINT32 EventType,
>
> + IN VOID *EventLog,
>
> + IN UINT32 LogLen,
>
> + IN VOID *HashData,
>
> + IN UINT64 HashDataLen,
>
> + IN UINT64 Flags
>
> + )
>
> +{
>
> + EFI_STATUS Status;
>
> + EDKII_TCG_PPI *TcgPpi;
>
> + TCG_PCR_EVENT_HDR TcgEventHdr;
>
> +
>
> + Status = PeiServicesLocatePpi(
>
> + &gEdkiiTcgPpiGuid,
>
> + 0,
>
> + NULL,
>
> + (VOID**)&TcgPpi
>
> + );
>
> + if (EFI_ERROR(Status)) {
>
> + return Status;
>
> + }
>
> +
>
> + TcgEventHdr.PCRIndex = PcrIndex;
>
> + TcgEventHdr.EventType = EventType;
>
> + TcgEventHdr.EventSize = LogLen;
>
> +
>
> + Status = TcgPpi->HashLogExtendEvent (
>
> + TcgPpi,
>
> + Flags,
>
> + HashData,
>
> + (UINTN)HashDataLen,
>
> + &TcgEventHdr,
>
> + EventLog
>
> + );
>
> + return Status;
>
> +}
>
> +
>
> +/**
>
> + Measure a FSP FirmwareBlob.
>
> +
>
> + @param[in] Description Description for this
> FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this
> FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this
> FirmwareBlob.
>
> + @param[in] CfgRegionOffset Configuration region offset in
> bytes.
>
> + @param[in] CfgRegionSize Configuration region in bytes.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +STATIC
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFspFirmwareBlobWithCfg (
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength,
>
> + IN UINT32 CfgRegionOffset,
>
> + IN UINT32 CfgRegionSize
>
> + )
>
> +{
>
> + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UpdBlob;
>
> + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UpdBlob2;
>
> + VOID *FvName;
>
> + UINT32 FvEventType;
>
> + VOID *FvEventLog, *UpdEventLog;
>
> + UINT32 FvEventLogSize,
> UpdEventLogSize;
>
> + EFI_STATUS Status;
>
> + HASH_HANDLE HashHandle;
>
> + UINT8 *HashBase;
>
> + UINTN HashSize;
>
> + TPML_DIGEST_VALUES DigestList;
>
> +
>
> + FvName = TpmMeasurementGetFvName (FirmwareBlobBase,
> FirmwareBlobLength);
>
> +
>
> + if (((Description != NULL) || (FvName != NULL)) &&
>
> + (PcdGet32(PcdTcgPfpMeasurementRevision) >=
> TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
>
> + if (Description != NULL) {
>
> + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
> sizeof(FvBlob2.BlobDescription), "%a", Description);
>
> + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription,
> sizeof(UpdBlob2.BlobDescription), "%aUDP", Description);
>
> + } else {
>
> + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription,
> sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
>
> + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription,
> sizeof(UpdBlob2.BlobDescription), "(%g)UDP", FvName);
>
> + }
>
> +
>
> + FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
>
> + FvBlob2.BlobBase = FirmwareBlobBase;
>
> + FvBlob2.BlobLength = FirmwareBlobLength;
>
> + FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
>
> + FvEventLog = &FvBlob2;
>
> + FvEventLogSize = sizeof(FvBlob2);
>
> +
>
> + UpdBlob2.BlobDescriptionSize = sizeof(UpdBlob2.BlobDescription);
>
> + UpdBlob2.BlobBase = CfgRegionOffset;
>
> + UpdBlob2.BlobLength = CfgRegionSize;
>
> + UpdEventLog = &UpdBlob2;
>
> + UpdEventLogSize = sizeof(UpdBlob2);
>
> + } else {
>
> + FvBlob.BlobBase = FirmwareBlobBase;
>
> + FvBlob.BlobLength = FirmwareBlobLength;
>
> + FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
>
> + FvEventLog = &FvBlob;
>
> + FvEventLogSize = sizeof(FvBlob);
>
> +
>
> + UpdBlob.BlobBase = CfgRegionOffset;
>
> + UpdBlob.BlobLength = CfgRegionSize;
>
> + UpdEventLog = &UpdBlob;
>
> + UpdEventLogSize = sizeof(UpdBlob);
>
> + }
>
> +
>
> + /** Initialize a SHA hash context. **/
>
> + Status = HashStart (&HashHandle);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));
>
> + return Status;
>
> + }
>
> +
>
> + /** Hash FSP binary before UDP **/
>
> + HashBase = (UINT8 *) (UINTN) FirmwareBlobBase;
>
> + HashSize = (UINTN) CfgRegionOffset;
>
> + Status = HashUpdate (HashHandle, HashBase, HashSize);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
>
> + return Status;
>
> + }
>
> +
>
> + /** Hash FSP binary after UDP **/
>
> + HashBase = (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset +
> CfgRegionSize;
>
> + HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset -
> CfgRegionSize);
>
> + Status = HashUpdate (HashHandle, HashBase, HashSize);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
>
> + return Status;
>
> + }
>
> +
>
> + /** Finalize the SHA hash. **/
>
> + Status = HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList);
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n",
> Status));
>
> + return Status;
>
> + }
>
> +
>
> + Status = TpmMeasureAndLogDataWithFlags (
>
> + 0,
>
> + FvEventType,
>
> + FvEventLog,
>
> + FvEventLogSize,
>
> + (UINT8 *) &DigestList,
>
> + (UINTN) sizeof(DigestList),
>
> + EDKII_TCG_PRE_HASH_LOG_ONLY
>
> + );
>
> +
>
> + Status = TpmMeasureAndLogData (
>
> + 1,
>
> + EV_PLATFORM_CONFIG_FLAGS,
>
> + UpdEventLog,
>
> + UpdEventLogSize,
>
> + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset,
>
> + CfgRegionSize
>
> + );
>
> +
>
> + return Status;
>
> +}
>
> +
>
> +/**
>
> + Measure a FSP FirmwareBlob.
>
> +
>
> + @param[in] PcrIndex PCR Index.
>
> + @param[in] Description Description for this
> FirmwareBlob.
>
> + @param[in] FirmwareBlobBase Base address of this
> FirmwareBlob.
>
> + @param[in] FirmwareBlobLength Size in bytes of this
> FirmwareBlob.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +MeasureFspFirmwareBlob (
>
> + IN UINT32 PcrIndex,
>
> + IN CHAR8 *Description OPTIONAL,
>
> + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
>
> + IN UINT64 FirmwareBlobLength
>
> + )
>
> +{
>
> + UINT32 FspMeasureMask;
>
> + FSP_INFO_HEADER *FspHeaderPtr;
>
> +
>
> + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
>
> + if ((FspMeasureMask & FSP_MEASURE_FSPUPD) != 0) {
>
> + FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader
> (FirmwareBlobBase);
>
> + if (FspHeaderPtr != NULL) {
>
> + return MeasureFspFirmwareBlobWithCfg(Description,
> FirmwareBlobBase, FirmwareBlobLength,
>
> +
> FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize);
>
> + }
>
> + }
>
> +
>
> + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase,
> FirmwareBlobLength);
>
> +}
>
> +
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
2020-08-18 6:26 ` [PATCH v4 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
@ 2020-08-18 13:07 ` Chiu, Chasel
0 siblings, 0 replies; 19+ messages in thread
From: Chiu, Chasel @ 2020-08-18 13:07 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Yao, Jiewen, Desimone, Nathaniel L, Zeng, Star
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 18, 2020 2:26 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chiu, Chasel
> <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>; Zhang,
> Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v4 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add
> FspBin measurement.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> .../FspmWrapperPeim/FspmWrapperPeim.c | 90
> ++++++++++++++++++-
> .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +++--
> .../FspsWrapperPeim/FspsWrapperPeim.c | 86
> +++++++++++++++++-
> .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +++---
> 4 files changed, 204 insertions(+), 19 deletions(-)
>
> diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> index 265b77ed60..24ab534620 100644
> --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.c
> @@ -3,7 +3,7 @@
> register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> notify to call FspSiliconInit API.
>
>
>
> - Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -25,11 +25,14 @@
> #include <Library/FspWrapperPlatformLib.h>
>
> #include <Library/FspWrapperHobProcessLib.h>
>
> #include <Library/FspWrapperApiLib.h>
>
> +#include <Library/FspMeasurementLib.h>
>
>
>
> #include <Ppi/FspSiliconInitDone.h>
>
> #include <Ppi/EndOfPeiPhase.h>
>
> #include <Ppi/MemoryDiscovered.h>
>
> #include <Ppi/SecPlatformInformation.h>
>
> +#include <Ppi/Tcg.h>
>
> +#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
>
> #include <Library/FspWrapperApiTestLib.h>
>
> #include <FspEas.h>
>
> #include <FspStatusCode.h>
>
> @@ -147,7 +150,21 @@ FspmWrapperInit (
> VOID
>
> )
>
> {
>
> - EFI_STATUS Status;
>
> + EFI_STATUS Status;
>
> + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI
> *MeasurementExcludedFvPpi;
>
> + EFI_PEI_PPI_DESCRIPTOR
> *MeasurementExcludedPpiList;
>
> +
>
> + MeasurementExcludedFvPpi = AllocatePool
> (sizeof(*MeasurementExcludedFvPpi));
>
> + ASSERT(MeasurementExcludedFvPpi != NULL);
>
> + MeasurementExcludedFvPpi->Count = 1;
>
> + MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32
> (PcdFspmBaseAddress);
>
> + MeasurementExcludedFvPpi->Fv[0].FvLength =
> ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFspmBaseAddress))->FvLength;
>
> +
>
> + MeasurementExcludedPpiList = AllocatePool
> (sizeof(*MeasurementExcludedPpiList));
>
> + ASSERT(MeasurementExcludedPpiList != NULL);
>
> + MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
>
> + MeasurementExcludedPpiList->Guid =
> &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
>
> + MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
>
>
>
> Status = EFI_SUCCESS;
>
>
>
> @@ -155,6 +172,9 @@ FspmWrapperInit (
> Status = PeiFspMemoryInit ();
>
> ASSERT_EFI_ERROR (Status);
>
> } else {
>
> + Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> PeiServicesInstallFvInfoPpi (
>
> NULL,
>
> (VOID *)(UINTN) PcdGet32 (PcdFspmBaseAddress),
>
> @@ -167,6 +187,67 @@ FspmWrapperInit (
> return Status;
>
> }
>
>
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the
> Notification event that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this
> function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + );
>
> +
>
> +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
>
> + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
>
> + &gEdkiiTcgPpiGuid,
>
> + TcgPpiNotify
>
> +};
>
> +
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the
> Notification event that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this
> function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + )
>
> +{
>
> + UINT32 FspMeasureMask;
>
> +
>
> + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPM\n"));
>
> +
>
> + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
>
> +
>
> + if ((FspMeasureMask & FSP_MEASURE_FSPT) != 0) {
>
> + MeasureFspFirmwareBlob (0, "FSPT", PcdGet32(PcdFsptBaseAddress),
>
> +
> (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFsptBaseAddress))->FvLength);
>
> + }
>
> +
>
> + if ((FspMeasureMask & FSP_MEASURE_FSPM) != 0) {
>
> + MeasureFspFirmwareBlob (0, "FSPM",
> PcdGet32(PcdFspmBaseAddress),
>
> +
> (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFspmBaseAddress))->FvLength);
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> /**
>
> This is the entrypoint of PEIM
>
>
>
> @@ -182,8 +263,13 @@ FspmWrapperPeimEntryPoint (
> IN CONST EFI_PEI_SERVICES **PeiServices
>
> )
>
> {
>
> + EFI_STATUS Status;
>
> +
>
> DEBUG((DEBUG_INFO, "FspmWrapperPeimEntryPoint\n"));
>
>
>
> + Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> FspmWrapperInit ();
>
>
>
> return EFI_SUCCESS;
>
> diff --git a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> index dce7ef3d0b..c3578397b6 100644
> --- a/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> +++ b/IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> @@ -6,7 +6,7 @@
> # register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> # notify to call FspSiliconInit API.
>
> #
>
> -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> #
>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #
>
> @@ -44,17 +44,22 @@
> TimerLib
>
> FspWrapperApiLib
>
> FspWrapperApiTestLib
>
> + FspMeasurementLib
>
>
>
> [Packages]
>
> MdePkg/MdePkg.dec
>
> + MdeModulePkg/MdeModulePkg.dec
>
> UefiCpuPkg/UefiCpuPkg.dec
>
> + SecurityPkg/SecurityPkg.dec
>
> IntelFsp2Pkg/IntelFsp2Pkg.dec
>
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
>
>
>
> [Pcd]
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ##
> CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ##
> CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmUpdDataAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFsptBaseAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ##
> CONSUMES
>
>
>
> [Sources]
>
> FspmWrapperPeim.c
>
> @@ -63,5 +68,10 @@
> gFspHobGuid ## PRODUCES ## HOB
>
> gFspApiPerformanceGuid ## SOMETIMES_CONSUMES
> ## GUID
>
>
>
> +[Ppis]
>
> + gEdkiiTcgPpiGuid ##
> NOTIFY
>
> + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ##
> PRODUCES
>
> +
>
> [Depex]
>
> - gEfiPeiMasterBootModePpiGuid
>
> + gEfiPeiMasterBootModePpiGuid AND
>
> + gPeiTpmInitializationDonePpiGuid
>
> diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> index b20f0805a0..9d4f279e81 100644
> --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.c
> @@ -3,7 +3,7 @@
> register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> notify to call FspSiliconInit API.
>
>
>
> - Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
>
> + Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
>
>
> **/
>
> @@ -24,12 +24,15 @@
> #include <Library/TimerLib.h>
>
> #include <Library/PerformanceLib.h>
>
> #include <Library/FspWrapperApiLib.h>
>
> +#include <Library/FspMeasurementLib.h>
>
>
>
> #include <Ppi/FspSiliconInitDone.h>
>
> #include <Ppi/EndOfPeiPhase.h>
>
> #include <Ppi/MemoryDiscovered.h>
>
> #include <Ppi/TemporaryRamDone.h>
>
> #include <Ppi/SecPlatformInformation.h>
>
> +#include <Ppi/Tcg.h>
>
> +#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
>
> #include <Library/FspWrapperApiTestLib.h>
>
> #include <FspEas.h>
>
> #include <FspStatusCode.h>
>
> @@ -379,7 +382,25 @@ FspsWrapperInitDispatchMode (
> VOID
>
> )
>
> {
>
> - EFI_STATUS Status;
>
> + EFI_STATUS Status;
>
> + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI
> *MeasurementExcludedFvPpi;
>
> + EFI_PEI_PPI_DESCRIPTOR
> *MeasurementExcludedPpiList;
>
> +
>
> + MeasurementExcludedFvPpi = AllocatePool
> (sizeof(*MeasurementExcludedFvPpi));
>
> + ASSERT(MeasurementExcludedFvPpi != NULL);
>
> + MeasurementExcludedFvPpi->Count = 1;
>
> + MeasurementExcludedFvPpi->Fv[0].FvBase = PcdGet32
> (PcdFspsBaseAddress);
>
> + MeasurementExcludedFvPpi->Fv[0].FvLength =
> ((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFspsBaseAddress))->FvLength;
>
> +
>
> + MeasurementExcludedPpiList = AllocatePool
> (sizeof(*MeasurementExcludedPpiList));
>
> + ASSERT(MeasurementExcludedPpiList != NULL);
>
> + MeasurementExcludedPpiList->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST;
>
> + MeasurementExcludedPpiList->Guid =
> &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid;
>
> + MeasurementExcludedPpiList->Ppi = MeasurementExcludedFvPpi;
>
> +
>
> + Status = PeiServicesInstallPpi (MeasurementExcludedPpiList);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> //
>
> // FSP-S Wrapper running in Dispatch mode and reports FSP-S FV to PEI
> dispatcher.
>
> //
>
> @@ -398,6 +419,62 @@ FspsWrapperInitDispatchMode (
> return Status;
>
> }
>
>
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the
> Notification event that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this
> function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + );
>
> +
>
> +EFI_PEI_NOTIFY_DESCRIPTOR mTcgPpiNotifyDesc = {
>
> + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK |
> EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
>
> + &gEdkiiTcgPpiGuid,
>
> + TcgPpiNotify
>
> +};
>
> +
>
> +/**
>
> + This function is called after TCG installed PPI.
>
> +
>
> + @param[in] PeiServices Pointer to PEI Services Table.
>
> + @param[in] NotifyDesc Pointer to the descriptor for the
> Notification event that
>
> + caused this function to execute.
>
> + @param[in] Ppi Pointer to the PPI data associated with this
> function.
>
> +
>
> + @retval EFI_STATUS Always return EFI_SUCCESS
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +TcgPpiNotify (
>
> + IN EFI_PEI_SERVICES **PeiServices,
>
> + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
>
> + IN VOID *Ppi
>
> + )
>
> +{
>
> + UINT32 FspMeasureMask;
>
> +
>
> + DEBUG ((DEBUG_INFO, "TcgPpiNotify FSPS\n"));
>
> +
>
> + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
>
> +
>
> + if ((FspMeasureMask & FSP_MEASURE_FSPS) != 0) {
>
> + MeasureFspFirmwareBlob (0, "FSPS", PcdGet32(PcdFspsBaseAddress),
>
> +
> (UINT32)((EFI_FIRMWARE_VOLUME_HEADER *) (UINTN) PcdGet32
> (PcdFspsBaseAddress))->FvLength);
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> /**
>
> This is the entrypoint of PEIM.
>
>
>
> @@ -413,8 +490,13 @@ FspsWrapperPeimEntryPoint (
> IN CONST EFI_PEI_SERVICES **PeiServices
>
> )
>
> {
>
> + EFI_STATUS Status;
>
> +
>
> DEBUG ((DEBUG_INFO, "FspsWrapperPeimEntryPoint\n"));
>
>
>
> + Status = PeiServicesNotifyPpi (&mTcgPpiNotifyDesc);
>
> + ASSERT_EFI_ERROR (Status);
>
> +
>
> if (PcdGet8 (PcdFspModeSelection) == 1) {
>
> FspsWrapperInitApiMode ();
>
> } else {
>
> diff --git a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> index 7da92991c8..884514747f 100644
> --- a/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> +++ b/IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf
> @@ -6,7 +6,7 @@
> # register TemporaryRamDonePpi to call TempRamExit API, and register
> MemoryDiscoveredPpi
>
> # notify to call FspSiliconInit API.
>
> #
>
> -# Copyright (c) 2014 - 2019, Intel Corporation. All rights reserved.<BR>
>
> +# Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR>
>
> #
>
> # SPDX-License-Identifier: BSD-2-Clause-Patent
>
> #
>
> @@ -44,24 +44,30 @@
> PerformanceLib
>
> FspWrapperApiLib
>
> FspWrapperApiTestLib
>
> + FspMeasurementLib
>
>
>
> [Packages]
>
> MdePkg/MdePkg.dec
>
> + MdeModulePkg/MdeModulePkg.dec
>
> UefiCpuPkg/UefiCpuPkg.dec
>
> + SecurityPkg/SecurityPkg.dec
>
> IntelFsp2Pkg/IntelFsp2Pkg.dec
>
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
>
>
>
> [Ppis]
>
> - gTopOfTemporaryRamPpiGuid ## PRODUCES
>
> - gFspSiliconInitDonePpiGuid ## PRODUCES
>
> - gEfiEndOfPeiSignalPpiGuid ## PRODUCES
>
> - gEfiTemporaryRamDonePpiGuid ## PRODUCES
>
> - gEfiPeiMemoryDiscoveredPpiGuid ## NOTIFY
>
> + gTopOfTemporaryRamPpiGuid ##
> PRODUCES
>
> + gFspSiliconInitDonePpiGuid ##
> PRODUCES
>
> + gEfiEndOfPeiSignalPpiGuid ##
> PRODUCES
>
> + gEfiTemporaryRamDonePpiGuid ##
> PRODUCES
>
> + gEfiPeiMemoryDiscoveredPpiGuid ##
> NOTIFY
>
> + gEdkiiTcgPpiGuid ##
> NOTIFY
>
> + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ##
> PRODUCES
>
>
>
> [Pcd]
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ##
> CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ##
> CONSUMES
>
> - gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsBaseAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspsUpdDataAddress ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection ##
> CONSUMES
>
> + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ##
> CONSUMES
>
>
>
> [Guids]
>
> gFspHobGuid ## CONSUMES ## HOB
>
> @@ -71,4 +77,5 @@
> FspsWrapperPeim.c
>
>
>
> [Depex]
>
> - gEfiPeiMemoryDiscoveredPpiGuid
>
> + gEfiPeiMemoryDiscoveredPpiGuid AND
>
> + gPeiTpmInitializationDonePpiGuid
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig.
2020-08-18 6:26 ` [PATCH v4 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig Qi Zhang
@ 2020-08-18 13:09 ` Chiu, Chasel
0 siblings, 0 replies; 19+ messages in thread
From: Chiu, Chasel @ 2020-08-18 13:09 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Yao, Jiewen, Desimone, Nathaniel L, Zeng, Star
Copyright year of IntelFsp2WrapperPkg.dec can be extend to 2020 when pushing.
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 18, 2020 2:26 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chiu, Chasel
> <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>; Zhang,
> Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH v4 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib
> and PcdFspMeasurementConfig.
>
> From: Jiewen Yao <jiewen.yao@intel.com>
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 +++++++++++++++++
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 6 +++++-
> 2 files changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
> b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
> index faf2be621c..cb41ca9807 100644
> --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
> +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
> @@ -92,6 +92,23 @@
> #
> gIntelFsp2WrapperTokenSpaceGuid.PcdFspModeSelection|0x00000001|UINT
> 8|0x4000000A + ## This PCD decides how FSP is measured+ # 1) The
> BootGuard ACM may already measured the FSP component, such as
> FSPT/FSPM.+ # We need a flag (PCD) to indicate if there is need to do such
> FSP measurement or NOT.+ # 2) The FSP binary includes FSP code and FSP
> UPD region. The UPD region is considered+ # as configuration block, and it
> may be updated by OEM by design.+ # This flag (PCD) is to indicate if we
> need isolate the the UPD region from the FSP code region.+ # BIT0: Need
> measure FSP. (for FSP1.x) - reserved in FSP2.+ # BIT1: Need measure FSPT.
> (for FSP 2.x)+ # BIT2: Need measure FSPM. (for FSP 2.x)+ # BIT3: Need
> measure FSPS. (for FSP 2.x)+ # BIT4~30: reserved.+ # BIT31: Need isolate
> UPD region measurement.+ #0: measure FSP[T|M|S] as one binary in
> one record (PCR0).+ #1: measure FSP UPD region in one record (PCR1),
> the FSP code without UPD in another record (PCR0).+ #+
> gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x00000000|
> UINT32|0x4000000B+ [PcdsFixedAtBuild,
> PcdsPatchableInModule,PcdsDynamic,PcdsDynamicEx] # ## These are
> the base address of FSP-M/Sdiff --git
> a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> index cb4f69285d..aa2eb26c33 100644
> --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> @@ -1,7 +1,7 @@
> ## @file # Provides drivers and definitions to support fsp in EDKII bios. #-#
> Copyright (c) 2014 - 2016, Intel Corporation. All rights reserved.<BR>+#
> Copyright (c) 2014 - 2020, Intel Corporation. All rights reserved.<BR> #
> SPDX-License-Identifier: BSD-2-Clause-Patent # ##@@ -45,6 +45,7 @@
> # FSP Wrapper Lib
> FspWrapperApiLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiLib/Bas
> eFspWrapperApiLib.inf
> FspWrapperApiTestLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperApiTes
> tLibNull/BaseFspWrapperApiTestLibNull.inf+
> FspMeasurementLib|IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/
> BaseFspMeasurementLib.inf # FSP platform sample
> FspWrapperPlatformLib|IntelFsp2WrapperPkg/Library/BaseFspWrapperPlatf
> ormLibSample/BaseFspWrapperPlatformLibSample.inf@@ -57,6 +58,8 @@
> PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
> MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemory
> AllocationLib.inf HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf+
> TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmM
> easurementLib.inf+
> TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo
> gRecordLib.inf [LibraryClasses.common.DXE_DRIVER]
> UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryP
> oint.inf@@ -73,6 +76,7 @@
>
> IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibSample/SecFspW
> rapperPlatformSecLibSample.inf
> IntelFsp2WrapperPkg/Library/PeiFspWrapperHobProcessLibSample/PeiFspWr
> apperHobProcessLibSample.inf
> IntelFsp2WrapperPkg/Library/PeiFspWrapperApiTestLib/PeiFspWrapperApiTe
> stLib.inf+
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasuremen
> tLib.inf IntelFsp2WrapperPkg/FspmWrapperPeim/FspmWrapperPeim.inf
> IntelFsp2WrapperPkg/FspsWrapperPeim/FspsWrapperPeim.inf--
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [PATCH v4 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
2020-08-18 6:26 ` [PATCH v4 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib Qi Zhang
@ 2020-08-18 13:10 ` Chiu, Chasel
0 siblings, 0 replies; 19+ messages in thread
From: Chiu, Chasel @ 2020-08-18 13:10 UTC (permalink / raw)
To: Zhang, Qi1, devel@edk2.groups.io
Cc: Yao, Jiewen, Desimone, Nathaniel L, Zeng, Star
Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Tuesday, August 18, 2020 2:26 PM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>;
> Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>
> Subject: [PATCH v4 8/8] IntelFsp2WrapperPkg/dsc: add HashLib,
> Tpm2CommandLib and Tpm2DeviceLib
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Signed-off-by: Qi Zhang <qi1.zhang@intel.com>
> ---
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> index aa2eb26c33..738342b69b 100644
> --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc
> @@ -52,6 +52,8 @@
>
> PlatformSecLib|IntelFsp2WrapperPkg/Library/SecFspWrapperPlatformSecLibS
> ample/SecFspWrapperPlatformSecLibSample.inf
>
>
> FspWrapperHobProcessLib|IntelFsp2WrapperPkg/Library/PeiFspWrapperHob
> ProcessLibSample/PeiFspWrapperHobProcessLibSample.inf
>
>
>
> +
> Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandL
> ib.inf
>
> +
>
> [LibraryClasses.common.PEIM,LibraryClasses.common.PEI_CORE]
>
> PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
>
>
> PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiSe
> rvicesTablePointerLib.inf
>
> @@ -60,6 +62,8 @@
> HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf
>
>
> TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmM
> easurementLib.inf
>
>
> TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLo
> gRecordLib.inf
>
> +
> HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoR
> outerPei.inf
>
> +
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTp
> m.inf
>
>
>
> [LibraryClasses.common.DXE_DRIVER]
>
>
> UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryP
> oint.inf
>
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
` (7 preceding siblings ...)
2020-08-18 6:26 ` [PATCH v4 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib Qi Zhang
@ 2020-08-21 5:55 ` Bret Barkelew
2020-08-21 6:15 ` Yao, Jiewen
2020-08-26 16:01 ` Laszlo Ersek
9 siblings, 1 reply; 19+ messages in thread
From: Bret Barkelew @ 2020-08-21 5:55 UTC (permalink / raw)
To: devel@edk2.groups.io, qi1.zhang@intel.com
Cc: Yao, Jiewen, Jian J Wang, Hao A Wu, Chasel Chiu,
Desimone, Nathaniel L, Star Zeng
[-- Attachment #1: Type: text/plain, Size: 4089 bytes --]
Does this live in a branch somewhere? I'd like to take a look at it and make sure it fully replaces our current custom solution.
Thanks!
- Bret
________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Qi Zhang via groups.io <qi1.zhang=intel.com@groups.io>
Sent: Monday, August 17, 2020 11:26 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Qi Zhang <qi1.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu <hao.a.wu@intel.com>; Chasel Chiu <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Star Zeng <star.zeng@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
v4 change:
rename FvEventLogRecordLib to TcgEventLogRecordLib.
v3 change:
add a new lib FvEventLogRecordLib for gerneric code.
REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2376&data=02%7C01%7CBret.Barkelew%40microsoft.com%7C0a458f4d4eea4c503fe908d8433fa25d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637333287874367194&sdata=SGpI04kc3Tcoo36CQ903bnTN2NFPUxoc8YzIwzIdfcs%3D&reserved=0
The EDKII BIOS calls FSP API in FSP Wrapper Pkg.
This FSP code need to be measured into TPM.
We need add a generic module in FSP Wrapper Pkg code to measure:
1) FSP-T, FSP-M, FSP-S in API mode.
2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported
as standard FV and they will be measured by TCG-PEI.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Jiewen Yao (4):
IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and
PcdFspMeasurementConfig.
Qi Zhang (4):
SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement
SecurityPkg/dsc: add FvEventLogRecordLib
SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
.../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++-
.../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +-
.../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++-
.../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +-
.../Include/Library/FspMeasurementLib.h | 39 +++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 ++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 10 +-
.../BaseFspMeasurementLib.inf | 54 ++++
.../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
.../Include/Library/TcgEventLogRecordLib.h | 97 +++++++
SecurityPkg/Include/Ppi/Tcg.h | 5 +
.../TcgEventLogRecordLib.c | 197 ++++++++++++++
.../TcgEventLogRecordLib.inf | 40 +++
.../TcgEventLogRecordLib.uni | 17 ++
SecurityPkg/SecurityPkg.dec | 3 +
SecurityPkg/SecurityPkg.dsc | 2 +
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +-
17 files changed, 939 insertions(+), 25 deletions(-)
create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
create mode 100644 SecurityPkg/Include/Library/TcgEventLogRecordLib.h
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni
--
2.26.2.windows.1
[-- Attachment #2: Type: text/html, Size: 7578 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
2020-08-21 5:55 ` [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement Bret Barkelew
@ 2020-08-21 6:15 ` Yao, Jiewen
2020-08-21 6:18 ` Bret Barkelew
[not found] ` <162D341757A1AAE9.19371@groups.io>
0 siblings, 2 replies; 19+ messages in thread
From: Yao, Jiewen @ 2020-08-21 6:15 UTC (permalink / raw)
To: devel@edk2.groups.io, bret.barkelew@microsoft.com, Zhang, Qi1
Cc: Wang, Jian J, Wu, Hao A, Chiu, Chasel, Desimone, Nathaniel L,
Zeng, Star
[-- Attachment #1: Type: text/plain, Size: 5397 bytes --]
We are in SFF.
I posted to https://github.com/jyao1/edk2/tree/FspManifestNew temporarily.
Please let us know if you have any feedback.
I plan to post after the 202008 stable tag.
Thank you
Yao Jiewen
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret Barkelew via groups.io
Sent: Friday, August 21, 2020 1:56 PM
To: devel@edk2.groups.io; Zhang, Qi1 <qi1.zhang@intel.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
Does this live in a branch somewhere? I'd like to take a look at it and make sure it fully replaces our current custom solution.
Thanks!
- Bret
________________________________
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Qi Zhang via groups.io <qi1.zhang=intel.com@groups.io<mailto:qi1.zhang=intel.com@groups.io>>
Sent: Monday, August 17, 2020 11:26 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>; Chasel Chiu <chasel.chiu@intel.com<mailto:chasel.chiu@intel.com>>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com<mailto:nathaniel.l.desimone@intel.com>>; Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
Subject: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
v4 change:
rename FvEventLogRecordLib to TcgEventLogRecordLib.
v3 change:
add a new lib FvEventLogRecordLib for gerneric code.
REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2376&data=02%7C01%7CBret.Barkelew%40microsoft.com%7C0a458f4d4eea4c503fe908d8433fa25d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637333287874367194&sdata=SGpI04kc3Tcoo36CQ903bnTN2NFPUxoc8YzIwzIdfcs%3D&reserved=0
The EDKII BIOS calls FSP API in FSP Wrapper Pkg.
This FSP code need to be measured into TPM.
We need add a generic module in FSP Wrapper Pkg code to measure:
1) FSP-T, FSP-M, FSP-S in API mode.
2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported
as standard FV and they will be measured by TCG-PEI.
Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Cc: Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>
Cc: Chasel Chiu <chasel.chiu@intel.com<mailto:chasel.chiu@intel.com>>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com<mailto:nathaniel.l.desimone@intel.com>>
Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Jiewen Yao (4):
IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and
PcdFspMeasurementConfig.
Qi Zhang (4):
SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement
SecurityPkg/dsc: add FvEventLogRecordLib
SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
.../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++-
.../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +-
.../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++-
.../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +-
.../Include/Library/FspMeasurementLib.h | 39 +++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 ++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 10 +-
.../BaseFspMeasurementLib.inf | 54 ++++
.../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
.../Include/Library/TcgEventLogRecordLib.h | 97 +++++++
SecurityPkg/Include/Ppi/Tcg.h | 5 +
.../TcgEventLogRecordLib.c | 197 ++++++++++++++
.../TcgEventLogRecordLib.inf | 40 +++
.../TcgEventLogRecordLib.uni | 17 ++
SecurityPkg/SecurityPkg.dec | 3 +
SecurityPkg/SecurityPkg.dsc | 2 +
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +-
17 files changed, 939 insertions(+), 25 deletions(-)
create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
create mode 100644 SecurityPkg/Include/Library/TcgEventLogRecordLib.h
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni
--
2.26.2.windows.1
[-- Attachment #2: Type: text/html, Size: 11370 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
2020-08-21 6:15 ` Yao, Jiewen
@ 2020-08-21 6:18 ` Bret Barkelew
[not found] ` <162D341757A1AAE9.19371@groups.io>
1 sibling, 0 replies; 19+ messages in thread
From: Bret Barkelew @ 2020-08-21 6:18 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io, Zhang, Qi1
Cc: Wang, Jian J, Wu, Hao A, Chiu, Chasel, Desimone, Nathaniel L,
Zeng, Star
[-- Attachment #1.1: Type: text/plain, Size: 6678 bytes --]
Awesome. That gives me a little time. Thanks, Jiewen! And thanks for tracking the issue.
- Bret
From: Yao, Jiewen<mailto:jiewen.yao@intel.com>
Sent: Thursday, August 20, 2020 11:16 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>; Zhang, Qi1<mailto:qi1.zhang@intel.com>
Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Wu, Hao A<mailto:hao.a.wu@intel.com>; Chiu, Chasel<mailto:chasel.chiu@intel.com>; Desimone, Nathaniel L<mailto:nathaniel.l.desimone@intel.com>; Zeng, Star<mailto:star.zeng@intel.com>
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
We are in SFF.
I posted to https://github.com/jyao1/edk2/tree/FspManifestNew<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjyao1%2Fedk2%2Ftree%2FFspManifestNew&data=02%7C01%7Cbret.barkelew%40microsoft.com%7Cd02c50d3869e4b8a202908d84599aaf2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637335873591355310&sdata=5k7AJs%2Bs1R7OrnWF6AKwcYJEJEquhoXbXpf5kKOFRBQ%3D&reserved=0> temporarily.
Please let us know if you have any feedback.
I plan to post after the 202008 stable tag.
Thank you
Yao Jiewen
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret Barkelew via groups.io
Sent: Friday, August 21, 2020 1:56 PM
To: devel@edk2.groups.io; Zhang, Qi1 <qi1.zhang@intel.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
Does this live in a branch somewhere? I'd like to take a look at it and make sure it fully replaces our current custom solution.
Thanks!
- Bret
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Qi Zhang via groups.io <qi1.zhang=intel.com@groups.io<mailto:qi1.zhang=intel.com@groups.io>>
Sent: Monday, August 17, 2020 11:26 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>; Chasel Chiu <chasel.chiu@intel.com<mailto:chasel.chiu@intel.com>>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com<mailto:nathaniel.l.desimone@intel.com>>; Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
Subject: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
v4 change:
rename FvEventLogRecordLib to TcgEventLogRecordLib.
v3 change:
add a new lib FvEventLogRecordLib for gerneric code.
REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2376&data=02%7C01%7CBret.Barkelew%40microsoft.com%7C0a458f4d4eea4c503fe908d8433fa25d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637333287874367194&sdata=SGpI04kc3Tcoo36CQ903bnTN2NFPUxoc8YzIwzIdfcs%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2376&data=02%7C01%7Cbret.barkelew%40microsoft.com%7Cd02c50d3869e4b8a202908d84599aaf2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637335873591355310&sdata=dAoro6JzLcpbZKF3xZrbf%2B2w2k8rZgfQMtcL5A8DiVc%3D&reserved=0>
The EDKII BIOS calls FSP API in FSP Wrapper Pkg.
This FSP code need to be measured into TPM.
We need add a generic module in FSP Wrapper Pkg code to measure:
1) FSP-T, FSP-M, FSP-S in API mode.
2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported
as standard FV and they will be measured by TCG-PEI.
Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Cc: Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>
Cc: Chasel Chiu <chasel.chiu@intel.com<mailto:chasel.chiu@intel.com>>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com<mailto:nathaniel.l.desimone@intel.com>>
Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Jiewen Yao (4):
IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and
PcdFspMeasurementConfig.
Qi Zhang (4):
SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement
SecurityPkg/dsc: add FvEventLogRecordLib
SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
.../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++-
.../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +-
.../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++-
.../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +-
.../Include/Library/FspMeasurementLib.h | 39 +++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 ++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 10 +-
.../BaseFspMeasurementLib.inf | 54 ++++
.../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
.../Include/Library/TcgEventLogRecordLib.h | 97 +++++++
SecurityPkg/Include/Ppi/Tcg.h | 5 +
.../TcgEventLogRecordLib.c | 197 ++++++++++++++
.../TcgEventLogRecordLib.inf | 40 +++
.../TcgEventLogRecordLib.uni | 17 ++
SecurityPkg/SecurityPkg.dec | 3 +
SecurityPkg/SecurityPkg.dsc | 2 +
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +-
17 files changed, 939 insertions(+), 25 deletions(-)
create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
create mode 100644 SecurityPkg/Include/Library/TcgEventLogRecordLib.h
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni
--
2.26.2.windows.1
[-- Attachment #1.2: Type: text/html, Size: 12637 bytes --]
[-- Attachment #2: 56ADC1A9D11749E9A5EE1B2C809D1077.png --]
[-- Type: image/png, Size: 146 bytes --]
[-- Attachment #3: 3B067D962D274AA685C18BC362B7054C.png --]
[-- Type: image/png, Size: 146 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
[not found] ` <162D341757A1AAE9.19371@groups.io>
@ 2020-08-25 19:40 ` Bret Barkelew
0 siblings, 0 replies; 19+ messages in thread
From: Bret Barkelew @ 2020-08-25 19:40 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io, Zhang, Qi1, Bret Barkelew
Cc: Wang, Jian J, Wu, Hao A, Chiu, Chasel, Desimone, Nathaniel L,
Zeng, Star
[-- Attachment #1.1: Type: text/plain, Size: 7514 bytes --]
Had a chance to review the general design (not a deep code review, so no reviewed-by).
I think this works for us. Thanks for working on it!
- Bret
________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io>
Sent: Thursday, August 20, 2020 11:18 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io <devel@edk2.groups.io>; Zhang, Qi1 <qi1.zhang@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
Awesome. That gives me a little time. Thanks, Jiewen! And thanks for tracking the issue.
- Bret
From: Yao, Jiewen<mailto:jiewen.yao@intel.com>
Sent: Thursday, August 20, 2020 11:16 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>; Zhang, Qi1<mailto:qi1.zhang@intel.com>
Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Wu, Hao A<mailto:hao.a.wu@intel.com>; Chiu, Chasel<mailto:chasel.chiu@intel.com>; Desimone, Nathaniel L<mailto:nathaniel.l.desimone@intel.com>; Zeng, Star<mailto:star.zeng@intel.com>
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
We are in SFF.
I posted to https://github.com/jyao1/edk2/tree/FspManifestNew<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjyao1%2Fedk2%2Ftree%2FFspManifestNew&data=02%7C01%7Cbret.barkelew%40microsoft.com%7C0f6d7d98391f4fb503bc08d8459a0b15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637335875209044797&sdata=NpmohCK2WW%2FuwfuCR1YOOlCrCH4KPTZzjOok60%2F32Q0%3D&reserved=0> temporarily.
Please let us know if you have any feedback.
I plan to post after the 202008 stable tag.
Thank you
Yao Jiewen
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret Barkelew via groups.io
Sent: Friday, August 21, 2020 1:56 PM
To: devel@edk2.groups.io; Zhang, Qi1 <qi1.zhang@intel.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Wu, Hao A <hao.a.wu@intel.com>; Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com>; Zeng, Star <star.zeng@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
Does this live in a branch somewhere? I'd like to take a look at it and make sure it fully replaces our current custom solution.
Thanks!
- Bret
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Qi Zhang via groups.io <qi1.zhang=intel.com@groups.io<mailto:qi1.zhang=intel.com@groups.io>>
Sent: Monday, August 17, 2020 11:26 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>; Chasel Chiu <chasel.chiu@intel.com<mailto:chasel.chiu@intel.com>>; Desimone, Nathaniel L <nathaniel.l.desimone@intel.com<mailto:nathaniel.l.desimone@intel.com>>; Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
Subject: [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
v4 change:
rename FvEventLogRecordLib to TcgEventLogRecordLib.
v3 change:
add a new lib FvEventLogRecordLib for gerneric code.
REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2376&data=02%7C01%7CBret.Barkelew%40microsoft.com%7C0a458f4d4eea4c503fe908d8433fa25d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637333287874367194&sdata=SGpI04kc3Tcoo36CQ903bnTN2NFPUxoc8YzIwzIdfcs%3D&reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2376&data=02%7C01%7Cbret.barkelew%40microsoft.com%7C0f6d7d98391f4fb503bc08d8459a0b15%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637335875209044797&sdata=tejYdFi8zWLVlwV6Zsg0aRotxAu4B%2FpHYdGmdETJF%2Fg%3D&reserved=0>
The EDKII BIOS calls FSP API in FSP Wrapper Pkg.
This FSP code need to be measured into TPM.
We need add a generic module in FSP Wrapper Pkg code to measure:
1) FSP-T, FSP-M, FSP-S in API mode.
2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported
as standard FV and they will be measured by TCG-PEI.
Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Cc: Hao A Wu <hao.a.wu@intel.com<mailto:hao.a.wu@intel.com>>
Cc: Chasel Chiu <chasel.chiu@intel.com<mailto:chasel.chiu@intel.com>>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com<mailto:nathaniel.l.desimone@intel.com>>
Cc: Star Zeng <star.zeng@intel.com<mailto:star.zeng@intel.com>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Jiewen Yao (4):
IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and
PcdFspMeasurementConfig.
Qi Zhang (4):
SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement
SecurityPkg/dsc: add FvEventLogRecordLib
SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
.../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++-
.../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +-
.../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++-
.../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +-
.../Include/Library/FspMeasurementLib.h | 39 +++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 ++
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 10 +-
.../BaseFspMeasurementLib.inf | 54 ++++
.../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
.../Include/Library/TcgEventLogRecordLib.h | 97 +++++++
SecurityPkg/Include/Ppi/Tcg.h | 5 +
.../TcgEventLogRecordLib.c | 197 ++++++++++++++
.../TcgEventLogRecordLib.inf | 40 +++
.../TcgEventLogRecordLib.uni | 17 ++
SecurityPkg/SecurityPkg.dec | 3 +
SecurityPkg/SecurityPkg.dsc | 2 +
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +-
17 files changed, 939 insertions(+), 25 deletions(-)
create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
create mode 100644 SecurityPkg/Include/Library/TcgEventLogRecordLib.h
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni
--
2.26.2.windows.1
[-- Attachment #1.2: Type: text/html, Size: 14013 bytes --]
[-- Attachment #2: 56ADC1A9D11749E9A5EE1B2C809D1077.png --]
[-- Type: image/png, Size: 146 bytes --]
^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
` (8 preceding siblings ...)
2020-08-21 5:55 ` [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement Bret Barkelew
@ 2020-08-26 16:01 ` Laszlo Ersek
9 siblings, 0 replies; 19+ messages in thread
From: Laszlo Ersek @ 2020-08-26 16:01 UTC (permalink / raw)
To: devel, qi1.zhang
Cc: Jiewen Yao, Jian J Wang, Hao A Wu, Chasel Chiu, Nate DeSimone,
Star Zeng
On 08/18/20 08:26, Qi Zhang wrote:
> v4 change:
> rename FvEventLogRecordLib to TcgEventLogRecordLib.
> v3 change:
> add a new lib FvEventLogRecordLib for gerneric code.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
>
> The EDKII BIOS calls FSP API in FSP Wrapper Pkg.
> This FSP code need to be measured into TPM.
>
> We need add a generic module in FSP Wrapper Pkg code to measure:
> 1) FSP-T, FSP-M, FSP-S in API mode.
> 2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported
> as standard FV and they will be measured by TCG-PEI.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
>
> Jiewen Yao (4):
> IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
> IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
> IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
> IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and
> PcdFspMeasurementConfig.
>
> Qi Zhang (4):
> SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement
> SecurityPkg/dsc: add FvEventLogRecordLib
> SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
> IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib
>
> .../FspmWrapperPeim/FspmWrapperPeim.c | 90 ++++++-
> .../FspmWrapperPeim/FspmWrapperPeim.inf | 20 +-
> .../FspsWrapperPeim/FspsWrapperPeim.c | 86 +++++-
> .../FspsWrapperPeim/FspsWrapperPeim.inf | 27 +-
> .../Include/Library/FspMeasurementLib.h | 39 +++
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec | 17 ++
> IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc | 10 +-
> .../BaseFspMeasurementLib.inf | 54 ++++
> .../BaseFspMeasurementLib/FspMeasurementLib.c | 248 ++++++++++++++++++
> .../Include/Library/TcgEventLogRecordLib.h | 97 +++++++
> SecurityPkg/Include/Ppi/Tcg.h | 5 +
> .../TcgEventLogRecordLib.c | 197 ++++++++++++++
> .../TcgEventLogRecordLib.inf | 40 +++
> .../TcgEventLogRecordLib.uni | 17 ++
> SecurityPkg/SecurityPkg.dec | 3 +
> SecurityPkg/SecurityPkg.dsc | 2 +
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 12 +-
> 17 files changed, 939 insertions(+), 25 deletions(-)
> create mode 100644 IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
> create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLib.inf
> create mode 100644 IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
> create mode 100644 SecurityPkg/Include/Library/TcgEventLogRecordLib.h
> create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c
> create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf
> create mode 100644 SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni
>
Merged as commit range 78ab44cb9680..63d92674d240, via
<https://github.com/tianocore/edk2/pull/904>, with the v3 feedback tags
brought forward, as explained here:
<https://edk2.groups.io/g/devel/message/64642>.
Thanks
Laszlo
^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2020-08-26 16:01 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-08-18 6:26 [PATCH v4 0/8] Need add a FSP binary measurement Qi Zhang
2020-08-18 6:26 ` [PATCH v4 1/8] SecurityPkg/TcgEventLogRecordLib: add new lib for firmware measurement Qi Zhang
2020-08-18 6:26 ` [PATCH v4 2/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add header file Qi Zhang
2020-08-18 13:06 ` Chiu, Chasel
2020-08-18 6:26 ` [PATCH v4 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib Qi Zhang
2020-08-18 13:06 ` Chiu, Chasel
2020-08-18 6:26 ` [PATCH v4 4/8] IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement Qi Zhang
2020-08-18 13:07 ` Chiu, Chasel
2020-08-18 6:26 ` [PATCH v4 5/8] SecurityPkg/dsc: add FvEventLogRecordLib Qi Zhang
2020-08-18 6:26 ` [PATCH v4 6/8] IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and PcdFspMeasurementConfig Qi Zhang
2020-08-18 13:09 ` Chiu, Chasel
2020-08-18 6:26 ` [PATCH v4 7/8] SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY Qi Zhang
2020-08-18 6:26 ` [PATCH v4 8/8] IntelFsp2WrapperPkg/dsc: add HashLib, Tpm2CommandLib and Tpm2DeviceLib Qi Zhang
2020-08-18 13:10 ` Chiu, Chasel
2020-08-21 5:55 ` [EXTERNAL] [edk2-devel] [PATCH v4 0/8] Need add a FSP binary measurement Bret Barkelew
2020-08-21 6:15 ` Yao, Jiewen
2020-08-21 6:18 ` Bret Barkelew
[not found] ` <162D341757A1AAE9.19371@groups.io>
2020-08-25 19:40 ` Bret Barkelew
2020-08-26 16:01 ` Laszlo Ersek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox