From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: jian.j.wang@intel.com) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by groups.io with SMTP; Thu, 13 Jun 2019 17:29:51 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Jun 2019 17:29:51 -0700 X-ExtLoop1: 1 Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga007.jf.intel.com with ESMTP; 13 Jun 2019 17:29:50 -0700 Received: from shsmsx153.ccr.corp.intel.com (10.239.6.53) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 13 Jun 2019 17:29:50 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.173]) by SHSMSX153.ccr.corp.intel.com ([169.254.12.76]) with mapi id 14.03.0439.000; Fri, 14 Jun 2019 08:29:48 +0800 From: "Wang, Jian J" To: "Yao, Jiewen" , "devel@edk2.groups.io" CC: "Zhang, Chao B" , "Hernandez Beltran, Jorge" , "Han, Harry" Subject: Re: [PATCH v2 0/3] Common OBB verification feature Thread-Topic: [PATCH v2 0/3] Common OBB verification feature Thread-Index: AQHVH7tRqAHf081dTEaGJSkKZj+XXKaXZMmQgALMMgA= Date: Fri, 14 Jun 2019 00:29:47 +0000 Message-ID: References: <20190610183536.5628-1-jian.j.wang@intel.com> <74D8A39837DF1E4DA445A8C0B3885C503F6AB00F@shsmsx102.ccr.corp.intel.com> In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503F6AB00F@shsmsx102.ccr.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMzAwODMyZDQtZDU0Yy00YzdkLTlkMzUtNzgxZWE4NTAxMmFlIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiTUF1UXNtaG92amdHNVVybFBJQTFiSGJ1V0FMSXNJYjcxRHlQVkRiUlVzNENnOHk5S0NCSmlybzJiaDVGTU41RyJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.0.600.7 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Jiewen, > -----Original Message----- > From: Yao, Jiewen > Sent: Wednesday, June 12, 2019 12:49 PM > To: Wang, Jian J ; devel@edk2.groups.io > Cc: Zhang, Chao B ; Hernandez Beltran, Jorge > ; Han, Harry > Subject: RE: [PATCH v2 0/3] Common OBB verification feature >=20 > Thanks Jian. Some comment below: >=20 > 0) Please add what unit test has been done. >=20 > 1) Can we use UINT64 for Base and Length? > typedef struct _HASHED_FV_INFO { > UINT32 Base; > UINT32 Length; > UINT64 Flag; > } HASHED_FV_INFO; >=20 Yes, we can. But is it necessary? Isn't the flash address always below 4G? > 2) Can we remove the hard code HASHED_FV_MAX_NUMBER and use more > flexible way? > #define HASHED_FV_MAX_NUMBER 10 > struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI { > UINTN FvNumber; > HASHED_FV_INFO FvInfo[HASHED_FV_MAX_NUMBER]; > UINTN HashNumber; > FV_HASH_INFO HashInfo[1]; > }; >=20 Yes. I thought we need more than one hash value here. I went through the wh= ole logic here. Maybe one hash value is enough (no need to pass the hash value = not meant for current boot mode). So we can put the FvInfo at the end of struct= ure and remove the hard-coded fv number. > 3) can we use better way to organize the table? It is weird to have so ma= ny zero. > Why not just use TPM_ALG_xxx as the first field and search? > STATIC CONST HASH_ALG_INFO mHashAlgInfo[] =3D { > {0, NULL, NULL, NULL, NULL}, // 0000 TPM_ALG_ERROR > {0, NULL, NULL, NULL, NULL}, // 0001 TPM_ALG_FIRST > {0, NULL, NULL, NULL, NULL}, // 0002 > {0, NULL, NULL, NULL, NULL}, // 0003 > {0, NULL, NULL, NULL, NULL}, // 0004 TPM_ALG_SHA1 > {0, NULL, NULL, NULL, NULL}, // 0005 > {0, NULL, NULL, NULL, NULL}, // 0006 TPM_ALG_AES > {0, NULL, NULL, NULL, NULL}, // 0007 > {0, NULL, NULL, NULL, NULL}, // 0008 TPM_ALG_KEYEDHA= SH > {0, NULL, NULL, NULL, NULL}, // 0009 > {0, NULL, NULL, NULL, NULL}, // 000A > {SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final, > Sha256HashAll}, // 000B TPM_ALG_SHA256 > {SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final, > Sha384HashAll}, // 000C TPM_ALG_SHA384 > {SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final, > Sha512HashAll}, // 000D TPM_ALG_SHA512 > {0, NULL, NULL, NULL, NULL}, // 000E > {0, NULL, NULL, NULL, NULL}, // 000F > {0, NULL, NULL, NULL, NULL}, // 0010 TPM_ALG_NULL > //{0, NULL, NULL, NULL, NULL}, // 0011 > //{0, NULL, NULL, NULL, NULL}, // 0012 TPM_ALG_SM3_256 > }; >=20 I prefer the code directly index the algorithm info/methods as array. It makes code quite simpler. > 4) Why not just add one bit say: skip in S3 ? Why need such complexity? > #define HASHED_FV_FLAG_SKIP_BOOT_MODE(Mode) LShiftU64 (0x100, > (Mode)) > #define FV_HASH_FLAG_BOOT_MODE(Mode) LShiftU64 (1, (Mode)) >=20 > I am not sure how that works. Is boot mode bit start from BIT0 or BIT8 ? = I am > confused. >=20 > if ((StoredHashFvPpi->HashInfo[HashIndex].HashFlag > & FV_HASH_FLAG_BOOT_MODE (BootMode)) !=3D 0) { > HashInfo =3D &StoredHashFvPpi->HashInfo[HashIndex]; > break; > } >=20 Boot mode is just a const number less than 64. So 64 bits can hold all diff= erent boot mode. Using this way is just to keep the flexibility to avoid code cha= nge if we want to support more boot modes besides S3. But if there's never such possibility at all, you're right that one bit is enough. > 5) Why the producer want skip both verified boot and measured boot? Is th= at > legal or illegal? If it is illegal, I prefer use ASSER() to tell people. > if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) =3D=3D 0 && > (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) =3D=3D 0) { > continue; > } Suppose there's a use case, most likely for developers, which need to disab= le security feature temporarily. The BIOS still need to boot. The developers d= on't need to remove this driver in order to do it. I think it's legacl. >=20 > 6) I recommend to add one debug message to tell people this is skipped. > // > // Skip any FV not meant for current boot mode. > // > if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_SKIP_BOOT_MODE > (BootMode)) !=3D 0) { > continue; > } >=20 Right. I'll add one. > 7) Would you please clarify why and when a platform need report multiple > StartedHashFv ? > do { > Status =3D PeiServicesLocatePpi ( > &gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid, > Instance, > NULL, > (VOID**)&StoredHashFvPpi > ); > if (!EFI_ERROR(Status) && StoredHashFvPpi !=3D NULL && StoredHashFvPp= i- > >FvNumber > 0) { >=20 > It will be better, if you can those description in StoredHashFvPpi.h file >=20 I don't know if there's such necessity. It's just trying to keep a certain = of flexibility. > 8) Same code above, would you please clarify if it is legal or illegal th= at > StoredHashFvPpi->FvNumber =3D=3D 0 ? > If it is illegal, I prefer use ASSERT() >=20 Let's call it illegal in case of skipping. Regards, Jian > Thank you > Yao Jiewen >=20 >=20 > > -----Original Message----- > > From: Wang, Jian J > > Sent: Tuesday, June 11, 2019 2:36 AM > > To: devel@edk2.groups.io > > Cc: Zhang, Chao B ; Yao, Jiewen > > ; Hernandez Beltran, Jorge > > ; Han, Harry > > Subject: [PATCH v2 0/3] Common OBB verification feature > > > > >V2: fix parameter description error found by ECC > > > > https://bugzilla.tianocore.org/show_bug.cgi?id=3D1617 > > > > Cc: Chao Zhang > > Cc: Jiewen Yao > > Cc: "Hernandez Beltran, Jorge" > > Cc: Harry Han > > > > Jian J Wang (3): > > SecurityPkg: add definitions for OBB verification > > SecurityPkg/FvReportPei: implement a common FV verifier and reporter > > SecurityPkg: add FvReportPei.inf in dsc for build validation > > > > SecurityPkg/FvReportPei/FvReportPei.c | 418 > > ++++++++++++++++++ > > SecurityPkg/FvReportPei/FvReportPei.h | 121 +++++ > > SecurityPkg/FvReportPei/FvReportPei.inf | 57 +++ > > SecurityPkg/FvReportPei/FvReportPei.uni | 14 + > > .../FvReportPei/FvReportPeiPeiExtra.uni | 12 + > > .../Ppi/FirmwareVolumeInfoStoredHashFv.h | 61 +++ > > SecurityPkg/SecurityPkg.dec | 9 + > > SecurityPkg/SecurityPkg.dsc | 5 + > > 8 files changed, 697 insertions(+) > > create mode 100644 SecurityPkg/FvReportPei/FvReportPei.c > > create mode 100644 SecurityPkg/FvReportPei/FvReportPei.h > > create mode 100644 SecurityPkg/FvReportPei/FvReportPei.inf > > create mode 100644 SecurityPkg/FvReportPei/FvReportPei.uni > > create mode 100644 SecurityPkg/FvReportPei/FvReportPeiPeiExtra.uni > > create mode 100644 > > SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h > > > > -- > > 2.17.1.windows.2