From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Yao, Jiewen" <jiewen.yao@intel.com>
Cc: "Zhang, Chao B" <chao.b.zhang@intel.com>,
"Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>,
"Han, Harry" <harry.han@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 0/3] Common OBB verification feature
Date: Fri, 14 Jun 2019 05:11:24 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C510003625926458@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <15A7E930E191F486.2329@groups.io>
Forgot to mention test:
1. Unit test and security test based on HBFA test framework
2. System test on three real platforms
Regards,
Jian
> -----Original Message-----
> From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of Wang,
> Jian J
> Sent: Friday, June 14, 2019 8:30 AM
> To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> Cc: Zhang, Chao B <chao.b.zhang@intel.com>; Hernandez Beltran, Jorge
> <jorge.hernandez.beltran@intel.com>; Han, Harry <harry.han@intel.com>
> Subject: Re: [edk2-devel] [PATCH v2 0/3] Common OBB verification feature
>
> Jiewen,
>
> > -----Original Message-----
> > From: Yao, Jiewen
> > Sent: Wednesday, June 12, 2019 12:49 PM
> > To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io
> > Cc: Zhang, Chao B <chao.b.zhang@intel.com>; Hernandez Beltran, Jorge
> > <jorge.hernandez.beltran@intel.com>; Han, Harry <harry.han@intel.com>
> > Subject: RE: [PATCH v2 0/3] Common OBB verification feature
> >
> > Thanks Jian. Some comment below:
> >
> > 0) Please add what unit test has been done.
> >
> > 1) Can we use UINT64 for Base and Length?
> > typedef struct _HASHED_FV_INFO {
> > UINT32 Base;
> > UINT32 Length;
> > UINT64 Flag;
> > } HASHED_FV_INFO;
> >
>
> Yes, we can. But is it necessary? Isn't the flash address always below 4G?
>
> > 2) Can we remove the hard code HASHED_FV_MAX_NUMBER and use more
> > flexible way?
> > #define HASHED_FV_MAX_NUMBER 10
> > struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
> > UINTN FvNumber;
> > HASHED_FV_INFO FvInfo[HASHED_FV_MAX_NUMBER];
> > UINTN HashNumber;
> > FV_HASH_INFO HashInfo[1];
> > };
> >
>
> Yes. I thought we need more than one hash value here. I went through the
> whole
> logic here. Maybe one hash value is enough (no need to pass the hash value not
> meant for current boot mode). So we can put the FvInfo at the end of structure
> and remove the hard-coded fv number.
>
> > 3) can we use better way to organize the table? It is weird to have so many
> zero.
> > Why not just use TPM_ALG_xxx as the first field and search?
> > STATIC CONST HASH_ALG_INFO mHashAlgInfo[] = {
> > {0, NULL, NULL, NULL, NULL}, // 0000 TPM_ALG_ERROR
> > {0, NULL, NULL, NULL, NULL}, // 0001 TPM_ALG_FIRST
> > {0, NULL, NULL, NULL, NULL}, // 0002
> > {0, NULL, NULL, NULL, NULL}, // 0003
> > {0, NULL, NULL, NULL, NULL}, // 0004 TPM_ALG_SHA1
> > {0, NULL, NULL, NULL, NULL}, // 0005
> > {0, NULL, NULL, NULL, NULL}, // 0006 TPM_ALG_AES
> > {0, NULL, NULL, NULL, NULL}, // 0007
> > {0, NULL, NULL, NULL, NULL}, // 0008 TPM_ALG_KEYEDHASH
> > {0, NULL, NULL, NULL, NULL}, // 0009
> > {0, NULL, NULL, NULL, NULL}, // 000A
> > {SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final,
> > Sha256HashAll}, // 000B TPM_ALG_SHA256
> > {SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final,
> > Sha384HashAll}, // 000C TPM_ALG_SHA384
> > {SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final,
> > Sha512HashAll}, // 000D TPM_ALG_SHA512
> > {0, NULL, NULL, NULL, NULL}, // 000E
> > {0, NULL, NULL, NULL, NULL}, // 000F
> > {0, NULL, NULL, NULL, NULL}, // 0010 TPM_ALG_NULL
> > //{0, NULL, NULL, NULL, NULL}, // 0011
> > //{0, NULL, NULL, NULL, NULL}, // 0012 TPM_ALG_SM3_256
> > };
> >
>
> I prefer the code directly index the algorithm info/methods as array. It
> makes code quite simpler.
>
> > 4) Why not just add one bit say: skip in S3 ? Why need such complexity?
> > #define HASHED_FV_FLAG_SKIP_BOOT_MODE(Mode) LShiftU64 (0x100,
> > (Mode))
> > #define FV_HASH_FLAG_BOOT_MODE(Mode) LShiftU64 (1, (Mode))
> >
> > I am not sure how that works. Is boot mode bit start from BIT0 or BIT8 ? I am
> > confused.
> >
> > if ((StoredHashFvPpi->HashInfo[HashIndex].HashFlag
> > & FV_HASH_FLAG_BOOT_MODE (BootMode)) != 0) {
> > HashInfo = &StoredHashFvPpi->HashInfo[HashIndex];
> > break;
> > }
> >
>
> Boot mode is just a const number less than 64. So 64 bits can hold all different
> boot mode. Using this way is just to keep the flexibility to avoid code change if
> we want to support more boot modes besides S3. But if there's never such
> possibility at all, you're right that one bit is enough.
>
> > 5) Why the producer want skip both verified boot and measured boot? Is that
> > legal or illegal? If it is illegal, I prefer use ASSER() to tell people.
> > if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) == 0 &&
> > (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) == 0) {
> > continue;
> > }
>
> Suppose there's a use case, most likely for developers, which need to disable
> security feature temporarily. The BIOS still need to boot. The developers don't
> need to remove this driver in order to do it. I think it's legacl.
>
> >
> > 6) I recommend to add one debug message to tell people this is skipped.
> > //
> > // Skip any FV not meant for current boot mode.
> > //
> > if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_SKIP_BOOT_MODE
> > (BootMode)) != 0) {
> > continue;
> > }
> >
>
> Right. I'll add one.
>
> > 7) Would you please clarify why and when a platform need report multiple
> > StartedHashFv ?
> > do {
> > Status = PeiServicesLocatePpi (
> > &gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid,
> > Instance,
> > NULL,
> > (VOID**)&StoredHashFvPpi
> > );
> > if (!EFI_ERROR(Status) && StoredHashFvPpi != NULL && StoredHashFvPpi-
> > >FvNumber > 0) {
> >
> > It will be better, if you can those description in StoredHashFvPpi.h file
> >
>
> I don't know if there's such necessity. It's just trying to keep a certain of
> flexibility.
>
> > 8) Same code above, would you please clarify if it is legal or illegal that
> > StoredHashFvPpi->FvNumber == 0 ?
> > If it is illegal, I prefer use ASSERT()
> >
>
> Let's call it illegal in case of skipping.
>
> Regards,
> Jian
>
> > Thank you
> > Yao Jiewen
> >
> >
> > > -----Original Message-----
> > > From: Wang, Jian J
> > > Sent: Tuesday, June 11, 2019 2:36 AM
> > > To: devel@edk2.groups.io
> > > Cc: Zhang, Chao B <chao.b.zhang@intel.com>; Yao, Jiewen
> > > <jiewen.yao@intel.com>; Hernandez Beltran, Jorge
> > > <jorge.hernandez.beltran@intel.com>; Han, Harry <harry.han@intel.com>
> > > Subject: [PATCH v2 0/3] Common OBB verification feature
> > >
> > > >V2: fix parameter description error found by ECC
> > >
> > > https://bugzilla.tianocore.org/show_bug.cgi?id=1617
> > >
> > > Cc: Chao Zhang <chao.b.zhang@intel.com>
> > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
> > > Cc: Harry Han <harry.han@intel.com>
> > >
> > > Jian J Wang (3):
> > > SecurityPkg: add definitions for OBB verification
> > > SecurityPkg/FvReportPei: implement a common FV verifier and reporter
> > > SecurityPkg: add FvReportPei.inf in dsc for build validation
> > >
> > > SecurityPkg/FvReportPei/FvReportPei.c | 418
> > > ++++++++++++++++++
> > > SecurityPkg/FvReportPei/FvReportPei.h | 121 +++++
> > > SecurityPkg/FvReportPei/FvReportPei.inf | 57 +++
> > > SecurityPkg/FvReportPei/FvReportPei.uni | 14 +
> > > .../FvReportPei/FvReportPeiPeiExtra.uni | 12 +
> > > .../Ppi/FirmwareVolumeInfoStoredHashFv.h | 61 +++
> > > SecurityPkg/SecurityPkg.dec | 9 +
> > > SecurityPkg/SecurityPkg.dsc | 5 +
> > > 8 files changed, 697 insertions(+)
> > > create mode 100644 SecurityPkg/FvReportPei/FvReportPei.c
> > > create mode 100644 SecurityPkg/FvReportPei/FvReportPei.h
> > > create mode 100644 SecurityPkg/FvReportPei/FvReportPei.inf
> > > create mode 100644 SecurityPkg/FvReportPei/FvReportPei.uni
> > > create mode 100644 SecurityPkg/FvReportPei/FvReportPeiPeiExtra.uni
> > > create mode 100644
> > > SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h
> > >
> > > --
> > > 2.17.1.windows.2
>
>
>
prev parent reply other threads:[~2019-06-14 5:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-10 18:35 [PATCH v2 0/3] Common OBB verification feature Wang, Jian J
2019-06-10 18:35 ` [PATCH v2 1/3] SecurityPkg: add definitions for OBB verification Wang, Jian J
2019-06-10 18:35 ` [PATCH v2 2/3] SecurityPkg/FvReportPei: implement a common FV verifier and reporter Wang, Jian J
2019-06-10 18:35 ` [PATCH v2 3/3] SecurityPkg: add FvReportPei.inf in dsc for build validation Wang, Jian J
2019-06-12 4:48 ` [PATCH v2 0/3] Common OBB verification feature Yao, Jiewen
2019-06-14 0:29 ` Wang, Jian J
2019-06-14 10:41 ` Yao, Jiewen
2019-06-14 16:53 ` Wang, Jian J
[not found] ` <15A7E930E191F486.2329@groups.io>
2019-06-14 5:11 ` Wang, Jian J [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C510003625926458@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox