public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Zhang, Chao B" <chao.b.zhang@intel.com>
Subject: Re: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
Date: Mon, 6 Jan 2020 05:57:40 +0000	[thread overview]
Message-ID: <D827630B58408649ACB04F44C5100036259EA7E7@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503F8D08C5@shsmsx102.ccr.corp.intel.com>

I mean putting all rev0 code in 'else' not just one line. For rev105, your patch
will initialize FvBlob but never use it at all. It will confuse readers sometimes.

Regards,
Jian

> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Monday, January 06, 2020 1:53 PM
> To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io
> Cc: Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: RE: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
> 
> Hi Jian
> I purposely put the line there, because I want to group all the rev 0 code
> together and rev 105 code together in if statement. I don't want to move that
> particular line to else statement.
> 
> Thank you
> Yao Jiewen
> 
> > -----Original Message-----
> > From: Wang, Jian J <jian.j.wang@intel.com>
> > Sent: Monday, January 6, 2020 1:33 PM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> > Cc: Zhang, Chao B <chao.b.zhang@intel.com>
> > Subject: RE: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
> >
> > Jiewen,
> >
> > Just one minor comment. With it addressed,
> >
> > Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
> >
> >
> > > -----Original Message-----
> > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > Sent: Tuesday, December 31, 2019 2:44 PM
> > > To: devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Chao B
> > > <chao.b.zhang@intel.com>
> > > Subject: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439
> > >
> > > Use EV_EFI_PLATFORM_FIRMWARE_BLOB2 if the TCG PFP revision is >= 105.
> > > Use FvName as the description for the FV.
> > >
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Chao Zhang <chao.b.zhang@intel.com>
> > > Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> > > ---
> > >  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c   | 91 ++++++++++++++++++++++++++---
> > >  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf |  2 +
> > >  2 files changed, 84 insertions(+), 9 deletions(-)
> > >
> > > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > index 1565d4e402..7d99c7906a 100644
> > > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > @@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > >  #include <Library/MemoryAllocationLib.h>
> > >  #include <Library/ReportStatusCodeLib.h>
> > >  #include <Library/ResetSystemLib.h>
> > > +#include <Library/PrintLib.h>
> > >
> > >  #define PERF_ID_TCG2_PEI  0x3080
> > >
> > > @@ -78,6 +79,18 @@ EFI_PLATFORM_FIRMWARE_BLOB
> > > *mMeasuredChildFvInfo;
> > >  UINT32 mMeasuredMaxChildFvIndex = 0;
> > >  UINT32 mMeasuredChildFvIndex = 0;
> > >
> > > +#pragma pack (1)
> > > +
> > > +#define FV_HANDOFF_TABLE_DESC  "Fv(XXXXXXXX-XXXX-XXXX-XXXX-
> > > XXXXXXXXXXXX)"
> > > +typedef struct {
> > > +  UINT8                             BlobDescriptionSize;
> > > +  UINT8                             BlobDescription[sizeof(FV_HANDOFF_TABLE_DESC)];
> > > +  EFI_PHYSICAL_ADDRESS              BlobBase;
> > > +  UINT64                            BlobLength;
> > > +} FV_HANDOFF_TABLE_POINTERS2;
> > > +
> > > +#pragma pack ()
> > > +
> > >  /**
> > >    Measure and record the Firmware Volume Information once FvInfoPPI
> install.
> > >
> > > @@ -447,6 +460,48 @@ MeasureCRTMVersion (
> > >             );
> > >  }
> > >
> > > +/*
> > > +  Get the FvName from the FV header.
> > > +
> > > +  Causion: The FV is untrusted input.
> > > +
> > > +  @param[in]  FvBase            Base address of FV image.
> > > +  @param[in]  FvLength          Length of FV image.
> > > +
> > > +  @return FvName pointer
> > > +  @retval NULL   FvName is NOT found
> > > +*/
> > > +VOID *
> > > +GetFvName (
> > > +  IN EFI_PHYSICAL_ADDRESS           FvBase,
> > > +  IN UINT64                         FvLength
> > > +  )
> > > +{
> > > +  EFI_FIRMWARE_VOLUME_HEADER      *FvHeader;
> > > +  EFI_FIRMWARE_VOLUME_EXT_HEADER  *FvExtHeader;
> > > +
> > > +  if (FvBase >= MAX_ADDRESS) {
> > > +    return NULL;
> > > +  }
> > > +  if (FvLength >= MAX_ADDRESS - FvBase) {
> > > +    return NULL;
> > > +  }
> > > +  if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
> > > +    return NULL;
> > > +  }
> > > +
> > > +  FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
> > > +  if (FvHeader->ExtHeaderOffset <
> sizeof(EFI_FIRMWARE_VOLUME_HEADER))
> > {
> > > +    return NULL;
> > > +  }
> > > +  if (FvHeader->ExtHeaderOffset +
> > > sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
> > > +    return NULL;
> > > +  }
> > > +  FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase
> +
> > > FvHeader->ExtHeaderOffset);
> > > +
> > > +  return &FvExtHeader->FvName;
> > > +}
> > > +
> > >  /**
> > >    Measure FV image.
> > >    Add it into the measured FV list after the FV is measured successfully.
> > > @@ -469,6 +524,9 @@ MeasureFvImage (
> > >    UINT32                                                Index;
> > >    EFI_STATUS                                            Status;
> > >    EFI_PLATFORM_FIRMWARE_BLOB                            FvBlob;
> > > +  FV_HANDOFF_TABLE_POINTERS2                            FvBlob2;
> > > +  VOID                                                  *EventData;
> > > +  VOID                                                  *FvName;
> > >    TCG_PCR_EVENT_HDR                                     TcgEventHdr;
> > >    UINT32                                                Instance;
> > >    UINT32                                                Tpm2HashMask;
> > > @@ -571,6 +629,21 @@ MeasureFvImage (
> > >    TcgEventHdr.PCRIndex  = 0;
> > >    TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
> > >    TcgEventHdr.EventSize = sizeof (FvBlob);
> > > +  EventData             = &FvBlob;
> > > +
> >
> > I'd suggest to put above code in 'else' block to make code easier to read,
> > i.e. FvBlob for revision less than 105 and FvBlob2 for later ones.
> >
> > Regards,
> > Jian
> >
> > > +  if (PcdGet32(PcdTcgPfpMeasurementRevision) >=
> > > TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105) {
> > > +    FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
> > > +    CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC,
> > > sizeof(FvBlob2.BlobDescription));
> > > +    FvName = GetFvName (FvBase, FvLength);
> > > +    if (FvName != NULL) {
> > > +      AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription,
> > > sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
> > > +    }
> > > +    FvBlob2.BlobBase      = FvBlob.BlobBase;
> > > +    FvBlob2.BlobLength    = FvBlob.BlobLength;
> > > +    TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
> > > +    TcgEventHdr.EventSize = sizeof (FvBlob2);
> > > +    EventData             = &FvBlob2;
> > > +  }
> > >
> > >    if (Tpm2HashMask == 0) {
> > >      //
> > > @@ -583,9 +656,9 @@ MeasureFvImage (
> > >                 );
> > >
> > >      if (!EFI_ERROR(Status)) {
> > > -       Status = LogHashEvent (&DigestList, &TcgEventHdr, (UINT8*) &FvBlob);
> > > -       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged
> > by
> > > Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase));
> > > -       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged
> > by
> > > Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength));
> > > +       Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData);
> > > +       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged
> > by
> > > Tcg2Pei starts at: 0x%x\n", FvBase));
> > > +       DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged
> > by
> > > Tcg2Pei has the size: 0x%x\n", FvLength));
> > >      } else if (Status == EFI_DEVICE_ERROR) {
> > >        BuildGuidHob (&gTpmErrorHobGuid,0);
> > >        REPORT_STATUS_CODE (
> > > @@ -599,13 +672,13 @@ MeasureFvImage (
> > >      //
> > >      Status = HashLogExtendEvent (
> > >                 0,
> > > -               (UINT8*) (UINTN) FvBlob.BlobBase,
> > > -               (UINTN) FvBlob.BlobLength,
> > > -               &TcgEventHdr,
> > > -               (UINT8*) &FvBlob
> > > +               (UINT8*) (UINTN) FvBase, // HashData
> > > +               (UINTN) FvLength,        // HashDataLen
> > > +               &TcgEventHdr,            // EventHdr
> > > +               EventData                // EventData
> > >                 );
> > > -    DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at:
> > > 0x%x\n", FvBlob.BlobBase));
> > > -    DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size:
> > > 0x%x\n", FvBlob.BlobLength));
> > > +    DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at:
> > > 0x%x\n", FvBase));
> > > +    DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the
> size:
> > > 0x%x\n", FvLength));
> > >    }
> > >
> > >    if (EFI_ERROR(Status)) {
> > > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > index 30f985b6ea..3d361e8859 100644
> > > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > @@ -54,6 +54,7 @@
> > >    MemoryAllocationLib
> > >    ReportStatusCodeLib
> > >    ResetSystemLib
> > > +  PrintLib
> > >
> > >  [Guids]
> > >    gTcgEventEntryHobGuid                                                ## PRODUCES               ##
> > > HOB
> > > @@ -74,6 +75,7 @@
> > >
> > >  [Pcd]
> > >    gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString              ##
> > > SOMETIMES_CONSUMES
> > > +  gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision
> > ##
> > > CONSUMES
> > >    gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid                     ##
> > > CONSUMES
> > >    gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy            ##
> > > CONSUMES
> > >    gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy                  ##
> > > SOMETIMES_CONSUMES
> > > --
> > > 2.19.2.windows.1


  reply	other threads:[~2020-01-06  5:57 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-31  6:44 [PATCH 0/6] TCG: Add TCG PFP rev 105 and 800-155 event support Yao, Jiewen
2019-12-31  6:44 ` [PATCH 1/6] SecurityPkg/Guid: Add TCG 800-155 event GUID definition Yao, Jiewen
2020-01-06  3:22   ` Wang, Jian J
2019-12-31  6:44 ` [PATCH 2/6] SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event Yao, Jiewen
2020-01-06  5:59   ` [edk2-devel] " Wang, Jian J
2019-12-31  6:44 ` [PATCH 3/6] MdeModulePkg/Smbios: Done measure Smbios multiple times Yao, Jiewen
2020-01-02 11:01   ` Zeng, Star
2019-12-31  6:44 ` [PATCH 4/6] MdeModulePkg/dec: add PcdTcgPfpMeasurementRevision PCD Yao, Jiewen
2020-01-06  3:13   ` Wang, Jian J
2019-12-31  6:44 ` [PATCH 5/6] MdeModulePkg/Smbios: Add TCG PFP rev 105 support Yao, Jiewen
2020-01-02 11:09   ` Zeng, Star
2020-01-02 14:16     ` Yao, Jiewen
2020-01-03  0:54       ` Zeng, Star
2019-12-31  6:44 ` [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP " Yao, Jiewen
2020-01-06  5:33   ` Wang, Jian J
2020-01-06  5:53     ` Yao, Jiewen
2020-01-06  5:57       ` Wang, Jian J [this message]
2020-01-06  6:00         ` Yao, Jiewen
2020-01-02  0:11 ` [edk2-devel] [PATCH 0/6] TCG: Add TCG PFP rev 105 and 800-155 event support Liming Gao
2020-01-02  0:39   ` Yao, Jiewen
2020-01-06  6:11 ` Wang, Jian J

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D827630B58408649ACB04F44C5100036259EA7E7@SHSMSX107.ccr.corp.intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox