From: "Wang, Jian J" <jian.j.wang@intel.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Zhang, Chao B" <chao.b.zhang@intel.com>
Subject: Re: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
Date: Mon, 6 Jan 2020 05:57:40 +0000 [thread overview]
Message-ID: <D827630B58408649ACB04F44C5100036259EA7E7@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <74D8A39837DF1E4DA445A8C0B3885C503F8D08C5@shsmsx102.ccr.corp.intel.com>
I mean putting all rev0 code in 'else' not just one line. For rev105, your patch
will initialize FvBlob but never use it at all. It will confuse readers sometimes.
Regards,
Jian
> -----Original Message-----
> From: Yao, Jiewen <jiewen.yao@intel.com>
> Sent: Monday, January 06, 2020 1:53 PM
> To: Wang, Jian J <jian.j.wang@intel.com>; devel@edk2.groups.io
> Cc: Zhang, Chao B <chao.b.zhang@intel.com>
> Subject: RE: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
>
> Hi Jian
> I purposely put the line there, because I want to group all the rev 0 code
> together and rev 105 code together in if statement. I don't want to move that
> particular line to else statement.
>
> Thank you
> Yao Jiewen
>
> > -----Original Message-----
> > From: Wang, Jian J <jian.j.wang@intel.com>
> > Sent: Monday, January 6, 2020 1:33 PM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> > Cc: Zhang, Chao B <chao.b.zhang@intel.com>
> > Subject: RE: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
> >
> > Jiewen,
> >
> > Just one minor comment. With it addressed,
> >
> > Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
> >
> >
> > > -----Original Message-----
> > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > Sent: Tuesday, December 31, 2019 2:44 PM
> > > To: devel@edk2.groups.io
> > > Cc: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Chao B
> > > <chao.b.zhang@intel.com>
> > > Subject: [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP 105 support.
> > >
> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439
> > >
> > > Use EV_EFI_PLATFORM_FIRMWARE_BLOB2 if the TCG PFP revision is >= 105.
> > > Use FvName as the description for the FV.
> > >
> > > Cc: Jian J Wang <jian.j.wang@intel.com>
> > > Cc: Chao Zhang <chao.b.zhang@intel.com>
> > > Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> > > ---
> > > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 91 ++++++++++++++++++++++++++---
> > > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 2 +
> > > 2 files changed, 84 insertions(+), 9 deletions(-)
> > >
> > > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > index 1565d4e402..7d99c7906a 100644
> > > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> > > @@ -37,6 +37,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > > #include <Library/MemoryAllocationLib.h>
> > > #include <Library/ReportStatusCodeLib.h>
> > > #include <Library/ResetSystemLib.h>
> > > +#include <Library/PrintLib.h>
> > >
> > > #define PERF_ID_TCG2_PEI 0x3080
> > >
> > > @@ -78,6 +79,18 @@ EFI_PLATFORM_FIRMWARE_BLOB
> > > *mMeasuredChildFvInfo;
> > > UINT32 mMeasuredMaxChildFvIndex = 0;
> > > UINT32 mMeasuredChildFvIndex = 0;
> > >
> > > +#pragma pack (1)
> > > +
> > > +#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-
> > > XXXXXXXXXXXX)"
> > > +typedef struct {
> > > + UINT8 BlobDescriptionSize;
> > > + UINT8 BlobDescription[sizeof(FV_HANDOFF_TABLE_DESC)];
> > > + EFI_PHYSICAL_ADDRESS BlobBase;
> > > + UINT64 BlobLength;
> > > +} FV_HANDOFF_TABLE_POINTERS2;
> > > +
> > > +#pragma pack ()
> > > +
> > > /**
> > > Measure and record the Firmware Volume Information once FvInfoPPI
> install.
> > >
> > > @@ -447,6 +460,48 @@ MeasureCRTMVersion (
> > > );
> > > }
> > >
> > > +/*
> > > + Get the FvName from the FV header.
> > > +
> > > + Causion: The FV is untrusted input.
> > > +
> > > + @param[in] FvBase Base address of FV image.
> > > + @param[in] FvLength Length of FV image.
> > > +
> > > + @return FvName pointer
> > > + @retval NULL FvName is NOT found
> > > +*/
> > > +VOID *
> > > +GetFvName (
> > > + IN EFI_PHYSICAL_ADDRESS FvBase,
> > > + IN UINT64 FvLength
> > > + )
> > > +{
> > > + EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
> > > + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader;
> > > +
> > > + if (FvBase >= MAX_ADDRESS) {
> > > + return NULL;
> > > + }
> > > + if (FvLength >= MAX_ADDRESS - FvBase) {
> > > + return NULL;
> > > + }
> > > + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
> > > + return NULL;
> > > + }
> > > +
> > > + FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
> > > + if (FvHeader->ExtHeaderOffset <
> sizeof(EFI_FIRMWARE_VOLUME_HEADER))
> > {
> > > + return NULL;
> > > + }
> > > + if (FvHeader->ExtHeaderOffset +
> > > sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
> > > + return NULL;
> > > + }
> > > + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase
> +
> > > FvHeader->ExtHeaderOffset);
> > > +
> > > + return &FvExtHeader->FvName;
> > > +}
> > > +
> > > /**
> > > Measure FV image.
> > > Add it into the measured FV list after the FV is measured successfully.
> > > @@ -469,6 +524,9 @@ MeasureFvImage (
> > > UINT32 Index;
> > > EFI_STATUS Status;
> > > EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
> > > + FV_HANDOFF_TABLE_POINTERS2 FvBlob2;
> > > + VOID *EventData;
> > > + VOID *FvName;
> > > TCG_PCR_EVENT_HDR TcgEventHdr;
> > > UINT32 Instance;
> > > UINT32 Tpm2HashMask;
> > > @@ -571,6 +629,21 @@ MeasureFvImage (
> > > TcgEventHdr.PCRIndex = 0;
> > > TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
> > > TcgEventHdr.EventSize = sizeof (FvBlob);
> > > + EventData = &FvBlob;
> > > +
> >
> > I'd suggest to put above code in 'else' block to make code easier to read,
> > i.e. FvBlob for revision less than 105 and FvBlob2 for later ones.
> >
> > Regards,
> > Jian
> >
> > > + if (PcdGet32(PcdTcgPfpMeasurementRevision) >=
> > > TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105) {
> > > + FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
> > > + CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC,
> > > sizeof(FvBlob2.BlobDescription));
> > > + FvName = GetFvName (FvBase, FvLength);
> > > + if (FvName != NULL) {
> > > + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription,
> > > sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
> > > + }
> > > + FvBlob2.BlobBase = FvBlob.BlobBase;
> > > + FvBlob2.BlobLength = FvBlob.BlobLength;
> > > + TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
> > > + TcgEventHdr.EventSize = sizeof (FvBlob2);
> > > + EventData = &FvBlob2;
> > > + }
> > >
> > > if (Tpm2HashMask == 0) {
> > > //
> > > @@ -583,9 +656,9 @@ MeasureFvImage (
> > > );
> > >
> > > if (!EFI_ERROR(Status)) {
> > > - Status = LogHashEvent (&DigestList, &TcgEventHdr, (UINT8*) &FvBlob);
> > > - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged
> > by
> > > Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase));
> > > - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged
> > by
> > > Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength));
> > > + Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData);
> > > + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged
> > by
> > > Tcg2Pei starts at: 0x%x\n", FvBase));
> > > + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged
> > by
> > > Tcg2Pei has the size: 0x%x\n", FvLength));
> > > } else if (Status == EFI_DEVICE_ERROR) {
> > > BuildGuidHob (&gTpmErrorHobGuid,0);
> > > REPORT_STATUS_CODE (
> > > @@ -599,13 +672,13 @@ MeasureFvImage (
> > > //
> > > Status = HashLogExtendEvent (
> > > 0,
> > > - (UINT8*) (UINTN) FvBlob.BlobBase,
> > > - (UINTN) FvBlob.BlobLength,
> > > - &TcgEventHdr,
> > > - (UINT8*) &FvBlob
> > > + (UINT8*) (UINTN) FvBase, // HashData
> > > + (UINTN) FvLength, // HashDataLen
> > > + &TcgEventHdr, // EventHdr
> > > + EventData // EventData
> > > );
> > > - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at:
> > > 0x%x\n", FvBlob.BlobBase));
> > > - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size:
> > > 0x%x\n", FvBlob.BlobLength));
> > > + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at:
> > > 0x%x\n", FvBase));
> > > + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the
> size:
> > > 0x%x\n", FvLength));
> > > }
> > >
> > > if (EFI_ERROR(Status)) {
> > > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > index 30f985b6ea..3d361e8859 100644
> > > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
> > > @@ -54,6 +54,7 @@
> > > MemoryAllocationLib
> > > ReportStatusCodeLib
> > > ResetSystemLib
> > > + PrintLib
> > >
> > > [Guids]
> > > gTcgEventEntryHobGuid ## PRODUCES ##
> > > HOB
> > > @@ -74,6 +75,7 @@
> > >
> > > [Pcd]
> > > gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ##
> > > SOMETIMES_CONSUMES
> > > + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision
> > ##
> > > CONSUMES
> > > gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ##
> > > CONSUMES
> > > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ##
> > > CONSUMES
> > > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ##
> > > SOMETIMES_CONSUMES
> > > --
> > > 2.19.2.windows.1
next prev parent reply other threads:[~2020-01-06 5:57 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-31 6:44 [PATCH 0/6] TCG: Add TCG PFP rev 105 and 800-155 event support Yao, Jiewen
2019-12-31 6:44 ` [PATCH 1/6] SecurityPkg/Guid: Add TCG 800-155 event GUID definition Yao, Jiewen
2020-01-06 3:22 ` Wang, Jian J
2019-12-31 6:44 ` [PATCH 2/6] SecurityPkg/Tcg2Dxe: Add Tcg2Dxe to support 800-155 event Yao, Jiewen
2020-01-06 5:59 ` [edk2-devel] " Wang, Jian J
2019-12-31 6:44 ` [PATCH 3/6] MdeModulePkg/Smbios: Done measure Smbios multiple times Yao, Jiewen
2020-01-02 11:01 ` Zeng, Star
2019-12-31 6:44 ` [PATCH 4/6] MdeModulePkg/dec: add PcdTcgPfpMeasurementRevision PCD Yao, Jiewen
2020-01-06 3:13 ` Wang, Jian J
2019-12-31 6:44 ` [PATCH 5/6] MdeModulePkg/Smbios: Add TCG PFP rev 105 support Yao, Jiewen
2020-01-02 11:09 ` Zeng, Star
2020-01-02 14:16 ` Yao, Jiewen
2020-01-03 0:54 ` Zeng, Star
2019-12-31 6:44 ` [PATCH 6/6] SecurityPkg/Tcg2Pei: Add TCG PFP " Yao, Jiewen
2020-01-06 5:33 ` Wang, Jian J
2020-01-06 5:53 ` Yao, Jiewen
2020-01-06 5:57 ` Wang, Jian J [this message]
2020-01-06 6:00 ` Yao, Jiewen
2020-01-02 0:11 ` [edk2-devel] [PATCH 0/6] TCG: Add TCG PFP rev 105 and 800-155 event support Liming Gao
2020-01-02 0:39 ` Yao, Jiewen
2020-01-06 6:11 ` Wang, Jian J
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D827630B58408649ACB04F44C5100036259EA7E7@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox