From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web11.21038.1639450935634579429 for ; Mon, 13 Dec 2021 19:02:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.com header.s=intel header.b=FGC5hFOS; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: longlong.yang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1639450935; x=1670986935; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ycrgGUPz6gKTsEuw6jxbK3io6ERviqmTHyLlqRz88Jo=; b=FGC5hFOS5yEiDcOYemNvFlyY1vLdKP9VpaOQNfqvXMhbN6m4u52Ao6Vk 8E4IbKyaxrmAAStL1GQc/HxrsF8se+dSydhSUceawYUAiP97ICj+sssqY dgDJJmDr3iRqQJv7afoTmccB8VcPBMxxk6+vs8r3Rk+9IZ1vE3oYiToUh bY6bPAFr4z2erYpqEz6CfZXkSLji64dNg/f/jlSA6/se+G26TQFo3K3Et 9EZoiSvib1In1IG0jesWNqfJDxyB2VY5kMqAmtQHhiiI7zXVzGPSFgLe5 spvqZS2+daEkJRvWbca1/O3hH+ohWSFPoxxHJ/ZNPD79oWkN7wW/TKwhy g==; X-IronPort-AV: E=McAfee;i="6200,9189,10197"; a="225744616" X-IronPort-AV: E=Sophos;i="5.88,204,1635231600"; d="scan'208";a="225744616" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Dec 2021 19:02:14 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,204,1635231600"; d="scan'208";a="518036765" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by orsmga008.jf.intel.com with ESMTP; 13 Dec 2021 19:02:14 -0800 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20; Mon, 13 Dec 2021 19:02:13 -0800 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.20 via Frontend Transport; Mon, 13 Dec 2021 19:02:13 -0800 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.42) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2308.20; Mon, 13 Dec 2021 19:02:13 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g5GoBB2mWcFjaWGgvtWx1+VFr2/yxYLmhdWYw6Dio0STzY1aIMWWQaM+1TGX3DLWPjquZvIqjXyVE8PBrdmocvvP4Xy9KT9qIfz0qn9IjmNWSeMJe0F9jPePm7TFET2sesN9vYnnQjVrWFaHfZpfG2DacjM+yQVf51ZnB+ydWJTZI6iSQ4T82yX7OT+jNv1SxBAQvrf16SHGWosHpEq8+0mH/DRbQxzDRD/ZE1QvPi0iSoS3cq9+CQqMkgO9q2CePdsNgSF80zDLFMh7xs7ntbtkDNqE0eP+e+ghbTJf4zw35p6YEQYbJRTweryqXQWfAXucbWrWeC0gZuDtHIxZ0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nwj4n9FdaN2Xv1O7eAR29mqmsj6dHPXODic9lJyov3s=; b=nHheJrrASfNMHZNdWe7AuCspPapbM8F1H51rdcA7hax++EYwNkQOE0ZPpXKWA+oMvtL55a8epy4j8JfnhJYzxySWoaHXEy6jB1/gYFY3Qqu8k/QZ8/5ecwWcALETmdTDQSz10Tg7EOq2tH0QFrFRco0uHxCM3aTRkWTkTjcJROlymYClHm9Z49cv5gurakfuRLJ82oylCvhlDVrNhj1dbuVhBe6PsjuDrd3uOOG9/RnuvjUJCI/3KOjR4CZ7YUyZrO84ajP5riopvefDbO1B1+d3WXfeHPWRPfj7MqcchZ4VCOLAEiftvZ8sgmpc2wdjN1jgUdVGaApLsCyD5B9hzA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nwj4n9FdaN2Xv1O7eAR29mqmsj6dHPXODic9lJyov3s=; b=rcRcdRpSiMlfuzcGrHU88MqbuS590pjY99hq13vc1uFeU3HQ1/cUdLjQrgcm3TyF9KyAfscVpb9egt+N7F7sLp+6f7oMgkf49teqasTBdjfA1qSIycuXnFBgR2ik0aS0nh9P8nMe65q7saNa/EndlgHPx0P4g7nxIQrrMdLY4Sw= Received: from DM4PR11MB5456.namprd11.prod.outlook.com (2603:10b6:5:39c::14) by DM6PR11MB3436.namprd11.prod.outlook.com (2603:10b6:5:65::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4778.17; Tue, 14 Dec 2021 03:02:11 +0000 Received: from DM4PR11MB5456.namprd11.prod.outlook.com ([fe80::6545:c5ff:a333:a27a]) by DM4PR11MB5456.namprd11.prod.outlook.com ([fe80::6545:c5ff:a333:a27a%5]) with mapi id 15.20.4755.028; Tue, 14 Dec 2021 03:02:11 +0000 From: "Longlong Yang" To: "Ni, Ray" , "devel@edk2.groups.io" CC: "Dong, Eric" , "Kumar, Rahul1" , "Yao, Jiewen" , "Xu, Min M" , "Zhang, Qi1" Subject: Re: [PATCH V3 1/1] UefiCpuPkg: Extend measurement of microcode patches to TPM Thread-Topic: [PATCH V3 1/1] UefiCpuPkg: Extend measurement of microcode patches to TPM Thread-Index: AQHX8BNYBXriszYV70iOMxpoE+9BFKwxO5KAgAAIySA= Date: Tue, 14 Dec 2021 03:02:11 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.6.200.16 dlp-reaction: no-action authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7d44df6b-fcdd-4f3c-6b8e-08d9beae1fe4 x-ms-traffictypediagnostic: DM6PR11MB3436:EE_ x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: XSSDo8VrCR+FzNVBkGKvdv9TDZ8/6S6sklFKQRx6BlZfLGWdeY0Ttm8FBEbW8vDlQ0U787/74Q9fFMNnPPlAOVGW7m4PszMst27sJPT0fOwEdgpc+eKWbtOAbtOhUv0HweqGEzlU58oHQjFIdatwFeCXGVdfB3cCejuHXHxIXI3NpLMXp4gkVopy4gws4xt7l0gdrgfdIVyJzAwbYS8UUOXXQhRCVoQJnLUGvS4heVlmB5vs09zo7L09jxq9U649ACTjCnOkxxYRRZZzCk6ekLst5mHodu8Uml5ANe3wQEfoOo8SuF8WNimtq2MdoO/mv+jImbNnqAsCNgvhLT3MwS97DT7sba0ZV5vMYV26BDMm9iIcuCHHW/GeI6T38U3YgKoiTICkOO0/0nQgnV7B6cj7WG9nR9HU2JgAiIyK17uPUqRxVJ7b5eL17aDFiSK7Zb6nl+reNbCnCyldLLRGByxLy4VeWGVcPQP2i4xz+sdoL42z1An3r11/taFEt//OsLJkwyronmG3a2wMxOpeZ3pGCSp1AGB9MXyMPf6voGsMr5ztkxOxfAsE7q4by2qSP41zfZqOiU63jON/x1yfwdguKSAhkkDSSXGWwmxhQU8k5+DDg5IumuKvAhZXxgWycgTNorfjU6XEkLBvhwBriQ/Esf7U7GzskejQt8qa798XmFmODrlzOmRyeDjlNTq2tjZeAlqxzRItEYmug8KL8g== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM4PR11MB5456.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(366004)(186003)(86362001)(26005)(33656002)(4326008)(110136005)(6506007)(66946007)(8676002)(55016003)(7696005)(9686003)(8936002)(53546011)(5660300002)(107886003)(76116006)(64756008)(82960400001)(316002)(66476007)(54906003)(66446008)(508600001)(122000001)(83380400001)(38100700002)(2906002)(52536014)(71200400001)(66556008)(38070700005);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?RG61kMvbnOyDIFZIuSSFHbUN5GkYg4hTlKNUMVeRdy8PF+UE/9nI60jUFMwy?= =?us-ascii?Q?+2o2vaAfEFQgsB5a9cH1t0MNEeQ+wCfOw2XD7c4tkc/hIlWSnj+tRZ9IGqYC?= =?us-ascii?Q?aBCwERHoxnE8mf8YpxYFIrykDjE7Q5DmnSBA0dR2Kc9TubO/7+YBufE7k77Z?= =?us-ascii?Q?Se2ItngweyYo31EoP8oFYk81auHGlICfuSac59A9M5xojYVNPSWTSZfuoqy9?= =?us-ascii?Q?wExDZ7vCJIM7clqnc9j216ZtmleMbGKuNu06HTujyKd6JBVcQ5077fQ1G637?= =?us-ascii?Q?B8uRXFVcpU5qC4Ht96IRT7ndB0AjvF/MKb86a07HUIxFrS+xAzRI1yVjIZcF?= =?us-ascii?Q?pbc2EeNQB23OTA5y5YOd8SwOxqVxtdl6ulLy5CkMIHkzUdR4fVgDZm3QSUhQ?= =?us-ascii?Q?AJgJbzcwWGNREbeO2XbXDpd2ukRNczGR7Azb+9QDBsF+MtpsKsZy3PaQN76s?= =?us-ascii?Q?ELlh3k4IgKqkZCywQrfaLRPF29nZf6IvPEMnflxU+Bl9dNSjq+WjP2ryfjrS?= =?us-ascii?Q?NPwzQTtyTPLO3mt3X9J5tcuEoop8pbGH4QKK6EqOeCezU2/w35CofFiJ+/uS?= =?us-ascii?Q?wQnAagzpv3lBa0Ohp8msCiNx/zN7Wc24cBm4i1jIzaKrf0aP7w2oPulalE9g?= =?us-ascii?Q?8s9eM+m/4caQV4UYycIk/uSoWGMH3L+KXp1O/b+KD8WIcYbEJJjTPq1hFhH0?= =?us-ascii?Q?Hbw7UQDh0Yt/pp/yYrtZw4lAGymH5OAUdSulDi34GSAScMXQfYVwZfbcptcS?= =?us-ascii?Q?NFcVseCYmnszFLU3+GRW/z+jD4gh33LTDm8Hm+n91Ge+eMs1mnXpsoTK5qDo?= =?us-ascii?Q?aaYN6UfrcQNYbfPBcITm2d3YXr77+/ZgaiKov5fUHH9DmpU4CSdSvi4ZsbNM?= =?us-ascii?Q?4OpcSY8VOmqY9BPXMumt33HFVpo2IhNH+S44VPwDY8ebl0xnzYqeTdVKjT2X?= =?us-ascii?Q?rlVqvh5m9ADfrtbm47RgOeVJs48l7nI7tpqU+rfkDNQHiinN8t4gbAKNRBhO?= =?us-ascii?Q?UEjc/NozPQZrgh+VDuZ815+TvMsdXa1WQ6chk9jOE3GcLUld7vPp6ImLXCeu?= =?us-ascii?Q?Wf3ne8GYAbUkCX7fV9NU8AURDJhfGfaDB0djSfZLOsZgTpMEZ6BSbOPML6Iz?= =?us-ascii?Q?i0dHAGqgNkAYig75kmoLH99xdbqFBIa8ScKF7pA3Cn5/R47qHdeTefJDRot5?= =?us-ascii?Q?xZTkxMCr9zOtYDMuUIlzD+7604M9sdVq5ze9KxW0VsP/8EfU+cARYbQHGdH4?= =?us-ascii?Q?CgDKNhuOli56/ckuMugXMcW+SwFM+nW2cDfLf4/fTpRtv99RsJcJpLckYoP4?= =?us-ascii?Q?QReEQNUTZEILxm/TPR4tQEr4a3hcvD/CJ3+6sWTCxceMB7L9Dc2uUjLegodX?= =?us-ascii?Q?Y5FgKSwRr7kXCPrBvXLbcmT6vB8/BjF+uapzwFCRAGEAamtvLoPlBeBTn0eI?= =?us-ascii?Q?+p0jw1Qg2IbP4nsFoHC3AAiBSkeWDvuyQQcdvOvkV6pTgbVvHaYE6ZtLSLge?= =?us-ascii?Q?gm2aNcj5/+3Mpz23MDKnFjNPMLAJGpq/eC482JMbOXkrdA0+9QIC7RpUYOiG?= =?us-ascii?Q?Y7JooGMcM+elKYtPcSFbYKPxkj6vJrwFhmFylNEjoNBQiWcgU4Ooh5QJNfd5?= =?us-ascii?Q?Ig=3D=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB5456.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7d44df6b-fcdd-4f3c-6b8e-08d9beae1fe4 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Dec 2021 03:02:11.6724 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 4I4/1FV36h+/Xx0NQNV3Iev7wM7e3KcbA2qMarTSzXCr6+JClpvIgd8GKNJLNwvuruJ058ShyqS3ERcdp6mNpQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3436 Return-Path: longlong.yang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Ray, The order is required by the hash function. By measuring an object, we first need to get the hash or the digest of that= object, and then extend the hash/digest or measurement to TPM device. If t= here are more than one microcode patches applied to CPU, we need to measure= all of those patches. My design on measuring multiple microcode patches is= that we first pack those patches into a single binary blob, and then measu= re the binary blob by calling TpmMeasureAndLogData function. In TpmMeasureA= ndLogData function, the hash of binary blob will be calculated. If the orde= r got changed, then the hash will change too, and then the attestation will= be impacted. Therefore we need make sure if microcode didn't get updated, = then the hash/digest should the same every time we measure them. So we shou= ld sort the patches to make sure the binary blob is device specific same.=20 BRs Longlong -----Original Message----- From: Ni, Ray =20 Sent: Tuesday, December 14, 2021 9:57 AM To: Yang, Longlong ; devel@edk2.groups.io Cc: Dong, Eric ; Kumar, Rahul1 ; Yao, Jiewen ; Xu, Min M ; Zhan= g, Qi1 Subject: RE: [PATCH V3 1/1] UefiCpuPkg: Extend measurement of microcode pat= ches to TPM > + > + // > + // The order matters when packing all applied microcode patches to a s= ingle binary blob. > + // Therefore it is a must to do sorting before packing. > + // NOTE: We assumed that the order of address of every microcode=20 > + patch in RAM is the same // with the order of those in the=20 > + Microcode Firmware Volume in FLASH. If any future updates // made this= assumption untenable, then needs a new solution to measure microcode patch= es. > + // Can you explain the above comments? If you only measure the microcode which will be applied to CPU, why do you = care about the order?