From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Gonzalez Del Cueto,
Rodrigo" <rodrigo.gonzalez.del.cueto@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Wang, Jian J" <jian.j.wang@intel.com>,
"Zhang, Qi1" <qi1.zhang@intel.com>
Subject: Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
Date: Thu, 23 Jul 2020 02:06:38 +0000 [thread overview]
Message-ID: <DM5PR11MB20267396DC7E1389B6DB50E08C760@DM5PR11MB2026.namprd11.prod.outlook.com> (raw)
In-Reply-To: <be0db939d7d1c36cf0085255b59acc549beb486c.1595283983.git.rodrigo.gonzalez.del.cueto@intel.com>
Here is some initial feedback:
1) Please don't change function header Tpm2PcrEvent() and Tpm2PcrRead() in Tpm2CommandLib.h
2) Please don't move Tpm2PcrRead() function in Tpm2Integrity.c, so that I can know what you have changed.
3) Please add Tpm2ActivePcrRegisterRead() as the last function in Tpm2Integrity.c
4) Please use DEBUG_VERBOSE for the new debug log. We got feedback before that there are too many debug messages in TPM driver.
5) Below code is weird in Tpm2ActivePcrRegisterRead().
UINT32 PcrIndex;
PcrIndex = (UINT8)PcrHandle;
Why you define it as UINT32 and cast it as UINT8?
6) Please use 2 spaces indent for the function header.
EFI_STATUS
EFIAPI
Tpm2ActivePcrRegisterRead (
IN TPMI_DH_PCR PcrHandle,
OUT TPML_DIGEST *HashList
)
7) The name of Tpm2ActivePcrRegisterRead() is confusing. What you try to do is to read the PCR for the active bank. Maybe Tpm2PcrReadForActiveBank() ?
Thank you
Yao Jiewen
> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>
> Sent: Tuesday, July 21, 2020 6:29 AM
> To: devel@edk2.groups.io
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Zhang,
> Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
>
> Add debug functionality to examine TPM extend operations
> performed by BIOS and inspect the PCR 00 value prior to
> any BIOS measurements.
>
> Replaced usage of EFI_D_* for DEBUG_* definitions in debug
> messages.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cueto@intel.com>
> ---
> SecurityPkg/Include/Library/Tpm2CommandLib.h | 25 +-
> .../Library/Tpm2CommandLib/Tpm2Integrity.c | 468 ++++++++++++------
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 32 +-
> 3 files changed, 364 insertions(+), 161 deletions(-)
>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index ce381e786b..bfa5bd82f4 100644
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -505,7 +505,7 @@ EFIAPI
> Tpm2PcrEvent (
>
> IN TPMI_DH_PCR PcrHandle,
>
> IN TPM2B_EVENT *EventData,
>
> - OUT TPML_DIGEST_VALUES *Digests
>
> + OUT TPML_DIGEST_VALUES *Digests
>
> );
[Jiewen] Why you need this this?
>
>
>
> /**
>
> @@ -523,9 +523,26 @@ EFI_STATUS
> EFIAPI
>
> Tpm2PcrRead (
>
> IN TPML_PCR_SELECTION *PcrSelectionIn,
>
> - OUT UINT32 *PcrUpdateCounter,
>
> - OUT TPML_PCR_SELECTION *PcrSelectionOut,
>
> - OUT TPML_DIGEST *PcrValues
>
> + OUT UINT32 *PcrUpdateCounter,
>
> + OUT TPML_PCR_SELECTION *PcrSelectionOut,
>
> + OUT TPML_DIGEST *PcrValues
>
> + );
>
> +
>
> +/**
>
> + This function will query the TPM to determine which hashing algorithms and
>
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
>
> +
>
> + @param[in] PcrHandle The index of the PCR register to be read.
>
> + @param[out] HashList List of digests from PCR register being read.
>
> +
>
> + @retval EFI_SUCCESS The Pcr was read successfully.
>
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +Tpm2ActivePcrRegisterRead (
>
> + IN TPMI_DH_PCR PcrHandle,
>
> + OUT TPML_DIGEST *HashList
>
> );
>
>
>
> /**
>
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> index ddb15178fb..229fc44139 100644
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> @@ -76,6 +76,297 @@ typedef struct {
>
>
> #pragma pack()
>
>
>
> +/**
>
> + This command returns the values of all PCR specified in pcrSelect.
>
> +
>
> + @param[in] PcrSelectionIn The selection of PCR to read.
>
> + @param[out] PcrUpdateCounter The current value of the PCR update
> counter.
>
> + @param[out] PcrSelectionOut The PCR in the returned list.
>
> + @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +Tpm2PcrRead (
>
> + IN TPML_PCR_SELECTION *PcrSelectionIn,
>
> + OUT UINT32 *PcrUpdateCounter,
>
> + OUT TPML_PCR_SELECTION *PcrSelectionOut,
>
> + OUT TPML_DIGEST *PcrValues
>
> + )
>
> +{
>
> + EFI_STATUS Status;
>
> + TPM2_PCR_READ_COMMAND SendBuffer;
>
> + TPM2_PCR_READ_RESPONSE RecvBuffer;
>
> + UINT32 SendBufferSize;
>
> + UINT32 RecvBufferSize;
>
> + UINTN Index;
>
> + TPML_DIGEST *PcrValuesOut;
>
> + TPM2B_DIGEST *Digests;
>
> +
>
> + //
>
> + // Construct command
>
> + //
>
> + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
>
> + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
>
> +
>
> + SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
>
> + for (Index = 0; Index < PcrSelectionIn->count; Index++) {
>
> + SendBuffer.PcrSelectionIn.pcrSelections[Index].hash =
> SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
>
> + SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn-
> >pcrSelections[Index].sizeofSelect;
>
> + CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect,
> &PcrSelectionIn->pcrSelections[Index].pcrSelect,
> SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
>
> + }
>
> +
>
> + SendBufferSize = sizeof(SendBuffer.Header) +
> sizeof(SendBuffer.PcrSelectionIn.count) +
> sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
>
> + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
>
> +
>
> + //
>
> + // send Tpm command
>
> + //
>
> + RecvBufferSize = sizeof (RecvBuffer);
>
> + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer,
> &RecvBufferSize, (UINT8 *)&RecvBuffer);
>
> + if (EFI_ERROR (Status)) {
>
> + return Status;
>
> + }
>
> +
>
> + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
>
> + return EFI_NOT_FOUND;
>
> + }
>
> +
>
> + //
>
> + // Return the response
>
> + //
>
> +
>
> + //
>
> + // PcrUpdateCounter
>
> + //
>
> + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter)) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
>
> +
>
> + //
>
> + // PcrSelectionOut
>
> + //
>
> + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count)) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
>
> + if (PcrSelectionOut->count > HASH_COUNT) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count
> error %x\n", PcrSelectionOut->count));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> +
>
> + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + for (Index = 0; Index < PcrSelectionOut->count; Index++) {
>
> + PcrSelectionOut->pcrSelections[Index].hash =
> SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
>
> + PcrSelectionOut->pcrSelections[Index].sizeofSelect =
> RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
>
> + if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect,
> &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut-
> >pcrSelections[Index].sizeofSelect);
>
> + }
>
> +
>
> + //
>
> + // PcrValues
>
> + //
>
> + PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof
> (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
>
> + PcrValues->count = SwapBytes32(PcrValuesOut->count);
>
> + //
>
> + // The number of digests in list is not greater than 8 per TPML_DIGEST
> definition
>
> + //
>
> + if (PcrValues->count > 8) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n",
> PcrValues->count));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + Digests = PcrValuesOut->digests;
>
> + for (Index = 0; Index < PcrValues->count; Index++) {
>
> + PcrValues->digests[Index].size = SwapBytes16(Digests->size);
>
> + if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n",
> PcrValues->digests[Index].size));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues-
> >digests[Index].size);
>
> + Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) +
> PcrValues->digests[Index].size);
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> +/**
>
> + This function will query the TPM to determine which hashing algorithms and
>
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
>
> +
>
> + @param[in] PcrHandle The index of the PCR register to be read.
>
> + @param[out] HashList List of digests from PCR register being read.
>
> +
>
> + @retval EFI_SUCCESS The Pcr was read successfully.
>
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +Tpm2ActivePcrRegisterRead (
>
> + IN TPMI_DH_PCR PcrHandle,
>
> + OUT TPML_DIGEST *HashList
>
> +)
>
> +{
>
> + EFI_STATUS Status;
>
> + TPML_PCR_SELECTION Pcrs;
>
> + TPML_PCR_SELECTION PcrSelectionIn;
>
> + TPML_PCR_SELECTION PcrSelectionOut;
>
> + TPML_DIGEST PcrValues;
>
> + UINT32 PcrUpdateCounter;
>
> + UINT32 PcrIndex;
>
> + UINT32 TpmHashAlgorithmBitmap;
>
> + TPMI_ALG_HASH CurrentPcrBankHash;
>
> + UINT32 ActivePcrBanks;
>
> + UINT32 TcgRegistryHashAlg;
>
> + UINT32 Index;
>
> + UINT32 Index2;
>
> +
>
> + PcrIndex = (UINT8)PcrHandle;
>
> +
>
> + if ((PcrIndex < 0) ||
>
> + (PcrIndex >= IMPLEMENTATION_PCR)) {
>
> + return EFI_INVALID_PARAMETER;
>
> + }
>
> +
>
> + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
>
> + ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
>
> + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
>
> + ZeroMem (&PcrValues, sizeof (PcrValues));
>
> + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
>
> +
>
> + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
>
> +
>
> + //
>
> + // Read TPM capabilities
>
> + //
>
> + Status = Tpm2GetCapabilityPcrs (&Pcrs);
>
> +
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> +
>
> + //
>
> + // Get Active Pcrs
>
> + //
>
> + Status = Tpm2GetCapabilitySupportedAndActivePcrs (
>
> + &TpmHashAlgorithmBitmap,
>
> + &ActivePcrBanks
>
> + );
>
> +
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and
> active PCRs\n"));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> +
>
> + //
>
> + // Select from Active PCRs
>
> + //
>
> + for (Index = 0; Index < Pcrs.count; Index++) {
>
> + CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
>
> +
>
> + switch (CurrentPcrBankHash) {
>
> + case TPM_ALG_SHA1:
>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
>
> + TcgRegistryHashAlg = HASH_ALG_SHA1;
>
> + break;
>
> + case TPM_ALG_SHA256:
>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
>
> + TcgRegistryHashAlg = HASH_ALG_SHA256;
>
> + break;
>
> + case TPM_ALG_SHA384:
>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
>
> + TcgRegistryHashAlg = HASH_ALG_SHA384;
>
> + break;
>
> + case TPM_ALG_SHA512:
>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
>
> + TcgRegistryHashAlg = HASH_ALG_SHA512;
>
> + break;
>
> + case TPM_ALG_SM3_256:
>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
>
> + TcgRegistryHashAlg = HASH_ALG_SM3_256;
>
> + break;
>
> + default:
>
> + //
>
> + // Unsupported algorithm
>
> + //
>
> + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
>
> + TcgRegistryHashAlg = 0;
>
> + break;
>
> + }
>
> + //
>
> + // Skip unsupported and inactive PCR banks
>
> + //
>
> + if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
>
> + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank:
> 0x%04x\n", CurrentPcrBankHash));
>
> + continue;
>
> + }
>
> +
>
> + //
>
> + // Select PCR from current active bank
>
> + //
>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =
> Pcrs.pcrSelections[Index].hash;
>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =
> PCR_SELECT_MAX;
>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex <
> 8) ? 1 << PcrIndex : 0;
>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex >
> 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex >
> 15) ? 1 << (PcrIndex - 16) : 0;
>
> + PcrSelectionIn.count++;
>
> + }
>
> +
>
> + //
>
> + // Read PCRs
>
> + //
>
> + Status = Tpm2PcrRead (
>
> + &PcrSelectionIn,
>
> + &PcrUpdateCounter,
>
> + &PcrSelectionOut,
>
> + &PcrValues
>
> + );
>
> +
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> +
>
> + for (Index = 0; Index < PcrValues.count; Index++) {
>
> + DEBUG ((
>
> + DEBUG_INFO,
>
> + "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
>
> + PcrSelectionOut.pcrSelections[Index].hash,
>
> + PcrIndex
>
> + ));
>
> +
>
> + for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
>
> + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
>
> + }
>
> + DEBUG ((DEBUG_INFO, "\n"));
>
> + }
>
> +
>
> + if (HashList != NULL) {
>
> + CopyMem (
>
> + HashList,
>
> + &PcrValues,
>
> + sizeof (TPML_DIGEST)
>
> + );
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> /**
>
> This command is used to cause an update to the indicated PCR.
>
> The digests parameter contains one or more tagged digest value identified by
> an algorithm ID.
>
> @@ -130,14 +421,26 @@ Tpm2PcrExtend (
> Buffer += sizeof(UINT16);
>
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
>
> if (DigestSize == 0) {
>
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>
> return EFI_DEVICE_ERROR;
>
> }
>
> +
>
> CopyMem(
>
> Buffer,
>
> &Digests->digests[Index].digest,
>
> DigestSize
>
> );
>
> +
>
> + DEBUG_CODE_BEGIN ();
>
> + UINTN Index2;
>
> + DEBUG ((DEBUG_INFO, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d], digest
> = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));
>
> +
>
> + for (Index2 = 0; Index2 < DigestSize; Index2++) {
>
> + DEBUG ((DEBUG_INFO, "%02x ", Buffer[Index2]));
>
> + }
>
> + DEBUG ((DEBUG_INFO, "\n"));
>
> + DEBUG_CODE_END ();
>
> +
>
> Buffer += DigestSize;
>
> }
>
>
>
> @@ -151,7 +454,7 @@ Tpm2PcrExtend (
> }
>
>
>
> if (ResultBufSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>
> return EFI_BUFFER_TOO_SMALL;
>
> }
>
>
>
> @@ -160,7 +463,7 @@ Tpm2PcrExtend (
> //
>
> RespSize = SwapBytes32(Res.Header.paramSize);
>
> if (RespSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
>
> return EFI_BUFFER_TOO_SMALL;
>
> }
>
>
>
> @@ -168,10 +471,15 @@ Tpm2PcrExtend (
> // Fail if command failed
>
> //
>
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>
> return EFI_DEVICE_ERROR;
>
> }
>
>
>
> + DEBUG_CODE_BEGIN ();
>
> + DEBUG ((DEBUG_INFO, "Tpm2PcrExtend: PCR read after extend...\n"));
>
> + Tpm2ActivePcrRegisterRead (PcrHandle, NULL);
>
> + DEBUG_CODE_END ();
>
> +
>
> //
>
> // Unmarshal the response
>
> //
>
> @@ -246,7 +554,7 @@ Tpm2PcrEvent (
> }
>
>
>
> if (ResultBufSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>
> return EFI_BUFFER_TOO_SMALL;
>
> }
>
>
>
> @@ -255,7 +563,7 @@ Tpm2PcrEvent (
> //
>
> RespSize = SwapBytes32(Res.Header.paramSize);
>
> if (RespSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
>
> return EFI_BUFFER_TOO_SMALL;
>
> }
>
>
>
> @@ -263,7 +571,7 @@ Tpm2PcrEvent (
> // Fail if command failed
>
> //
>
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>
> return EFI_DEVICE_ERROR;
>
> }
>
>
>
> @@ -284,7 +592,7 @@ Tpm2PcrEvent (
> Buffer += sizeof(UINT16);
>
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
>
> if (DigestSize == 0) {
>
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>
> return EFI_DEVICE_ERROR;
>
> }
>
> CopyMem(
>
> @@ -298,134 +606,6 @@ Tpm2PcrEvent (
> return EFI_SUCCESS;
>
> }
>
>
>
> -/**
>
> - This command returns the values of all PCR specified in pcrSelect.
>
> -
>
> - @param[in] PcrSelectionIn The selection of PCR to read.
>
> - @param[out] PcrUpdateCounter The current value of the PCR update
> counter.
>
> - @param[out] PcrSelectionOut The PCR in the returned list.
>
> - @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
>
> -
>
> - @retval EFI_SUCCESS Operation completed successfully.
>
> - @retval EFI_DEVICE_ERROR The command was unsuccessful.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -Tpm2PcrRead (
>
> - IN TPML_PCR_SELECTION *PcrSelectionIn,
>
> - OUT UINT32 *PcrUpdateCounter,
>
> - OUT TPML_PCR_SELECTION *PcrSelectionOut,
>
> - OUT TPML_DIGEST *PcrValues
>
> - )
>
> -{
>
> - EFI_STATUS Status;
>
> - TPM2_PCR_READ_COMMAND SendBuffer;
>
> - TPM2_PCR_READ_RESPONSE RecvBuffer;
>
> - UINT32 SendBufferSize;
>
> - UINT32 RecvBufferSize;
>
> - UINTN Index;
>
> - TPML_DIGEST *PcrValuesOut;
>
> - TPM2B_DIGEST *Digests;
>
> -
>
> - //
>
> - // Construct command
>
> - //
>
> - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
>
> - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
>
> -
>
> - SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
>
> - for (Index = 0; Index < PcrSelectionIn->count; Index++) {
>
> - SendBuffer.PcrSelectionIn.pcrSelections[Index].hash =
> SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
>
> - SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn-
> >pcrSelections[Index].sizeofSelect;
>
> - CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect,
> &PcrSelectionIn->pcrSelections[Index].pcrSelect,
> SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
>
> - }
>
> -
>
> - SendBufferSize = sizeof(SendBuffer.Header) +
> sizeof(SendBuffer.PcrSelectionIn.count) +
> sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
>
> - SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
>
> -
>
> - //
>
> - // send Tpm command
>
> - //
>
> - RecvBufferSize = sizeof (RecvBuffer);
>
> - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer,
> &RecvBufferSize, (UINT8 *)&RecvBuffer);
>
> - if (EFI_ERROR (Status)) {
>
> - return Status;
>
> - }
>
> -
>
> - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
>
> - return EFI_NOT_FOUND;
>
> - }
>
> -
>
> - //
>
> - // Return the response
>
> - //
>
> -
>
> - //
>
> - // PcrUpdateCounter
>
> - //
>
> - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
>
> -
>
> - //
>
> - // PcrSelectionOut
>
> - //
>
> - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
>
> - if (PcrSelectionOut->count > HASH_COUNT) {
>
> - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count
> error %x\n", PcrSelectionOut->count));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> -
>
> - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - for (Index = 0; Index < PcrSelectionOut->count; Index++) {
>
> - PcrSelectionOut->pcrSelections[Index].hash =
> SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
>
> - PcrSelectionOut->pcrSelections[Index].sizeofSelect =
> RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
>
> - if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect,
> &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut-
> >pcrSelections[Index].sizeofSelect);
>
> - }
>
> -
>
> - //
>
> - // PcrValues
>
> - //
>
> - PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof
> (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
>
> - PcrValues->count = SwapBytes32(PcrValuesOut->count);
>
> - //
>
> - // The number of digests in list is not greater than 8 per TPML_DIGEST
> definition
>
> - //
>
> - if (PcrValues->count > 8) {
>
> - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n",
> PcrValues->count));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - Digests = PcrValuesOut->digests;
>
> - for (Index = 0; Index < PcrValues->count; Index++) {
>
> - PcrValues->digests[Index].size = SwapBytes16(Digests->size);
>
> - if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {
>
> - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n",
> PcrValues->digests[Index].size));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues-
> >digests[Index].size);
>
> - Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) +
> PcrValues->digests[Index].size);
>
> - }
>
> -
>
> - return EFI_SUCCESS;
>
> -}
>
> -
>
> /**
>
> This command is used to set the desired PCR allocation of PCR and algorithms.
>
>
>
> @@ -513,7 +693,7 @@ Tpm2PcrAllocate (
> }
>
>
>
> if (ResultBufSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand:
> Buffer Too Small\r\n"));
>
> Status = EFI_BUFFER_TOO_SMALL;
>
> goto Done;
>
> }
>
> @@ -523,7 +703,7 @@ Tpm2PcrAllocate (
> //
>
> RespSize = SwapBytes32(Res.Header.paramSize);
>
> if (RespSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n",
> RespSize));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too
> large! %d\r\n", RespSize));
>
> Status = EFI_BUFFER_TOO_SMALL;
>
> goto Done;
>
> }
>
> @@ -532,7 +712,7 @@ Tpm2PcrAllocate (
> // Fail if command failed
>
> //
>
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
>
> - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
>
> + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>
> Status = EFI_DEVICE_ERROR;
>
> goto Done;
>
> }
>
> @@ -673,15 +853,15 @@ Tpm2PcrAllocateBanks (
> &SizeNeeded,
>
> &SizeAvailable
>
> );
>
> - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
>
> + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
>
> if (EFI_ERROR (Status)) {
>
> goto Done;
>
> }
>
>
>
> - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
>
> - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
>
> - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
>
> - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
>
> + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
>
> + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR));
>
> + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded));
>
> + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
>
>
>
> Done:
>
> ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
>
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> index 19b8e4b318..678826f8a5 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> @@ -147,7 +147,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
> }
>
> };
>
>
>
> -
>
> /**
>
> Record all measured Firmware Volume Information into a Guid Hob
>
> Guid Hob payload layout is
>
> @@ -223,7 +222,7 @@ SyncPcrAllocationsAndPcrMask (
> UINT32 Tpm2PcrMask;
>
> UINT32 NewTpm2PcrMask;
>
>
>
> - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
>
> + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
>
>
>
> //
>
> // Determine the current TPM support and the Platform PCR mask.
>
> @@ -234,7 +233,7 @@ SyncPcrAllocationsAndPcrMask (
> Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
>
> if (Tpm2PcrMask == 0) {
>
> //
>
> - // if PcdTPm2HashMask is zero, use ActivePcr setting
>
> + // if PcdTpm2HashMask is zero, use ActivePcr setting
>
> //
>
> PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
>
> Tpm2PcrMask = TpmActivePcrBanks;
>
> @@ -253,9 +252,9 @@ SyncPcrAllocationsAndPcrMask (
> if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
>
> NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
>
>
>
> - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
>
> + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
>
> if (NewTpmActivePcrBanks == 0) {
>
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>
> ASSERT (FALSE);
>
> } else {
>
> Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap,
> NewTpmActivePcrBanks);
>
> @@ -263,7 +262,7 @@ SyncPcrAllocationsAndPcrMask (
> //
>
> // We can't do much here, but we hope that this doesn't happen.
>
> //
>
> - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
>
> + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
>
> ASSERT_EFI_ERROR (Status);
>
> }
>
> //
>
> @@ -280,9 +279,9 @@ SyncPcrAllocationsAndPcrMask (
> if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
>
> NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
>
>
>
> - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
>
> + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
>
> if (NewTpm2PcrMask == 0) {
>
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>
> ASSERT (FALSE);
>
> }
>
>
>
> @@ -321,7 +320,7 @@ LogHashEvent (
> RetStatus = EFI_SUCCESS;
>
> for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]);
> Index++) {
>
> if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
>
> - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
>
> + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
>
> switch (mTcg2EventInfo[Index].LogFormat) {
>
> case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
>
> Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList,
> &NewEventHdr->Digest);
>
> @@ -416,7 +415,7 @@ HashLogExtendEvent (
> }
>
>
>
> if (Status == EFI_DEVICE_ERROR) {
>
> - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
>
> + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n",
> Status));
>
> BuildGuidHob (&gTpmErrorHobGuid,0);
>
> REPORT_STATUS_CODE (
>
> EFI_ERROR_CODE | EFI_ERROR_MINOR,
>
> @@ -925,7 +924,7 @@ PeimEntryMA (
> }
>
>
>
> if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
>
> - DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
>
> + DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));
>
> return EFI_DEVICE_ERROR;
>
> }
>
>
>
> @@ -989,7 +988,7 @@ PeimEntryMA (
> for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
>
> Status = MeasureSeparatorEventWithError (PcrIndex);
>
> if (EFI_ERROR (Status)) {
>
> - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
>
> + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
>
> }
>
> }
>
> }
>
> @@ -1006,6 +1005,13 @@ PeimEntryMA (
> }
>
> }
>
>
>
> + DEBUG_CODE_BEGIN ();
>
> + //
>
> + // Peek into TPM PCR 00 before any BIOS measurement.
>
> + //
>
> + Tpm2ActivePcrRegisterRead (00, NULL);
>
> + DEBUG_CODE_END ();
>
> +
>
> //
>
> // Only install TpmInitializedPpi on success
>
> //
>
> @@ -1020,7 +1026,7 @@ PeimEntryMA (
>
>
> Done:
>
> if (EFI_ERROR (Status)) {
>
> - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
>
> + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
>
> BuildGuidHob (&gTpmErrorHobGuid,0);
>
> REPORT_STATUS_CODE (
>
> EFI_ERROR_CODE | EFI_ERROR_MINOR,
>
> --
> 2.27.0.windows.1
next prev parent reply other threads:[~2020-07-23 2:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-20 22:28 [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations Rodrigo Gonzalez del Cueto
2020-07-23 2:06 ` Yao, Jiewen [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-07-29 22:43 Rodrigo Gonzalez del Cueto
2021-08-09 1:24 ` Yao, Jiewen
2021-08-10 6:40 ` Rodrigo Gonzalez del Cueto
2021-08-11 5:39 ` Yao, Jiewen
2021-12-17 2:47 Rodrigo Gonzalez del Cueto
2021-12-17 15:08 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DM5PR11MB20267396DC7E1389B6DB50E08C760@DM5PR11MB2026.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox