From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by mx.groups.io with SMTP id smtpd.web10.11014.1594887151438510433
 for <devel@edk2.groups.io>;
 Thu, 16 Jul 2020 01:12:31 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=pf/uDohS;
 spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: jiewen.yao@intel.com)
IronPort-SDR: EcQvhX/5sl5L25bo4yUznKJztkQyilqhV70ZAebK+mSEjDyOQTRcE4vKF0hA9FxDFUlNfSj4oh
 Foi5a1eM4eNw==
X-IronPort-AV: E=McAfee;i="6000,8403,9683"; a="136789419"
X-IronPort-AV: E=Sophos;i="5.75,358,1589266800"; 
   d="scan'208";a="136789419"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Jul 2020 01:12:30 -0700
IronPort-SDR: Oi16uW+bGhSIz6YQdlkhjDcngotu3c4by7iQEFW2OB36NmNbzuvBZ/u+qUihA1l05tnxr4Zkl9
 XO/F0ZSacJQg==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,358,1589266800"; 
   d="scan'208";a="270501827"
Received: from orsmsx102.amr.corp.intel.com ([10.22.225.129])
  by fmsmga008.fm.intel.com with ESMTP; 16 Jul 2020 01:12:27 -0700
Received: from orsmsx151.amr.corp.intel.com (10.22.226.38) by
 ORSMSX102.amr.corp.intel.com (10.22.225.129) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 16 Jul 2020 01:12:27 -0700
Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by
 ORSMSX151.amr.corp.intel.com (10.22.226.38) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 16 Jul 2020 01:12:26 -0700
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.168)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Thu, 16 Jul 2020 01:12:26 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=BAMZ+CmawDpQycg8xTps2VMuaYTOXCC8iqyB3mEymVnYFH5Mp1VeBp9q9bf4BtRXo9CazcQXOemj8DUPPVHBrxTZd3NxqeMe0sCI/rQQFYEOVAlZzqY4w7mmAPnbJ4KU5xgSv2OJQrV5kFDKe5647tBp3gxRlERUQ+Undwy60+nvfK2S/s6vmRdbWD2t49xq2DShuRMMFAI9mgC9ahIty0EmaFahctHRzij4TazzqRbgR0KWdUebYBtacwZfxaL0BcyghZ4S9FLSeD8p6j7/Rab9lfF6c9M4Mc7nYlNeonq5XFJSQ5gt+2zfhFzPFu5bYKoysKI/UzSrLpE13NsAMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=mQ1I8X1UKN86xLrq1czucDovrLe4m+tDJjCxpiJ7Jc8=;
 b=V6M+ePJSX2vetXQmGK7NFwoN9aL2OkKYoh3eM1zrfWjIJPELNc2X+t1AfYDAFj7UL1kYTNiRBEx2aXSK6QGm1APxtFxw4LdJ/gAmU5FhtJY5BLtbkG4/0EFakwVPho49jm0hMLJf7YVsTTJrmFTvwIjzhx+EMfeZaiXQrog91rkZgCqnl6xw7jMAQSFjvapEWpuLROl8Iar96jWrD1uA6N068J2aD7Y4kWKVMFUW9HTdZ0Pv7G78wXGXs7yfRfNoXYIdQvVwwuKFgF3RKlrtL8JjwjXoZSvLDQ/l8m5ErDnJvEgrCaenMZRiln3PmMZJekjcEJGXHA2lvrKxW9W1Gw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com;
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=mQ1I8X1UKN86xLrq1czucDovrLe4m+tDJjCxpiJ7Jc8=;
 b=pf/uDohSj+TM1TZpRCi4eIKTnnMQt+Pa4sBIZMk0FRbIQtvL4tkc0fv3LeVvZgC/fa22vqWUNVlWkvC8ad2kLJRa4f9Sljt6lfb48UrncAPO2OD64Ctd+66HzacEVsmhk4B+mzM9EQS53yRt6HXdVMeI0N/IPZ31AIfg2WpoBDs=
Received: from DM5PR11MB2026.namprd11.prod.outlook.com (2603:10b6:3:10::17) by
 DM5PR11MB1644.namprd11.prod.outlook.com (2603:10b6:4:c::15) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3174.22; Thu, 16 Jul 2020 08:12:25 +0000
Received: from DM5PR11MB2026.namprd11.prod.outlook.com
 ([fe80::e19d:1de4:c479:da4]) by DM5PR11MB2026.namprd11.prod.outlook.com
 ([fe80::e19d:1de4:c479:da4%4]) with mapi id 15.20.3174.026; Thu, 16 Jul 2020
 08:12:25 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "Zhang, Qi1" <qi1.zhang@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Wang, Jian J" <jian.j.wang@intel.com>, Chao Zhang
	<chao.b.zhang@intel.com>, "Kumar, Rahul1" <rahul1.kumar@intel.com>
Subject: Re: [PATCH v2 3/7] SecurityPkg/Tcg: Add TcgPpi
Thread-Topic: [PATCH v2 3/7] SecurityPkg/Tcg: Add TcgPpi
Thread-Index: AQHWW0T72aIX1KimDEqfKc2LWExaRqkJ2xxA
Date: Thu, 16 Jul 2020 08:12:25 +0000
Message-ID: <DM5PR11MB20267FEB8810DD4D73D1A6DB8C7F0@DM5PR11MB2026.namprd11.prod.outlook.com>
References: <20200716074430.9675-1-qi1.zhang@intel.com>
 <20200716074430.9675-4-qi1.zhang@intel.com>
In-Reply-To: <20200716074430.9675-4-qi1.zhang@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiM2MwMTk1MTQtNmUzNC00ZWI5LTg3ZjktNTE1NTJmODdiYzNmIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoicE9IQm9mUEFoQWQ3V0hpS2p0QnAxMVZJTHZqajkzcHhySDFnNmhkbHk2MDZhV3NcL0FrczBDRGx0eUYrRHQ4N0sifQ==
x-ctpclassification: CTP_NT
dlp-version: 11.2.0.6
dlp-product: dlpe-windows
dlp-reaction: no-action
authentication-results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=intel.com;
x-originating-ip: [192.198.147.216]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 821d528c-99e8-41b4-19f2-08d8295ff948
x-ms-traffictypediagnostic: DM5PR11MB1644:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM5PR11MB1644B94326590A2A78F69FC78C7F0@DM5PR11MB1644.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +EhTPDfIYntxCMzEaZCpL23bPjuXhu/9Pev5pg2lUu32zX01PU6Yw1hCjebRb6a6AbGGvIbZSjhXcMdDleT7XkJZohlNT0zs2PtN27K3hzLQiH1olt0mm/amjwha/g1/09bYpQ/BN0hdz6elt7qoVXlMcjZWbmgFJnW+p9VqqyiqitPT93LVBUnnhehRciQRSDGMvH7oKcIkPLmWb6BquXoU940KEjbo9IkQTRz0SpWpF12SFwWaLUqdj5Ga5OT0YFSBno6gK0RuJMN4BnHQHZqHna9yl55Xp30VMK8R236Satp5UJ9OAB3GA0YZEAoOwnZpczymWK3nZj+Rjgu3EVL0xY1qIyJOnLi94NZZ9JYDA9klw+5z/kPV1LXSGcuevhqaD5dna1HYFT7IHo5l8Q==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR11MB2026.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(39860400002)(136003)(376002)(396003)(366004)(346002)(8676002)(2906002)(9686003)(110136005)(5660300002)(64756008)(33656002)(26005)(66556008)(53546011)(316002)(186003)(83380400001)(52536014)(6506007)(55016002)(54906003)(66446008)(15650500001)(71200400001)(86362001)(66476007)(8936002)(107886003)(966005)(478600001)(76116006)(66946007)(7696005)(4326008);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: r28Y6RrPjgt0717R477DKPEFZ6meVeUjXoV0/FJIqlKiI3BTbMKaIyu1TGfCbXfqq1pBArxbN5X5YKGJA5cczas1DIaAruY3wlqTSBtuykiB/ceMapB/lad5jOJRA34VThZuVjnZj2SAEguifJPffpusTQynUJ9JYU9nOqfB785xwQYiP6bIsVWClh2Iyfv8qUZQTEV+Lo9gkxD8ZPSC/WojgGDjvv7E8ZLUzfmzxivdqO28i2RfVoNfGct9zxGjaL5+qBWRoUY8IeYN5IErFBoImw9B3QXV2yaWLsPiNhnnVJ9wWU+uS8/GwO0xQYGuKg1CkFP0NtWlDqLvd2AIoipkHY+4t1s+Seben9xVs1/8r+i0QnnlJonHvHEY0ktV/zGazeRBUgFWHPWqnmqmrxLMI/Z4nRgTuWeqRtX57rTD8wC03gMR12vEsrkzG/zy2JRURa4JZKORL6bdWzU+ybWDM75S0pIVgBBkryAEnY7/kS7dyCav5KMNlHy7X58Z
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM5PR11MB2026.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 821d528c-99e8-41b4-19f2-08d8295ff948
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jul 2020 08:12:25.2849
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2BXKu89qzw6pq/AEDVW/dW1mXlUh8mrKHU9Sbj+IFiCbh/7bz53GWDbzg17IbPb9V06JRWSfPVr493nNBl7/9w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1644
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi Qi
Per the conversation between Bret Barkelew and I, we should install the TCG=
_PPI *before* any measurement.
Please move it earlier.

Thank you
Yao Jiewen

> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang@intel.com>
> Sent: Thursday, July 16, 2020 3:44 PM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.c=
om>;
> Chao Zhang <chao.b.zhang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>;
> Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: [PATCH v2 3/7] SecurityPkg/Tcg: Add TcgPpi
>=20
> From: Jiewen Yao <jiewen.yao@intel.com>
>=20
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2841
>=20
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
> ---
>  SecurityPkg/Tcg/TcgPei/TcgPei.c   | 61 ++++++++++++++++++++++++++++---
>  SecurityPkg/Tcg/TcgPei/TcgPei.inf |  3 +-
>  2 files changed, 58 insertions(+), 6 deletions(-)
>=20
> diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/Tcg=
Pei.c
> index a9a808c9ec..2533388849 100644
> --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c
> +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c
> @@ -1,7 +1,7 @@
>  /** @file
>=20
>    Initialize TPM device and measure FVs before handing off control to DX=
E.
>=20
>=20
>=20
> -Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>
>=20
> +Copyright (c) 2005 - 2020, Intel Corporation. All rights reserved.<BR>
>=20
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>=20
>=20
>=20
>  **/
>=20
> @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  #include <Ppi/FirmwareVolume.h>
>=20
>  #include <Ppi/EndOfPeiPhase.h>
>=20
>  #include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
>=20
> +#include <Ppi/Tcg.h>
>=20
>=20
>=20
>  #include <Guid/TcgEventHob.h>
>=20
>  #include <Guid/MeasuredFvHob.h>
>=20
> @@ -51,6 +52,45 @@ EFI_PEI_PPI_DESCRIPTOR  mTpmInitializationDonePpiList
> =3D {
>    NULL
>=20
>  };
>=20
>=20
>=20
> +/**
>=20
> +  Do a hash operation on a data buffer, extend a specific TPM PCR with t=
he
> hash result,
>=20
> +  and build a GUIDed HOB recording the event which will be passed to the=
 DXE
> phase and
>=20
> +  added into the Event Log.
>=20
> +
>=20
> +  @param[in]      This          Indicates the calling context
>=20
> +  @param[in]      Flags         Bitmap providing additional information.
>=20
> +  @param[in]      HashData      Physical address of the start of the dat=
a buffer
>=20
> +                                to be hashed, extended, and logged.
>=20
> +  @param[in]      HashDataLen   The length, in bytes, of the buffer refe=
renced by
> HashData.
>=20
> +  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>=20
> +  @param[in]      NewEventData  Pointer to the new event data.
>=20
> +
>=20
> +  @retval EFI_SUCCESS           Operation completed successfully.
>=20
> +  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.
>=20
> +  @retval EFI_DEVICE_ERROR      The command was unsuccessful.
>=20
> +
>=20
> +**/
>=20
> +EFI_STATUS
>=20
> +EFIAPI
>=20
> +HashLogExtendEvent (
>=20
> +  IN      EDKII_TCG_PPI             *This,
>=20
> +  IN      UINT64                    Flags,
>=20
> +  IN      UINT8                     *HashData,
>=20
> +  IN      UINTN                     HashDataLen,
>=20
> +  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
>=20
> +  IN      UINT8                     *NewEventData
>=20
> +  );
>=20
> +
>=20
> +EDKII_TCG_PPI mEdkiiTcgPpi =3D {
>=20
> +  HashLogExtendEvent
>=20
> +};
>=20
> +
>=20
> +EFI_PEI_PPI_DESCRIPTOR  mTcgPpiList =3D {
>=20
> +  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
>=20
> +  &gEdkiiTcgPpiGuid,
>=20
> +  &mEdkiiTcgPpi
>=20
> +};
>=20
> +
>=20
>  //
>=20
>  // Number of firmware blobs to grow by each time we run out of room
>=20
>  //
>=20
> @@ -243,7 +283,8 @@ TpmCommHashAll (
>    and build a GUIDed HOB recording the event which will be passed to the=
 DXE
> phase and
>=20
>    added into the Event Log.
>=20
>=20
>=20
> -  @param[in]      PeiServices   Describes the list of possible PEI Servi=
ces.
>=20
> +  @param[in]      This          Indicates the calling context.
>=20
> +  @param[in]      Flags         Bitmap providing additional information.
>=20
>    @param[in]      HashData      Physical address of the start of the dat=
a buffer
>=20
>                                  to be hashed, extended, and logged.
>=20
>    @param[in]      HashDataLen   The length, in bytes, of the buffer refe=
renced by
> HashData.
>=20
> @@ -256,8 +297,10 @@ TpmCommHashAll (
>=20
>=20
>  **/
>=20
>  EFI_STATUS
>=20
> +EFIAPI
>=20
>  HashLogExtendEvent (
>=20
> -  IN      EFI_PEI_SERVICES          **PeiServices,
>=20
> +  IN      EDKII_TCG_PPI             *This,
>=20
> +  IN      UINT64                    Flags,
>=20
>    IN      UINT8                     *HashData,
>=20
>    IN      UINTN                     HashDataLen,
>=20
>    IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
>=20
> @@ -346,7 +389,8 @@ MeasureCRTMVersion (
>    TcgEventHdr.EventSize =3D (UINT32) StrSize((CHAR16*)PcdGetPtr
> (PcdFirmwareVersionString));
>=20
>=20
>=20
>    return HashLogExtendEvent (
>=20
> -           PeiServices,
>=20
> +           &mEdkiiTcgPpi,
>=20
> +           0,
>=20
>             (UINT8*)PcdGetPtr (PcdFirmwareVersionString),
>=20
>             TcgEventHdr.EventSize,
>=20
>             &TcgEventHdr,
>=20
> @@ -415,7 +459,8 @@ MeasureFvImage (
>    TcgEventHdr.EventSize =3D sizeof (FvBlob);
>=20
>=20
>=20
>    Status =3D HashLogExtendEvent (
>=20
> -             (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),
>=20
> +             &mEdkiiTcgPpi,
>=20
> +             0,
>=20
>               (UINT8*) (UINTN) FvBlob.BlobBase,
>=20
>               (UINTN) FvBlob.BlobLength,
>=20
>               &TcgEventHdr,
>=20
> @@ -744,6 +789,12 @@ PeimEntryMP (
>    Status =3D PeiServicesNotifyPpi (&mNotifyList[0]);
>=20
>    ASSERT_EFI_ERROR (Status);
>=20
>=20
>=20
> +  //
>=20
> +  // install Tcg Services
>=20
> +  //
>=20
> +  Status =3D PeiServicesInstallPpi (&mTcgPpiList);
>=20
> +  ASSERT_EFI_ERROR (Status);
>=20
> +
>=20
>    return Status;
>=20
>  }
>=20
>=20
>=20
> diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> index c0bff6e85e..4ab4edd657 100644
> --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
> @@ -4,7 +4,7 @@
>  #  This module will initialize TPM device, measure reported FVs and BIOS=
 version.
>=20
>  #  This module may also lock TPM physical presence and
> physicalPresenceLifetimeLock.
>=20
>  #
>=20
> -# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
>=20
> +# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR>
>=20
>  # SPDX-License-Identifier: BSD-2-Clause-Patent
>=20
>  #
>=20
>  ##
>=20
> @@ -67,6 +67,7 @@
>    gPeiTpmInitializedPpiGuid                                           ##=
 SOMETIMES_PRODUCES
>=20
>    gPeiTpmInitializationDonePpiGuid                                    ##=
 PRODUCES
>=20
>    gEfiEndOfPeiSignalPpiGuid                                           ##=
 SOMETIMES_CONSUMES
> ## NOTIFY
>=20
> +  gEdkiiTcgPpiGuid                                                    ##=
 PRODUCES
>=20
>=20
>=20
>  [Pcd]
>=20
>    gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock       ##
> SOMETIMES_CONSUMES
>=20
> --
> 2.26.2.windows.1