From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A8C09202E5CD2 for ; Fri, 13 Oct 2017 19:16:18 -0700 (PDT) Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 13 Oct 2017 19:19:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.43,373,1503385200"; d="scan'208";a="146336036" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga002.jf.intel.com with ESMTP; 13 Oct 2017 19:19:49 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.319.2; Fri, 13 Oct 2017 19:19:49 -0700 Received: from shsmsx152.ccr.corp.intel.com ([169.254.6.93]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.152]) with mapi id 14.03.0319.002; Sat, 14 Oct 2017 10:19:47 +0800 From: "Zhang, Chao B" To: "Yao, Jiewen" CC: "edk2-devel@lists.01.org" , "Long, Qin" , "sean.brogan@microsoft.com" Thread-Topic: [PATCH V2] SecurityPkg\Tcg2Pei: FV measure performance enhancement Thread-Index: AQHTQ/SabM5JLB5btkOMn6sUWzaLRqLg9ASAgAD5NCA= Date: Sat, 14 Oct 2017 02:19:46 +0000 Message-ID: References: <20171013072549.41328-1-chao.b.zhang@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH V2] SecurityPkg\Tcg2Pei: FV measure performance enhancement X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Oct 2017 02:16:19 -0000 Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable Hi Jiewen & Qin: Thank you very much for all the comments. I will update PPI comments w= ith clear wording. Here are all the information of white box test. The test matrix covere= d different algorithms combinations for Pre-hash data & Hash required for T= PM.=20 All the results were expected. Image Pre-hash Setting PcdTPMHashMask Test Result NONE SHA256 = CPU calculates hash. No Pre-Hash can be found in Tcg2 Event Log SHA1 SHA256 = CPU calculates hash. No Pre-Hash can be found in Tcg2 Ev= ent Log SHA1+SHA256 SHA256 Spe= cific SHA256 produced by Pre-Hash found in TCG2 Event Log SHA1+SHA256 SHA1+SHA256 Spec= ific SHA1+SHA256 produced by Pre-Hash found in TCG2 Event Log SHA256 SHA1+SHA256 = CPU calculates Hash. No Pre-Hash can be found in Tcg2 Event Lo= g SHA1+SHA256+SHA384 SHA1+SHA256 Specific SHA1+SH= A256 produced by Pre-Hash found in TCG2 Event Log =20 Test case also verified PCR Extend Op Failure when using pre-hash data. = TPM2 device was made invisible after failure. It complies with TCG PFP spec= 00.21 -----Original Message----- From: Yao, Jiewen=20 Sent: Friday, October 13, 2017 4:55 PM To: Zhang, Chao B Cc: edk2-devel@lists.01.org; Long, Qin ; sean.brogan@mi= crosoft.com; Yao, Jiewen Subject: Re: [PATCH V2] SecurityPkg\Tcg2Pei: FV measure performance enhance= ment Thank you Chao! I have 2 minor suggestion. 1) I know you did lots of unit test. Would you please share the information to all of us? 2) I found the pre-hash/tpm-mask mismatch case might be misunderstood. Would you please add some comment in the ppi header file to describe the ex= pectation clearly? With comment update for 2) and unit test description for 1), reviewed-by ji= ewen.yao@intel.com thank you! Yao, Jiewen > =1B$B:_=1B(B 2017=1B$BG/=1B(B10=1B$B7n=1B(B13=1B$BF|!$2<8a=1B(B3:26=1B$B!= $=1B(BZhang, Chao B =1B$B=20 > 1. Leverage Pre-Hashed FV PPI to reduce duplicated hash 2. Only=20 > measure BFV at the beginning. Other FVs are measured in FVinfo callback w= ith nested > FV check. https://bugzilla.tianocore.org/show_bug.cgi?id=3D662 >=20 > Cc: Long Qin > Cc: Yao Jiewen > Cc: Sean Brogan > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Chao Zhang > --- > .../Include/Ppi/FirmwareVolumeInfoPrehashedFV.h | 70 ++++++ > SecurityPkg/SecurityPkg.dec | 7 +- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 245 +++++++++++++++-= ----- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 2 + > 4 files changed, 250 insertions(+), 74 deletions(-) create mode 100644=20 > SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h >=20 > diff --git a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h=20 > b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h > new file mode 100644 > index 0000000..2273357 > --- /dev/null > +++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h > @@ -0,0 +1,70 @@ > +/** @file > +PPI to describe all hash digests for a given FV > + > +Copyright (c) 2017, Intel Corporation. All rights reserved.
This=20 > +program and the accompanying materials are licensed and made=20 > +available under the terms and conditions of the BSD License which=20 > +accompanies this distribution. The full text of the license may be=20 > +found at http://opensource.org/licenses/bsd-license.php > + > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. > + > +**/ > +/** > +PPI to describe all hash digests for a given FV > + > +Copyright (c) 2017, Microsoft Corporation > + > +All rights reserved. > +Redistribution and use in source and binary forms, with or without=20 > +modification, are permitted provided that the following conditions are m= et: > +1. Redistributions of source code must retain the above copyright=20 > +notice, this list of conditions and the following disclaimer. > +2. Redistributions in binary form must reproduce the above copyright=20 > +notice, this list of conditions and the following disclaimer in the=20 > +documentation and/or other materials provided with the distribution. > + > +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS=20 > +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT=20 > +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A = PARTICULAR PURPOSE ARE DISCLAIMED. > +IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR=20 > +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR=20 > +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF=20 > +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR=20 > +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,=20 > +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE=20 > +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN I= F ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > + > +**/ > + > +#ifndef __PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_H__ > +#define __PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_H__ > + > +#define EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI_GUID \ {=20 > +0x3ce1e631, 0x7008, 0x477c, { 0xad, 0xa7, 0x5d, 0xcf, 0xc7, 0xc1,=20 > +0x49, 0x4b } } > + > +// > +// HashAlgoId is TPM_ALG_ID in Tpm20.h // typedef struct _HASH_INFO { > + UINT16 HashAlgoId; > + UINT16 HashSize; > + //UINT8 Hash[]; > +} HASH_INFO; > + > +// > +// This PPI indicates a FV is already hashed, platform should ensure 1:1= mapping between pre-hashed PPI and FV. > +// The Count field in PPI is followed by Count number of FV hash info en= tries, which can be extended to PCR and logged to TCG event log directly by= TCG modules. > +// > +typedef struct { > + UINT32 FvBase; > + UINT32 FvLength; > + UINT32 Count; > + //HASH_INFO HashInfo[]; > +} EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI; > + > +extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; > + > +#endif > + > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 7a900dc..45d95c5 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -7,6 +7,7 @@ > # > # Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> +# Copyright (c) 2017, Microsoft Corporation. All rights reserved.
> # This program and the accompanying materials are licensed and made avail= able under > # the terms and conditions of the BSD License which accompanies this dist= ribution. > # The full text of the license may be found at > @@ -222,6 +223,9 @@ > ## Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h > gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid =3D { 0x6e056ff9, 0= xc695, 0x4364, { 0x9e, 0x2c, 0x61, 0x26, 0xf5, 0xce, 0xea, 0xae } } >=20 > + ## Include/Ppi/FirmwareVolumeInfoPrehashedFV.h > + gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid =3D { 0x3ce1e631, 0x7008= , 0x477c, { 0xad, 0xa7, 0x5d, 0xcf, 0xc7, 0xc1, 0x49, 0x4b } } > + > # > # [Error.gEfiSecurityPkgTokenSpaceGuid] > # 0x80000001 | Invalid value provided. > @@ -452,9 +456,10 @@ >=20 > [PcdsDynamic, PcdsDynamicEx] >=20 > - ## This PCD indicates Hash mask for TPM 2.0.

> + ## This PCD indicates Hash mask for TPM 2.0. Bit definition strictly f= ollows TCG Algorithm Registry.

> # If this bit is set, that means this algorithm is needed to extend to= PCR.
> # If this bit is clear, that means this algorithm is NOT needed to ext= end to PCR.
> + # If all the bits are clear, that means hash algorithm is determined = by current Active PCR Banks.
> # BIT0 - SHA1.
> # BIT1 - SHA256.
> # BIT2 - SHA384.
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/= Tcg2Pei.c > index 69adad4..a7ae335 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > @@ -2,6 +2,7 @@ > Initialize TPM2 device and measure FVs before handing off control to DX= E. >=20 > Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> +Copyright (c) 2017, Microsoft Corporation. All rights reserved.
> This program and the accompanying materials=20 > are licensed and made available under the terms and conditions of the BSD= License=20 > which accompanies this distribution. The full text of the license may be= found at=20 > @@ -22,6 +23,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITH= ER EXPRESS OR IMPLIED. > #include > #include > #include > +#include >=20 > #include > #include > @@ -133,7 +135,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] =3D= { > } > }; >=20 > -EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExclu= dedFvPpi; >=20 > /** > Record all measured Firmware Volum Information into a Guid Hob > @@ -215,6 +216,13 @@ SyncPcrAllocationsAndPcrMask ( > ASSERT_EFI_ERROR (Status); >=20 > Tpm2PcrMask =3D PcdGet32 (PcdTpm2HashMask); > + if (Tpm2PcrMask =3D=3D 0) { > + // > + // if PcdTPm2HashMask is zero, use ActivePcr setting > + // > + PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks); > + Tpm2PcrMask =3D TpmActivePcrBanks; > + } >=20 > // > // Find the intersection of Pcd support and TPM support. > @@ -455,53 +463,152 @@ MeasureFvImage ( > IN UINT64 FvLength > ) > { > - UINT32 Index; > - EFI_STATUS Status; > - EFI_PLATFORM_FIRMWARE_BLOB FvBlob; > - TCG_PCR_EVENT_HDR TcgEventHdr; > - > - // > - // Check if it is in Excluded FV list > - // > - if (mMeasurementExcludedFvPpi !=3D NULL) { > - for (Index =3D 0; Index < mMeasurementExcludedFvPpi->Count; Index ++= ) { > - if (mMeasurementExcludedFvPpi->Fv[Index].FvBase =3D=3D FvBase) { > - DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei starts = at: 0x%x\n", FvBase)); > - DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei has the= size: 0x%x\n", FvLength)); > - return EFI_SUCCESS; > + UINT32 Index; > + EFI_STATUS Status; > + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; > + TCG_PCR_EVENT_HDR TcgEventHdr; > + UINT32 Instance; > + UINT32 Tpm2HashMask; > + TPML_DIGEST_VALUES DigestList; > + UINT32 DigestCount; > + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcl= udedFvPpi; > + EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PrehashedFvPpi; > + HASH_INFO *PreHashInfo; > + UINT32 HashAlgoMask; > + > + // > + // Check Excluded FV list > + // > + Instance =3D 0; > + do { > + Status =3D PeiServicesLocatePpi( > + &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, > + Instance, > + NULL, > + (VOID**)&MeasurementExcludedFvPpi > + ); > + if (!EFI_ERROR(Status)) { > + for (Index =3D 0; Index < MeasurementExcludedFvPpi->Count; Index += +) { > + if (MeasurementExcludedFvPpi->Fv[Index].FvBase =3D=3D FvBase > + && MeasurementExcludedFvPpi->Fv[Index].FvLength =3D=3D FvLength= ) { > + DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei start= s at: 0x%x\n", FvBase)); > + DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei has t= he size: 0x%x\n", FvLength)); > + return EFI_SUCCESS; > + } > } > + > + Instance++; > } > - } > + } while (!EFI_ERROR(Status)); >=20 > // > - // Check whether FV is in the measured FV list. > + // Check measured FV list > // > for (Index =3D 0; Index < mMeasuredBaseFvIndex; Index ++) { > - if (mMeasuredBaseFvInfo[Index].BlobBase =3D=3D FvBase) { > + if (mMeasuredBaseFvInfo[Index].BlobBase =3D=3D FvBase && mMeasuredBa= seFvInfo[Index].BlobLength =3D=3D FvLength) { > + DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei s= tarts at: 0x%x\n", FvBase)); > + DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei h= as the size: 0x%x\n", FvLength)); > return EFI_SUCCESS; > } > } > - =20 > + > // > - // Measure and record the FV to the TPM > + // Check pre-hashed FV list > // > - FvBlob.BlobBase =3D FvBase; > - FvBlob.BlobLength =3D FvLength; > + Instance =3D 0; > + Tpm2HashMask =3D PcdGet32 (PcdTpm2HashMask); > + do { > + Status =3D PeiServicesLocatePpi ( > + &gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid, > + Instance, > + NULL, > + (VOID**)&PrehashedFvPpi > + ); > + if (!EFI_ERROR(Status) && PrehashedFvPpi->FvBase =3D=3D FvBase && Pr= ehashedFvPpi->FvLength =3D=3D FvLength) { > + ZeroMem (&DigestList, sizeof(TPML_DIGEST_VALUES)); > + > + // > + // The FV is prehashed, check against TPM hash mask > + // > + PreHashInfo =3D (HASH_INFO *)(PrehashedFvPpi + 1); > + for (Index =3D 0, DigestCount =3D 0; Index < PrehashedFvPpi->Count= ; Index++) { > + DEBUG((DEBUG_INFO, "Hash Algo ID in PrehashedFvPpi=3D0x%x\n", Pr= eHashInfo->HashAlgoId)); > + HashAlgoMask =3D GetHashMaskFromAlgo(PreHashInfo->HashAlgoId); > + if ((Tpm2HashMask & HashAlgoMask) !=3D 0 ) { > + // > + // Hash is required, copy it to DigestList > + // > + WriteUnaligned16(&(DigestList.digests[DigestCount].hashAlg), P= reHashInfo->HashAlgoId); > + CopyMem ( > + &DigestList.digests[DigestCount].digest, > + PreHashInfo + 1, > + PreHashInfo->HashSize > + ); > + DigestCount++; > + // > + // Clean the corresponding Hash Algo mask bit > + // > + Tpm2HashMask &=3D ~HashAlgoMask; > + } > + PreHashInfo =3D (HASH_INFO *)((UINT8 *)(PreHashInfo + 1) + PreHa= shInfo->HashSize); > + } > + > + WriteUnaligned32(&DigestList.count, DigestCount); >=20 > - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x= %x\n", FvBlob.BlobBase)); > - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size:= 0x%x\n", FvBlob.BlobLength)); > + break; > + } > + Instance++; > + } while (!EFI_ERROR(Status)); >=20 > - TcgEventHdr.PCRIndex =3D 0; > + // > + // Init the log event for FV measurement > + // > + FvBlob.BlobBase =3D FvBase; > + FvBlob.BlobLength =3D FvLength; > + TcgEventHdr.PCRIndex =3D 0; > TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; > TcgEventHdr.EventSize =3D sizeof (FvBlob); >=20 > - Status =3D HashLogExtendEvent ( > - 0, > - (UINT8*) (UINTN) FvBlob.BlobBase, > - (UINTN) FvBlob.BlobLength, > - &TcgEventHdr, > - (UINT8*) &FvBlob > - ); > + if (Tpm2HashMask =3D=3D 0) { > + // > + // FV pre-hash algos comply with current TPM hash requirement > + // Skip hashing step in measure, only extend DigestList to PCR and l= og event > + // > + Status =3D Tpm2PcrExtend( > + 0, > + &DigestList > + ); > + > + if (!EFI_ERROR(Status)) { > + Status =3D LogHashEvent (&DigestList, &TcgEventHdr, (UINT8*) &FvB= lob); > + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged= by Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase)); > + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged= by Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength)); > + } else if (Status =3D=3D EFI_DEVICE_ERROR) { > + BuildGuidHob (&gTpmErrorHobGuid,0); > + REPORT_STATUS_CODE ( > + EFI_ERROR_CODE | EFI_ERROR_MINOR, > + (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_= ERROR) > + ); > + } > + } else { > + // > + // Hash the FV, extend digest to the TPM and log TCG event > + // > + Status =3D HashLogExtendEvent ( > + 0, > + (UINT8*) (UINTN) FvBlob.BlobBase, > + (UINTN) FvBlob.BlobLength, > + &TcgEventHdr, > + (UINT8*) &FvBlob > + ); > + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: = 0x%x\n", FvBlob.BlobBase)); > + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the siz= e: 0x%x\n", FvBlob.BlobLength)); > + } > + > + if (EFI_ERROR(Status)) { > + DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: = 0x%x\n", FvBase)); > + return Status; > + } >=20 > // > // Add new FV into the measured FV list. > @@ -530,47 +637,44 @@ MeasureMainBios ( > ) > { > EFI_STATUS Status; > - UINT32 FvInstances; > EFI_PEI_FV_HANDLE VolumeHandle; > EFI_FV_INFO VolumeInfo; > EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; >=20 > PERF_START_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI)= ; > - FvInstances =3D 0; > - while (TRUE) { > - // > - // Traverse all firmware volume instances of Static Core Root of Tru= st for Measurement > - // (S-CRTM), this firmware volume measure policy can be modified/enh= anced by special > - // platform for special CRTM TPM measuring. > - // > - Status =3D PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle)= ; > - if (EFI_ERROR (Status)) { > - break; > - } > - =20 > - // > - // Measure and record the firmware volume that is dispatched by PeiC= ore > - // > - Status =3D PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo); > - ASSERT_EFI_ERROR (Status); > - // > - // Locate the corresponding FV_PPI according to founded FV's format = guid > - // > - Status =3D PeiServicesLocatePpi ( > - &VolumeInfo.FvFormat,=20 > - 0,=20 > - NULL, > - (VOID**)&FvPpi > - ); > - if (!EFI_ERROR (Status)) { > - MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart,= VolumeInfo.FvSize); > - } >=20 > - FvInstances++; > - } > + // > + // Only measure BFV at the very beginning. Other parts of Static Core = Root of > + // Trust for Measurement(S-CRTM) will be measured later on FvInfoNotif= y. > + // BFV is processed without installing FV Info Ppi. Other FVs either i= nside BFV or > + // reported by platform will be installed with Fv Info Ppi > + // This firmware volume measure policy can be modified/enhanced by spe= cial > + // platform for special CRTM TPM measuring. > + // > + Status =3D PeiServicesFfsFindNextVolume (0, &VolumeHandle); > + ASSERT_EFI_ERROR (Status); > + > + // > + // Measure and record the firmware volume that is dispatched by PeiCor= e > + // > + Status =3D PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo); > + ASSERT_EFI_ERROR (Status); > + // > + // Locate the corresponding FV_PPI according to founded FV's format gu= id > + // > + Status =3D PeiServicesLocatePpi ( > + &VolumeInfo.FvFormat, > + 0, > + NULL, > + (VOID**)&FvPpi > + ); > + ASSERT_EFI_ERROR (Status); > + > + Status =3D MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.F= vStart, VolumeInfo.FvSize); > + > PERF_END_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI + = 1); >=20 > - return EFI_SUCCESS; > + return Status; > } >=20 > /** > @@ -655,14 +759,6 @@ PeimEntryMP ( > { > EFI_STATUS Status; >=20 > - Status =3D PeiServicesLocatePpi ( > - &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,=20 > - 0,=20 > - NULL, > - (VOID**)&mMeasurementExcludedFvPpi > - ); > - // Do not check status, because it is optional > - > mMeasuredBaseFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPoo= l (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported= )); > ASSERT (mMeasuredBaseFvInfo !=3D NULL); > mMeasuredChildFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPoo= l (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported= )); > @@ -673,6 +769,9 @@ PeimEntryMP ( > } >=20 > Status =3D MeasureMainBios (); > + if (EFI_ERROR(Status)) { > + return Status; > + } >=20 > // > // Post callbacks: > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pe= i/Tcg2Pei.inf > index 1b79ee4..f7b8544 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > @@ -9,6 +9,7 @@ > # This module will initialize TPM device, measure reported FVs and BIOS = version. > # > # Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
> +# Copyright (c) 2017, Microsoft Corporation. All rights reserved.
> # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the B= SD License > # which accompanies this distribution. The full text of the license may b= e found at > @@ -75,6 +76,7 @@ > gPeiTpmInitializedPpiGuid ##= SOMETIMES_PRODUCES > gPeiTpmInitializationDonePpiGuid ##= PRODUCES > gEfiEndOfPeiSignalPpiGuid ##= SOMETIMES_CONSUMES ## NOTIFY > + gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid #= # SOMETIMES_CONSUMES >=20 > [Pcd] > gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ##= SOMETIMES_CONSUMES > --=20 > 1.9.5.msysgit.1 >=20