From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 66D0D2119AC17 for ; Sun, 16 Dec 2018 21:07:01 -0800 (PST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Dec 2018 21:07:00 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,364,1539673200"; d="scan'208";a="284071783" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by orsmga005.jf.intel.com with ESMTP; 16 Dec 2018 21:07:00 -0800 Received: from fmsmsx112.amr.corp.intel.com (10.18.116.6) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 16 Dec 2018 21:06:59 -0800 Received: from shsmsx103.ccr.corp.intel.com (10.239.4.69) by FMSMSX112.amr.corp.intel.com (10.18.116.6) with Microsoft SMTP Server (TLS) id 14.3.408.0; Sun, 16 Dec 2018 21:06:59 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.182]) by SHSMSX103.ccr.corp.intel.com ([169.254.4.59]) with mapi id 14.03.0415.000; Mon, 17 Dec 2018 13:06:57 +0800 From: "Zhang, Chao B" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Yao, Jiewen" Thread-Topic: [PATCH 2/7] SecurityPkg Tcg(2)Pei: Remove the using of PcdPeiCoreMaxFvSupported Thread-Index: AQHUk5flhKLLkQvZq0qji/p9cs4djKWCYpfw Date: Mon, 17 Dec 2018 05:06:56 +0000 Message-ID: References: <1544783322-17436-1-git-send-email-star.zeng@intel.com> <1544783322-17436-3-git-send-email-star.zeng@intel.com> In-Reply-To: <1544783322-17436-3-git-send-email-star.zeng@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMzhhYTA3N2UtODZmOS00YTFkLWI5NDUtNjYxYmFlOWVmYmY2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiOFJBRXFuSlZQSEkySWRxcjNXZ1lFQ012aTRnZEdcL0t1akRzUXl0Q0pzczRxaDJPUkRqMW52SHliMXgrME4rTUkifQ== dlp-product: dlpe-windows dlp-version: 11.0.400.15 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH 2/7] SecurityPkg Tcg(2)Pei: Remove the using of PcdPeiCoreMaxFvSupported X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Dec 2018 05:07:01 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Star : Reviewed -by : Chao Zhang -----Original Message----- From: Zeng, Star=20 Sent: Friday, December 14, 2018 6:29 PM To: edk2-devel@lists.01.org Cc: Zeng, Star ; Zhang, Chao B ; Yao, Jiewen Subject: [PATCH 2/7] SecurityPkg Tcg(2)Pei: Remove the using of PcdPeiCoreM= axFvSupported REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D1405 Background as below. Problem: As static configuration from the PCDs, the binary PeiCore (for example in F= SP binary with dispatch mode) could not predict how many FVs, Files or PPIs= for different platforms. Burden: Platform developers need configure the PCDs accordingly for different platf= orms. To solve the problem and remove the burden, we can update PeiCore to remove= the using of PcdPeiCoreMaxFvSupported, PcdPeiCoreMaxPeimPerFv and PcdPeiCo= reMaxPpiSupported by extending buffer dynamically for FV, File and PPI mana= gement. This patch removes the using of PcdPeiCoreMaxFvSupported in Tcg(2)Pei. Cc: Chao Zhang Cc: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Star Zeng --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 59 +++++++++++++++++++++++----------= ---- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 - SecurityPkg/Tcg/TcgPei/TcgPei.c | 59 +++++++++++++++++++++++----------= ---- SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 - 4 files changed, 74 insertions(+), 46 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 09ef0c70a50b..152e3f737b56 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -71,10 +71,17 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = =3D { NULL }; =20 +// +// Number of firmware blobs to grow by each time we run out of room //=20 +#define FIRMWARE_BLOB_GROWTH_STEP 4 + EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; +UINT32 mMeasuredMaxBaseFvIndex =3D 0; UINT32 mMeasuredBaseFvIndex =3D 0; =20 EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; +UINT32 mMeasuredMaxChildFvIndex =3D 0; UINT32 mMeasuredChildFvIndex =3D 0; =20 /** @@ -615,13 +622,20 @@ MeasureFvImage ( // // Add new FV into the measured FV list. // - ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); - if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { - mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase =3D FvBase; - mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength =3D FvLength; - mMeasuredBaseFvIndex++; + if (mMeasuredBaseFvIndex >=3D mMeasuredMaxBaseFvIndex) { + mMeasuredBaseFvInfo =3D ReallocatePool ( + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasure= dMaxBaseFvIndex, + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasur= edMaxBaseFvIndex + FIRMWARE_BLOB_GROWTH_STEP), + mMeasuredBaseFvInfo + ); + ASSERT (mMeasuredBaseFvInfo !=3D NULL); + mMeasuredMaxBaseFvIndex =3D mMeasuredMaxBaseFvIndex +=20 + FIRMWARE_BLOB_GROWTH_STEP; } =20 + mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase =3D FvBase; + mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength =3D FvLength; =20 + mMeasuredBaseFvIndex++; + return Status; } =20 @@ -724,20 +738,26 @@ FirmwareVolmeInfoPpiNotifyCallback ( // if (Fv->ParentFvName !=3D NULL || Fv->ParentFileName !=3D NULL ) { =20 - ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); - if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { - // - // Check whether FV is in the measured child FV list. - // - for (Index =3D 0; Index < mMeasuredChildFvIndex; Index++) { - if (mMeasuredChildFvInfo[Index].BlobBase =3D=3D (EFI_PHYSICAL_ADDR= ESS) (UINTN) Fv->FvInfo) { - return EFI_SUCCESS; - } + if (mMeasuredChildFvIndex >=3D mMeasuredMaxChildFvIndex) { + mMeasuredChildFvInfo =3D ReallocatePool ( + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeas= uredMaxChildFvIndex, + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMea= suredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP), + mMeasuredChildFvInfo + ); + ASSERT (mMeasuredChildFvInfo !=3D NULL); + mMeasuredMaxChildFvIndex =3D mMeasuredMaxChildFvIndex + FIRMWARE_BLO= B_GROWTH_STEP; + } + // + // Check whether FV is in the measured child FV list. + // + for (Index =3D 0; Index < mMeasuredChildFvIndex; Index++) { + if (mMeasuredChildFvInfo[Index].BlobBase =3D=3D (EFI_PHYSICAL_ADDRES= S) (UINTN) Fv->FvInfo) { + return EFI_SUCCESS; } - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase =3D (EFI_PHYS= ICAL_ADDRESS) (UINTN) Fv->FvInfo; - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength =3D Fv->FvInf= oSize; - mMeasuredChildFvIndex++; } + mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase =3D (EFI_PHYSIC= AL_ADDRESS) (UINTN) Fv->FvInfo; + mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength =3D Fv->FvInfoS= ize; + mMeasuredChildFvIndex++; return EFI_SUCCESS; } =20 @@ -761,11 +781,6 @@ PeimEntryMP ( { EFI_STATUS Status; =20 - mMeasuredBaseFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool= (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)= ); - ASSERT (mMeasuredBaseFvInfo !=3D NULL); - mMeasuredChildFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool= (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)= ); - ASSERT (mMeasuredChildFvInfo !=3D NULL); - if (PcdGet8 (PcdTpm2ScrtmPolicy) =3D=3D 1) { Status =3D MeasureCRTMVersion (); } diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/= Tcg2Pei.inf index ea9dc759ab0a..2f3dcb7e812b 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -83,7 +83,6 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ## = CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## = SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy ## = CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## = CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## = SOMETIMES_CONSUMES ## SOMETIMES_CONSUMES ## SOMETIMES_PRODUCES diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPe= i.c index d07047580c5b..8b063c081b52 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -57,10 +57,17 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = =3D { NULL }; =20 +// +// Number of firmware blobs to grow by each time we run out of room //=20 +#define FIRMWARE_BLOB_GROWTH_STEP 4 + EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; +UINT32 mMeasuredMaxBaseFvIndex =3D 0; UINT32 mMeasuredBaseFvIndex =3D 0; =20 EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; +UINT32 mMeasuredMaxChildFvIndex =3D 0; UINT32 mMeasuredChildFvIndex =3D 0; =20 EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExclude= dFvPpi; @@ -424,13 +431,20 @@ MeasureFvImage ( // // Add new FV into the measured FV list. // - ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); - if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { - mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase =3D FvBase; - mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength =3D FvLength; - mMeasuredBaseFvIndex++; + if (mMeasuredBaseFvIndex >=3D mMeasuredMaxBaseFvIndex) { + mMeasuredBaseFvInfo =3D ReallocatePool ( + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasure= dMaxBaseFvIndex, + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasur= edMaxBaseFvIndex + FIRMWARE_BLOB_GROWTH_STEP), + mMeasuredBaseFvInfo + ); + ASSERT (mMeasuredBaseFvInfo !=3D NULL); + mMeasuredMaxBaseFvIndex =3D mMeasuredMaxBaseFvIndex +=20 + FIRMWARE_BLOB_GROWTH_STEP; } =20 + mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase =3D FvBase; + mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength =3D FvLength; =20 + mMeasuredBaseFvIndex++; + return Status; } =20 @@ -537,20 +551,26 @@ FirmwareVolmeInfoPpiNotifyCallback ( // if (Fv->ParentFvName !=3D NULL || Fv->ParentFileName !=3D NULL ) { =20 - ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); - if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { - // - // Check whether FV is in the measured child FV list. - // - for (Index =3D 0; Index < mMeasuredChildFvIndex; Index++) { - if (mMeasuredChildFvInfo[Index].BlobBase =3D=3D (EFI_PHYSICAL_ADDR= ESS) (UINTN) Fv->FvInfo) { - return EFI_SUCCESS; - } + if (mMeasuredChildFvIndex >=3D mMeasuredMaxChildFvIndex) { + mMeasuredChildFvInfo =3D ReallocatePool ( + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeas= uredMaxChildFvIndex, + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMea= suredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP), + mMeasuredChildFvInfo + ); + ASSERT (mMeasuredChildFvInfo !=3D NULL); + mMeasuredMaxChildFvIndex =3D mMeasuredMaxChildFvIndex + FIRMWARE_BLO= B_GROWTH_STEP; + } + // + // Check whether FV is in the measured child FV list. + // + for (Index =3D 0; Index < mMeasuredChildFvIndex; Index++) { + if (mMeasuredChildFvInfo[Index].BlobBase =3D=3D (EFI_PHYSICAL_ADDRES= S) (UINTN) Fv->FvInfo) { + return EFI_SUCCESS; } - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase =3D (EFI_PHYS= ICAL_ADDRESS) (UINTN) Fv->FvInfo; - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength =3D Fv->FvInf= oSize; - mMeasuredChildFvIndex++; } + mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase =3D (EFI_PHYSIC= AL_ADDRESS) (UINTN) Fv->FvInfo; + mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength =3D Fv->FvInfoS= ize; + mMeasuredChildFvIndex++; return EFI_SUCCESS; } =20 @@ -707,11 +727,6 @@ PeimEntryMP ( ); // Do not check status, because it is optional =20 - mMeasuredBaseFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool= (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)= ); - ASSERT (mMeasuredBaseFvInfo !=3D NULL); - mMeasuredChildFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool= (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)= ); - ASSERT (mMeasuredChildFvInfo !=3D NULL); - Status =3D Tpm12RequestUseTpm (); if (EFI_ERROR (Status)) { return Status; diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/Tcg= Pei.inf index 4c8a055c6ca5..8db93b908fe4 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -81,7 +81,6 @@ [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## C= ONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy ## C= ONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy ## S= OMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## C= ONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## S= OMETIMES_CONSUMES =20 [Depex] -- 2.7.0.windows.1