From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web12.3951.1628660360579366874 for ; Tue, 10 Aug 2021 22:39:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=aN5nf/Px; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jiewen.yao@intel.com) X-IronPort-AV: E=McAfee;i="6200,9189,10072"; a="276093984" X-IronPort-AV: E=Sophos;i="5.84,311,1620716400"; d="scan'208,217";a="276093984" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Aug 2021 22:39:19 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.84,311,1620716400"; d="scan'208,217";a="526682628" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga002.fm.intel.com with ESMTP; 10 Aug 2021 22:39:19 -0700 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10; Tue, 10 Aug 2021 22:39:18 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.10 via Frontend Transport; Tue, 10 Aug 2021 22:39:18 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.176) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.10; Tue, 10 Aug 2021 22:39:18 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S26br5YVxadiXkweHpVHS9vM/+fCbNSdyXv9euI3JD7bMpwr5GdgIB1IKVnes9NULePAiqkWlIGBVJdv06qfw/Pze2IAB9sf19srtajptTpycoYo7Gr9yIoDdoH2waWJmpqF5UiLyXTR9lsTwaUB9hWnm0U0HXGuZqOGpqeLv3nlma1uuECOKKzAAAOGbR9acEqNmHq4NMa+EzLPFvXGxtHWJCpCGjiAcNl8FNrCv4JYugechKZWLWBhBpzhshglTN5Wc2jdSeY63moGOqoptZH/jg+nsg4qSkZCBIzjBX+BOUggC6DZEmgx8iKGQ2j91VdpHOhJt4lRxtT3+71g8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OJgy5ESq7VLT3g7wiRFYr0W/CVsbzxrpgb/9GJM7Ikw=; b=Y468Ty5ieQtLZhoLBR3eFPm1gZn/ZQFAtC/6xeDY6D7ULYLfIR1GgV9D7oi7IOC+pTvXigyqGlKg8xem4nAinCvCDMn149SFuOQrHUmSoNHcA4MNzzYRFasM6uTom1eyrTtLgVoUYe1Yuw6Rc7tDpUCYxkcscfRxDoVWY1M1bhk9IYoRzIyYVXplUcJtK64LE2ddphjBou31fTAPT8JBNdl3q0TolX5hXQzX3Sb8/Ib/a4acq4fQyPEUQCGcjnUK17FzwDgv8ZHJ7Qv2OLdkhM1h2MoL6C4UDnC8fc3q+ctwsMW5V+qSY0N13bGaVcpzyC59H8xZg6qZpj+XooU6fA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OJgy5ESq7VLT3g7wiRFYr0W/CVsbzxrpgb/9GJM7Ikw=; b=aN5nf/Px5v+sBzH90rL1ahG5XoqIStzbgXfVQkb06nDFsIxPnW2OcXyWMBuewz/RnH/Edi7lBjbQt2lAWWDZizNscucVvp6bOxEOU0fStavVQfYOf65E6AcdhzYU0PXL7HqYkNEoAzqpA4VDSNvIyLgpJ30ltadD3sa0/DUXcU4= Received: from PH0PR11MB4885.namprd11.prod.outlook.com (2603:10b6:510:35::14) by PH0PR11MB5206.namprd11.prod.outlook.com (2603:10b6:510:3f::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.21; Wed, 11 Aug 2021 05:39:16 +0000 Received: from PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::e97b:e466:268f:fb79]) by PH0PR11MB4885.namprd11.prod.outlook.com ([fe80::e97b:e466:268f:fb79%5]) with mapi id 15.20.4394.023; Wed, 11 Aug 2021 05:39:16 +0000 From: "Yao, Jiewen" To: "Gonzalez Del Cueto, Rodrigo" , "devel@edk2.groups.io" CC: "Wang, Jian J" Subject: Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations. Thread-Topic: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations. Thread-Index: AQHXhMsudb/m0IOlWkSQDnE0yCKvu6tqbsNQgAHs84CAAYB74A== Date: Wed, 11 Aug 2021 05:39:16 +0000 Message-ID: References: <20210729224314.259-1-rodrigo.gonzalez.del.cueto@intel.com>, In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d52a5f60-fe34-499d-d501-08d95c8a5bec x-ms-traffictypediagnostic: PH0PR11MB5206: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:422; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Y7TIpyzZUpL2wwG9znnxmhTzHrBrd+Rb5OkL2f7lQ+46Y/7sddof+tWqCpTqdWM/FtQgXjp6Cz31iDImzSPa7tDQ2L1Zk3k76p8gNUGJ9hOaObj+WLAXYjVAzKPEgwZUTePHOsHrluLnQUabcyaCoUmQBpZO4vDfir7JdEYJP04z0grWDH2W5/EymeT2KFXLbx/ZGWdPh9uHVMbk7nfkgUHNz+jh3SSWuc3qAJRSvqn1SUMVXWSnq/396hZ/kwgzW4W02rj5+tsHTtTXOcTgKgBSZ5B67MATVFFJQgVpe5i254Ey+zo9bc0JhDdaomElmXeH2iQj/2doAXnwv/MkZOh13gAD3zr+HAcZc3YcUIC/TYV6YY2IUpOx8L0e/XVC+VchEHHCmlzlvrviSEfKGiLYMWuX/QhyFRSwg9BnGNfS+yMNzvYsIIUBbB/JkK8pSibD9tCfk/KRjPCSLVViTfmH8fcgwMdKTyFyJLTkACgL3ZHt+jAy73ti/P8eDCCAD8NEwvA4IoR6KebQn30SNQTNtN3n9+I1J3Lu2HPdFnhMcrEelFgCiMgb5eKXBy4UkBZ6xBuvNrD6A8ZF1fSEo+W138o7J8H5IPK1WD2hsbJP30VCZQxoBF3ClzQY33ASRVr/zXSTVW3YImpzUS8YmW/N3jWKr3wS8WRS72eUmanfMaMBEfgDahMX/jzGe0mQxUOVDo+ucOXd+7Hdjo+7As45xX9KcWjDDoFkhWSlbBtUH2V2ZpAB5f1Cb5QkmzvfDykdH5WQtdnq3aaxhh2ALuimD9kXNhjdo4o0tdvozxwe3JDpaFKbRtQkedaJbRxLSfuK7NiWLDAwyVCyyclPjQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR11MB4885.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(366004)(396003)(39860400002)(136003)(346002)(376002)(33656002)(26005)(83380400001)(6506007)(53546011)(7696005)(966005)(478600001)(38100700002)(9686003)(316002)(2906002)(30864003)(45080400002)(55016002)(5660300002)(52536014)(38070700005)(4326008)(110136005)(19627235002)(66476007)(8676002)(71200400001)(76116006)(107886003)(66946007)(64756008)(66556008)(15650500001)(122000001)(86362001)(186003)(166002)(8936002)(66446008)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?VvXrAEBZ+qktJhE1+eU+RkaV79YYH52GtYp7ER/wdTJpfcc9uJNOlVP1YNW+?= =?us-ascii?Q?dlWigxs2yVTmAQWcywGbjLOrhFhyBZ2cELmf2FLSbK4mEA6ZiQln32hgQete?= =?us-ascii?Q?kn0+FmS8BuSwmbSbnUiYABfg0YWBNYbuptYFdmEL4NTnzmbguHOqq5cHidPI?= =?us-ascii?Q?4SD7kSDXnRspQxXVhPaqNRpsuCTGlAyoPh8B5omnQ7Dc1HbmGTrRkNKOVAjk?= =?us-ascii?Q?auhpq0ZlG+FP3TeeB8r0EWsnoKPkIsu4nSe70q5mg6LVvbRBzhaz2Fb7VEhd?= =?us-ascii?Q?YUMURl8+y3KuAXkCMot8mHwXA8hI104am65lOtjfnqh4iGom/uj1WiZ9pNSu?= =?us-ascii?Q?003QITxNO1FiQ/btVlWY1FfzKoHveezzLMl1SAlKqyfL2ksJkVuP+0VxU7Z4?= =?us-ascii?Q?SaEMSTGr26baAJl98cdZeeYgGUYm/G++3eUFQl5uemubbu7UqRErU29AZ5c9?= =?us-ascii?Q?OuqEBgf6qFsgRiQQxJSh6o825U/Rmd0UmkNbEOZy8Qa3gCzB/dt1UP4RvAxq?= =?us-ascii?Q?JD53sVOP3ohGZzMKMqq3eJigAxSm+yRHySSdsQH3IiYq7mAEYzhjJToM32qP?= =?us-ascii?Q?sOHGE+2uA7IRwzUxj7D70BDaUKUXtnRGnfHKSASg0ytfMIereL/sjRHKLnmZ?= =?us-ascii?Q?sg0Gj1Wfs/hlgd9eeO9DZiHlBrrQugcIWpogFP/CLcdYq01uJaGrhGiVQmoc?= =?us-ascii?Q?xZ+Pc1DjRwXNLq57fztNCmyKmVtciNGnffqIbRy+hZHtODL5FDfiwkI/S13z?= =?us-ascii?Q?wDR9d3sVDX2IqJTtZZdqitwuJnGtbb63tOoKoToopbr/mkAHqOdd/qpsv4fD?= =?us-ascii?Q?O5QC+YMoZuX9HM/He9gLKUwaz5DzLPIjuTte50lVT20pK9GirC9AV1xF3lzK?= =?us-ascii?Q?WHafGc0qctwaYzvhdq86cVcCbrJAdhYoMm1h8L9g5Eg4SJ73VkWSsEj7dMKE?= =?us-ascii?Q?7+++63ZDIu4THupOaQSiRPoPGaJ9Qd0PM9+1kGGguy3NlkDEjxQnR1zgxuQ6?= =?us-ascii?Q?cgbROVzM0TgQtJEhNcXwWQqRW2cOOQJkUcWt9YxdHZZCpq0QbWbbyo1lXAJs?= =?us-ascii?Q?k0t4lwQLzAHbyngAH3hkOyiOcXgbb09gTN56/Tolew9maeC0kFd8GmM72Dpd?= =?us-ascii?Q?jXjYKbgPAPox94hSH0HBZY5q+gDqclEgCg8sgZjy9RSbdH6kJpPd8QyBgPE5?= =?us-ascii?Q?XRLoCvqEmA8B3NAoxL0if55LisxHJkyLK1zRka1cvUSIrxRgt7X+wuT9Qn2f?= =?us-ascii?Q?w+ReAOo6QXqENBTxRTq5IthjQnI+A/mQqiyixsEL6HzDMz0GosRJTBqWIBK5?= =?us-ascii?Q?GLuRxLL+gl2w/eF6hjHR21/h?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4885.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d52a5f60-fe34-499d-d501-08d95c8a5bec X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Aug 2021 05:39:16.6020 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: XXUF6tDLIb6Ag5yAitlBRbZxMziV/GU03RvoR8ji4ImpXUAzCfnx6bjPnnvK4881Hgd0fYAJ81jREvMlCQO5SQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5206 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: multipart/alternative; boundary="_000_PH0PR11MB48859FE1A8B44A63786CFE698CF89PH0PR11MB4885namp_" --_000_PH0PR11MB48859FE1A8B44A63786CFE698CF89PH0PR11MB4885namp_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I am OK to add API to the library. I am OK to add one function call to dump PCR[0] in TcgPei to show if there = is any measurement before BIOS. That is good use case for BootGuard. But I don't think we need dump the PCR every time in PCR_Extend - assuming = TPM hardware is good, then it should always be correct. Thank you Yao Jiewen From: Gonzalez Del Cueto, Rodrigo Sent: Tuesday, August 10, 2021 2:41 PM To: Yao, Jiewen ; devel@edk2.groups.io Cc: Wang, Jian J Subject: Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend opera= tions. Hi Jiewen, The intention of such API would be to ease debugging and auditing PCR attes= tation along the boot; it has been a common task while debugging several is= sues and TPM configurations. a) Configurations in which BIOS is not the S-CRTM and we need to attest wha= t has been measured to the TPM prior to any measurements performed by BIOS. b) Verifying the values in all the active and supported PCR banks: attestat= ion or capping of the PCRs. (See BZ: 3515) Such API together with the TCG event log print out it allows us to audit an= d debug the measured boot sequence. Regards, -Rodrigo ________________________________ From: Yao, Jiewen > Sent: Sunday, August 8, 2021 6:24 PM To: Gonzalez Del Cueto, Rodrigo >; devel@edk2.groups.io > Cc: Wang, Jian J > Subject: RE: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend opera= tions. Some feedback: 1) I think it is OK to add Tpm2PcrReadForActiveBank() API. But I feel we will add too many noise to dump Tpm2PcrReadForActiveBank() in= the code everytime. I am not sure why it is needed. What is the problem statement? 2) Below definition does not follow EDKII coding style. Please use 2 "space= " as indent. EFI_STATUS EFIAPI Tpm2PcrReadForActiveBank ( IN TPMI_DH_PCR PcrHandle, OUT TPML_DIGEST *HashList ) > -----Original Message----- > From: Gonzalez Del Cueto, Rodrigo > > Sent: Friday, July 30, 2021 6:43 AM > To: devel@edk2.groups.io > Cc: Gonzalez Del Cueto, Rodrigo >; Yao, > Jiewen >; Wang, Jian J = > > Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operati= ons. > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2858 > > Add debug functionality to examine TPM extend operations > performed by BIOS and inspect the PCR 00 value prior to > any BIOS measurements. > > Replaced usage of EFI_D_* for DEBUG_* definitions in debug > messages. > > Signed-off-by: Rodrigo Gonzalez del Cueto > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > --- > SecurityPkg/Include/Library/Tpm2CommandLib.h | 28 > ++++++++++++++++++++++------ > SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 226 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++----------------------- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 34 +++++++++++++++= +++++------ > -------- > 3 files changed, 245 insertions(+), 43 deletions(-) > > diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h > b/SecurityPkg/Include/Library/Tpm2CommandLib.h > index ee8eb62295..5e5c340893 100644 > --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h > +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h > @@ -1,7 +1,7 @@ > /** @file > This library is used by other modules to send TPM2 command. > > -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -505,7 +505,7 @@ EFIAPI > Tpm2PcrEvent ( > IN TPMI_DH_PCR PcrHandle, > IN TPM2B_EVENT *EventData, > - OUT TPML_DIGEST_VALUES *Digests > + OUT TPML_DIGEST_VALUES *Digests > ); > > /** > @@ -522,10 +522,10 @@ Tpm2PcrEvent ( > EFI_STATUS > EFIAPI > Tpm2PcrRead ( > - IN TPML_PCR_SELECTION *PcrSelectionIn, > - OUT UINT32 *PcrUpdateCounter, > - OUT TPML_PCR_SELECTION *PcrSelectionOut, > - OUT TPML_DIGEST *PcrValues > + IN TPML_PCR_SELECTION *PcrSelectionIn, > + OUT UINT32 *PcrUpdateCounter, > + OUT TPML_PCR_SELECTION *PcrSelectionOut, > + OUT TPML_DIGEST *PcrValues > ); > > /** > @@ -1113,4 +1113,20 @@ GetDigestFromDigestList( > OUT VOID *Digest > ); > > + /** > + This function will query the TPM to determine which hashing algorithm= s and > + get the digests of all active and supported PCR banks of a specific P= CR > register. > + > + @param[in] PcrHandle The index of the PCR register to be read= . > + @param[out] HashList List of digests from PCR register being = read. > + > + @retval EFI_SUCCESS The Pcr was read successfully. > + @retval EFI_DEVICE_ERROR The command was unsuccessful. > +**/ > +EFI_STATUS > +EFIAPI > +Tpm2PcrReadForActiveBank ( > + IN TPMI_DH_PCR PcrHandle, > + OUT TPML_DIGEST *HashList > + ); > #endif > diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > index ddb15178fb..3b49192b93 100644 > --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > @@ -1,7 +1,7 @@ > /** @file > Implement TPM2 Integrity related command. > > -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -109,7 +109,6 @@ Tpm2PcrExtend ( > Cmd.Header.commandCode =3D SwapBytes32(TPM_CC_PCR_Extend); > Cmd.PcrHandle =3D SwapBytes32(PcrHandle); > > - > // > // Add in Auth session > // > @@ -130,14 +129,26 @@ Tpm2PcrExtend ( > Buffer +=3D sizeof(UINT16); > DigestSize =3D GetHashSizeFromAlgo (Digests->digests[Index].hashAlg)= ; > if (DigestSize =3D=3D 0) { > - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > return EFI_DEVICE_ERROR; > } > + > CopyMem( > Buffer, > &Digests->digests[Index].digest, > DigestSize > ); > + > + DEBUG_CODE_BEGIN (); > + UINTN Index2; > + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend - Hash =3D 0x%04x, Pcr[%02d], > digest =3D ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle)); > + > + for (Index2 =3D 0; Index2 < DigestSize; Index2++) { > + DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2])); > + } > + DEBUG ((DEBUG_VERBOSE, "\n")); > + DEBUG_CODE_END (); > + > Buffer +=3D DigestSize; > } > > @@ -151,7 +162,7 @@ Tpm2PcrExtend ( > } > > if (ResultBufSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer > Too Small\r\n")); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer > Too Small\r\n")); > return EFI_BUFFER_TOO_SMALL; > } > > @@ -160,7 +171,7 @@ Tpm2PcrExtend ( > // > RespSize =3D SwapBytes32(Res.Header.paramSize); > if (RespSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n= ", > RespSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n= ", > RespSize)); > return EFI_BUFFER_TOO_SMALL; > } > > @@ -168,10 +179,15 @@ Tpm2PcrExtend ( > // Fail if command failed > // > if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC_SUCCESS) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n= ", > SwapBytes32(Res.Header.responseCode))); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); > return EFI_DEVICE_ERROR; > } > > + DEBUG_CODE_BEGIN (); > + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n")); > + Tpm2PcrReadForActiveBank (PcrHandle, NULL); > + DEBUG_CODE_END (); > + > // > // Unmarshal the response > // > @@ -246,7 +262,7 @@ Tpm2PcrEvent ( > } > > if (ResultBufSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer > Too Small\r\n")); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer > Too Small\r\n")); > return EFI_BUFFER_TOO_SMALL; > } > > @@ -255,7 +271,7 @@ Tpm2PcrEvent ( > // > RespSize =3D SwapBytes32(Res.Header.paramSize); > if (RespSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n"= , > RespSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n"= , > RespSize)); > return EFI_BUFFER_TOO_SMALL; > } > > @@ -263,7 +279,7 @@ Tpm2PcrEvent ( > // Fail if command failed > // > if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC_SUCCESS) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n"= , > SwapBytes32(Res.Header.responseCode))); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); > return EFI_DEVICE_ERROR; > } > > @@ -284,7 +300,7 @@ Tpm2PcrEvent ( > Buffer +=3D sizeof(UINT16); > DigestSize =3D GetHashSizeFromAlgo (Digests->digests[Index].hashAlg)= ; > if (DigestSize =3D=3D 0) { > - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > return EFI_DEVICE_ERROR; > } > CopyMem( > @@ -298,6 +314,7 @@ Tpm2PcrEvent ( > return EFI_SUCCESS; > } > > + > /** > This command returns the values of all PCR specified in pcrSelect. > > @@ -353,11 +370,11 @@ Tpm2PcrRead ( > } > > if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > return EFI_DEVICE_ERROR; > } > if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n", > SwapBytes32(RecvBuffer.Header.responseCode))); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", > SwapBytes32(RecvBuffer.Header.responseCode))); > return EFI_NOT_FOUND; > } > > @@ -369,7 +386,7 @@ Tpm2PcrRead ( > // PcrUpdateCounter > // > if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > return EFI_DEVICE_ERROR; > } > *PcrUpdateCounter =3D SwapBytes32(RecvBuffer.PcrUpdateCounter); > @@ -378,7 +395,7 @@ Tpm2PcrRead ( > // PcrSelectionOut > // > if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > return EFI_DEVICE_ERROR; > } > PcrSelectionOut->count =3D SwapBytes32(RecvBuffer.PcrSelectionOut.coun= t); > @@ -388,7 +405,7 @@ Tpm2PcrRead ( > } > > if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count) + > sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->co= unt) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > return EFI_DEVICE_ERROR; > } > for (Index =3D 0; Index < PcrSelectionOut->count; Index++) { > @@ -513,7 +530,7 @@ Tpm2PcrAllocate ( > } > > if (ResultBufSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer > Too Small\r\n")); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: > Buffer Too Small\r\n")); > Status =3D EFI_BUFFER_TOO_SMALL; > goto Done; > } > @@ -523,7 +540,7 @@ Tpm2PcrAllocate ( > // > RespSize =3D SwapBytes32(Res.Header.paramSize); > if (RespSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r= \n", > RespSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too > large! %d\r\n", RespSize)); > Status =3D EFI_BUFFER_TOO_SMALL; > goto Done; > } > @@ -532,7 +549,7 @@ Tpm2PcrAllocate ( > // Fail if command failed > // > if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC_SUCCESS) { > - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n= ", > SwapBytes32(Res.Header.responseCode))); > + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); > Status =3D EFI_DEVICE_ERROR; > goto Done; > } > @@ -673,17 +690,180 @@ Tpm2PcrAllocateBanks ( > &SizeNeeded, > &SizeAvailable > ); > - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n"= , > Status)); > + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n"= , > Status)); > if (EFI_ERROR (Status)) { > goto Done; > } > > - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); > - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR)); > - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded)); > - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable)); > + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); > + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR)); > + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded)); > + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable)); > > Done: > ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); > return Status; > } > + > +/** > + This function will query the TPM to determine which hashing algorithm= s and > + get the digests of all active and supported PCR banks of a specific P= CR > register. > + > + @param[in] PcrHandle The index of the PCR register to be read= . > + @param[out] HashList List of digests from PCR register being = read. > + > + @retval EFI_SUCCESS The Pcr was read successfully. > + @retval EFI_DEVICE_ERROR The command was unsuccessful. > +**/ > +EFI_STATUS > +EFIAPI > +Tpm2PcrReadForActiveBank ( > + IN TPMI_DH_PCR PcrHandle, > + OUT TPML_DIGEST *HashList > +) > +{ > + EFI_STATUS Status; > + TPML_PCR_SELECTION Pcrs; > + TPML_PCR_SELECTION PcrSelectionIn; > + TPML_PCR_SELECTION PcrSelectionOut; > + TPML_DIGEST PcrValues; > + UINT32 PcrUpdateCounter; > + UINT8 PcrIndex; > + UINT32 TpmHashAlgorithmBitmap; > + TPMI_ALG_HASH CurrentPcrBankHash; > + UINT32 ActivePcrBanks; > + UINT32 TcgRegistryHashAlg; > + UINTN Index; > + UINTN Index2; > + > + PcrIndex =3D (UINT8) PcrHandle; > + > + if ((PcrIndex < 0) || > + (PcrIndex >=3D IMPLEMENTATION_PCR)) { > + return EFI_INVALID_PARAMETER; > + } > + > + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn)); > + ZeroMem (&PcrUpdateCounter, sizeof (UINT32)); > + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut)); > + ZeroMem (&PcrValues, sizeof (PcrValues)); > + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); > + > + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex)); > + > + // > + // Read TPM capabilities > + // > + Status =3D Tpm2GetCapabilityPcrs (&Pcrs); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n")); > + return EFI_DEVICE_ERROR; > + } > + > + // > + // Get Active Pcrs > + // > + Status =3D Tpm2GetCapabilitySupportedAndActivePcrs ( > + &TpmHashAlgorithmBitmap, > + &ActivePcrBanks > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and > active PCRs\n")); > + return EFI_DEVICE_ERROR; > + } > + > + // > + // Select from Active PCRs > + // > + for (Index =3D 0; Index < Pcrs.count; Index++) { > + CurrentPcrBankHash =3D Pcrs.pcrSelections[Index].hash; > + > + switch (CurrentPcrBankHash) { > + case TPM_ALG_SHA1: > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n")); > + TcgRegistryHashAlg =3D HASH_ALG_SHA1; > + break; > + case TPM_ALG_SHA256: > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n")); > + TcgRegistryHashAlg =3D HASH_ALG_SHA256; > + break; > + case TPM_ALG_SHA384: > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n")); > + TcgRegistryHashAlg =3D HASH_ALG_SHA384; > + break; > + case TPM_ALG_SHA512: > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n")); > + TcgRegistryHashAlg =3D HASH_ALG_SHA512; > + break; > + case TPM_ALG_SM3_256: > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n")); > + TcgRegistryHashAlg =3D HASH_ALG_SM3_256; > + break; > + default: > + // > + // Unsupported algorithm > + // > + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n")); > + TcgRegistryHashAlg =3D 0; > + break; > + } > + // > + // Skip unsupported and inactive PCR banks > + // > + if ((TcgRegistryHashAlg & ActivePcrBanks) =3D=3D 0) { > + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank: > 0x%04x\n", CurrentPcrBankHash)); > + continue; > + } > + > + // > + // Select PCR from current active bank > + // > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =3D > Pcrs.pcrSelections[Index].hash; > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =3D > PCR_SELECT_MAX; > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] =3D = (PcrIndex < > 8) ? 1 << PcrIndex : 0; > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] =3D = (PcrIndex > > 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0; > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] =3D = (PcrIndex > > 15) ? 1 << (PcrIndex - 16) : 0; > + PcrSelectionIn.count++; > + } > + > + // > + // Read PCRs > + // > + Status =3D Tpm2PcrRead ( > + &PcrSelectionIn, > + &PcrUpdateCounter, > + &PcrSelectionOut, > + &PcrValues > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status =3D %r \n", Status)); > + return EFI_DEVICE_ERROR; > + } > + > + for (Index =3D 0; Index < PcrValues.count; Index++) { > + DEBUG (( > + DEBUG_INFO, > + "ReadPcr - HashAlg =3D 0x%04x, Pcr[%02d], digest =3D ", > + PcrSelectionOut.pcrSelections[Index].hash, > + PcrIndex > + )); > + > + for(Index2 =3D 0; Index2 < PcrValues.digests[Index].size; Index2++) = { > + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index= 2])); > + } > + DEBUG ((DEBUG_INFO, "\n")); > + } > + > + if (HashList !=3D NULL) { > + CopyMem ( > + HashList, > + &PcrValues, > + sizeof (TPML_DIGEST) > + ); > + } > + > + return EFI_SUCCESS; > +} > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > index 93a8803ff6..ea79fa0af6 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > @@ -1,7 +1,7 @@ > /** @file > Initialize TPM2 device and measure FVs before handing off control to D= XE. > > -Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
> +Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.
> Copyright (c) 2017, Microsoft Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent > > @@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] =3D= { > } > }; > > - > /** > Record all measured Firmware Volume Information into a Guid Hob > Guid Hob payload layout is > @@ -267,7 +266,7 @@ SyncPcrAllocationsAndPcrMask ( > UINT32 Tpm2PcrMask; > UINT32 NewTpm2PcrMask; > > - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n")); > + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n")); > > // > // Determine the current TPM support and the Platform PCR mask. > @@ -278,7 +277,7 @@ SyncPcrAllocationsAndPcrMask ( > Tpm2PcrMask =3D PcdGet32 (PcdTpm2HashMask); > if (Tpm2PcrMask =3D=3D 0) { > // > - // if PcdTPm2HashMask is zero, use ActivePcr setting > + // if PcdTpm2HashMask is zero, use ActivePcr setting > // > PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks); > Tpm2PcrMask =3D TpmActivePcrBanks; > @@ -297,9 +296,9 @@ SyncPcrAllocationsAndPcrMask ( > if ((TpmActivePcrBanks & Tpm2PcrMask) !=3D TpmActivePcrBanks) { > NewTpmActivePcrBanks =3D TpmActivePcrBanks & Tpm2PcrMask; > > - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\= n", > __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks)); > + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\= n", > __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks)); > if (NewTpmActivePcrBanks =3D=3D 0) { > - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a les= s > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a les= s > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > ASSERT (FALSE); > } else { > Status =3D Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBit= map, > NewTpmActivePcrBanks); > @@ -307,7 +306,7 @@ SyncPcrAllocationsAndPcrMask ( > // > // We can't do much here, but we hope that this doesn't happen. > // > - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n", > __FUNCTION__)); > + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", > __FUNCTION__)); > ASSERT_EFI_ERROR (Status); > } > // > @@ -324,9 +323,9 @@ SyncPcrAllocationsAndPcrMask ( > if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) !=3D Tpm2PcrMask) { > NewTpm2PcrMask =3D Tpm2PcrMask & TpmHashAlgorithmBitmap; > > - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to > 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask)); > + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to > 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask)); > if (NewTpm2PcrMask =3D=3D 0) { > - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a = less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a = less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > ASSERT (FALSE); > } > > @@ -365,7 +364,7 @@ LogHashEvent ( > RetStatus =3D EFI_SUCCESS; > for (Index =3D 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo= [0]); > Index++) { > if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) !=3D 0) { > - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", > mTcg2EventInfo[Index].LogFormat)); > + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", > mTcg2EventInfo[Index].LogFormat)); > switch (mTcg2EventInfo[Index].LogFormat) { > case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: > Status =3D GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, > &NewEventHdr->Digest); > @@ -476,7 +475,7 @@ HashLogExtendEvent ( > } > > if (Status =3D=3D EFI_DEVICE_ERROR) { > - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Stat= us)); > + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", > Status)); > BuildGuidHob (&gTpmErrorHobGuid,0); > REPORT_STATUS_CODE ( > EFI_ERROR_CODE | EFI_ERROR_MINOR, > @@ -1011,7 +1010,7 @@ PeimEntryMA ( > } > > if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { > - DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); > + DEBUG ((DEBUG_ERROR, "TPM2 error!\n")); > return EFI_DEVICE_ERROR; > } > > @@ -1075,7 +1074,7 @@ PeimEntryMA ( > for (PcrIndex =3D 0; PcrIndex < 8; PcrIndex++) { > Status =3D MeasureSeparatorEventWithError (PcrIndex); > if (EFI_ERROR (Status)) { > - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured. > Error!\n")); > + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured. > Error!\n")); > } > } > } > @@ -1092,6 +1091,13 @@ PeimEntryMA ( > } > } > > + DEBUG_CODE_BEGIN (); > + // > + // Peek into TPM PCR 00 before any BIOS measurement. > + // > + Tpm2PcrReadForActiveBank (00, NULL); > + DEBUG_CODE_END (); > + > // > // Only install TpmInitializedPpi on success > // > @@ -1106,7 +1112,7 @@ PeimEntryMA ( > > Done: > if (EFI_ERROR (Status)) { > - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n")); > + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n")); > BuildGuidHob (&gTpmErrorHobGuid,0); > REPORT_STATUS_CODE ( > EFI_ERROR_CODE | EFI_ERROR_MINOR, > -- > 2.31.1.windows.1 --_000_PH0PR11MB48859FE1A8B44A63786CFE698CF89PH0PR11MB4885namp_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I am OK to add API to the library.

 

I am OK to add one function call to dump PCR[0] in T= cgPei to show if there is any measurement before BIOS. That is good use cas= e for BootGuard.

 

But I don’t think we need dump the PCR every t= ime in PCR_Extend – assuming TPM hardware is good, then it should alw= ays be correct.

 

Thank you

Yao Jiewen

 

From: Gonzalez Del Cueto, Rodrigo <rodrigo= .gonzalez.del.cueto@intel.com>
Sent: Tuesday, August 10, 2021 2:41 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM exten= d operations.

 

Hi Jiewen,

 

The intention of such API would be to ease debugging an= d auditing PCR attestation along the boot; it has been a common task while debugging several issues and TPM configurations.

 

a) Configurations in which BIOS is not the S-CRTM and w= e need to attest what has been measured to the TPM prior to any measurement= s performed by BIOS.

b) Verifying the values in all the active and supported= PCR banks: attestation or capping of the PCRs. (See BZ: 3515

 

Such API together with the TCG event l= og print out it allows us to audit and debug the measured boot sequence.

 

Regards,

-Rodrigo


From: Yao, Jiewen <jiewen.yao@intel.com>
Sent: Sunday, August 8, 2021 6:24 PM
To: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>; devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Wang, Jian J <jian.j= .wang@intel.com>
Subject: RE: [PATCH] SecurityPkg: Debug code to audit BIOS TPM exten= d operations.

 

Some feedback:

1) I think it is OK to add Tpm2PcrReadForActiveBank() API.
But I feel we will add too many noise to dump Tpm2PcrReadForActiveBank() in= the code everytime.
I am not sure why it is needed.
What is the problem statement?

2) Below definition does not follow EDKII coding style. Please use 2 "= space" as indent.
EFI_STATUS
EFIAPI
Tpm2PcrReadForActiveBank (
 IN      TPMI_DH_PCR    &= nbsp;           PcrHandle= ,
 OUT     TPML_DIGEST     =            *HashList
)



> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>
> Sent: Friday, July 30, 2021 6:43 AM
> To: devel@edk2.groups.io > Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>; Yao, > Jiewen <jiewen.yao@intel.co= m>; Wang, Jian J <jian.j= .wang@intel.com>
> Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend oper= ations.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2858
>
> Add debug functionality to examine TPM extend operations
> performed by BIOS and inspect the PCR 00 value prior to
> any BIOS measurements.
>
> Replaced usage of EFI_D_* for DEBUG_* definitions in debug
> messages.
>
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.go= nzalez.del.cueto@intel.com>
> Cc: Jiewen Yao <jiewen.yao@= intel.com>
> Cc: Jian J Wang <jian.j.wa= ng@intel.com>
> ---
>  SecurityPkg/Include/Library/Tpm2CommandLib.h   &n= bsp;   |  28
> ++++++++++++++++++++++------
>  SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 226
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++-----------------------
>  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c     &= nbsp;            |&n= bsp; 34 ++++++++++++++++++++------
> --------
>  3 files changed, 245 insertions(+), 43 deletions(-)
>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index ee8eb62295..5e5c340893 100644
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -1,7 +1,7 @@
>  /** @file
>    This library is used by other modules to send TPM2 c= ommand.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. &l= t;BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. &l= t;BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>
>  **/
> @@ -505,7 +505,7 @@ EFIAPI
>  Tpm2PcrEvent (
>    IN      TPMI_DH_PCR &n= bsp;            = ; PcrHandle,
>    IN      TPM2B_EVENT &n= bsp;            = ; *EventData,
> -     OUT  TPML_DIGEST_VALUES  &nbs= p;     *Digests
> +  OUT     TPML_DIGEST_VALUES  &nbs= p;     *Digests
>    );
>
>  /**
> @@ -522,10 +522,10 @@ Tpm2PcrEvent (
>  EFI_STATUS
>  EFIAPI
>  Tpm2PcrRead (
> -  IN      TPML_PCR_SELECTION  = ;      *PcrSelectionIn,
> -     OUT  UINT32    &nbs= p;            &= nbsp;  *PcrUpdateCounter,
> -     OUT  TPML_PCR_SELECTION  &nbs= p;     *PcrSelectionOut,
> -     OUT  TPML_DIGEST    = ;           *PcrValues > +  IN   TPML_PCR_SELECTION     = ;   *PcrSelectionIn,
> +  OUT  UINT32       &nbs= p;            *PcrUp= dateCounter,
> +  OUT  TPML_PCR_SELECTION     &nbs= p;  *PcrSelectionOut,
> +  OUT  TPML_DIGEST       = ;        *PcrValues
>    );
>
>  /**
> @@ -1113,4 +1113,20 @@ GetDigestFromDigestList(
>    OUT VOID       &n= bsp;      *Digest
>    );
>
> +  /**
> +   This function will query the TPM to determine which hash= ing algorithms and
> +   get the digests of all active and supported PCR banks of= a specific PCR
> register.
> +
> +   @param[in]     PcrHandle  =    The index of the PCR register to be read.
> +   @param[out]    HashList   =    List of digests from PCR register being read.
> +
> +   @retval EFI_SUCCESS      &= nbsp;    The Pcr was read successfully.
> +   @retval EFI_DEVICE_ERROR      T= he command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> +  IN      TPMI_DH_PCR   =              Pc= rHandle,
> +  OUT     TPML_DIGEST    = ;            *HashLi= st
> +  );
>  #endif
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> index ddb15178fb..3b49192b93 100644
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Implement TPM2 Integrity related command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. &l= t;BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. &l= t;BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>
>  **/
> @@ -109,7 +109,6 @@ Tpm2PcrExtend (
>    Cmd.Header.commandCode =3D SwapBytes32(TPM_CC_PCR_Ex= tend);
>    Cmd.PcrHandle      &nb= sp;   =3D SwapBytes32(PcrHandle);
>
> -
>    //
>    // Add in Auth session
>    //
> @@ -130,14 +129,26 @@ Tpm2PcrExtend (
>      Buffer +=3D sizeof(UINT16);
>      DigestSize =3D GetHashSizeFromAlgo (Dige= sts->digests[Index].hashAlg);
>      if (DigestSize =3D=3D 0) {
> -      DEBUG ((EFI_D_ERROR, "Unknown has= h algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> +      DEBUG ((DEBUG_ERROR, "Unknown has= h algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>        return EFI_DEVICE_ERROR;
>      }
> +
>      CopyMem(
>        Buffer,
>        &Digests->digests[Ind= ex].digest,
>        DigestSize
>        );
> +
> +    DEBUG_CODE_BEGIN ();
> +    UINTN Index2;
> +    DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend - Hash = =3D 0x%04x, Pcr[%02d],
> digest =3D ", Digests->digests[Index].hashAlg, (UINT8) PcrHand= le));
> +
> +    for (Index2 =3D 0; Index2 < DigestSize; Index2+= +) {
> +      DEBUG ((DEBUG_VERBOSE, "%02x &quo= t;, Buffer[Index2]));
> +    }
> +    DEBUG ((DEBUG_VERBOSE, "\n"));
> +    DEBUG_CODE_END ();
> +
>      Buffer +=3D DigestSize;
>    }
>
> @@ -151,7 +162,7 @@ Tpm2PcrExtend (
>    }
>
>    if (ResultBufSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed E= xecuteCommand: Buffer
> Too Small\r\n"));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed E= xecuteCommand: Buffer
> Too Small\r\n"));
>      return EFI_BUFFER_TOO_SMALL;
>    }
>
> @@ -160,7 +171,7 @@ Tpm2PcrExtend (
>    //
>    RespSize =3D SwapBytes32(Res.Header.paramSize);
>    if (RespSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response= size too large! %d\r\n",
> RespSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response= size too large! %d\r\n",
> RespSize));
>      return EFI_BUFFER_TOO_SMALL;
>    }
>
> @@ -168,10 +179,15 @@ Tpm2PcrExtend (
>    // Fail if command failed
>    //
>    if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC= _SUCCESS) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response= Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response= Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>      return EFI_DEVICE_ERROR;
>    }
>
> +  DEBUG_CODE_BEGIN ();
> +  DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after ext= end...\n"));
> +  Tpm2PcrReadForActiveBank (PcrHandle, NULL);
> +  DEBUG_CODE_END ();
> +
>    //
>    // Unmarshal the response
>    //
> @@ -246,7 +262,7 @@ Tpm2PcrEvent (
>    }
>
>    if (ResultBufSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed Ex= ecuteCommand: Buffer
> Too Small\r\n"));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed Ex= ecuteCommand: Buffer
> Too Small\r\n"));
>      return EFI_BUFFER_TOO_SMALL;
>    }
>
> @@ -255,7 +271,7 @@ Tpm2PcrEvent (
>    //
>    RespSize =3D SwapBytes32(Res.Header.paramSize);
>    if (RespSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response = size too large! %d\r\n",
> RespSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response = size too large! %d\r\n",
> RespSize));
>      return EFI_BUFFER_TOO_SMALL;
>    }
>
> @@ -263,7 +279,7 @@ Tpm2PcrEvent (
>    // Fail if command failed
>    //
>    if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC= _SUCCESS) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response = Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response = Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>      return EFI_DEVICE_ERROR;
>    }
>
> @@ -284,7 +300,7 @@ Tpm2PcrEvent (
>      Buffer +=3D sizeof(UINT16);
>      DigestSize =3D GetHashSizeFromAlgo (Dige= sts->digests[Index].hashAlg);
>      if (DigestSize =3D=3D 0) {
> -      DEBUG ((EFI_D_ERROR, "Unknown has= h algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> +      DEBUG ((DEBUG_ERROR, "Unknown has= h algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>        return EFI_DEVICE_ERROR;
>      }
>      CopyMem(
> @@ -298,6 +314,7 @@ Tpm2PcrEvent (
>    return EFI_SUCCESS;
>  }
>
> +
>  /**
>    This command returns the values of all PCR specified= in pcrSelect.
>
> @@ -353,11 +370,11 @@ Tpm2PcrRead (
>    }
>
>    if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER= )) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBuffe= rSize Error - %x\n",
> RecvBufferSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBuffe= rSize Error - %x\n",
> RecvBufferSize));
>      return EFI_DEVICE_ERROR;
>    }
>    if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D= TPM_RC_SUCCESS) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseC= ode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseC= ode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
>      return EFI_NOT_FOUND;
>    }
>
> @@ -369,7 +386,7 @@ Tpm2PcrRead (
>    // PcrUpdateCounter
>    //
>    if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER= ) +
> sizeof(RecvBuffer.PcrUpdateCounter)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBuffe= rSize Error - %x\n",
> RecvBufferSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBuffe= rSize Error - %x\n",
> RecvBufferSize));
>      return EFI_DEVICE_ERROR;
>    }
>    *PcrUpdateCounter =3D SwapBytes32(RecvBuffer.PcrUpda= teCounter);
> @@ -378,7 +395,7 @@ Tpm2PcrRead (
>    // PcrSelectionOut
>    //
>    if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER= ) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBuffe= rSize Error - %x\n",
> RecvBufferSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBuffe= rSize Error - %x\n",
> RecvBufferSize));
>      return EFI_DEVICE_ERROR;
>    }
>    PcrSelectionOut->count =3D SwapBytes32(RecvBuffer= .PcrSelectionOut.count);
> @@ -388,7 +405,7 @@ Tpm2PcrRead (
>    }
>
>    if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER= ) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut-= >count) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBuffe= rSize Error - %x\n",
> RecvBufferSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBuffe= rSize Error - %x\n",
> RecvBufferSize));
>      return EFI_DEVICE_ERROR;
>    }
>    for (Index =3D 0; Index < PcrSelectionOut->cou= nt; Index++) {
> @@ -513,7 +530,7 @@ Tpm2PcrAllocate (
>    }
>
>    if (ResultBufSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed= ExecuteCommand: Buffer
> Too Small\r\n"));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed= ExecuteCommand:
> Buffer Too Small\r\n"));
>      Status =3D EFI_BUFFER_TOO_SMALL;
>      goto Done;
>    }
> @@ -523,7 +540,7 @@ Tpm2PcrAllocate (
>    //
>    RespSize =3D SwapBytes32(Res.Header.paramSize);
>    if (RespSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Respon= se size too large! %d\r\n",
> RespSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Respon= se size too
> large! %d\r\n", RespSize));
>      Status =3D EFI_BUFFER_TOO_SMALL;
>      goto Done;
>    }
> @@ -532,7 +549,7 @@ Tpm2PcrAllocate (
>    // Fail if command failed
>    //
>    if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC= _SUCCESS) {
> -    DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response= Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> +    DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response= Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>      Status =3D EFI_DEVICE_ERROR;
>      goto Done;
>    }
> @@ -673,17 +690,180 @@ Tpm2PcrAllocateBanks (
>            = ;   &SizeNeeded,
>            = ;   &SizeAvailable
>            = ;   );
> -  DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAll= ocate - %r\n",
> Status));
> +  DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAll= ocate - %r\n",
> Status));
>    if (EFI_ERROR (Status)) {
>      goto Done;
>    }
>
> -  DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", Al= locationSuccess));
> -  DEBUG ((EFI_D_INFO, "MaxPCR     =        - %08x\n", MaxPCR));
> -  DEBUG ((EFI_D_INFO, "SizeNeeded    &n= bsp;   - %08x\n", SizeNeeded));
> -  DEBUG ((EFI_D_INFO, "SizeAvailable    = ; - %08x\n", SizeAvailable));
> +  DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", Al= locationSuccess));
> +  DEBUG ((DEBUG_INFO, "MaxPCR     =        - %08x\n", MaxPCR));
> +  DEBUG ((DEBUG_INFO, "SizeNeeded    &n= bsp;   - %08x\n", SizeNeeded));
> +  DEBUG ((DEBUG_INFO, "SizeAvailable    = ; - %08x\n", SizeAvailable));
>
>  Done:
>    ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuth= Session.hmac));
>    return Status;
>  }
> +
> +/**
> +   This function will query the TPM to determine which hash= ing algorithms and
> +   get the digests of all active and supported PCR banks of= a specific PCR
> register.
> +
> +   @param[in]     PcrHandle  =    The index of the PCR register to be read.
> +   @param[out]    HashList   =    List of digests from PCR register being read.
> +
> +   @retval EFI_SUCCESS      &= nbsp;    The Pcr was read successfully.
> +   @retval EFI_DEVICE_ERROR      T= he command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> + IN      TPMI_DH_PCR    =             PcrHandl= e,
> + OUT     TPML_DIGEST     = ;           *HashList
> +)
> +{
> +  EFI_STATUS        &nbs= p;            &= nbsp;  Status;
> +  TPML_PCR_SELECTION       &n= bsp;        Pcrs;
> +  TPML_PCR_SELECTION       &n= bsp;        PcrSelectionIn;
> +  TPML_PCR_SELECTION       &n= bsp;        PcrSelectionOut;
> +  TPML_DIGEST        &nb= sp;            =   PcrValues;
> +  UINT32         &n= bsp;            = ;      PcrUpdateCounter;
> +  UINT8         &nb= sp;            =        PcrIndex;
> +  UINT32         &n= bsp;            = ;      TpmHashAlgorithmBitmap;
> +  TPMI_ALG_HASH        &= nbsp;            Cur= rentPcrBankHash;
> +  UINT32         &n= bsp;            = ;      ActivePcrBanks;
> +  UINT32         &n= bsp;            = ;      TcgRegistryHashAlg;
> +  UINTN         &nb= sp;            =        Index;
> +  UINTN         &nb= sp;            =        Index2;
> +
> +  PcrIndex =3D (UINT8) PcrHandle;
> +
> +  if ((PcrIndex < 0) ||
> +      (PcrIndex >=3D IMPLEMENTATION_PCR))= {
> +    return EFI_INVALID_PARAMETER;
> +  }
> +
> +  ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
> +  ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
> +  ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
> +  ZeroMem (&PcrValues, sizeof (PcrValues));
> +  ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
> +
> +  DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));<= br> > +
> +  //
> +  // Read TPM capabilities
> +  //
> +  Status =3D Tpm2GetCapabilityPcrs (&Pcrs);
> +
> +  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read= TPM capabilities\n"));
> +    return EFI_DEVICE_ERROR;
> +  }
> +
> +  //
> +  // Get Active Pcrs
> +  //
> +  Status =3D Tpm2GetCapabilitySupportedAndActivePcrs (
> +           &nb= sp; &TpmHashAlgorithmBitmap,
> +           &nb= sp; &ActivePcrBanks
> +           &nb= sp; );
> +
> +  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read= TPM capabilities and
> active PCRs\n"));
> +    return EFI_DEVICE_ERROR;
> +  }
> +
> +  //
> +  // Select from Active PCRs
> +  //
> +  for (Index =3D 0; Index < Pcrs.count; Index++) {
> +    CurrentPcrBankHash =3D Pcrs.pcrSelections[Index].h= ash;
> +
> +    switch (CurrentPcrBankHash) {
> +    case TPM_ALG_SHA1:
> +      DEBUG ((DEBUG_VERBOSE, "HASH_ALG_= SHA1 Present\n"));
> +      TcgRegistryHashAlg =3D HASH_ALG_SHA1;<= br> > +      break;
> +    case TPM_ALG_SHA256:
> +      DEBUG ((DEBUG_VERBOSE, "HASH_ALG_= SHA256 Present\n"));
> +      TcgRegistryHashAlg =3D HASH_ALG_SHA256= ;
> +      break;
> +    case TPM_ALG_SHA384:
> +      DEBUG ((DEBUG_VERBOSE, "HASH_ALG_= SHA384 Present\n"));
> +      TcgRegistryHashAlg =3D HASH_ALG_SHA384= ;
> +      break;
> +    case TPM_ALG_SHA512:
> +      DEBUG ((DEBUG_VERBOSE, "HASH_ALG_= SHA512 Present\n"));
> +      TcgRegistryHashAlg =3D HASH_ALG_SHA512= ;
> +      break;
> +    case TPM_ALG_SM3_256:
> +      DEBUG ((DEBUG_VERBOSE, "HASH_ALG_= SM3 Present\n"));
> +      TcgRegistryHashAlg =3D HASH_ALG_SM3_25= 6;
> +      break;
> +    default:
> +      //
> +      // Unsupported algorithm
> +      //
> +      DEBUG ((DEBUG_VERBOSE, "Unknown a= lgorithm present\n"));
> +      TcgRegistryHashAlg =3D 0;
> +      break;
> +    }
> +    //
> +    // Skip unsupported and inactive PCR banks
> +    //
> +    if ((TcgRegistryHashAlg & ActivePcrBanks) =3D= =3D 0) {
> +      DEBUG ((DEBUG_VERBOSE, "Skipping = unsupported or inactive bank:
> 0x%04x\n", CurrentPcrBankHash));
> +      continue;
> +    }
> +
> +    //
> +    // Select PCR from current active bank
> +    //
> +    PcrSelectionIn.pcrSelections[PcrSelectionIn.count]= .hash =3D
> Pcrs.pcrSelections[Index].hash;
> +    PcrSelectionIn.pcrSelections[PcrSelectionIn.count]= .sizeofSelect =3D
> PCR_SELECT_MAX;
> +    PcrSelectionIn.pcrSelections[PcrSelectionIn.count]= .pcrSelect[0] =3D (PcrIndex <
> 8) ? 1 << PcrIndex : 0;
> +    PcrSelectionIn.pcrSelections[PcrSelectionIn.count]= .pcrSelect[1] =3D (PcrIndex >
> 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
> +    PcrSelectionIn.pcrSelections[PcrSelectionIn.count]= .pcrSelect[2] =3D (PcrIndex >
> 15) ? 1 << (PcrIndex - 16) : 0;
> +    PcrSelectionIn.count++;
> +  }
> +
> +  //
> +  // Read PCRs
> +  //
> +  Status =3D Tpm2PcrRead (
> +           &nb= sp; &PcrSelectionIn,
> +           &nb= sp; &PcrUpdateCounter,
> +           &nb= sp; &PcrSelectionOut,
> +           &nb= sp; &PcrValues
> +           &nb= sp; );
> +
> +  if (EFI_ERROR (Status)) {
> +    DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Statu= s =3D %r \n", Status));
> +    return EFI_DEVICE_ERROR;
> +  }
> +
> +  for (Index =3D 0; Index < PcrValues.count; Index++) {
> +    DEBUG ((
> +      DEBUG_INFO,
> +      "ReadPcr - HashAlg =3D 0x%04x, Pc= r[%02d], digest =3D ",
> +      PcrSelectionOut.pcrSelections[Index].h= ash,
> +      PcrIndex
> +      ));
> +
> +    for(Index2 =3D 0; Index2 < PcrValues.digests[In= dex].size; Index2++) {
> +      DEBUG ((DEBUG_INFO, "%02x ",= PcrValues.digests[Index].buffer[Index2]));
> +    }
> +    DEBUG ((DEBUG_INFO, "\n"));
> +  }
> +
> +  if (HashList !=3D NULL) {
> +    CopyMem (
> +      HashList,
> +      &PcrValues,
> +      sizeof (TPML_DIGEST)
> +      );
> +  }
> +
> +  return EFI_SUCCESS;
> +}
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> index 93a8803ff6..ea79fa0af6 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Initialize TPM2 device and measure FVs before handin= g off control to DXE.
>
> -Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<= ;BR>
> +Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<= ;BR>
>  Copyright (c) 2017, Microsoft Corporation.  All rights rese= rved. <BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR    &= nbsp;      mNotifyList[] =3D {
>    }
>  };
>
> -
>  /**
>    Record all measured Firmware Volume Information into= a Guid Hob
>    Guid Hob payload layout is
> @@ -267,7 +266,7 @@ SyncPcrAllocationsAndPcrMask (
>    UINT32       &nbs= p;            &= nbsp;       Tpm2PcrMask;
>    UINT32       &nbs= p;            &= nbsp;       NewTpm2PcrMask;
>
> -  DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n&quo= t;));
> +  DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n&quo= t;));
>
>    //
>    // Determine the current TPM support and the Platfor= m PCR mask.
> @@ -278,7 +277,7 @@ SyncPcrAllocationsAndPcrMask (
>    Tpm2PcrMask =3D PcdGet32 (PcdTpm2HashMask);
>    if (Tpm2PcrMask =3D=3D 0) {
>      //
> -    // if PcdTPm2HashMask is zero, use ActivePcr setti= ng
> +    // if PcdTpm2HashMask is zero, use ActivePcr setti= ng
>      //
>      PcdSet32S (PcdTpm2HashMask, TpmActivePcr= Banks);
>      Tpm2PcrMask =3D TpmActivePcrBanks;
> @@ -297,9 +296,9 @@ SyncPcrAllocationsAndPcrMask (
>    if ((TpmActivePcrBanks & Tpm2PcrMask) !=3D TpmAc= tivePcrBanks) {
>      NewTpmActivePcrBanks =3D TpmActivePcrBan= ks & Tpm2PcrMask;
>
> -    DEBUG ((EFI_D_INFO, "%a - Reallocating PCR ba= nks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
> +    DEBUG ((DEBUG_INFO, "%a - Reallocating PCR ba= nks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
>      if (NewTpmActivePcrBanks =3D=3D 0) {
> -      DEBUG ((EFI_D_ERROR, "%a - No via= ble PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> +      DEBUG ((DEBUG_ERROR, "%a - No via= ble PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>        ASSERT (FALSE);
>      } else {
>        Status =3D Tpm2PcrAllocateBa= nks (NULL, (UINT32)TpmHashAlgorithmBitmap,
> NewTpmActivePcrBanks);
> @@ -307,7 +306,7 @@ SyncPcrAllocationsAndPcrMask (
>          //
>          // We can't do m= uch here, but we hope that this doesn't happen.
>          //
> -        DEBUG ((EFI_D_ERROR, "= ;%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
> +        DEBUG ((DEBUG_ERROR, "= ;%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
>          ASSERT_EFI_ERROR= (Status);
>        }
>        //
> @@ -324,9 +323,9 @@ SyncPcrAllocationsAndPcrMask (
>    if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) !=3D = Tpm2PcrMask) {
>      NewTpm2PcrMask =3D Tpm2PcrMask & Tpm= HashAlgorithmBitmap;
>
> -    DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2Has= hMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
> +    DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2Has= hMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
>      if (NewTpm2PcrMask =3D=3D 0) {
> -      DEBUG ((EFI_D_ERROR, "%a - No via= ble PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> +      DEBUG ((DEBUG_ERROR, "%a - No via= ble PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>        ASSERT (FALSE);
>      }
>
> @@ -365,7 +364,7 @@ LogHashEvent (
>    RetStatus =3D EFI_SUCCESS;
>    for (Index =3D 0; Index < sizeof(mTcg2EventInfo)/= sizeof(mTcg2EventInfo[0]);
> Index++) {
>      if ((SupportedEventLogs & mTcg2Event= Info[Index].LogFormat) !=3D 0) {
> -      DEBUG ((EFI_D_INFO, "  LogFo= rmat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
> +      DEBUG ((DEBUG_INFO, "  LogFo= rmat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
>        switch (mTcg2EventInfo[Index= ].LogFormat) {
>        case EFI_TCG2_EVENT_LOG_FORM= AT_TCG_1_2:
>          Status =3D GetDi= gestFromDigestList (TPM_ALG_SHA1, DigestList,
> &NewEventHdr->Digest);
> @@ -476,7 +475,7 @@ HashLogExtendEvent (
>    }
>
>    if (Status =3D=3D EFI_DEVICE_ERROR) {
> -    DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r= . Disable TPM.\n", Status));
> +    DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r= . Disable TPM.\n",
> Status));
>      BuildGuidHob (&gTpmErrorHobGuid,0);<= br> >      REPORT_STATUS_CODE (
>        EFI_ERROR_CODE | EFI_ERROR_M= INOR,
> @@ -1011,7 +1010,7 @@ PeimEntryMA (
>    }
>
>    if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NUL= L) {
> -    DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));<= br> > +    DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));<= br> >      return EFI_DEVICE_ERROR;
>    }
>
> @@ -1075,7 +1074,7 @@ PeimEntryMA (
>        for (PcrIndex =3D 0; PcrInde= x < 8; PcrIndex++) {
>          Status =3D Measu= reSeparatorEventWithError (PcrIndex);
>          if (EFI_ERROR (S= tatus)) {
> -          DEBUG ((EFI_D_= ERROR, "Separator Event with Error not Measured.
> Error!\n"));
> +          DEBUG ((DEBUG_= ERROR, "Separator Event with Error not Measured.
> Error!\n"));
>          }
>        }
>      }
> @@ -1092,6 +1091,13 @@ PeimEntryMA (
>        }
>      }
>
> +    DEBUG_CODE_BEGIN ();
> +    //
> +    // Peek into TPM PCR 00 before any BIOS measuremen= t.
> +    //
> +    Tpm2PcrReadForActiveBank (00, NULL);
> +    DEBUG_CODE_END ();
> +
>      //
>      // Only install TpmInitializedPpi on suc= cess
>      //
> @@ -1106,7 +1112,7 @@ PeimEntryMA (
>
>  Done:
>    if (EFI_ERROR (Status)) {
> -    DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n= "));
> +    DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n= "));
>      BuildGuidHob (&gTpmErrorHobGuid,0);<= br> >      REPORT_STATUS_CODE (
>        EFI_ERROR_CODE | EFI_ERROR_M= INOR,
> --
> 2.31.1.windows.1

--_000_PH0PR11MB48859FE1A8B44A63786CFE698CF89PH0PR11MB4885namp_--