Hi Michael,

I have fixed the typo in all files.
Please review the Patch v2  when you are free.


Thanks,
Wenxing


-----Original Message-----
From: Michael Kubacki <mikuback@linux.microsoft.com> 
Sent: Thursday, April 4, 2024 11:58 PM
To: devel@edk2.groups.io; Hou, Wenxing <wenxing.hou@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: Re: [edk2-devel] [PATCH 4/9] MdeModulePkg/Variable: Add TCG SPDM device measurement update

Can you please fix the following typo? "PcdEnableSpdmDeviceAuthenticaion"

Thanks,
Michael

On 4/1/2024 10:31 PM, Wenxing Hou wrote:
> Add EV_EFI_SPDM_DEVICE_POLICY support for MeasureVariable.
> 
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
> ---
>   MdeModulePkg/MdeModulePkg.dec                 |  5 +++
>   .../Variable/RuntimeDxe/Measurement.c         | 38 ++++++++++++++++---
>   .../RuntimeDxe/VariableRuntimeDxe.inf         |  3 ++
>   .../RuntimeDxe/VariableSmmRuntimeDxe.inf      |  3 ++
>   4 files changed, 43 insertions(+), 6 deletions(-)
> 
> diff --git a/MdeModulePkg/MdeModulePkg.dec 
> b/MdeModulePkg/MdeModulePkg.dec index a82dedc070..3dad5e6803 100644
> --- a/MdeModulePkg/MdeModulePkg.dec
> +++ b/MdeModulePkg/MdeModulePkg.dec
> @@ -2139,6 +2139,11 @@
>     # @Prompt TCG Platform Firmware Profile revision.
> 
>     
> gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision|0|UINT32|0
> x00010077
> 
>   
> 
> +  ## Specify whether to enable the state of SPDM device 
> + authentication and measurement.<BR><BR>
> 
> +  #  0: Platform Firmware not supports SPDM device authentication and measurement.
> 
> +  #  1: Platform Firmware supports SPDM device authentication and measurement.
> 
> +  
> + gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion|0|UI
> + NT8|0x00010033
> 
> +
> 
>     ## Indicates if StatusCode is reported via Serial port.<BR><BR>
> 
>     #   TRUE  - Reports StatusCode via Serial port.<BR>
> 
>     #   FALSE - Does not report StatusCode via Serial port.<BR>
> 
> diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c 
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
> index c15cce9716..74514077bd 100644
> --- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Measurement.c
> @@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>   
> 
>   #include <PiDxe.h>
> 
>   #include <Guid/ImageAuthentication.h>
> 
> +#include <Guid/DeviceAuthentication.h>
> 
>   #include <IndustryStandard/UefiTcgPlatform.h>
> 
>   
> 
>   #include <Library/UefiBootServicesTableLib.h>
> 
> @@ -26,12 +27,13 @@ typedef struct {
>   } VARIABLE_TYPE;
> 
>   
> 
>   VARIABLE_TYPE  mVariableType[] = {
> 
> -  { EFI_SECURE_BOOT_MODE_NAME,    &gEfiGlobalVariableGuid        },
> 
> -  { EFI_PLATFORM_KEY_NAME,        &gEfiGlobalVariableGuid        },
> 
> -  { EFI_KEY_EXCHANGE_KEY_NAME,    &gEfiGlobalVariableGuid        },
> 
> -  { EFI_IMAGE_SECURITY_DATABASE,  &gEfiImageSecurityDatabaseGuid },
> 
> -  { EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid },
> 
> -  { EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid },
> 
> +  { EFI_SECURE_BOOT_MODE_NAME,    &gEfiGlobalVariableGuid          },
> 
> +  { EFI_PLATFORM_KEY_NAME,        &gEfiGlobalVariableGuid          },
> 
> +  { EFI_KEY_EXCHANGE_KEY_NAME,    &gEfiGlobalVariableGuid          },
> 
> +  { EFI_IMAGE_SECURITY_DATABASE,  &gEfiImageSecurityDatabaseGuid   },
> 
> +  { EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid   },
> 
> +  { EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid   },
> 
> +  { EFI_DEVICE_SECURITY_DATABASE, &gEfiDeviceSignatureDatabaseGuid },
> 
>   };
> 
>   
> 
>   //
> 
> @@ -123,6 +125,22 @@ MeasureVariable (
>         );
> 
>     }
> 
>   
> 
> +  if (CompareGuid (VendorGuid, &gEfiDeviceSignatureDatabaseGuid)) {
> 
> +    DEBUG ((DEBUG_INFO, "VariableDxe: MeasureVariable (Pcr - %x, 
> + EventType - %x, ", PCR_INDEX_FOR_SIGNATURE_DB, 
> + (UINTN)EV_EFI_SPDM_DEVICE_POLICY));
> 
> +    DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", 
> + VarName, VendorGuid));
> 
> +
> 
> +    Status = TpmMeasureAndLogData (
> 
> +               PCR_INDEX_FOR_SIGNATURE_DB,
> 
> +               EV_EFI_SPDM_DEVICE_POLICY,
> 
> +               VarLog,
> 
> +               VarLogSize,
> 
> +               VarLog,
> 
> +               VarLogSize
> 
> +               );
> 
> +    FreePool (VarLog);
> 
> +    return Status;
> 
> +  }
> 
> +
> 
>     DEBUG ((DEBUG_INFO, "VariableDxe: MeasureVariable (Pcr - %x, 
> EventType - %x, ", (UINTN)7, (UINTN)EV_EFI_VARIABLE_DRIVER_CONFIG));
> 
>     DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", 
> VarName, VendorGuid));
> 
>   
> 
> @@ -228,6 +246,14 @@ SecureBootHook (
>       return;
> 
>     }
> 
>   
> 
> +  if (CompareGuid (VendorGuid, &gEfiDeviceSignatureDatabaseGuid)) {
> 
> +    if ((PcdGet32 (PcdTcgPfpMeasurementRevision) < 
> + TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_106) ||
> 
> +        (PcdGet8 (PcdEnableSpdmDeviceAuthenticaion) == 0))
> 
> +    {
> 
> +      return;
> 
> +    }
> 
> +  }
> 
> +
> 
>     //
> 
>     // We should NOT use Data and DataSize here,because it may include 
> signature,
> 
>     // or is just partial with append attributes, or is deleted.
> 
> diff --git 
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf 
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> index 3858adf673..c729da448e 100644
> --- 
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.in
> +++ f
> @@ -125,6 +125,7 @@
>     ## SOMETIMES_CONSUMES   ## Variable:L"dbx"
> 
>     ## SOMETIMES_CONSUMES   ## Variable:L"dbt"
> 
>     gEfiImageSecurityDatabaseGuid
> 
> +  gEfiDeviceSignatureDatabaseGuid
> 
>   
> 
>   [Pcd]
> 
>     gEfiMdeModulePkgTokenSpaceGuid.PcdMaxVariableSize                 ## CONSUMES
> 
> @@ -138,6 +139,8 @@
>     gEfiMdeModulePkgTokenSpaceGuid.PcdReclaimVariableSpaceAtEndOfDxe  
> ## CONSUMES
> 
>     gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvModeEnable         ## SOMETIMES_CONSUMES
> 
>     gEfiMdeModulePkgTokenSpaceGuid.PcdEmuVariableNvStoreReserved      ## SOMETIMES_CONSUMES
> 
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision       ## CONSUMES
> 
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion   ## PRODUCES AND CONSUMES
> 
>   
> 
>   [FeaturePcd]
> 
>     gEfiMdeModulePkgTokenSpaceGuid.PcdVariableCollectStatistics  ## CONSUMES # statistic the information of variable.
> 
> diff --git 
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf 
> b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> index a0d8b2267e..98ff7800c1 100644
> --- 
> a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf
> +++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe
> +++ .inf
> @@ -80,6 +80,8 @@
>   
> 
>   [Pcd]
> 
>     gEfiMdeModulePkgTokenSpaceGuid.PcdAllowVariablePolicyEnforcementDisable     ## CONSUMES
> 
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision                 ## CONSUMES
> 
> +  gEfiMdeModulePkgTokenSpaceGuid.PcdEnableSpdmDeviceAuthenticaion             ## PRODUCES AND CONSUMES
> 
>   
> 
>   [Guids]
> 
>     ## PRODUCES             ## GUID # Signature of Variable store header
> 
> @@ -110,6 +112,7 @@
>   
> 
>     gVarCheckPolicyLibMmiHandlerGuid
> 
>     gEfiEndOfDxeEventGroupGuid
> 
> +  gEfiDeviceSignatureDatabaseGuid
> 
>   
> 
>   [Depex]
> 
>     gEfiMmCommunication2ProtocolGuid
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117487): https://edk2.groups.io/g/devel/message/117487
Mute This Topic: https://groups.io/mt/105281052/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-