From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web12.9846.1595381135960983906 for ; Tue, 21 Jul 2020 18:25:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=pawdzb5Q; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: qi1.zhang@intel.com) IronPort-SDR: 8sXnoe5eKoneKHlLi2mnCO+NjLjc+f4NfzPC1pU11Ojfzyr0F5kn58vwuOz/B7GRnKApqmFThm Ha0gfFpMruNQ== X-IronPort-AV: E=McAfee;i="6000,8403,9689"; a="211798567" X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="211798567" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jul 2020 18:25:35 -0700 IronPort-SDR: V7DG1KPvOYxJE20vZ3bHW3Lj8Nj5VBFI1ngJA2Q7awPSEMF3WkG0posew3Hd1309NLwZCCiApR jKKCB8Cap7Gg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="318517915" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga008.jf.intel.com with ESMTP; 21 Jul 2020 18:25:35 -0700 Received: from orsmsx602.amr.corp.intel.com (10.22.229.15) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 21 Jul 2020 18:25:34 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by orsmsx602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 21 Jul 2020 18:25:34 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.169) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 21 Jul 2020 18:25:34 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G0r8toGL7IRaUlYRTCn3Nlf3Ck/O+56+mNEhToK53qrqn59PBkJ7h4w9MFGLRorIin16ge3Igov0i1OAnt49WN5rzDTICUEyjPleyR1LuyVbfuRO8PoLeKc7sb0dWL8hBKTurDNVIsDtL6P8GCLw0C1N6Du2U49S1TuquR1hIsOQBP5KeJ6hTaWy8nmC/FAG7VUrlRUPSZ+IR6klpvP0SCSTMYvPPyGm5eS3acg7LVL2xLaC48eim+FEWcabWok9yyJTwdKQN8KU9DzncfJqqn3q94wPM/UhfJ7VRmeSQo8EprSKP2aAtL9AXDZZPy0hWUb2ZH3uo8sfXk37/P8kVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4uN3hMjri/3QP6OJMU+WZVoHQGn+rka3xCmH3n0aCP8=; b=O3ep7J6ss7Vj28iYaAk/Kg/3AP5L3O0G5QC43y9e7lQ+cAEcSizvQlETkAQGSNvqwttOz7ucPQxmSlkQpXh3nI6rw70TtEAr8wCvCYti+Xp2eS2vbu5JWuN6Jp5cjR2ojgBBfpd61S3tKTMiBGT9Lnuf4+b8XDzvNY8oSI2KlHrLquWlbLtY1R1XUsC2kTF2FyDgmIa0KjHuegN8rRHjE1q5J5owjKXP1ASzGTvRL0xIyWvtqynSwPbE5J/l6RWpwxrciX93wKDJnzRGwlTUYYLVzzKw5gsiBsTCB3mF5QfB0zoi9N8Az/lsXvelvGQMR/zQIIF+i9HSzGVIK+bEJA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4uN3hMjri/3QP6OJMU+WZVoHQGn+rka3xCmH3n0aCP8=; b=pawdzb5QjJ9htlrBsZR2W7OydBrUoR1VtNLHSRCMziRX7HrCDoyotEWiTPbMfmIDL1G4tMLED9EAR6AAjI28D7H4BZof56O9PapkJe0taggpcN8Ds/TitBMERCYcxcg8W1w50aFeTO6nu9Vzlxuc/27AO3Rj7VCUD0ByXlHrj1c= Received: from SN6PR11MB2797.namprd11.prod.outlook.com (2603:10b6:805:5a::32) by SN6PR11MB2976.namprd11.prod.outlook.com (2603:10b6:805:d5::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.23; Wed, 22 Jul 2020 01:25:31 +0000 Received: from SN6PR11MB2797.namprd11.prod.outlook.com ([fe80::299e:89:dbe4:7e79]) by SN6PR11MB2797.namprd11.prod.outlook.com ([fe80::299e:89:dbe4:7e79%7]) with mapi id 15.20.3216.021; Wed, 22 Jul 2020 01:25:31 +0000 From: "Qi Zhang" To: "Jiang, Guomin" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Wang, Jian J" , Chao Zhang , "Kumar, Rahul1" Subject: Re: [PATCH v6 09/10] SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Thread-Topic: [PATCH v6 09/10] SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Thread-Index: AQHWXolQGJtPbWAZW0ygHCtK+aRHlqkS0NlQ Date: Wed, 22 Jul 2020 01:25:31 +0000 Message-ID: References: <20200720113022.675-1-guomin.jiang@intel.com> <20200720113022.675-10-guomin.jiang@intel.com> In-Reply-To: <20200720113022.675-10-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.221] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 65e93541-033f-40cd-5aa7-08d82dde1ff5 x-ms-traffictypediagnostic: SN6PR11MB2976: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 97uaPGKcA3ODMMvQLZW6VFjHmXG7a8ZSyU3ppg9VTYyyzTaX59VylS53OT9/IZyOuaBcUEGzcOtd3zixf7lY3sp4n9ROSsUP14euuymbJYEWYASMSt5+gsBG4gwyRLcOvY6Il3xed2ETVj4I8MGV5XndvjjEgIk3BbwRsg2fgUanup1of544z/NYR3dvmKzATOYdNn1Ix68Ukap85s+n93UGCQ0aQ+8U3WWB4+iUr8Tp6sq8WgVEWDFOyCqWedrFG970QiQ+mteQJADkgxscO0zh+F+ijPJISPH+T8wtaa1p62SRDipVAQe5t5xoD7lGEEtafzRwaElG1O57L8155/a63KUZgmUWCVgCaTVHX7lORXReQthpsLaknytoknJW3XQG2MCJMVKQnub/wMlp9w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR11MB2797.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(136003)(396003)(376002)(366004)(346002)(39860400002)(86362001)(83380400001)(8936002)(110136005)(54906003)(107886003)(9686003)(52536014)(8676002)(5660300002)(19627235002)(186003)(4326008)(55016002)(76116006)(66446008)(66556008)(64756008)(66946007)(478600001)(33656002)(26005)(71200400001)(66476007)(15650500001)(53546011)(6506007)(7696005)(2906002)(316002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: 9HVJOIVMwtlIHmpRoUiBfA7uOJtMEUmDDtSXkBq/kuMsikxeblY8FLdpcCnL6t+Plxej4GMFWAWpO3HqT1T3YOfdtpHHrIRJQRZFAqY5trWmK+uApUDT9c8Fo45uUEgSqDQ7ypvqfFMWUpI7cLs0s5tHHNwPZw0hPoggHTvummrQbG2A2fBz/fGip7EIUJJDlt+Jrb+W4X+ElRdqH21Hr5dpmLKwSPqasBZ66eLFww1MIkqKMv++LVKch4IMNd9pMWNwa55WzkmOyWotWMplMKTzTXhix9rzBm3gV+KVH9HKtOaqONeDDzDxBnsJrVcepqomTqMAiTz/EQ+pbvu3ncbr0EsKt9dsAtzqwq/Gtvz2mytVMADPHauRV+3U/571o+HcSUbqaw37611ie9am/YlwZjSkic3vVzKY0WVRHtVCxuBw2b8VIaTqMbRDWdawsAcONxrxaG5EKtRUDM9l3SmEyfHCR71oXqymSyZtSsD59x6QBjBTnBT4+16xAQFL MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB2797.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 65e93541-033f-40cd-5aa7-08d82dde1ff5 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2020 01:25:31.3558 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Qx7wiU69kgL+lptKgSKE+COqCh6u/ObGK4jOZd9Pok5uN5Hs7QbrgWyxdkAyG57KZCiPOjwxiFvPFLrBh8I9/w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2976 Return-Path: qi1.zhang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Zhang, Qi1 BRs Qi Zhang > -----Original Message----- > From: Jiang, Guomin > Sent: Monday, July 20, 2020 7:30 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Chao Zhang ; Zhang, Qi1 ; > Kumar, Rahul1 > Subject: [PATCH v6 09/10] SecurityPkg/TcgPei: Use Migrated FV Info Hob fo= r > calculating hash (CVE-2019-11098) >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614 >=20 > When we allocate pool to save rebased the PEIMs, the address will change > randomly, therefore the hash will change and result PCR0 change as well. > To avoid this, we save the raw PEIMs and use it to calculate hash. > The TcgPei calculate the hash and it use the Migrated FV Info. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Chao Zhang > Cc: Qi Zhang > Cc: Rahul Kumar > Signed-off-by: Guomin Jiang > Reviewed-by: Jian J Wang > --- > SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 + > SecurityPkg/Tcg/TcgPei/TcgPei.c | 29 +++++++++++++++++++++++++++-- > 2 files changed, 28 insertions(+), 2 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf > b/SecurityPkg/Tcg/TcgPei/TcgPei.inf > index c0bff6e85e9d..6d1951f8ed65 100644 > --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf > +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf > @@ -58,6 +58,7 @@ [Guids] > gTpmErrorHobGuid ##= SOMETIMES_PRODUCES > ## HOB > gMeasuredFvHobGuid ##= PRODUCES ## > HOB > gEfiTpmDeviceInstanceTpm12Guid ##= PRODUCES > ## GUID # TPM device identifier > + gEdkiiMigratedFvInfoGuid ## > SOMETIMES_CONSUMES ## HOB >=20 > [Ppis] > gPeiLockPhysicalPresencePpiGuid ## > SOMETIMES_CONSUMES ## NOTIFY > diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/Tcg= Pei.c > index a9a808c9ecf3..9701bfe8715b 100644 > --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c > +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c > @@ -21,6 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include > #include #include > > +#include >=20 > #include > #include > @@ -378,6 +379,10 @@ MeasureFvImage ( > EFI_STATUS Status; > EFI_PLATFORM_FIRMWARE_BLOB FvBlob; > TCG_PCR_EVENT_HDR TcgEventHdr; > + EFI_PHYSICAL_ADDRESS FvOrgBase; > + EFI_PHYSICAL_ADDRESS FvDataBase; > + EFI_PEI_HOB_POINTERS Hob; > + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; >=20 > // > // Check if it is in Excluded FV list @@ -401,10 +406,30 @@ MeasureFvI= mage > ( > } > } >=20 > + // > + // Search the matched migration FV info // FvOrgBase =3D FvBase; > + FvDataBase =3D FvBase; Hob.Raw =3D GetFirstGuidHob > + (&gEdkiiMigratedFvInfoGuid); while (Hob.Raw !=3D NULL) { > + MigratedFvInfo =3D GET_GUID_HOB_DATA (Hob); > + if ((MigratedFvInfo->FvNewBase =3D=3D (UINT32) FvBase) && (MigratedF= vInfo- > >FvLength =3D=3D (UINT32) FvLength)) { > + // > + // Found the migrated FV info > + // > + FvOrgBase =3D (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo- > >FvOrgBase; > + FvDataBase =3D (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo- > >FvDataBase; > + break; > + } > + Hob.Raw =3D GET_NEXT_HOB (Hob); > + Hob.Raw =3D GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); } > + > // > // Measure and record the FV to the TPM > // > - FvBlob.BlobBase =3D FvBase; > + FvBlob.BlobBase =3D FvOrgBase; > FvBlob.BlobLength =3D FvLength; >=20 > DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei starts at: > 0x%x\n", FvBlob.BlobBase)); > @@ -416,7 +441,7 @@ MeasureFvImage ( >=20 > Status =3D HashLogExtendEvent ( > (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(), > - (UINT8*) (UINTN) FvBlob.BlobBase, > + (UINT8*) (UINTN) FvDataBase, > (UINTN) FvBlob.BlobLength, > &TcgEventHdr, > (UINT8*) &FvBlob > -- > 2.25.1.windows.1