From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.9890.1595381129483577548 for ; Tue, 21 Jul 2020 18:25:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=hDzUXCEZ; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: qi1.zhang@intel.com) IronPort-SDR: gyKmNmlAbhzXThc4ipekl6kfr48SicxOEVtVRlHdK0K+wyA0NAR+zadQYvMWDSOjxvrL3ZkwtE M1Z2rq3JIMmA== X-IronPort-AV: E=McAfee;i="6000,8403,9689"; a="214899641" X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="214899641" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jul 2020 18:25:28 -0700 IronPort-SDR: /82zXyQywwxcZfOzYUytADnKdtm6bvSOsj8frrw5CEhpSZH8JActRFoh9EqV4bM/OezUqhX9rb i0866eq0B/cA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,381,1589266800"; d="scan'208";a="362561542" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga001.jf.intel.com with ESMTP; 21 Jul 2020 18:25:28 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 21 Jul 2020 18:25:27 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Tue, 21 Jul 2020 18:25:27 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.177) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 21 Jul 2020 18:25:23 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q3qXxH6q16PTcX7XpeTTVzF9tIhHc+BfsnTZLOPUrbEadkLKkH4a9x/ariU+BUYeYJBgF3+mnNMgKvE6U7sn96FM9bAvFh2rbTKCYkUpeDCAa9DayzBlkawV9phzC2CrP4UqFaC4wudXyNp9EypVtjjDcd7jBcX32ZXiJDQZvtHgWFXI0vkXBh5s81GUv3qxztLGVDYERAPDpNiJ+NLDlkdW4nxXJtRSXwR4jQNxZbDoJDspcyA9trn4YVf1qsfibEYl5CPxn65/n+92Odi4JOMPmkhTIxpVB5G5R0PiikFWDBjgVmnC6ScHRsRDpMZIPDWGzlNI8coR2qQTwDto9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DXYkcPfGuvnnfXWKWMv2U75BoDWLHCxZBMiWScIYxM8=; b=KfISW9gFAXgbzdLglNhUY/JhDIxQQWbVlxIA4ZT82Vc0Hwjuk85Gyx8p8L6jwxzlvX7ebFzX6e5Ix1RFd6yYim2/REnMWhcjmHhW71tatErOti6CYK7di4K0+DEngpMiTTaCOJSRJU5WBaAlUrjnIQLdr6BiwYkUf6JPiOpAN3s1tdgfGwQb1ufRINFo6YVASeshPCw9x8/5xpxw1OaUmiklUnZfWXc0RmFV4BAq921sADST6UlpVFvOEZ0maAxIk7N84Xt5nZ9aM2MtAPbK1fD6ie6O10a3+IzYv3fDswvcgkhSDbbxqXz07CpWwJfjnE2L9RFSDsxW3MomsdZpTA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DXYkcPfGuvnnfXWKWMv2U75BoDWLHCxZBMiWScIYxM8=; b=hDzUXCEZSaTKMaALHLjkHXANLNE5vqUjMFj+RiVzryHhh5Tg0FiFptlenq5WE2dkhuDy3nu+qcK+8gAmrCH4617dyvgUJ1Ls0RjNr6SJCa9gm4fnUSjVeY4gbGHXKnkqixY08JK1q9I01yW/jY9sbICtq2aodstjFbY1UmnkAlg= Received: from SN6PR11MB2797.namprd11.prod.outlook.com (2603:10b6:805:5a::32) by SN6PR11MB2976.namprd11.prod.outlook.com (2603:10b6:805:d5::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3195.23; Wed, 22 Jul 2020 01:25:17 +0000 Received: from SN6PR11MB2797.namprd11.prod.outlook.com ([fe80::299e:89:dbe4:7e79]) by SN6PR11MB2797.namprd11.prod.outlook.com ([fe80::299e:89:dbe4:7e79%7]) with mapi id 15.20.3216.021; Wed, 22 Jul 2020 01:25:17 +0000 From: "Qi Zhang" To: "Jiang, Guomin" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Wang, Jian J" , Chao Zhang , "Kumar, Rahul1" Subject: Re: [PATCH v6 06/10] SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Thread-Topic: [PATCH v6 06/10] SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Thread-Index: AQHWXolEpr4tk82M4kWVvgRvX64x76kS0Eqw Date: Wed, 22 Jul 2020 01:25:17 +0000 Message-ID: References: <20200720113022.675-1-guomin.jiang@intel.com> <20200720113022.675-7-guomin.jiang@intel.com> In-Reply-To: <20200720113022.675-7-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.5.1.3 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.221] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7cbed151-3d9b-4f1d-bdd6-08d82dde1777 x-ms-traffictypediagnostic: SN6PR11MB2976: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 86xldCQlq8812gEConbfyTDVSlrWqxVtUEap8JeuGhPMNTFmXNK14Ds/fDsn5hLtBZ5v6b6LrSefeuvtt9Q20RqA41ydIhB+lw0frAcJm9v1SOsudR7wIzum1Zjga/NQlGgFYyXsJ5FR4i8y4BfLA1rARtAIFAFh/uBLJfAgSAcVQk0Vx0P1LI+XDBTlV1KkUONYj6cGZ2DzBpI8oB9sCr0e0UCo32daBOuROtWtC3T1lrufAoR947COpU95KXkwZcx0Ip0p3/8n4CCtmzgE2mAvEImuY1gvg7YQEa81B4aLQE3PTWzWS+yp0JEMN6n/lrx4b2dYc8tFhGQfO4gCmPZHlviaxRqfBe7cxqm2KjISxc453To0VQWKZP3MEp6BwLVJt2U79x62iIk+cBTLaQ== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR11MB2797.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(136003)(396003)(376002)(366004)(346002)(39860400002)(86362001)(83380400001)(8936002)(110136005)(54906003)(107886003)(9686003)(52536014)(8676002)(5660300002)(19627235002)(186003)(4326008)(55016002)(76116006)(66446008)(66556008)(64756008)(66946007)(478600001)(33656002)(26005)(71200400001)(66476007)(15650500001)(53546011)(6506007)(7696005)(2906002)(316002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: hfvOPhTVdGmG2aSlgYSB8Q0pX43hP43CNwATENbkQH0hNZgTzGXUSHNnv6IaFjyyA2N9Tlkjb1Bh4a/Y8Omo9J2atSHXiYBf9qSkPxOqhWRHdt4zHDGx1TMP6pZ0/V4ZB8CagxzBCRUbD//+JcI+U9y8d3v5kyJQgaYhvLdJX2pg6XGTljmBpnZfg47hqI6BxAv825isg3fxt2QXWwu6S9Hl+CyGE2IF8bL/vZg5F57dlyxzk9iwNWq81pjcUJUdCe3Rmb7dKkMwm87956U0dnYfqTid0HorV8+V8Q9y9qzuhryGq5Zbr4ILYy/K2SPDCuIv4elmUyFIOCr76tFvCGfdoe9SXIZeWwNiuoYqn3Lq3MIsCysUM2ME4+VEWB1OAB2hXDqI+lBFs2e9VXFI52cFdMa/ayKt9eWRDTfHtPn0h45Ci4WN/Vv3kr7KnGLlUcJRMVwv02RPNW9vulgq6h5mPc56AJxqQYnmlupQGtgNdVvMZ89JCmqDykfAxhi3 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB2797.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7cbed151-3d9b-4f1d-bdd6-08d82dde1777 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Jul 2020 01:25:17.1019 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 8ElGfs+64QSAZETRifUKR9m6tYZPfsxBbpwQ9L4nx4UVtXMt/+uEbBCp/+UOLb1Fke8rMGpBWBV5NYC1QMpUVg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2976 Return-Path: qi1.zhang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Zhang, Qi1 BRs Qi Zhang > -----Original Message----- > From: Jiang, Guomin > Sent: Monday, July 20, 2020 7:30 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Chao Zhang ; Zhang, Qi1 ; > Kumar, Rahul1 > Subject: [PATCH v6 06/10] SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob f= or > calculating hash (CVE-2019-11098) >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614 >=20 > When we allocate pool to save rebased the PEIMs, the address will change > randomly, therefore the hash will change and result PCR0 change as well. > To avoid this, we save the raw PEIMs and use it to calculate hash. > The Tcg2Pei calculate the hash and it use the Migrated FV Info. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Chao Zhang > Cc: Qi Zhang > Cc: Rahul Kumar > Signed-off-by: Guomin Jiang > Reviewed-by: Jian J Wang > --- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 ++++++++++++++++++++++++++--- > 2 files changed, 29 insertions(+), 3 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > index 3d361e8859e7..367df21eedaf 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > @@ -63,6 +63,7 @@ [Guids] > gTcgEvent2EntryHobGuid #= # PRODUCES > ## HOB > gEfiTpmDeviceInstanceNoneGuid #= # > SOMETIMES_PRODUCES ## GUID # TPM device identifier > gEfiTpmDeviceInstanceTpm12Guid #= # > SOMETIMES_PRODUCES ## GUID # TPM device identifier > + gEdkiiMigratedFvInfoGuid #= # > SOMETIMES_CONSUMES ## HOB >=20 > [Ppis] > gEfiPeiFirmwareVolumeInfoPpiGuid #= # > SOMETIMES_CONSUMES ## NOTIFY > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > index 19b8e4b318c5..18569f89b430 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > @@ -21,6 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include > #include #include > > +#include >=20 > #include > #include > @@ -536,6 +537,10 @@ MeasureFvImage ( > EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI > *PrehashedFvPpi; > HASH_INFO *PreHashInfo; > UINT32 HashAlgoMask; > + EFI_PHYSICAL_ADDRESS FvOrgBase; > + EFI_PHYSICAL_ADDRESS FvDataBase; > + EFI_PEI_HOB_POINTERS Hob; > + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; >=20 > // > // Check Excluded FV list > @@ -621,6 +626,26 @@ MeasureFvImage ( > Instance++; > } while (!EFI_ERROR(Status)); >=20 > + // > + // Search the matched migration FV info // FvOrgBase =3D FvBase; > + FvDataBase =3D FvBase; Hob.Raw =3D GetFirstGuidHob > + (&gEdkiiMigratedFvInfoGuid); while (Hob.Raw !=3D NULL) { > + MigratedFvInfo =3D GET_GUID_HOB_DATA (Hob); > + if ((MigratedFvInfo->FvNewBase =3D=3D (UINT32) FvBase) && (MigratedF= vInfo- > >FvLength =3D=3D (UINT32) FvLength)) { > + // > + // Found the migrated FV info > + // > + FvOrgBase =3D (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo- > >FvOrgBase; > + FvDataBase =3D (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo- > >FvDataBase; > + break; > + } > + Hob.Raw =3D GET_NEXT_HOB (Hob); > + Hob.Raw =3D GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); } > + > // > // Init the log event for FV measurement > // > @@ -631,14 +656,14 @@ MeasureFvImage ( > if (FvName !=3D NULL) { > AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, > sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); > } > - FvBlob2.BlobBase =3D FvBase; > + FvBlob2.BlobBase =3D FvOrgBase; > FvBlob2.BlobLength =3D FvLength; > TcgEventHdr.PCRIndex =3D 0; > TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; > TcgEventHdr.EventSize =3D sizeof (FvBlob2); > EventData =3D &FvBlob2; > } else { > - FvBlob.BlobBase =3D FvBase; > + FvBlob.BlobBase =3D FvOrgBase; > FvBlob.BlobLength =3D FvLength; > TcgEventHdr.PCRIndex =3D 0; > TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; > @@ -673,7 +698,7 @@ MeasureFvImage ( > // > Status =3D HashLogExtendEvent ( > 0, > - (UINT8*) (UINTN) FvBase, // HashData > + (UINT8*) (UINTN) FvDataBase, // HashData > (UINTN) FvLength, // HashDataLen > &TcgEventHdr, // EventHdr > EventData // EventData > -- > 2.25.1.windows.1