From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web10.14769.1594626568451663180 for ; Mon, 13 Jul 2020 00:49:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=XcWqTTU7; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jian.j.wang@intel.com) IronPort-SDR: F8ylmzw3WPIDlz85IuPS25MbRyUupLu8yhIm9TJjwhVoqHe9DNyGYAQtgTF/XIsRuNgKn2tdOJ Bd69/p7zDfcQ== X-IronPort-AV: E=McAfee;i="6000,8403,9680"; a="150030828" X-IronPort-AV: E=Sophos;i="5.75,346,1589266800"; d="scan'208";a="150030828" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jul 2020 00:49:27 -0700 IronPort-SDR: OeFXDb5HCpTnXr5DqKjXMLfF6ksvEmg//L2F+LLqk8GfyPjFpeblFn8mnPrRuG2SD4qLDhgEd5 IcTg2hJ+PIJA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,346,1589266800"; d="scan'208";a="429284683" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga004.jf.intel.com with ESMTP; 13 Jul 2020 00:49:27 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 13 Jul 2020 00:49:27 -0700 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 13 Jul 2020 00:49:26 -0700 Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Mon, 13 Jul 2020 00:49:26 -0700 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.177) by edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 13 Jul 2020 00:49:16 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eSysi4jxCBQnb+ivB2GuMFtUxdgPfzngzjjexloEXBTLfKiTZ0pSDdFkZb/PQ6l9bmnFsHqakWGGm+J+Uxu73DqDyjxzsS89i7gq+JG0EV3LOPVXa3QTH//dKHd7+njnbmWdtOZpwO/F5NXyPFeTapjcIA+SXil5NLS08+hdtJ2k+JFVvEk8c1uuwkFVsKvpvf21RHRm8F4tND8OHowccnkXYpHa1hanPvaHSm1slgC3VTzPTpbSkkcmmeZCh57HpbezOyL3NesplSkyJnhh9Z5GoMPiMeZgAxjodaUfB0pRNEIZNn2YwYk63NArYKGaPR2YPw5HznL/lBgcQj2ZHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BQ9LV4v9w+Yno6dwqIvGBWdkMQs0t1JOyR9EGqqRwB4=; b=UCutJxcFPasWCIqejyAThdXsD68hI9WWaXP3BF17TKglbLSr1aVL8tLoqxOzU+r+L6aWK/9D1l2vfq1E6k3vmRjAVv81MRhnSUSxYStP/R2efvnA1AJVcLZctH+KDYpNAILPCK7BLOit3K2lbjH+PUE/IVmv+V0KgkhrvSxJUWvW4qsZdyn9Axf8bkze5uT1MSRfqD9WxYXXl7XN8w1KN/WnSok6orVKoSGMert4zAmTCKSElRCtLF4vbU1dU1Q+cXtmy1OHkequNzquBzJpGvYM6RNzr8gRVCIzGIRSdMYZU52ObIWvTTtTvcqjffY5ik9xMxgI7RFIcp/Yy2ChTQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BQ9LV4v9w+Yno6dwqIvGBWdkMQs0t1JOyR9EGqqRwB4=; b=XcWqTTU7KnHbPFzTM12dJbUm2cqY8IvQZO6YmCkllHC9g8++CmfFwvChXiAyrhPLmSi30R5vJmiO+1/c2QV0cEfH1Gycnr5/+BL5xp/KZcSIOTAsWoH5mN1DqesZwvqv2sF4nQXPn+5THAi4XocnUgez6I3LwZTE3Bq9hfh8MWY= Received: from SN6PR11MB3312.namprd11.prod.outlook.com (2603:10b6:805:c8::14) by SA0PR11MB4592.namprd11.prod.outlook.com (2603:10b6:806:98::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.22; Mon, 13 Jul 2020 07:49:15 +0000 Received: from SN6PR11MB3312.namprd11.prod.outlook.com ([fe80::31f6:24c6:99f0:33d2]) by SN6PR11MB3312.namprd11.prod.outlook.com ([fe80::31f6:24c6:99f0:33d2%6]) with mapi id 15.20.3174.025; Mon, 13 Jul 2020 07:49:15 +0000 From: "Wang, Jian J" To: "Jiang, Guomin" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Zhang, Chao B" , "Zhang, Qi1" , "Kumar, Rahul1" Subject: Re: [PATCH v5 9/9] SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Thread-Topic: [PATCH v5 9/9] SecurityPkg/TcgPei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Thread-Index: AQHWVZRMGw/tdzvcV0ynKX4d90D1kKkFKP+w Date: Mon, 13 Jul 2020 07:49:14 +0000 Message-ID: References: <20200709015645.336-1-guomin.jiang@intel.com> <20200709015645.336-10-guomin.jiang@intel.com> In-Reply-To: <20200709015645.336-10-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZDcxZTJiN2UtNzIzOC00NjUyLWIyYjEtNjNiYmI1MzViYzA4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoia2dIZ0hsUHZZc0pyMTJvR0RyQjFVcTZMODgwU1AxWTlMZmNScEoycktSYzM5WTZXTjNid3VPTENJVGVnYUpEQiJ9 dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows x-ctpclassification: CTP_NT authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.194] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 94a87350-7a11-4ae4-7428-08d827013d66 x-ms-traffictypediagnostic: SA0PR11MB4592: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: W/pMBEPBcWci89RCAcK6BU+uzThntjHPaSih5CSgA1xSJ8iDEB15OwM8dfVD+bRlbeVp5USBXSbBuOAOH8pmDrIZkKZospDVQ3zxfgPlqOlfEKOofYNKZT29SHgGNRutD6Z9D1RAflw7bLD13Wt8BHYOjQQKhhQOUQoudxQdeSYBXNWtht5eA8L5QDsiPtz5dVJW/H5CydonERl64U9ln4KEw/k4Nz7NOBxvsbWn3iWazspoekDJPoWA345+zQVne/Lu4dIjKSr35JJUEKPQuYLiQKjbHub7SenXf6hUrSH+ZiZzk6dbEFvD51SmtngGfJOQszsEXDtU4CJ3XelnF1q9XDynsKjRvOR+ugtS/UMJaQyrkjBhvnVbJkwEVGnsyAg1wPbeuDvtlLywumNrWA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR11MB3312.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(396003)(39860400002)(376002)(346002)(136003)(366004)(55016002)(19627235002)(5660300002)(7696005)(316002)(86362001)(186003)(2906002)(26005)(52536014)(53546011)(6506007)(478600001)(9686003)(66556008)(66446008)(66476007)(64756008)(71200400001)(4326008)(66946007)(76116006)(15650500001)(83380400001)(107886003)(8936002)(33656002)(110136005)(8676002)(54906003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: wlEVNRB3S82cdGUJGqaSHuuCr+JV8o62VhXaVQccOsk+Os/Q1zSIBl09VE/zNhj9JiYTbEcK0CaY0cGDF2gkIJ5p7zP+GWzavP28cT3jCg6WTLQJp6A5R+0HKc2eabnVyNWptyZFfgFskr/wewoCv7yGAuChHE0HIxqmFGIfeXqA5q2HbjqJ+3i/OGWt3GYjjsCXDoDnwWVwfcnmlkzF7mOmdDBQSc9qvmXXOU7wLoEQkEsppsdkjoEHjSkego+t94fUE2jOw0+knU78mFTZOeE3LwGI8R1GG2/uFLCI9J87hREQqjli0Bqzc5KzrNI2cumu4MP2jzvOgRaSd4QDfaccqXWwXTAYtywHY6nc6oJfCY11gsfyFlwb96Mkx/30p4SuxwEqmjKLxsYr6DiEgcZnZOWrzMabonb0wDX9oWLc4LYf5f2fxeJfvpEL0xiz1kuHEc6c+QG1X19196h7A2JBT4HbdKDpn+xrC6711gBBcPzJj/3lvj6rJBw54bts MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB3312.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 94a87350-7a11-4ae4-7428-08d827013d66 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2020 07:49:14.9771 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: V4/wkJGlNdoj1aRj/FO5WqZWSJnI5m6KJKfp6cPAJwgvHFN+9GFXXQF1Tdk9P45CzG9pcq+12w5VYR35TGk1GA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR11MB4592 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Jiang, Guomin > Sent: Thursday, July 09, 2020 9:57 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Zhang, Chao B ; Zhang, Qi1 ; > Kumar, Rahul1 > Subject: [PATCH v5 9/9] SecurityPkg/TcgPei: Use Migrated FV Info Hob for > calculating hash (CVE-2019-11098) >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614 >=20 > When we allocate pool to save rebased the PEIMs, the address will change > randomly, therefore the hash will change and result PCR0 change as well. > To avoid this, we save the raw PEIMs and use it to calculate hash. > The TcgPei calculate the hash and it use the Migrated FV Info. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Chao Zhang > Cc: Qi Zhang > Cc: Rahul Kumar > Signed-off-by: Guomin Jiang > --- > SecurityPkg/Tcg/TcgPei/TcgPei.inf | 1 + > SecurityPkg/Tcg/TcgPei/TcgPei.c | 29 +++++++++++++++++++++++++++-- > 2 files changed, 28 insertions(+), 2 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf > b/SecurityPkg/Tcg/TcgPei/TcgPei.inf > index c0bff6e85e9d..6d1951f8ed65 100644 > --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf > +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf > @@ -58,6 +58,7 @@ [Guids] > gTpmErrorHobGuid ##= SOMETIMES_PRODUCES > ## HOB > gMeasuredFvHobGuid ##= PRODUCES ## > HOB > gEfiTpmDeviceInstanceTpm12Guid ##= PRODUCES > ## GUID # TPM device identifier > + gEdkiiMigratedFvInfoGuid ## > SOMETIMES_CONSUMES ## HOB >=20 > [Ppis] > gPeiLockPhysicalPresencePpiGuid ## > SOMETIMES_CONSUMES ## NOTIFY > diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/Tcg= Pei.c > index a9a808c9ecf3..9701bfe8715b 100644 > --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c > +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c > @@ -21,6 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include > #include > +#include >=20 > #include > #include > @@ -378,6 +379,10 @@ MeasureFvImage ( > EFI_STATUS Status; > EFI_PLATFORM_FIRMWARE_BLOB FvBlob; > TCG_PCR_EVENT_HDR TcgEventHdr; > + EFI_PHYSICAL_ADDRESS FvOrgBase; > + EFI_PHYSICAL_ADDRESS FvDataBase; > + EFI_PEI_HOB_POINTERS Hob; > + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; >=20 > // > // Check if it is in Excluded FV list > @@ -401,10 +406,30 @@ MeasureFvImage ( > } > } >=20 > + // > + // Search the matched migration FV info > + // > + FvOrgBase =3D FvBase; > + FvDataBase =3D FvBase; > + Hob.Raw =3D GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); > + while (Hob.Raw !=3D NULL) { > + MigratedFvInfo =3D GET_GUID_HOB_DATA (Hob); > + if ((MigratedFvInfo->FvNewBase =3D=3D (UINT32) FvBase) && (MigratedF= vInfo- > >FvLength =3D=3D (UINT32) FvLength)) { > + // > + // Found the migrated FV info > + // > + FvOrgBase =3D (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo- > >FvOrgBase; > + FvDataBase =3D (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo- > >FvDataBase; > + break; > + } > + Hob.Raw =3D GET_NEXT_HOB (Hob); > + Hob.Raw =3D GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); > + } > + > // > // Measure and record the FV to the TPM > // > - FvBlob.BlobBase =3D FvBase; > + FvBlob.BlobBase =3D FvOrgBase; > FvBlob.BlobLength =3D FvLength; >=20 > DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei starts at: 0x%= x\n", > FvBlob.BlobBase)); > @@ -416,7 +441,7 @@ MeasureFvImage ( >=20 > Status =3D HashLogExtendEvent ( > (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(), > - (UINT8*) (UINTN) FvBlob.BlobBase, > + (UINT8*) (UINTN) FvDataBase, > (UINTN) FvBlob.BlobLength, > &TcgEventHdr, > (UINT8*) &FvBlob > -- > 2.25.1.windows.1