From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web10.14378.1594624166417416544 for ; Mon, 13 Jul 2020 00:09:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=YzB5Uw6o; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: jian.j.wang@intel.com) IronPort-SDR: 45y5JUrLzOxisxs/JzFFCExJMFy5g33qJkOzZTXqrGn4j3EfL+U/LJ2jeqy0BnDtR9QO+8HzuC d2ImFifOS73A== X-IronPort-AV: E=McAfee;i="6000,8403,9680"; a="128622561" X-IronPort-AV: E=Sophos;i="5.75,346,1589266800"; d="scan'208";a="128622561" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Jul 2020 00:09:25 -0700 IronPort-SDR: UM2RMPHc2SGz4UNtJh4HilLi1+SonwfDVUPpOmXoRj2puHpNFDeVftiut6dLZT2n6TozCGxfeu XZ3q51og7q+Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,346,1589266800"; d="scan'208";a="359979755" Received: from orsmsx106.amr.corp.intel.com ([10.22.225.133]) by orsmga001.jf.intel.com with ESMTP; 13 Jul 2020 00:09:25 -0700 Received: from orsmsx159.amr.corp.intel.com (10.22.240.24) by ORSMSX106.amr.corp.intel.com (10.22.225.133) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 13 Jul 2020 00:09:25 -0700 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by ORSMSX159.amr.corp.intel.com (10.22.240.24) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 13 Jul 2020 00:09:25 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.169) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Mon, 13 Jul 2020 00:09:24 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YcZFQlBbqyzP0+/Ru22GrxXAenqfTS4V653BIfnnQufTTCrHU46bJb+sWpL9S56PBmxaEt2f+9uDBXlM4V7CSPNhnjGhWjQmLPEk7lfHrJ6r45QrMGVoFK35zj/lDyIRLyn+/NiDDPfQiLIs6NMz1TdvuSizFdnA1YF95npZNcRmnkUxmNLSRHECmVi3wEGqhdW3GIpICDZYX1G7EkMdvtWuqyG+xnDB5yyJ3I1tabtH2/ziytj2pTmpNdLTK8H0O4x4/xUl8eJMW67ZYnqy4rj8RAAgkMvpZGpOoApvO2PD1X0aGbJzssMYnRnGuk8nLkLeCh84lF7SSdhN3G9FMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jEodZn+PhF8ELWy4aFmUqoc42e+LhpaZgR8B2noU/uk=; b=oPkeq67F9bmaHyPOstuB1jRkrfvVTGKKnjE+ok053GRg9mfDM1uYSMDiQPNT0IsN4t4Dlpc5NVbvcHzNbEPTfF6gsTpgYvFvxG3DQZB9OzWU3ndhqGlqbXWGPbCBqu8QuHlKQ35X9R7AkYAFZ8MoXRLPEKGRSJW4keGOnSxEkL2KdRD/IBc6wjWVy1+NWNE+bmy3Da4y5ezpC0L0ZQO/fhofNFpJEy4YOE4QgAGVIwngepOdaG9jvmLrdBr7af/egX+9YXdqoFIf6Vthk8/zv/PdvHAjGn0Hb2qMMiERqyWS5DqnMZBpMSXJHjPvEV3bv5TvzrTBYidndvzPRViLlg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jEodZn+PhF8ELWy4aFmUqoc42e+LhpaZgR8B2noU/uk=; b=YzB5Uw6o7GpxBzw/kQNbrQl8QMT6cttqqgVzuRlmTms0cU9o6SoLJGhRQzQl9lEwfs2JjIzd2z0euSuJ9SqrlqaMMlIYm1nFl03WLzkvel7hxGVXp+3Q0lBTfJwa/JVTYl9i0owojSV0XTCoKsjxMUHrfFPMRlErIE0R4OI3zqk= Received: from SN6PR11MB3312.namprd11.prod.outlook.com (2603:10b6:805:c8::14) by SN6PR11MB2608.namprd11.prod.outlook.com (2603:10b6:805:57::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3174.24; Mon, 13 Jul 2020 07:09:23 +0000 Received: from SN6PR11MB3312.namprd11.prod.outlook.com ([fe80::31f6:24c6:99f0:33d2]) by SN6PR11MB3312.namprd11.prod.outlook.com ([fe80::31f6:24c6:99f0:33d2%6]) with mapi id 15.20.3174.025; Mon, 13 Jul 2020 07:09:23 +0000 From: "Wang, Jian J" To: "Jiang, Guomin" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Zhang, Chao B" , "Zhang, Qi1" , "Kumar, Rahul1" Subject: Re: [PATCH v5 6/9] SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Thread-Topic: [PATCH v5 6/9] SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for calculating hash (CVE-2019-11098) Thread-Index: AQHWVZRGqFTmBpqLAkyY/vStjO8diakFHddw Date: Mon, 13 Jul 2020 07:09:23 +0000 Message-ID: References: <20200709015645.336-1-guomin.jiang@intel.com> <20200709015645.336-7-guomin.jiang@intel.com> In-Reply-To: <20200709015645.336-7-guomin.jiang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiZjkyZTE1ZDYtNjhmOS00NmUzLWJjYjYtOTRjYjM0N2EwNTZkIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiM2EwUWY1OGhxTHd4XC92dHQrZG1VK21pYzh3WnMzdmZwWExUTXFuNlJFSGFNRUkydjg4emdjN1dCQlRkUDZPeGYifQ== dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows x-ctpclassification: CTP_NT authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [192.198.147.194] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 04c1f9d7-83ca-4198-29e2-08d826fbabd1 x-ms-traffictypediagnostic: SN6PR11MB2608: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: JF97LZvHPqlaoCrWoCtfojCWLdtPiphLbWq17OtxKH03yNO3tW1PIj9ddWzF+Wn18V1Reg0+pyTkBaqZX1FywoIMyNzYbLpBpzEr4JgAiAAKHrs5AD9zGunH/1H8eNGisKbB4LHC45+Um7cxAUZXFuN3uddUjrVKYI8ZDeBILq/itmrqsSqcE1udX+aBVazE4gZ1KbcZMv/Jvjbt0K6O+CRLMPSw2QYSd+QKAAw0NQEp0wmd1mh/Odmj87GFSeXrz5L2vWW4PrN2ZL6AattAMJlFBlFeGvddEgyJe7TrGzCEBqprQiJizyILu04mCPjztWl+0mFtOj3K4fEfadx4hGaVyMhfKGaJrJ8EJ5uNxhtwBXbQZhOSqGtmPEFCKo7jzURGNZ7qanfbvNgSvqoNDA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR11MB3312.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(136003)(346002)(396003)(366004)(39860400002)(376002)(110136005)(15650500001)(8676002)(2906002)(478600001)(83380400001)(316002)(5660300002)(4326008)(52536014)(19627235002)(9686003)(6506007)(53546011)(7696005)(8936002)(54906003)(86362001)(107886003)(33656002)(66556008)(55016002)(186003)(66946007)(66446008)(26005)(64756008)(66476007)(76116006)(71200400001);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: Vc2rqEpeyrgvPagRAuBwX/PuPgE27rKtPPVItIopa78dIP79PELHsqsFnKXI2xUm/B4rUmbCHgJb088R9wpmh/AiBBKPQpXqmpqnjB1QpZjGlsz8P23OPZvvvWIapCqIlcAnqPgg+McP1PPJSiCngreX14Fwj1lVPoti8zsGWtXAuM0jZzbf+XkxUTuWw62UYrGX1qHfXHsX4lu/w3WVv7Zp1ie3mJnOPLEc/eEI8Jd1Yjb+NsxHOlMQt/7AmN1TnQcXS9ctzP0XI/IelL0bpBFhGjD4arwrnpT2dYwnZ1bHbkZuHnxlq1u3jn+l6ET8UdkbnJkVurJegJwVDWmSrvvglXKmfw8a7upwjBZ6I7tXA0kjHW8C0hrAbv5hzLJ6DALHve3TjY/Y4G4WspksLibMlgmRpeXeE6jJ7veC3qt429VmzotsMaVTNS+myWdzhzYZbb3d6zy59viYVv90heeexIRqEIxtKjBoYqjpECaNPtJQ/092IfPCH0b+auoW MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB3312.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 04c1f9d7-83ca-4198-29e2-08d826fbabd1 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jul 2020 07:09:23.2464 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +zVtJq/bP5mAfYQLnVflPkRjUgxIX7yRJKa1K7o1CALeGxAM8vTMfAkCZJyo+fNXt5IB169pLzO60nuZ7iZG4A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB2608 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Jiang, Guomin > Sent: Thursday, July 09, 2020 9:57 AM > To: devel@edk2.groups.io > Cc: Yao, Jiewen ; Wang, Jian J ; > Zhang, Chao B ; Zhang, Qi1 ; > Kumar, Rahul1 > Subject: [PATCH v5 6/9] SecurityPkg/Tcg2Pei: Use Migrated FV Info Hob for > calculating hash (CVE-2019-11098) >=20 > REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D1614 >=20 > When we allocate pool to save rebased the PEIMs, the address will change > randomly, therefore the hash will change and result PCR0 change as well. > To avoid this, we save the raw PEIMs and use it to calculate hash. > The Tcg2Pei calculate the hash and it use the Migrated FV Info. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Chao Zhang > Cc: Qi Zhang > Cc: Rahul Kumar > Signed-off-by: Guomin Jiang > --- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 1 + > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 31 ++++++++++++++++++++++++++--- > 2 files changed, 29 insertions(+), 3 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > index 3d361e8859e7..367df21eedaf 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf > @@ -63,6 +63,7 @@ [Guids] > gTcgEvent2EntryHobGuid #= # PRODUCES ## > HOB > gEfiTpmDeviceInstanceNoneGuid #= # > SOMETIMES_PRODUCES ## GUID # TPM device identifier > gEfiTpmDeviceInstanceTpm12Guid #= # > SOMETIMES_PRODUCES ## GUID # TPM device identifier > + gEdkiiMigratedFvInfoGuid #= # > SOMETIMES_CONSUMES ## HOB >=20 > [Ppis] > gEfiPeiFirmwareVolumeInfoPpiGuid #= # > SOMETIMES_CONSUMES ## NOTIFY > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > index 4852d8690617..651a60c1f0e2 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > @@ -21,6 +21,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #include > #include > #include > +#include >=20 > #include > #include > @@ -536,6 +537,10 @@ MeasureFvImage ( > EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI > *PrehashedFvPpi; > HASH_INFO *PreHashInfo; > UINT32 HashAlgoMask; > + EFI_PHYSICAL_ADDRESS FvOrgBase; > + EFI_PHYSICAL_ADDRESS FvDataBase; > + EFI_PEI_HOB_POINTERS Hob; > + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; >=20 > // > // Check Excluded FV list > @@ -621,6 +626,26 @@ MeasureFvImage ( > Instance++; > } while (!EFI_ERROR(Status)); >=20 > + // > + // Search the matched migration FV info > + // > + FvOrgBase =3D FvBase; > + FvDataBase =3D FvBase; > + Hob.Raw =3D GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); > + while (Hob.Raw !=3D NULL) { > + MigratedFvInfo =3D GET_GUID_HOB_DATA (Hob); > + if ((MigratedFvInfo->FvNewBase =3D=3D (UINT32) FvBase) && (MigratedF= vInfo- > >FvLength =3D=3D (UINT32) FvLength)) { > + // > + // Found the migrated FV info > + // > + FvOrgBase =3D (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo- > >FvOrgBase; > + FvDataBase =3D (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo- > >FvDataBase; > + break; > + } > + Hob.Raw =3D GET_NEXT_HOB (Hob); > + Hob.Raw =3D GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); > + } > + > // > // Init the log event for FV measurement > // > @@ -631,13 +656,13 @@ MeasureFvImage ( > if (FvName !=3D NULL) { > AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, > sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); > } > - FvBlob2.BlobBase =3D FvBase; > + FvBlob2.BlobBase =3D FvOrgBase; > FvBlob2.BlobLength =3D FvLength; > TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB2; > TcgEventHdr.EventSize =3D sizeof (FvBlob2); > EventData =3D &FvBlob2; > } else { > - FvBlob.BlobBase =3D FvBase; > + FvBlob.BlobBase =3D FvOrgBase; > FvBlob.BlobLength =3D FvLength; > TcgEventHdr.PCRIndex =3D 0; > TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; > @@ -672,7 +697,7 @@ MeasureFvImage ( > // > Status =3D HashLogExtendEvent ( > 0, > - (UINT8*) (UINTN) FvBase, // HashData > + (UINT8*) (UINTN) FvDataBase, // HashData > (UINTN) FvLength, // HashDataLen > &TcgEventHdr, // EventHdr > EventData // EventData > -- > 2.25.1.windows.1