[edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Yao, Jiewen
jiewen.yao at intel.com
Wed Jul 15 14:45:04 UTC 2020
Hi Bret
Do you have a full problem statement or Bugzilla?
If we are resolving same problem, we can resolve altogether.
If we are talking different problem, we can resolve one by one.
Thank you
Yao Jiewen
From: Bret Barkelew <Bret.Barkelew at microsoft.com>
Sent: Wednesday, July 15, 2020 1:53 PM
To: devel at edk2.groups.io; Yao, Jiewen <jiewen.yao at intel.com>; Zhang, Qi1 <qi1.zhang at intel.com>
Cc: Wang, Jian J <jian.j.wang at intel.com>
Subject: Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Since we're working on early boot TCG interfaces, is this a good time to discuss a standard way to init the log with measurements made by the HW root of trust prior to Tcg2Pei? We were using a NULL lib and a registration pattern on the PEIM, but I'm open to other ideas, too. Thoughts?
- Bret
________________________________
From: devel at edk2.groups.io<mailto:devel at edk2.groups.io> <devel at edk2.groups.io<mailto:devel at edk2.groups.io>> on behalf of Yao, Jiewen via groups.io <jiewen.yao=intel.com at groups.io<mailto:jiewen.yao=intel.com at groups.io>>
Sent: Tuesday, July 14, 2020 10:08:30 PM
To: Zhang, Qi1 <qi1.zhang at intel.com<mailto:qi1.zhang at intel.com>>; devel at edk2.groups.io<mailto:devel at edk2.groups.io> <devel at edk2.groups.io<mailto:devel at edk2.groups.io>>
Cc: Wang, Jian J <jian.j.wang at intel.com<mailto:jian.j.wang at intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
Thanks Qi.
I just thought one use case that a PEIM may already have a calculated hash (https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=V3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&reserved=0)
We may need add a flag to support this pre-hash use case. Such as:
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT64 Flags, // new field. BIT0 = 0 means HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash digest.
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
> -----Original Message-----
> From: Zhang, Qi1 <qi1.zhang at intel.com<mailto:qi1.zhang at intel.com>>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel at edk2.groups.io<mailto:devel at edk2.groups.io>
> Cc: Yao, Jiewen <jiewen.yao at intel.com<mailto:jiewen.yao at intel.com>>; Wang, Jian J <jian.j.wang at intel.com<mailto:jian.j.wang at intel.com>>;
> Zhang, Chao B <chao.b.zhang at intel.com<mailto:chao.b.zhang at intel.com>>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen.yao at intel.com<mailto:jiewen.yao at intel.com>>
>
> REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&sdata=VgWc2LNPqJRlBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&reserved=0
>
> Cc: Jiewen Yao <jiewen.yao at intel.com<mailto:jiewen.yao at intel.com>>
> Cc: Jian J Wang <jian.j.wang at intel.com<mailto:jian.j.wang at intel.com>>
> Cc: Chao Zhang <chao.b.zhang at intel.com<mailto:chao.b.zhang at intel.com>>
> Signed-off-by: Jiewen Yao <jiewen.yao at intel.com<mailto:jiewen.yao at intel.com>>
> ---
> SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
> 1 file changed, 50 insertions(+)
> create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> + TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> + Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> + @param[in] This Indicates the calling context
>
> + @param[in] HashData Physical address of the start of the data buffer
>
> + to be hashed, extended, and logged.
>
> + @param[in] HashDataLen The length, in bytes, of the buffer referenced by
> HashData.
>
> + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> + @param[in] NewEventData Pointer to the new event data.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_UNSUPPORTED TPM device not available.
>
> + @retval EFI_OUT_OF_RESOURCES Out of memory.
>
> + @retval EFI_DEVICE_ERROR The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> + IN EDKII_TCG_PPI *This,
>
> + IN UINT8 *HashData,
>
> + IN UINTN HashDataLen,
>
> + IN TCG_PCR_EVENT_HDR *NewEventHdr,
>
> + IN UINT8 *NewEventData
>
> + );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#62611): https://edk2.groups.io/g/devel/message/62611
Mute This Topic: https://groups.io/mt/75496422/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/edk2-devel-archive/attachments/20200715/7778ce02/attachment.htm>
More information about the edk2-devel-archive
mailing list