[edk2-devel] [PATCH V4 3/3] SecurityPkg: Support CcMeasurementProtocol in DxeTpmMeasurementLib

Thu Nov 4 14:25:24 UTC 2021

I believe a platform should have only one RTS/RTR.

Only one of (virtual)TPM1.2, (virtual)TPM2.0 and CC MR exists. Then only one TCG_SERVICE_PROTOCOL, TCG2_PROTOCOL, CC_MEASUREMENT_PROTOCOL is exposed.

In the case that, a vTPM is present to emulate the CC MR, then a TDVF should only expose TCG2_PROTOCOL. Otherwise, there will be confusing on the final event log.

Thank you
Yao Jiewen

> -----Original Message-----
> From: Sami Mujawar <sami.mujawar at arm.com>
> Sent: Thursday, November 4, 2021 10:18 PM
> To: Xu, Min M <min.m.xu at intel.com>; devel at edk2.groups.io;
> kraxel at redhat.com
> Cc: Kinney, Michael D <michael.d.kinney at intel.com>; Liming Gao
> <gaoliming at byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu at intel.com>; Yao,
> Jiewen <jiewen.yao at intel.com>; Wang, Jian J <jian.j.wang at intel.com>; nd
> <nd at arm.com>
> Subject: Re: [edk2-devel] [PATCH V4 3/3] SecurityPkg: Support
> CcMeasurementProtocol in DxeTpmMeasurementLib
> 
> Hi Min,
> 
> Please find my response inline marked [SAMI].
> 
> Regards,
> 
> Sami Mujawar
> 
> 
> On 04/11/2021 01:49 PM, Xu, Min M wrote:
> > On November 4, 2021 9:35 PM, Xu Min wrote:
> >> On November 4, 2021 4:21 PM, Gerd Hoffmann wrote:
> >>>    Hi,
> >>>
> >>>> [SAMI] Apologies, I missed this in my previous review. I think the
> >>>> behaviour if both the TCG2 and CC measurement protocols are
> >>>> installed would be inconsistent between DxeTpmMeasurementLib and
> >>>> DxeTpm2MeasureBootLib. The main difference being in the later, the
> >>>> TCG2 protocol takes precedence for extending the measurement.
> >>> Yes, we should have consistent behavior in both cases.
> >> In DxeTpmMeasurementLib, Cc measurement protocol is used as the first try.
> If
> >> it fails, then it try to measure with TCG2 / TCG protocol in turn.
> >> In DxeTpm2MeasureBootLib, TCG2 protocol is used the as the first try. If it
> fails,
> >> CC measurement protocol is tried in turn.
> >> Yes, this is inconsistent. I will update DxeTpm2MeasureBootLib to try Cc
> >> measurement protocol first, then try TCG2 protocol if Cc measurement
> protocol
> >> fails. In this way, only one protocol will be called to do the measurement. But
> >> TCG2 protocol is the first try, CC measurement protocol is the second try.
> >>
> >>>> I think it would be good to modify DxeTpm2MeasureBootLib so that the
> >>>> CC measurement protocol is used if both protocols are installed.
> >>>> What do you think?
> >>> Does it makes sense to use both protocols?
> >> Agree with Gerd. I don't think we should use both protocols to do the
> >> measurement.
> >> My suggestion is that, first try CC protocol, if it fails, then try TCG2 protocol.
> Just
> >> as I explained above.
> > Another option will be that:
> > In DxeTpmMeasurementLib the pseudo would look like:
> > If (CC Protocol is installed) {
> >    Status = CcMeasureAndLogData (...)
> > } else {  // below is the original code
> >   Status = Tpm20MeasureAndLogData (...)
> >   If (EFI_ERROR (Status)) {
> >      Status = Tpm12MeasureAndLogData (...)
> >   }
> > }
> >
> > In DxeTpm2MeasureBootLib, the pseudo would look like:
> > If (CC Protocol is installed) {
> >      Status = DoCcMeasureBoot(...)
> > } else if (TCG2 protocol is installed) {
> >      Status = DoTcg2MeasureBoot(...)
> > }
> [SAMI] Your pseudo code looks good to me. It makes the measurement logic
> much clearer.
>   Also, I am not aware if there is a use-case for both the CC Protocol
> and the TCG2 protocols to be installed at the same time.
> [/SAMI]
> > Sami & Gerd
> > What's your thougth?
> >
> > Thanks
> > Min

-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#83346): https://edk2.groups.io/g/devel/message/83346
Mute This Topic: https://groups.io/mt/86758672/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-