<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <meta name="Generator" content="Microsoft Word 15 (filtered medium)"> <style></style> </head> <body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word"> <div class="WordSection1"> I am OK to add API to the library.<o:p></o:p> <o:p> </o:p> I am OK to add one function call to dump PCR[0] in TcgPei to show if there is any measurement before BIOS. That is good use case for BootGuard.<o:p></o:p> <o:p> </o:p> But I don’t think we need dump the PCR every time in PCR_Extend – assuming TPM hardware is good, then it should always be correct.<o:p></o:p> <o:p> </o:p> Thank you<o:p></o:p> Yao Jiewen<o:p></o:p> <o:p> </o:p> <div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt"> <div> <div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in"> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com> Sent: Tuesday, August 10, 2021 2:41 PM To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io Cc: Wang, Jian J <jian.j.wang@intel.com> Subject: Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.<o:p></o:p> </div> </div> <o:p> </o:p> <div> Hi Jiewen,<o:p></o:p> </div> <div> <o:p> </o:p> </div> <div> The intention of such API would be to ease debugging and auditing PCR attestation along the boot; it has been a common task while debugging several issues and TPM configurations.<o:p></o:p> </div> <div> <o:p> </o:p> </div> <div> a) Configurations in which BIOS is not the S-CRTM and we need to attest what has been measured to the TPM prior to any measurements performed by BIOS.<o:p></o:p> </div> <div> b) Verifying the values in all the active and supported PCR banks: attestation or capping of the PCRs. (See <a href="https://bugzilla.tianocore.org/show_bug.cgi?id=3515" title="https://bugzilla.tianocore.org/show_bug.cgi?id=3515"> BZ: 3515</a>) <o:p></o:p> </div> <div> <o:p> </o:p> </div> <div> Such API together with the TCG event log print out it allows us to audit and debug the measured boot sequence.<o:p></o:p> </div> <div> <o:p> </o:p> </div> <div> Regards,<o:p></o:p> </div> <div> -Rodrigo<o:p></o:p> </div> <div class="MsoNormal" align="center" style="text-align:center"> <hr size="2" width="98%" align="center"> </div> <div id="divRplyFwdMsg"> From: Yao, Jiewen <<a href="mailto:jiewen.yao@intel.com">jiewen.yao@intel.com</a>> Sent: Sunday, August 8, 2021 6:24 PM To: Gonzalez Del Cueto, Rodrigo <<a href="mailto:rodrigo.gonzalez.del.cueto@intel.com">rodrigo.gonzalez.del.cueto@intel.com</a>>; <a href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a> <<a href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a>> Cc: Wang, Jian J <<a href="mailto:jian.j.wang@intel.com">jian.j.wang@intel.com</a>> Subject: RE: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations. <o:p></o:p> <div> <o:p></o:p> </div> </div> <div> <div> Some feedback: 1) I think it is OK to add Tpm2PcrReadForActiveBank() API. But I feel we will add too many noise to dump Tpm2PcrReadForActiveBank() in the code everytime. I am not sure why it is needed. What is the problem statement? 2) Below definition does not follow EDKII coding style. Please use 2 "space" as indent. EFI_STATUS EFIAPI Tpm2PcrReadForActiveBank ( IN TPMI_DH_PCR PcrHandle, OUT TPML_DIGEST *HashList ) > -----Original Message----- > From: Gonzalez Del Cueto, Rodrigo <<a href="mailto:rodrigo.gonzalez.del.cueto@intel.com">rodrigo.gonzalez.del.cueto@intel.com</a>> > Sent: Friday, July 30, 2021 6:43 AM > To: <a href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a> > Cc: Gonzalez Del Cueto, Rodrigo <<a href="mailto:rodrigo.gonzalez.del.cueto@intel.com">rodrigo.gonzalez.del.cueto@intel.com</a>>; Yao, > Jiewen <<a href="mailto:jiewen.yao@intel.com">jiewen.yao@intel.com</a>>; Wang, Jian J <<a href="mailto:jian.j.wang@intel.com">jian.j.wang@intel.com</a>> > Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations. > > REF: <a href="https://bugzilla.tianocore.org/show_bug.cgi?id=2858">https://bugzilla.tianocore.org/show_bug.cgi?id=2858</a> > > Add debug functionality to examine TPM extend operations > performed by BIOS and inspect the PCR 00 value prior to > any BIOS measurements. > > Replaced usage of EFI_D_* for DEBUG_* definitions in debug > messages. > > Signed-off-by: Rodrigo Gonzalez del Cueto > <<a href="mailto:rodrigo.gonzalez.del.cueto@intel.com">rodrigo.gonzalez.del.cueto@intel.com</a>> > Cc: Jiewen Yao <<a href="mailto:jiewen.yao@intel.com">jiewen.yao@intel.com</a>> > Cc: Jian J Wang <<a href="mailto:jian.j.wang@intel.com">jian.j.wang@intel.com</a>> > --- > SecurityPkg/Include/Library/Tpm2CommandLib.h | 28 > ++++++++++++++++++++++------ > SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 226 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > ++++++++----------------------- > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 34 ++++++++++++++++++++------ > -------- > 3 files changed, 245 insertions(+), 43 deletions(-) > > diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h > b/SecurityPkg/Include/Library/Tpm2CommandLib.h > index ee8eb62295..5e5c340893 100644 > --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h > +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h > @@ -1,7 +1,7 @@ > /** @file > This library is used by other modules to send TPM2 command. > > -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. > +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -505,7 +505,7 @@ EFIAPI > Tpm2PcrEvent ( > IN TPMI_DH_PCR PcrHandle, > IN TPM2B_EVENT *EventData, > - OUT TPML_DIGEST_VALUES *Digests > + OUT TPML_DIGEST_VALUES *Digests > ); > > /** > @@ -522,10 +522,10 @@ Tpm2PcrEvent ( > EFI_STATUS > EFIAPI > Tpm2PcrRead ( > - IN TPML_PCR_SELECTION *PcrSelectionIn, > - OUT UINT32 *PcrUpdateCounter, > - OUT TPML_PCR_SELECTION *PcrSelectionOut, > - OUT TPML_DIGEST *PcrValues > + IN TPML_PCR_SELECTION *PcrSelectionIn, > + OUT UINT32 *PcrUpdateCounter, > + OUT TPML_PCR_SELECTION *PcrSelectionOut, > + OUT TPML_DIGEST *PcrValues > ); > > /** > @@ -1113,4 +1113,20 @@ GetDigestFromDigestList( > OUT VOID *Digest > ); > > + /** > + This function will query the TPM to determine which hashing algorithms and > + get the digests of all active and supported PCR banks of a specific PCR > register. > + > + @param[in] PcrHandle The index of the PCR register to be read. > + @param[out] HashList List of digests from PCR register being read. > + > + @retval EFI_SUCCESS The Pcr was read successfully. > + @retval EFI_DEVICE_ERROR The command was unsuccessful. > +**/ > +EFI_STATUS > +EFIAPI > +Tpm2PcrReadForActiveBank ( > + IN TPMI_DH_PCR PcrHandle, > + OUT TPML_DIGEST *HashList > + ); > #endif > diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > index ddb15178fb..3b49192b93 100644 > --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > @@ -1,7 +1,7 @@ > /** @file > Implement TPM2 Integrity related command. > > -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. > +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. > SPDX-License-Identifier: BSD-2-Clause-Patent > > **/ > @@ -109,7 +109,6 @@ Tpm2PcrExtend ( > Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend); > Cmd.PcrHandle = SwapBytes32(PcrHandle); > > - > // > // Add in Auth session > // > @@ -130,14 +129,26 @@ Tpm2PcrExtend ( > Buffer += sizeof(UINT16); > DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); > if (DigestSize == 0) { > - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > return EFI_DEVICE_ERROR; > } > + > CopyMem( > Buffer, > &Digests->digests[Index].digest, > DigestSize > ); > + > + DEBUG_CODE_BEGIN (); > + UINTN Index2; > + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d], > digest = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle)); > + > + for (Index2 = 0; Index2 < DigestSize; Index2++) { > + DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2])); > + } > + DEBUG ((DEBUG_VERBOSE, "\n")); > + DEBUG_CODE_END (); > + > Buffer += DigestSize; > } > > @@ -151,7 +162,7 @@ Tpm2PcrExtend ( > } > > if (ResultBufSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer > Too Small\r\n")); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer > Too Small\r\n")); > return EFI_BUFFER_TOO_SMALL; > } > > @@ -160,7 +171,7 @@ Tpm2PcrExtend ( > // > RespSize = SwapBytes32(Res.Header.paramSize); > if (RespSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", > RespSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", > RespSize)); > return EFI_BUFFER_TOO_SMALL; > } > > @@ -168,10 +179,15 @@ Tpm2PcrExtend ( > // Fail if command failed > // > if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", > SwapBytes32(Res.Header.responseCode))); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); > return EFI_DEVICE_ERROR; > } > > + DEBUG_CODE_BEGIN (); > + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n")); > + Tpm2PcrReadForActiveBank (PcrHandle, NULL); > + DEBUG_CODE_END (); > + > // > // Unmarshal the response > // > @@ -246,7 +262,7 @@ Tpm2PcrEvent ( > } > > if (ResultBufSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer > Too Small\r\n")); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer > Too Small\r\n")); > return EFI_BUFFER_TOO_SMALL; > } > > @@ -255,7 +271,7 @@ Tpm2PcrEvent ( > // > RespSize = SwapBytes32(Res.Header.paramSize); > if (RespSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", > RespSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", > RespSize)); > return EFI_BUFFER_TOO_SMALL; > } > > @@ -263,7 +279,7 @@ Tpm2PcrEvent ( > // Fail if command failed > // > if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", > SwapBytes32(Res.Header.responseCode))); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); > return EFI_DEVICE_ERROR; > } > > @@ -284,7 +300,7 @@ Tpm2PcrEvent ( > Buffer += sizeof(UINT16); > DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); > if (DigestSize == 0) { > - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > return EFI_DEVICE_ERROR; > } > CopyMem( > @@ -298,6 +314,7 @@ Tpm2PcrEvent ( > return EFI_SUCCESS; > } > > + > /** > This command returns the values of all PCR specified in pcrSelect. > > @@ -353,11 +370,11 @@ Tpm2PcrRead ( > } > > if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > return EFI_DEVICE_ERROR; > } > if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n", > SwapBytes32(RecvBuffer.Header.responseCode))); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", > SwapBytes32(RecvBuffer.Header.responseCode))); > return EFI_NOT_FOUND; > } > > @@ -369,7 +386,7 @@ Tpm2PcrRead ( > // PcrUpdateCounter > // > if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > return EFI_DEVICE_ERROR; > } > *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter); > @@ -378,7 +395,7 @@ Tpm2PcrRead ( > // PcrSelectionOut > // > if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > return EFI_DEVICE_ERROR; > } > PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count); > @@ -388,7 +405,7 @@ Tpm2PcrRead ( > } > > if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count) + > sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > return EFI_DEVICE_ERROR; > } > for (Index = 0; Index < PcrSelectionOut->count; Index++) { > @@ -513,7 +530,7 @@ Tpm2PcrAllocate ( > } > > if (ResultBufSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer > Too Small\r\n")); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: > Buffer Too Small\r\n")); > Status = EFI_BUFFER_TOO_SMALL; > goto Done; > } > @@ -523,7 +540,7 @@ Tpm2PcrAllocate ( > // > RespSize = SwapBytes32(Res.Header.paramSize); > if (RespSize > sizeof(Res)) { > - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", > RespSize)); > + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too > large! %d\r\n", RespSize)); > Status = EFI_BUFFER_TOO_SMALL; > goto Done; > } > @@ -532,7 +549,7 @@ Tpm2PcrAllocate ( > // Fail if command failed > // > if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { > - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", > SwapBytes32(Res.Header.responseCode))); > + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); > Status = EFI_DEVICE_ERROR; > goto Done; > } > @@ -673,17 +690,180 @@ Tpm2PcrAllocateBanks ( > &SizeNeeded, > &SizeAvailable > ); > - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", > Status)); > + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", > Status)); > if (EFI_ERROR (Status)) { > goto Done; > } > > - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); > - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR)); > - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded)); > - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable)); > + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); > + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR)); > + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded)); > + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable)); > > Done: > ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); > return Status; > } > + > +/** > + This function will query the TPM to determine which hashing algorithms and > + get the digests of all active and supported PCR banks of a specific PCR > register. > + > + @param[in] PcrHandle The index of the PCR register to be read. > + @param[out] HashList List of digests from PCR register being read. > + > + @retval EFI_SUCCESS The Pcr was read successfully. > + @retval EFI_DEVICE_ERROR The command was unsuccessful. > +**/ > +EFI_STATUS > +EFIAPI > +Tpm2PcrReadForActiveBank ( > + IN TPMI_DH_PCR PcrHandle, > + OUT TPML_DIGEST *HashList > +) > +{ > + EFI_STATUS Status; > + TPML_PCR_SELECTION Pcrs; > + TPML_PCR_SELECTION PcrSelectionIn; > + TPML_PCR_SELECTION PcrSelectionOut; > + TPML_DIGEST PcrValues; > + UINT32 PcrUpdateCounter; > + UINT8 PcrIndex; > + UINT32 TpmHashAlgorithmBitmap; > + TPMI_ALG_HASH CurrentPcrBankHash; > + UINT32 ActivePcrBanks; > + UINT32 TcgRegistryHashAlg; > + UINTN Index; > + UINTN Index2; > + > + PcrIndex = (UINT8) PcrHandle; > + > + if ((PcrIndex < 0) || > + (PcrIndex >= IMPLEMENTATION_PCR)) { > + return EFI_INVALID_PARAMETER; > + } > + > + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn)); > + ZeroMem (&PcrUpdateCounter, sizeof (UINT32)); > + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut)); > + ZeroMem (&PcrValues, sizeof (PcrValues)); > + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); > + > + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex)); > + > + // > + // Read TPM capabilities > + // > + Status = Tpm2GetCapabilityPcrs (&Pcrs); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n")); > + return EFI_DEVICE_ERROR; > + } > + > + // > + // Get Active Pcrs > + // > + Status = Tpm2GetCapabilitySupportedAndActivePcrs ( > + &TpmHashAlgorithmBitmap, > + &ActivePcrBanks > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and > active PCRs\n")); > + return EFI_DEVICE_ERROR; > + } > + > + // > + // Select from Active PCRs > + // > + for (Index = 0; Index < Pcrs.count; Index++) { > + CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash; > + > + switch (CurrentPcrBankHash) { > + case TPM_ALG_SHA1: > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n")); > + TcgRegistryHashAlg = HASH_ALG_SHA1; > + break; > + case TPM_ALG_SHA256: > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n")); > + TcgRegistryHashAlg = HASH_ALG_SHA256; > + break; > + case TPM_ALG_SHA384: > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n")); > + TcgRegistryHashAlg = HASH_ALG_SHA384; > + break; > + case TPM_ALG_SHA512: > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n")); > + TcgRegistryHashAlg = HASH_ALG_SHA512; > + break; > + case TPM_ALG_SM3_256: > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n")); > + TcgRegistryHashAlg = HASH_ALG_SM3_256; > + break; > + default: > + // > + // Unsupported algorithm > + // > + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n")); > + TcgRegistryHashAlg = 0; > + break; > + } > + // > + // Skip unsupported and inactive PCR banks > + // > + if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) { > + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank: > 0x%04x\n", CurrentPcrBankHash)); > + continue; > + } > + > + // > + // Select PCR from current active bank > + // > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash = > Pcrs.pcrSelections[Index].hash; > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect = > PCR_SELECT_MAX; > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex < > 8) ? 1 << PcrIndex : 0; > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex > > 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0; > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex > > 15) ? 1 << (PcrIndex - 16) : 0; > + PcrSelectionIn.count++; > + } > + > + // > + // Read PCRs > + // > + Status = Tpm2PcrRead ( > + &PcrSelectionIn, > + &PcrUpdateCounter, > + &PcrSelectionOut, > + &PcrValues > + ); > + > + if (EFI_ERROR (Status)) { > + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status)); > + return EFI_DEVICE_ERROR; > + } > + > + for (Index = 0; Index < PcrValues.count; Index++) { > + DEBUG (( > + DEBUG_INFO, > + "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ", > + PcrSelectionOut.pcrSelections[Index].hash, > + PcrIndex > + )); > + > + for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) { > + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2])); > + } > + DEBUG ((DEBUG_INFO, "\n")); > + } > + > + if (HashList != NULL) { > + CopyMem ( > + HashList, > + &PcrValues, > + sizeof (TPML_DIGEST) > + ); > + } > + > + return EFI_SUCCESS; > +} > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > index 93a8803ff6..ea79fa0af6 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > @@ -1,7 +1,7 @@ > /** @file > Initialize TPM2 device and measure FVs before handing off control to DXE. > > -Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved. > +Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved. > Copyright (c) 2017, Microsoft Corporation. All rights reserved. > SPDX-License-Identifier: BSD-2-Clause-Patent > > @@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { > } > }; > > - > /** > Record all measured Firmware Volume Information into a Guid Hob > Guid Hob payload layout is > @@ -267,7 +266,7 @@ SyncPcrAllocationsAndPcrMask ( > UINT32 Tpm2PcrMask; > UINT32 NewTpm2PcrMask; > > - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n")); > + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n")); > > // > // Determine the current TPM support and the Platform PCR mask. > @@ -278,7 +277,7 @@ SyncPcrAllocationsAndPcrMask ( > Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask); > if (Tpm2PcrMask == 0) { > // > - // if PcdTPm2HashMask is zero, use ActivePcr setting > + // if PcdTpm2HashMask is zero, use ActivePcr setting > // > PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks); > Tpm2PcrMask = TpmActivePcrBanks; > @@ -297,9 +296,9 @@ SyncPcrAllocationsAndPcrMask ( > if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) { > NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask; > > - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", > __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks)); > + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", > __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks)); > if (NewTpmActivePcrBanks == 0) { > - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > ASSERT (FALSE); > } else { > Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap, > NewTpmActivePcrBanks); > @@ -307,7 +306,7 @@ SyncPcrAllocationsAndPcrMask ( > // > // We can't do much here, but we hope that this doesn't happen. > // > - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n", > __FUNCTION__)); > + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", > __FUNCTION__)); > ASSERT_EFI_ERROR (Status); > } > // > @@ -324,9 +323,9 @@ SyncPcrAllocationsAndPcrMask ( > if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) { > NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap; > > - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to > 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask)); > + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to > 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask)); > if (NewTpm2PcrMask == 0) { > - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > ASSERT (FALSE); > } > > @@ -365,7 +364,7 @@ LogHashEvent ( > RetStatus = EFI_SUCCESS; > for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); > Index++) { > if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { > - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", > mTcg2EventInfo[Index].LogFormat)); > + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", > mTcg2EventInfo[Index].LogFormat)); > switch (mTcg2EventInfo[Index].LogFormat) { > case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: > Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, > &NewEventHdr->Digest); > @@ -476,7 +475,7 @@ HashLogExtendEvent ( > } > > if (Status == EFI_DEVICE_ERROR) { > - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status)); > + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", > Status)); > BuildGuidHob (&gTpmErrorHobGuid,0); > REPORT_STATUS_CODE ( > EFI_ERROR_CODE | EFI_ERROR_MINOR, > @@ -1011,7 +1010,7 @@ PeimEntryMA ( > } > > if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { > - DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); > + DEBUG ((DEBUG_ERROR, "TPM2 error!\n")); > return EFI_DEVICE_ERROR; > } > > @@ -1075,7 +1074,7 @@ PeimEntryMA ( > for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) { > Status = MeasureSeparatorEventWithError (PcrIndex); > if (EFI_ERROR (Status)) { > - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured. > Error!\n")); > + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured. > Error!\n")); > } > } > } > @@ -1092,6 +1091,13 @@ PeimEntryMA ( > } > } > > + DEBUG_CODE_BEGIN (); > + // > + // Peek into TPM PCR 00 before any BIOS measurement. > + // > + Tpm2PcrReadForActiveBank (00, NULL); > + DEBUG_CODE_END (); > + > // > // Only install TpmInitializedPpi on success > // > @@ -1106,7 +1112,7 @@ PeimEntryMA ( > > Done: > if (EFI_ERROR (Status)) { > - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n")); > + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n")); > BuildGuidHob (&gTpmErrorHobGuid,0); > REPORT_STATUS_CODE ( > EFI_ERROR_CODE | EFI_ERROR_MINOR, > -- > 2.31.1.windows.1<o:p></o:p> </div> </div> </div> </div> </body> </html> <div width="1" style="color:white;clear:both">_._,_._,_</div> <hr> Groups.io Links: You receive all messages sent to this group. <a target="_blank" href="https://edk2.groups.io/g/devel/message/79086">View/Reply Online (#79086)</a> | | <a target="_blank" href="https://groups.io/mt/84539589/1813853">Mute This Topic</a> | <a href="https://edk2.groups.io/g/devel/post">New Topic</a> <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> | <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a> [edk2-devel-archive@redhat.com] <div width="1" style="color:white;clear:both">_._,_._,_</div>