<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">I am OK to add API to the library.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am OK to add one function call to dump PCR[0] in TcgPei to show if there is any measurement before BIOS. That is good use case for BootGuard.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">But I don’t think we need dump the PCR every time in PCR_Extend – assuming TPM hardware is good, then it should always be correct.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you<o:p></o:p></p>
<p class="MsoNormal">Yao Jiewen<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>
<br>
<b>Sent:</b> Tuesday, August 10, 2021 2:41 PM<br>
<b>To:</b> Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io<br>
<b>Cc:</b> Wang, Jian J <jian.j.wang@intel.com><br>
<b>Subject:</b> Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black">Hi Jiewen,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black">The intention of such API would be to ease debugging and auditing PCR attestation along the boot; it <span style="background:white">has been a common task while debugging
several issues and TPM configurations.</span><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black">a) Configurations in which BIOS is not the S-CRTM and we need to attest what has been measured to the TPM prior to any measurements performed by BIOS.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black">b) Verifying the values in all the active and supported PCR banks: attestation or capping of the PCRs. (See
<a href="https://bugzilla.tianocore.org/show_bug.cgi?id=3515" title="https://bugzilla.tianocore.org/show_bug.cgi?id=3515">
BZ: 3515</a>) <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black;background:white">Such API together with the TCG event log print out it allows us to audit and debug the measured boot sequence.</span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black">Regards,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;color:black">-Rodrigo<o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="98%" align="center">
</div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> Yao, Jiewen <<a href="mailto:jiewen.yao@intel.com">jiewen.yao@intel.com</a>><br>
<b>Sent:</b> Sunday, August 8, 2021 6:24 PM<br>
<b>To:</b> Gonzalez Del Cueto, Rodrigo <<a href="mailto:rodrigo.gonzalez.del.cueto@intel.com">rodrigo.gonzalez.del.cueto@intel.com</a>>;
<a href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a> <<a href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a>><br>
<b>Cc:</b> Wang, Jian J <<a href="mailto:jian.j.wang@intel.com">jian.j.wang@intel.com</a>><br>
<b>Subject:</b> RE: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.</span>
<o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Some feedback:<br>
<br>
1) I think it is OK to add Tpm2PcrReadForActiveBank() API.<br>
But I feel we will add too many noise to dump Tpm2PcrReadForActiveBank() in the code everytime.<br>
I am not sure why it is needed.<br>
What is the problem statement?<br>
<br>
2) Below definition does not follow EDKII coding style. Please use 2 "space" as indent.<br>
EFI_STATUS<br>
EFIAPI<br>
Tpm2PcrReadForActiveBank (<br>
IN TPMI_DH_PCR PcrHandle,<br>
OUT TPML_DIGEST *HashList<br>
)<br>
<br>
<br>
<br>
> -----Original Message-----<br>
> From: Gonzalez Del Cueto, Rodrigo <<a href="mailto:rodrigo.gonzalez.del.cueto@intel.com">rodrigo.gonzalez.del.cueto@intel.com</a>><br>
> Sent: Friday, July 30, 2021 6:43 AM<br>
> To: <a href="mailto:devel@edk2.groups.io">devel@edk2.groups.io</a><br>
> Cc: Gonzalez Del Cueto, Rodrigo <<a href="mailto:rodrigo.gonzalez.del.cueto@intel.com">rodrigo.gonzalez.del.cueto@intel.com</a>>; Yao,<br>
> Jiewen <<a href="mailto:jiewen.yao@intel.com">jiewen.yao@intel.com</a>>; Wang, Jian J <<a href="mailto:jian.j.wang@intel.com">jian.j.wang@intel.com</a>><br>
> Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.<br>
> <br>
> REF: <a href="https://bugzilla.tianocore.org/show_bug.cgi?id=2858">https://bugzilla.tianocore.org/show_bug.cgi?id=2858</a><br>
> <br>
> Add debug functionality to examine TPM extend operations<br>
> performed by BIOS and inspect the PCR 00 value prior to<br>
> any BIOS measurements.<br>
> <br>
> Replaced usage of EFI_D_* for DEBUG_* definitions in debug<br>
> messages.<br>
> <br>
> Signed-off-by: Rodrigo Gonzalez del Cueto<br>
> <<a href="mailto:rodrigo.gonzalez.del.cueto@intel.com">rodrigo.gonzalez.del.cueto@intel.com</a>><br>
> Cc: Jiewen Yao <<a href="mailto:jiewen.yao@intel.com">jiewen.yao@intel.com</a>><br>
> Cc: Jian J Wang <<a href="mailto:jian.j.wang@intel.com">jian.j.wang@intel.com</a>><br>
> ---<br>
> SecurityPkg/Include/Library/Tpm2CommandLib.h | 28<br>
> ++++++++++++++++++++++------<br>
> SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 226<br>
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br>
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br>
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br>
> ++++++++-----------------------<br>
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 34 ++++++++++++++++++++------<br>
> --------<br>
> 3 files changed, 245 insertions(+), 43 deletions(-)<br>
> <br>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h<br>
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h<br>
> index ee8eb62295..5e5c340893 100644<br>
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h<br>
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h<br>
> @@ -1,7 +1,7 @@<br>
> /** @file<br>
> This library is used by other modules to send TPM2 command.<br>
> <br>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR><br>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR><br>
> SPDX-License-Identifier: BSD-2-Clause-Patent<br>
> <br>
> **/<br>
> @@ -505,7 +505,7 @@ EFIAPI<br>
> Tpm2PcrEvent (<br>
> IN TPMI_DH_PCR PcrHandle,<br>
> IN TPM2B_EVENT *EventData,<br>
> - OUT TPML_DIGEST_VALUES *Digests<br>
> + OUT TPML_DIGEST_VALUES *Digests<br>
> );<br>
> <br>
> /**<br>
> @@ -522,10 +522,10 @@ Tpm2PcrEvent (<br>
> EFI_STATUS<br>
> EFIAPI<br>
> Tpm2PcrRead (<br>
> - IN TPML_PCR_SELECTION *PcrSelectionIn,<br>
> - OUT UINT32 *PcrUpdateCounter,<br>
> - OUT TPML_PCR_SELECTION *PcrSelectionOut,<br>
> - OUT TPML_DIGEST *PcrValues<br>
> + IN TPML_PCR_SELECTION *PcrSelectionIn,<br>
> + OUT UINT32 *PcrUpdateCounter,<br>
> + OUT TPML_PCR_SELECTION *PcrSelectionOut,<br>
> + OUT TPML_DIGEST *PcrValues<br>
> );<br>
> <br>
> /**<br>
> @@ -1113,4 +1113,20 @@ GetDigestFromDigestList(<br>
> OUT VOID *Digest<br>
> );<br>
> <br>
> + /**<br>
> + This function will query the TPM to determine which hashing algorithms and<br>
> + get the digests of all active and supported PCR banks of a specific PCR<br>
> register.<br>
> +<br>
> + @param[in] PcrHandle The index of the PCR register to be read.<br>
> + @param[out] HashList List of digests from PCR register being read.<br>
> +<br>
> + @retval EFI_SUCCESS The Pcr was read successfully.<br>
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.<br>
> +**/<br>
> +EFI_STATUS<br>
> +EFIAPI<br>
> +Tpm2PcrReadForActiveBank (<br>
> + IN TPMI_DH_PCR PcrHandle,<br>
> + OUT TPML_DIGEST *HashList<br>
> + );<br>
> #endif<br>
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c<br>
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c<br>
> index ddb15178fb..3b49192b93 100644<br>
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c<br>
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c<br>
> @@ -1,7 +1,7 @@<br>
> /** @file<br>
> Implement TPM2 Integrity related command.<br>
> <br>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR><br>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR><br>
> SPDX-License-Identifier: BSD-2-Clause-Patent<br>
> <br>
> **/<br>
> @@ -109,7 +109,6 @@ Tpm2PcrExtend (<br>
> Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend);<br>
> Cmd.PcrHandle = SwapBytes32(PcrHandle);<br>
> <br>
> -<br>
> //<br>
> // Add in Auth session<br>
> //<br>
> @@ -130,14 +129,26 @@ Tpm2PcrExtend (<br>
> Buffer += sizeof(UINT16);<br>
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);<br>
> if (DigestSize == 0) {<br>
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-<br>
> >digests[Index].hashAlg));<br>
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-<br>
> >digests[Index].hashAlg));<br>
> return EFI_DEVICE_ERROR;<br>
> }<br>
> +<br>
> CopyMem(<br>
> Buffer,<br>
> &Digests->digests[Index].digest,<br>
> DigestSize<br>
> );<br>
> +<br>
> + DEBUG_CODE_BEGIN ();<br>
> + UINTN Index2;<br>
> + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d],<br>
> digest = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));<br>
> +<br>
> + for (Index2 = 0; Index2 < DigestSize; Index2++) {<br>
> + DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2]));<br>
> + }<br>
> + DEBUG ((DEBUG_VERBOSE, "\n"));<br>
> + DEBUG_CODE_END ();<br>
> +<br>
> Buffer += DigestSize;<br>
> }<br>
> <br>
> @@ -151,7 +162,7 @@ Tpm2PcrExtend (<br>
> }<br>
> <br>
> if (ResultBufSize > sizeof(Res)) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer<br>
> Too Small\r\n"));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer<br>
> Too Small\r\n"));<br>
> return EFI_BUFFER_TOO_SMALL;<br>
> }<br>
> <br>
> @@ -160,7 +171,7 @@ Tpm2PcrExtend (<br>
> //<br>
> RespSize = SwapBytes32(Res.Header.paramSize);<br>
> if (RespSize > sizeof(Res)) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",<br>
> RespSize));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",<br>
> RespSize));<br>
> return EFI_BUFFER_TOO_SMALL;<br>
> }<br>
> <br>
> @@ -168,10 +179,15 @@ Tpm2PcrExtend (<br>
> // Fail if command failed<br>
> //<br>
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n",<br>
> SwapBytes32(Res.Header.responseCode)));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error!<br>
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));<br>
> return EFI_DEVICE_ERROR;<br>
> }<br>
> <br>
> + DEBUG_CODE_BEGIN ();<br>
> + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n"));<br>
> + Tpm2PcrReadForActiveBank (PcrHandle, NULL);<br>
> + DEBUG_CODE_END ();<br>
> +<br>
> //<br>
> // Unmarshal the response<br>
> //<br>
> @@ -246,7 +262,7 @@ Tpm2PcrEvent (<br>
> }<br>
> <br>
> if (ResultBufSize > sizeof(Res)) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer<br>
> Too Small\r\n"));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer<br>
> Too Small\r\n"));<br>
> return EFI_BUFFER_TOO_SMALL;<br>
> }<br>
> <br>
> @@ -255,7 +271,7 @@ Tpm2PcrEvent (<br>
> //<br>
> RespSize = SwapBytes32(Res.Header.paramSize);<br>
> if (RespSize > sizeof(Res)) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",<br>
> RespSize));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",<br>
> RespSize));<br>
> return EFI_BUFFER_TOO_SMALL;<br>
> }<br>
> <br>
> @@ -263,7 +279,7 @@ Tpm2PcrEvent (<br>
> // Fail if command failed<br>
> //<br>
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n",<br>
> SwapBytes32(Res.Header.responseCode)));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error!<br>
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));<br>
> return EFI_DEVICE_ERROR;<br>
> }<br>
> <br>
> @@ -284,7 +300,7 @@ Tpm2PcrEvent (<br>
> Buffer += sizeof(UINT16);<br>
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);<br>
> if (DigestSize == 0) {<br>
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-<br>
> >digests[Index].hashAlg));<br>
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-<br>
> >digests[Index].hashAlg));<br>
> return EFI_DEVICE_ERROR;<br>
> }<br>
> CopyMem(<br>
> @@ -298,6 +314,7 @@ Tpm2PcrEvent (<br>
> return EFI_SUCCESS;<br>
> }<br>
> <br>
> +<br>
> /**<br>
> This command returns the values of all PCR specified in pcrSelect.<br>
> <br>
> @@ -353,11 +370,11 @@ Tpm2PcrRead (<br>
> }<br>
> <br>
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",<br>
> RecvBufferSize));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",<br>
> RecvBufferSize));<br>
> return EFI_DEVICE_ERROR;<br>
> }<br>
> if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n",<br>
> SwapBytes32(RecvBuffer.Header.responseCode)));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n",<br>
> SwapBytes32(RecvBuffer.Header.responseCode)));<br>
> return EFI_NOT_FOUND;<br>
> }<br>
> <br>
> @@ -369,7 +386,7 @@ Tpm2PcrRead (<br>
> // PcrUpdateCounter<br>
> //<br>
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +<br>
> sizeof(RecvBuffer.PcrUpdateCounter)) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",<br>
> RecvBufferSize));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",<br>
> RecvBufferSize));<br>
> return EFI_DEVICE_ERROR;<br>
> }<br>
> *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);<br>
> @@ -378,7 +395,7 @@ Tpm2PcrRead (<br>
> // PcrSelectionOut<br>
> //<br>
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +<br>
> sizeof(RecvBuffer.PcrUpdateCounter) +<br>
> sizeof(RecvBuffer.PcrSelectionOut.count)) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",<br>
> RecvBufferSize));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",<br>
> RecvBufferSize));<br>
> return EFI_DEVICE_ERROR;<br>
> }<br>
> PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);<br>
> @@ -388,7 +405,7 @@ Tpm2PcrRead (<br>
> }<br>
> <br>
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +<br>
> sizeof(RecvBuffer.PcrUpdateCounter) +<br>
> sizeof(RecvBuffer.PcrSelectionOut.count) +<br>
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",<br>
> RecvBufferSize));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",<br>
> RecvBufferSize));<br>
> return EFI_DEVICE_ERROR;<br>
> }<br>
> for (Index = 0; Index < PcrSelectionOut->count; Index++) {<br>
> @@ -513,7 +530,7 @@ Tpm2PcrAllocate (<br>
> }<br>
> <br>
> if (ResultBufSize > sizeof(Res)) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer<br>
> Too Small\r\n"));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand:<br>
> Buffer Too Small\r\n"));<br>
> Status = EFI_BUFFER_TOO_SMALL;<br>
> goto Done;<br>
> }<br>
> @@ -523,7 +540,7 @@ Tpm2PcrAllocate (<br>
> //<br>
> RespSize = SwapBytes32(Res.Header.paramSize);<br>
> if (RespSize > sizeof(Res)) {<br>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n",<br>
> RespSize));<br>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too<br>
> large! %d\r\n", RespSize));<br>
> Status = EFI_BUFFER_TOO_SMALL;<br>
> goto Done;<br>
> }<br>
> @@ -532,7 +549,7 @@ Tpm2PcrAllocate (<br>
> // Fail if command failed<br>
> //<br>
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {<br>
> - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n",<br>
> SwapBytes32(Res.Header.responseCode)));<br>
> + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error!<br>
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));<br>
> Status = EFI_DEVICE_ERROR;<br>
> goto Done;<br>
> }<br>
> @@ -673,17 +690,180 @@ Tpm2PcrAllocateBanks (<br>
> &SizeNeeded,<br>
> &SizeAvailable<br>
> );<br>
> - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",<br>
> Status));<br>
> + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",<br>
> Status));<br>
> if (EFI_ERROR (Status)) {<br>
> goto Done;<br>
> }<br>
> <br>
> - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));<br>
> - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));<br>
> - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));<br>
> - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));<br>
> + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));<br>
> + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR));<br>
> + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded));<br>
> + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));<br>
> <br>
> Done:<br>
> ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));<br>
> return Status;<br>
> }<br>
> +<br>
> +/**<br>
> + This function will query the TPM to determine which hashing algorithms and<br>
> + get the digests of all active and supported PCR banks of a specific PCR<br>
> register.<br>
> +<br>
> + @param[in] PcrHandle The index of the PCR register to be read.<br>
> + @param[out] HashList List of digests from PCR register being read.<br>
> +<br>
> + @retval EFI_SUCCESS The Pcr was read successfully.<br>
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.<br>
> +**/<br>
> +EFI_STATUS<br>
> +EFIAPI<br>
> +Tpm2PcrReadForActiveBank (<br>
> + IN TPMI_DH_PCR PcrHandle,<br>
> + OUT TPML_DIGEST *HashList<br>
> +)<br>
> +{<br>
> + EFI_STATUS Status;<br>
> + TPML_PCR_SELECTION Pcrs;<br>
> + TPML_PCR_SELECTION PcrSelectionIn;<br>
> + TPML_PCR_SELECTION PcrSelectionOut;<br>
> + TPML_DIGEST PcrValues;<br>
> + UINT32 PcrUpdateCounter;<br>
> + UINT8 PcrIndex;<br>
> + UINT32 TpmHashAlgorithmBitmap;<br>
> + TPMI_ALG_HASH CurrentPcrBankHash;<br>
> + UINT32 ActivePcrBanks;<br>
> + UINT32 TcgRegistryHashAlg;<br>
> + UINTN Index;<br>
> + UINTN Index2;<br>
> +<br>
> + PcrIndex = (UINT8) PcrHandle;<br>
> +<br>
> + if ((PcrIndex < 0) ||<br>
> + (PcrIndex >= IMPLEMENTATION_PCR)) {<br>
> + return EFI_INVALID_PARAMETER;<br>
> + }<br>
> +<br>
> + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));<br>
> + ZeroMem (&PcrUpdateCounter, sizeof (UINT32));<br>
> + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));<br>
> + ZeroMem (&PcrValues, sizeof (PcrValues));<br>
> + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));<br>
> +<br>
> + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));<br>
> +<br>
> + //<br>
> + // Read TPM capabilities<br>
> + //<br>
> + Status = Tpm2GetCapabilityPcrs (&Pcrs);<br>
> +<br>
> + if (EFI_ERROR (Status)) {<br>
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));<br>
> + return EFI_DEVICE_ERROR;<br>
> + }<br>
> +<br>
> + //<br>
> + // Get Active Pcrs<br>
> + //<br>
> + Status = Tpm2GetCapabilitySupportedAndActivePcrs (<br>
> + &TpmHashAlgorithmBitmap,<br>
> + &ActivePcrBanks<br>
> + );<br>
> +<br>
> + if (EFI_ERROR (Status)) {<br>
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and<br>
> active PCRs\n"));<br>
> + return EFI_DEVICE_ERROR;<br>
> + }<br>
> +<br>
> + //<br>
> + // Select from Active PCRs<br>
> + //<br>
> + for (Index = 0; Index < Pcrs.count; Index++) {<br>
> + CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;<br>
> +<br>
> + switch (CurrentPcrBankHash) {<br>
> + case TPM_ALG_SHA1:<br>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));<br>
> + TcgRegistryHashAlg = HASH_ALG_SHA1;<br>
> + break;<br>
> + case TPM_ALG_SHA256:<br>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));<br>
> + TcgRegistryHashAlg = HASH_ALG_SHA256;<br>
> + break;<br>
> + case TPM_ALG_SHA384:<br>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));<br>
> + TcgRegistryHashAlg = HASH_ALG_SHA384;<br>
> + break;<br>
> + case TPM_ALG_SHA512:<br>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));<br>
> + TcgRegistryHashAlg = HASH_ALG_SHA512;<br>
> + break;<br>
> + case TPM_ALG_SM3_256:<br>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));<br>
> + TcgRegistryHashAlg = HASH_ALG_SM3_256;<br>
> + break;<br>
> + default:<br>
> + //<br>
> + // Unsupported algorithm<br>
> + //<br>
> + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));<br>
> + TcgRegistryHashAlg = 0;<br>
> + break;<br>
> + }<br>
> + //<br>
> + // Skip unsupported and inactive PCR banks<br>
> + //<br>
> + if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {<br>
> + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank:<br>
> 0x%04x\n", CurrentPcrBankHash));<br>
> + continue;<br>
> + }<br>
> +<br>
> + //<br>
> + // Select PCR from current active bank<br>
> + //<br>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =<br>
> Pcrs.pcrSelections[Index].hash;<br>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =<br>
> PCR_SELECT_MAX;<br>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex <<br>
> 8) ? 1 << PcrIndex : 0;<br>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex ><br>
> 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;<br>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex ><br>
> 15) ? 1 << (PcrIndex - 16) : 0;<br>
> + PcrSelectionIn.count++;<br>
> + }<br>
> +<br>
> + //<br>
> + // Read PCRs<br>
> + //<br>
> + Status = Tpm2PcrRead (<br>
> + &PcrSelectionIn,<br>
> + &PcrUpdateCounter,<br>
> + &PcrSelectionOut,<br>
> + &PcrValues<br>
> + );<br>
> +<br>
> + if (EFI_ERROR (Status)) {<br>
> + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));<br>
> + return EFI_DEVICE_ERROR;<br>
> + }<br>
> +<br>
> + for (Index = 0; Index < PcrValues.count; Index++) {<br>
> + DEBUG ((<br>
> + DEBUG_INFO,<br>
> + "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",<br>
> + PcrSelectionOut.pcrSelections[Index].hash,<br>
> + PcrIndex<br>
> + ));<br>
> +<br>
> + for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {<br>
> + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));<br>
> + }<br>
> + DEBUG ((DEBUG_INFO, "\n"));<br>
> + }<br>
> +<br>
> + if (HashList != NULL) {<br>
> + CopyMem (<br>
> + HashList,<br>
> + &PcrValues,<br>
> + sizeof (TPML_DIGEST)<br>
> + );<br>
> + }<br>
> +<br>
> + return EFI_SUCCESS;<br>
> +}<br>
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c<br>
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c<br>
> index 93a8803ff6..ea79fa0af6 100644<br>
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c<br>
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c<br>
> @@ -1,7 +1,7 @@<br>
> /** @file<br>
> Initialize TPM2 device and measure FVs before handing off control to DXE.<br>
> <br>
> -Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR><br>
> +Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR><br>
> Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR><br>
> SPDX-License-Identifier: BSD-2-Clause-Patent<br>
> <br>
> @@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {<br>
> }<br>
> };<br>
> <br>
> -<br>
> /**<br>
> Record all measured Firmware Volume Information into a Guid Hob<br>
> Guid Hob payload layout is<br>
> @@ -267,7 +266,7 @@ SyncPcrAllocationsAndPcrMask (<br>
> UINT32 Tpm2PcrMask;<br>
> UINT32 NewTpm2PcrMask;<br>
> <br>
> - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));<br>
> + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));<br>
> <br>
> //<br>
> // Determine the current TPM support and the Platform PCR mask.<br>
> @@ -278,7 +277,7 @@ SyncPcrAllocationsAndPcrMask (<br>
> Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);<br>
> if (Tpm2PcrMask == 0) {<br>
> //<br>
> - // if PcdTPm2HashMask is zero, use ActivePcr setting<br>
> + // if PcdTpm2HashMask is zero, use ActivePcr setting<br>
> //<br>
> PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);<br>
> Tpm2PcrMask = TpmActivePcrBanks;<br>
> @@ -297,9 +296,9 @@ SyncPcrAllocationsAndPcrMask (<br>
> if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {<br>
> NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;<br>
> <br>
> - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",<br>
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));<br>
> + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",<br>
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));<br>
> if (NewTpmActivePcrBanks == 0) {<br>
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less<br>
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));<br>
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less<br>
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));<br>
> ASSERT (FALSE);<br>
> } else {<br>
> Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap,<br>
> NewTpmActivePcrBanks);<br>
> @@ -307,7 +306,7 @@ SyncPcrAllocationsAndPcrMask (<br>
> //<br>
> // We can't do much here, but we hope that this doesn't happen.<br>
> //<br>
> - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n",<br>
> __FUNCTION__));<br>
> + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n",<br>
> __FUNCTION__));<br>
> ASSERT_EFI_ERROR (Status);<br>
> }<br>
> //<br>
> @@ -324,9 +323,9 @@ SyncPcrAllocationsAndPcrMask (<br>
> if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {<br>
> NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;<br>
> <br>
> - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to<br>
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));<br>
> + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to<br>
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));<br>
> if (NewTpm2PcrMask == 0) {<br>
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less<br>
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));<br>
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less<br>
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));<br>
> ASSERT (FALSE);<br>
> }<br>
> <br>
> @@ -365,7 +364,7 @@ LogHashEvent (<br>
> RetStatus = EFI_SUCCESS;<br>
> for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]);<br>
> Index++) {<br>
> if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {<br>
> - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n",<br>
> mTcg2EventInfo[Index].LogFormat));<br>
> + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n",<br>
> mTcg2EventInfo[Index].LogFormat));<br>
> switch (mTcg2EventInfo[Index].LogFormat) {<br>
> case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:<br>
> Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList,<br>
> &NewEventHdr->Digest);<br>
> @@ -476,7 +475,7 @@ HashLogExtendEvent (<br>
> }<br>
> <br>
> if (Status == EFI_DEVICE_ERROR) {<br>
> - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));<br>
> + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n",<br>
> Status));<br>
> BuildGuidHob (&gTpmErrorHobGuid,0);<br>
> REPORT_STATUS_CODE (<br>
> EFI_ERROR_CODE | EFI_ERROR_MINOR,<br>
> @@ -1011,7 +1010,7 @@ PeimEntryMA (<br>
> }<br>
> <br>
> if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {<br>
> - DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));<br>
> + DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));<br>
> return EFI_DEVICE_ERROR;<br>
> }<br>
> <br>
> @@ -1075,7 +1074,7 @@ PeimEntryMA (<br>
> for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {<br>
> Status = MeasureSeparatorEventWithError (PcrIndex);<br>
> if (EFI_ERROR (Status)) {<br>
> - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured.<br>
> Error!\n"));<br>
> + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured.<br>
> Error!\n"));<br>
> }<br>
> }<br>
> }<br>
> @@ -1092,6 +1091,13 @@ PeimEntryMA (<br>
> }<br>
> }<br>
> <br>
> + DEBUG_CODE_BEGIN ();<br>
> + //<br>
> + // Peek into TPM PCR 00 before any BIOS measurement.<br>
> + //<br>
> + Tpm2PcrReadForActiveBank (00, NULL);<br>
> + DEBUG_CODE_END ();<br>
> +<br>
> //<br>
> // Only install TpmInitializedPpi on success<br>
> //<br>
> @@ -1106,7 +1112,7 @@ PeimEntryMA (<br>
> <br>
> Done:<br>
> if (EFI_ERROR (Status)) {<br>
> - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));<br>
> + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));<br>
> BuildGuidHob (&gTpmErrorHobGuid,0);<br>
> REPORT_STATUS_CODE (<br>
> EFI_ERROR_CODE | EFI_ERROR_MINOR,<br>
> --<br>
> 2.31.1.windows.1<o:p></o:p></p>
</div>
</div>
</div>
</div>
</body>
</html>
<div width="1" style="color:white;clear:both">_._,_._,_</div> <hr> Groups.io Links:<p> You receive all messages sent to this group. <p> <a target="_blank" href="https://edk2.groups.io/g/devel/message/79086">View/Reply Online (#79086)</a> | | <a target="_blank" href="https://groups.io/mt/84539589/1813853">Mute This Topic</a> | <a href="https://edk2.groups.io/g/devel/post">New Topic</a><br> <a href="https://edk2.groups.io/g/devel/editsub/1813853">Your Subscription</a> | <a href="mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> | <a href="https://edk2.groups.io/g/devel/unsub">Unsubscribe</a> [edk2-devel-archive@redhat.com]<br> <div width="1" style="color:white;clear:both">_._,_._,_</div>