Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.

Mon, 03 Aug 2020 22:54:06 -0700 

The code is already pushed after review.

Please take a look the latest one.

If it does not work, then you can file a new BZ.

Thank you
Yao Jiewen


From: Bret Barkelew <bret.barke...@microsoft.com>
Sent: Tuesday, August 4, 2020 1:05 PM
To: Yao, Jiewen <jiewen....@intel.com>; devel@edk2.groups.io; Zhang, Qi1 
<qi1.zh...@intel.com>; Bret Barkelew <bret.barke...@microsoft.com>
Cc: Wang, Jian J <jian.j.w...@intel.com>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header 
file.

The more I think about it, the more I like your idea of registering early and 
allowing a PPI notification callback.

Is that something we could get in this change, or would it be best to open a 
new BZ to track that request? Thanks!


- Bret

________________________________
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> 
<devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Bret Barkelew 
via groups.io 
<bret.barkelew=microsoft....@groups.io<mailto:bret.barkelew=microsoft....@groups.io>>
Sent: Wednesday, July 15, 2020 8:32 AM
To: Yao, Jiewen <jiewen....@intel.com<mailto:jiewen....@intel.com>>; 
devel@edk2.groups.io<mailto:devel@edk2.groups.io> 
<devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; Zhang, Qi1 
<qi1.zh...@intel.com<mailto:qi1.zh...@intel.com>>
Cc: Wang, Jian J <jian.j.w...@intel.com<mailto:jian.j.w...@intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi 
header file.


Yeah, that's kinda what I was thinking. It seemed like there was a little of 
overlap that might eliminate the need for the extra libs (in our current 
solution).



I'll try to get a more detailed problem statement today, but I think you've got 
the right idea there.



- Bret



From: Yao, Jiewen<mailto:jiewen....@intel.com>
Sent: Wednesday, July 15, 2020 8:20 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, 
Jiewen<mailto:jiewen....@intel.com>; Bret 
Barkelew<mailto:bret.barke...@microsoft.com>; Zhang, 
Qi1<mailto:qi1.zh...@intel.com>
Cc: Wang, Jian J<mailto:jian.j.w...@intel.com>
Subject: [EXTERNAL] RE: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi 
header file.



Maybe we can let TCG PEIM install the TCG_PPI *before* any measurement record, 
then the other PEIM can register a callback to record the HW ROT measurement ?



Thank you

Yao Jiewen



From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> 
<devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Yao, Jiewen
Sent: Wednesday, July 15, 2020 10:45 PM
To: Bret Barkelew 
<bret.barke...@microsoft.com<mailto:bret.barke...@microsoft.com>>; 
devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Zhang, Qi1 
<qi1.zh...@intel.com<mailto:qi1.zh...@intel.com>>
Cc: Wang, Jian J <jian.j.w...@intel.com<mailto:jian.j.w...@intel.com>>
Subject: Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header 
file.



Hi Bret

Do you have a full problem statement or Bugzilla?



If we are resolving same problem, we can resolve altogether.

If we are talking different problem, we can resolve one by one.



Thank you

Yao Jiewen



From: Bret Barkelew 
<bret.barke...@microsoft.com<mailto:bret.barke...@microsoft.com>>
Sent: Wednesday, July 15, 2020 1:53 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Yao, Jiewen 
<jiewen....@intel.com<mailto:jiewen....@intel.com>>; Zhang, Qi1 
<qi1.zh...@intel.com<mailto:qi1.zh...@intel.com>>
Cc: Wang, Jian J <jian.j.w...@intel.com<mailto:jian.j.w...@intel.com>>
Subject: Re: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.



Since we're working on early boot TCG interfaces, is this a good time to 
discuss a standard way to init the log with measurements made by the HW root of 
trust prior to Tcg2Pei? We were using a NULL lib and a registration pattern on 
the PEIM, but I'm open to other ideas, too. Thoughts?



- Bret



From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> 
<devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Yao, Jiewen 
via groups.io 
<jiewen.yao=intel....@groups.io<mailto:jiewen.yao=intel....@groups.io>>
Sent: Tuesday, July 14, 2020 10:08:30 PM
To: Zhang, Qi1 <qi1.zh...@intel.com<mailto:qi1.zh...@intel.com>>; 
devel@edk2.groups.io<mailto:devel@edk2.groups.io> 
<devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Wang, Jian J <jian.j.w...@intel.com<mailto:jian.j.w...@intel.com>>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi 
header file.



Thanks Qi.

I just thought one use case that a PEIM may already have a calculated hash  
(https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&amp;data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&amp;sdata=V3ofX%2Fvs6Pp%2Bc79cQx4iSB6K324Lyptqrj7FtvmDwsc%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fblob%2Fmaster%2FSecurityPkg%2FTcg%2FTcg2Pei%2FTcg2Pei.c%23L652&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cb085558d5f2f4302ec6e08d828d45a24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304239804005314&sdata=Mgd7fbYkhizLUstwfZHiMUwpvnyrzXO1fZLUvEXKvz8%3D&reserved=0>)
We may need add a flag to support this pre-hash use case. Such as:

> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> +  IN      EDKII_TCG_PPI             *This,
>
> +  IN      UINT64                   Flags,  // new field. BIT0 = 0 means 
> HashData is the data to be hashed; BIT0 = 1 means HashData is the pre-hash 
> digest.
>
> +  IN      UINT8                     *HashData,
>
> +  IN      UINTN                     HashDataLen,
>
> +  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
>
> +  IN      UINT8                     *NewEventData
>
> +  );

> -----Original Message-----
> From: Zhang, Qi1 <qi1.zh...@intel.com<mailto:qi1.zh...@intel.com>>
> Sent: Tuesday, July 14, 2020 2:49 PM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Yao, Jiewen <jiewen....@intel.com<mailto:jiewen....@intel.com>>; Wang, 
> Jian J <jian.j.w...@intel.com<mailto:jian.j.w...@intel.com>>;
> Zhang, Chao B <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com>>
> Subject: [PATCH 1/6] SecurityPkg/TcgPpi: Add TcgPpi header file.
>
> From: Jiewen Yao <jiewen....@intel.com<mailto:jiewen....@intel.com>>
>
> REF: 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&amp;data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cbe2bb9ca3e0c4dd95a0a08d8287d21ec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637303865193113145&amp;sdata=VgWc2LNPqJRlBisa%2Bvuqq2THVK62f66uzzqh4cle4Rs%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2841&data=02%7C01%7CBret.Barkelew%40microsoft.com%7Cb085558d5f2f4302ec6e08d828d45a24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637304239804015312&sdata=TjaDY1Uuklf6u8Eo989QiAwZA87XsuIiJ9Z6ygDA6FA%3D&reserved=0>
>
> Cc: Jiewen Yao <jiewen....@intel.com<mailto:jiewen....@intel.com>>
> Cc: Jian J Wang <jian.j.w...@intel.com<mailto:jian.j.w...@intel.com>>
> Cc: Chao Zhang <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com>>
> Signed-off-by: Jiewen Yao <jiewen....@intel.com<mailto:jiewen....@intel.com>>
> ---
>  SecurityPkg/Include/Ppi/Tcg.h | 50 +++++++++++++++++++++++++++++++++++
>  1 file changed, 50 insertions(+)
>  create mode 100644 SecurityPkg/Include/Ppi/Tcg.h
>
> diff --git a/SecurityPkg/Include/Ppi/Tcg.h b/SecurityPkg/Include/Ppi/Tcg.h
> new file mode 100644
> index 0000000000..4eacd57166
> --- /dev/null
> +++ b/SecurityPkg/Include/Ppi/Tcg.h
> @@ -0,0 +1,50 @@
> +/** @file
>
> +  TCG PPI services.
>
> +
>
> +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
>
> +SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +
>
> +**/
>
> +
>
> +#ifndef _TCG_PPI_H_
>
> +#define _TCG_PPI_H_
>
> +
>
> +#include <IndustryStandard/UefiTcgPlatform.h>
>
> +
>
> +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI;
>
> +
>
> +/**
>
> +  Tpm measure and log data, and extend the measurement result into a specific
> PCR.
>
> +
>
> +  @param[in]      This          Indicates the calling context
>
> +  @param[in]      HashData      Physical address of the start of the data 
> buffer
>
> +                                to be hashed, extended, and logged.
>
> +  @param[in]      HashDataLen   The length, in bytes, of the buffer 
> referenced by
> HashData.
>
> +  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data
> structure.
>
> +  @param[in]      NewEventData  Pointer to the new event data.
>
> +
>
> +  @retval EFI_SUCCESS           Operation completed successfully.
>
> +  @retval EFI_UNSUPPORTED       TPM device not available.
>
> +  @retval EFI_OUT_OF_RESOURCES  Out of memory.
>
> +  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
>
> +**/
>
> +typedef
>
> +EFI_STATUS
>
> +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)(
>
> +  IN      EDKII_TCG_PPI             *This,
>
> +  IN      UINT8                     *HashData,
>
> +  IN      UINTN                     HashDataLen,
>
> +  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,
>
> +  IN      UINT8                     *NewEventData
>
> +  );
>
> +
>
> +///
>
> +/// The EFI_TCG Protocol abstracts TCG activity.
>
> +///
>
> +struct _EDKII_TCG_PPI {
>
> +  EDKII_TCG_HASH_LOG_EXTEND_EVENT     HashLogExtendEvent;
>
> +};
>
> +
>
> +extern EFI_GUID gEdkiiTcgPpiGuid;
>
> +
>
> +#endif
>
> --
> 2.26.2.windows.1




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#63692): https://edk2.groups.io/g/devel/message/63692
Mute This Topic: https://groups.io/mt/75496422/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to