Re: [edk2-devel] [PATCH v2 0/9] Need add a FSP binary measurement

Mon, 10 Aug 2020 19:01:11 -0700 

Hi Qi
Thanks for the update.

1) Since this is a new feature, a platform may already measure FSP binary in 
some ways, I recommend we change the default policy to: 
gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig|0x00000000.

2) We should not check FSP_MEASURE_FSP in IntelFsp2WrappePkg, because it is 
reserved bit. Below code should be removed.
if (FspMeasureMask & FSP_MEASURE_FSP) {

3) I think " CheckPointer = (UINT8 *) ALIGN_POINTER (CheckPointer, 8);" should 
also be present in "else" branch below.

  if (((EFI_FIRMWARE_VOLUME_HEADER *)CheckPointer)->ExtHeaderOffset != 0) {
    CheckPointer = CheckPointer + ((EFI_FIRMWARE_VOLUME_HEADER 
*)CheckPointer)->ExtHeaderOffset;
    CheckPointer = CheckPointer + ((EFI_FIRMWARE_VOLUME_EXT_HEADER 
*)CheckPointer)->ExtHeaderSize;
    CheckPointer = (UINT8 *) ALIGN_POINTER (CheckPointer, 8);
  } else {
    CheckPointer = CheckPointer + ((EFI_FIRMWARE_VOLUME_HEADER 
*)CheckPointer)->HeaderLength;
  }

4) Below logic can be simplified to:

  if (FspMeasureMask & FSP_MEASURE_FSPUPD) {
    FspHeaderPtr = (FSP_INFO_HEADER *) mFspFindFspHeader (FirmwareBlobBase);
    if (FspHeaderPtr == NULL) {
      return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, 
FirmwareBlobLength);;
    }
    return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, 
FirmwareBlobLength,
                                         FspHeaderPtr->CfgRegionOffset, 
FspHeaderPtr->CfgRegionSize);
  } else {
    return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, 
FirmwareBlobLength);
  }

To:

  if (FspMeasureMask & FSP_MEASURE_FSPUPD) {
    FspHeaderPtr = (FSP_INFO_HEADER *) mFspFindFspHeader (FirmwareBlobBase);
    if (FspHeaderPtr != NULL) {
      return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, 
FirmwareBlobLength,
                                         FspHeaderPtr->CfgRegionOffset, 
FspHeaderPtr->CfgRegionSize);
    }
  }

  return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, 
FirmwareBlobLength);


Thank you
Yao Jiewen



> -----Original Message-----
> From: Zhang, Qi1 <qi1.zh...@intel.com>
> Sent: Thursday, August 6, 2020 8:34 AM
> To: devel@edk2.groups.io
> Cc: Zhang, Qi1 <qi1.zh...@intel.com>; Yao, Jiewen <jiewen....@intel.com>;
> Wang, Jian J <jian.j.w...@intel.com>; Wu, Hao A <hao.a...@intel.com>; Chiu,
> Chasel <chasel.c...@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desim...@intel.com>; Zeng, Star <star.z...@intel.com>
> Subject: [PATCH v2 0/9] Need add a FSP binary measurement
> 
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376
> 
> The EDKII BIOS calls FSP API in FSP Wrapper Pkg.
> This FSP code need to be measured into TPM.
> 
> We need add a generic module in FSP Wrapper Pkg code to measure:
> 1) FSP-T, FSP-M, FSP-S in API mode.
> 2) FSP-T in Dispatch-mode. The FSP-M and FSP-S will be reported
>    as standard FV and they will be measured by TCG-PEI.
> 
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Jian J Wang <jian.j.w...@intel.com>
> Cc: Hao A Wu <hao.a...@intel.com>
> Cc: Chasel Chiu <chasel.c...@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desim...@intel.com>
> Cc: Star Zeng <star.z...@intel.com>
> Cc: Qi Zhang <qi1.zh...@intel.com>
> 
> Jiewen Yao (8):
>   MdeModulePkg/TpmMeasurementLib: Add new API to TpmMeasurmentLib.
>   MdeModulePkg/NullTpmMeasurementLib: Add new API.
>   SecurityPkg/DxeTpmMeasurementLib: Add new API.
>   SecurityPkg/PeiTpmMeasurementLib: Add new API.
>   IntelFsp2WrapperPkg/FspMeasurementLib: Add header file.
>   IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
>   IntelFsp2WraperPkg/Fsp{m|s}WrapperPeim: Add FspBin measurement.
>   IntelFsp2Wrapper/dsc: Add FspTpmMeasurementLib and
>     PcdFspMeasurementConfig.
> 
> Qi Zhang (1):
>   SecurityPkg/Tcg2: handle PRE HASH and LOG ONLY
> 
>  .../FspmWrapperPeim/FspmWrapperPeim.c         |  90 ++++-
>  .../FspmWrapperPeim/FspmWrapperPeim.inf       |  20 +-
>  .../FspsWrapperPeim/FspsWrapperPeim.c         |  85 ++++-
>  .../FspsWrapperPeim/FspsWrapperPeim.inf       |  27 +-
>  .../Include/Library/FspMeasurementLib.h       |  39 ++
>  IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec   |  17 +
>  IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc   |   5 +-
>  .../BaseFspMeasurementLib.inf                 |  54 +++
>  .../BaseFspMeasurementLib/FspMeasurementLib.c | 349 ++++++++++++++++++
>  .../Include/Library/TpmMeasurementLib.h       |  48 ++-
>  .../TpmMeasurementLibNull.c                   |  61 ++-
>  .../TpmMeasurementLibNull.inf                 |   6 +-
>  SecurityPkg/Include/Ppi/Tcg.h                 |   5 +
>  .../DxeTpmMeasurementLib.inf                  |   6 +-
>  .../DxeTpmMeasurementLib/EventLogRecord.c     | 218 +++++++++++
>  .../PeiTpmMeasurementLib/EventLogRecord.c     | 218 +++++++++++
>  .../PeiTpmMeasurementLib.inf                  |   4 +
>  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c             |  12 +-
>  18 files changed, 1233 insertions(+), 31 deletions(-)
>  create mode 100644
> IntelFsp2WrapperPkg/Include/Library/FspMeasurementLib.h
>  create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurementLi
> b.inf
>  create mode 100644
> IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c
>  create mode 100644
> SecurityPkg/Library/DxeTpmMeasurementLib/EventLogRecord.c
>  create mode 100644
> SecurityPkg/Library/PeiTpmMeasurementLib/EventLogRecord.c
> 
> --
> 2.26.2.windows.1


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#63941): https://edk2.groups.io/g/devel/message/63941
Mute This Topic: https://groups.io/mt/76019581/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to