Reviewed-by: Jian J Wang <jian.j.w...@intel.com>
Regards, Jian > -----Original Message----- > From: Derek Lin <derek.l...@hpe.com> > Sent: Wednesday, November 06, 2019 9:01 AM > To: derek.l...@hpe.com; devel@edk2.groups.io > Cc: jason.spottsw...@hpe.com; Yao, Jiewen <jiewen....@intel.com>; Wang, > Jian J <jian.j.w...@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com> > Subject: [PATCH] SecurityPkg: Fix TPM2 ACPI measurement. > > We have discussed in this thread. > https://edk2.groups.io/g/devel/topic/32205028 > > Before the change, TPM FW upgrade will impact TPM2 ACPI PCR value because > TPM2 ACPI HID include FW version. > > This change make the measurement before TPM2 HID fixup. So, after TPM FW > upgrade, the ACPI PCR record remains the same. > > Signed-off-by: Derek Lin <derek.l...@hpe.com> > --- > SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c | 30 ++++++++++++++++-------------- > 1 file changed, 16 insertions(+), 14 deletions(-) > > diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > index bd786bf479..54966c83ce 100644 > --- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > +++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c > @@ -664,7 +664,22 @@ PublishAcpiTable ( > )); > > // > - // Update TPM2 HID before measuring it to PCR > + // Measure to PCR[0] with event EV_POST_CODE ACPI DATA. > + // The measurement has to be done before UpdateHID since TPM2 ACPI HID > + // imply TPM Firmware Version. Otherwise, the PCR record would be > + // different after TPM FW update. > + // > + TpmMeasureAndLogData( > + 0, > + EV_POST_CODE, > + EV_POSTCODE_INFO_ACPI_DATA, > + ACPI_DATA_LEN, > + Table, > + TableSize > + ); > + > + // > + // Update TPM2 HID after measuring it to PCR > // > Status = UpdateHID(Table); > if (EFI_ERROR(Status)) { > @@ -694,19 +709,6 @@ PublishAcpiTable ( > } > } > > - // > - // Measure to PCR[0] with event EV_POST_CODE ACPI DATA > - // > - TpmMeasureAndLogData( > - 0, > - EV_POST_CODE, > - EV_POSTCODE_INFO_ACPI_DATA, > - ACPI_DATA_LEN, > - Table, > - TableSize > - ); > - > - > ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'p', 'm', '2', 'T', 'a', > 'b', 'l')); > CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table- > >OemId) ); > mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), > (UINT16) > sizeof (TCG_NVS)); > -- > 2.20.1.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#50043): https://edk2.groups.io/g/devel/message/50043 Mute This Topic: https://groups.io/mt/42888234/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-