Reviewed-by: Chasel Chiu <chasel.c...@intel.com>
> -----Original Message----- > From: Zhang, Qi1 <qi1.zh...@intel.com> > Sent: Friday, August 14, 2020 2:32 PM > To: devel@edk2.groups.io > Cc: Yao, Jiewen <jiewen....@intel.com>; Chiu, Chasel > <chasel.c...@intel.com>; Desimone, Nathaniel L > <nathaniel.l.desim...@intel.com>; Zeng, Star <star.z...@intel.com>; Zhang, > Qi1 <qi1.zh...@intel.com> > Subject: [PATCH v3 3/8] IntelFsp2WrapperPkg/FspMeasurementLib: Add > BaseFspMeasurementLib. > > From: Jiewen Yao <jiewen....@intel.com> > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376 > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Chasel Chiu <chasel.c...@intel.com> > Cc: Nate DeSimone <nathaniel.l.desim...@intel.com> > Cc: Star Zeng <star.z...@intel.com> > Cc: Qi Zhang <qi1.zh...@intel.com> > Signed-off-by: Jiewen Yao <jiewen....@intel.com> > --- > .../BaseFspMeasurementLib.inf | 54 ++++ > .../BaseFspMeasurementLib/FspMeasurementLib.c | 248 > ++++++++++++++++++ > 2 files changed, 302 insertions(+) > create mode 100644 > IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasuremen > tLib.inf > create mode 100644 > IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib. > c > > diff --git > a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurem > entLib.inf > b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurem > entLib.inf > new file mode 100644 > index 0000000000..9c0dd9fb40 > --- /dev/null > +++ > b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/BaseFspMeasurem > entLib.inf > @@ -0,0 +1,54 @@ > +## @file > > +# Provides FSP measurement functions. > > +# > > +# This library provides MeasureFspFirmwareBlob() to measure FSP binary. > > +# > > +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > +# > > +## > > + > > +[Defines] > > + INF_VERSION = 0x00010005 > > + BASE_NAME = FspMeasurementLib > > + FILE_GUID = > 9A62C49D-C45A-4322-9F3C-45958DF0056B > > + MODULE_TYPE = BASE > > + VERSION_STRING = 1.0 > > + LIBRARY_CLASS = FspMeasurementLib > > + > > +# > > +# The following information is for reference only and not required by the > build tools. > > +# > > +# VALID_ARCHITECTURES = IA32 X64 > > +# > > + > > +[Sources] > > + FspMeasurementLib.c > > + > > +[Packages] > > + MdePkg/MdePkg.dec > > + MdeModulePkg/MdeModulePkg.dec > > + SecurityPkg/SecurityPkg.dec > > + IntelFsp2Pkg/IntelFsp2Pkg.dec > > + IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec > > + > > +[LibraryClasses] > > + BaseLib > > + BaseMemoryLib > > + DebugLib > > + PrintLib > > + PcdLib > > + PeiServicesLib > > + PeiServicesTablePointerLib > > + FspWrapperApiLib > > + FvEventLogRecordLib > > + HashLib > > + > > +[Ppis] > > + gEdkiiTcgPpiGuid > ## CONSUMES > > + > > +[Pcd] > > + gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig > ## CONSUMES > > + gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress > ## CONSUMES > > + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision > ## CONSUMES > > + > > diff --git > a/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLi > b.c > b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLi > b.c > new file mode 100644 > index 0000000000..adb4393426 > --- /dev/null > +++ > b/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLi > b.c > @@ -0,0 +1,248 @@ > +/** @file > > + This library is used by FSP modules to measure data to TPM. > > + > > +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR> > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > + > > +**/ > > + > > +#include <PiPei.h> > > +#include <Uefi.h> > > + > > +#include <Library/BaseMemoryLib.h> > > +#include <Library/PeiServicesLib.h> > > +#include <Library/PeiServicesTablePointerLib.h> > > +#include <Library/PcdLib.h> > > +#include <Library/PrintLib.h> > > +#include <Library/DebugLib.h> > > +#include <Library/FspWrapperApiLib.h> > > +#include <Library/TpmMeasurementLib.h> > > +#include <Library/FspMeasurementLib.h> > > +#include <Library/FvEventLogRecordLib.h> > > +#include <Library/HashLib.h> > > + > > +#include <Ppi/Tcg.h> > > +#include <IndustryStandard/UefiTcgPlatform.h> > > + > > +/** > > + Tpm measure and log data, and extend the measurement result into a > specific PCR. > > + > > + @param[in] PcrIndex PCR Index. > > + @param[in] EventType Event type. > > + @param[in] EventLog Measurement event log. > > + @param[in] LogLen Event log length in bytes. > > + @param[in] HashData The start of the data buffer to be > hashed, extended. > > + @param[in] HashDataLen The length, in bytes, of the buffer > referenced by HashData > > + @param[in] Flags Bitmap providing additional > information. > > + > > + @retval EFI_SUCCESS Operation completed successfully. > > + @retval EFI_UNSUPPORTED TPM device not available. > > + @retval EFI_OUT_OF_RESOURCES Out of memory. > > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +TpmMeasureAndLogDataWithFlags ( > > + IN UINT32 PcrIndex, > > + IN UINT32 EventType, > > + IN VOID *EventLog, > > + IN UINT32 LogLen, > > + IN VOID *HashData, > > + IN UINT64 HashDataLen, > > + IN UINT64 Flags > > + ) > > +{ > > + EFI_STATUS Status; > > + EDKII_TCG_PPI *TcgPpi; > > + TCG_PCR_EVENT_HDR TcgEventHdr; > > + > > + Status = PeiServicesLocatePpi( > > + &gEdkiiTcgPpiGuid, > > + 0, > > + NULL, > > + (VOID**)&TcgPpi > > + ); > > + if (EFI_ERROR(Status)) { > > + return Status; > > + } > > + > > + TcgEventHdr.PCRIndex = PcrIndex; > > + TcgEventHdr.EventType = EventType; > > + TcgEventHdr.EventSize = LogLen; > > + > > + Status = TcgPpi->HashLogExtendEvent ( > > + TcgPpi, > > + Flags, > > + HashData, > > + (UINTN)HashDataLen, > > + &TcgEventHdr, > > + EventLog > > + ); > > + return Status; > > +} > > + > > +/** > > + Measure a FSP FirmwareBlob. > > + > > + @param[in] Description Description for this > FirmwareBlob. > > + @param[in] FirmwareBlobBase Base address of this > FirmwareBlob. > > + @param[in] FirmwareBlobLength Size in bytes of this > FirmwareBlob. > > + @param[in] CfgRegionOffset Configuration region offset in > bytes. > > + @param[in] CfgRegionSize Configuration region in bytes. > > + > > + @retval EFI_SUCCESS Operation completed successfully. > > + @retval EFI_UNSUPPORTED TPM device not available. > > + @retval EFI_OUT_OF_RESOURCES Out of memory. > > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. > > +**/ > > +STATIC > > +EFI_STATUS > > +EFIAPI > > +MeasureFspFirmwareBlobWithCfg ( > > + IN CHAR8 *Description OPTIONAL, > > + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, > > + IN UINT64 FirmwareBlobLength, > > + IN UINT32 CfgRegionOffset, > > + IN UINT32 CfgRegionSize > > + ) > > +{ > > + EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UpdBlob; > > + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UpdBlob2; > > + VOID *FvName; > > + UINT32 FvEventType; > > + VOID *FvEventLog, *UpdEventLog; > > + UINT32 FvEventLogSize, > UpdEventLogSize; > > + EFI_STATUS Status; > > + HASH_HANDLE HashHandle; > > + UINT8 *HashBase; > > + UINTN HashSize; > > + TPML_DIGEST_VALUES DigestList; > > + > > + FvName = TpmMeasurementGetFvName (FirmwareBlobBase, > FirmwareBlobLength); > > + > > + if (((Description != NULL) || (FvName != NULL)) && > > + (PcdGet32(PcdTcgPfpMeasurementRevision) >= > TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) { > > + if (Description != NULL) { > > + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, > sizeof(FvBlob2.BlobDescription), "%a", Description); > > + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, > sizeof(UpdBlob2.BlobDescription), "%aUDP", Description); > > + } else { > > + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, > sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); > > + AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, > sizeof(UpdBlob2.BlobDescription), "(%g)UDP", FvName); > > + } > > + > > + FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription); > > + FvBlob2.BlobBase = FirmwareBlobBase; > > + FvBlob2.BlobLength = FirmwareBlobLength; > > + FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2; > > + FvEventLog = &FvBlob2; > > + FvEventLogSize = sizeof(FvBlob2); > > + > > + UpdBlob2.BlobDescriptionSize = sizeof(UpdBlob2.BlobDescription); > > + UpdBlob2.BlobBase = CfgRegionOffset; > > + UpdBlob2.BlobLength = CfgRegionSize; > > + UpdEventLog = &UpdBlob2; > > + UpdEventLogSize = sizeof(UpdBlob2); > > + } else { > > + FvBlob.BlobBase = FirmwareBlobBase; > > + FvBlob.BlobLength = FirmwareBlobLength; > > + FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB; > > + FvEventLog = &FvBlob; > > + FvEventLogSize = sizeof(FvBlob); > > + > > + UpdBlob.BlobBase = CfgRegionOffset; > > + UpdBlob.BlobLength = CfgRegionSize; > > + UpdEventLog = &UpdBlob; > > + UpdEventLogSize = sizeof(UpdBlob); > > + } > > + > > + /** Initialize a SHA hash context. **/ > > + Status = HashStart (&HashHandle); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status)); > > + return Status; > > + } > > + > > + /** Hash FSP binary before UDP **/ > > + HashBase = (UINT8 *) (UINTN) FirmwareBlobBase; > > + HashSize = (UINTN) CfgRegionOffset; > > + Status = HashUpdate (HashHandle, HashBase, HashSize); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); > > + return Status; > > + } > > + > > + /** Hash FSP binary after UDP **/ > > + HashBase = (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + > CfgRegionSize; > > + HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset - > CfgRegionSize); > > + Status = HashUpdate (HashHandle, HashBase, HashSize); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status)); > > + return Status; > > + } > > + > > + /** Finalize the SHA hash. **/ > > + Status = HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList); > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", > Status)); > > + return Status; > > + } > > + > > + Status = TpmMeasureAndLogDataWithFlags ( > > + 0, > > + FvEventType, > > + FvEventLog, > > + FvEventLogSize, > > + (UINT8 *) &DigestList, > > + (UINTN) sizeof(DigestList), > > + EDKII_TCG_PRE_HASH_LOG_ONLY > > + ); > > + > > + Status = TpmMeasureAndLogData ( > > + 1, > > + EV_PLATFORM_CONFIG_FLAGS, > > + UpdEventLog, > > + UpdEventLogSize, > > + (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset, > > + CfgRegionSize > > + ); > > + > > + return Status; > > +} > > + > > +/** > > + Measure a FSP FirmwareBlob. > > + > > + @param[in] PcrIndex PCR Index. > > + @param[in] Description Description for this > FirmwareBlob. > > + @param[in] FirmwareBlobBase Base address of this > FirmwareBlob. > > + @param[in] FirmwareBlobLength Size in bytes of this > FirmwareBlob. > > + > > + @retval EFI_SUCCESS Operation completed successfully. > > + @retval EFI_UNSUPPORTED TPM device not available. > > + @retval EFI_OUT_OF_RESOURCES Out of memory. > > + @retval EFI_DEVICE_ERROR The operation was unsuccessful. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +MeasureFspFirmwareBlob ( > > + IN UINT32 PcrIndex, > > + IN CHAR8 *Description OPTIONAL, > > + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, > > + IN UINT64 FirmwareBlobLength > > + ) > > +{ > > + UINT32 FspMeasureMask; > > + FSP_INFO_HEADER *FspHeaderPtr; > > + > > + FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig); > > + if ((FspMeasureMask & FSP_MEASURE_FSPUPD) != 0) { > > + FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader > (FirmwareBlobBase); > > + if (FspHeaderPtr != NULL) { > > + return MeasureFspFirmwareBlobWithCfg(Description, > FirmwareBlobBase, FirmwareBlobLength, > > + > FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize); > > + } > > + } > > + > > + return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, > FirmwareBlobLength); > > +} > > + > > -- > 2.26.2.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#64348): https://edk2.groups.io/g/devel/message/64348 Mute This Topic: https://groups.io/mt/76183469/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-