Looks good to me. Reviewed-by: Qin Long <[email protected]>
Best Regards & Thanks, LONG, Qin > -----Original Message----- > From: edk2-devel [mailto:[email protected]] On Behalf Of > Zhang, Chao B > Sent: Friday, January 08, 2016 3:34 PM > To: [email protected] > Cc: Yao, Jiewen; Zhang, Chao B; Long, Qin > Subject: [edk2] [PATCH] SecurityPkg: TcgDxe, Tcg2Dxe, TrEEDxe: New PCD > for TCG event log and TCG2 final event log area > > TCG event log and TCG2 final event log area length can be configurable to > meet platform event log requirement. > PcdTcgLogAreaMinLen : 0x10000 based on minimum requirement in TCG > ACPI Spec 00.37 > PcdTcg2FinalLogAreaLen : 0x8000 based on experience value > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Chao Zhang <[email protected]> > --- > SecurityPkg/SecurityPkg.dec | 11 ++++++++++- > SecurityPkg/SecurityPkg.uni | 11 ++++++++++- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 15 ++++++--------- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +++- > SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 14 ++++++-------- > SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 3 ++- > SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 12 +++++------- > SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 3 ++- > 8 files changed, 44 insertions(+), 29 deletions(-) > > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index > d568b47..b5f4eb7 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -5,7 +5,7 @@ > # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and > library classes) # and libraries instances, which are used for those > features. > # > -# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> > +# Copyright (c) 2009 - 2016, Intel Corporation. All rights > +reserved.<BR> > # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR> # > This program and the accompanying materials are licensed and made > available under # the terms and conditions of the BSD License which > accompanies this distribution. > @@ -389,6 +389,15 @@ > # > gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, > 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, > 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, > 0x96, 0xa2, 0xd4, 0xa6, 0x4d}|VOID*|0x00010013 > > + ## This PCD defines minimum length(in bytes) of the system preboot TCG > event log area(LAML). > + # For PC Client Implementation spec up to and including 1.2 the minimum > log size is 64KB. > + # @Prompt Minimum length(in bytes) of the system preboot TCG event > log area(LAML). > + > + > gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen|0x10000|UINT32|0x > 000 > + 10017 > + > + ## This PCD defines length(in bytes) of the TCG2 Final event log area. > + # @Prompt Length(in bytes) of the TCG2 Final event log area. > + > + > gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen|0x8000|UINT32|0 > x0 > + 0010018 > + > [PcdsDynamic, PcdsDynamicEx] > > ## This PCD indicates Hash mask for TPM 2.0.<BR><BR> diff --git > a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni index > 91fff94..5fcd3f9 100644 > --- a/SecurityPkg/SecurityPkg.uni > +++ b/SecurityPkg/SecurityPkg.uni > @@ -5,7 +5,7 @@ > // It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and > library classes) // and libraries instances, which are used for those > features. > // > -// Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> > +// Copyright (c) 2009 - 2016, Intel Corporation. All rights > +reserved.<BR> > // > // This program and the accompanying materials are licensed and made > available under // the terms and conditions of the BSD License which > accompanies this distribution. > @@ -192,3 +192,12 @@ > > "Bios may choose to register a > subset of PcdTpm2HashMask.\n" > > "So this PCD is final value of > how many hash algo is extended to PCR." > > +#string > STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_PROMPT > #language en-US "Minimum length(in bytes) of the system preboot TCG > event log area(LAML)." > + > +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_HELP > #language en-US "This PCD defines minimum length(in bytes) of the system > preboot TCG event log area(LAML).\n" > + > "For PC Client Implementation > spec up to and including 1.2 the minimum log size is 64KB." > + > +#string > STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_PROMPT > #language en-US "Length(in bytes) of the TCG2 Final event log area." > + > +#string > STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_HELP > #language en-US "This PCD defines length(in bytes) of the TCG2 Final event > log area." > + > diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > index ae5e084..f0dbbac 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > @@ -56,9 +56,6 @@ typedef struct { > EFI_GUID *VendorGuid; > } VARIABLE_TYPE; > > -#define EFI_TCG_LOG_AREA_SIZE 0x10000 > -#define EFI_TCG_FINAL_LOG_AREA_SIZE 0x1000 > - > #define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000 > #define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000 > > @@ -1470,19 +1467,19 @@ SetupEventLog ( > Status = gBS->AllocatePages ( > AllocateMaxAddress, > EfiACPIMemoryNVS, > - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), > + EFI_SIZE_TO_PAGES (PcdGet32 > + (PcdTcgLogAreaMinLen)), > &Lasa > ); > if (EFI_ERROR (Status)) { > return Status; > } > mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; > - mTcgDxeData.EventLogAreaStruct[Index].Laml = > EFI_TCG_LOG_AREA_SIZE; > + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 > + (PcdTcgLogAreaMinLen); > // > // To initialize them as 0xFF is recommended > // because the OS can know the last entry for that. > // > - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); > + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), > + 0xFF); > // > // Create first entry for Log Header Entry Data > // > @@ -1571,13 +1568,13 @@ SetupEventLog ( > Status = gBS->AllocatePages ( > AllocateMaxAddress, > EfiACPIMemoryNVS, > - EFI_SIZE_TO_PAGES (EFI_TCG_FINAL_LOG_AREA_SIZE), > + EFI_SIZE_TO_PAGES (PcdGet32 > + (PcdTcg2FinalLogAreaLen)), > &Lasa > ); > if (EFI_ERROR (Status)) { > return Status; > } > - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_FINAL_LOG_AREA_SIZE, 0xFF); > + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), > + 0xFF); > > // > // Initialize > @@ -1588,7 +1585,7 @@ SetupEventLog ( > > mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = > mTcg2EventInfo[Index].LogFormat; > mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + > sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); > - mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = > EFI_TCG_FINAL_LOG_AREA_SIZE - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); > + mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = PcdGet32 > + (PcdTcg2FinalLogAreaLen) - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); > mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0; > mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID > *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa; > mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE; > diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > index ca6741b..fd120e5 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > @@ -7,7 +7,7 @@ > # This external input must be validated carefully to avoid security issue > like > # buffer overflow, integer overflow. > # > -# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> > +# Copyright (c) 2015 - 2016, Intel Corporation. All rights > +reserved.<BR> > # This program and the accompanying materials # are licensed and made > available under the terms and conditions of the BSD License # which > accompanies this distribution. The full text of the license may be found at > @@ -100,6 +100,8 @@ > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice > ## SOMETIMES_CONSUMES > gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap > ## > CONSUMES > gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks > ## > CONSUMES > + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen > ## > CONSUMES > + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen > ## > CONSUMES > > [Depex] > TRUE > diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c > b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index 4e2741c..1e52179 100644 > --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c > +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c > @@ -53,8 +53,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY > KIND, EITHER EXPRESS OR IMPLIED. > > #include "TpmComm.h" > > -#define EFI_TCG_LOG_AREA_SIZE 0x10000 > - > #define TCG_DXE_DATA_FROM_THIS(this) \ > BASE_CR (this, TCG_DXE_DATA, TcgProtocol) > > @@ -653,7 +651,7 @@ SetupEventLog ( > Status = gBS->AllocatePages ( > AllocateMaxAddress, > EfiACPIMemoryNVS, > - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), > + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), > &Lasa > ); > if (EFI_ERROR (Status)) { > @@ -664,8 +662,8 @@ SetupEventLog ( > // To initialize them as 0xFF is recommended > // because the OS can know the last entry for that. > // > - SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, > EFI_TCG_LOG_AREA_SIZE, 0xFF); > - mTcgClientAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; > + SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, PcdGet32 > (PcdTcgLogAreaMinLen), 0xFF); > + mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); > > } else { > Lasa = mTcgServerAcpiTemplate.Lasa; @@ -673,7 +671,7 @@ > SetupEventLog ( > Status = gBS->AllocatePages ( > AllocateMaxAddress, > EfiACPIMemoryNVS, > - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), > + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), > &Lasa > ); > if (EFI_ERROR (Status)) { > @@ -684,8 +682,8 @@ SetupEventLog ( > // To initialize them as 0xFF is recommended > // because the OS can know the last entry for that. > // > - SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, > EFI_TCG_LOG_AREA_SIZE, 0xFF); > - mTcgServerAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; > + SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, PcdGet32 > (PcdTcgLogAreaMinLen), 0xFF); > + mTcgServerAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); > } > > GuidHob.Raw = GetHobList (); > diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > index 0976304..e5409df 100644 > --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf > @@ -2,7 +2,7 @@ > # Produces TCG protocol and measures boot environment # This module > will produce TCG protocol and measure boot environment. > # > -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> > +# Copyright (c) 2006 - 2016, Intel Corporation. All rights > +reserved.<BR> > # This program and the accompanying materials # are licensed and made > available under the terms and conditions of the BSD License # which > accompanies this distribution. The full text of the license may be found at > @@ -75,6 +75,7 @@ > gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## > SOMETIMES_CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## > SOMETIMES_CONSUMES > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## > SOMETIMES_CONSUMES > + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## > CONSUMES > > [Depex] > TRUE > diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c > b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c > index 8f344fe..dfdee04 100644 > --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c > +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c > @@ -55,8 +55,6 @@ typedef struct { > EFI_GUID *VendorGuid; > } VARIABLE_TYPE; > > -#define EFI_TCG_LOG_AREA_SIZE 0x10000 > - > #define TREE_DEFAULT_MAX_COMMAND_SIZE 0x1000 > #define TREE_DEFAULT_MAX_RESPONSE_SIZE 0x1000 > > @@ -949,19 +947,19 @@ SetupEventLog ( > Status = gBS->AllocatePages ( > AllocateMaxAddress, > EfiACPIMemoryNVS, > - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), > + EFI_SIZE_TO_PAGES (PcdGet32 > + (PcdTcgLogAreaMinLen)), > &Lasa > ); > if (EFI_ERROR (Status)) { > return Status; > } > mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; > - mTcgDxeData.EventLogAreaStruct[Index].Laml = > EFI_TCG_LOG_AREA_SIZE; > + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 > + (PcdTcgLogAreaMinLen); > // > // To initialize them as 0xFF is recommended > // because the OS can know the last entry for that. > // > - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); > + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), > + 0xFF); > } > > // > @@ -969,10 +967,10 @@ SetupEventLog ( > // > if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) { > mTcgClientAcpiTemplate.Lasa = > mTcgDxeData.EventLogAreaStruct[0].Lasa; > - mTcgClientAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; > + mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); > } else { > mTcgServerAcpiTemplate.Lasa = > mTcgDxeData.EventLogAreaStruct[0].Lasa; > - mTcgServerAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; > + mTcgServerAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); > } > > // > diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf > b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf > index 258ab46..c22e8f0 100644 > --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf > +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf > @@ -7,7 +7,7 @@ > # This external input must be validated carefully to avoid security issue > like > # buffer overflow, integer overflow. > # > -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR> > +# Copyright (c) 2013 - 2016, Intel Corporation. All rights > +reserved.<BR> > # This program and the accompanying materials # are licensed and made > available under the terms and conditions of the BSD License # which > accompanies this distribution. The full text of the license may be found at > @@ -94,6 +94,7 @@ > gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId > ## > SOMETIMES_CONSUMES > gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision > ## SOMETIMES_CONSUMES > gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice > ## SOMETIMES_CONSUMES > + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen > ## > CONSUMES > > [Depex] > TRUE > -- > 1.9.5.msysgit.1 > > _______________________________________________ > edk2-devel mailing list > [email protected] > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
