Reviewed by: [email protected]
-----Original Message----- From: edk2-devel [mailto:[email protected]] On Behalf Of Zhang, Chao B Sent: Friday, January 08, 2016 3:34 PM To: [email protected] Cc: Yao, Jiewen; Zhang, Chao B; Long, Qin Subject: [edk2] [PATCH] SecurityPkg: TcgDxe, Tcg2Dxe, TrEEDxe: New PCD for TCG event log and TCG2 final event log area TCG event log and TCG2 final event log area length can be configurable to meet platform event log requirement. PcdTcgLogAreaMinLen : 0x10000 based on minimum requirement in TCG ACPI Spec 00.37 PcdTcg2FinalLogAreaLen : 0x8000 based on experience value Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <[email protected]> --- SecurityPkg/SecurityPkg.dec | 11 ++++++++++- SecurityPkg/SecurityPkg.uni | 11 ++++++++++- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 15 ++++++--------- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +++- SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 14 ++++++-------- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 3 ++- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 12 +++++------- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 3 ++- 8 files changed, 44 insertions(+), 29 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index d568b47..b5f4eb7 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -5,7 +5,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) # and libraries instances, which are used for those features. # -# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2009 - 2016, Intel Corporation. All rights +reserved.<BR> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR> # This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License which accompanies this distribution. @@ -389,6 +389,15 @@ # gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, 0x96, 0xa2, 0xd4, 0xa6, 0x4d}|VOID*|0x00010013 + ## This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML). + # For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB. + # @Prompt Minimum length(in bytes) of the system preboot TCG event log area(LAML). + + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen|0x10000|UINT32|0x000 + 10017 + + ## This PCD defines length(in bytes) of the TCG2 Final event log area. + # @Prompt Length(in bytes) of the TCG2 Final event log area. + + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen|0x8000|UINT32|0x0 + 0010018 + [PcdsDynamic, PcdsDynamicEx] ## This PCD indicates Hash mask for TPM 2.0.<BR><BR> diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni index 91fff94..5fcd3f9 100644 --- a/SecurityPkg/SecurityPkg.uni +++ b/SecurityPkg/SecurityPkg.uni @@ -5,7 +5,7 @@ // It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) // and libraries instances, which are used for those features. // -// Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> +// Copyright (c) 2009 - 2016, Intel Corporation. All rights +reserved.<BR> // // This program and the accompanying materials are licensed and made available under // the terms and conditions of the BSD License which accompanies this distribution. @@ -192,3 +192,12 @@ "Bios may choose to register a subset of PcdTpm2HashMask.\n" "So this PCD is final value of how many hash algo is extended to PCR." +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_PROMPT #language en-US "Minimum length(in bytes) of the system preboot TCG event log area(LAML)." + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_HELP #language en-US "This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML).\n" + "For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB." + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_PROMPT #language en-US "Length(in bytes) of the TCG2 Final event log area." + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_HELP #language en-US "This PCD defines length(in bytes) of the TCG2 Final event log area." + diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index ae5e084..f0dbbac 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -56,9 +56,6 @@ typedef struct { EFI_GUID *VendorGuid; } VARIABLE_TYPE; -#define EFI_TCG_LOG_AREA_SIZE 0x10000 -#define EFI_TCG_FINAL_LOG_AREA_SIZE 0x1000 - #define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000 #define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000 @@ -1470,19 +1467,19 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 + (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { return Status; } mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; - mTcgDxeData.EventLogAreaStruct[Index].Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 + (PcdTcgLogAreaMinLen); // // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), + 0xFF); // // Create first entry for Log Header Entry Data // @@ -1571,13 +1568,13 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_FINAL_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 + (PcdTcg2FinalLogAreaLen)), &Lasa ); if (EFI_ERROR (Status)) { return Status; } - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_FINAL_LOG_AREA_SIZE, 0xFF); + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), + 0xFF); // // Initialize @@ -1588,7 +1585,7 @@ SetupEventLog ( mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); - mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = EFI_TCG_FINAL_LOG_AREA_SIZE - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); + mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = PcdGet32 + (PcdTcg2FinalLogAreaLen) - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0; mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE; diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf index ca6741b..fd120e5 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -7,7 +7,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2015 - 2016, Intel Corporation. All rights +reserved.<BR> # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -100,6 +100,8 @@ gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen ## CONSUMES [Depex] TRUE diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index 4e2741c..1e52179 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -53,8 +53,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "TpmComm.h" -#define EFI_TCG_LOG_AREA_SIZE 0x10000 - #define TCG_DXE_DATA_FROM_THIS(this) \ BASE_CR (this, TCG_DXE_DATA, TcgProtocol) @@ -653,7 +651,7 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { @@ -664,8 +662,8 @@ SetupEventLog ( // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); - mTcgClientAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); + mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } else { Lasa = mTcgServerAcpiTemplate.Lasa; @@ -673,7 +671,7 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { @@ -684,8 +682,8 @@ SetupEventLog ( // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); - mTcgServerAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); + mTcgServerAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } GuidHob.Raw = GetHobList (); diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf index 0976304..e5409df 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf @@ -2,7 +2,7 @@ # Produces TCG protocol and measures boot environment # This module will produce TCG protocol and measure boot environment. # -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2006 - 2016, Intel Corporation. All rights +reserved.<BR> # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -75,6 +75,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES [Depex] TRUE diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c index 8f344fe..dfdee04 100644 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c @@ -55,8 +55,6 @@ typedef struct { EFI_GUID *VendorGuid; } VARIABLE_TYPE; -#define EFI_TCG_LOG_AREA_SIZE 0x10000 - #define TREE_DEFAULT_MAX_COMMAND_SIZE 0x1000 #define TREE_DEFAULT_MAX_RESPONSE_SIZE 0x1000 @@ -949,19 +947,19 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 + (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { return Status; } mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; - mTcgDxeData.EventLogAreaStruct[Index].Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 + (PcdTcgLogAreaMinLen); // // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), + 0xFF); } // @@ -969,10 +967,10 @@ SetupEventLog ( // if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) { mTcgClientAcpiTemplate.Lasa = mTcgDxeData.EventLogAreaStruct[0].Lasa; - mTcgClientAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } else { mTcgServerAcpiTemplate.Lasa = mTcgDxeData.EventLogAreaStruct[0].Lasa; - mTcgServerAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgServerAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } // diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf index 258ab46..c22e8f0 100644 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf @@ -7,7 +7,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2013 - 2016, Intel Corporation. All rights +reserved.<BR> # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -94,6 +94,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES [Depex] TRUE -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
