Re: [edk2] Tianocore and TPM2 pcr values
Good to know.
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com]
Sent: Thursday, September 27, 2018 2:53 PM
To: Yao, Jiewen ; Zhang, Chao B ;
edk2-devel@lists.01.org
Subject: Re: Tianocore and TPM2 pcr values
Studying the kernel code it seems that it's a warning. The error 2314
(TPM2_RC_TESTING)
is a warning because a testing is already running and it's detected and it
returns immediately
to shorten boot time.
De: Jorge Fernandez Monteagudo
Enviado: jueves, 27 de septiembre de 2018 8:36:12
Para: Yao, Jiewen; Zhang, Chao B;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Asunto: Re: Tianocore and TPM2 pcr values
The selftest is done by the kernel but I suspect he expect something to be done
before the
selftest but I'm not sure what... The coreboot code is the same for the test
I've done with SeaBIOS
and Tianocore.
>From the kernel code:
/**
* tpm2_do_selftest() - ensure that all self tests have passed
*
* @chip: TPM chip to use
*
* Return: Same as with tpm_transmit_cmd.
*
* The TPM can either run all self tests synchronously and then return
* RC_SUCCESS once all tests were successful. Or it can choose to run the tests
* asynchronously and return RC_TESTING immediately while the self tests still
* execute in the background. This function handles both cases and waits until
* all tests have completed.
*/
static int tpm2_do_selftest(struct tpm_chip *chip)
{
struct tpm_buf buf;
int full;
int rc;
for (full = 0; full < 2; full++) {
rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST);
if (rc)
return rc;
tpm_buf_append_u8(&buf, full);
rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0,
"attempting the self test");
tpm_buf_destroy(&buf);
if (rc == TPM2_RC_TESTING)
rc = TPM2_RC_SUCCESS;
if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
return rc;
}
return rc;
}
De: Yao, Jiewen mailto:jiewen@intel.com>>
Enviado: jueves, 27 de septiembre de 2018 8:22:56
Para: Jorge Fernandez Monteagudo; Zhang, Chao B;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Asunto: RE: Tianocore and TPM2 pcr values
May I know who does the self test? coreboot ? or SeaBIOS?
Thank you
Yao Jiewen
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com]
Sent: Thursday, September 27, 2018 2:12 PM
To: Yao, Jiewen mailto:jiewen@intel.com>>; Zhang,
Chao B mailto:chao.b.zh...@intel.com>>;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Subject: Re: Tianocore and TPM2 pcr values
Hi, the only remaining issue is this dmesg TPM error trace I get when booting
with the UEFI payload
but not present when SeaBIOS is used:
[0.390995] tpm_tis 00:02: 2.0 TPM (device-id 0x1A, rev-id 16)
[0.399957] tpm tpm0: A TPM error (2314) occurred attempting the self test
but I don't know yet what the reason... I', using linux 4.17.1
Regards
Jorge
De: Yao, Jiewen mailto:jiewen@intel.com>>
Enviado: miércoles, 26 de septiembre de 2018 14:17:12
Para: Jorge Fernandez Monteagudo; Zhang, Chao B;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Asunto: RE: Tianocore and TPM2 pcr values
OK. So no issue in UEFI payload, right?
Thank you
Yao Jiewen
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com]
Sent: Wednesday, September 26, 2018 5:06 PM
To: Yao, Jiewen mailto:jiewen@intel.com>>; Zhang,
Chao B mailto:chao.b.zh...@intel.com>>;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Subject: Re: Tianocore and TPM2 pcr values
> You still cannot get the right PCR hardware value?
Sorry, what do you mean? I think the only remaining thing is extending the
tianocore payload
from the coreboot once is loaded in order to detect changes in the payload but
it's related to
coreboot no edk2...
De: Yao, Jiewen mailto:jiewen@intel.com>>
Enviado: miércoles, 26 de septiembre de 2018 10:56:05
Para: Jorge Fernandez Monteagudo; Zhang, Chao B;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Asunto: RE: Tianocore and TPM2 pcr values
OK. That means the PCR is extended successfully.
You still cannot get the right PCR hardware value?
> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> Jorge Fernandez Monteagudo
> Sent: Wednesday, September 26, 2018 4:54 PM
> To: Yao, Jiewen mailto:jiewen....@intel.com>>; Zhang,
> Chao B
> mailto:chao.b.zh...@intel.com>>;
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> Subject: Re: [edk2] Tianocore and TPM2 pcr values
>
> I'v
Re: [edk2] Tianocore and TPM2 pcr values
Studying the kernel code it seems that it's a warning. The error 2314
(TPM2_RC_TESTING)
is a warning because a testing is already running and it's detected and it
returns immediately
to shorten boot time.
De: Jorge Fernandez Monteagudo
Enviado: jueves, 27 de septiembre de 2018 8:36:12
Para: Yao, Jiewen; Zhang, Chao B; edk2-devel@lists.01.org
Asunto: Re: Tianocore and TPM2 pcr values
The selftest is done by the kernel but I suspect he expect something to be done
before the
selftest but I'm not sure what... The coreboot code is the same for the test
I've done with SeaBIOS
and Tianocore.
>From the kernel code:
/**
* tpm2_do_selftest() - ensure that all self tests have passed
*
* @chip: TPM chip to use
*
* Return: Same as with tpm_transmit_cmd.
*
* The TPM can either run all self tests synchronously and then return
* RC_SUCCESS once all tests were successful. Or it can choose to run the tests
* asynchronously and return RC_TESTING immediately while the self tests still
* execute in the background. This function handles both cases and waits until
* all tests have completed.
*/
static int tpm2_do_selftest(struct tpm_chip *chip)
{
struct tpm_buf buf;
int full;
int rc;
for (full = 0; full < 2; full++) {
rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST);
if (rc)
return rc;
tpm_buf_append_u8(&buf, full);
rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0,
"attempting the self test");
tpm_buf_destroy(&buf);
if (rc == TPM2_RC_TESTING)
rc = TPM2_RC_SUCCESS;
if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
return rc;
}
return rc;
}
De: Yao, Jiewen
Enviado: jueves, 27 de septiembre de 2018 8:22:56
Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org
Asunto: RE: Tianocore and TPM2 pcr values
May I know who does the self test? coreboot ? or SeaBIOS?
Thank you
Yao Jiewen
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com]
Sent: Thursday, September 27, 2018 2:12 PM
To: Yao, Jiewen ; Zhang, Chao B ;
edk2-devel@lists.01.org
Subject: Re: Tianocore and TPM2 pcr values
Hi, the only remaining issue is this dmesg TPM error trace I get when booting
with the UEFI payload
but not present when SeaBIOS is used:
[0.390995] tpm_tis 00:02: 2.0 TPM (device-id 0x1A, rev-id 16)
[0.399957] tpm tpm0: A TPM error (2314) occurred attempting the self test
but I don't know yet what the reason... I', using linux 4.17.1
Regards
Jorge
De: Yao, Jiewen mailto:jiewen@intel.com>>
Enviado: miércoles, 26 de septiembre de 2018 14:17:12
Para: Jorge Fernandez Monteagudo; Zhang, Chao B;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Asunto: RE: Tianocore and TPM2 pcr values
OK. So no issue in UEFI payload, right?
Thank you
Yao Jiewen
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com]
Sent: Wednesday, September 26, 2018 5:06 PM
To: Yao, Jiewen mailto:jiewen@intel.com>>; Zhang,
Chao B mailto:chao.b.zh...@intel.com>>;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Subject: Re: Tianocore and TPM2 pcr values
> You still cannot get the right PCR hardware value?
Sorry, what do you mean? I think the only remaining thing is extending the
tianocore payload
from the coreboot once is loaded in order to detect changes in the payload but
it's related to
coreboot no edk2...
De: Yao, Jiewen mailto:jiewen@intel.com>>
Enviado: miércoles, 26 de septiembre de 2018 10:56:05
Para: Jorge Fernandez Monteagudo; Zhang, Chao B;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Asunto: RE: Tianocore and TPM2 pcr values
OK. That means the PCR is extended successfully.
You still cannot get the right PCR hardware value?
> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> Jorge Fernandez Monteagudo
> Sent: Wednesday, September 26, 2018 4:54 PM
> To: Yao, Jiewen mailto:jiewen@intel.com>>; Zhang,
> Chao B
> mailto:chao.b.zh...@intel.com>>;
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> Subject: Re: [edk2] Tianocore and TPM2 pcr values
>
> I've added the Tcg2GetEventLog at the end of OnReadyToBoot from
> Tcg2Dxe.c and I can see:
>
>
> TPM2 Tcg2Dxe Measure Data when ReadyToBoot
> Tcg2GetEventLog ... (0x2)
> Tcg2GetEventLog (EventLogLocation - 8F3D2000)
> Tcg2GetEventLog (EventLogLastEntry - 8F3D27AE)
> Tcg2GetEventLog (EventLogTruncated - 0)
> Tcg2GetEventLog - Success
> EventLogFormat: (0x2)
> Event:
> PCRIndex - 0
> EventType - 0x0003
&g
Re: [edk2] Tianocore and TPM2 pcr values
The selftest is done by the kernel but I suspect he expect something to be done
before the
selftest but I'm not sure what... The coreboot code is the same for the test
I've done with SeaBIOS
and Tianocore.
>From the kernel code:
/**
* tpm2_do_selftest() - ensure that all self tests have passed
*
* @chip: TPM chip to use
*
* Return: Same as with tpm_transmit_cmd.
*
* The TPM can either run all self tests synchronously and then return
* RC_SUCCESS once all tests were successful. Or it can choose to run the tests
* asynchronously and return RC_TESTING immediately while the self tests still
* execute in the background. This function handles both cases and waits until
* all tests have completed.
*/
static int tpm2_do_selftest(struct tpm_chip *chip)
{
struct tpm_buf buf;
int full;
int rc;
for (full = 0; full < 2; full++) {
rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST);
if (rc)
return rc;
tpm_buf_append_u8(&buf, full);
rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0,
"attempting the self test");
tpm_buf_destroy(&buf);
if (rc == TPM2_RC_TESTING)
rc = TPM2_RC_SUCCESS;
if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
return rc;
}
return rc;
}
De: Yao, Jiewen
Enviado: jueves, 27 de septiembre de 2018 8:22:56
Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org
Asunto: RE: Tianocore and TPM2 pcr values
May I know who does the self test? coreboot ? or SeaBIOS?
Thank you
Yao Jiewen
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com]
Sent: Thursday, September 27, 2018 2:12 PM
To: Yao, Jiewen ; Zhang, Chao B ;
edk2-devel@lists.01.org
Subject: Re: Tianocore and TPM2 pcr values
Hi, the only remaining issue is this dmesg TPM error trace I get when booting
with the UEFI payload
but not present when SeaBIOS is used:
[0.390995] tpm_tis 00:02: 2.0 TPM (device-id 0x1A, rev-id 16)
[0.399957] tpm tpm0: A TPM error (2314) occurred attempting the self test
but I don't know yet what the reason... I', using linux 4.17.1
Regards
Jorge
De: Yao, Jiewen mailto:jiewen@intel.com>>
Enviado: miércoles, 26 de septiembre de 2018 14:17:12
Para: Jorge Fernandez Monteagudo; Zhang, Chao B;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Asunto: RE: Tianocore and TPM2 pcr values
OK. So no issue in UEFI payload, right?
Thank you
Yao Jiewen
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com]
Sent: Wednesday, September 26, 2018 5:06 PM
To: Yao, Jiewen mailto:jiewen@intel.com>>; Zhang,
Chao B mailto:chao.b.zh...@intel.com>>;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Subject: Re: Tianocore and TPM2 pcr values
> You still cannot get the right PCR hardware value?
Sorry, what do you mean? I think the only remaining thing is extending the
tianocore payload
from the coreboot once is loaded in order to detect changes in the payload but
it's related to
coreboot no edk2...
De: Yao, Jiewen mailto:jiewen@intel.com>>
Enviado: miércoles, 26 de septiembre de 2018 10:56:05
Para: Jorge Fernandez Monteagudo; Zhang, Chao B;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Asunto: RE: Tianocore and TPM2 pcr values
OK. That means the PCR is extended successfully.
You still cannot get the right PCR hardware value?
> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> Jorge Fernandez Monteagudo
> Sent: Wednesday, September 26, 2018 4:54 PM
> To: Yao, Jiewen mailto:jiewen@intel.com>>; Zhang,
> Chao B
> mailto:chao.b.zh...@intel.com>>;
> edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
> Subject: Re: [edk2] Tianocore and TPM2 pcr values
>
> I've added the Tcg2GetEventLog at the end of OnReadyToBoot from
> Tcg2Dxe.c and I can see:
>
>
> TPM2 Tcg2Dxe Measure Data when ReadyToBoot
> Tcg2GetEventLog ... (0x2)
> Tcg2GetEventLog (EventLogLocation - 8F3D2000)
> Tcg2GetEventLog (EventLogLastEntry - 8F3D27AE)
> Tcg2GetEventLog (EventLogTruncated - 0)
> Tcg2GetEventLog - Success
> EventLogFormat: (0x2)
> Event:
> PCRIndex - 0
> EventType - 0x0003
> Digest- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 00
> EventSize - 0x0025
> :
> 53706563204944204576656E7430330200020200040014
> 00
> 0020: 0B0020
> TCG_EfiSpecIDEventStruct:
> signature - 'Spec ID Event03 '
> platformClass - 0x
> specVersion- 2.00
> uintnSize - 0x0
Re: [edk2] Tianocore and TPM2 pcr values
May I know who does the self test? coreboot ? or SeaBIOS? Thank you Yao Jiewen From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com] Sent: Thursday, September 27, 2018 2:12 PM To: Yao, Jiewen ; Zhang, Chao B ; edk2-devel@lists.01.org Subject: Re: Tianocore and TPM2 pcr values Hi, the only remaining issue is this dmesg TPM error trace I get when booting with the UEFI payload but not present when SeaBIOS is used: [0.390995] tpm_tis 00:02: 2.0 TPM (device-id 0x1A, rev-id 16) [0.399957] tpm tpm0: A TPM error (2314) occurred attempting the self test but I don't know yet what the reason... I', using linux 4.17.1 Regards Jorge De: Yao, Jiewen mailto:jiewen@intel.com>> Enviado: miércoles, 26 de septiembre de 2018 14:17:12 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Asunto: RE: Tianocore and TPM2 pcr values OK. So no issue in UEFI payload, right? Thank you Yao Jiewen From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com] Sent: Wednesday, September 26, 2018 5:06 PM To: Yao, Jiewen mailto:jiewen@intel.com>>; Zhang, Chao B mailto:chao.b.zh...@intel.com>>; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Subject: Re: Tianocore and TPM2 pcr values > You still cannot get the right PCR hardware value? Sorry, what do you mean? I think the only remaining thing is extending the tianocore payload from the coreboot once is loaded in order to detect changes in the payload but it's related to coreboot no edk2... De: Yao, Jiewen mailto:jiewen@intel.com>> Enviado: miércoles, 26 de septiembre de 2018 10:56:05 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Asunto: RE: Tianocore and TPM2 pcr values OK. That means the PCR is extended successfully. You still cannot get the right PCR hardware value? > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 4:54 PM > To: Yao, Jiewen mailto:jiewen@intel.com>>; Zhang, > Chao B > mailto:chao.b.zh...@intel.com>>; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > I've added the Tcg2GetEventLog at the end of OnReadyToBoot from > Tcg2Dxe.c and I can see: > > > TPM2 Tcg2Dxe Measure Data when ReadyToBoot > Tcg2GetEventLog ... (0x2) > Tcg2GetEventLog (EventLogLocation - 8F3D2000) > Tcg2GetEventLog (EventLogLastEntry - 8F3D27AE) > Tcg2GetEventLog (EventLogTruncated - 0) > Tcg2GetEventLog - Success > EventLogFormat: (0x2) > Event: > PCRIndex - 0 > EventType - 0x0003 > Digest- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 > EventSize - 0x0025 > : > 53706563204944204576656E7430330200020200040014 > 00 > 0020: 0B0020 > TCG_EfiSpecIDEventStruct: > signature - 'Spec ID Event03 ' > platformClass - 0x > specVersion- 2.00 > uintnSize - 0x02 > NumberOfAlgorithms - 0x0002 > digest(0) > algorithmId - 0x0004 > digestSize - 0x0014 > digest(1) > algorithmId - 0x000B > digestSize - 0x0020 > VendorInfoSize - 0x00 > VendorInfo - > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 2F 20 11 2A 3F 55 39 8B 20 8E 0C 42 68 13 89 B4 CB 5B 18 > 23 > HashAlgo : 0x000B > Digest(1): CE 9C E3 86 B5 2E 09 9F 30 19 E5 12 A0 D6 06 2D 6B 56 0E > FE 4F F3 E5 66 1C 75 25 E2 F9 C2 63 DF > > EventSize - 0x0034 > : > 61DFE48BCA93D211AA0D00E098032B8C0A00 > > 0020: 53006500630075007200650042006F006F007400 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 9B 13 87 30 6E BB 7F F8 E7 95 E7 BE 77 56 36 66 BB F4 51 > 6E > HashAlgo : 0x000B > Digest(1): DE A7 B8 0A B5 3A 3D AA A2 4D 5C C4 6C 64 E1 FA 9F FD 03 > 73 9F 90 AA DB D8 C0 86 7C 4A 5B 48 90 > > EventSize - 0x0024 > : > 61DFE48BCA93D211AA0D00E098032B8C02000 > 000 > 0020: 50004B00 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 9A FA 86 C5 07 41 9B 85 70 C6 21 67 CB 94 86 D9 FC 80 97 > 58 > HashAlgo : 0x000B > Digest(1): E6 70 E1
Re: [edk2] Tianocore and TPM2 pcr values
Hi, the only remaining issue is this dmesg TPM error trace I get when booting with the UEFI payload but not present when SeaBIOS is used: [0.390995] tpm_tis 00:02: 2.0 TPM (device-id 0x1A, rev-id 16) [0.399957] tpm tpm0: A TPM error (2314) occurred attempting the self test but I don't know yet what the reason... I', using linux 4.17.1 Regards Jorge De: Yao, Jiewen Enviado: miércoles, 26 de septiembre de 2018 14:17:12 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org Asunto: RE: Tianocore and TPM2 pcr values OK. So no issue in UEFI payload, right? Thank you Yao Jiewen From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com] Sent: Wednesday, September 26, 2018 5:06 PM To: Yao, Jiewen ; Zhang, Chao B ; edk2-devel@lists.01.org Subject: Re: Tianocore and TPM2 pcr values > You still cannot get the right PCR hardware value? Sorry, what do you mean? I think the only remaining thing is extending the tianocore payload from the coreboot once is loaded in order to detect changes in the payload but it's related to coreboot no edk2... De: Yao, Jiewen mailto:jiewen@intel.com>> Enviado: miércoles, 26 de septiembre de 2018 10:56:05 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Asunto: RE: Tianocore and TPM2 pcr values OK. That means the PCR is extended successfully. You still cannot get the right PCR hardware value? > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 4:54 PM > To: Yao, Jiewen mailto:jiewen@intel.com>>; Zhang, > Chao B > mailto:chao.b.zh...@intel.com>>; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > I've added the Tcg2GetEventLog at the end of OnReadyToBoot from > Tcg2Dxe.c and I can see: > > > TPM2 Tcg2Dxe Measure Data when ReadyToBoot > Tcg2GetEventLog ... (0x2) > Tcg2GetEventLog (EventLogLocation - 8F3D2000) > Tcg2GetEventLog (EventLogLastEntry - 8F3D27AE) > Tcg2GetEventLog (EventLogTruncated - 0) > Tcg2GetEventLog - Success > EventLogFormat: (0x2) > Event: > PCRIndex - 0 > EventType - 0x0003 > Digest- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 > EventSize - 0x0025 > : > 53706563204944204576656E7430330200020200040014 > 00 > 0020: 0B0020 > TCG_EfiSpecIDEventStruct: > signature - 'Spec ID Event03 ' > platformClass - 0x > specVersion- 2.00 > uintnSize - 0x02 > NumberOfAlgorithms - 0x0002 > digest(0) > algorithmId - 0x0004 > digestSize - 0x0014 > digest(1) > algorithmId - 0x000B > digestSize - 0x0020 > VendorInfoSize - 0x00 > VendorInfo - > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 2F 20 11 2A 3F 55 39 8B 20 8E 0C 42 68 13 89 B4 CB 5B 18 > 23 > HashAlgo : 0x000B > Digest(1): CE 9C E3 86 B5 2E 09 9F 30 19 E5 12 A0 D6 06 2D 6B 56 0E > FE 4F F3 E5 66 1C 75 25 E2 F9 C2 63 DF > > EventSize - 0x0034 > : > 61DFE48BCA93D211AA0D00E098032B8C0A00 > > 0020: 53006500630075007200650042006F006F007400 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 9B 13 87 30 6E BB 7F F8 E7 95 E7 BE 77 56 36 66 BB F4 51 > 6E > HashAlgo : 0x000B > Digest(1): DE A7 B8 0A B5 3A 3D AA A2 4D 5C C4 6C 64 E1 FA 9F FD 03 > 73 9F 90 AA DB D8 C0 86 7C 4A 5B 48 90 > > EventSize - 0x0024 > : > 61DFE48BCA93D211AA0D00E098032B8C02000 > 000 > 0020: 50004B00 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 9A FA 86 C5 07 41 9B 85 70 C6 21 67 CB 94 86 D9 FC 80 97 > 58 > HashAlgo : 0x000B > Digest(1): E6 70 E1 21 FC EB D4 73 B8 BC 41 BB 80 13 01 FC 1D 9A FA > 33 90 4F 06 F7 14 9B 74 F1 2C 47 A6 8F > > EventSize - 0x0026 > : > 61DFE48BCA93D211AA0D00E098032B8C03000 > 000 > 0020: 4B0045004B00 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 5B F8 FA A0 78 D4 0F FB D0 33 17 C9 33 98 B0 12 29 A0 E1 > E0 > H
Re: [edk2] Tianocore and TPM2 pcr values
OK. So no issue in UEFI payload, right? Thank you Yao Jiewen From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com] Sent: Wednesday, September 26, 2018 5:06 PM To: Yao, Jiewen ; Zhang, Chao B ; edk2-devel@lists.01.org Subject: Re: Tianocore and TPM2 pcr values > You still cannot get the right PCR hardware value? Sorry, what do you mean? I think the only remaining thing is extending the tianocore payload from the coreboot once is loaded in order to detect changes in the payload but it's related to coreboot no edk2... De: Yao, Jiewen mailto:jiewen@intel.com>> Enviado: miércoles, 26 de septiembre de 2018 10:56:05 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Asunto: RE: Tianocore and TPM2 pcr values OK. That means the PCR is extended successfully. You still cannot get the right PCR hardware value? > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 4:54 PM > To: Yao, Jiewen mailto:jiewen@intel.com>>; Zhang, > Chao B > mailto:chao.b.zh...@intel.com>>; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > I've added the Tcg2GetEventLog at the end of OnReadyToBoot from > Tcg2Dxe.c and I can see: > > > TPM2 Tcg2Dxe Measure Data when ReadyToBoot > Tcg2GetEventLog ... (0x2) > Tcg2GetEventLog (EventLogLocation - 8F3D2000) > Tcg2GetEventLog (EventLogLastEntry - 8F3D27AE) > Tcg2GetEventLog (EventLogTruncated - 0) > Tcg2GetEventLog - Success > EventLogFormat: (0x2) > Event: > PCRIndex - 0 > EventType - 0x0003 > Digest- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 > EventSize - 0x0025 > : > 53706563204944204576656E7430330200020200040014 > 00 > 0020: 0B0020 > TCG_EfiSpecIDEventStruct: > signature - 'Spec ID Event03 ' > platformClass - 0x > specVersion- 2.00 > uintnSize - 0x02 > NumberOfAlgorithms - 0x0002 > digest(0) > algorithmId - 0x0004 > digestSize - 0x0014 > digest(1) > algorithmId - 0x000B > digestSize - 0x0020 > VendorInfoSize - 0x00 > VendorInfo - > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 2F 20 11 2A 3F 55 39 8B 20 8E 0C 42 68 13 89 B4 CB 5B 18 > 23 > HashAlgo : 0x000B > Digest(1): CE 9C E3 86 B5 2E 09 9F 30 19 E5 12 A0 D6 06 2D 6B 56 0E > FE 4F F3 E5 66 1C 75 25 E2 F9 C2 63 DF > > EventSize - 0x0034 > : > 61DFE48BCA93D211AA0D00E098032B8C0A00 > > 0020: 53006500630075007200650042006F006F007400 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 9B 13 87 30 6E BB 7F F8 E7 95 E7 BE 77 56 36 66 BB F4 51 > 6E > HashAlgo : 0x000B > Digest(1): DE A7 B8 0A B5 3A 3D AA A2 4D 5C C4 6C 64 E1 FA 9F FD 03 > 73 9F 90 AA DB D8 C0 86 7C 4A 5B 48 90 > > EventSize - 0x0024 > : > 61DFE48BCA93D211AA0D00E098032B8C02000 > 000 > 0020: 50004B00 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 9A FA 86 C5 07 41 9B 85 70 C6 21 67 CB 94 86 D9 FC 80 97 > 58 > HashAlgo : 0x000B > Digest(1): E6 70 E1 21 FC EB D4 73 B8 BC 41 BB 80 13 01 FC 1D 9A FA > 33 90 4F 06 F7 14 9B 74 F1 2C 47 A6 8F > > EventSize - 0x0026 > : > 61DFE48BCA93D211AA0D00E098032B8C03000 > 000 > 0020: 4B0045004B00 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 5B F8 FA A0 78 D4 0F FB D0 33 17 C9 33 98 B0 12 29 A0 E1 > E0 > HashAlgo : 0x000B > Digest(1): BA F8 9A 3C CA CE 52 75 0C 5F 01 28 35 1E 04 22 A4 15 97 > A1 AD FD 50 82 2A A3 63 B9 D1 24 EA 7C > > EventSize - 0x0024 > : > CBB219D73A3D9645A3BCDAD00E67656F0200 > > 0020: 64006200 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 73 44 24 C9 FE 8F C7 17 16 C4 20 96 F4 B7 4C 88 73 3B 17 > 5E > HashAlgo : 0x000B > Digest(1): 9F 75 B6 82 3B FF 6A F1 02 4A 4E 20 36 71 9C DD 54 8D 3C >
Re: [edk2] Tianocore and TPM2 pcr values
> You still cannot get the right PCR hardware value? Sorry, what do you mean? I think the only remaining thing is extending the tianocore payload from the coreboot once is loaded in order to detect changes in the payload but it's related to coreboot no edk2... De: Yao, Jiewen Enviado: miércoles, 26 de septiembre de 2018 10:56:05 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org Asunto: RE: Tianocore and TPM2 pcr values OK. That means the PCR is extended successfully. You still cannot get the right PCR hardware value? > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 4:54 PM > To: Yao, Jiewen ; Zhang, Chao B > ; edk2-devel@lists.01.org > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > I've added the Tcg2GetEventLog at the end of OnReadyToBoot from > Tcg2Dxe.c and I can see: > > > TPM2 Tcg2Dxe Measure Data when ReadyToBoot > Tcg2GetEventLog ... (0x2) > Tcg2GetEventLog (EventLogLocation - 8F3D2000) > Tcg2GetEventLog (EventLogLastEntry - 8F3D27AE) > Tcg2GetEventLog (EventLogTruncated - 0) > Tcg2GetEventLog - Success > EventLogFormat: (0x2) > Event: > PCRIndex - 0 > EventType - 0x0003 > Digest- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 > EventSize - 0x0025 > : > 53706563204944204576656E7430330200020200040014 > 00 > 0020: 0B0020 > TCG_EfiSpecIDEventStruct: > signature - 'Spec ID Event03 ' > platformClass - 0x > specVersion- 2.00 > uintnSize - 0x02 > NumberOfAlgorithms - 0x0002 > digest(0) > algorithmId - 0x0004 > digestSize - 0x0014 > digest(1) > algorithmId - 0x000B > digestSize - 0x0020 > VendorInfoSize - 0x00 > VendorInfo - > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 2F 20 11 2A 3F 55 39 8B 20 8E 0C 42 68 13 89 B4 CB 5B 18 > 23 > HashAlgo : 0x000B > Digest(1): CE 9C E3 86 B5 2E 09 9F 30 19 E5 12 A0 D6 06 2D 6B 56 0E > FE 4F F3 E5 66 1C 75 25 E2 F9 C2 63 DF > > EventSize - 0x0034 > : > 61DFE48BCA93D211AA0D00E098032B8C0A00 > > 0020: 53006500630075007200650042006F006F007400 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 9B 13 87 30 6E BB 7F F8 E7 95 E7 BE 77 56 36 66 BB F4 51 > 6E > HashAlgo : 0x000B > Digest(1): DE A7 B8 0A B5 3A 3D AA A2 4D 5C C4 6C 64 E1 FA 9F FD 03 > 73 9F 90 AA DB D8 C0 86 7C 4A 5B 48 90 > > EventSize - 0x0024 > : > 61DFE48BCA93D211AA0D00E098032B8C02000 > 000 > 0020: 50004B00 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 9A FA 86 C5 07 41 9B 85 70 C6 21 67 CB 94 86 D9 FC 80 97 > 58 > HashAlgo : 0x000B > Digest(1): E6 70 E1 21 FC EB D4 73 B8 BC 41 BB 80 13 01 FC 1D 9A FA > 33 90 4F 06 F7 14 9B 74 F1 2C 47 A6 8F > > EventSize - 0x0026 > : > 61DFE48BCA93D211AA0D00E098032B8C03000 > 000 > 0020: 4B0045004B00 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 5B F8 FA A0 78 D4 0F FB D0 33 17 C9 33 98 B0 12 29 A0 E1 > E0 > HashAlgo : 0x000B > Digest(1): BA F8 9A 3C CA CE 52 75 0C 5F 01 28 35 1E 04 22 A4 15 97 > A1 AD FD 50 82 2A A3 63 B9 D1 24 EA 7C > > EventSize - 0x0024 > : > CBB219D73A3D9645A3BCDAD00E67656F0200 > > 0020: 64006200 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 73 44 24 C9 FE 8F C7 17 16 C4 20 96 F4 B7 4C 88 73 3B 17 > 5E > HashAlgo : 0x000B > Digest(1): 9F 75 B6 82 3B FF 6A F1 02 4A 4E 20 36 71 9C DD 54 8D 3C > BC 2B F1 DE 8E 7E F4 D0 ED 01 F9 4B F9 > > EventSize - 0x0026 > : > CBB219D73A3D9645A3BCDAD00E67656F0300 > > 0020: 640062007800 > Event: > PCRIndex - 7 > EventType - 0x0004 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 0
Re: [edk2] Tianocore and TPM2 pcr values
OK. That means the PCR is extended successfully. You still cannot get the right PCR hardware value? > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 4:54 PM > To: Yao, Jiewen ; Zhang, Chao B > ; edk2-devel@lists.01.org > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > I've added the Tcg2GetEventLog at the end of OnReadyToBoot from > Tcg2Dxe.c and I can see: > > > TPM2 Tcg2Dxe Measure Data when ReadyToBoot > Tcg2GetEventLog ... (0x2) > Tcg2GetEventLog (EventLogLocation - 8F3D2000) > Tcg2GetEventLog (EventLogLastEntry - 8F3D27AE) > Tcg2GetEventLog (EventLogTruncated - 0) > Tcg2GetEventLog - Success > EventLogFormat: (0x2) > Event: > PCRIndex - 0 > EventType - 0x0003 > Digest- 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 > EventSize - 0x0025 > : > 53706563204944204576656E7430330200020200040014 > 00 > 0020: 0B0020 > TCG_EfiSpecIDEventStruct: > signature - 'Spec ID Event03 ' > platformClass - 0x > specVersion- 2.00 > uintnSize - 0x02 > NumberOfAlgorithms - 0x0002 > digest(0) > algorithmId - 0x0004 > digestSize - 0x0014 > digest(1) > algorithmId - 0x000B > digestSize - 0x0020 > VendorInfoSize - 0x00 > VendorInfo - > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 2F 20 11 2A 3F 55 39 8B 20 8E 0C 42 68 13 89 B4 CB 5B 18 > 23 > HashAlgo : 0x000B > Digest(1): CE 9C E3 86 B5 2E 09 9F 30 19 E5 12 A0 D6 06 2D 6B 56 0E > FE 4F F3 E5 66 1C 75 25 E2 F9 C2 63 DF > > EventSize - 0x0034 > : > 61DFE48BCA93D211AA0D00E098032B8C0A00 > > 0020: 53006500630075007200650042006F006F007400 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 9B 13 87 30 6E BB 7F F8 E7 95 E7 BE 77 56 36 66 BB F4 51 > 6E > HashAlgo : 0x000B > Digest(1): DE A7 B8 0A B5 3A 3D AA A2 4D 5C C4 6C 64 E1 FA 9F FD 03 > 73 9F 90 AA DB D8 C0 86 7C 4A 5B 48 90 > > EventSize - 0x0024 > : > 61DFE48BCA93D211AA0D00E098032B8C02000 > 000 > 0020: 50004B00 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 9A FA 86 C5 07 41 9B 85 70 C6 21 67 CB 94 86 D9 FC 80 97 > 58 > HashAlgo : 0x000B > Digest(1): E6 70 E1 21 FC EB D4 73 B8 BC 41 BB 80 13 01 FC 1D 9A FA > 33 90 4F 06 F7 14 9B 74 F1 2C 47 A6 8F > > EventSize - 0x0026 > : > 61DFE48BCA93D211AA0D00E098032B8C03000 > 000 > 0020: 4B0045004B00 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 5B F8 FA A0 78 D4 0F FB D0 33 17 C9 33 98 B0 12 29 A0 E1 > E0 > HashAlgo : 0x000B > Digest(1): BA F8 9A 3C CA CE 52 75 0C 5F 01 28 35 1E 04 22 A4 15 97 > A1 AD FD 50 82 2A A3 63 B9 D1 24 EA 7C > > EventSize - 0x0024 > : > CBB219D73A3D9645A3BCDAD00E67656F0200 > > 0020: 64006200 > Event: > PCRIndex - 7 > EventType - 0x8001 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 73 44 24 C9 FE 8F C7 17 16 C4 20 96 F4 B7 4C 88 73 3B 17 > 5E > HashAlgo : 0x000B > Digest(1): 9F 75 B6 82 3B FF 6A F1 02 4A 4E 20 36 71 9C DD 54 8D 3C > BC 2B F1 DE 8E 7E F4 D0 ED 01 F9 4B F9 > > EventSize - 0x0026 > : > CBB219D73A3D9645A3BCDAD00E67656F0300 > > 0020: 640062007800 > Event: > PCRIndex - 7 > EventType - 0x0004 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x0004 > : > Event: > PCRIndex - 1 > EventType - 0x8002 > DigestCount: 0x0002 > HashAlgo : 0x0004 > Digest(0): 1B 24 F7 F4 BB 84 00 03 02 20 9D 12 98 D6 2F 57 79 A9 4F > 45 > HashAlgo : 0x000B > Digest(1): 90 C2 69 89 21 CA 9F D0 29 50 BE 35 3F 72 18 88 76 0E 33 > AB 50 95
Re: [edk2] Tianocore and TPM2 pcr values
it is always good to enable serial port debug. There are lots of debug message in Tcg2Dxe driver. We can know what is wrong. In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image measurement lib extend to PCR2, PCR4, PCR5. The DXE driver extends variable to PCR1/7, and exposes the TCG2 protocol to let OS use it. In your patch, since we are using UEFI as payload, and there is no PEI, I am not clear which driver you expect will extend something to PCR0. Do you think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be responsible to extend coreboot image from flash, and who should extend UEFI payload? Also, only *3rd part* image will change PCR2 and PCR4. Do you have such case in your platform? Anyway, there should still be something measured - boot variable (PCR1), secure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you include Tcg2Dxe driver. I am not clear if coreboot already extends something to separator according to TCG PFP spec. If that is the case, we probably need a special handing in DXE driver. I look forward to your serial debug message and design discussion. Thank you Yao Jiewen > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 1:46 PM > To: Zhang, Chao B mailto:chao.b.zh...@intel.com>>; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > Maybe the traces I get from the debug build and > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F > > can help. > > > ____________ > De: edk2-devel > mailto:edk2-devel-boun...@lists.01.org>> en > nombre de Jorge > Fernandez Monteagudo mailto:jorg...@cirsa.com>> > Enviado: martes, 25 de septiembre de 2018 16:09:31 > Para: Zhang, Chao B; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Asunto: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > PCR0 has not changed in any of the test I've done! What info do you need? > > > I'm using: > > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch > > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > branch > > Attached are the changes I've done to tianocore to get TPM2 support and no > console. > PCR0 is always > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > Thanks! > > De: Zhang, Chao B mailto:chao.b.zh...@intel.com>> > Enviado: martes, 25 de septiembre de 2018 15:41:45 > Para: Jorge Fernandez Monteagudo; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Cc: You, Benjamin > Asunto: RE: Tianocore and TPM2 pcr values > > Hi Jorge: > PCR 0 should change if you use different core boot payload + UEFI. So > your case seems to be an issue. Can you provide more detailed info? > > > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Monday, September 24, 2018 5:57 PM > To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: [edk2] Tianocore and TPM2 pcr values > > Hi all, > > > This is my first message in this list. I'm using tianocore as a payload for a > Coreboot in order to > > boot a custom board I'm working on it. Finally I've been able to enable the > TPM2 support in > > coreboot and in tianocore but I have some questions regarding the values > I'm seeing in the PCRs. > > > I'm using Tianocore master branch as is selected by coreboot menuconfig > and x64 architecture. > > Once the system is running I can read the PCRs and, if I'm not wrong, PCRs 0 > to 7 are handled > > by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release > mode and a coreboot+ > > tianocore in debug mode and the PCRs are the same. Is it ok? I thought that > any change in the > > coreboot.rom will made the PCR values to change... > > > pcr0: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr1: > a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 > pcr2: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr3: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr4: > 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871 > f > pcr5: > dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad > 8 > pcr6: &
Re: [edk2] Tianocore and TPM2 pcr values
all 0. It's only checking what device is available and sending the tpm2_startup command. I'll try to investigate the coreboot project to see if the tianocore payload could be extended before loading because coreboot should be the CRTM. > Also, only *3rd part* image will change PCR2 and PCR4. Do you have such case > in your platform? First notice. No I don't have such case in my platform. Thanks! Jorge De: Yao, Jiewen mailto:jiewen@intel.com>> Enviado: miércoles, 26 de septiembre de 2018 8:11:58 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Asunto: RE: Tianocore and TPM2 pcr values Hi Jorge Yes, it is always good to enable serial port debug. There are lots of debug message in Tcg2Dxe driver. We can know what is wrong. In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image measurement lib extend to PCR2, PCR4, PCR5. The DXE driver extends variable to PCR1/7, and exposes the TCG2 protocol to let OS use it. In your patch, since we are using UEFI as payload, and there is no PEI, I am not clear which driver you expect will extend something to PCR0. Do you think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be responsible to extend coreboot image from flash, and who should extend UEFI payload? Also, only *3rd part* image will change PCR2 and PCR4. Do you have such case in your platform? Anyway, there should still be something measured - boot variable (PCR1), secure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you include Tcg2Dxe driver. I am not clear if coreboot already extends something to separator according to TCG PFP spec. If that is the case, we probably need a special handing in DXE driver. I look forward to your serial debug message and design discussion. Thank you Yao Jiewen > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 1:46 PM > To: Zhang, Chao B mailto:chao.b.zh...@intel.com>>; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > Maybe the traces I get from the debug build and > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F > > can help. > > > ____ > De: edk2-devel > mailto:edk2-devel-boun...@lists.01.org>> en > nombre de Jorge > Fernandez Monteagudo mailto:jorg...@cirsa.com>> > Enviado: martes, 25 de septiembre de 2018 16:09:31 > Para: Zhang, Chao B; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Asunto: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > PCR0 has not changed in any of the test I've done! What info do you need? > > > I'm using: > > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch > > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > branch > > Attached are the changes I've done to tianocore to get TPM2 support and no > console. > PCR0 is always > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > Thanks! > > De: Zhang, Chao B mailto:chao.b.zh...@intel.com>> > Enviado: martes, 25 de septiembre de 2018 15:41:45 > Para: Jorge Fernandez Monteagudo; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Cc: You, Benjamin > Asunto: RE: Tianocore and TPM2 pcr values > > Hi Jorge: > PCR 0 should change if you use different core boot payload + UEFI. So > your case seems to be an issue. Can you provide more detailed info? > > > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Monday, September 24, 2018 5:57 PM > To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: [edk2] Tianocore and TPM2 pcr values > > Hi all, > > > This is my first message in this list. I'm using tianocore as a payload for a > Coreboot in order to > > boot a custom board I'm working on it. Finally I've been able to enable the > TPM2 support in > > coreboot and in tianocore but I have some questions regarding the values > I'm seeing in the PCRs. > > > I'm using Tianocore master branch as is selected by coreboot menuconfig > and x64 architecture. > > Once the system is running I can read the PCRs and, if I'm not wrong, PCRs 0 > to 7 are
Re: [edk2] Tianocore and TPM2 pcr values
es the TCG2 protocol to let OS use it. In your patch, since we are using UEFI as payload, and there is no PEI, I am not clear which driver you expect will extend something to PCR0. Do you think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be responsible to extend coreboot image from flash, and who should extend UEFI payload? Also, only *3rd part* image will change PCR2 and PCR4. Do you have such case in your platform? Anyway, there should still be something measured - boot variable (PCR1), secure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you include Tcg2Dxe driver. I am not clear if coreboot already extends something to separator according to TCG PFP spec. If that is the case, we probably need a special handing in DXE driver. I look forward to your serial debug message and design discussion. Thank you Yao Jiewen > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 1:46 PM > To: Zhang, Chao B mailto:chao.b.zh...@intel.com>>; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > Maybe the traces I get from the debug build and > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F > > can help. > > > > De: edk2-devel > mailto:edk2-devel-boun...@lists.01.org>> en > nombre de Jorge > Fernandez Monteagudo mailto:jorg...@cirsa.com>> > Enviado: martes, 25 de septiembre de 2018 16:09:31 > Para: Zhang, Chao B; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Asunto: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > PCR0 has not changed in any of the test I've done! What info do you need? > > > I'm using: > > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch > > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > branch > > Attached are the changes I've done to tianocore to get TPM2 support and no > console. > PCR0 is always > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > Thanks! > > De: Zhang, Chao B mailto:chao.b.zh...@intel.com>> > Enviado: martes, 25 de septiembre de 2018 15:41:45 > Para: Jorge Fernandez Monteagudo; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Cc: You, Benjamin > Asunto: RE: Tianocore and TPM2 pcr values > > Hi Jorge: > PCR 0 should change if you use different core boot payload + UEFI. So > your case seems to be an issue. Can you provide more detailed info? > > > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Monday, September 24, 2018 5:57 PM > To: edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: [edk2] Tianocore and TPM2 pcr values > > Hi all, > > > This is my first message in this list. I'm using tianocore as a payload for a > Coreboot in order to > > boot a custom board I'm working on it. Finally I've been able to enable the > TPM2 support in > > coreboot and in tianocore but I have some questions regarding the values > I'm seeing in the PCRs. > > > I'm using Tianocore master branch as is selected by coreboot menuconfig > and x64 architecture. > > Once the system is running I can read the PCRs and, if I'm not wrong, PCRs 0 > to 7 are handled > > by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release > mode and a coreboot+ > > tianocore in debug mode and the PCRs are the same. Is it ok? I thought that > any change in the > > coreboot.rom will made the PCR values to change... > > > pcr0: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr1: > a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 > pcr2: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr3: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr4: > 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871 > f > pcr5: > dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad > 8 > pcr6: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr7: > b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 > > Another test I've done is using the Tianocore stable branch as selected by > coreboot > (STABLE_COMMIT
Re: [edk2] Tianocore and TPM2 pcr values
ProtectUefiImageCommon is not related.
Below code is the Tcg2Dxe entrypoint, I expect you can see some message there:
DriverEntry()
if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid),
&gEfiTpmDeviceInstanceNoneGuid) ||
CompareGuid (PcdGetPtr(PcdTpmInstanceGuid),
&gEfiTpmDeviceInstanceTpm12Guid)){
DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));
return EFI_UNSUPPORTED;
}
if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
return EFI_DEVICE_ERROR;
}
Status = Tpm2RequestUseTpm ();
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n"));
return Status;
}
//
// Fill information
//
ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX ==
sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]));
mTcgDxeData.BsCap.Size = sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY);
mTcgDxeData.BsCap.ProtocolVersion.Major = 1;
mTcgDxeData.BsCap.ProtocolVersion.Minor = 1;
mTcgDxeData.BsCap.StructureVersion.Major = 1;
mTcgDxeData.BsCap.StructureVersion.Minor = 1;
DEBUG ((EFI_D_INFO, "Tcg2.ProtocolVersion - %02x.%02x\n",
mTcgDxeData.BsCap.ProtocolVersion.Major,
mTcgDxeData.BsCap.ProtocolVersion.Minor));
DEBUG ((EFI_D_INFO, "Tcg2.StructureVersion - %02x.%02x\n",
mTcgDxeData.BsCap.StructureVersion.Major,
mTcgDxeData.BsCap.StructureVersion.Minor));
Status = Tpm2GetCapabilityManufactureID (&mTcgDxeData.BsCap.ManufacturerID);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityManufactureID fail!\n"));
} else {
DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityManufactureID - %08x\n",
mTcgDxeData.BsCap.ManufacturerID));
}
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com]
Sent: Wednesday, September 26, 2018 2:40 PM
To: Yao, Jiewen ; Zhang, Chao B ;
edk2-devel@lists.01.org
Subject: Re: Tianocore and TPM2 pcr values
Hi Yao
> Yes, it is always good to enable serial port debug. There are lots of debug
> message in Tcg2Dxe driver. We can know what is wrong.
>From the log I've been able to see that "measure" messages start once
>Tcg2Dxe.efi. From the beggining I can only see "ProtectUefiImageCommon"
messages but I don't know if they are related.
>In your patch, since we are using UEFI as payload, and there is no PEI, I am
>not clear which driver you expect will extend something to PCR0. Do you think
>coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be >responsible
>to extend coreboot image from flash, and who should extend UEFI payload?
I think nothing is implemented in coreboot because when TPM2 was not activated
in edk2 PCR0-10 were all 0. It's only checking what device
is available and sending the tpm2_startup command. I'll try to investigate the
coreboot project to see if the tianocore payload could be extended
before loading because coreboot should be the CRTM.
> Also, only *3rd part* image will change PCR2 and PCR4. Do you have such case
> in your platform?
First notice. No I don't have such case in my platform.
Thanks!
Jorge
De: Yao, Jiewen mailto:jiewen@intel.com>>
Enviado: miércoles, 26 de septiembre de 2018 8:11:58
Para: Jorge Fernandez Monteagudo; Zhang, Chao B;
edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org>
Asunto: RE: Tianocore and TPM2 pcr values
Hi Jorge
Yes, it is always good to enable serial port debug. There are lots of debug
message in Tcg2Dxe driver. We can know what is wrong.
In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image measurement
lib extend to PCR2, PCR4, PCR5. The DXE driver extends variable to PCR1/7, and
exposes the TCG2 protocol to let OS use it.
In your patch, since we are using UEFI as payload, and there is no PEI, I am
not clear which driver you expect will extend something to PCR0. Do you think
coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be responsible to
extend coreboot image from flash, and who should extend UEFI payload?
Also, only *3rd part* image will change PCR2 and PCR4. Do you have such case in
your platform?
Anyway, there should still be something measured - boot variable (PCR1), secure
boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you include
Tcg2Dxe driver.
I am not clear if coreboot already extends something to separator according to
TCG PFP spec. If that is the case, we probably need a special handing in DXE
driver.
I look forward to your serial debug message and design discussion.
Thank you
Yao Jiewen
> -Original Message-
> From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of
> Jorge Fernandez Monteagudo
> Sent: Wednesday, September 26, 2018 1:46 PM
> To: Zhang, Chao B mailto:chao.b.zh...
Re: [edk2] Tianocore and TPM2 pcr values
Hi Yao > Yes, it is always good to enable serial port debug. There are lots of debug > message in Tcg2Dxe driver. We can know what is wrong. >From the log I've been able to see that "measure" messages start once >Tcg2Dxe.efi. From the beggining I can only see "ProtectUefiImageCommon" messages but I don't know if they are related. >In your patch, since we are using UEFI as payload, and there is no PEI, I am >not clear which driver you expect will extend something to PCR0. Do you think >coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be >responsible >to extend coreboot image from flash, and who should extend UEFI payload? I think nothing is implemented in coreboot because when TPM2 was not activated in edk2 PCR0-10 were all 0. It's only checking what device is available and sending the tpm2_startup command. I'll try to investigate the coreboot project to see if the tianocore payload could be extended before loading because coreboot should be the CRTM. > Also, only *3rd part* image will change PCR2 and PCR4. Do you have such case > in your platform? First notice. No I don't have such case in my platform. Thanks! Jorge De: Yao, Jiewen Enviado: miércoles, 26 de septiembre de 2018 8:11:58 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org Asunto: RE: Tianocore and TPM2 pcr values Hi Jorge Yes, it is always good to enable serial port debug. There are lots of debug message in Tcg2Dxe driver. We can know what is wrong. In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image measurement lib extend to PCR2, PCR4, PCR5. The DXE driver extends variable to PCR1/7, and exposes the TCG2 protocol to let OS use it. In your patch, since we are using UEFI as payload, and there is no PEI, I am not clear which driver you expect will extend something to PCR0. Do you think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be responsible to extend coreboot image from flash, and who should extend UEFI payload? Also, only *3rd part* image will change PCR2 and PCR4. Do you have such case in your platform? Anyway, there should still be something measured - boot variable (PCR1), secure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you include Tcg2Dxe driver. I am not clear if coreboot already extends something to separator according to TCG PFP spec. If that is the case, we probably need a special handing in DXE driver. I look forward to your serial debug message and design discussion. Thank you Yao Jiewen > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 1:46 PM > To: Zhang, Chao B ; edk2-devel@lists.01.org > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > Maybe the traces I get from the debug build and > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F > > can help. > > > > De: edk2-devel en nombre de Jorge > Fernandez Monteagudo > Enviado: martes, 25 de septiembre de 2018 16:09:31 > Para: Zhang, Chao B; edk2-devel@lists.01.org > Asunto: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > PCR0 has not changed in any of the test I've done! What info do you need? > > > I'm using: > > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch > > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > branch > > Attached are the changes I've done to tianocore to get TPM2 support and no > console. > PCR0 is always > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > Thanks! > > De: Zhang, Chao B > Enviado: martes, 25 de septiembre de 2018 15:41:45 > Para: Jorge Fernandez Monteagudo; edk2-devel@lists.01.org > Cc: You, Benjamin > Asunto: RE: Tianocore and TPM2 pcr values > > Hi Jorge: > PCR 0 should change if you use different core boot payload + UEFI. So > your case seems to be an issue. Can you provide more detailed info? > > > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Monday, September 24, 2018 5:57 PM > To: edk2-devel@lists.01.org > Subject: [edk2] Tianocore and TPM2 pcr values > > Hi all, > > > This is my first message in this list. I'm using tianocore as a payload for a > Coreboot in order to > > boot a custom board I'm working on it. Finally I've been able to enable the > TPM2
Re: [edk2] Tianocore and TPM2 pcr values
Hi Jorge Yes, it is always good to enable serial port debug. There are lots of debug message in Tcg2Dxe driver. We can know what is wrong. In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image measurement lib extend to PCR2, PCR4, PCR5. The DXE driver extends variable to PCR1/7, and exposes the TCG2 protocol to let OS use it. In your patch, since we are using UEFI as payload, and there is no PEI, I am not clear which driver you expect will extend something to PCR0. Do you think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be responsible to extend coreboot image from flash, and who should extend UEFI payload? Also, only *3rd part* image will change PCR2 and PCR4. Do you have such case in your platform? Anyway, there should still be something measured - boot variable (PCR1), secure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you include Tcg2Dxe driver. I am not clear if coreboot already extends something to separator according to TCG PFP spec. If that is the case, we probably need a special handing in DXE driver. I look forward to your serial debug message and design discussion. Thank you Yao Jiewen > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 1:46 PM > To: Zhang, Chao B ; edk2-devel@lists.01.org > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > Maybe the traces I get from the debug build and > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F > > can help. > > > > De: edk2-devel en nombre de Jorge > Fernandez Monteagudo > Enviado: martes, 25 de septiembre de 2018 16:09:31 > Para: Zhang, Chao B; edk2-devel@lists.01.org > Asunto: Re: [edk2] Tianocore and TPM2 pcr values > > Hi Chao! > > > PCR0 has not changed in any of the test I've done! What info do you need? > > > I'm using: > > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch > > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > branch > > Attached are the changes I've done to tianocore to get TPM2 support and no > console. > PCR0 is always > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > Thanks! > > De: Zhang, Chao B > Enviado: martes, 25 de septiembre de 2018 15:41:45 > Para: Jorge Fernandez Monteagudo; edk2-devel@lists.01.org > Cc: You, Benjamin > Asunto: RE: Tianocore and TPM2 pcr values > > Hi Jorge: > PCR 0 should change if you use different core boot payload + UEFI. So > your case seems to be an issue. Can you provide more detailed info? > > > -Original Message- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Monday, September 24, 2018 5:57 PM > To: edk2-devel@lists.01.org > Subject: [edk2] Tianocore and TPM2 pcr values > > Hi all, > > > This is my first message in this list. I'm using tianocore as a payload for a > Coreboot in order to > > boot a custom board I'm working on it. Finally I've been able to enable the > TPM2 support in > > coreboot and in tianocore but I have some questions regarding the values > I'm seeing in the PCRs. > > > I'm using Tianocore master branch as is selected by coreboot menuconfig > and x64 architecture. > > Once the system is running I can read the PCRs and, if I'm not wrong, PCRs 0 > to 7 are handled > > by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release > mode and a coreboot+ > > tianocore in debug mode and the PCRs are the same. Is it ok? I thought that > any change in the > > coreboot.rom will made the PCR values to change... > > > pcr0: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr1: > a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 > pcr2: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr3: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr4: > 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871 > f > pcr5: > dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad > 8 > pcr6: > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > pcr7: > b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 > > Another test I've done is using the Tianocore stable branch as selected by > coreboot > (STABLE_COMMIT_
Re: [edk2] Tianocore and TPM2 pcr values
Hi Chao! Maybe the traces I get from the debug build and gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F can help. De: edk2-devel en nombre de Jorge Fernandez Monteagudo Enviado: martes, 25 de septiembre de 2018 16:09:31 Para: Zhang, Chao B; edk2-devel@lists.01.org Asunto: Re: [edk2] Tianocore and TPM2 pcr values Hi Chao! PCR0 has not changed in any of the test I've done! What info do you need? I'm using: coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot branch Attached are the changes I've done to tianocore to get TPM2 support and no console. PCR0 is always 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 Thanks! De: Zhang, Chao B Enviado: martes, 25 de septiembre de 2018 15:41:45 Para: Jorge Fernandez Monteagudo; edk2-devel@lists.01.org Cc: You, Benjamin Asunto: RE: Tianocore and TPM2 pcr values Hi Jorge: PCR 0 should change if you use different core boot payload + UEFI. So your case seems to be an issue. Can you provide more detailed info? -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jorge Fernandez Monteagudo Sent: Monday, September 24, 2018 5:57 PM To: edk2-devel@lists.01.org Subject: [edk2] Tianocore and TPM2 pcr values Hi all, This is my first message in this list. I'm using tianocore as a payload for a Coreboot in order to boot a custom board I'm working on it. Finally I've been able to enable the TPM2 support in coreboot and in tianocore but I have some questions regarding the values I'm seeing in the PCRs. I'm using Tianocore master branch as is selected by coreboot menuconfig and x64 architecture. Once the system is running I can read the PCRs and, if I'm not wrong, PCRs 0 to 7 are handled by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release mode and a coreboot+ tianocore in debug mode and the PCRs are the same. Is it ok? I thought that any change in the coreboot.rom will made the PCR values to change... pcr0: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr1: a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 pcr2: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr3: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr4: 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871f pcr5: dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad8 pcr6: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr7: b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 Another test I've done is using the Tianocore stable branch as selected by coreboot (STABLE_COMMIT_ID=315d9d08fd77db1024ccc5307823da8aaed85e2f) and I get the same values from release and build coreboot.roms except that PCR1 has the same value as PCR0, 2, 3 and 6, it seems it's not used in this version. Is this the expected behavior? Thanks! Jorge ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
Re: [edk2] Tianocore and TPM2 pcr values
Hi Chao!
PCR0 has not changed in any of the test I've done! What info do you need?
I'm using:
coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master branch
tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot branch
Attached are the changes I've done to tianocore to get TPM2 support and no
console.
PCR0 is always 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
Thanks!
De: Zhang, Chao B
Enviado: martes, 25 de septiembre de 2018 15:41:45
Para: Jorge Fernandez Monteagudo; edk2-devel@lists.01.org
Cc: You, Benjamin
Asunto: RE: Tianocore and TPM2 pcr values
Hi Jorge:
PCR 0 should change if you use different core boot payload + UEFI. So your
case seems to be an issue. Can you provide more detailed info?
-Original Message-
From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jorge
Fernandez Monteagudo
Sent: Monday, September 24, 2018 5:57 PM
To: edk2-devel@lists.01.org
Subject: [edk2] Tianocore and TPM2 pcr values
Hi all,
This is my first message in this list. I'm using tianocore as a payload for a
Coreboot in order to
boot a custom board I'm working on it. Finally I've been able to enable the
TPM2 support in
coreboot and in tianocore but I have some questions regarding the values I'm
seeing in the PCRs.
I'm using Tianocore master branch as is selected by coreboot menuconfig and x64
architecture.
Once the system is running I can read the PCRs and, if I'm not wrong, PCRs 0 to
7 are handled
by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release mode
and a coreboot+
tianocore in debug mode and the PCRs are the same. Is it ok? I thought that any
change in the
coreboot.rom will made the PCR values to change...
pcr0: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
pcr1: a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28
pcr2: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
pcr3: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
pcr4: 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871f
pcr5: dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad8
pcr6: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
pcr7: b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439
Another test I've done is using the Tianocore stable branch as selected by
coreboot
(STABLE_COMMIT_ID=315d9d08fd77db1024ccc5307823da8aaed85e2f) and I get the same
values from release and build coreboot.roms except that PCR1 has the same value
as PCR0, 2, 3 and 6, it seems it's not used in this version.
Is this the expected behavior?
Thanks!
Jorge
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
diff --git a/CorebootModulePkg/CorebootModulePkg.dec b/CorebootModulePkg/CorebootModulePkg.dec
index 20932a1..7372773 100644
--- a/CorebootModulePkg/CorebootModulePkg.dec
+++ b/CorebootModulePkg/CorebootModulePkg.dec
@@ -35,6 +35,8 @@
gUefiFrameBufferInfoGuid = {0xdc2cd8bd, 0x402c, 0x4dc4, {0x9b, 0xe0, 0xc, 0x43, 0x2b, 0x7, 0xfa, 0x34}}
gEfiPciExpressBaseAddressGuid = {0x3677d529, 0x326f, 0x4603, {0xa9, 0x26, 0xea, 0xac, 0xe0, 0x1d, 0xcb, 0xb0 }}
gUefiAcpiBoardInfoGuid = {0xad3d31b, 0xb3d8, 0x4506, {0xae, 0x71, 0x2e, 0xf1, 0x10, 0x6, 0xd9, 0xf}}
+ gPayloadTpm2DeviceInstanceGuid = { 0x8fe03b09, 0xcc66, 0x4797, { 0xba, 0x99, 0xfb, 0x92, 0x35, 0xb9, 0x80, 0x52 } }
+ gUefiTpmInfoGuid= { 0x3BC812AA, 0xB998, 0x4B05, { 0xA0, 0xDF, 0xE5, 0x34, 0xED, 0x08, 0xEE, 0xBB}}
## Include/Guid/PciOptionRomTable.h
gEfiPciOptionRomTableGuid = { 0x7462660F, 0x1CBD, 0x48DA, { 0xAD, 0x11, 0x91, 0x71, 0x79, 0x13, 0x83, 0x1C }}
diff --git a/CorebootPayloadPkg/CorebootPayloadPkg.dec b/CorebootPayloadPkg/CorebootPayloadPkg.dec
index b33b79c..2b04b4b 100644
--- a/CorebootPayloadPkg/CorebootPayloadPkg.dec
+++ b/CorebootPayloadPkg/CorebootPayloadPkg.dec
@@ -31,7 +31,7 @@
#
# Gop Temp
#
- gBmpImageGuid = { 0x878AC2CC, 0x5343, 0x46F2, { 0xB5, 0x63, 0x51, 0xF8, 0x9D, 0xAF, 0x56, 0xBA } }
+ gBmpImageGuid = { 0x878AC2CC, 0x5343, 0x46F2, { 0xB5, 0x63, 0x51, 0xF8, 0x9D, 0xAF, 0x56, 0xBA } }
[Ppis]
@@ -39,7 +39,7 @@
#
# Gop Temp
#
- gPlatformGOPPolicyGuid = { 0xec2e931b, 0x3281, 0x48a5, { 0x81, 0x07, 0xdf, 0x8a, 0x8b, 0xed, 0x3c, 0x5d } }
+ gPlatformGOPPolicyGuid = { 0xec2e931b, 0x3281, 0x48a5, { 0x81, 0x07, 0xdf, 0x8a, 0x8b, 0xed, 0x3c, 0x5d } }
#
diff --git a/CorebootPayloadPkg/CorebootPayloadPkg.fdf b/CorebootPayloadPkg/CorebootPayloadPkg.fdf
index 0961e96..dd6faa4 100644
--- a/CorebootPayloadPkg/CorebootPayloadPkg.fdf
+++ b/CorebootPayloadPkg/Cor
Re: [edk2] Tianocore and TPM2 pcr values
Hi Jorge: PCR 0 should change if you use different core boot payload + UEFI. So your case seems to be an issue. Can you provide more detailed info? -Original Message- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Jorge Fernandez Monteagudo Sent: Monday, September 24, 2018 5:57 PM To: edk2-devel@lists.01.org Subject: [edk2] Tianocore and TPM2 pcr values Hi all, This is my first message in this list. I'm using tianocore as a payload for a Coreboot in order to boot a custom board I'm working on it. Finally I've been able to enable the TPM2 support in coreboot and in tianocore but I have some questions regarding the values I'm seeing in the PCRs. I'm using Tianocore master branch as is selected by coreboot menuconfig and x64 architecture. Once the system is running I can read the PCRs and, if I'm not wrong, PCRs 0 to 7 are handled by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release mode and a coreboot+ tianocore in debug mode and the PCRs are the same. Is it ok? I thought that any change in the coreboot.rom will made the PCR values to change... pcr0: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr1: a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 pcr2: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr3: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr4: 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871f pcr5: dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad8 pcr6: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr7: b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 Another test I've done is using the Tianocore stable branch as selected by coreboot (STABLE_COMMIT_ID=315d9d08fd77db1024ccc5307823da8aaed85e2f) and I get the same values from release and build coreboot.roms except that PCR1 has the same value as PCR0, 2, 3 and 6, it seems it's not used in this version. Is this the expected behavior? Thanks! Jorge ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
[edk2] Tianocore and TPM2 pcr values
Hi all, This is my first message in this list. I'm using tianocore as a payload for a Coreboot in order to boot a custom board I'm working on it. Finally I've been able to enable the TPM2 support in coreboot and in tianocore but I have some questions regarding the values I'm seeing in the PCRs. I'm using Tianocore master branch as is selected by coreboot menuconfig and x64 architecture. Once the system is running I can read the PCRs and, if I'm not wrong, PCRs 0 to 7 are handled by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release mode and a coreboot+ tianocore in debug mode and the PCRs are the same. Is it ok? I thought that any change in the coreboot.rom will made the PCR values to change... pcr0: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr1: a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 pcr2: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr3: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr4: 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871f pcr5: dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad8 pcr6: 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 pcr7: b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 Another test I've done is using the Tianocore stable branch as selected by coreboot (STABLE_COMMIT_ID=315d9d08fd77db1024ccc5307823da8aaed85e2f) and I get the same values from release and build coreboot.roms except that PCR1 has the same value as PCR0, 2, 3 and 6, it seems it's not used in this version. Is this the expected behavior? Thanks! Jorge ___ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
