[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 7/7] OvmfPkg: plug DxeTpm2MeasureBootLib into
From: |
Laszlo Ersek |
Subject: |
Re: [Qemu-devel] [PATCH v3 7/7] OvmfPkg: plug DxeTpm2MeasureBootLib into SecurityStubDxe |
Date: |
Fri, 9 Mar 2018 17:51:26 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 |
On 03/09/18 14:09, address@hidden wrote:
> From: Marc-André Lureau <address@hidden>
>
> The library registers a security management handler, to measure images
> that are not measure in PEI phase. For example with the qemu PXE rom:
>
> Loading driver at 0x0003E6C2000 EntryPoint=0x0003E6C9076 8086100e.efi
>
> And the following binary_bios_measurements log entry seems to be
> added:
>
> PCR: 2 type: EV_EFI_BOOT_SERVICES_DRIVER size: 0x4e digest:
> 70a22475e9f18806d2ed9193b48d80d26779d9a4
>
> The following order of operations ensures that 3rd party UEFI modules,
> such as PCI option ROMs and other modules possibly loaded from outside
> of firmware volumes, are measured into the TPM:
>
> (1) Tcg2Dxe is included in DXEFV, therefore it produces the TCG2
> protocol sometime in the DXE phase (assuming a TPM2 chip is present,
> reported via PcdTpmInstanceGuid).
>
> (2) The DXE core finds that no more drivers are left to dispatch from
> DXEFV, and we enter the BDS phase.
>
> (3) OVMF's PlatformBootManagerLib connects all PCI root bridges
> non-recursively, producing PciIo instances and discovering PCI
> oproms.
>
> (4) The dispatching of images that don't originate from FVs is deferred
> at this point, by
> "MdeModulePkg/Universal/SecurityStubDxe/Defer3rdPartyImageLoad.c".
>
> (5) OVMF's PlatformBootManagerLib signals EndOfDxe.
>
> (6) OVMF's PlatformBootManagerLib calls
> EfiBootManagerDispatchDeferredImages() -- the images deferred in
> step (4) are now dispatched.
>
> (7) Image dispatch invokes the Security / Security2 Arch protocols
> (produced by SecurityStubDxe). In this patch, we hook
> DxeTpm2MeasureBootLib into SecurityStubDxe, therefore image dispatch
> will try to locate the TCG2 protocol, and measure the image into the
> TPM2 chip with the protocol. Because of step (1), the TCG2 protocol
> will always be found and used (assuming a TPM2 chip is present).
>
> Cc: Laszlo Ersek <address@hidden>
> Cc: Stefan Berger <address@hidden>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Marc-André Lureau <address@hidden>
> ---
> OvmfPkg/OvmfPkgIa32.dsc | 3 +++
> OvmfPkg/OvmfPkgIa32X64.dsc | 3 +++
> OvmfPkg/OvmfPkgX64.dsc | 3 +++
> 3 files changed, 9 insertions(+)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index f80fb50d4a38..92c8c560a067 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -644,6 +644,9 @@ [Components]
> <LibraryClasses>
> !if $(SECURE_BOOT_ENABLE) == TRUE
>
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> +!endif
> +!if $(TPM2_ENABLE) == TRUE
> +
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> !endif
> }
>
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index bc48b5b63c7a..6ecaa795b288 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -653,6 +653,9 @@ [Components.X64]
> <LibraryClasses>
> !if $(SECURE_BOOT_ENABLE) == TRUE
>
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> +!endif
> +!if $(TPM2_ENABLE) == TRUE
> +
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> !endif
> }
>
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index e89de093d6a2..c98a3657c6f6 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -651,6 +651,9 @@ [Components]
> <LibraryClasses>
> !if $(SECURE_BOOT_ENABLE) == TRUE
>
> NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf
> +!endif
> +!if $(TPM2_ENABLE) == TRUE
> +
> NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf
> !endif
> }
>
>
Reviewed-by: Laszlo Ersek <address@hidden>
- Re: [Qemu-devel] [PATCH v3 1/7] SecurityPkg/Tcg2Pei: drop PeiReadOnlyVariable from Depex, (continued)
- [Qemu-devel] [PATCH v3 3/7] OvmfPkg: simplify SecurityStubDxe.inf inclusion, marcandre . lureau, 2018/03/09
- [Qemu-devel] [PATCH v3 2/7] MdeModulePkg/Core/Pei: fix REGISITER -> REGISTER typo, marcandre . lureau, 2018/03/09
- [Qemu-devel] [PATCH v3 5/7] OvmfPkg: include Tcg2Pei module, marcandre . lureau, 2018/03/09
- [Qemu-devel] [PATCH v3 4/7] OvmfPkg: add customized Tcg2ConfigPei clone, marcandre . lureau, 2018/03/09
- [Qemu-devel] [PATCH v3 6/7] OvmfPkg: include Tcg2Dxe module, marcandre . lureau, 2018/03/09
- [Qemu-devel] [PATCH v3 7/7] OvmfPkg: plug DxeTpm2MeasureBootLib into SecurityStubDxe, marcandre . lureau, 2018/03/09
- Re: [Qemu-devel] [PATCH v3 7/7] OvmfPkg: plug DxeTpm2MeasureBootLib into SecurityStubDxe,
Laszlo Ersek <=
- Re: [Qemu-devel] [edk2] [PATCH v3 0/7] ovmf: preliminary TPM2 support, Marc-André Lureau, 2018/03/09
- Re: [Qemu-devel] [edk2] [PATCH v3 0/7] ovmf: preliminary TPM2 support, Laszlo Ersek, 2018/03/09