OK. So no issue in UEFI payload, right? Thank you Yao Jiewen
From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com] Sent: Wednesday, September 26, 2018 5:06 PM To: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B <chao.b.zh...@intel.com>; edk2-devel@lists.01.org Subject: Re: Tianocore and TPM2 pcr values > You still cannot get the right PCR hardware value? Sorry, what do you mean? I think the only remaining thing is extending the tianocore payload from the coreboot once is loaded in order to detect changes in the payload but it's related to coreboot no edk2... ________________________________ De: Yao, Jiewen <jiewen....@intel.com<mailto:jiewen....@intel.com>> Enviado: miércoles, 26 de septiembre de 2018 10:56:05 Para: Jorge Fernandez Monteagudo; Zhang, Chao B; edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> Asunto: RE: Tianocore and TPM2 pcr values OK. That means the PCR is extended successfully. You still cannot get the right PCR hardware value? > -----Original Message----- > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > Jorge Fernandez Monteagudo > Sent: Wednesday, September 26, 2018 4:54 PM > To: Yao, Jiewen <jiewen....@intel.com<mailto:jiewen....@intel.com>>; Zhang, > Chao B > <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com>>; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > I've added the Tcg2GetEventLog at the end of OnReadyToBoot from > Tcg2Dxe.c and I can see: > > > TPM2 Tcg2Dxe Measure Data when ReadyToBoot > Tcg2GetEventLog ... (0x2) > Tcg2GetEventLog (EventLogLocation - 8F3D2000) > Tcg2GetEventLog (EventLogLastEntry - 8F3D27AE) > Tcg2GetEventLog (EventLogTruncated - 0) > Tcg2GetEventLog - Success > EventLogFormat: (0x2) > Event: > PCRIndex - 0 > EventType - 0x00000003 > Digest - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 > EventSize - 0x00000025 > 0000: > 53706563204944204576656E74303300000000000002000202000000040014 > 00 > 0020: 0B00200000 > TCG_EfiSpecIDEventStruct: > signature - 'Spec ID Event03 ' > platformClass - 0x00000000 > specVersion - 2.00 > uintnSize - 0x02 > NumberOfAlgorithms - 0x00000002 > digest(0) > algorithmId - 0x0004 > digestSize - 0x0014 > digest(1) > algorithmId - 0x000B > digestSize - 0x0020 > VendorInfoSize - 0x00 > VendorInfo - > Event: > PCRIndex - 7 > EventType - 0x80000001 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 2F 20 11 2A 3F 55 39 8B 20 8E 0C 42 68 13 89 B4 CB 5B 18 > 23 > HashAlgo : 0x000B > Digest(1): CE 9C E3 86 B5 2E 09 9F 30 19 E5 12 A0 D6 06 2D 6B 56 0E > FE 4F F3 E5 66 1C 75 25 E2 F9 C2 63 DF > > EventSize - 0x00000034 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C0A00000000000000000000000000 > 0000 > 0020: 53006500630075007200650042006F006F007400 > Event: > PCRIndex - 7 > EventType - 0x80000001 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 9B 13 87 30 6E BB 7F F8 E7 95 E7 BE 77 56 36 66 BB F4 51 > 6E > HashAlgo : 0x000B > Digest(1): DE A7 B8 0A B5 3A 3D AA A2 4D 5C C4 6C 64 E1 FA 9F FD 03 > 73 9F 90 AA DB D8 C0 86 7C 4A 5B 48 90 > > EventSize - 0x00000024 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C02000000000000000000000000000 > 000 > 0020: 50004B00 > Event: > PCRIndex - 7 > EventType - 0x80000001 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 9A FA 86 C5 07 41 9B 85 70 C6 21 67 CB 94 86 D9 FC 80 97 > 58 > HashAlgo : 0x000B > Digest(1): E6 70 E1 21 FC EB D4 73 B8 BC 41 BB 80 13 01 FC 1D 9A FA > 33 90 4F 06 F7 14 9B 74 F1 2C 47 A6 8F > > EventSize - 0x00000026 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C03000000000000000000000000000 > 000 > 0020: 4B0045004B00 > Event: > PCRIndex - 7 > EventType - 0x80000001 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 5B F8 FA A0 78 D4 0F FB D0 33 17 C9 33 98 B0 12 29 A0 E1 > E0 > HashAlgo : 0x000B > Digest(1): BA F8 9A 3C CA CE 52 75 0C 5F 01 28 35 1E 04 22 A4 15 97 > A1 AD FD 50 82 2A A3 63 B9 D1 24 EA 7C > > EventSize - 0x00000024 > 0000: > CBB219D73A3D9645A3BCDAD00E67656F0200000000000000000000000000 > 0000 > 0020: 64006200 > Event: > PCRIndex - 7 > EventType - 0x80000001 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 73 44 24 C9 FE 8F C7 17 16 C4 20 96 F4 B7 4C 88 73 3B 17 > 5E > HashAlgo : 0x000B > Digest(1): 9F 75 B6 82 3B FF 6A F1 02 4A 4E 20 36 71 9C DD 54 8D 3C > BC 2B F1 DE 8E 7E F4 D0 ED 01 F9 4B F9 > > EventSize - 0x00000026 > 0000: > CBB219D73A3D9645A3BCDAD00E67656F0300000000000000000000000000 > 0000 > 0020: 640062007800 > Event: > PCRIndex - 7 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 1 > EventType - 0x80000002 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 1B 24 F7 F4 BB 84 00 03 02 20 9D 12 98 D6 2F 57 79 A9 4F > 45 > HashAlgo : 0x000B > Digest(1): 90 C2 69 89 21 CA 9F D0 29 50 BE 35 3F 72 18 88 76 0E 33 > AB 50 95 A2 1E 50 F1 E4 36 0B 6D E1 A0 > > EventSize - 0x00000038 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C09000000000000000600000000000 > 000 > 0020: 42006F006F0074004F007200640065007200000001000200 > Event: > PCRIndex - 1 > EventType - 0x80000002 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): E9 44 11 C7 28 F4 14 4F 9F 49 9D DE 4A BB F8 F0 48 3A BB > 66 > HashAlgo : 0x000B > Digest(1): 1F 7F 14 CE 8C 8E 85 5B 56 A0 FF 0D 87 FB 6E E6 78 98 37 > 76 FA BE 83 C4 9F E5 1F 07 36 D3 0E 9C > > EventSize - 0x00000070 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C08000000000000004000000000000 > 000 > 0020: > 42006F006F0074003000300030003000010000001C00450046004900200055 > 00 > 0040: > 530042002000440065007600690063006500000002010C00D041030A00000 > 000 > 0060: 0101060000100305060001007FFF0400 > Event: > PCRIndex - 1 > EventType - 0x80000002 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 2D 60 53 82 1E 28 AC 45 A6 64 84 57 06 57 48 7A C3 8B 9E > 3A > HashAlgo : 0x000B > Digest(1): A0 39 4A 61 B8 1E 84 4E 1C 13 6C 74 EC 15 56 0A CF 5C 69 > 0F 22 3E C3 22 1F F5 1E 18 3C 72 AF DA > > EventSize - 0x00000074 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C08000000000000004400000000000 > 000 > 0020: > 42006F006F0074003000300030003100010000002000450046004900200048 > 00 > 0040: > 610072006400200044007200690076006500000002010C00D041030A00000 > 000 > 0060: 01010600001103120A000100FFFF00007FFF0400 > Event: > PCRIndex - 1 > EventType - 0x80000002 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): CF A3 CA 37 28 69 A8 3E 5A 0A 29 2D 94 D9 03 32 3D F7 1E > 86 > HashAlgo : 0x000B > Digest(1): C1 B5 4E 82 C6 8B 86 A7 ED 70 DF E9 CB AC A8 1E 99 C0 8A > 42 13 DD FD 13 7A 54 12 45 C8 33 13 22 > > EventSize - 0x00000079 > 0000: > 61DFE48BCA93D211AA0D00E098032B8C08000000000000004900000000000 > 000 > 0020: > 42006F006F007400300030003000320001000000230045004600490020004D > 00 > 0040: > 6900730063002000440065007600690063006500000002010C00D041030A0 > 000 > 0060: 0000010106000714031D05000001050800000000007FFF0400 > Event: > PCRIndex - 4 > EventType - 0x80000007 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): CD 0F DB 45 31 A6 EC 41 BE 27 53 BA 04 26 37 D6 E5 F7 F2 > 56 > HashAlgo : 0x000B > Digest(1): 3D 67 72 B4 F8 4E D4 75 95 D7 2A 2C 4C 5F FD 15 F5 BB 72 > C7 50 7F E2 6F 2A AE E2 C6 9D 56 33 BA > > EventSize - 0x00000028 > 0000: > 43616C6C696E6720454649204170706C69636174696F6E2066726F6D20426F > 6F > 0020: 74204F7074696F6E > Event: > PCRIndex - 0 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 1 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 2 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 3 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 4 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 5 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > Event: > PCRIndex - 6 > EventType - 0x00000004 > DigestCount: 0x00000002 > HashAlgo : 0x0004 > Digest(0): 90 69 CA 78 E7 45 0A 28 51 73 43 1B 3E 52 C5 C2 52 99 E4 > 73 > HashAlgo : 0x000B > Digest(1): DF 3F 61 98 04 A9 2F DB 40 57 19 2D C4 3D D7 48 EA 77 8A > DC 52 BC 49 8C E8 05 24 C0 14 B8 11 19 > > EventSize - 0x00000004 > 0000: 00000000 > FinalEventsTable: (0x8F408000) > Version: (0x1) > NumberOfEvents: (0x0) > PROGRESS CODE: V03051001 I0 > > > > > ________________________________ > De: Yao, Jiewen <jiewen....@intel.com<mailto:jiewen....@intel.com>> > Enviado: miércoles, 26 de septiembre de 2018 8:58:26 > Para: Jorge Fernandez Monteagudo; Zhang, Chao B; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Asunto: RE: Tianocore and TPM2 pcr values > > > That means the TPM2 device works well. > > > > We have code to dump the final event log at Tcg2GetEventLog(). > > // Dump Event Log for debug purpose > > if ((EventLogLocation != NULL) && (EventLogLastEntry != NULL)) { > > DumpEventLog (EventLogFormat, *EventLogLocation, > *EventLogLastEntry, mTcgDxeData.FinalEventsTable[Index]); > > } > > > > If your OS need consume the event log, I expect OS loader calls > Tcg2GetEventLog(). > > > > If you don't have such OS, then you can add Tcg2GetEventLog() call in the > end of OnReadyToBoot() - just for debug purpose to dump the event log. > > > > As such we can know how many events are extended. > > > > Thank you > > Yao Jiewen > > > > > > From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com] > Sent: Wednesday, September 26, 2018 2:48 PM > To: Yao, Jiewen <jiewen....@intel.com<mailto:jiewen....@intel.com>>; Zhang, > Chao B > <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com>>; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > Subject: Re: Tianocore and TPM2 pcr values > > > > Yes, from log I see: > > > > Loading driver at 0x0008F3F2000 EntryPoint=0x0008F3F2240 Tcg2Dxe.efi > InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF > 8F410C18 > ProtectUefiImageCommon - 0x8F4107C0 > - 0x000000008F3F2000 - 0x000000000000D800 > PROGRESS CODE: V03040002 I0 > InterfaceId - 0xFFFFFFFF > InterfaceType - 0x0F > InterfaceCapability - 0x300000FF > InterfaceVersion - 0x3 > StatusEx - 0xFF > TpmFamily - 0x3 > PtpInterface - 0 > VID - 0x15D1 > DID - 0x001A > RID - 0x10 > Tcg2.ProtocolVersion - 01.01 > Tcg2.StructureVersion - 01.01 > Tpm2GetCapabilityManufactureID - 00584649 > Tpm2GetCapabilityFirmwareVersion - 00050000 00044102 > Tpm2GetCapabilityMaxCommandResponseSize - 00000500, 00000500 > GetSupportedAndActivePcrs - Count = 00000002 > Tcg2.SupportedEventLogs - 0x00000003 > Tcg2.HashAlgorithmBitmap - 0x00000003 > Tcg2.NumberOfPCRBanks - 0x00000002 > Tcg2.ActivePcrBanks - 0x00000003 > ... > > > > ________________________________ > > De: Yao, Jiewen > <jiewen....@intel.com<mailto:jiewen....@intel.com<mailto:jiewen....@intel.com%3cmailto:jiewen....@intel.com>>> > Enviado: miércoles, 26 de septiembre de 2018 8:44:54 > Para: Jorge Fernandez Monteagudo; Zhang, Chao B; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> > Asunto: RE: Tianocore and TPM2 pcr values > > > > ProtectUefiImageCommon is not related. > > > > Below code is the Tcg2Dxe entrypoint, I expect you can see some message > there: > > > > ==================================== > > DriverEntry() > > if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), > &gEfiTpmDeviceInstanceNoneGuid) || > > CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), > &gEfiTpmDeviceInstanceTpm12Guid)){ > > DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); > > return EFI_UNSUPPORTED; > > } > > > > if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { > > DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); > > return EFI_DEVICE_ERROR; > > } > > > > Status = Tpm2RequestUseTpm (); > > if (EFI_ERROR (Status)) { > > DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n")); > > return Status; > > } > > > > // > > // Fill information > > // > > ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX == > sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])); > > > > mTcgDxeData.BsCap.Size = > sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY); > > mTcgDxeData.BsCap.ProtocolVersion.Major = 1; > > mTcgDxeData.BsCap.ProtocolVersion.Minor = 1; > > mTcgDxeData.BsCap.StructureVersion.Major = 1; > > mTcgDxeData.BsCap.StructureVersion.Minor = 1; > > > > DEBUG ((EFI_D_INFO, "Tcg2.ProtocolVersion - %02x.%02x\n", > mTcgDxeData.BsCap.ProtocolVersion.Major, > mTcgDxeData.BsCap.ProtocolVersion.Minor)); > > DEBUG ((EFI_D_INFO, "Tcg2.StructureVersion - %02x.%02x\n", > mTcgDxeData.BsCap.StructureVersion.Major, > mTcgDxeData.BsCap.StructureVersion.Minor)); > > > > Status = Tpm2GetCapabilityManufactureID > (&mTcgDxeData.BsCap.ManufacturerID); > > if (EFI_ERROR (Status)) { > > DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityManufactureID fail!\n")); > > } else { > > DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityManufactureID - %08x\n", > mTcgDxeData.BsCap.ManufacturerID)); > > } > > > > > > > > > > > > From: Jorge Fernandez Monteagudo [mailto:jorg...@cirsa.com] > Sent: Wednesday, September 26, 2018 2:40 PM > To: Yao, Jiewen > <jiewen....@intel.com<mailto:jiewen....@intel.com<mailto:jiewen....@intel.com%3cmailto:jiewen....@intel.com>>>; > Zhang, Chao B > <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com%3cmailto:chao.b.zh...@intel.com>>>; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> > Subject: Re: Tianocore and TPM2 pcr values > > > > Hi Yao > > > > > Yes, it is always good to enable serial port debug. There are lots of debug > message in Tcg2Dxe driver. We can know what is wrong. > > > > From the log I've been able to see that "measure" messages start once > Tcg2Dxe.efi. From the beggining I can only see "ProtectUefiImageCommon" > > messages but I don't know if they are related. > > > > >In your patch, since we are using UEFI as payload, and there is no PEI, I am > not clear which driver you expect will extend something to PCR0. Do you > think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should > be >responsible to extend coreboot image from flash, and who should > extend UEFI payload? > > > > I think nothing is implemented in coreboot because when TPM2 was not > activated in edk2 PCR0-10 were all 0. It's only checking what device > > is available and sending the tpm2_startup command. I'll try to investigate the > coreboot project to see if the tianocore payload could be extended > > before loading because coreboot should be the CRTM. > > > > > Also, only *3rd part* image will change PCR2 and PCR4. Do you have such > case in your platform? > > > > First notice. No I don't have such case in my platform. > > > > Thanks! > > Jorge > > ________________________________ > > De: Yao, Jiewen > <jiewen....@intel.com<mailto:jiewen....@intel.com<mailto:jiewen....@intel.com%3cmailto:jiewen....@intel.com>>> > Enviado: miércoles, 26 de septiembre de 2018 8:11:58 > Para: Jorge Fernandez Monteagudo; Zhang, Chao B; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> > Asunto: RE: Tianocore and TPM2 pcr values > > > > Hi Jorge > Yes, it is always good to enable serial port debug. There are lots of debug > message in Tcg2Dxe driver. We can know what is wrong. > > In pure UEFI BIOS, the PEI driver extends to PCR0, and DXE image > measurement lib extend to PCR2, PCR4, PCR5. The DXE driver extends > variable to PCR1/7, and exposes the TCG2 protocol to let OS use it. > > In your patch, since we are using UEFI as payload, and there is no PEI, I am > not clear which driver you expect will extend something to PCR0. Do you > think coreboot is CRTM? Or the UEFI payload is the CRTM? Who should be > responsible to extend coreboot image from flash, and who should extend > UEFI payload? > > Also, only *3rd part* image will change PCR2 and PCR4. Do you have such > case in your platform? > > Anyway, there should still be something measured - boot variable (PCR1), > secure boot variable (PCR7), GPT (5), action (4,5), separator (1~7), if you > include Tcg2Dxe driver. > > I am not clear if coreboot already extends something to separator according > to TCG PFP spec. If that is the case, we probably need a special handing in > DXE driver. > > > I look forward to your serial debug message and design discussion. > > Thank you > Yao Jiewen > > > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > > Jorge Fernandez Monteagudo > > Sent: Wednesday, September 26, 2018 1:46 PM > > To: Zhang, Chao B > <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com%3cmailto:chao.b.zh...@intel.com>>>; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> > > Subject: Re: [edk2] Tianocore and TPM2 pcr values > > > > Hi Chao! > > > > > > Maybe the traces I get from the debug build and > > > > > > gEfiMdePkgTokenSpaceGuid.PcdReportStatusCodePropertyMask|0x7 > > gEfiMdePkgTokenSpaceGuid.PcdDebugPrintErrorLevel|0x800A044F > > gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2F > > > > can help. > > > > > > ________________________________ > > De: edk2-devel > <edk2-devel-boun...@lists.01.org<mailto:edk2-devel-boun...@lists.01.org <mailto:edk2-devel-boun...@lists.01.org%3cmailto:edk2-devel-boun...@lists.01.org%0b>> >> en nombre de Jorge > > Fernandez Monteagudo > <jorg...@cirsa.com<mailto:jorg...@cirsa.com<mailto:jorg...@cirsa.com%3cmailto:jorg...@cirsa.com>>> > > Enviado: martes, 25 de septiembre de 2018 16:09:31 > > Para: Zhang, Chao B; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> > > Asunto: Re: [edk2] Tianocore and TPM2 pcr values > > > > Hi Chao! > > > > > > PCR0 has not changed in any of the test I've done! What info do you need? > > > > > > I'm using: > > > > coreboot: ae05d095b36ac835a6b1a221e6858065e5486888, master > branch > > > > tianocore: 07ecd98ac18d6792181856faca7d4bed1b587261, coreboot > > branch > > > > Attached are the changes I've done to tianocore to get TPM2 support and > no > > console. > > PCR0 is always > > > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > > > Thanks! > > ________________________________ > > De: Zhang, Chao B > <chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com<mailto:chao.b.zh...@intel.com%3cmailto:chao.b.zh...@intel.com>>> > > Enviado: martes, 25 de septiembre de 2018 15:41:45 > > Para: Jorge Fernandez Monteagudo; > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> > > Cc: You, Benjamin > > Asunto: RE: Tianocore and TPM2 pcr values > > > > Hi Jorge: > > PCR 0 should change if you use different core boot payload + UEFI. > So > > your case seems to be an issue. Can you provide more detailed info? > > > > > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of > > Jorge Fernandez Monteagudo > > Sent: Monday, September 24, 2018 5:57 PM > > To: > > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> > > Subject: [edk2] Tianocore and TPM2 pcr values > > > > Hi all, > > > > > > This is my first message in this list. I'm using tianocore as a payload for > > a > > Coreboot in order to > > > > boot a custom board I'm working on it. Finally I've been able to enable the > > TPM2 support in > > > > coreboot and in tianocore but I have some questions regarding the values > > I'm seeing in the PCRs. > > > > > > I'm using Tianocore master branch as is selected by coreboot menuconfig > > and x64 architecture. > > > > Once the system is running I can read the PCRs and, if I'm not wrong, PCRs > 0 > > to 7 are handled > > > > by the Tianocore/Coreboot. I've flashed a coreboot+tianocore in release > > mode and a coreboot+ > > > > tianocore in debug mode and the PCRs are the same. Is it ok? I thought > that > > any change in the > > > > coreboot.rom will made the PCR values to change... > > > > > > pcr0: > > > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > pcr1: > > > a3a3552caa68c6d9db64bf1ed4dca08080f99b59f1b26debc9abefa59ee8ca28 > > pcr2: > > > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > pcr3: > > > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > pcr4: > > > 74a35102770e65ab94b35135a4bf54c411134ae8059e03df41060a33f573871 > > f > > pcr5: > > > dfa65561584cb8604b1675c869f3341d0c99c642ce9d91353380361126235ad > > 8 > > pcr6: > > > 3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969 > > pcr7: > > > b5710bf57d25623e4019027da116821fa99f5c81e9e38b87671cc574f9281439 > > > > Another test I've done is using the Tianocore stable branch as selected by > > coreboot > > (STABLE_COMMIT_ID=315d9d08fd77db1024ccc5307823da8aaed85e2f) > and > > I get the same values from release and build coreboot.roms except that > > PCR1 has the same value as PCR0, 2, 3 and 6, it seems it's not used in this > > version. > > > > Is this the expected behavior? > > > > Thanks! > > Jorge > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> > > https://lists.01.org/mailman/listinfo/edk2-devel > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org%3cmailto:edk2-devel@lists.01.org>> > > https://lists.01.org/mailman/listinfo/edk2-devel > _______________________________________________ > edk2-devel mailing list > edk2-devel@lists.01.org<mailto:edk2-devel@lists.01.org> > https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
