Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.


Rodrigo Gonzalez del Cueto
 

Hi Jiewen,

The intention of such API would be to ease debugging and auditing PCR attestation along the boot; it has been a common task while debugging several issues and TPM configurations.

a) Configurations in which BIOS is not the S-CRTM and we need to attest what has been measured to the TPM prior to any measurements performed by BIOS.
b) Verifying the values in all the active and supported PCR banks: attestation or capping of the PCRs. (See BZ: 3515

Such API together with the TCG event log print out it allows us to audit and debug the measured boot sequence.

Regards,
-Rodrigo


From: Yao, Jiewen <jiewen.yao@...>
Sent: Sunday, August 8, 2021 6:24 PM
To: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@...>; devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Wang, Jian J <jian.j.wang@...>
Subject: RE: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
 
Some feedback:

1) I think it is OK to add Tpm2PcrReadForActiveBank() API.
But I feel we will add too many noise to dump Tpm2PcrReadForActiveBank() in the code everytime.
I am not sure why it is needed.
What is the problem statement?

2) Below definition does not follow EDKII coding style. Please use 2 "space" as indent.
EFI_STATUS
EFIAPI
Tpm2PcrReadForActiveBank (
 IN      TPMI_DH_PCR                PcrHandle,
 OUT     TPML_DIGEST                *HashList
)



> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@...>
> Sent: Friday, July 30, 2021 6:43 AM
> To: devel@edk2.groups.io
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@...>; Yao,
> Jiewen <jiewen.yao@...>; Wang, Jian J <jian.j.wang@...>
> Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
>
> Add debug functionality to examine TPM extend operations
> performed by BIOS and inspect the PCR 00 value prior to
> any BIOS measurements.
>
> Replaced usage of EFI_D_* for DEBUG_* definitions in debug
> messages.
>
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cueto@...>
> Cc: Jiewen Yao <jiewen.yao@...>
> Cc: Jian J Wang <jian.j.wang@...>
> ---
>  SecurityPkg/Include/Library/Tpm2CommandLib.h       |  28
> ++++++++++++++++++++++------
>  SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 226
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++-----------------------
>  SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c                  |  34 ++++++++++++++++++++------
> --------
>  3 files changed, 245 insertions(+), 43 deletions(-)
>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index ee8eb62295..5e5c340893 100644
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -1,7 +1,7 @@
>  /** @file
>    This library is used by other modules to send TPM2 command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>
>  **/
> @@ -505,7 +505,7 @@ EFIAPI
>  Tpm2PcrEvent (
>    IN      TPMI_DH_PCR               PcrHandle,
>    IN      TPM2B_EVENT               *EventData,
> -     OUT  TPML_DIGEST_VALUES        *Digests
> +  OUT     TPML_DIGEST_VALUES        *Digests
>    );
>
>  /**
> @@ -522,10 +522,10 @@ Tpm2PcrEvent (
>  EFI_STATUS
>  EFIAPI
>  Tpm2PcrRead (
> -  IN      TPML_PCR_SELECTION        *PcrSelectionIn,
> -     OUT  UINT32                    *PcrUpdateCounter,
> -     OUT  TPML_PCR_SELECTION        *PcrSelectionOut,
> -     OUT  TPML_DIGEST               *PcrValues
> +  IN   TPML_PCR_SELECTION        *PcrSelectionIn,
> +  OUT  UINT32                    *PcrUpdateCounter,
> +  OUT  TPML_PCR_SELECTION        *PcrSelectionOut,
> +  OUT  TPML_DIGEST               *PcrValues
>    );
>
>  /**
> @@ -1113,4 +1113,20 @@ GetDigestFromDigestList(
>    OUT VOID              *Digest
>    );
>
> +  /**
> +   This function will query the TPM to determine which hashing algorithms and
> +   get the digests of all active and supported PCR banks of a specific PCR
> register.
> +
> +   @param[in]     PcrHandle     The index of the PCR register to be read.
> +   @param[out]    HashList      List of digests from PCR register being read.
> +
> +   @retval EFI_SUCCESS           The Pcr was read successfully.
> +   @retval EFI_DEVICE_ERROR      The command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> +  IN      TPMI_DH_PCR                PcrHandle,
> +  OUT     TPML_DIGEST                *HashList
> +  );
>  #endif
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> index ddb15178fb..3b49192b93 100644
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Implement TPM2 Integrity related command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>
>  **/
> @@ -109,7 +109,6 @@ Tpm2PcrExtend (
>    Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend);
>    Cmd.PcrHandle          = SwapBytes32(PcrHandle);
>
> -
>    //
>    // Add in Auth session
>    //
> @@ -130,14 +129,26 @@ Tpm2PcrExtend (
>      Buffer += sizeof(UINT16);
>      DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
>      if (DigestSize == 0) {
> -      DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> +      DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>        return EFI_DEVICE_ERROR;
>      }
> +
>      CopyMem(
>        Buffer,
>        &Digests->digests[Index].digest,
>        DigestSize
>        );
> +
> +    DEBUG_CODE_BEGIN ();
> +    UINTN Index2;
> +    DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d],
> digest = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));
> +
> +    for (Index2 = 0; Index2 < DigestSize; Index2++) {
> +      DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2]));
> +    }
> +    DEBUG ((DEBUG_VERBOSE, "\n"));
> +    DEBUG_CODE_END ();
> +
>      Buffer += DigestSize;
>    }
>
> @@ -151,7 +162,7 @@ Tpm2PcrExtend (
>    }
>
>    if (ResultBufSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>      return EFI_BUFFER_TOO_SMALL;
>    }
>
> @@ -160,7 +171,7 @@ Tpm2PcrExtend (
>    //
>    RespSize = SwapBytes32(Res.Header.paramSize);
>    if (RespSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
>      return EFI_BUFFER_TOO_SMALL;
>    }
>
> @@ -168,10 +179,15 @@ Tpm2PcrExtend (
>    // Fail if command failed
>    //
>    if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>      return EFI_DEVICE_ERROR;
>    }
>
> +  DEBUG_CODE_BEGIN ();
> +  DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n"));
> +  Tpm2PcrReadForActiveBank (PcrHandle, NULL);
> +  DEBUG_CODE_END ();
> +
>    //
>    // Unmarshal the response
>    //
> @@ -246,7 +262,7 @@ Tpm2PcrEvent (
>    }
>
>    if (ResultBufSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>      return EFI_BUFFER_TOO_SMALL;
>    }
>
> @@ -255,7 +271,7 @@ Tpm2PcrEvent (
>    //
>    RespSize = SwapBytes32(Res.Header.paramSize);
>    if (RespSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
>      return EFI_BUFFER_TOO_SMALL;
>    }
>
> @@ -263,7 +279,7 @@ Tpm2PcrEvent (
>    // Fail if command failed
>    //
>    if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>      return EFI_DEVICE_ERROR;
>    }
>
> @@ -284,7 +300,7 @@ Tpm2PcrEvent (
>      Buffer += sizeof(UINT16);
>      DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
>      if (DigestSize == 0) {
> -      DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> +      DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>        return EFI_DEVICE_ERROR;
>      }
>      CopyMem(
> @@ -298,6 +314,7 @@ Tpm2PcrEvent (
>    return EFI_SUCCESS;
>  }
>
> +
>  /**
>    This command returns the values of all PCR specified in pcrSelect.
>
> @@ -353,11 +370,11 @@ Tpm2PcrRead (
>    }
>
>    if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>      return EFI_DEVICE_ERROR;
>    }
>    if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
>      return EFI_NOT_FOUND;
>    }
>
> @@ -369,7 +386,7 @@ Tpm2PcrRead (
>    // PcrUpdateCounter
>    //
>    if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>      return EFI_DEVICE_ERROR;
>    }
>    *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
> @@ -378,7 +395,7 @@ Tpm2PcrRead (
>    // PcrSelectionOut
>    //
>    if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>      return EFI_DEVICE_ERROR;
>    }
>    PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
> @@ -388,7 +405,7 @@ Tpm2PcrRead (
>    }
>
>    if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>      return EFI_DEVICE_ERROR;
>    }
>    for (Index = 0; Index < PcrSelectionOut->count; Index++) {
> @@ -513,7 +530,7 @@ Tpm2PcrAllocate (
>    }
>
>    if (ResultBufSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand:
> Buffer Too Small\r\n"));
>      Status = EFI_BUFFER_TOO_SMALL;
>      goto Done;
>    }
> @@ -523,7 +540,7 @@ Tpm2PcrAllocate (
>    //
>    RespSize = SwapBytes32(Res.Header.paramSize);
>    if (RespSize > sizeof(Res)) {
> -    DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n",
> RespSize));
> +    DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too
> large! %d\r\n", RespSize));
>      Status = EFI_BUFFER_TOO_SMALL;
>      goto Done;
>    }
> @@ -532,7 +549,7 @@ Tpm2PcrAllocate (
>    // Fail if command failed
>    //
>    if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> -    DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> +    DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>      Status = EFI_DEVICE_ERROR;
>      goto Done;
>    }
> @@ -673,17 +690,180 @@ Tpm2PcrAllocateBanks (
>               &SizeNeeded,
>               &SizeAvailable
>               );
> -  DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
> +  DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
>    if (EFI_ERROR (Status)) {
>      goto Done;
>    }
>
> -  DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
> -  DEBUG ((EFI_D_INFO, "MaxPCR            - %08x\n", MaxPCR));
> -  DEBUG ((EFI_D_INFO, "SizeNeeded        - %08x\n", SizeNeeded));
> -  DEBUG ((EFI_D_INFO, "SizeAvailable     - %08x\n", SizeAvailable));
> +  DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
> +  DEBUG ((DEBUG_INFO, "MaxPCR            - %08x\n", MaxPCR));
> +  DEBUG ((DEBUG_INFO, "SizeNeeded        - %08x\n", SizeNeeded));
> +  DEBUG ((DEBUG_INFO, "SizeAvailable     - %08x\n", SizeAvailable));
>
>  Done:
>    ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
>    return Status;
>  }
> +
> +/**
> +   This function will query the TPM to determine which hashing algorithms and
> +   get the digests of all active and supported PCR banks of a specific PCR
> register.
> +
> +   @param[in]     PcrHandle     The index of the PCR register to be read.
> +   @param[out]    HashList      List of digests from PCR register being read.
> +
> +   @retval EFI_SUCCESS           The Pcr was read successfully.
> +   @retval EFI_DEVICE_ERROR      The command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> + IN      TPMI_DH_PCR                PcrHandle,
> + OUT     TPML_DIGEST                *HashList
> +)
> +{
> +  EFI_STATUS                        Status;
> +  TPML_PCR_SELECTION                Pcrs;
> +  TPML_PCR_SELECTION                PcrSelectionIn;
> +  TPML_PCR_SELECTION                PcrSelectionOut;
> +  TPML_DIGEST                       PcrValues;
> +  UINT32                            PcrUpdateCounter;
> +  UINT8                             PcrIndex;
> +  UINT32                            TpmHashAlgorithmBitmap;
> +  TPMI_ALG_HASH                     CurrentPcrBankHash;
> +  UINT32                            ActivePcrBanks;
> +  UINT32                            TcgRegistryHashAlg;
> +  UINTN                             Index;
> +  UINTN                             Index2;
> +
> +  PcrIndex = (UINT8) PcrHandle;
> +
> +  if ((PcrIndex < 0) ||
> +      (PcrIndex >= IMPLEMENTATION_PCR)) {
> +    return EFI_INVALID_PARAMETER;
> +  }
> +
> +  ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
> +  ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
> +  ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
> +  ZeroMem (&PcrValues, sizeof (PcrValues));
> +  ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
> +
> +  DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
> +
> +  //
> +  // Read TPM capabilities
> +  //
> +  Status = Tpm2GetCapabilityPcrs (&Pcrs);
> +
> +  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
> +    return EFI_DEVICE_ERROR;
> +  }
> +
> +  //
> +  // Get Active Pcrs
> +  //
> +  Status = Tpm2GetCapabilitySupportedAndActivePcrs (
> +             &TpmHashAlgorithmBitmap,
> +             &ActivePcrBanks
> +             );
> +
> +  if (EFI_ERROR (Status)) {
> +    DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and
> active PCRs\n"));
> +    return EFI_DEVICE_ERROR;
> +  }
> +
> +  //
> +  // Select from Active PCRs
> +  //
> +  for (Index = 0; Index < Pcrs.count; Index++) {
> +    CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
> +
> +    switch (CurrentPcrBankHash) {
> +    case TPM_ALG_SHA1:
> +      DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
> +      TcgRegistryHashAlg = HASH_ALG_SHA1;
> +      break;
> +    case TPM_ALG_SHA256:
> +      DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
> +      TcgRegistryHashAlg = HASH_ALG_SHA256;
> +      break;
> +    case TPM_ALG_SHA384:
> +      DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
> +      TcgRegistryHashAlg = HASH_ALG_SHA384;
> +      break;
> +    case TPM_ALG_SHA512:
> +      DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
> +      TcgRegistryHashAlg = HASH_ALG_SHA512;
> +      break;
> +    case TPM_ALG_SM3_256:
> +      DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
> +      TcgRegistryHashAlg = HASH_ALG_SM3_256;
> +      break;
> +    default:
> +      //
> +      // Unsupported algorithm
> +      //
> +      DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
> +      TcgRegistryHashAlg = 0;
> +      break;
> +    }
> +    //
> +    // Skip unsupported and inactive PCR banks
> +    //
> +    if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
> +      DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank:
> 0x%04x\n", CurrentPcrBankHash));
> +      continue;
> +    }
> +
> +    //
> +    // Select PCR from current active bank
> +    //
> +    PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =
> Pcrs.pcrSelections[Index].hash;
> +    PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =
> PCR_SELECT_MAX;
> +    PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex <
> 8) ? 1 << PcrIndex : 0;
> +    PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex >
> 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
> +    PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex >
> 15) ? 1 << (PcrIndex - 16) : 0;
> +    PcrSelectionIn.count++;
> +  }
> +
> +  //
> +  // Read PCRs
> +  //
> +  Status = Tpm2PcrRead (
> +             &PcrSelectionIn,
> +             &PcrUpdateCounter,
> +             &PcrSelectionOut,
> +             &PcrValues
> +             );
> +
> +  if (EFI_ERROR (Status)) {
> +    DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
> +    return EFI_DEVICE_ERROR;
> +  }
> +
> +  for (Index = 0; Index < PcrValues.count; Index++) {
> +    DEBUG ((
> +      DEBUG_INFO,
> +      "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
> +      PcrSelectionOut.pcrSelections[Index].hash,
> +      PcrIndex
> +      ));
> +
> +    for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
> +      DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
> +    }
> +    DEBUG ((DEBUG_INFO, "\n"));
> +  }
> +
> +  if (HashList != NULL) {
> +    CopyMem (
> +      HashList,
> +      &PcrValues,
> +      sizeof (TPML_DIGEST)
> +      );
> +  }
> +
> +  return EFI_SUCCESS;
> +}
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> index 93a8803ff6..ea79fa0af6 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> @@ -1,7 +1,7 @@
>  /** @file
>    Initialize TPM2 device and measure FVs before handing off control to DXE.
>
> -Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
>  Copyright (c) 2017, Microsoft Corporation.  All rights reserved. <BR>
>  SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR           mNotifyList[] = {
>    }
>  };
>
> -
>  /**
>    Record all measured Firmware Volume Information into a Guid Hob
>    Guid Hob payload layout is
> @@ -267,7 +266,7 @@ SyncPcrAllocationsAndPcrMask (
>    UINT32                            Tpm2PcrMask;
>    UINT32                            NewTpm2PcrMask;
>
> -  DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
> +  DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
>
>    //
>    // Determine the current TPM support and the Platform PCR mask.
> @@ -278,7 +277,7 @@ SyncPcrAllocationsAndPcrMask (
>    Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
>    if (Tpm2PcrMask == 0) {
>      //
> -    // if PcdTPm2HashMask is zero, use ActivePcr setting
> +    // if PcdTpm2HashMask is zero, use ActivePcr setting
>      //
>      PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
>      Tpm2PcrMask = TpmActivePcrBanks;
> @@ -297,9 +296,9 @@ SyncPcrAllocationsAndPcrMask (
>    if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
>      NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
>
> -    DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
> +    DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
>      if (NewTpmActivePcrBanks == 0) {
> -      DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> +      DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>        ASSERT (FALSE);
>      } else {
>        Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap,
> NewTpmActivePcrBanks);
> @@ -307,7 +306,7 @@ SyncPcrAllocationsAndPcrMask (
>          //
>          // We can't do much here, but we hope that this doesn't happen.
>          //
> -        DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
> +        DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
>          ASSERT_EFI_ERROR (Status);
>        }
>        //
> @@ -324,9 +323,9 @@ SyncPcrAllocationsAndPcrMask (
>    if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
>      NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
>
> -    DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
> +    DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
>      if (NewTpm2PcrMask == 0) {
> -      DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> +      DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>        ASSERT (FALSE);
>      }
>
> @@ -365,7 +364,7 @@ LogHashEvent (
>    RetStatus = EFI_SUCCESS;
>    for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]);
> Index++) {
>      if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
> -      DEBUG ((EFI_D_INFO, "  LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
> +      DEBUG ((DEBUG_INFO, "  LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
>        switch (mTcg2EventInfo[Index].LogFormat) {
>        case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
>          Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList,
> &NewEventHdr->Digest);
> @@ -476,7 +475,7 @@ HashLogExtendEvent (
>    }
>
>    if (Status == EFI_DEVICE_ERROR) {
> -    DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
> +    DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n",
> Status));
>      BuildGuidHob (&gTpmErrorHobGuid,0);
>      REPORT_STATUS_CODE (
>        EFI_ERROR_CODE | EFI_ERROR_MINOR,
> @@ -1011,7 +1010,7 @@ PeimEntryMA (
>    }
>
>    if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
> -    DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
> +    DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));
>      return EFI_DEVICE_ERROR;
>    }
>
> @@ -1075,7 +1074,7 @@ PeimEntryMA (
>        for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
>          Status = MeasureSeparatorEventWithError (PcrIndex);
>          if (EFI_ERROR (Status)) {
> -          DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
> +          DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
>          }
>        }
>      }
> @@ -1092,6 +1091,13 @@ PeimEntryMA (
>        }
>      }
>
> +    DEBUG_CODE_BEGIN ();
> +    //
> +    // Peek into TPM PCR 00 before any BIOS measurement.
> +    //
> +    Tpm2PcrReadForActiveBank (00, NULL);
> +    DEBUG_CODE_END ();
> +
>      //
>      // Only install TpmInitializedPpi on success
>      //
> @@ -1106,7 +1112,7 @@ PeimEntryMA (
>
>  Done:
>    if (EFI_ERROR (Status)) {
> -    DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
> +    DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
>      BuildGuidHob (&gTpmErrorHobGuid,0);
>      REPORT_STATUS_CODE (
>        EFI_ERROR_CODE | EFI_ERROR_MINOR,
> --
> 2.31.1.windows.1

Join devel@edk2.groups.io to automatically receive all group messages.