IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c

   1 /** @file
   2   This library is used by FSP modules to measure data to TPM.
   3
   4 Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
   5 SPDX-License-Identifier: BSD-2-Clause-Patent
   6
   7 **/
   8
   9 #include <PiPei.h>
  10 #include <Uefi.h>
  11
  12 #include <Library/BaseMemoryLib.h>
  13 #include <Library/PeiServicesLib.h>
  14 #include <Library/PeiServicesTablePointerLib.h>
  15 #include <Library/PcdLib.h>
  16 #include <Library/PrintLib.h>
  17 #include <Library/DebugLib.h>
  18 #include <Library/FspWrapperApiLib.h>
  19 #include <Library/TpmMeasurementLib.h>
  20 #include <Library/FspMeasurementLib.h>
  21 #include <Library/TcgEventLogRecordLib.h>
  22 #include <Library/HashLib.h>
  23
  24 #include <Ppi/Tcg.h>
  25 #include <IndustryStandard/UefiTcgPlatform.h>
  26
  27 /**
  28   Tpm measure and log data, and extend the measurement result into a specific PCR.
  29
  30   @param[in]  PcrIndex         PCR Index.
  31   @param[in]  EventType        Event type.
  32   @param[in]  EventLog         Measurement event log.
  33   @param[in]  LogLen           Event log length in bytes.
  34   @param[in]  HashData         The start of the data buffer to be hashed, extended.
  35   @param[in]  HashDataLen      The length, in bytes, of the buffer referenced by HashData
  36   @param[in]  Flags            Bitmap providing additional information.
  37
  38   @retval EFI_SUCCESS           Operation completed successfully.
  39   @retval EFI_UNSUPPORTED       TPM device not available.
  40   @retval EFI_OUT_OF_RESOURCES  Out of memory.
  41   @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
  42 **/
  43 EFI_STATUS
  44 EFIAPI
  45 TpmMeasureAndLogDataWithFlags (
  46   IN UINT32  PcrIndex,
  47   IN UINT32  EventType,
  48   IN VOID    *EventLog,
  49   IN UINT32  LogLen,
  50   IN VOID    *HashData,
  51   IN UINT64  HashDataLen,
  52   IN UINT64  Flags
  53   )
  54 {
  55   EFI_STATUS         Status;
  56   EDKII_TCG_PPI      *TcgPpi;
  57   TCG_PCR_EVENT_HDR  TcgEventHdr;
  58
  59   Status = PeiServicesLocatePpi (
  60              &gEdkiiTcgPpiGuid,
  61              0,
  62              NULL,
  63              (VOID **)&TcgPpi
  64              );
  65   if (EFI_ERROR (Status)) {
  66     return Status;
  67   }
  68
  69   TcgEventHdr.PCRIndex  = PcrIndex;
  70   TcgEventHdr.EventType = EventType;
  71   TcgEventHdr.EventSize = LogLen;
  72
  73   Status = TcgPpi->HashLogExtendEvent (
  74                      TcgPpi,
  75                      Flags,
  76                      HashData,
  77                      (UINTN)HashDataLen,
  78                      &TcgEventHdr,
  79                      EventLog
  80                      );
  81   return Status;
  82 }
  83
  84 /**
  85   Measure a FSP FirmwareBlob.
  86
  87   @param[in]  Description             Description for this FirmwareBlob.
  88   @param[in]  FirmwareBlobBase        Base address of this FirmwareBlob.
  89   @param[in]  FirmwareBlobLength      Size in bytes of this FirmwareBlob.
  90   @param[in]  CfgRegionOffset         Configuration region offset in bytes.
  91   @param[in]  CfgRegionSize           Configuration region in bytes.
  92
  93   @retval EFI_SUCCESS           Operation completed successfully.
  94   @retval EFI_UNSUPPORTED       TPM device not available.
  95   @retval EFI_OUT_OF_RESOURCES  Out of memory.
  96   @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
  97 **/
  98 STATIC
  99 EFI_STATUS
 100 EFIAPI
 101 MeasureFspFirmwareBlobWithCfg (
 102   IN CHAR8                 *Description OPTIONAL,
 103   IN EFI_PHYSICAL_ADDRESS  FirmwareBlobBase,
 104   IN UINT64                FirmwareBlobLength,
 105   IN UINT32                CfgRegionOffset,
 106   IN UINT32                CfgRegionSize
 107   )
 108 {
 109   EFI_PLATFORM_FIRMWARE_BLOB      FvBlob, UpdBlob;
 110   PLATFORM_FIRMWARE_BLOB2_STRUCT  FvBlob2, UpdBlob2;
 111   VOID                            *FvName;
 112   UINT32                          FvEventType;
 113   VOID                            *FvEventLog, *UpdEventLog;
 114   UINT32                          FvEventLogSize, UpdEventLogSize;
 115   EFI_STATUS                      Status;
 116   HASH_HANDLE                     HashHandle;
 117   UINT8                           *HashBase;
 118   UINTN                           HashSize;
 119   TPML_DIGEST_VALUES              DigestList;
 120
 121   FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
 122
 123   if (((Description != NULL) || (FvName != NULL)) &&
 124       (PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
 125   {
 126     if (Description != NULL) {
 127       AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "%a", Description);
 128       AsciiSPrint ((CHAR8 *)UpdBlob2.BlobDescription, sizeof (UpdBlob2.BlobDescription), "%aUDP", Description);
 129     } else {
 130       AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
 131       AsciiSPrint ((CHAR8 *)UpdBlob2.BlobDescription, sizeof (UpdBlob2.BlobDescription), "(%g)UDP", FvName);
 132     }
 133
 134     FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
 135     FvBlob2.BlobBase            = FirmwareBlobBase;
 136     FvBlob2.BlobLength          = FirmwareBlobLength;
 137     FvEventType                 = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
 138     FvEventLog                  = &FvBlob2;
 139     FvEventLogSize              = sizeof (FvBlob2);
 140
 141     UpdBlob2.BlobDescriptionSize = sizeof (UpdBlob2.BlobDescription);
 142     UpdBlob2.BlobBase            = CfgRegionOffset;
 143     UpdBlob2.BlobLength          = CfgRegionSize;
 144     UpdEventLog                  = &UpdBlob2;
 145     UpdEventLogSize              = sizeof (UpdBlob2);
 146   } else {
 147     FvBlob.BlobBase   = FirmwareBlobBase;
 148     FvBlob.BlobLength = FirmwareBlobLength;
 149     FvEventType       = EV_EFI_PLATFORM_FIRMWARE_BLOB;
 150     FvEventLog        = &FvBlob;
 151     FvEventLogSize    = sizeof (FvBlob);
 152
 153     UpdBlob.BlobBase   = CfgRegionOffset;
 154     UpdBlob.BlobLength = CfgRegionSize;
 155     UpdEventLog        = &UpdBlob;
 156     UpdEventLogSize    = sizeof (UpdBlob);
 157   }
 158
 159   /** Initialize a SHA hash context. **/
 160   Status = HashStart (&HashHandle);
 161   if (EFI_ERROR (Status)) {
 162     DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));
 163     return Status;
 164   }
 165
 166   /** Hash FSP binary before UDP **/
 167   HashBase = (UINT8 *)(UINTN)FirmwareBlobBase;
 168   HashSize = (UINTN)CfgRegionOffset;
 169   Status   = HashUpdate (HashHandle, HashBase, HashSize);
 170   if (EFI_ERROR (Status)) {
 171     DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
 172     return Status;
 173   }
 174
 175   /** Hash FSP binary after UDP **/
 176   HashBase = (UINT8 *)(UINTN)FirmwareBlobBase + CfgRegionOffset + CfgRegionSize;
 177   HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSize);
 178   Status   = HashUpdate (HashHandle, HashBase, HashSize);
 179   if (EFI_ERROR (Status)) {
 180     DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
 181     return Status;
 182   }
 183
 184   /** Finalize the SHA hash. **/
 185   Status = HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList);
 186   if (EFI_ERROR (Status)) {
 187     DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status));
 188     return Status;
 189   }
 190
 191   Status = TpmMeasureAndLogDataWithFlags (
 192              0,
 193              FvEventType,
 194              FvEventLog,
 195              FvEventLogSize,
 196              (UINT8 *)&DigestList,
 197              (UINTN)sizeof (DigestList),
 198              EDKII_TCG_PRE_HASH_LOG_ONLY
 199              );
 200
 201   Status = TpmMeasureAndLogData (
 202              1,
 203              EV_PLATFORM_CONFIG_FLAGS,
 204              UpdEventLog,
 205              UpdEventLogSize,
 206              (UINT8 *)(UINTN)FirmwareBlobBase + CfgRegionOffset,
 207              CfgRegionSize
 208              );
 209
 210   return Status;
 211 }
 212
 213 /**
 214   Measure a FSP FirmwareBlob.
 215
 216   @param[in]  PcrIndex                PCR Index.
 217   @param[in]  Description             Description for this FirmwareBlob.
 218   @param[in]  FirmwareBlobBase        Base address of this FirmwareBlob.
 219   @param[in]  FirmwareBlobLength      Size in bytes of this FirmwareBlob.
 220
 221   @retval EFI_SUCCESS           Operation completed successfully.
 222   @retval EFI_UNSUPPORTED       TPM device not available.
 223   @retval EFI_OUT_OF_RESOURCES  Out of memory.
 224   @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
 225 **/
 226 EFI_STATUS
 227 EFIAPI
 228 MeasureFspFirmwareBlob (
 229   IN UINT32                PcrIndex,
 230   IN CHAR8                 *Description OPTIONAL,
 231   IN EFI_PHYSICAL_ADDRESS  FirmwareBlobBase,
 232   IN UINT64                FirmwareBlobLength
 233   )
 234 {
 235   UINT32           FspMeasureMask;
 236   FSP_INFO_HEADER  *FspHeaderPtr;
 237
 238   FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
 239   if ((FspMeasureMask & FSP_MEASURE_FSPUPD) != 0) {
 240     FspHeaderPtr = (FSP_INFO_HEADER *)FspFindFspHeader (FirmwareBlobBase);
 241     if (FspHeaderPtr != NULL) {
 242       return MeasureFspFirmwareBlobWithCfg (
 243                Description,
 244                FirmwareBlobBase,
 245                FirmwareBlobLength,
 246                FspHeaderPtr->CfgRegionOffset,
 247                FspHeaderPtr->CfgRegionSize
 248                );
 249     }
 250   }
 251
 252   return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, FirmwareBlobLength);
 253 }