2 Measure TrEE required variable.
4 Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include <Guid/ImageAuthentication.h>
17 #include <IndustryStandard/UefiTcgPlatform.h>
18 #include <Protocol/TrEEProtocol.h>
20 #include <Library/UefiBootServicesTableLib.h>
21 #include <Library/UefiRuntimeServicesTableLib.h>
22 #include <Library/MemoryAllocationLib.h>
23 #include <Library/BaseMemoryLib.h>
24 #include <Library/DebugLib.h>
25 #include <Library/BaseLib.h>
26 #include <Library/TpmMeasurementLib.h>
40 #define MEASURED_AUTHORITY_COUNT_MAX 0x100
42 UINTN mMeasuredAuthorityCount
= 0;
43 UINTN mMeasuredAuthorityCountMax
= 0;
44 VARIABLE_RECORD
*mMeasuredAuthorityList
= NULL
;
46 VARIABLE_TYPE mVariableType
[] = {
47 {EFI_IMAGE_SECURITY_DATABASE
, &gEfiImageSecurityDatabaseGuid
},
51 This function will check if VarName should be recorded and return the address of VarName if it is needed.
53 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
55 @return the address of VarName.
64 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
65 if (StrCmp (VarName
, mVariableType
[Index
].VariableName
) == 0) {
66 return mVariableType
[Index
].VariableName
;
74 This function will check if VendorGuid should be recorded and return the address of VendorGuid if it is needed.
76 @param[in] VendorGuid A unique identifier for the vendor.
78 @return the address of VendorGuid.
82 IN EFI_GUID
*VendorGuid
87 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
88 if (CompareGuid (VendorGuid
, mVariableType
[Index
].VendorGuid
)) {
89 return mVariableType
[Index
].VendorGuid
;
97 This function will add variable information to MeasuredAuthorityList.
99 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
100 @param[in] VendorGuid A unique identifier for the vendor.
101 @param[in] VarData The content of the variable data.
102 @param[in] VarSize The size of the variable data.
104 @retval EFI_SUCCESS Operation completed successfully.
105 @retval EFI_OUT_OF_RESOURCES Out of memory.
110 IN EFI_GUID
*VendorGuid
,
115 VARIABLE_RECORD
*NewMeasuredAuthorityList
;
117 ASSERT (mMeasuredAuthorityCount
<= mMeasuredAuthorityCountMax
);
118 if (mMeasuredAuthorityCount
== mMeasuredAuthorityCountMax
) {
122 NewMeasuredAuthorityList
= AllocateZeroPool (sizeof(VARIABLE_RECORD
) * (mMeasuredAuthorityCountMax
+ MEASURED_AUTHORITY_COUNT_MAX
));
123 if (NewMeasuredAuthorityList
== NULL
) {
124 return EFI_OUT_OF_RESOURCES
;
126 if (mMeasuredAuthorityList
!= NULL
) {
127 CopyMem (NewMeasuredAuthorityList
, mMeasuredAuthorityList
, sizeof(VARIABLE_RECORD
) * mMeasuredAuthorityCount
);
128 FreePool (mMeasuredAuthorityList
);
130 mMeasuredAuthorityList
= NewMeasuredAuthorityList
;
131 mMeasuredAuthorityCountMax
+= MEASURED_AUTHORITY_COUNT_MAX
;
137 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].VariableName
= AssignVarName (VarName
);
138 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].VendorGuid
= AssignVendorGuid (VendorGuid
);
139 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Size
= Size
;
140 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Data
= AllocatePool (Size
);
141 if (mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Data
== NULL
) {
142 return EFI_OUT_OF_RESOURCES
;
144 CopyMem (mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Data
, Data
, Size
);
145 mMeasuredAuthorityCount
++;
151 This function will return if this variable is already measured.
153 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
154 @param[in] VendorGuid A unique identifier for the vendor.
155 @param[in] VarData The content of the variable data.
156 @param[in] VarSize The size of the variable data.
158 @retval TRUE The data is already measured.
159 @retval FALSE The data is not measured yet.
164 IN EFI_GUID
*VendorGuid
,
171 for (Index
= 0; Index
< mMeasuredAuthorityCount
; Index
++) {
172 if ((StrCmp (VarName
, mMeasuredAuthorityList
[Index
].VariableName
) == 0) &&
173 (CompareGuid (VendorGuid
, mMeasuredAuthorityList
[Index
].VendorGuid
)) &&
174 (CompareMem (Data
, mMeasuredAuthorityList
[Index
].Data
, Size
) == 0) &&
175 (Size
== mMeasuredAuthorityList
[Index
].Size
)) {
184 This function will return if this variable is SecureAuthority Variable.
186 @param[in] VariableName A Null-terminated string that is the name of the vendor's variable.
187 @param[in] VendorGuid A unique identifier for the vendor.
189 @retval TRUE This is SecureAuthority Variable
190 @retval FALSE This is not SecureAuthority Variable
193 IsSecureAuthorityVariable (
194 IN CHAR16
*VariableName
,
195 IN EFI_GUID
*VendorGuid
200 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
201 if ((StrCmp (VariableName
, mVariableType
[Index
].VariableName
) == 0) &&
202 (CompareGuid (VendorGuid
, mVariableType
[Index
].VendorGuid
))) {
210 Measure and log an EFI variable, and extend the measurement result into a specific PCR.
212 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
213 @param[in] VendorGuid A unique identifier for the vendor.
214 @param[in] VarData The content of the variable data.
215 @param[in] VarSize The size of the variable data.
217 @retval EFI_SUCCESS Operation completed successfully.
218 @retval EFI_OUT_OF_RESOURCES Out of memory.
219 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
226 IN EFI_GUID
*VendorGuid
,
233 EFI_VARIABLE_DATA_TREE
*VarLog
;
237 // The EFI_VARIABLE_DATA_TREE.VariableData value shall be the EFI_SIGNATURE_DATA value
238 // from the EFI_SIGNATURE_LIST that contained the authority that was used to validate the image
240 VarNameLength
= StrLen (VarName
);
241 VarLogSize
= (UINT32
)(sizeof (*VarLog
) + VarNameLength
* sizeof (*VarName
) + VarSize
242 - sizeof (VarLog
->UnicodeName
) - sizeof (VarLog
->VariableData
));
244 VarLog
= (EFI_VARIABLE_DATA_TREE
*) AllocateZeroPool (VarLogSize
);
245 if (VarLog
== NULL
) {
246 return EFI_OUT_OF_RESOURCES
;
249 CopyMem (&VarLog
->VariableName
, VendorGuid
, sizeof(VarLog
->VariableName
));
250 VarLog
->UnicodeNameLength
= VarNameLength
;
251 VarLog
->VariableDataLength
= VarSize
;
255 VarNameLength
* sizeof (*VarName
)
258 (CHAR16
*)VarLog
->UnicodeName
+ VarNameLength
,
263 DEBUG ((EFI_D_INFO
, "DxeImageVerification: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN
)7, (UINTN
)EV_EFI_VARIABLE_AUTHORITY
));
264 DEBUG ((EFI_D_INFO
, "VariableName - %s, VendorGuid - %g)\n", VarName
, VendorGuid
));
266 Status
= TpmMeasureAndLogData (
268 EV_EFI_VARIABLE_AUTHORITY
,
280 SecureBoot Hook for processing image verification.
282 @param[in] VariableName Name of Variable to be found.
283 @param[in] VendorGuid Variable vendor GUID.
284 @param[in] DataSize Size of Data found. If size is less than the
285 data, this value contains the required size.
286 @param[in] Data Data pointer.
292 IN CHAR16
*VariableName
,
293 IN EFI_GUID
*VendorGuid
,
300 if (!IsSecureAuthorityVariable (VariableName
, VendorGuid
)) {
304 if (IsDataMeasured (VariableName
, VendorGuid
, Data
, DataSize
)) {
305 DEBUG ((EFI_D_ERROR
, "MeasureSecureAuthorityVariable - IsDataMeasured\n"));
309 Status
= MeasureVariable (
315 DEBUG ((EFI_D_INFO
, "MeasureBootPolicyVariable - %r\n", Status
));
317 if (!EFI_ERROR (Status
)) {
318 AddDataMeasured (VariableName
, VendorGuid
, Data
, DataSize
);