2 Measure TCG required variable.
4 Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include <Guid/ImageAuthentication.h>
17 #include <IndustryStandard/UefiTcgPlatform.h>
19 #include <Library/UefiBootServicesTableLib.h>
20 #include <Library/UefiRuntimeServicesTableLib.h>
21 #include <Library/MemoryAllocationLib.h>
22 #include <Library/BaseMemoryLib.h>
23 #include <Library/DebugLib.h>
24 #include <Library/BaseLib.h>
25 #include <Library/TpmMeasurementLib.h>
39 #define MEASURED_AUTHORITY_COUNT_MAX 0x100
41 UINTN mMeasuredAuthorityCount
= 0;
42 UINTN mMeasuredAuthorityCountMax
= 0;
43 VARIABLE_RECORD
*mMeasuredAuthorityList
= NULL
;
45 VARIABLE_TYPE mVariableType
[] = {
46 {EFI_IMAGE_SECURITY_DATABASE
, &gEfiImageSecurityDatabaseGuid
},
50 This function will check if VarName should be recorded and return the address of VarName if it is needed.
52 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
54 @return the address of VarName.
63 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
64 if (StrCmp (VarName
, mVariableType
[Index
].VariableName
) == 0) {
65 return mVariableType
[Index
].VariableName
;
73 This function will check if VendorGuid should be recorded and return the address of VendorGuid if it is needed.
75 @param[in] VendorGuid A unique identifier for the vendor.
77 @return the address of VendorGuid.
81 IN EFI_GUID
*VendorGuid
86 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
87 if (CompareGuid (VendorGuid
, mVariableType
[Index
].VendorGuid
)) {
88 return mVariableType
[Index
].VendorGuid
;
96 This function will add variable information to MeasuredAuthorityList.
98 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
99 @param[in] VendorGuid A unique identifier for the vendor.
100 @param[in] VarData The content of the variable data.
101 @param[in] VarSize The size of the variable data.
103 @retval EFI_SUCCESS Operation completed successfully.
104 @retval EFI_OUT_OF_RESOURCES Out of memory.
109 IN EFI_GUID
*VendorGuid
,
114 VARIABLE_RECORD
*NewMeasuredAuthorityList
;
116 ASSERT (mMeasuredAuthorityCount
<= mMeasuredAuthorityCountMax
);
117 if (mMeasuredAuthorityCount
== mMeasuredAuthorityCountMax
) {
121 NewMeasuredAuthorityList
= AllocateZeroPool (sizeof(VARIABLE_RECORD
) * (mMeasuredAuthorityCountMax
+ MEASURED_AUTHORITY_COUNT_MAX
));
122 if (NewMeasuredAuthorityList
== NULL
) {
123 return EFI_OUT_OF_RESOURCES
;
125 if (mMeasuredAuthorityList
!= NULL
) {
126 CopyMem (NewMeasuredAuthorityList
, mMeasuredAuthorityList
, sizeof(VARIABLE_RECORD
) * mMeasuredAuthorityCount
);
127 FreePool (mMeasuredAuthorityList
);
129 mMeasuredAuthorityList
= NewMeasuredAuthorityList
;
130 mMeasuredAuthorityCountMax
+= MEASURED_AUTHORITY_COUNT_MAX
;
136 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].VariableName
= AssignVarName (VarName
);
137 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].VendorGuid
= AssignVendorGuid (VendorGuid
);
138 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Size
= Size
;
139 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Data
= AllocatePool (Size
);
140 if (mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Data
== NULL
) {
141 return EFI_OUT_OF_RESOURCES
;
143 CopyMem (mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Data
, Data
, Size
);
144 mMeasuredAuthorityCount
++;
150 This function will return if this variable is already measured.
152 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
153 @param[in] VendorGuid A unique identifier for the vendor.
154 @param[in] VarData The content of the variable data.
155 @param[in] VarSize The size of the variable data.
157 @retval TRUE The data is already measured.
158 @retval FALSE The data is not measured yet.
163 IN EFI_GUID
*VendorGuid
,
170 for (Index
= 0; Index
< mMeasuredAuthorityCount
; Index
++) {
171 if ((StrCmp (VarName
, mMeasuredAuthorityList
[Index
].VariableName
) == 0) &&
172 (CompareGuid (VendorGuid
, mMeasuredAuthorityList
[Index
].VendorGuid
)) &&
173 (CompareMem (Data
, mMeasuredAuthorityList
[Index
].Data
, Size
) == 0) &&
174 (Size
== mMeasuredAuthorityList
[Index
].Size
)) {
183 This function will return if this variable is SecureAuthority Variable.
185 @param[in] VariableName A Null-terminated string that is the name of the vendor's variable.
186 @param[in] VendorGuid A unique identifier for the vendor.
188 @retval TRUE This is SecureAuthority Variable
189 @retval FALSE This is not SecureAuthority Variable
192 IsSecureAuthorityVariable (
193 IN CHAR16
*VariableName
,
194 IN EFI_GUID
*VendorGuid
199 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
200 if ((StrCmp (VariableName
, mVariableType
[Index
].VariableName
) == 0) &&
201 (CompareGuid (VendorGuid
, mVariableType
[Index
].VendorGuid
))) {
209 Measure and log an EFI variable, and extend the measurement result into a specific PCR.
211 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
212 @param[in] VendorGuid A unique identifier for the vendor.
213 @param[in] VarData The content of the variable data.
214 @param[in] VarSize The size of the variable data.
216 @retval EFI_SUCCESS Operation completed successfully.
217 @retval EFI_OUT_OF_RESOURCES Out of memory.
218 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
225 IN EFI_GUID
*VendorGuid
,
232 UEFI_VARIABLE_DATA
*VarLog
;
236 // The UEFI_VARIABLE_DATA.VariableData value shall be the EFI_SIGNATURE_DATA value
237 // from the EFI_SIGNATURE_LIST that contained the authority that was used to validate the image
239 VarNameLength
= StrLen (VarName
);
240 VarLogSize
= (UINT32
)(sizeof (*VarLog
) + VarNameLength
* sizeof (*VarName
) + VarSize
241 - sizeof (VarLog
->UnicodeName
) - sizeof (VarLog
->VariableData
));
243 VarLog
= (UEFI_VARIABLE_DATA
*) AllocateZeroPool (VarLogSize
);
244 if (VarLog
== NULL
) {
245 return EFI_OUT_OF_RESOURCES
;
248 CopyMem (&VarLog
->VariableName
, VendorGuid
, sizeof(VarLog
->VariableName
));
249 VarLog
->UnicodeNameLength
= VarNameLength
;
250 VarLog
->VariableDataLength
= VarSize
;
254 VarNameLength
* sizeof (*VarName
)
257 (CHAR16
*)VarLog
->UnicodeName
+ VarNameLength
,
262 DEBUG ((EFI_D_INFO
, "DxeImageVerification: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN
)7, (UINTN
)EV_EFI_VARIABLE_AUTHORITY
));
263 DEBUG ((EFI_D_INFO
, "VariableName - %s, VendorGuid - %g)\n", VarName
, VendorGuid
));
265 Status
= TpmMeasureAndLogData (
267 EV_EFI_VARIABLE_AUTHORITY
,
279 SecureBoot Hook for processing image verification.
281 @param[in] VariableName Name of Variable to be found.
282 @param[in] VendorGuid Variable vendor GUID.
283 @param[in] DataSize Size of Data found. If size is less than the
284 data, this value contains the required size.
285 @param[in] Data Data pointer.
291 IN CHAR16
*VariableName
,
292 IN EFI_GUID
*VendorGuid
,
299 if (!IsSecureAuthorityVariable (VariableName
, VendorGuid
)) {
303 if (IsDataMeasured (VariableName
, VendorGuid
, Data
, DataSize
)) {
304 DEBUG ((EFI_D_ERROR
, "MeasureSecureAuthorityVariable - IsDataMeasured\n"));
308 Status
= MeasureVariable (
314 DEBUG ((EFI_D_INFO
, "MeasureBootPolicyVariable - %r\n", Status
));
316 if (!EFI_ERROR (Status
)) {
317 AddDataMeasured (VariableName
, VendorGuid
, Data
, DataSize
);