2 Initialize TPM2 device and measure FVs before handing off control to DXE.
4 Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
17 #include <IndustryStandard/UefiTcgPlatform.h>
18 #include <Ppi/FirmwareVolumeInfo.h>
19 #include <Ppi/FirmwareVolumeInfo2.h>
20 #include <Ppi/LockPhysicalPresence.h>
21 #include <Ppi/TpmInitialized.h>
22 #include <Ppi/FirmwareVolume.h>
23 #include <Ppi/EndOfPeiPhase.h>
24 #include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
26 #include <Guid/TcgEventHob.h>
27 #include <Guid/MeasuredFvHob.h>
28 #include <Guid/TpmInstance.h>
30 #include <Library/DebugLib.h>
31 #include <Library/BaseMemoryLib.h>
32 #include <Library/PeiServicesLib.h>
33 #include <Library/PeimEntryPoint.h>
34 #include <Library/Tpm2CommandLib.h>
35 #include <Library/Tpm2DeviceLib.h>
36 #include <Library/HashLib.h>
37 #include <Library/HobLib.h>
38 #include <Library/PcdLib.h>
39 #include <Library/PeiServicesTablePointerLib.h>
40 #include <Protocol/TrEEProtocol.h>
41 #include <Library/PerformanceLib.h>
42 #include <Library/MemoryAllocationLib.h>
43 #include <Library/ReportStatusCodeLib.h>
45 #define PERF_ID_TREE_PEI 0x3080
49 TREE_EVENT_LOG_FORMAT LogFormat
;
50 } TREE_EVENT_INFO_STRUCT
;
52 TREE_EVENT_INFO_STRUCT mTreeEventInfo
[] = {
53 {&gTcgEventEntryHobGuid
, TREE_EVENT_LOG_FORMAT_TCG_1_2
},
56 BOOLEAN mImageInMemory
= FALSE
;
57 EFI_PEI_FILE_HANDLE mFileHandle
;
59 EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList
= {
60 EFI_PEI_PPI_DESCRIPTOR_PPI
| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST
,
61 &gPeiTpmInitializedPpiGuid
,
65 EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList
= {
66 EFI_PEI_PPI_DESCRIPTOR_PPI
| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST
,
67 &gPeiTpmInitializationDonePpiGuid
,
71 EFI_PLATFORM_FIRMWARE_BLOB
*mMeasuredBaseFvInfo
;
72 UINT32 mMeasuredBaseFvIndex
= 0;
74 EFI_PLATFORM_FIRMWARE_BLOB
*mMeasuredChildFvInfo
;
75 UINT32 mMeasuredChildFvIndex
= 0;
78 Measure and record the Firmware Volum Information once FvInfoPPI install.
80 @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
81 @param[in] NotifyDescriptor Address of the notification descriptor data structure.
82 @param[in] Ppi Address of the PPI that was installed.
84 @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.
85 @return Others Fail to measure FV.
90 FirmwareVolmeInfoPpiNotifyCallback (
91 IN EFI_PEI_SERVICES
**PeiServices
,
92 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
97 Record all measured Firmware Volum Information into a Guid Hob
99 @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
100 @param[in] NotifyDescriptor Address of the notification descriptor data structure.
101 @param[in] Ppi Address of the PPI that was installed.
103 @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.
104 @return Others Fail to measure FV.
109 EndofPeiSignalNotifyCallBack (
110 IN EFI_PEI_SERVICES
**PeiServices
,
111 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
115 EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList
[] = {
117 EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK
,
118 &gEfiPeiFirmwareVolumeInfoPpiGuid
,
119 FirmwareVolmeInfoPpiNotifyCallback
122 EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK
,
123 &gEfiPeiFirmwareVolumeInfo2PpiGuid
,
124 FirmwareVolmeInfoPpiNotifyCallback
127 (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK
| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST
),
128 &gEfiEndOfPeiSignalPpiGuid
,
129 EndofPeiSignalNotifyCallBack
133 EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI
*mMeasurementExcludedFvPpi
;
136 This function get digest from digest list.
138 @param HashAlg digest algorithm
139 @param DigestList digest list
142 @retval EFI_SUCCESS Sha1Digest is found and returned.
143 @retval EFI_NOT_FOUND Sha1Digest is not found.
146 Tpm2GetDigestFromDigestList (
147 IN TPMI_ALG_HASH HashAlg
,
148 IN TPML_DIGEST_VALUES
*DigestList
,
155 DigestSize
= GetHashSizeFromAlgo (HashAlg
);
156 for (Index
= 0; Index
< DigestList
->count
; Index
++) {
157 if (DigestList
->digests
[Index
].hashAlg
== HashAlg
) {
160 &DigestList
->digests
[Index
].digest
,
167 return EFI_NOT_FOUND
;
171 Record all measured Firmware Volum Information into a Guid Hob
172 Guid Hob payload layout is
174 UINT32 *************************** FIRMWARE_BLOB number
175 EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array
177 @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
178 @param[in] NotifyDescriptor Address of the notification descriptor data structure.
179 @param[in] Ppi Address of the PPI that was installed.
181 @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.
182 @return Others Fail to measure FV.
187 EndofPeiSignalNotifyCallBack (
188 IN EFI_PEI_SERVICES
**PeiServices
,
189 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
193 MEASURED_HOB_DATA
*MeasuredHobData
;
195 MeasuredHobData
= NULL
;
198 // Create a Guid hob to save all measured Fv
200 MeasuredHobData
= BuildGuidHob(
202 sizeof(UINTN
) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB
) * (mMeasuredBaseFvIndex
+ mMeasuredChildFvIndex
)
205 if (MeasuredHobData
!= NULL
){
207 // Save measured FV info enty number
209 MeasuredHobData
->Num
= mMeasuredBaseFvIndex
+ mMeasuredChildFvIndex
;
212 // Save measured base Fv info
214 CopyMem (MeasuredHobData
->MeasuredFvBuf
, mMeasuredBaseFvInfo
, sizeof(EFI_PLATFORM_FIRMWARE_BLOB
) * (mMeasuredBaseFvIndex
));
217 // Save measured child Fv info
219 CopyMem (&MeasuredHobData
->MeasuredFvBuf
[mMeasuredBaseFvIndex
] , mMeasuredChildFvInfo
, sizeof(EFI_PLATFORM_FIRMWARE_BLOB
) * (mMeasuredChildFvIndex
));
226 Add a new entry to the Event Log.
228 @param[in] DigestList A list of digest.
229 @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
230 @param[in] NewEventData Pointer to the new event data.
232 @retval EFI_SUCCESS The new event log entry was added.
233 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
237 IN TPML_DIGEST_VALUES
*DigestList
,
238 IN OUT TCG_PCR_EVENT_HDR
*NewEventHdr
,
239 IN UINT8
*NewEventData
245 EFI_STATUS RetStatus
;
247 RetStatus
= EFI_SUCCESS
;
248 for (Index
= 0; Index
< sizeof(mTreeEventInfo
)/sizeof(mTreeEventInfo
[0]); Index
++) {
249 DEBUG ((EFI_D_INFO
, " LogFormat - 0x%08x\n", mTreeEventInfo
[Index
].LogFormat
));
250 switch (mTreeEventInfo
[Index
].LogFormat
) {
251 case TREE_EVENT_LOG_FORMAT_TCG_1_2
:
252 Status
= Tpm2GetDigestFromDigestList (TPM_ALG_SHA1
, DigestList
, &NewEventHdr
->Digest
);
253 if (!EFI_ERROR (Status
)) {
254 HobData
= BuildGuidHob (
255 &gTcgEventEntryHobGuid
,
256 sizeof (*NewEventHdr
) + NewEventHdr
->EventSize
258 if (HobData
== NULL
) {
259 RetStatus
= EFI_OUT_OF_RESOURCES
;
263 CopyMem (HobData
, NewEventHdr
, sizeof (*NewEventHdr
));
264 HobData
= (VOID
*) ((UINT8
*)HobData
+ sizeof (*NewEventHdr
));
265 CopyMem (HobData
, NewEventData
, NewEventHdr
->EventSize
);
275 Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
276 and build a GUIDed HOB recording the event which will be passed to the DXE phase and
277 added into the Event Log.
279 @param[in] Flags Bitmap providing additional information.
280 @param[in] HashData Physical address of the start of the data buffer
281 to be hashed, extended, and logged.
282 @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
283 @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
284 @param[in] NewEventData Pointer to the new event data.
286 @retval EFI_SUCCESS Operation completed successfully.
287 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
288 @retval EFI_DEVICE_ERROR The command was unsuccessful.
295 IN UINTN HashDataLen
,
296 IN TCG_PCR_EVENT_HDR
*NewEventHdr
,
297 IN UINT8
*NewEventData
301 TPML_DIGEST_VALUES DigestList
;
303 if (GetFirstGuidHob (&gTpmErrorHobGuid
) != NULL
) {
304 return EFI_DEVICE_ERROR
;
307 Status
= HashAndExtend (
308 NewEventHdr
->PCRIndex
,
313 if (!EFI_ERROR (Status
)) {
314 if ((Flags
& TREE_EXTEND_ONLY
) == 0) {
315 Status
= LogHashEvent (&DigestList
, NewEventHdr
, NewEventData
);
319 if (Status
== EFI_DEVICE_ERROR
) {
320 DEBUG ((EFI_D_ERROR
, "HashLogExtendEvent - %r. Disable TPM.\n", Status
));
321 BuildGuidHob (&gTpmErrorHobGuid
,0);
323 EFI_ERROR_CODE
| EFI_ERROR_MINOR
,
324 (PcdGet32 (PcdStatusCodeSubClassTpmDevice
) | EFI_P_EC_INTERFACE_ERROR
)
332 Measure CRTM version.
334 @retval EFI_SUCCESS Operation completed successfully.
335 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
336 @retval EFI_DEVICE_ERROR The command was unsuccessful.
344 TCG_PCR_EVENT_HDR TcgEventHdr
;
347 // Use FirmwareVersion string to represent CRTM version.
348 // OEMs should get real CRTM version string and measure it.
351 TcgEventHdr
.PCRIndex
= 0;
352 TcgEventHdr
.EventType
= EV_S_CRTM_VERSION
;
353 TcgEventHdr
.EventSize
= (UINT32
) StrSize((CHAR16
*)PcdGetPtr (PcdFirmwareVersionString
));
355 return HashLogExtendEvent (
357 (UINT8
*)PcdGetPtr (PcdFirmwareVersionString
),
358 TcgEventHdr
.EventSize
,
360 (UINT8
*)PcdGetPtr (PcdFirmwareVersionString
)
366 Add it into the measured FV list after the FV is measured successfully.
368 @param[in] FvBase Base address of FV image.
369 @param[in] FvLength Length of FV image.
371 @retval EFI_SUCCESS Fv image is measured successfully
372 or it has been already measured.
373 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
374 @retval EFI_DEVICE_ERROR The command was unsuccessful.
379 IN EFI_PHYSICAL_ADDRESS FvBase
,
385 EFI_PLATFORM_FIRMWARE_BLOB FvBlob
;
386 TCG_PCR_EVENT_HDR TcgEventHdr
;
389 // Check if it is in Excluded FV list
391 if (mMeasurementExcludedFvPpi
!= NULL
) {
392 for (Index
= 0; Index
< mMeasurementExcludedFvPpi
->Count
; Index
++) {
393 if (mMeasurementExcludedFvPpi
->Fv
[Index
].FvBase
== FvBase
) {
394 DEBUG ((DEBUG_INFO
, "The FV which is excluded by TrEEPei starts at: 0x%x\n", FvBase
));
395 DEBUG ((DEBUG_INFO
, "The FV which is excluded by TrEEPei has the size: 0x%x\n", FvLength
));
402 // Check whether FV is in the measured FV list.
404 for (Index
= 0; Index
< mMeasuredBaseFvIndex
; Index
++) {
405 if (mMeasuredBaseFvInfo
[Index
].BlobBase
== FvBase
) {
411 // Measure and record the FV to the TPM
413 FvBlob
.BlobBase
= FvBase
;
414 FvBlob
.BlobLength
= FvLength
;
416 DEBUG ((DEBUG_INFO
, "The FV which is measured by TrEEPei starts at: 0x%x\n", FvBlob
.BlobBase
));
417 DEBUG ((DEBUG_INFO
, "The FV which is measured by TrEEPei has the size: 0x%x\n", FvBlob
.BlobLength
));
419 TcgEventHdr
.PCRIndex
= 0;
420 TcgEventHdr
.EventType
= EV_EFI_PLATFORM_FIRMWARE_BLOB
;
421 TcgEventHdr
.EventSize
= sizeof (FvBlob
);
423 Status
= HashLogExtendEvent (
425 (UINT8
*) (UINTN
) FvBlob
.BlobBase
,
426 (UINTN
) FvBlob
.BlobLength
,
432 // Add new FV into the measured FV list.
434 ASSERT (mMeasuredBaseFvIndex
< FixedPcdGet32 (PcdPeiCoreMaxFvSupported
));
435 if (mMeasuredBaseFvIndex
< FixedPcdGet32 (PcdPeiCoreMaxFvSupported
)) {
436 mMeasuredBaseFvInfo
[mMeasuredBaseFvIndex
].BlobBase
= FvBase
;
437 mMeasuredBaseFvInfo
[mMeasuredBaseFvIndex
].BlobLength
= FvLength
;
438 mMeasuredBaseFvIndex
++;
447 @retval EFI_SUCCESS Operation completed successfully.
448 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
449 @retval EFI_DEVICE_ERROR The command was unsuccessful.
459 EFI_PEI_FV_HANDLE VolumeHandle
;
460 EFI_FV_INFO VolumeInfo
;
461 EFI_PEI_FIRMWARE_VOLUME_PPI
*FvPpi
;
463 PERF_START_EX (mFileHandle
, "EventRec", "TrEEPei", 0, PERF_ID_TREE_PEI
);
467 // Traverse all firmware volume instances of Static Core Root of Trust for Measurement
468 // (S-CRTM), this firmware volume measure policy can be modified/enhanced by special
469 // platform for special CRTM TPM measuring.
471 Status
= PeiServicesFfsFindNextVolume (FvInstances
, &VolumeHandle
);
472 if (EFI_ERROR (Status
)) {
477 // Measure and record the firmware volume that is dispatched by PeiCore
479 Status
= PeiServicesFfsGetVolumeInfo (VolumeHandle
, &VolumeInfo
);
480 ASSERT_EFI_ERROR (Status
);
482 // Locate the corresponding FV_PPI according to founded FV's format guid
484 Status
= PeiServicesLocatePpi (
485 &VolumeInfo
.FvFormat
,
490 if (!EFI_ERROR (Status
)) {
491 MeasureFvImage ((EFI_PHYSICAL_ADDRESS
) (UINTN
) VolumeInfo
.FvStart
, VolumeInfo
.FvSize
);
496 PERF_END_EX (mFileHandle
, "EventRec", "TrEEPei", 0, PERF_ID_TREE_PEI
+ 1);
502 Measure and record the Firmware Volum Information once FvInfoPPI install.
504 @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
505 @param[in] NotifyDescriptor Address of the notification descriptor data structure.
506 @param[in] Ppi Address of the PPI that was installed.
508 @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.
509 @return Others Fail to measure FV.
514 FirmwareVolmeInfoPpiNotifyCallback (
515 IN EFI_PEI_SERVICES
**PeiServices
,
516 IN EFI_PEI_NOTIFY_DESCRIPTOR
*NotifyDescriptor
,
520 EFI_PEI_FIRMWARE_VOLUME_INFO_PPI
*Fv
;
522 EFI_PEI_FIRMWARE_VOLUME_PPI
*FvPpi
;
525 Fv
= (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI
*) Ppi
;
528 // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi.
530 Status
= PeiServicesLocatePpi (
536 if (EFI_ERROR (Status
)) {
541 // This is an FV from an FFS file, and the parent FV must have already been measured,
542 // No need to measure twice, so just record the FV and return
544 if (Fv
->ParentFvName
!= NULL
|| Fv
->ParentFileName
!= NULL
) {
546 ASSERT (mMeasuredChildFvIndex
< FixedPcdGet32 (PcdPeiCoreMaxFvSupported
));
547 if (mMeasuredChildFvIndex
< FixedPcdGet32 (PcdPeiCoreMaxFvSupported
)) {
549 // Check whether FV is in the measured child FV list.
551 for (Index
= 0; Index
< mMeasuredChildFvIndex
; Index
++) {
552 if (mMeasuredChildFvInfo
[Index
].BlobBase
== (EFI_PHYSICAL_ADDRESS
) (UINTN
) Fv
->FvInfo
) {
556 mMeasuredChildFvInfo
[mMeasuredChildFvIndex
].BlobBase
= (EFI_PHYSICAL_ADDRESS
) (UINTN
) Fv
->FvInfo
;
557 mMeasuredChildFvInfo
[mMeasuredChildFvIndex
].BlobLength
= Fv
->FvInfoSize
;
558 mMeasuredChildFvIndex
++;
563 return MeasureFvImage ((EFI_PHYSICAL_ADDRESS
) (UINTN
) Fv
->FvInfo
, Fv
->FvInfoSize
);
567 Do measurement after memory is ready.
569 @param[in] PeiServices Describes the list of possible PEI Services.
571 @retval EFI_SUCCESS Operation completed successfully.
572 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
573 @retval EFI_DEVICE_ERROR The command was unsuccessful.
578 IN EFI_PEI_SERVICES
**PeiServices
583 Status
= PeiServicesLocatePpi (
584 &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid
,
587 (VOID
**)&mMeasurementExcludedFvPpi
589 // Do not check status, because it is optional
591 mMeasuredBaseFvInfo
= (EFI_PLATFORM_FIRMWARE_BLOB
*) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB
) * PcdGet32 (PcdPeiCoreMaxFvSupported
));
592 ASSERT (mMeasuredBaseFvInfo
!= NULL
);
593 mMeasuredChildFvInfo
= (EFI_PLATFORM_FIRMWARE_BLOB
*) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB
) * PcdGet32 (PcdPeiCoreMaxFvSupported
));
594 ASSERT (mMeasuredChildFvInfo
!= NULL
);
596 if (PcdGet8 (PcdTpm2ScrtmPolicy
) == 1) {
597 Status
= MeasureCRTMVersion ();
600 Status
= MeasureMainBios ();
604 // for the FvInfoPpi services to measure and record
605 // the additional Fvs to TPM
607 Status
= PeiServicesNotifyPpi (&mNotifyList
[0]);
608 ASSERT_EFI_ERROR (Status
);
614 Entry point of this module.
616 @param[in] FileHandle Handle of the file being invoked.
617 @param[in] PeiServices Describes the list of possible PEI Services.
625 IN EFI_PEI_FILE_HANDLE FileHandle
,
626 IN CONST EFI_PEI_SERVICES
**PeiServices
631 EFI_BOOT_MODE BootMode
;
633 if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid
), &gEfiTpmDeviceInstanceNoneGuid
) ||
634 CompareGuid (PcdGetPtr(PcdTpmInstanceGuid
), &gEfiTpmDeviceInstanceTpm12Guid
)){
635 DEBUG ((EFI_D_ERROR
, "No TPM2 instance required!\n"));
636 return EFI_UNSUPPORTED
;
639 if (GetFirstGuidHob (&gTpmErrorHobGuid
) != NULL
) {
640 DEBUG ((EFI_D_ERROR
, "TPM2 error!\n"));
641 return EFI_DEVICE_ERROR
;
644 Status
= PeiServicesGetBootMode (&BootMode
);
645 ASSERT_EFI_ERROR (Status
);
648 // In S3 path, skip shadow logic. no measurement is required
650 if (BootMode
!= BOOT_ON_S3_RESUME
) {
651 Status
= (**PeiServices
).RegisterForShadow(FileHandle
);
652 if (Status
== EFI_ALREADY_STARTED
) {
653 mImageInMemory
= TRUE
;
654 mFileHandle
= FileHandle
;
655 } else if (Status
== EFI_NOT_FOUND
) {
656 ASSERT_EFI_ERROR (Status
);
660 if (!mImageInMemory
) {
662 // Initialize TPM device
664 Status
= Tpm2RequestUseTpm ();
665 if (EFI_ERROR (Status
)) {
666 DEBUG ((DEBUG_ERROR
, "TPM2 not detected!\n"));
670 if (PcdGet8 (PcdTpm2InitializationPolicy
) == 1) {
671 if (BootMode
== BOOT_ON_S3_RESUME
) {
672 Status
= Tpm2Startup (TPM_SU_STATE
);
673 if (EFI_ERROR (Status
) ) {
674 Status
= Tpm2Startup (TPM_SU_CLEAR
);
677 Status
= Tpm2Startup (TPM_SU_CLEAR
);
679 if (EFI_ERROR (Status
) ) {
685 // TpmSelfTest is optional on S3 path, skip it to save S3 time
687 if (BootMode
!= BOOT_ON_S3_RESUME
) {
688 if (PcdGet8 (PcdTpm2SelfTestPolicy
) == 1) {
689 Status
= Tpm2SelfTest (NO
);
690 if (EFI_ERROR (Status
)) {
697 // Only intall TpmInitializedPpi on success
699 Status
= PeiServicesInstallPpi (&mTpmInitializedPpiList
);
700 ASSERT_EFI_ERROR (Status
);
703 if (mImageInMemory
) {
704 Status
= PeimEntryMP ((EFI_PEI_SERVICES
**)PeiServices
);
709 if (EFI_ERROR (Status
)) {
710 DEBUG ((EFI_D_ERROR
, "TPM2 error! Build Hob\n"));
711 BuildGuidHob (&gTpmErrorHobGuid
,0);
713 EFI_ERROR_CODE
| EFI_ERROR_MINOR
,
714 (PcdGet32 (PcdStatusCodeSubClassTpmDevice
) | EFI_P_EC_INTERFACE_ERROR
)
718 // Always intall TpmInitializationDonePpi no matter success or fail.
719 // Other driver can know TPM initialization state by TpmInitializedPpi.
721 Status2
= PeiServicesInstallPpi (&mTpmInitializationDonePpiList
);
722 ASSERT_EFI_ERROR (Status2
);