/** @file\r
- The library instance provides security service of TPM measure boot. \r
+ The library instance provides security service of TPM measure boot.\r
\r
Caution: This file requires additional review when modified.\r
This library will have external input - PE/COFF image and GPT partition.\r
TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse\r
partition data carefully.\r
\r
-Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
+Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
@param FileHandle Pointer to the file handle to read the PE/COFF image.\r
@param FileOffset Offset into the PE/COFF image to begin the read operation.\r
- @param ReadSize On input, the size in bytes of the requested read operation. \r
+ @param ReadSize On input, the size in bytes of the requested read operation.\r
On output, the number of bytes actually read.\r
@param Buffer Output buffer that contains the data read from the PE/COFF image.\r
- \r
- @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size \r
+\r
+ @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size\r
**/\r
EFI_STATUS\r
EFIAPI\r
}\r
//\r
// Read the EFI Partition Table Header\r
- // \r
+ //\r
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);\r
if (PrimaryHeader == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
- } \r
+ }\r
Status = DiskIo->ReadDisk (\r
DiskIo,\r
BlockIo->Media->MediaId,\r
DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n"));\r
FreePool (PrimaryHeader);\r
return EFI_DEVICE_ERROR;\r
- } \r
+ }\r
//\r
// Read the partition entry.\r
//\r
FreePool (EntryPtr);\r
return EFI_DEVICE_ERROR;\r
}\r
- \r
+\r
//\r
// Count the valid partition\r
//\r
NumberOfPartition = 0;\r
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {\r
- NumberOfPartition++; \r
+ NumberOfPartition++;\r
}\r
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);\r
}\r
\r
//\r
// Prepare Data for Measurement\r
- // \r
- EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) \r
+ //\r
+ EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)\r
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);\r
TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));\r
if (TcgEvent == NULL) {\r
TcgEvent->PCRIndex = 5;\r
TcgEvent->EventType = EV_EFI_GPT_EVENT;\r
TcgEvent->EventSize = EventSize;\r
- GptData = (EFI_GPT_DATA *) TcgEvent->Event; \r
+ GptData = (EFI_GPT_DATA *) TcgEvent->Event;\r
\r
//\r
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition\r
- // \r
+ //\r
CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));\r
GptData->NumberOfPartitions = NumberOfPartition;\r
//\r
PE/COFF image is external input, so this function will validate its data structure\r
within this image buffer before use.\r
\r
- Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in \r
+ Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in\r
its caller function DxeTpmMeasureBootHandler().\r
\r
@param[in] TcgProtocol Pointer to the located TCG protocol instance.\r
\r
@retval EFI_SUCCESS Successfully measure image.\r
@retval EFI_OUT_OF_RESOURCES No enough resource to measure image.\r
- @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format. \r
+ @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.\r
@retval other error value\r
\r
**/\r
//\r
if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
- // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value \r
- // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the \r
+ // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value\r
+ // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the\r
// Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC\r
// then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC\r
//\r
//\r
Magic = Hdr.Pe32->OptionalHeader.Magic;\r
}\r
- \r
+\r
//\r
// 3. Calculate the distance from the base of the image header to the image checksum address.\r
// 4. Hash the image header from its base to beginning of the image checksum.\r
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
if (!HashStatus) {\r
goto Finish;\r
- } \r
+ }\r
\r
//\r
// 5. Skip over the image checksum (it occupies a single ULONG).\r
if (!HashStatus) {\r
goto Finish;\r
}\r
- } \r
+ }\r
} else {\r
//\r
// 7. Hash everything from the end of the checksum to the start of the Cert Directory.\r
} else {\r
//\r
// Use PE32+ offset\r
- // \r
+ //\r
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);\r
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;\r
}\r
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
}\r
- \r
+\r
if (HashSize != 0) {\r
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
if (!HashStatus) {\r
}\r
\r
/**\r
- The security handler is used to abstract platform-specific policy \r
- from the DXE core response to an attempt to use a file that returns a \r
- given status for the authentication check from the section extraction protocol. \r
+ The security handler is used to abstract platform-specific policy\r
+ from the DXE core response to an attempt to use a file that returns a\r
+ given status for the authentication check from the section extraction protocol.\r
\r
- The possible responses in a given SAP implementation may include locking \r
- flash upon failure to authenticate, attestation logging for all signed drivers, \r
- and other exception operations. The File parameter allows for possible logging \r
+ The possible responses in a given SAP implementation may include locking\r
+ flash upon failure to authenticate, attestation logging for all signed drivers,\r
+ and other exception operations. The File parameter allows for possible logging\r
within the SAP of the driver.\r
\r
If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
+ If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
- AuthenticationStatus is not safe for the DXE Core to use under any circumstances, \r
+ If the file specified by File with an authentication status specified by\r
+ AuthenticationStatus is not safe for the DXE Core to use under any circumstances,\r
then EFI_ACCESS_DENIED is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
- AuthenticationStatus is not safe for the DXE Core to use right now, but it \r
- might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is \r
+ If the file specified by File with an authentication status specified by\r
+ AuthenticationStatus is not safe for the DXE Core to use right now, but it\r
+ might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
returned.\r
\r
@param[in] AuthenticationStatus This is the authentication status returned\r
\r
ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);\r
Status = TcgProtocol->StatusCheck (\r
- TcgProtocol, \r
+ TcgProtocol,\r
&ProtocolCapability,\r
&TCGFeatureFlags,\r
&EventLogLocation,\r
// Copy File Device Path\r
//\r
OrigDevicePathNode = DuplicateDevicePath (File);\r
- \r
+\r
//\r
// 1. Check whether this device path support BlockIo protocol.\r
// Is so, this device path may be a GPT device path.\r
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {\r
//\r
// Check whether it is a gpt partition or not\r
- // \r
- if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && \r
+ //\r
+ if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&\r
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {\r
\r
//\r
DevicePathNode = NextDevicePathNode (DevicePathNode);\r
}\r
}\r
- \r
+\r
//\r
// 2. Measure PE image.\r
//\r
TempHandle = Handle;\r
do {\r
Status = gBS->HandleProtocol(\r
- TempHandle, \r
+ TempHandle,\r
&gEfiFirmwareVolumeBlockProtocolGuid,\r
(VOID**)&FvbProtocol\r
);\r
//\r
goto Finish;\r
}\r
- \r
+\r
//\r
// Measure only application if Application flag is set\r
// Measure drivers and applications if Application flag is not set\r
//\r
- if ((!ApplicationRequired) || \r
- (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { \r
+ if ((!ApplicationRequired) ||\r
+ (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {\r
//\r
// Print the image path to be measured.\r
- // \r
+ //\r
DEBUG_CODE_BEGIN ();\r
CHAR16 *ToText;\r
ToText = ConvertDevicePathToText (\r
//\r
Status = TcgMeasurePeImage (\r
TcgProtocol,\r
- (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, \r
- FileSize, \r
- (UINTN) ImageContext.ImageAddress, \r
- ImageContext.ImageType, \r
+ (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,\r
+ FileSize,\r
+ (UINTN) ImageContext.ImageAddress,\r
+ ImageContext.ImageType,\r
DevicePathNode\r
);\r
}\r