/** @file\r
This module implements Tcg2 Protocol.\r
\r
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>\r
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
}\r
}\r
\r
+/**\r
+\r
+ This function initialize TCG_PCR_EVENT2_HDR for EV_NO_ACTION Event Type other than EFI Specification ID event\r
+ The behavior is defined by TCG PC Client PFP Spec. Section 9.3.4 EV_NO_ACTION Event Types\r
+\r
+ @param[in, out] NoActionEvent Event Header of EV_NO_ACTION Event\r
+ @param[in] EventSize Event Size of the EV_NO_ACTION Event\r
+\r
+**/\r
+VOID\r
+InitNoActionEvent (\r
+ IN OUT TCG_PCR_EVENT2_HDR *NoActionEvent,\r
+ IN UINT32 EventSize\r
+ )\r
+{\r
+ UINT32 DigestListCount;\r
+ TPMI_ALG_HASH HashAlgId;\r
+ UINT8 *DigestBuffer;\r
+\r
+ DigestBuffer = (UINT8 *)NoActionEvent->Digests.digests;\r
+ DigestListCount = 0;\r
+\r
+ NoActionEvent->PCRIndex = 0;\r
+ NoActionEvent->EventType = EV_NO_ACTION;\r
+\r
+ //\r
+ // Set Hash count & hashAlg accordingly, while Digest.digests[n].digest to all 0\r
+ //\r
+ ZeroMem (&NoActionEvent->Digests, sizeof(NoActionEvent->Digests));\r
+\r
+ if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {\r
+ HashAlgId = TPM_ALG_SHA1;\r
+ CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH));\r
+ DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId);\r
+ DigestListCount++;\r
+ }\r
+\r
+ if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {\r
+ HashAlgId = TPM_ALG_SHA256;\r
+ CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH));\r
+ DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId);\r
+ DigestListCount++;\r
+ }\r
+\r
+ if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {\r
+ HashAlgId = TPM_ALG_SHA384;\r
+ CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH));\r
+ DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId);\r
+ DigestListCount++;\r
+ }\r
+\r
+ if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {\r
+ HashAlgId = TPM_ALG_SHA512;\r
+ CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH));\r
+ DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId);\r
+ DigestListCount++;\r
+ }\r
+\r
+ if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {\r
+ HashAlgId = TPM_ALG_SM3_256;\r
+ CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH));\r
+ DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId);\r
+ DigestListCount++;\r
+ }\r
+\r
+ //\r
+ // Set Digests Count\r
+ //\r
+ WriteUnaligned32 ((UINT32 *)&NoActionEvent->Digests.count, DigestListCount);\r
+\r
+ //\r
+ // Set Event Size\r
+ //\r
+ WriteUnaligned32((UINT32 *)DigestBuffer, EventSize);\r
+}\r
+\r
/**\r
\r
This function dump raw data with colume format.\r
//\r
(mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents ++;\r
DEBUG ((EFI_D_INFO, "FinalEventsTable->NumberOfEvents - 0x%x\n", (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents));\r
- DEBUG ((EFI_D_INFO, " Size - 0x%x\n", (UINTN)EventLogAreaStruct->LastEvent - (UINTN)mTcgDxeData.FinalEventsTable[Index]));\r
+ DEBUG ((EFI_D_INFO, " Size - 0x%x\n", (UINTN)EventLogAreaStruct->EventLogSize));\r
}\r
}\r
\r
UINT32 HashAlgorithmMaskCopied;\r
TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct;\r
UINT8 TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)];\r
- TCG_PCR_EVENT_HDR FirstPcrEvent;\r
+ TCG_PCR_EVENT_HDR SpecIdEvent;\r
+ TCG_PCR_EVENT2_HDR NoActionEvent;\r
TCG_EfiSpecIdEventAlgorithmSize *DigestSize;\r
TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize;\r
UINT8 *VendorInfoSize;\r
UINT32 NumberOfAlgorithms;\r
+ TCG_EfiStartupLocalityEvent StartupLocalityEvent;\r
\r
DEBUG ((EFI_D_INFO, "SetupEventLog\n"));\r
\r
for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {\r
if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {\r
mTcgDxeData.EventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat;\r
- Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);\r
Status = gBS->AllocatePages (\r
- AllocateMaxAddress,\r
+ AllocateAnyPages,\r
EfiBootServicesData,\r
EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)),\r
&Lasa\r
VendorInfoSize = (UINT8 *)TempDigestSize;\r
*VendorInfoSize = 0;\r
\r
- //\r
- // FirstPcrEvent\r
- //\r
- FirstPcrEvent.PCRIndex = 0;\r
- FirstPcrEvent.EventType = EV_NO_ACTION;\r
- ZeroMem (&FirstPcrEvent.Digest, sizeof(FirstPcrEvent.Digest));\r
- FirstPcrEvent.EventSize = (UINT32)GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct);\r
+ SpecIdEvent.PCRIndex = 0;\r
+ SpecIdEvent.EventType = EV_NO_ACTION;\r
+ ZeroMem (&SpecIdEvent.Digest, sizeof(SpecIdEvent.Digest));\r
+ SpecIdEvent.EventSize = (UINT32)GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct);\r
\r
//\r
- // Record\r
+ // Log TcgEfiSpecIdEventStruct as the first Event. Event format is TCG_PCR_EVENT.\r
+ // TCG EFI Protocol Spec. Section 5.3 Event Log Header\r
+ // TCG PC Client PFP spec. Section 9.2 Measurement Event Entries and Log\r
//\r
Status = TcgDxeLogEvent (\r
mTcg2EventInfo[Index].LogFormat,\r
- &FirstPcrEvent,\r
- sizeof(FirstPcrEvent),\r
+ &SpecIdEvent,\r
+ sizeof(SpecIdEvent),\r
(UINT8 *)TcgEfiSpecIdEventStruct,\r
- FirstPcrEvent.EventSize\r
+ SpecIdEvent.EventSize\r
);\r
+\r
+ //\r
+ // EfiStartupLocalityEvent. Event format is TCG_PCR_EVENT2\r
+ //\r
+ GuidHob.Guid = GetFirstGuidHob (&gTpm2StartupLocalityHobGuid);\r
+ if (GuidHob.Guid != NULL) {\r
+ //\r
+ // Get Locality Indicator from StartupLocality HOB\r
+ //\r
+ StartupLocalityEvent.StartupLocality = *(UINT8 *)(GET_GUID_HOB_DATA (GuidHob.Guid));\r
+ CopyMem (StartupLocalityEvent.Signature, TCG_EfiStartupLocalityEvent_SIGNATURE, sizeof(StartupLocalityEvent.Signature));\r
+ DEBUG ((DEBUG_INFO, "SetupEventLog: Set Locality from HOB into StartupLocalityEvent 0x%02x\n", StartupLocalityEvent.StartupLocality));\r
+\r
+ //\r
+ // Initialize StartupLocalityEvent\r
+ //\r
+ InitNoActionEvent(&NoActionEvent, sizeof(StartupLocalityEvent));\r
+\r
+ //\r
+ // Log EfiStartupLocalityEvent as the second Event\r
+ // TCG PC Client PFP spec. Section 9.3.4.3 Startup Locality Event\r
+ //\r
+ Status = TcgDxeLogEvent (\r
+ mTcg2EventInfo[Index].LogFormat,\r
+ &NoActionEvent,\r
+ sizeof(NoActionEvent.PCRIndex) + sizeof(NoActionEvent.EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof(NoActionEvent.EventSize),\r
+ (UINT8 *)&StartupLocalityEvent,\r
+ sizeof(StartupLocalityEvent)\r
+ );\r
+\r
+ }\r
}\r
}\r
}\r
for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {\r
if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {\r
if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) {\r
- Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);\r
Status = gBS->AllocatePages (\r
- AllocateMaxAddress,\r
+ AllocateAnyPages,\r
EfiACPIMemoryNVS,\r
EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcg2FinalLogAreaLen)),\r
&Lasa\r
}\r
\r
/**\r
- Measure and log an action string, and extend the measurement result into PCR[5].\r
+ Measure and log an action string, and extend the measurement result into PCR[PCRIndex].\r
\r
+ @param[in] PCRIndex PCRIndex to extend\r
@param[in] String A specific string that indicates an Action event. \r
\r
@retval EFI_SUCCESS Operation completed successfully.\r
**/\r
EFI_STATUS\r
TcgMeasureAction (\r
- IN CHAR8 *String\r
+ IN TPM_PCRINDEX PCRIndex,\r
+ IN CHAR8 *String\r
)\r
{\r
TCG_PCR_EVENT_HDR TcgEvent;\r
\r
- TcgEvent.PCRIndex = 5;\r
+ TcgEvent.PCRIndex = PCRIndex;\r
TcgEvent.EventType = EV_EFI_ACTION;\r
TcgEvent.EventSize = (UINT32)AsciiStrLen (String);\r
return TcgDxeHashLogExtendEvent (\r
EFI_STATUS Status;\r
TCG_PCR_EVENT_HDR TcgEvent;\r
UINTN VarNameLength;\r
- EFI_VARIABLE_DATA_TREE *VarLog;\r
+ UEFI_VARIABLE_DATA *VarLog;\r
\r
DEBUG ((EFI_D_INFO, "Tcg2Dxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)PCRIndex, (UINTN)EventType));\r
DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));\r
TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize\r
- sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));\r
\r
- VarLog = (EFI_VARIABLE_DATA_TREE *)AllocatePool (TcgEvent.EventSize);\r
+ VarLog = (UEFI_VARIABLE_DATA *)AllocatePool (TcgEvent.EventSize);\r
if (VarLog == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) {\r
//\r
- // Digest is the event data (EFI_VARIABLE_DATA)\r
+ // Digest is the event data (UEFI_VARIABLE_DATA)\r
//\r
Status = TcgDxeHashLogExtendEvent (\r
0,\r
(UINT8*)VarLog\r
);\r
} else {\r
+ ASSERT (VarData != NULL);\r
Status = TcgDxeHashLogExtendEvent (\r
0,\r
(UINT8*)VarData,\r
}\r
\r
/**\r
- Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[5].\r
+ Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[1].\r
+according to TCG PC Client PFP spec 0021 Section 2.4.4.2\r
\r
@param[in] VarName A Null-terminated string that is the name of the vendor's variable.\r
@param[in] VendorGuid A unique identifier for the vendor.\r
)\r
{\r
return ReadAndMeasureVariable (\r
- 5,\r
+ 1,\r
EV_EFI_VARIABLE_BOOT,\r
VarName,\r
VendorGuid,\r
}\r
}\r
\r
+ //\r
+ // Measure DBT if present and not empty\r
+ //\r
+ Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize);\r
+ if (!EFI_ERROR(Status)) {\r
+ Status = MeasureVariable (\r
+ 7,\r
+ EV_EFI_VARIABLE_DRIVER_CONFIG,\r
+ EFI_IMAGE_SECURITY_DATABASE2,\r
+ &gEfiImageSecurityDatabaseGuid,\r
+ Data,\r
+ DataSize\r
+ );\r
+ FreePool(Data);\r
+ } else {\r
+ DEBUG((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2));\r
+ }\r
+\r
return EFI_SUCCESS;\r
}\r
\r
// 1. This is the first boot attempt.\r
//\r
Status = TcgMeasureAction (\r
+ 4,\r
EFI_CALLING_EFI_APPLICATION\r
);\r
if (EFI_ERROR (Status)) {\r
// 6. Not first attempt, meaning a return from last attempt\r
//\r
Status = TcgMeasureAction (\r
+ 4,\r
EFI_RETURNING_FROM_EFI_APPLICATOIN\r
);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATOIN));\r
}\r
+\r
+ //\r
+ // 7. Next boot attempt, measure "Calling EFI Application from Boot Option" again\r
+ // TCG PC Client PFP spec Section 2.4.4.5 Step 4\r
+ //\r
+ Status = TcgMeasureAction (\r
+ 4,\r
+ EFI_CALLING_EFI_APPLICATION\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION));\r
+ }\r
}\r
\r
DEBUG ((EFI_D_INFO, "TPM2 Tcg2Dxe Measure Data when ReadyToBoot\n"));\r
// Measure invocation of ExitBootServices,\r
//\r
Status = TcgMeasureAction (\r
+ 5,\r
EFI_EXIT_BOOT_SERVICES_INVOCATION\r
);\r
if (EFI_ERROR (Status)) {\r
// Measure success of ExitBootServices\r
//\r
Status = TcgMeasureAction (\r
+ 5,\r
EFI_EXIT_BOOT_SERVICES_SUCCEEDED\r
);\r
if (EFI_ERROR (Status)) {\r
// Measure Failure of ExitBootServices,\r
//\r
Status = TcgMeasureAction (\r
+ 5,\r
EFI_EXIT_BOOT_SERVICES_FAILED\r
);\r
if (EFI_ERROR (Status)) {\r