/** @file\r
This module implements Tcg2 Protocol.\r
\r
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR>\r
(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
{EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid},\r
{EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid},\r
{EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid},\r
+ {EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid},\r
};\r
\r
EFI_HANDLE mImageHandle;\r
//\r
(mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents ++;\r
DEBUG ((EFI_D_INFO, "FinalEventsTable->NumberOfEvents - 0x%x\n", (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents));\r
- DEBUG ((EFI_D_INFO, " Size - 0x%x\n", (UINTN)EventLogAreaStruct->LastEvent - (UINTN)mTcgDxeData.FinalEventsTable[Index]));\r
+ DEBUG ((EFI_D_INFO, " Size - 0x%x\n", (UINTN)EventLogAreaStruct->EventLogSize));\r
}\r
}\r
\r
return TotalSize;\r
}\r
\r
+/**\r
+ Copy TPML_DIGEST_VALUES compact binary into a buffer\r
+\r
+ @param[in,out] Buffer Buffer to hold copied TPML_DIGEST_VALUES compact binary.\r
+ @param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer.\r
+ @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.\r
+ @param[out] HashAlgorithmMaskCopied Pointer to HASH bits corresponding to the digests copied.\r
+\r
+ @return The end of buffer to hold TPML_DIGEST_VALUES compact binary.\r
+**/\r
+VOID *\r
+CopyDigestListBinToBuffer (\r
+ IN OUT VOID *Buffer,\r
+ IN VOID *DigestListBin,\r
+ IN UINT32 HashAlgorithmMask,\r
+ OUT UINT32 *HashAlgorithmMaskCopied\r
+ )\r
+{\r
+ UINTN Index;\r
+ UINT16 DigestSize;\r
+ UINT32 Count;\r
+ TPMI_ALG_HASH HashAlg;\r
+ UINT32 DigestListCount;\r
+ UINT32 *DigestListCountPtr;\r
+\r
+ DigestListCountPtr = (UINT32 *) Buffer;\r
+ DigestListCount = 0;\r
+ (*HashAlgorithmMaskCopied) = 0;\r
+\r
+ Count = ReadUnaligned32 (DigestListBin);\r
+ Buffer = (UINT8 *)Buffer + sizeof(Count);\r
+ DigestListBin = (UINT8 *)DigestListBin + sizeof(Count);\r
+ for (Index = 0; Index < Count; Index++) {\r
+ HashAlg = ReadUnaligned16 (DigestListBin);\r
+ DigestListBin = (UINT8 *)DigestListBin + sizeof(HashAlg);\r
+ DigestSize = GetHashSizeFromAlgo (HashAlg);\r
+\r
+ if (IsHashAlgSupportedInHashAlgorithmMask(HashAlg, HashAlgorithmMask)) {\r
+ CopyMem (Buffer, &HashAlg, sizeof(HashAlg));\r
+ Buffer = (UINT8 *)Buffer + sizeof(HashAlg);\r
+ CopyMem (Buffer, DigestListBin, DigestSize);\r
+ Buffer = (UINT8 *)Buffer + DigestSize;\r
+ DigestListCount++;\r
+ (*HashAlgorithmMaskCopied) |= GetHashMaskFromAlgo (HashAlg);\r
+ } else {\r
+ DEBUG ((DEBUG_ERROR, "WARNING: CopyDigestListBinToBuffer Event log has HashAlg unsupported by PCR bank (0x%x)\n", HashAlg));\r
+ }\r
+ DigestListBin = (UINT8 *)DigestListBin + DigestSize;\r
+ }\r
+ WriteUnaligned32 (DigestListCountPtr, DigestListCount);\r
+\r
+ return Buffer;\r
+}\r
+\r
/**\r
Add a new entry to the Event Log.\r
\r
EFI_STATUS RetStatus;\r
TCG_PCR_EVENT2 TcgPcrEvent2;\r
UINT8 *DigestBuffer;\r
+ UINT32 *EventSizePtr;\r
\r
DEBUG ((EFI_D_INFO, "SupportedEventLogs - 0x%08x\n", mTcgDxeData.BsCap.SupportedEventLogs));\r
\r
TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex;\r
TcgPcrEvent2.EventType = NewEventHdr->EventType;\r
DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest;\r
- DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks);\r
- CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize));\r
- DigestBuffer = DigestBuffer + sizeof(NewEventHdr->EventSize);\r
+ EventSizePtr = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks);\r
+ CopyMem (EventSizePtr, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize));\r
\r
//\r
// Enter critical region\r
Status = TcgDxeLogEvent (\r
mTcg2EventInfo[Index].LogFormat,\r
&TcgPcrEvent2,\r
- sizeof(TcgPcrEvent2.PCRIndex) + sizeof(TcgPcrEvent2.EventType) + GetDigestListSize (DigestList) + sizeof(TcgPcrEvent2.EventSize),\r
+ sizeof(TcgPcrEvent2.PCRIndex) + sizeof(TcgPcrEvent2.EventType) + GetDigestListBinSize (DigestBuffer) + sizeof(TcgPcrEvent2.EventSize),\r
NewEventData,\r
NewEventHdr->EventSize\r
);\r
EFI_PEI_HOB_POINTERS GuidHob;\r
EFI_PHYSICAL_ADDRESS Lasa;\r
UINTN Index;\r
+ VOID *DigestListBin;\r
+ TPML_DIGEST_VALUES TempDigestListBin;\r
UINT32 DigestListBinSize;\r
+ UINT8 *Event;\r
UINT32 EventSize;\r
+ UINT32 *EventSizePtr;\r
+ UINT32 HashAlgorithmMaskCopied;\r
TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct;\r
UINT8 TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)];\r
- TCG_PCR_EVENT_HDR FirstPcrEvent;\r
+ TCG_PCR_EVENT_HDR NoActionEvent;\r
TCG_EfiSpecIdEventAlgorithmSize *DigestSize;\r
TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize;\r
UINT8 *VendorInfoSize;\r
UINT32 NumberOfAlgorithms;\r
+ TCG_EfiStartupLocalityEvent StartupLocalityEvent;\r
\r
DEBUG ((EFI_D_INFO, "SetupEventLog\n"));\r
\r
for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {\r
if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {\r
mTcgDxeData.EventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat;\r
- Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);\r
Status = gBS->AllocatePages (\r
- AllocateMaxAddress,\r
+ AllocateAnyPages,\r
EfiBootServicesData,\r
EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)),\r
&Lasa\r
VendorInfoSize = (UINT8 *)TempDigestSize;\r
*VendorInfoSize = 0;\r
\r
- //\r
- // FirstPcrEvent\r
- //\r
- FirstPcrEvent.PCRIndex = 0;\r
- FirstPcrEvent.EventType = EV_NO_ACTION;\r
- ZeroMem (&FirstPcrEvent.Digest, sizeof(FirstPcrEvent.Digest));\r
- FirstPcrEvent.EventSize = (UINT32)GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct);\r
+ NoActionEvent.PCRIndex = 0;\r
+ NoActionEvent.EventType = EV_NO_ACTION;\r
+ ZeroMem (&NoActionEvent.Digest, sizeof(NoActionEvent.Digest));\r
+ NoActionEvent.EventSize = (UINT32)GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct);\r
\r
//\r
- // Record\r
+ // Log TcgEfiSpecIdEventStruct as the first Event\r
+ // TCG PC Client PFP spec. Section 9.2 Measurement Event Entries and Log\r
//\r
Status = TcgDxeLogEvent (\r
mTcg2EventInfo[Index].LogFormat,\r
- &FirstPcrEvent,\r
- sizeof(FirstPcrEvent),\r
+ &NoActionEvent,\r
+ sizeof(NoActionEvent),\r
(UINT8 *)TcgEfiSpecIdEventStruct,\r
- FirstPcrEvent.EventSize\r
+ NoActionEvent.EventSize\r
);\r
+\r
+ //\r
+ // EfiStartupLocalityEvent\r
+ //\r
+ GuidHob.Guid = GetFirstGuidHob (&gTpm2StartupLocalityHobGuid);\r
+ if (GuidHob.Guid != NULL) {\r
+ //\r
+ // Get Locality Indicator from StartupLocality HOB\r
+ //\r
+ StartupLocalityEvent.StartupLocality = *(UINT8 *)(GET_GUID_HOB_DATA (GuidHob.Guid));\r
+ CopyMem (StartupLocalityEvent.Signature, TCG_EfiStartupLocalityEvent_SIGNATURE, sizeof(StartupLocalityEvent.Signature));\r
+\r
+ NoActionEvent.PCRIndex = 0;\r
+ NoActionEvent.EventType = EV_NO_ACTION;\r
+ ZeroMem (&NoActionEvent.Digest, sizeof(NoActionEvent.Digest));\r
+ NoActionEvent.EventSize = sizeof(StartupLocalityEvent);\r
+\r
+ DEBUG ((DEBUG_INFO, "SetupEventLog: Set Locality from HOB into StartupLocalityEvent 0x%02x\n", StartupLocalityEvent.StartupLocality));\r
+\r
+ //\r
+ // Log EfiStartupLocalityEvent as the second Event\r
+ // TCG PC Client PFP spec. Section 9.3.4.3 Startup Locality Event\r
+ //\r
+ Status = TcgDxeLogEvent (\r
+ mTcg2EventInfo[Index].LogFormat,\r
+ &NoActionEvent,\r
+ sizeof(NoActionEvent),\r
+ (UINT8 *)&StartupLocalityEvent,\r
+ NoActionEvent.EventSize\r
+ );\r
+ }\r
}\r
}\r
}\r
for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {\r
if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {\r
if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) {\r
- Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);\r
Status = gBS->AllocatePages (\r
- AllocateMaxAddress,\r
+ AllocateAnyPages,\r
EfiACPIMemoryNVS,\r
EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcg2FinalLogAreaLen)),\r
&Lasa\r
Status = EFI_SUCCESS;\r
while (!EFI_ERROR (Status) && \r
(GuidHob.Raw = GetNextGuidHob (mTcg2EventInfo[Index].EventGuid, GuidHob.Raw)) != NULL) {\r
- TcgEvent = GET_GUID_HOB_DATA (GuidHob.Guid);\r
+ TcgEvent = AllocateCopyPool (GET_GUID_HOB_DATA_SIZE (GuidHob.Guid), GET_GUID_HOB_DATA (GuidHob.Guid));\r
+ ASSERT (TcgEvent != NULL);\r
GuidHob.Raw = GET_NEXT_HOB (GuidHob);\r
switch (mTcg2EventInfo[Index].LogFormat) {\r
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:\r
);\r
break;\r
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2:\r
- DigestListBinSize = GetDigestListBinSize ((UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE));\r
- CopyMem (&EventSize, (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize, sizeof(UINT32));\r
+ DigestListBin = (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE);\r
+ DigestListBinSize = GetDigestListBinSize (DigestListBin);\r
+ //\r
+ // Save event size.\r
+ //\r
+ CopyMem (&EventSize, (UINT8 *)DigestListBin + DigestListBinSize, sizeof(UINT32));\r
+ Event = (UINT8 *)DigestListBin + DigestListBinSize + sizeof(UINT32);\r
+ //\r
+ // Filter inactive digest in the event2 log from PEI HOB.\r
+ //\r
+ CopyMem (&TempDigestListBin, DigestListBin, GetDigestListBinSize (DigestListBin));\r
+ EventSizePtr = CopyDigestListBinToBuffer (\r
+ DigestListBin,\r
+ &TempDigestListBin,\r
+ mTcgDxeData.BsCap.ActivePcrBanks,\r
+ &HashAlgorithmMaskCopied\r
+ );\r
+ if (HashAlgorithmMaskCopied != mTcgDxeData.BsCap.ActivePcrBanks) {\r
+ DEBUG ((\r
+ DEBUG_ERROR,\r
+ "ERROR: The event2 log includes digest hash mask 0x%x, but required digest hash mask is 0x%x\n",\r
+ HashAlgorithmMaskCopied,\r
+ mTcgDxeData.BsCap.ActivePcrBanks\r
+ ));\r
+ }\r
+ //\r
+ // Restore event size.\r
+ //\r
+ CopyMem (EventSizePtr, &EventSize, sizeof(UINT32));\r
+ DigestListBinSize = GetDigestListBinSize (DigestListBin);\r
+\r
Status = TcgDxeLogEvent (\r
mTcg2EventInfo[Index].LogFormat,\r
TcgEvent,\r
sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32),\r
- (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32),\r
+ Event,\r
EventSize\r
);\r
break;\r
}\r
+ FreePool (TcgEvent);\r
}\r
}\r
}\r
EFI_STATUS Status;\r
TCG_PCR_EVENT_HDR TcgEvent;\r
UINTN VarNameLength;\r
- EFI_VARIABLE_DATA_TREE *VarLog;\r
+ UEFI_VARIABLE_DATA *VarLog;\r
\r
DEBUG ((EFI_D_INFO, "Tcg2Dxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)PCRIndex, (UINTN)EventType));\r
DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));\r
TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize\r
- sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));\r
\r
- VarLog = (EFI_VARIABLE_DATA_TREE *)AllocatePool (TcgEvent.EventSize);\r
+ VarLog = (UEFI_VARIABLE_DATA *)AllocatePool (TcgEvent.EventSize);\r
if (VarLog == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) {\r
//\r
- // Digest is the event data (EFI_VARIABLE_DATA)\r
+ // Digest is the event data (UEFI_VARIABLE_DATA)\r
//\r
Status = TcgDxeHashLogExtendEvent (\r
0,\r
(UINT8*)VarLog\r
);\r
} else {\r
+ ASSERT (VarData != NULL);\r
Status = TcgDxeHashLogExtendEvent (\r
0,\r
(UINT8*)VarData,\r
for (PcrIndex = 0; PcrIndex < 7; PcrIndex++) {\r
Status = MeasureSeparatorEvent (PcrIndex);\r
if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "Seperator Event not Measured. Error!\n"));\r
+ DEBUG ((DEBUG_ERROR, "Separator Event not Measured. Error!\n"));\r
}\r
}\r
\r
VOID *Registration;\r
UINT32 MaxCommandSize;\r
UINT32 MaxResponseSize;\r
- TPML_PCR_SELECTION Pcrs;\r
UINTN Index;\r
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;\r
UINT32 ActivePCRBanks;\r
//\r
// Get supported PCR and current Active PCRs\r
//\r
- Status = Tpm2GetCapabilityPcrs (&Pcrs);\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));\r
- TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
- ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
- } else {\r
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));\r
- TpmHashAlgorithmBitmap = 0;\r
- ActivePCRBanks = 0;\r
- for (Index = 0; Index < Pcrs.count; Index++) {\r
- DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash));\r
- switch (Pcrs.pcrSelections[Index].hash) {\r
- case TPM_ALG_SHA1:\r
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;\r
- } \r
- break;\r
- case TPM_ALG_SHA256:\r
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;\r
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;\r
- }\r
- break;\r
- case TPM_ALG_SHA384:\r
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;\r
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;\r
- }\r
- break;\r
- case TPM_ALG_SHA512:\r
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;\r
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;\r
- }\r
- break;\r
- case TPM_ALG_SM3_256:\r
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;\r
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;\r
- }\r
- break;\r
- }\r
- }\r
- }\r
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePCRBanks);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r
\r