/** @file\r
Initialize TPM2 device and measure FVs before handing off control to DXE.\r
\r
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
#include <Library/PeiServicesTablePointerLib.h>\r
#include <Protocol/TrEEProtocol.h>\r
#include <Library/PerformanceLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/ReportStatusCodeLib.h>\r
\r
#define PERF_ID_TREE_PEI 0x3080\r
\r
typedef struct {\r
EFI_GUID *EventGuid;\r
TREE_EVENT_LOG_FORMAT LogFormat;\r
- UINT32 BootHashAlg;\r
- UINT16 DigestAlgID;\r
- TPMI_ALG_HASH TpmHashAlgo;\r
} TREE_EVENT_INFO_STRUCT;\r
\r
TREE_EVENT_INFO_STRUCT mTreeEventInfo[] = {\r
- {&gTcgEventEntryHobGuid, TREE_EVENT_LOG_FORMAT_TCG_1_2, TREE_BOOT_HASH_ALG_SHA1, 0, TPM_ALG_SHA1},\r
+ {&gTcgEventEntryHobGuid, TREE_EVENT_LOG_FORMAT_TCG_1_2},\r
};\r
\r
BOOLEAN mImageInMemory = FALSE;\r
NULL\r
};\r
\r
-EFI_PLATFORM_FIRMWARE_BLOB mMeasuredBaseFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
+EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {\r
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
+ &gPeiTpmInitializationDonePpiGuid,\r
+ NULL\r
+};\r
+\r
+EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;\r
UINT32 mMeasuredBaseFvIndex = 0;\r
\r
-EFI_PLATFORM_FIRMWARE_BLOB mMeasuredChildFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
+EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;\r
UINT32 mMeasuredChildFvIndex = 0;\r
\r
/**\r
\r
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;\r
\r
-/**\r
- This function return hash algorithm from event log format.\r
-\r
- @param[in] EventLogFormat Event log format.\r
-\r
- @return hash algorithm.\r
-**/\r
-TPMI_ALG_HASH\r
-TrEEGetHashAlgoFromLogFormat (\r
- IN TREE_EVENT_LOG_FORMAT EventLogFormat\r
- )\r
-{\r
- UINTN Index;\r
-\r
- for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) {\r
- if (mTreeEventInfo[Index].LogFormat == EventLogFormat) {\r
- return mTreeEventInfo[Index].TpmHashAlgo;\r
- }\r
- }\r
- return TPM_ALG_SHA1;\r
-}\r
-\r
-/**\r
- This function get digest from digest list.\r
-\r
- @param HashAlg digest algorithm\r
- @param DigestList digest list\r
- @param Digest digest\r
-\r
- @retval EFI_SUCCESS Sha1Digest is found and returned.\r
- @retval EFI_NOT_FOUND Sha1Digest is not found.\r
-**/\r
-EFI_STATUS\r
-Tpm2GetDigestFromDigestList (\r
- IN TPMI_ALG_HASH HashAlg,\r
- IN TPML_DIGEST_VALUES *DigestList,\r
- IN VOID *Digest\r
- )\r
-{\r
- UINTN Index;\r
- UINT16 DigestSize;\r
-\r
- DigestSize = GetHashSizeFromAlgo (HashAlg);\r
- for (Index = 0; Index < DigestList->count; Index++) {\r
- if (DigestList->digests[Index].hashAlg == HashAlg) {\r
- CopyMem (\r
- Digest,\r
- &DigestList->digests[Index].digest,\r
- DigestSize\r
- );\r
- return EFI_SUCCESS;\r
- }\r
- }\r
-\r
- return EFI_NOT_FOUND;\r
-}\r
-\r
/**\r
Record all measured Firmware Volum Information into a Guid Hob\r
Guid Hob payload layout is \r
DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].LogFormat));\r
switch (mTreeEventInfo[Index].LogFormat) {\r
case TREE_EVENT_LOG_FORMAT_TCG_1_2:\r
- Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);\r
+ Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);\r
if (!EFI_ERROR (Status)) {\r
HobData = BuildGuidHob (\r
&gTcgEventEntryHobGuid,\r
EFI_STATUS Status;\r
TPML_DIGEST_VALUES DigestList;\r
\r
+ if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
+\r
Status = HashAndExtend (\r
NewEventHdr->PCRIndex,\r
HashData,\r
Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);\r
}\r
}\r
+ \r
+ if (Status == EFI_DEVICE_ERROR) {\r
+ DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));\r
+ BuildGuidHob (&gTpmErrorHobGuid,0);\r
+ REPORT_STATUS_CODE (\r
+ EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+ (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+ );\r
+ }\r
+\r
return Status;\r
}\r
\r
&TcgEventHdr,\r
(UINT8*) &FvBlob\r
);\r
- ASSERT_EFI_ERROR (Status);\r
\r
//\r
// Add new FV into the measured FV list.\r
//\r
- ASSERT (mMeasuredBaseFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
- if (mMeasuredBaseFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase;\r
mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength;\r
mMeasuredBaseFvIndex++;\r
//\r
if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {\r
\r
- ASSERT (mMeasuredChildFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
- if (mMeasuredChildFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
//\r
// Check whether FV is in the measured child FV list.\r
//\r
);\r
// Do not check status, because it is optional\r
\r
+ mMeasuredBaseFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ ASSERT (mMeasuredBaseFvInfo != NULL);\r
+ mMeasuredChildFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ ASSERT (mMeasuredChildFvInfo != NULL);\r
+ \r
if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {\r
Status = MeasureCRTMVersion ();\r
- ASSERT_EFI_ERROR (Status);\r
}\r
\r
Status = MeasureMainBios ();\r
)\r
{\r
EFI_STATUS Status;\r
+ EFI_STATUS Status2;\r
EFI_BOOT_MODE BootMode;\r
\r
if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||\r
return EFI_UNSUPPORTED;\r
}\r
\r
- //\r
- // Update for Performance optimization\r
- //\r
- Status = Tpm2RequestUseTpm ();\r
- if (EFI_ERROR (Status)) {\r
- DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));\r
- return Status;\r
+ if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
+ DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));\r
+ return EFI_DEVICE_ERROR;\r
}\r
\r
Status = PeiServicesGetBootMode (&BootMode);\r
//\r
// Initialize TPM device\r
//\r
+ Status = Tpm2RequestUseTpm ();\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n"));\r
+ goto Done;\r
+ }\r
+\r
if (PcdGet8 (PcdTpm2InitializationPolicy) == 1) {\r
if (BootMode == BOOT_ON_S3_RESUME) {\r
Status = Tpm2Startup (TPM_SU_STATE);\r
Status = Tpm2Startup (TPM_SU_CLEAR);\r
}\r
if (EFI_ERROR (Status) ) {\r
- return Status;\r
+ goto Done;\r
}\r
}\r
\r
if (PcdGet8 (PcdTpm2SelfTestPolicy) == 1) {\r
Status = Tpm2SelfTest (NO);\r
if (EFI_ERROR (Status)) {\r
- return Status;\r
+ goto Done;\r
}\r
}\r
}\r
\r
+ //\r
+ // Only intall TpmInitializedPpi on success\r
+ //\r
Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);\r
ASSERT_EFI_ERROR (Status);\r
}\r
\r
if (mImageInMemory) {\r
Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
+ return Status;\r
+ }\r
+\r
+Done:\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));\r
+ BuildGuidHob (&gTpmErrorHobGuid,0);\r
+ REPORT_STATUS_CODE (\r
+ EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+ (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+ );\r
}\r
+ //\r
+ // Always intall TpmInitializationDonePpi no matter success or fail.\r
+ // Other driver can know TPM initialization state by TpmInitializedPpi.\r
+ //\r
+ Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);\r
+ ASSERT_EFI_ERROR (Status2);\r
\r
return Status;\r
}\r