+++ /dev/null
-/** @file\r
- Measure TrEE required variable.\r
-\r
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials\r
-are licensed and made available under the terms and conditions of the BSD License\r
-which accompanies this distribution. The full text of the license may be found at\r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
-\r
-**/\r
-\r
-#include <PiDxe.h>\r
-#include <Guid/ImageAuthentication.h>\r
-#include <IndustryStandard/UefiTcgPlatform.h>\r
-#include <Protocol/TrEEProtocol.h>\r
-\r
-#include <Library/UefiBootServicesTableLib.h>\r
-#include <Library/UefiRuntimeServicesTableLib.h>\r
-#include <Library/MemoryAllocationLib.h>\r
-#include <Library/BaseMemoryLib.h>\r
-#include <Library/DebugLib.h>\r
-#include <Library/BaseLib.h>\r
-#include <Library/TpmMeasurementLib.h>\r
-\r
-typedef struct {\r
- CHAR16 *VariableName;\r
- EFI_GUID *VendorGuid;\r
-} VARIABLE_TYPE;\r
-\r
-VARIABLE_TYPE mVariableType[] = {\r
- {EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid},\r
- {EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid},\r
- {EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid},\r
- {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid},\r
- {EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid},\r
-};\r
-\r
-/**\r
- This function will return if this variable is SecureBootPolicy Variable.\r
-\r
- @param[in] VariableName A Null-terminated string that is the name of the vendor's variable.\r
- @param[in] VendorGuid A unique identifier for the vendor.\r
-\r
- @retval TRUE This is SecureBootPolicy Variable\r
- @retval FALSE This is not SecureBootPolicy Variable\r
-**/\r
-BOOLEAN\r
-IsSecureBootPolicyVariable (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid\r
- )\r
-{\r
- UINTN Index;\r
-\r
- for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {\r
- if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) && \r
- (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) {\r
- return TRUE;\r
- }\r
- }\r
- return FALSE;\r
-}\r
-\r
-/**\r
- Measure and log an EFI variable, and extend the measurement result into a specific PCR.\r
-\r
- @param[in] VarName A Null-terminated string that is the name of the vendor's variable.\r
- @param[in] VendorGuid A unique identifier for the vendor.\r
- @param[in] VarData The content of the variable data. \r
- @param[in] VarSize The size of the variable data. \r
- \r
- @retval EFI_SUCCESS Operation completed successfully.\r
- @retval EFI_OUT_OF_RESOURCES Out of memory.\r
- @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r
-\r
-**/\r
-EFI_STATUS\r
-EFIAPI\r
-MeasureVariable (\r
- IN CHAR16 *VarName,\r
- IN EFI_GUID *VendorGuid,\r
- IN VOID *VarData,\r
- IN UINTN VarSize\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN VarNameLength;\r
- EFI_VARIABLE_DATA_TREE *VarLog;\r
- UINT32 VarLogSize;\r
-\r
- ASSERT ((VarSize == 0 && VarData == NULL) || (VarSize != 0 && VarData != NULL));\r
-\r
- VarNameLength = StrLen (VarName);\r
- VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize\r
- - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));\r
-\r
- VarLog = (EFI_VARIABLE_DATA_TREE *) AllocateZeroPool (VarLogSize);\r
- if (VarLog == NULL) {\r
- return EFI_OUT_OF_RESOURCES;\r
- }\r
-\r
- CopyMem (&VarLog->VariableName, VendorGuid, sizeof(VarLog->VariableName));\r
- VarLog->UnicodeNameLength = VarNameLength;\r
- VarLog->VariableDataLength = VarSize;\r
- CopyMem (\r
- VarLog->UnicodeName,\r
- VarName,\r
- VarNameLength * sizeof (*VarName)\r
- );\r
- if (VarSize != 0) {\r
- CopyMem (\r
- (CHAR16 *)VarLog->UnicodeName + VarNameLength,\r
- VarData,\r
- VarSize\r
- );\r
- }\r
-\r
- DEBUG ((EFI_D_INFO, "AuthVariableDxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)7, (UINTN)EV_EFI_VARIABLE_AUTHORITY));\r
- DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));\r
-\r
- Status = TpmMeasureAndLogData (\r
- 7,\r
- EV_EFI_VARIABLE_DRIVER_CONFIG,\r
- VarLog,\r
- VarLogSize,\r
- VarLog,\r
- VarLogSize\r
- );\r
- FreePool (VarLog);\r
- return Status;\r
-}\r
-\r
-/**\r
- Returns the status whether get the variable success. The function retrieves \r
- variable through the UEFI Runtime Service GetVariable(). The \r
- returned buffer is allocated using AllocatePool(). The caller is responsible\r
- for freeing this buffer with FreePool().\r
-\r
- This API is only invoked in boot time. It may NOT be invoked at runtime.\r
-\r
- @param[in] Name The pointer to a Null-terminated Unicode string.\r
- @param[in] Guid The pointer to an EFI_GUID structure\r
- @param[out] Value The buffer point saved the variable info.\r
- @param[out] Size The buffer size of the variable.\r
-\r
- @return EFI_OUT_OF_RESOURCES Allocate buffer failed.\r
- @return EFI_SUCCESS Find the specified variable.\r
- @return Others Errors Return errors from call to gRT->GetVariable.\r
-\r
-**/\r
-EFI_STATUS\r
-InternalGetVariable (\r
- IN CONST CHAR16 *Name,\r
- IN CONST EFI_GUID *Guid,\r
- OUT VOID **Value,\r
- OUT UINTN *Size\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN BufferSize;\r
-\r
- //\r
- // Try to get the variable size.\r
- //\r
- BufferSize = 0;\r
- *Value = NULL;\r
- if (Size != NULL) {\r
- *Size = 0;\r
- }\r
- \r
- Status = gRT->GetVariable ((CHAR16 *) Name, (EFI_GUID *) Guid, NULL, &BufferSize, *Value);\r
- if (Status != EFI_BUFFER_TOO_SMALL) {\r
- return Status;\r
- }\r
-\r
- //\r
- // Allocate buffer to get the variable.\r
- //\r
- *Value = AllocatePool (BufferSize);\r
- ASSERT (*Value != NULL);\r
- if (*Value == NULL) {\r
- return EFI_OUT_OF_RESOURCES;\r
- }\r
-\r
- //\r
- // Get the variable data.\r
- //\r
- Status = gRT->GetVariable ((CHAR16 *) Name, (EFI_GUID *) Guid, NULL, &BufferSize, *Value);\r
- if (EFI_ERROR (Status)) {\r
- FreePool(*Value);\r
- *Value = NULL;\r
- }\r
-\r
- if (Size != NULL) {\r
- *Size = BufferSize;\r
- }\r
-\r
- return Status;\r
-}\r
-\r
-/**\r
- SecureBoot Hook for SetVariable.\r
-\r
- @param[in] VariableName Name of Variable to be found.\r
- @param[in] VendorGuid Variable vendor GUID.\r
-\r
-**/\r
-VOID\r
-EFIAPI\r
-SecureBootHook (\r
- IN CHAR16 *VariableName,\r
- IN EFI_GUID *VendorGuid\r
- )\r
-{\r
- EFI_STATUS Status;\r
- UINTN VariableDataSize;\r
- VOID *VariableData;\r
-\r
- if (!IsSecureBootPolicyVariable (VariableName, VendorGuid)) {\r
- return ;\r
- }\r
-\r
- //\r
- // We should NOT use Data and DataSize here,because it may include signature,\r
- // or is just partial with append attributes, or is deleted.\r
- // We should GetVariable again, to get full variable content.\r
- //\r
- Status = InternalGetVariable (\r
- VariableName,\r
- VendorGuid,\r
- &VariableData,\r
- &VariableDataSize\r
- );\r
- if (EFI_ERROR (Status)) {\r
- VariableData = NULL;\r
- VariableDataSize = 0;\r
- }\r
-\r
- Status = MeasureVariable (\r
- VariableName,\r
- VendorGuid,\r
- VariableData,\r
- VariableDataSize\r
- );\r
- DEBUG ((EFI_D_INFO, "MeasureBootPolicyVariable - %r\n", Status));\r
-\r
- if (VariableData != NULL) {\r
- FreePool (VariableData);\r
- }\r
-\r
- return ;\r
-}\r