From c1b0828b3ba8fa203033ede0c3329c0d5573719e Mon Sep 17 00:00:00 2001 From: "Zhang, Chao B" Date: Wed, 25 Jan 2017 12:50:55 +0800 Subject: [PATCH] SecurityPkg: Tcg2Dxe: Update PCR[4] measure logic MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Update PCR[4] measure logic for each boot attempt. 1. Measure event to PCR[4] instead of PCR[5] 2. Measure “Calling UEFI Application from Boot Option” http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf Cc: Star Zeng Cc: Yao Jiewen Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang Reviewed-by: Yao Jiewen --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index 9aa16dc659..860ee5946d 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -1648,8 +1648,9 @@ SetupEventLog ( } /** - Measure and log an action string, and extend the measurement result into PCR[5]. + Measure and log an action string, and extend the measurement result into PCR[PCRIndex]. + @param[in] PCRIndex PCRIndex to extend @param[in] String A specific string that indicates an Action event. @retval EFI_SUCCESS Operation completed successfully. @@ -1658,12 +1659,13 @@ SetupEventLog ( **/ EFI_STATUS TcgMeasureAction ( - IN CHAR8 *String + IN TPM_PCRINDEX PCRIndex, + IN CHAR8 *String ) { TCG_PCR_EVENT_HDR TcgEvent; - TcgEvent.PCRIndex = 5; + TcgEvent.PCRIndex = PCRIndex; TcgEvent.EventType = EV_EFI_ACTION; TcgEvent.EventSize = (UINT32)AsciiStrLen (String); return TcgDxeHashLogExtendEvent ( @@ -2180,6 +2182,7 @@ OnReadyToBoot ( // 1. This is the first boot attempt. // Status = TcgMeasureAction ( + 4, EFI_CALLING_EFI_APPLICATION ); if (EFI_ERROR (Status)) { @@ -2213,11 +2216,24 @@ OnReadyToBoot ( // 6. Not first attempt, meaning a return from last attempt // Status = TcgMeasureAction ( + 4, EFI_RETURNING_FROM_EFI_APPLICATOIN ); if (EFI_ERROR (Status)) { DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATOIN)); } + + // + // 7. Next boot attempt, measure "Calling EFI Application from Boot Option" again + // TCG PC Client PFP spec Section 2.4.4.5 Step 4 + // + Status = TcgMeasureAction ( + 4, + EFI_CALLING_EFI_APPLICATION + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION)); + } } DEBUG ((EFI_D_INFO, "TPM2 Tcg2Dxe Measure Data when ReadyToBoot\n")); @@ -2250,6 +2266,7 @@ OnExitBootServices ( // Measure invocation of ExitBootServices, // Status = TcgMeasureAction ( + 5, EFI_EXIT_BOOT_SERVICES_INVOCATION ); if (EFI_ERROR (Status)) { @@ -2260,6 +2277,7 @@ OnExitBootServices ( // Measure success of ExitBootServices // Status = TcgMeasureAction ( + 5, EFI_EXIT_BOOT_SERVICES_SUCCEEDED ); if (EFI_ERROR (Status)) { @@ -2289,6 +2307,7 @@ OnExitBootServicesFailed ( // Measure Failure of ExitBootServices, // Status = TcgMeasureAction ( + 5, EFI_EXIT_BOOT_SERVICES_FAILED ); if (EFI_ERROR (Status)) { -- 2.39.2