ArmPkg: only attempt buildin MmCommunicationDxe for AArch64
[mirror_edk2.git] / SecurityPkg / Library / DxeTpmMeasureBootLib / DxeTpmMeasureBootLib.c
CommitLineData
0c18794e 1/** @file\r
b3548d32 2 The library instance provides security service of TPM measure boot.\r
0c18794e 3\r
dc204d5a
JY
4 Caution: This file requires additional review when modified.\r
5 This library will have external input - PE/COFF image and GPT partition.\r
6 This external input must be validated carefully to avoid security issue like\r
7 buffer overflow, integer overflow.\r
8\r
9 DxeTpmMeasureBootLibImageRead() function will make sure the PE/COFF image content\r
10 read is within the image buffer.\r
11\r
12 TcgMeasurePeImage() function will accept untrusted PE/COFF image and validate its\r
13 data structure within this image buffer before use.\r
14\r
15 TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse\r
16 partition data carefully.\r
17\r
b3548d32 18Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
289b714b 19SPDX-License-Identifier: BSD-2-Clause-Patent\r
0c18794e 20\r
21**/\r
22\r
23#include <PiDxe.h>\r
24\r
25#include <Protocol/TcgService.h>\r
0c18794e 26#include <Protocol/BlockIo.h>\r
27#include <Protocol/DiskIo.h>\r
2aadc920 28#include <Protocol/FirmwareVolumeBlock.h>\r
29\r
0758c830 30#include <Guid/MeasuredFvHob.h>\r
0c18794e 31\r
32#include <Library/BaseLib.h>\r
33#include <Library/DebugLib.h>\r
34#include <Library/BaseMemoryLib.h>\r
35#include <Library/MemoryAllocationLib.h>\r
36#include <Library/DevicePathLib.h>\r
37#include <Library/UefiBootServicesTableLib.h>\r
38#include <Library/BaseCryptLib.h>\r
39#include <Library/PeCoffLib.h>\r
40#include <Library/SecurityManagementLib.h>\r
2aadc920 41#include <Library/HobLib.h>\r
0c18794e 42\r
43//\r
44// Flag to check GPT partition. It only need be measured once.\r
45//\r
46BOOLEAN mMeasureGptTableFlag = FALSE;\r
0c18794e 47UINTN mMeasureGptCount = 0;\r
28186d45 48VOID *mFileBuffer;\r
a00bd8e0 49UINTN mTpmImageSize;\r
2aadc920 50//\r
51// Measured FV handle cache\r
52//\r
53EFI_HANDLE mCacheMeasuredHandle = NULL;\r
0758c830 54MEASURED_HOB_DATA *mMeasuredHobData = NULL;\r
0c18794e 55\r
56/**\r
57 Reads contents of a PE/COFF image in memory buffer.\r
58\r
dc204d5a
JY
59 Caution: This function may receive untrusted input.\r
60 PE/COFF image is external input, so this function will make sure the PE/COFF image content\r
61 read is within the image buffer.\r
62\r
0c18794e 63 @param FileHandle Pointer to the file handle to read the PE/COFF image.\r
64 @param FileOffset Offset into the PE/COFF image to begin the read operation.\r
b3548d32 65 @param ReadSize On input, the size in bytes of the requested read operation.\r
0c18794e 66 On output, the number of bytes actually read.\r
67 @param Buffer Output buffer that contains the data read from the PE/COFF image.\r
b3548d32
LG
68\r
69 @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size\r
0c18794e 70**/\r
71EFI_STATUS\r
72EFIAPI\r
e0192326 73DxeTpmMeasureBootLibImageRead (\r
0c18794e 74 IN VOID *FileHandle,\r
75 IN UINTN FileOffset,\r
76 IN OUT UINTN *ReadSize,\r
77 OUT VOID *Buffer\r
78 )\r
79{\r
28186d45
ED
80 UINTN EndPosition;\r
81\r
82 if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {\r
83 return EFI_INVALID_PARAMETER;\r
84 }\r
85\r
86 if (MAX_ADDRESS - FileOffset < *ReadSize) {\r
87 return EFI_INVALID_PARAMETER;\r
88 }\r
89\r
90 EndPosition = FileOffset + *ReadSize;\r
a00bd8e0
ED
91 if (EndPosition > mTpmImageSize) {\r
92 *ReadSize = (UINT32)(mTpmImageSize - FileOffset);\r
28186d45
ED
93 }\r
94\r
a00bd8e0 95 if (FileOffset >= mTpmImageSize) {\r
28186d45
ED
96 *ReadSize = 0;\r
97 }\r
98\r
0c18794e 99 CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);\r
28186d45 100\r
0c18794e 101 return EFI_SUCCESS;\r
102}\r
103\r
104/**\r
105 Measure GPT table data into TPM log.\r
106\r
dc204d5a
JY
107 Caution: This function may receive untrusted input.\r
108 The GPT partition table is external input, so this function should parse partition data carefully.\r
109\r
0c18794e 110 @param TcgProtocol Pointer to the located TCG protocol instance.\r
111 @param GptHandle Handle that GPT partition was installed.\r
112\r
113 @retval EFI_SUCCESS Successfully measure GPT table.\r
114 @retval EFI_UNSUPPORTED Not support GPT table on the given handle.\r
115 @retval EFI_DEVICE_ERROR Can't get GPT table because device error.\r
116 @retval EFI_OUT_OF_RESOURCES No enough resource to measure GPT table.\r
117 @retval other error value\r
118**/\r
119EFI_STATUS\r
120EFIAPI\r
121TcgMeasureGptTable (\r
122 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
123 IN EFI_HANDLE GptHandle\r
124 )\r
125{\r
126 EFI_STATUS Status;\r
127 EFI_BLOCK_IO_PROTOCOL *BlockIo;\r
128 EFI_DISK_IO_PROTOCOL *DiskIo;\r
129 EFI_PARTITION_TABLE_HEADER *PrimaryHeader;\r
130 EFI_PARTITION_ENTRY *PartitionEntry;\r
131 UINT8 *EntryPtr;\r
132 UINTN NumberOfPartition;\r
133 UINT32 Index;\r
134 TCG_PCR_EVENT *TcgEvent;\r
135 EFI_GPT_DATA *GptData;\r
136 UINT32 EventSize;\r
137 UINT32 EventNumber;\r
138 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
139\r
140 if (mMeasureGptCount > 0) {\r
141 return EFI_SUCCESS;\r
142 }\r
143\r
144 Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo);\r
145 if (EFI_ERROR (Status)) {\r
146 return EFI_UNSUPPORTED;\r
147 }\r
148 Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);\r
149 if (EFI_ERROR (Status)) {\r
150 return EFI_UNSUPPORTED;\r
151 }\r
152 //\r
153 // Read the EFI Partition Table Header\r
b3548d32 154 //\r
0c18794e 155 PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);\r
156 if (PrimaryHeader == NULL) {\r
157 return EFI_OUT_OF_RESOURCES;\r
b3548d32 158 }\r
0c18794e 159 Status = DiskIo->ReadDisk (\r
160 DiskIo,\r
161 BlockIo->Media->MediaId,\r
162 1 * BlockIo->Media->BlockSize,\r
163 BlockIo->Media->BlockSize,\r
164 (UINT8 *)PrimaryHeader\r
165 );\r
166 if (EFI_ERROR (Status)) {\r
167 DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n"));\r
168 FreePool (PrimaryHeader);\r
169 return EFI_DEVICE_ERROR;\r
b3548d32 170 }\r
0c18794e 171 //\r
172 // Read the partition entry.\r
173 //\r
174 EntryPtr = (UINT8 *)AllocatePool (PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry);\r
175 if (EntryPtr == NULL) {\r
176 FreePool (PrimaryHeader);\r
177 return EFI_OUT_OF_RESOURCES;\r
178 }\r
179 Status = DiskIo->ReadDisk (\r
180 DiskIo,\r
181 BlockIo->Media->MediaId,\r
182 MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),\r
183 PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,\r
184 EntryPtr\r
185 );\r
186 if (EFI_ERROR (Status)) {\r
187 FreePool (PrimaryHeader);\r
188 FreePool (EntryPtr);\r
189 return EFI_DEVICE_ERROR;\r
190 }\r
b3548d32 191\r
0c18794e 192 //\r
193 // Count the valid partition\r
194 //\r
195 PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;\r
196 NumberOfPartition = 0;\r
197 for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
965268ea 198 if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {\r
b3548d32 199 NumberOfPartition++;\r
0c18794e 200 }\r
2ea3b920 201 PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);\r
0c18794e 202 }\r
203\r
204 //\r
2ea3b920 205 // Prepare Data for Measurement\r
b3548d32
LG
206 //\r
207 EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)\r
0c18794e 208 + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);\r
2ea3b920 209 TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));\r
0c18794e 210 if (TcgEvent == NULL) {\r
211 FreePool (PrimaryHeader);\r
212 FreePool (EntryPtr);\r
213 return EFI_OUT_OF_RESOURCES;\r
214 }\r
215\r
216 TcgEvent->PCRIndex = 5;\r
217 TcgEvent->EventType = EV_EFI_GPT_EVENT;\r
218 TcgEvent->EventSize = EventSize;\r
b3548d32 219 GptData = (EFI_GPT_DATA *) TcgEvent->Event;\r
0c18794e 220\r
221 //\r
222 // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition\r
b3548d32 223 //\r
0c18794e 224 CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));\r
225 GptData->NumberOfPartitions = NumberOfPartition;\r
226 //\r
227 // Copy the valid partition entry\r
228 //\r
229 PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr;\r
230 NumberOfPartition = 0;\r
231 for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
965268ea 232 if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {\r
0c18794e 233 CopyMem (\r
2ea3b920 234 (UINT8 *)&GptData->Partitions + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry,\r
0c18794e 235 (UINT8 *)PartitionEntry,\r
2ea3b920 236 PrimaryHeader->SizeOfPartitionEntry\r
0c18794e 237 );\r
238 NumberOfPartition++;\r
239 }\r
2ea3b920 240 PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);\r
0c18794e 241 }\r
242\r
243 //\r
244 // Measure the GPT data\r
245 //\r
246 EventNumber = 1;\r
247 Status = TcgProtocol->HashLogExtendEvent (\r
248 TcgProtocol,\r
249 (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData,\r
250 (UINT64) TcgEvent->EventSize,\r
251 TPM_ALG_SHA,\r
252 TcgEvent,\r
253 &EventNumber,\r
254 &EventLogLastEntry\r
255 );\r
256 if (!EFI_ERROR (Status)) {\r
257 mMeasureGptCount++;\r
258 }\r
259\r
260 FreePool (PrimaryHeader);\r
261 FreePool (EntryPtr);\r
262 FreePool (TcgEvent);\r
263\r
264 return Status;\r
265}\r
266\r
267/**\r
268 Measure PE image into TPM log based on the authenticode image hashing in\r
269 PE/COFF Specification 8.0 Appendix A.\r
270\r
dc204d5a
JY
271 Caution: This function may receive untrusted input.\r
272 PE/COFF image is external input, so this function will validate its data structure\r
273 within this image buffer before use.\r
274\r
b3548d32 275 Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in\r
e39d0569
LG
276 its caller function DxeTpmMeasureBootHandler().\r
277\r
0c18794e 278 @param[in] TcgProtocol Pointer to the located TCG protocol instance.\r
279 @param[in] ImageAddress Start address of image buffer.\r
280 @param[in] ImageSize Image size\r
281 @param[in] LinkTimeBase Address that the image is loaded into memory.\r
282 @param[in] ImageType Image subsystem type.\r
283 @param[in] FilePath File path is corresponding to the input image.\r
284\r
285 @retval EFI_SUCCESS Successfully measure image.\r
286 @retval EFI_OUT_OF_RESOURCES No enough resource to measure image.\r
b3548d32 287 @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.\r
0c18794e 288 @retval other error value\r
551d8081 289\r
0c18794e 290**/\r
291EFI_STATUS\r
292EFIAPI\r
293TcgMeasurePeImage (\r
294 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
295 IN EFI_PHYSICAL_ADDRESS ImageAddress,\r
296 IN UINTN ImageSize,\r
297 IN UINTN LinkTimeBase,\r
298 IN UINT16 ImageType,\r
299 IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
300 )\r
301{\r
551d8081 302 EFI_STATUS Status;\r
303 TCG_PCR_EVENT *TcgEvent;\r
304 EFI_IMAGE_LOAD_EVENT *ImageLoad;\r
305 UINT32 FilePathSize;\r
306 VOID *Sha1Ctx;\r
307 UINTN CtxSize;\r
308 EFI_IMAGE_DOS_HEADER *DosHdr;\r
309 UINT32 PeCoffHeaderOffset;\r
310 EFI_IMAGE_SECTION_HEADER *Section;\r
311 UINT8 *HashBase;\r
312 UINTN HashSize;\r
313 UINTN SumOfBytesHashed;\r
314 EFI_IMAGE_SECTION_HEADER *SectionHeader;\r
315 UINTN Index;\r
316 UINTN Pos;\r
551d8081 317 UINT32 EventSize;\r
318 UINT32 EventNumber;\r
319 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
0c18794e 320 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;\r
551d8081 321 UINT32 NumberOfRvaAndSizes;\r
322 BOOLEAN HashStatus;\r
323 UINT32 CertSize;\r
0c18794e 324\r
551d8081 325 Status = EFI_UNSUPPORTED;\r
0c18794e 326 ImageLoad = NULL;\r
327 SectionHeader = NULL;\r
328 Sha1Ctx = NULL;\r
329 FilePathSize = (UINT32) GetDevicePathSize (FilePath);\r
330\r
331 //\r
332 // Determine destination PCR by BootPolicy\r
333 //\r
334 EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize;\r
335 TcgEvent = AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT));\r
336 if (TcgEvent == NULL) {\r
337 return EFI_OUT_OF_RESOURCES;\r
338 }\r
339\r
340 TcgEvent->EventSize = EventSize;\r
341 ImageLoad = (EFI_IMAGE_LOAD_EVENT *) TcgEvent->Event;\r
342\r
343 switch (ImageType) {\r
344 case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:\r
345 TcgEvent->EventType = EV_EFI_BOOT_SERVICES_APPLICATION;\r
346 TcgEvent->PCRIndex = 4;\r
347 break;\r
348 case EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:\r
349 TcgEvent->EventType = EV_EFI_BOOT_SERVICES_DRIVER;\r
350 TcgEvent->PCRIndex = 2;\r
351 break;\r
352 case EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:\r
353 TcgEvent->EventType = EV_EFI_RUNTIME_SERVICES_DRIVER;\r
354 TcgEvent->PCRIndex = 2;\r
355 break;\r
356 default:\r
357 DEBUG ((\r
358 EFI_D_ERROR,\r
359 "TcgMeasurePeImage: Unknown subsystem type %d",\r
360 ImageType\r
361 ));\r
0c18794e 362 goto Finish;\r
363 }\r
364\r
365 ImageLoad->ImageLocationInMemory = ImageAddress;\r
366 ImageLoad->ImageLengthInMemory = ImageSize;\r
367 ImageLoad->ImageLinkTimeAddress = LinkTimeBase;\r
368 ImageLoad->LengthOfDevicePath = FilePathSize;\r
7a1f792d
ED
369 if ((FilePath != NULL) && (FilePathSize != 0)) {\r
370 CopyMem (ImageLoad->DevicePath, FilePath, FilePathSize);\r
371 }\r
0c18794e 372\r
373 //\r
374 // Check PE/COFF image\r
375 //\r
376 DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress;\r
377 PeCoffHeaderOffset = 0;\r
378 if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {\r
379 PeCoffHeaderOffset = DosHdr->e_lfanew;\r
380 }\r
551d8081 381\r
382 Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset);\r
383 if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {\r
0c18794e 384 goto Finish;\r
385 }\r
386\r
387 //\r
388 // PE/COFF Image Measurement\r
389 //\r
390 // NOTE: The following codes/steps are based upon the authenticode image hashing in\r
391 // PE/COFF Specification 8.0 Appendix A.\r
392 //\r
393 //\r
394\r
395 // 1. Load the image header into memory.\r
396\r
397 // 2. Initialize a SHA hash context.\r
398 CtxSize = Sha1GetContextSize ();\r
399 Sha1Ctx = AllocatePool (CtxSize);\r
400 if (Sha1Ctx == NULL) {\r
401 Status = EFI_OUT_OF_RESOURCES;\r
402 goto Finish;\r
403 }\r
404\r
551d8081 405 HashStatus = Sha1Init (Sha1Ctx);\r
406 if (!HashStatus) {\r
407 goto Finish;\r
408 }\r
0c18794e 409\r
410 //\r
411 // Measuring PE/COFF Image Header;\r
412 // But CheckSum field and SECURITY data directory (certificate) are excluded\r
413 //\r
b3548d32 414\r
0c18794e 415 //\r
416 // 3. Calculate the distance from the base of the image header to the image checksum address.\r
417 // 4. Hash the image header from its base to beginning of the image checksum.\r
418 //\r
419 HashBase = (UINT8 *) (UINTN) ImageAddress;\r
f199664c 420 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
0c18794e 421 //\r
422 // Use PE32 offset\r
423 //\r
551d8081 424 NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes;\r
4333b99d 425 HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase;\r
0c18794e 426 } else {\r
427 //\r
428 // Use PE32+ offset\r
429 //\r
551d8081 430 NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;\r
4333b99d 431 HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase;\r
0c18794e 432 }\r
433\r
551d8081 434 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
435 if (!HashStatus) {\r
436 goto Finish;\r
b3548d32 437 }\r
0c18794e 438\r
439 //\r
440 // 5. Skip over the image checksum (it occupies a single ULONG).\r
0c18794e 441 //\r
551d8081 442 if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {\r
0c18794e 443 //\r
551d8081 444 // 6. Since there is no Cert Directory in optional header, hash everything\r
445 // from the end of the checksum to the end of image header.\r
0c18794e 446 //\r
f199664c 447 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
551d8081 448 //\r
449 // Use PE32 offset.\r
450 //\r
451 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);\r
452 HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
453 } else {\r
454 //\r
455 // Use PE32+ offset.\r
456 //\r
457 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);\r
458 HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
459 }\r
460\r
461 if (HashSize != 0) {\r
462 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
463 if (!HashStatus) {\r
464 goto Finish;\r
465 }\r
b3548d32 466 }\r
0c18794e 467 } else {\r
468 //\r
551d8081 469 // 7. Hash everything from the end of the checksum to the start of the Cert Directory.\r
470 //\r
f199664c 471 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
551d8081 472 //\r
473 // Use PE32 offset\r
474 //\r
475 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);\r
4333b99d 476 HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;\r
551d8081 477 } else {\r
478 //\r
479 // Use PE32+ offset\r
b3548d32 480 //\r
551d8081 481 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);\r
4333b99d 482 HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;\r
551d8081 483 }\r
0c18794e 484\r
551d8081 485 if (HashSize != 0) {\r
486 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
487 if (!HashStatus) {\r
488 goto Finish;\r
489 }\r
490 }\r
0c18794e 491\r
0c18794e 492 //\r
551d8081 493 // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)\r
494 // 9. Hash everything from the end of the Cert Directory to the end of image header.\r
0c18794e 495 //\r
f199664c 496 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
551d8081 497 //\r
498 // Use PE32 offset\r
499 //\r
500 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r
501 HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
502 } else {\r
503 //\r
504 // Use PE32+ offset\r
505 //\r
506 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r
507 HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
508 }\r
b3548d32 509\r
551d8081 510 if (HashSize != 0) {\r
511 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
512 if (!HashStatus) {\r
513 goto Finish;\r
514 }\r
515 }\r
0c18794e 516 }\r
0c18794e 517\r
518 //\r
519 // 10. Set the SUM_OF_BYTES_HASHED to the size of the header\r
520 //\r
f199664c 521 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
0c18794e 522 //\r
523 // Use PE32 offset\r
524 //\r
525 SumOfBytesHashed = Hdr.Pe32->OptionalHeader.SizeOfHeaders;\r
526 } else {\r
527 //\r
528 // Use PE32+ offset\r
529 //\r
530 SumOfBytesHashed = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders;\r
531 }\r
532\r
533 //\r
534 // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER\r
535 // structures in the image. The 'NumberOfSections' field of the image\r
536 // header indicates how big the table should be. Do not include any\r
537 // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.\r
538 //\r
551d8081 539 SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);\r
0c18794e 540 if (SectionHeader == NULL) {\r
541 Status = EFI_OUT_OF_RESOURCES;\r
542 goto Finish;\r
543 }\r
544\r
545 //\r
546 // 12. Using the 'PointerToRawData' in the referenced section headers as\r
547 // a key, arrange the elements in the table in ascending order. In other\r
548 // words, sort the section headers according to the disk-file offset of\r
549 // the section.\r
550 //\r
551 Section = (EFI_IMAGE_SECTION_HEADER *) (\r
552 (UINT8 *) (UINTN) ImageAddress +\r
553 PeCoffHeaderOffset +\r
554 sizeof(UINT32) +\r
555 sizeof(EFI_IMAGE_FILE_HEADER) +\r
556 Hdr.Pe32->FileHeader.SizeOfOptionalHeader\r
557 );\r
558 for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {\r
559 Pos = Index;\r
560 while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {\r
561 CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER));\r
562 Pos--;\r
563 }\r
564 CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER));\r
565 Section += 1;\r
566 }\r
567\r
568 //\r
569 // 13. Walk through the sorted table, bring the corresponding section\r
570 // into memory, and hash the entire section (using the 'SizeOfRawData'\r
571 // field in the section header to determine the amount of data to hash).\r
572 // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .\r
573 // 15. Repeat steps 13 and 14 for all the sections in the sorted table.\r
574 //\r
575 for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {\r
576 Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index];\r
577 if (Section->SizeOfRawData == 0) {\r
578 continue;\r
579 }\r
580 HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData;\r
581 HashSize = (UINTN) Section->SizeOfRawData;\r
582\r
551d8081 583 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
584 if (!HashStatus) {\r
585 goto Finish;\r
586 }\r
0c18794e 587\r
588 SumOfBytesHashed += HashSize;\r
589 }\r
590\r
591 //\r
592 // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra\r
593 // data in the file that needs to be added to the hash. This data begins\r
594 // at file offset SUM_OF_BYTES_HASHED and its length is:\r
595 // FileSize - (CertDirectory->Size)\r
596 //\r
597 if (ImageSize > SumOfBytesHashed) {\r
598 HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed;\r
551d8081 599\r
600 if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {\r
601 CertSize = 0;\r
0c18794e 602 } else {\r
f199664c 603 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
551d8081 604 //\r
605 // Use PE32 offset.\r
606 //\r
607 CertSize = Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;\r
608 } else {\r
609 //\r
610 // Use PE32+ offset.\r
611 //\r
612 CertSize = Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;\r
28186d45 613 }\r
0c18794e 614 }\r
615\r
551d8081 616 if (ImageSize > CertSize + SumOfBytesHashed) {\r
617 HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed);\r
618\r
619 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
620 if (!HashStatus) {\r
621 goto Finish;\r
622 }\r
623 } else if (ImageSize < CertSize + SumOfBytesHashed) {\r
624 goto Finish;\r
625 }\r
0c18794e 626 }\r
627\r
628 //\r
629 // 17. Finalize the SHA hash.\r
630 //\r
551d8081 631 HashStatus = Sha1Final (Sha1Ctx, (UINT8 *) &TcgEvent->Digest);\r
632 if (!HashStatus) {\r
633 goto Finish;\r
634 }\r
0c18794e 635\r
636 //\r
637 // Log the PE data\r
638 //\r
639 EventNumber = 1;\r
640 Status = TcgProtocol->HashLogExtendEvent (\r
641 TcgProtocol,\r
642 (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) NULL,\r
643 0,\r
644 TPM_ALG_SHA,\r
645 TcgEvent,\r
646 &EventNumber,\r
647 &EventLogLastEntry\r
648 );\r
772b6011 649 if (Status == EFI_OUT_OF_RESOURCES) {\r
650 //\r
651 // Out of resource here means the image is hashed and its result is extended to PCR.\r
d6b926e7 652 // But the event log can't be saved since log area is full.\r
772b6011 653 // Just return EFI_SUCCESS in order not to block the image load.\r
654 //\r
655 Status = EFI_SUCCESS;\r
656 }\r
0c18794e 657\r
658Finish:\r
659 FreePool (TcgEvent);\r
660\r
661 if (SectionHeader != NULL) {\r
662 FreePool (SectionHeader);\r
663 }\r
664\r
665 if (Sha1Ctx != NULL ) {\r
666 FreePool (Sha1Ctx);\r
667 }\r
668 return Status;\r
669}\r
670\r
671/**\r
b3548d32
LG
672 The security handler is used to abstract platform-specific policy\r
673 from the DXE core response to an attempt to use a file that returns a\r
674 given status for the authentication check from the section extraction protocol.\r
0c18794e 675\r
b3548d32
LG
676 The possible responses in a given SAP implementation may include locking\r
677 flash upon failure to authenticate, attestation logging for all signed drivers,\r
678 and other exception operations. The File parameter allows for possible logging\r
0c18794e 679 within the SAP of the driver.\r
680\r
b3548d32 681 If the file specified by File with an authentication status specified by\r
0c18794e 682 AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
683\r
b3548d32
LG
684 If the file specified by File with an authentication status specified by\r
685 AuthenticationStatus is not safe for the DXE Core to use under any circumstances,\r
0c18794e 686 then EFI_ACCESS_DENIED is returned.\r
687\r
b3548d32
LG
688 If the file specified by File with an authentication status specified by\r
689 AuthenticationStatus is not safe for the DXE Core to use right now, but it\r
690 might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
0c18794e 691 returned.\r
692\r
1755932f
GJ
693 If check image specified by FileBuffer and File is NULL meanwhile, return EFI_ACCESS_DENIED.\r
694\r
5db28a67 695 @param[in] AuthenticationStatus This is the authentication status returned\r
0c18794e 696 from the securitymeasurement services for the\r
697 input file.\r
698 @param[in] File This is a pointer to the device path of the file that is\r
699 being dispatched. This will optionally be used for logging.\r
700 @param[in] FileBuffer File buffer matches the input file device path.\r
701 @param[in] FileSize Size of File buffer matches the input file device path.\r
5db28a67 702 @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
0c18794e 703\r
5db28a67
LG
704 @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
705 FileBuffer did authenticate, and the platform policy dictates\r
706 that the DXE Foundation may use the file.\r
707 @retval other error value\r
0c18794e 708**/\r
709EFI_STATUS\r
710EFIAPI\r
711DxeTpmMeasureBootHandler (\r
5db28a67 712 IN UINT32 AuthenticationStatus,\r
1755932f 713 IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL\r
5db28a67
LG
714 IN VOID *FileBuffer,\r
715 IN UINTN FileSize,\r
716 IN BOOLEAN BootPolicy\r
0c18794e 717 )\r
718{\r
2aadc920 719 EFI_TCG_PROTOCOL *TcgProtocol;\r
720 EFI_STATUS Status;\r
721 TCG_EFI_BOOT_SERVICE_CAPABILITY ProtocolCapability;\r
722 UINT32 TCGFeatureFlags;\r
723 EFI_PHYSICAL_ADDRESS EventLogLocation;\r
724 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
725 EFI_DEVICE_PATH_PROTOCOL *DevicePathNode;\r
726 EFI_DEVICE_PATH_PROTOCOL *OrigDevicePathNode;\r
727 EFI_HANDLE Handle;\r
728 EFI_HANDLE TempHandle;\r
729 BOOLEAN ApplicationRequired;\r
730 PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;\r
731 EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;\r
732 EFI_PHYSICAL_ADDRESS FvAddress;\r
2aadc920 733 UINT32 Index;\r
0c18794e 734\r
0c18794e 735 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
736 if (EFI_ERROR (Status)) {\r
737 //\r
738 // TCG protocol is not installed. So, TPM is not present.\r
739 // Don't do any measurement, and directly return EFI_SUCCESS.\r
740 //\r
741 return EFI_SUCCESS;\r
742 }\r
743\r
744 ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);\r
745 Status = TcgProtocol->StatusCheck (\r
b3548d32 746 TcgProtocol,\r
0c18794e 747 &ProtocolCapability,\r
748 &TCGFeatureFlags,\r
749 &EventLogLocation,\r
750 &EventLogLastEntry\r
751 );\r
6f785cfc 752 if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) {\r
0c18794e 753 //\r
754 // TPM device doesn't work or activate.\r
755 //\r
756 return EFI_SUCCESS;\r
757 }\r
758\r
759 //\r
760 // Copy File Device Path\r
761 //\r
762 OrigDevicePathNode = DuplicateDevicePath (File);\r
b3548d32 763\r
0c18794e 764 //\r
765 // 1. Check whether this device path support BlockIo protocol.\r
766 // Is so, this device path may be a GPT device path.\r
767 //\r
768 DevicePathNode = OrigDevicePathNode;\r
769 Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);\r
770 if (!EFI_ERROR (Status) && !mMeasureGptTableFlag) {\r
771 //\r
fc70522f 772 // Find the gpt partition on the given devicepath\r
0c18794e 773 //\r
774 DevicePathNode = OrigDevicePathNode;\r
4dbb98ab 775 ASSERT (DevicePathNode != NULL);\r
0c18794e 776 while (!IsDevicePathEnd (DevicePathNode)) {\r
777 //\r
778 // Find the Gpt partition\r
779 //\r
780 if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&\r
781 DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {\r
782 //\r
783 // Check whether it is a gpt partition or not\r
b3548d32
LG
784 //\r
785 if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&\r
0c18794e 786 ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {\r
787\r
788 //\r
789 // Change the partition device path to its parent device path (disk) and get the handle.\r
790 //\r
791 DevicePathNode->Type = END_DEVICE_PATH_TYPE;\r
792 DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE;\r
793 DevicePathNode = OrigDevicePathNode;\r
794 Status = gBS->LocateDevicePath (\r
795 &gEfiDiskIoProtocolGuid,\r
796 &DevicePathNode,\r
797 &Handle\r
798 );\r
799 if (!EFI_ERROR (Status)) {\r
800 //\r
801 // Measure GPT disk.\r
802 //\r
803 Status = TcgMeasureGptTable (TcgProtocol, Handle);\r
804 if (!EFI_ERROR (Status)) {\r
805 //\r
806 // GPT disk check done.\r
807 //\r
808 mMeasureGptTableFlag = TRUE;\r
809 }\r
810 }\r
811 FreePool (OrigDevicePathNode);\r
812 OrigDevicePathNode = DuplicateDevicePath (File);\r
813 ASSERT (OrigDevicePathNode != NULL);\r
814 break;\r
815 }\r
816 }\r
817 DevicePathNode = NextDevicePathNode (DevicePathNode);\r
818 }\r
819 }\r
b3548d32 820\r
0c18794e 821 //\r
822 // 2. Measure PE image.\r
823 //\r
824 ApplicationRequired = FALSE;\r
825\r
826 //\r
2aadc920 827 // Check whether this device path support FVB protocol.\r
0c18794e 828 //\r
829 DevicePathNode = OrigDevicePathNode;\r
2aadc920 830 Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);\r
0c18794e 831 if (!EFI_ERROR (Status)) {\r
832 //\r
833 // Don't check FV image, and directly return EFI_SUCCESS.\r
834 // It can be extended to the specific FV authentication according to the different requirement.\r
835 //\r
836 if (IsDevicePathEnd (DevicePathNode)) {\r
837 return EFI_SUCCESS;\r
838 }\r
839 //\r
0758c830 840 // The PE image from unmeasured Firmware volume need be measured\r
d6b926e7 841 // The PE image from measured Firmware volume will be measured according to policy below.\r
0758c830 842 // If it is driver, do not measure\r
2aadc920 843 // If it is application, still measure.\r
0c18794e 844 //\r
845 ApplicationRequired = TRUE;\r
2aadc920 846\r
0758c830 847 if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) {\r
2aadc920 848 //\r
849 // Search for Root FV of this PE image\r
850 //\r
851 TempHandle = Handle;\r
852 do {\r
853 Status = gBS->HandleProtocol(\r
b3548d32 854 TempHandle,\r
2aadc920 855 &gEfiFirmwareVolumeBlockProtocolGuid,\r
6dbdb191 856 (VOID**)&FvbProtocol\r
2aadc920 857 );\r
858 TempHandle = FvbProtocol->ParentHandle;\r
859 } while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL);\r
860\r
861 //\r
862 // Search in measured FV Hob\r
863 //\r
864 Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress);\r
865 if (EFI_ERROR(Status)){\r
866 return Status;\r
867 }\r
868\r
2aadc920 869 ApplicationRequired = FALSE;\r
870\r
0758c830 871 for (Index = 0; Index < mMeasuredHobData->Num; Index++) {\r
872 if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {\r
2aadc920 873 //\r
874 // Cache measured FV for next measurement\r
875 //\r
876 mCacheMeasuredHandle = Handle;\r
877 ApplicationRequired = TRUE;\r
878 break;\r
879 }\r
880 }\r
881 }\r
0c18794e 882 }\r
2aadc920 883\r
0c18794e 884 //\r
885 // File is not found.\r
886 //\r
887 if (FileBuffer == NULL) {\r
888 Status = EFI_SECURITY_VIOLATION;\r
889 goto Finish;\r
890 }\r
891\r
a00bd8e0 892 mTpmImageSize = FileSize;\r
28186d45
ED
893 mFileBuffer = FileBuffer;\r
894\r
0c18794e 895 //\r
896 // Measure PE Image\r
897 //\r
898 DevicePathNode = OrigDevicePathNode;\r
899 ZeroMem (&ImageContext, sizeof (ImageContext));\r
900 ImageContext.Handle = (VOID *) FileBuffer;\r
e0192326 901 ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpmMeasureBootLibImageRead;\r
0c18794e 902\r
903 //\r
904 // Get information about the image being loaded\r
905 //\r
906 Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
907 if (EFI_ERROR (Status)) {\r
1755932f
GJ
908 //\r
909 // Check for invalid parameters.\r
910 //\r
911 if (File == NULL) {\r
912 return EFI_ACCESS_DENIED;\r
913 }\r
914\r
0c18794e 915 //\r
916 // The information can't be got from the invalid PeImage\r
917 //\r
918 goto Finish;\r
919 }\r
b3548d32 920\r
0c18794e 921 //\r
922 // Measure only application if Application flag is set\r
923 // Measure drivers and applications if Application flag is not set\r
924 //\r
b3548d32
LG
925 if ((!ApplicationRequired) ||\r
926 (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {\r
0c18794e 927 //\r
928 // Print the image path to be measured.\r
b3548d32 929 //\r
0c18794e 930 DEBUG_CODE_BEGIN ();\r
931 CHAR16 *ToText;\r
863986b3
RN
932 ToText = ConvertDevicePathToText (\r
933 DevicePathNode,\r
934 FALSE,\r
935 TRUE\r
936 );\r
937 if (ToText != NULL) {\r
938 DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));\r
939 FreePool (ToText);\r
0c18794e 940 }\r
941 DEBUG_CODE_END ();\r
942\r
943 //\r
944 // Measure PE image into TPM log.\r
945 //\r
946 Status = TcgMeasurePeImage (\r
947 TcgProtocol,\r
b3548d32
LG
948 (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,\r
949 FileSize,\r
950 (UINTN) ImageContext.ImageAddress,\r
951 ImageContext.ImageType,\r
0c18794e 952 DevicePathNode\r
953 );\r
954 }\r
955\r
956 //\r
957 // Done, free the allocated resource.\r
958 //\r
959Finish:\r
5db28a67
LG
960 if (OrigDevicePathNode != NULL) {\r
961 FreePool (OrigDevicePathNode);\r
962 }\r
0c18794e 963\r
964 return Status;\r
965}\r
966\r
967/**\r
968 Register the security handler to provide TPM measure boot service.\r
969\r
970 @param ImageHandle ImageHandle of the loaded driver.\r
971 @param SystemTable Pointer to the EFI System Table.\r
972\r
973 @retval EFI_SUCCESS Register successfully.\r
974 @retval EFI_OUT_OF_RESOURCES No enough memory to register this handler.\r
975**/\r
976EFI_STATUS\r
977EFIAPI\r
978DxeTpmMeasureBootLibConstructor (\r
979 IN EFI_HANDLE ImageHandle,\r
980 IN EFI_SYSTEM_TABLE *SystemTable\r
981 )\r
982{\r
2aadc920 983 EFI_HOB_GUID_TYPE *GuidHob;\r
984\r
985 GuidHob = NULL;\r
986\r
0758c830 987 GuidHob = GetFirstGuidHob (&gMeasuredFvHobGuid);\r
2aadc920 988\r
989 if (GuidHob != NULL) {\r
0758c830 990 mMeasuredHobData = GET_GUID_HOB_DATA (GuidHob);\r
2aadc920 991 }\r
992\r
5db28a67 993 return RegisterSecurity2Handler (\r
0c18794e 994 DxeTpmMeasureBootHandler,\r
995 EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r
996 );\r
997}\r