Update IfConfig.c to use TPL_CALLBACK instead of TPL_CALLBACK - 1 to follow UEFI...
[mirror_edk2.git] / SecurityPkg / Library / DxeTpmMeasureBootLib / DxeTpmMeasureBootLib.c
CommitLineData
0c18794e 1/** @file\r
2 The library instance provides security service of TPM measure boot. \r
3\r
65cc57fc 4Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>\r
0c18794e 5This program and the accompanying materials \r
6are licensed and made available under the terms and conditions of the BSD License \r
7which accompanies this distribution. The full text of the license may be found at \r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include <PiDxe.h>\r
16\r
17#include <Protocol/TcgService.h>\r
18#include <Protocol/FirmwareVolume2.h>\r
19#include <Protocol/BlockIo.h>\r
20#include <Protocol/DiskIo.h>\r
21#include <Protocol/DevicePathToText.h>\r
22\r
23#include <Library/BaseLib.h>\r
24#include <Library/DebugLib.h>\r
25#include <Library/BaseMemoryLib.h>\r
26#include <Library/MemoryAllocationLib.h>\r
27#include <Library/DevicePathLib.h>\r
28#include <Library/UefiBootServicesTableLib.h>\r
29#include <Library/BaseCryptLib.h>\r
30#include <Library/PeCoffLib.h>\r
31#include <Library/SecurityManagementLib.h>\r
32\r
33//\r
34// Flag to check GPT partition. It only need be measured once.\r
35//\r
36BOOLEAN mMeasureGptTableFlag = FALSE;\r
37EFI_GUID mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};\r
38UINTN mMeasureGptCount = 0;\r
39\r
40/**\r
41 Reads contents of a PE/COFF image in memory buffer.\r
42\r
43 @param FileHandle Pointer to the file handle to read the PE/COFF image.\r
44 @param FileOffset Offset into the PE/COFF image to begin the read operation.\r
45 @param ReadSize On input, the size in bytes of the requested read operation. \r
46 On output, the number of bytes actually read.\r
47 @param Buffer Output buffer that contains the data read from the PE/COFF image.\r
48 \r
49 @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size \r
50**/\r
51EFI_STATUS\r
52EFIAPI\r
53ImageRead (\r
54 IN VOID *FileHandle,\r
55 IN UINTN FileOffset,\r
56 IN OUT UINTN *ReadSize,\r
57 OUT VOID *Buffer\r
58 )\r
59{\r
60 CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);\r
61 return EFI_SUCCESS;\r
62}\r
63\r
64/**\r
65 Measure GPT table data into TPM log.\r
66\r
67 @param TcgProtocol Pointer to the located TCG protocol instance.\r
68 @param GptHandle Handle that GPT partition was installed.\r
69\r
70 @retval EFI_SUCCESS Successfully measure GPT table.\r
71 @retval EFI_UNSUPPORTED Not support GPT table on the given handle.\r
72 @retval EFI_DEVICE_ERROR Can't get GPT table because device error.\r
73 @retval EFI_OUT_OF_RESOURCES No enough resource to measure GPT table.\r
74 @retval other error value\r
75**/\r
76EFI_STATUS\r
77EFIAPI\r
78TcgMeasureGptTable (\r
79 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
80 IN EFI_HANDLE GptHandle\r
81 )\r
82{\r
83 EFI_STATUS Status;\r
84 EFI_BLOCK_IO_PROTOCOL *BlockIo;\r
85 EFI_DISK_IO_PROTOCOL *DiskIo;\r
86 EFI_PARTITION_TABLE_HEADER *PrimaryHeader;\r
87 EFI_PARTITION_ENTRY *PartitionEntry;\r
88 UINT8 *EntryPtr;\r
89 UINTN NumberOfPartition;\r
90 UINT32 Index;\r
91 TCG_PCR_EVENT *TcgEvent;\r
92 EFI_GPT_DATA *GptData;\r
93 UINT32 EventSize;\r
94 UINT32 EventNumber;\r
95 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
96\r
97 if (mMeasureGptCount > 0) {\r
98 return EFI_SUCCESS;\r
99 }\r
100\r
101 Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo);\r
102 if (EFI_ERROR (Status)) {\r
103 return EFI_UNSUPPORTED;\r
104 }\r
105 Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);\r
106 if (EFI_ERROR (Status)) {\r
107 return EFI_UNSUPPORTED;\r
108 }\r
109 //\r
110 // Read the EFI Partition Table Header\r
111 // \r
112 PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);\r
113 if (PrimaryHeader == NULL) {\r
114 return EFI_OUT_OF_RESOURCES;\r
115 } \r
116 Status = DiskIo->ReadDisk (\r
117 DiskIo,\r
118 BlockIo->Media->MediaId,\r
119 1 * BlockIo->Media->BlockSize,\r
120 BlockIo->Media->BlockSize,\r
121 (UINT8 *)PrimaryHeader\r
122 );\r
123 if (EFI_ERROR (Status)) {\r
124 DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n"));\r
125 FreePool (PrimaryHeader);\r
126 return EFI_DEVICE_ERROR;\r
127 } \r
128 //\r
129 // Read the partition entry.\r
130 //\r
131 EntryPtr = (UINT8 *)AllocatePool (PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry);\r
132 if (EntryPtr == NULL) {\r
133 FreePool (PrimaryHeader);\r
134 return EFI_OUT_OF_RESOURCES;\r
135 }\r
136 Status = DiskIo->ReadDisk (\r
137 DiskIo,\r
138 BlockIo->Media->MediaId,\r
139 MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),\r
140 PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,\r
141 EntryPtr\r
142 );\r
143 if (EFI_ERROR (Status)) {\r
144 FreePool (PrimaryHeader);\r
145 FreePool (EntryPtr);\r
146 return EFI_DEVICE_ERROR;\r
147 }\r
148 \r
149 //\r
150 // Count the valid partition\r
151 //\r
152 PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;\r
153 NumberOfPartition = 0;\r
154 for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
155 if (!CompareGuid (&PartitionEntry->PartitionTypeGUID, &mZeroGuid)) {\r
156 NumberOfPartition++; \r
157 }\r
158 PartitionEntry++;\r
159 }\r
160\r
161 //\r
162 // Parepare Data for Measurement\r
163 // \r
164 EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) \r
165 + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);\r
166 TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT));\r
167 if (TcgEvent == NULL) {\r
168 FreePool (PrimaryHeader);\r
169 FreePool (EntryPtr);\r
170 return EFI_OUT_OF_RESOURCES;\r
171 }\r
172\r
173 TcgEvent->PCRIndex = 5;\r
174 TcgEvent->EventType = EV_EFI_GPT_EVENT;\r
175 TcgEvent->EventSize = EventSize;\r
176 GptData = (EFI_GPT_DATA *) TcgEvent->Event; \r
177\r
178 //\r
179 // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition\r
180 // \r
181 CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));\r
182 GptData->NumberOfPartitions = NumberOfPartition;\r
183 //\r
184 // Copy the valid partition entry\r
185 //\r
186 PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr;\r
187 NumberOfPartition = 0;\r
188 for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
189 if (!CompareGuid (&PartitionEntry->PartitionTypeGUID, &mZeroGuid)) {\r
190 CopyMem (\r
191 (UINT8 *)&GptData->Partitions + NumberOfPartition * sizeof (EFI_PARTITION_ENTRY),\r
192 (UINT8 *)PartitionEntry,\r
193 sizeof (EFI_PARTITION_ENTRY)\r
194 );\r
195 NumberOfPartition++;\r
196 }\r
197 PartitionEntry++;\r
198 }\r
199\r
200 //\r
201 // Measure the GPT data\r
202 //\r
203 EventNumber = 1;\r
204 Status = TcgProtocol->HashLogExtendEvent (\r
205 TcgProtocol,\r
206 (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData,\r
207 (UINT64) TcgEvent->EventSize,\r
208 TPM_ALG_SHA,\r
209 TcgEvent,\r
210 &EventNumber,\r
211 &EventLogLastEntry\r
212 );\r
213 if (!EFI_ERROR (Status)) {\r
214 mMeasureGptCount++;\r
215 }\r
216\r
217 FreePool (PrimaryHeader);\r
218 FreePool (EntryPtr);\r
219 FreePool (TcgEvent);\r
220\r
221 return Status;\r
222}\r
223\r
224/**\r
225 Measure PE image into TPM log based on the authenticode image hashing in\r
226 PE/COFF Specification 8.0 Appendix A.\r
227\r
228 @param[in] TcgProtocol Pointer to the located TCG protocol instance.\r
229 @param[in] ImageAddress Start address of image buffer.\r
230 @param[in] ImageSize Image size\r
231 @param[in] LinkTimeBase Address that the image is loaded into memory.\r
232 @param[in] ImageType Image subsystem type.\r
233 @param[in] FilePath File path is corresponding to the input image.\r
234\r
235 @retval EFI_SUCCESS Successfully measure image.\r
236 @retval EFI_OUT_OF_RESOURCES No enough resource to measure image.\r
237 @retval other error value\r
238**/\r
239EFI_STATUS\r
240EFIAPI\r
241TcgMeasurePeImage (\r
242 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
243 IN EFI_PHYSICAL_ADDRESS ImageAddress,\r
244 IN UINTN ImageSize,\r
245 IN UINTN LinkTimeBase,\r
246 IN UINT16 ImageType,\r
247 IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
248 )\r
249{\r
250 EFI_STATUS Status;\r
251 TCG_PCR_EVENT *TcgEvent;\r
252 EFI_IMAGE_LOAD_EVENT *ImageLoad;\r
253 UINT32 FilePathSize;\r
254 VOID *Sha1Ctx;\r
255 UINTN CtxSize;\r
256 EFI_IMAGE_DOS_HEADER *DosHdr;\r
257 UINT32 PeCoffHeaderOffset;\r
258 EFI_IMAGE_SECTION_HEADER *Section;\r
259 UINT8 *HashBase;\r
260 UINTN HashSize;\r
261 UINTN SumOfBytesHashed;\r
262 EFI_IMAGE_SECTION_HEADER *SectionHeader;\r
263 UINTN Index, Pos;\r
264 UINT16 Magic;\r
265 UINT32 EventSize;\r
266 UINT32 EventNumber;\r
267 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
268 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;\r
269\r
270 Status = EFI_SUCCESS;\r
271 ImageLoad = NULL;\r
272 SectionHeader = NULL;\r
273 Sha1Ctx = NULL;\r
274 FilePathSize = (UINT32) GetDevicePathSize (FilePath);\r
275\r
276 //\r
277 // Determine destination PCR by BootPolicy\r
278 //\r
279 EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize;\r
280 TcgEvent = AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT));\r
281 if (TcgEvent == NULL) {\r
282 return EFI_OUT_OF_RESOURCES;\r
283 }\r
284\r
285 TcgEvent->EventSize = EventSize;\r
286 ImageLoad = (EFI_IMAGE_LOAD_EVENT *) TcgEvent->Event;\r
287\r
288 switch (ImageType) {\r
289 case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:\r
290 TcgEvent->EventType = EV_EFI_BOOT_SERVICES_APPLICATION;\r
291 TcgEvent->PCRIndex = 4;\r
292 break;\r
293 case EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:\r
294 TcgEvent->EventType = EV_EFI_BOOT_SERVICES_DRIVER;\r
295 TcgEvent->PCRIndex = 2;\r
296 break;\r
297 case EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:\r
298 TcgEvent->EventType = EV_EFI_RUNTIME_SERVICES_DRIVER;\r
299 TcgEvent->PCRIndex = 2;\r
300 break;\r
301 default:\r
302 DEBUG ((\r
303 EFI_D_ERROR,\r
304 "TcgMeasurePeImage: Unknown subsystem type %d",\r
305 ImageType\r
306 ));\r
0c18794e 307 Status = EFI_UNSUPPORTED;\r
308 goto Finish;\r
309 }\r
310\r
311 ImageLoad->ImageLocationInMemory = ImageAddress;\r
312 ImageLoad->ImageLengthInMemory = ImageSize;\r
313 ImageLoad->ImageLinkTimeAddress = LinkTimeBase;\r
314 ImageLoad->LengthOfDevicePath = FilePathSize;\r
315 CopyMem (ImageLoad->DevicePath, FilePath, FilePathSize);\r
316\r
317 //\r
318 // Check PE/COFF image\r
319 //\r
320 DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress;\r
321 PeCoffHeaderOffset = 0;\r
322 if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {\r
323 PeCoffHeaderOffset = DosHdr->e_lfanew;\r
324 }\r
325 if (((EFI_TE_IMAGE_HEADER *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset))->Signature\r
326 == EFI_TE_IMAGE_HEADER_SIGNATURE) {\r
327 goto Finish;\r
328 }\r
329\r
330 //\r
331 // PE/COFF Image Measurement\r
332 //\r
333 // NOTE: The following codes/steps are based upon the authenticode image hashing in\r
334 // PE/COFF Specification 8.0 Appendix A.\r
335 //\r
336 //\r
337\r
338 // 1. Load the image header into memory.\r
339\r
340 // 2. Initialize a SHA hash context.\r
341 CtxSize = Sha1GetContextSize ();\r
342 Sha1Ctx = AllocatePool (CtxSize);\r
343 if (Sha1Ctx == NULL) {\r
344 Status = EFI_OUT_OF_RESOURCES;\r
345 goto Finish;\r
346 }\r
347\r
348 Sha1Init (Sha1Ctx);\r
349\r
350 //\r
351 // Measuring PE/COFF Image Header;\r
352 // But CheckSum field and SECURITY data directory (certificate) are excluded\r
353 //\r
354 Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset);\r
355 Magic = Hdr.Pe32->OptionalHeader.Magic;\r
356 \r
357 //\r
358 // 3. Calculate the distance from the base of the image header to the image checksum address.\r
359 // 4. Hash the image header from its base to beginning of the image checksum.\r
360 //\r
361 HashBase = (UINT8 *) (UINTN) ImageAddress;\r
362 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
363 //\r
364 // Use PE32 offset\r
365 //\r
366 HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.CheckSum) - HashBase);\r
367 } else {\r
368 //\r
369 // Use PE32+ offset\r
370 //\r
371 HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - HashBase);\r
372 }\r
373\r
374 Sha1Update (Sha1Ctx, HashBase, HashSize);\r
375\r
376 //\r
377 // 5. Skip over the image checksum (it occupies a single ULONG).\r
378 // 6. Get the address of the beginning of the Cert Directory.\r
379 // 7. Hash everything from the end of the checksum to the start of the Cert Directory.\r
380 //\r
381 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
382 //\r
383 // Use PE32 offset\r
384 //\r
385 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);\r
386 HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);\r
387 } else {\r
388 //\r
389 // Use PE32+ offset\r
390 // \r
391 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);\r
392 HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);\r
393 }\r
394\r
395 Sha1Update (Sha1Ctx, HashBase, HashSize);\r
396\r
397 //\r
398 // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)\r
399 // 9. Hash everything from the end of the Cert Directory to the end of image header.\r
400 //\r
401 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
402 //\r
403 // Use PE32 offset\r
404 //\r
405 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r
406 HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders -\r
407 (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINT8 *) (UINTN) ImageAddress);\r
408 } else {\r
409 //\r
410 // Use PE32+ offset\r
411 //\r
412 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r
413 HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders -\r
414 (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINT8 *) (UINTN) ImageAddress);\r
415 }\r
416 \r
417 Sha1Update (Sha1Ctx, HashBase, HashSize);\r
418\r
419 //\r
420 // 10. Set the SUM_OF_BYTES_HASHED to the size of the header\r
421 //\r
422 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
423 //\r
424 // Use PE32 offset\r
425 //\r
426 SumOfBytesHashed = Hdr.Pe32->OptionalHeader.SizeOfHeaders;\r
427 } else {\r
428 //\r
429 // Use PE32+ offset\r
430 //\r
431 SumOfBytesHashed = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders;\r
432 }\r
433\r
434 //\r
435 // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER\r
436 // structures in the image. The 'NumberOfSections' field of the image\r
437 // header indicates how big the table should be. Do not include any\r
438 // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.\r
439 //\r
440 SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);\r
441 if (SectionHeader == NULL) {\r
442 Status = EFI_OUT_OF_RESOURCES;\r
443 goto Finish;\r
444 }\r
445\r
446 //\r
447 // 12. Using the 'PointerToRawData' in the referenced section headers as\r
448 // a key, arrange the elements in the table in ascending order. In other\r
449 // words, sort the section headers according to the disk-file offset of\r
450 // the section.\r
451 //\r
452 Section = (EFI_IMAGE_SECTION_HEADER *) (\r
453 (UINT8 *) (UINTN) ImageAddress +\r
454 PeCoffHeaderOffset +\r
455 sizeof(UINT32) +\r
456 sizeof(EFI_IMAGE_FILE_HEADER) +\r
457 Hdr.Pe32->FileHeader.SizeOfOptionalHeader\r
458 );\r
459 for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {\r
460 Pos = Index;\r
461 while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {\r
462 CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER));\r
463 Pos--;\r
464 }\r
465 CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER));\r
466 Section += 1;\r
467 }\r
468\r
469 //\r
470 // 13. Walk through the sorted table, bring the corresponding section\r
471 // into memory, and hash the entire section (using the 'SizeOfRawData'\r
472 // field in the section header to determine the amount of data to hash).\r
473 // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .\r
474 // 15. Repeat steps 13 and 14 for all the sections in the sorted table.\r
475 //\r
476 for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {\r
477 Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index];\r
478 if (Section->SizeOfRawData == 0) {\r
479 continue;\r
480 }\r
481 HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData;\r
482 HashSize = (UINTN) Section->SizeOfRawData;\r
483\r
484 Sha1Update (Sha1Ctx, HashBase, HashSize);\r
485\r
486 SumOfBytesHashed += HashSize;\r
487 }\r
488\r
489 //\r
490 // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra\r
491 // data in the file that needs to be added to the hash. This data begins\r
492 // at file offset SUM_OF_BYTES_HASHED and its length is:\r
493 // FileSize - (CertDirectory->Size)\r
494 //\r
495 if (ImageSize > SumOfBytesHashed) {\r
496 HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed;\r
497 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
498 //\r
499 // Use PE32 offset\r
500 //\r
501 HashSize = (UINTN)(ImageSize -\r
502 Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -\r
503 SumOfBytesHashed);\r
504 } else {\r
505 //\r
506 // Use PE32+ offset\r
507 //\r
508 HashSize = (UINTN)(ImageSize -\r
509 Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -\r
510 SumOfBytesHashed); \r
511 }\r
512\r
513 Sha1Update (Sha1Ctx, HashBase, HashSize);\r
514 }\r
515\r
516 //\r
517 // 17. Finalize the SHA hash.\r
518 //\r
519 Sha1Final (Sha1Ctx, (UINT8 *)&TcgEvent->Digest);\r
520\r
521 //\r
522 // Log the PE data\r
523 //\r
524 EventNumber = 1;\r
525 Status = TcgProtocol->HashLogExtendEvent (\r
526 TcgProtocol,\r
527 (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) NULL,\r
528 0,\r
529 TPM_ALG_SHA,\r
530 TcgEvent,\r
531 &EventNumber,\r
532 &EventLogLastEntry\r
533 );\r
534\r
535Finish:\r
536 FreePool (TcgEvent);\r
537\r
538 if (SectionHeader != NULL) {\r
539 FreePool (SectionHeader);\r
540 }\r
541\r
542 if (Sha1Ctx != NULL ) {\r
543 FreePool (Sha1Ctx);\r
544 }\r
545 return Status;\r
546}\r
547\r
548/**\r
549 The security handler is used to abstract platform-specific policy \r
550 from the DXE core response to an attempt to use a file that returns a \r
551 given status for the authentication check from the section extraction protocol. \r
552\r
553 The possible responses in a given SAP implementation may include locking \r
554 flash upon failure to authenticate, attestation logging for all signed drivers, \r
555 and other exception operations. The File parameter allows for possible logging \r
556 within the SAP of the driver.\r
557\r
558 If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
559\r
560 If the file specified by File with an authentication status specified by \r
561 AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
562\r
563 If the file specified by File with an authentication status specified by \r
564 AuthenticationStatus is not safe for the DXE Core to use under any circumstances, \r
565 then EFI_ACCESS_DENIED is returned.\r
566\r
567 If the file specified by File with an authentication status specified by \r
568 AuthenticationStatus is not safe for the DXE Core to use right now, but it \r
569 might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is \r
570 returned.\r
571\r
572 @param[in, out] AuthenticationStatus This is the authentication status returned\r
573 from the securitymeasurement services for the\r
574 input file.\r
575 @param[in] File This is a pointer to the device path of the file that is\r
576 being dispatched. This will optionally be used for logging.\r
577 @param[in] FileBuffer File buffer matches the input file device path.\r
578 @param[in] FileSize Size of File buffer matches the input file device path.\r
579\r
580 @retval EFI_SUCCESS The file specified by File did authenticate, and the\r
581 platform policy dictates that the DXE Core may use File.\r
582 @retval EFI_INVALID_PARAMETER File is NULL.\r
583 @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and\r
584 the platform policy dictates that File should be placed\r
585 in the untrusted state. A file may be promoted from\r
586 the untrusted to the trusted state at a future time\r
587 with a call to the Trust() DXE Service.\r
588 @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and\r
589 the platform policy dictates that File should not be\r
590 used for any purpose.\r
591\r
592**/\r
593EFI_STATUS\r
594EFIAPI\r
595DxeTpmMeasureBootHandler (\r
596 IN OUT UINT32 AuthenticationStatus,\r
597 IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
598 IN VOID *FileBuffer OPTIONAL,\r
599 IN UINTN FileSize OPTIONAL\r
600 )\r
601{\r
602 EFI_TCG_PROTOCOL *TcgProtocol;\r
603 EFI_STATUS Status;\r
604 TCG_EFI_BOOT_SERVICE_CAPABILITY ProtocolCapability;\r
605 UINT32 TCGFeatureFlags;\r
606 EFI_PHYSICAL_ADDRESS EventLogLocation;\r
607 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
608 EFI_DEVICE_PATH_PROTOCOL *DevicePathNode;\r
609 EFI_DEVICE_PATH_PROTOCOL *OrigDevicePathNode;\r
610 EFI_HANDLE Handle;\r
611 BOOLEAN ApplicationRequired;\r
612 PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;\r
613\r
614 if (File == NULL) {\r
615 return EFI_INVALID_PARAMETER;\r
616 }\r
617\r
618 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
619 if (EFI_ERROR (Status)) {\r
620 //\r
621 // TCG protocol is not installed. So, TPM is not present.\r
622 // Don't do any measurement, and directly return EFI_SUCCESS.\r
623 //\r
624 return EFI_SUCCESS;\r
625 }\r
626\r
627 ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);\r
628 Status = TcgProtocol->StatusCheck (\r
629 TcgProtocol, \r
630 &ProtocolCapability,\r
631 &TCGFeatureFlags,\r
632 &EventLogLocation,\r
633 &EventLogLastEntry\r
634 );\r
635 if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag) {\r
636 //\r
637 // TPM device doesn't work or activate.\r
638 //\r
639 return EFI_SUCCESS;\r
640 }\r
641\r
642 //\r
643 // Copy File Device Path\r
644 //\r
645 OrigDevicePathNode = DuplicateDevicePath (File);\r
646 ASSERT (OrigDevicePathNode != NULL);\r
647 \r
648 //\r
649 // 1. Check whether this device path support BlockIo protocol.\r
650 // Is so, this device path may be a GPT device path.\r
651 //\r
652 DevicePathNode = OrigDevicePathNode;\r
653 Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);\r
654 if (!EFI_ERROR (Status) && !mMeasureGptTableFlag) {\r
655 //\r
656 // Find the gpt partion on the given devicepath\r
657 //\r
658 DevicePathNode = OrigDevicePathNode;\r
659 while (!IsDevicePathEnd (DevicePathNode)) {\r
660 //\r
661 // Find the Gpt partition\r
662 //\r
663 if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&\r
664 DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {\r
665 //\r
666 // Check whether it is a gpt partition or not\r
667 // \r
668 if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && \r
669 ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {\r
670\r
671 //\r
672 // Change the partition device path to its parent device path (disk) and get the handle.\r
673 //\r
674 DevicePathNode->Type = END_DEVICE_PATH_TYPE;\r
675 DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE;\r
676 DevicePathNode = OrigDevicePathNode;\r
677 Status = gBS->LocateDevicePath (\r
678 &gEfiDiskIoProtocolGuid,\r
679 &DevicePathNode,\r
680 &Handle\r
681 );\r
682 if (!EFI_ERROR (Status)) {\r
683 //\r
684 // Measure GPT disk.\r
685 //\r
686 Status = TcgMeasureGptTable (TcgProtocol, Handle);\r
687 if (!EFI_ERROR (Status)) {\r
688 //\r
689 // GPT disk check done.\r
690 //\r
691 mMeasureGptTableFlag = TRUE;\r
692 }\r
693 }\r
694 FreePool (OrigDevicePathNode);\r
695 OrigDevicePathNode = DuplicateDevicePath (File);\r
696 ASSERT (OrigDevicePathNode != NULL);\r
697 break;\r
698 }\r
699 }\r
700 DevicePathNode = NextDevicePathNode (DevicePathNode);\r
701 }\r
702 }\r
703 \r
704 //\r
705 // 2. Measure PE image.\r
706 //\r
707 ApplicationRequired = FALSE;\r
708\r
709 //\r
710 // Check whether this device path support FV2 protocol.\r
711 //\r
712 DevicePathNode = OrigDevicePathNode;\r
713 Status = gBS->LocateDevicePath (&gEfiFirmwareVolume2ProtocolGuid, &DevicePathNode, &Handle);\r
714 if (!EFI_ERROR (Status)) {\r
715 //\r
716 // Don't check FV image, and directly return EFI_SUCCESS.\r
717 // It can be extended to the specific FV authentication according to the different requirement.\r
718 //\r
719 if (IsDevicePathEnd (DevicePathNode)) {\r
720 return EFI_SUCCESS;\r
721 }\r
722 //\r
723 // The image from Firmware image will not be mearsured.\r
724 // Current policy doesn't measure PeImage from Firmware if it is driver\r
725 // If the got PeImage is application, it will be still be measured.\r
726 //\r
727 ApplicationRequired = TRUE;\r
728 }\r
729 \r
730 //\r
731 // File is not found.\r
732 //\r
733 if (FileBuffer == NULL) {\r
734 Status = EFI_SECURITY_VIOLATION;\r
735 goto Finish;\r
736 }\r
737\r
738 //\r
739 // Measure PE Image\r
740 //\r
741 DevicePathNode = OrigDevicePathNode;\r
742 ZeroMem (&ImageContext, sizeof (ImageContext));\r
743 ImageContext.Handle = (VOID *) FileBuffer;\r
744 ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) ImageRead;\r
745\r
746 //\r
747 // Get information about the image being loaded\r
748 //\r
749 Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
750 if (EFI_ERROR (Status)) {\r
751 //\r
752 // The information can't be got from the invalid PeImage\r
753 //\r
754 goto Finish;\r
755 }\r
756 \r
757 //\r
758 // Measure only application if Application flag is set\r
759 // Measure drivers and applications if Application flag is not set\r
760 //\r
761 if ((!ApplicationRequired) || \r
762 (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { \r
763 //\r
764 // Print the image path to be measured.\r
765 // \r
766 DEBUG_CODE_BEGIN ();\r
767 CHAR16 *ToText;\r
768 EFI_DEVICE_PATH_TO_TEXT_PROTOCOL *DevPathToText;\r
769 Status = gBS->LocateProtocol (\r
770 &gEfiDevicePathToTextProtocolGuid,\r
771 NULL,\r
772 (VOID **) &DevPathToText\r
773 );\r
774 if (!EFI_ERROR (Status)) {\r
775 ToText = DevPathToText->ConvertDevicePathToText (\r
776 DevicePathNode,\r
777 FALSE,\r
778 TRUE\r
779 );\r
780 if (ToText != NULL) {\r
781 DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));\r
782 }\r
783 }\r
784 DEBUG_CODE_END ();\r
785\r
786 //\r
787 // Measure PE image into TPM log.\r
788 //\r
789 Status = TcgMeasurePeImage (\r
790 TcgProtocol,\r
791 (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, \r
792 FileSize, \r
793 (UINTN) ImageContext.ImageAddress, \r
794 ImageContext.ImageType, \r
795 DevicePathNode\r
796 );\r
797 }\r
798\r
799 //\r
800 // Done, free the allocated resource.\r
801 //\r
802Finish:\r
803 FreePool (OrigDevicePathNode);\r
804\r
805 return Status;\r
806}\r
807\r
808/**\r
809 Register the security handler to provide TPM measure boot service.\r
810\r
811 @param ImageHandle ImageHandle of the loaded driver.\r
812 @param SystemTable Pointer to the EFI System Table.\r
813\r
814 @retval EFI_SUCCESS Register successfully.\r
815 @retval EFI_OUT_OF_RESOURCES No enough memory to register this handler.\r
816**/\r
817EFI_STATUS\r
818EFIAPI\r
819DxeTpmMeasureBootLibConstructor (\r
820 IN EFI_HANDLE ImageHandle,\r
821 IN EFI_SYSTEM_TABLE *SystemTable\r
822 )\r
823{\r
824 return RegisterSecurityHandler (\r
825 DxeTpmMeasureBootHandler,\r
826 EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r
827 );\r
828}\r