]> git.proxmox.com Git - mirror_edk2.git/blame - SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SecurityPkg DxeTpmMeasureBootLib: Add comments in TcgMeasurePeImage()
[mirror_edk2.git] / SecurityPkg / Library / DxeTpmMeasureBootLib / DxeTpmMeasureBootLib.c
CommitLineData
0c18794e 1/** @file\r
2 The library instance provides security service of TPM measure boot. \r
3\r
dc204d5a
JY		 4 Caution: This file requires additional review when modified.\r
5 This library will have external input - PE/COFF image and GPT partition.\r
6 This external input must be validated carefully to avoid security issue like\r
7 buffer overflow, integer overflow.\r
8\r
9 DxeTpmMeasureBootLibImageRead() function will make sure the PE/COFF image content\r
10 read is within the image buffer.\r
11\r
12 TcgMeasurePeImage() function will accept untrusted PE/COFF image and validate its\r
13 data structure within this image buffer before use.\r
14\r
15 TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse\r
16 partition data carefully.\r
17\r
e39d0569 18Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>\r
0c18794e 19This program and the accompanying materials \r
20are licensed and made available under the terms and conditions of the BSD License \r
21which accompanies this distribution. The full text of the license may be found at \r
22http://opensource.org/licenses/bsd-license.php\r
23\r
24THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
25WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
26\r
27**/\r
28\r
29#include <PiDxe.h>\r
30\r
31#include <Protocol/TcgService.h>\r
0c18794e 32#include <Protocol/BlockIo.h>\r
33#include <Protocol/DiskIo.h>\r
2aadc920 34#include <Protocol/FirmwareVolumeBlock.h>\r
35\r
0758c830 36#include <Guid/MeasuredFvHob.h>\r
dd4c164c 37#include <Guid/ZeroGuid.h>\r
0c18794e 38\r
39#include <Library/BaseLib.h>\r
40#include <Library/DebugLib.h>\r
41#include <Library/BaseMemoryLib.h>\r
42#include <Library/MemoryAllocationLib.h>\r
43#include <Library/DevicePathLib.h>\r
44#include <Library/UefiBootServicesTableLib.h>\r
45#include <Library/BaseCryptLib.h>\r
46#include <Library/PeCoffLib.h>\r
47#include <Library/SecurityManagementLib.h>\r
2aadc920 48#include <Library/HobLib.h>\r
0c18794e 49\r
50//\r
51// Flag to check GPT partition. It only need be measured once.\r
52//\r
53BOOLEAN mMeasureGptTableFlag = FALSE;\r
0c18794e 54UINTN mMeasureGptCount = 0;\r
28186d45 55VOID *mFileBuffer;\r
a00bd8e0 56UINTN mTpmImageSize;\r
2aadc920 57//\r
58// Measured FV handle cache\r
59//\r
60EFI_HANDLE mCacheMeasuredHandle = NULL;\r
0758c830 61MEASURED_HOB_DATA *mMeasuredHobData = NULL;\r
0c18794e 62\r
63/**\r
64 Reads contents of a PE/COFF image in memory buffer.\r
65\r
dc204d5a
JY		 66 Caution: This function may receive untrusted input.\r
67 PE/COFF image is external input, so this function will make sure the PE/COFF image content\r
68 read is within the image buffer.\r
69\r
0c18794e 70 @param FileHandle Pointer to the file handle to read the PE/COFF image.\r
71 @param FileOffset Offset into the PE/COFF image to begin the read operation.\r
72 @param ReadSize On input, the size in bytes of the requested read operation. \r
73 On output, the number of bytes actually read.\r
74 @param Buffer Output buffer that contains the data read from the PE/COFF image.\r
75 \r
76 @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size \r
77**/\r
78EFI_STATUS\r
79EFIAPI\r
e0192326 80DxeTpmMeasureBootLibImageRead (\r
0c18794e 81 IN VOID *FileHandle,\r
82 IN UINTN FileOffset,\r
83 IN OUT UINTN *ReadSize,\r
84 OUT VOID *Buffer\r
85 )\r
86{\r
28186d45
ED		 87 UINTN EndPosition;\r
88\r
89 if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {\r
90 return EFI_INVALID_PARAMETER;\r
91 }\r
92\r
93 if (MAX_ADDRESS - FileOffset < *ReadSize) {\r
94 return EFI_INVALID_PARAMETER;\r
95 }\r
96\r
97 EndPosition = FileOffset + *ReadSize;\r
a00bd8e0
ED		 98 if (EndPosition > mTpmImageSize) {\r
99 *ReadSize = (UINT32)(mTpmImageSize - FileOffset);\r
28186d45
ED		 100 }\r
101\r
a00bd8e0 102 if (FileOffset >= mTpmImageSize) {\r
28186d45
ED		 103 *ReadSize = 0;\r
104 }\r
105\r
0c18794e 106 CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);\r
28186d45 107\r
0c18794e 108 return EFI_SUCCESS;\r
109}\r
110\r
111/**\r
112 Measure GPT table data into TPM log.\r
113\r
dc204d5a
JY		 114 Caution: This function may receive untrusted input.\r
115 The GPT partition table is external input, so this function should parse partition data carefully.\r
116\r
0c18794e 117 @param TcgProtocol Pointer to the located TCG protocol instance.\r
118 @param GptHandle Handle that GPT partition was installed.\r
119\r
120 @retval EFI_SUCCESS Successfully measure GPT table.\r
121 @retval EFI_UNSUPPORTED Not support GPT table on the given handle.\r
122 @retval EFI_DEVICE_ERROR Can't get GPT table because device error.\r
123 @retval EFI_OUT_OF_RESOURCES No enough resource to measure GPT table.\r
124 @retval other error value\r
125**/\r
126EFI_STATUS\r
127EFIAPI\r
128TcgMeasureGptTable (\r
129 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
130 IN EFI_HANDLE GptHandle\r
131 )\r
132{\r
133 EFI_STATUS Status;\r
134 EFI_BLOCK_IO_PROTOCOL *BlockIo;\r
135 EFI_DISK_IO_PROTOCOL *DiskIo;\r
136 EFI_PARTITION_TABLE_HEADER *PrimaryHeader;\r
137 EFI_PARTITION_ENTRY *PartitionEntry;\r
138 UINT8 *EntryPtr;\r
139 UINTN NumberOfPartition;\r
140 UINT32 Index;\r
141 TCG_PCR_EVENT *TcgEvent;\r
142 EFI_GPT_DATA *GptData;\r
143 UINT32 EventSize;\r
144 UINT32 EventNumber;\r
145 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
146\r
147 if (mMeasureGptCount > 0) {\r
148 return EFI_SUCCESS;\r
149 }\r
150\r
151 Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo);\r
152 if (EFI_ERROR (Status)) {\r
153 return EFI_UNSUPPORTED;\r
154 }\r
155 Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);\r
156 if (EFI_ERROR (Status)) {\r
157 return EFI_UNSUPPORTED;\r
158 }\r
159 //\r
160 // Read the EFI Partition Table Header\r
161 // \r
162 PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);\r
163 if (PrimaryHeader == NULL) {\r
164 return EFI_OUT_OF_RESOURCES;\r
165 } \r
166 Status = DiskIo->ReadDisk (\r
167 DiskIo,\r
168 BlockIo->Media->MediaId,\r
169 1 * BlockIo->Media->BlockSize,\r
170 BlockIo->Media->BlockSize,\r
171 (UINT8 *)PrimaryHeader\r
172 );\r
173 if (EFI_ERROR (Status)) {\r
174 DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n"));\r
175 FreePool (PrimaryHeader);\r
176 return EFI_DEVICE_ERROR;\r
177 } \r
178 //\r
179 // Read the partition entry.\r
180 //\r
181 EntryPtr = (UINT8 *)AllocatePool (PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry);\r
182 if (EntryPtr == NULL) {\r
183 FreePool (PrimaryHeader);\r
184 return EFI_OUT_OF_RESOURCES;\r
185 }\r
186 Status = DiskIo->ReadDisk (\r
187 DiskIo,\r
188 BlockIo->Media->MediaId,\r
189 MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),\r
190 PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,\r
191 EntryPtr\r
192 );\r
193 if (EFI_ERROR (Status)) {\r
194 FreePool (PrimaryHeader);\r
195 FreePool (EntryPtr);\r
196 return EFI_DEVICE_ERROR;\r
197 }\r
198 \r
199 //\r
200 // Count the valid partition\r
201 //\r
202 PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;\r
203 NumberOfPartition = 0;\r
204 for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
dd4c164c 205 if (!CompareGuid (&PartitionEntry->PartitionTypeGUID, &gZeroGuid)) {\r
0c18794e 206 NumberOfPartition++; \r
207 }\r
2ea3b920 208 PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);\r
0c18794e 209 }\r
210\r
211 //\r
2ea3b920 212 // Prepare Data for Measurement\r
0c18794e 213 // \r
214 EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) \r
215 + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);\r
2ea3b920 216 TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));\r
0c18794e 217 if (TcgEvent == NULL) {\r
218 FreePool (PrimaryHeader);\r
219 FreePool (EntryPtr);\r
220 return EFI_OUT_OF_RESOURCES;\r
221 }\r
222\r
223 TcgEvent->PCRIndex = 5;\r
224 TcgEvent->EventType = EV_EFI_GPT_EVENT;\r
225 TcgEvent->EventSize = EventSize;\r
226 GptData = (EFI_GPT_DATA *) TcgEvent->Event; \r
227\r
228 //\r
229 // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition\r
230 // \r
231 CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));\r
232 GptData->NumberOfPartitions = NumberOfPartition;\r
233 //\r
234 // Copy the valid partition entry\r
235 //\r
236 PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr;\r
237 NumberOfPartition = 0;\r
238 for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
dd4c164c 239 if (!CompareGuid (&PartitionEntry->PartitionTypeGUID, &gZeroGuid)) {\r
0c18794e 240 CopyMem (\r
2ea3b920 241 (UINT8 *)&GptData->Partitions + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry,\r
0c18794e 242 (UINT8 *)PartitionEntry,\r
2ea3b920 243 PrimaryHeader->SizeOfPartitionEntry\r
0c18794e 244 );\r
245 NumberOfPartition++;\r
246 }\r
2ea3b920 247 PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);\r
0c18794e 248 }\r
249\r
250 //\r
251 // Measure the GPT data\r
252 //\r
253 EventNumber = 1;\r
254 Status = TcgProtocol->HashLogExtendEvent (\r
255 TcgProtocol,\r
256 (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData,\r
257 (UINT64) TcgEvent->EventSize,\r
258 TPM_ALG_SHA,\r
259 TcgEvent,\r
260 &EventNumber,\r
261 &EventLogLastEntry\r
262 );\r
263 if (!EFI_ERROR (Status)) {\r
264 mMeasureGptCount++;\r
265 }\r
266\r
267 FreePool (PrimaryHeader);\r
268 FreePool (EntryPtr);\r
269 FreePool (TcgEvent);\r
270\r
271 return Status;\r
272}\r
273\r
274/**\r
275 Measure PE image into TPM log based on the authenticode image hashing in\r
276 PE/COFF Specification 8.0 Appendix A.\r
277\r
dc204d5a
JY		 278 Caution: This function may receive untrusted input.\r
279 PE/COFF image is external input, so this function will validate its data structure\r
280 within this image buffer before use.\r
281\r
e39d0569
LG		 282 Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in \r
283 its caller function DxeTpmMeasureBootHandler().\r
284\r
0c18794e 285 @param[in] TcgProtocol Pointer to the located TCG protocol instance.\r
286 @param[in] ImageAddress Start address of image buffer.\r
287 @param[in] ImageSize Image size\r
288 @param[in] LinkTimeBase Address that the image is loaded into memory.\r
289 @param[in] ImageType Image subsystem type.\r
290 @param[in] FilePath File path is corresponding to the input image.\r
291\r
292 @retval EFI_SUCCESS Successfully measure image.\r
293 @retval EFI_OUT_OF_RESOURCES No enough resource to measure image.\r
551d8081 294 @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format. \r
0c18794e 295 @retval other error value\r
551d8081 296\r
0c18794e 297**/\r
298EFI_STATUS\r
299EFIAPI\r
300TcgMeasurePeImage (\r
301 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
302 IN EFI_PHYSICAL_ADDRESS ImageAddress,\r
303 IN UINTN ImageSize,\r
304 IN UINTN LinkTimeBase,\r
305 IN UINT16 ImageType,\r
306 IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
307 )\r
308{\r
551d8081 309 EFI_STATUS Status;\r
310 TCG_PCR_EVENT *TcgEvent;\r
311 EFI_IMAGE_LOAD_EVENT *ImageLoad;\r
312 UINT32 FilePathSize;\r
313 VOID *Sha1Ctx;\r
314 UINTN CtxSize;\r
315 EFI_IMAGE_DOS_HEADER *DosHdr;\r
316 UINT32 PeCoffHeaderOffset;\r
317 EFI_IMAGE_SECTION_HEADER *Section;\r
318 UINT8 *HashBase;\r
319 UINTN HashSize;\r
320 UINTN SumOfBytesHashed;\r
321 EFI_IMAGE_SECTION_HEADER *SectionHeader;\r
322 UINTN Index;\r
323 UINTN Pos;\r
324 UINT16 Magic;\r
325 UINT32 EventSize;\r
326 UINT32 EventNumber;\r
327 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
0c18794e 328 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;\r
551d8081 329 UINT32 NumberOfRvaAndSizes;\r
330 BOOLEAN HashStatus;\r
331 UINT32 CertSize;\r
0c18794e 332\r
551d8081 333 Status = EFI_UNSUPPORTED;\r
0c18794e 334 ImageLoad = NULL;\r
335 SectionHeader = NULL;\r
336 Sha1Ctx = NULL;\r
337 FilePathSize = (UINT32) GetDevicePathSize (FilePath);\r
338\r
339 //\r
340 // Determine destination PCR by BootPolicy\r
341 //\r
342 EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize;\r
343 TcgEvent = AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT));\r
344 if (TcgEvent == NULL) {\r
345 return EFI_OUT_OF_RESOURCES;\r
346 }\r
347\r
348 TcgEvent->EventSize = EventSize;\r
349 ImageLoad = (EFI_IMAGE_LOAD_EVENT *) TcgEvent->Event;\r
350\r
351 switch (ImageType) {\r
352 case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:\r
353 TcgEvent->EventType = EV_EFI_BOOT_SERVICES_APPLICATION;\r
354 TcgEvent->PCRIndex = 4;\r
355 break;\r
356 case EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:\r
357 TcgEvent->EventType = EV_EFI_BOOT_SERVICES_DRIVER;\r
358 TcgEvent->PCRIndex = 2;\r
359 break;\r
360 case EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:\r
361 TcgEvent->EventType = EV_EFI_RUNTIME_SERVICES_DRIVER;\r
362 TcgEvent->PCRIndex = 2;\r
363 break;\r
364 default:\r
365 DEBUG ((\r
366 EFI_D_ERROR,\r
367 "TcgMeasurePeImage: Unknown subsystem type %d",\r
368 ImageType\r
369 ));\r
0c18794e 370 goto Finish;\r
371 }\r
372\r
373 ImageLoad->ImageLocationInMemory = ImageAddress;\r
374 ImageLoad->ImageLengthInMemory = ImageSize;\r
375 ImageLoad->ImageLinkTimeAddress = LinkTimeBase;\r
376 ImageLoad->LengthOfDevicePath = FilePathSize;\r
7a1f792d
ED		 377 if ((FilePath != NULL) && (FilePathSize != 0)) {\r
378 CopyMem (ImageLoad->DevicePath, FilePath, FilePathSize);\r
379 }\r
0c18794e 380\r
381 //\r
382 // Check PE/COFF image\r
383 //\r
384 DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress;\r
385 PeCoffHeaderOffset = 0;\r
386 if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {\r
387 PeCoffHeaderOffset = DosHdr->e_lfanew;\r
388 }\r
551d8081 389\r
390 Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset);\r
391 if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {\r
0c18794e 392 goto Finish;\r
393 }\r
394\r
395 //\r
396 // PE/COFF Image Measurement\r
397 //\r
398 // NOTE: The following codes/steps are based upon the authenticode image hashing in\r
399 // PE/COFF Specification 8.0 Appendix A.\r
400 //\r
401 //\r
402\r
403 // 1. Load the image header into memory.\r
404\r
405 // 2. Initialize a SHA hash context.\r
406 CtxSize = Sha1GetContextSize ();\r
407 Sha1Ctx = AllocatePool (CtxSize);\r
408 if (Sha1Ctx == NULL) {\r
409 Status = EFI_OUT_OF_RESOURCES;\r
410 goto Finish;\r
411 }\r
412\r
551d8081 413 HashStatus = Sha1Init (Sha1Ctx);\r
414 if (!HashStatus) {\r
415 goto Finish;\r
416 }\r
0c18794e 417\r
418 //\r
419 // Measuring PE/COFF Image Header;\r
420 // But CheckSum field and SECURITY data directory (certificate) are excluded\r
421 //\r
de2447dd 422 if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
423 //\r
424 // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value \r
425 // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the \r
426 // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC\r
427 // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC\r
428 //\r
429 Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;\r
430 } else {\r
431 //\r
432 // Get the magic value from the PE/COFF Optional Header\r
433 //\r
434 Magic = Hdr.Pe32->OptionalHeader.Magic;\r
435 }\r
0c18794e 436 \r
437 //\r
438 // 3. Calculate the distance from the base of the image header to the image checksum address.\r
439 // 4. Hash the image header from its base to beginning of the image checksum.\r
440 //\r
441 HashBase = (UINT8 *) (UINTN) ImageAddress;\r
442 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
443 //\r
444 // Use PE32 offset\r
445 //\r
551d8081 446 NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes;\r
0c18794e 447 HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.CheckSum) - HashBase);\r
448 } else {\r
449 //\r
450 // Use PE32+ offset\r
451 //\r
551d8081 452 NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;\r
0c18794e 453 HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - HashBase);\r
454 }\r
455\r
551d8081 456 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
457 if (!HashStatus) {\r
458 goto Finish;\r
459 } \r
0c18794e 460\r
461 //\r
462 // 5. Skip over the image checksum (it occupies a single ULONG).\r
0c18794e 463 //\r
551d8081 464 if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {\r
0c18794e 465 //\r
551d8081 466 // 6. Since there is no Cert Directory in optional header, hash everything\r
467 // from the end of the checksum to the end of image header.\r
0c18794e 468 //\r
551d8081 469 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
470 //\r
471 // Use PE32 offset.\r
472 //\r
473 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);\r
474 HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
475 } else {\r
476 //\r
477 // Use PE32+ offset.\r
478 //\r
479 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);\r
480 HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
481 }\r
482\r
483 if (HashSize != 0) {\r
484 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
485 if (!HashStatus) {\r
486 goto Finish;\r
487 }\r
488 } \r
0c18794e 489 } else {\r
490 //\r
551d8081 491 // 7. Hash everything from the end of the checksum to the start of the Cert Directory.\r
492 //\r
493 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
494 //\r
495 // Use PE32 offset\r
496 //\r
497 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);\r
498 HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);\r
499 } else {\r
500 //\r
501 // Use PE32+ offset\r
502 // \r
503 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);\r
504 HashSize = (UINTN) ((UINT8 *)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);\r
505 }\r
0c18794e 506\r
551d8081 507 if (HashSize != 0) {\r
508 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
509 if (!HashStatus) {\r
510 goto Finish;\r
511 }\r
512 }\r
0c18794e 513\r
0c18794e 514 //\r
551d8081 515 // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)\r
516 // 9. Hash everything from the end of the Cert Directory to the end of image header.\r
0c18794e 517 //\r
551d8081 518 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
519 //\r
520 // Use PE32 offset\r
521 //\r
522 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r
523 HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
524 } else {\r
525 //\r
526 // Use PE32+ offset\r
527 //\r
528 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r
529 HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
530 }\r
531 \r
532 if (HashSize != 0) {\r
533 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
534 if (!HashStatus) {\r
535 goto Finish;\r
536 }\r
537 }\r
0c18794e 538 }\r
0c18794e 539\r
540 //\r
541 // 10. Set the SUM_OF_BYTES_HASHED to the size of the header\r
542 //\r
543 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
544 //\r
545 // Use PE32 offset\r
546 //\r
547 SumOfBytesHashed = Hdr.Pe32->OptionalHeader.SizeOfHeaders;\r
548 } else {\r
549 //\r
550 // Use PE32+ offset\r
551 //\r
552 SumOfBytesHashed = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders;\r
553 }\r
554\r
555 //\r
556 // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER\r
557 // structures in the image. The 'NumberOfSections' field of the image\r
558 // header indicates how big the table should be. Do not include any\r
559 // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.\r
560 //\r
551d8081 561 SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);\r
0c18794e 562 if (SectionHeader == NULL) {\r
563 Status = EFI_OUT_OF_RESOURCES;\r
564 goto Finish;\r
565 }\r
566\r
567 //\r
568 // 12. Using the 'PointerToRawData' in the referenced section headers as\r
569 // a key, arrange the elements in the table in ascending order. In other\r
570 // words, sort the section headers according to the disk-file offset of\r
571 // the section.\r
572 //\r
573 Section = (EFI_IMAGE_SECTION_HEADER *) (\r
574 (UINT8 *) (UINTN) ImageAddress +\r
575 PeCoffHeaderOffset +\r
576 sizeof(UINT32) +\r
577 sizeof(EFI_IMAGE_FILE_HEADER) +\r
578 Hdr.Pe32->FileHeader.SizeOfOptionalHeader\r
579 );\r
580 for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {\r
581 Pos = Index;\r
582 while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {\r
583 CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER));\r
584 Pos--;\r
585 }\r
586 CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER));\r
587 Section += 1;\r
588 }\r
589\r
590 //\r
591 // 13. Walk through the sorted table, bring the corresponding section\r
592 // into memory, and hash the entire section (using the 'SizeOfRawData'\r
593 // field in the section header to determine the amount of data to hash).\r
594 // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .\r
595 // 15. Repeat steps 13 and 14 for all the sections in the sorted table.\r
596 //\r
597 for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {\r
598 Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index];\r
599 if (Section->SizeOfRawData == 0) {\r
600 continue;\r
601 }\r
602 HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData;\r
603 HashSize = (UINTN) Section->SizeOfRawData;\r
604\r
551d8081 605 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
606 if (!HashStatus) {\r
607 goto Finish;\r
608 }\r
0c18794e 609\r
610 SumOfBytesHashed += HashSize;\r
611 }\r
612\r
613 //\r
614 // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra\r
615 // data in the file that needs to be added to the hash. This data begins\r
616 // at file offset SUM_OF_BYTES_HASHED and its length is:\r
617 // FileSize - (CertDirectory->Size)\r
618 //\r
619 if (ImageSize > SumOfBytesHashed) {\r
620 HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed;\r
551d8081 621\r
622 if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {\r
623 CertSize = 0;\r
0c18794e 624 } else {\r
551d8081 625 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
626 //\r
627 // Use PE32 offset.\r
628 //\r
629 CertSize = Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;\r
630 } else {\r
631 //\r
632 // Use PE32+ offset.\r
633 //\r
634 CertSize = Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;\r
28186d45 635 }\r
0c18794e 636 }\r
637\r
551d8081 638 if (ImageSize > CertSize + SumOfBytesHashed) {\r
639 HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed);\r
640\r
641 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
642 if (!HashStatus) {\r
643 goto Finish;\r
644 }\r
645 } else if (ImageSize < CertSize + SumOfBytesHashed) {\r
646 goto Finish;\r
647 }\r
0c18794e 648 }\r
649\r
650 //\r
651 // 17. Finalize the SHA hash.\r
652 //\r
551d8081 653 HashStatus = Sha1Final (Sha1Ctx, (UINT8 *) &TcgEvent->Digest);\r
654 if (!HashStatus) {\r
655 goto Finish;\r
656 }\r
0c18794e 657\r
658 //\r
659 // Log the PE data\r
660 //\r
661 EventNumber = 1;\r
662 Status = TcgProtocol->HashLogExtendEvent (\r
663 TcgProtocol,\r
664 (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) NULL,\r
665 0,\r
666 TPM_ALG_SHA,\r
667 TcgEvent,\r
668 &EventNumber,\r
669 &EventLogLastEntry\r
670 );\r
772b6011 671 if (Status == EFI_OUT_OF_RESOURCES) {\r
672 //\r
673 // Out of resource here means the image is hashed and its result is extended to PCR.\r
674 // But the event log cann't be saved since log area is full.\r
675 // Just return EFI_SUCCESS in order not to block the image load.\r
676 //\r
677 Status = EFI_SUCCESS;\r
678 }\r
0c18794e 679\r
680Finish:\r
681 FreePool (TcgEvent);\r
682\r
683 if (SectionHeader != NULL) {\r
684 FreePool (SectionHeader);\r
685 }\r
686\r
687 if (Sha1Ctx != NULL ) {\r
688 FreePool (Sha1Ctx);\r
689 }\r
690 return Status;\r
691}\r
692\r
693/**\r
694 The security handler is used to abstract platform-specific policy \r
695 from the DXE core response to an attempt to use a file that returns a \r
696 given status for the authentication check from the section extraction protocol. \r
697\r
698 The possible responses in a given SAP implementation may include locking \r
699 flash upon failure to authenticate, attestation logging for all signed drivers, \r
700 and other exception operations. The File parameter allows for possible logging \r
701 within the SAP of the driver.\r
702\r
703 If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
704\r
705 If the file specified by File with an authentication status specified by \r
706 AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
707\r
708 If the file specified by File with an authentication status specified by \r
709 AuthenticationStatus is not safe for the DXE Core to use under any circumstances, \r
710 then EFI_ACCESS_DENIED is returned.\r
711\r
712 If the file specified by File with an authentication status specified by \r
713 AuthenticationStatus is not safe for the DXE Core to use right now, but it \r
714 might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is \r
715 returned.\r
716\r
5db28a67 717 @param[in] AuthenticationStatus This is the authentication status returned\r
0c18794e 718 from the securitymeasurement services for the\r
719 input file.\r
720 @param[in] File This is a pointer to the device path of the file that is\r
721 being dispatched. This will optionally be used for logging.\r
722 @param[in] FileBuffer File buffer matches the input file device path.\r
723 @param[in] FileSize Size of File buffer matches the input file device path.\r
5db28a67 724 @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
0c18794e 725\r
5db28a67
LG		 726 @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
727 FileBuffer did authenticate, and the platform policy dictates\r
728 that the DXE Foundation may use the file.\r
729 @retval other error value\r
0c18794e 730**/\r
731EFI_STATUS\r
732EFIAPI\r
733DxeTpmMeasureBootHandler (\r
5db28a67 734 IN UINT32 AuthenticationStatus,\r
0c18794e 735 IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
5db28a67
LG		 736 IN VOID *FileBuffer,\r
737 IN UINTN FileSize,\r
738 IN BOOLEAN BootPolicy\r
0c18794e 739 )\r
740{\r
2aadc920 741 EFI_TCG_PROTOCOL *TcgProtocol;\r
742 EFI_STATUS Status;\r
743 TCG_EFI_BOOT_SERVICE_CAPABILITY ProtocolCapability;\r
744 UINT32 TCGFeatureFlags;\r
745 EFI_PHYSICAL_ADDRESS EventLogLocation;\r
746 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
747 EFI_DEVICE_PATH_PROTOCOL *DevicePathNode;\r
748 EFI_DEVICE_PATH_PROTOCOL *OrigDevicePathNode;\r
749 EFI_HANDLE Handle;\r
750 EFI_HANDLE TempHandle;\r
751 BOOLEAN ApplicationRequired;\r
752 PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;\r
753 EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;\r
754 EFI_PHYSICAL_ADDRESS FvAddress;\r
2aadc920 755 UINT32 Index;\r
0c18794e 756\r
0c18794e 757 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
758 if (EFI_ERROR (Status)) {\r
759 //\r
760 // TCG protocol is not installed. So, TPM is not present.\r
761 // Don't do any measurement, and directly return EFI_SUCCESS.\r
762 //\r
763 return EFI_SUCCESS;\r
764 }\r
765\r
766 ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);\r
767 Status = TcgProtocol->StatusCheck (\r
768 TcgProtocol, \r
769 &ProtocolCapability,\r
770 &TCGFeatureFlags,\r
771 &EventLogLocation,\r
772 &EventLogLastEntry\r
773 );\r
6f785cfc 774 if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) {\r
0c18794e 775 //\r
776 // TPM device doesn't work or activate.\r
777 //\r
778 return EFI_SUCCESS;\r
779 }\r
780\r
781 //\r
782 // Copy File Device Path\r
783 //\r
784 OrigDevicePathNode = DuplicateDevicePath (File);\r
0c18794e 785 \r
786 //\r
787 // 1. Check whether this device path support BlockIo protocol.\r
788 // Is so, this device path may be a GPT device path.\r
789 //\r
790 DevicePathNode = OrigDevicePathNode;\r
791 Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);\r
792 if (!EFI_ERROR (Status) && !mMeasureGptTableFlag) {\r
793 //\r
794 // Find the gpt partion on the given devicepath\r
795 //\r
796 DevicePathNode = OrigDevicePathNode;\r
4dbb98ab 797 ASSERT (DevicePathNode != NULL);\r
0c18794e 798 while (!IsDevicePathEnd (DevicePathNode)) {\r
799 //\r
800 // Find the Gpt partition\r
801 //\r
802 if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&\r
803 DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {\r
804 //\r
805 // Check whether it is a gpt partition or not\r
806 // \r
807 if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && \r
808 ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {\r
809\r
810 //\r
811 // Change the partition device path to its parent device path (disk) and get the handle.\r
812 //\r
813 DevicePathNode->Type = END_DEVICE_PATH_TYPE;\r
814 DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE;\r
815 DevicePathNode = OrigDevicePathNode;\r
816 Status = gBS->LocateDevicePath (\r
817 &gEfiDiskIoProtocolGuid,\r
818 &DevicePathNode,\r
819 &Handle\r
820 );\r
821 if (!EFI_ERROR (Status)) {\r
822 //\r
823 // Measure GPT disk.\r
824 //\r
825 Status = TcgMeasureGptTable (TcgProtocol, Handle);\r
826 if (!EFI_ERROR (Status)) {\r
827 //\r
828 // GPT disk check done.\r
829 //\r
830 mMeasureGptTableFlag = TRUE;\r
831 }\r
832 }\r
833 FreePool (OrigDevicePathNode);\r
834 OrigDevicePathNode = DuplicateDevicePath (File);\r
835 ASSERT (OrigDevicePathNode != NULL);\r
836 break;\r
837 }\r
838 }\r
839 DevicePathNode = NextDevicePathNode (DevicePathNode);\r
840 }\r
841 }\r
842 \r
843 //\r
844 // 2. Measure PE image.\r
845 //\r
846 ApplicationRequired = FALSE;\r
847\r
848 //\r
2aadc920 849 // Check whether this device path support FVB protocol.\r
0c18794e 850 //\r
851 DevicePathNode = OrigDevicePathNode;\r
2aadc920 852 Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);\r
0c18794e 853 if (!EFI_ERROR (Status)) {\r
854 //\r
855 // Don't check FV image, and directly return EFI_SUCCESS.\r
856 // It can be extended to the specific FV authentication according to the different requirement.\r
857 //\r
858 if (IsDevicePathEnd (DevicePathNode)) {\r
859 return EFI_SUCCESS;\r
860 }\r
861 //\r
0758c830 862 // The PE image from unmeasured Firmware volume need be measured\r
863 // The PE image from measured Firmware volume will be mearsured according to policy below.\r
864 // If it is driver, do not measure\r
2aadc920 865 // If it is application, still measure.\r
0c18794e 866 //\r
867 ApplicationRequired = TRUE;\r
2aadc920 868\r
0758c830 869 if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) {\r
2aadc920 870 //\r
871 // Search for Root FV of this PE image\r
872 //\r
873 TempHandle = Handle;\r
874 do {\r
875 Status = gBS->HandleProtocol(\r
876 TempHandle, \r
877 &gEfiFirmwareVolumeBlockProtocolGuid,\r
6dbdb191 878 (VOID**)&FvbProtocol\r
2aadc920 879 );\r
880 TempHandle = FvbProtocol->ParentHandle;\r
881 } while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL);\r
882\r
883 //\r
884 // Search in measured FV Hob\r
885 //\r
886 Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress);\r
887 if (EFI_ERROR(Status)){\r
888 return Status;\r
889 }\r
890\r
2aadc920 891 ApplicationRequired = FALSE;\r
892\r
0758c830 893 for (Index = 0; Index < mMeasuredHobData->Num; Index++) {\r
894 if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {\r
2aadc920 895 //\r
896 // Cache measured FV for next measurement\r
897 //\r
898 mCacheMeasuredHandle = Handle;\r
899 ApplicationRequired = TRUE;\r
900 break;\r
901 }\r
902 }\r
903 }\r
0c18794e 904 }\r
2aadc920 905\r
0c18794e 906 //\r
907 // File is not found.\r
908 //\r
909 if (FileBuffer == NULL) {\r
910 Status = EFI_SECURITY_VIOLATION;\r
911 goto Finish;\r
912 }\r
913\r
a00bd8e0 914 mTpmImageSize = FileSize;\r
28186d45
ED		 915 mFileBuffer = FileBuffer;\r
916\r
0c18794e 917 //\r
918 // Measure PE Image\r
919 //\r
920 DevicePathNode = OrigDevicePathNode;\r
921 ZeroMem (&ImageContext, sizeof (ImageContext));\r
922 ImageContext.Handle = (VOID *) FileBuffer;\r
e0192326 923 ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpmMeasureBootLibImageRead;\r
0c18794e 924\r
925 //\r
926 // Get information about the image being loaded\r
927 //\r
928 Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
929 if (EFI_ERROR (Status)) {\r
930 //\r
931 // The information can't be got from the invalid PeImage\r
932 //\r
933 goto Finish;\r
934 }\r
935 \r
936 //\r
937 // Measure only application if Application flag is set\r
938 // Measure drivers and applications if Application flag is not set\r
939 //\r
940 if ((!ApplicationRequired) || \r
941 (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { \r
942 //\r
943 // Print the image path to be measured.\r
944 // \r
945 DEBUG_CODE_BEGIN ();\r
946 CHAR16 *ToText;\r
863986b3
RN		 947 ToText = ConvertDevicePathToText (\r
948 DevicePathNode,\r
949 FALSE,\r
950 TRUE\r
951 );\r
952 if (ToText != NULL) {\r
953 DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));\r
954 FreePool (ToText);\r
0c18794e 955 }\r
956 DEBUG_CODE_END ();\r
957\r
958 //\r
959 // Measure PE image into TPM log.\r
960 //\r
961 Status = TcgMeasurePeImage (\r
962 TcgProtocol,\r
963 (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, \r
964 FileSize, \r
965 (UINTN) ImageContext.ImageAddress, \r
966 ImageContext.ImageType, \r
967 DevicePathNode\r
968 );\r
969 }\r
970\r
971 //\r
972 // Done, free the allocated resource.\r
973 //\r
974Finish:\r
5db28a67
LG		 975 if (OrigDevicePathNode != NULL) {\r
976 FreePool (OrigDevicePathNode);\r
977 }\r
0c18794e 978\r
979 return Status;\r
980}\r
981\r
982/**\r
983 Register the security handler to provide TPM measure boot service.\r
984\r
985 @param ImageHandle ImageHandle of the loaded driver.\r
986 @param SystemTable Pointer to the EFI System Table.\r
987\r
988 @retval EFI_SUCCESS Register successfully.\r
989 @retval EFI_OUT_OF_RESOURCES No enough memory to register this handler.\r
990**/\r
991EFI_STATUS\r
992EFIAPI\r
993DxeTpmMeasureBootLibConstructor (\r
994 IN EFI_HANDLE ImageHandle,\r
995 IN EFI_SYSTEM_TABLE *SystemTable\r
996 )\r
997{\r
2aadc920 998 EFI_HOB_GUID_TYPE *GuidHob;\r
999\r
1000 GuidHob = NULL;\r
1001\r
0758c830 1002 GuidHob = GetFirstGuidHob (&gMeasuredFvHobGuid);\r
2aadc920 1003\r
1004 if (GuidHob != NULL) {\r
0758c830 1005 mMeasuredHobData = GET_GUID_HOB_DATA (GuidHob);\r
2aadc920 1006 }\r
1007\r
5db28a67 1008 return RegisterSecurity2Handler (\r
0c18794e 1009 DxeTpmMeasureBootHandler,\r
1010 EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r
1011 );\r
1012}\r
EFI Development Kit II mirror for PVE