SecurityPkg: remove PE/COFF header workaround for ELILO on IPF
[mirror_edk2.git] / SecurityPkg / Library / DxeTpmMeasureBootLib / DxeTpmMeasureBootLib.c
CommitLineData
0c18794e 1/** @file\r
b3548d32 2 The library instance provides security service of TPM measure boot.\r
0c18794e 3\r
dc204d5a
JY
4 Caution: This file requires additional review when modified.\r
5 This library will have external input - PE/COFF image and GPT partition.\r
6 This external input must be validated carefully to avoid security issue like\r
7 buffer overflow, integer overflow.\r
8\r
9 DxeTpmMeasureBootLibImageRead() function will make sure the PE/COFF image content\r
10 read is within the image buffer.\r
11\r
12 TcgMeasurePeImage() function will accept untrusted PE/COFF image and validate its\r
13 data structure within this image buffer before use.\r
14\r
15 TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse\r
16 partition data carefully.\r
17\r
b3548d32
LG
18Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
19This program and the accompanying materials\r
20are licensed and made available under the terms and conditions of the BSD License\r
21which accompanies this distribution. The full text of the license may be found at\r
0c18794e 22http://opensource.org/licenses/bsd-license.php\r
23\r
b3548d32 24THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
0c18794e 25WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
26\r
27**/\r
28\r
29#include <PiDxe.h>\r
30\r
31#include <Protocol/TcgService.h>\r
0c18794e 32#include <Protocol/BlockIo.h>\r
33#include <Protocol/DiskIo.h>\r
2aadc920 34#include <Protocol/FirmwareVolumeBlock.h>\r
35\r
0758c830 36#include <Guid/MeasuredFvHob.h>\r
0c18794e 37\r
38#include <Library/BaseLib.h>\r
39#include <Library/DebugLib.h>\r
40#include <Library/BaseMemoryLib.h>\r
41#include <Library/MemoryAllocationLib.h>\r
42#include <Library/DevicePathLib.h>\r
43#include <Library/UefiBootServicesTableLib.h>\r
44#include <Library/BaseCryptLib.h>\r
45#include <Library/PeCoffLib.h>\r
46#include <Library/SecurityManagementLib.h>\r
2aadc920 47#include <Library/HobLib.h>\r
0c18794e 48\r
49//\r
50// Flag to check GPT partition. It only need be measured once.\r
51//\r
52BOOLEAN mMeasureGptTableFlag = FALSE;\r
0c18794e 53UINTN mMeasureGptCount = 0;\r
28186d45 54VOID *mFileBuffer;\r
a00bd8e0 55UINTN mTpmImageSize;\r
2aadc920 56//\r
57// Measured FV handle cache\r
58//\r
59EFI_HANDLE mCacheMeasuredHandle = NULL;\r
0758c830 60MEASURED_HOB_DATA *mMeasuredHobData = NULL;\r
0c18794e 61\r
62/**\r
63 Reads contents of a PE/COFF image in memory buffer.\r
64\r
dc204d5a
JY
65 Caution: This function may receive untrusted input.\r
66 PE/COFF image is external input, so this function will make sure the PE/COFF image content\r
67 read is within the image buffer.\r
68\r
0c18794e 69 @param FileHandle Pointer to the file handle to read the PE/COFF image.\r
70 @param FileOffset Offset into the PE/COFF image to begin the read operation.\r
b3548d32 71 @param ReadSize On input, the size in bytes of the requested read operation.\r
0c18794e 72 On output, the number of bytes actually read.\r
73 @param Buffer Output buffer that contains the data read from the PE/COFF image.\r
b3548d32
LG
74\r
75 @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size\r
0c18794e 76**/\r
77EFI_STATUS\r
78EFIAPI\r
e0192326 79DxeTpmMeasureBootLibImageRead (\r
0c18794e 80 IN VOID *FileHandle,\r
81 IN UINTN FileOffset,\r
82 IN OUT UINTN *ReadSize,\r
83 OUT VOID *Buffer\r
84 )\r
85{\r
28186d45
ED
86 UINTN EndPosition;\r
87\r
88 if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {\r
89 return EFI_INVALID_PARAMETER;\r
90 }\r
91\r
92 if (MAX_ADDRESS - FileOffset < *ReadSize) {\r
93 return EFI_INVALID_PARAMETER;\r
94 }\r
95\r
96 EndPosition = FileOffset + *ReadSize;\r
a00bd8e0
ED
97 if (EndPosition > mTpmImageSize) {\r
98 *ReadSize = (UINT32)(mTpmImageSize - FileOffset);\r
28186d45
ED
99 }\r
100\r
a00bd8e0 101 if (FileOffset >= mTpmImageSize) {\r
28186d45
ED
102 *ReadSize = 0;\r
103 }\r
104\r
0c18794e 105 CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);\r
28186d45 106\r
0c18794e 107 return EFI_SUCCESS;\r
108}\r
109\r
110/**\r
111 Measure GPT table data into TPM log.\r
112\r
dc204d5a
JY
113 Caution: This function may receive untrusted input.\r
114 The GPT partition table is external input, so this function should parse partition data carefully.\r
115\r
0c18794e 116 @param TcgProtocol Pointer to the located TCG protocol instance.\r
117 @param GptHandle Handle that GPT partition was installed.\r
118\r
119 @retval EFI_SUCCESS Successfully measure GPT table.\r
120 @retval EFI_UNSUPPORTED Not support GPT table on the given handle.\r
121 @retval EFI_DEVICE_ERROR Can't get GPT table because device error.\r
122 @retval EFI_OUT_OF_RESOURCES No enough resource to measure GPT table.\r
123 @retval other error value\r
124**/\r
125EFI_STATUS\r
126EFIAPI\r
127TcgMeasureGptTable (\r
128 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
129 IN EFI_HANDLE GptHandle\r
130 )\r
131{\r
132 EFI_STATUS Status;\r
133 EFI_BLOCK_IO_PROTOCOL *BlockIo;\r
134 EFI_DISK_IO_PROTOCOL *DiskIo;\r
135 EFI_PARTITION_TABLE_HEADER *PrimaryHeader;\r
136 EFI_PARTITION_ENTRY *PartitionEntry;\r
137 UINT8 *EntryPtr;\r
138 UINTN NumberOfPartition;\r
139 UINT32 Index;\r
140 TCG_PCR_EVENT *TcgEvent;\r
141 EFI_GPT_DATA *GptData;\r
142 UINT32 EventSize;\r
143 UINT32 EventNumber;\r
144 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
145\r
146 if (mMeasureGptCount > 0) {\r
147 return EFI_SUCCESS;\r
148 }\r
149\r
150 Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo);\r
151 if (EFI_ERROR (Status)) {\r
152 return EFI_UNSUPPORTED;\r
153 }\r
154 Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);\r
155 if (EFI_ERROR (Status)) {\r
156 return EFI_UNSUPPORTED;\r
157 }\r
158 //\r
159 // Read the EFI Partition Table Header\r
b3548d32 160 //\r
0c18794e 161 PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);\r
162 if (PrimaryHeader == NULL) {\r
163 return EFI_OUT_OF_RESOURCES;\r
b3548d32 164 }\r
0c18794e 165 Status = DiskIo->ReadDisk (\r
166 DiskIo,\r
167 BlockIo->Media->MediaId,\r
168 1 * BlockIo->Media->BlockSize,\r
169 BlockIo->Media->BlockSize,\r
170 (UINT8 *)PrimaryHeader\r
171 );\r
172 if (EFI_ERROR (Status)) {\r
173 DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n"));\r
174 FreePool (PrimaryHeader);\r
175 return EFI_DEVICE_ERROR;\r
b3548d32 176 }\r
0c18794e 177 //\r
178 // Read the partition entry.\r
179 //\r
180 EntryPtr = (UINT8 *)AllocatePool (PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry);\r
181 if (EntryPtr == NULL) {\r
182 FreePool (PrimaryHeader);\r
183 return EFI_OUT_OF_RESOURCES;\r
184 }\r
185 Status = DiskIo->ReadDisk (\r
186 DiskIo,\r
187 BlockIo->Media->MediaId,\r
188 MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),\r
189 PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,\r
190 EntryPtr\r
191 );\r
192 if (EFI_ERROR (Status)) {\r
193 FreePool (PrimaryHeader);\r
194 FreePool (EntryPtr);\r
195 return EFI_DEVICE_ERROR;\r
196 }\r
b3548d32 197\r
0c18794e 198 //\r
199 // Count the valid partition\r
200 //\r
201 PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;\r
202 NumberOfPartition = 0;\r
203 for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
965268ea 204 if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {\r
b3548d32 205 NumberOfPartition++;\r
0c18794e 206 }\r
2ea3b920 207 PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);\r
0c18794e 208 }\r
209\r
210 //\r
2ea3b920 211 // Prepare Data for Measurement\r
b3548d32
LG
212 //\r
213 EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)\r
0c18794e 214 + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);\r
2ea3b920 215 TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));\r
0c18794e 216 if (TcgEvent == NULL) {\r
217 FreePool (PrimaryHeader);\r
218 FreePool (EntryPtr);\r
219 return EFI_OUT_OF_RESOURCES;\r
220 }\r
221\r
222 TcgEvent->PCRIndex = 5;\r
223 TcgEvent->EventType = EV_EFI_GPT_EVENT;\r
224 TcgEvent->EventSize = EventSize;\r
b3548d32 225 GptData = (EFI_GPT_DATA *) TcgEvent->Event;\r
0c18794e 226\r
227 //\r
228 // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition\r
b3548d32 229 //\r
0c18794e 230 CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));\r
231 GptData->NumberOfPartitions = NumberOfPartition;\r
232 //\r
233 // Copy the valid partition entry\r
234 //\r
235 PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr;\r
236 NumberOfPartition = 0;\r
237 for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
965268ea 238 if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {\r
0c18794e 239 CopyMem (\r
2ea3b920 240 (UINT8 *)&GptData->Partitions + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry,\r
0c18794e 241 (UINT8 *)PartitionEntry,\r
2ea3b920 242 PrimaryHeader->SizeOfPartitionEntry\r
0c18794e 243 );\r
244 NumberOfPartition++;\r
245 }\r
2ea3b920 246 PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);\r
0c18794e 247 }\r
248\r
249 //\r
250 // Measure the GPT data\r
251 //\r
252 EventNumber = 1;\r
253 Status = TcgProtocol->HashLogExtendEvent (\r
254 TcgProtocol,\r
255 (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData,\r
256 (UINT64) TcgEvent->EventSize,\r
257 TPM_ALG_SHA,\r
258 TcgEvent,\r
259 &EventNumber,\r
260 &EventLogLastEntry\r
261 );\r
262 if (!EFI_ERROR (Status)) {\r
263 mMeasureGptCount++;\r
264 }\r
265\r
266 FreePool (PrimaryHeader);\r
267 FreePool (EntryPtr);\r
268 FreePool (TcgEvent);\r
269\r
270 return Status;\r
271}\r
272\r
273/**\r
274 Measure PE image into TPM log based on the authenticode image hashing in\r
275 PE/COFF Specification 8.0 Appendix A.\r
276\r
dc204d5a
JY
277 Caution: This function may receive untrusted input.\r
278 PE/COFF image is external input, so this function will validate its data structure\r
279 within this image buffer before use.\r
280\r
b3548d32 281 Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in\r
e39d0569
LG
282 its caller function DxeTpmMeasureBootHandler().\r
283\r
0c18794e 284 @param[in] TcgProtocol Pointer to the located TCG protocol instance.\r
285 @param[in] ImageAddress Start address of image buffer.\r
286 @param[in] ImageSize Image size\r
287 @param[in] LinkTimeBase Address that the image is loaded into memory.\r
288 @param[in] ImageType Image subsystem type.\r
289 @param[in] FilePath File path is corresponding to the input image.\r
290\r
291 @retval EFI_SUCCESS Successfully measure image.\r
292 @retval EFI_OUT_OF_RESOURCES No enough resource to measure image.\r
b3548d32 293 @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.\r
0c18794e 294 @retval other error value\r
551d8081 295\r
0c18794e 296**/\r
297EFI_STATUS\r
298EFIAPI\r
299TcgMeasurePeImage (\r
300 IN EFI_TCG_PROTOCOL *TcgProtocol,\r
301 IN EFI_PHYSICAL_ADDRESS ImageAddress,\r
302 IN UINTN ImageSize,\r
303 IN UINTN LinkTimeBase,\r
304 IN UINT16 ImageType,\r
305 IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
306 )\r
307{\r
551d8081 308 EFI_STATUS Status;\r
309 TCG_PCR_EVENT *TcgEvent;\r
310 EFI_IMAGE_LOAD_EVENT *ImageLoad;\r
311 UINT32 FilePathSize;\r
312 VOID *Sha1Ctx;\r
313 UINTN CtxSize;\r
314 EFI_IMAGE_DOS_HEADER *DosHdr;\r
315 UINT32 PeCoffHeaderOffset;\r
316 EFI_IMAGE_SECTION_HEADER *Section;\r
317 UINT8 *HashBase;\r
318 UINTN HashSize;\r
319 UINTN SumOfBytesHashed;\r
320 EFI_IMAGE_SECTION_HEADER *SectionHeader;\r
321 UINTN Index;\r
322 UINTN Pos;\r
551d8081 323 UINT32 EventSize;\r
324 UINT32 EventNumber;\r
325 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
0c18794e 326 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;\r
551d8081 327 UINT32 NumberOfRvaAndSizes;\r
328 BOOLEAN HashStatus;\r
329 UINT32 CertSize;\r
0c18794e 330\r
551d8081 331 Status = EFI_UNSUPPORTED;\r
0c18794e 332 ImageLoad = NULL;\r
333 SectionHeader = NULL;\r
334 Sha1Ctx = NULL;\r
335 FilePathSize = (UINT32) GetDevicePathSize (FilePath);\r
336\r
337 //\r
338 // Determine destination PCR by BootPolicy\r
339 //\r
340 EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize;\r
341 TcgEvent = AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT));\r
342 if (TcgEvent == NULL) {\r
343 return EFI_OUT_OF_RESOURCES;\r
344 }\r
345\r
346 TcgEvent->EventSize = EventSize;\r
347 ImageLoad = (EFI_IMAGE_LOAD_EVENT *) TcgEvent->Event;\r
348\r
349 switch (ImageType) {\r
350 case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:\r
351 TcgEvent->EventType = EV_EFI_BOOT_SERVICES_APPLICATION;\r
352 TcgEvent->PCRIndex = 4;\r
353 break;\r
354 case EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:\r
355 TcgEvent->EventType = EV_EFI_BOOT_SERVICES_DRIVER;\r
356 TcgEvent->PCRIndex = 2;\r
357 break;\r
358 case EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:\r
359 TcgEvent->EventType = EV_EFI_RUNTIME_SERVICES_DRIVER;\r
360 TcgEvent->PCRIndex = 2;\r
361 break;\r
362 default:\r
363 DEBUG ((\r
364 EFI_D_ERROR,\r
365 "TcgMeasurePeImage: Unknown subsystem type %d",\r
366 ImageType\r
367 ));\r
0c18794e 368 goto Finish;\r
369 }\r
370\r
371 ImageLoad->ImageLocationInMemory = ImageAddress;\r
372 ImageLoad->ImageLengthInMemory = ImageSize;\r
373 ImageLoad->ImageLinkTimeAddress = LinkTimeBase;\r
374 ImageLoad->LengthOfDevicePath = FilePathSize;\r
7a1f792d
ED
375 if ((FilePath != NULL) && (FilePathSize != 0)) {\r
376 CopyMem (ImageLoad->DevicePath, FilePath, FilePathSize);\r
377 }\r
0c18794e 378\r
379 //\r
380 // Check PE/COFF image\r
381 //\r
382 DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress;\r
383 PeCoffHeaderOffset = 0;\r
384 if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {\r
385 PeCoffHeaderOffset = DosHdr->e_lfanew;\r
386 }\r
551d8081 387\r
388 Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset);\r
389 if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {\r
0c18794e 390 goto Finish;\r
391 }\r
392\r
393 //\r
394 // PE/COFF Image Measurement\r
395 //\r
396 // NOTE: The following codes/steps are based upon the authenticode image hashing in\r
397 // PE/COFF Specification 8.0 Appendix A.\r
398 //\r
399 //\r
400\r
401 // 1. Load the image header into memory.\r
402\r
403 // 2. Initialize a SHA hash context.\r
404 CtxSize = Sha1GetContextSize ();\r
405 Sha1Ctx = AllocatePool (CtxSize);\r
406 if (Sha1Ctx == NULL) {\r
407 Status = EFI_OUT_OF_RESOURCES;\r
408 goto Finish;\r
409 }\r
410\r
551d8081 411 HashStatus = Sha1Init (Sha1Ctx);\r
412 if (!HashStatus) {\r
413 goto Finish;\r
414 }\r
0c18794e 415\r
416 //\r
417 // Measuring PE/COFF Image Header;\r
418 // But CheckSum field and SECURITY data directory (certificate) are excluded\r
419 //\r
b3548d32 420\r
0c18794e 421 //\r
422 // 3. Calculate the distance from the base of the image header to the image checksum address.\r
423 // 4. Hash the image header from its base to beginning of the image checksum.\r
424 //\r
425 HashBase = (UINT8 *) (UINTN) ImageAddress;\r
f199664c 426 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
0c18794e 427 //\r
428 // Use PE32 offset\r
429 //\r
551d8081 430 NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes;\r
4333b99d 431 HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase;\r
0c18794e 432 } else {\r
433 //\r
434 // Use PE32+ offset\r
435 //\r
551d8081 436 NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;\r
4333b99d 437 HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase;\r
0c18794e 438 }\r
439\r
551d8081 440 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
441 if (!HashStatus) {\r
442 goto Finish;\r
b3548d32 443 }\r
0c18794e 444\r
445 //\r
446 // 5. Skip over the image checksum (it occupies a single ULONG).\r
0c18794e 447 //\r
551d8081 448 if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {\r
0c18794e 449 //\r
551d8081 450 // 6. Since there is no Cert Directory in optional header, hash everything\r
451 // from the end of the checksum to the end of image header.\r
0c18794e 452 //\r
f199664c 453 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
551d8081 454 //\r
455 // Use PE32 offset.\r
456 //\r
457 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);\r
458 HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
459 } else {\r
460 //\r
461 // Use PE32+ offset.\r
462 //\r
463 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);\r
464 HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
465 }\r
466\r
467 if (HashSize != 0) {\r
468 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
469 if (!HashStatus) {\r
470 goto Finish;\r
471 }\r
b3548d32 472 }\r
0c18794e 473 } else {\r
474 //\r
551d8081 475 // 7. Hash everything from the end of the checksum to the start of the Cert Directory.\r
476 //\r
f199664c 477 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
551d8081 478 //\r
479 // Use PE32 offset\r
480 //\r
481 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);\r
4333b99d 482 HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;\r
551d8081 483 } else {\r
484 //\r
485 // Use PE32+ offset\r
b3548d32 486 //\r
551d8081 487 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);\r
4333b99d 488 HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;\r
551d8081 489 }\r
0c18794e 490\r
551d8081 491 if (HashSize != 0) {\r
492 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
493 if (!HashStatus) {\r
494 goto Finish;\r
495 }\r
496 }\r
0c18794e 497\r
0c18794e 498 //\r
551d8081 499 // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)\r
500 // 9. Hash everything from the end of the Cert Directory to the end of image header.\r
0c18794e 501 //\r
f199664c 502 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
551d8081 503 //\r
504 // Use PE32 offset\r
505 //\r
506 HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r
507 HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
508 } else {\r
509 //\r
510 // Use PE32+ offset\r
511 //\r
512 HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r
513 HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);\r
514 }\r
b3548d32 515\r
551d8081 516 if (HashSize != 0) {\r
517 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
518 if (!HashStatus) {\r
519 goto Finish;\r
520 }\r
521 }\r
0c18794e 522 }\r
0c18794e 523\r
524 //\r
525 // 10. Set the SUM_OF_BYTES_HASHED to the size of the header\r
526 //\r
f199664c 527 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
0c18794e 528 //\r
529 // Use PE32 offset\r
530 //\r
531 SumOfBytesHashed = Hdr.Pe32->OptionalHeader.SizeOfHeaders;\r
532 } else {\r
533 //\r
534 // Use PE32+ offset\r
535 //\r
536 SumOfBytesHashed = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders;\r
537 }\r
538\r
539 //\r
540 // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER\r
541 // structures in the image. The 'NumberOfSections' field of the image\r
542 // header indicates how big the table should be. Do not include any\r
543 // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.\r
544 //\r
551d8081 545 SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);\r
0c18794e 546 if (SectionHeader == NULL) {\r
547 Status = EFI_OUT_OF_RESOURCES;\r
548 goto Finish;\r
549 }\r
550\r
551 //\r
552 // 12. Using the 'PointerToRawData' in the referenced section headers as\r
553 // a key, arrange the elements in the table in ascending order. In other\r
554 // words, sort the section headers according to the disk-file offset of\r
555 // the section.\r
556 //\r
557 Section = (EFI_IMAGE_SECTION_HEADER *) (\r
558 (UINT8 *) (UINTN) ImageAddress +\r
559 PeCoffHeaderOffset +\r
560 sizeof(UINT32) +\r
561 sizeof(EFI_IMAGE_FILE_HEADER) +\r
562 Hdr.Pe32->FileHeader.SizeOfOptionalHeader\r
563 );\r
564 for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {\r
565 Pos = Index;\r
566 while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {\r
567 CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER));\r
568 Pos--;\r
569 }\r
570 CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER));\r
571 Section += 1;\r
572 }\r
573\r
574 //\r
575 // 13. Walk through the sorted table, bring the corresponding section\r
576 // into memory, and hash the entire section (using the 'SizeOfRawData'\r
577 // field in the section header to determine the amount of data to hash).\r
578 // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .\r
579 // 15. Repeat steps 13 and 14 for all the sections in the sorted table.\r
580 //\r
581 for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {\r
582 Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index];\r
583 if (Section->SizeOfRawData == 0) {\r
584 continue;\r
585 }\r
586 HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData;\r
587 HashSize = (UINTN) Section->SizeOfRawData;\r
588\r
551d8081 589 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
590 if (!HashStatus) {\r
591 goto Finish;\r
592 }\r
0c18794e 593\r
594 SumOfBytesHashed += HashSize;\r
595 }\r
596\r
597 //\r
598 // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra\r
599 // data in the file that needs to be added to the hash. This data begins\r
600 // at file offset SUM_OF_BYTES_HASHED and its length is:\r
601 // FileSize - (CertDirectory->Size)\r
602 //\r
603 if (ImageSize > SumOfBytesHashed) {\r
604 HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed;\r
551d8081 605\r
606 if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {\r
607 CertSize = 0;\r
0c18794e 608 } else {\r
f199664c 609 if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
551d8081 610 //\r
611 // Use PE32 offset.\r
612 //\r
613 CertSize = Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;\r
614 } else {\r
615 //\r
616 // Use PE32+ offset.\r
617 //\r
618 CertSize = Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;\r
28186d45 619 }\r
0c18794e 620 }\r
621\r
551d8081 622 if (ImageSize > CertSize + SumOfBytesHashed) {\r
623 HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed);\r
624\r
625 HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);\r
626 if (!HashStatus) {\r
627 goto Finish;\r
628 }\r
629 } else if (ImageSize < CertSize + SumOfBytesHashed) {\r
630 goto Finish;\r
631 }\r
0c18794e 632 }\r
633\r
634 //\r
635 // 17. Finalize the SHA hash.\r
636 //\r
551d8081 637 HashStatus = Sha1Final (Sha1Ctx, (UINT8 *) &TcgEvent->Digest);\r
638 if (!HashStatus) {\r
639 goto Finish;\r
640 }\r
0c18794e 641\r
642 //\r
643 // Log the PE data\r
644 //\r
645 EventNumber = 1;\r
646 Status = TcgProtocol->HashLogExtendEvent (\r
647 TcgProtocol,\r
648 (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) NULL,\r
649 0,\r
650 TPM_ALG_SHA,\r
651 TcgEvent,\r
652 &EventNumber,\r
653 &EventLogLastEntry\r
654 );\r
772b6011 655 if (Status == EFI_OUT_OF_RESOURCES) {\r
656 //\r
657 // Out of resource here means the image is hashed and its result is extended to PCR.\r
658 // But the event log cann't be saved since log area is full.\r
659 // Just return EFI_SUCCESS in order not to block the image load.\r
660 //\r
661 Status = EFI_SUCCESS;\r
662 }\r
0c18794e 663\r
664Finish:\r
665 FreePool (TcgEvent);\r
666\r
667 if (SectionHeader != NULL) {\r
668 FreePool (SectionHeader);\r
669 }\r
670\r
671 if (Sha1Ctx != NULL ) {\r
672 FreePool (Sha1Ctx);\r
673 }\r
674 return Status;\r
675}\r
676\r
677/**\r
b3548d32
LG
678 The security handler is used to abstract platform-specific policy\r
679 from the DXE core response to an attempt to use a file that returns a\r
680 given status for the authentication check from the section extraction protocol.\r
0c18794e 681\r
b3548d32
LG
682 The possible responses in a given SAP implementation may include locking\r
683 flash upon failure to authenticate, attestation logging for all signed drivers,\r
684 and other exception operations. The File parameter allows for possible logging\r
0c18794e 685 within the SAP of the driver.\r
686\r
687 If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
688\r
b3548d32 689 If the file specified by File with an authentication status specified by\r
0c18794e 690 AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
691\r
b3548d32
LG
692 If the file specified by File with an authentication status specified by\r
693 AuthenticationStatus is not safe for the DXE Core to use under any circumstances,\r
0c18794e 694 then EFI_ACCESS_DENIED is returned.\r
695\r
b3548d32
LG
696 If the file specified by File with an authentication status specified by\r
697 AuthenticationStatus is not safe for the DXE Core to use right now, but it\r
698 might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
0c18794e 699 returned.\r
700\r
5db28a67 701 @param[in] AuthenticationStatus This is the authentication status returned\r
0c18794e 702 from the securitymeasurement services for the\r
703 input file.\r
704 @param[in] File This is a pointer to the device path of the file that is\r
705 being dispatched. This will optionally be used for logging.\r
706 @param[in] FileBuffer File buffer matches the input file device path.\r
707 @param[in] FileSize Size of File buffer matches the input file device path.\r
5db28a67 708 @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.\r
0c18794e 709\r
5db28a67
LG
710 @retval EFI_SUCCESS The file specified by DevicePath and non-NULL\r
711 FileBuffer did authenticate, and the platform policy dictates\r
712 that the DXE Foundation may use the file.\r
713 @retval other error value\r
0c18794e 714**/\r
715EFI_STATUS\r
716EFIAPI\r
717DxeTpmMeasureBootHandler (\r
5db28a67 718 IN UINT32 AuthenticationStatus,\r
0c18794e 719 IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
5db28a67
LG
720 IN VOID *FileBuffer,\r
721 IN UINTN FileSize,\r
722 IN BOOLEAN BootPolicy\r
0c18794e 723 )\r
724{\r
2aadc920 725 EFI_TCG_PROTOCOL *TcgProtocol;\r
726 EFI_STATUS Status;\r
727 TCG_EFI_BOOT_SERVICE_CAPABILITY ProtocolCapability;\r
728 UINT32 TCGFeatureFlags;\r
729 EFI_PHYSICAL_ADDRESS EventLogLocation;\r
730 EFI_PHYSICAL_ADDRESS EventLogLastEntry;\r
731 EFI_DEVICE_PATH_PROTOCOL *DevicePathNode;\r
732 EFI_DEVICE_PATH_PROTOCOL *OrigDevicePathNode;\r
733 EFI_HANDLE Handle;\r
734 EFI_HANDLE TempHandle;\r
735 BOOLEAN ApplicationRequired;\r
736 PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;\r
737 EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;\r
738 EFI_PHYSICAL_ADDRESS FvAddress;\r
2aadc920 739 UINT32 Index;\r
0c18794e 740\r
0c18794e 741 Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);\r
742 if (EFI_ERROR (Status)) {\r
743 //\r
744 // TCG protocol is not installed. So, TPM is not present.\r
745 // Don't do any measurement, and directly return EFI_SUCCESS.\r
746 //\r
747 return EFI_SUCCESS;\r
748 }\r
749\r
750 ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);\r
751 Status = TcgProtocol->StatusCheck (\r
b3548d32 752 TcgProtocol,\r
0c18794e 753 &ProtocolCapability,\r
754 &TCGFeatureFlags,\r
755 &EventLogLocation,\r
756 &EventLogLastEntry\r
757 );\r
6f785cfc 758 if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) {\r
0c18794e 759 //\r
760 // TPM device doesn't work or activate.\r
761 //\r
762 return EFI_SUCCESS;\r
763 }\r
764\r
765 //\r
766 // Copy File Device Path\r
767 //\r
768 OrigDevicePathNode = DuplicateDevicePath (File);\r
b3548d32 769\r
0c18794e 770 //\r
771 // 1. Check whether this device path support BlockIo protocol.\r
772 // Is so, this device path may be a GPT device path.\r
773 //\r
774 DevicePathNode = OrigDevicePathNode;\r
775 Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);\r
776 if (!EFI_ERROR (Status) && !mMeasureGptTableFlag) {\r
777 //\r
778 // Find the gpt partion on the given devicepath\r
779 //\r
780 DevicePathNode = OrigDevicePathNode;\r
4dbb98ab 781 ASSERT (DevicePathNode != NULL);\r
0c18794e 782 while (!IsDevicePathEnd (DevicePathNode)) {\r
783 //\r
784 // Find the Gpt partition\r
785 //\r
786 if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&\r
787 DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {\r
788 //\r
789 // Check whether it is a gpt partition or not\r
b3548d32
LG
790 //\r
791 if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&\r
0c18794e 792 ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {\r
793\r
794 //\r
795 // Change the partition device path to its parent device path (disk) and get the handle.\r
796 //\r
797 DevicePathNode->Type = END_DEVICE_PATH_TYPE;\r
798 DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE;\r
799 DevicePathNode = OrigDevicePathNode;\r
800 Status = gBS->LocateDevicePath (\r
801 &gEfiDiskIoProtocolGuid,\r
802 &DevicePathNode,\r
803 &Handle\r
804 );\r
805 if (!EFI_ERROR (Status)) {\r
806 //\r
807 // Measure GPT disk.\r
808 //\r
809 Status = TcgMeasureGptTable (TcgProtocol, Handle);\r
810 if (!EFI_ERROR (Status)) {\r
811 //\r
812 // GPT disk check done.\r
813 //\r
814 mMeasureGptTableFlag = TRUE;\r
815 }\r
816 }\r
817 FreePool (OrigDevicePathNode);\r
818 OrigDevicePathNode = DuplicateDevicePath (File);\r
819 ASSERT (OrigDevicePathNode != NULL);\r
820 break;\r
821 }\r
822 }\r
823 DevicePathNode = NextDevicePathNode (DevicePathNode);\r
824 }\r
825 }\r
b3548d32 826\r
0c18794e 827 //\r
828 // 2. Measure PE image.\r
829 //\r
830 ApplicationRequired = FALSE;\r
831\r
832 //\r
2aadc920 833 // Check whether this device path support FVB protocol.\r
0c18794e 834 //\r
835 DevicePathNode = OrigDevicePathNode;\r
2aadc920 836 Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);\r
0c18794e 837 if (!EFI_ERROR (Status)) {\r
838 //\r
839 // Don't check FV image, and directly return EFI_SUCCESS.\r
840 // It can be extended to the specific FV authentication according to the different requirement.\r
841 //\r
842 if (IsDevicePathEnd (DevicePathNode)) {\r
843 return EFI_SUCCESS;\r
844 }\r
845 //\r
0758c830 846 // The PE image from unmeasured Firmware volume need be measured\r
847 // The PE image from measured Firmware volume will be mearsured according to policy below.\r
848 // If it is driver, do not measure\r
2aadc920 849 // If it is application, still measure.\r
0c18794e 850 //\r
851 ApplicationRequired = TRUE;\r
2aadc920 852\r
0758c830 853 if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) {\r
2aadc920 854 //\r
855 // Search for Root FV of this PE image\r
856 //\r
857 TempHandle = Handle;\r
858 do {\r
859 Status = gBS->HandleProtocol(\r
b3548d32 860 TempHandle,\r
2aadc920 861 &gEfiFirmwareVolumeBlockProtocolGuid,\r
6dbdb191 862 (VOID**)&FvbProtocol\r
2aadc920 863 );\r
864 TempHandle = FvbProtocol->ParentHandle;\r
865 } while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL);\r
866\r
867 //\r
868 // Search in measured FV Hob\r
869 //\r
870 Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress);\r
871 if (EFI_ERROR(Status)){\r
872 return Status;\r
873 }\r
874\r
2aadc920 875 ApplicationRequired = FALSE;\r
876\r
0758c830 877 for (Index = 0; Index < mMeasuredHobData->Num; Index++) {\r
878 if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {\r
2aadc920 879 //\r
880 // Cache measured FV for next measurement\r
881 //\r
882 mCacheMeasuredHandle = Handle;\r
883 ApplicationRequired = TRUE;\r
884 break;\r
885 }\r
886 }\r
887 }\r
0c18794e 888 }\r
2aadc920 889\r
0c18794e 890 //\r
891 // File is not found.\r
892 //\r
893 if (FileBuffer == NULL) {\r
894 Status = EFI_SECURITY_VIOLATION;\r
895 goto Finish;\r
896 }\r
897\r
a00bd8e0 898 mTpmImageSize = FileSize;\r
28186d45
ED
899 mFileBuffer = FileBuffer;\r
900\r
0c18794e 901 //\r
902 // Measure PE Image\r
903 //\r
904 DevicePathNode = OrigDevicePathNode;\r
905 ZeroMem (&ImageContext, sizeof (ImageContext));\r
906 ImageContext.Handle = (VOID *) FileBuffer;\r
e0192326 907 ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpmMeasureBootLibImageRead;\r
0c18794e 908\r
909 //\r
910 // Get information about the image being loaded\r
911 //\r
912 Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
913 if (EFI_ERROR (Status)) {\r
914 //\r
915 // The information can't be got from the invalid PeImage\r
916 //\r
917 goto Finish;\r
918 }\r
b3548d32 919\r
0c18794e 920 //\r
921 // Measure only application if Application flag is set\r
922 // Measure drivers and applications if Application flag is not set\r
923 //\r
b3548d32
LG
924 if ((!ApplicationRequired) ||\r
925 (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {\r
0c18794e 926 //\r
927 // Print the image path to be measured.\r
b3548d32 928 //\r
0c18794e 929 DEBUG_CODE_BEGIN ();\r
930 CHAR16 *ToText;\r
863986b3
RN
931 ToText = ConvertDevicePathToText (\r
932 DevicePathNode,\r
933 FALSE,\r
934 TRUE\r
935 );\r
936 if (ToText != NULL) {\r
937 DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));\r
938 FreePool (ToText);\r
0c18794e 939 }\r
940 DEBUG_CODE_END ();\r
941\r
942 //\r
943 // Measure PE image into TPM log.\r
944 //\r
945 Status = TcgMeasurePeImage (\r
946 TcgProtocol,\r
b3548d32
LG
947 (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,\r
948 FileSize,\r
949 (UINTN) ImageContext.ImageAddress,\r
950 ImageContext.ImageType,\r
0c18794e 951 DevicePathNode\r
952 );\r
953 }\r
954\r
955 //\r
956 // Done, free the allocated resource.\r
957 //\r
958Finish:\r
5db28a67
LG
959 if (OrigDevicePathNode != NULL) {\r
960 FreePool (OrigDevicePathNode);\r
961 }\r
0c18794e 962\r
963 return Status;\r
964}\r
965\r
966/**\r
967 Register the security handler to provide TPM measure boot service.\r
968\r
969 @param ImageHandle ImageHandle of the loaded driver.\r
970 @param SystemTable Pointer to the EFI System Table.\r
971\r
972 @retval EFI_SUCCESS Register successfully.\r
973 @retval EFI_OUT_OF_RESOURCES No enough memory to register this handler.\r
974**/\r
975EFI_STATUS\r
976EFIAPI\r
977DxeTpmMeasureBootLibConstructor (\r
978 IN EFI_HANDLE ImageHandle,\r
979 IN EFI_SYSTEM_TABLE *SystemTable\r
980 )\r
981{\r
2aadc920 982 EFI_HOB_GUID_TYPE *GuidHob;\r
983\r
984 GuidHob = NULL;\r
985\r
0758c830 986 GuidHob = GetFirstGuidHob (&gMeasuredFvHobGuid);\r
2aadc920 987\r
988 if (GuidHob != NULL) {\r
0758c830 989 mMeasuredHobData = GET_GUID_HOB_DATA (GuidHob);\r
2aadc920 990 }\r
991\r
5db28a67 992 return RegisterSecurity2Handler (\r
0c18794e 993 DxeTpmMeasureBootHandler,\r
994 EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r
995 );\r
996}\r