]>
Commit | Line | Data |
---|---|---|
1abfa4ce JY |
1 | /** @file\r |
2 | This module implements Tcg2 Protocol.\r | |
3 | \r | |
655dabe3 | 4 | Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r |
1abfa4ce JY |
5 | This program and the accompanying materials \r |
6 | are licensed and made available under the terms and conditions of the BSD License \r | |
7 | which accompanies this distribution. The full text of the license may be found at \r | |
8 | http://opensource.org/licenses/bsd-license.php\r | |
9 | \r | |
10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r | |
11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
12 | \r | |
13 | **/\r | |
14 | \r | |
15 | #include <PiDxe.h>\r | |
16 | #include <IndustryStandard/Acpi.h>\r | |
17 | #include <IndustryStandard/PeImage.h>\r | |
1abfa4ce JY |
18 | #include <IndustryStandard/TcpaAcpi.h>\r |
19 | \r | |
20 | #include <Guid/GlobalVariable.h>\r | |
1abfa4ce JY |
21 | #include <Guid/HobList.h>\r |
22 | #include <Guid/TcgEventHob.h>\r | |
23 | #include <Guid/EventGroup.h>\r | |
24 | #include <Guid/EventExitBootServiceFailed.h>\r | |
25 | #include <Guid/ImageAuthentication.h>\r | |
26 | #include <Guid/TpmInstance.h>\r | |
27 | \r | |
28 | #include <Protocol/DevicePath.h>\r | |
29 | #include <Protocol/MpService.h>\r | |
30 | #include <Protocol/VariableWrite.h>\r | |
31 | #include <Protocol/Tcg2Protocol.h>\r | |
32 | #include <Protocol/TrEEProtocol.h>\r | |
33 | \r | |
34 | #include <Library/DebugLib.h>\r | |
35 | #include <Library/BaseMemoryLib.h>\r | |
36 | #include <Library/UefiRuntimeServicesTableLib.h>\r | |
37 | #include <Library/UefiDriverEntryPoint.h>\r | |
38 | #include <Library/HobLib.h>\r | |
39 | #include <Library/UefiBootServicesTableLib.h>\r | |
40 | #include <Library/BaseLib.h>\r | |
41 | #include <Library/MemoryAllocationLib.h>\r | |
42 | #include <Library/PrintLib.h>\r | |
43 | #include <Library/Tpm2CommandLib.h>\r | |
44 | #include <Library/PcdLib.h>\r | |
45 | #include <Library/UefiLib.h>\r | |
46 | #include <Library/Tpm2DeviceLib.h>\r | |
47 | #include <Library/HashLib.h>\r | |
48 | #include <Library/PerformanceLib.h>\r | |
49 | #include <Library/ReportStatusCodeLib.h>\r | |
50 | #include <Library/Tcg2PhysicalPresenceLib.h>\r | |
51 | \r | |
52 | #define PERF_ID_TCG2_DXE 0x3120\r | |
53 | \r | |
54 | typedef struct {\r | |
55 | CHAR16 *VariableName;\r | |
56 | EFI_GUID *VendorGuid;\r | |
57 | } VARIABLE_TYPE;\r | |
58 | \r | |
1abfa4ce JY |
59 | #define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000\r |
60 | #define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000\r | |
61 | \r | |
62 | typedef struct {\r | |
63 | EFI_GUID *EventGuid;\r | |
64 | EFI_TCG2_EVENT_LOG_FORMAT LogFormat;\r | |
65 | } TCG2_EVENT_INFO_STRUCT;\r | |
66 | \r | |
67 | TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = {\r | |
68 | {&gTcgEventEntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2},\r | |
69 | {&gTcgEvent2EntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2},\r | |
70 | };\r | |
71 | \r | |
72 | #define TCG_EVENT_LOG_AREA_COUNT_MAX 2\r | |
73 | \r | |
74 | typedef struct {\r | |
75 | EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat;\r | |
76 | EFI_PHYSICAL_ADDRESS Lasa;\r | |
77 | UINT64 Laml;\r | |
78 | UINTN EventLogSize;\r | |
79 | UINT8 *LastEvent;\r | |
80 | BOOLEAN EventLogStarted;\r | |
81 | BOOLEAN EventLogTruncated;\r | |
82 | } TCG_EVENT_LOG_AREA_STRUCT;\r | |
83 | \r | |
84 | typedef struct _TCG_DXE_DATA {\r | |
85 | EFI_TCG2_BOOT_SERVICE_CAPABILITY BsCap;\r | |
86 | TCG_EVENT_LOG_AREA_STRUCT EventLogAreaStruct[TCG_EVENT_LOG_AREA_COUNT_MAX];\r | |
87 | BOOLEAN GetEventLogCalled[TCG_EVENT_LOG_AREA_COUNT_MAX];\r | |
88 | TCG_EVENT_LOG_AREA_STRUCT FinalEventLogAreaStruct[TCG_EVENT_LOG_AREA_COUNT_MAX];\r | |
89 | EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable[TCG_EVENT_LOG_AREA_COUNT_MAX];\r | |
90 | } TCG_DXE_DATA;\r | |
91 | \r | |
92 | TCG_DXE_DATA mTcgDxeData = {\r | |
93 | {\r | |
94 | sizeof (EFI_TCG2_BOOT_SERVICE_CAPABILITY), // Size\r | |
95 | { 1, 1 }, // StructureVersion\r | |
96 | { 1, 1 }, // ProtocolVersion\r | |
97 | EFI_TCG2_BOOT_HASH_ALG_SHA1, // HashAlgorithmBitmap\r | |
98 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2, // SupportedEventLogs\r | |
99 | TRUE, // TPMPresentFlag\r | |
100 | TCG2_DEFAULT_MAX_COMMAND_SIZE, // MaxCommandSize\r | |
101 | TCG2_DEFAULT_MAX_RESPONSE_SIZE, // MaxResponseSize\r | |
102 | 0, // ManufacturerID\r | |
103 | 0, // NumberOfPCRBanks\r | |
104 | 0, // ActivePcrBanks\r | |
105 | },\r | |
106 | };\r | |
107 | \r | |
108 | UINTN mBootAttempts = 0;\r | |
109 | CHAR16 mBootVarName[] = L"BootOrder";\r | |
110 | \r | |
111 | VARIABLE_TYPE mVariableType[] = {\r | |
112 | {EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid},\r | |
113 | {EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid},\r | |
114 | {EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid},\r | |
115 | {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid},\r | |
116 | {EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid},\r | |
117 | };\r | |
118 | \r | |
119 | EFI_HANDLE mImageHandle;\r | |
120 | \r | |
121 | /**\r | |
122 | Measure PE image into TPM log based on the authenticode image hashing in\r | |
123 | PE/COFF Specification 8.0 Appendix A.\r | |
124 | \r | |
125 | Caution: This function may receive untrusted input.\r | |
126 | PE/COFF image is external input, so this function will validate its data structure\r | |
127 | within this image buffer before use.\r | |
128 | \r | |
129 | @param[in] PCRIndex TPM PCR index\r | |
130 | @param[in] ImageAddress Start address of image buffer.\r | |
131 | @param[in] ImageSize Image size\r | |
132 | @param[out] DigestList Digeest list of this image.\r | |
133 | \r | |
134 | @retval EFI_SUCCESS Successfully measure image.\r | |
135 | @retval EFI_OUT_OF_RESOURCES No enough resource to measure image.\r | |
136 | @retval other error value\r | |
137 | **/\r | |
138 | EFI_STATUS\r | |
139 | MeasurePeImageAndExtend (\r | |
140 | IN UINT32 PCRIndex,\r | |
141 | IN EFI_PHYSICAL_ADDRESS ImageAddress,\r | |
142 | IN UINTN ImageSize,\r | |
143 | OUT TPML_DIGEST_VALUES *DigestList\r | |
144 | );\r | |
145 | \r | |
146 | /**\r | |
147 | \r | |
148 | This function dump raw data.\r | |
149 | \r | |
150 | @param Data raw data\r | |
151 | @param Size raw data size\r | |
152 | \r | |
153 | **/\r | |
154 | VOID\r | |
155 | InternalDumpData (\r | |
156 | IN UINT8 *Data,\r | |
157 | IN UINTN Size\r | |
158 | )\r | |
159 | {\r | |
160 | UINTN Index;\r | |
161 | for (Index = 0; Index < Size; Index++) {\r | |
162 | DEBUG ((EFI_D_INFO, "%02x", (UINTN)Data[Index]));\r | |
163 | }\r | |
164 | }\r | |
165 | \r | |
166 | /**\r | |
167 | \r | |
168 | This function dump raw data with colume format.\r | |
169 | \r | |
170 | @param Data raw data\r | |
171 | @param Size raw data size\r | |
172 | \r | |
173 | **/\r | |
174 | VOID\r | |
175 | InternalDumpHex (\r | |
176 | IN UINT8 *Data,\r | |
177 | IN UINTN Size\r | |
178 | )\r | |
179 | {\r | |
180 | UINTN Index;\r | |
181 | UINTN Count;\r | |
182 | UINTN Left;\r | |
183 | \r | |
184 | #define COLUME_SIZE (16 * 2)\r | |
185 | \r | |
186 | Count = Size / COLUME_SIZE;\r | |
187 | Left = Size % COLUME_SIZE;\r | |
188 | for (Index = 0; Index < Count; Index++) {\r | |
189 | DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE));\r | |
190 | InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE);\r | |
191 | DEBUG ((EFI_D_INFO, "\n"));\r | |
192 | }\r | |
193 | \r | |
194 | if (Left != 0) {\r | |
195 | DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE));\r | |
196 | InternalDumpData (Data + Index * COLUME_SIZE, Left);\r | |
197 | DEBUG ((EFI_D_INFO, "\n"));\r | |
198 | }\r | |
199 | }\r | |
200 | \r | |
201 | /**\r | |
202 | Check if buffer is all zero.\r | |
203 | \r | |
204 | @param[in] Buffer Buffer to be checked.\r | |
205 | @param[in] BufferSize Size of buffer to be checked.\r | |
206 | \r | |
207 | @retval TRUE Buffer is all zero.\r | |
208 | @retval FALSE Buffer is not all zero.\r | |
209 | **/\r | |
210 | BOOLEAN\r | |
211 | IsZeroBuffer (\r | |
212 | IN VOID *Buffer,\r | |
213 | IN UINTN BufferSize\r | |
214 | )\r | |
215 | {\r | |
216 | UINT8 *BufferData;\r | |
217 | UINTN Index;\r | |
218 | \r | |
219 | BufferData = Buffer;\r | |
220 | for (Index = 0; Index < BufferSize; Index++) {\r | |
221 | if (BufferData[Index] != 0) {\r | |
222 | return FALSE;\r | |
223 | }\r | |
224 | }\r | |
225 | return TRUE;\r | |
226 | }\r | |
227 | \r | |
228 | /**\r | |
229 | Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function\r | |
230 | Caller is responsible to free LocationBuf.\r | |
231 | \r | |
232 | @param[out] LocationBuf Returns Processor Location Buffer.\r | |
233 | @param[out] Num Returns processor number.\r | |
234 | \r | |
235 | @retval EFI_SUCCESS Operation completed successfully.\r | |
236 | @retval EFI_UNSUPPORTED MpService protocol not found.\r | |
237 | \r | |
238 | **/\r | |
239 | EFI_STATUS\r | |
240 | GetProcessorsCpuLocation (\r | |
241 | OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf,\r | |
242 | OUT UINTN *Num\r | |
243 | )\r | |
244 | {\r | |
245 | EFI_STATUS Status;\r | |
246 | EFI_MP_SERVICES_PROTOCOL *MpProtocol;\r | |
247 | UINTN ProcessorNum;\r | |
248 | UINTN EnabledProcessorNum;\r | |
249 | EFI_PROCESSOR_INFORMATION ProcessorInfo;\r | |
250 | EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;\r | |
251 | UINTN Index;\r | |
252 | \r | |
253 | Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **) &MpProtocol);\r | |
254 | if (EFI_ERROR (Status)) {\r | |
255 | //\r | |
256 | // MP protocol is not installed\r | |
257 | //\r | |
258 | return EFI_UNSUPPORTED;\r | |
259 | }\r | |
260 | \r | |
261 | Status = MpProtocol->GetNumberOfProcessors(\r | |
262 | MpProtocol,\r | |
263 | &ProcessorNum,\r | |
264 | &EnabledProcessorNum\r | |
265 | );\r | |
266 | if (EFI_ERROR(Status)){\r | |
267 | return Status;\r | |
268 | }\r | |
269 | \r | |
270 | Status = gBS->AllocatePool(\r | |
271 | EfiBootServicesData,\r | |
272 | sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,\r | |
273 | (VOID **) &ProcessorLocBuf\r | |
274 | );\r | |
275 | if (EFI_ERROR(Status)){\r | |
276 | return Status;\r | |
277 | }\r | |
278 | \r | |
279 | //\r | |
280 | // Get each processor Location info\r | |
281 | //\r | |
282 | for (Index = 0; Index < ProcessorNum; Index++) {\r | |
283 | Status = MpProtocol->GetProcessorInfo(\r | |
284 | MpProtocol,\r | |
285 | Index,\r | |
286 | &ProcessorInfo\r | |
287 | );\r | |
288 | if (EFI_ERROR(Status)){\r | |
289 | FreePool(ProcessorLocBuf);\r | |
290 | return Status;\r | |
291 | }\r | |
292 | \r | |
293 | //\r | |
294 | // Get all Processor Location info & measure\r | |
295 | //\r | |
296 | CopyMem(\r | |
297 | &ProcessorLocBuf[Index],\r | |
298 | &ProcessorInfo.Location,\r | |
299 | sizeof(EFI_CPU_PHYSICAL_LOCATION)\r | |
300 | );\r | |
301 | }\r | |
302 | \r | |
303 | *LocationBuf = ProcessorLocBuf;\r | |
304 | *Num = ProcessorNum;\r | |
305 | \r | |
306 | return Status;\r | |
307 | }\r | |
308 | \r | |
309 | /**\r | |
310 | The EFI_TCG2_PROTOCOL GetCapability function call provides protocol\r | |
311 | capability information and state information.\r | |
312 | \r | |
313 | @param[in] This Indicates the calling context\r | |
314 | @param[in, out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY\r | |
315 | structure and sets the size field to the size of the structure allocated.\r | |
316 | The callee fills in the fields with the EFI protocol capability information\r | |
317 | and the current EFI TCG2 state information up to the number of fields which\r | |
318 | fit within the size of the structure passed in.\r | |
319 | \r | |
320 | @retval EFI_SUCCESS Operation completed successfully.\r | |
321 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
322 | The ProtocolCapability variable will not be populated. \r | |
323 | @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.\r | |
324 | The ProtocolCapability variable will not be populated.\r | |
325 | @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response.\r | |
326 | It will be partially populated (required Size field will be set). \r | |
327 | **/\r | |
328 | EFI_STATUS\r | |
329 | EFIAPI\r | |
330 | Tcg2GetCapability (\r | |
331 | IN EFI_TCG2_PROTOCOL *This,\r | |
332 | IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability\r | |
333 | )\r | |
334 | {\r | |
335 | DEBUG ((EFI_D_INFO, "Tcg2GetCapability ...\n"));\r | |
336 | \r | |
337 | if ((This == NULL) || (ProtocolCapability == NULL)) {\r | |
338 | return EFI_INVALID_PARAMETER;\r | |
339 | }\r | |
340 | \r | |
341 | DEBUG ((EFI_D_INFO, "Size - 0x%x\n", ProtocolCapability->Size));\r | |
342 | DEBUG ((EFI_D_INFO, " 1.1 - 0x%x, 1.0 - 0x%x\n", sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY), sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0)));\r | |
343 | \r | |
344 | if (ProtocolCapability->Size < mTcgDxeData.BsCap.Size) {\r | |
345 | //\r | |
346 | // Handle the case that firmware support 1.1 but OS only support 1.0.\r | |
347 | //\r | |
348 | if ((mTcgDxeData.BsCap.ProtocolVersion.Major > 0x01) || \r | |
349 | ((mTcgDxeData.BsCap.ProtocolVersion.Major == 0x01) && ((mTcgDxeData.BsCap.ProtocolVersion.Minor > 0x00)))) {\r | |
350 | if (ProtocolCapability->Size >= sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0)) {\r | |
351 | CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0));\r | |
352 | ProtocolCapability->Size = sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0);\r | |
353 | ProtocolCapability->StructureVersion.Major = 1;\r | |
354 | ProtocolCapability->StructureVersion.Minor = 0;\r | |
355 | ProtocolCapability->ProtocolVersion.Major = 1;\r | |
356 | ProtocolCapability->ProtocolVersion.Minor = 0;\r | |
357 | DEBUG ((EFI_D_ERROR, "TreeGetCapability (Compatible) - %r\n", EFI_SUCCESS));\r | |
358 | return EFI_SUCCESS;\r | |
359 | }\r | |
360 | }\r | |
361 | ProtocolCapability->Size = mTcgDxeData.BsCap.Size;\r | |
362 | return EFI_BUFFER_TOO_SMALL;\r | |
363 | }\r | |
364 | \r | |
365 | CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, mTcgDxeData.BsCap.Size);\r | |
366 | DEBUG ((EFI_D_INFO, "Tcg2GetCapability - %r\n", EFI_SUCCESS));\r | |
367 | return EFI_SUCCESS;\r | |
368 | }\r | |
369 | \r | |
370 | /**\r | |
371 | This function dump PCR event.\r | |
372 | \r | |
373 | @param[in] EventHdr TCG PCR event structure.\r | |
374 | **/\r | |
375 | VOID\r | |
376 | DumpEvent (\r | |
377 | IN TCG_PCR_EVENT_HDR *EventHdr\r | |
378 | )\r | |
379 | {\r | |
380 | UINTN Index;\r | |
381 | \r | |
382 | DEBUG ((EFI_D_INFO, " Event:\n"));\r | |
383 | DEBUG ((EFI_D_INFO, " PCRIndex - %d\n", EventHdr->PCRIndex));\r | |
384 | DEBUG ((EFI_D_INFO, " EventType - 0x%08x\n", EventHdr->EventType));\r | |
385 | DEBUG ((EFI_D_INFO, " Digest - "));\r | |
386 | for (Index = 0; Index < sizeof(TCG_DIGEST); Index++) {\r | |
387 | DEBUG ((EFI_D_INFO, "%02x ", EventHdr->Digest.digest[Index]));\r | |
388 | }\r | |
389 | DEBUG ((EFI_D_INFO, "\n"));\r | |
390 | DEBUG ((EFI_D_INFO, " EventSize - 0x%08x\n", EventHdr->EventSize));\r | |
391 | InternalDumpHex ((UINT8 *)(EventHdr + 1), EventHdr->EventSize);\r | |
392 | }\r | |
393 | \r | |
394 | /**\r | |
395 | This function dump TCG_EfiSpecIDEventStruct.\r | |
396 | \r | |
397 | @param[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct.\r | |
398 | **/\r | |
399 | VOID\r | |
400 | DumpTcgEfiSpecIdEventStruct (\r | |
401 | IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct\r | |
402 | )\r | |
403 | {\r | |
a9092578 | 404 | TCG_EfiSpecIdEventAlgorithmSize *DigestSize;\r |
1abfa4ce | 405 | UINTN Index;\r |
a9092578 QS |
406 | UINT8 *VendorInfoSize;\r |
407 | UINT8 *VendorInfo;\r | |
408 | UINT32 NumberOfAlgorithms;\r | |
1abfa4ce JY |
409 | \r |
410 | DEBUG ((EFI_D_INFO, " TCG_EfiSpecIDEventStruct:\n"));\r | |
411 | DEBUG ((EFI_D_INFO, " signature - '"));\r | |
412 | for (Index = 0; Index < sizeof(TcgEfiSpecIdEventStruct->signature); Index++) {\r | |
413 | DEBUG ((EFI_D_INFO, "%c", TcgEfiSpecIdEventStruct->signature[Index]));\r | |
414 | }\r | |
415 | DEBUG ((EFI_D_INFO, "'\n"));\r | |
416 | DEBUG ((EFI_D_INFO, " platformClass - 0x%08x\n", TcgEfiSpecIdEventStruct->platformClass));\r | |
417 | DEBUG ((EFI_D_INFO, " specVersion - %d.%d%d\n", TcgEfiSpecIdEventStruct->specVersionMajor, TcgEfiSpecIdEventStruct->specVersionMinor, TcgEfiSpecIdEventStruct->specErrata));\r | |
418 | DEBUG ((EFI_D_INFO, " uintnSize - 0x%02x\n", TcgEfiSpecIdEventStruct->uintnSize));\r | |
419 | \r | |
a9092578 QS |
420 | CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof(NumberOfAlgorithms));\r |
421 | DEBUG ((EFI_D_INFO, " NumberOfAlgorithms - 0x%08x\n", NumberOfAlgorithms));\r | |
1abfa4ce | 422 | \r |
a9092578 QS |
423 | DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms));\r |
424 | for (Index = 0; Index < NumberOfAlgorithms; Index++) {\r | |
1abfa4ce | 425 | DEBUG ((EFI_D_INFO, " digest(%d)\n", Index));\r |
a9092578 QS |
426 | DEBUG ((EFI_D_INFO, " algorithmId - 0x%04x\n", DigestSize[Index].algorithmId));\r |
427 | DEBUG ((EFI_D_INFO, " digestSize - 0x%04x\n", DigestSize[Index].digestSize));\r | |
1abfa4ce | 428 | }\r |
a9092578 QS |
429 | VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms];\r |
430 | DEBUG ((EFI_D_INFO, " VendorInfoSize - 0x%02x\n", *VendorInfoSize));\r | |
431 | VendorInfo = VendorInfoSize + 1;\r | |
432 | DEBUG ((EFI_D_INFO, " VendorInfo - "));\r | |
433 | for (Index = 0; Index < *VendorInfoSize; Index++) {\r | |
434 | DEBUG ((EFI_D_INFO, "%02x ", VendorInfo[Index]));\r | |
1abfa4ce JY |
435 | }\r |
436 | DEBUG ((EFI_D_INFO, "\n"));\r | |
437 | }\r | |
438 | \r | |
439 | /**\r | |
440 | This function get size of TCG_EfiSpecIDEventStruct.\r | |
441 | \r | |
442 | @param[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct.\r | |
443 | **/\r | |
444 | UINTN\r | |
445 | GetTcgEfiSpecIdEventStructSize (\r | |
446 | IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct\r | |
447 | )\r | |
448 | {\r | |
a9092578 QS |
449 | TCG_EfiSpecIdEventAlgorithmSize *DigestSize;\r |
450 | UINT8 *VendorInfoSize;\r | |
451 | UINT32 NumberOfAlgorithms;\r | |
1abfa4ce | 452 | \r |
a9092578 | 453 | CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof(NumberOfAlgorithms));\r |
1abfa4ce | 454 | \r |
a9092578 QS |
455 | DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms));\r |
456 | VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms];\r | |
457 | return sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (NumberOfAlgorithms * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8) + (*VendorInfoSize);\r | |
1abfa4ce JY |
458 | }\r |
459 | \r | |
460 | /**\r | |
461 | This function dump PCR event 2.\r | |
462 | \r | |
463 | @param[in] TcgPcrEvent2 TCG PCR event 2 structure.\r | |
464 | **/\r | |
465 | VOID\r | |
466 | DumpEvent2 (\r | |
467 | IN TCG_PCR_EVENT2 *TcgPcrEvent2\r | |
468 | )\r | |
469 | {\r | |
470 | UINTN Index;\r | |
471 | UINT32 DigestIndex;\r | |
472 | UINT32 DigestCount;\r | |
473 | TPMI_ALG_HASH HashAlgo;\r | |
474 | UINT32 DigestSize;\r | |
475 | UINT8 *DigestBuffer;\r | |
476 | UINT32 EventSize;\r | |
477 | UINT8 *EventBuffer;\r | |
478 | \r | |
479 | DEBUG ((EFI_D_INFO, " Event:\n"));\r | |
480 | DEBUG ((EFI_D_INFO, " PCRIndex - %d\n", TcgPcrEvent2->PCRIndex));\r | |
481 | DEBUG ((EFI_D_INFO, " EventType - 0x%08x\n", TcgPcrEvent2->EventType));\r | |
482 | \r | |
483 | DEBUG ((EFI_D_INFO, " DigestCount: 0x%08x\n", TcgPcrEvent2->Digest.count));\r | |
484 | \r | |
485 | DigestCount = TcgPcrEvent2->Digest.count;\r | |
486 | HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg;\r | |
487 | DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest;\r | |
488 | for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) {\r | |
489 | DEBUG ((EFI_D_INFO, " HashAlgo : 0x%04x\n", HashAlgo));\r | |
490 | DEBUG ((EFI_D_INFO, " Digest(%d): ", DigestIndex));\r | |
491 | DigestSize = GetHashSizeFromAlgo (HashAlgo);\r | |
492 | for (Index = 0; Index < DigestSize; Index++) {\r | |
493 | DEBUG ((EFI_D_INFO, "%02x ", DigestBuffer[Index]));\r | |
494 | }\r | |
495 | DEBUG ((EFI_D_INFO, "\n"));\r | |
496 | //\r | |
497 | // Prepare next\r | |
498 | //\r | |
499 | CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof(TPMI_ALG_HASH));\r | |
500 | DigestBuffer = DigestBuffer + DigestSize + sizeof(TPMI_ALG_HASH);\r | |
501 | }\r | |
502 | DEBUG ((EFI_D_INFO, "\n"));\r | |
503 | DigestBuffer = DigestBuffer - sizeof(TPMI_ALG_HASH);\r | |
504 | \r | |
505 | CopyMem (&EventSize, DigestBuffer, sizeof(TcgPcrEvent2->EventSize));\r | |
506 | DEBUG ((EFI_D_INFO, " EventSize - 0x%08x\n", EventSize));\r | |
507 | EventBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize);\r | |
508 | InternalDumpHex (EventBuffer, EventSize);\r | |
509 | }\r | |
510 | \r | |
511 | /**\r | |
512 | This function returns size of TCG PCR event 2.\r | |
513 | \r | |
514 | @param[in] TcgPcrEvent2 TCG PCR event 2 structure.\r | |
515 | \r | |
516 | @return size of TCG PCR event 2.\r | |
517 | **/\r | |
518 | UINTN\r | |
519 | GetPcrEvent2Size (\r | |
520 | IN TCG_PCR_EVENT2 *TcgPcrEvent2\r | |
521 | )\r | |
522 | {\r | |
523 | UINT32 DigestIndex;\r | |
524 | UINT32 DigestCount;\r | |
525 | TPMI_ALG_HASH HashAlgo;\r | |
526 | UINT32 DigestSize;\r | |
527 | UINT8 *DigestBuffer;\r | |
528 | UINT32 EventSize;\r | |
529 | UINT8 *EventBuffer;\r | |
530 | \r | |
531 | DigestCount = TcgPcrEvent2->Digest.count;\r | |
532 | HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg;\r | |
533 | DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest;\r | |
534 | for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) {\r | |
535 | DigestSize = GetHashSizeFromAlgo (HashAlgo);\r | |
536 | //\r | |
537 | // Prepare next\r | |
538 | //\r | |
539 | CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof(TPMI_ALG_HASH));\r | |
540 | DigestBuffer = DigestBuffer + DigestSize + sizeof(TPMI_ALG_HASH);\r | |
541 | }\r | |
542 | DigestBuffer = DigestBuffer - sizeof(TPMI_ALG_HASH);\r | |
543 | \r | |
544 | CopyMem (&EventSize, DigestBuffer, sizeof(TcgPcrEvent2->EventSize));\r | |
545 | EventBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize);\r | |
546 | \r | |
547 | return (UINTN)EventBuffer + EventSize - (UINTN)TcgPcrEvent2;\r | |
548 | }\r | |
549 | \r | |
550 | /**\r | |
551 | This function dump event log.\r | |
552 | \r | |
553 | @param[in] EventLogFormat The type of the event log for which the information is requested.\r | |
554 | @param[in] EventLogLocation A pointer to the memory address of the event log.\r | |
555 | @param[in] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the\r | |
556 | address of the start of the last entry in the event log in memory.\r | |
557 | @param[in] FinalEventsTable A pointer to the memory address of the final event table.\r | |
558 | **/\r | |
559 | VOID\r | |
560 | DumpEventLog (\r | |
561 | IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,\r | |
562 | IN EFI_PHYSICAL_ADDRESS EventLogLocation,\r | |
563 | IN EFI_PHYSICAL_ADDRESS EventLogLastEntry,\r | |
564 | IN EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable\r | |
565 | )\r | |
566 | {\r | |
567 | TCG_PCR_EVENT_HDR *EventHdr;\r | |
568 | TCG_PCR_EVENT2 *TcgPcrEvent2;\r | |
569 | TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct;\r | |
570 | UINTN NumberOfEvents;\r | |
571 | \r | |
572 | DEBUG ((EFI_D_INFO, "EventLogFormat: (0x%x)\n", EventLogFormat));\r | |
573 | \r | |
574 | switch (EventLogFormat) {\r | |
575 | case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:\r | |
576 | EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation;\r | |
577 | while ((UINTN)EventHdr <= EventLogLastEntry) {\r | |
578 | DumpEvent (EventHdr);\r | |
579 | EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof(TCG_PCR_EVENT_HDR) + EventHdr->EventSize);\r | |
580 | }\r | |
581 | if (FinalEventsTable == NULL) {\r | |
582 | DEBUG ((EFI_D_INFO, "FinalEventsTable: NOT FOUND\n"));\r | |
583 | } else {\r | |
584 | DEBUG ((EFI_D_INFO, "FinalEventsTable: (0x%x)\n", FinalEventsTable));\r | |
585 | DEBUG ((EFI_D_INFO, " Version: (0x%x)\n", FinalEventsTable->Version));\r | |
586 | DEBUG ((EFI_D_INFO, " NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents));\r | |
587 | \r | |
588 | EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)(FinalEventsTable + 1);\r | |
589 | for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) {\r | |
590 | DumpEvent (EventHdr);\r | |
591 | EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof(TCG_PCR_EVENT_HDR) + EventHdr->EventSize);\r | |
592 | }\r | |
593 | }\r | |
594 | break;\r | |
595 | case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2:\r | |
596 | //\r | |
597 | // Dump first event \r | |
598 | //\r | |
599 | EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation;\r | |
600 | DumpEvent (EventHdr);\r | |
601 | \r | |
602 | TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)(EventHdr + 1);\r | |
603 | DumpTcgEfiSpecIdEventStruct (TcgEfiSpecIdEventStruct);\r | |
604 | \r | |
605 | TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgEfiSpecIdEventStruct + GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct));\r | |
606 | while ((UINTN)TcgPcrEvent2 <= EventLogLastEntry) {\r | |
607 | DumpEvent2 (TcgPcrEvent2);\r | |
608 | TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2));\r | |
609 | }\r | |
610 | \r | |
611 | if (FinalEventsTable == NULL) {\r | |
612 | DEBUG ((EFI_D_INFO, "FinalEventsTable: NOT FOUND\n"));\r | |
613 | } else {\r | |
614 | DEBUG ((EFI_D_INFO, "FinalEventsTable: (0x%x)\n", FinalEventsTable));\r | |
615 | DEBUG ((EFI_D_INFO, " Version: (0x%x)\n", FinalEventsTable->Version));\r | |
616 | DEBUG ((EFI_D_INFO, " NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents));\r | |
617 | \r | |
618 | TcgPcrEvent2 = (TCG_PCR_EVENT2 *)(UINTN)(FinalEventsTable + 1);\r | |
619 | for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) {\r | |
620 | DumpEvent2 (TcgPcrEvent2);\r | |
621 | TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2));\r | |
622 | }\r | |
623 | }\r | |
624 | break;\r | |
625 | }\r | |
626 | \r | |
627 | return ;\r | |
628 | }\r | |
629 | \r | |
630 | /**\r | |
631 | The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to\r | |
632 | retrieve the address of a given event log and its last entry. \r | |
633 | \r | |
634 | @param[in] This Indicates the calling context\r | |
635 | @param[in] EventLogFormat The type of the event log for which the information is requested.\r | |
636 | @param[out] EventLogLocation A pointer to the memory address of the event log.\r | |
637 | @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the\r | |
638 | address of the start of the last entry in the event log in memory.\r | |
639 | @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would\r | |
640 | have exceeded the area allocated for events, this value is set to TRUE.\r | |
641 | Otherwise, the value will be FALSE and the Event Log will be complete.\r | |
642 | \r | |
643 | @retval EFI_SUCCESS Operation completed successfully.\r | |
644 | @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect\r | |
645 | (e.g. asking for an event log whose format is not supported).\r | |
646 | **/\r | |
647 | EFI_STATUS\r | |
648 | EFIAPI\r | |
649 | Tcg2GetEventLog (\r | |
650 | IN EFI_TCG2_PROTOCOL *This,\r | |
651 | IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,\r | |
652 | OUT EFI_PHYSICAL_ADDRESS *EventLogLocation,\r | |
653 | OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry,\r | |
654 | OUT BOOLEAN *EventLogTruncated\r | |
655 | )\r | |
656 | {\r | |
657 | UINTN Index;\r | |
658 | \r | |
659 | DEBUG ((EFI_D_INFO, "Tcg2GetEventLog ... (0x%x)\n", EventLogFormat));\r | |
660 | \r | |
661 | if (This == NULL) {\r | |
662 | return EFI_INVALID_PARAMETER;\r | |
663 | }\r | |
664 | \r | |
665 | for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {\r | |
666 | if (EventLogFormat == mTcg2EventInfo[Index].LogFormat) {\r | |
667 | break;\r | |
668 | }\r | |
669 | }\r | |
670 | \r | |
671 | if (Index == sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])) {\r | |
672 | return EFI_INVALID_PARAMETER;\r | |
673 | }\r | |
674 | \r | |
675 | if ((mTcg2EventInfo[Index].LogFormat & mTcgDxeData.BsCap.SupportedEventLogs) == 0) {\r | |
676 | return EFI_INVALID_PARAMETER;\r | |
677 | }\r | |
678 | \r | |
679 | if (!mTcgDxeData.BsCap.TPMPresentFlag) {\r | |
680 | if (EventLogLocation != NULL) {\r | |
681 | *EventLogLocation = 0;\r | |
682 | }\r | |
683 | if (EventLogLastEntry != NULL) {\r | |
684 | *EventLogLastEntry = 0;\r | |
685 | }\r | |
686 | if (EventLogTruncated != NULL) {\r | |
687 | *EventLogTruncated = FALSE;\r | |
688 | }\r | |
689 | return EFI_SUCCESS;\r | |
690 | }\r | |
691 | \r | |
692 | if (EventLogLocation != NULL) {\r | |
693 | *EventLogLocation = mTcgDxeData.EventLogAreaStruct[Index].Lasa;\r | |
694 | DEBUG ((EFI_D_INFO, "Tcg2GetEventLog (EventLogLocation - %x)\n", *EventLogLocation));\r | |
695 | }\r | |
696 | \r | |
697 | if (EventLogLastEntry != NULL) {\r | |
698 | if (!mTcgDxeData.EventLogAreaStruct[Index].EventLogStarted) {\r | |
699 | *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)0;\r | |
700 | } else {\r | |
701 | *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)mTcgDxeData.EventLogAreaStruct[Index].LastEvent;\r | |
702 | }\r | |
703 | DEBUG ((EFI_D_INFO, "Tcg2GetEventLog (EventLogLastEntry - %x)\n", *EventLogLastEntry));\r | |
704 | }\r | |
705 | \r | |
706 | if (EventLogTruncated != NULL) {\r | |
707 | *EventLogTruncated = mTcgDxeData.EventLogAreaStruct[Index].EventLogTruncated;\r | |
708 | DEBUG ((EFI_D_INFO, "Tcg2GetEventLog (EventLogTruncated - %x)\n", *EventLogTruncated));\r | |
709 | }\r | |
710 | \r | |
711 | DEBUG ((EFI_D_INFO, "Tcg2GetEventLog - %r\n", EFI_SUCCESS));\r | |
712 | \r | |
713 | // Dump Event Log for debug purpose\r | |
714 | if ((EventLogLocation != NULL) && (EventLogLastEntry != NULL)) {\r | |
715 | DumpEventLog (EventLogFormat, *EventLogLocation, *EventLogLastEntry, mTcgDxeData.FinalEventsTable[Index]);\r | |
716 | }\r | |
717 | \r | |
718 | //\r | |
719 | // All events generated after the invocation of EFI_TCG2_GET_EVENT_LOG SHALL be stored\r | |
720 | // in an instance of an EFI_CONFIGURATION_TABLE named by the VendorGuid of EFI_TCG2_FINAL_EVENTS_TABLE_GUID.\r | |
721 | //\r | |
722 | mTcgDxeData.GetEventLogCalled[Index] = TRUE;\r | |
723 | \r | |
724 | return EFI_SUCCESS;\r | |
725 | }\r | |
726 | \r | |
727 | /**\r | |
728 | Add a new entry to the Event Log.\r | |
729 | \r | |
730 | @param[in, out] EventLogPtr Pointer to the Event Log data. \r | |
731 | @param[in, out] LogSize Size of the Event Log. \r | |
732 | @param[in] MaxSize Maximum size of the Event Log.\r | |
733 | @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. \r | |
734 | @param[in] NewEventHdrSize New event header size.\r | |
735 | @param[in] NewEventData Pointer to the new event data. \r | |
736 | @param[in] NewEventSize New event data size.\r | |
737 | \r | |
738 | @retval EFI_SUCCESS The new event log entry was added.\r | |
739 | @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r | |
740 | \r | |
741 | **/\r | |
742 | EFI_STATUS\r | |
743 | TcgCommLogEvent (\r | |
744 | IN OUT UINT8 **EventLogPtr,\r | |
745 | IN OUT UINTN *LogSize,\r | |
746 | IN UINTN MaxSize,\r | |
747 | IN VOID *NewEventHdr,\r | |
748 | IN UINT32 NewEventHdrSize,\r | |
749 | IN UINT8 *NewEventData,\r | |
750 | IN UINT32 NewEventSize\r | |
751 | )\r | |
752 | {\r | |
753 | UINTN NewLogSize;\r | |
754 | \r | |
755 | if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) {\r | |
756 | return EFI_OUT_OF_RESOURCES;\r | |
757 | }\r | |
758 | \r | |
759 | NewLogSize = NewEventHdrSize + NewEventSize;\r | |
760 | \r | |
761 | if (NewLogSize > MAX_ADDRESS - *LogSize) {\r | |
762 | return EFI_OUT_OF_RESOURCES;\r | |
763 | }\r | |
764 | \r | |
765 | if (NewLogSize + *LogSize > MaxSize) {\r | |
766 | DEBUG ((EFI_D_INFO, " MaxSize - 0x%x\n", MaxSize));\r | |
767 | DEBUG ((EFI_D_INFO, " NewLogSize - 0x%x\n", NewLogSize));\r | |
768 | DEBUG ((EFI_D_INFO, " LogSize - 0x%x\n", *LogSize));\r | |
769 | DEBUG ((EFI_D_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES));\r | |
770 | return EFI_OUT_OF_RESOURCES;\r | |
771 | }\r | |
772 | \r | |
773 | *EventLogPtr += *LogSize;\r | |
774 | *LogSize += NewLogSize;\r | |
775 | CopyMem (*EventLogPtr, NewEventHdr, NewEventHdrSize);\r | |
776 | CopyMem (\r | |
777 | *EventLogPtr + NewEventHdrSize,\r | |
778 | NewEventData,\r | |
779 | NewEventSize\r | |
780 | );\r | |
781 | return EFI_SUCCESS;\r | |
782 | }\r | |
783 | \r | |
784 | /**\r | |
785 | Add a new entry to the Event Log.\r | |
786 | \r | |
787 | @param[in] EventLogFormat The type of the event log for which the information is requested.\r | |
788 | @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. \r | |
789 | @param[in] NewEventHdrSize New event header size.\r | |
790 | @param[in] NewEventData Pointer to the new event data. \r | |
791 | @param[in] NewEventSize New event data size.\r | |
792 | \r | |
793 | @retval EFI_SUCCESS The new event log entry was added.\r | |
794 | @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r | |
795 | \r | |
796 | **/\r | |
797 | EFI_STATUS\r | |
798 | TcgDxeLogEvent (\r | |
799 | IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,\r | |
800 | IN VOID *NewEventHdr,\r | |
801 | IN UINT32 NewEventHdrSize,\r | |
802 | IN UINT8 *NewEventData,\r | |
803 | IN UINT32 NewEventSize\r | |
804 | )\r | |
805 | {\r | |
806 | EFI_STATUS Status;\r | |
807 | UINTN Index;\r | |
808 | TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct;\r | |
809 | \r | |
810 | for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {\r | |
811 | if (EventLogFormat == mTcg2EventInfo[Index].LogFormat) {\r | |
812 | break;\r | |
813 | }\r | |
814 | }\r | |
815 | \r | |
816 | if (Index == sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])) {\r | |
817 | return EFI_INVALID_PARAMETER;\r | |
818 | }\r | |
819 | \r | |
820 | if (!mTcgDxeData.GetEventLogCalled[Index]) {\r | |
821 | EventLogAreaStruct = &mTcgDxeData.EventLogAreaStruct[Index];\r | |
822 | } else {\r | |
823 | EventLogAreaStruct = &mTcgDxeData.FinalEventLogAreaStruct[Index];\r | |
824 | }\r | |
825 | \r | |
826 | if (EventLogAreaStruct->EventLogTruncated) {\r | |
827 | return EFI_VOLUME_FULL;\r | |
828 | }\r | |
829 | \r | |
830 | EventLogAreaStruct->LastEvent = (UINT8*)(UINTN)EventLogAreaStruct->Lasa;\r | |
831 | Status = TcgCommLogEvent (\r | |
832 | &EventLogAreaStruct->LastEvent,\r | |
833 | &EventLogAreaStruct->EventLogSize,\r | |
834 | (UINTN)EventLogAreaStruct->Laml,\r | |
835 | NewEventHdr,\r | |
836 | NewEventHdrSize,\r | |
837 | NewEventData,\r | |
838 | NewEventSize\r | |
839 | );\r | |
840 | \r | |
841 | if (Status == EFI_DEVICE_ERROR) {\r | |
842 | return EFI_DEVICE_ERROR;\r | |
843 | } else if (Status == EFI_OUT_OF_RESOURCES) {\r | |
844 | EventLogAreaStruct->EventLogTruncated = TRUE;\r | |
845 | return EFI_VOLUME_FULL;\r | |
846 | } else if (Status == EFI_SUCCESS) {\r | |
847 | EventLogAreaStruct->EventLogStarted = TRUE;\r | |
848 | if (mTcgDxeData.GetEventLogCalled[Index]) {\r | |
849 | (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents ++;\r | |
850 | }\r | |
851 | }\r | |
852 | \r | |
853 | return Status;\r | |
854 | }\r | |
855 | \r | |
856 | /**\r | |
857 | This function get digest from digest list.\r | |
858 | \r | |
859 | @param HashAlg digest algorithm\r | |
860 | @param DigestList digest list\r | |
861 | @param Digest digest\r | |
862 | \r | |
863 | @retval EFI_SUCCESS Sha1Digest is found and returned.\r | |
864 | @retval EFI_NOT_FOUND Sha1Digest is not found.\r | |
865 | **/\r | |
866 | EFI_STATUS\r | |
867 | Tpm2GetDigestFromDigestList (\r | |
868 | IN TPMI_ALG_HASH HashAlg,\r | |
869 | IN TPML_DIGEST_VALUES *DigestList,\r | |
870 | IN VOID *Digest\r | |
871 | )\r | |
872 | {\r | |
873 | UINTN Index;\r | |
874 | UINT16 DigestSize;\r | |
875 | \r | |
876 | DigestSize = GetHashSizeFromAlgo (HashAlg);\r | |
877 | for (Index = 0; Index < DigestList->count; Index++) {\r | |
878 | if (DigestList->digests[Index].hashAlg == HashAlg) {\r | |
879 | CopyMem (\r | |
880 | Digest,\r | |
881 | &DigestList->digests[Index].digest,\r | |
882 | DigestSize\r | |
883 | );\r | |
884 | return EFI_SUCCESS;\r | |
885 | }\r | |
886 | }\r | |
887 | \r | |
888 | return EFI_NOT_FOUND;\r | |
889 | }\r | |
890 | \r | |
891 | /**\r | |
892 | Get TPML_DIGEST_VALUES data size.\r | |
893 | \r | |
894 | @param[in] DigestList TPML_DIGEST_VALUES data.\r | |
895 | \r | |
896 | @return TPML_DIGEST_VALUES data size.\r | |
897 | **/\r | |
898 | UINT32\r | |
899 | GetDigestListSize (\r | |
900 | IN TPML_DIGEST_VALUES *DigestList\r | |
901 | )\r | |
902 | {\r | |
903 | UINTN Index;\r | |
904 | UINT16 DigestSize;\r | |
905 | UINT32 TotalSize;\r | |
906 | \r | |
907 | TotalSize = sizeof(DigestList->count);\r | |
908 | for (Index = 0; Index < DigestList->count; Index++) {\r | |
909 | DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);\r | |
910 | TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize;\r | |
911 | }\r | |
912 | \r | |
913 | return TotalSize;\r | |
914 | }\r | |
915 | \r | |
916 | /**\r | |
917 | Get TPML_DIGEST_VALUES compact binary buffer size.\r | |
918 | \r | |
919 | @param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer.\r | |
920 | \r | |
921 | @return TPML_DIGEST_VALUES compact binary buffer size.\r | |
922 | **/\r | |
923 | UINT32\r | |
924 | GetDigestListBinSize (\r | |
925 | IN VOID *DigestListBin\r | |
926 | )\r | |
927 | {\r | |
928 | UINTN Index;\r | |
929 | UINT16 DigestSize;\r | |
930 | UINT32 TotalSize;\r | |
931 | UINT32 Count;\r | |
932 | TPMI_ALG_HASH HashAlg;\r | |
933 | \r | |
934 | Count = ReadUnaligned32 (DigestListBin);\r | |
935 | TotalSize = sizeof(Count);\r | |
936 | DigestListBin = (UINT8 *)DigestListBin + sizeof(Count);\r | |
937 | for (Index = 0; Index < Count; Index++) {\r | |
938 | HashAlg = ReadUnaligned16 (DigestListBin);\r | |
939 | TotalSize += sizeof(HashAlg);\r | |
940 | DigestListBin = (UINT8 *)DigestListBin + sizeof(HashAlg);\r | |
941 | \r | |
942 | DigestSize = GetHashSizeFromAlgo (HashAlg);\r | |
943 | TotalSize += DigestSize;\r | |
944 | DigestListBin = (UINT8 *)DigestListBin + DigestSize;\r | |
945 | }\r | |
946 | \r | |
947 | return TotalSize;\r | |
948 | }\r | |
949 | \r | |
950 | /**\r | |
951 | Return if hash alg is supported in TPM PCR bank.\r | |
952 | \r | |
953 | @param HashAlg Hash algorithm to be checked.\r | |
954 | \r | |
955 | @retval TRUE Hash algorithm is supported.\r | |
956 | @retval FALSE Hash algorithm is not supported.\r | |
957 | **/\r | |
958 | BOOLEAN\r | |
959 | IsHashAlgSupportedInPcrBank (\r | |
960 | IN TPMI_ALG_HASH HashAlg\r | |
961 | )\r | |
962 | {\r | |
963 | switch (HashAlg) {\r | |
964 | case TPM_ALG_SHA1:\r | |
965 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {\r | |
966 | return TRUE;\r | |
967 | }\r | |
968 | break;\r | |
969 | case TPM_ALG_SHA256:\r | |
970 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {\r | |
971 | return TRUE;\r | |
972 | }\r | |
973 | break;\r | |
974 | case TPM_ALG_SHA384:\r | |
975 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {\r | |
976 | return TRUE;\r | |
977 | }\r | |
978 | break;\r | |
979 | case TPM_ALG_SHA512:\r | |
980 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {\r | |
981 | return TRUE;\r | |
982 | }\r | |
983 | break;\r | |
984 | case TPM_ALG_SM3_256:\r | |
985 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {\r | |
986 | return TRUE;\r | |
987 | }\r | |
988 | break;\r | |
989 | }\r | |
990 | \r | |
991 | return FALSE;\r | |
992 | }\r | |
993 | \r | |
994 | /**\r | |
995 | Copy TPML_DIGEST_VALUES into a buffer\r | |
996 | \r | |
997 | @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.\r | |
998 | @param[in] DigestList TPML_DIGEST_VALUES to be copied.\r | |
999 | \r | |
1000 | @return The end of buffer to hold TPML_DIGEST_VALUES.\r | |
1001 | **/\r | |
1002 | VOID *\r | |
1003 | CopyDigestListToBuffer (\r | |
1004 | IN OUT VOID *Buffer,\r | |
1005 | IN TPML_DIGEST_VALUES *DigestList\r | |
1006 | )\r | |
1007 | {\r | |
1008 | UINTN Index;\r | |
1009 | UINT16 DigestSize;\r | |
1010 | \r | |
1011 | CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));\r | |
1012 | Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);\r | |
1013 | for (Index = 0; Index < DigestList->count; Index++) {\r | |
1014 | if (!IsHashAlgSupportedInPcrBank (DigestList->digests[Index].hashAlg)) {\r | |
1015 | DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));\r | |
1016 | continue;\r | |
1017 | }\r | |
1018 | CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));\r | |
1019 | Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);\r | |
1020 | DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);\r | |
1021 | CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);\r | |
1022 | Buffer = (UINT8 *)Buffer + DigestSize;\r | |
1023 | }\r | |
1024 | \r | |
1025 | return Buffer;\r | |
1026 | }\r | |
1027 | \r | |
1028 | /**\r | |
1029 | Add a new entry to the Event Log.\r | |
1030 | \r | |
1031 | @param[in] DigestList A list of digest.\r | |
1032 | @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.\r | |
1033 | @param[in] NewEventData Pointer to the new event data.\r | |
1034 | \r | |
1035 | @retval EFI_SUCCESS The new event log entry was added.\r | |
1036 | @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r | |
1037 | **/\r | |
1038 | EFI_STATUS\r | |
1039 | TcgDxeLogHashEvent (\r | |
1040 | IN TPML_DIGEST_VALUES *DigestList,\r | |
1041 | IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,\r | |
1042 | IN UINT8 *NewEventData\r | |
1043 | )\r | |
1044 | {\r | |
1045 | EFI_STATUS Status;\r | |
1046 | EFI_TPL OldTpl;\r | |
1047 | UINTN Index;\r | |
1048 | EFI_STATUS RetStatus;\r | |
1049 | TCG_PCR_EVENT2 TcgPcrEvent2;\r | |
1050 | UINT8 *DigestBuffer;\r | |
1051 | \r | |
1052 | DEBUG ((EFI_D_INFO, "SupportedEventLogs - 0x%08x\n", mTcgDxeData.BsCap.SupportedEventLogs));\r | |
1053 | \r | |
1054 | RetStatus = EFI_SUCCESS;\r | |
1055 | for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {\r | |
1056 | if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {\r | |
1057 | DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));\r | |
1058 | switch (mTcg2EventInfo[Index].LogFormat) {\r | |
1059 | case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:\r | |
1060 | Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);\r | |
1061 | if (!EFI_ERROR (Status)) {\r | |
1062 | //\r | |
1063 | // Enter critical region\r | |
1064 | //\r | |
1065 | OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);\r | |
1066 | Status = TcgDxeLogEvent (\r | |
1067 | mTcg2EventInfo[Index].LogFormat,\r | |
1068 | NewEventHdr,\r | |
1069 | sizeof(TCG_PCR_EVENT_HDR),\r | |
1070 | NewEventData,\r | |
1071 | NewEventHdr->EventSize\r | |
1072 | );\r | |
1073 | if (Status != EFI_SUCCESS) {\r | |
1074 | RetStatus = Status;\r | |
1075 | }\r | |
1076 | gBS->RestoreTPL (OldTpl);\r | |
1077 | //\r | |
1078 | // Exit critical region\r | |
1079 | //\r | |
1080 | }\r | |
1081 | break;\r | |
1082 | case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2:\r | |
1083 | ZeroMem (&TcgPcrEvent2, sizeof(TcgPcrEvent2));\r | |
1084 | TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex;\r | |
1085 | TcgPcrEvent2.EventType = NewEventHdr->EventType;\r | |
1086 | DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest;\r | |
1087 | DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList);\r | |
1088 | CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize));\r | |
1089 | DigestBuffer = DigestBuffer + sizeof(NewEventHdr->EventSize);\r | |
1090 | \r | |
1091 | //\r | |
1092 | // Enter critical region\r | |
1093 | //\r | |
1094 | OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);\r | |
1095 | Status = TcgDxeLogEvent (\r | |
1096 | mTcg2EventInfo[Index].LogFormat,\r | |
1097 | &TcgPcrEvent2,\r | |
1098 | sizeof(TcgPcrEvent2.PCRIndex) + sizeof(TcgPcrEvent2.EventType) + GetDigestListSize (DigestList) + sizeof(TcgPcrEvent2.EventSize),\r | |
1099 | NewEventData,\r | |
1100 | NewEventHdr->EventSize\r | |
1101 | );\r | |
1102 | if (Status != EFI_SUCCESS) {\r | |
1103 | RetStatus = Status;\r | |
1104 | }\r | |
1105 | gBS->RestoreTPL (OldTpl);\r | |
1106 | //\r | |
1107 | // Exit critical region\r | |
1108 | //\r | |
1109 | break;\r | |
1110 | }\r | |
1111 | }\r | |
1112 | }\r | |
1113 | \r | |
1114 | return RetStatus;\r | |
1115 | }\r | |
1116 | \r | |
1117 | /**\r | |
1118 | Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,\r | |
1119 | and add an entry to the Event Log.\r | |
1120 | \r | |
1121 | @param[in] Flags Bitmap providing additional information.\r | |
1122 | @param[in] HashData Physical address of the start of the data buffer \r | |
1123 | to be hashed, extended, and logged.\r | |
1124 | @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData\r | |
1125 | @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. \r | |
1126 | @param[in] NewEventData Pointer to the new event data. \r | |
1127 | \r | |
1128 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1129 | @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r | |
1130 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
1131 | \r | |
1132 | **/\r | |
1133 | EFI_STATUS\r | |
1134 | TcgDxeHashLogExtendEvent (\r | |
1135 | IN UINT64 Flags,\r | |
1136 | IN UINT8 *HashData,\r | |
1137 | IN UINT64 HashDataLen,\r | |
1138 | IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,\r | |
1139 | IN UINT8 *NewEventData\r | |
1140 | )\r | |
1141 | {\r | |
1142 | EFI_STATUS Status;\r | |
1143 | TPML_DIGEST_VALUES DigestList;\r | |
1144 | \r | |
1145 | if (!mTcgDxeData.BsCap.TPMPresentFlag) {\r | |
1146 | return EFI_DEVICE_ERROR;\r | |
1147 | }\r | |
1148 | \r | |
1149 | Status = HashAndExtend (\r | |
1150 | NewEventHdr->PCRIndex,\r | |
1151 | HashData,\r | |
1152 | (UINTN)HashDataLen,\r | |
1153 | &DigestList\r | |
1154 | );\r | |
1155 | if (!EFI_ERROR (Status)) {\r | |
1156 | if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) {\r | |
1157 | Status = TcgDxeLogHashEvent (&DigestList, NewEventHdr, NewEventData);\r | |
1158 | }\r | |
1159 | }\r | |
1160 | \r | |
1161 | if (Status == EFI_DEVICE_ERROR) {\r | |
1162 | DEBUG ((EFI_D_ERROR, "TcgDxeHashLogExtendEvent - %r. Disable TPM.\n", Status));\r | |
1163 | mTcgDxeData.BsCap.TPMPresentFlag = FALSE;\r | |
1164 | REPORT_STATUS_CODE (\r | |
1165 | EFI_ERROR_CODE | EFI_ERROR_MINOR,\r | |
1166 | (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r | |
1167 | );\r | |
1168 | }\r | |
1169 | \r | |
1170 | return Status;\r | |
1171 | }\r | |
1172 | \r | |
1173 | /**\r | |
1174 | The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with\r | |
1175 | an opportunity to extend and optionally log events without requiring\r | |
1176 | knowledge of actual TPM commands. \r | |
1177 | The extend operation will occur even if this function cannot create an event\r | |
1178 | log entry (e.g. due to the event log being full). \r | |
1179 | \r | |
1180 | @param[in] This Indicates the calling context\r | |
1181 | @param[in] Flags Bitmap providing additional information.\r | |
1182 | @param[in] DataToHash Physical address of the start of the data buffer to be hashed. \r | |
1183 | @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash.\r | |
1184 | @param[in] Event Pointer to data buffer containing information about the event.\r | |
1185 | \r | |
1186 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1187 | @retval EFI_DEVICE_ERROR The command was unsuccessful.\r | |
1188 | @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs.\r | |
1189 | @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.\r | |
1190 | @retval EFI_UNSUPPORTED The PE/COFF image type is not supported.\r | |
1191 | **/\r | |
1192 | EFI_STATUS\r | |
1193 | EFIAPI\r | |
1194 | Tcg2HashLogExtendEvent (\r | |
1195 | IN EFI_TCG2_PROTOCOL *This,\r | |
1196 | IN UINT64 Flags,\r | |
1197 | IN EFI_PHYSICAL_ADDRESS DataToHash,\r | |
1198 | IN UINT64 DataToHashLen,\r | |
1199 | IN EFI_TCG2_EVENT *Event\r | |
1200 | )\r | |
1201 | {\r | |
1202 | EFI_STATUS Status;\r | |
1203 | TCG_PCR_EVENT_HDR NewEventHdr;\r | |
1204 | TPML_DIGEST_VALUES DigestList;\r | |
1205 | \r | |
1206 | DEBUG ((EFI_D_INFO, "Tcg2HashLogExtendEvent ...\n"));\r | |
1207 | \r | |
1208 | if ((This == NULL) || (DataToHash == 0) || (Event == NULL)) {\r | |
1209 | return EFI_INVALID_PARAMETER;\r | |
1210 | }\r | |
1211 | \r | |
1212 | if (!mTcgDxeData.BsCap.TPMPresentFlag) {\r | |
1213 | return EFI_DEVICE_ERROR;\r | |
1214 | }\r | |
1215 | \r | |
1216 | if (Event->Size < Event->Header.HeaderSize + sizeof(UINT32)) {\r | |
1217 | return EFI_INVALID_PARAMETER;\r | |
1218 | }\r | |
1219 | \r | |
1220 | if (Event->Header.PCRIndex > MAX_PCR_INDEX) {\r | |
1221 | return EFI_INVALID_PARAMETER;\r | |
1222 | }\r | |
1223 | \r | |
1224 | NewEventHdr.PCRIndex = Event->Header.PCRIndex;\r | |
1225 | NewEventHdr.EventType = Event->Header.EventType;\r | |
1226 | NewEventHdr.EventSize = Event->Size - sizeof(UINT32) - Event->Header.HeaderSize;\r | |
1227 | if ((Flags & PE_COFF_IMAGE) != 0) {\r | |
1228 | Status = MeasurePeImageAndExtend (\r | |
1229 | NewEventHdr.PCRIndex,\r | |
1230 | DataToHash,\r | |
1231 | (UINTN)DataToHashLen,\r | |
1232 | &DigestList\r | |
1233 | );\r | |
1234 | if (!EFI_ERROR (Status)) {\r | |
1235 | if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) {\r | |
1236 | Status = TcgDxeLogHashEvent (&DigestList, &NewEventHdr, Event->Event);\r | |
1237 | }\r | |
1238 | }\r | |
1239 | if (Status == EFI_DEVICE_ERROR) {\r | |
1240 | DEBUG ((EFI_D_ERROR, "MeasurePeImageAndExtend - %r. Disable TPM.\n", Status));\r | |
1241 | mTcgDxeData.BsCap.TPMPresentFlag = FALSE;\r | |
1242 | REPORT_STATUS_CODE (\r | |
1243 | EFI_ERROR_CODE | EFI_ERROR_MINOR,\r | |
1244 | (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r | |
1245 | );\r | |
1246 | }\r | |
1247 | } else {\r | |
1248 | Status = TcgDxeHashLogExtendEvent (\r | |
1249 | Flags,\r | |
1250 | (UINT8 *) (UINTN) DataToHash,\r | |
1251 | DataToHashLen,\r | |
1252 | &NewEventHdr,\r | |
1253 | Event->Event\r | |
1254 | );\r | |
1255 | }\r | |
1256 | DEBUG ((EFI_D_INFO, "Tcg2HashLogExtendEvent - %r\n", Status));\r | |
1257 | return Status;\r | |
1258 | }\r | |
1259 | \r | |
1260 | /**\r | |
1261 | This service enables the sending of commands to the TPM.\r | |
1262 | \r | |
1263 | @param[in] This Indicates the calling context\r | |
1264 | @param[in] InputParameterBlockSize Size of the TPM input parameter block.\r | |
1265 | @param[in] InputParameterBlock Pointer to the TPM input parameter block.\r | |
1266 | @param[in] OutputParameterBlockSize Size of the TPM output parameter block.\r | |
1267 | @param[in] OutputParameterBlock Pointer to the TPM output parameter block.\r | |
1268 | \r | |
1269 | @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.\r | |
1270 | @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.\r | |
1271 | @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.\r | |
1272 | @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. \r | |
1273 | **/\r | |
1274 | EFI_STATUS\r | |
1275 | EFIAPI\r | |
1276 | Tcg2SubmitCommand (\r | |
1277 | IN EFI_TCG2_PROTOCOL *This,\r | |
1278 | IN UINT32 InputParameterBlockSize,\r | |
1279 | IN UINT8 *InputParameterBlock,\r | |
1280 | IN UINT32 OutputParameterBlockSize,\r | |
1281 | IN UINT8 *OutputParameterBlock\r | |
1282 | )\r | |
1283 | {\r | |
1284 | EFI_STATUS Status;\r | |
1285 | \r | |
1286 | DEBUG ((EFI_D_INFO, "Tcg2SubmitCommand ...\n"));\r | |
1287 | \r | |
1288 | if ((This == NULL) ||\r | |
1289 | (InputParameterBlockSize == 0) || (InputParameterBlock == NULL) ||\r | |
1290 | (OutputParameterBlockSize == 0) || (OutputParameterBlock == NULL)) {\r | |
1291 | return EFI_INVALID_PARAMETER;\r | |
1292 | }\r | |
1293 | \r | |
1294 | if (!mTcgDxeData.BsCap.TPMPresentFlag) {\r | |
1295 | return EFI_DEVICE_ERROR;\r | |
1296 | }\r | |
1297 | \r | |
1298 | if (InputParameterBlockSize >= mTcgDxeData.BsCap.MaxCommandSize) {\r | |
1299 | return EFI_INVALID_PARAMETER;\r | |
1300 | }\r | |
1301 | if (OutputParameterBlockSize >= mTcgDxeData.BsCap.MaxResponseSize) {\r | |
1302 | return EFI_INVALID_PARAMETER;\r | |
1303 | }\r | |
1304 | \r | |
1305 | Status = Tpm2SubmitCommand (\r | |
1306 | InputParameterBlockSize,\r | |
1307 | InputParameterBlock,\r | |
1308 | &OutputParameterBlockSize,\r | |
1309 | OutputParameterBlock\r | |
1310 | );\r | |
1311 | DEBUG ((EFI_D_INFO, "Tcg2SubmitCommand - %r\n", Status));\r | |
1312 | return Status;\r | |
1313 | }\r | |
1314 | \r | |
1315 | /**\r | |
1316 | This service returns the currently active PCR banks.\r | |
1317 | \r | |
1318 | @param[in] This Indicates the calling context\r | |
1319 | @param[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks.\r | |
1320 | \r | |
1321 | @retval EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter.\r | |
1322 | @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. \r | |
1323 | **/\r | |
1324 | EFI_STATUS\r | |
1325 | EFIAPI\r | |
1326 | Tcg2GetActivePCRBanks (\r | |
1327 | IN EFI_TCG2_PROTOCOL *This,\r | |
1328 | OUT UINT32 *ActivePcrBanks\r | |
1329 | )\r | |
1330 | {\r | |
1331 | if (ActivePcrBanks == NULL) {\r | |
1332 | return EFI_INVALID_PARAMETER;\r | |
1333 | }\r | |
1334 | *ActivePcrBanks = mTcgDxeData.BsCap.ActivePcrBanks;\r | |
1335 | return EFI_SUCCESS;\r | |
1336 | }\r | |
1337 | \r | |
1338 | /**\r | |
1339 | This service sets the currently active PCR banks.\r | |
1340 | \r | |
1341 | @param[in] This Indicates the calling context\r | |
1342 | @param[in] ActivePcrBanks Bitmap of the requested active PCR banks. At least one bit SHALL be set.\r | |
1343 | \r | |
1344 | @retval EFI_SUCCESS The bitmap in ActivePcrBank parameter is already active.\r | |
1345 | @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.\r | |
1346 | **/\r | |
1347 | EFI_STATUS\r | |
1348 | EFIAPI\r | |
1349 | Tcg2SetActivePCRBanks (\r | |
1350 | IN EFI_TCG2_PROTOCOL *This,\r | |
1351 | IN UINT32 ActivePcrBanks\r | |
1352 | )\r | |
1353 | {\r | |
1354 | EFI_STATUS Status;\r | |
1355 | UINT32 ReturnCode;\r | |
1356 | \r | |
1357 | DEBUG ((EFI_D_INFO, "Tcg2SetActivePCRBanks ... (0x%x)\n", ActivePcrBanks));\r | |
1358 | \r | |
1359 | if (ActivePcrBanks == 0) {\r | |
1360 | return EFI_INVALID_PARAMETER;\r | |
1361 | }\r | |
1362 | if ((ActivePcrBanks & (~mTcgDxeData.BsCap.HashAlgorithmBitmap)) != 0) {\r | |
1363 | return EFI_INVALID_PARAMETER;\r | |
1364 | }\r | |
1365 | if (ActivePcrBanks == mTcgDxeData.BsCap.ActivePcrBanks) {\r | |
1366 | //\r | |
1367 | // Need clear previous SET_PCR_BANKS setting\r | |
1368 | //\r | |
1369 | ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (TCG2_PHYSICAL_PRESENCE_NO_ACTION, 0);\r | |
1370 | } else {\r | |
1371 | ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS, ActivePcrBanks);\r | |
1372 | }\r | |
1373 | \r | |
1374 | if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {\r | |
1375 | Status = EFI_SUCCESS;\r | |
1376 | } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {\r | |
1377 | Status = EFI_OUT_OF_RESOURCES;\r | |
1378 | } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {\r | |
1379 | Status = EFI_UNSUPPORTED;\r | |
1380 | } else {\r | |
1381 | Status = EFI_DEVICE_ERROR;\r | |
1382 | }\r | |
1383 | \r | |
1384 | DEBUG ((EFI_D_INFO, "Tcg2SetActivePCRBanks - %r\n", Status));\r | |
1385 | \r | |
1386 | return Status;\r | |
1387 | }\r | |
1388 | \r | |
1389 | /**\r | |
1390 | This service retrieves the result of a previous invocation of SetActivePcrBanks.\r | |
1391 | \r | |
1392 | @param[in] This Indicates the calling context\r | |
1393 | @param[out] OperationPresent Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot.\r | |
1394 | @param[out] Response The response from the SetActivePcrBank request.\r | |
1395 | \r | |
1396 | @retval EFI_SUCCESS The result value could be returned.\r | |
1397 | @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.\r | |
1398 | **/\r | |
1399 | EFI_STATUS\r | |
1400 | EFIAPI\r | |
1401 | Tcg2GetResultOfSetActivePcrBanks (\r | |
1402 | IN EFI_TCG2_PROTOCOL *This,\r | |
1403 | OUT UINT32 *OperationPresent,\r | |
1404 | OUT UINT32 *Response\r | |
1405 | )\r | |
1406 | {\r | |
1407 | UINT32 ReturnCode;\r | |
1408 | \r | |
1409 | if ((OperationPresent == NULL) || (Response == NULL)) {\r | |
1410 | return EFI_INVALID_PARAMETER;\r | |
1411 | }\r | |
1412 | \r | |
1413 | ReturnCode = Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (OperationPresent, Response);\r | |
1414 | if (ReturnCode == TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS) {\r | |
1415 | return EFI_SUCCESS;\r | |
1416 | } else {\r | |
1417 | return EFI_UNSUPPORTED;\r | |
1418 | }\r | |
1419 | }\r | |
1420 | \r | |
1421 | EFI_TCG2_PROTOCOL mTcg2Protocol = {\r | |
1422 | Tcg2GetCapability,\r | |
1423 | Tcg2GetEventLog,\r | |
1424 | Tcg2HashLogExtendEvent,\r | |
1425 | Tcg2SubmitCommand,\r | |
1426 | Tcg2GetActivePCRBanks,\r | |
1427 | Tcg2SetActivePCRBanks,\r | |
1428 | Tcg2GetResultOfSetActivePcrBanks,\r | |
1429 | };\r | |
1430 | \r | |
1431 | /**\r | |
1432 | Initialize the Event Log and log events passed from the PEI phase.\r | |
1433 | \r | |
1434 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1435 | @retval EFI_OUT_OF_RESOURCES Out of memory.\r | |
1436 | \r | |
1437 | **/\r | |
1438 | EFI_STATUS\r | |
1439 | SetupEventLog (\r | |
1440 | VOID\r | |
1441 | )\r | |
1442 | {\r | |
1443 | EFI_STATUS Status;\r | |
1444 | VOID *TcgEvent;\r | |
1445 | EFI_PEI_HOB_POINTERS GuidHob;\r | |
1446 | EFI_PHYSICAL_ADDRESS Lasa;\r | |
1447 | UINTN Index;\r | |
1448 | UINT32 DigestListBinSize;\r | |
1449 | UINT32 EventSize;\r | |
1450 | TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct;\r | |
1451 | UINT8 TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + (HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)];\r | |
1452 | TCG_PCR_EVENT_HDR FirstPcrEvent;\r | |
a9092578 | 1453 | TCG_EfiSpecIdEventAlgorithmSize *DigestSize;\r |
35e00ace | 1454 | TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize;\r |
a9092578 QS |
1455 | UINT8 *VendorInfoSize;\r |
1456 | UINT32 NumberOfAlgorithms;\r | |
1abfa4ce JY |
1457 | \r |
1458 | DEBUG ((EFI_D_INFO, "SetupEventLog\n"));\r | |
1459 | \r | |
1460 | //\r | |
1461 | // 1. Create Log Area\r | |
1462 | //\r | |
1463 | for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {\r | |
1464 | if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {\r | |
1465 | mTcgDxeData.EventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat;\r | |
1466 | Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);\r | |
1467 | Status = gBS->AllocatePages (\r | |
1468 | AllocateMaxAddress,\r | |
1469 | EfiACPIMemoryNVS,\r | |
91e914f5 | 1470 | EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)),\r |
1abfa4ce JY |
1471 | &Lasa\r |
1472 | );\r | |
1473 | if (EFI_ERROR (Status)) {\r | |
1474 | return Status;\r | |
1475 | }\r | |
1476 | mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa;\r | |
91e914f5 | 1477 | mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen);\r |
1abfa4ce JY |
1478 | //\r |
1479 | // To initialize them as 0xFF is recommended \r | |
1480 | // because the OS can know the last entry for that.\r | |
1481 | //\r | |
91e914f5 | 1482 | SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF);\r |
1abfa4ce JY |
1483 | //\r |
1484 | // Create first entry for Log Header Entry Data\r | |
1485 | //\r | |
1486 | if (mTcg2EventInfo[Index].LogFormat != EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2) {\r | |
1487 | //\r | |
1488 | // TcgEfiSpecIdEventStruct\r | |
1489 | //\r | |
1490 | TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)TempBuf;\r | |
1491 | CopyMem (TcgEfiSpecIdEventStruct->signature, TCG_EfiSpecIDEventStruct_SIGNATURE_03, sizeof(TcgEfiSpecIdEventStruct->signature));\r | |
1492 | TcgEfiSpecIdEventStruct->platformClass = PcdGet8 (PcdTpmPlatformClass);\r | |
1493 | TcgEfiSpecIdEventStruct->specVersionMajor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2;\r | |
1494 | TcgEfiSpecIdEventStruct->specVersionMinor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2;\r | |
1495 | TcgEfiSpecIdEventStruct->specErrata = TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2;\r | |
1496 | TcgEfiSpecIdEventStruct->uintnSize = sizeof(UINTN)/sizeof(UINT32);\r | |
a9092578 QS |
1497 | NumberOfAlgorithms = 0;\r |
1498 | DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms));\r | |
1abfa4ce | 1499 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {\r |
35e00ace QS |
1500 | TempDigestSize = DigestSize;\r |
1501 | TempDigestSize += NumberOfAlgorithms;\r | |
1502 | TempDigestSize->algorithmId = TPM_ALG_SHA1;\r | |
1503 | TempDigestSize->digestSize = SHA1_DIGEST_SIZE;\r | |
a9092578 | 1504 | NumberOfAlgorithms++;\r |
1abfa4ce JY |
1505 | }\r |
1506 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {\r | |
35e00ace QS |
1507 | TempDigestSize = DigestSize;\r |
1508 | TempDigestSize += NumberOfAlgorithms;\r | |
1509 | TempDigestSize->algorithmId = TPM_ALG_SHA256;\r | |
1510 | TempDigestSize->digestSize = SHA256_DIGEST_SIZE;\r | |
a9092578 | 1511 | NumberOfAlgorithms++;\r |
1abfa4ce JY |
1512 | }\r |
1513 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {\r | |
35e00ace QS |
1514 | TempDigestSize = DigestSize;\r |
1515 | TempDigestSize += NumberOfAlgorithms;\r | |
1516 | TempDigestSize->algorithmId = TPM_ALG_SHA384;\r | |
1517 | TempDigestSize->digestSize = SHA384_DIGEST_SIZE;\r | |
a9092578 | 1518 | NumberOfAlgorithms++;\r |
1abfa4ce JY |
1519 | }\r |
1520 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {\r | |
35e00ace QS |
1521 | TempDigestSize = DigestSize;\r |
1522 | TempDigestSize += NumberOfAlgorithms;\r | |
1523 | TempDigestSize->algorithmId = TPM_ALG_SHA512;\r | |
1524 | TempDigestSize->digestSize = SHA512_DIGEST_SIZE;\r | |
a9092578 | 1525 | NumberOfAlgorithms++;\r |
1abfa4ce JY |
1526 | }\r |
1527 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {\r | |
35e00ace QS |
1528 | TempDigestSize = DigestSize;\r |
1529 | TempDigestSize += NumberOfAlgorithms;\r | |
1530 | TempDigestSize->algorithmId = TPM_ALG_SM3_256;\r | |
1531 | TempDigestSize->digestSize = SM3_256_DIGEST_SIZE;\r | |
a9092578 | 1532 | NumberOfAlgorithms++;\r |
1abfa4ce | 1533 | }\r |
a9092578 | 1534 | CopyMem (TcgEfiSpecIdEventStruct + 1, &NumberOfAlgorithms, sizeof(NumberOfAlgorithms));\r |
35e00ace QS |
1535 | TempDigestSize = DigestSize;\r |
1536 | TempDigestSize += NumberOfAlgorithms;\r | |
1537 | VendorInfoSize = (UINT8 *)TempDigestSize;\r | |
a9092578 | 1538 | *VendorInfoSize = 0;\r |
1abfa4ce JY |
1539 | \r |
1540 | //\r | |
1541 | // FirstPcrEvent\r | |
1542 | //\r | |
1543 | FirstPcrEvent.PCRIndex = 0;\r | |
1544 | FirstPcrEvent.EventType = EV_NO_ACTION;\r | |
1545 | ZeroMem (&FirstPcrEvent.Digest, sizeof(FirstPcrEvent.Digest));\r | |
1546 | FirstPcrEvent.EventSize = (UINT32)GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct);\r | |
1547 | \r | |
1548 | //\r | |
1549 | // Record\r | |
1550 | //\r | |
1551 | Status = TcgDxeLogEvent (\r | |
1552 | mTcg2EventInfo[Index].LogFormat,\r | |
1553 | &FirstPcrEvent,\r | |
1554 | sizeof(FirstPcrEvent),\r | |
1555 | (UINT8 *)TcgEfiSpecIdEventStruct,\r | |
1556 | FirstPcrEvent.EventSize\r | |
1557 | );\r | |
1558 | }\r | |
1559 | }\r | |
1560 | }\r | |
1561 | \r | |
1562 | //\r | |
1563 | // 2. Create Final Log Area\r | |
1564 | //\r | |
1565 | for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {\r | |
1566 | if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {\r | |
1567 | Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);\r | |
1568 | Status = gBS->AllocatePages (\r | |
1569 | AllocateMaxAddress,\r | |
1570 | EfiACPIMemoryNVS,\r | |
91e914f5 | 1571 | EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcg2FinalLogAreaLen)),\r |
1abfa4ce JY |
1572 | &Lasa\r |
1573 | );\r | |
1574 | if (EFI_ERROR (Status)) {\r | |
1575 | return Status;\r | |
1576 | }\r | |
91e914f5 | 1577 | SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), 0xFF);\r |
1abfa4ce JY |
1578 | \r |
1579 | //\r | |
1580 | // Initialize\r | |
1581 | //\r | |
1582 | mTcgDxeData.FinalEventsTable[Index] = (VOID *)(UINTN)Lasa;\r | |
1583 | (mTcgDxeData.FinalEventsTable[Index])->Version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;\r | |
1584 | (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents = 0;\r | |
1585 | \r | |
1586 | mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat;\r | |
1587 | mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + sizeof(EFI_TCG2_FINAL_EVENTS_TABLE);\r | |
91e914f5 | 1588 | mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcg2FinalLogAreaLen) - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE);\r |
1abfa4ce JY |
1589 | mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0;\r |
1590 | mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa;\r | |
1591 | mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE;\r | |
1592 | mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE;\r | |
1593 | \r | |
1594 | if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) {\r | |
1595 | //\r | |
1596 | // Install to configuration table\r | |
1597 | //\r | |
1598 | Status = gBS->InstallConfigurationTable (&gEfiTcg2FinalEventsTableGuid, (VOID *)mTcgDxeData.FinalEventsTable[1]);\r | |
1599 | if (EFI_ERROR (Status)) {\r | |
1600 | return Status;\r | |
1601 | }\r | |
1602 | }\r | |
1603 | }\r | |
1604 | }\r | |
1605 | \r | |
1606 | //\r | |
1607 | // 3. Sync data from PEI to DXE\r | |
1608 | //\r | |
1609 | Status = EFI_SUCCESS;\r | |
1610 | for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {\r | |
1611 | if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {\r | |
1612 | GuidHob.Raw = GetHobList ();\r | |
1613 | Status = EFI_SUCCESS;\r | |
1614 | while (!EFI_ERROR (Status) && \r | |
1615 | (GuidHob.Raw = GetNextGuidHob (mTcg2EventInfo[Index].EventGuid, GuidHob.Raw)) != NULL) {\r | |
1616 | TcgEvent = GET_GUID_HOB_DATA (GuidHob.Guid);\r | |
1617 | GuidHob.Raw = GET_NEXT_HOB (GuidHob);\r | |
1618 | switch (mTcg2EventInfo[Index].LogFormat) {\r | |
1619 | case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:\r | |
1620 | Status = TcgDxeLogEvent (\r | |
1621 | mTcg2EventInfo[Index].LogFormat,\r | |
1622 | TcgEvent,\r | |
1623 | sizeof(TCG_PCR_EVENT_HDR),\r | |
1624 | ((TCG_PCR_EVENT*)TcgEvent)->Event,\r | |
1625 | ((TCG_PCR_EVENT_HDR*)TcgEvent)->EventSize\r | |
1626 | );\r | |
1627 | break;\r | |
1628 | case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2:\r | |
1629 | DigestListBinSize = GetDigestListBinSize ((UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE));\r | |
1630 | CopyMem (&EventSize, (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize, sizeof(UINT32));\r | |
1631 | Status = TcgDxeLogEvent (\r | |
1632 | mTcg2EventInfo[Index].LogFormat,\r | |
1633 | TcgEvent,\r | |
1634 | sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32),\r | |
1635 | (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32),\r | |
1636 | EventSize\r | |
1637 | );\r | |
1638 | break;\r | |
1639 | }\r | |
1640 | }\r | |
1641 | }\r | |
1642 | }\r | |
1643 | \r | |
1644 | return Status;\r | |
1645 | }\r | |
1646 | \r | |
1647 | /**\r | |
1648 | Measure and log an action string, and extend the measurement result into PCR[5].\r | |
1649 | \r | |
1650 | @param[in] String A specific string that indicates an Action event. \r | |
1651 | \r | |
1652 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1653 | @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r | |
1654 | \r | |
1655 | **/\r | |
1656 | EFI_STATUS\r | |
1657 | TcgMeasureAction (\r | |
1658 | IN CHAR8 *String\r | |
1659 | )\r | |
1660 | {\r | |
1661 | TCG_PCR_EVENT_HDR TcgEvent;\r | |
1662 | \r | |
1663 | TcgEvent.PCRIndex = 5;\r | |
1664 | TcgEvent.EventType = EV_EFI_ACTION;\r | |
1665 | TcgEvent.EventSize = (UINT32)AsciiStrLen (String);\r | |
1666 | return TcgDxeHashLogExtendEvent (\r | |
1667 | 0,\r | |
1668 | (UINT8*)String,\r | |
1669 | TcgEvent.EventSize,\r | |
1670 | &TcgEvent,\r | |
1671 | (UINT8 *) String\r | |
1672 | );\r | |
1673 | }\r | |
1674 | \r | |
1675 | /**\r | |
1676 | Measure and log EFI handoff tables, and extend the measurement result into PCR[1].\r | |
1677 | \r | |
1678 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1679 | @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r | |
1680 | \r | |
1681 | **/\r | |
1682 | EFI_STATUS\r | |
1683 | MeasureHandoffTables (\r | |
1684 | VOID\r | |
1685 | )\r | |
1686 | {\r | |
1687 | EFI_STATUS Status;\r | |
1abfa4ce JY |
1688 | TCG_PCR_EVENT_HDR TcgEvent;\r |
1689 | EFI_HANDOFF_TABLE_POINTERS HandoffTables;\r | |
1690 | UINTN ProcessorNum;\r | |
1691 | EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;\r | |
1692 | \r | |
1693 | ProcessorLocBuf = NULL;\r | |
d2de4483 | 1694 | Status = EFI_SUCCESS;\r |
1abfa4ce JY |
1695 | \r |
1696 | if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) {\r | |
1697 | //\r | |
1698 | // Tcg Server spec. \r | |
1699 | // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1]\r | |
1700 | //\r | |
1701 | Status = GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum);\r | |
1702 | \r | |
1703 | if (!EFI_ERROR(Status)){\r | |
1704 | TcgEvent.PCRIndex = 1;\r | |
1705 | TcgEvent.EventType = EV_TABLE_OF_DEVICES;\r | |
1706 | TcgEvent.EventSize = sizeof (HandoffTables);\r | |
1707 | \r | |
1708 | HandoffTables.NumberOfTables = 1;\r | |
1709 | HandoffTables.TableEntry[0].VendorGuid = gEfiMpServiceProtocolGuid;\r | |
1710 | HandoffTables.TableEntry[0].VendorTable = ProcessorLocBuf;\r | |
1711 | \r | |
1712 | Status = TcgDxeHashLogExtendEvent (\r | |
1713 | 0,\r | |
1714 | (UINT8*)(UINTN)ProcessorLocBuf,\r | |
1715 | sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,\r | |
1716 | &TcgEvent,\r | |
1717 | (UINT8*)&HandoffTables\r | |
1718 | );\r | |
1719 | \r | |
1720 | FreePool(ProcessorLocBuf);\r | |
1721 | }\r | |
1722 | }\r | |
1723 | \r | |
1724 | return Status;\r | |
1725 | }\r | |
1726 | \r | |
1727 | /**\r | |
1728 | Measure and log Separator event, and extend the measurement result into a specific PCR.\r | |
1729 | \r | |
1730 | @param[in] PCRIndex PCR index. \r | |
1731 | \r | |
1732 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1733 | @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r | |
1734 | \r | |
1735 | **/\r | |
1736 | EFI_STATUS\r | |
1737 | MeasureSeparatorEvent (\r | |
1738 | IN TPM_PCRINDEX PCRIndex\r | |
1739 | )\r | |
1740 | {\r | |
1741 | TCG_PCR_EVENT_HDR TcgEvent;\r | |
1742 | UINT32 EventData;\r | |
1743 | \r | |
1744 | DEBUG ((EFI_D_INFO, "MeasureSeparatorEvent Pcr - %x\n", PCRIndex));\r | |
1745 | \r | |
1746 | EventData = 0;\r | |
1747 | TcgEvent.PCRIndex = PCRIndex;\r | |
1748 | TcgEvent.EventType = EV_SEPARATOR;\r | |
1749 | TcgEvent.EventSize = (UINT32)sizeof (EventData);\r | |
1750 | return TcgDxeHashLogExtendEvent (\r | |
1751 | 0,\r | |
1752 | (UINT8 *)&EventData,\r | |
1753 | sizeof (EventData),\r | |
1754 | &TcgEvent,\r | |
1755 | (UINT8 *)&EventData\r | |
1756 | );\r | |
1757 | }\r | |
1758 | \r | |
1759 | /**\r | |
1760 | Measure and log an EFI variable, and extend the measurement result into a specific PCR.\r | |
1761 | \r | |
1762 | @param[in] PCRIndex PCR Index. \r | |
1763 | @param[in] EventType Event type. \r | |
1764 | @param[in] VarName A Null-terminated string that is the name of the vendor's variable.\r | |
1765 | @param[in] VendorGuid A unique identifier for the vendor.\r | |
1766 | @param[in] VarData The content of the variable data. \r | |
1767 | @param[in] VarSize The size of the variable data. \r | |
1768 | \r | |
1769 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1770 | @retval EFI_OUT_OF_RESOURCES Out of memory.\r | |
1771 | @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r | |
1772 | \r | |
1773 | **/\r | |
1774 | EFI_STATUS\r | |
1775 | MeasureVariable (\r | |
1776 | IN TPM_PCRINDEX PCRIndex,\r | |
1777 | IN TCG_EVENTTYPE EventType,\r | |
1778 | IN CHAR16 *VarName,\r | |
1779 | IN EFI_GUID *VendorGuid,\r | |
1780 | IN VOID *VarData,\r | |
1781 | IN UINTN VarSize\r | |
1782 | )\r | |
1783 | {\r | |
1784 | EFI_STATUS Status;\r | |
1785 | TCG_PCR_EVENT_HDR TcgEvent;\r | |
1786 | UINTN VarNameLength;\r | |
1787 | EFI_VARIABLE_DATA_TREE *VarLog;\r | |
1788 | \r | |
1789 | DEBUG ((EFI_D_INFO, "Tcg2Dxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)PCRIndex, (UINTN)EventType));\r | |
1790 | DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));\r | |
1791 | \r | |
1792 | VarNameLength = StrLen (VarName);\r | |
1793 | TcgEvent.PCRIndex = PCRIndex;\r | |
1794 | TcgEvent.EventType = EventType;\r | |
1795 | \r | |
1796 | TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize\r | |
1797 | - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));\r | |
1798 | \r | |
1799 | VarLog = (EFI_VARIABLE_DATA_TREE *)AllocatePool (TcgEvent.EventSize);\r | |
1800 | if (VarLog == NULL) {\r | |
1801 | return EFI_OUT_OF_RESOURCES;\r | |
1802 | }\r | |
1803 | \r | |
1804 | VarLog->VariableName = *VendorGuid;\r | |
1805 | VarLog->UnicodeNameLength = VarNameLength;\r | |
1806 | VarLog->VariableDataLength = VarSize;\r | |
1807 | CopyMem (\r | |
1808 | VarLog->UnicodeName,\r | |
1809 | VarName,\r | |
1810 | VarNameLength * sizeof (*VarName)\r | |
1811 | );\r | |
1812 | if (VarSize != 0 && VarData != NULL) {\r | |
1813 | CopyMem (\r | |
1814 | (CHAR16 *)VarLog->UnicodeName + VarNameLength,\r | |
1815 | VarData,\r | |
1816 | VarSize\r | |
1817 | );\r | |
1818 | }\r | |
1819 | \r | |
1820 | if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) {\r | |
1821 | //\r | |
1822 | // Digest is the event data (EFI_VARIABLE_DATA)\r | |
1823 | //\r | |
1824 | Status = TcgDxeHashLogExtendEvent (\r | |
1825 | 0,\r | |
1826 | (UINT8*)VarLog,\r | |
1827 | TcgEvent.EventSize,\r | |
1828 | &TcgEvent,\r | |
1829 | (UINT8*)VarLog\r | |
1830 | );\r | |
1831 | } else {\r | |
1832 | Status = TcgDxeHashLogExtendEvent (\r | |
1833 | 0,\r | |
1834 | (UINT8*)VarData,\r | |
1835 | VarSize,\r | |
1836 | &TcgEvent,\r | |
1837 | (UINT8*)VarLog\r | |
1838 | );\r | |
1839 | }\r | |
1840 | FreePool (VarLog);\r | |
1841 | return Status;\r | |
1842 | }\r | |
1843 | \r | |
1844 | /**\r | |
1845 | Read then Measure and log an EFI variable, and extend the measurement result into a specific PCR.\r | |
1846 | \r | |
1847 | @param[in] PCRIndex PCR Index. \r | |
1848 | @param[in] EventType Event type. \r | |
1849 | @param[in] VarName A Null-terminated string that is the name of the vendor's variable.\r | |
1850 | @param[in] VendorGuid A unique identifier for the vendor.\r | |
1851 | @param[out] VarSize The size of the variable data. \r | |
1852 | @param[out] VarData Pointer to the content of the variable. \r | |
1853 | \r | |
1854 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1855 | @retval EFI_OUT_OF_RESOURCES Out of memory.\r | |
1856 | @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r | |
1857 | \r | |
1858 | **/\r | |
1859 | EFI_STATUS\r | |
1860 | ReadAndMeasureVariable (\r | |
1861 | IN TPM_PCRINDEX PCRIndex,\r | |
1862 | IN TCG_EVENTTYPE EventType,\r | |
1863 | IN CHAR16 *VarName,\r | |
1864 | IN EFI_GUID *VendorGuid,\r | |
1865 | OUT UINTN *VarSize,\r | |
1866 | OUT VOID **VarData\r | |
1867 | )\r | |
1868 | {\r | |
1869 | EFI_STATUS Status;\r | |
1870 | \r | |
1871 | Status = GetVariable2 (VarName, VendorGuid, VarData, VarSize);\r | |
1872 | if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) {\r | |
1873 | if (EFI_ERROR (Status)) {\r | |
1874 | //\r | |
1875 | // It is valid case, so we need handle it.\r | |
1876 | //\r | |
1877 | *VarData = NULL;\r | |
1878 | *VarSize = 0;\r | |
1879 | }\r | |
1880 | } else {\r | |
1881 | //\r | |
1882 | // if status error, VarData is freed and set NULL by GetVariable2\r | |
1883 | //\r | |
1884 | if (EFI_ERROR (Status)) {\r | |
1885 | return EFI_NOT_FOUND;\r | |
1886 | }\r | |
1887 | }\r | |
1888 | \r | |
1889 | Status = MeasureVariable (\r | |
1890 | PCRIndex,\r | |
1891 | EventType,\r | |
1892 | VarName,\r | |
1893 | VendorGuid,\r | |
1894 | *VarData,\r | |
1895 | *VarSize\r | |
1896 | );\r | |
1897 | return Status;\r | |
1898 | }\r | |
1899 | \r | |
1900 | /**\r | |
1901 | Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[5].\r | |
1902 | \r | |
1903 | @param[in] VarName A Null-terminated string that is the name of the vendor's variable.\r | |
1904 | @param[in] VendorGuid A unique identifier for the vendor.\r | |
1905 | @param[out] VarSize The size of the variable data. \r | |
1906 | @param[out] VarData Pointer to the content of the variable. \r | |
1907 | \r | |
1908 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1909 | @retval EFI_OUT_OF_RESOURCES Out of memory.\r | |
1910 | @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r | |
1911 | \r | |
1912 | **/\r | |
1913 | EFI_STATUS\r | |
1914 | ReadAndMeasureBootVariable (\r | |
1915 | IN CHAR16 *VarName,\r | |
1916 | IN EFI_GUID *VendorGuid,\r | |
1917 | OUT UINTN *VarSize,\r | |
1918 | OUT VOID **VarData\r | |
1919 | )\r | |
1920 | {\r | |
1921 | return ReadAndMeasureVariable (\r | |
1922 | 5,\r | |
1923 | EV_EFI_VARIABLE_BOOT,\r | |
1924 | VarName,\r | |
1925 | VendorGuid,\r | |
1926 | VarSize,\r | |
1927 | VarData\r | |
1928 | );\r | |
1929 | }\r | |
1930 | \r | |
1931 | /**\r | |
1932 | Read then Measure and log an EFI Secure variable, and extend the measurement result into PCR[7].\r | |
1933 | \r | |
1934 | @param[in] VarName A Null-terminated string that is the name of the vendor's variable.\r | |
1935 | @param[in] VendorGuid A unique identifier for the vendor.\r | |
1936 | @param[out] VarSize The size of the variable data. \r | |
1937 | @param[out] VarData Pointer to the content of the variable. \r | |
1938 | \r | |
1939 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1940 | @retval EFI_OUT_OF_RESOURCES Out of memory.\r | |
1941 | @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r | |
1942 | \r | |
1943 | **/\r | |
1944 | EFI_STATUS\r | |
1945 | ReadAndMeasureSecureVariable (\r | |
1946 | IN CHAR16 *VarName,\r | |
1947 | IN EFI_GUID *VendorGuid,\r | |
1948 | OUT UINTN *VarSize,\r | |
1949 | OUT VOID **VarData\r | |
1950 | )\r | |
1951 | {\r | |
1952 | return ReadAndMeasureVariable (\r | |
1953 | 7,\r | |
1954 | EV_EFI_VARIABLE_DRIVER_CONFIG,\r | |
1955 | VarName,\r | |
1956 | VendorGuid,\r | |
1957 | VarSize,\r | |
1958 | VarData\r | |
1959 | );\r | |
1960 | }\r | |
1961 | \r | |
1962 | /**\r | |
1963 | Measure and log all EFI boot variables, and extend the measurement result into a specific PCR.\r | |
1964 | \r | |
1965 | The EFI boot variables are BootOrder and Boot#### variables.\r | |
1966 | \r | |
1967 | @retval EFI_SUCCESS Operation completed successfully.\r | |
1968 | @retval EFI_OUT_OF_RESOURCES Out of memory.\r | |
1969 | @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r | |
1970 | \r | |
1971 | **/\r | |
1972 | EFI_STATUS\r | |
1973 | MeasureAllBootVariables (\r | |
1974 | VOID\r | |
1975 | )\r | |
1976 | {\r | |
1977 | EFI_STATUS Status;\r | |
1978 | UINT16 *BootOrder;\r | |
1979 | UINTN BootCount;\r | |
1980 | UINTN Index;\r | |
1981 | VOID *BootVarData;\r | |
1982 | UINTN Size;\r | |
1983 | \r | |
1984 | Status = ReadAndMeasureBootVariable (\r | |
1985 | mBootVarName,\r | |
1986 | &gEfiGlobalVariableGuid,\r | |
1987 | &BootCount,\r | |
1988 | (VOID **) &BootOrder\r | |
1989 | );\r | |
1990 | if (Status == EFI_NOT_FOUND || BootOrder == NULL) {\r | |
1991 | return EFI_SUCCESS;\r | |
1992 | }\r | |
1993 | \r | |
1994 | if (EFI_ERROR (Status)) {\r | |
1995 | //\r | |
1996 | // BootOrder can't be NULL if status is not EFI_NOT_FOUND\r | |
1997 | //\r | |
1998 | FreePool (BootOrder);\r | |
1999 | return Status;\r | |
2000 | }\r | |
2001 | \r | |
2002 | BootCount /= sizeof (*BootOrder);\r | |
2003 | for (Index = 0; Index < BootCount; Index++) {\r | |
2004 | UnicodeSPrint (mBootVarName, sizeof (mBootVarName), L"Boot%04x", BootOrder[Index]);\r | |
2005 | Status = ReadAndMeasureBootVariable (\r | |
2006 | mBootVarName,\r | |
2007 | &gEfiGlobalVariableGuid,\r | |
2008 | &Size,\r | |
2009 | &BootVarData\r | |
2010 | );\r | |
2011 | if (!EFI_ERROR (Status)) {\r | |
2012 | FreePool (BootVarData);\r | |
2013 | }\r | |
2014 | }\r | |
2015 | \r | |
2016 | FreePool (BootOrder);\r | |
2017 | return EFI_SUCCESS;\r | |
2018 | }\r | |
2019 | \r | |
2020 | /**\r | |
2021 | Measure and log all EFI Secure variables, and extend the measurement result into a specific PCR.\r | |
2022 | \r | |
2023 | The EFI boot variables are BootOrder and Boot#### variables.\r | |
2024 | \r | |
2025 | @retval EFI_SUCCESS Operation completed successfully.\r | |
2026 | @retval EFI_OUT_OF_RESOURCES Out of memory.\r | |
2027 | @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r | |
2028 | \r | |
2029 | **/\r | |
2030 | EFI_STATUS\r | |
2031 | MeasureAllSecureVariables (\r | |
2032 | VOID\r | |
2033 | )\r | |
2034 | {\r | |
2035 | EFI_STATUS Status;\r | |
2036 | VOID *Data;\r | |
2037 | UINTN DataSize;\r | |
2038 | UINTN Index;\r | |
2039 | \r | |
2040 | Status = EFI_NOT_FOUND;\r | |
2041 | for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) {\r | |
2042 | Status = ReadAndMeasureSecureVariable (\r | |
2043 | mVariableType[Index].VariableName,\r | |
2044 | mVariableType[Index].VendorGuid,\r | |
2045 | &DataSize,\r | |
2046 | &Data\r | |
2047 | );\r | |
2048 | if (!EFI_ERROR (Status)) {\r | |
2049 | if (Data != NULL) {\r | |
2050 | FreePool (Data);\r | |
2051 | }\r | |
2052 | }\r | |
2053 | }\r | |
2054 | \r | |
2055 | return EFI_SUCCESS;\r | |
2056 | }\r | |
2057 | \r | |
2058 | /**\r | |
2059 | Measure and log launch of FirmwareDebugger, and extend the measurement result into a specific PCR.\r | |
2060 | \r | |
2061 | @retval EFI_SUCCESS Operation completed successfully.\r | |
2062 | @retval EFI_OUT_OF_RESOURCES Out of memory.\r | |
2063 | @retval EFI_DEVICE_ERROR The operation was unsuccessful.\r | |
2064 | \r | |
2065 | **/\r | |
2066 | EFI_STATUS\r | |
2067 | MeasureLaunchOfFirmwareDebugger (\r | |
2068 | VOID\r | |
2069 | )\r | |
2070 | {\r | |
2071 | TCG_PCR_EVENT_HDR TcgEvent;\r | |
2072 | \r | |
2073 | TcgEvent.PCRIndex = 7;\r | |
2074 | TcgEvent.EventType = EV_EFI_ACTION;\r | |
2075 | TcgEvent.EventSize = sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1;\r | |
2076 | return TcgDxeHashLogExtendEvent (\r | |
2077 | 0,\r | |
2078 | (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING,\r | |
2079 | sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1,\r | |
2080 | &TcgEvent,\r | |
2081 | (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING\r | |
2082 | );\r | |
2083 | }\r | |
2084 | \r | |
2085 | /**\r | |
2086 | Measure and log all Secure Boot Policy, and extend the measurement result into a specific PCR.\r | |
2087 | \r | |
2088 | Platform firmware adhering to the policy must therefore measure the following values into PCR[7]: (in order listed)\r | |
2089 | - The contents of the SecureBoot variable\r | |
2090 | - The contents of the PK variable\r | |
2091 | - The contents of the KEK variable\r | |
2092 | - The contents of the EFI_IMAGE_SECURITY_DATABASE variable\r | |
2093 | - The contents of the EFI_IMAGE_SECURITY_DATABASE1 variable\r | |
2094 | - Separator\r | |
2095 | - Entries in the EFI_IMAGE_SECURITY_DATABASE that are used to validate EFI Drivers or EFI Boot Applications in the boot path\r | |
2096 | \r | |
2097 | NOTE: Because of the above, UEFI variables PK, KEK, EFI_IMAGE_SECURITY_DATABASE,\r | |
2098 | EFI_IMAGE_SECURITY_DATABASE1 and SecureBoot SHALL NOT be measured into PCR[3].\r | |
2099 | \r | |
2100 | @param[in] Event Event whose notification function is being invoked\r | |
2101 | @param[in] Context Pointer to the notification function's context\r | |
2102 | **/\r | |
2103 | VOID\r | |
2104 | EFIAPI\r | |
2105 | MeasureSecureBootPolicy (\r | |
2106 | IN EFI_EVENT Event,\r | |
2107 | IN VOID *Context\r | |
2108 | )\r | |
2109 | {\r | |
2110 | EFI_STATUS Status;\r | |
2111 | VOID *Protocol;\r | |
2112 | \r | |
2113 | Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, (VOID **)&Protocol);\r | |
2114 | if (EFI_ERROR (Status)) {\r | |
2115 | return;\r | |
2116 | }\r | |
2117 | \r | |
2118 | if (PcdGetBool (PcdFirmwareDebuggerInitialized)) {\r | |
2119 | Status = MeasureLaunchOfFirmwareDebugger ();\r | |
2120 | DEBUG ((EFI_D_INFO, "MeasureLaunchOfFirmwareDebugger - %r\n", Status));\r | |
2121 | }\r | |
2122 | \r | |
2123 | Status = MeasureAllSecureVariables ();\r | |
2124 | DEBUG ((EFI_D_INFO, "MeasureAllSecureVariables - %r\n", Status));\r | |
2125 | \r | |
2126 | //\r | |
2127 | // We need measure Separator(7) here, because this event must be between SecureBootPolicy (Configure)\r | |
2128 | // and ImageVerification (Authority)\r | |
2129 | // There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So\r | |
2130 | // the Authority measurement happen before ReadToBoot event.\r | |
2131 | //\r | |
2132 | Status = MeasureSeparatorEvent (7);\r | |
2133 | DEBUG ((EFI_D_INFO, "MeasureSeparatorEvent - %r\n", Status));\r | |
2134 | return ;\r | |
2135 | }\r | |
2136 | \r | |
2137 | /**\r | |
2138 | Ready to Boot Event notification handler.\r | |
2139 | \r | |
2140 | Sequence of OS boot events is measured in this event notification handler.\r | |
2141 | \r | |
2142 | @param[in] Event Event whose notification function is being invoked\r | |
2143 | @param[in] Context Pointer to the notification function's context\r | |
2144 | \r | |
2145 | **/\r | |
2146 | VOID\r | |
2147 | EFIAPI\r | |
2148 | OnReadyToBoot (\r | |
2149 | IN EFI_EVENT Event,\r | |
2150 | IN VOID *Context\r | |
2151 | )\r | |
2152 | {\r | |
2153 | EFI_STATUS Status;\r | |
2154 | TPM_PCRINDEX PcrIndex;\r | |
2155 | \r | |
2156 | PERF_START_EX (mImageHandle, "EventRec", "Tcg2Dxe", 0, PERF_ID_TCG2_DXE);\r | |
2157 | if (mBootAttempts == 0) {\r | |
2158 | \r | |
2159 | //\r | |
2160 | // Measure handoff tables.\r | |
2161 | //\r | |
2162 | Status = MeasureHandoffTables ();\r | |
2163 | if (EFI_ERROR (Status)) {\r | |
2164 | DEBUG ((EFI_D_ERROR, "HOBs not Measured. Error!\n"));\r | |
2165 | }\r | |
2166 | \r | |
2167 | //\r | |
2168 | // Measure BootOrder & Boot#### variables.\r | |
2169 | //\r | |
2170 | Status = MeasureAllBootVariables ();\r | |
2171 | if (EFI_ERROR (Status)) {\r | |
2172 | DEBUG ((EFI_D_ERROR, "Boot Variables not Measured. Error!\n"));\r | |
2173 | }\r | |
2174 | \r | |
2175 | //\r | |
2176 | // 1. This is the first boot attempt.\r | |
2177 | //\r | |
2178 | Status = TcgMeasureAction (\r | |
2179 | EFI_CALLING_EFI_APPLICATION\r | |
2180 | );\r | |
2181 | if (EFI_ERROR (Status)) {\r | |
655dabe3 | 2182 | DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION));\r |
1abfa4ce JY |
2183 | }\r |
2184 | \r | |
2185 | //\r | |
2186 | // 2. Draw a line between pre-boot env and entering post-boot env.\r | |
2187 | // PCR[7] is already done.\r | |
2188 | //\r | |
2189 | for (PcrIndex = 0; PcrIndex < 7; PcrIndex++) {\r | |
2190 | Status = MeasureSeparatorEvent (PcrIndex);\r | |
2191 | if (EFI_ERROR (Status)) {\r | |
2192 | DEBUG ((EFI_D_ERROR, "Seperator Event not Measured. Error!\n"));\r | |
2193 | }\r | |
2194 | }\r | |
2195 | \r | |
2196 | //\r | |
2197 | // 3. Measure GPT. It would be done in SAP driver.\r | |
2198 | //\r | |
2199 | \r | |
2200 | //\r | |
2201 | // 4. Measure PE/COFF OS loader. It would be done in SAP driver.\r | |
2202 | //\r | |
2203 | \r | |
2204 | //\r | |
2205 | // 5. Read & Measure variable. BootOrder already measured.\r | |
2206 | //\r | |
2207 | } else {\r | |
2208 | //\r | |
2209 | // 6. Not first attempt, meaning a return from last attempt\r | |
2210 | //\r | |
2211 | Status = TcgMeasureAction (\r | |
2212 | EFI_RETURNING_FROM_EFI_APPLICATOIN\r | |
2213 | );\r | |
2214 | if (EFI_ERROR (Status)) {\r | |
655dabe3 | 2215 | DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATOIN));\r |
1abfa4ce JY |
2216 | }\r |
2217 | }\r | |
2218 | \r | |
2219 | DEBUG ((EFI_D_INFO, "TPM2 Tcg2Dxe Measure Data when ReadyToBoot\n"));\r | |
2220 | //\r | |
2221 | // Increase boot attempt counter.\r | |
2222 | //\r | |
2223 | mBootAttempts++;\r | |
2224 | PERF_END_EX (mImageHandle, "EventRec", "Tcg2Dxe", 0, PERF_ID_TCG2_DXE + 1);\r | |
2225 | }\r | |
2226 | \r | |
2227 | /**\r | |
2228 | Exit Boot Services Event notification handler.\r | |
2229 | \r | |
2230 | Measure invocation and success of ExitBootServices.\r | |
2231 | \r | |
2232 | @param[in] Event Event whose notification function is being invoked\r | |
2233 | @param[in] Context Pointer to the notification function's context\r | |
2234 | \r | |
2235 | **/\r | |
2236 | VOID\r | |
2237 | EFIAPI\r | |
2238 | OnExitBootServices (\r | |
2239 | IN EFI_EVENT Event,\r | |
2240 | IN VOID *Context\r | |
2241 | )\r | |
2242 | {\r | |
2243 | EFI_STATUS Status;\r | |
2244 | \r | |
2245 | //\r | |
2246 | // Measure invocation of ExitBootServices,\r | |
2247 | //\r | |
2248 | Status = TcgMeasureAction (\r | |
2249 | EFI_EXIT_BOOT_SERVICES_INVOCATION\r | |
2250 | );\r | |
2251 | if (EFI_ERROR (Status)) {\r | |
655dabe3 | 2252 | DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION));\r |
1abfa4ce JY |
2253 | }\r |
2254 | \r | |
2255 | //\r | |
2256 | // Measure success of ExitBootServices\r | |
2257 | //\r | |
2258 | Status = TcgMeasureAction (\r | |
2259 | EFI_EXIT_BOOT_SERVICES_SUCCEEDED\r | |
2260 | );\r | |
2261 | if (EFI_ERROR (Status)) {\r | |
655dabe3 | 2262 | DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED));\r |
1abfa4ce JY |
2263 | }\r |
2264 | }\r | |
2265 | \r | |
2266 | /**\r | |
2267 | Exit Boot Services Failed Event notification handler.\r | |
2268 | \r | |
2269 | Measure Failure of ExitBootServices.\r | |
2270 | \r | |
2271 | @param[in] Event Event whose notification function is being invoked\r | |
2272 | @param[in] Context Pointer to the notification function's context\r | |
2273 | \r | |
2274 | **/\r | |
2275 | VOID\r | |
2276 | EFIAPI\r | |
2277 | OnExitBootServicesFailed (\r | |
2278 | IN EFI_EVENT Event,\r | |
2279 | IN VOID *Context\r | |
2280 | )\r | |
2281 | {\r | |
2282 | EFI_STATUS Status;\r | |
2283 | \r | |
2284 | //\r | |
2285 | // Measure Failure of ExitBootServices,\r | |
2286 | //\r | |
2287 | Status = TcgMeasureAction (\r | |
2288 | EFI_EXIT_BOOT_SERVICES_FAILED\r | |
2289 | );\r | |
2290 | if (EFI_ERROR (Status)) {\r | |
655dabe3 | 2291 | DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED));\r |
1abfa4ce JY |
2292 | }\r |
2293 | \r | |
2294 | }\r | |
2295 | \r | |
2296 | /**\r | |
2297 | The function install Tcg2 protocol.\r | |
2298 | \r | |
2299 | @retval EFI_SUCCESS Tcg2 protocol is installed.\r | |
2300 | @retval other Some error occurs.\r | |
2301 | **/\r | |
2302 | EFI_STATUS\r | |
2303 | InstallTcg2 (\r | |
2304 | VOID\r | |
2305 | )\r | |
2306 | {\r | |
2307 | EFI_STATUS Status;\r | |
2308 | EFI_HANDLE Handle;\r | |
2309 | \r | |
2310 | Handle = NULL;\r | |
2311 | Status = gBS->InstallMultipleProtocolInterfaces (\r | |
2312 | &Handle,\r | |
2313 | &gEfiTcg2ProtocolGuid,\r | |
2314 | &mTcg2Protocol,\r | |
2315 | NULL\r | |
2316 | );\r | |
2317 | return Status;\r | |
2318 | }\r | |
2319 | \r | |
2320 | /**\r | |
2321 | The driver's entry point. It publishes EFI Tcg2 Protocol.\r | |
2322 | \r | |
2323 | @param[in] ImageHandle The firmware allocated handle for the EFI image. \r | |
2324 | @param[in] SystemTable A pointer to the EFI System Table.\r | |
2325 | \r | |
2326 | @retval EFI_SUCCESS The entry point is executed successfully.\r | |
2327 | @retval other Some error occurs when executing this entry point.\r | |
2328 | **/\r | |
2329 | EFI_STATUS\r | |
2330 | EFIAPI\r | |
2331 | DriverEntry (\r | |
2332 | IN EFI_HANDLE ImageHandle,\r | |
2333 | IN EFI_SYSTEM_TABLE *SystemTable\r | |
2334 | )\r | |
2335 | {\r | |
2336 | EFI_STATUS Status;\r | |
2337 | EFI_EVENT Event;\r | |
2338 | VOID *Registration;\r | |
2339 | UINT32 MaxCommandSize;\r | |
2340 | UINT32 MaxResponseSize;\r | |
2341 | TPML_PCR_SELECTION Pcrs;\r | |
2342 | UINTN Index;\r | |
2343 | EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;\r | |
2344 | UINT32 ActivePCRBanks;\r | |
2345 | UINT32 NumberOfPCRBanks;\r | |
2346 | \r | |
2347 | mImageHandle = ImageHandle;\r | |
2348 | \r | |
2349 | if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||\r | |
2350 | CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){\r | |
2351 | DEBUG ((EFI_D_ERROR, "No TPM2 instance required!\n"));\r | |
2352 | return EFI_UNSUPPORTED;\r | |
2353 | }\r | |
2354 | \r | |
2355 | if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r | |
2356 | DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));\r | |
2357 | return EFI_DEVICE_ERROR;\r | |
2358 | }\r | |
2359 | \r | |
2360 | Status = Tpm2RequestUseTpm ();\r | |
2361 | if (EFI_ERROR (Status)) {\r | |
2362 | DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n"));\r | |
2363 | return Status;\r | |
2364 | }\r | |
2365 | \r | |
2366 | //\r | |
2367 | // Fill information\r | |
2368 | //\r | |
2369 | ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX == sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]));\r | |
2370 | \r | |
2371 | mTcgDxeData.BsCap.Size = sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY);\r | |
2372 | mTcgDxeData.BsCap.ProtocolVersion.Major = 1;\r | |
2373 | mTcgDxeData.BsCap.ProtocolVersion.Minor = 1;\r | |
2374 | mTcgDxeData.BsCap.StructureVersion.Major = 1;\r | |
2375 | mTcgDxeData.BsCap.StructureVersion.Minor = 1;\r | |
2376 | \r | |
2377 | DEBUG ((EFI_D_INFO, "Tcg2.ProtocolVersion - %02x.%02x\n", mTcgDxeData.BsCap.ProtocolVersion.Major, mTcgDxeData.BsCap.ProtocolVersion.Minor));\r | |
2378 | DEBUG ((EFI_D_INFO, "Tcg2.StructureVersion - %02x.%02x\n", mTcgDxeData.BsCap.StructureVersion.Major, mTcgDxeData.BsCap.StructureVersion.Minor));\r | |
2379 | \r | |
2380 | Status = Tpm2GetCapabilityManufactureID (&mTcgDxeData.BsCap.ManufacturerID);\r | |
2381 | if (EFI_ERROR (Status)) {\r | |
2382 | DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityManufactureID fail!\n"));\r | |
2383 | } else {\r | |
2384 | DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityManufactureID - %08x\n", mTcgDxeData.BsCap.ManufacturerID));\r | |
2385 | }\r | |
2386 | \r | |
2387 | DEBUG_CODE (\r | |
2388 | UINT32 FirmwareVersion1;\r | |
2389 | UINT32 FirmwareVersion2;\r | |
2390 | \r | |
2391 | Status = Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &FirmwareVersion2);\r | |
2392 | if (EFI_ERROR (Status)) {\r | |
2393 | DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityFirmwareVersion fail!\n"));\r | |
2394 | } else {\r | |
2395 | DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityFirmwareVersion - %08x %08x\n", FirmwareVersion1, FirmwareVersion2));\r | |
2396 | }\r | |
2397 | );\r | |
2398 | \r | |
2399 | Status = Tpm2GetCapabilityMaxCommandResponseSize (&MaxCommandSize, &MaxResponseSize);\r | |
2400 | if (EFI_ERROR (Status)) {\r | |
2401 | DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityMaxCommandResponseSize fail!\n"));\r | |
2402 | } else {\r | |
2403 | mTcgDxeData.BsCap.MaxCommandSize = (UINT16)MaxCommandSize;\r | |
2404 | mTcgDxeData.BsCap.MaxResponseSize = (UINT16)MaxResponseSize;\r | |
2405 | DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityMaxCommandResponseSize - %08x, %08x\n", MaxCommandSize, MaxResponseSize));\r | |
2406 | }\r | |
2407 | \r | |
2408 | //\r | |
2409 | // Get supported PCR and current Active PCRs\r | |
2410 | //\r | |
2411 | Status = Tpm2GetCapabilityPcrs (&Pcrs);\r | |
2412 | if (EFI_ERROR (Status)) {\r | |
2413 | DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));\r | |
2414 | TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;\r | |
1abfa4ce JY |
2415 | ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;\r |
2416 | } else {\r | |
2417 | DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));\r | |
1abfa4ce JY |
2418 | TpmHashAlgorithmBitmap = 0;\r |
2419 | ActivePCRBanks = 0;\r | |
2420 | for (Index = 0; Index < Pcrs.count; Index++) {\r | |
2421 | DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash));\r | |
2422 | switch (Pcrs.pcrSelections[Index].hash) {\r | |
2423 | case TPM_ALG_SHA1:\r | |
2424 | TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;\r | |
1abfa4ce JY |
2425 | if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r |
2426 | ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;\r | |
2427 | } \r | |
2428 | break;\r | |
2429 | case TPM_ALG_SHA256:\r | |
2430 | TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;\r | |
1abfa4ce JY |
2431 | if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r |
2432 | ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;\r | |
2433 | }\r | |
2434 | break;\r | |
2435 | case TPM_ALG_SHA384:\r | |
2436 | TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;\r | |
1abfa4ce JY |
2437 | if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r |
2438 | ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;\r | |
2439 | }\r | |
2440 | break;\r | |
2441 | case TPM_ALG_SHA512:\r | |
2442 | TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;\r | |
1abfa4ce JY |
2443 | if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r |
2444 | ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;\r | |
2445 | }\r | |
2446 | break;\r | |
2447 | case TPM_ALG_SM3_256:\r | |
2448 | TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;\r | |
1abfa4ce JY |
2449 | if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {\r |
2450 | ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;\r | |
2451 | }\r | |
2452 | break;\r | |
2453 | }\r | |
2454 | }\r | |
2455 | }\r | |
2456 | mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r | |
2457 | mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);\r | |
2458 | \r | |
a3cad6f8 JY |
2459 | //\r |
2460 | // Need calculate NumberOfPCRBanks here, because HashAlgorithmBitmap might be removed by PCD.\r | |
2461 | //\r | |
2462 | NumberOfPCRBanks = 0;\r | |
2463 | for (Index = 0; Index < 32; Index++) {\r | |
2464 | if ((mTcgDxeData.BsCap.HashAlgorithmBitmap & (1u << Index)) != 0) {\r | |
2465 | NumberOfPCRBanks++;\r | |
2466 | }\r | |
2467 | }\r | |
2468 | \r | |
1abfa4ce JY |
2469 | if (PcdGet32 (PcdTcg2NumberOfPCRBanks) == 0) {\r |
2470 | mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks;\r | |
2471 | } else {\r | |
2472 | mTcgDxeData.BsCap.NumberOfPCRBanks = PcdGet32 (PcdTcg2NumberOfPCRBanks);\r | |
2473 | if (PcdGet32 (PcdTcg2NumberOfPCRBanks) > NumberOfPCRBanks) {\r | |
2474 | DEBUG ((EFI_D_ERROR, "ERROR: PcdTcg2NumberOfPCRBanks(0x%x) > NumberOfPCRBanks(0x%x)\n", PcdGet32 (PcdTcg2NumberOfPCRBanks), NumberOfPCRBanks));\r | |
2475 | mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks;\r | |
2476 | }\r | |
2477 | }\r | |
2478 | \r | |
2479 | mTcgDxeData.BsCap.SupportedEventLogs = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;\r | |
87361c6a | 2480 | if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) == 0) {\r |
1abfa4ce JY |
2481 | //\r |
2482 | // No need to expose TCG1.2 event log if SHA1 bank does not exist.\r | |
2483 | //\r | |
87361c6a | 2484 | mTcgDxeData.BsCap.SupportedEventLogs &= ~EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;\r |
1abfa4ce JY |
2485 | }\r |
2486 | \r | |
2487 | DEBUG ((EFI_D_INFO, "Tcg2.SupportedEventLogs - 0x%08x\n", mTcgDxeData.BsCap.SupportedEventLogs));\r | |
2488 | DEBUG ((EFI_D_INFO, "Tcg2.HashAlgorithmBitmap - 0x%08x\n", mTcgDxeData.BsCap.HashAlgorithmBitmap));\r | |
2489 | DEBUG ((EFI_D_INFO, "Tcg2.NumberOfPCRBanks - 0x%08x\n", mTcgDxeData.BsCap.NumberOfPCRBanks));\r | |
2490 | DEBUG ((EFI_D_INFO, "Tcg2.ActivePcrBanks - 0x%08x\n", mTcgDxeData.BsCap.ActivePcrBanks));\r | |
2491 | \r | |
2492 | if (mTcgDxeData.BsCap.TPMPresentFlag) {\r | |
2493 | //\r | |
2494 | // Setup the log area and copy event log from hob list to it\r | |
2495 | //\r | |
2496 | Status = SetupEventLog ();\r | |
2497 | ASSERT_EFI_ERROR (Status);\r | |
2498 | \r | |
2499 | //\r | |
2500 | // Measure handoff tables, Boot#### variables etc.\r | |
2501 | //\r | |
2502 | Status = EfiCreateEventReadyToBootEx (\r | |
2503 | TPL_CALLBACK,\r | |
2504 | OnReadyToBoot,\r | |
2505 | NULL,\r | |
2506 | &Event\r | |
2507 | );\r | |
2508 | \r | |
2509 | Status = gBS->CreateEventEx (\r | |
2510 | EVT_NOTIFY_SIGNAL,\r | |
2511 | TPL_NOTIFY,\r | |
2512 | OnExitBootServices,\r | |
2513 | NULL,\r | |
2514 | &gEfiEventExitBootServicesGuid,\r | |
2515 | &Event\r | |
2516 | );\r | |
2517 | \r | |
2518 | //\r | |
2519 | // Measure Exit Boot Service failed \r | |
2520 | //\r | |
2521 | Status = gBS->CreateEventEx (\r | |
2522 | EVT_NOTIFY_SIGNAL,\r | |
2523 | TPL_NOTIFY,\r | |
2524 | OnExitBootServicesFailed,\r | |
2525 | NULL,\r | |
2526 | &gEventExitBootServicesFailedGuid,\r | |
2527 | &Event\r | |
2528 | );\r | |
2529 | \r | |
2530 | //\r | |
2531 | // Create event callback, because we need access variable on SecureBootPolicyVariable\r | |
2532 | // We should use VariableWriteArch instead of VariableArch, because Variable driver\r | |
2533 | // may update SecureBoot value based on last setting.\r | |
2534 | //\r | |
2535 | EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_CALLBACK, MeasureSecureBootPolicy, NULL, &Registration);\r | |
2536 | }\r | |
2537 | \r | |
2538 | //\r | |
2539 | // Install Tcg2Protocol\r | |
2540 | //\r | |
2541 | Status = InstallTcg2 ();\r | |
2542 | DEBUG ((EFI_D_INFO, "InstallTcg2 - %r\n", Status));\r | |
2543 | \r | |
2544 | return Status;\r | |
2545 | }\r |