[mirror_edk2.git] / SecurityPkg / Tcg / TcgPei / TcgPei.c

/** @file\r
  Initialize TPM device and measure FVs before handing off control to DXE.\r
\r
Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution.  The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <PiPei.h>\r
\r
#include <IndustryStandard/Tpm12.h>\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Ppi/FirmwareVolumeInfo.h>\r
#include <Ppi/LockPhysicalPresence.h>\r
#include <Ppi/TpmInitialized.h>\r
#include <Ppi/FirmwareVolume.h>\r
#include <Guid/TcgEventHob.h>\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/PeiServicesLib.h>\r
#include <Library/PeimEntryPoint.h>\r
#include <Library/TpmCommLib.h>\r
#include <Library/HobLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/PeiServicesTablePointerLib.h>\r
\r
#include "TpmComm.h"\r
\r
BOOLEAN                 mImageInMemory  = FALSE;\r
\r
EFI_PEI_PPI_DESCRIPTOR  mTpmInitializedPpiList = {\r
  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
  &gPeiTpmInitializedPpiGuid,\r
  NULL\r
};\r
\r
/**\r
  Lock physical presence if needed.\r
\r
  @param[in] PeiServices       An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
  @param[in] NotifyDescriptor  Address of the notification descriptor data structure.\r
  @param[in] Ppi               Address of the PPI that was installed.\r
\r
  @retval EFI_SUCCESS          Operation completed successfully.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PhysicalPresencePpiNotifyCallback (\r
  IN EFI_PEI_SERVICES              **PeiServices,\r
  IN EFI_PEI_NOTIFY_DESCRIPTOR     *NotifyDescriptor,\r
  IN VOID                          *Ppi\r
  );\r
\r
/**\r
  Measure and record the Firmware Volum Information once FvInfoPPI install.\r
\r
  @param[in] PeiServices       An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
  @param[in] NotifyDescriptor  Address of the notification descriptor data structure.\r
  @param[in] Ppi               Address of the PPI that was installed.\r
\r
  @retval EFI_SUCCESS          The FV Info is measured and recorded to TPM.\r
  @return Others               Fail to measure FV.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FirmwareVolmeInfoPpiNotifyCallback (\r
  IN EFI_PEI_SERVICES              **PeiServices,\r
  IN EFI_PEI_NOTIFY_DESCRIPTOR     *NotifyDescriptor,\r
  IN VOID                          *Ppi\r
  );\r
\r
EFI_PEI_NOTIFY_DESCRIPTOR           mNotifyList[] = {\r
  {\r
    EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
    &gPeiLockPhysicalPresencePpiGuid,\r
    PhysicalPresencePpiNotifyCallback\r
  },\r
  {\r
    (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
    &gEfiPeiFirmwareVolumeInfoPpiGuid,\r
    FirmwareVolmeInfoPpiNotifyCallback \r
  }\r
};\r
\r
CHAR8 mSCrtmVersion[] = "{D20BC7C6-A1A5-415c-AE85-38290AB6BE04}";\r
\r
EFI_PLATFORM_FIRMWARE_BLOB mMeasuredFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
UINT32 mMeasuredFvIndex = 0;\r
\r
/**\r
  Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,\r
  and build a GUIDed HOB recording the event which will be passed to the DXE phase and\r
  added into the Event Log.\r
\r
  @param[in]      PeiServices   Describes the list of possible PEI Services.\r
  @param[in]      HashData      Physical address of the start of the data buffer \r
                                to be hashed, extended, and logged.\r
  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData.\r
  @param[in]      TpmHandle     TPM handle.\r
  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data structure.  \r
  @param[in]      NewEventData  Pointer to the new event data.  \r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
HashLogExtendEvent (\r
  IN      EFI_PEI_SERVICES          **PeiServices,\r
  IN      UINT8                     *HashData,\r
  IN      UINTN                     HashDataLen,\r
  IN      TIS_TPM_HANDLE            TpmHandle,\r
  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,\r
  IN      UINT8                     *NewEventData\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  VOID                              *HobData;\r
\r
  HobData = NULL;\r
  if (HashDataLen != 0) {\r
    Status = TpmCommHashAll (\r
               HashData,\r
               HashDataLen,\r
               &NewEventHdr->Digest\r
               );\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  Status = TpmCommExtend (\r
             PeiServices,\r
             TpmHandle,\r
             &NewEventHdr->Digest,\r
             NewEventHdr->PCRIndex,\r
             NULL\r
             );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  HobData = BuildGuidHob (\r
             &gTcgEventEntryHobGuid,\r
             sizeof (*NewEventHdr) + NewEventHdr->EventSize\r
             );\r
  if (HobData == NULL) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));\r
  HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr));\r
  CopyMem (HobData, NewEventData, NewEventHdr->EventSize);\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Measure CRTM version.\r
\r
  @param[in]      PeiServices   Describes the list of possible PEI Services.\r
  @param[in]      TpmHandle     TPM handle.\r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
MeasureCRTMVersion (\r
  IN      EFI_PEI_SERVICES          **PeiServices,\r
  IN      TIS_TPM_HANDLE            TpmHandle\r
  )\r
{\r
  TCG_PCR_EVENT_HDR                 TcgEventHdr;\r
\r
  //\r
  // Here, only a static GUID is measured instead of real CRTM version.\r
  // OEMs should get real CRTM version string and measure it.\r
  //\r
\r
  TcgEventHdr.PCRIndex  = 0;\r
  TcgEventHdr.EventType = EV_S_CRTM_VERSION;\r
  TcgEventHdr.EventSize = sizeof (mSCrtmVersion);\r
  return HashLogExtendEvent (\r
           PeiServices,\r
           (UINT8*)&mSCrtmVersion,\r
           TcgEventHdr.EventSize,\r
           TpmHandle,\r
           &TcgEventHdr,\r
           (UINT8*)&mSCrtmVersion\r
           );\r
}\r
\r
/**\r
  Measure FV image. \r
  Add it into the measured FV list after the FV is measured successfully. \r
\r
  @param[in]  FvBase            Base address of FV image.\r
  @param[in]  FvLength          Length of FV image.\r
\r
  @retval EFI_SUCCESS           Fv image is measured successfully \r
                                or it has been already measured.\r
  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
MeasureFvImage (\r
  IN EFI_PHYSICAL_ADDRESS           FvBase,\r
  IN UINT64                         FvLength\r
  )\r
{\r
  UINT32                            Index;\r
  EFI_STATUS                        Status;\r
  EFI_PLATFORM_FIRMWARE_BLOB        FvBlob;\r
  TCG_PCR_EVENT_HDR                 TcgEventHdr;\r
  TIS_TPM_HANDLE                    TpmHandle;\r
\r
  TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
\r
  //\r
  // Check whether FV is in the measured FV list.\r
  //\r
  for (Index = 0; Index < mMeasuredFvIndex; Index ++) {\r
    if (mMeasuredFvInfo[Index].BlobBase == FvBase) {\r
      return EFI_SUCCESS;\r
    }\r
  }\r
  \r
  //\r
  // Measure and record the FV to the TPM\r
  //\r
  FvBlob.BlobBase   = FvBase;\r
  FvBlob.BlobLength = FvLength;\r
\r
  DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei starts at: 0x%x\n", FvBlob.BlobBase));\r
  DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei has the size: 0x%x\n", FvBlob.BlobLength));\r
\r
  TcgEventHdr.PCRIndex = 0;\r
  TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;\r
  TcgEventHdr.EventSize = sizeof (FvBlob);\r
\r
  Status = HashLogExtendEvent (\r
             (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),\r
             (UINT8*) (UINTN) FvBlob.BlobBase,\r
             (UINTN) FvBlob.BlobLength,\r
             TpmHandle,\r
             &TcgEventHdr,\r
             (UINT8*) &FvBlob\r
             );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  //\r
  // Add new FV into the measured FV list.\r
  //\r
  ASSERT (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
  if (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
    mMeasuredFvInfo[mMeasuredFvIndex].BlobBase   = FvBase;\r
    mMeasuredFvInfo[mMeasuredFvIndex++].BlobLength = FvLength;\r
  }\r
\r
  return Status;\r
}\r
\r
/**\r
  Measure main BIOS.\r
\r
  @param[in]      PeiServices   Describes the list of possible PEI Services.\r
  @param[in]      TpmHandle     TPM handle.\r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
MeasureMainBios (\r
  IN      EFI_PEI_SERVICES          **PeiServices,\r
  IN      TIS_TPM_HANDLE            TpmHandle\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINT32                            FvInstances;\r
  EFI_PEI_FV_HANDLE                 VolumeHandle;\r
  EFI_FV_INFO                       VolumeInfo;\r
  EFI_PEI_FIRMWARE_VOLUME_PPI       *FvPpi;\r
  \r
  FvInstances    = 0;\r
  while (TRUE) {\r
    //\r
    // Traverse all firmware volume instances of Static Core Root of Trust for Measurement\r
    // (S-CRTM), this firmware volume measure policy can be modified/enhanced by special\r
    // platform for special CRTM TPM measuring.\r
    //\r
    Status = PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle);\r
    if (EFI_ERROR (Status)) {\r
      break;\r
    }\r
  \r
    //\r
    // Measure and record the firmware volume that is dispatched by PeiCore\r
    //\r
    Status = PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo);\r
    ASSERT_EFI_ERROR (Status);\r
    //\r
    // Locate the corresponding FV_PPI according to founded FV's format guid\r
    //\r
    Status = PeiServicesLocatePpi (\r
               &VolumeInfo.FvFormat, \r
               0, \r
               NULL,\r
               (VOID**)&FvPpi\r
               );\r
    if (!EFI_ERROR (Status)) {\r
      MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize);\r
    }\r
\r
    FvInstances++;\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Measure and record the Firmware Volum Information once FvInfoPPI install.\r
\r
  @param[in] PeiServices       An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
  @param[in] NotifyDescriptor  Address of the notification descriptor data structure.\r
  @param[in] Ppi               Address of the PPI that was installed.\r
\r
  @retval EFI_SUCCESS          The FV Info is measured and recorded to TPM.\r
  @return Others               Fail to measure FV.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FirmwareVolmeInfoPpiNotifyCallback (\r
  IN EFI_PEI_SERVICES               **PeiServices,\r
  IN EFI_PEI_NOTIFY_DESCRIPTOR      *NotifyDescriptor,\r
  IN VOID                           *Ppi\r
  )\r
{\r
  EFI_PEI_FIRMWARE_VOLUME_INFO_PPI  *Fv;\r
  EFI_STATUS                        Status;\r
  EFI_PEI_FIRMWARE_VOLUME_PPI       *FvPpi;\r
\r
  Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi;\r
\r
  //\r
  // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi.\r
  //\r
  Status = PeiServicesLocatePpi (\r
             &Fv->FvFormat, \r
             0, \r
             NULL,\r
             (VOID**)&FvPpi\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return EFI_SUCCESS;\r
  }\r
  \r
  //\r
  // This is an FV from an FFS file, and the parent FV must have already been measured,\r
  // No need to measure twice, so just returns\r
  //\r
  if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {\r
    return EFI_SUCCESS;\r
  }\r
\r
  return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize);\r
}\r
\r
/**\r
  Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by corresponding PCDs.\r
  And lock physical presence if needed.\r
\r
  @param[in] PeiServices        An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
  @param[in] NotifyDescriptor   Address of the notification descriptor data structure.\r
  @param[in] Ppi                Address of the PPI that was installed.\r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_ABORTED           physicalPresenceCMDEnable is locked.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PhysicalPresencePpiNotifyCallback (\r
  IN EFI_PEI_SERVICES               **PeiServices,\r
  IN EFI_PEI_NOTIFY_DESCRIPTOR      *NotifyDescriptor,\r
  IN VOID                           *Ppi\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  PEI_LOCK_PHYSICAL_PRESENCE_PPI    *LockPhysicalPresencePpi;\r
  BOOLEAN                           LifetimeLock;\r
  BOOLEAN                           CmdEnable;\r
  TIS_TPM_HANDLE                    TpmHandle;\r
  TPM_PHYSICAL_PRESENCE             PhysicalPresenceValue;\r
\r
  TpmHandle        = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
\r
  Status = TpmCommGetCapability (PeiServices, TpmHandle, NULL, &LifetimeLock, &CmdEnable);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  //\r
  // 1. Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by PCDs.\r
  //\r
  if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !LifetimeLock) {\r
    //\r
    // Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. \r
    //\r
    PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK;\r
\r
    if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) {\r
      PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;\r
      CmdEnable = TRUE;\r
    } else {\r
      PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE;\r
      CmdEnable = FALSE;\r
    }\r
\r
    if (PcdGetBool (PcdPhysicalPresenceHwEnable)) {\r
      PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_ENABLE;\r
    } else {\r
      PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_DISABLE;\r
    }      \r
     \r
    Status = TpmCommPhysicalPresence (\r
               PeiServices,\r
               TpmHandle,\r
               PhysicalPresenceValue\r
               );\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  }\r
  \r
  //\r
  // 2. Lock physical presence if it is required.\r
  //\r
  LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;\r
  if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {\r
    return EFI_SUCCESS;\r
  }\r
\r
  if (!CmdEnable) {\r
    if (LifetimeLock) {\r
      //\r
      // physicalPresenceCMDEnable is locked, can't change.\r
      //\r
      return EFI_ABORTED;\r
    }\r
\r
    //\r
    // Enable physical presence command\r
    // It is necessary in order to lock physical presence\r
    //\r
    Status = TpmCommPhysicalPresence (\r
               PeiServices,\r
               TpmHandle,\r
               TPM_PHYSICAL_PRESENCE_CMD_ENABLE\r
               );\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  }\r
\r
  //\r
  // Lock physical presence\r
  // \r
  Status = TpmCommPhysicalPresence (\r
              PeiServices,\r
              TpmHandle,\r
              TPM_PHYSICAL_PRESENCE_LOCK\r
              );\r
  return Status;\r
}\r
\r
/**\r
  Check if TPM chip is activeated or not.\r
\r
  @param[in]      PeiServices   Describes the list of possible PEI Services.\r
  @param[in]      TpmHandle     TPM handle.\r
\r
  @retval TRUE    TPM is activated.\r
  @retval FALSE   TPM is deactivated.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
IsTpmUsable (\r
  IN      EFI_PEI_SERVICES          **PeiServices,\r
  IN      TIS_TPM_HANDLE            TpmHandle\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  BOOLEAN                           Deactivated;\r
\r
  Status = TpmCommGetCapability (PeiServices, TpmHandle, &Deactivated, NULL, NULL);\r
  if (EFI_ERROR (Status)) {\r
    return FALSE;\r
  }\r
  return (BOOLEAN)(!Deactivated); \r
}\r
\r
/**\r
  Do measurement after memory is ready.\r
\r
  @param[in]      PeiServices   Describes the list of possible PEI Services.\r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PeimEntryMP (\r
  IN      EFI_PEI_SERVICES          **PeiServices\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TIS_TPM_HANDLE                    TpmHandle;\r
\r
  TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
  Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (IsTpmUsable (PeiServices, TpmHandle)) {\r
    Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r
    ASSERT_EFI_ERROR (Status);\r
\r
    Status = MeasureMainBios (PeiServices, TpmHandle);\r
  }  \r
\r
  //\r
  // Post callbacks:\r
  // 1). for the FvInfoPpi services to measure and record\r
  // the additional Fvs to TPM\r
  // 2). for the OperatorPresencePpi service to determine whether to \r
  // lock the TPM\r
  //\r
  Status = PeiServicesNotifyPpi (&mNotifyList[0]);\r
  ASSERT_EFI_ERROR (Status);\r
\r
  return Status;\r
}\r
\r
/**\r
  Entry point of this module.\r
\r
  @param[in] FileHandle   Handle of the file being invoked.\r
  @param[in] PeiServices  Describes the list of possible PEI Services.\r
\r
  @return Status.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PeimEntryMA (\r
  IN       EFI_PEI_FILE_HANDLE      FileHandle,\r
  IN CONST EFI_PEI_SERVICES         **PeiServices\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  EFI_BOOT_MODE                     BootMode;\r
  TIS_TPM_HANDLE                    TpmHandle;\r
\r
  if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  Status = (**PeiServices).RegisterForShadow(FileHandle);\r
  if (Status == EFI_ALREADY_STARTED) {\r
    mImageInMemory = TRUE;\r
  } else if (Status == EFI_NOT_FOUND) {\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  if (!mImageInMemory) {\r
    //\r
    // Initialize TPM device\r
    //\r
    Status = PeiServicesGetBootMode (&BootMode);\r
    ASSERT_EFI_ERROR (Status);\r
\r
    TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
    Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
    if (EFI_ERROR (Status)) {\r
      DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));\r
      return Status;\r
    }\r
\r
    Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);\r
    if (EFI_ERROR (Status) ) {\r
      return Status;\r
    }\r
    Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
    Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  if (mImageInMemory) {\r
    Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  }\r
\r
  return Status;\r
}\r
Commit	Line	Data
0c18794e	1	/** @file\r
	2	Initialize TPM device and measure FVs before handing off control to DXE.\r
	3	\r
5a500332	4	Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
0c18794e	5	This program and the accompanying materials \r
	6	are licensed and made available under the terms and conditions of the BSD License \r
	7	which accompanies this distribution. The full text of the license may be found at \r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include <PiPei.h>\r
	16	\r
	17	#include <IndustryStandard/Tpm12.h>\r
	18	#include <IndustryStandard/UefiTcgPlatform.h>\r
	19	#include <Ppi/FirmwareVolumeInfo.h>\r
	20	#include <Ppi/LockPhysicalPresence.h>\r
	21	#include <Ppi/TpmInitialized.h>\r
	22	#include <Ppi/FirmwareVolume.h>\r
	23	#include <Guid/TcgEventHob.h>\r
	24	#include <Library/DebugLib.h>\r
	25	#include <Library/BaseMemoryLib.h>\r
	26	#include <Library/PeiServicesLib.h>\r
	27	#include <Library/PeimEntryPoint.h>\r
	28	#include <Library/TpmCommLib.h>\r
	29	#include <Library/HobLib.h>\r
	30	#include <Library/PcdLib.h>\r
	31	#include <Library/PeiServicesTablePointerLib.h>\r
	32	\r
	33	#include "TpmComm.h"\r
	34	\r
	35	BOOLEAN mImageInMemory = FALSE;\r
	36	\r
	37	EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = {\r
	38	EFI_PEI_PPI_DESCRIPTOR_PPI \| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
	39	&gPeiTpmInitializedPpiGuid,\r
	40	NULL\r
	41	};\r
	42	\r
	43	/**\r
	44	Lock physical presence if needed.\r
	45	\r
	46	@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
	47	@param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
	48	@param[in] Ppi Address of the PPI that was installed.\r
	49	\r
	50	@retval EFI_SUCCESS Operation completed successfully.\r
	51	\r
	52	**/\r
	53	EFI_STATUS\r
	54	EFIAPI\r
	55	PhysicalPresencePpiNotifyCallback (\r
	56	IN EFI_PEI_SERVICES **PeiServices,\r
	57	IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
	58	IN VOID *Ppi\r
	59	);\r
	60	\r
	61	/**\r
	62	Measure and record the Firmware Volum Information once FvInfoPPI install.\r
	63	\r
	64	@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
	65	@param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
	66	@param[in] Ppi Address of the PPI that was installed.\r
	67	\r
	68	@retval EFI_SUCCESS The FV Info is measured and recorded to TPM.\r
69	@return Others Fail to measure FV.\r
70	\r
71	**/\r
72	EFI_STATUS\r
73	EFIAPI\r
74	FirmwareVolmeInfoPpiNotifyCallback (\r
75	IN EFI_PEI_SERVICES **PeiServices,\r
76	IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
77	IN VOID *Ppi\r
78	);\r
79	\r
80	EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {\r
81	{\r
82	EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
83	&gPeiLockPhysicalPresencePpiGuid,\r
84	PhysicalPresencePpiNotifyCallback\r
85	},\r
86	{\r
87	(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK \| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
88	&gEfiPeiFirmwareVolumeInfoPpiGuid,\r
89	FirmwareVolmeInfoPpiNotifyCallback \r
90	}\r
91	};\r
92	\r
93	CHAR8 mSCrtmVersion[] = "{D20BC7C6-A1A5-415c-AE85-38290AB6BE04}";\r
94	\r
95	EFI_PLATFORM_FIRMWARE_BLOB mMeasuredFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
96	UINT32 mMeasuredFvIndex = 0;\r
97	\r
98	/**\r
99	Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,\r
100	and build a GUIDed HOB recording the event which will be passed to the DXE phase and\r
101	added into the Event Log.\r
102	\r
103	@param[in] PeiServices Describes the list of possible PEI Services.\r
104	@param[in] HashData Physical address of the start of the data buffer \r
105	to be hashed, extended, and logged.\r
106	@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.\r
107	@param[in] TpmHandle TPM handle.\r
108	@param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. \r
109	@param[in] NewEventData Pointer to the new event data. \r
110	\r
111	@retval EFI_SUCCESS Operation completed successfully.\r
112	@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
113	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
114	\r
115	**/\r
116	EFI_STATUS\r
117	HashLogExtendEvent (\r
118	IN EFI_PEI_SERVICES **PeiServices,\r
119	IN UINT8 *HashData,\r
120	IN UINTN HashDataLen,\r
121	IN TIS_TPM_HANDLE TpmHandle,\r
122	IN TCG_PCR_EVENT_HDR *NewEventHdr,\r
123	IN UINT8 *NewEventData\r
124	)\r
125	{\r
126	EFI_STATUS Status;\r
127	VOID *HobData;\r
128	\r
129	HobData = NULL;\r
130	if (HashDataLen != 0) {\r
131	Status = TpmCommHashAll (\r
132	HashData,\r
133	HashDataLen,\r
134	&NewEventHdr->Digest\r
135	);\r
136	ASSERT_EFI_ERROR (Status);\r
137	}\r
138	\r
139	Status = TpmCommExtend (\r
140	PeiServices,\r
141	TpmHandle,\r
142	&NewEventHdr->Digest,\r
143	NewEventHdr->PCRIndex,\r
144	NULL\r
145	);\r
146	ASSERT_EFI_ERROR (Status);\r
147	\r
148	HobData = BuildGuidHob (\r
149	&gTcgEventEntryHobGuid,\r
150	sizeof (*NewEventHdr) + NewEventHdr->EventSize\r
151	);\r
152	if (HobData == NULL) {\r
153	return EFI_OUT_OF_RESOURCES;\r
154	}\r
155	\r
156	CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));\r
157	HobData = (VOID ) ((UINT8)HobData + sizeof (*NewEventHdr));\r
158	CopyMem (HobData, NewEventData, NewEventHdr->EventSize);\r
159	return EFI_SUCCESS;\r
160	}\r
161	\r
162	/**\r
163	Measure CRTM version.\r
164	\r
165	@param[in] PeiServices Describes the list of possible PEI Services.\r
166	@param[in] TpmHandle TPM handle.\r
167	\r
168	@retval EFI_SUCCESS Operation completed successfully.\r
169	@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
170	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
171	\r
172	**/\r
173	EFI_STATUS\r
174	EFIAPI\r
175	MeasureCRTMVersion (\r
176	IN EFI_PEI_SERVICES **PeiServices,\r
177	IN TIS_TPM_HANDLE TpmHandle\r
178	)\r
179	{\r
180	TCG_PCR_EVENT_HDR TcgEventHdr;\r
181	\r
182	//\r
183	// Here, only a static GUID is measured instead of real CRTM version.\r
184	// OEMs should get real CRTM version string and measure it.\r
185	//\r
186	\r
187	TcgEventHdr.PCRIndex = 0;\r
188	TcgEventHdr.EventType = EV_S_CRTM_VERSION;\r
189	TcgEventHdr.EventSize = sizeof (mSCrtmVersion);\r
190	return HashLogExtendEvent (\r
191	PeiServices,\r
192	(UINT8*)&mSCrtmVersion,\r
193	TcgEventHdr.EventSize,\r
194	TpmHandle,\r
195	&TcgEventHdr,\r
196	(UINT8*)&mSCrtmVersion\r
197	);\r
198	}\r
199	\r
200	/**\r
201	Measure FV image. \r
202	Add it into the measured FV list after the FV is measured successfully. \r
203	\r
204	@param[in] FvBase Base address of FV image.\r
205	@param[in] FvLength Length of FV image.\r
206	\r
207	@retval EFI_SUCCESS Fv image is measured successfully \r
208	or it has been already measured.\r
209	@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
210	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
211	\r
212	**/\r
213	EFI_STATUS\r
214	EFIAPI\r
215	MeasureFvImage (\r
216	IN EFI_PHYSICAL_ADDRESS FvBase,\r
217	IN UINT64 FvLength\r
218	)\r
219	{\r
220	UINT32 Index;\r
221	EFI_STATUS Status;\r
222	EFI_PLATFORM_FIRMWARE_BLOB FvBlob;\r
223	TCG_PCR_EVENT_HDR TcgEventHdr;\r
224	TIS_TPM_HANDLE TpmHandle;\r
225	\r
226	TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
227	\r
228	//\r
229	// Check whether FV is in the measured FV list.\r
230	//\r
231	for (Index = 0; Index < mMeasuredFvIndex; Index ++) {\r
232	if (mMeasuredFvInfo[Index].BlobBase == FvBase) {\r
233	return EFI_SUCCESS;\r
234	}\r
235	}\r
236	\r
237	//\r
238	// Measure and record the FV to the TPM\r
239	//\r
240	FvBlob.BlobBase = FvBase;\r
241	FvBlob.BlobLength = FvLength;\r
242	\r
243	DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei starts at: 0x%x\n", FvBlob.BlobBase));\r
244	DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei has the size: 0x%x\n", FvBlob.BlobLength));\r
245	\r
246	TcgEventHdr.PCRIndex = 0;\r
247	TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;\r
248	TcgEventHdr.EventSize = sizeof (FvBlob);\r
249	\r
250	Status = HashLogExtendEvent (\r
251	(EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),\r
252	(UINT8*) (UINTN) FvBlob.BlobBase,\r
253	(UINTN) FvBlob.BlobLength,\r
254	TpmHandle,\r
255	&TcgEventHdr,\r
256	(UINT8*) &FvBlob\r
257	);\r
258	ASSERT_EFI_ERROR (Status);\r
259	\r
260	//\r
261	// Add new FV into the measured FV list.\r
262	//\r
263	ASSERT (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
264	if (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
265	mMeasuredFvInfo[mMeasuredFvIndex].BlobBase = FvBase;\r
266	mMeasuredFvInfo[mMeasuredFvIndex++].BlobLength = FvLength;\r
267	}\r
268	\r
269	return Status;\r
270	}\r
271	\r
272	/**\r
273	Measure main BIOS.\r
274	\r
275	@param[in] PeiServices Describes the list of possible PEI Services.\r
276	@param[in] TpmHandle TPM handle.\r
277	\r
278	@retval EFI_SUCCESS Operation completed successfully.\r
279	@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
280	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
281	\r
282	**/\r
283	EFI_STATUS\r
284	EFIAPI\r
285	MeasureMainBios (\r
286	IN EFI_PEI_SERVICES **PeiServices,\r
287	IN TIS_TPM_HANDLE TpmHandle\r
288	)\r
289	{\r
290	EFI_STATUS Status;\r
291	UINT32 FvInstances;\r
292	EFI_PEI_FV_HANDLE VolumeHandle;\r
293	EFI_FV_INFO VolumeInfo;\r
294	EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
295	\r
296	FvInstances = 0;\r
297	while (TRUE) {\r
298	//\r
299	// Traverse all firmware volume instances of Static Core Root of Trust for Measurement\r
300	// (S-CRTM), this firmware volume measure policy can be modified/enhanced by special\r
301	// platform for special CRTM TPM measuring.\r
302	//\r
303	Status = PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle);\r
304	if (EFI_ERROR (Status)) {\r
305	break;\r
306	}\r
307	\r
308	//\r
309	// Measure and record the firmware volume that is dispatched by PeiCore\r
310	//\r
311	Status = PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo);\r
312	ASSERT_EFI_ERROR (Status);\r
313	//\r
314	// Locate the corresponding FV_PPI according to founded FV's format guid\r
315	//\r
316	Status = PeiServicesLocatePpi (\r
317	&VolumeInfo.FvFormat, \r
318	0, \r
319	NULL,\r
320	(VOID**)&FvPpi\r
321	);\r
322	if (!EFI_ERROR (Status)) {\r
323	MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize);\r
324	}\r
325	\r
326	FvInstances++;\r
327	}\r
328	\r
329	return EFI_SUCCESS;\r
330	}\r
331	\r
332	/**\r
333	Measure and record the Firmware Volum Information once FvInfoPPI install.\r
334	\r
335	@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
336	@param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
337	@param[in] Ppi Address of the PPI that was installed.\r
338	\r
339	@retval EFI_SUCCESS The FV Info is measured and recorded to TPM.\r
340	@return Others Fail to measure FV.\r
341	\r
342	**/\r
343	EFI_STATUS\r
344	EFIAPI\r
345	FirmwareVolmeInfoPpiNotifyCallback (\r
346	IN EFI_PEI_SERVICES **PeiServices,\r
347	IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
348	IN VOID *Ppi\r
349	)\r
350	{\r
351	EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv;\r
352	EFI_STATUS Status;\r
353	EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
354	\r
355	Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi;\r
356	\r
357	//\r
358	// The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi.\r
359	//\r
360	Status = PeiServicesLocatePpi (\r
361	&Fv->FvFormat, \r
362	0, \r
363	NULL,\r
364	(VOID**)&FvPpi\r
365	);\r
366	if (EFI_ERROR (Status)) {\r
367	return EFI_SUCCESS;\r
368	}\r
369	\r
370	//\r
371	// This is an FV from an FFS file, and the parent FV must have already been measured,\r
372	// No need to measure twice, so just returns\r
373	//\r
374	if (Fv->ParentFvName != NULL \|\| Fv->ParentFileName != NULL ) {\r
375	return EFI_SUCCESS;\r
376	}\r
377	\r
378	return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize);\r
379	}\r
380	\r
381	/**\r
5a500332	382	Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by corresponding PCDs.\r
5a500332	383	And lock physical presence if needed.\r
0c18794e	384	\r
	385	@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
	386	@param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
	387	@param[in] Ppi Address of the PPI that was installed.\r
	388	\r
	389	@retval EFI_SUCCESS Operation completed successfully.\r
	390	@retval EFI_ABORTED physicalPresenceCMDEnable is locked.\r
	391	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
	392	\r
	393	**/\r
	394	EFI_STATUS\r
	395	EFIAPI\r
	396	PhysicalPresencePpiNotifyCallback (\r
	397	IN EFI_PEI_SERVICES **PeiServices,\r
	398	IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
	399	IN VOID *Ppi\r
	400	)\r
	401	{\r
	402	EFI_STATUS Status;\r
	403	PEI_LOCK_PHYSICAL_PRESENCE_PPI *LockPhysicalPresencePpi;\r
	404	BOOLEAN LifetimeLock;\r
	405	BOOLEAN CmdEnable;\r
	406	TIS_TPM_HANDLE TpmHandle;\r
5a500332	407	TPM_PHYSICAL_PRESENCE PhysicalPresenceValue;\r
0c18794e	408	\r
0c18794e	409	TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
0c18794e	410	\r
5a500332	411	Status = TpmCommGetCapability (PeiServices, TpmHandle, NULL, &LifetimeLock, &CmdEnable);\r
	412	if (EFI_ERROR (Status)) {\r
	413	return Status;\r
0c18794e	414	}\r
	415	\r
	416	//\r
5a500332	417	// 1. Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by PCDs.\r
0c18794e	418	//\r
5a500332	419	if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !LifetimeLock) {\r
	420	//\r
	421	// Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. \r
	422	//\r
	423	PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK;\r
	424	\r
	425	if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) {\r
	426	PhysicalPresenceValue \|= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;\r
	427	CmdEnable = TRUE;\r
	428	} else {\r
	429	PhysicalPresenceValue \|= TPM_PHYSICAL_PRESENCE_CMD_DISABLE;\r
	430	CmdEnable = FALSE;\r
	431	}\r
0c18794e	432	\r
5a500332	433	if (PcdGetBool (PcdPhysicalPresenceHwEnable)) {\r
	434	PhysicalPresenceValue \|= TPM_PHYSICAL_PRESENCE_HW_ENABLE;\r
	435	} else {\r
	436	PhysicalPresenceValue \|= TPM_PHYSICAL_PRESENCE_HW_DISABLE;\r
	437	} \r
	438	\r
	439	Status = TpmCommPhysicalPresence (\r
	440	PeiServices,\r
	441	TpmHandle,\r
	442	PhysicalPresenceValue\r
	443	);\r
	444	if (EFI_ERROR (Status)) {\r
	445	return Status;\r
	446	}\r
	447	}\r
	448	\r
	449	//\r
	450	// 2. Lock physical presence if it is required.\r
	451	//\r
	452	LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;\r
	453	if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {\r
	454	return EFI_SUCCESS;\r
0c18794e	455	}\r
	456	\r
	457	if (!CmdEnable) {\r
	458	if (LifetimeLock) {\r
	459	//\r
	460	// physicalPresenceCMDEnable is locked, can't change.\r
	461	//\r
	462	return EFI_ABORTED;\r
	463	}\r
	464	\r
	465	//\r
	466	// Enable physical presence command\r
	467	// It is necessary in order to lock physical presence\r
	468	//\r
	469	Status = TpmCommPhysicalPresence (\r
	470	PeiServices,\r
	471	TpmHandle,\r
	472	TPM_PHYSICAL_PRESENCE_CMD_ENABLE\r
	473	);\r
	474	if (EFI_ERROR (Status)) {\r
	475	return Status;\r
	476	}\r
	477	}\r
	478	\r
	479	//\r
	480	// Lock physical presence\r
	481	// \r
	482	Status = TpmCommPhysicalPresence (\r
	483	PeiServices,\r
	484	TpmHandle,\r
	485	TPM_PHYSICAL_PRESENCE_LOCK\r
	486	);\r
	487	return Status;\r
	488	}\r
	489	\r
	490	/**\r
	491	Check if TPM chip is activeated or not.\r
	492	\r
	493	@param[in] PeiServices Describes the list of possible PEI Services.\r
	494	@param[in] TpmHandle TPM handle.\r
	495	\r
	496	@retval TRUE TPM is activated.\r
	497	@retval FALSE TPM is deactivated.\r
	498	\r
	499	**/\r
	500	BOOLEAN\r
	501	EFIAPI\r
	502	IsTpmUsable (\r
	503	IN EFI_PEI_SERVICES **PeiServices,\r
	504	IN TIS_TPM_HANDLE TpmHandle\r
	505	)\r
	506	{\r
	507	EFI_STATUS Status;\r
	508	BOOLEAN Deactivated;\r
	509	\r
	510	Status = TpmCommGetCapability (PeiServices, TpmHandle, &Deactivated, NULL, NULL);\r
	511	if (EFI_ERROR (Status)) {\r
	512	return FALSE;\r
	513	}\r
	514	return (BOOLEAN)(!Deactivated); \r
	515	}\r
	516	\r
	517	/**\r
	518	Do measurement after memory is ready.\r
519	\r
520	@param[in] PeiServices Describes the list of possible PEI Services.\r
521	\r
522	@retval EFI_SUCCESS Operation completed successfully.\r
523	@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
524	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
525	\r
526	**/\r
527	EFI_STATUS\r
528	EFIAPI\r
529	PeimEntryMP (\r
530	IN EFI_PEI_SERVICES **PeiServices\r
531	)\r
532	{\r
533	EFI_STATUS Status;\r
534	TIS_TPM_HANDLE TpmHandle;\r
535	\r
536	TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
537	Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
538	if (EFI_ERROR (Status)) {\r
539	return Status;\r
540	}\r
541	\r
542	if (IsTpmUsable (PeiServices, TpmHandle)) {\r
543	Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r
544	ASSERT_EFI_ERROR (Status);\r
545	\r
546	Status = MeasureMainBios (PeiServices, TpmHandle);\r
547	} \r
548	\r
549	//\r
550	// Post callbacks:\r
551	// 1). for the FvInfoPpi services to measure and record\r
552	// the additional Fvs to TPM\r
553	// 2). for the OperatorPresencePpi service to determine whether to \r
554	// lock the TPM\r
555	//\r
556	Status = PeiServicesNotifyPpi (&mNotifyList[0]);\r
557	ASSERT_EFI_ERROR (Status);\r
558	\r
559	return Status;\r
560	}\r
561	\r
562	/**\r
563	Entry point of this module.\r
564	\r
565	@param[in] FileHandle Handle of the file being invoked.\r
566	@param[in] PeiServices Describes the list of possible PEI Services.\r
567	\r
568	@return Status.\r
569	\r
570	**/\r
571	EFI_STATUS\r
572	EFIAPI\r
573	PeimEntryMA (\r
574	IN EFI_PEI_FILE_HANDLE FileHandle,\r
575	IN CONST EFI_PEI_SERVICES **PeiServices\r
576	)\r
577	{\r
578	EFI_STATUS Status;\r
579	EFI_BOOT_MODE BootMode;\r
580	TIS_TPM_HANDLE TpmHandle;\r
581	\r
582	if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) {\r
583	return EFI_UNSUPPORTED;\r
584	}\r
585	\r
586	Status = (**PeiServices).RegisterForShadow(FileHandle);\r
587	if (Status == EFI_ALREADY_STARTED) {\r
588	mImageInMemory = TRUE;\r
589	} else if (Status == EFI_NOT_FOUND) {\r
590	ASSERT_EFI_ERROR (Status);\r
591	}\r
592	\r
593	if (!mImageInMemory) {\r
594	//\r
595	// Initialize TPM device\r
596	//\r
597	Status = PeiServicesGetBootMode (&BootMode);\r
598	ASSERT_EFI_ERROR (Status);\r
599	\r
600	TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
601	Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
602	if (EFI_ERROR (Status)) {\r
603	DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));\r
604	return Status;\r
605	}\r
606	\r
607	Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);\r
608	if (EFI_ERROR (Status) ) {\r
609	return Status;\r
610	}\r
611	Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);\r
612	if (EFI_ERROR (Status)) {\r
613	return Status;\r
614	}\r
615	Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);\r
616	ASSERT_EFI_ERROR (Status);\r
617	}\r
618	\r
619	if (mImageInMemory) {\r
620	Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);\r
621	if (EFI_ERROR (Status)) {\r
622	return Status;\r
623	}\r
624	}\r
625	\r
626	return Status;\r
627	}\r