[mirror_edk2.git] / SecurityPkg / Tcg / TcgPei / TcgPei.c

/** @file\r
  Initialize TPM device and measure FVs before handing off control to DXE.\r
\r
Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution.  The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include <PiPei.h>\r
\r
#include <IndustryStandard/Tpm12.h>\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Ppi/FirmwareVolumeInfo.h>\r
#include <Ppi/LockPhysicalPresence.h>\r
#include <Ppi/TpmInitialized.h>\r
#include <Ppi/FirmwareVolume.h>\r
#include <Guid/TcgEventHob.h>\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/PeiServicesLib.h>\r
#include <Library/PeimEntryPoint.h>\r
#include <Library/TpmCommLib.h>\r
#include <Library/HobLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/PeiServicesTablePointerLib.h>\r
#include <Library/BaseLib.h>\r
\r
#include "TpmComm.h"\r
\r
BOOLEAN                 mImageInMemory  = FALSE;\r
\r
EFI_PEI_PPI_DESCRIPTOR  mTpmInitializedPpiList = {\r
  EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
  &gPeiTpmInitializedPpiGuid,\r
  NULL\r
};\r
\r
/**\r
  Lock physical presence if needed.\r
\r
  @param[in] PeiServices       An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
  @param[in] NotifyDescriptor  Address of the notification descriptor data structure.\r
  @param[in] Ppi               Address of the PPI that was installed.\r
\r
  @retval EFI_SUCCESS          Operation completed successfully.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PhysicalPresencePpiNotifyCallback (\r
  IN EFI_PEI_SERVICES              **PeiServices,\r
  IN EFI_PEI_NOTIFY_DESCRIPTOR     *NotifyDescriptor,\r
  IN VOID                          *Ppi\r
  );\r
\r
/**\r
  Measure and record the Firmware Volum Information once FvInfoPPI install.\r
\r
  @param[in] PeiServices       An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
  @param[in] NotifyDescriptor  Address of the notification descriptor data structure.\r
  @param[in] Ppi               Address of the PPI that was installed.\r
\r
  @retval EFI_SUCCESS          The FV Info is measured and recorded to TPM.\r
  @return Others               Fail to measure FV.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FirmwareVolmeInfoPpiNotifyCallback (\r
  IN EFI_PEI_SERVICES              **PeiServices,\r
  IN EFI_PEI_NOTIFY_DESCRIPTOR     *NotifyDescriptor,\r
  IN VOID                          *Ppi\r
  );\r
\r
EFI_PEI_NOTIFY_DESCRIPTOR           mNotifyList[] = {\r
  {\r
    EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
    &gPeiLockPhysicalPresencePpiGuid,\r
    PhysicalPresencePpiNotifyCallback\r
  },\r
  {\r
    (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
    &gEfiPeiFirmwareVolumeInfoPpiGuid,\r
    FirmwareVolmeInfoPpiNotifyCallback \r
  }\r
};\r
\r
EFI_PLATFORM_FIRMWARE_BLOB mMeasuredFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
UINT32 mMeasuredFvIndex = 0;\r
\r
/**\r
  Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,\r
  and build a GUIDed HOB recording the event which will be passed to the DXE phase and\r
  added into the Event Log.\r
\r
  @param[in]      PeiServices   Describes the list of possible PEI Services.\r
  @param[in]      HashData      Physical address of the start of the data buffer \r
                                to be hashed, extended, and logged.\r
  @param[in]      HashDataLen   The length, in bytes, of the buffer referenced by HashData.\r
  @param[in]      TpmHandle     TPM handle.\r
  @param[in]      NewEventHdr   Pointer to a TCG_PCR_EVENT_HDR data structure.  \r
  @param[in]      NewEventData  Pointer to the new event data.  \r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
HashLogExtendEvent (\r
  IN      EFI_PEI_SERVICES          **PeiServices,\r
  IN      UINT8                     *HashData,\r
  IN      UINTN                     HashDataLen,\r
  IN      TIS_TPM_HANDLE            TpmHandle,\r
  IN      TCG_PCR_EVENT_HDR         *NewEventHdr,\r
  IN      UINT8                     *NewEventData\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  VOID                              *HobData;\r
\r
  HobData = NULL;\r
  if (HashDataLen != 0) {\r
    Status = TpmCommHashAll (\r
               HashData,\r
               HashDataLen,\r
               &NewEventHdr->Digest\r
               );\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  Status = TpmCommExtend (\r
             PeiServices,\r
             TpmHandle,\r
             &NewEventHdr->Digest,\r
             NewEventHdr->PCRIndex,\r
             NULL\r
             );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  HobData = BuildGuidHob (\r
             &gTcgEventEntryHobGuid,\r
             sizeof (*NewEventHdr) + NewEventHdr->EventSize\r
             );\r
  if (HobData == NULL) {\r
    return EFI_OUT_OF_RESOURCES;\r
  }\r
\r
  CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));\r
  HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr));\r
  CopyMem (HobData, NewEventData, NewEventHdr->EventSize);\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Measure CRTM version.\r
\r
  @param[in]      PeiServices   Describes the list of possible PEI Services.\r
  @param[in]      TpmHandle     TPM handle.\r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
MeasureCRTMVersion (\r
  IN      EFI_PEI_SERVICES          **PeiServices,\r
  IN      TIS_TPM_HANDLE            TpmHandle\r
  )\r
{\r
  TCG_PCR_EVENT_HDR                 TcgEventHdr;\r
\r
  //\r
  // Use FirmwareVersion string to represent CRTM version.\r
  // OEMs should get real CRTM version string and measure it.\r
  //\r
\r
  TcgEventHdr.PCRIndex  = 0;\r
  TcgEventHdr.EventType = EV_S_CRTM_VERSION;\r
  TcgEventHdr.EventSize = StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));\r
\r
  return HashLogExtendEvent (\r
           PeiServices,\r
           (UINT8*)PcdGetPtr (PcdFirmwareVersionString),\r
           TcgEventHdr.EventSize,\r
           TpmHandle,\r
           &TcgEventHdr,\r
           (UINT8*)PcdGetPtr (PcdFirmwareVersionString)\r
           );\r
}\r
\r
/**\r
  Measure FV image. \r
  Add it into the measured FV list after the FV is measured successfully. \r
\r
  @param[in]  FvBase            Base address of FV image.\r
  @param[in]  FvLength          Length of FV image.\r
\r
  @retval EFI_SUCCESS           Fv image is measured successfully \r
                                or it has been already measured.\r
  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
MeasureFvImage (\r
  IN EFI_PHYSICAL_ADDRESS           FvBase,\r
  IN UINT64                         FvLength\r
  )\r
{\r
  UINT32                            Index;\r
  EFI_STATUS                        Status;\r
  EFI_PLATFORM_FIRMWARE_BLOB        FvBlob;\r
  TCG_PCR_EVENT_HDR                 TcgEventHdr;\r
  TIS_TPM_HANDLE                    TpmHandle;\r
\r
  TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
\r
  //\r
  // Check whether FV is in the measured FV list.\r
  //\r
  for (Index = 0; Index < mMeasuredFvIndex; Index ++) {\r
    if (mMeasuredFvInfo[Index].BlobBase == FvBase) {\r
      return EFI_SUCCESS;\r
    }\r
  }\r
  \r
  //\r
  // Measure and record the FV to the TPM\r
  //\r
  FvBlob.BlobBase   = FvBase;\r
  FvBlob.BlobLength = FvLength;\r
\r
  DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei starts at: 0x%x\n", FvBlob.BlobBase));\r
  DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei has the size: 0x%x\n", FvBlob.BlobLength));\r
\r
  TcgEventHdr.PCRIndex = 0;\r
  TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;\r
  TcgEventHdr.EventSize = sizeof (FvBlob);\r
\r
  Status = HashLogExtendEvent (\r
             (EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),\r
             (UINT8*) (UINTN) FvBlob.BlobBase,\r
             (UINTN) FvBlob.BlobLength,\r
             TpmHandle,\r
             &TcgEventHdr,\r
             (UINT8*) &FvBlob\r
             );\r
  ASSERT_EFI_ERROR (Status);\r
\r
  //\r
  // Add new FV into the measured FV list.\r
  //\r
  ASSERT (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
  if (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
    mMeasuredFvInfo[mMeasuredFvIndex].BlobBase   = FvBase;\r
    mMeasuredFvInfo[mMeasuredFvIndex++].BlobLength = FvLength;\r
  }\r
\r
  return Status;\r
}\r
\r
/**\r
  Measure main BIOS.\r
\r
  @param[in]      PeiServices   Describes the list of possible PEI Services.\r
  @param[in]      TpmHandle     TPM handle.\r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
MeasureMainBios (\r
  IN      EFI_PEI_SERVICES          **PeiServices,\r
  IN      TIS_TPM_HANDLE            TpmHandle\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  UINT32                            FvInstances;\r
  EFI_PEI_FV_HANDLE                 VolumeHandle;\r
  EFI_FV_INFO                       VolumeInfo;\r
  EFI_PEI_FIRMWARE_VOLUME_PPI       *FvPpi;\r
  \r
  FvInstances    = 0;\r
  while (TRUE) {\r
    //\r
    // Traverse all firmware volume instances of Static Core Root of Trust for Measurement\r
    // (S-CRTM), this firmware volume measure policy can be modified/enhanced by special\r
    // platform for special CRTM TPM measuring.\r
    //\r
    Status = PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle);\r
    if (EFI_ERROR (Status)) {\r
      break;\r
    }\r
  \r
    //\r
    // Measure and record the firmware volume that is dispatched by PeiCore\r
    //\r
    Status = PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo);\r
    ASSERT_EFI_ERROR (Status);\r
    //\r
    // Locate the corresponding FV_PPI according to founded FV's format guid\r
    //\r
    Status = PeiServicesLocatePpi (\r
               &VolumeInfo.FvFormat, \r
               0, \r
               NULL,\r
               (VOID**)&FvPpi\r
               );\r
    if (!EFI_ERROR (Status)) {\r
      MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize);\r
    }\r
\r
    FvInstances++;\r
  }\r
\r
  return EFI_SUCCESS;\r
}\r
\r
/**\r
  Measure and record the Firmware Volum Information once FvInfoPPI install.\r
\r
  @param[in] PeiServices       An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
  @param[in] NotifyDescriptor  Address of the notification descriptor data structure.\r
  @param[in] Ppi               Address of the PPI that was installed.\r
\r
  @retval EFI_SUCCESS          The FV Info is measured and recorded to TPM.\r
  @return Others               Fail to measure FV.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
FirmwareVolmeInfoPpiNotifyCallback (\r
  IN EFI_PEI_SERVICES               **PeiServices,\r
  IN EFI_PEI_NOTIFY_DESCRIPTOR      *NotifyDescriptor,\r
  IN VOID                           *Ppi\r
  )\r
{\r
  EFI_PEI_FIRMWARE_VOLUME_INFO_PPI  *Fv;\r
  EFI_STATUS                        Status;\r
  EFI_PEI_FIRMWARE_VOLUME_PPI       *FvPpi;\r
\r
  Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi;\r
\r
  //\r
  // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi.\r
  //\r
  Status = PeiServicesLocatePpi (\r
             &Fv->FvFormat, \r
             0, \r
             NULL,\r
             (VOID**)&FvPpi\r
             );\r
  if (EFI_ERROR (Status)) {\r
    return EFI_SUCCESS;\r
  }\r
  \r
  //\r
  // This is an FV from an FFS file, and the parent FV must have already been measured,\r
  // No need to measure twice, so just returns\r
  //\r
  if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {\r
    return EFI_SUCCESS;\r
  }\r
\r
  return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize);\r
}\r
\r
/**\r
  Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by corresponding PCDs.\r
  And lock physical presence if needed.\r
\r
  @param[in] PeiServices        An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
  @param[in] NotifyDescriptor   Address of the notification descriptor data structure.\r
  @param[in] Ppi                Address of the PPI that was installed.\r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_ABORTED           physicalPresenceCMDEnable is locked.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PhysicalPresencePpiNotifyCallback (\r
  IN EFI_PEI_SERVICES               **PeiServices,\r
  IN EFI_PEI_NOTIFY_DESCRIPTOR      *NotifyDescriptor,\r
  IN VOID                           *Ppi\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  PEI_LOCK_PHYSICAL_PRESENCE_PPI    *LockPhysicalPresencePpi;\r
  BOOLEAN                           LifetimeLock;\r
  BOOLEAN                           CmdEnable;\r
  TIS_TPM_HANDLE                    TpmHandle;\r
  TPM_PHYSICAL_PRESENCE             PhysicalPresenceValue;\r
\r
  TpmHandle        = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
\r
  Status = TpmCommGetCapability (PeiServices, TpmHandle, NULL, &LifetimeLock, &CmdEnable);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  //\r
  // 1. Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by PCDs.\r
  //\r
  if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !LifetimeLock) {\r
    //\r
    // Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. \r
    //\r
    PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK;\r
\r
    if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) {\r
      PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;\r
      CmdEnable = TRUE;\r
    } else {\r
      PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE;\r
      CmdEnable = FALSE;\r
    }\r
\r
    if (PcdGetBool (PcdPhysicalPresenceHwEnable)) {\r
      PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_ENABLE;\r
    } else {\r
      PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_DISABLE;\r
    }      \r
     \r
    Status = TpmCommPhysicalPresence (\r
               PeiServices,\r
               TpmHandle,\r
               PhysicalPresenceValue\r
               );\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  }\r
  \r
  //\r
  // 2. Lock physical presence if it is required.\r
  //\r
  LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;\r
  if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {\r
    return EFI_SUCCESS;\r
  }\r
\r
  if (!CmdEnable) {\r
    if (LifetimeLock) {\r
      //\r
      // physicalPresenceCMDEnable is locked, can't change.\r
      //\r
      return EFI_ABORTED;\r
    }\r
\r
    //\r
    // Enable physical presence command\r
    // It is necessary in order to lock physical presence\r
    //\r
    Status = TpmCommPhysicalPresence (\r
               PeiServices,\r
               TpmHandle,\r
               TPM_PHYSICAL_PRESENCE_CMD_ENABLE\r
               );\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  }\r
\r
  //\r
  // Lock physical presence\r
  // \r
  Status = TpmCommPhysicalPresence (\r
              PeiServices,\r
              TpmHandle,\r
              TPM_PHYSICAL_PRESENCE_LOCK\r
              );\r
  return Status;\r
}\r
\r
/**\r
  Check if TPM chip is activeated or not.\r
\r
  @param[in]      PeiServices   Describes the list of possible PEI Services.\r
  @param[in]      TpmHandle     TPM handle.\r
\r
  @retval TRUE    TPM is activated.\r
  @retval FALSE   TPM is deactivated.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
IsTpmUsable (\r
  IN      EFI_PEI_SERVICES          **PeiServices,\r
  IN      TIS_TPM_HANDLE            TpmHandle\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  BOOLEAN                           Deactivated;\r
\r
  Status = TpmCommGetCapability (PeiServices, TpmHandle, &Deactivated, NULL, NULL);\r
  if (EFI_ERROR (Status)) {\r
    return FALSE;\r
  }\r
  return (BOOLEAN)(!Deactivated); \r
}\r
\r
/**\r
  Do measurement after memory is ready.\r
\r
  @param[in]      PeiServices   Describes the list of possible PEI Services.\r
\r
  @retval EFI_SUCCESS           Operation completed successfully.\r
  @retval EFI_OUT_OF_RESOURCES  No enough memory to log the new event.\r
  @retval EFI_DEVICE_ERROR      The command was unsuccessful.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PeimEntryMP (\r
  IN      EFI_PEI_SERVICES          **PeiServices\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  TIS_TPM_HANDLE                    TpmHandle;\r
\r
  TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
  Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
  if (EFI_ERROR (Status)) {\r
    return Status;\r
  }\r
\r
  if (IsTpmUsable (PeiServices, TpmHandle)) {\r
    Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r
    ASSERT_EFI_ERROR (Status);\r
\r
    Status = MeasureMainBios (PeiServices, TpmHandle);\r
  }  \r
\r
  //\r
  // Post callbacks:\r
  // 1). for the FvInfoPpi services to measure and record\r
  // the additional Fvs to TPM\r
  // 2). for the OperatorPresencePpi service to determine whether to \r
  // lock the TPM\r
  //\r
  Status = PeiServicesNotifyPpi (&mNotifyList[0]);\r
  ASSERT_EFI_ERROR (Status);\r
\r
  return Status;\r
}\r
\r
/**\r
  Entry point of this module.\r
\r
  @param[in] FileHandle   Handle of the file being invoked.\r
  @param[in] PeiServices  Describes the list of possible PEI Services.\r
\r
  @return Status.\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
PeimEntryMA (\r
  IN       EFI_PEI_FILE_HANDLE      FileHandle,\r
  IN CONST EFI_PEI_SERVICES         **PeiServices\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  EFI_BOOT_MODE                     BootMode;\r
  TIS_TPM_HANDLE                    TpmHandle;\r
\r
  if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) {\r
    return EFI_UNSUPPORTED;\r
  }\r
\r
  //\r
  // Initialize TPM device\r
  //\r
  Status = PeiServicesGetBootMode (&BootMode);\r
  ASSERT_EFI_ERROR (Status);\r
\r
  //\r
  // In S3 path, skip shadow logic. no measurement is required\r
  //\r
  if (BootMode != BOOT_ON_S3_RESUME) {\r
    Status = (**PeiServices).RegisterForShadow(FileHandle);\r
    if (Status == EFI_ALREADY_STARTED) {\r
      mImageInMemory = TRUE;\r
    } else if (Status == EFI_NOT_FOUND) {\r
      ASSERT_EFI_ERROR (Status);\r
    }\r
  }\r
\r
  if (!mImageInMemory) {\r
    TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
    Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
    if (EFI_ERROR (Status)) {\r
      DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));\r
      return Status;\r
    }\r
\r
    Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);\r
    if (EFI_ERROR (Status) ) {\r
      return Status;\r
    }\r
    Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
    Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);\r
    ASSERT_EFI_ERROR (Status);\r
  }\r
\r
  if (mImageInMemory) {\r
    Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);\r
    if (EFI_ERROR (Status)) {\r
      return Status;\r
    }\r
  }\r
\r
  return Status;\r
}\r
Commit	Line	Data
0c18794e	1	/** @file\r
	2	Initialize TPM device and measure FVs before handing off control to DXE.\r
	3	\r
5a500332	4	Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
0c18794e	5	This program and the accompanying materials \r
	6	are licensed and made available under the terms and conditions of the BSD License \r
	7	which accompanies this distribution. The full text of the license may be found at \r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include <PiPei.h>\r
	16	\r
	17	#include <IndustryStandard/Tpm12.h>\r
	18	#include <IndustryStandard/UefiTcgPlatform.h>\r
	19	#include <Ppi/FirmwareVolumeInfo.h>\r
	20	#include <Ppi/LockPhysicalPresence.h>\r
	21	#include <Ppi/TpmInitialized.h>\r
	22	#include <Ppi/FirmwareVolume.h>\r
	23	#include <Guid/TcgEventHob.h>\r
	24	#include <Library/DebugLib.h>\r
	25	#include <Library/BaseMemoryLib.h>\r
	26	#include <Library/PeiServicesLib.h>\r
	27	#include <Library/PeimEntryPoint.h>\r
	28	#include <Library/TpmCommLib.h>\r
	29	#include <Library/HobLib.h>\r
	30	#include <Library/PcdLib.h>\r
	31	#include <Library/PeiServicesTablePointerLib.h>\r
333a53ee	32	#include <Library/BaseLib.h>\r
0c18794e	33	\r
	34	#include "TpmComm.h"\r
	35	\r
	36	BOOLEAN mImageInMemory = FALSE;\r
	37	\r
	38	EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = {\r
	39	EFI_PEI_PPI_DESCRIPTOR_PPI \| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
	40	&gPeiTpmInitializedPpiGuid,\r
	41	NULL\r
	42	};\r
	43	\r
	44	/**\r
	45	Lock physical presence if needed.\r
	46	\r
	47	@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
	48	@param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
	49	@param[in] Ppi Address of the PPI that was installed.\r
	50	\r
	51	@retval EFI_SUCCESS Operation completed successfully.\r
	52	\r
	53	**/\r
	54	EFI_STATUS\r
	55	EFIAPI\r
	56	PhysicalPresencePpiNotifyCallback (\r
	57	IN EFI_PEI_SERVICES **PeiServices,\r
	58	IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
	59	IN VOID *Ppi\r
	60	);\r
	61	\r
	62	/**\r
	63	Measure and record the Firmware Volum Information once FvInfoPPI install.\r
	64	\r
	65	@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
	66	@param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
	67	@param[in] Ppi Address of the PPI that was installed.\r
	68	\r
	69	@retval EFI_SUCCESS The FV Info is measured and recorded to TPM.\r
	70	@return Others Fail to measure FV.\r
	71	\r
	72	**/\r
	73	EFI_STATUS\r
	74	EFIAPI\r
	75	FirmwareVolmeInfoPpiNotifyCallback (\r
	76	IN EFI_PEI_SERVICES **PeiServices,\r
	77	IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
	78	IN VOID *Ppi\r
	79	);\r
	80	\r
	81	EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {\r
	82	{\r
	83	EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
	84	&gPeiLockPhysicalPresencePpiGuid,\r
	85	PhysicalPresencePpiNotifyCallback\r
	86	},\r
	87	{\r
	88	(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK \| EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
	89	&gEfiPeiFirmwareVolumeInfoPpiGuid,\r
	90	FirmwareVolmeInfoPpiNotifyCallback \r
	91	}\r
	92	};\r
	93	\r
0c18794e	94	EFI_PLATFORM_FIRMWARE_BLOB mMeasuredFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
	95	UINT32 mMeasuredFvIndex = 0;\r
	96	\r
	97	/**\r
	98	Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,\r
	99	and build a GUIDed HOB recording the event which will be passed to the DXE phase and\r
	100	added into the Event Log.\r
	101	\r
	102	@param[in] PeiServices Describes the list of possible PEI Services.\r
	103	@param[in] HashData Physical address of the start of the data buffer \r
	104	to be hashed, extended, and logged.\r
	105	@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.\r
	106	@param[in] TpmHandle TPM handle.\r
	107	@param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. \r
	108	@param[in] NewEventData Pointer to the new event data. \r
	109	\r
	110	@retval EFI_SUCCESS Operation completed successfully.\r
	111	@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
	112	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
	113	\r
	114	**/\r
	115	EFI_STATUS\r
	116	HashLogExtendEvent (\r
	117	IN EFI_PEI_SERVICES **PeiServices,\r
	118	IN UINT8 *HashData,\r
	119	IN UINTN HashDataLen,\r
	120	IN TIS_TPM_HANDLE TpmHandle,\r
	121	IN TCG_PCR_EVENT_HDR *NewEventHdr,\r
	122	IN UINT8 *NewEventData\r
	123	)\r
	124	{\r
	125	EFI_STATUS Status;\r
	126	VOID *HobData;\r
	127	\r
	128	HobData = NULL;\r
	129	if (HashDataLen != 0) {\r
	130	Status = TpmCommHashAll (\r
	131	HashData,\r
	132	HashDataLen,\r
	133	&NewEventHdr->Digest\r
	134	);\r
	135	ASSERT_EFI_ERROR (Status);\r
	136	}\r
	137	\r
	138	Status = TpmCommExtend (\r
	139	PeiServices,\r
	140	TpmHandle,\r
	141	&NewEventHdr->Digest,\r
	142	NewEventHdr->PCRIndex,\r
	143	NULL\r
	144	);\r
	145	ASSERT_EFI_ERROR (Status);\r
	146	\r
	147	HobData = BuildGuidHob (\r
	148	&gTcgEventEntryHobGuid,\r
	149	sizeof (*NewEventHdr) + NewEventHdr->EventSize\r
	150	);\r
	151	if (HobData == NULL) {\r
	152	return EFI_OUT_OF_RESOURCES;\r
	153	}\r
	154	\r
	155	CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));\r
	156	HobData = (VOID ) ((UINT8)HobData + sizeof (*NewEventHdr));\r
	157	CopyMem (HobData, NewEventData, NewEventHdr->EventSize);\r
158	return EFI_SUCCESS;\r
159	}\r
160	\r
161	/**\r
162	Measure CRTM version.\r
163	\r
164	@param[in] PeiServices Describes the list of possible PEI Services.\r
165	@param[in] TpmHandle TPM handle.\r
166	\r
167	@retval EFI_SUCCESS Operation completed successfully.\r
168	@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
169	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
170	\r
171	**/\r
172	EFI_STATUS\r
173	EFIAPI\r
174	MeasureCRTMVersion (\r
175	IN EFI_PEI_SERVICES **PeiServices,\r
176	IN TIS_TPM_HANDLE TpmHandle\r
177	)\r
178	{\r
179	TCG_PCR_EVENT_HDR TcgEventHdr;\r
180	\r
181	//\r
333a53ee	182	// Use FirmwareVersion string to represent CRTM version.\r
0c18794e	183	// OEMs should get real CRTM version string and measure it.\r
	184	//\r
	185	\r
	186	TcgEventHdr.PCRIndex = 0;\r
	187	TcgEventHdr.EventType = EV_S_CRTM_VERSION;\r
333a53ee	188	TcgEventHdr.EventSize = StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));\r
333a53ee	189	\r
0c18794e	190	return HashLogExtendEvent (\r
0c18794e	191	PeiServices,\r
333a53ee	192	(UINT8*)PcdGetPtr (PcdFirmwareVersionString),\r
0c18794e	193	TcgEventHdr.EventSize,\r
	194	TpmHandle,\r
	195	&TcgEventHdr,\r
333a53ee	196	(UINT8*)PcdGetPtr (PcdFirmwareVersionString)\r
0c18794e	197	);\r
	198	}\r
	199	\r
	200	/**\r
	201	Measure FV image. \r
	202	Add it into the measured FV list after the FV is measured successfully. \r
	203	\r
	204	@param[in] FvBase Base address of FV image.\r
	205	@param[in] FvLength Length of FV image.\r
	206	\r
	207	@retval EFI_SUCCESS Fv image is measured successfully \r
	208	or it has been already measured.\r
	209	@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
	210	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
	211	\r
	212	**/\r
	213	EFI_STATUS\r
	214	EFIAPI\r
	215	MeasureFvImage (\r
	216	IN EFI_PHYSICAL_ADDRESS FvBase,\r
	217	IN UINT64 FvLength\r
	218	)\r
	219	{\r
	220	UINT32 Index;\r
	221	EFI_STATUS Status;\r
	222	EFI_PLATFORM_FIRMWARE_BLOB FvBlob;\r
	223	TCG_PCR_EVENT_HDR TcgEventHdr;\r
	224	TIS_TPM_HANDLE TpmHandle;\r
	225	\r
	226	TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
	227	\r
	228	//\r
	229	// Check whether FV is in the measured FV list.\r
	230	//\r
	231	for (Index = 0; Index < mMeasuredFvIndex; Index ++) {\r
	232	if (mMeasuredFvInfo[Index].BlobBase == FvBase) {\r
	233	return EFI_SUCCESS;\r
	234	}\r
	235	}\r
	236	\r
	237	//\r
	238	// Measure and record the FV to the TPM\r
	239	//\r
	240	FvBlob.BlobBase = FvBase;\r
	241	FvBlob.BlobLength = FvLength;\r
	242	\r
	243	DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei starts at: 0x%x\n", FvBlob.BlobBase));\r
	244	DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei has the size: 0x%x\n", FvBlob.BlobLength));\r
	245	\r
	246	TcgEventHdr.PCRIndex = 0;\r
	247	TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;\r
	248	TcgEventHdr.EventSize = sizeof (FvBlob);\r
	249	\r
	250	Status = HashLogExtendEvent (\r
	251	(EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),\r
	252	(UINT8*) (UINTN) FvBlob.BlobBase,\r
	253	(UINTN) FvBlob.BlobLength,\r
	254	TpmHandle,\r
	255	&TcgEventHdr,\r
	256	(UINT8*) &FvBlob\r
	257	);\r
	258	ASSERT_EFI_ERROR (Status);\r
	259	\r
	260	//\r
261	// Add new FV into the measured FV list.\r
262	//\r
263	ASSERT (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
264	if (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
265	mMeasuredFvInfo[mMeasuredFvIndex].BlobBase = FvBase;\r
266	mMeasuredFvInfo[mMeasuredFvIndex++].BlobLength = FvLength;\r
267	}\r
268	\r
269	return Status;\r
270	}\r
271	\r
272	/**\r
273	Measure main BIOS.\r
274	\r
275	@param[in] PeiServices Describes the list of possible PEI Services.\r
276	@param[in] TpmHandle TPM handle.\r
277	\r
278	@retval EFI_SUCCESS Operation completed successfully.\r
279	@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
280	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
281	\r
282	**/\r
283	EFI_STATUS\r
284	EFIAPI\r
285	MeasureMainBios (\r
286	IN EFI_PEI_SERVICES **PeiServices,\r
287	IN TIS_TPM_HANDLE TpmHandle\r
288	)\r
289	{\r
290	EFI_STATUS Status;\r
291	UINT32 FvInstances;\r
292	EFI_PEI_FV_HANDLE VolumeHandle;\r
293	EFI_FV_INFO VolumeInfo;\r
294	EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
295	\r
296	FvInstances = 0;\r
297	while (TRUE) {\r
298	//\r
299	// Traverse all firmware volume instances of Static Core Root of Trust for Measurement\r
300	// (S-CRTM), this firmware volume measure policy can be modified/enhanced by special\r
301	// platform for special CRTM TPM measuring.\r
302	//\r
303	Status = PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle);\r
304	if (EFI_ERROR (Status)) {\r
305	break;\r
306	}\r
307	\r
308	//\r
309	// Measure and record the firmware volume that is dispatched by PeiCore\r
310	//\r
311	Status = PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo);\r
312	ASSERT_EFI_ERROR (Status);\r
313	//\r
314	// Locate the corresponding FV_PPI according to founded FV's format guid\r
315	//\r
316	Status = PeiServicesLocatePpi (\r
317	&VolumeInfo.FvFormat, \r
318	0, \r
319	NULL,\r
320	(VOID**)&FvPpi\r
321	);\r
322	if (!EFI_ERROR (Status)) {\r
323	MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize);\r
324	}\r
325	\r
326	FvInstances++;\r
327	}\r
328	\r
329	return EFI_SUCCESS;\r
330	}\r
331	\r
332	/**\r
333	Measure and record the Firmware Volum Information once FvInfoPPI install.\r
334	\r
335	@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
336	@param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
337	@param[in] Ppi Address of the PPI that was installed.\r
338	\r
339	@retval EFI_SUCCESS The FV Info is measured and recorded to TPM.\r
340	@return Others Fail to measure FV.\r
341	\r
342	**/\r
343	EFI_STATUS\r
344	EFIAPI\r
345	FirmwareVolmeInfoPpiNotifyCallback (\r
346	IN EFI_PEI_SERVICES **PeiServices,\r
347	IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
348	IN VOID *Ppi\r
349	)\r
350	{\r
351	EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv;\r
352	EFI_STATUS Status;\r
353	EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
354	\r
355	Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi;\r
356	\r
357	//\r
358	// The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi.\r
359	//\r
360	Status = PeiServicesLocatePpi (\r
361	&Fv->FvFormat, \r
362	0, \r
363	NULL,\r
364	(VOID**)&FvPpi\r
365	);\r
366	if (EFI_ERROR (Status)) {\r
367	return EFI_SUCCESS;\r
368	}\r
369	\r
370	//\r
371	// This is an FV from an FFS file, and the parent FV must have already been measured,\r
372	// No need to measure twice, so just returns\r
373	//\r
374	if (Fv->ParentFvName != NULL \|\| Fv->ParentFileName != NULL ) {\r
375	return EFI_SUCCESS;\r
376	}\r
377	\r
378	return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize);\r
379	}\r
380	\r
381	/**\r
5a500332	382	Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by corresponding PCDs.\r
5a500332	383	And lock physical presence if needed.\r
0c18794e	384	\r
	385	@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
	386	@param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
	387	@param[in] Ppi Address of the PPI that was installed.\r
	388	\r
	389	@retval EFI_SUCCESS Operation completed successfully.\r
	390	@retval EFI_ABORTED physicalPresenceCMDEnable is locked.\r
	391	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
	392	\r
	393	**/\r
	394	EFI_STATUS\r
	395	EFIAPI\r
	396	PhysicalPresencePpiNotifyCallback (\r
	397	IN EFI_PEI_SERVICES **PeiServices,\r
	398	IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
	399	IN VOID *Ppi\r
	400	)\r
	401	{\r
	402	EFI_STATUS Status;\r
	403	PEI_LOCK_PHYSICAL_PRESENCE_PPI *LockPhysicalPresencePpi;\r
	404	BOOLEAN LifetimeLock;\r
	405	BOOLEAN CmdEnable;\r
	406	TIS_TPM_HANDLE TpmHandle;\r
5a500332	407	TPM_PHYSICAL_PRESENCE PhysicalPresenceValue;\r
0c18794e	408	\r
0c18794e	409	TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
0c18794e	410	\r
5a500332	411	Status = TpmCommGetCapability (PeiServices, TpmHandle, NULL, &LifetimeLock, &CmdEnable);\r
	412	if (EFI_ERROR (Status)) {\r
	413	return Status;\r
0c18794e	414	}\r
	415	\r
	416	//\r
5a500332	417	// 1. Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by PCDs.\r
0c18794e	418	//\r
5a500332	419	if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !LifetimeLock) {\r
	420	//\r
	421	// Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. \r
	422	//\r
	423	PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK;\r
	424	\r
	425	if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) {\r
	426	PhysicalPresenceValue \|= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;\r
	427	CmdEnable = TRUE;\r
	428	} else {\r
	429	PhysicalPresenceValue \|= TPM_PHYSICAL_PRESENCE_CMD_DISABLE;\r
	430	CmdEnable = FALSE;\r
	431	}\r
0c18794e	432	\r
5a500332	433	if (PcdGetBool (PcdPhysicalPresenceHwEnable)) {\r
	434	PhysicalPresenceValue \|= TPM_PHYSICAL_PRESENCE_HW_ENABLE;\r
	435	} else {\r
	436	PhysicalPresenceValue \|= TPM_PHYSICAL_PRESENCE_HW_DISABLE;\r
	437	} \r
	438	\r
	439	Status = TpmCommPhysicalPresence (\r
	440	PeiServices,\r
	441	TpmHandle,\r
	442	PhysicalPresenceValue\r
	443	);\r
	444	if (EFI_ERROR (Status)) {\r
	445	return Status;\r
	446	}\r
	447	}\r
	448	\r
	449	//\r
	450	// 2. Lock physical presence if it is required.\r
	451	//\r
	452	LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;\r
	453	if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {\r
	454	return EFI_SUCCESS;\r
0c18794e	455	}\r
	456	\r
	457	if (!CmdEnable) {\r
	458	if (LifetimeLock) {\r
	459	//\r
	460	// physicalPresenceCMDEnable is locked, can't change.\r
	461	//\r
	462	return EFI_ABORTED;\r
	463	}\r
	464	\r
	465	//\r
	466	// Enable physical presence command\r
	467	// It is necessary in order to lock physical presence\r
	468	//\r
	469	Status = TpmCommPhysicalPresence (\r
	470	PeiServices,\r
	471	TpmHandle,\r
	472	TPM_PHYSICAL_PRESENCE_CMD_ENABLE\r
	473	);\r
	474	if (EFI_ERROR (Status)) {\r
	475	return Status;\r
	476	}\r
	477	}\r
	478	\r
	479	//\r
	480	// Lock physical presence\r
	481	// \r
	482	Status = TpmCommPhysicalPresence (\r
	483	PeiServices,\r
	484	TpmHandle,\r
	485	TPM_PHYSICAL_PRESENCE_LOCK\r
	486	);\r
	487	return Status;\r
	488	}\r
	489	\r
	490	/**\r
	491	Check if TPM chip is activeated or not.\r
	492	\r
	493	@param[in] PeiServices Describes the list of possible PEI Services.\r
	494	@param[in] TpmHandle TPM handle.\r
	495	\r
	496	@retval TRUE TPM is activated.\r
	497	@retval FALSE TPM is deactivated.\r
	498	\r
	499	**/\r
	500	BOOLEAN\r
	501	EFIAPI\r
	502	IsTpmUsable (\r
	503	IN EFI_PEI_SERVICES **PeiServices,\r
	504	IN TIS_TPM_HANDLE TpmHandle\r
	505	)\r
	506	{\r
	507	EFI_STATUS Status;\r
	508	BOOLEAN Deactivated;\r
	509	\r
	510	Status = TpmCommGetCapability (PeiServices, TpmHandle, &Deactivated, NULL, NULL);\r
	511	if (EFI_ERROR (Status)) {\r
	512	return FALSE;\r
	513	}\r
	514	return (BOOLEAN)(!Deactivated); \r
	515	}\r
	516	\r
	517	/**\r
	518	Do measurement after memory is ready.\r
519	\r
520	@param[in] PeiServices Describes the list of possible PEI Services.\r
521	\r
522	@retval EFI_SUCCESS Operation completed successfully.\r
523	@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
524	@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
525	\r
526	**/\r
527	EFI_STATUS\r
528	EFIAPI\r
529	PeimEntryMP (\r
530	IN EFI_PEI_SERVICES **PeiServices\r
531	)\r
532	{\r
533	EFI_STATUS Status;\r
534	TIS_TPM_HANDLE TpmHandle;\r
535	\r
536	TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
537	Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
538	if (EFI_ERROR (Status)) {\r
539	return Status;\r
540	}\r
541	\r
542	if (IsTpmUsable (PeiServices, TpmHandle)) {\r
543	Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r
544	ASSERT_EFI_ERROR (Status);\r
545	\r
546	Status = MeasureMainBios (PeiServices, TpmHandle);\r
547	} \r
548	\r
549	//\r
550	// Post callbacks:\r
551	// 1). for the FvInfoPpi services to measure and record\r
552	// the additional Fvs to TPM\r
553	// 2). for the OperatorPresencePpi service to determine whether to \r
554	// lock the TPM\r
555	//\r
556	Status = PeiServicesNotifyPpi (&mNotifyList[0]);\r
557	ASSERT_EFI_ERROR (Status);\r
558	\r
559	return Status;\r
560	}\r
561	\r
562	/**\r
563	Entry point of this module.\r
564	\r
565	@param[in] FileHandle Handle of the file being invoked.\r
566	@param[in] PeiServices Describes the list of possible PEI Services.\r
567	\r
568	@return Status.\r
569	\r
570	**/\r
571	EFI_STATUS\r
572	EFIAPI\r
573	PeimEntryMA (\r
574	IN EFI_PEI_FILE_HANDLE FileHandle,\r
575	IN CONST EFI_PEI_SERVICES **PeiServices\r
576	)\r
577	{\r
578	EFI_STATUS Status;\r
579	EFI_BOOT_MODE BootMode;\r
580	TIS_TPM_HANDLE TpmHandle;\r
581	\r
582	if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) {\r
583	return EFI_UNSUPPORTED;\r
584	}\r
585	\r
055c829c	586	//\r
	587	// Initialize TPM device\r
	588	//\r
	589	Status = PeiServicesGetBootMode (&BootMode);\r
	590	ASSERT_EFI_ERROR (Status);\r
	591	\r
	592	//\r
	593	// In S3 path, skip shadow logic. no measurement is required\r
	594	//\r
	595	if (BootMode != BOOT_ON_S3_RESUME) {\r
	596	Status = (**PeiServices).RegisterForShadow(FileHandle);\r
	597	if (Status == EFI_ALREADY_STARTED) {\r
	598	mImageInMemory = TRUE;\r
	599	} else if (Status == EFI_NOT_FOUND) {\r
	600	ASSERT_EFI_ERROR (Status);\r
	601	}\r
0c18794e	602	}\r
	603	\r
	604	if (!mImageInMemory) {\r
0c18794e	605	TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
	606	Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
	607	if (EFI_ERROR (Status)) {\r
	608	DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));\r
	609	return Status;\r
	610	}\r
	611	\r
	612	Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);\r
	613	if (EFI_ERROR (Status) ) {\r
	614	return Status;\r
	615	}\r
	616	Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);\r
	617	if (EFI_ERROR (Status)) {\r
	618	return Status;\r
	619	}\r
	620	Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);\r
	621	ASSERT_EFI_ERROR (Status);\r
	622	}\r
	623	\r
	624	if (mImageInMemory) {\r
	625	Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);\r
	626	if (EFI_ERROR (Status)) {\r
	627	return Status;\r
	628	}\r
	629	}\r
	630	\r
	631	return Status;\r
	632	}\r