2 Measure TCG required variable.
4 Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
5 SPDX-License-Identifier: BSD-2-Clause-Patent
10 #include <Guid/ImageAuthentication.h>
11 #include <IndustryStandard/UefiTcgPlatform.h>
13 #include <Library/UefiBootServicesTableLib.h>
14 #include <Library/UefiRuntimeServicesTableLib.h>
15 #include <Library/MemoryAllocationLib.h>
16 #include <Library/BaseMemoryLib.h>
17 #include <Library/DebugLib.h>
18 #include <Library/BaseLib.h>
19 #include <Library/TpmMeasurementLib.h>
33 #define MEASURED_AUTHORITY_COUNT_MAX 0x100
35 UINTN mMeasuredAuthorityCount
= 0;
36 UINTN mMeasuredAuthorityCountMax
= 0;
37 VARIABLE_RECORD
*mMeasuredAuthorityList
= NULL
;
39 VARIABLE_TYPE mVariableType
[] = {
40 {EFI_IMAGE_SECURITY_DATABASE
, &gEfiImageSecurityDatabaseGuid
},
44 This function will check if VarName should be recorded and return the address of VarName if it is needed.
46 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
48 @return the address of VarName.
57 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
58 if (StrCmp (VarName
, mVariableType
[Index
].VariableName
) == 0) {
59 return mVariableType
[Index
].VariableName
;
67 This function will check if VendorGuid should be recorded and return the address of VendorGuid if it is needed.
69 @param[in] VendorGuid A unique identifier for the vendor.
71 @return the address of VendorGuid.
75 IN EFI_GUID
*VendorGuid
80 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
81 if (CompareGuid (VendorGuid
, mVariableType
[Index
].VendorGuid
)) {
82 return mVariableType
[Index
].VendorGuid
;
90 This function will add variable information to MeasuredAuthorityList.
92 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
93 @param[in] VendorGuid A unique identifier for the vendor.
94 @param[in] VarData The content of the variable data.
95 @param[in] VarSize The size of the variable data.
97 @retval EFI_SUCCESS Operation completed successfully.
98 @retval EFI_OUT_OF_RESOURCES Out of memory.
103 IN EFI_GUID
*VendorGuid
,
108 VARIABLE_RECORD
*NewMeasuredAuthorityList
;
110 ASSERT (mMeasuredAuthorityCount
<= mMeasuredAuthorityCountMax
);
111 if (mMeasuredAuthorityCount
== mMeasuredAuthorityCountMax
) {
115 NewMeasuredAuthorityList
= AllocateZeroPool (sizeof(VARIABLE_RECORD
) * (mMeasuredAuthorityCountMax
+ MEASURED_AUTHORITY_COUNT_MAX
));
116 if (NewMeasuredAuthorityList
== NULL
) {
117 return EFI_OUT_OF_RESOURCES
;
119 if (mMeasuredAuthorityList
!= NULL
) {
120 CopyMem (NewMeasuredAuthorityList
, mMeasuredAuthorityList
, sizeof(VARIABLE_RECORD
) * mMeasuredAuthorityCount
);
121 FreePool (mMeasuredAuthorityList
);
123 mMeasuredAuthorityList
= NewMeasuredAuthorityList
;
124 mMeasuredAuthorityCountMax
+= MEASURED_AUTHORITY_COUNT_MAX
;
130 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].VariableName
= AssignVarName (VarName
);
131 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].VendorGuid
= AssignVendorGuid (VendorGuid
);
132 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Size
= Size
;
133 mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Data
= AllocatePool (Size
);
134 if (mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Data
== NULL
) {
135 return EFI_OUT_OF_RESOURCES
;
137 CopyMem (mMeasuredAuthorityList
[mMeasuredAuthorityCount
].Data
, Data
, Size
);
138 mMeasuredAuthorityCount
++;
144 This function will return if this variable is already measured.
146 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
147 @param[in] VendorGuid A unique identifier for the vendor.
148 @param[in] VarData The content of the variable data.
149 @param[in] VarSize The size of the variable data.
151 @retval TRUE The data is already measured.
152 @retval FALSE The data is not measured yet.
157 IN EFI_GUID
*VendorGuid
,
164 for (Index
= 0; Index
< mMeasuredAuthorityCount
; Index
++) {
165 if ((StrCmp (VarName
, mMeasuredAuthorityList
[Index
].VariableName
) == 0) &&
166 (CompareGuid (VendorGuid
, mMeasuredAuthorityList
[Index
].VendorGuid
)) &&
167 (CompareMem (Data
, mMeasuredAuthorityList
[Index
].Data
, Size
) == 0) &&
168 (Size
== mMeasuredAuthorityList
[Index
].Size
)) {
177 This function will return if this variable is SecureAuthority Variable.
179 @param[in] VariableName A Null-terminated string that is the name of the vendor's variable.
180 @param[in] VendorGuid A unique identifier for the vendor.
182 @retval TRUE This is SecureAuthority Variable
183 @retval FALSE This is not SecureAuthority Variable
186 IsSecureAuthorityVariable (
187 IN CHAR16
*VariableName
,
188 IN EFI_GUID
*VendorGuid
193 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
194 if ((StrCmp (VariableName
, mVariableType
[Index
].VariableName
) == 0) &&
195 (CompareGuid (VendorGuid
, mVariableType
[Index
].VendorGuid
))) {
203 Measure and log an EFI variable, and extend the measurement result into a specific PCR.
205 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
206 @param[in] VendorGuid A unique identifier for the vendor.
207 @param[in] VarData The content of the variable data.
208 @param[in] VarSize The size of the variable data.
210 @retval EFI_SUCCESS Operation completed successfully.
211 @retval EFI_OUT_OF_RESOURCES Out of memory.
212 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
219 IN EFI_GUID
*VendorGuid
,
226 UEFI_VARIABLE_DATA
*VarLog
;
230 // The UEFI_VARIABLE_DATA.VariableData value shall be the EFI_SIGNATURE_DATA value
231 // from the EFI_SIGNATURE_LIST that contained the authority that was used to validate the image
233 VarNameLength
= StrLen (VarName
);
234 VarLogSize
= (UINT32
)(sizeof (*VarLog
) + VarNameLength
* sizeof (*VarName
) + VarSize
235 - sizeof (VarLog
->UnicodeName
) - sizeof (VarLog
->VariableData
));
237 VarLog
= (UEFI_VARIABLE_DATA
*) AllocateZeroPool (VarLogSize
);
238 if (VarLog
== NULL
) {
239 return EFI_OUT_OF_RESOURCES
;
242 CopyMem (&VarLog
->VariableName
, VendorGuid
, sizeof(VarLog
->VariableName
));
243 VarLog
->UnicodeNameLength
= VarNameLength
;
244 VarLog
->VariableDataLength
= VarSize
;
248 VarNameLength
* sizeof (*VarName
)
251 (CHAR16
*)VarLog
->UnicodeName
+ VarNameLength
,
256 DEBUG ((EFI_D_INFO
, "DxeImageVerification: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN
)7, (UINTN
)EV_EFI_VARIABLE_AUTHORITY
));
257 DEBUG ((EFI_D_INFO
, "VariableName - %s, VendorGuid - %g)\n", VarName
, VendorGuid
));
259 Status
= TpmMeasureAndLogData (
261 EV_EFI_VARIABLE_AUTHORITY
,
273 SecureBoot Hook for processing image verification.
275 @param[in] VariableName Name of Variable to be found.
276 @param[in] VendorGuid Variable vendor GUID.
277 @param[in] DataSize Size of Data found. If size is less than the
278 data, this value contains the required size.
279 @param[in] Data Data pointer.
285 IN CHAR16
*VariableName
,
286 IN EFI_GUID
*VendorGuid
,
293 if (!IsSecureAuthorityVariable (VariableName
, VendorGuid
)) {
297 if (IsDataMeasured (VariableName
, VendorGuid
, Data
, DataSize
)) {
298 DEBUG ((EFI_D_ERROR
, "MeasureSecureAuthorityVariable - IsDataMeasured\n"));
302 Status
= MeasureVariable (
308 DEBUG ((EFI_D_INFO
, "MeasureBootPolicyVariable - %r\n", Status
));
310 if (!EFI_ERROR (Status
)) {
311 AddDataMeasured (VariableName
, VendorGuid
, Data
, DataSize
);