2 This module implements Tcg2 Protocol.
4 Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include <IndustryStandard/Acpi.h>
17 #include <IndustryStandard/PeImage.h>
18 #include <IndustryStandard/TcpaAcpi.h>
20 #include <Guid/GlobalVariable.h>
21 #include <Guid/HobList.h>
22 #include <Guid/TcgEventHob.h>
23 #include <Guid/EventGroup.h>
24 #include <Guid/EventExitBootServiceFailed.h>
25 #include <Guid/ImageAuthentication.h>
26 #include <Guid/TpmInstance.h>
28 #include <Protocol/DevicePath.h>
29 #include <Protocol/MpService.h>
30 #include <Protocol/VariableWrite.h>
31 #include <Protocol/Tcg2Protocol.h>
32 #include <Protocol/TrEEProtocol.h>
34 #include <Library/DebugLib.h>
35 #include <Library/BaseMemoryLib.h>
36 #include <Library/UefiRuntimeServicesTableLib.h>
37 #include <Library/UefiDriverEntryPoint.h>
38 #include <Library/HobLib.h>
39 #include <Library/UefiBootServicesTableLib.h>
40 #include <Library/BaseLib.h>
41 #include <Library/MemoryAllocationLib.h>
42 #include <Library/PrintLib.h>
43 #include <Library/Tpm2CommandLib.h>
44 #include <Library/PcdLib.h>
45 #include <Library/UefiLib.h>
46 #include <Library/Tpm2DeviceLib.h>
47 #include <Library/HashLib.h>
48 #include <Library/PerformanceLib.h>
49 #include <Library/ReportStatusCodeLib.h>
50 #include <Library/Tcg2PhysicalPresenceLib.h>
52 #define PERF_ID_TCG2_DXE 0x3120
59 #define EFI_TCG_LOG_AREA_SIZE 0x10000
60 #define EFI_TCG_FINAL_LOG_AREA_SIZE 0x1000
62 #define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000
63 #define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000
67 EFI_TCG2_EVENT_LOG_FORMAT LogFormat
;
68 } TCG2_EVENT_INFO_STRUCT
;
70 TCG2_EVENT_INFO_STRUCT mTcg2EventInfo
[] = {
71 {&gTcgEventEntryHobGuid
, EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
},
72 {&gTcgEvent2EntryHobGuid
, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
},
75 #define TCG_EVENT_LOG_AREA_COUNT_MAX 2
78 EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat
;
79 EFI_PHYSICAL_ADDRESS Lasa
;
83 BOOLEAN EventLogStarted
;
84 BOOLEAN EventLogTruncated
;
85 } TCG_EVENT_LOG_AREA_STRUCT
;
87 typedef struct _TCG_DXE_DATA
{
88 EFI_TCG2_BOOT_SERVICE_CAPABILITY BsCap
;
89 TCG_EVENT_LOG_AREA_STRUCT EventLogAreaStruct
[TCG_EVENT_LOG_AREA_COUNT_MAX
];
90 BOOLEAN GetEventLogCalled
[TCG_EVENT_LOG_AREA_COUNT_MAX
];
91 TCG_EVENT_LOG_AREA_STRUCT FinalEventLogAreaStruct
[TCG_EVENT_LOG_AREA_COUNT_MAX
];
92 EFI_TCG2_FINAL_EVENTS_TABLE
*FinalEventsTable
[TCG_EVENT_LOG_AREA_COUNT_MAX
];
95 TCG_DXE_DATA mTcgDxeData
= {
97 sizeof (EFI_TCG2_BOOT_SERVICE_CAPABILITY
), // Size
98 { 1, 1 }, // StructureVersion
99 { 1, 1 }, // ProtocolVersion
100 EFI_TCG2_BOOT_HASH_ALG_SHA1
, // HashAlgorithmBitmap
101 EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
, // SupportedEventLogs
102 TRUE
, // TPMPresentFlag
103 TCG2_DEFAULT_MAX_COMMAND_SIZE
, // MaxCommandSize
104 TCG2_DEFAULT_MAX_RESPONSE_SIZE
, // MaxResponseSize
106 0, // NumberOfPCRBanks
111 UINTN mBootAttempts
= 0;
112 CHAR16 mBootVarName
[] = L
"BootOrder";
114 VARIABLE_TYPE mVariableType
[] = {
115 {EFI_SECURE_BOOT_MODE_NAME
, &gEfiGlobalVariableGuid
},
116 {EFI_PLATFORM_KEY_NAME
, &gEfiGlobalVariableGuid
},
117 {EFI_KEY_EXCHANGE_KEY_NAME
, &gEfiGlobalVariableGuid
},
118 {EFI_IMAGE_SECURITY_DATABASE
, &gEfiImageSecurityDatabaseGuid
},
119 {EFI_IMAGE_SECURITY_DATABASE1
, &gEfiImageSecurityDatabaseGuid
},
122 EFI_HANDLE mImageHandle
;
125 Measure PE image into TPM log based on the authenticode image hashing in
126 PE/COFF Specification 8.0 Appendix A.
128 Caution: This function may receive untrusted input.
129 PE/COFF image is external input, so this function will validate its data structure
130 within this image buffer before use.
132 @param[in] PCRIndex TPM PCR index
133 @param[in] ImageAddress Start address of image buffer.
134 @param[in] ImageSize Image size
135 @param[out] DigestList Digeest list of this image.
137 @retval EFI_SUCCESS Successfully measure image.
138 @retval EFI_OUT_OF_RESOURCES No enough resource to measure image.
139 @retval other error value
142 MeasurePeImageAndExtend (
144 IN EFI_PHYSICAL_ADDRESS ImageAddress
,
146 OUT TPML_DIGEST_VALUES
*DigestList
151 This function dump raw data.
154 @param Size raw data size
164 for (Index
= 0; Index
< Size
; Index
++) {
165 DEBUG ((EFI_D_INFO
, "%02x", (UINTN
)Data
[Index
]));
171 This function dump raw data with colume format.
174 @param Size raw data size
187 #define COLUME_SIZE (16 * 2)
189 Count
= Size
/ COLUME_SIZE
;
190 Left
= Size
% COLUME_SIZE
;
191 for (Index
= 0; Index
< Count
; Index
++) {
192 DEBUG ((EFI_D_INFO
, "%04x: ", Index
* COLUME_SIZE
));
193 InternalDumpData (Data
+ Index
* COLUME_SIZE
, COLUME_SIZE
);
194 DEBUG ((EFI_D_INFO
, "\n"));
198 DEBUG ((EFI_D_INFO
, "%04x: ", Index
* COLUME_SIZE
));
199 InternalDumpData (Data
+ Index
* COLUME_SIZE
, Left
);
200 DEBUG ((EFI_D_INFO
, "\n"));
205 Check if buffer is all zero.
207 @param[in] Buffer Buffer to be checked.
208 @param[in] BufferSize Size of buffer to be checked.
210 @retval TRUE Buffer is all zero.
211 @retval FALSE Buffer is not all zero.
223 for (Index
= 0; Index
< BufferSize
; Index
++) {
224 if (BufferData
[Index
] != 0) {
232 Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function
233 Caller is responsible to free LocationBuf.
235 @param[out] LocationBuf Returns Processor Location Buffer.
236 @param[out] Num Returns processor number.
238 @retval EFI_SUCCESS Operation completed successfully.
239 @retval EFI_UNSUPPORTED MpService protocol not found.
243 GetProcessorsCpuLocation (
244 OUT EFI_CPU_PHYSICAL_LOCATION
**LocationBuf
,
249 EFI_MP_SERVICES_PROTOCOL
*MpProtocol
;
251 UINTN EnabledProcessorNum
;
252 EFI_PROCESSOR_INFORMATION ProcessorInfo
;
253 EFI_CPU_PHYSICAL_LOCATION
*ProcessorLocBuf
;
256 Status
= gBS
->LocateProtocol (&gEfiMpServiceProtocolGuid
, NULL
, (VOID
**) &MpProtocol
);
257 if (EFI_ERROR (Status
)) {
259 // MP protocol is not installed
261 return EFI_UNSUPPORTED
;
264 Status
= MpProtocol
->GetNumberOfProcessors(
269 if (EFI_ERROR(Status
)){
273 Status
= gBS
->AllocatePool(
275 sizeof(EFI_CPU_PHYSICAL_LOCATION
) * ProcessorNum
,
276 (VOID
**) &ProcessorLocBuf
278 if (EFI_ERROR(Status
)){
283 // Get each processor Location info
285 for (Index
= 0; Index
< ProcessorNum
; Index
++) {
286 Status
= MpProtocol
->GetProcessorInfo(
291 if (EFI_ERROR(Status
)){
292 FreePool(ProcessorLocBuf
);
297 // Get all Processor Location info & measure
300 &ProcessorLocBuf
[Index
],
301 &ProcessorInfo
.Location
,
302 sizeof(EFI_CPU_PHYSICAL_LOCATION
)
306 *LocationBuf
= ProcessorLocBuf
;
313 The EFI_TCG2_PROTOCOL GetCapability function call provides protocol
314 capability information and state information.
316 @param[in] This Indicates the calling context
317 @param[in, out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY
318 structure and sets the size field to the size of the structure allocated.
319 The callee fills in the fields with the EFI protocol capability information
320 and the current EFI TCG2 state information up to the number of fields which
321 fit within the size of the structure passed in.
323 @retval EFI_SUCCESS Operation completed successfully.
324 @retval EFI_DEVICE_ERROR The command was unsuccessful.
325 The ProtocolCapability variable will not be populated.
326 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
327 The ProtocolCapability variable will not be populated.
328 @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response.
329 It will be partially populated (required Size field will be set).
334 IN EFI_TCG2_PROTOCOL
*This
,
335 IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY
*ProtocolCapability
338 DEBUG ((EFI_D_INFO
, "Tcg2GetCapability ...\n"));
340 if ((This
== NULL
) || (ProtocolCapability
== NULL
)) {
341 return EFI_INVALID_PARAMETER
;
344 DEBUG ((EFI_D_INFO
, "Size - 0x%x\n", ProtocolCapability
->Size
));
345 DEBUG ((EFI_D_INFO
, " 1.1 - 0x%x, 1.0 - 0x%x\n", sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY
), sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0
)));
347 if (ProtocolCapability
->Size
< mTcgDxeData
.BsCap
.Size
) {
349 // Handle the case that firmware support 1.1 but OS only support 1.0.
351 if ((mTcgDxeData
.BsCap
.ProtocolVersion
.Major
> 0x01) ||
352 ((mTcgDxeData
.BsCap
.ProtocolVersion
.Major
== 0x01) && ((mTcgDxeData
.BsCap
.ProtocolVersion
.Minor
> 0x00)))) {
353 if (ProtocolCapability
->Size
>= sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0
)) {
354 CopyMem (ProtocolCapability
, &mTcgDxeData
.BsCap
, sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0
));
355 ProtocolCapability
->Size
= sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0
);
356 ProtocolCapability
->StructureVersion
.Major
= 1;
357 ProtocolCapability
->StructureVersion
.Minor
= 0;
358 ProtocolCapability
->ProtocolVersion
.Major
= 1;
359 ProtocolCapability
->ProtocolVersion
.Minor
= 0;
360 DEBUG ((EFI_D_ERROR
, "TreeGetCapability (Compatible) - %r\n", EFI_SUCCESS
));
364 ProtocolCapability
->Size
= mTcgDxeData
.BsCap
.Size
;
365 return EFI_BUFFER_TOO_SMALL
;
368 CopyMem (ProtocolCapability
, &mTcgDxeData
.BsCap
, mTcgDxeData
.BsCap
.Size
);
369 DEBUG ((EFI_D_INFO
, "Tcg2GetCapability - %r\n", EFI_SUCCESS
));
374 This function dump PCR event.
376 @param[in] EventHdr TCG PCR event structure.
380 IN TCG_PCR_EVENT_HDR
*EventHdr
385 DEBUG ((EFI_D_INFO
, " Event:\n"));
386 DEBUG ((EFI_D_INFO
, " PCRIndex - %d\n", EventHdr
->PCRIndex
));
387 DEBUG ((EFI_D_INFO
, " EventType - 0x%08x\n", EventHdr
->EventType
));
388 DEBUG ((EFI_D_INFO
, " Digest - "));
389 for (Index
= 0; Index
< sizeof(TCG_DIGEST
); Index
++) {
390 DEBUG ((EFI_D_INFO
, "%02x ", EventHdr
->Digest
.digest
[Index
]));
392 DEBUG ((EFI_D_INFO
, "\n"));
393 DEBUG ((EFI_D_INFO
, " EventSize - 0x%08x\n", EventHdr
->EventSize
));
394 InternalDumpHex ((UINT8
*)(EventHdr
+ 1), EventHdr
->EventSize
);
398 This function dump TCG_EfiSpecIDEventStruct.
400 @param[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct.
403 DumpTcgEfiSpecIdEventStruct (
404 IN TCG_EfiSpecIDEventStruct
*TcgEfiSpecIdEventStruct
407 TCG_EfiSpecIdEventAlgorithmSize
*DigestSize
;
409 UINT8
*VendorInfoSize
;
411 UINT32 NumberOfAlgorithms
;
413 DEBUG ((EFI_D_INFO
, " TCG_EfiSpecIDEventStruct:\n"));
414 DEBUG ((EFI_D_INFO
, " signature - '"));
415 for (Index
= 0; Index
< sizeof(TcgEfiSpecIdEventStruct
->signature
); Index
++) {
416 DEBUG ((EFI_D_INFO
, "%c", TcgEfiSpecIdEventStruct
->signature
[Index
]));
418 DEBUG ((EFI_D_INFO
, "'\n"));
419 DEBUG ((EFI_D_INFO
, " platformClass - 0x%08x\n", TcgEfiSpecIdEventStruct
->platformClass
));
420 DEBUG ((EFI_D_INFO
, " specVersion - %d.%d%d\n", TcgEfiSpecIdEventStruct
->specVersionMajor
, TcgEfiSpecIdEventStruct
->specVersionMinor
, TcgEfiSpecIdEventStruct
->specErrata
));
421 DEBUG ((EFI_D_INFO
, " uintnSize - 0x%02x\n", TcgEfiSpecIdEventStruct
->uintnSize
));
423 CopyMem (&NumberOfAlgorithms
, TcgEfiSpecIdEventStruct
+ 1, sizeof(NumberOfAlgorithms
));
424 DEBUG ((EFI_D_INFO
, " NumberOfAlgorithms - 0x%08x\n", NumberOfAlgorithms
));
426 DigestSize
= (TCG_EfiSpecIdEventAlgorithmSize
*)((UINT8
*)TcgEfiSpecIdEventStruct
+ sizeof(*TcgEfiSpecIdEventStruct
) + sizeof(NumberOfAlgorithms
));
427 for (Index
= 0; Index
< NumberOfAlgorithms
; Index
++) {
428 DEBUG ((EFI_D_INFO
, " digest(%d)\n", Index
));
429 DEBUG ((EFI_D_INFO
, " algorithmId - 0x%04x\n", DigestSize
[Index
].algorithmId
));
430 DEBUG ((EFI_D_INFO
, " digestSize - 0x%04x\n", DigestSize
[Index
].digestSize
));
432 VendorInfoSize
= (UINT8
*)&DigestSize
[NumberOfAlgorithms
];
433 DEBUG ((EFI_D_INFO
, " VendorInfoSize - 0x%02x\n", *VendorInfoSize
));
434 VendorInfo
= VendorInfoSize
+ 1;
435 DEBUG ((EFI_D_INFO
, " VendorInfo - "));
436 for (Index
= 0; Index
< *VendorInfoSize
; Index
++) {
437 DEBUG ((EFI_D_INFO
, "%02x ", VendorInfo
[Index
]));
439 DEBUG ((EFI_D_INFO
, "\n"));
443 This function get size of TCG_EfiSpecIDEventStruct.
445 @param[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct.
448 GetTcgEfiSpecIdEventStructSize (
449 IN TCG_EfiSpecIDEventStruct
*TcgEfiSpecIdEventStruct
452 TCG_EfiSpecIdEventAlgorithmSize
*DigestSize
;
453 UINT8
*VendorInfoSize
;
454 UINT32 NumberOfAlgorithms
;
456 CopyMem (&NumberOfAlgorithms
, TcgEfiSpecIdEventStruct
+ 1, sizeof(NumberOfAlgorithms
));
458 DigestSize
= (TCG_EfiSpecIdEventAlgorithmSize
*)((UINT8
*)TcgEfiSpecIdEventStruct
+ sizeof(*TcgEfiSpecIdEventStruct
) + sizeof(NumberOfAlgorithms
));
459 VendorInfoSize
= (UINT8
*)&DigestSize
[NumberOfAlgorithms
];
460 return sizeof(TCG_EfiSpecIDEventStruct
) + sizeof(UINT32
) + (NumberOfAlgorithms
* sizeof(TCG_EfiSpecIdEventAlgorithmSize
)) + sizeof(UINT8
) + (*VendorInfoSize
);
464 This function dump PCR event 2.
466 @param[in] TcgPcrEvent2 TCG PCR event 2 structure.
470 IN TCG_PCR_EVENT2
*TcgPcrEvent2
476 TPMI_ALG_HASH HashAlgo
;
482 DEBUG ((EFI_D_INFO
, " Event:\n"));
483 DEBUG ((EFI_D_INFO
, " PCRIndex - %d\n", TcgPcrEvent2
->PCRIndex
));
484 DEBUG ((EFI_D_INFO
, " EventType - 0x%08x\n", TcgPcrEvent2
->EventType
));
486 DEBUG ((EFI_D_INFO
, " DigestCount: 0x%08x\n", TcgPcrEvent2
->Digest
.count
));
488 DigestCount
= TcgPcrEvent2
->Digest
.count
;
489 HashAlgo
= TcgPcrEvent2
->Digest
.digests
[0].hashAlg
;
490 DigestBuffer
= (UINT8
*)&TcgPcrEvent2
->Digest
.digests
[0].digest
;
491 for (DigestIndex
= 0; DigestIndex
< DigestCount
; DigestIndex
++) {
492 DEBUG ((EFI_D_INFO
, " HashAlgo : 0x%04x\n", HashAlgo
));
493 DEBUG ((EFI_D_INFO
, " Digest(%d): ", DigestIndex
));
494 DigestSize
= GetHashSizeFromAlgo (HashAlgo
);
495 for (Index
= 0; Index
< DigestSize
; Index
++) {
496 DEBUG ((EFI_D_INFO
, "%02x ", DigestBuffer
[Index
]));
498 DEBUG ((EFI_D_INFO
, "\n"));
502 CopyMem (&HashAlgo
, DigestBuffer
+ DigestSize
, sizeof(TPMI_ALG_HASH
));
503 DigestBuffer
= DigestBuffer
+ DigestSize
+ sizeof(TPMI_ALG_HASH
);
505 DEBUG ((EFI_D_INFO
, "\n"));
506 DigestBuffer
= DigestBuffer
- sizeof(TPMI_ALG_HASH
);
508 CopyMem (&EventSize
, DigestBuffer
, sizeof(TcgPcrEvent2
->EventSize
));
509 DEBUG ((EFI_D_INFO
, " EventSize - 0x%08x\n", EventSize
));
510 EventBuffer
= DigestBuffer
+ sizeof(TcgPcrEvent2
->EventSize
);
511 InternalDumpHex (EventBuffer
, EventSize
);
515 This function returns size of TCG PCR event 2.
517 @param[in] TcgPcrEvent2 TCG PCR event 2 structure.
519 @return size of TCG PCR event 2.
523 IN TCG_PCR_EVENT2
*TcgPcrEvent2
528 TPMI_ALG_HASH HashAlgo
;
534 DigestCount
= TcgPcrEvent2
->Digest
.count
;
535 HashAlgo
= TcgPcrEvent2
->Digest
.digests
[0].hashAlg
;
536 DigestBuffer
= (UINT8
*)&TcgPcrEvent2
->Digest
.digests
[0].digest
;
537 for (DigestIndex
= 0; DigestIndex
< DigestCount
; DigestIndex
++) {
538 DigestSize
= GetHashSizeFromAlgo (HashAlgo
);
542 CopyMem (&HashAlgo
, DigestBuffer
+ DigestSize
, sizeof(TPMI_ALG_HASH
));
543 DigestBuffer
= DigestBuffer
+ DigestSize
+ sizeof(TPMI_ALG_HASH
);
545 DigestBuffer
= DigestBuffer
- sizeof(TPMI_ALG_HASH
);
547 CopyMem (&EventSize
, DigestBuffer
, sizeof(TcgPcrEvent2
->EventSize
));
548 EventBuffer
= DigestBuffer
+ sizeof(TcgPcrEvent2
->EventSize
);
550 return (UINTN
)EventBuffer
+ EventSize
- (UINTN
)TcgPcrEvent2
;
554 This function dump event log.
556 @param[in] EventLogFormat The type of the event log for which the information is requested.
557 @param[in] EventLogLocation A pointer to the memory address of the event log.
558 @param[in] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the
559 address of the start of the last entry in the event log in memory.
560 @param[in] FinalEventsTable A pointer to the memory address of the final event table.
564 IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat
,
565 IN EFI_PHYSICAL_ADDRESS EventLogLocation
,
566 IN EFI_PHYSICAL_ADDRESS EventLogLastEntry
,
567 IN EFI_TCG2_FINAL_EVENTS_TABLE
*FinalEventsTable
570 TCG_PCR_EVENT_HDR
*EventHdr
;
571 TCG_PCR_EVENT2
*TcgPcrEvent2
;
572 TCG_EfiSpecIDEventStruct
*TcgEfiSpecIdEventStruct
;
573 UINTN NumberOfEvents
;
575 DEBUG ((EFI_D_INFO
, "EventLogFormat: (0x%x)\n", EventLogFormat
));
577 switch (EventLogFormat
) {
578 case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
:
579 EventHdr
= (TCG_PCR_EVENT_HDR
*)(UINTN
)EventLogLocation
;
580 while ((UINTN
)EventHdr
<= EventLogLastEntry
) {
581 DumpEvent (EventHdr
);
582 EventHdr
= (TCG_PCR_EVENT_HDR
*)((UINTN
)EventHdr
+ sizeof(TCG_PCR_EVENT_HDR
) + EventHdr
->EventSize
);
584 if (FinalEventsTable
== NULL
) {
585 DEBUG ((EFI_D_INFO
, "FinalEventsTable: NOT FOUND\n"));
587 DEBUG ((EFI_D_INFO
, "FinalEventsTable: (0x%x)\n", FinalEventsTable
));
588 DEBUG ((EFI_D_INFO
, " Version: (0x%x)\n", FinalEventsTable
->Version
));
589 DEBUG ((EFI_D_INFO
, " NumberOfEvents: (0x%x)\n", FinalEventsTable
->NumberOfEvents
));
591 EventHdr
= (TCG_PCR_EVENT_HDR
*)(UINTN
)(FinalEventsTable
+ 1);
592 for (NumberOfEvents
= 0; NumberOfEvents
< FinalEventsTable
->NumberOfEvents
; NumberOfEvents
++) {
593 DumpEvent (EventHdr
);
594 EventHdr
= (TCG_PCR_EVENT_HDR
*)((UINTN
)EventHdr
+ sizeof(TCG_PCR_EVENT_HDR
) + EventHdr
->EventSize
);
598 case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
:
602 EventHdr
= (TCG_PCR_EVENT_HDR
*)(UINTN
)EventLogLocation
;
603 DumpEvent (EventHdr
);
605 TcgEfiSpecIdEventStruct
= (TCG_EfiSpecIDEventStruct
*)(EventHdr
+ 1);
606 DumpTcgEfiSpecIdEventStruct (TcgEfiSpecIdEventStruct
);
608 TcgPcrEvent2
= (TCG_PCR_EVENT2
*)((UINTN
)TcgEfiSpecIdEventStruct
+ GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct
));
609 while ((UINTN
)TcgPcrEvent2
<= EventLogLastEntry
) {
610 DumpEvent2 (TcgPcrEvent2
);
611 TcgPcrEvent2
= (TCG_PCR_EVENT2
*)((UINTN
)TcgPcrEvent2
+ GetPcrEvent2Size (TcgPcrEvent2
));
614 if (FinalEventsTable
== NULL
) {
615 DEBUG ((EFI_D_INFO
, "FinalEventsTable: NOT FOUND\n"));
617 DEBUG ((EFI_D_INFO
, "FinalEventsTable: (0x%x)\n", FinalEventsTable
));
618 DEBUG ((EFI_D_INFO
, " Version: (0x%x)\n", FinalEventsTable
->Version
));
619 DEBUG ((EFI_D_INFO
, " NumberOfEvents: (0x%x)\n", FinalEventsTable
->NumberOfEvents
));
621 TcgPcrEvent2
= (TCG_PCR_EVENT2
*)(UINTN
)(FinalEventsTable
+ 1);
622 for (NumberOfEvents
= 0; NumberOfEvents
< FinalEventsTable
->NumberOfEvents
; NumberOfEvents
++) {
623 DumpEvent2 (TcgPcrEvent2
);
624 TcgPcrEvent2
= (TCG_PCR_EVENT2
*)((UINTN
)TcgPcrEvent2
+ GetPcrEvent2Size (TcgPcrEvent2
));
634 The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to
635 retrieve the address of a given event log and its last entry.
637 @param[in] This Indicates the calling context
638 @param[in] EventLogFormat The type of the event log for which the information is requested.
639 @param[out] EventLogLocation A pointer to the memory address of the event log.
640 @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the
641 address of the start of the last entry in the event log in memory.
642 @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would
643 have exceeded the area allocated for events, this value is set to TRUE.
644 Otherwise, the value will be FALSE and the Event Log will be complete.
646 @retval EFI_SUCCESS Operation completed successfully.
647 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect
648 (e.g. asking for an event log whose format is not supported).
653 IN EFI_TCG2_PROTOCOL
*This
,
654 IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat
,
655 OUT EFI_PHYSICAL_ADDRESS
*EventLogLocation
,
656 OUT EFI_PHYSICAL_ADDRESS
*EventLogLastEntry
,
657 OUT BOOLEAN
*EventLogTruncated
662 DEBUG ((EFI_D_INFO
, "Tcg2GetEventLog ... (0x%x)\n", EventLogFormat
));
665 return EFI_INVALID_PARAMETER
;
668 for (Index
= 0; Index
< sizeof(mTcg2EventInfo
)/sizeof(mTcg2EventInfo
[0]); Index
++) {
669 if (EventLogFormat
== mTcg2EventInfo
[Index
].LogFormat
) {
674 if (Index
== sizeof(mTcg2EventInfo
)/sizeof(mTcg2EventInfo
[0])) {
675 return EFI_INVALID_PARAMETER
;
678 if ((mTcg2EventInfo
[Index
].LogFormat
& mTcgDxeData
.BsCap
.SupportedEventLogs
) == 0) {
679 return EFI_INVALID_PARAMETER
;
682 if (!mTcgDxeData
.BsCap
.TPMPresentFlag
) {
683 if (EventLogLocation
!= NULL
) {
684 *EventLogLocation
= 0;
686 if (EventLogLastEntry
!= NULL
) {
687 *EventLogLastEntry
= 0;
689 if (EventLogTruncated
!= NULL
) {
690 *EventLogTruncated
= FALSE
;
695 if (EventLogLocation
!= NULL
) {
696 *EventLogLocation
= mTcgDxeData
.EventLogAreaStruct
[Index
].Lasa
;
697 DEBUG ((EFI_D_INFO
, "Tcg2GetEventLog (EventLogLocation - %x)\n", *EventLogLocation
));
700 if (EventLogLastEntry
!= NULL
) {
701 if (!mTcgDxeData
.EventLogAreaStruct
[Index
].EventLogStarted
) {
702 *EventLogLastEntry
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)0;
704 *EventLogLastEntry
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)mTcgDxeData
.EventLogAreaStruct
[Index
].LastEvent
;
706 DEBUG ((EFI_D_INFO
, "Tcg2GetEventLog (EventLogLastEntry - %x)\n", *EventLogLastEntry
));
709 if (EventLogTruncated
!= NULL
) {
710 *EventLogTruncated
= mTcgDxeData
.EventLogAreaStruct
[Index
].EventLogTruncated
;
711 DEBUG ((EFI_D_INFO
, "Tcg2GetEventLog (EventLogTruncated - %x)\n", *EventLogTruncated
));
714 DEBUG ((EFI_D_INFO
, "Tcg2GetEventLog - %r\n", EFI_SUCCESS
));
716 // Dump Event Log for debug purpose
717 if ((EventLogLocation
!= NULL
) && (EventLogLastEntry
!= NULL
)) {
718 DumpEventLog (EventLogFormat
, *EventLogLocation
, *EventLogLastEntry
, mTcgDxeData
.FinalEventsTable
[Index
]);
722 // All events generated after the invocation of EFI_TCG2_GET_EVENT_LOG SHALL be stored
723 // in an instance of an EFI_CONFIGURATION_TABLE named by the VendorGuid of EFI_TCG2_FINAL_EVENTS_TABLE_GUID.
725 mTcgDxeData
.GetEventLogCalled
[Index
] = TRUE
;
731 Add a new entry to the Event Log.
733 @param[in, out] EventLogPtr Pointer to the Event Log data.
734 @param[in, out] LogSize Size of the Event Log.
735 @param[in] MaxSize Maximum size of the Event Log.
736 @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
737 @param[in] NewEventHdrSize New event header size.
738 @param[in] NewEventData Pointer to the new event data.
739 @param[in] NewEventSize New event data size.
741 @retval EFI_SUCCESS The new event log entry was added.
742 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
747 IN OUT UINT8
**EventLogPtr
,
748 IN OUT UINTN
*LogSize
,
750 IN VOID
*NewEventHdr
,
751 IN UINT32 NewEventHdrSize
,
752 IN UINT8
*NewEventData
,
753 IN UINT32 NewEventSize
758 if (NewEventSize
> MAX_ADDRESS
- NewEventHdrSize
) {
759 return EFI_OUT_OF_RESOURCES
;
762 NewLogSize
= NewEventHdrSize
+ NewEventSize
;
764 if (NewLogSize
> MAX_ADDRESS
- *LogSize
) {
765 return EFI_OUT_OF_RESOURCES
;
768 if (NewLogSize
+ *LogSize
> MaxSize
) {
769 DEBUG ((EFI_D_INFO
, " MaxSize - 0x%x\n", MaxSize
));
770 DEBUG ((EFI_D_INFO
, " NewLogSize - 0x%x\n", NewLogSize
));
771 DEBUG ((EFI_D_INFO
, " LogSize - 0x%x\n", *LogSize
));
772 DEBUG ((EFI_D_INFO
, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES
));
773 return EFI_OUT_OF_RESOURCES
;
776 *EventLogPtr
+= *LogSize
;
777 *LogSize
+= NewLogSize
;
778 CopyMem (*EventLogPtr
, NewEventHdr
, NewEventHdrSize
);
780 *EventLogPtr
+ NewEventHdrSize
,
788 Add a new entry to the Event Log.
790 @param[in] EventLogFormat The type of the event log for which the information is requested.
791 @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
792 @param[in] NewEventHdrSize New event header size.
793 @param[in] NewEventData Pointer to the new event data.
794 @param[in] NewEventSize New event data size.
796 @retval EFI_SUCCESS The new event log entry was added.
797 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
802 IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat
,
803 IN VOID
*NewEventHdr
,
804 IN UINT32 NewEventHdrSize
,
805 IN UINT8
*NewEventData
,
806 IN UINT32 NewEventSize
811 TCG_EVENT_LOG_AREA_STRUCT
*EventLogAreaStruct
;
813 for (Index
= 0; Index
< sizeof(mTcg2EventInfo
)/sizeof(mTcg2EventInfo
[0]); Index
++) {
814 if (EventLogFormat
== mTcg2EventInfo
[Index
].LogFormat
) {
819 if (Index
== sizeof(mTcg2EventInfo
)/sizeof(mTcg2EventInfo
[0])) {
820 return EFI_INVALID_PARAMETER
;
823 if (!mTcgDxeData
.GetEventLogCalled
[Index
]) {
824 EventLogAreaStruct
= &mTcgDxeData
.EventLogAreaStruct
[Index
];
826 EventLogAreaStruct
= &mTcgDxeData
.FinalEventLogAreaStruct
[Index
];
829 if (EventLogAreaStruct
->EventLogTruncated
) {
830 return EFI_VOLUME_FULL
;
833 EventLogAreaStruct
->LastEvent
= (UINT8
*)(UINTN
)EventLogAreaStruct
->Lasa
;
834 Status
= TcgCommLogEvent (
835 &EventLogAreaStruct
->LastEvent
,
836 &EventLogAreaStruct
->EventLogSize
,
837 (UINTN
)EventLogAreaStruct
->Laml
,
844 if (Status
== EFI_DEVICE_ERROR
) {
845 return EFI_DEVICE_ERROR
;
846 } else if (Status
== EFI_OUT_OF_RESOURCES
) {
847 EventLogAreaStruct
->EventLogTruncated
= TRUE
;
848 return EFI_VOLUME_FULL
;
849 } else if (Status
== EFI_SUCCESS
) {
850 EventLogAreaStruct
->EventLogStarted
= TRUE
;
851 if (mTcgDxeData
.GetEventLogCalled
[Index
]) {
852 (mTcgDxeData
.FinalEventsTable
[Index
])->NumberOfEvents
++;
860 This function get digest from digest list.
862 @param HashAlg digest algorithm
863 @param DigestList digest list
866 @retval EFI_SUCCESS Sha1Digest is found and returned.
867 @retval EFI_NOT_FOUND Sha1Digest is not found.
870 Tpm2GetDigestFromDigestList (
871 IN TPMI_ALG_HASH HashAlg
,
872 IN TPML_DIGEST_VALUES
*DigestList
,
879 DigestSize
= GetHashSizeFromAlgo (HashAlg
);
880 for (Index
= 0; Index
< DigestList
->count
; Index
++) {
881 if (DigestList
->digests
[Index
].hashAlg
== HashAlg
) {
884 &DigestList
->digests
[Index
].digest
,
891 return EFI_NOT_FOUND
;
895 Get TPML_DIGEST_VALUES data size.
897 @param[in] DigestList TPML_DIGEST_VALUES data.
899 @return TPML_DIGEST_VALUES data size.
903 IN TPML_DIGEST_VALUES
*DigestList
910 TotalSize
= sizeof(DigestList
->count
);
911 for (Index
= 0; Index
< DigestList
->count
; Index
++) {
912 DigestSize
= GetHashSizeFromAlgo (DigestList
->digests
[Index
].hashAlg
);
913 TotalSize
+= sizeof(DigestList
->digests
[Index
].hashAlg
) + DigestSize
;
920 Get TPML_DIGEST_VALUES compact binary buffer size.
922 @param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer.
924 @return TPML_DIGEST_VALUES compact binary buffer size.
927 GetDigestListBinSize (
928 IN VOID
*DigestListBin
935 TPMI_ALG_HASH HashAlg
;
937 Count
= ReadUnaligned32 (DigestListBin
);
938 TotalSize
= sizeof(Count
);
939 DigestListBin
= (UINT8
*)DigestListBin
+ sizeof(Count
);
940 for (Index
= 0; Index
< Count
; Index
++) {
941 HashAlg
= ReadUnaligned16 (DigestListBin
);
942 TotalSize
+= sizeof(HashAlg
);
943 DigestListBin
= (UINT8
*)DigestListBin
+ sizeof(HashAlg
);
945 DigestSize
= GetHashSizeFromAlgo (HashAlg
);
946 TotalSize
+= DigestSize
;
947 DigestListBin
= (UINT8
*)DigestListBin
+ DigestSize
;
954 Return if hash alg is supported in TPM PCR bank.
956 @param HashAlg Hash algorithm to be checked.
958 @retval TRUE Hash algorithm is supported.
959 @retval FALSE Hash algorithm is not supported.
962 IsHashAlgSupportedInPcrBank (
963 IN TPMI_ALG_HASH HashAlg
968 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& EFI_TCG2_BOOT_HASH_ALG_SHA1
) != 0) {
973 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& EFI_TCG2_BOOT_HASH_ALG_SHA256
) != 0) {
978 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& EFI_TCG2_BOOT_HASH_ALG_SHA384
) != 0) {
983 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& EFI_TCG2_BOOT_HASH_ALG_SHA512
) != 0) {
987 case TPM_ALG_SM3_256
:
988 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& EFI_TCG2_BOOT_HASH_ALG_SM3_256
) != 0) {
998 Copy TPML_DIGEST_VALUES into a buffer
1000 @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
1001 @param[in] DigestList TPML_DIGEST_VALUES to be copied.
1003 @return The end of buffer to hold TPML_DIGEST_VALUES.
1006 CopyDigestListToBuffer (
1007 IN OUT VOID
*Buffer
,
1008 IN TPML_DIGEST_VALUES
*DigestList
1014 CopyMem (Buffer
, &DigestList
->count
, sizeof(DigestList
->count
));
1015 Buffer
= (UINT8
*)Buffer
+ sizeof(DigestList
->count
);
1016 for (Index
= 0; Index
< DigestList
->count
; Index
++) {
1017 if (!IsHashAlgSupportedInPcrBank (DigestList
->digests
[Index
].hashAlg
)) {
1018 DEBUG ((EFI_D_ERROR
, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList
->digests
[Index
].hashAlg
));
1021 CopyMem (Buffer
, &DigestList
->digests
[Index
].hashAlg
, sizeof(DigestList
->digests
[Index
].hashAlg
));
1022 Buffer
= (UINT8
*)Buffer
+ sizeof(DigestList
->digests
[Index
].hashAlg
);
1023 DigestSize
= GetHashSizeFromAlgo (DigestList
->digests
[Index
].hashAlg
);
1024 CopyMem (Buffer
, &DigestList
->digests
[Index
].digest
, DigestSize
);
1025 Buffer
= (UINT8
*)Buffer
+ DigestSize
;
1032 Add a new entry to the Event Log.
1034 @param[in] DigestList A list of digest.
1035 @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
1036 @param[in] NewEventData Pointer to the new event data.
1038 @retval EFI_SUCCESS The new event log entry was added.
1039 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
1042 TcgDxeLogHashEvent (
1043 IN TPML_DIGEST_VALUES
*DigestList
,
1044 IN OUT TCG_PCR_EVENT_HDR
*NewEventHdr
,
1045 IN UINT8
*NewEventData
1051 EFI_STATUS RetStatus
;
1052 TCG_PCR_EVENT2 TcgPcrEvent2
;
1053 UINT8
*DigestBuffer
;
1055 DEBUG ((EFI_D_INFO
, "SupportedEventLogs - 0x%08x\n", mTcgDxeData
.BsCap
.SupportedEventLogs
));
1057 RetStatus
= EFI_SUCCESS
;
1058 for (Index
= 0; Index
< sizeof(mTcg2EventInfo
)/sizeof(mTcg2EventInfo
[0]); Index
++) {
1059 if ((mTcgDxeData
.BsCap
.SupportedEventLogs
& mTcg2EventInfo
[Index
].LogFormat
) != 0) {
1060 DEBUG ((EFI_D_INFO
, " LogFormat - 0x%08x\n", mTcg2EventInfo
[Index
].LogFormat
));
1061 switch (mTcg2EventInfo
[Index
].LogFormat
) {
1062 case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
:
1063 Status
= Tpm2GetDigestFromDigestList (TPM_ALG_SHA1
, DigestList
, &NewEventHdr
->Digest
);
1064 if (!EFI_ERROR (Status
)) {
1066 // Enter critical region
1068 OldTpl
= gBS
->RaiseTPL (TPL_HIGH_LEVEL
);
1069 Status
= TcgDxeLogEvent (
1070 mTcg2EventInfo
[Index
].LogFormat
,
1072 sizeof(TCG_PCR_EVENT_HDR
),
1074 NewEventHdr
->EventSize
1076 if (Status
!= EFI_SUCCESS
) {
1079 gBS
->RestoreTPL (OldTpl
);
1081 // Exit critical region
1085 case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
:
1086 ZeroMem (&TcgPcrEvent2
, sizeof(TcgPcrEvent2
));
1087 TcgPcrEvent2
.PCRIndex
= NewEventHdr
->PCRIndex
;
1088 TcgPcrEvent2
.EventType
= NewEventHdr
->EventType
;
1089 DigestBuffer
= (UINT8
*)&TcgPcrEvent2
.Digest
;
1090 DigestBuffer
= CopyDigestListToBuffer (DigestBuffer
, DigestList
);
1091 CopyMem (DigestBuffer
, &NewEventHdr
->EventSize
, sizeof(NewEventHdr
->EventSize
));
1092 DigestBuffer
= DigestBuffer
+ sizeof(NewEventHdr
->EventSize
);
1095 // Enter critical region
1097 OldTpl
= gBS
->RaiseTPL (TPL_HIGH_LEVEL
);
1098 Status
= TcgDxeLogEvent (
1099 mTcg2EventInfo
[Index
].LogFormat
,
1101 sizeof(TcgPcrEvent2
.PCRIndex
) + sizeof(TcgPcrEvent2
.EventType
) + GetDigestListSize (DigestList
) + sizeof(TcgPcrEvent2
.EventSize
),
1103 NewEventHdr
->EventSize
1105 if (Status
!= EFI_SUCCESS
) {
1108 gBS
->RestoreTPL (OldTpl
);
1110 // Exit critical region
1121 Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
1122 and add an entry to the Event Log.
1124 @param[in] Flags Bitmap providing additional information.
1125 @param[in] HashData Physical address of the start of the data buffer
1126 to be hashed, extended, and logged.
1127 @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
1128 @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
1129 @param[in] NewEventData Pointer to the new event data.
1131 @retval EFI_SUCCESS Operation completed successfully.
1132 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
1133 @retval EFI_DEVICE_ERROR The command was unsuccessful.
1137 TcgDxeHashLogExtendEvent (
1140 IN UINT64 HashDataLen
,
1141 IN OUT TCG_PCR_EVENT_HDR
*NewEventHdr
,
1142 IN UINT8
*NewEventData
1146 TPML_DIGEST_VALUES DigestList
;
1148 if (!mTcgDxeData
.BsCap
.TPMPresentFlag
) {
1149 return EFI_DEVICE_ERROR
;
1152 Status
= HashAndExtend (
1153 NewEventHdr
->PCRIndex
,
1158 if (!EFI_ERROR (Status
)) {
1159 if ((Flags
& EFI_TCG2_EXTEND_ONLY
) == 0) {
1160 Status
= TcgDxeLogHashEvent (&DigestList
, NewEventHdr
, NewEventData
);
1164 if (Status
== EFI_DEVICE_ERROR
) {
1165 DEBUG ((EFI_D_ERROR
, "TcgDxeHashLogExtendEvent - %r. Disable TPM.\n", Status
));
1166 mTcgDxeData
.BsCap
.TPMPresentFlag
= FALSE
;
1167 REPORT_STATUS_CODE (
1168 EFI_ERROR_CODE
| EFI_ERROR_MINOR
,
1169 (PcdGet32 (PcdStatusCodeSubClassTpmDevice
) | EFI_P_EC_INTERFACE_ERROR
)
1177 The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with
1178 an opportunity to extend and optionally log events without requiring
1179 knowledge of actual TPM commands.
1180 The extend operation will occur even if this function cannot create an event
1181 log entry (e.g. due to the event log being full).
1183 @param[in] This Indicates the calling context
1184 @param[in] Flags Bitmap providing additional information.
1185 @param[in] DataToHash Physical address of the start of the data buffer to be hashed.
1186 @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash.
1187 @param[in] Event Pointer to data buffer containing information about the event.
1189 @retval EFI_SUCCESS Operation completed successfully.
1190 @retval EFI_DEVICE_ERROR The command was unsuccessful.
1191 @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs.
1192 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
1193 @retval EFI_UNSUPPORTED The PE/COFF image type is not supported.
1197 Tcg2HashLogExtendEvent (
1198 IN EFI_TCG2_PROTOCOL
*This
,
1200 IN EFI_PHYSICAL_ADDRESS DataToHash
,
1201 IN UINT64 DataToHashLen
,
1202 IN EFI_TCG2_EVENT
*Event
1206 TCG_PCR_EVENT_HDR NewEventHdr
;
1207 TPML_DIGEST_VALUES DigestList
;
1209 DEBUG ((EFI_D_INFO
, "Tcg2HashLogExtendEvent ...\n"));
1211 if ((This
== NULL
) || (DataToHash
== 0) || (Event
== NULL
)) {
1212 return EFI_INVALID_PARAMETER
;
1215 if (!mTcgDxeData
.BsCap
.TPMPresentFlag
) {
1216 return EFI_DEVICE_ERROR
;
1219 if (Event
->Size
< Event
->Header
.HeaderSize
+ sizeof(UINT32
)) {
1220 return EFI_INVALID_PARAMETER
;
1223 if (Event
->Header
.PCRIndex
> MAX_PCR_INDEX
) {
1224 return EFI_INVALID_PARAMETER
;
1227 NewEventHdr
.PCRIndex
= Event
->Header
.PCRIndex
;
1228 NewEventHdr
.EventType
= Event
->Header
.EventType
;
1229 NewEventHdr
.EventSize
= Event
->Size
- sizeof(UINT32
) - Event
->Header
.HeaderSize
;
1230 if ((Flags
& PE_COFF_IMAGE
) != 0) {
1231 Status
= MeasurePeImageAndExtend (
1232 NewEventHdr
.PCRIndex
,
1234 (UINTN
)DataToHashLen
,
1237 if (!EFI_ERROR (Status
)) {
1238 if ((Flags
& EFI_TCG2_EXTEND_ONLY
) == 0) {
1239 Status
= TcgDxeLogHashEvent (&DigestList
, &NewEventHdr
, Event
->Event
);
1242 if (Status
== EFI_DEVICE_ERROR
) {
1243 DEBUG ((EFI_D_ERROR
, "MeasurePeImageAndExtend - %r. Disable TPM.\n", Status
));
1244 mTcgDxeData
.BsCap
.TPMPresentFlag
= FALSE
;
1245 REPORT_STATUS_CODE (
1246 EFI_ERROR_CODE
| EFI_ERROR_MINOR
,
1247 (PcdGet32 (PcdStatusCodeSubClassTpmDevice
) | EFI_P_EC_INTERFACE_ERROR
)
1251 Status
= TcgDxeHashLogExtendEvent (
1253 (UINT8
*) (UINTN
) DataToHash
,
1259 DEBUG ((EFI_D_INFO
, "Tcg2HashLogExtendEvent - %r\n", Status
));
1264 This service enables the sending of commands to the TPM.
1266 @param[in] This Indicates the calling context
1267 @param[in] InputParameterBlockSize Size of the TPM input parameter block.
1268 @param[in] InputParameterBlock Pointer to the TPM input parameter block.
1269 @param[in] OutputParameterBlockSize Size of the TPM output parameter block.
1270 @param[in] OutputParameterBlock Pointer to the TPM output parameter block.
1272 @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
1273 @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
1274 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
1275 @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
1280 IN EFI_TCG2_PROTOCOL
*This
,
1281 IN UINT32 InputParameterBlockSize
,
1282 IN UINT8
*InputParameterBlock
,
1283 IN UINT32 OutputParameterBlockSize
,
1284 IN UINT8
*OutputParameterBlock
1289 DEBUG ((EFI_D_INFO
, "Tcg2SubmitCommand ...\n"));
1291 if ((This
== NULL
) ||
1292 (InputParameterBlockSize
== 0) || (InputParameterBlock
== NULL
) ||
1293 (OutputParameterBlockSize
== 0) || (OutputParameterBlock
== NULL
)) {
1294 return EFI_INVALID_PARAMETER
;
1297 if (!mTcgDxeData
.BsCap
.TPMPresentFlag
) {
1298 return EFI_DEVICE_ERROR
;
1301 if (InputParameterBlockSize
>= mTcgDxeData
.BsCap
.MaxCommandSize
) {
1302 return EFI_INVALID_PARAMETER
;
1304 if (OutputParameterBlockSize
>= mTcgDxeData
.BsCap
.MaxResponseSize
) {
1305 return EFI_INVALID_PARAMETER
;
1308 Status
= Tpm2SubmitCommand (
1309 InputParameterBlockSize
,
1310 InputParameterBlock
,
1311 &OutputParameterBlockSize
,
1312 OutputParameterBlock
1314 DEBUG ((EFI_D_INFO
, "Tcg2SubmitCommand - %r\n", Status
));
1319 This service returns the currently active PCR banks.
1321 @param[in] This Indicates the calling context
1322 @param[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks.
1324 @retval EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter.
1325 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
1329 Tcg2GetActivePCRBanks (
1330 IN EFI_TCG2_PROTOCOL
*This
,
1331 OUT UINT32
*ActivePcrBanks
1334 if (ActivePcrBanks
== NULL
) {
1335 return EFI_INVALID_PARAMETER
;
1337 *ActivePcrBanks
= mTcgDxeData
.BsCap
.ActivePcrBanks
;
1342 This service sets the currently active PCR banks.
1344 @param[in] This Indicates the calling context
1345 @param[in] ActivePcrBanks Bitmap of the requested active PCR banks. At least one bit SHALL be set.
1347 @retval EFI_SUCCESS The bitmap in ActivePcrBank parameter is already active.
1348 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
1352 Tcg2SetActivePCRBanks (
1353 IN EFI_TCG2_PROTOCOL
*This
,
1354 IN UINT32 ActivePcrBanks
1360 DEBUG ((EFI_D_INFO
, "Tcg2SetActivePCRBanks ... (0x%x)\n", ActivePcrBanks
));
1362 if (ActivePcrBanks
== 0) {
1363 return EFI_INVALID_PARAMETER
;
1365 if ((ActivePcrBanks
& (~mTcgDxeData
.BsCap
.HashAlgorithmBitmap
)) != 0) {
1366 return EFI_INVALID_PARAMETER
;
1368 if (ActivePcrBanks
== mTcgDxeData
.BsCap
.ActivePcrBanks
) {
1370 // Need clear previous SET_PCR_BANKS setting
1372 ReturnCode
= Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (TCG2_PHYSICAL_PRESENCE_NO_ACTION
, 0);
1374 ReturnCode
= Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS
, ActivePcrBanks
);
1377 if (ReturnCode
== TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS
) {
1378 Status
= EFI_SUCCESS
;
1379 } else if (ReturnCode
== TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE
) {
1380 Status
= EFI_OUT_OF_RESOURCES
;
1381 } else if (ReturnCode
== TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED
) {
1382 Status
= EFI_UNSUPPORTED
;
1384 Status
= EFI_DEVICE_ERROR
;
1387 DEBUG ((EFI_D_INFO
, "Tcg2SetActivePCRBanks - %r\n", Status
));
1393 This service retrieves the result of a previous invocation of SetActivePcrBanks.
1395 @param[in] This Indicates the calling context
1396 @param[out] OperationPresent Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot.
1397 @param[out] Response The response from the SetActivePcrBank request.
1399 @retval EFI_SUCCESS The result value could be returned.
1400 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
1404 Tcg2GetResultOfSetActivePcrBanks (
1405 IN EFI_TCG2_PROTOCOL
*This
,
1406 OUT UINT32
*OperationPresent
,
1407 OUT UINT32
*Response
1412 if ((OperationPresent
== NULL
) || (Response
== NULL
)) {
1413 return EFI_INVALID_PARAMETER
;
1416 ReturnCode
= Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (OperationPresent
, Response
);
1417 if (ReturnCode
== TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS
) {
1420 return EFI_UNSUPPORTED
;
1424 EFI_TCG2_PROTOCOL mTcg2Protocol
= {
1427 Tcg2HashLogExtendEvent
,
1429 Tcg2GetActivePCRBanks
,
1430 Tcg2SetActivePCRBanks
,
1431 Tcg2GetResultOfSetActivePcrBanks
,
1435 Initialize the Event Log and log events passed from the PEI phase.
1437 @retval EFI_SUCCESS Operation completed successfully.
1438 @retval EFI_OUT_OF_RESOURCES Out of memory.
1448 EFI_PEI_HOB_POINTERS GuidHob
;
1449 EFI_PHYSICAL_ADDRESS Lasa
;
1451 UINT32 DigestListBinSize
;
1453 TCG_EfiSpecIDEventStruct
*TcgEfiSpecIdEventStruct
;
1454 UINT8 TempBuf
[sizeof(TCG_EfiSpecIDEventStruct
) + (HASH_COUNT
* sizeof(TCG_EfiSpecIdEventAlgorithmSize
)) + sizeof(UINT8
)];
1455 TCG_PCR_EVENT_HDR FirstPcrEvent
;
1456 TCG_EfiSpecIdEventAlgorithmSize
*DigestSize
;
1457 TCG_EfiSpecIdEventAlgorithmSize
*TempDigestSize
;
1458 UINT8
*VendorInfoSize
;
1459 UINT32 NumberOfAlgorithms
;
1461 DEBUG ((EFI_D_INFO
, "SetupEventLog\n"));
1464 // 1. Create Log Area
1466 for (Index
= 0; Index
< sizeof(mTcg2EventInfo
)/sizeof(mTcg2EventInfo
[0]); Index
++) {
1467 if ((mTcgDxeData
.BsCap
.SupportedEventLogs
& mTcg2EventInfo
[Index
].LogFormat
) != 0) {
1468 mTcgDxeData
.EventLogAreaStruct
[Index
].EventLogFormat
= mTcg2EventInfo
[Index
].LogFormat
;
1469 Lasa
= (EFI_PHYSICAL_ADDRESS
) (SIZE_4GB
- 1);
1470 Status
= gBS
->AllocatePages (
1473 EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE
),
1476 if (EFI_ERROR (Status
)) {
1479 mTcgDxeData
.EventLogAreaStruct
[Index
].Lasa
= Lasa
;
1480 mTcgDxeData
.EventLogAreaStruct
[Index
].Laml
= EFI_TCG_LOG_AREA_SIZE
;
1482 // To initialize them as 0xFF is recommended
1483 // because the OS can know the last entry for that.
1485 SetMem ((VOID
*)(UINTN
)Lasa
, EFI_TCG_LOG_AREA_SIZE
, 0xFF);
1487 // Create first entry for Log Header Entry Data
1489 if (mTcg2EventInfo
[Index
].LogFormat
!= EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
) {
1491 // TcgEfiSpecIdEventStruct
1493 TcgEfiSpecIdEventStruct
= (TCG_EfiSpecIDEventStruct
*)TempBuf
;
1494 CopyMem (TcgEfiSpecIdEventStruct
->signature
, TCG_EfiSpecIDEventStruct_SIGNATURE_03
, sizeof(TcgEfiSpecIdEventStruct
->signature
));
1495 TcgEfiSpecIdEventStruct
->platformClass
= PcdGet8 (PcdTpmPlatformClass
);
1496 TcgEfiSpecIdEventStruct
->specVersionMajor
= TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2
;
1497 TcgEfiSpecIdEventStruct
->specVersionMinor
= TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2
;
1498 TcgEfiSpecIdEventStruct
->specErrata
= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2
;
1499 TcgEfiSpecIdEventStruct
->uintnSize
= sizeof(UINTN
)/sizeof(UINT32
);
1500 NumberOfAlgorithms
= 0;
1501 DigestSize
= (TCG_EfiSpecIdEventAlgorithmSize
*)((UINT8
*)TcgEfiSpecIdEventStruct
+ sizeof(*TcgEfiSpecIdEventStruct
) + sizeof(NumberOfAlgorithms
));
1502 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& EFI_TCG2_BOOT_HASH_ALG_SHA1
) != 0) {
1503 TempDigestSize
= DigestSize
;
1504 TempDigestSize
+= NumberOfAlgorithms
;
1505 TempDigestSize
->algorithmId
= TPM_ALG_SHA1
;
1506 TempDigestSize
->digestSize
= SHA1_DIGEST_SIZE
;
1507 NumberOfAlgorithms
++;
1509 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& EFI_TCG2_BOOT_HASH_ALG_SHA256
) != 0) {
1510 TempDigestSize
= DigestSize
;
1511 TempDigestSize
+= NumberOfAlgorithms
;
1512 TempDigestSize
->algorithmId
= TPM_ALG_SHA256
;
1513 TempDigestSize
->digestSize
= SHA256_DIGEST_SIZE
;
1514 NumberOfAlgorithms
++;
1516 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& EFI_TCG2_BOOT_HASH_ALG_SHA384
) != 0) {
1517 TempDigestSize
= DigestSize
;
1518 TempDigestSize
+= NumberOfAlgorithms
;
1519 TempDigestSize
->algorithmId
= TPM_ALG_SHA384
;
1520 TempDigestSize
->digestSize
= SHA384_DIGEST_SIZE
;
1521 NumberOfAlgorithms
++;
1523 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& EFI_TCG2_BOOT_HASH_ALG_SHA512
) != 0) {
1524 TempDigestSize
= DigestSize
;
1525 TempDigestSize
+= NumberOfAlgorithms
;
1526 TempDigestSize
->algorithmId
= TPM_ALG_SHA512
;
1527 TempDigestSize
->digestSize
= SHA512_DIGEST_SIZE
;
1528 NumberOfAlgorithms
++;
1530 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& EFI_TCG2_BOOT_HASH_ALG_SM3_256
) != 0) {
1531 TempDigestSize
= DigestSize
;
1532 TempDigestSize
+= NumberOfAlgorithms
;
1533 TempDigestSize
->algorithmId
= TPM_ALG_SM3_256
;
1534 TempDigestSize
->digestSize
= SM3_256_DIGEST_SIZE
;
1535 NumberOfAlgorithms
++;
1537 CopyMem (TcgEfiSpecIdEventStruct
+ 1, &NumberOfAlgorithms
, sizeof(NumberOfAlgorithms
));
1538 TempDigestSize
= DigestSize
;
1539 TempDigestSize
+= NumberOfAlgorithms
;
1540 VendorInfoSize
= (UINT8
*)TempDigestSize
;
1541 *VendorInfoSize
= 0;
1546 FirstPcrEvent
.PCRIndex
= 0;
1547 FirstPcrEvent
.EventType
= EV_NO_ACTION
;
1548 ZeroMem (&FirstPcrEvent
.Digest
, sizeof(FirstPcrEvent
.Digest
));
1549 FirstPcrEvent
.EventSize
= (UINT32
)GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct
);
1554 Status
= TcgDxeLogEvent (
1555 mTcg2EventInfo
[Index
].LogFormat
,
1557 sizeof(FirstPcrEvent
),
1558 (UINT8
*)TcgEfiSpecIdEventStruct
,
1559 FirstPcrEvent
.EventSize
1566 // 2. Create Final Log Area
1568 for (Index
= 0; Index
< sizeof(mTcg2EventInfo
)/sizeof(mTcg2EventInfo
[0]); Index
++) {
1569 if ((mTcgDxeData
.BsCap
.SupportedEventLogs
& mTcg2EventInfo
[Index
].LogFormat
) != 0) {
1570 Lasa
= (EFI_PHYSICAL_ADDRESS
) (SIZE_4GB
- 1);
1571 Status
= gBS
->AllocatePages (
1574 EFI_SIZE_TO_PAGES (EFI_TCG_FINAL_LOG_AREA_SIZE
),
1577 if (EFI_ERROR (Status
)) {
1580 SetMem ((VOID
*)(UINTN
)Lasa
, EFI_TCG_FINAL_LOG_AREA_SIZE
, 0xFF);
1585 mTcgDxeData
.FinalEventsTable
[Index
] = (VOID
*)(UINTN
)Lasa
;
1586 (mTcgDxeData
.FinalEventsTable
[Index
])->Version
= EFI_TCG2_FINAL_EVENTS_TABLE_VERSION
;
1587 (mTcgDxeData
.FinalEventsTable
[Index
])->NumberOfEvents
= 0;
1589 mTcgDxeData
.FinalEventLogAreaStruct
[Index
].EventLogFormat
= mTcg2EventInfo
[Index
].LogFormat
;
1590 mTcgDxeData
.FinalEventLogAreaStruct
[Index
].Lasa
= Lasa
+ sizeof(EFI_TCG2_FINAL_EVENTS_TABLE
);
1591 mTcgDxeData
.FinalEventLogAreaStruct
[Index
].Laml
= EFI_TCG_FINAL_LOG_AREA_SIZE
- sizeof(EFI_TCG2_FINAL_EVENTS_TABLE
);
1592 mTcgDxeData
.FinalEventLogAreaStruct
[Index
].EventLogSize
= 0;
1593 mTcgDxeData
.FinalEventLogAreaStruct
[Index
].LastEvent
= (VOID
*)(UINTN
)mTcgDxeData
.FinalEventLogAreaStruct
[Index
].Lasa
;
1594 mTcgDxeData
.FinalEventLogAreaStruct
[Index
].EventLogStarted
= FALSE
;
1595 mTcgDxeData
.FinalEventLogAreaStruct
[Index
].EventLogTruncated
= FALSE
;
1597 if (mTcg2EventInfo
[Index
].LogFormat
== EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
) {
1599 // Install to configuration table
1601 Status
= gBS
->InstallConfigurationTable (&gEfiTcg2FinalEventsTableGuid
, (VOID
*)mTcgDxeData
.FinalEventsTable
[1]);
1602 if (EFI_ERROR (Status
)) {
1610 // 3. Sync data from PEI to DXE
1612 Status
= EFI_SUCCESS
;
1613 for (Index
= 0; Index
< sizeof(mTcg2EventInfo
)/sizeof(mTcg2EventInfo
[0]); Index
++) {
1614 if ((mTcgDxeData
.BsCap
.SupportedEventLogs
& mTcg2EventInfo
[Index
].LogFormat
) != 0) {
1615 GuidHob
.Raw
= GetHobList ();
1616 Status
= EFI_SUCCESS
;
1617 while (!EFI_ERROR (Status
) &&
1618 (GuidHob
.Raw
= GetNextGuidHob (mTcg2EventInfo
[Index
].EventGuid
, GuidHob
.Raw
)) != NULL
) {
1619 TcgEvent
= GET_GUID_HOB_DATA (GuidHob
.Guid
);
1620 GuidHob
.Raw
= GET_NEXT_HOB (GuidHob
);
1621 switch (mTcg2EventInfo
[Index
].LogFormat
) {
1622 case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
:
1623 Status
= TcgDxeLogEvent (
1624 mTcg2EventInfo
[Index
].LogFormat
,
1626 sizeof(TCG_PCR_EVENT_HDR
),
1627 ((TCG_PCR_EVENT
*)TcgEvent
)->Event
,
1628 ((TCG_PCR_EVENT_HDR
*)TcgEvent
)->EventSize
1631 case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
:
1632 DigestListBinSize
= GetDigestListBinSize ((UINT8
*)TcgEvent
+ sizeof(TCG_PCRINDEX
) + sizeof(TCG_EVENTTYPE
));
1633 CopyMem (&EventSize
, (UINT8
*)TcgEvent
+ sizeof(TCG_PCRINDEX
) + sizeof(TCG_EVENTTYPE
) + DigestListBinSize
, sizeof(UINT32
));
1634 Status
= TcgDxeLogEvent (
1635 mTcg2EventInfo
[Index
].LogFormat
,
1637 sizeof(TCG_PCRINDEX
) + sizeof(TCG_EVENTTYPE
) + DigestListBinSize
+ sizeof(UINT32
),
1638 (UINT8
*)TcgEvent
+ sizeof(TCG_PCRINDEX
) + sizeof(TCG_EVENTTYPE
) + DigestListBinSize
+ sizeof(UINT32
),
1651 Measure and log an action string, and extend the measurement result into PCR[5].
1653 @param[in] String A specific string that indicates an Action event.
1655 @retval EFI_SUCCESS Operation completed successfully.
1656 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1664 TCG_PCR_EVENT_HDR TcgEvent
;
1666 TcgEvent
.PCRIndex
= 5;
1667 TcgEvent
.EventType
= EV_EFI_ACTION
;
1668 TcgEvent
.EventSize
= (UINT32
)AsciiStrLen (String
);
1669 return TcgDxeHashLogExtendEvent (
1679 Measure and log EFI handoff tables, and extend the measurement result into PCR[1].
1681 @retval EFI_SUCCESS Operation completed successfully.
1682 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1686 MeasureHandoffTables (
1691 TCG_PCR_EVENT_HDR TcgEvent
;
1692 EFI_HANDOFF_TABLE_POINTERS HandoffTables
;
1694 EFI_CPU_PHYSICAL_LOCATION
*ProcessorLocBuf
;
1696 ProcessorLocBuf
= NULL
;
1697 Status
= EFI_SUCCESS
;
1699 if (PcdGet8 (PcdTpmPlatformClass
) == TCG_PLATFORM_TYPE_SERVER
) {
1702 // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1]
1704 Status
= GetProcessorsCpuLocation(&ProcessorLocBuf
, &ProcessorNum
);
1706 if (!EFI_ERROR(Status
)){
1707 TcgEvent
.PCRIndex
= 1;
1708 TcgEvent
.EventType
= EV_TABLE_OF_DEVICES
;
1709 TcgEvent
.EventSize
= sizeof (HandoffTables
);
1711 HandoffTables
.NumberOfTables
= 1;
1712 HandoffTables
.TableEntry
[0].VendorGuid
= gEfiMpServiceProtocolGuid
;
1713 HandoffTables
.TableEntry
[0].VendorTable
= ProcessorLocBuf
;
1715 Status
= TcgDxeHashLogExtendEvent (
1717 (UINT8
*)(UINTN
)ProcessorLocBuf
,
1718 sizeof(EFI_CPU_PHYSICAL_LOCATION
) * ProcessorNum
,
1720 (UINT8
*)&HandoffTables
1723 FreePool(ProcessorLocBuf
);
1731 Measure and log Separator event, and extend the measurement result into a specific PCR.
1733 @param[in] PCRIndex PCR index.
1735 @retval EFI_SUCCESS Operation completed successfully.
1736 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1740 MeasureSeparatorEvent (
1741 IN TPM_PCRINDEX PCRIndex
1744 TCG_PCR_EVENT_HDR TcgEvent
;
1747 DEBUG ((EFI_D_INFO
, "MeasureSeparatorEvent Pcr - %x\n", PCRIndex
));
1750 TcgEvent
.PCRIndex
= PCRIndex
;
1751 TcgEvent
.EventType
= EV_SEPARATOR
;
1752 TcgEvent
.EventSize
= (UINT32
)sizeof (EventData
);
1753 return TcgDxeHashLogExtendEvent (
1755 (UINT8
*)&EventData
,
1763 Measure and log an EFI variable, and extend the measurement result into a specific PCR.
1765 @param[in] PCRIndex PCR Index.
1766 @param[in] EventType Event type.
1767 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
1768 @param[in] VendorGuid A unique identifier for the vendor.
1769 @param[in] VarData The content of the variable data.
1770 @param[in] VarSize The size of the variable data.
1772 @retval EFI_SUCCESS Operation completed successfully.
1773 @retval EFI_OUT_OF_RESOURCES Out of memory.
1774 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1779 IN TPM_PCRINDEX PCRIndex
,
1780 IN TCG_EVENTTYPE EventType
,
1782 IN EFI_GUID
*VendorGuid
,
1788 TCG_PCR_EVENT_HDR TcgEvent
;
1789 UINTN VarNameLength
;
1790 EFI_VARIABLE_DATA_TREE
*VarLog
;
1792 DEBUG ((EFI_D_INFO
, "Tcg2Dxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN
)PCRIndex
, (UINTN
)EventType
));
1793 DEBUG ((EFI_D_INFO
, "VariableName - %s, VendorGuid - %g)\n", VarName
, VendorGuid
));
1795 VarNameLength
= StrLen (VarName
);
1796 TcgEvent
.PCRIndex
= PCRIndex
;
1797 TcgEvent
.EventType
= EventType
;
1799 TcgEvent
.EventSize
= (UINT32
)(sizeof (*VarLog
) + VarNameLength
* sizeof (*VarName
) + VarSize
1800 - sizeof (VarLog
->UnicodeName
) - sizeof (VarLog
->VariableData
));
1802 VarLog
= (EFI_VARIABLE_DATA_TREE
*)AllocatePool (TcgEvent
.EventSize
);
1803 if (VarLog
== NULL
) {
1804 return EFI_OUT_OF_RESOURCES
;
1807 VarLog
->VariableName
= *VendorGuid
;
1808 VarLog
->UnicodeNameLength
= VarNameLength
;
1809 VarLog
->VariableDataLength
= VarSize
;
1811 VarLog
->UnicodeName
,
1813 VarNameLength
* sizeof (*VarName
)
1815 if (VarSize
!= 0 && VarData
!= NULL
) {
1817 (CHAR16
*)VarLog
->UnicodeName
+ VarNameLength
,
1823 if (EventType
== EV_EFI_VARIABLE_DRIVER_CONFIG
) {
1825 // Digest is the event data (EFI_VARIABLE_DATA)
1827 Status
= TcgDxeHashLogExtendEvent (
1835 Status
= TcgDxeHashLogExtendEvent (
1848 Read then Measure and log an EFI variable, and extend the measurement result into a specific PCR.
1850 @param[in] PCRIndex PCR Index.
1851 @param[in] EventType Event type.
1852 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
1853 @param[in] VendorGuid A unique identifier for the vendor.
1854 @param[out] VarSize The size of the variable data.
1855 @param[out] VarData Pointer to the content of the variable.
1857 @retval EFI_SUCCESS Operation completed successfully.
1858 @retval EFI_OUT_OF_RESOURCES Out of memory.
1859 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1863 ReadAndMeasureVariable (
1864 IN TPM_PCRINDEX PCRIndex
,
1865 IN TCG_EVENTTYPE EventType
,
1867 IN EFI_GUID
*VendorGuid
,
1874 Status
= GetVariable2 (VarName
, VendorGuid
, VarData
, VarSize
);
1875 if (EventType
== EV_EFI_VARIABLE_DRIVER_CONFIG
) {
1876 if (EFI_ERROR (Status
)) {
1878 // It is valid case, so we need handle it.
1885 // if status error, VarData is freed and set NULL by GetVariable2
1887 if (EFI_ERROR (Status
)) {
1888 return EFI_NOT_FOUND
;
1892 Status
= MeasureVariable (
1904 Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[5].
1906 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
1907 @param[in] VendorGuid A unique identifier for the vendor.
1908 @param[out] VarSize The size of the variable data.
1909 @param[out] VarData Pointer to the content of the variable.
1911 @retval EFI_SUCCESS Operation completed successfully.
1912 @retval EFI_OUT_OF_RESOURCES Out of memory.
1913 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1917 ReadAndMeasureBootVariable (
1919 IN EFI_GUID
*VendorGuid
,
1924 return ReadAndMeasureVariable (
1926 EV_EFI_VARIABLE_BOOT
,
1935 Read then Measure and log an EFI Secure variable, and extend the measurement result into PCR[7].
1937 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
1938 @param[in] VendorGuid A unique identifier for the vendor.
1939 @param[out] VarSize The size of the variable data.
1940 @param[out] VarData Pointer to the content of the variable.
1942 @retval EFI_SUCCESS Operation completed successfully.
1943 @retval EFI_OUT_OF_RESOURCES Out of memory.
1944 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1948 ReadAndMeasureSecureVariable (
1950 IN EFI_GUID
*VendorGuid
,
1955 return ReadAndMeasureVariable (
1957 EV_EFI_VARIABLE_DRIVER_CONFIG
,
1966 Measure and log all EFI boot variables, and extend the measurement result into a specific PCR.
1968 The EFI boot variables are BootOrder and Boot#### variables.
1970 @retval EFI_SUCCESS Operation completed successfully.
1971 @retval EFI_OUT_OF_RESOURCES Out of memory.
1972 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1976 MeasureAllBootVariables (
1987 Status
= ReadAndMeasureBootVariable (
1989 &gEfiGlobalVariableGuid
,
1991 (VOID
**) &BootOrder
1993 if (Status
== EFI_NOT_FOUND
|| BootOrder
== NULL
) {
1997 if (EFI_ERROR (Status
)) {
1999 // BootOrder can't be NULL if status is not EFI_NOT_FOUND
2001 FreePool (BootOrder
);
2005 BootCount
/= sizeof (*BootOrder
);
2006 for (Index
= 0; Index
< BootCount
; Index
++) {
2007 UnicodeSPrint (mBootVarName
, sizeof (mBootVarName
), L
"Boot%04x", BootOrder
[Index
]);
2008 Status
= ReadAndMeasureBootVariable (
2010 &gEfiGlobalVariableGuid
,
2014 if (!EFI_ERROR (Status
)) {
2015 FreePool (BootVarData
);
2019 FreePool (BootOrder
);
2024 Measure and log all EFI Secure variables, and extend the measurement result into a specific PCR.
2026 The EFI boot variables are BootOrder and Boot#### variables.
2028 @retval EFI_SUCCESS Operation completed successfully.
2029 @retval EFI_OUT_OF_RESOURCES Out of memory.
2030 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
2034 MeasureAllSecureVariables (
2043 Status
= EFI_NOT_FOUND
;
2044 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
2045 Status
= ReadAndMeasureSecureVariable (
2046 mVariableType
[Index
].VariableName
,
2047 mVariableType
[Index
].VendorGuid
,
2051 if (!EFI_ERROR (Status
)) {
2062 Measure and log launch of FirmwareDebugger, and extend the measurement result into a specific PCR.
2064 @retval EFI_SUCCESS Operation completed successfully.
2065 @retval EFI_OUT_OF_RESOURCES Out of memory.
2066 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
2070 MeasureLaunchOfFirmwareDebugger (
2074 TCG_PCR_EVENT_HDR TcgEvent
;
2076 TcgEvent
.PCRIndex
= 7;
2077 TcgEvent
.EventType
= EV_EFI_ACTION
;
2078 TcgEvent
.EventSize
= sizeof(FIRMWARE_DEBUGGER_EVENT_STRING
) - 1;
2079 return TcgDxeHashLogExtendEvent (
2081 (UINT8
*)FIRMWARE_DEBUGGER_EVENT_STRING
,
2082 sizeof(FIRMWARE_DEBUGGER_EVENT_STRING
) - 1,
2084 (UINT8
*)FIRMWARE_DEBUGGER_EVENT_STRING
2089 Measure and log all Secure Boot Policy, and extend the measurement result into a specific PCR.
2091 Platform firmware adhering to the policy must therefore measure the following values into PCR[7]: (in order listed)
2092 - The contents of the SecureBoot variable
2093 - The contents of the PK variable
2094 - The contents of the KEK variable
2095 - The contents of the EFI_IMAGE_SECURITY_DATABASE variable
2096 - The contents of the EFI_IMAGE_SECURITY_DATABASE1 variable
2098 - Entries in the EFI_IMAGE_SECURITY_DATABASE that are used to validate EFI Drivers or EFI Boot Applications in the boot path
2100 NOTE: Because of the above, UEFI variables PK, KEK, EFI_IMAGE_SECURITY_DATABASE,
2101 EFI_IMAGE_SECURITY_DATABASE1 and SecureBoot SHALL NOT be measured into PCR[3].
2103 @param[in] Event Event whose notification function is being invoked
2104 @param[in] Context Pointer to the notification function's context
2108 MeasureSecureBootPolicy (
2116 Status
= gBS
->LocateProtocol (&gEfiVariableWriteArchProtocolGuid
, NULL
, (VOID
**)&Protocol
);
2117 if (EFI_ERROR (Status
)) {
2121 if (PcdGetBool (PcdFirmwareDebuggerInitialized
)) {
2122 Status
= MeasureLaunchOfFirmwareDebugger ();
2123 DEBUG ((EFI_D_INFO
, "MeasureLaunchOfFirmwareDebugger - %r\n", Status
));
2126 Status
= MeasureAllSecureVariables ();
2127 DEBUG ((EFI_D_INFO
, "MeasureAllSecureVariables - %r\n", Status
));
2130 // We need measure Separator(7) here, because this event must be between SecureBootPolicy (Configure)
2131 // and ImageVerification (Authority)
2132 // There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So
2133 // the Authority measurement happen before ReadToBoot event.
2135 Status
= MeasureSeparatorEvent (7);
2136 DEBUG ((EFI_D_INFO
, "MeasureSeparatorEvent - %r\n", Status
));
2141 Ready to Boot Event notification handler.
2143 Sequence of OS boot events is measured in this event notification handler.
2145 @param[in] Event Event whose notification function is being invoked
2146 @param[in] Context Pointer to the notification function's context
2157 TPM_PCRINDEX PcrIndex
;
2159 PERF_START_EX (mImageHandle
, "EventRec", "Tcg2Dxe", 0, PERF_ID_TCG2_DXE
);
2160 if (mBootAttempts
== 0) {
2163 // Measure handoff tables.
2165 Status
= MeasureHandoffTables ();
2166 if (EFI_ERROR (Status
)) {
2167 DEBUG ((EFI_D_ERROR
, "HOBs not Measured. Error!\n"));
2171 // Measure BootOrder & Boot#### variables.
2173 Status
= MeasureAllBootVariables ();
2174 if (EFI_ERROR (Status
)) {
2175 DEBUG ((EFI_D_ERROR
, "Boot Variables not Measured. Error!\n"));
2179 // 1. This is the first boot attempt.
2181 Status
= TcgMeasureAction (
2182 EFI_CALLING_EFI_APPLICATION
2184 if (EFI_ERROR (Status
)) {
2185 DEBUG ((EFI_D_ERROR
, "%s not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION
));
2189 // 2. Draw a line between pre-boot env and entering post-boot env.
2190 // PCR[7] is already done.
2192 for (PcrIndex
= 0; PcrIndex
< 7; PcrIndex
++) {
2193 Status
= MeasureSeparatorEvent (PcrIndex
);
2194 if (EFI_ERROR (Status
)) {
2195 DEBUG ((EFI_D_ERROR
, "Seperator Event not Measured. Error!\n"));
2200 // 3. Measure GPT. It would be done in SAP driver.
2204 // 4. Measure PE/COFF OS loader. It would be done in SAP driver.
2208 // 5. Read & Measure variable. BootOrder already measured.
2212 // 6. Not first attempt, meaning a return from last attempt
2214 Status
= TcgMeasureAction (
2215 EFI_RETURNING_FROM_EFI_APPLICATOIN
2217 if (EFI_ERROR (Status
)) {
2218 DEBUG ((EFI_D_ERROR
, "%s not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATOIN
));
2222 DEBUG ((EFI_D_INFO
, "TPM2 Tcg2Dxe Measure Data when ReadyToBoot\n"));
2224 // Increase boot attempt counter.
2227 PERF_END_EX (mImageHandle
, "EventRec", "Tcg2Dxe", 0, PERF_ID_TCG2_DXE
+ 1);
2231 Exit Boot Services Event notification handler.
2233 Measure invocation and success of ExitBootServices.
2235 @param[in] Event Event whose notification function is being invoked
2236 @param[in] Context Pointer to the notification function's context
2241 OnExitBootServices (
2249 // Measure invocation of ExitBootServices,
2251 Status
= TcgMeasureAction (
2252 EFI_EXIT_BOOT_SERVICES_INVOCATION
2254 if (EFI_ERROR (Status
)) {
2255 DEBUG ((EFI_D_ERROR
, "%s not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION
));
2259 // Measure success of ExitBootServices
2261 Status
= TcgMeasureAction (
2262 EFI_EXIT_BOOT_SERVICES_SUCCEEDED
2264 if (EFI_ERROR (Status
)) {
2265 DEBUG ((EFI_D_ERROR
, "%s not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED
));
2270 Exit Boot Services Failed Event notification handler.
2272 Measure Failure of ExitBootServices.
2274 @param[in] Event Event whose notification function is being invoked
2275 @param[in] Context Pointer to the notification function's context
2280 OnExitBootServicesFailed (
2288 // Measure Failure of ExitBootServices,
2290 Status
= TcgMeasureAction (
2291 EFI_EXIT_BOOT_SERVICES_FAILED
2293 if (EFI_ERROR (Status
)) {
2294 DEBUG ((EFI_D_ERROR
, "%s not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED
));
2300 The function install Tcg2 protocol.
2302 @retval EFI_SUCCESS Tcg2 protocol is installed.
2303 @retval other Some error occurs.
2314 Status
= gBS
->InstallMultipleProtocolInterfaces (
2316 &gEfiTcg2ProtocolGuid
,
2324 The driver's entry point. It publishes EFI Tcg2 Protocol.
2326 @param[in] ImageHandle The firmware allocated handle for the EFI image.
2327 @param[in] SystemTable A pointer to the EFI System Table.
2329 @retval EFI_SUCCESS The entry point is executed successfully.
2330 @retval other Some error occurs when executing this entry point.
2335 IN EFI_HANDLE ImageHandle
,
2336 IN EFI_SYSTEM_TABLE
*SystemTable
2342 UINT32 MaxCommandSize
;
2343 UINT32 MaxResponseSize
;
2344 TPML_PCR_SELECTION Pcrs
;
2346 EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap
;
2347 UINT32 ActivePCRBanks
;
2348 UINT32 NumberOfPCRBanks
;
2350 mImageHandle
= ImageHandle
;
2352 if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid
), &gEfiTpmDeviceInstanceNoneGuid
) ||
2353 CompareGuid (PcdGetPtr(PcdTpmInstanceGuid
), &gEfiTpmDeviceInstanceTpm12Guid
)){
2354 DEBUG ((EFI_D_ERROR
, "No TPM2 instance required!\n"));
2355 return EFI_UNSUPPORTED
;
2358 if (GetFirstGuidHob (&gTpmErrorHobGuid
) != NULL
) {
2359 DEBUG ((EFI_D_ERROR
, "TPM2 error!\n"));
2360 return EFI_DEVICE_ERROR
;
2363 Status
= Tpm2RequestUseTpm ();
2364 if (EFI_ERROR (Status
)) {
2365 DEBUG ((EFI_D_ERROR
, "TPM2 not detected!\n"));
2372 ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX
== sizeof(mTcg2EventInfo
)/sizeof(mTcg2EventInfo
[0]));
2374 mTcgDxeData
.BsCap
.Size
= sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY
);
2375 mTcgDxeData
.BsCap
.ProtocolVersion
.Major
= 1;
2376 mTcgDxeData
.BsCap
.ProtocolVersion
.Minor
= 1;
2377 mTcgDxeData
.BsCap
.StructureVersion
.Major
= 1;
2378 mTcgDxeData
.BsCap
.StructureVersion
.Minor
= 1;
2380 DEBUG ((EFI_D_INFO
, "Tcg2.ProtocolVersion - %02x.%02x\n", mTcgDxeData
.BsCap
.ProtocolVersion
.Major
, mTcgDxeData
.BsCap
.ProtocolVersion
.Minor
));
2381 DEBUG ((EFI_D_INFO
, "Tcg2.StructureVersion - %02x.%02x\n", mTcgDxeData
.BsCap
.StructureVersion
.Major
, mTcgDxeData
.BsCap
.StructureVersion
.Minor
));
2383 Status
= Tpm2GetCapabilityManufactureID (&mTcgDxeData
.BsCap
.ManufacturerID
);
2384 if (EFI_ERROR (Status
)) {
2385 DEBUG ((EFI_D_ERROR
, "Tpm2GetCapabilityManufactureID fail!\n"));
2387 DEBUG ((EFI_D_INFO
, "Tpm2GetCapabilityManufactureID - %08x\n", mTcgDxeData
.BsCap
.ManufacturerID
));
2391 UINT32 FirmwareVersion1
;
2392 UINT32 FirmwareVersion2
;
2394 Status
= Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1
, &FirmwareVersion2
);
2395 if (EFI_ERROR (Status
)) {
2396 DEBUG ((EFI_D_ERROR
, "Tpm2GetCapabilityFirmwareVersion fail!\n"));
2398 DEBUG ((EFI_D_INFO
, "Tpm2GetCapabilityFirmwareVersion - %08x %08x\n", FirmwareVersion1
, FirmwareVersion2
));
2402 Status
= Tpm2GetCapabilityMaxCommandResponseSize (&MaxCommandSize
, &MaxResponseSize
);
2403 if (EFI_ERROR (Status
)) {
2404 DEBUG ((EFI_D_ERROR
, "Tpm2GetCapabilityMaxCommandResponseSize fail!\n"));
2406 mTcgDxeData
.BsCap
.MaxCommandSize
= (UINT16
)MaxCommandSize
;
2407 mTcgDxeData
.BsCap
.MaxResponseSize
= (UINT16
)MaxResponseSize
;
2408 DEBUG ((EFI_D_INFO
, "Tpm2GetCapabilityMaxCommandResponseSize - %08x, %08x\n", MaxCommandSize
, MaxResponseSize
));
2412 // Get supported PCR and current Active PCRs
2414 Status
= Tpm2GetCapabilityPcrs (&Pcrs
);
2415 if (EFI_ERROR (Status
)) {
2416 DEBUG ((EFI_D_ERROR
, "Tpm2GetCapabilityPcrs fail!\n"));
2417 TpmHashAlgorithmBitmap
= EFI_TCG2_BOOT_HASH_ALG_SHA1
;
2418 NumberOfPCRBanks
= 1;
2419 ActivePCRBanks
= EFI_TCG2_BOOT_HASH_ALG_SHA1
;
2421 DEBUG ((EFI_D_INFO
, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs
.count
));
2422 NumberOfPCRBanks
= 0;
2423 TpmHashAlgorithmBitmap
= 0;
2425 for (Index
= 0; Index
< Pcrs
.count
; Index
++) {
2426 DEBUG ((EFI_D_INFO
, "hash - %x\n", Pcrs
.pcrSelections
[Index
].hash
));
2427 switch (Pcrs
.pcrSelections
[Index
].hash
) {
2429 TpmHashAlgorithmBitmap
|= EFI_TCG2_BOOT_HASH_ALG_SHA1
;
2430 NumberOfPCRBanks
++;
2431 if (!IsZeroBuffer (Pcrs
.pcrSelections
[Index
].pcrSelect
, Pcrs
.pcrSelections
[Index
].sizeofSelect
)) {
2432 ActivePCRBanks
|= EFI_TCG2_BOOT_HASH_ALG_SHA1
;
2435 case TPM_ALG_SHA256
:
2436 TpmHashAlgorithmBitmap
|= EFI_TCG2_BOOT_HASH_ALG_SHA256
;
2437 NumberOfPCRBanks
++;
2438 if (!IsZeroBuffer (Pcrs
.pcrSelections
[Index
].pcrSelect
, Pcrs
.pcrSelections
[Index
].sizeofSelect
)) {
2439 ActivePCRBanks
|= EFI_TCG2_BOOT_HASH_ALG_SHA256
;
2442 case TPM_ALG_SHA384
:
2443 TpmHashAlgorithmBitmap
|= EFI_TCG2_BOOT_HASH_ALG_SHA384
;
2444 NumberOfPCRBanks
++;
2445 if (!IsZeroBuffer (Pcrs
.pcrSelections
[Index
].pcrSelect
, Pcrs
.pcrSelections
[Index
].sizeofSelect
)) {
2446 ActivePCRBanks
|= EFI_TCG2_BOOT_HASH_ALG_SHA384
;
2449 case TPM_ALG_SHA512
:
2450 TpmHashAlgorithmBitmap
|= EFI_TCG2_BOOT_HASH_ALG_SHA512
;
2451 NumberOfPCRBanks
++;
2452 if (!IsZeroBuffer (Pcrs
.pcrSelections
[Index
].pcrSelect
, Pcrs
.pcrSelections
[Index
].sizeofSelect
)) {
2453 ActivePCRBanks
|= EFI_TCG2_BOOT_HASH_ALG_SHA512
;
2456 case TPM_ALG_SM3_256
:
2457 TpmHashAlgorithmBitmap
|= EFI_TCG2_BOOT_HASH_ALG_SM3_256
;
2458 NumberOfPCRBanks
++;
2459 if (!IsZeroBuffer (Pcrs
.pcrSelections
[Index
].pcrSelect
, Pcrs
.pcrSelections
[Index
].sizeofSelect
)) {
2460 ActivePCRBanks
|= EFI_TCG2_BOOT_HASH_ALG_SM3_256
;
2466 mTcgDxeData
.BsCap
.HashAlgorithmBitmap
= TpmHashAlgorithmBitmap
& PcdGet32 (PcdTcg2HashAlgorithmBitmap
);
2467 mTcgDxeData
.BsCap
.ActivePcrBanks
= ActivePCRBanks
& PcdGet32 (PcdTcg2HashAlgorithmBitmap
);
2469 if (PcdGet32 (PcdTcg2NumberOfPCRBanks
) == 0) {
2470 mTcgDxeData
.BsCap
.NumberOfPCRBanks
= NumberOfPCRBanks
;
2472 mTcgDxeData
.BsCap
.NumberOfPCRBanks
= PcdGet32 (PcdTcg2NumberOfPCRBanks
);
2473 if (PcdGet32 (PcdTcg2NumberOfPCRBanks
) > NumberOfPCRBanks
) {
2474 DEBUG ((EFI_D_ERROR
, "ERROR: PcdTcg2NumberOfPCRBanks(0x%x) > NumberOfPCRBanks(0x%x)\n", PcdGet32 (PcdTcg2NumberOfPCRBanks
), NumberOfPCRBanks
));
2475 mTcgDxeData
.BsCap
.NumberOfPCRBanks
= NumberOfPCRBanks
;
2479 mTcgDxeData
.BsCap
.SupportedEventLogs
= EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
| EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
;
2480 if ((mTcgDxeData
.BsCap
.ActivePcrBanks
& TREE_BOOT_HASH_ALG_SHA1
) == 0) {
2482 // No need to expose TCG1.2 event log if SHA1 bank does not exist.
2484 mTcgDxeData
.BsCap
.SupportedEventLogs
&= ~TREE_EVENT_LOG_FORMAT_TCG_1_2
;
2487 DEBUG ((EFI_D_INFO
, "Tcg2.SupportedEventLogs - 0x%08x\n", mTcgDxeData
.BsCap
.SupportedEventLogs
));
2488 DEBUG ((EFI_D_INFO
, "Tcg2.HashAlgorithmBitmap - 0x%08x\n", mTcgDxeData
.BsCap
.HashAlgorithmBitmap
));
2489 DEBUG ((EFI_D_INFO
, "Tcg2.NumberOfPCRBanks - 0x%08x\n", mTcgDxeData
.BsCap
.NumberOfPCRBanks
));
2490 DEBUG ((EFI_D_INFO
, "Tcg2.ActivePcrBanks - 0x%08x\n", mTcgDxeData
.BsCap
.ActivePcrBanks
));
2492 if (mTcgDxeData
.BsCap
.TPMPresentFlag
) {
2494 // Setup the log area and copy event log from hob list to it
2496 Status
= SetupEventLog ();
2497 ASSERT_EFI_ERROR (Status
);
2500 // Measure handoff tables, Boot#### variables etc.
2502 Status
= EfiCreateEventReadyToBootEx (
2509 Status
= gBS
->CreateEventEx (
2514 &gEfiEventExitBootServicesGuid
,
2519 // Measure Exit Boot Service failed
2521 Status
= gBS
->CreateEventEx (
2524 OnExitBootServicesFailed
,
2526 &gEventExitBootServicesFailedGuid
,
2531 // Create event callback, because we need access variable on SecureBootPolicyVariable
2532 // We should use VariableWriteArch instead of VariableArch, because Variable driver
2533 // may update SecureBoot value based on last setting.
2535 EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid
, TPL_CALLBACK
, MeasureSecureBootPolicy
, NULL
, &Registration
);
2539 // Install Tcg2Protocol
2541 Status
= InstallTcg2 ();
2542 DEBUG ((EFI_D_INFO
, "InstallTcg2 - %r\n", Status
));