]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Tcg/TcgDxe/TcgDxe.c
projects / mirror_edk2.git / blob
? search:


4b5380ba87fb5b4031ca2f4995d8f87d8b860669
[mirror_edk2.git] / SecurityPkg / Tcg / TcgDxe / TcgDxe.c
1 /** @file
2 This module implements TCG EFI Protocol.
3
4 Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include <PiDxe.h>
16 #include <IndustryStandard/Tpm12.h>
17 #include <IndustryStandard/Acpi.h>
18 #include <IndustryStandard/PeImage.h>
19 #include <IndustryStandard/SmBios.h>
20
21 #include <Guid/GlobalVariable.h>
22 #include <Guid/SmBios.h>
23 #include <Guid/HobList.h>
24 #include <Guid/TcgEventHob.h>
25 #include <Guid/EventGroup.h>
26 #include <Protocol/DevicePath.h>
27 #include <Protocol/TcgService.h>
28 #include <Protocol/AcpiTable.h>
29
30 #include <Library/DebugLib.h>
31 #include <Library/BaseMemoryLib.h>
32 #include <Library/UefiRuntimeServicesTableLib.h>
33 #include <Library/UefiDriverEntryPoint.h>
34 #include <Library/HobLib.h>
35 #include <Library/UefiBootServicesTableLib.h>
36 #include <Library/BaseLib.h>
37 #include <Library/MemoryAllocationLib.h>
38 #include <Library/PrintLib.h>
39 #include <Library/TpmCommLib.h>
40 #include <Library/PcdLib.h>
41 #include <Library/UefiLib.h>
42
43 #include "TpmComm.h"
44
45 #define EFI_TCG_LOG_AREA_SIZE 0x10000
46
47 #pragma pack (1)
48
49 typedef struct _EFI_TCG_CLIENT_ACPI_TABLE {
50 EFI_ACPI_DESCRIPTION_HEADER Header;
51 UINT16 PlatformClass;
52 UINT32 Laml;
53 EFI_PHYSICAL_ADDRESS Lasa;
54 } EFI_TCG_CLIENT_ACPI_TABLE;
55
56 typedef struct _EFI_TCG_SERVER_ACPI_TABLE {
57 EFI_ACPI_DESCRIPTION_HEADER Header;
58 UINT16 PlatformClass;
59 UINT16 Reserved0;
60 UINT64 Laml;
61 EFI_PHYSICAL_ADDRESS Lasa;
62 UINT16 SpecRev;
63 UINT8 DeviceFlags;
64 UINT8 InterruptFlags;
65 UINT8 Gpe;
66 UINT8 Reserved1[3];
67 UINT32 GlobalSysInt;
68 EFI_ACPI_3_0_GENERIC_ADDRESS_STRUCTURE BaseAddress;
69 UINT32 Reserved2;
70 EFI_ACPI_3_0_GENERIC_ADDRESS_STRUCTURE ConfigAddress;
71 UINT8 PciSegNum;
72 UINT8 PciBusNum;
73 UINT8 PciDevNum;
74 UINT8 PciFuncNum;
75 } EFI_TCG_SERVER_ACPI_TABLE;
76
77 #pragma pack ()
78
79 #define TCG_DXE_DATA_FROM_THIS(this) \
80 BASE_CR (this, TCG_DXE_DATA, TcgProtocol)
81
82 typedef struct _TCG_DXE_DATA {
83 EFI_TCG_PROTOCOL TcgProtocol;
84 TCG_EFI_BOOT_SERVICE_CAPABILITY BsCap;
85 EFI_TCG_CLIENT_ACPI_TABLE *TcgClientAcpiTable;
86 EFI_TCG_SERVER_ACPI_TABLE *TcgServerAcpiTable;
87 UINTN EventLogSize;
88 UINT8 *LastEvent;
89 TIS_TPM_HANDLE TpmHandle;
90 } TCG_DXE_DATA;
91
92
93
94 EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = {
95 {
96 EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE,
97 sizeof (mTcgClientAcpiTemplate),
98 0x02 //Revision
99 //
100 // Compiler initializes the remaining bytes to 0
101 // These fields should be filled in in production
102 //
103 },
104 0, // 0 for PC Client Platform Class
105 0, // Log Area Max Length
106 (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1) // Log Area Start Address
107 };
108
109 //
110 // The following EFI_TCG_SERVER_ACPI_TABLE default setting is just one example,
111 // the TPM device connectes to LPC, and also defined the ACPI _UID as 0xFF,
112 // this _UID can be changed and should match with the _UID setting of the TPM
113 // ACPI device object
114 //
115 EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = {
116 {
117 EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE,
118 sizeof (mTcgServerAcpiTemplate),
119 0x02 //Revision
120 //
121 // Compiler initializes the remaining bytes to 0
122 // These fields should be filled in in production
123 //
124 },
125 1, // 1 for Server Platform Class
126 0, // Reserved
127 0, // Log Area Max Length
128 (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1), // Log Area Start Address
129 0x0100, // TCG Specification revision 1.0
130 2, // Device Flags
131 0, // Interrupt Flags
132 0, // GPE
133 {0}, // Reserved 3 bytes
134 0, // Global System Interrupt
135 {
136 EFI_ACPI_3_0_SYSTEM_MEMORY,
137 0,
138 0,
139 EFI_ACPI_3_0_BYTE,
140 TPM_BASE_ADDRESS // Base Address
141 },
142 0, // Reserved
143 {0}, // Configuration Address
144 0xFF, // ACPI _UID value of the device, can be changed for different platforms
145 0, // ACPI _UID value of the device, can be changed for different platforms
146 0, // ACPI _UID value of the device, can be changed for different platforms
147 0 // ACPI _UID value of the device, can be changed for different platforms
148 };
149
150 UINTN mBootAttempts = 0;
151 CHAR16 mBootVarName[] = L"BootOrder";
152
153 /**
154 This service provides EFI protocol capability information, state information
155 about the TPM, and Event Log state information.
156
157 @param[in] This Indicates the calling context
158 @param[out] ProtocolCapability The callee allocates memory for a TCG_BOOT_SERVICE_CAPABILITY
159 structure and fills in the fields with the EFI protocol
160 capability information and the current TPM state information.
161 @param[out] TCGFeatureFlags This is a pointer to the feature flags. No feature
162 flags are currently defined so this parameter
163 MUST be set to 0. However, in the future,
164 feature flags may be defined that, for example,
165 enable hash algorithm agility.
166 @param[out] EventLogLocation This is a pointer to the address of the event log in memory.
167 @param[out] EventLogLastEntry If the Event Log contains more than one entry,
168 this is a pointer to the address of the start of
169 the last entry in the event log in memory.
170
171 @retval EFI_SUCCESS Operation completed successfully.
172 @retval EFI_INVALID_PARAMETER ProtocolCapability does not match TCG capability.
173
174 **/
175 EFI_STATUS
176 EFIAPI
177 TcgDxeStatusCheck (
178 IN EFI_TCG_PROTOCOL *This,
179 OUT TCG_EFI_BOOT_SERVICE_CAPABILITY *ProtocolCapability,
180 OUT UINT32 *TCGFeatureFlags,
181 OUT EFI_PHYSICAL_ADDRESS *EventLogLocation,
182 OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry
183 )
184 {
185 TCG_DXE_DATA *TcgData;
186
187 TcgData = TCG_DXE_DATA_FROM_THIS (This);
188
189 if (ProtocolCapability != NULL) {
190 *ProtocolCapability = TcgData->BsCap;
191 }
192
193 if (TCGFeatureFlags != NULL) {
194 *TCGFeatureFlags = 0;
195 }
196
197 if (EventLogLocation != NULL) {
198 if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
199 *EventLogLocation = TcgData->TcgClientAcpiTable->Lasa;
200 } else {
201 *EventLogLocation = TcgData->TcgServerAcpiTable->Lasa;
202 }
203 }
204
205 if (EventLogLastEntry != NULL) {
206 if (TcgData->BsCap.TPMDeactivatedFlag) {
207 *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)0;
208 } else {
209 *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)TcgData->LastEvent;
210 }
211 }
212
213 return EFI_SUCCESS;
214 }
215
216 /**
217 This service abstracts the capability to do a hash operation on a data buffer.
218
219 @param[in] This Indicates the calling context
220 @param[in] HashData Pointer to the data buffer to be hashed
221 @param[in] HashDataLen Length of the data buffer to be hashed
222 @param[in] AlgorithmId Identification of the Algorithm to use for the hashing operation
223 @param[in, out] HashedDataLen Resultant length of the hashed data
224 @param[in, out] HashedDataResult Resultant buffer of the hashed data
225
226 @retval EFI_SUCCESS Operation completed successfully.
227 @retval EFI_INVALID_PARAMETER HashDataLen is NULL.
228 @retval EFI_INVALID_PARAMETER HashDataLenResult is NULL.
229 @retval EFI_OUT_OF_RESOURCES Cannot allocate buffer of size *HashedDataLen.
230 @retval EFI_UNSUPPORTED AlgorithmId not supported.
231 @retval EFI_BUFFER_TOO_SMALL *HashedDataLen < sizeof (TCG_DIGEST).
232
233 **/
234 EFI_STATUS
235 EFIAPI
236 TcgDxeHashAll (
237 IN EFI_TCG_PROTOCOL *This,
238 IN UINT8 *HashData,
239 IN UINT64 HashDataLen,
240 IN TCG_ALGORITHM_ID AlgorithmId,
241 IN OUT UINT64 *HashedDataLen,
242 IN OUT UINT8 **HashedDataResult
243 )
244 {
245 if (HashedDataLen == NULL || HashedDataResult == NULL) {
246 return EFI_INVALID_PARAMETER;
247 }
248
249 switch (AlgorithmId) {
250 case TPM_ALG_SHA:
251 if (*HashedDataLen == 0) {
252 *HashedDataLen = sizeof (TPM_DIGEST);
253 *HashedDataResult = AllocatePool ((UINTN) *HashedDataLen);
254 if (*HashedDataResult == NULL) {
255 return EFI_OUT_OF_RESOURCES;
256 }
257 }
258
259 if (*HashedDataLen < sizeof (TPM_DIGEST)) {
260 *HashedDataLen = sizeof (TPM_DIGEST);
261 return EFI_BUFFER_TOO_SMALL;
262 }
263 *HashedDataLen = sizeof (TPM_DIGEST);
264
265 if (*HashedDataResult == NULL) {
266 *HashedDataResult = AllocatePool ((UINTN) *HashedDataLen);
267 }
268
269 return TpmCommHashAll (
270 HashData,
271 (UINTN) HashDataLen,
272 (TPM_DIGEST*)*HashedDataResult
273 );
274 default:
275 return EFI_UNSUPPORTED;
276 }
277 }
278
279 /**
280 Add a new entry to the Event Log.
281
282 @param[in] TcgData TCG_DXE_DATA structure.
283 @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
284 @param[in] NewEventData Pointer to the new event data.
285
286 @retval EFI_SUCCESS The new event log entry was added.
287 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
288
289 **/
290 EFI_STATUS
291 EFIAPI
292 TcgDxeLogEventI (
293 IN TCG_DXE_DATA *TcgData,
294 IN TCG_PCR_EVENT_HDR *NewEventHdr,
295 IN UINT8 *NewEventData
296 )
297 {
298 if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
299 TcgData->LastEvent = (UINT8*)(UINTN)TcgData->TcgClientAcpiTable->Lasa;
300 return TpmCommLogEvent (
301 &TcgData->LastEvent,
302 &TcgData->EventLogSize,
303 (UINTN)TcgData->TcgClientAcpiTable->Laml,
304 NewEventHdr,
305 NewEventData
306 );
307 } else {
308 TcgData->LastEvent = (UINT8*)(UINTN)TcgData->TcgServerAcpiTable->Lasa;
309 return TpmCommLogEvent (
310 &TcgData->LastEvent,
311 &TcgData->EventLogSize,
312 (UINTN)TcgData->TcgServerAcpiTable->Laml,
313 NewEventHdr,
314 NewEventData
315 );
316 }
317 }
318
319 /**
320 This service abstracts the capability to add an entry to the Event Log.
321
322 @param[in] This Indicates the calling context
323 @param[in] TCGLogData Pointer to the start of the data buffer containing
324 the TCG_PCR_EVENT data structure. All fields in
325 this structure are properly filled by the caller.
326 @param[in, out] EventNumber The event number of the event just logged
327 @param[in] Flags Indicate additional flags. Only one flag has been
328 defined at this time, which is 0x01 and means the
329 extend operation should not be performed. All
330 other bits are reserved.
331
332 @retval EFI_SUCCESS Operation completed successfully.
333 @retval EFI_OUT_OF_RESOURCES Insufficient memory in the event log to complete this action.
334
335 **/
336 EFI_STATUS
337 EFIAPI
338 TcgDxeLogEvent (
339 IN EFI_TCG_PROTOCOL *This,
340 IN TCG_PCR_EVENT *TCGLogData,
341 IN OUT UINT32 *EventNumber,
342 IN UINT32 Flags
343 )
344 {
345 TCG_DXE_DATA *TcgData;
346
347 TcgData = TCG_DXE_DATA_FROM_THIS (This);
348
349 if (TcgData->BsCap.TPMDeactivatedFlag) {
350 return EFI_DEVICE_ERROR;
351 }
352 return TcgDxeLogEventI (
353 TcgData,
354 (TCG_PCR_EVENT_HDR*)TCGLogData,
355 TCGLogData->Event
356 );
357 }
358
359 /**
360 This service is a proxy for commands to the TPM.
361
362 @param[in] This Indicates the calling context
363 @param[in] TpmInputParameterBlockSize Size of the TPM input parameter block
364 @param[in] TpmInputParameterBlock Pointer to the TPM input parameter block
365 @param[in] TpmOutputParameterBlockSize Size of the TPM output parameter block
366 @param[in] TpmOutputParameterBlock Pointer to the TPM output parameter block
367
368 @retval EFI_SUCCESS Operation completed successfully.
369 @retval EFI_INVALID_PARAMETER Invalid ordinal.
370 @retval EFI_UNSUPPORTED Current Task Priority Level >= EFI_TPL_CALLBACK.
371 @retval EFI_TIMEOUT The TIS timed-out.
372
373 **/
374 EFI_STATUS
375 EFIAPI
376 TcgDxePassThroughToTpm (
377 IN EFI_TCG_PROTOCOL *This,
378 IN UINT32 TpmInputParameterBlockSize,
379 IN UINT8 *TpmInputParameterBlock,
380 IN UINT32 TpmOutputParameterBlockSize,
381 IN UINT8 *TpmOutputParameterBlock
382 )
383 {
384 TCG_DXE_DATA *TcgData;
385
386 TcgData = TCG_DXE_DATA_FROM_THIS (This);
387
388 return TisPcExecute (
389 TcgData->TpmHandle,
390 "%r%/%r",
391 TpmInputParameterBlock,
392 (UINTN) TpmInputParameterBlockSize,
393 TpmOutputParameterBlock,
394 (UINTN) TpmOutputParameterBlockSize
395 );
396 }
397
398 /**
399 Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
400 and add an entry to the Event Log.
401
402 @param[in] TcgData TCG_DXE_DATA structure.
403 @param[in] HashData Physical address of the start of the data buffer
404 to be hashed, extended, and logged.
405 @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
406 @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
407 @param[in] NewEventData Pointer to the new event data.
408
409 @retval EFI_SUCCESS Operation completed successfully.
410 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
411 @retval EFI_DEVICE_ERROR The command was unsuccessful.
412
413 **/
414 EFI_STATUS
415 EFIAPI
416 TcgDxeHashLogExtendEventI (
417 IN TCG_DXE_DATA *TcgData,
418 IN UINT8 *HashData,
419 IN UINT64 HashDataLen,
420 IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,
421 IN UINT8 *NewEventData
422 )
423 {
424 EFI_STATUS Status;
425
426 if (HashDataLen > 0) {
427 Status = TpmCommHashAll (
428 HashData,
429 (UINTN) HashDataLen,
430 &NewEventHdr->Digest
431 );
432 ASSERT_EFI_ERROR (Status);
433 }
434
435 Status = TpmCommExtend (
436 TcgData->TpmHandle,
437 &NewEventHdr->Digest,
438 NewEventHdr->PCRIndex,
439 NULL
440 );
441 if (!EFI_ERROR (Status)) {
442 Status = TcgDxeLogEventI (TcgData, NewEventHdr, NewEventData);
443 }
444
445 return Status;
446 }
447
448 /**
449 This service abstracts the capability to do a hash operation on a data buffer,
450 extend a specific TPM PCR with the hash result, and add an entry to the Event Log
451
452 @param[in] This Indicates the calling context
453 @param[in] HashData Physical address of the start of the data buffer
454 to be hashed, extended, and logged.
455 @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
456 @param[in] AlgorithmId Identification of the Algorithm to use for the hashing operation
457 @param[in, out] TCGLogData The physical address of the start of the data
458 buffer containing the TCG_PCR_EVENT data structure.
459 @param[in, out] EventNumber The event number of the event just logged.
460 @param[out] EventLogLastEntry Physical address of the first byte of the entry
461 just placed in the Event Log. If the Event Log was
462 empty when this function was called then this physical
463 address will be the same as the physical address of
464 the start of the Event Log.
465
466 @retval EFI_SUCCESS Operation completed successfully.
467 @retval EFI_UNSUPPORTED AlgorithmId != TPM_ALG_SHA.
468 @retval EFI_UNSUPPORTED Current TPL >= EFI_TPL_CALLBACK.
469 @retval EFI_DEVICE_ERROR The command was unsuccessful.
470
471 **/
472 EFI_STATUS
473 EFIAPI
474 TcgDxeHashLogExtendEvent (
475 IN EFI_TCG_PROTOCOL *This,
476 IN EFI_PHYSICAL_ADDRESS HashData,
477 IN UINT64 HashDataLen,
478 IN TPM_ALGORITHM_ID AlgorithmId,
479 IN OUT TCG_PCR_EVENT *TCGLogData,
480 IN OUT UINT32 *EventNumber,
481 OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry
482 )
483 {
484 TCG_DXE_DATA *TcgData;
485
486 TcgData = TCG_DXE_DATA_FROM_THIS (This);
487
488 if (TcgData->BsCap.TPMDeactivatedFlag) {
489 return EFI_DEVICE_ERROR;
490 }
491
492 if (AlgorithmId != TPM_ALG_SHA) {
493 return EFI_UNSUPPORTED;
494 }
495
496 return TcgDxeHashLogExtendEventI (
497 TcgData,
498 (UINT8 *) (UINTN) HashData,
499 HashDataLen,
500 (TCG_PCR_EVENT_HDR*)TCGLogData,
501 TCGLogData->Event
502 );
503 }
504
505 TCG_DXE_DATA mTcgDxeData = {
506 {
507 TcgDxeStatusCheck,
508 TcgDxeHashAll,
509 TcgDxeLogEvent,
510 TcgDxePassThroughToTpm,
511 TcgDxeHashLogExtendEvent
512 },
513 {
514 sizeof (mTcgDxeData.BsCap),
515 { 1, 2, 0, 0 },
516 { 1, 2, 0, 0 },
517 1,
518 TRUE,
519 FALSE
520 },
521 &mTcgClientAcpiTemplate,
522 &mTcgServerAcpiTemplate,
523 0,
524 NULL,
525 NULL
526 };
527
528 /**
529 Initialize the Event Log and log events passed from the PEI phase.
530
531 @retval EFI_SUCCESS Operation completed successfully.
532 @retval EFI_OUT_OF_RESOURCES Out of memory.
533
534 **/
535 EFI_STATUS
536 EFIAPI
537 SetupEventLog (
538 VOID
539 )
540 {
541 EFI_STATUS Status;
542 TCG_PCR_EVENT *TcgEvent;
543 EFI_PEI_HOB_POINTERS GuidHob;
544 EFI_PHYSICAL_ADDRESS Lasa;
545
546 if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
547 Lasa = mTcgClientAcpiTemplate.Lasa;
548
549 Status = gBS->AllocatePages (
550 AllocateMaxAddress,
551 EfiACPIMemoryNVS,
552 EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE),
553 &Lasa
554 );
555 if (EFI_ERROR (Status)) {
556 return Status;
557 }
558 mTcgClientAcpiTemplate.Lasa = Lasa;
559 //
560 // To initialize them as 0xFF is recommended
561 // because the OS can know the last entry for that.
562 //
563 SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF);
564 mTcgClientAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE;
565
566 } else {
567 Lasa = mTcgServerAcpiTemplate.Lasa;
568
569 Status = gBS->AllocatePages (
570 AllocateMaxAddress,
571 EfiACPIMemoryNVS,
572 EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE),
573 &Lasa
574 );
575 if (EFI_ERROR (Status)) {
576 return Status;
577 }
578 mTcgServerAcpiTemplate.Lasa = Lasa;
579 //
580 // To initialize them as 0xFF is recommended
581 // because the OS can know the last entry for that.
582 //
583 SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF);
584 mTcgServerAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE;
585 }
586
587 GuidHob.Raw = GetHobList ();
588 while (!EFI_ERROR (Status) &&
589 (GuidHob.Raw = GetNextGuidHob (&gTcgEventEntryHobGuid, GuidHob.Raw)) != NULL) {
590 TcgEvent = GET_GUID_HOB_DATA (GuidHob.Guid);
591 GuidHob.Raw = GET_NEXT_HOB (GuidHob);
592 Status = TcgDxeLogEventI (
593 &mTcgDxeData,
594 (TCG_PCR_EVENT_HDR*)TcgEvent,
595 TcgEvent->Event
596 );
597 }
598
599 return Status;
600 }
601
602 /**
603 Measure and log an action string, and extend the measurement result into PCR[5].
604
605 @param[in] String A specific string that indicates an Action event.
606
607 @retval EFI_SUCCESS Operation completed successfully.
608 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
609
610 **/
611 EFI_STATUS
612 EFIAPI
613 TcgMeasureAction (
614 IN CHAR8 *String
615 )
616 {
617 TCG_PCR_EVENT_HDR TcgEvent;
618
619 TcgEvent.PCRIndex = 5;
620 TcgEvent.EventType = EV_EFI_ACTION;
621 TcgEvent.EventSize = (UINT32)AsciiStrLen (String);
622 return TcgDxeHashLogExtendEventI (
623 &mTcgDxeData,
624 (UINT8*)String,
625 TcgEvent.EventSize,
626 &TcgEvent,
627 (UINT8 *) String
628 );
629 }
630
631 /**
632 Measure and log EFI handoff tables, and extend the measurement result into PCR[1].
633
634 @retval EFI_SUCCESS Operation completed successfully.
635 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
636
637 **/
638 EFI_STATUS
639 EFIAPI
640 MeasureHandoffTables (
641 VOID
642 )
643 {
644 EFI_STATUS Status;
645 SMBIOS_TABLE_ENTRY_POINT *SmbiosTable;
646 TCG_PCR_EVENT_HDR TcgEvent;
647 EFI_HANDOFF_TABLE_POINTERS HandoffTables;
648
649 Status = EfiGetSystemConfigurationTable (
650 &gEfiSmbiosTableGuid,
651 (VOID **) &SmbiosTable
652 );
653
654 if (!EFI_ERROR (Status)) {
655 ASSERT (SmbiosTable != NULL);
656
657 TcgEvent.PCRIndex = 1;
658 TcgEvent.EventType = EV_EFI_HANDOFF_TABLES;
659 TcgEvent.EventSize = sizeof (HandoffTables);
660
661 HandoffTables.NumberOfTables = 1;
662 HandoffTables.TableEntry[0].VendorGuid = gEfiSmbiosTableGuid;
663 HandoffTables.TableEntry[0].VendorTable = SmbiosTable;
664
665 DEBUG ((DEBUG_INFO, "The Smbios Table starts at: 0x%x\n", SmbiosTable->TableAddress));
666 DEBUG ((DEBUG_INFO, "The Smbios Table size: 0x%x\n", SmbiosTable->TableLength));
667
668 Status = TcgDxeHashLogExtendEventI (
669 &mTcgDxeData,
670 (UINT8*)(UINTN)SmbiosTable->TableAddress,
671 SmbiosTable->TableLength,
672 &TcgEvent,
673 (UINT8*)&HandoffTables
674 );
675 }
676
677 return Status;
678 }
679
680 /**
681 Measure and log Separator event, and extend the measurement result into a specific PCR.
682
683 @param[in] PCRIndex PCR index.
684
685 @retval EFI_SUCCESS Operation completed successfully.
686 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
687
688 **/
689 EFI_STATUS
690 EFIAPI
691 MeasureSeparatorEvent (
692 IN TPM_PCRINDEX PCRIndex
693 )
694 {
695 TCG_PCR_EVENT_HDR TcgEvent;
696 UINT32 EventData;
697
698 EventData = 0;
699 TcgEvent.PCRIndex = PCRIndex;
700 TcgEvent.EventType = EV_SEPARATOR;
701 TcgEvent.EventSize = (UINT32)sizeof (EventData);
702 return TcgDxeHashLogExtendEventI (
703 &mTcgDxeData,
704 (UINT8 *)&EventData,
705 sizeof (EventData),
706 &TcgEvent,
707 (UINT8 *)&EventData
708 );
709 }
710
711 /**
712 Read an EFI Variable.
713
714 This function allocates a buffer to return the contents of the variable. The caller is
715 responsible for freeing the buffer.
716
717 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
718 @param[in] VendorGuid A unique identifier for the vendor.
719 @param[out] VarSize The size of the variable data.
720
721 @return A pointer to the buffer to return the contents of the variable.Otherwise NULL.
722
723 **/
724 VOID *
725 EFIAPI
726 ReadVariable (
727 IN CHAR16 *VarName,
728 IN EFI_GUID *VendorGuid,
729 OUT UINTN *VarSize
730 )
731 {
732 EFI_STATUS Status;
733 VOID *VarData;
734
735 *VarSize = 0;
736 Status = gRT->GetVariable (
737 VarName,
738 VendorGuid,
739 NULL,
740 VarSize,
741 NULL
742 );
743 if (Status != EFI_BUFFER_TOO_SMALL) {
744 return NULL;
745 }
746
747 VarData = AllocatePool (*VarSize);
748 if (VarData != NULL) {
749 Status = gRT->GetVariable (
750 VarName,
751 VendorGuid,
752 NULL,
753 VarSize,
754 VarData
755 );
756 if (EFI_ERROR (Status)) {
757 FreePool (VarData);
758 VarData = NULL;
759 *VarSize = 0;
760 }
761 }
762 return VarData;
763 }
764
765 /**
766 Measure and log an EFI variable, and extend the measurement result into a specific PCR.
767
768 @param[in] PCRIndex PCR Index.
769 @param[in] EventType Event type.
770 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
771 @param[in] VendorGuid A unique identifier for the vendor.
772 @param[in] VarData The content of the variable data.
773 @param[in] VarSize The size of the variable data.
774
775 @retval EFI_SUCCESS Operation completed successfully.
776 @retval EFI_OUT_OF_RESOURCES Out of memory.
777 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
778
779 **/
780 EFI_STATUS
781 EFIAPI
782 MeasureVariable (
783 IN TPM_PCRINDEX PCRIndex,
784 IN TCG_EVENTTYPE EventType,
785 IN CHAR16 *VarName,
786 IN EFI_GUID *VendorGuid,
787 IN VOID *VarData,
788 IN UINTN VarSize
789 )
790 {
791 EFI_STATUS Status;
792 TCG_PCR_EVENT_HDR TcgEvent;
793 UINTN VarNameLength;
794 EFI_VARIABLE_DATA *VarLog;
795
796 VarNameLength = StrLen (VarName);
797 TcgEvent.PCRIndex = PCRIndex;
798 TcgEvent.EventType = EventType;
799 TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize
800 - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
801
802 VarLog = (EFI_VARIABLE_DATA*)AllocatePool (TcgEvent.EventSize);
803 if (VarLog == NULL) {
804 return EFI_OUT_OF_RESOURCES;
805 }
806
807 VarLog->VariableName = *VendorGuid;
808 VarLog->UnicodeNameLength = VarNameLength;
809 VarLog->VariableDataLength = VarSize;
810 CopyMem (
811 VarLog->UnicodeName,
812 VarName,
813 VarNameLength * sizeof (*VarName)
814 );
815 CopyMem (
816 (CHAR16 *)VarLog->UnicodeName + VarNameLength,
817 VarData,
818 VarSize
819 );
820
821 Status = TcgDxeHashLogExtendEventI (
822 &mTcgDxeData,
823 (UINT8*)VarData,
824 VarSize,
825 &TcgEvent,
826 (UINT8*)VarLog
827 );
828 FreePool (VarLog);
829 return Status;
830 }
831
832 /**
833 Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[5].
834
835 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
836 @param[in] VendorGuid A unique identifier for the vendor.
837 @param[out] VarSize The size of the variable data.
838 @param[out] VarData Pointer to the content of the variable.
839
840 @retval EFI_SUCCESS Operation completed successfully.
841 @retval EFI_OUT_OF_RESOURCES Out of memory.
842 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
843
844 **/
845 EFI_STATUS
846 EFIAPI
847 ReadAndMeasureBootVariable (
848 IN CHAR16 *VarName,
849 IN EFI_GUID *VendorGuid,
850 OUT UINTN *VarSize,
851 OUT VOID **VarData
852 )
853 {
854 EFI_STATUS Status;
855
856 *VarData = ReadVariable (VarName, VendorGuid, VarSize);
857 if (*VarData == NULL) {
858 return EFI_NOT_FOUND;
859 }
860
861 Status = MeasureVariable (
862 5,
863 EV_EFI_VARIABLE_BOOT,
864 VarName,
865 VendorGuid,
866 *VarData,
867 *VarSize
868 );
869 return Status;
870 }
871
872 /**
873 Measure and log all EFI boot variables, and extend the measurement result into a specific PCR.
874
875 The EFI boot variables are BootOrder and Boot#### variables.
876
877 @retval EFI_SUCCESS Operation completed successfully.
878 @retval EFI_OUT_OF_RESOURCES Out of memory.
879 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
880
881 **/
882 EFI_STATUS
883 EFIAPI
884 MeasureAllBootVariables (
885 VOID
886 )
887 {
888 EFI_STATUS Status;
889 UINT16 *BootOrder;
890 UINTN BootCount;
891 UINTN Index;
892 VOID *BootVarData;
893 UINTN Size;
894
895 Status = ReadAndMeasureBootVariable (
896 mBootVarName,
897 &gEfiGlobalVariableGuid,
898 &BootCount,
899 (VOID **) &BootOrder
900 );
901 if (Status == EFI_NOT_FOUND) {
902 return EFI_SUCCESS;
903 }
904 ASSERT (BootOrder != NULL);
905
906 if (EFI_ERROR (Status)) {
907 FreePool (BootOrder);
908 return Status;
909 }
910
911 BootCount /= sizeof (*BootOrder);
912 for (Index = 0; Index < BootCount; Index++) {
913 UnicodeSPrint (mBootVarName, sizeof (mBootVarName), L"Boot%04x", BootOrder[Index]);
914 Status = ReadAndMeasureBootVariable (
915 mBootVarName,
916 &gEfiGlobalVariableGuid,
917 &Size,
918 &BootVarData
919 );
920 if (!EFI_ERROR (Status)) {
921 FreePool (BootVarData);
922 }
923 }
924
925 FreePool (BootOrder);
926 return EFI_SUCCESS;
927 }
928
929 /**
930 Ready to Boot Event notification handler.
931
932 Sequence of OS boot events is measured in this event notification handler.
933
934 @param[in] Event Event whose notification function is being invoked
935 @param[in] Context Pointer to the notification function's context
936
937 **/
938 VOID
939 EFIAPI
940 OnReadyToBoot (
941 IN EFI_EVENT Event,
942 IN VOID *Context
943 )
944 {
945 EFI_STATUS Status;
946 TPM_PCRINDEX PcrIndex;
947
948 if (mBootAttempts == 0) {
949
950 //
951 // Measure handoff tables.
952 //
953 Status = MeasureHandoffTables ();
954 if (EFI_ERROR (Status)) {
955 DEBUG ((EFI_D_ERROR, "HOBs not Measured. Error!\n"));
956 }
957
958 //
959 // Measure BootOrder & Boot#### variables.
960 //
961 Status = MeasureAllBootVariables ();
962 if (EFI_ERROR (Status)) {
963 DEBUG ((EFI_D_ERROR, "Boot Variables not Measured. Error!\n"));
964 }
965
966 //
967 // 1. This is the first boot attempt.
968 //
969 Status = TcgMeasureAction (
970 EFI_CALLING_EFI_APPLICATION
971 );
972 ASSERT_EFI_ERROR (Status);
973
974 //
975 // 2. Draw a line between pre-boot env and entering post-boot env.
976 //
977 for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
978 Status = MeasureSeparatorEvent (PcrIndex);
979 ASSERT_EFI_ERROR (Status);
980 }
981
982 //
983 // 3. Measure GPT. It would be done in SAP driver.
984 //
985
986 //
987 // 4. Measure PE/COFF OS loader. It would be done in SAP driver.
988 //
989
990 //
991 // 5. Read & Measure variable. BootOrder already measured.
992 //
993 } else {
994 //
995 // 6. Not first attempt, meaning a return from last attempt
996 //
997 Status = TcgMeasureAction (
998 EFI_RETURNING_FROM_EFI_APPLICATOIN
999 );
1000 ASSERT_EFI_ERROR (Status);
1001 }
1002
1003 DEBUG ((EFI_D_INFO, "TPM TcgDxe Measure Data when ReadyToBoot\n"));
1004 //
1005 // Increase boot attempt counter.
1006 //
1007 mBootAttempts++;
1008 }
1009
1010 /**
1011 Install TCG ACPI Table when ACPI Table Protocol is available.
1012
1013 A system's firmware uses an ACPI table to identify the system's TCG capabilities
1014 to the Post-Boot environment. The information in this ACPI table is not guaranteed
1015 to be valid until the Host Platform transitions from pre-boot state to post-boot state.
1016
1017 @param[in] Event Event whose notification function is being invoked
1018 @param[in] Context Pointer to the notification function's context
1019 **/
1020 VOID
1021 EFIAPI
1022 InstallAcpiTable (
1023 IN EFI_EVENT Event,
1024 IN VOID* Context
1025 )
1026 {
1027 UINTN TableKey;
1028 EFI_STATUS Status;
1029 EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
1030 UINT8 Checksum;
1031
1032 Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable);
1033 if (EFI_ERROR (Status)) {
1034 return;
1035 }
1036
1037 if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
1038
1039 //
1040 // The ACPI table must be checksumed before calling the InstallAcpiTable()
1041 // service of the ACPI table protocol to install it.
1042 //
1043 Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, sizeof (mTcgClientAcpiTemplate));
1044 mTcgClientAcpiTemplate.Header.Checksum = Checksum;
1045
1046 Status = AcpiTable->InstallAcpiTable (
1047 AcpiTable,
1048 &mTcgClientAcpiTemplate,
1049 sizeof (mTcgClientAcpiTemplate),
1050 &TableKey
1051 );
1052 } else {
1053
1054 //
1055 // The ACPI table must be checksumed before calling the InstallAcpiTable()
1056 // service of the ACPI table protocol to install it.
1057 //
1058 Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, sizeof (mTcgServerAcpiTemplate));
1059 mTcgServerAcpiTemplate.Header.Checksum = Checksum;
1060
1061 Status = AcpiTable->InstallAcpiTable (
1062 AcpiTable,
1063 &mTcgServerAcpiTemplate,
1064 sizeof (mTcgServerAcpiTemplate),
1065 &TableKey
1066 );
1067 }
1068 ASSERT_EFI_ERROR (Status);
1069 }
1070
1071 /**
1072 Exit Boot Services Event notification handler.
1073
1074 Measure invocation and success of ExitBootServices.
1075
1076 @param[in] Event Event whose notification function is being invoked
1077 @param[in] Context Pointer to the notification function's context
1078
1079 **/
1080 VOID
1081 EFIAPI
1082 OnExitBootServices (
1083 IN EFI_EVENT Event,
1084 IN VOID *Context
1085 )
1086 {
1087 EFI_STATUS Status;
1088
1089 //
1090 // Measure invocation of ExitBootServices,
1091 //
1092 Status = TcgMeasureAction (
1093 EFI_EXIT_BOOT_SERVICES_INVOCATION
1094 );
1095 ASSERT_EFI_ERROR (Status);
1096
1097 //
1098 // Measure success of ExitBootServices
1099 //
1100 Status = TcgMeasureAction (
1101 EFI_EXIT_BOOT_SERVICES_SUCCEEDED
1102 );
1103 ASSERT_EFI_ERROR (Status);
1104 }
1105
1106 /**
1107 Get TPM Deactivated state.
1108
1109 @param[out] TPMDeactivatedFlag Returns TPM Deactivated state.
1110
1111 @retval EFI_SUCCESS Operation completed successfully.
1112 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1113
1114 **/
1115 EFI_STATUS
1116 GetTpmStatus (
1117 OUT BOOLEAN *TPMDeactivatedFlag
1118 )
1119 {
1120 EFI_STATUS Status;
1121 TPM_STCLEAR_FLAGS VFlags;
1122
1123 Status = TpmCommGetFlags (
1124 mTcgDxeData.TpmHandle,
1125 TPM_CAP_FLAG_VOLATILE,
1126 &VFlags,
1127 sizeof (VFlags)
1128 );
1129 if (!EFI_ERROR (Status)) {
1130 *TPMDeactivatedFlag = VFlags.deactivated;
1131 }
1132
1133 return Status;
1134 }
1135
1136 /**
1137 The driver's entry point.
1138
1139 It publishes EFI TCG Protocol.
1140
1141 @param[in] ImageHandle The firmware allocated handle for the EFI image.
1142 @param[in] SystemTable A pointer to the EFI System Table.
1143
1144 @retval EFI_SUCCESS The entry point is executed successfully.
1145 @retval other Some error occurs when executing this entry point.
1146
1147 **/
1148 EFI_STATUS
1149 EFIAPI
1150 DriverEntry (
1151 IN EFI_HANDLE ImageHandle,
1152 IN EFI_SYSTEM_TABLE *SystemTable
1153 )
1154 {
1155 EFI_STATUS Status;
1156 EFI_EVENT Event;
1157 VOID *Registration;
1158
1159 mTcgDxeData.TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;
1160 Status = TisPcRequestUseTpm (mTcgDxeData.TpmHandle);
1161 if (EFI_ERROR (Status)) {
1162 DEBUG ((EFI_D_ERROR, "TPM not detected!\n"));
1163 return Status;
1164 }
1165
1166 Status = GetTpmStatus (&mTcgDxeData.BsCap.TPMDeactivatedFlag);
1167 if (EFI_ERROR (Status)) {
1168 DEBUG ((
1169 EFI_D_ERROR,
1170 "Line %d in file " __FILE__ ":\n "
1171 "DriverEntry: TPM not working properly\n",
1172 __LINE__
1173 ));
1174 return Status;
1175 }
1176
1177 Status = gBS->InstallProtocolInterface (
1178 &ImageHandle,
1179 &gEfiTcgProtocolGuid,
1180 EFI_NATIVE_INTERFACE,
1181 &mTcgDxeData.TcgProtocol
1182 );
1183 if (!EFI_ERROR (Status) && !mTcgDxeData.BsCap.TPMDeactivatedFlag) {
1184 //
1185 // Setup the log area and copy event log from hob list to it
1186 //
1187 Status = SetupEventLog ();
1188 ASSERT_EFI_ERROR (Status);
1189
1190 //
1191 // Measure handoff tables, Boot#### variables etc.
1192 //
1193 Status = EfiCreateEventReadyToBootEx (
1194 TPL_CALLBACK,
1195 OnReadyToBoot,
1196 NULL,
1197 &Event
1198 );
1199
1200 Status = gBS->CreateEventEx (
1201 EVT_NOTIFY_SIGNAL,
1202 TPL_NOTIFY,
1203 OnExitBootServices,
1204 NULL,
1205 &gEfiEventExitBootServicesGuid,
1206 &Event
1207 );
1208 }
1209
1210 //
1211 // Install ACPI Table
1212 //
1213 EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid, TPL_CALLBACK, InstallAcpiTable, NULL, &Registration);
1214
1215 return Status;
1216 }
EFI Development Kit II mirror for PVE