]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/Tcg/TcgDxe/TcgDxe.c
projects / mirror_edk2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add security package to repository.
[mirror_edk2.git] / SecurityPkg / Tcg / TcgDxe / TcgDxe.c
1 /** @file
2 This module implements TCG EFI Protocol.
3
4 Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include <PiDxe.h>
16 #include <IndustryStandard/Tpm12.h>
17 #include <IndustryStandard/Acpi.h>
18 #include <IndustryStandard/PeImage.h>
19 #include <IndustryStandard/SmBios.h>
20
21 #include <Guid/GlobalVariable.h>
22 #include <Guid/SmBios.h>
23 #include <Guid/HobList.h>
24 #include <Guid/TcgEventHob.h>
25 #include <Guid/EventGroup.h>
26 #include <Protocol/DevicePath.h>
27 #include <Protocol/TcgService.h>
28 #include <Protocol/AcpiTable.h>
29
30 #include <Library/DebugLib.h>
31 #include <Library/BaseMemoryLib.h>
32 #include <Library/UefiRuntimeServicesTableLib.h>
33 #include <Library/UefiDriverEntryPoint.h>
34 #include <Library/HobLib.h>
35 #include <Library/UefiBootServicesTableLib.h>
36 #include <Library/BaseLib.h>
37 #include <Library/MemoryAllocationLib.h>
38 #include <Library/PrintLib.h>
39 #include <Library/TpmCommLib.h>
40 #include <Library/PcdLib.h>
41 #include <Library/UefiLib.h>
42
43 #include "TpmComm.h"
44
45 #define EFI_TCG_LOG_AREA_SIZE 0x10000
46
47 #pragma pack (1)
48
49 typedef struct _EFI_TCG_CLIENT_ACPI_TABLE {
50 EFI_ACPI_DESCRIPTION_HEADER Header;
51 UINT16 PlatformClass;
52 UINT32 Laml;
53 EFI_PHYSICAL_ADDRESS Lasa;
54 } EFI_TCG_CLIENT_ACPI_TABLE;
55
56 typedef struct _EFI_TCG_SERVER_ACPI_TABLE {
57 EFI_ACPI_DESCRIPTION_HEADER Header;
58 UINT16 PlatformClass;
59 UINT16 Reserved0;
60 UINT64 Laml;
61 EFI_PHYSICAL_ADDRESS Lasa;
62 UINT16 SpecRev;
63 UINT8 DeviceFlags;
64 UINT8 InterruptFlags;
65 UINT8 Gpe;
66 UINT8 Reserved1[3];
67 UINT32 GlobalSysInt;
68 EFI_ACPI_3_0_GENERIC_ADDRESS_STRUCTURE BaseAddress;
69 UINT32 Reserved2;
70 EFI_ACPI_3_0_GENERIC_ADDRESS_STRUCTURE ConfigAddress;
71 UINT8 PciSegNum;
72 UINT8 PciBusNum;
73 UINT8 PciDevNum;
74 UINT8 PciFuncNum;
75 } EFI_TCG_SERVER_ACPI_TABLE;
76
77 #pragma pack ()
78
79 #define TCG_DXE_DATA_FROM_THIS(this) \
80 BASE_CR (this, TCG_DXE_DATA, TcgProtocol)
81
82 typedef struct _TCG_DXE_DATA {
83 EFI_TCG_PROTOCOL TcgProtocol;
84 TCG_EFI_BOOT_SERVICE_CAPABILITY BsCap;
85 EFI_TCG_CLIENT_ACPI_TABLE *TcgClientAcpiTable;
86 EFI_TCG_SERVER_ACPI_TABLE *TcgServerAcpiTable;
87 UINTN EventLogSize;
88 UINT8 *LastEvent;
89 TIS_TPM_HANDLE TpmHandle;
90 } TCG_DXE_DATA;
91
92
93
94 EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = {
95 {
96 EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE,
97 sizeof (mTcgClientAcpiTemplate),
98 0x02 //Revision
99 //
100 // Compiler initializes the remaining bytes to 0
101 // These fields should be filled in in production
102 //
103 },
104 0, // 0 for PC Client Platform Class
105 0, // Log Area Max Length
106 (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1) // Log Area Start Address
107 };
108
109 //
110 // The following EFI_TCG_SERVER_ACPI_TABLE default setting is just one example,
111 // the TPM device connectes to LPC, and also defined the ACPI _UID as 0xFF,
112 // this _UID can be changed and should match with the _UID setting of the TPM
113 // ACPI device object
114 //
115 EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = {
116 {
117 EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE,
118 sizeof (mTcgServerAcpiTemplate),
119 0x02 //Revision
120 //
121 // Compiler initializes the remaining bytes to 0
122 // These fields should be filled in in production
123 //
124 },
125 1, // 1 for Server Platform Class
126 0, // Reserved
127 0, // Log Area Max Length
128 (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1), // Log Area Start Address
129 0x0100, // TCG Specification revision 1.0
130 2, // Device Flags
131 0, // Interrupt Flags
132 0, // GPE
133 {0}, // Reserved 3 bytes
134 0, // Global System Interrupt
135 {
136 EFI_ACPI_3_0_SYSTEM_MEMORY,
137 0,
138 0,
139 EFI_ACPI_3_0_BYTE,
140 TPM_BASE_ADDRESS // Base Address
141 },
142 0, // Reserved
143 {0}, // Configuration Address
144 0xFF, // ACPI _UID value of the device, can be changed for different platforms
145 0, // ACPI _UID value of the device, can be changed for different platforms
146 0, // ACPI _UID value of the device, can be changed for different platforms
147 0 // ACPI _UID value of the device, can be changed for different platforms
148 };
149
150 UINTN mBootAttempts = 0;
151 CHAR16 mBootVarName[] = L"BootOrder";
152
153 /**
154 This service provides EFI protocol capability information, state information
155 about the TPM, and Event Log state information.
156
157 @param[in] This Indicates the calling context
158 @param[out] ProtocolCapability The callee allocates memory for a TCG_BOOT_SERVICE_CAPABILITY
159 structure and fills in the fields with the EFI protocol
160 capability information and the current TPM state information.
161 @param[out] TCGFeatureFlags This is a pointer to the feature flags. No feature
162 flags are currently defined so this parameter
163 MUST be set to 0. However, in the future,
164 feature flags may be defined that, for example,
165 enable hash algorithm agility.
166 @param[out] EventLogLocation This is a pointer to the address of the event log in memory.
167 @param[out] EventLogLastEntry If the Event Log contains more than one entry,
168 this is a pointer to the address of the start of
169 the last entry in the event log in memory.
170
171 @retval EFI_SUCCESS Operation completed successfully.
172 @retval EFI_INVALID_PARAMETER ProtocolCapability does not match TCG capability.
173
174 **/
175 EFI_STATUS
176 EFIAPI
177 TcgDxeStatusCheck (
178 IN EFI_TCG_PROTOCOL *This,
179 OUT TCG_EFI_BOOT_SERVICE_CAPABILITY *ProtocolCapability,
180 OUT UINT32 *TCGFeatureFlags,
181 OUT EFI_PHYSICAL_ADDRESS *EventLogLocation,
182 OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry
183 )
184 {
185 TCG_DXE_DATA *TcgData;
186
187 TcgData = TCG_DXE_DATA_FROM_THIS (This);
188
189 if (ProtocolCapability != NULL) {
190 *ProtocolCapability = TcgData->BsCap;
191 }
192
193 if (TCGFeatureFlags != NULL) {
194 *TCGFeatureFlags = 0;
195 }
196
197 if (EventLogLocation != NULL) {
198 if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
199 *EventLogLocation = TcgData->TcgClientAcpiTable->Lasa;
200 } else {
201 *EventLogLocation = TcgData->TcgServerAcpiTable->Lasa;
202 }
203 }
204
205 if (EventLogLastEntry != NULL) {
206 if (TcgData->BsCap.TPMDeactivatedFlag) {
207 *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)0;
208 } else {
209 *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)TcgData->LastEvent;
210 }
211 }
212
213 return EFI_SUCCESS;
214 }
215
216 /**
217 This service abstracts the capability to do a hash operation on a data buffer.
218
219 @param[in] This Indicates the calling context
220 @param[in] HashData Pointer to the data buffer to be hashed
221 @param[in] HashDataLen Length of the data buffer to be hashed
222 @param[in] AlgorithmId Identification of the Algorithm to use for the hashing operation
223 @param[in, out] HashedDataLen Resultant length of the hashed data
224 @param[in, out] HashedDataResult Resultant buffer of the hashed data
225
226 @retval EFI_SUCCESS Operation completed successfully.
227 @retval EFI_INVALID_PARAMETER HashDataLen is NULL.
228 @retval EFI_INVALID_PARAMETER HashDataLenResult is NULL.
229 @retval EFI_OUT_OF_RESOURCES Cannot allocate buffer of size *HashedDataLen.
230 @retval EFI_UNSUPPORTED AlgorithmId not supported.
231 @retval EFI_BUFFER_TOO_SMALL *HashedDataLen < sizeof (TCG_DIGEST).
232
233 **/
234 EFI_STATUS
235 EFIAPI
236 TcgDxeHashAll (
237 IN EFI_TCG_PROTOCOL *This,
238 IN UINT8 *HashData,
239 IN UINT64 HashDataLen,
240 IN TCG_ALGORITHM_ID AlgorithmId,
241 IN OUT UINT64 *HashedDataLen,
242 IN OUT UINT8 **HashedDataResult
243 )
244 {
245 if (HashedDataLen == NULL || HashedDataResult == NULL) {
246 return EFI_INVALID_PARAMETER;
247 }
248
249 switch (AlgorithmId) {
250 case TPM_ALG_SHA:
251 if (*HashedDataLen == 0) {
252 *HashedDataLen = sizeof (TPM_DIGEST);
253 *HashedDataResult = AllocatePool ((UINTN) *HashedDataLen);
254 if (*HashedDataResult == NULL) {
255 return EFI_OUT_OF_RESOURCES;
256 }
257 }
258
259 if (*HashedDataLen < sizeof (TPM_DIGEST)) {
260 *HashedDataLen = sizeof (TPM_DIGEST);
261 return EFI_BUFFER_TOO_SMALL;
262 }
263 *HashedDataLen = sizeof (TPM_DIGEST);
264
265 return TpmCommHashAll (
266 HashData,
267 (UINTN) HashDataLen,
268 (TPM_DIGEST*)*HashedDataResult
269 );
270 default:
271 return EFI_UNSUPPORTED;
272 }
273 }
274
275 /**
276 Add a new entry to the Event Log.
277
278 @param[in] TcgData TCG_DXE_DATA structure.
279 @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
280 @param[in] NewEventData Pointer to the new event data.
281
282 @retval EFI_SUCCESS The new event log entry was added.
283 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
284
285 **/
286 EFI_STATUS
287 EFIAPI
288 TcgDxeLogEventI (
289 IN TCG_DXE_DATA *TcgData,
290 IN TCG_PCR_EVENT_HDR *NewEventHdr,
291 IN UINT8 *NewEventData
292 )
293 {
294 if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
295 TcgData->LastEvent = (UINT8*)(UINTN)TcgData->TcgClientAcpiTable->Lasa;
296 return TpmCommLogEvent (
297 &TcgData->LastEvent,
298 &TcgData->EventLogSize,
299 (UINTN)TcgData->TcgClientAcpiTable->Laml,
300 NewEventHdr,
301 NewEventData
302 );
303 } else {
304 TcgData->LastEvent = (UINT8*)(UINTN)TcgData->TcgServerAcpiTable->Lasa;
305 return TpmCommLogEvent (
306 &TcgData->LastEvent,
307 &TcgData->EventLogSize,
308 (UINTN)TcgData->TcgServerAcpiTable->Laml,
309 NewEventHdr,
310 NewEventData
311 );
312 }
313 }
314
315 /**
316 This service abstracts the capability to add an entry to the Event Log.
317
318 @param[in] This Indicates the calling context
319 @param[in] TCGLogData Pointer to the start of the data buffer containing
320 the TCG_PCR_EVENT data structure. All fields in
321 this structure are properly filled by the caller.
322 @param[in, out] EventNumber The event number of the event just logged
323 @param[in] Flags Indicate additional flags. Only one flag has been
324 defined at this time, which is 0x01 and means the
325 extend operation should not be performed. All
326 other bits are reserved.
327
328 @retval EFI_SUCCESS Operation completed successfully.
329 @retval EFI_OUT_OF_RESOURCES Insufficient memory in the event log to complete this action.
330
331 **/
332 EFI_STATUS
333 EFIAPI
334 TcgDxeLogEvent (
335 IN EFI_TCG_PROTOCOL *This,
336 IN TCG_PCR_EVENT *TCGLogData,
337 IN OUT UINT32 *EventNumber,
338 IN UINT32 Flags
339 )
340 {
341 TCG_DXE_DATA *TcgData;
342
343 TcgData = TCG_DXE_DATA_FROM_THIS (This);
344
345 if (TcgData->BsCap.TPMDeactivatedFlag) {
346 return EFI_DEVICE_ERROR;
347 }
348 return TcgDxeLogEventI (
349 TcgData,
350 (TCG_PCR_EVENT_HDR*)TCGLogData,
351 TCGLogData->Event
352 );
353 }
354
355 /**
356 This service is a proxy for commands to the TPM.
357
358 @param[in] This Indicates the calling context
359 @param[in] TpmInputParameterBlockSize Size of the TPM input parameter block
360 @param[in] TpmInputParameterBlock Pointer to the TPM input parameter block
361 @param[in] TpmOutputParameterBlockSize Size of the TPM output parameter block
362 @param[in] TpmOutputParameterBlock Pointer to the TPM output parameter block
363
364 @retval EFI_SUCCESS Operation completed successfully.
365 @retval EFI_INVALID_PARAMETER Invalid ordinal.
366 @retval EFI_UNSUPPORTED Current Task Priority Level >= EFI_TPL_CALLBACK.
367 @retval EFI_TIMEOUT The TIS timed-out.
368
369 **/
370 EFI_STATUS
371 EFIAPI
372 TcgDxePassThroughToTpm (
373 IN EFI_TCG_PROTOCOL *This,
374 IN UINT32 TpmInputParameterBlockSize,
375 IN UINT8 *TpmInputParameterBlock,
376 IN UINT32 TpmOutputParameterBlockSize,
377 IN UINT8 *TpmOutputParameterBlock
378 )
379 {
380 TCG_DXE_DATA *TcgData;
381
382 TcgData = TCG_DXE_DATA_FROM_THIS (This);
383
384 return TisPcExecute (
385 TcgData->TpmHandle,
386 "%r%/%r",
387 TpmInputParameterBlock,
388 (UINTN) TpmInputParameterBlockSize,
389 TpmOutputParameterBlock,
390 (UINTN) TpmOutputParameterBlockSize
391 );
392 }
393
394 /**
395 Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
396 and add an entry to the Event Log.
397
398 @param[in] TcgData TCG_DXE_DATA structure.
399 @param[in] HashData Physical address of the start of the data buffer
400 to be hashed, extended, and logged.
401 @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
402 @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
403 @param[in] NewEventData Pointer to the new event data.
404
405 @retval EFI_SUCCESS Operation completed successfully.
406 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
407 @retval EFI_DEVICE_ERROR The command was unsuccessful.
408
409 **/
410 EFI_STATUS
411 EFIAPI
412 TcgDxeHashLogExtendEventI (
413 IN TCG_DXE_DATA *TcgData,
414 IN UINT8 *HashData,
415 IN UINT64 HashDataLen,
416 IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,
417 IN UINT8 *NewEventData
418 )
419 {
420 EFI_STATUS Status;
421
422 if (HashDataLen > 0) {
423 Status = TpmCommHashAll (
424 HashData,
425 (UINTN) HashDataLen,
426 &NewEventHdr->Digest
427 );
428 ASSERT_EFI_ERROR (Status);
429 }
430
431 Status = TpmCommExtend (
432 TcgData->TpmHandle,
433 &NewEventHdr->Digest,
434 NewEventHdr->PCRIndex,
435 NULL
436 );
437 if (!EFI_ERROR (Status)) {
438 Status = TcgDxeLogEventI (TcgData, NewEventHdr, NewEventData);
439 }
440
441 return Status;
442 }
443
444 /**
445 This service abstracts the capability to do a hash operation on a data buffer,
446 extend a specific TPM PCR with the hash result, and add an entry to the Event Log
447
448 @param[in] This Indicates the calling context
449 @param[in] HashData Physical address of the start of the data buffer
450 to be hashed, extended, and logged.
451 @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
452 @param[in] AlgorithmId Identification of the Algorithm to use for the hashing operation
453 @param[in, out] TCGLogData The physical address of the start of the data
454 buffer containing the TCG_PCR_EVENT data structure.
455 @param[in, out] EventNumber The event number of the event just logged.
456 @param[out] EventLogLastEntry Physical address of the first byte of the entry
457 just placed in the Event Log. If the Event Log was
458 empty when this function was called then this physical
459 address will be the same as the physical address of
460 the start of the Event Log.
461
462 @retval EFI_SUCCESS Operation completed successfully.
463 @retval EFI_UNSUPPORTED AlgorithmId != TPM_ALG_SHA.
464 @retval EFI_UNSUPPORTED Current TPL >= EFI_TPL_CALLBACK.
465 @retval EFI_DEVICE_ERROR The command was unsuccessful.
466
467 **/
468 EFI_STATUS
469 EFIAPI
470 TcgDxeHashLogExtendEvent (
471 IN EFI_TCG_PROTOCOL *This,
472 IN EFI_PHYSICAL_ADDRESS HashData,
473 IN UINT64 HashDataLen,
474 IN TPM_ALGORITHM_ID AlgorithmId,
475 IN OUT TCG_PCR_EVENT *TCGLogData,
476 IN OUT UINT32 *EventNumber,
477 OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry
478 )
479 {
480 TCG_DXE_DATA *TcgData;
481
482 TcgData = TCG_DXE_DATA_FROM_THIS (This);
483
484 if (TcgData->BsCap.TPMDeactivatedFlag) {
485 return EFI_DEVICE_ERROR;
486 }
487
488 if (AlgorithmId != TPM_ALG_SHA) {
489 return EFI_UNSUPPORTED;
490 }
491
492 return TcgDxeHashLogExtendEventI (
493 TcgData,
494 (UINT8 *) (UINTN) HashData,
495 HashDataLen,
496 (TCG_PCR_EVENT_HDR*)TCGLogData,
497 TCGLogData->Event
498 );
499 }
500
501 TCG_DXE_DATA mTcgDxeData = {
502 {
503 TcgDxeStatusCheck,
504 TcgDxeHashAll,
505 TcgDxeLogEvent,
506 TcgDxePassThroughToTpm,
507 TcgDxeHashLogExtendEvent
508 },
509 {
510 sizeof (mTcgDxeData.BsCap),
511 { 1, 2, 0, 0 },
512 { 1, 2, 0, 0 },
513 1,
514 TRUE,
515 FALSE
516 },
517 &mTcgClientAcpiTemplate,
518 &mTcgServerAcpiTemplate,
519 0,
520 NULL,
521 NULL
522 };
523
524 /**
525 Initialize the Event Log and log events passed from the PEI phase.
526
527 @retval EFI_SUCCESS Operation completed successfully.
528 @retval EFI_OUT_OF_RESOURCES Out of memory.
529
530 **/
531 EFI_STATUS
532 EFIAPI
533 SetupEventLog (
534 VOID
535 )
536 {
537 EFI_STATUS Status;
538 TCG_PCR_EVENT *TcgEvent;
539 EFI_PEI_HOB_POINTERS GuidHob;
540 EFI_PHYSICAL_ADDRESS Lasa;
541
542 if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
543 Lasa = mTcgClientAcpiTemplate.Lasa;
544
545 Status = gBS->AllocatePages (
546 AllocateMaxAddress,
547 EfiACPIMemoryNVS,
548 EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE),
549 &Lasa
550 );
551 if (EFI_ERROR (Status)) {
552 return Status;
553 }
554 mTcgClientAcpiTemplate.Lasa = Lasa;
555 //
556 // To initialize them as 0xFF is recommended
557 // because the OS can know the last entry for that.
558 //
559 SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF);
560 mTcgClientAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE;
561
562 } else {
563 Lasa = mTcgServerAcpiTemplate.Lasa;
564
565 Status = gBS->AllocatePages (
566 AllocateMaxAddress,
567 EfiACPIMemoryNVS,
568 EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE),
569 &Lasa
570 );
571 if (EFI_ERROR (Status)) {
572 return Status;
573 }
574 mTcgServerAcpiTemplate.Lasa = Lasa;
575 //
576 // To initialize them as 0xFF is recommended
577 // because the OS can know the last entry for that.
578 //
579 SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF);
580 mTcgServerAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE;
581 }
582
583 GuidHob.Raw = GetHobList ();
584 while (!EFI_ERROR (Status) &&
585 (GuidHob.Raw = GetNextGuidHob (&gTcgEventEntryHobGuid, GuidHob.Raw)) != NULL) {
586 TcgEvent = GET_GUID_HOB_DATA (GuidHob.Guid);
587 GuidHob.Raw = GET_NEXT_HOB (GuidHob);
588 Status = TcgDxeLogEventI (
589 &mTcgDxeData,
590 (TCG_PCR_EVENT_HDR*)TcgEvent,
591 TcgEvent->Event
592 );
593 }
594
595 return Status;
596 }
597
598 /**
599 Measure and log an action string, and extend the measurement result into PCR[5].
600
601 @param[in] String A specific string that indicates an Action event.
602
603 @retval EFI_SUCCESS Operation completed successfully.
604 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
605
606 **/
607 EFI_STATUS
608 EFIAPI
609 TcgMeasureAction (
610 IN CHAR8 *String
611 )
612 {
613 TCG_PCR_EVENT_HDR TcgEvent;
614
615 TcgEvent.PCRIndex = 5;
616 TcgEvent.EventType = EV_EFI_ACTION;
617 TcgEvent.EventSize = (UINT32)AsciiStrLen (String);
618 return TcgDxeHashLogExtendEventI (
619 &mTcgDxeData,
620 (UINT8*)String,
621 TcgEvent.EventSize,
622 &TcgEvent,
623 (UINT8 *) String
624 );
625 }
626
627 /**
628 Measure and log EFI handoff tables, and extend the measurement result into PCR[1].
629
630 @retval EFI_SUCCESS Operation completed successfully.
631 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
632
633 **/
634 EFI_STATUS
635 EFIAPI
636 MeasureHandoffTables (
637 VOID
638 )
639 {
640 EFI_STATUS Status;
641 SMBIOS_TABLE_ENTRY_POINT *SmbiosTable;
642 TCG_PCR_EVENT_HDR TcgEvent;
643 EFI_HANDOFF_TABLE_POINTERS HandoffTables;
644
645 Status = EfiGetSystemConfigurationTable (
646 &gEfiSmbiosTableGuid,
647 (VOID **) &SmbiosTable
648 );
649
650 if (!EFI_ERROR (Status)) {
651 ASSERT (SmbiosTable != NULL);
652
653 TcgEvent.PCRIndex = 1;
654 TcgEvent.EventType = EV_EFI_HANDOFF_TABLES;
655 TcgEvent.EventSize = sizeof (HandoffTables);
656
657 HandoffTables.NumberOfTables = 1;
658 HandoffTables.TableEntry[0].VendorGuid = gEfiSmbiosTableGuid;
659 HandoffTables.TableEntry[0].VendorTable = SmbiosTable;
660
661 DEBUG ((DEBUG_INFO, "The Smbios Table starts at: 0x%x\n", SmbiosTable->TableAddress));
662 DEBUG ((DEBUG_INFO, "The Smbios Table size: 0x%x\n", SmbiosTable->TableLength));
663
664 Status = TcgDxeHashLogExtendEventI (
665 &mTcgDxeData,
666 (UINT8*)(UINTN)SmbiosTable->TableAddress,
667 SmbiosTable->TableLength,
668 &TcgEvent,
669 (UINT8*)&HandoffTables
670 );
671 }
672
673 return Status;
674 }
675
676 /**
677 Measure and log Separator event, and extend the measurement result into a specific PCR.
678
679 @param[in] PCRIndex PCR index.
680
681 @retval EFI_SUCCESS Operation completed successfully.
682 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
683
684 **/
685 EFI_STATUS
686 EFIAPI
687 MeasureSeparatorEvent (
688 IN TPM_PCRINDEX PCRIndex
689 )
690 {
691 TCG_PCR_EVENT_HDR TcgEvent;
692 UINT32 EventData;
693
694 EventData = 0;
695 TcgEvent.PCRIndex = PCRIndex;
696 TcgEvent.EventType = EV_SEPARATOR;
697 TcgEvent.EventSize = (UINT32)sizeof (EventData);
698 return TcgDxeHashLogExtendEventI (
699 &mTcgDxeData,
700 (UINT8 *)&EventData,
701 sizeof (EventData),
702 &TcgEvent,
703 (UINT8 *)&EventData
704 );
705 }
706
707 /**
708 Read an EFI Variable.
709
710 This function allocates a buffer to return the contents of the variable. The caller is
711 responsible for freeing the buffer.
712
713 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
714 @param[in] VendorGuid A unique identifier for the vendor.
715 @param[out] VarSize The size of the variable data.
716
717 @return A pointer to the buffer to return the contents of the variable.Otherwise NULL.
718
719 **/
720 VOID *
721 EFIAPI
722 ReadVariable (
723 IN CHAR16 *VarName,
724 IN EFI_GUID *VendorGuid,
725 OUT UINTN *VarSize
726 )
727 {
728 EFI_STATUS Status;
729 VOID *VarData;
730
731 *VarSize = 0;
732 Status = gRT->GetVariable (
733 VarName,
734 VendorGuid,
735 NULL,
736 VarSize,
737 NULL
738 );
739 if (Status != EFI_BUFFER_TOO_SMALL) {
740 return NULL;
741 }
742
743 VarData = AllocatePool (*VarSize);
744 if (VarData != NULL) {
745 Status = gRT->GetVariable (
746 VarName,
747 VendorGuid,
748 NULL,
749 VarSize,
750 VarData
751 );
752 if (EFI_ERROR (Status)) {
753 FreePool (VarData);
754 VarData = NULL;
755 *VarSize = 0;
756 }
757 }
758 return VarData;
759 }
760
761 /**
762 Measure and log an EFI variable, and extend the measurement result into a specific PCR.
763
764 @param[in] PCRIndex PCR Index.
765 @param[in] EventType Event type.
766 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
767 @param[in] VendorGuid A unique identifier for the vendor.
768 @param[in] VarData The content of the variable data.
769 @param[in] VarSize The size of the variable data.
770
771 @retval EFI_SUCCESS Operation completed successfully.
772 @retval EFI_OUT_OF_RESOURCES Out of memory.
773 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
774
775 **/
776 EFI_STATUS
777 EFIAPI
778 MeasureVariable (
779 IN TPM_PCRINDEX PCRIndex,
780 IN TCG_EVENTTYPE EventType,
781 IN CHAR16 *VarName,
782 IN EFI_GUID *VendorGuid,
783 IN VOID *VarData,
784 IN UINTN VarSize
785 )
786 {
787 EFI_STATUS Status;
788 TCG_PCR_EVENT_HDR TcgEvent;
789 UINTN VarNameLength;
790 EFI_VARIABLE_DATA *VarLog;
791
792 VarNameLength = StrLen (VarName);
793 TcgEvent.PCRIndex = PCRIndex;
794 TcgEvent.EventType = EventType;
795 TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize
796 - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
797
798 VarLog = (EFI_VARIABLE_DATA*)AllocatePool (TcgEvent.EventSize);
799 if (VarLog == NULL) {
800 return EFI_OUT_OF_RESOURCES;
801 }
802
803 VarLog->VariableName = *VendorGuid;
804 VarLog->UnicodeNameLength = VarNameLength;
805 VarLog->VariableDataLength = VarSize;
806 CopyMem (
807 VarLog->UnicodeName,
808 VarName,
809 VarNameLength * sizeof (*VarName)
810 );
811 CopyMem (
812 (CHAR16 *)VarLog->UnicodeName + VarNameLength,
813 VarData,
814 VarSize
815 );
816
817 Status = TcgDxeHashLogExtendEventI (
818 &mTcgDxeData,
819 (UINT8*)VarData,
820 VarSize,
821 &TcgEvent,
822 (UINT8*)VarLog
823 );
824 FreePool (VarLog);
825 return Status;
826 }
827
828 /**
829 Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[5].
830
831 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
832 @param[in] VendorGuid A unique identifier for the vendor.
833 @param[out] VarSize The size of the variable data.
834 @param[out] VarData Pointer to the content of the variable.
835
836 @retval EFI_SUCCESS Operation completed successfully.
837 @retval EFI_OUT_OF_RESOURCES Out of memory.
838 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
839
840 **/
841 EFI_STATUS
842 EFIAPI
843 ReadAndMeasureBootVariable (
844 IN CHAR16 *VarName,
845 IN EFI_GUID *VendorGuid,
846 OUT UINTN *VarSize,
847 OUT VOID **VarData
848 )
849 {
850 EFI_STATUS Status;
851
852 *VarData = ReadVariable (VarName, VendorGuid, VarSize);
853 if (*VarData == NULL) {
854 return EFI_NOT_FOUND;
855 }
856
857 Status = MeasureVariable (
858 5,
859 EV_EFI_VARIABLE_BOOT,
860 VarName,
861 VendorGuid,
862 *VarData,
863 *VarSize
864 );
865 return Status;
866 }
867
868 /**
869 Measure and log all EFI boot variables, and extend the measurement result into a specific PCR.
870
871 The EFI boot variables are BootOrder and Boot#### variables.
872
873 @retval EFI_SUCCESS Operation completed successfully.
874 @retval EFI_OUT_OF_RESOURCES Out of memory.
875 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
876
877 **/
878 EFI_STATUS
879 EFIAPI
880 MeasureAllBootVariables (
881 VOID
882 )
883 {
884 EFI_STATUS Status;
885 UINT16 *BootOrder;
886 UINTN BootCount;
887 UINTN Index;
888 VOID *BootVarData;
889 UINTN Size;
890
891 Status = ReadAndMeasureBootVariable (
892 mBootVarName,
893 &gEfiGlobalVariableGuid,
894 &BootCount,
895 (VOID **) &BootOrder
896 );
897 if (Status == EFI_NOT_FOUND) {
898 return EFI_SUCCESS;
899 }
900 ASSERT (BootOrder != NULL);
901
902 if (EFI_ERROR (Status)) {
903 FreePool (BootOrder);
904 return Status;
905 }
906
907 BootCount /= sizeof (*BootOrder);
908 for (Index = 0; Index < BootCount; Index++) {
909 UnicodeSPrint (mBootVarName, sizeof (mBootVarName), L"Boot%04x", BootOrder[Index]);
910 Status = ReadAndMeasureBootVariable (
911 mBootVarName,
912 &gEfiGlobalVariableGuid,
913 &Size,
914 &BootVarData
915 );
916 if (!EFI_ERROR (Status)) {
917 FreePool (BootVarData);
918 }
919 }
920
921 FreePool (BootOrder);
922 return EFI_SUCCESS;
923 }
924
925 /**
926 Ready to Boot Event notification handler.
927
928 Sequence of OS boot events is measured in this event notification handler.
929
930 @param[in] Event Event whose notification function is being invoked
931 @param[in] Context Pointer to the notification function's context
932
933 **/
934 VOID
935 EFIAPI
936 OnReadyToBoot (
937 IN EFI_EVENT Event,
938 IN VOID *Context
939 )
940 {
941 EFI_STATUS Status;
942 TPM_PCRINDEX PcrIndex;
943
944 if (mBootAttempts == 0) {
945
946 //
947 // Measure handoff tables.
948 //
949 Status = MeasureHandoffTables ();
950 if (EFI_ERROR (Status)) {
951 DEBUG ((EFI_D_ERROR, "HOBs not Measured. Error!\n"));
952 }
953
954 //
955 // Measure BootOrder & Boot#### variables.
956 //
957 Status = MeasureAllBootVariables ();
958 if (EFI_ERROR (Status)) {
959 DEBUG ((EFI_D_ERROR, "Boot Variables not Measured. Error!\n"));
960 }
961
962 //
963 // 1. This is the first boot attempt.
964 //
965 Status = TcgMeasureAction (
966 EFI_CALLING_EFI_APPLICATION
967 );
968 ASSERT_EFI_ERROR (Status);
969
970 //
971 // 2. Draw a line between pre-boot env and entering post-boot env.
972 //
973 for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
974 Status = MeasureSeparatorEvent (PcrIndex);
975 ASSERT_EFI_ERROR (Status);
976 }
977
978 //
979 // 3. Measure GPT. It would be done in SAP driver.
980 //
981
982 //
983 // 4. Measure PE/COFF OS loader. It would be done in SAP driver.
984 //
985
986 //
987 // 5. Read & Measure variable. BootOrder already measured.
988 //
989 } else {
990 //
991 // 6. Not first attempt, meaning a return from last attempt
992 //
993 Status = TcgMeasureAction (
994 EFI_RETURNING_FROM_EFI_APPLICATOIN
995 );
996 ASSERT_EFI_ERROR (Status);
997 }
998
999 DEBUG ((EFI_D_INFO, "TPM TcgDxe Measure Data when ReadyToBoot\n"));
1000 //
1001 // Increase boot attempt counter.
1002 //
1003 mBootAttempts++;
1004 }
1005
1006 /**
1007 Install TCG ACPI Table when ACPI Table Protocol is available.
1008
1009 A system¡¯s firmware uses an ACPI table to identify the system's TCG capabilities
1010 to the Post-Boot environment. The information in this ACPI table is not guaranteed
1011 to be valid until the Host Platform transitions from pre-boot state to post-boot state.
1012
1013 @param[in] Event Event whose notification function is being invoked
1014 @param[in] Context Pointer to the notification function's context
1015 **/
1016 VOID
1017 EFIAPI
1018 InstallAcpiTable (
1019 IN EFI_EVENT Event,
1020 IN VOID* Context
1021 )
1022 {
1023 UINTN TableKey;
1024 EFI_STATUS Status;
1025 EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
1026 UINT8 Checksum;
1027
1028 Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable);
1029 if (EFI_ERROR (Status)) {
1030 return;
1031 }
1032
1033 if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
1034
1035 //
1036 // The ACPI table must be checksumed before calling the InstallAcpiTable()
1037 // service of the ACPI table protocol to install it.
1038 //
1039 Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, sizeof (mTcgClientAcpiTemplate));
1040 mTcgClientAcpiTemplate.Header.Checksum = Checksum;
1041
1042 Status = AcpiTable->InstallAcpiTable (
1043 AcpiTable,
1044 &mTcgClientAcpiTemplate,
1045 sizeof (mTcgClientAcpiTemplate),
1046 &TableKey
1047 );
1048 } else {
1049
1050 //
1051 // The ACPI table must be checksumed before calling the InstallAcpiTable()
1052 // service of the ACPI table protocol to install it.
1053 //
1054 Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, sizeof (mTcgServerAcpiTemplate));
1055 mTcgServerAcpiTemplate.Header.Checksum = Checksum;
1056
1057 Status = AcpiTable->InstallAcpiTable (
1058 AcpiTable,
1059 &mTcgServerAcpiTemplate,
1060 sizeof (mTcgServerAcpiTemplate),
1061 &TableKey
1062 );
1063 }
1064 ASSERT_EFI_ERROR (Status);
1065 }
1066
1067 /**
1068 Exit Boot Services Event notification handler.
1069
1070 Measure invocation and success of ExitBootServices.
1071
1072 @param[in] Event Event whose notification function is being invoked
1073 @param[in] Context Pointer to the notification function's context
1074
1075 **/
1076 VOID
1077 EFIAPI
1078 OnExitBootServices (
1079 IN EFI_EVENT Event,
1080 IN VOID *Context
1081 )
1082 {
1083 EFI_STATUS Status;
1084
1085 //
1086 // Measure invocation of ExitBootServices,
1087 //
1088 Status = TcgMeasureAction (
1089 EFI_EXIT_BOOT_SERVICES_INVOCATION
1090 );
1091 ASSERT_EFI_ERROR (Status);
1092
1093 //
1094 // Measure success of ExitBootServices
1095 //
1096 Status = TcgMeasureAction (
1097 EFI_EXIT_BOOT_SERVICES_SUCCEEDED
1098 );
1099 ASSERT_EFI_ERROR (Status);
1100 }
1101
1102 /**
1103 Get TPM Deactivated state.
1104
1105 @param[out] TPMDeactivatedFlag Returns TPM Deactivated state.
1106
1107 @retval EFI_SUCCESS Operation completed successfully.
1108 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1109
1110 **/
1111 EFI_STATUS
1112 GetTpmStatus (
1113 OUT BOOLEAN *TPMDeactivatedFlag
1114 )
1115 {
1116 EFI_STATUS Status;
1117 TPM_STCLEAR_FLAGS VFlags;
1118
1119 Status = TpmCommGetFlags (
1120 mTcgDxeData.TpmHandle,
1121 TPM_CAP_FLAG_VOLATILE,
1122 &VFlags,
1123 sizeof (VFlags)
1124 );
1125 if (!EFI_ERROR (Status)) {
1126 *TPMDeactivatedFlag = VFlags.deactivated;
1127 }
1128
1129 return Status;
1130 }
1131
1132 /**
1133 The driver's entry point.
1134
1135 It publishes EFI TCG Protocol.
1136
1137 @param[in] ImageHandle The firmware allocated handle for the EFI image.
1138 @param[in] SystemTable A pointer to the EFI System Table.
1139
1140 @retval EFI_SUCCESS The entry point is executed successfully.
1141 @retval other Some error occurs when executing this entry point.
1142
1143 **/
1144 EFI_STATUS
1145 EFIAPI
1146 DriverEntry (
1147 IN EFI_HANDLE ImageHandle,
1148 IN EFI_SYSTEM_TABLE *SystemTable
1149 )
1150 {
1151 EFI_STATUS Status;
1152 EFI_EVENT Event;
1153 VOID *Registration;
1154
1155 mTcgDxeData.TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;
1156 Status = TisPcRequestUseTpm (mTcgDxeData.TpmHandle);
1157 if (EFI_ERROR (Status)) {
1158 DEBUG ((EFI_D_ERROR, "TPM not detected!\n"));
1159 return Status;
1160 }
1161
1162 Status = GetTpmStatus (&mTcgDxeData.BsCap.TPMDeactivatedFlag);
1163 if (EFI_ERROR (Status)) {
1164 DEBUG ((
1165 EFI_D_ERROR,
1166 "Line %d in file " __FILE__ ":\n "
1167 "DriverEntry: TPM not working properly\n",
1168 __LINE__
1169 ));
1170 return Status;
1171 }
1172
1173 Status = gBS->InstallProtocolInterface (
1174 &ImageHandle,
1175 &gEfiTcgProtocolGuid,
1176 EFI_NATIVE_INTERFACE,
1177 &mTcgDxeData.TcgProtocol
1178 );
1179 //
1180 // Install ACPI Table
1181 //
1182 EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid, TPL_CALLBACK, InstallAcpiTable, NULL, &Registration);
1183
1184 if (!EFI_ERROR (Status) && !mTcgDxeData.BsCap.TPMDeactivatedFlag) {
1185 //
1186 // Setup the log area and copy event log from hob list to it
1187 //
1188 Status = SetupEventLog ();
1189 ASSERT_EFI_ERROR (Status);
1190
1191 //
1192 // Measure handoff tables, Boot#### variables etc.
1193 //
1194 Status = EfiCreateEventReadyToBootEx (
1195 TPL_CALLBACK,
1196 OnReadyToBoot,
1197 NULL,
1198 &Event
1199 );
1200
1201 Status = gBS->CreateEventEx (
1202 EVT_NOTIFY_SIGNAL,
1203 TPL_NOTIFY,
1204 OnExitBootServices,
1205 NULL,
1206 &gEfiEventExitBootServicesGuid,
1207 &Event
1208 );
1209 }
1210
1211 return Status;
1212 }
EFI Development Kit II mirror for PVE