2 This module implements TrEE Protocol.
4 Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
16 #include <IndustryStandard/Acpi.h>
17 #include <IndustryStandard/PeImage.h>
18 #include <IndustryStandard/SmBios.h>
19 #include <IndustryStandard/TcpaAcpi.h>
21 #include <Guid/GlobalVariable.h>
22 #include <Guid/SmBios.h>
23 #include <Guid/HobList.h>
24 #include <Guid/TcgEventHob.h>
25 #include <Guid/EventGroup.h>
26 #include <Guid/EventExitBootServiceFailed.h>
27 #include <Guid/ImageAuthentication.h>
28 #include <Guid/TpmInstance.h>
30 #include <Protocol/DevicePath.h>
31 #include <Protocol/AcpiTable.h>
32 #include <Protocol/MpService.h>
33 #include <Protocol/VariableWrite.h>
34 #include <Protocol/TrEEProtocol.h>
36 #include <Library/DebugLib.h>
37 #include <Library/BaseMemoryLib.h>
38 #include <Library/UefiRuntimeServicesTableLib.h>
39 #include <Library/UefiDriverEntryPoint.h>
40 #include <Library/HobLib.h>
41 #include <Library/UefiBootServicesTableLib.h>
42 #include <Library/BaseLib.h>
43 #include <Library/MemoryAllocationLib.h>
44 #include <Library/PrintLib.h>
45 #include <Library/Tpm2CommandLib.h>
46 #include <Library/PcdLib.h>
47 #include <Library/UefiLib.h>
48 #include <Library/Tpm2DeviceLib.h>
49 #include <Library/HashLib.h>
50 #include <Library/PerformanceLib.h>
51 #include <Library/ReportStatusCodeLib.h>
53 #define PERF_ID_TREE_DXE 0x3120
60 #define EFI_TCG_LOG_AREA_SIZE 0x10000
62 #define TREE_DEFAULT_MAX_COMMAND_SIZE 0x1000
63 #define TREE_DEFAULT_MAX_RESPONSE_SIZE 0x1000
67 TREE_EVENT_LOG_FORMAT LogFormat
;
68 } TREE_EVENT_INFO_STRUCT
;
70 TREE_EVENT_INFO_STRUCT mTreeEventInfo
[] = {
71 {&gTcgEventEntryHobGuid
, TREE_EVENT_LOG_FORMAT_TCG_1_2
},
74 #define TCG_EVENT_LOG_AREA_COUNT_MAX 2
77 TREE_EVENT_LOG_FORMAT EventLogFormat
;
78 EFI_PHYSICAL_ADDRESS Lasa
;
82 BOOLEAN EventLogStarted
;
83 BOOLEAN EventLogTruncated
;
84 } TCG_EVENT_LOG_AREA_STRUCT
;
86 typedef struct _TCG_DXE_DATA
{
87 TREE_BOOT_SERVICE_CAPABILITY BsCap
;
88 EFI_TCG_CLIENT_ACPI_TABLE
*TcgClientAcpiTable
;
89 EFI_TCG_SERVER_ACPI_TABLE
*TcgServerAcpiTable
;
90 TCG_EVENT_LOG_AREA_STRUCT EventLogAreaStruct
[TCG_EVENT_LOG_AREA_COUNT_MAX
];
93 EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate
= {
95 EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE
,
96 sizeof (mTcgClientAcpiTemplate
),
99 // Compiler initializes the remaining bytes to 0
100 // These fields should be filled in in production
103 0, // 0 for PC Client Platform Class
104 0, // Log Area Max Length
105 (EFI_PHYSICAL_ADDRESS
) (SIZE_4GB
- 1) // Log Area Start Address
109 // The following EFI_TCG_SERVER_ACPI_TABLE default setting is just one example,
110 // the TPM device connectes to LPC, and also defined the ACPI _UID as 0xFF,
111 // this _UID can be changed and should match with the _UID setting of the TPM
112 // ACPI device object
114 EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate
= {
116 EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE
,
117 sizeof (mTcgServerAcpiTemplate
),
120 // Compiler initializes the remaining bytes to 0
121 // These fields should be filled in in production
124 1, // 1 for Server Platform Class
126 0, // Log Area Max Length
127 (EFI_PHYSICAL_ADDRESS
) (SIZE_4GB
- 1), // Log Area Start Address
128 0x0100, // TCG Specification revision 1.0
130 0, // Interrupt Flags
132 {0}, // Reserved 3 bytes
133 0, // Global System Interrupt
135 EFI_ACPI_3_0_SYSTEM_MEMORY
,
142 {0}, // Configuration Address
143 0xFF, // ACPI _UID value of the device, can be changed for different platforms
144 0, // ACPI _UID value of the device, can be changed for different platforms
145 0, // ACPI _UID value of the device, can be changed for different platforms
146 0 // ACPI _UID value of the device, can be changed for different platforms
149 TCG_DXE_DATA mTcgDxeData
= {
151 sizeof (TREE_BOOT_SERVICE_CAPABILITY_1_0
), // Size
152 { 1, 0 }, // StructureVersion
153 { 1, 0 }, // ProtocolVersion
154 TREE_BOOT_HASH_ALG_SHA1
, // HashAlgorithmBitmap
155 TREE_EVENT_LOG_FORMAT_TCG_1_2
, // SupportedEventLogs
156 TRUE
, // TrEEPresentFlag
157 TREE_DEFAULT_MAX_COMMAND_SIZE
, // MaxCommandSize
158 TREE_DEFAULT_MAX_RESPONSE_SIZE
, // MaxResponseSize
161 &mTcgClientAcpiTemplate
,
162 &mTcgServerAcpiTemplate
,
165 UINTN mBootAttempts
= 0;
166 CHAR16 mBootVarName
[] = L
"BootOrder";
168 VARIABLE_TYPE mVariableType
[] = {
169 {EFI_SECURE_BOOT_MODE_NAME
, &gEfiGlobalVariableGuid
},
170 {EFI_PLATFORM_KEY_NAME
, &gEfiGlobalVariableGuid
},
171 {EFI_KEY_EXCHANGE_KEY_NAME
, &gEfiGlobalVariableGuid
},
172 {EFI_IMAGE_SECURITY_DATABASE
, &gEfiImageSecurityDatabaseGuid
},
173 {EFI_IMAGE_SECURITY_DATABASE1
, &gEfiImageSecurityDatabaseGuid
},
176 EFI_HANDLE mImageHandle
;
179 Measure PE image into TPM log based on the authenticode image hashing in
180 PE/COFF Specification 8.0 Appendix A.
182 Caution: This function may receive untrusted input.
183 PE/COFF image is external input, so this function will validate its data structure
184 within this image buffer before use.
186 @param[in] PCRIndex TPM PCR index
187 @param[in] ImageAddress Start address of image buffer.
188 @param[in] ImageSize Image size
189 @param[out] DigestList Digeest list of this image.
191 @retval EFI_SUCCESS Successfully measure image.
192 @retval EFI_OUT_OF_RESOURCES No enough resource to measure image.
193 @retval other error value
196 MeasurePeImageAndExtend (
198 IN EFI_PHYSICAL_ADDRESS ImageAddress
,
200 OUT TPML_DIGEST_VALUES
*DigestList
205 This function dump raw data.
208 @param Size raw data size
218 for (Index
= 0; Index
< Size
; Index
++) {
219 DEBUG ((EFI_D_INFO
, "%02x", (UINTN
)Data
[Index
]));
225 This function dump raw data with colume format.
228 @param Size raw data size
241 #define COLUME_SIZE (16 * 2)
243 Count
= Size
/ COLUME_SIZE
;
244 Left
= Size
% COLUME_SIZE
;
245 for (Index
= 0; Index
< Count
; Index
++) {
246 DEBUG ((EFI_D_INFO
, "%04x: ", Index
* COLUME_SIZE
));
247 InternalDumpData (Data
+ Index
* COLUME_SIZE
, COLUME_SIZE
);
248 DEBUG ((EFI_D_INFO
, "\n"));
252 DEBUG ((EFI_D_INFO
, "%04x: ", Index
* COLUME_SIZE
));
253 InternalDumpData (Data
+ Index
* COLUME_SIZE
, Left
);
254 DEBUG ((EFI_D_INFO
, "\n"));
259 Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function
260 Caller is responsible to free LocationBuf.
262 @param[out] LocationBuf Returns Processor Location Buffer.
263 @param[out] Num Returns processor number.
265 @retval EFI_SUCCESS Operation completed successfully.
266 @retval EFI_UNSUPPORTED MpService protocol not found.
270 GetProcessorsCpuLocation (
271 OUT EFI_CPU_PHYSICAL_LOCATION
**LocationBuf
,
276 EFI_MP_SERVICES_PROTOCOL
*MpProtocol
;
278 UINTN EnabledProcessorNum
;
279 EFI_PROCESSOR_INFORMATION ProcessorInfo
;
280 EFI_CPU_PHYSICAL_LOCATION
*ProcessorLocBuf
;
283 Status
= gBS
->LocateProtocol (&gEfiMpServiceProtocolGuid
, NULL
, (VOID
**) &MpProtocol
);
284 if (EFI_ERROR (Status
)) {
286 // MP protocol is not installed
288 return EFI_UNSUPPORTED
;
291 Status
= MpProtocol
->GetNumberOfProcessors(
296 if (EFI_ERROR(Status
)){
300 Status
= gBS
->AllocatePool(
302 sizeof(EFI_CPU_PHYSICAL_LOCATION
) * ProcessorNum
,
303 (VOID
**) &ProcessorLocBuf
305 if (EFI_ERROR(Status
)){
310 // Get each processor Location info
312 for (Index
= 0; Index
< ProcessorNum
; Index
++) {
313 Status
= MpProtocol
->GetProcessorInfo(
318 if (EFI_ERROR(Status
)){
319 FreePool(ProcessorLocBuf
);
324 // Get all Processor Location info & measure
327 &ProcessorLocBuf
[Index
],
328 &ProcessorInfo
.Location
,
329 sizeof(EFI_CPU_PHYSICAL_LOCATION
)
333 *LocationBuf
= ProcessorLocBuf
;
340 The EFI_TREE_PROTOCOL GetCapability function call provides protocol
341 capability information and state information about the TrEE.
343 @param[in] This Indicates the calling context
344 @param[in, out] ProtocolCapability The caller allocates memory for a TREE_BOOT_SERVICE_CAPABILITY
345 structure and sets the size field to the size of the structure allocated.
346 The callee fills in the fields with the EFI protocol capability information
347 and the current TrEE state information up to the number of fields which
348 fit within the size of the structure passed in.
350 @retval EFI_SUCCESS Operation completed successfully.
351 @retval EFI_DEVICE_ERROR The command was unsuccessful.
352 The ProtocolCapability variable will not be populated.
353 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
354 The ProtocolCapability variable will not be populated.
355 @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response.
356 It will be partially populated (required Size field will be set).
361 IN EFI_TREE_PROTOCOL
*This
,
362 IN OUT TREE_BOOT_SERVICE_CAPABILITY
*ProtocolCapability
365 DEBUG ((EFI_D_INFO
, "TreeGetCapability ...\n"));
367 if ((This
== NULL
) || (ProtocolCapability
== NULL
)) {
368 return EFI_INVALID_PARAMETER
;
371 if (ProtocolCapability
->Size
< mTcgDxeData
.BsCap
.Size
) {
372 ProtocolCapability
->Size
= mTcgDxeData
.BsCap
.Size
;
373 return EFI_BUFFER_TOO_SMALL
;
376 CopyMem (ProtocolCapability
, &mTcgDxeData
.BsCap
, mTcgDxeData
.BsCap
.Size
);
377 DEBUG ((EFI_D_INFO
, "TreeGetCapability - %r\n", EFI_SUCCESS
));
382 This function dump event log.
384 @param[in] EventLogFormat The type of the event log for which the information is requested.
385 @param[in] EventLogLocation A pointer to the memory address of the event log.
386 @param[in] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the
387 address of the start of the last entry in the event log in memory.
391 IN TREE_EVENT_LOG_FORMAT EventLogFormat
,
392 IN EFI_PHYSICAL_ADDRESS EventLogLocation
,
393 IN EFI_PHYSICAL_ADDRESS EventLogLastEntry
396 TCG_PCR_EVENT_HDR
*EventHdr
;
399 DEBUG ((EFI_D_INFO
, "EventLogFormat: (0x%x)\n", EventLogFormat
));
401 switch (EventLogFormat
) {
402 case TREE_EVENT_LOG_FORMAT_TCG_1_2
:
403 EventHdr
= (TCG_PCR_EVENT_HDR
*)(UINTN
)EventLogLocation
;
404 while ((UINTN
)EventHdr
<= EventLogLastEntry
) {
405 DEBUG ((EFI_D_INFO
, " Event:\n"));
406 DEBUG ((EFI_D_INFO
, " PCRIndex - %d\n", EventHdr
->PCRIndex
));
407 DEBUG ((EFI_D_INFO
, " EventType - 0x%08x\n", EventHdr
->EventType
));
408 DEBUG ((EFI_D_INFO
, " Digest - "));
409 for (Index
= 0; Index
< sizeof(TCG_DIGEST
); Index
++) {
410 DEBUG ((EFI_D_INFO
, "%02x ", EventHdr
->Digest
.digest
[Index
]));
412 DEBUG ((EFI_D_INFO
, "\n"));
413 DEBUG ((EFI_D_INFO
, " EventSize - 0x%08x\n", EventHdr
->EventSize
));
414 InternalDumpHex ((UINT8
*)(EventHdr
+ 1), EventHdr
->EventSize
);
415 EventHdr
= (TCG_PCR_EVENT_HDR
*)((UINTN
)EventHdr
+ sizeof(TCG_PCR_EVENT_HDR
) + EventHdr
->EventSize
);
424 The EFI_TREE_PROTOCOL Get Event Log function call allows a caller to
425 retrieve the address of a given event log and its last entry.
427 @param[in] This Indicates the calling context
428 @param[in] EventLogFormat The type of the event log for which the information is requested.
429 @param[out] EventLogLocation A pointer to the memory address of the event log.
430 @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the
431 address of the start of the last entry in the event log in memory.
432 @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would
433 have exceeded the area allocated for events, this value is set to TRUE.
434 Otherwise, the value will be FALSE and the Event Log will be complete.
436 @retval EFI_SUCCESS Operation completed successfully.
437 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect
438 (e.g. asking for an event log whose format is not supported).
443 IN EFI_TREE_PROTOCOL
*This
,
444 IN TREE_EVENT_LOG_FORMAT EventLogFormat
,
445 OUT EFI_PHYSICAL_ADDRESS
*EventLogLocation
,
446 OUT EFI_PHYSICAL_ADDRESS
*EventLogLastEntry
,
447 OUT BOOLEAN
*EventLogTruncated
452 DEBUG ((EFI_D_INFO
, "TreeGetEventLog ...\n"));
455 return EFI_INVALID_PARAMETER
;
458 for (Index
= 0; Index
< sizeof(mTreeEventInfo
)/sizeof(mTreeEventInfo
[0]); Index
++) {
459 if (EventLogFormat
== mTreeEventInfo
[Index
].LogFormat
) {
464 if (Index
== sizeof(mTreeEventInfo
)/sizeof(mTreeEventInfo
[0])) {
465 return EFI_INVALID_PARAMETER
;
468 if (!mTcgDxeData
.BsCap
.TrEEPresentFlag
) {
469 if (EventLogLocation
!= NULL
) {
470 *EventLogLocation
= 0;
472 if (EventLogLastEntry
!= NULL
) {
473 *EventLogLastEntry
= 0;
475 if (EventLogTruncated
!= NULL
) {
476 *EventLogTruncated
= FALSE
;
481 if (EventLogLocation
!= NULL
) {
482 *EventLogLocation
= mTcgDxeData
.EventLogAreaStruct
[Index
].Lasa
;
483 DEBUG ((EFI_D_INFO
, "TreeGetEventLog (EventLogLocation - %x)\n", *EventLogLocation
));
486 if (EventLogLastEntry
!= NULL
) {
487 if (!mTcgDxeData
.EventLogAreaStruct
[Index
].EventLogStarted
) {
488 *EventLogLastEntry
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)0;
490 *EventLogLastEntry
= (EFI_PHYSICAL_ADDRESS
)(UINTN
)mTcgDxeData
.EventLogAreaStruct
[Index
].LastEvent
;
492 DEBUG ((EFI_D_INFO
, "TreeGetEventLog (EventLogLastEntry - %x)\n", *EventLogLastEntry
));
495 if (EventLogTruncated
!= NULL
) {
496 *EventLogTruncated
= mTcgDxeData
.EventLogAreaStruct
[Index
].EventLogTruncated
;
497 DEBUG ((EFI_D_INFO
, "TreeGetEventLog (EventLogTruncated - %x)\n", *EventLogTruncated
));
500 DEBUG ((EFI_D_INFO
, "TreeGetEventLog - %r\n", EFI_SUCCESS
));
502 // Dump Event Log for debug purpose
503 if ((EventLogLocation
!= NULL
) && (EventLogLastEntry
!= NULL
)) {
504 DumpEventLog (EventLogFormat
, *EventLogLocation
, *EventLogLastEntry
);
511 Add a new entry to the Event Log.
513 @param[in, out] EventLogPtr Pointer to the Event Log data.
514 @param[in, out] LogSize Size of the Event Log.
515 @param[in] MaxSize Maximum size of the Event Log.
516 @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
517 @param[in] NewEventHdrSize New event header size.
518 @param[in] NewEventData Pointer to the new event data.
519 @param[in] NewEventSize New event data size.
521 @retval EFI_SUCCESS The new event log entry was added.
522 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
527 IN OUT UINT8
**EventLogPtr
,
528 IN OUT UINTN
*LogSize
,
530 IN VOID
*NewEventHdr
,
531 IN UINT32 NewEventHdrSize
,
532 IN UINT8
*NewEventData
,
533 IN UINT32 NewEventSize
538 if (NewEventSize
> MAX_ADDRESS
- NewEventHdrSize
) {
539 return EFI_OUT_OF_RESOURCES
;
542 NewLogSize
= NewEventHdrSize
+ NewEventSize
;
544 if (NewLogSize
> MAX_ADDRESS
- *LogSize
) {
545 return EFI_OUT_OF_RESOURCES
;
548 if (NewLogSize
+ *LogSize
> MaxSize
) {
549 DEBUG ((EFI_D_INFO
, " MaxSize - 0x%x\n", MaxSize
));
550 DEBUG ((EFI_D_INFO
, " NewLogSize - 0x%x\n", NewLogSize
));
551 DEBUG ((EFI_D_INFO
, " LogSize - 0x%x\n", *LogSize
));
552 DEBUG ((EFI_D_INFO
, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES
));
553 return EFI_OUT_OF_RESOURCES
;
556 *EventLogPtr
+= *LogSize
;
557 *LogSize
+= NewLogSize
;
558 CopyMem (*EventLogPtr
, NewEventHdr
, NewEventHdrSize
);
560 *EventLogPtr
+ NewEventHdrSize
,
568 Add a new entry to the Event Log.
570 @param[in] EventLogFormat The type of the event log for which the information is requested.
571 @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
572 @param[in] NewEventHdrSize New event header size.
573 @param[in] NewEventData Pointer to the new event data.
574 @param[in] NewEventSize New event data size.
576 @retval EFI_SUCCESS The new event log entry was added.
577 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
582 IN TREE_EVENT_LOG_FORMAT EventLogFormat
,
583 IN VOID
*NewEventHdr
,
584 IN UINT32 NewEventHdrSize
,
585 IN UINT8
*NewEventData
,
586 IN UINT32 NewEventSize
592 for (Index
= 0; Index
< sizeof(mTreeEventInfo
)/sizeof(mTreeEventInfo
[0]); Index
++) {
593 if (EventLogFormat
== mTreeEventInfo
[Index
].LogFormat
) {
598 if (Index
== sizeof(mTreeEventInfo
)/sizeof(mTreeEventInfo
[0])) {
599 return EFI_INVALID_PARAMETER
;
602 if (mTcgDxeData
.EventLogAreaStruct
[Index
].EventLogTruncated
) {
603 return EFI_VOLUME_FULL
;
606 mTcgDxeData
.EventLogAreaStruct
[Index
].LastEvent
= (UINT8
*)(UINTN
)mTcgDxeData
.EventLogAreaStruct
[Index
].Lasa
;
607 Status
= TcgCommLogEvent (
608 &mTcgDxeData
.EventLogAreaStruct
[Index
].LastEvent
,
609 &mTcgDxeData
.EventLogAreaStruct
[Index
].EventLogSize
,
610 (UINTN
)mTcgDxeData
.EventLogAreaStruct
[Index
].Laml
,
617 if (Status
== EFI_DEVICE_ERROR
) {
618 return EFI_DEVICE_ERROR
;
619 } else if (Status
== EFI_OUT_OF_RESOURCES
) {
620 mTcgDxeData
.EventLogAreaStruct
[Index
].EventLogTruncated
= TRUE
;
621 return EFI_VOLUME_FULL
;
622 } else if (Status
== EFI_SUCCESS
) {
623 mTcgDxeData
.EventLogAreaStruct
[Index
].EventLogStarted
= TRUE
;
630 This function get digest from digest list.
632 @param HashAlg digest algorithm
633 @param DigestList digest list
636 @retval EFI_SUCCESS Sha1Digest is found and returned.
637 @retval EFI_NOT_FOUND Sha1Digest is not found.
640 Tpm2GetDigestFromDigestList (
641 IN TPMI_ALG_HASH HashAlg
,
642 IN TPML_DIGEST_VALUES
*DigestList
,
649 DigestSize
= GetHashSizeFromAlgo (HashAlg
);
650 for (Index
= 0; Index
< DigestList
->count
; Index
++) {
651 if (DigestList
->digests
[Index
].hashAlg
== HashAlg
) {
654 &DigestList
->digests
[Index
].digest
,
661 return EFI_NOT_FOUND
;
665 Add a new entry to the Event Log.
667 @param[in] DigestList A list of digest.
668 @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
669 @param[in] NewEventData Pointer to the new event data.
671 @retval EFI_SUCCESS The new event log entry was added.
672 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
676 IN TPML_DIGEST_VALUES
*DigestList
,
677 IN OUT TCG_PCR_EVENT_HDR
*NewEventHdr
,
678 IN UINT8
*NewEventData
684 EFI_STATUS RetStatus
;
686 RetStatus
= EFI_SUCCESS
;
687 for (Index
= 0; Index
< sizeof(mTreeEventInfo
)/sizeof(mTreeEventInfo
[0]); Index
++) {
688 DEBUG ((EFI_D_INFO
, " LogFormat - 0x%08x\n", mTreeEventInfo
[Index
].LogFormat
));
689 switch (mTreeEventInfo
[Index
].LogFormat
) {
690 case TREE_EVENT_LOG_FORMAT_TCG_1_2
:
691 Status
= Tpm2GetDigestFromDigestList (TPM_ALG_SHA1
, DigestList
, &NewEventHdr
->Digest
);
692 if (!EFI_ERROR (Status
)) {
694 // Enter critical region
696 OldTpl
= gBS
->RaiseTPL (TPL_HIGH_LEVEL
);
697 Status
= TcgDxeLogEvent (
698 mTreeEventInfo
[Index
].LogFormat
,
700 sizeof(TCG_PCR_EVENT_HDR
),
702 NewEventHdr
->EventSize
704 if (Status
!= EFI_SUCCESS
) {
707 gBS
->RestoreTPL (OldTpl
);
709 // Exit critical region
720 Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
721 and add an entry to the Event Log.
723 @param[in] Flags Bitmap providing additional information.
724 @param[in] HashData Physical address of the start of the data buffer
725 to be hashed, extended, and logged.
726 @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
727 @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
728 @param[in] NewEventData Pointer to the new event data.
730 @retval EFI_SUCCESS Operation completed successfully.
731 @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
732 @retval EFI_DEVICE_ERROR The command was unsuccessful.
736 TcgDxeHashLogExtendEvent (
739 IN UINT64 HashDataLen
,
740 IN OUT TCG_PCR_EVENT_HDR
*NewEventHdr
,
741 IN UINT8
*NewEventData
745 TPML_DIGEST_VALUES DigestList
;
747 if (!mTcgDxeData
.BsCap
.TrEEPresentFlag
) {
748 return EFI_DEVICE_ERROR
;
751 Status
= HashAndExtend (
752 NewEventHdr
->PCRIndex
,
757 if (!EFI_ERROR (Status
)) {
758 if ((Flags
& TREE_EXTEND_ONLY
) == 0) {
759 Status
= TcgDxeLogHashEvent (&DigestList
, NewEventHdr
, NewEventData
);
763 if (Status
== EFI_DEVICE_ERROR
) {
764 DEBUG ((EFI_D_ERROR
, "TcgDxeHashLogExtendEvent - %r. Disable TPM.\n", Status
));
765 mTcgDxeData
.BsCap
.TrEEPresentFlag
= FALSE
;
767 EFI_ERROR_CODE
| EFI_ERROR_MINOR
,
768 (PcdGet32 (PcdStatusCodeSubClassTpmDevice
) | EFI_P_EC_INTERFACE_ERROR
)
776 The EFI_TREE_PROTOCOL HashLogExtendEvent function call provides callers with
777 an opportunity to extend and optionally log events without requiring
778 knowledge of actual TPM commands.
779 The extend operation will occur even if this function cannot create an event
780 log entry (e.g. due to the event log being full).
782 @param[in] This Indicates the calling context
783 @param[in] Flags Bitmap providing additional information.
784 @param[in] DataToHash Physical address of the start of the data buffer to be hashed.
785 @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash.
786 @param[in] Event Pointer to data buffer containing information about the event.
788 @retval EFI_SUCCESS Operation completed successfully.
789 @retval EFI_DEVICE_ERROR The command was unsuccessful.
790 @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs.
791 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
792 @retval EFI_UNSUPPORTED The PE/COFF image type is not supported.
796 TreeHashLogExtendEvent (
797 IN EFI_TREE_PROTOCOL
*This
,
799 IN EFI_PHYSICAL_ADDRESS DataToHash
,
800 IN UINT64 DataToHashLen
,
805 TCG_PCR_EVENT_HDR NewEventHdr
;
806 TPML_DIGEST_VALUES DigestList
;
808 DEBUG ((EFI_D_INFO
, "TreeHashLogExtendEvent ...\n"));
810 if ((This
== NULL
) || (DataToHash
== 0) || (Event
== NULL
)) {
811 return EFI_INVALID_PARAMETER
;
814 if (!mTcgDxeData
.BsCap
.TrEEPresentFlag
) {
815 return EFI_UNSUPPORTED
;
818 if (Event
->Size
< Event
->Header
.HeaderSize
+ sizeof(UINT32
)) {
819 return EFI_INVALID_PARAMETER
;
822 if (Event
->Header
.PCRIndex
> MAX_PCR_INDEX
) {
823 return EFI_INVALID_PARAMETER
;
826 NewEventHdr
.PCRIndex
= Event
->Header
.PCRIndex
;
827 NewEventHdr
.EventType
= Event
->Header
.EventType
;
828 NewEventHdr
.EventSize
= Event
->Size
- sizeof(UINT32
) - Event
->Header
.HeaderSize
;
829 if ((Flags
& PE_COFF_IMAGE
) != 0) {
830 Status
= MeasurePeImageAndExtend (
831 NewEventHdr
.PCRIndex
,
833 (UINTN
)DataToHashLen
,
836 if (!EFI_ERROR (Status
)) {
837 if ((Flags
& TREE_EXTEND_ONLY
) == 0) {
838 Status
= TcgDxeLogHashEvent (&DigestList
, &NewEventHdr
, Event
->Event
);
841 if (Status
== EFI_DEVICE_ERROR
) {
842 DEBUG ((EFI_D_ERROR
, "MeasurePeImageAndExtend - %r. Disable TPM.\n", Status
));
843 mTcgDxeData
.BsCap
.TrEEPresentFlag
= FALSE
;
845 EFI_ERROR_CODE
| EFI_ERROR_MINOR
,
846 (PcdGet32 (PcdStatusCodeSubClassTpmDevice
) | EFI_P_EC_INTERFACE_ERROR
)
850 Status
= TcgDxeHashLogExtendEvent (
852 (UINT8
*) (UINTN
) DataToHash
,
858 DEBUG ((EFI_D_INFO
, "TreeHashLogExtendEvent - %r\n", Status
));
863 This service enables the sending of commands to the TrEE.
865 @param[in] This Indicates the calling context
866 @param[in] InputParameterBlockSize Size of the TrEE input parameter block.
867 @param[in] InputParameterBlock Pointer to the TrEE input parameter block.
868 @param[in] OutputParameterBlockSize Size of the TrEE output parameter block.
869 @param[in] OutputParameterBlock Pointer to the TrEE output parameter block.
871 @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
872 @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
873 @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
874 @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
879 IN EFI_TREE_PROTOCOL
*This
,
880 IN UINT32 InputParameterBlockSize
,
881 IN UINT8
*InputParameterBlock
,
882 IN UINT32 OutputParameterBlockSize
,
883 IN UINT8
*OutputParameterBlock
888 DEBUG ((EFI_D_INFO
, "TreeSubmitCommand ...\n"));
890 if ((This
== NULL
) ||
891 (InputParameterBlockSize
== 0) || (InputParameterBlock
== NULL
) ||
892 (OutputParameterBlockSize
== 0) || (OutputParameterBlock
== NULL
)) {
893 return EFI_INVALID_PARAMETER
;
896 if (!mTcgDxeData
.BsCap
.TrEEPresentFlag
) {
897 return EFI_UNSUPPORTED
;
900 if (InputParameterBlockSize
>= mTcgDxeData
.BsCap
.MaxCommandSize
) {
901 return EFI_INVALID_PARAMETER
;
903 if (OutputParameterBlockSize
>= mTcgDxeData
.BsCap
.MaxResponseSize
) {
904 return EFI_INVALID_PARAMETER
;
907 Status
= Tpm2SubmitCommand (
908 InputParameterBlockSize
,
910 &OutputParameterBlockSize
,
913 DEBUG ((EFI_D_INFO
, "TreeSubmitCommand - %r\n", Status
));
918 EFI_TREE_PROTOCOL mTreeProtocol
= {
921 TreeHashLogExtendEvent
,
926 Initialize the Event Log and log events passed from the PEI phase.
928 @retval EFI_SUCCESS Operation completed successfully.
929 @retval EFI_OUT_OF_RESOURCES Out of memory.
939 EFI_PEI_HOB_POINTERS GuidHob
;
940 EFI_PHYSICAL_ADDRESS Lasa
;
943 DEBUG ((EFI_D_INFO
, "SetupEventLog\n"));
946 // 1. Create Log Area
948 for (Index
= 0; Index
< sizeof(mTreeEventInfo
)/sizeof(mTreeEventInfo
[0]); Index
++) {
949 mTcgDxeData
.EventLogAreaStruct
[Index
].EventLogFormat
= mTreeEventInfo
[Index
].LogFormat
;
950 Lasa
= (EFI_PHYSICAL_ADDRESS
) (SIZE_4GB
- 1);
951 Status
= gBS
->AllocatePages (
954 EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE
),
957 if (EFI_ERROR (Status
)) {
960 mTcgDxeData
.EventLogAreaStruct
[Index
].Lasa
= Lasa
;
961 mTcgDxeData
.EventLogAreaStruct
[Index
].Laml
= EFI_TCG_LOG_AREA_SIZE
;
963 // To initialize them as 0xFF is recommended
964 // because the OS can know the last entry for that.
966 SetMem ((VOID
*)(UINTN
)Lasa
, EFI_TCG_LOG_AREA_SIZE
, 0xFF);
970 // 2. Create ACPI table for TCG1.2 only
972 if (PcdGet8 (PcdTpmPlatformClass
) == TCG_PLATFORM_TYPE_CLIENT
) {
973 mTcgClientAcpiTemplate
.Lasa
= mTcgDxeData
.EventLogAreaStruct
[0].Lasa
;
974 mTcgClientAcpiTemplate
.Laml
= EFI_TCG_LOG_AREA_SIZE
;
976 mTcgServerAcpiTemplate
.Lasa
= mTcgDxeData
.EventLogAreaStruct
[0].Lasa
;
977 mTcgServerAcpiTemplate
.Laml
= EFI_TCG_LOG_AREA_SIZE
;
981 // 3. Sync data from PEI to DXE
983 Status
= EFI_SUCCESS
;
984 for (Index
= 0; Index
< sizeof(mTreeEventInfo
)/sizeof(mTreeEventInfo
[0]); Index
++) {
985 GuidHob
.Raw
= GetHobList ();
986 Status
= EFI_SUCCESS
;
987 while (!EFI_ERROR (Status
) &&
988 (GuidHob
.Raw
= GetNextGuidHob (mTreeEventInfo
[Index
].EventGuid
, GuidHob
.Raw
)) != NULL
) {
989 TcgEvent
= GET_GUID_HOB_DATA (GuidHob
.Guid
);
990 GuidHob
.Raw
= GET_NEXT_HOB (GuidHob
);
991 switch (mTreeEventInfo
[Index
].LogFormat
) {
992 case TREE_EVENT_LOG_FORMAT_TCG_1_2
:
993 Status
= TcgDxeLogEvent (
994 mTreeEventInfo
[Index
].LogFormat
,
996 sizeof(TCG_PCR_EVENT_HDR
),
997 ((TCG_PCR_EVENT
*)TcgEvent
)->Event
,
998 ((TCG_PCR_EVENT_HDR
*)TcgEvent
)->EventSize
1009 Measure and log an action string, and extend the measurement result into PCR[5].
1011 @param[in] String A specific string that indicates an Action event.
1013 @retval EFI_SUCCESS Operation completed successfully.
1014 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1022 TCG_PCR_EVENT_HDR TcgEvent
;
1024 TcgEvent
.PCRIndex
= 5;
1025 TcgEvent
.EventType
= EV_EFI_ACTION
;
1026 TcgEvent
.EventSize
= (UINT32
)AsciiStrLen (String
);
1027 return TcgDxeHashLogExtendEvent (
1037 Measure and log EFI handoff tables, and extend the measurement result into PCR[1].
1039 @retval EFI_SUCCESS Operation completed successfully.
1040 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1044 MeasureHandoffTables (
1049 SMBIOS_TABLE_ENTRY_POINT
*SmbiosTable
;
1050 TCG_PCR_EVENT_HDR TcgEvent
;
1051 EFI_HANDOFF_TABLE_POINTERS HandoffTables
;
1053 EFI_CPU_PHYSICAL_LOCATION
*ProcessorLocBuf
;
1055 ProcessorLocBuf
= NULL
;
1058 // Measure SMBIOS with EV_EFI_HANDOFF_TABLES to PCR[1]
1060 Status
= EfiGetSystemConfigurationTable (
1061 &gEfiSmbiosTableGuid
,
1062 (VOID
**) &SmbiosTable
1065 if (!EFI_ERROR (Status
) && SmbiosTable
!= NULL
) {
1066 TcgEvent
.PCRIndex
= 1;
1067 TcgEvent
.EventType
= EV_EFI_HANDOFF_TABLES
;
1068 TcgEvent
.EventSize
= sizeof (HandoffTables
);
1070 HandoffTables
.NumberOfTables
= 1;
1071 HandoffTables
.TableEntry
[0].VendorGuid
= gEfiSmbiosTableGuid
;
1072 HandoffTables
.TableEntry
[0].VendorTable
= SmbiosTable
;
1074 DEBUG ((DEBUG_INFO
, "The Smbios Table starts at: 0x%x\n", SmbiosTable
->TableAddress
));
1075 DEBUG ((DEBUG_INFO
, "The Smbios Table size: 0x%x\n", SmbiosTable
->TableLength
));
1077 Status
= TcgDxeHashLogExtendEvent (
1079 (UINT8
*)(UINTN
)SmbiosTable
->TableAddress
,
1080 SmbiosTable
->TableLength
,
1082 (UINT8
*)&HandoffTables
1086 if (PcdGet8 (PcdTpmPlatformClass
) == TCG_PLATFORM_TYPE_SERVER
) {
1089 // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1]
1091 Status
= GetProcessorsCpuLocation(&ProcessorLocBuf
, &ProcessorNum
);
1093 if (!EFI_ERROR(Status
)){
1094 TcgEvent
.PCRIndex
= 1;
1095 TcgEvent
.EventType
= EV_TABLE_OF_DEVICES
;
1096 TcgEvent
.EventSize
= sizeof (HandoffTables
);
1098 HandoffTables
.NumberOfTables
= 1;
1099 HandoffTables
.TableEntry
[0].VendorGuid
= gEfiMpServiceProtocolGuid
;
1100 HandoffTables
.TableEntry
[0].VendorTable
= ProcessorLocBuf
;
1102 Status
= TcgDxeHashLogExtendEvent (
1104 (UINT8
*)(UINTN
)ProcessorLocBuf
,
1105 sizeof(EFI_CPU_PHYSICAL_LOCATION
) * ProcessorNum
,
1107 (UINT8
*)&HandoffTables
1110 FreePool(ProcessorLocBuf
);
1118 Measure and log Separator event, and extend the measurement result into a specific PCR.
1120 @param[in] PCRIndex PCR index.
1122 @retval EFI_SUCCESS Operation completed successfully.
1123 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1127 MeasureSeparatorEvent (
1128 IN TPM_PCRINDEX PCRIndex
1131 TCG_PCR_EVENT_HDR TcgEvent
;
1134 DEBUG ((EFI_D_INFO
, "MeasureSeparatorEvent Pcr - %x\n", PCRIndex
));
1137 TcgEvent
.PCRIndex
= PCRIndex
;
1138 TcgEvent
.EventType
= EV_SEPARATOR
;
1139 TcgEvent
.EventSize
= (UINT32
)sizeof (EventData
);
1140 return TcgDxeHashLogExtendEvent (
1142 (UINT8
*)&EventData
,
1150 Measure and log an EFI variable, and extend the measurement result into a specific PCR.
1152 @param[in] PCRIndex PCR Index.
1153 @param[in] EventType Event type.
1154 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
1155 @param[in] VendorGuid A unique identifier for the vendor.
1156 @param[in] VarData The content of the variable data.
1157 @param[in] VarSize The size of the variable data.
1159 @retval EFI_SUCCESS Operation completed successfully.
1160 @retval EFI_OUT_OF_RESOURCES Out of memory.
1161 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1166 IN TPM_PCRINDEX PCRIndex
,
1167 IN TCG_EVENTTYPE EventType
,
1169 IN EFI_GUID
*VendorGuid
,
1175 TCG_PCR_EVENT_HDR TcgEvent
;
1176 UINTN VarNameLength
;
1177 EFI_VARIABLE_DATA_TREE
*VarLog
;
1179 DEBUG ((EFI_D_INFO
, "TrEEDxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN
)PCRIndex
, (UINTN
)EventType
));
1180 DEBUG ((EFI_D_INFO
, "VariableName - %s, VendorGuid - %g)\n", VarName
, VendorGuid
));
1182 VarNameLength
= StrLen (VarName
);
1183 TcgEvent
.PCRIndex
= PCRIndex
;
1184 TcgEvent
.EventType
= EventType
;
1185 TcgEvent
.EventSize
= (UINT32
)(sizeof (*VarLog
) + VarNameLength
* sizeof (*VarName
) + VarSize
1186 - sizeof (VarLog
->UnicodeName
) - sizeof (VarLog
->VariableData
));
1188 VarLog
= (EFI_VARIABLE_DATA_TREE
*)AllocatePool (TcgEvent
.EventSize
);
1189 if (VarLog
== NULL
) {
1190 return EFI_OUT_OF_RESOURCES
;
1193 VarLog
->VariableName
= *VendorGuid
;
1194 VarLog
->UnicodeNameLength
= VarNameLength
;
1195 VarLog
->VariableDataLength
= VarSize
;
1197 VarLog
->UnicodeName
,
1199 VarNameLength
* sizeof (*VarName
)
1201 if (VarSize
!= 0 && VarData
!= NULL
) {
1203 (CHAR16
*)VarLog
->UnicodeName
+ VarNameLength
,
1209 Status
= TcgDxeHashLogExtendEvent (
1222 Read then Measure and log an EFI variable, and extend the measurement result into a specific PCR.
1224 @param[in] PCRIndex PCR Index.
1225 @param[in] EventType Event type.
1226 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
1227 @param[in] VendorGuid A unique identifier for the vendor.
1228 @param[out] VarSize The size of the variable data.
1229 @param[out] VarData Pointer to the content of the variable.
1231 @retval EFI_SUCCESS Operation completed successfully.
1232 @retval EFI_OUT_OF_RESOURCES Out of memory.
1233 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1237 ReadAndMeasureVariable (
1238 IN TPM_PCRINDEX PCRIndex
,
1239 IN TCG_EVENTTYPE EventType
,
1241 IN EFI_GUID
*VendorGuid
,
1248 Status
= GetVariable2 (VarName
, VendorGuid
, VarData
, VarSize
);
1249 if (EventType
== EV_EFI_VARIABLE_DRIVER_CONFIG
) {
1250 if (EFI_ERROR (Status
)) {
1252 // It is valid case, so we need handle it.
1259 // if status error, VarData is freed and set NULL by GetVariable2
1261 if (EFI_ERROR (Status
)) {
1262 return EFI_NOT_FOUND
;
1266 Status
= MeasureVariable (
1278 Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[5].
1280 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
1281 @param[in] VendorGuid A unique identifier for the vendor.
1282 @param[out] VarSize The size of the variable data.
1283 @param[out] VarData Pointer to the content of the variable.
1285 @retval EFI_SUCCESS Operation completed successfully.
1286 @retval EFI_OUT_OF_RESOURCES Out of memory.
1287 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1291 ReadAndMeasureBootVariable (
1293 IN EFI_GUID
*VendorGuid
,
1298 return ReadAndMeasureVariable (
1300 EV_EFI_VARIABLE_BOOT
,
1309 Read then Measure and log an EFI Secure variable, and extend the measurement result into PCR[7].
1311 @param[in] VarName A Null-terminated string that is the name of the vendor's variable.
1312 @param[in] VendorGuid A unique identifier for the vendor.
1313 @param[out] VarSize The size of the variable data.
1314 @param[out] VarData Pointer to the content of the variable.
1316 @retval EFI_SUCCESS Operation completed successfully.
1317 @retval EFI_OUT_OF_RESOURCES Out of memory.
1318 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1322 ReadAndMeasureSecureVariable (
1324 IN EFI_GUID
*VendorGuid
,
1329 return ReadAndMeasureVariable (
1331 EV_EFI_VARIABLE_DRIVER_CONFIG
,
1340 Measure and log all EFI boot variables, and extend the measurement result into a specific PCR.
1342 The EFI boot variables are BootOrder and Boot#### variables.
1344 @retval EFI_SUCCESS Operation completed successfully.
1345 @retval EFI_OUT_OF_RESOURCES Out of memory.
1346 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1350 MeasureAllBootVariables (
1361 Status
= ReadAndMeasureBootVariable (
1363 &gEfiGlobalVariableGuid
,
1365 (VOID
**) &BootOrder
1367 if (Status
== EFI_NOT_FOUND
|| BootOrder
== NULL
) {
1371 if (EFI_ERROR (Status
)) {
1373 // BootOrder can't be NULL if status is not EFI_NOT_FOUND
1375 FreePool (BootOrder
);
1379 BootCount
/= sizeof (*BootOrder
);
1380 for (Index
= 0; Index
< BootCount
; Index
++) {
1381 UnicodeSPrint (mBootVarName
, sizeof (mBootVarName
), L
"Boot%04x", BootOrder
[Index
]);
1382 Status
= ReadAndMeasureBootVariable (
1384 &gEfiGlobalVariableGuid
,
1388 if (!EFI_ERROR (Status
)) {
1389 FreePool (BootVarData
);
1393 FreePool (BootOrder
);
1398 Measure and log all EFI Secure variables, and extend the measurement result into a specific PCR.
1400 The EFI boot variables are BootOrder and Boot#### variables.
1402 @retval EFI_SUCCESS Operation completed successfully.
1403 @retval EFI_OUT_OF_RESOURCES Out of memory.
1404 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1408 MeasureAllSecureVariables (
1417 Status
= EFI_NOT_FOUND
;
1418 for (Index
= 0; Index
< sizeof(mVariableType
)/sizeof(mVariableType
[0]); Index
++) {
1419 Status
= ReadAndMeasureSecureVariable (
1420 mVariableType
[Index
].VariableName
,
1421 mVariableType
[Index
].VendorGuid
,
1425 if (!EFI_ERROR (Status
)) {
1436 Measure and log launch of FirmwareDebugger, and extend the measurement result into a specific PCR.
1438 @retval EFI_SUCCESS Operation completed successfully.
1439 @retval EFI_OUT_OF_RESOURCES Out of memory.
1440 @retval EFI_DEVICE_ERROR The operation was unsuccessful.
1444 MeasureLaunchOfFirmwareDebugger (
1448 TCG_PCR_EVENT_HDR TcgEvent
;
1450 TcgEvent
.PCRIndex
= 7;
1451 TcgEvent
.EventType
= EV_EFI_ACTION
;
1452 TcgEvent
.EventSize
= sizeof(FIRMWARE_DEBUGGER_EVENT_STRING
) - 1;
1453 return TcgDxeHashLogExtendEvent (
1455 (UINT8
*)FIRMWARE_DEBUGGER_EVENT_STRING
,
1456 sizeof(FIRMWARE_DEBUGGER_EVENT_STRING
) - 1,
1458 (UINT8
*)FIRMWARE_DEBUGGER_EVENT_STRING
1463 Measure and log all Secure Boot Policy, and extend the measurement result into a specific PCR.
1465 Platform firmware adhering to the policy must therefore measure the following values into PCR[7]: (in order listed)
1466 - The contents of the SecureBoot variable
1467 - The contents of the PK variable
1468 - The contents of the KEK variable
1469 - The contents of the EFI_IMAGE_SECURITY_DATABASE variable
1470 - The contents of the EFI_IMAGE_SECURITY_DATABASE1 variable
1472 - Entries in the EFI_IMAGE_SECURITY_DATABASE that are used to validate EFI Drivers or EFI Boot Applications in the boot path
1474 NOTE: Because of the above, UEFI variables PK, KEK, EFI_IMAGE_SECURITY_DATABASE,
1475 EFI_IMAGE_SECURITY_DATABASE1 and SecureBoot SHALL NOT be measured into PCR[3].
1477 @param[in] Event Event whose notification function is being invoked
1478 @param[in] Context Pointer to the notification function's context
1482 MeasureSecureBootPolicy (
1490 Status
= gBS
->LocateProtocol (&gEfiVariableWriteArchProtocolGuid
, NULL
, (VOID
**)&Protocol
);
1491 if (EFI_ERROR (Status
)) {
1495 if (PcdGetBool (PcdFirmwareDebuggerInitialized
)) {
1496 Status
= MeasureLaunchOfFirmwareDebugger ();
1497 DEBUG ((EFI_D_INFO
, "MeasureLaunchOfFirmwareDebugger - %r\n", Status
));
1500 Status
= MeasureAllSecureVariables ();
1501 DEBUG ((EFI_D_INFO
, "MeasureAllSecureVariables - %r\n", Status
));
1504 // We need measure Separator(7) here, because this event must be between SecureBootPolicy (Configure)
1505 // and ImageVerification (Authority)
1506 // There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So
1507 // the Authority measurement happen before ReadToBoot event.
1509 Status
= MeasureSeparatorEvent (7);
1510 DEBUG ((EFI_D_INFO
, "MeasureSeparatorEvent - %r\n", Status
));
1515 Ready to Boot Event notification handler.
1517 Sequence of OS boot events is measured in this event notification handler.
1519 @param[in] Event Event whose notification function is being invoked
1520 @param[in] Context Pointer to the notification function's context
1531 TPM_PCRINDEX PcrIndex
;
1533 PERF_START_EX (mImageHandle
, "EventRec", "TrEEDxe", 0, PERF_ID_TREE_DXE
);
1534 if (mBootAttempts
== 0) {
1537 // Measure handoff tables.
1539 Status
= MeasureHandoffTables ();
1540 if (EFI_ERROR (Status
)) {
1541 DEBUG ((EFI_D_ERROR
, "HOBs not Measured. Error!\n"));
1545 // Measure BootOrder & Boot#### variables.
1547 Status
= MeasureAllBootVariables ();
1548 if (EFI_ERROR (Status
)) {
1549 DEBUG ((EFI_D_ERROR
, "Boot Variables not Measured. Error!\n"));
1553 // 1. This is the first boot attempt.
1555 Status
= TcgMeasureAction (
1556 EFI_CALLING_EFI_APPLICATION
1558 if (EFI_ERROR (Status
)) {
1559 DEBUG ((EFI_D_ERROR
, "%s not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION
));
1563 // 2. Draw a line between pre-boot env and entering post-boot env.
1564 // PCR[7] is already done.
1566 for (PcrIndex
= 0; PcrIndex
< 7; PcrIndex
++) {
1567 Status
= MeasureSeparatorEvent (PcrIndex
);
1568 if (EFI_ERROR (Status
)) {
1569 DEBUG ((EFI_D_ERROR
, "Seperator Event not Measured. Error!\n"));
1574 // 3. Measure GPT. It would be done in SAP driver.
1578 // 4. Measure PE/COFF OS loader. It would be done in SAP driver.
1582 // 5. Read & Measure variable. BootOrder already measured.
1586 // 6. Not first attempt, meaning a return from last attempt
1588 Status
= TcgMeasureAction (
1589 EFI_RETURNING_FROM_EFI_APPLICATOIN
1591 if (EFI_ERROR (Status
)) {
1592 DEBUG ((EFI_D_ERROR
, "%s not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATOIN
));
1596 DEBUG ((EFI_D_INFO
, "TPM2 TrEEDxe Measure Data when ReadyToBoot\n"));
1598 // Increase boot attempt counter.
1601 PERF_END_EX (mImageHandle
, "EventRec", "TrEEDxe", 0, PERF_ID_TREE_DXE
+ 1);
1605 Install TCG ACPI Table when ACPI Table Protocol is available.
1607 A system's firmware uses an ACPI table to identify the system's TCG capabilities
1608 to the Post-Boot environment. The information in this ACPI table is not guaranteed
1609 to be valid until the Host Platform transitions from pre-boot state to post-boot state.
1611 @param[in] Event Event whose notification function is being invoked
1612 @param[in] Context Pointer to the notification function's context
1623 EFI_ACPI_TABLE_PROTOCOL
*AcpiTable
;
1627 Status
= gBS
->LocateProtocol (&gEfiAcpiTableProtocolGuid
, NULL
, (VOID
**)&AcpiTable
);
1628 if (EFI_ERROR (Status
)) {
1632 if (PcdGet8 (PcdTpmPlatformClass
) == TCG_PLATFORM_TYPE_CLIENT
) {
1633 CopyMem (mTcgClientAcpiTemplate
.Header
.OemId
, PcdGetPtr (PcdAcpiDefaultOemId
), sizeof (mTcgClientAcpiTemplate
.Header
.OemId
));
1634 OemTableId
= PcdGet64 (PcdAcpiDefaultOemTableId
);
1635 CopyMem (&mTcgClientAcpiTemplate
.Header
.OemTableId
, &OemTableId
, sizeof (UINT64
));
1636 mTcgClientAcpiTemplate
.Header
.OemRevision
= PcdGet32 (PcdAcpiDefaultOemRevision
);
1637 mTcgClientAcpiTemplate
.Header
.CreatorId
= PcdGet32 (PcdAcpiDefaultCreatorId
);
1638 mTcgClientAcpiTemplate
.Header
.CreatorRevision
= PcdGet32 (PcdAcpiDefaultCreatorRevision
);
1640 // The ACPI table must be checksumed before calling the InstallAcpiTable()
1641 // service of the ACPI table protocol to install it.
1643 Checksum
= CalculateCheckSum8 ((UINT8
*)&mTcgClientAcpiTemplate
, sizeof (mTcgClientAcpiTemplate
));
1644 mTcgClientAcpiTemplate
.Header
.Checksum
= Checksum
;
1646 Status
= AcpiTable
->InstallAcpiTable (
1648 &mTcgClientAcpiTemplate
,
1649 sizeof (mTcgClientAcpiTemplate
),
1653 CopyMem (mTcgServerAcpiTemplate
.Header
.OemId
, PcdGetPtr (PcdAcpiDefaultOemId
), sizeof (mTcgServerAcpiTemplate
.Header
.OemId
));
1654 OemTableId
= PcdGet64 (PcdAcpiDefaultOemTableId
);
1655 CopyMem (&mTcgServerAcpiTemplate
.Header
.OemTableId
, &OemTableId
, sizeof (UINT64
));
1656 mTcgServerAcpiTemplate
.Header
.OemRevision
= PcdGet32 (PcdAcpiDefaultOemRevision
);
1657 mTcgServerAcpiTemplate
.Header
.CreatorId
= PcdGet32 (PcdAcpiDefaultCreatorId
);
1658 mTcgServerAcpiTemplate
.Header
.CreatorRevision
= PcdGet32 (PcdAcpiDefaultCreatorRevision
);
1660 // The ACPI table must be checksumed before calling the InstallAcpiTable()
1661 // service of the ACPI table protocol to install it.
1663 Checksum
= CalculateCheckSum8 ((UINT8
*)&mTcgServerAcpiTemplate
, sizeof (mTcgServerAcpiTemplate
));
1664 mTcgServerAcpiTemplate
.Header
.Checksum
= Checksum
;
1666 mTcgServerAcpiTemplate
.BaseAddress
.Address
= PcdGet64 (PcdTpmBaseAddress
);
1667 Status
= AcpiTable
->InstallAcpiTable (
1669 &mTcgServerAcpiTemplate
,
1670 sizeof (mTcgServerAcpiTemplate
),
1675 if (EFI_ERROR (Status
)) {
1676 DEBUG((EFI_D_ERROR
, "Tcg Acpi Table installation failure"));
1681 Exit Boot Services Event notification handler.
1683 Measure invocation and success of ExitBootServices.
1685 @param[in] Event Event whose notification function is being invoked
1686 @param[in] Context Pointer to the notification function's context
1691 OnExitBootServices (
1699 // Measure invocation of ExitBootServices,
1701 Status
= TcgMeasureAction (
1702 EFI_EXIT_BOOT_SERVICES_INVOCATION
1704 if (EFI_ERROR (Status
)) {
1705 DEBUG ((EFI_D_ERROR
, "%s not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION
));
1709 // Measure success of ExitBootServices
1711 Status
= TcgMeasureAction (
1712 EFI_EXIT_BOOT_SERVICES_SUCCEEDED
1714 if (EFI_ERROR (Status
)) {
1715 DEBUG ((EFI_D_ERROR
, "%s not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED
));
1720 Exit Boot Services Failed Event notification handler.
1722 Measure Failure of ExitBootServices.
1724 @param[in] Event Event whose notification function is being invoked
1725 @param[in] Context Pointer to the notification function's context
1730 OnExitBootServicesFailed (
1738 // Measure Failure of ExitBootServices,
1740 Status
= TcgMeasureAction (
1741 EFI_EXIT_BOOT_SERVICES_FAILED
1743 if (EFI_ERROR (Status
)) {
1744 DEBUG ((EFI_D_ERROR
, "%s not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED
));
1750 The function install TrEE protocol.
1752 @retval EFI_SUCCESS TrEE protocol is installed.
1753 @retval other Some error occurs.
1764 Status
= gBS
->InstallMultipleProtocolInterfaces (
1766 &gEfiTrEEProtocolGuid
,
1774 The driver's entry point. It publishes EFI TrEE Protocol.
1776 @param[in] ImageHandle The firmware allocated handle for the EFI image.
1777 @param[in] SystemTable A pointer to the EFI System Table.
1779 @retval EFI_SUCCESS The entry point is executed successfully.
1780 @retval other Some error occurs when executing this entry point.
1785 IN EFI_HANDLE ImageHandle
,
1786 IN EFI_SYSTEM_TABLE
*SystemTable
1792 UINT32 MaxCommandSize
;
1793 UINT32 MaxResponseSize
;
1794 TPML_PCR_SELECTION Pcrs
;
1796 UINT32 TpmHashAlgorithmBitmap
;
1798 mImageHandle
= ImageHandle
;
1800 if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid
), &gEfiTpmDeviceInstanceNoneGuid
) ||
1801 CompareGuid (PcdGetPtr(PcdTpmInstanceGuid
), &gEfiTpmDeviceInstanceTpm12Guid
)){
1802 DEBUG ((EFI_D_ERROR
, "No TPM2 instance required!\n"));
1803 return EFI_UNSUPPORTED
;
1806 if (GetFirstGuidHob (&gTpmErrorHobGuid
) != NULL
) {
1807 DEBUG ((EFI_D_ERROR
, "TPM2 error!\n"));
1808 return EFI_DEVICE_ERROR
;
1811 Status
= Tpm2RequestUseTpm ();
1812 if (EFI_ERROR (Status
)) {
1813 DEBUG ((EFI_D_ERROR
, "TPM2 not detected!\n"));
1820 DEBUG ((EFI_D_INFO
, "TrEE.ProtocolVersion - %02x.%02x\n", mTcgDxeData
.BsCap
.ProtocolVersion
.Major
, mTcgDxeData
.BsCap
.ProtocolVersion
.Minor
));
1821 DEBUG ((EFI_D_INFO
, "TrEE.StructureVersion - %02x.%02x\n", mTcgDxeData
.BsCap
.StructureVersion
.Major
, mTcgDxeData
.BsCap
.StructureVersion
.Minor
));
1823 Status
= Tpm2GetCapabilityManufactureID (&mTcgDxeData
.BsCap
.ManufacturerID
);
1824 if (EFI_ERROR (Status
)) {
1825 DEBUG ((EFI_D_ERROR
, "Tpm2GetCapabilityManufactureID fail!\n"));
1827 DEBUG ((EFI_D_INFO
, "Tpm2GetCapabilityManufactureID - %08x\n", mTcgDxeData
.BsCap
.ManufacturerID
));
1831 UINT32 FirmwareVersion1
;
1832 UINT32 FirmwareVersion2
;
1834 Status
= Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1
, &FirmwareVersion2
);
1835 if (EFI_ERROR (Status
)) {
1836 DEBUG ((EFI_D_ERROR
, "Tpm2GetCapabilityFirmwareVersion fail!\n"));
1838 DEBUG ((EFI_D_INFO
, "Tpm2GetCapabilityFirmwareVersion - %08x %08x\n", FirmwareVersion1
, FirmwareVersion2
));
1842 Status
= Tpm2GetCapabilityMaxCommandResponseSize (&MaxCommandSize
, &MaxResponseSize
);
1843 if (EFI_ERROR (Status
)) {
1844 DEBUG ((EFI_D_ERROR
, "Tpm2GetCapabilityMaxCommandResponseSize fail!\n"));
1846 mTcgDxeData
.BsCap
.MaxCommandSize
= (UINT16
)MaxCommandSize
;
1847 mTcgDxeData
.BsCap
.MaxResponseSize
= (UINT16
)MaxResponseSize
;
1848 DEBUG ((EFI_D_INFO
, "Tpm2GetCapabilityMaxCommandResponseSize - %08x, %08x\n", MaxCommandSize
, MaxResponseSize
));
1851 Status
= Tpm2GetCapabilityPcrs (&Pcrs
);
1852 if (EFI_ERROR (Status
)) {
1853 DEBUG ((EFI_D_ERROR
, "Tpm2GetCapabilityPcrs fail!\n"));
1854 TpmHashAlgorithmBitmap
= TREE_BOOT_HASH_ALG_SHA1
;
1856 DEBUG ((EFI_D_INFO
, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs
.count
));
1857 TpmHashAlgorithmBitmap
= 0;
1858 for (Index
= 0; Index
< Pcrs
.count
; Index
++) {
1859 DEBUG ((EFI_D_INFO
, "hash - %x\n", Pcrs
.pcrSelections
[Index
].hash
));
1860 switch (Pcrs
.pcrSelections
[Index
].hash
) {
1862 TpmHashAlgorithmBitmap
|= TREE_BOOT_HASH_ALG_SHA1
;
1864 case TPM_ALG_SHA256
:
1865 TpmHashAlgorithmBitmap
|= TREE_BOOT_HASH_ALG_SHA256
;
1867 case TPM_ALG_SHA384
:
1868 TpmHashAlgorithmBitmap
|= TREE_BOOT_HASH_ALG_SHA384
;
1870 case TPM_ALG_SHA512
:
1871 TpmHashAlgorithmBitmap
|= TREE_BOOT_HASH_ALG_SHA512
;
1873 case TPM_ALG_SM3_256
:
1874 // TBD: Spec not define TREE_BOOT_HASH_ALG_SM3_256 yet
1879 DEBUG ((EFI_D_INFO
, "TPM.HashAlgorithmBitmap - 0x%08x\n", TpmHashAlgorithmBitmap
));
1881 DEBUG ((EFI_D_INFO
, "TrEE.SupportedEventLogs - 0x%08x\n", mTcgDxeData
.BsCap
.SupportedEventLogs
));
1882 mTcgDxeData
.BsCap
.HashAlgorithmBitmap
= TpmHashAlgorithmBitmap
;
1883 DEBUG ((EFI_D_INFO
, "TrEE.HashAlgorithmBitmap - 0x%08x\n", mTcgDxeData
.BsCap
.HashAlgorithmBitmap
));
1885 if (mTcgDxeData
.BsCap
.TrEEPresentFlag
) {
1887 // Setup the log area and copy event log from hob list to it
1889 Status
= SetupEventLog ();
1890 ASSERT_EFI_ERROR (Status
);
1893 // Measure handoff tables, Boot#### variables etc.
1895 Status
= EfiCreateEventReadyToBootEx (
1902 Status
= gBS
->CreateEventEx (
1907 &gEfiEventExitBootServicesGuid
,
1912 // Measure Exit Boot Service failed
1914 Status
= gBS
->CreateEventEx (
1917 OnExitBootServicesFailed
,
1919 &gEventExitBootServicesFailedGuid
,
1924 // Create event callback, because we need access variable on SecureBootPolicyVariable
1925 // We should use VariableWriteArch instead of VariableArch, because Variable driver
1926 // may update SecureBoot value based on last setting.
1928 EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid
, TPL_CALLBACK
, MeasureSecureBootPolicy
, NULL
, &Registration
);
1932 // Install ACPI Table
1934 EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid
, TPL_CALLBACK
, InstallAcpiTable
, NULL
, &Registration
);
1937 // Install TrEEProtocol
1939 Status
= InstallTrEE ();
1940 DEBUG ((EFI_D_INFO
, "InstallTrEE - %r\n", Status
));