/** @file\r
- The library instance provides security service of TPM2 measure boot.\r
+ The library instance provides security service of TPM2 measure boot and\r
+ Confidential Computing (CC) measure boot.\r
\r
Caution: This file requires additional review when modified.\r
This library will have external input - PE/COFF image and GPT partition.\r
DxeTpm2MeasureBootLibImageRead() function will make sure the PE/COFF image content\r
read is within the image buffer.\r
\r
- TrEEMeasurePeImage() function will accept untrusted PE/COFF image and validate its\r
+ Tcg2MeasurePeImage() function will accept untrusted PE/COFF image and validate its\r
data structure within this image buffer before use.\r
\r
- TrEEMeasureGptTable() function will receive untrusted GPT partition table, and parse\r
+ Tcg2MeasureGptTable() function will receive untrusted GPT partition table, and parse\r
partition data carefully.\r
\r
-Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>\r
+(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <PiDxe.h>\r
\r
-#include <Protocol/TrEEProtocol.h>\r
+#include <Protocol/Tcg2Protocol.h>\r
#include <Protocol/BlockIo.h>\r
#include <Protocol/DiskIo.h>\r
#include <Protocol/DevicePathToText.h>\r
#include <Library/PeCoffLib.h>\r
#include <Library/SecurityManagementLib.h>\r
#include <Library/HobLib.h>\r
+#include <Protocol/CcMeasurement.h>\r
+\r
+typedef struct {\r
+ EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
+ EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;\r
+} MEASURE_BOOT_PROTOCOLS;\r
\r
//\r
// Flag to check GPT partition. It only need be measured once.\r
//\r
-BOOLEAN mTrEEMeasureGptTableFlag = FALSE;\r
-EFI_GUID mTrEEZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}};\r
-UINTN mTrEEMeasureGptCount = 0;\r
-VOID *mTrEEFileBuffer;\r
-UINTN mTrEEImageSize;\r
+BOOLEAN mTcg2MeasureGptTableFlag = FALSE;\r
+UINTN mTcg2MeasureGptCount = 0;\r
+VOID *mTcg2FileBuffer;\r
+UINTN mTcg2ImageSize;\r
//\r
// Measured FV handle cache\r
//\r
-EFI_HANDLE mTrEECacheMeasuredHandle = NULL;\r
-MEASURED_HOB_DATA *mTrEEMeasuredHobData = NULL;\r
+EFI_HANDLE mTcg2CacheMeasuredHandle = NULL;\r
+MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL;\r
\r
/**\r
Reads contents of a PE/COFF image in memory buffer.\r
\r
@param FileHandle Pointer to the file handle to read the PE/COFF image.\r
@param FileOffset Offset into the PE/COFF image to begin the read operation.\r
- @param ReadSize On input, the size in bytes of the requested read operation. \r
+ @param ReadSize On input, the size in bytes of the requested read operation.\r
On output, the number of bytes actually read.\r
@param Buffer Output buffer that contains the data read from the PE/COFF image.\r
- \r
- @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size \r
+\r
+ @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size\r
**/\r
EFI_STATUS\r
EFIAPI\r
DxeTpm2MeasureBootLibImageRead (\r
- IN VOID *FileHandle,\r
- IN UINTN FileOffset,\r
- IN OUT UINTN *ReadSize,\r
- OUT VOID *Buffer\r
+ IN VOID *FileHandle,\r
+ IN UINTN FileOffset,\r
+ IN OUT UINTN *ReadSize,\r
+ OUT VOID *Buffer\r
)\r
{\r
- UINTN EndPosition;\r
+ UINTN EndPosition;\r
\r
- if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {\r
+ if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {\r
return EFI_INVALID_PARAMETER;\r
}\r
\r
}\r
\r
EndPosition = FileOffset + *ReadSize;\r
- if (EndPosition > mTrEEImageSize) {\r
- *ReadSize = (UINT32)(mTrEEImageSize - FileOffset);\r
+ if (EndPosition > mTcg2ImageSize) {\r
+ *ReadSize = (UINT32)(mTcg2ImageSize - FileOffset);\r
}\r
\r
- if (FileOffset >= mTrEEImageSize) {\r
+ if (FileOffset >= mTcg2ImageSize) {\r
*ReadSize = 0;\r
}\r
\r
- CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);\r
+ CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);\r
\r
return EFI_SUCCESS;\r
}\r
Caution: This function may receive untrusted input.\r
The GPT partition table is external input, so this function should parse partition data carefully.\r
\r
- @param TreeProtocol Pointer to the located TREE protocol instance.\r
+ @param MeasureBootProtocols Pointer to the located MeasureBoot protocol instances (i.e. TCG2/CC protocol).\r
@param GptHandle Handle that GPT partition was installed.\r
\r
@retval EFI_SUCCESS Successfully measure GPT table.\r
**/\r
EFI_STATUS\r
EFIAPI\r
-TrEEMeasureGptTable (\r
- IN EFI_TREE_PROTOCOL *TreeProtocol,\r
- IN EFI_HANDLE GptHandle\r
+Tcg2MeasureGptTable (\r
+ IN MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols,\r
+ IN EFI_HANDLE GptHandle\r
)\r
{\r
- EFI_STATUS Status;\r
- EFI_BLOCK_IO_PROTOCOL *BlockIo;\r
- EFI_DISK_IO_PROTOCOL *DiskIo;\r
- EFI_PARTITION_TABLE_HEADER *PrimaryHeader;\r
- EFI_PARTITION_ENTRY *PartitionEntry;\r
- UINT8 *EntryPtr;\r
- UINTN NumberOfPartition;\r
- UINT32 Index;\r
- TrEE_EVENT *TreeEvent;\r
- EFI_GPT_DATA *GptData;\r
- UINT32 EventSize;\r
-\r
- if (mTrEEMeasureGptCount > 0) {\r
+ EFI_STATUS Status;\r
+ EFI_BLOCK_IO_PROTOCOL *BlockIo;\r
+ EFI_DISK_IO_PROTOCOL *DiskIo;\r
+ EFI_PARTITION_TABLE_HEADER *PrimaryHeader;\r
+ EFI_PARTITION_ENTRY *PartitionEntry;\r
+ UINT8 *EntryPtr;\r
+ UINTN NumberOfPartition;\r
+ UINT32 Index;\r
+ UINT8 *EventPtr;\r
+ EFI_TCG2_EVENT *Tcg2Event;\r
+ EFI_CC_EVENT *CcEvent;\r
+ EFI_GPT_DATA *GptData;\r
+ UINT32 EventSize;\r
+ EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
+ EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;\r
+ EFI_CC_MR_INDEX MrIndex;\r
+\r
+ if (mTcg2MeasureGptCount > 0) {\r
return EFI_SUCCESS;\r
}\r
\r
- Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo);\r
+ PrimaryHeader = NULL;\r
+ EntryPtr = NULL;\r
+ EventPtr = NULL;\r
+\r
+ Tcg2Protocol = MeasureBootProtocols->Tcg2Protocol;\r
+ CcProtocol = MeasureBootProtocols->CcProtocol;\r
+\r
+ if ((Tcg2Protocol == NULL) && (CcProtocol == NULL)) {\r
+ ASSERT (FALSE);\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
+ if (sizeof (EFI_CC_EVENT) != sizeof (EFI_TCG2_EVENT)) {\r
+ ASSERT (FALSE);\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
+ Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID **)&BlockIo);\r
if (EFI_ERROR (Status)) {\r
return EFI_UNSUPPORTED;\r
}\r
- Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo);\r
+\r
+ Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID **)&DiskIo);\r
if (EFI_ERROR (Status)) {\r
return EFI_UNSUPPORTED;\r
}\r
+\r
//\r
// Read the EFI Partition Table Header\r
- // \r
- PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);\r
+ //\r
+ PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *)AllocatePool (BlockIo->Media->BlockSize);\r
if (PrimaryHeader == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
- } \r
+ }\r
+\r
Status = DiskIo->ReadDisk (\r
DiskIo,\r
BlockIo->Media->MediaId,\r
(UINT8 *)PrimaryHeader\r
);\r
if (EFI_ERROR (Status)) {\r
- DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n"));\r
+ DEBUG ((DEBUG_ERROR, "Failed to Read Partition Table Header!\n"));\r
FreePool (PrimaryHeader);\r
return EFI_DEVICE_ERROR;\r
- } \r
+ }\r
+\r
+ //\r
+ // PrimaryHeader->SizeOfPartitionEntry should not be zero\r
+ //\r
+ if (PrimaryHeader->SizeOfPartitionEntry == 0) {\r
+ DEBUG ((DEBUG_ERROR, "SizeOfPartitionEntry should not be zero!\n"));\r
+ FreePool (PrimaryHeader);\r
+ return EFI_BAD_BUFFER_SIZE;\r
+ }\r
+\r
//\r
// Read the partition entry.\r
//\r
FreePool (PrimaryHeader);\r
return EFI_OUT_OF_RESOURCES;\r
}\r
+\r
Status = DiskIo->ReadDisk (\r
DiskIo,\r
BlockIo->Media->MediaId,\r
- MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),\r
+ MultU64x32 (PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize),\r
PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry,\r
EntryPtr\r
);\r
FreePool (EntryPtr);\r
return EFI_DEVICE_ERROR;\r
}\r
- \r
+\r
//\r
// Count the valid partition\r
//\r
PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;\r
NumberOfPartition = 0;\r
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
- if (!CompareGuid (&PartitionEntry->PartitionTypeGUID, &mTrEEZeroGuid)) {\r
- NumberOfPartition++; \r
+ if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {\r
+ NumberOfPartition++;\r
}\r
+\r
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);\r
}\r
\r
//\r
- // Prepare Data for Measurement\r
- // \r
- EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) \r
- + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);\r
- TreeEvent = (TrEE_EVENT *) AllocateZeroPool (EventSize + sizeof (TrEE_EVENT) - sizeof(TreeEvent->Event));\r
- if (TreeEvent == NULL) {\r
- FreePool (PrimaryHeader);\r
- FreePool (EntryPtr);\r
- return EFI_OUT_OF_RESOURCES;\r
+ // Prepare Data for Measurement (CcProtocol and Tcg2Protocol)\r
+ //\r
+ EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)\r
+ + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);\r
+ EventPtr = (UINT8 *)AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));\r
+ if (EventPtr == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
}\r
\r
- TreeEvent->Size = EventSize + sizeof (TrEE_EVENT) - sizeof(TreeEvent->Event);\r
- TreeEvent->Header.HeaderSize = sizeof(TrEE_EVENT_HEADER);\r
- TreeEvent->Header.HeaderVersion = TREE_EVENT_HEADER_VERSION;\r
- TreeEvent->Header.PCRIndex = 5;\r
- TreeEvent->Header.EventType = EV_EFI_GPT_EVENT;\r
- GptData = (EFI_GPT_DATA *) TreeEvent->Event; \r
+ Tcg2Event = (EFI_TCG2_EVENT *)EventPtr;\r
+ Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);\r
+ Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);\r
+ Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;\r
+ Tcg2Event->Header.PCRIndex = 5;\r
+ Tcg2Event->Header.EventType = EV_EFI_GPT_EVENT;\r
+ GptData = (EFI_GPT_DATA *)Tcg2Event->Event;\r
\r
//\r
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition\r
- // \r
- CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));\r
+ //\r
+ CopyMem ((UINT8 *)GptData, (UINT8 *)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));\r
GptData->NumberOfPartitions = NumberOfPartition;\r
//\r
// Copy the valid partition entry\r
//\r
- PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr;\r
+ PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr;\r
NumberOfPartition = 0;\r
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {\r
- if (!CompareGuid (&PartitionEntry->PartitionTypeGUID, &mTrEEZeroGuid)) {\r
+ if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {\r
CopyMem (\r
(UINT8 *)&GptData->Partitions + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry,\r
(UINT8 *)PartitionEntry,\r
);\r
NumberOfPartition++;\r
}\r
- PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);\r
+\r
+ PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);\r
}\r
\r
//\r
- // Measure the GPT data\r
+ // Only one of TCG2_PROTOCOL or CC_MEASUREMENT_PROTOCOL is exposed.\r
+ // So Measure the GPT data with one of the protocol.\r
//\r
- Status = TreeProtocol->HashLogExtendEvent (\r
- TreeProtocol,\r
- 0,\r
- (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData,\r
- (UINT64) EventSize,\r
- TreeEvent\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- mTrEEMeasureGptCount++;\r
+ if (CcProtocol != NULL) {\r
+ //\r
+ // EFI_CC_EVENT share the same data structure with EFI_TCG2_EVENT\r
+ // except the MrIndex and PCRIndex in Header.\r
+ // Tcg2Event has been created and initialized before. So only the MrIndex need\r
+ // be adjusted.\r
+ //\r
+ Status = CcProtocol->MapPcrToMrIndex (CcProtocol, Tcg2Event->Header.PCRIndex, &MrIndex);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot map PcrIndex(%d) to MrIndex\n", Tcg2Event->Header.PCRIndex));\r
+ goto Exit;\r
+ }\r
+\r
+ CcEvent = (EFI_CC_EVENT *)EventPtr;\r
+ CcEvent->Header.MrIndex = MrIndex;\r
+ Status = CcProtocol->HashLogExtendEvent (\r
+ CcProtocol,\r
+ 0,\r
+ (EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,\r
+ (UINT64)EventSize,\r
+ CcEvent\r
+ );\r
+ if (!EFI_ERROR (Status)) {\r
+ mTcg2MeasureGptCount++;\r
+ }\r
+\r
+ DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Cc MeasureGptTable - %r\n", Status));\r
+ } else if (Tcg2Protocol != NULL) {\r
+ //\r
+ // If Tcg2Protocol is installed, then Measure GPT data with this protocol.\r
+ //\r
+ Status = Tcg2Protocol->HashLogExtendEvent (\r
+ Tcg2Protocol,\r
+ 0,\r
+ (EFI_PHYSICAL_ADDRESS)(UINTN)(VOID *)GptData,\r
+ (UINT64)EventSize,\r
+ Tcg2Event\r
+ );\r
+ if (!EFI_ERROR (Status)) {\r
+ mTcg2MeasureGptCount++;\r
+ }\r
+\r
+ DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Tcg2 MeasureGptTable - %r\n", Status));\r
}\r
\r
- FreePool (PrimaryHeader);\r
- FreePool (EntryPtr);\r
- FreePool (TreeEvent);\r
+Exit:\r
+ if (PrimaryHeader != NULL) {\r
+ FreePool (PrimaryHeader);\r
+ }\r
+\r
+ if (EntryPtr != NULL) {\r
+ FreePool (EntryPtr);\r
+ }\r
+\r
+ if (EventPtr != NULL) {\r
+ FreePool (EventPtr);\r
+ }\r
\r
return Status;\r
}\r
PE/COFF image is external input, so this function will validate its data structure\r
within this image buffer before use.\r
\r
- @param[in] TreeProtocol Pointer to the located TREE protocol instance.\r
- @param[in] ImageAddress Start address of image buffer.\r
- @param[in] ImageSize Image size\r
- @param[in] LinkTimeBase Address that the image is loaded into memory.\r
- @param[in] ImageType Image subsystem type.\r
- @param[in] FilePath File path is corresponding to the input image.\r
+ @param[in] MeasureBootProtocols Pointer to the located MeasureBoot protocol instances.\r
+ @param[in] ImageAddress Start address of image buffer.\r
+ @param[in] ImageSize Image size\r
+ @param[in] LinkTimeBase Address that the image is loaded into memory.\r
+ @param[in] ImageType Image subsystem type.\r
+ @param[in] FilePath File path is corresponding to the input image.\r
\r
@retval EFI_SUCCESS Successfully measure image.\r
@retval EFI_OUT_OF_RESOURCES No enough resource to measure image.\r
- @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format. \r
+ @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.\r
@retval other error value\r
\r
**/\r
EFI_STATUS\r
EFIAPI\r
-TrEEMeasurePeImage (\r
- IN EFI_TREE_PROTOCOL *TreeProtocol,\r
+Tcg2MeasurePeImage (\r
+ IN MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols,\r
IN EFI_PHYSICAL_ADDRESS ImageAddress,\r
IN UINTN ImageSize,\r
IN UINTN LinkTimeBase,\r
IN EFI_DEVICE_PATH_PROTOCOL *FilePath\r
)\r
{\r
- EFI_STATUS Status;\r
- TrEE_EVENT *TreeEvent;\r
- EFI_IMAGE_LOAD_EVENT *ImageLoad;\r
- UINT32 FilePathSize;\r
- UINT32 EventSize;\r
+ EFI_STATUS Status;\r
+ EFI_TCG2_EVENT *Tcg2Event;\r
+ EFI_IMAGE_LOAD_EVENT *ImageLoad;\r
+ UINT32 FilePathSize;\r
+ UINT32 EventSize;\r
+ EFI_CC_EVENT *CcEvent;\r
+ EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;\r
+ EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
+ UINT8 *EventPtr;\r
+ EFI_CC_MR_INDEX MrIndex;\r
+\r
+ Status = EFI_UNSUPPORTED;\r
+ ImageLoad = NULL;\r
+ EventPtr = NULL;\r
+\r
+ Tcg2Protocol = MeasureBootProtocols->Tcg2Protocol;\r
+ CcProtocol = MeasureBootProtocols->CcProtocol;\r
+\r
+ if ((Tcg2Protocol == NULL) && (CcProtocol == NULL)) {\r
+ ASSERT (FALSE);\r
+ return EFI_UNSUPPORTED;\r
+ }\r
\r
- Status = EFI_UNSUPPORTED;\r
- ImageLoad = NULL;\r
- FilePathSize = (UINT32) GetDevicePathSize (FilePath);\r
+ if (sizeof (EFI_CC_EVENT) != sizeof (EFI_TCG2_EVENT)) {\r
+ ASSERT (FALSE);\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
+ FilePathSize = (UINT32)GetDevicePathSize (FilePath);\r
\r
//\r
// Determine destination PCR by BootPolicy\r
//\r
EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize;\r
- TreeEvent = AllocateZeroPool (EventSize + sizeof (TrEE_EVENT) - sizeof(TreeEvent->Event));\r
- if (TreeEvent == NULL) {\r
+ EventPtr = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event));\r
+ if (EventPtr == NULL) {\r
return EFI_OUT_OF_RESOURCES;\r
}\r
\r
- TreeEvent->Size = EventSize + sizeof (TrEE_EVENT) - sizeof(TreeEvent->Event);\r
- TreeEvent->Header.HeaderSize = sizeof(TrEE_EVENT_HEADER);\r
- TreeEvent->Header.HeaderVersion = TREE_EVENT_HEADER_VERSION;\r
- ImageLoad = (EFI_IMAGE_LOAD_EVENT *) TreeEvent->Event;\r
+ Tcg2Event = (EFI_TCG2_EVENT *)EventPtr;\r
+ Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof (Tcg2Event->Event);\r
+ Tcg2Event->Header.HeaderSize = sizeof (EFI_TCG2_EVENT_HEADER);\r
+ Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;\r
+ ImageLoad = (EFI_IMAGE_LOAD_EVENT *)Tcg2Event->Event;\r
\r
switch (ImageType) {\r
case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION:\r
- TreeEvent->Header.EventType = EV_EFI_BOOT_SERVICES_APPLICATION;\r
- TreeEvent->Header.PCRIndex = 4;\r
+ Tcg2Event->Header.EventType = EV_EFI_BOOT_SERVICES_APPLICATION;\r
+ Tcg2Event->Header.PCRIndex = 4;\r
break;\r
case EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:\r
- TreeEvent->Header.EventType = EV_EFI_BOOT_SERVICES_DRIVER;\r
- TreeEvent->Header.PCRIndex = 2;\r
+ Tcg2Event->Header.EventType = EV_EFI_BOOT_SERVICES_DRIVER;\r
+ Tcg2Event->Header.PCRIndex = 2;\r
break;\r
case EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:\r
- TreeEvent->Header.EventType = EV_EFI_RUNTIME_SERVICES_DRIVER;\r
- TreeEvent->Header.PCRIndex = 2;\r
+ Tcg2Event->Header.EventType = EV_EFI_RUNTIME_SERVICES_DRIVER;\r
+ Tcg2Event->Header.PCRIndex = 2;\r
break;\r
default:\r
DEBUG ((\r
- EFI_D_ERROR,\r
- "TrEEMeasurePeImage: Unknown subsystem type %d",\r
+ DEBUG_ERROR,\r
+ "Tcg2MeasurePeImage: Unknown subsystem type %d",\r
ImageType\r
));\r
goto Finish;\r
//\r
// Log the PE data\r
//\r
- Status = TreeProtocol->HashLogExtendEvent (\r
- TreeProtocol,\r
- PE_COFF_IMAGE,\r
- ImageAddress,\r
- ImageSize,\r
- TreeEvent\r
- );\r
+ if (CcProtocol != NULL) {\r
+ Status = CcProtocol->MapPcrToMrIndex (CcProtocol, Tcg2Event->Header.PCRIndex, &MrIndex);\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((DEBUG_ERROR, "Cannot map PcrIndex(%d) to MrIndex\n", Tcg2Event->Header.PCRIndex));\r
+ goto Finish;\r
+ }\r
+\r
+ CcEvent = (EFI_CC_EVENT *)EventPtr;\r
+ CcEvent->Header.MrIndex = MrIndex;\r
+\r
+ Status = CcProtocol->HashLogExtendEvent (\r
+ CcProtocol,\r
+ PE_COFF_IMAGE,\r
+ ImageAddress,\r
+ ImageSize,\r
+ CcEvent\r
+ );\r
+ DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Cc MeasurePeImage - %r\n", Status));\r
+ } else if (Tcg2Protocol != NULL) {\r
+ Status = Tcg2Protocol->HashLogExtendEvent (\r
+ Tcg2Protocol,\r
+ PE_COFF_IMAGE,\r
+ ImageAddress,\r
+ ImageSize,\r
+ Tcg2Event\r
+ );\r
+ DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - Tcg2 MeasurePeImage - %r\n", Status));\r
+ }\r
+\r
if (Status == EFI_VOLUME_FULL) {\r
//\r
// Volume full here means the image is hashed and its result is extended to PCR.\r
- // But the event log cann't be saved since log area is full.\r
+ // But the event log can't be saved since log area is full.\r
// Just return EFI_SUCCESS in order not to block the image load.\r
//\r
Status = EFI_SUCCESS;\r
}\r
\r
Finish:\r
- FreePool (TreeEvent);\r
+ if (EventPtr != NULL) {\r
+ FreePool (EventPtr);\r
+ }\r
\r
return Status;\r
}\r
\r
/**\r
- The security handler is used to abstract platform-specific policy \r
- from the DXE core response to an attempt to use a file that returns a \r
- given status for the authentication check from the section extraction protocol. \r
+ Get the measure boot protocols.\r
\r
- The possible responses in a given SAP implementation may include locking \r
- flash upon failure to authenticate, attestation logging for all signed drivers, \r
- and other exception operations. The File parameter allows for possible logging \r
- within the SAP of the driver.\r
+ There are 2 measure boot, TCG2 protocol based and Cc measurement protocol based.\r
+\r
+ @param MeasureBootProtocols Pointer to the located measure boot protocol instances.\r
\r
- If File is NULL, then EFI_INVALID_PARAMETER is returned.\r
+ @retval EFI_SUCCESS Sucessfully locate the measure boot protocol instances (at least one instance).\r
+ @retval EFI_UNSUPPORTED Measure boot is not supported.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+GetMeasureBootProtocols (\r
+ MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_TCG2_PROTOCOL *Tcg2Protocol;\r
+ EFI_CC_MEASUREMENT_PROTOCOL *CcProtocol;\r
+ EFI_TCG2_BOOT_SERVICE_CAPABILITY Tcg2ProtocolCapability;\r
+ EFI_CC_BOOT_SERVICE_CAPABILITY CcProtocolCapability;\r
+\r
+ CcProtocol = NULL;\r
+ Status = gBS->LocateProtocol (&gEfiCcMeasurementProtocolGuid, NULL, (VOID **)&CcProtocol);\r
+ if (EFI_ERROR (Status)) {\r
+ //\r
+ // Cc Measurement protocol is not installed.\r
+ //\r
+ DEBUG ((DEBUG_VERBOSE, "CcMeasurementProtocol is not installed. - %r\n", Status));\r
+ } else {\r
+ ZeroMem (&CcProtocolCapability, sizeof (CcProtocolCapability));\r
+ CcProtocolCapability.Size = sizeof (CcProtocolCapability);\r
+ Status = CcProtocol->GetCapability (CcProtocol, &CcProtocolCapability);\r
+ if (EFI_ERROR (Status) || (CcProtocolCapability.CcType.Type == EFI_CC_TYPE_NONE)) {\r
+ DEBUG ((DEBUG_ERROR, " CcProtocol->GetCapability returns : %x, %r\n", CcProtocolCapability.CcType.Type, Status));\r
+ CcProtocol = NULL;\r
+ }\r
+ }\r
+\r
+ Tcg2Protocol = NULL;\r
+ Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&Tcg2Protocol);\r
+ if (EFI_ERROR (Status)) {\r
+ //\r
+ // Tcg2 protocol is not installed. So, TPM2 is not present.\r
+ //\r
+ DEBUG ((DEBUG_VERBOSE, "Tcg2Protocol is not installed. - %r\n", Status));\r
+ } else {\r
+ Tcg2ProtocolCapability.Size = (UINT8)sizeof (Tcg2ProtocolCapability);\r
+ Status = Tcg2Protocol->GetCapability (Tcg2Protocol, &Tcg2ProtocolCapability);\r
+ if (EFI_ERROR (Status) || (!Tcg2ProtocolCapability.TPMPresentFlag)) {\r
+ //\r
+ // TPM device doesn't work or activate.\r
+ //\r
+ DEBUG ((DEBUG_ERROR, "TPMPresentFlag=FALSE %r\n", Status));\r
+ Tcg2Protocol = NULL;\r
+ }\r
+ }\r
+\r
+ MeasureBootProtocols->Tcg2Protocol = Tcg2Protocol;\r
+ MeasureBootProtocols->CcProtocol = CcProtocol;\r
+\r
+ return (Tcg2Protocol == NULL && CcProtocol == NULL) ? EFI_UNSUPPORTED : EFI_SUCCESS;\r
+}\r
\r
- If the file specified by File with an authentication status specified by \r
+/**\r
+ The security handler is used to abstract platform-specific policy\r
+ from the DXE core response to an attempt to use a file that returns a\r
+ given status for the authentication check from the section extraction protocol.\r
+\r
+ The possible responses in a given SAP implementation may include locking\r
+ flash upon failure to authenticate, attestation logging for all signed drivers,\r
+ and other exception operations. The File parameter allows for possible logging\r
+ within the SAP of the driver.\r
+\r
+ If the file specified by File with an authentication status specified by\r
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
- AuthenticationStatus is not safe for the DXE Core to use under any circumstances, \r
+ If the file specified by File with an authentication status specified by\r
+ AuthenticationStatus is not safe for the DXE Core to use under any circumstances,\r
then EFI_ACCESS_DENIED is returned.\r
\r
- If the file specified by File with an authentication status specified by \r
- AuthenticationStatus is not safe for the DXE Core to use right now, but it \r
- might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is \r
+ If the file specified by File with an authentication status specified by\r
+ AuthenticationStatus is not safe for the DXE Core to use right now, but it\r
+ might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is\r
returned.\r
\r
+ If check image specified by FileBuffer and File is NULL meanwhile, return EFI_ACCESS_DENIED.\r
+\r
@param[in] AuthenticationStatus This is the authentication status returned\r
from the securitymeasurement services for the\r
input file.\r
EFI_STATUS\r
EFIAPI\r
DxeTpm2MeasureBootHandler (\r
- IN UINT32 AuthenticationStatus,\r
- IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r
- IN VOID *FileBuffer,\r
- IN UINTN FileSize,\r
- IN BOOLEAN BootPolicy\r
+ IN UINT32 AuthenticationStatus,\r
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,\r
+ IN VOID *FileBuffer,\r
+ IN UINTN FileSize,\r
+ IN BOOLEAN BootPolicy\r
)\r
{\r
- EFI_TREE_PROTOCOL *TreeProtocol;\r
+ MEASURE_BOOT_PROTOCOLS MeasureBootProtocols;\r
EFI_STATUS Status;\r
- TREE_BOOT_SERVICE_CAPABILITY ProtocolCapability;\r
EFI_DEVICE_PATH_PROTOCOL *DevicePathNode;\r
EFI_DEVICE_PATH_PROTOCOL *OrigDevicePathNode;\r
EFI_HANDLE Handle;\r
EFI_PHYSICAL_ADDRESS FvAddress;\r
UINT32 Index;\r
\r
- Status = gBS->LocateProtocol (&gEfiTrEEProtocolGuid, NULL, (VOID **) &TreeProtocol);\r
+ MeasureBootProtocols.Tcg2Protocol = NULL;\r
+ MeasureBootProtocols.CcProtocol = NULL;\r
+\r
+ Status = GetMeasureBootProtocols (&MeasureBootProtocols);\r
+\r
if (EFI_ERROR (Status)) {\r
//\r
- // TrEE protocol is not installed. So, TPM2 is not present.\r
+ // None of Measured boot protocols (Tcg2, Cc) is installed.\r
// Don't do any measurement, and directly return EFI_SUCCESS.\r
//\r
- DEBUG ((EFI_D_ERROR, "DxeTpm2MeasureBootHandler - TrEE - %r\n", Status));\r
+ DEBUG ((DEBUG_INFO, "None of Tcg2Protocol/CcMeasurementProtocol is installed.\n"));\r
return EFI_SUCCESS;\r
}\r
\r
- ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);\r
- Status = TreeProtocol->GetCapability (\r
- TreeProtocol, \r
- &ProtocolCapability\r
- );\r
- if (EFI_ERROR (Status) || (!ProtocolCapability.TrEEPresentFlag)) {\r
- //\r
- // TPM device doesn't work or activate.\r
- //\r
- DEBUG ((EFI_D_ERROR, "DxeTpm2MeasureBootHandler (%r) - TrEEPresentFlag - %x\n", Status, ProtocolCapability.TrEEPresentFlag));\r
- return EFI_SUCCESS;\r
- }\r
+ DEBUG ((\r
+ DEBUG_INFO,\r
+ "Tcg2Protocol = %p, CcMeasurementProtocol = %p\n",\r
+ MeasureBootProtocols.Tcg2Protocol,\r
+ MeasureBootProtocols.CcProtocol\r
+ ));\r
\r
//\r
// Copy File Device Path\r
//\r
OrigDevicePathNode = DuplicateDevicePath (File);\r
- \r
+\r
//\r
// 1. Check whether this device path support BlockIo protocol.\r
// Is so, this device path may be a GPT device path.\r
//\r
DevicePathNode = OrigDevicePathNode;\r
- Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);\r
- if (!EFI_ERROR (Status) && !mTrEEMeasureGptTableFlag) {\r
+ Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle);\r
+ if (!EFI_ERROR (Status) && !mTcg2MeasureGptTableFlag) {\r
//\r
- // Find the gpt partion on the given devicepath\r
+ // Find the gpt partition on the given devicepath\r
//\r
DevicePathNode = OrigDevicePathNode;\r
ASSERT (DevicePathNode != NULL);\r
//\r
// Find the Gpt partition\r
//\r
- if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH &&\r
- DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {\r
+ if ((DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH) &&\r
+ (DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP))\r
+ {\r
//\r
// Check whether it is a gpt partition or not\r
- // \r
- if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && \r
- ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {\r
-\r
+ //\r
+ if ((((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER) &&\r
+ (((HARDDRIVE_DEVICE_PATH *)DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID))\r
+ {\r
//\r
// Change the partition device path to its parent device path (disk) and get the handle.\r
//\r
DevicePathNode->Type = END_DEVICE_PATH_TYPE;\r
DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE;\r
DevicePathNode = OrigDevicePathNode;\r
- Status = gBS->LocateDevicePath (\r
- &gEfiDiskIoProtocolGuid,\r
- &DevicePathNode,\r
- &Handle\r
- );\r
+ Status = gBS->LocateDevicePath (\r
+ &gEfiDiskIoProtocolGuid,\r
+ &DevicePathNode,\r
+ &Handle\r
+ );\r
if (!EFI_ERROR (Status)) {\r
//\r
// Measure GPT disk.\r
//\r
- Status = TrEEMeasureGptTable (TreeProtocol, Handle);\r
- DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - TrEEMeasureGptTable - %r\n", Status));\r
+ Status = Tcg2MeasureGptTable (&MeasureBootProtocols, Handle);\r
+\r
if (!EFI_ERROR (Status)) {\r
//\r
// GPT disk check done.\r
//\r
- mTrEEMeasureGptTableFlag = TRUE;\r
+ mTcg2MeasureGptTableFlag = TRUE;\r
}\r
}\r
+\r
FreePool (OrigDevicePathNode);\r
OrigDevicePathNode = DuplicateDevicePath (File);\r
ASSERT (OrigDevicePathNode != NULL);\r
break;\r
}\r
}\r
- DevicePathNode = NextDevicePathNode (DevicePathNode);\r
+\r
+ DevicePathNode = NextDevicePathNode (DevicePathNode);\r
}\r
}\r
- \r
+\r
//\r
// 2. Measure PE image.\r
//\r
// Check whether this device path support FVB protocol.\r
//\r
DevicePathNode = OrigDevicePathNode;\r
- Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);\r
+ Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);\r
if (!EFI_ERROR (Status)) {\r
//\r
// Don't check FV image, and directly return EFI_SUCCESS.\r
if (IsDevicePathEnd (DevicePathNode)) {\r
return EFI_SUCCESS;\r
}\r
+\r
//\r
// The PE image from unmeasured Firmware volume need be measured\r
- // The PE image from measured Firmware volume will be mearsured according to policy below.\r
+ // The PE image from measured Firmware volume will be measured according to policy below.\r
// If it is driver, do not measure\r
// If it is application, still measure.\r
//\r
ApplicationRequired = TRUE;\r
\r
- if (mTrEECacheMeasuredHandle != Handle && mTrEEMeasuredHobData != NULL) {\r
+ if ((mTcg2CacheMeasuredHandle != Handle) && (mTcg2MeasuredHobData != NULL)) {\r
//\r
// Search for Root FV of this PE image\r
//\r
TempHandle = Handle;\r
do {\r
- Status = gBS->HandleProtocol(\r
- TempHandle, \r
+ Status = gBS->HandleProtocol (\r
+ TempHandle,\r
&gEfiFirmwareVolumeBlockProtocolGuid,\r
- (VOID**)&FvbProtocol\r
+ (VOID **)&FvbProtocol\r
);\r
TempHandle = FvbProtocol->ParentHandle;\r
- } while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL);\r
+ } while (!EFI_ERROR (Status) && FvbProtocol->ParentHandle != NULL);\r
\r
//\r
// Search in measured FV Hob\r
//\r
- Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress);\r
- if (EFI_ERROR(Status)){\r
+ Status = FvbProtocol->GetPhysicalAddress (FvbProtocol, &FvAddress);\r
+ if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
\r
ApplicationRequired = FALSE;\r
\r
- for (Index = 0; Index < mTrEEMeasuredHobData->Num; Index++) {\r
- if(mTrEEMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {\r
+ for (Index = 0; Index < mTcg2MeasuredHobData->Num; Index++) {\r
+ if (mTcg2MeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {\r
//\r
// Cache measured FV for next measurement\r
//\r
- mTrEECacheMeasuredHandle = Handle;\r
- ApplicationRequired = TRUE;\r
+ mTcg2CacheMeasuredHandle = Handle;\r
+ ApplicationRequired = TRUE;\r
break;\r
}\r
}\r
goto Finish;\r
}\r
\r
- mTrEEImageSize = FileSize;\r
- mTrEEFileBuffer = FileBuffer;\r
+ mTcg2ImageSize = FileSize;\r
+ mTcg2FileBuffer = FileBuffer;\r
\r
//\r
// Measure PE Image\r
//\r
DevicePathNode = OrigDevicePathNode;\r
ZeroMem (&ImageContext, sizeof (ImageContext));\r
- ImageContext.Handle = (VOID *) FileBuffer;\r
- ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpm2MeasureBootLibImageRead;\r
+ ImageContext.Handle = (VOID *)FileBuffer;\r
+ ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeTpm2MeasureBootLibImageRead;\r
\r
//\r
// Get information about the image being loaded\r
//\r
Status = PeCoffLoaderGetImageInfo (&ImageContext);\r
if (EFI_ERROR (Status)) {\r
+ //\r
+ // Check for invalid parameters.\r
+ //\r
+ if (File == NULL) {\r
+ Status = EFI_ACCESS_DENIED;\r
+ }\r
+\r
//\r
// The information can't be got from the invalid PeImage\r
//\r
goto Finish;\r
}\r
- \r
+\r
//\r
// Measure only application if Application flag is set\r
// Measure drivers and applications if Application flag is not set\r
//\r
- if ((!ApplicationRequired) || \r
- (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { \r
+ if ((!ApplicationRequired) ||\r
+ (ApplicationRequired && (ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)))\r
+ {\r
//\r
// Print the image path to be measured.\r
- // \r
+ //\r
DEBUG_CODE_BEGIN ();\r
- CHAR16 *ToText;\r
- ToText = ConvertDevicePathToText (\r
- DevicePathNode,\r
- FALSE,\r
- TRUE\r
- );\r
- if (ToText != NULL) {\r
- DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));\r
- FreePool (ToText);\r
- }\r
+ CHAR16 *ToText;\r
+ ToText = ConvertDevicePathToText (\r
+ DevicePathNode,\r
+ FALSE,\r
+ TRUE\r
+ );\r
+ if (ToText != NULL) {\r
+ DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText));\r
+ FreePool (ToText);\r
+ }\r
+\r
DEBUG_CODE_END ();\r
\r
//\r
// Measure PE image into TPM log.\r
//\r
- Status = TrEEMeasurePeImage (\r
- TreeProtocol,\r
- (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, \r
- FileSize, \r
- (UINTN) ImageContext.ImageAddress, \r
- ImageContext.ImageType, \r
+ Status = Tcg2MeasurePeImage (\r
+ &MeasureBootProtocols,\r
+ (EFI_PHYSICAL_ADDRESS)(UINTN)FileBuffer,\r
+ FileSize,\r
+ (UINTN)ImageContext.ImageAddress,\r
+ ImageContext.ImageType,\r
DevicePathNode\r
);\r
- DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - TrEEMeasurePeImage - %r\n", Status));\r
}\r
\r
//\r
FreePool (OrigDevicePathNode);\r
}\r
\r
- DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - %r\n", Status));\r
+ DEBUG ((DEBUG_INFO, "DxeTpm2MeasureBootHandler - %r\n", Status));\r
\r
return Status;\r
}\r
GuidHob = GetFirstGuidHob (&gMeasuredFvHobGuid);\r
\r
if (GuidHob != NULL) {\r
- mTrEEMeasuredHobData = GET_GUID_HOB_DATA (GuidHob);\r
+ mTcg2MeasuredHobData = GET_GUID_HOB_DATA (GuidHob);\r
}\r
\r
return RegisterSecurity2Handler (\r
- DxeTpm2MeasureBootHandler,\r
- EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r
- );\r
+ DxeTpm2MeasureBootHandler,\r
+ EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r
+ );\r
}\r