/** @file\r
Initialize TPM2 device and measure FVs before handing off control to DXE.\r
\r
-Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>\r
+This program and the accompanying materials\r
+are licensed and made available under the terms and conditions of the BSD License\r
+which accompanies this distribution. The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Ppi/FirmwareVolumeInfo.h>\r
#include <Ppi/FirmwareVolumeInfo2.h>\r
-#include <Ppi/LockPhysicalPresence.h>\r
#include <Ppi/TpmInitialized.h>\r
#include <Ppi/FirmwareVolume.h>\r
#include <Ppi/EndOfPeiPhase.h>\r
#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>\r
+#include <Ppi/FirmwareVolumeInfoPrehashedFV.h>\r
\r
#include <Guid/TcgEventHob.h>\r
#include <Guid/MeasuredFvHob.h>\r
#include <Library/MemoryAllocationLib.h>\r
#include <Library/ReportStatusCodeLib.h>\r
#include <Library/ResetSystemLib.h>\r
-#include <Library/Tcg2PhysicalPresenceLib.h>\r
\r
#define PERF_ID_TCG2_PEI 0x3080\r
\r
{\r
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
&gEfiPeiFirmwareVolumeInfoPpiGuid,\r
- FirmwareVolmeInfoPpiNotifyCallback \r
+ FirmwareVolmeInfoPpiNotifyCallback\r
},\r
{\r
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
&gEfiPeiFirmwareVolumeInfo2PpiGuid,\r
- FirmwareVolmeInfoPpiNotifyCallback \r
+ FirmwareVolmeInfoPpiNotifyCallback\r
},\r
{\r
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
}\r
};\r
\r
-EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;\r
\r
/**\r
Record all measured Firmware Volum Information into a Guid Hob\r
- Guid Hob payload layout is \r
+ Guid Hob payload layout is\r
\r
UINT32 *************************** FIRMWARE_BLOB number\r
EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array\r
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
IN VOID *Ppi\r
)\r
-{ \r
+{\r
MEASURED_HOB_DATA *MeasuredHobData;\r
\r
MeasuredHobData = NULL;\r
\r
+ PERF_CALLBACK_BEGIN (&gEfiEndOfPeiSignalPpiGuid);\r
+\r
//\r
- // Create a Guid hob to save all measured Fv \r
+ // Create a Guid hob to save all measured Fv\r
//\r
MeasuredHobData = BuildGuidHob(\r
&gMeasuredFvHobGuid,\r
CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));\r
}\r
\r
+ PERF_CALLBACK_END (&gEfiEndOfPeiSignalPpiGuid);\r
+\r
return EFI_SUCCESS;\r
}\r
\r
ASSERT_EFI_ERROR (Status);\r
\r
Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);\r
+ if (Tpm2PcrMask == 0) {\r
+ //\r
+ // if PcdTPm2HashMask is zero, use ActivePcr setting\r
+ //\r
+ PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);\r
+ Tpm2PcrMask = TpmActivePcrBanks;\r
+ }\r
\r
//\r
// Find the intersection of Pcd support and TPM support.\r
}\r
break;\r
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2:\r
+ //\r
+ // Use GetDigestListSize (DigestList) in the GUID HOB DataLength calculation\r
+ // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary.\r
+ //\r
HobData = BuildGuidHob (\r
&gTcgEvent2EntryHobGuid,\r
sizeof(TcgPcrEvent2->PCRIndex) + sizeof(TcgPcrEvent2->EventType) + GetDigestListSize (DigestList) + sizeof(TcgPcrEvent2->EventSize) + NewEventHdr->EventSize\r
added into the Event Log.\r
\r
@param[in] Flags Bitmap providing additional information.\r
- @param[in] HashData Physical address of the start of the data buffer \r
+ @param[in] HashData Physical address of the start of the data buffer\r
to be hashed, extended, and logged.\r
@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.\r
- @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. \r
- @param[in] NewEventData Pointer to the new event data. \r
+ @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.\r
+ @param[in] NewEventData Pointer to the new event data.\r
\r
@retval EFI_SUCCESS Operation completed successfully.\r
@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);\r
}\r
}\r
- \r
+\r
if (Status == EFI_DEVICE_ERROR) {\r
DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));\r
BuildGuidHob (&gTpmErrorHobGuid,0);\r
}\r
\r
/**\r
- Measure FV image. \r
- Add it into the measured FV list after the FV is measured successfully. \r
+ Measure FV image.\r
+ Add it into the measured FV list after the FV is measured successfully.\r
\r
@param[in] FvBase Base address of FV image.\r
@param[in] FvLength Length of FV image.\r
\r
- @retval EFI_SUCCESS Fv image is measured successfully \r
+ @retval EFI_SUCCESS Fv image is measured successfully\r
or it has been already measured.\r
@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
IN UINT64 FvLength\r
)\r
{\r
- UINT32 Index;\r
- EFI_STATUS Status;\r
- EFI_PLATFORM_FIRMWARE_BLOB FvBlob;\r
- TCG_PCR_EVENT_HDR TcgEventHdr;\r
-\r
- //\r
- // Check if it is in Excluded FV list\r
- //\r
- if (mMeasurementExcludedFvPpi != NULL) {\r
- for (Index = 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) {\r
- if (mMeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase) {\r
- DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei starts at: 0x%x\n", FvBase));\r
- DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei has the size: 0x%x\n", FvLength));\r
- return EFI_SUCCESS;\r
+ UINT32 Index;\r
+ EFI_STATUS Status;\r
+ EFI_PLATFORM_FIRMWARE_BLOB FvBlob;\r
+ TCG_PCR_EVENT_HDR TcgEventHdr;\r
+ UINT32 Instance;\r
+ UINT32 Tpm2HashMask;\r
+ TPML_DIGEST_VALUES DigestList;\r
+ UINT32 DigestCount;\r
+ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi;\r
+ EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PrehashedFvPpi;\r
+ HASH_INFO *PreHashInfo;\r
+ UINT32 HashAlgoMask;\r
+\r
+ //\r
+ // Check Excluded FV list\r
+ //\r
+ Instance = 0;\r
+ do {\r
+ Status = PeiServicesLocatePpi(\r
+ &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,\r
+ Instance,\r
+ NULL,\r
+ (VOID**)&MeasurementExcludedFvPpi\r
+ );\r
+ if (!EFI_ERROR(Status)) {\r
+ for (Index = 0; Index < MeasurementExcludedFvPpi->Count; Index ++) {\r
+ if (MeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase\r
+ && MeasurementExcludedFvPpi->Fv[Index].FvLength == FvLength) {\r
+ DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei starts at: 0x%x\n", FvBase));\r
+ DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei has the size: 0x%x\n", FvLength));\r
+ return EFI_SUCCESS;\r
+ }\r
}\r
+\r
+ Instance++;\r
}\r
- }\r
+ } while (!EFI_ERROR(Status));\r
\r
//\r
- // Check whether FV is in the measured FV list.\r
+ // Check measured FV list\r
//\r
for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) {\r
- if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase) {\r
+ if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase && mMeasuredBaseFvInfo[Index].BlobLength == FvLength) {\r
+ DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei starts at: 0x%x\n", FvBase));\r
+ DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei has the size: 0x%x\n", FvLength));\r
return EFI_SUCCESS;\r
}\r
}\r
- \r
+\r
//\r
- // Measure and record the FV to the TPM\r
+ // Check pre-hashed FV list\r
//\r
- FvBlob.BlobBase = FvBase;\r
- FvBlob.BlobLength = FvLength;\r
+ Instance = 0;\r
+ Tpm2HashMask = PcdGet32 (PcdTpm2HashMask);\r
+ do {\r
+ Status = PeiServicesLocatePpi (\r
+ &gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid,\r
+ Instance,\r
+ NULL,\r
+ (VOID**)&PrehashedFvPpi\r
+ );\r
+ if (!EFI_ERROR(Status) && PrehashedFvPpi->FvBase == FvBase && PrehashedFvPpi->FvLength == FvLength) {\r
+ ZeroMem (&DigestList, sizeof(TPML_DIGEST_VALUES));\r
+\r
+ //\r
+ // The FV is prehashed, check against TPM hash mask\r
+ //\r
+ PreHashInfo = (HASH_INFO *)(PrehashedFvPpi + 1);\r
+ for (Index = 0, DigestCount = 0; Index < PrehashedFvPpi->Count; Index++) {\r
+ DEBUG((DEBUG_INFO, "Hash Algo ID in PrehashedFvPpi=0x%x\n", PreHashInfo->HashAlgoId));\r
+ HashAlgoMask = GetHashMaskFromAlgo(PreHashInfo->HashAlgoId);\r
+ if ((Tpm2HashMask & HashAlgoMask) != 0 ) {\r
+ //\r
+ // Hash is required, copy it to DigestList\r
+ //\r
+ WriteUnaligned16(&(DigestList.digests[DigestCount].hashAlg), PreHashInfo->HashAlgoId);\r
+ CopyMem (\r
+ &DigestList.digests[DigestCount].digest,\r
+ PreHashInfo + 1,\r
+ PreHashInfo->HashSize\r
+ );\r
+ DigestCount++;\r
+ //\r
+ // Clean the corresponding Hash Algo mask bit\r
+ //\r
+ Tpm2HashMask &= ~HashAlgoMask;\r
+ }\r
+ PreHashInfo = (HASH_INFO *)((UINT8 *)(PreHashInfo + 1) + PreHashInfo->HashSize);\r
+ }\r
+\r
+ WriteUnaligned32(&DigestList.count, DigestCount);\r
\r
- DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase));\r
- DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength));\r
+ break;\r
+ }\r
+ Instance++;\r
+ } while (!EFI_ERROR(Status));\r
\r
- TcgEventHdr.PCRIndex = 0;\r
+ //\r
+ // Init the log event for FV measurement\r
+ //\r
+ FvBlob.BlobBase = FvBase;\r
+ FvBlob.BlobLength = FvLength;\r
+ TcgEventHdr.PCRIndex = 0;\r
TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;\r
TcgEventHdr.EventSize = sizeof (FvBlob);\r
\r
- Status = HashLogExtendEvent (\r
- 0,\r
- (UINT8*) (UINTN) FvBlob.BlobBase,\r
- (UINTN) FvBlob.BlobLength,\r
- &TcgEventHdr,\r
- (UINT8*) &FvBlob\r
- );\r
+ if (Tpm2HashMask == 0) {\r
+ //\r
+ // FV pre-hash algos comply with current TPM hash requirement\r
+ // Skip hashing step in measure, only extend DigestList to PCR and log event\r
+ //\r
+ Status = Tpm2PcrExtend(\r
+ 0,\r
+ &DigestList\r
+ );\r
+\r
+ if (!EFI_ERROR(Status)) {\r
+ Status = LogHashEvent (&DigestList, &TcgEventHdr, (UINT8*) &FvBlob);\r
+ DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase));\r
+ DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength));\r
+ } else if (Status == EFI_DEVICE_ERROR) {\r
+ BuildGuidHob (&gTpmErrorHobGuid,0);\r
+ REPORT_STATUS_CODE (\r
+ EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+ (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+ );\r
+ }\r
+ } else {\r
+ //\r
+ // Hash the FV, extend digest to the TPM and log TCG event\r
+ //\r
+ Status = HashLogExtendEvent (\r
+ 0,\r
+ (UINT8*) (UINTN) FvBlob.BlobBase,\r
+ (UINTN) FvBlob.BlobLength,\r
+ &TcgEventHdr,\r
+ (UINT8*) &FvBlob\r
+ );\r
+ DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase));\r
+ DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength));\r
+ }\r
+\r
+ if (EFI_ERROR(Status)) {\r
+ DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x%x\n", FvBase));\r
+ return Status;\r
+ }\r
\r
//\r
// Add new FV into the measured FV list.\r
)\r
{\r
EFI_STATUS Status;\r
- UINT32 FvInstances;\r
EFI_PEI_FV_HANDLE VolumeHandle;\r
EFI_FV_INFO VolumeInfo;\r
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
\r
PERF_START_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI);\r
- FvInstances = 0;\r
- while (TRUE) {\r
- //\r
- // Traverse all firmware volume instances of Static Core Root of Trust for Measurement\r
- // (S-CRTM), this firmware volume measure policy can be modified/enhanced by special\r
- // platform for special CRTM TPM measuring.\r
- //\r
- Status = PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle);\r
- if (EFI_ERROR (Status)) {\r
- break;\r
- }\r
- \r
- //\r
- // Measure and record the firmware volume that is dispatched by PeiCore\r
- //\r
- Status = PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo);\r
- ASSERT_EFI_ERROR (Status);\r
- //\r
- // Locate the corresponding FV_PPI according to founded FV's format guid\r
- //\r
- Status = PeiServicesLocatePpi (\r
- &VolumeInfo.FvFormat, \r
- 0, \r
- NULL,\r
- (VOID**)&FvPpi\r
- );\r
- if (!EFI_ERROR (Status)) {\r
- MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize);\r
- }\r
\r
- FvInstances++;\r
- }\r
+ //\r
+ // Only measure BFV at the very beginning. Other parts of Static Core Root of\r
+ // Trust for Measurement(S-CRTM) will be measured later on FvInfoNotify.\r
+ // BFV is processed without installing FV Info Ppi. Other FVs either inside BFV or\r
+ // reported by platform will be installed with Fv Info Ppi\r
+ // This firmware volume measure policy can be modified/enhanced by special\r
+ // platform for special CRTM TPM measuring.\r
+ //\r
+ Status = PeiServicesFfsFindNextVolume (0, &VolumeHandle);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ //\r
+ // Measure and record the firmware volume that is dispatched by PeiCore\r
+ //\r
+ Status = PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo);\r
+ ASSERT_EFI_ERROR (Status);\r
+ //\r
+ // Locate the corresponding FV_PPI according to founded FV's format guid\r
+ //\r
+ Status = PeiServicesLocatePpi (\r
+ &VolumeInfo.FvFormat,\r
+ 0,\r
+ NULL,\r
+ (VOID**)&FvPpi\r
+ );\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ Status = MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize);\r
+\r
PERF_END_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI + 1);\r
\r
- return EFI_SUCCESS;\r
+ return Status;\r
}\r
\r
/**\r
// The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi.\r
//\r
Status = PeiServicesLocatePpi (\r
- &Fv->FvFormat, \r
- 0, \r
+ &Fv->FvFormat,\r
+ 0,\r
NULL,\r
(VOID**)&FvPpi\r
);\r
if (EFI_ERROR (Status)) {\r
return EFI_SUCCESS;\r
}\r
- \r
+\r
//\r
// This is an FV from an FFS file, and the parent FV must have already been measured,\r
// No need to measure twice, so just record the FV and return\r
//\r
if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {\r
- \r
+\r
ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
//\r
{\r
EFI_STATUS Status;\r
\r
- Status = PeiServicesLocatePpi (\r
- &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, \r
- 0, \r
- NULL,\r
- (VOID**)&mMeasurementExcludedFvPpi\r
- );\r
- // Do not check status, because it is optional\r
-\r
mMeasuredBaseFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
ASSERT (mMeasuredBaseFvInfo != NULL);\r
mMeasuredChildFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
ASSERT (mMeasuredChildFvInfo != NULL);\r
- \r
+\r
if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {\r
Status = MeasureCRTMVersion ();\r
}\r
\r
Status = MeasureMainBios ();\r
+ if (EFI_ERROR(Status)) {\r
+ return Status;\r
+ }\r
\r
//\r
// Post callbacks:\r
/**\r
Measure and log Separator event with error, and extend the measurement result into a specific PCR.\r
\r
- @param[in] PCRIndex PCR index. \r
+ @param[in] PCRIndex PCR index.\r
\r
@retval EFI_SUCCESS Operation completed successfully.\r
@retval EFI_DEVICE_ERROR The operation was unsuccessful.\r
\r
if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||\r
CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){\r
- DEBUG ((EFI_D_ERROR, "No TPM2 instance required!\n"));\r
+ DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));\r
return EFI_UNSUPPORTED;\r
}\r
\r
goto Done;\r
}\r
}\r
- \r
+\r
//\r
// Update Tpm2HashMask according to PCR bank.\r
//\r
projects / mirror_edk2.git / blobdiff