SecurityPkg/Tcg2Smm: Measure the table before patch.

[mirror_edk2.git] / SecurityPkg / Tcg / Tcg2Smm / Tcg2Smm.c

diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
index 54966c83ce861319ccee39672041a9b3d5303f23..91aebb62b8bfbd7afc22c7c84efe131f7a64cf7a 100644 (file)
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
@@ -651,23 +651,11 @@ PublishAcpiTable (
              );\r
   ASSERT_EFI_ERROR (Status);\r
 \r
-  //\r
-  // Update Table version before measuring it to PCR\r
-  //\r
-  Status = UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer));\r
-  ASSERT_EFI_ERROR (Status);\r
-\r
-  DEBUG ((\r
-    DEBUG_INFO,\r
-    "Current physical presence interface version - %a\n",\r
-    (CHAR8 *) PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer)\r
-    ));\r
-\r
   //\r
   // Measure to PCR[0] with event EV_POST_CODE ACPI DATA.\r
-  // The measurement has to be done before UpdateHID since TPM2 ACPI HID\r
-  // imply TPM Firmware Version. Otherwise, the PCR record would be\r
-  // different after TPM FW update.\r
+  // The measurement has to be done before any update.\r
+  // Otherwise, the PCR record would be different after TPM FW update\r
+  // or the PCD configuration change.\r
   //\r
   TpmMeasureAndLogData(\r
     0,\r
@@ -678,6 +666,18 @@ PublishAcpiTable (
     TableSize\r
     );\r
 \r
+  //\r
+  // Update Table version before measuring it to PCR\r
+  //\r
+  Status = UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer));\r
+  ASSERT_EFI_ERROR (Status);\r
+\r
+  DEBUG ((\r
+    DEBUG_INFO,\r
+    "Current physical presence interface version - %a\n",\r
+    (CHAR8 *) PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer)\r
+    ));\r
+\r
   //\r
   // Update TPM2 HID after measuring it to PCR\r
   //\r
@@ -753,6 +753,21 @@ PublishTpm2 (
   EFI_TPM2_ACPI_CONTROL_AREA     *ControlArea;\r
   TPM2_PTP_INTERFACE_TYPE        InterfaceType;\r
 \r
+  //\r
+  // Measure to PCR[0] with event EV_POST_CODE ACPI DATA.\r
+  // The measurement has to be done before any update.\r
+  // Otherwise, the PCR record would be different after event log update\r
+  // or the PCD configuration change.\r
+  //\r
+  TpmMeasureAndLogData(\r
+    0,\r
+    EV_POST_CODE,\r
+    EV_POSTCODE_INFO_ACPI_DATA,\r
+    ACPI_DATA_LEN,\r
+    &mTpm2AcpiTemplate,\r
+    mTpm2AcpiTemplate.Header.Length\r
+    );\r
+\r
   mTpm2AcpiTemplate.Header.Revision = PcdGet8(PcdTpm2AcpiTableRev);\r
   DEBUG((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision));\r
 \r
@@ -776,18 +791,6 @@ PublishTpm2 (
     mTpm2AcpiTemplate.Header.Length = sizeof(EFI_TPM2_ACPI_TABLE);\r
   }\r
 \r
-  //\r
-  // Measure to PCR[0] with event EV_POST_CODE ACPI DATA\r
-  //\r
-  TpmMeasureAndLogData(\r
-    0,\r
-    EV_POST_CODE,\r
-    EV_POSTCODE_INFO_ACPI_DATA,\r
-    ACPI_DATA_LEN,\r
-    &mTpm2AcpiTemplate,\r
-    mTpm2AcpiTemplate.Header.Length\r
-    );\r
-\r
   InterfaceType = PcdGet8(PcdActiveTpmInterfaceType);\r
   switch (InterfaceType) {\r
   case Tpm2PtpInterfaceCrb:\r