Add TcgDxeHashLogExtendEvent EventLogLastEntry parameter update logic

[mirror_edk2.git] / SecurityPkg / Tcg / TcgDxe / TcgDxe.c

diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
index 05a11360d46b16d3339c9ec580c0619227da23d7..aa16641fdef94d6a40040dd108c604f4cf87994c 100644 (file)
--- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
+++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
@@ -1,7 +1,14 @@
 /** @file  \r
   This module implements TCG EFI Protocol.\r
-  \r
-Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>\r
+ \r
+Caution: This module requires additional review when modified.\r
+This driver will have external input - TcgDxePassThroughToTpm\r
+This external input must be validated carefully to avoid security issue like\r
+buffer overflow, integer overflow.\r
+\r
+TcgDxePassThroughToTpm() will receive untrusted input and do basic validation.\r
+\r
+Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
 This program and the accompanying materials \r
 are licensed and made available under the terms and conditions of the BSD License \r
 which accompanies this distribution.  The full text of the license may be found at \r
@@ -23,6 +30,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Guid/HobList.h>\r
 #include <Guid/TcgEventHob.h>\r
 #include <Guid/EventGroup.h>\r
+#include <Guid/EventExitBootServiceFailed.h>\r
 #include <Protocol/DevicePath.h>\r
 #include <Protocol/TcgService.h>\r
 #include <Protocol/AcpiTable.h>\r
@@ -262,6 +270,10 @@ TcgDxeHashAll (
       }\r
       *HashedDataLen = sizeof (TPM_DIGEST);\r
 \r
+         if (*HashedDataResult == NULL) {\r
+               *HashedDataResult = AllocatePool ((UINTN) *HashedDataLen);\r
+         } \r
+\r
       return TpmCommHashAll (\r
                HashData,\r
                (UINTN) HashDataLen,\r
@@ -340,6 +352,10 @@ TcgDxeLogEvent (
 {\r
   TCG_DXE_DATA  *TcgData;\r
 \r
+  if (TCGLogData == NULL){\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
   TcgData = TCG_DXE_DATA_FROM_THIS (This);\r
   \r
   if (TcgData->BsCap.TPMDeactivatedFlag) {\r
@@ -379,6 +395,13 @@ TcgDxePassThroughToTpm (
 {\r
   TCG_DXE_DATA                      *TcgData;\r
 \r
+  if (TpmInputParameterBlock == NULL || \r
+      TpmOutputParameterBlock == NULL || \r
+      TpmInputParameterBlockSize == 0 ||\r
+      TpmOutputParameterBlockSize == 0) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
   TcgData = TCG_DXE_DATA_FROM_THIS (This);\r
 \r
   return TisPcExecute (\r
@@ -419,7 +442,11 @@ TcgDxeHashLogExtendEventI (
 {\r
   EFI_STATUS                        Status;\r
 \r
-  if (HashDataLen > 0) {\r
+  if (HashData == NULL && HashDataLen > 0) {\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
+\r
+  if (HashDataLen > 0 || HashData != NULL) {\r
     Status = TpmCommHashAll (\r
                HashData,\r
                (UINTN) HashDataLen,\r
@@ -478,6 +505,11 @@ TcgDxeHashLogExtendEvent (
   )\r
 {\r
   TCG_DXE_DATA  *TcgData;\r
+  EFI_STATUS    Status;\r
+\r
+  if (TCGLogData == NULL || EventLogLastEntry == NULL){\r
+    return EFI_INVALID_PARAMETER;\r
+  }\r
 \r
   TcgData = TCG_DXE_DATA_FROM_THIS (This);\r
   \r
@@ -489,13 +521,19 @@ TcgDxeHashLogExtendEvent (
     return EFI_UNSUPPORTED;\r
   }\r
 \r
-  return TcgDxeHashLogExtendEventI (\r
-           TcgData,\r
-           (UINT8 *) (UINTN) HashData,\r
-           HashDataLen,\r
-           (TCG_PCR_EVENT_HDR*)TCGLogData,\r
-           TCGLogData->Event\r
-           );\r
+  Status = TcgDxeHashLogExtendEventI (\r
+             TcgData,\r
+             (UINT8 *) (UINTN) HashData,\r
+             HashDataLen,\r
+             (TCG_PCR_EVENT_HDR*)TCGLogData,\r
+             TCGLogData->Event\r
+             );\r
+\r
+  if (!EFI_ERROR(Status)){\r
+    *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN) TcgData->LastEvent;\r
+  }\r
+\r
+  return Status;\r
 }\r
 \r
 TCG_DXE_DATA                 mTcgDxeData = {\r
@@ -1099,6 +1137,34 @@ OnExitBootServices (
   ASSERT_EFI_ERROR (Status);\r
 }\r
 \r
+/**\r
+  Exit Boot Services Failed Event notification handler.\r
+\r
+  Measure Failure of ExitBootServices.\r
+\r
+  @param[in]  Event     Event whose notification function is being invoked\r
+  @param[in]  Context   Pointer to the notification function's context\r
+\r
+**/\r
+VOID\r
+EFIAPI\r
+OnExitBootServicesFailed (\r
+  IN      EFI_EVENT                 Event,\r
+  IN      VOID                      *Context\r
+  )\r
+{\r
+  EFI_STATUS    Status;\r
+\r
+  //\r
+  // Measure Failure of ExitBootServices,\r
+  //\r
+  Status = TcgMeasureAction (\r
+             EFI_EXIT_BOOT_SERVICES_FAILED\r
+             );\r
+  ASSERT_EFI_ERROR (Status);\r
+\r
+}\r
+\r
 /**\r
   Get TPM Deactivated state.\r
 \r
@@ -1176,11 +1242,6 @@ DriverEntry (
                   EFI_NATIVE_INTERFACE,\r
                   &mTcgDxeData.TcgProtocol\r
                   );\r
-  //\r
-  // Install ACPI Table\r
-  //\r
-  EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid, TPL_CALLBACK, InstallAcpiTable, NULL, &Registration);\r
-    \r
   if (!EFI_ERROR (Status) && !mTcgDxeData.BsCap.TPMDeactivatedFlag) {\r
     //\r
     // Setup the log area and copy event log from hob list to it\r
@@ -1206,7 +1267,24 @@ DriverEntry (
                     &gEfiEventExitBootServicesGuid,\r
                     &Event\r
                     );\r
+\r
+    //\r
+    // Measure Exit Boot Service failed \r
+    //\r
+    Status = gBS->CreateEventEx (\r
+                    EVT_NOTIFY_SIGNAL,\r
+                    TPL_NOTIFY,\r
+                    OnExitBootServicesFailed,\r
+                    NULL,\r
+                    &gEventExitBootServicesFailedGuid,\r
+                    &Event\r
+                    );\r
   }\r
 \r
+  //\r
+  // Install ACPI Table\r
+  //\r
+  EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid, TPL_CALLBACK, InstallAcpiTable, NULL, &Registration);\r
+  \r
   return Status;\r
 }\r