/** @file\r
Initialize TPM device and measure FVs before handing off control to DXE.\r
\r
-Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.<BR>\r
-This program and the accompanying materials \r
-are licensed and made available under the terms and conditions of the BSD License \r
-which accompanies this distribution. The full text of the license may be found at \r
-http://opensource.org/licenses/bsd-license.php\r
-\r
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR>\r
+SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include <Library/Tpm12DeviceLib.h>\r
#include <Library/Tpm12CommandLib.h>\r
#include <Library/BaseCryptLib.h>\r
+#include <Library/PerformanceLib.h>\r
\r
BOOLEAN mImageInMemory = FALSE;\r
\r
NULL\r
};\r
\r
+//\r
+// Number of firmware blobs to grow by each time we run out of room\r
+//\r
+#define FIRMWARE_BLOB_GROWTH_STEP 4\r
+\r
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;\r
+UINT32 mMeasuredMaxBaseFvIndex = 0;\r
UINT32 mMeasuredBaseFvIndex = 0;\r
\r
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;\r
+UINT32 mMeasuredMaxChildFvIndex = 0;\r
UINT32 mMeasuredChildFvIndex = 0;\r
\r
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;\r
{\r
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
&gEfiPeiFirmwareVolumeInfoPpiGuid,\r
- FirmwareVolmeInfoPpiNotifyCallback \r
+ FirmwareVolmeInfoPpiNotifyCallback\r
},\r
{\r
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
&gEfiPeiFirmwareVolumeInfo2PpiGuid,\r
- FirmwareVolmeInfoPpiNotifyCallback \r
+ FirmwareVolmeInfoPpiNotifyCallback\r
},\r
{\r
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
\r
/**\r
Record all measured Firmware Volum Information into a Guid Hob\r
- Guid Hob payload layout is \r
+ Guid Hob payload layout is\r
\r
UINT32 *************************** FIRMWARE_BLOB number\r
EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array\r
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
IN VOID *Ppi\r
)\r
-{ \r
+{\r
MEASURED_HOB_DATA *MeasuredHobData;\r
\r
MeasuredHobData = NULL;\r
\r
+ PERF_CALLBACK_BEGIN (&gEfiEndOfPeiSignalPpiGuid);\r
+\r
//\r
- // Create a Guid hob to save all measured Fv \r
+ // Create a Guid hob to save all measured Fv\r
//\r
MeasuredHobData = BuildGuidHob(\r
&gMeasuredFvHobGuid,\r
CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));\r
}\r
\r
+ PERF_CALLBACK_END (&gEfiEndOfPeiSignalPpiGuid);\r
+\r
return EFI_SUCCESS;\r
}\r
\r
added into the Event Log.\r
\r
@param[in] PeiServices Describes the list of possible PEI Services.\r
- @param[in] HashData Physical address of the start of the data buffer \r
+ @param[in] HashData Physical address of the start of the data buffer\r
to be hashed, extended, and logged.\r
@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.\r
- @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. \r
- @param[in] NewEventData Pointer to the new event data. \r
+ @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.\r
+ @param[in] NewEventData Pointer to the new event data.\r
\r
@retval EFI_SUCCESS Operation completed successfully.\r
@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
{\r
EFI_STATUS Status;\r
VOID *HobData;\r
- \r
+\r
if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
return EFI_DEVICE_ERROR;\r
}\r
}\r
\r
/**\r
- Measure FV image. \r
- Add it into the measured FV list after the FV is measured successfully. \r
+ Measure FV image.\r
+ Add it into the measured FV list after the FV is measured successfully.\r
\r
@param[in] FvBase Base address of FV image.\r
@param[in] FvLength Length of FV image.\r
\r
- @retval EFI_SUCCESS Fv image is measured successfully \r
+ @retval EFI_SUCCESS Fv image is measured successfully\r
or it has been already measured.\r
@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
@retval EFI_DEVICE_ERROR The command was unsuccessful.\r
return EFI_SUCCESS;\r
}\r
}\r
- \r
+\r
//\r
// Measure and record the FV to the TPM\r
//\r
//\r
// Add new FV into the measured FV list.\r
//\r
- ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
- if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
- mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase;\r
- mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength;\r
- mMeasuredBaseFvIndex++;\r
+ if (mMeasuredBaseFvIndex >= mMeasuredMaxBaseFvIndex) {\r
+ mMeasuredBaseFvInfo = ReallocatePool (\r
+ sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasuredMaxBaseFvIndex,\r
+ sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredMaxBaseFvIndex + FIRMWARE_BLOB_GROWTH_STEP),\r
+ mMeasuredBaseFvInfo\r
+ );\r
+ ASSERT (mMeasuredBaseFvInfo != NULL);\r
+ mMeasuredMaxBaseFvIndex = mMeasuredMaxBaseFvIndex + FIRMWARE_BLOB_GROWTH_STEP;\r
}\r
\r
+ mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase;\r
+ mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength;\r
+ mMeasuredBaseFvIndex++;\r
+\r
return Status;\r
}\r
\r
EFI_PEI_FV_HANDLE VolumeHandle;\r
EFI_FV_INFO VolumeInfo;\r
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
- \r
+\r
FvInstances = 0;\r
while (TRUE) {\r
//\r
if (EFI_ERROR (Status)) {\r
break;\r
}\r
- \r
+\r
//\r
// Measure and record the firmware volume that is dispatched by PeiCore\r
//\r
// Locate the corresponding FV_PPI according to founded FV's format guid\r
//\r
Status = PeiServicesLocatePpi (\r
- &VolumeInfo.FvFormat, \r
- 0, \r
+ &VolumeInfo.FvFormat,\r
+ 0,\r
NULL,\r
(VOID**)&FvPpi\r
);\r
// The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi.\r
//\r
Status = PeiServicesLocatePpi (\r
- &Fv->FvFormat, \r
- 0, \r
+ &Fv->FvFormat,\r
+ 0,\r
NULL,\r
(VOID**)&FvPpi\r
);\r
if (EFI_ERROR (Status)) {\r
return EFI_SUCCESS;\r
}\r
- \r
+\r
//\r
// This is an FV from an FFS file, and the parent FV must have already been measured,\r
// No need to measure twice, so just record the FV and return\r
//\r
if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {\r
- \r
- ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
- if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
- //\r
- // Check whether FV is in the measured child FV list.\r
- //\r
- for (Index = 0; Index < mMeasuredChildFvIndex; Index++) {\r
- if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) {\r
- return EFI_SUCCESS;\r
- }\r
+\r
+ if (mMeasuredChildFvIndex >= mMeasuredMaxChildFvIndex) {\r
+ mMeasuredChildFvInfo = ReallocatePool (\r
+ sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasuredMaxChildFvIndex,\r
+ sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP),\r
+ mMeasuredChildFvInfo\r
+ );\r
+ ASSERT (mMeasuredChildFvInfo != NULL);\r
+ mMeasuredMaxChildFvIndex = mMeasuredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP;\r
+ }\r
+ //\r
+ // Check whether FV is in the measured child FV list.\r
+ //\r
+ for (Index = 0; Index < mMeasuredChildFvIndex; Index++) {\r
+ if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) {\r
+ return EFI_SUCCESS;\r
}\r
- mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo;\r
- mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize;\r
- mMeasuredChildFvIndex++;\r
}\r
+ mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo;\r
+ mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize;\r
+ mMeasuredChildFvIndex++;\r
return EFI_SUCCESS;\r
}\r
\r
//\r
if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !TpmPermanentFlags.physicalPresenceLifetimeLock) {\r
//\r
- // Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. \r
+ // Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet.\r
//\r
PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK;\r
+ TpmPermanentFlags.physicalPresenceLifetimeLock = TRUE;\r
\r
if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) {\r
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;\r
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_ENABLE;\r
} else {\r
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_DISABLE;\r
- } \r
- \r
+ }\r
+\r
Status = Tpm12PhysicalPresence (\r
PhysicalPresenceValue\r
);\r
return Status;\r
}\r
}\r
- \r
+\r
//\r
// 2. Lock physical presence if it is required.\r
//\r
\r
//\r
// Lock physical presence\r
- // \r
+ //\r
Status = Tpm12PhysicalPresence (\r
TPM_PHYSICAL_PRESENCE_LOCK\r
);\r
EFI_STATUS Status;\r
\r
Status = PeiServicesLocatePpi (\r
- &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, \r
- 0, \r
+ &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,\r
+ 0,\r
NULL,\r
(VOID**)&mMeasurementExcludedFvPpi\r
);\r
// Do not check status, because it is optional\r
\r
- mMeasuredBaseFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
- ASSERT (mMeasuredBaseFvInfo != NULL);\r
- mMeasuredChildFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
- ASSERT (mMeasuredChildFvInfo != NULL);\r
-\r
Status = Tpm12RequestUseTpm ();\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
\r
Status = MeasureMainBios (PeiServices);\r
- } \r
+ }\r
\r
//\r
// Post callbacks:\r
// 1). for the FvInfoPpi services to measure and record\r
// the additional Fvs to TPM\r
- // 2). for the OperatorPresencePpi service to determine whether to \r
+ // 2). for the OperatorPresencePpi service to determine whether to\r
// lock the TPM\r
//\r
Status = PeiServicesNotifyPpi (&mNotifyList[0]);\r
projects / mirror_edk2.git / blobdiff