/** @file\r
Initialize TPM device and measure FVs before handing off control to DXE.\r
\r
-Copyright (c) 2005 - 2013, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2005 - 2016, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
#include <IndustryStandard/Tpm12.h>\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Ppi/FirmwareVolumeInfo.h>\r
+#include <Ppi/FirmwareVolumeInfo2.h>\r
#include <Ppi/LockPhysicalPresence.h>\r
#include <Ppi/TpmInitialized.h>\r
#include <Ppi/FirmwareVolume.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/PeiServicesLib.h>\r
#include <Library/PeimEntryPoint.h>\r
-#include <Library/TpmCommLib.h>\r
#include <Library/HobLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/PeiServicesTablePointerLib.h>\r
#include <Library/BaseLib.h>\r
-\r
-#include "TpmComm.h"\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/ReportStatusCodeLib.h>\r
+#include <Library/Tpm12DeviceLib.h>\r
+#include <Library/Tpm12CommandLib.h>\r
+#include <Library/BaseCryptLib.h>\r
\r
BOOLEAN mImageInMemory = FALSE;\r
\r
NULL\r
};\r
\r
-EFI_PLATFORM_FIRMWARE_BLOB mMeasuredBaseFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
+EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {\r
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
+ &gPeiTpmInitializationDonePpiGuid,\r
+ NULL\r
+};\r
+\r
+EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;\r
UINT32 mMeasuredBaseFvIndex = 0;\r
\r
-EFI_PLATFORM_FIRMWARE_BLOB mMeasuredChildFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
+EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;\r
UINT32 mMeasuredChildFvIndex = 0;\r
\r
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;\r
&gEfiPeiFirmwareVolumeInfoPpiGuid,\r
FirmwareVolmeInfoPpiNotifyCallback \r
},\r
+ {\r
+ EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
+ &gEfiPeiFirmwareVolumeInfo2PpiGuid,\r
+ FirmwareVolmeInfoPpiNotifyCallback \r
+ },\r
{\r
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
&gEfiEndOfPeiSignalPpiGuid,\r
return EFI_SUCCESS;\r
}\r
\r
+/**\r
+Single function calculates SHA1 digest value for all raw data. It\r
+combines Sha1Init(), Sha1Update() and Sha1Final().\r
+\r
+@param[in] Data Raw data to be digested.\r
+@param[in] DataLen Size of the raw data.\r
+@param[out] Digest Pointer to a buffer that stores the final digest.\r
+\r
+@retval EFI_SUCCESS Always successfully calculate the final digest.\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+TpmCommHashAll (\r
+ IN CONST UINT8 *Data,\r
+ IN UINTN DataLen,\r
+ OUT TPM_DIGEST *Digest\r
+ )\r
+{\r
+ VOID *Sha1Ctx;\r
+ UINTN CtxSize;\r
+\r
+ CtxSize = Sha1GetContextSize ();\r
+ Sha1Ctx = AllocatePool (CtxSize);\r
+ ASSERT (Sha1Ctx != NULL);\r
+\r
+ Sha1Init (Sha1Ctx);\r
+ Sha1Update (Sha1Ctx, Data, DataLen);\r
+ Sha1Final (Sha1Ctx, (UINT8 *)Digest);\r
+\r
+ FreePool (Sha1Ctx);\r
+\r
+ return EFI_SUCCESS;\r
+}\r
+\r
/**\r
Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,\r
and build a GUIDed HOB recording the event which will be passed to the DXE phase and\r
@param[in] HashData Physical address of the start of the data buffer \r
to be hashed, extended, and logged.\r
@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.\r
- @param[in] TpmHandle TPM handle.\r
@param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. \r
@param[in] NewEventData Pointer to the new event data. \r
\r
IN EFI_PEI_SERVICES **PeiServices,\r
IN UINT8 *HashData,\r
IN UINTN HashDataLen,\r
- IN TIS_TPM_HANDLE TpmHandle,\r
IN TCG_PCR_EVENT_HDR *NewEventHdr,\r
IN UINT8 *NewEventData\r
)\r
{\r
EFI_STATUS Status;\r
VOID *HobData;\r
+ \r
+ if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
\r
HobData = NULL;\r
if (HashDataLen != 0) {\r
HashDataLen,\r
&NewEventHdr->Digest\r
);\r
- ASSERT_EFI_ERROR (Status);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
}\r
\r
- Status = TpmCommExtend (\r
- PeiServices,\r
- TpmHandle,\r
+ Status = Tpm12Extend (\r
&NewEventHdr->Digest,\r
NewEventHdr->PCRIndex,\r
NULL\r
);\r
- ASSERT_EFI_ERROR (Status);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
\r
HobData = BuildGuidHob (\r
&gTcgEventEntryHobGuid,\r
sizeof (*NewEventHdr) + NewEventHdr->EventSize\r
);\r
if (HobData == NULL) {\r
- return EFI_OUT_OF_RESOURCES;\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Done;\r
}\r
\r
CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));\r
HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr));\r
CopyMem (HobData, NewEventData, NewEventHdr->EventSize);\r
- return EFI_SUCCESS;\r
+\r
+Done:\r
+ if ((Status == EFI_DEVICE_ERROR) || (Status == EFI_TIMEOUT)) {\r
+ DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));\r
+ BuildGuidHob (&gTpmErrorHobGuid,0);\r
+ REPORT_STATUS_CODE (\r
+ EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+ (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+ );\r
+ Status = EFI_DEVICE_ERROR;\r
+ }\r
+ return Status;\r
}\r
\r
/**\r
Measure CRTM version.\r
\r
@param[in] PeiServices Describes the list of possible PEI Services.\r
- @param[in] TpmHandle TPM handle.\r
\r
@retval EFI_SUCCESS Operation completed successfully.\r
@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
EFI_STATUS\r
EFIAPI\r
MeasureCRTMVersion (\r
- IN EFI_PEI_SERVICES **PeiServices,\r
- IN TIS_TPM_HANDLE TpmHandle\r
+ IN EFI_PEI_SERVICES **PeiServices\r
)\r
{\r
TCG_PCR_EVENT_HDR TcgEventHdr;\r
PeiServices,\r
(UINT8*)PcdGetPtr (PcdFirmwareVersionString),\r
TcgEventHdr.EventSize,\r
- TpmHandle,\r
&TcgEventHdr,\r
(UINT8*)PcdGetPtr (PcdFirmwareVersionString)\r
);\r
EFI_STATUS Status;\r
EFI_PLATFORM_FIRMWARE_BLOB FvBlob;\r
TCG_PCR_EVENT_HDR TcgEventHdr;\r
- TIS_TPM_HANDLE TpmHandle;\r
-\r
- TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
\r
//\r
// Check if it is in Excluded FV list\r
(EFI_PEI_SERVICES **) GetPeiServicesTablePointer(),\r
(UINT8*) (UINTN) FvBlob.BlobBase,\r
(UINTN) FvBlob.BlobLength,\r
- TpmHandle,\r
&TcgEventHdr,\r
(UINT8*) &FvBlob\r
);\r
- ASSERT_EFI_ERROR (Status);\r
\r
//\r
// Add new FV into the measured FV list.\r
//\r
- ASSERT (mMeasuredBaseFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
- if (mMeasuredBaseFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase;\r
mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength;\r
mMeasuredBaseFvIndex++;\r
Measure main BIOS.\r
\r
@param[in] PeiServices Describes the list of possible PEI Services.\r
- @param[in] TpmHandle TPM handle.\r
\r
@retval EFI_SUCCESS Operation completed successfully.\r
@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.\r
EFI_STATUS\r
EFIAPI\r
MeasureMainBios (\r
- IN EFI_PEI_SERVICES **PeiServices,\r
- IN TIS_TPM_HANDLE TpmHandle\r
+ IN EFI_PEI_SERVICES **PeiServices\r
)\r
{\r
EFI_STATUS Status;\r
EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv;\r
EFI_STATUS Status;\r
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
+ UINTN Index;\r
\r
Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi;\r
\r
//\r
if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {\r
\r
- ASSERT (mMeasuredChildFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
- if (mMeasuredChildFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ //\r
+ // Check whether FV is in the measured child FV list.\r
+ //\r
+ for (Index = 0; Index < mMeasuredChildFvIndex; Index++) {\r
+ if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) {\r
+ return EFI_SUCCESS;\r
+ }\r
+ }\r
mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo;\r
mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize;\r
mMeasuredChildFvIndex++;\r
)\r
{\r
EFI_STATUS Status;\r
+ TPM_PERMANENT_FLAGS TpmPermanentFlags;\r
PEI_LOCK_PHYSICAL_PRESENCE_PPI *LockPhysicalPresencePpi;\r
- BOOLEAN LifetimeLock;\r
- BOOLEAN CmdEnable;\r
- TIS_TPM_HANDLE TpmHandle;\r
TPM_PHYSICAL_PRESENCE PhysicalPresenceValue;\r
\r
- TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
-\r
- Status = TpmCommGetCapability (PeiServices, TpmHandle, NULL, &LifetimeLock, &CmdEnable);\r
+ Status = Tpm12GetCapabilityFlagPermanent (&TpmPermanentFlags);\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
//\r
// 1. Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by PCDs.\r
//\r
- if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !LifetimeLock) {\r
+ if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !TpmPermanentFlags.physicalPresenceLifetimeLock) {\r
//\r
// Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. \r
//\r
\r
if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) {\r
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;\r
- CmdEnable = TRUE;\r
+ TpmPermanentFlags.physicalPresenceCMDEnable = TRUE;\r
} else {\r
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE;\r
- CmdEnable = FALSE;\r
+ TpmPermanentFlags.physicalPresenceCMDEnable = FALSE;\r
}\r
\r
if (PcdGetBool (PcdPhysicalPresenceHwEnable)) {\r
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_DISABLE;\r
} \r
\r
- Status = TpmCommPhysicalPresence (\r
- PeiServices,\r
- TpmHandle,\r
+ Status = Tpm12PhysicalPresence (\r
PhysicalPresenceValue\r
);\r
if (EFI_ERROR (Status)) {\r
return EFI_SUCCESS;\r
}\r
\r
- if (!CmdEnable) {\r
- if (LifetimeLock) {\r
+ if (!TpmPermanentFlags.physicalPresenceCMDEnable) {\r
+ if (TpmPermanentFlags.physicalPresenceLifetimeLock) {\r
//\r
// physicalPresenceCMDEnable is locked, can't change.\r
//\r
// Enable physical presence command\r
// It is necessary in order to lock physical presence\r
//\r
- Status = TpmCommPhysicalPresence (\r
- PeiServices,\r
- TpmHandle,\r
+ Status = Tpm12PhysicalPresence (\r
TPM_PHYSICAL_PRESENCE_CMD_ENABLE\r
);\r
if (EFI_ERROR (Status)) {\r
//\r
// Lock physical presence\r
// \r
- Status = TpmCommPhysicalPresence (\r
- PeiServices,\r
- TpmHandle,\r
+ Status = Tpm12PhysicalPresence (\r
TPM_PHYSICAL_PRESENCE_LOCK\r
);\r
return Status;\r
Check if TPM chip is activeated or not.\r
\r
@param[in] PeiServices Describes the list of possible PEI Services.\r
- @param[in] TpmHandle TPM handle.\r
\r
@retval TRUE TPM is activated.\r
@retval FALSE TPM is deactivated.\r
\r
**/\r
BOOLEAN\r
-EFIAPI\r
IsTpmUsable (\r
- IN EFI_PEI_SERVICES **PeiServices,\r
- IN TIS_TPM_HANDLE TpmHandle\r
+ VOID\r
)\r
{\r
- EFI_STATUS Status;\r
- BOOLEAN Deactivated;\r
+ EFI_STATUS Status;\r
+ TPM_PERMANENT_FLAGS TpmPermanentFlags;\r
\r
- Status = TpmCommGetCapability (PeiServices, TpmHandle, &Deactivated, NULL, NULL);\r
+ Status = Tpm12GetCapabilityFlagPermanent (&TpmPermanentFlags);\r
if (EFI_ERROR (Status)) {\r
return FALSE;\r
}\r
- return (BOOLEAN)(!Deactivated); \r
+ return (BOOLEAN)(!TpmPermanentFlags.deactivated);\r
}\r
\r
/**\r
)\r
{\r
EFI_STATUS Status;\r
- TIS_TPM_HANDLE TpmHandle;\r
\r
Status = PeiServicesLocatePpi (\r
&gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, \r
);\r
// Do not check status, because it is optional\r
\r
- TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
- Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
+ mMeasuredBaseFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ ASSERT (mMeasuredBaseFvInfo != NULL);\r
+ mMeasuredChildFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ ASSERT (mMeasuredChildFvInfo != NULL);\r
+\r
+ Status = Tpm12RequestUseTpm ();\r
if (EFI_ERROR (Status)) {\r
return Status;\r
}\r
\r
- if (IsTpmUsable (PeiServices, TpmHandle)) {\r
+ if (IsTpmUsable ()) {\r
if (PcdGet8 (PcdTpmScrtmPolicy) == 1) {\r
- Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r
- ASSERT_EFI_ERROR (Status);\r
+ Status = MeasureCRTMVersion (PeiServices);\r
}\r
\r
- Status = MeasureMainBios (PeiServices, TpmHandle);\r
+ Status = MeasureMainBios (PeiServices);\r
} \r
\r
//\r
)\r
{\r
EFI_STATUS Status;\r
+ EFI_STATUS Status2;\r
EFI_BOOT_MODE BootMode;\r
- TIS_TPM_HANDLE TpmHandle;\r
\r
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){\r
DEBUG ((EFI_D_ERROR, "No TPM12 instance required!\n"));\r
return EFI_UNSUPPORTED;\r
}\r
\r
- if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) {\r
- return EFI_UNSUPPORTED;\r
+ if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
+ DEBUG ((EFI_D_ERROR, "TPM error!\n"));\r
+ return EFI_DEVICE_ERROR;\r
}\r
\r
//\r
}\r
\r
if (!mImageInMemory) {\r
- TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
- Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
+ Status = Tpm12RequestUseTpm ();\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));\r
- return Status;\r
+ goto Done;\r
}\r
\r
if (PcdGet8 (PcdTpmInitializationPolicy) == 1) {\r
- Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);\r
+ if (BootMode == BOOT_ON_S3_RESUME) {\r
+ Status = Tpm12Startup (TPM_ST_STATE);\r
+ } else {\r
+ Status = Tpm12Startup (TPM_ST_CLEAR);\r
+ }\r
if (EFI_ERROR (Status) ) {\r
- return Status;\r
+ goto Done;\r
}\r
}\r
\r
// TpmSelfTest is optional on S3 path, skip it to save S3 time\r
//\r
if (BootMode != BOOT_ON_S3_RESUME) {\r
- Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);\r
+ Status = Tpm12ContinueSelfTest ();\r
if (EFI_ERROR (Status)) {\r
- return Status;\r
+ goto Done;\r
}\r
}\r
\r
+ //\r
+ // Only intall TpmInitializedPpi on success\r
+ //\r
Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);\r
ASSERT_EFI_ERROR (Status);\r
}\r
\r
if (mImageInMemory) {\r
Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
+ return Status;\r
+ }\r
+\r
+Done:\r
+ if (EFI_ERROR (Status)) {\r
+ DEBUG ((EFI_D_ERROR, "TPM error! Build Hob\n"));\r
+ BuildGuidHob (&gTpmErrorHobGuid,0);\r
+ REPORT_STATUS_CODE (\r
+ EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+ (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+ );\r
}\r
+ //\r
+ // Always intall TpmInitializationDonePpi no matter success or fail.\r
+ // Other driver can know TPM initialization state by TpmInitializedPpi.\r
+ //\r
+ Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);\r
+ ASSERT_EFI_ERROR (Status2);\r
\r
return Status;\r
}\r
projects / mirror_edk2.git / blobdiff