/** @file\r
Initialize TPM device and measure FVs before handing off control to DXE.\r
\r
-Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
#include <IndustryStandard/Tpm12.h>\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Ppi/FirmwareVolumeInfo.h>\r
+#include <Ppi/FirmwareVolumeInfo2.h>\r
#include <Ppi/LockPhysicalPresence.h>\r
#include <Ppi/TpmInitialized.h>\r
#include <Ppi/FirmwareVolume.h>\r
+#include <Ppi/EndOfPeiPhase.h>\r
+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>\r
+\r
#include <Guid/TcgEventHob.h>\r
+#include <Guid/MeasuredFvHob.h>\r
+#include <Guid/TpmInstance.h>\r
+\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/PeiServicesLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/PeiServicesTablePointerLib.h>\r
#include <Library/BaseLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/ReportStatusCodeLib.h>\r
\r
#include "TpmComm.h"\r
\r
NULL\r
};\r
\r
+EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {\r
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
+ &gPeiTpmInitializationDonePpiGuid,\r
+ NULL\r
+};\r
+\r
+EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;\r
+UINT32 mMeasuredBaseFvIndex = 0;\r
+\r
+EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;\r
+UINT32 mMeasuredChildFvIndex = 0;\r
+\r
+EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;\r
+\r
/**\r
Lock physical presence if needed.\r
\r
IN VOID *Ppi\r
);\r
\r
+/**\r
+ Record all measured Firmware Volum Information into a Guid Hob\r
+\r
+ @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
+ @param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
+ @param[in] Ppi Address of the PPI that was installed.\r
+\r
+ @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.\r
+ @return Others Fail to measure FV.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EndofPeiSignalNotifyCallBack (\r
+ IN EFI_PEI_SERVICES **PeiServices,\r
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
+ IN VOID *Ppi\r
+ );\r
+\r
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {\r
{\r
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
PhysicalPresencePpiNotifyCallback\r
},\r
{\r
- (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
+ EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
&gEfiPeiFirmwareVolumeInfoPpiGuid,\r
FirmwareVolmeInfoPpiNotifyCallback \r
+ },\r
+ {\r
+ EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
+ &gEfiPeiFirmwareVolumeInfo2PpiGuid,\r
+ FirmwareVolmeInfoPpiNotifyCallback \r
+ },\r
+ {\r
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
+ &gEfiEndOfPeiSignalPpiGuid,\r
+ EndofPeiSignalNotifyCallBack\r
}\r
};\r
\r
-EFI_PLATFORM_FIRMWARE_BLOB mMeasuredFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
-UINT32 mMeasuredFvIndex = 0;\r
+/**\r
+ Record all measured Firmware Volum Information into a Guid Hob\r
+ Guid Hob payload layout is \r
+\r
+ UINT32 *************************** FIRMWARE_BLOB number\r
+ EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array\r
+\r
+ @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
+ @param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
+ @param[in] Ppi Address of the PPI that was installed.\r
+\r
+ @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.\r
+ @return Others Fail to measure FV.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EndofPeiSignalNotifyCallBack (\r
+ IN EFI_PEI_SERVICES **PeiServices,\r
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
+ IN VOID *Ppi\r
+ )\r
+{ \r
+ MEASURED_HOB_DATA *MeasuredHobData;\r
+\r
+ MeasuredHobData = NULL;\r
+\r
+ //\r
+ // Create a Guid hob to save all measured Fv \r
+ //\r
+ MeasuredHobData = BuildGuidHob(\r
+ &gMeasuredFvHobGuid,\r
+ sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex)\r
+ );\r
+\r
+ if (MeasuredHobData != NULL){\r
+ //\r
+ // Save measured FV info enty number\r
+ //\r
+ MeasuredHobData->Num = mMeasuredBaseFvIndex + mMeasuredChildFvIndex;\r
+\r
+ //\r
+ // Save measured base Fv info\r
+ //\r
+ CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex));\r
+\r
+ //\r
+ // Save measured child Fv info\r
+ //\r
+ CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
\r
/**\r
Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,\r
{\r
EFI_STATUS Status;\r
VOID *HobData;\r
+ \r
+ if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
\r
HobData = NULL;\r
if (HashDataLen != 0) {\r
HashDataLen,\r
&NewEventHdr->Digest\r
);\r
- ASSERT_EFI_ERROR (Status);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
}\r
\r
Status = TpmCommExtend (\r
NewEventHdr->PCRIndex,\r
NULL\r
);\r
- ASSERT_EFI_ERROR (Status);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
\r
HobData = BuildGuidHob (\r
&gTcgEventEntryHobGuid,\r
sizeof (*NewEventHdr) + NewEventHdr->EventSize\r
);\r
if (HobData == NULL) {\r
- return EFI_OUT_OF_RESOURCES;\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Done;\r
}\r
\r
CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));\r
HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr));\r
CopyMem (HobData, NewEventData, NewEventHdr->EventSize);\r
- return EFI_SUCCESS;\r
+\r
+Done:\r
+ if ((Status == EFI_DEVICE_ERROR) || (Status == EFI_TIMEOUT)) {\r
+ DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));\r
+ BuildGuidHob (&gTpmErrorHobGuid,0);\r
+ REPORT_STATUS_CODE (\r
+ EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+ (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+ );\r
+ Status = EFI_DEVICE_ERROR;\r
+ }\r
+ return Status;\r
}\r
\r
/**\r
\r
TcgEventHdr.PCRIndex = 0;\r
TcgEventHdr.EventType = EV_S_CRTM_VERSION;\r
- TcgEventHdr.EventSize = StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));\r
+ TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));\r
\r
return HashLogExtendEvent (\r
PeiServices,\r
\r
TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
\r
+ //\r
+ // Check if it is in Excluded FV list\r
+ //\r
+ if (mMeasurementExcludedFvPpi != NULL) {\r
+ for (Index = 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) {\r
+ if (mMeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase) {\r
+ DEBUG ((DEBUG_INFO, "The FV which is excluded by TcgPei starts at: 0x%x\n", FvBase));\r
+ DEBUG ((DEBUG_INFO, "The FV which is excluded by TcgPei has the size: 0x%x\n", FvLength));\r
+ return EFI_SUCCESS;\r
+ }\r
+ }\r
+ }\r
+\r
//\r
// Check whether FV is in the measured FV list.\r
//\r
- for (Index = 0; Index < mMeasuredFvIndex; Index ++) {\r
- if (mMeasuredFvInfo[Index].BlobBase == FvBase) {\r
+ for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) {\r
+ if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase) {\r
return EFI_SUCCESS;\r
}\r
}\r
&TcgEventHdr,\r
(UINT8*) &FvBlob\r
);\r
- ASSERT_EFI_ERROR (Status);\r
\r
//\r
// Add new FV into the measured FV list.\r
//\r
- ASSERT (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
- if (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
- mMeasuredFvInfo[mMeasuredFvIndex].BlobBase = FvBase;\r
- mMeasuredFvInfo[mMeasuredFvIndex++].BlobLength = FvLength;\r
+ ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase;\r
+ mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength;\r
+ mMeasuredBaseFvIndex++;\r
}\r
\r
return Status;\r
EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv;\r
EFI_STATUS Status;\r
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
+ UINTN Index;\r
\r
Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi;\r
\r
\r
//\r
// This is an FV from an FFS file, and the parent FV must have already been measured,\r
- // No need to measure twice, so just returns\r
+ // No need to measure twice, so just record the FV and return\r
//\r
if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {\r
+ \r
+ ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ //\r
+ // Check whether FV is in the measured child FV list.\r
+ //\r
+ for (Index = 0; Index < mMeasuredChildFvIndex; Index++) {\r
+ if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) {\r
+ return EFI_SUCCESS;\r
+ }\r
+ }\r
+ mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo;\r
+ mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize;\r
+ mMeasuredChildFvIndex++;\r
+ }\r
return EFI_SUCCESS;\r
}\r
\r
EFI_STATUS Status;\r
TIS_TPM_HANDLE TpmHandle;\r
\r
+ Status = PeiServicesLocatePpi (\r
+ &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, \r
+ 0, \r
+ NULL,\r
+ (VOID**)&mMeasurementExcludedFvPpi\r
+ );\r
+ // Do not check status, because it is optional\r
+\r
+ mMeasuredBaseFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ ASSERT (mMeasuredBaseFvInfo != NULL);\r
+ mMeasuredChildFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ ASSERT (mMeasuredChildFvInfo != NULL);\r
+\r
TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
if (EFI_ERROR (Status)) {\r
}\r
\r
if (IsTpmUsable (PeiServices, TpmHandle)) {\r
- Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r
- ASSERT_EFI_ERROR (Status);\r
+ if (PcdGet8 (PcdTpmScrtmPolicy) == 1) {\r
+ Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r
+ }\r
\r
Status = MeasureMainBios (PeiServices, TpmHandle);\r
} \r
)\r
{\r
EFI_STATUS Status;\r
+ EFI_STATUS Status2;\r
EFI_BOOT_MODE BootMode;\r
TIS_TPM_HANDLE TpmHandle;\r
\r
- if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) {\r
+ if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){\r
+ DEBUG ((EFI_D_ERROR, "No TPM12 instance required!\n"));\r
return EFI_UNSUPPORTED;\r
}\r
\r
Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));\r
- return Status;\r
+ goto Done;\r
}\r
\r
- Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);\r
- if (EFI_ERROR (Status) ) {\r
- return Status;\r
+ if (PcdGet8 (PcdTpmInitializationPolicy) == 1) {\r
+ Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);\r
+ if (EFI_ERROR (Status) ) {\r
+ goto Done;\r
+ }\r
}\r
- Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
+\r
+ //\r
+ // TpmSelfTest is optional on S3 path, skip it to save S3 time\r
+ //\r
+ if (BootMode != BOOT_ON_S3_RESUME) {\r
+ Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
}\r
+\r
+ //\r
+ // Only intall TpmInitializedPpi on success\r
+ //\r
Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);\r
ASSERT_EFI_ERROR (Status);\r
}\r
\r
if (mImageInMemory) {\r
Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
+ return Status;\r
}\r
\r
+Done:\r
+ //\r
+ // Always intall TpmInitializationDonePpi no matter success or fail.\r
+ // Other driver can know TPM initialization state by TpmInitializedPpi.\r
+ //\r
+ Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);\r
+ ASSERT_EFI_ERROR (Status2);\r
+\r
return Status;\r
}\r
projects / mirror_edk2.git / blobdiff