/** @file\r
Initialize TPM device and measure FVs before handing off control to DXE.\r
\r
-Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
#include <IndustryStandard/Tpm12.h>\r
#include <IndustryStandard/UefiTcgPlatform.h>\r
#include <Ppi/FirmwareVolumeInfo.h>\r
+#include <Ppi/FirmwareVolumeInfo2.h>\r
#include <Ppi/LockPhysicalPresence.h>\r
#include <Ppi/TpmInitialized.h>\r
#include <Ppi/FirmwareVolume.h>\r
#include <Ppi/EndOfPeiPhase.h>\r
+#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>\r
\r
#include <Guid/TcgEventHob.h>\r
#include <Guid/MeasuredFvHob.h>\r
+#include <Guid/TpmInstance.h>\r
\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/PeiServicesTablePointerLib.h>\r
#include <Library/BaseLib.h>\r
+#include <Library/MemoryAllocationLib.h>\r
+#include <Library/ReportStatusCodeLib.h>\r
\r
#include "TpmComm.h"\r
\r
NULL\r
};\r
\r
-EFI_PLATFORM_FIRMWARE_BLOB mMeasuredBaseFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
+EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {\r
+ EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,\r
+ &gPeiTpmInitializationDonePpiGuid,\r
+ NULL\r
+};\r
+\r
+EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;\r
UINT32 mMeasuredBaseFvIndex = 0;\r
\r
-EFI_PLATFORM_FIRMWARE_BLOB mMeasuredChildFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
+EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;\r
UINT32 mMeasuredChildFvIndex = 0;\r
\r
+EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;\r
+\r
/**\r
Lock physical presence if needed.\r
\r
&gEfiPeiFirmwareVolumeInfoPpiGuid,\r
FirmwareVolmeInfoPpiNotifyCallback \r
},\r
+ {\r
+ EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
+ &gEfiPeiFirmwareVolumeInfo2PpiGuid,\r
+ FirmwareVolmeInfoPpiNotifyCallback \r
+ },\r
{\r
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
&gEfiEndOfPeiSignalPpiGuid,\r
{\r
EFI_STATUS Status;\r
VOID *HobData;\r
+ \r
+ if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {\r
+ return EFI_DEVICE_ERROR;\r
+ }\r
\r
HobData = NULL;\r
if (HashDataLen != 0) {\r
HashDataLen,\r
&NewEventHdr->Digest\r
);\r
- ASSERT_EFI_ERROR (Status);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
}\r
\r
Status = TpmCommExtend (\r
NewEventHdr->PCRIndex,\r
NULL\r
);\r
- ASSERT_EFI_ERROR (Status);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
\r
HobData = BuildGuidHob (\r
&gTcgEventEntryHobGuid,\r
sizeof (*NewEventHdr) + NewEventHdr->EventSize\r
);\r
if (HobData == NULL) {\r
- return EFI_OUT_OF_RESOURCES;\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Done;\r
}\r
\r
CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));\r
HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr));\r
CopyMem (HobData, NewEventData, NewEventHdr->EventSize);\r
- return EFI_SUCCESS;\r
+\r
+Done:\r
+ if ((Status == EFI_DEVICE_ERROR) || (Status == EFI_TIMEOUT)) {\r
+ DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));\r
+ BuildGuidHob (&gTpmErrorHobGuid,0);\r
+ REPORT_STATUS_CODE (\r
+ EFI_ERROR_CODE | EFI_ERROR_MINOR,\r
+ (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)\r
+ );\r
+ Status = EFI_DEVICE_ERROR;\r
+ }\r
+ return Status;\r
}\r
\r
/**\r
\r
TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
\r
+ //\r
+ // Check if it is in Excluded FV list\r
+ //\r
+ if (mMeasurementExcludedFvPpi != NULL) {\r
+ for (Index = 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) {\r
+ if (mMeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase) {\r
+ DEBUG ((DEBUG_INFO, "The FV which is excluded by TcgPei starts at: 0x%x\n", FvBase));\r
+ DEBUG ((DEBUG_INFO, "The FV which is excluded by TcgPei has the size: 0x%x\n", FvLength));\r
+ return EFI_SUCCESS;\r
+ }\r
+ }\r
+ }\r
+\r
//\r
// Check whether FV is in the measured FV list.\r
//\r
&TcgEventHdr,\r
(UINT8*) &FvBlob\r
);\r
- ASSERT_EFI_ERROR (Status);\r
\r
//\r
// Add new FV into the measured FV list.\r
//\r
- ASSERT (mMeasuredBaseFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
- if (mMeasuredBaseFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase;\r
mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength;\r
mMeasuredBaseFvIndex++;\r
EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv;\r
EFI_STATUS Status;\r
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;\r
+ UINTN Index;\r
\r
Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi;\r
\r
//\r
if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {\r
\r
- ASSERT (mMeasuredChildFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
- if (mMeasuredChildFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ //\r
+ // Check whether FV is in the measured child FV list.\r
+ //\r
+ for (Index = 0; Index < mMeasuredChildFvIndex; Index++) {\r
+ if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) {\r
+ return EFI_SUCCESS;\r
+ }\r
+ }\r
mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo;\r
mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize;\r
mMeasuredChildFvIndex++;\r
EFI_STATUS Status;\r
TIS_TPM_HANDLE TpmHandle;\r
\r
+ Status = PeiServicesLocatePpi (\r
+ &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, \r
+ 0, \r
+ NULL,\r
+ (VOID**)&mMeasurementExcludedFvPpi\r
+ );\r
+ // Do not check status, because it is optional\r
+\r
+ mMeasuredBaseFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ ASSERT (mMeasuredBaseFvInfo != NULL);\r
+ mMeasuredChildFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ ASSERT (mMeasuredChildFvInfo != NULL);\r
+\r
TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
if (EFI_ERROR (Status)) {\r
}\r
\r
if (IsTpmUsable (PeiServices, TpmHandle)) {\r
- Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r
- ASSERT_EFI_ERROR (Status);\r
+ if (PcdGet8 (PcdTpmScrtmPolicy) == 1) {\r
+ Status = MeasureCRTMVersion (PeiServices, TpmHandle);\r
+ }\r
\r
Status = MeasureMainBios (PeiServices, TpmHandle);\r
} \r
)\r
{\r
EFI_STATUS Status;\r
+ EFI_STATUS Status2;\r
EFI_BOOT_MODE BootMode;\r
TIS_TPM_HANDLE TpmHandle;\r
\r
- if (PcdGetBool (PcdHideTpmSupport) && PcdGetBool (PcdHideTpm)) {\r
+ if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){\r
+ DEBUG ((EFI_D_ERROR, "No TPM12 instance required!\n"));\r
return EFI_UNSUPPORTED;\r
}\r
\r
Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "TPM not detected!\n"));\r
- return Status;\r
+ goto Done;\r
}\r
\r
- Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);\r
- if (EFI_ERROR (Status) ) {\r
- return Status;\r
+ if (PcdGet8 (PcdTpmInitializationPolicy) == 1) {\r
+ Status = TpmCommStartup ((EFI_PEI_SERVICES**)PeiServices, TpmHandle, BootMode);\r
+ if (EFI_ERROR (Status) ) {\r
+ goto Done;\r
+ }\r
}\r
- Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
+\r
+ //\r
+ // TpmSelfTest is optional on S3 path, skip it to save S3 time\r
+ //\r
+ if (BootMode != BOOT_ON_S3_RESUME) {\r
+ Status = TpmCommContinueSelfTest ((EFI_PEI_SERVICES**)PeiServices, TpmHandle);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
}\r
+\r
+ //\r
+ // Only intall TpmInitializedPpi on success\r
+ //\r
Status = PeiServicesInstallPpi (&mTpmInitializedPpiList);\r
ASSERT_EFI_ERROR (Status);\r
}\r
\r
if (mImageInMemory) {\r
Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
- }\r
+ return Status;\r
}\r
\r
+Done:\r
+ //\r
+ // Always intall TpmInitializationDonePpi no matter success or fail.\r
+ // Other driver can know TPM initialization state by TpmInitializedPpi.\r
+ //\r
+ Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);\r
+ ASSERT_EFI_ERROR (Status2);\r
+\r
return Status;\r
}\r
projects / mirror_edk2.git / blobdiff