/** @file\r
Initialize TPM device and measure FVs before handing off control to DXE.\r
\r
-Copyright (c) 2005 - 2011, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2005 - 2012, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution. The full text of the license may be found at \r
#include <Ppi/LockPhysicalPresence.h>\r
#include <Ppi/TpmInitialized.h>\r
#include <Ppi/FirmwareVolume.h>\r
+#include <Ppi/EndOfPeiPhase.h>\r
+\r
#include <Guid/TcgEventHob.h>\r
+#include <Guid/MeasuredFvHob.h>\r
+\r
#include <Library/DebugLib.h>\r
#include <Library/BaseMemoryLib.h>\r
#include <Library/PeiServicesLib.h>\r
#include <Library/HobLib.h>\r
#include <Library/PcdLib.h>\r
#include <Library/PeiServicesTablePointerLib.h>\r
+#include <Library/BaseLib.h>\r
\r
#include "TpmComm.h"\r
\r
NULL\r
};\r
\r
+EFI_PLATFORM_FIRMWARE_BLOB mMeasuredBaseFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
+UINT32 mMeasuredBaseFvIndex = 0;\r
+\r
+EFI_PLATFORM_FIRMWARE_BLOB mMeasuredChildFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
+UINT32 mMeasuredChildFvIndex = 0;\r
+\r
/**\r
Lock physical presence if needed.\r
\r
IN VOID *Ppi\r
);\r
\r
+/**\r
+ Record all measured Firmware Volum Information into a Guid Hob\r
+\r
+ @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
+ @param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
+ @param[in] Ppi Address of the PPI that was installed.\r
+\r
+ @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.\r
+ @return Others Fail to measure FV.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EndofPeiSignalNotifyCallBack (\r
+ IN EFI_PEI_SERVICES **PeiServices,\r
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
+ IN VOID *Ppi\r
+ );\r
+\r
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {\r
{\r
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
PhysicalPresencePpiNotifyCallback\r
},\r
{\r
- (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
+ EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,\r
&gEfiPeiFirmwareVolumeInfoPpiGuid,\r
FirmwareVolmeInfoPpiNotifyCallback \r
+ },\r
+ {\r
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),\r
+ &gEfiEndOfPeiSignalPpiGuid,\r
+ EndofPeiSignalNotifyCallBack\r
}\r
};\r
\r
-CHAR8 mSCrtmVersion[] = "{D20BC7C6-A1A5-415c-AE85-38290AB6BE04}";\r
+/**\r
+ Record all measured Firmware Volum Information into a Guid Hob\r
+ Guid Hob payload layout is \r
+\r
+ UINT32 *************************** FIRMWARE_BLOB number\r
+ EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array\r
+\r
+ @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.\r
+ @param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
+ @param[in] Ppi Address of the PPI that was installed.\r
+\r
+ @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.\r
+ @return Others Fail to measure FV.\r
+\r
+**/\r
+EFI_STATUS\r
+EFIAPI\r
+EndofPeiSignalNotifyCallBack (\r
+ IN EFI_PEI_SERVICES **PeiServices,\r
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,\r
+ IN VOID *Ppi\r
+ )\r
+{ \r
+ MEASURED_HOB_DATA *MeasuredHobData;\r
+\r
+ MeasuredHobData = NULL;\r
+\r
+ //\r
+ // Create a Guid hob to save all measured Fv \r
+ //\r
+ MeasuredHobData = BuildGuidHob(\r
+ &gMeasuredFvHobGuid,\r
+ sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex)\r
+ );\r
+\r
+ if (MeasuredHobData != NULL){\r
+ //\r
+ // Save measured FV info enty number\r
+ //\r
+ MeasuredHobData->Num = mMeasuredBaseFvIndex + mMeasuredChildFvIndex;\r
+\r
+ //\r
+ // Save measured base Fv info\r
+ //\r
+ CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex));\r
\r
-EFI_PLATFORM_FIRMWARE_BLOB mMeasuredFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];\r
-UINT32 mMeasuredFvIndex = 0;\r
+ //\r
+ // Save measured child Fv info\r
+ //\r
+ CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));\r
+ }\r
+\r
+ return EFI_SUCCESS;\r
+}\r
\r
/**\r
Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,\r
TCG_PCR_EVENT_HDR TcgEventHdr;\r
\r
//\r
- // Here, only a static GUID is measured instead of real CRTM version.\r
+ // Use FirmwareVersion string to represent CRTM version.\r
// OEMs should get real CRTM version string and measure it.\r
//\r
\r
TcgEventHdr.PCRIndex = 0;\r
TcgEventHdr.EventType = EV_S_CRTM_VERSION;\r
- TcgEventHdr.EventSize = sizeof (mSCrtmVersion);\r
+ TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));\r
+\r
return HashLogExtendEvent (\r
PeiServices,\r
- (UINT8*)&mSCrtmVersion,\r
+ (UINT8*)PcdGetPtr (PcdFirmwareVersionString),\r
TcgEventHdr.EventSize,\r
TpmHandle,\r
&TcgEventHdr,\r
- (UINT8*)&mSCrtmVersion\r
+ (UINT8*)PcdGetPtr (PcdFirmwareVersionString)\r
);\r
}\r
\r
//\r
// Check whether FV is in the measured FV list.\r
//\r
- for (Index = 0; Index < mMeasuredFvIndex; Index ++) {\r
- if (mMeasuredFvInfo[Index].BlobBase == FvBase) {\r
+ for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) {\r
+ if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase) {\r
return EFI_SUCCESS;\r
}\r
}\r
//\r
// Add new FV into the measured FV list.\r
//\r
- ASSERT (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
- if (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
- mMeasuredFvInfo[mMeasuredFvIndex].BlobBase = FvBase;\r
- mMeasuredFvInfo[mMeasuredFvIndex++].BlobLength = FvLength;\r
+ ASSERT (mMeasuredBaseFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ if (mMeasuredBaseFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase;\r
+ mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength;\r
+ mMeasuredBaseFvIndex++;\r
}\r
\r
return Status;\r
\r
//\r
// This is an FV from an FFS file, and the parent FV must have already been measured,\r
- // No need to measure twice, so just returns\r
+ // No need to measure twice, so just record the FV and return\r
//\r
if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {\r
+ \r
+ ASSERT (mMeasuredChildFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));\r
+ if (mMeasuredChildFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {\r
+ mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo;\r
+ mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize;\r
+ mMeasuredChildFvIndex++;\r
+ }\r
return EFI_SUCCESS;\r
}\r
\r
}\r
\r
/**\r
- Lock physical presence if needed.\r
+ Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by corresponding PCDs.\r
+ And lock physical presence if needed.\r
\r
@param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation\r
@param[in] NotifyDescriptor Address of the notification descriptor data structure.\r
BOOLEAN LifetimeLock;\r
BOOLEAN CmdEnable;\r
TIS_TPM_HANDLE TpmHandle;\r
+ TPM_PHYSICAL_PRESENCE PhysicalPresenceValue;\r
\r
TpmHandle = (TIS_TPM_HANDLE) (UINTN) TPM_BASE_ADDRESS;\r
- LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;\r
\r
- if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {\r
- return EFI_SUCCESS;\r
+ Status = TpmCommGetCapability (PeiServices, TpmHandle, NULL, &LifetimeLock, &CmdEnable);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
}\r
\r
//\r
- // Lock TPM physical presence.\r
+ // 1. Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by PCDs.\r
//\r
+ if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !LifetimeLock) {\r
+ //\r
+ // Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. \r
+ //\r
+ PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK;\r
+\r
+ if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) {\r
+ PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;\r
+ CmdEnable = TRUE;\r
+ } else {\r
+ PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE;\r
+ CmdEnable = FALSE;\r
+ }\r
\r
- Status = TpmCommGetCapability (PeiServices, TpmHandle, NULL, &LifetimeLock, &CmdEnable);\r
- if (EFI_ERROR (Status)) {\r
- return Status;\r
+ if (PcdGetBool (PcdPhysicalPresenceHwEnable)) {\r
+ PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_ENABLE;\r
+ } else {\r
+ PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_DISABLE;\r
+ } \r
+ \r
+ Status = TpmCommPhysicalPresence (\r
+ PeiServices,\r
+ TpmHandle,\r
+ PhysicalPresenceValue\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ }\r
+ \r
+ //\r
+ // 2. Lock physical presence if it is required.\r
+ //\r
+ LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;\r
+ if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {\r
+ return EFI_SUCCESS;\r
}\r
\r
if (!CmdEnable) {\r
return EFI_UNSUPPORTED;\r
}\r
\r
- Status = (**PeiServices).RegisterForShadow(FileHandle);\r
- if (Status == EFI_ALREADY_STARTED) {\r
- mImageInMemory = TRUE;\r
- } else if (Status == EFI_NOT_FOUND) {\r
- ASSERT_EFI_ERROR (Status);\r
+ //\r
+ // Initialize TPM device\r
+ //\r
+ Status = PeiServicesGetBootMode (&BootMode);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ //\r
+ // In S3 path, skip shadow logic. no measurement is required\r
+ //\r
+ if (BootMode != BOOT_ON_S3_RESUME) {\r
+ Status = (**PeiServices).RegisterForShadow(FileHandle);\r
+ if (Status == EFI_ALREADY_STARTED) {\r
+ mImageInMemory = TRUE;\r
+ } else if (Status == EFI_NOT_FOUND) {\r
+ ASSERT_EFI_ERROR (Status);\r
+ }\r
}\r
\r
if (!mImageInMemory) {\r
- //\r
- // Initialize TPM device\r
- //\r
- Status = PeiServicesGetBootMode (&BootMode);\r
- ASSERT_EFI_ERROR (Status);\r
-\r
TpmHandle = (TIS_TPM_HANDLE)(UINTN)TPM_BASE_ADDRESS;\r
Status = TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR)TpmHandle);\r
if (EFI_ERROR (Status)) {\r
projects / mirror_edk2.git / blobdiff