X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FTcg%2FTcg2Dxe%2FTcg2Dxe.c;h=556ef33d9bb5b1c0e8d758d85f998f85086b69e5;hp=cb2a65b47caf0772f0b423f3ca3b65787b4caad8;hb=c0584d0bdd4463551db8f8c62a5e2936ec97b407;hpb=1abfa4ce4835639c66ae82cc0d72cffcf3f28b6b
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index cb2a65b47c..556ef33d9b 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -1,7 +1,8 @@
/** @file
This module implements Tcg2 Protocol.
-Copyright (c) 2015, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -15,11 +16,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include
#include
#include
-#include
#include
#include
-#include
#include
#include
#include
@@ -58,9 +57,6 @@ typedef struct {
EFI_GUID *VendorGuid;
} VARIABLE_TYPE;
-#define EFI_TCG_LOG_AREA_SIZE 0x10000
-#define EFI_TCG_FINAL_LOG_AREA_SIZE 0x1000
-
#define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000
#define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000
@@ -131,6 +127,8 @@ EFI_HANDLE mImageHandle;
PE/COFF image is external input, so this function will validate its data structure
within this image buffer before use.
+ Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInfo().
+
@param[in] PCRIndex TPM PCR index
@param[in] ImageAddress Start address of image buffer.
@param[in] ImageSize Image size
@@ -203,33 +201,6 @@ InternalDumpHex (
}
}
-/**
- Check if buffer is all zero.
-
- @param[in] Buffer Buffer to be checked.
- @param[in] BufferSize Size of buffer to be checked.
-
- @retval TRUE Buffer is all zero.
- @retval FALSE Buffer is not all zero.
-**/
-BOOLEAN
-IsZeroBuffer (
- IN VOID *Buffer,
- IN UINTN BufferSize
- )
-{
- UINT8 *BufferData;
- UINTN Index;
-
- BufferData = Buffer;
- for (Index = 0; Index < BufferSize; Index++) {
- if (BufferData[Index] != 0) {
- return FALSE;
- }
- }
- return TRUE;
-}
-
/**
Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function
Caller is responsible to free LocationBuf.
@@ -337,14 +308,14 @@ Tcg2GetCapability (
IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability
)
{
- DEBUG ((EFI_D_INFO, "Tcg2GetCapability ...\n"));
+ DEBUG ((DEBUG_VERBOSE, "Tcg2GetCapability ...\n"));
if ((This == NULL) || (ProtocolCapability == NULL)) {
return EFI_INVALID_PARAMETER;
}
- DEBUG ((EFI_D_INFO, "Size - 0x%x\n", ProtocolCapability->Size));
- DEBUG ((EFI_D_INFO, " 1.1 - 0x%x, 1.0 - 0x%x\n", sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY), sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0)));
+ DEBUG ((DEBUG_VERBOSE, "Size - 0x%x\n", ProtocolCapability->Size));
+ DEBUG ((DEBUG_VERBOSE, " 1.1 - 0x%x, 1.0 - 0x%x\n", sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY), sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0)));
if (ProtocolCapability->Size < mTcgDxeData.BsCap.Size) {
//
@@ -368,7 +339,7 @@ Tcg2GetCapability (
}
CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, mTcgDxeData.BsCap.Size);
- DEBUG ((EFI_D_INFO, "Tcg2GetCapability - %r\n", EFI_SUCCESS));
+ DEBUG ((DEBUG_VERBOSE, "Tcg2GetCapability - %r\n", EFI_SUCCESS));
return EFI_SUCCESS;
}
@@ -406,11 +377,11 @@ DumpTcgEfiSpecIdEventStruct (
IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct
)
{
- TCG_EfiSpecIdEventAlgorithmSize *digestSize;
+ TCG_EfiSpecIdEventAlgorithmSize *DigestSize;
UINTN Index;
- UINT8 *vendorInfoSize;
- UINT8 *vendorInfo;
- UINT32 numberOfAlgorithms;
+ UINT8 *VendorInfoSize;
+ UINT8 *VendorInfo;
+ UINT32 NumberOfAlgorithms;
DEBUG ((EFI_D_INFO, " TCG_EfiSpecIDEventStruct:\n"));
DEBUG ((EFI_D_INFO, " signature - '"));
@@ -422,21 +393,21 @@ DumpTcgEfiSpecIdEventStruct (
DEBUG ((EFI_D_INFO, " specVersion - %d.%d%d\n", TcgEfiSpecIdEventStruct->specVersionMajor, TcgEfiSpecIdEventStruct->specVersionMinor, TcgEfiSpecIdEventStruct->specErrata));
DEBUG ((EFI_D_INFO, " uintnSize - 0x%02x\n", TcgEfiSpecIdEventStruct->uintnSize));
- CopyMem (&numberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof(numberOfAlgorithms));
- DEBUG ((EFI_D_INFO, " numberOfAlgorithms - 0x%08x\n", numberOfAlgorithms));
+ CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof(NumberOfAlgorithms));
+ DEBUG ((EFI_D_INFO, " NumberOfAlgorithms - 0x%08x\n", NumberOfAlgorithms));
- digestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(numberOfAlgorithms));
- for (Index = 0; Index < numberOfAlgorithms; Index++) {
+ DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms));
+ for (Index = 0; Index < NumberOfAlgorithms; Index++) {
DEBUG ((EFI_D_INFO, " digest(%d)\n", Index));
- DEBUG ((EFI_D_INFO, " algorithmId - 0x%04x\n", digestSize[Index].algorithmId));
- DEBUG ((EFI_D_INFO, " digestSize - 0x%04x\n", digestSize[Index].digestSize));
+ DEBUG ((EFI_D_INFO, " algorithmId - 0x%04x\n", DigestSize[Index].algorithmId));
+ DEBUG ((EFI_D_INFO, " digestSize - 0x%04x\n", DigestSize[Index].digestSize));
}
- vendorInfoSize = (UINT8 *)&digestSize[numberOfAlgorithms];
- DEBUG ((EFI_D_INFO, " vendorInfoSize - 0x%02x\n", *vendorInfoSize));
- vendorInfo = vendorInfoSize + 1;
- DEBUG ((EFI_D_INFO, " vendorInfo - "));
- for (Index = 0; Index < *vendorInfoSize; Index++) {
- DEBUG ((EFI_D_INFO, "%02x ", vendorInfo[Index]));
+ VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms];
+ DEBUG ((EFI_D_INFO, " VendorInfoSize - 0x%02x\n", *VendorInfoSize));
+ VendorInfo = VendorInfoSize + 1;
+ DEBUG ((EFI_D_INFO, " VendorInfo - "));
+ for (Index = 0; Index < *VendorInfoSize; Index++) {
+ DEBUG ((EFI_D_INFO, "%02x ", VendorInfo[Index]));
}
DEBUG ((EFI_D_INFO, "\n"));
}
@@ -451,15 +422,15 @@ GetTcgEfiSpecIdEventStructSize (
IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct
)
{
- TCG_EfiSpecIdEventAlgorithmSize *digestSize;
- UINT8 *vendorInfoSize;
- UINT32 numberOfAlgorithms;
+ TCG_EfiSpecIdEventAlgorithmSize *DigestSize;
+ UINT8 *VendorInfoSize;
+ UINT32 NumberOfAlgorithms;
- CopyMem (&numberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof(numberOfAlgorithms));
+ CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof(NumberOfAlgorithms));
- digestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(numberOfAlgorithms));
- vendorInfoSize = (UINT8 *)&digestSize[numberOfAlgorithms];
- return sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (numberOfAlgorithms * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8) + (*vendorInfoSize);
+ DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms));
+ VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms];
+ return sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (NumberOfAlgorithms * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8) + (*VendorInfoSize);
}
/**
@@ -822,11 +793,10 @@ TcgDxeLogEvent (
return EFI_INVALID_PARAMETER;
}
- if (!mTcgDxeData.GetEventLogCalled[Index]) {
- EventLogAreaStruct = &mTcgDxeData.EventLogAreaStruct[Index];
- } else {
- EventLogAreaStruct = &mTcgDxeData.FinalEventLogAreaStruct[Index];
- }
+ //
+ // Record to normal event log
+ //
+ EventLogAreaStruct = &mTcgDxeData.EventLogAreaStruct[Index];
if (EventLogAreaStruct->EventLogTruncated) {
return EFI_VOLUME_FULL;
@@ -843,79 +813,54 @@ TcgDxeLogEvent (
NewEventSize
);
- if (Status == EFI_DEVICE_ERROR) {
- return EFI_DEVICE_ERROR;
- } else if (Status == EFI_OUT_OF_RESOURCES) {
+ if (Status == EFI_OUT_OF_RESOURCES) {
EventLogAreaStruct->EventLogTruncated = TRUE;
return EFI_VOLUME_FULL;
} else if (Status == EFI_SUCCESS) {
EventLogAreaStruct->EventLogStarted = TRUE;
- if (mTcgDxeData.GetEventLogCalled[Index]) {
- (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents ++;
- }
}
- return Status;
-}
-
-/**
- This function get digest from digest list.
-
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
-
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
-**/
-EFI_STATUS
-Tpm2GetDigestFromDigestList (
- IN TPMI_ALG_HASH HashAlg,
- IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- DigestSize = GetHashSizeFromAlgo (HashAlg);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (DigestList->digests[Index].hashAlg == HashAlg) {
- CopyMem (
- Digest,
- &DigestList->digests[Index].digest,
- DigestSize
- );
+ //
+ // If GetEventLog is called, record to FinalEventsTable, too.
+ //
+ if (mTcgDxeData.GetEventLogCalled[Index]) {
+ if (mTcgDxeData.FinalEventsTable[Index] == NULL) {
+ //
+ // no need for FinalEventsTable
+ //
return EFI_SUCCESS;
}
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
- Get TPML_DIGEST_VALUES data size.
-
- @param[in] DigestList TPML_DIGEST_VALUES data.
+ EventLogAreaStruct = &mTcgDxeData.FinalEventLogAreaStruct[Index];
- @return TPML_DIGEST_VALUES data size.
-**/
-UINT32
-GetDigestListSize (
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
- UINT32 TotalSize;
+ if (EventLogAreaStruct->EventLogTruncated) {
+ return EFI_VOLUME_FULL;
+ }
- TotalSize = sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize;
+ EventLogAreaStruct->LastEvent = (UINT8*)(UINTN)EventLogAreaStruct->Lasa;
+ Status = TcgCommLogEvent (
+ &EventLogAreaStruct->LastEvent,
+ &EventLogAreaStruct->EventLogSize,
+ (UINTN)EventLogAreaStruct->Laml,
+ NewEventHdr,
+ NewEventHdrSize,
+ NewEventData,
+ NewEventSize
+ );
+ if (Status == EFI_OUT_OF_RESOURCES) {
+ EventLogAreaStruct->EventLogTruncated = TRUE;
+ return EFI_VOLUME_FULL;
+ } else if (Status == EFI_SUCCESS) {
+ EventLogAreaStruct->EventLogStarted = TRUE;
+ //
+ // Increase the NumberOfEvents in FinalEventsTable
+ //
+ (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents ++;
+ DEBUG ((EFI_D_INFO, "FinalEventsTable->NumberOfEvents - 0x%x\n", (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents));
+ DEBUG ((EFI_D_INFO, " Size - 0x%x\n", (UINTN)EventLogAreaStruct->EventLogSize));
+ }
}
- return TotalSize;
+ return Status;
}
/**
@@ -953,79 +898,55 @@ GetDigestListBinSize (
}
/**
- Return if hash alg is supported in TPM PCR bank.
+ Copy TPML_DIGEST_VALUES compact binary into a buffer
- @param HashAlg Hash algorithm to be checked.
+ @param[in,out] Buffer Buffer to hold copied TPML_DIGEST_VALUES compact binary.
+ @param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer.
+ @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.
+ @param[out] HashAlgorithmMaskCopied Pointer to HASH bits corresponding to the digests copied.
- @retval TRUE Hash algorithm is supported.
- @retval FALSE Hash algorithm is not supported.
+ @return The end of buffer to hold TPML_DIGEST_VALUES compact binary.
**/
-BOOLEAN
-IsHashAlgSupportedInPcrBank (
- IN TPMI_ALG_HASH HashAlg
+VOID *
+CopyDigestListBinToBuffer (
+ IN OUT VOID *Buffer,
+ IN VOID *DigestListBin,
+ IN UINT32 HashAlgorithmMask,
+ OUT UINT32 *HashAlgorithmMaskCopied
)
{
- switch (HashAlg) {
- case TPM_ALG_SHA1:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA256:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA384:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA512:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SM3_256:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
- return TRUE;
- }
- break;
- }
-
- return FALSE;
-}
+ UINTN Index;
+ UINT16 DigestSize;
+ UINT32 Count;
+ TPMI_ALG_HASH HashAlg;
+ UINT32 DigestListCount;
+ UINT32 *DigestListCountPtr;
-/**
- Copy TPML_DIGEST_VALUES into a buffer
+ DigestListCountPtr = (UINT32 *) Buffer;
+ DigestListCount = 0;
+ (*HashAlgorithmMaskCopied) = 0;
- @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
- @param[in] DigestList TPML_DIGEST_VALUES to be copied.
+ Count = ReadUnaligned32 (DigestListBin);
+ Buffer = (UINT8 *)Buffer + sizeof(Count);
+ DigestListBin = (UINT8 *)DigestListBin + sizeof(Count);
+ for (Index = 0; Index < Count; Index++) {
+ HashAlg = ReadUnaligned16 (DigestListBin);
+ DigestListBin = (UINT8 *)DigestListBin + sizeof(HashAlg);
+ DigestSize = GetHashSizeFromAlgo (HashAlg);
- @return The end of buffer to hold TPML_DIGEST_VALUES.
-**/
-VOID *
-CopyDigestListToBuffer (
- IN OUT VOID *Buffer,
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (!IsHashAlgSupportedInPcrBank (DigestList->digests[Index].hashAlg)) {
- DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
- continue;
+ if (IsHashAlgSupportedInHashAlgorithmMask(HashAlg, HashAlgorithmMask)) {
+ CopyMem (Buffer, &HashAlg, sizeof(HashAlg));
+ Buffer = (UINT8 *)Buffer + sizeof(HashAlg);
+ CopyMem (Buffer, DigestListBin, DigestSize);
+ Buffer = (UINT8 *)Buffer + DigestSize;
+ DigestListCount++;
+ (*HashAlgorithmMaskCopied) |= GetHashMaskFromAlgo (HashAlg);
+ } else {
+ DEBUG ((DEBUG_ERROR, "WARNING: CopyDigestListBinToBuffer Event log has HashAlg unsupported by PCR bank (0x%x)\n", HashAlg));
}
- CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
- Buffer = (UINT8 *)Buffer + DigestSize;
+ DigestListBin = (UINT8 *)DigestListBin + DigestSize;
}
+ WriteUnaligned32 (DigestListCountPtr, DigestListCount);
return Buffer;
}
@@ -1053,6 +974,7 @@ TcgDxeLogHashEvent (
EFI_STATUS RetStatus;
TCG_PCR_EVENT2 TcgPcrEvent2;
UINT8 *DigestBuffer;
+ UINT32 *EventSizePtr;
DEBUG ((EFI_D_INFO, "SupportedEventLogs - 0x%08x\n", mTcgDxeData.BsCap.SupportedEventLogs));
@@ -1062,7 +984,7 @@ TcgDxeLogHashEvent (
DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
switch (mTcg2EventInfo[Index].LogFormat) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
- Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
+ Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
//
// Enter critical region
@@ -1089,9 +1011,8 @@ TcgDxeLogHashEvent (
TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex;
TcgPcrEvent2.EventType = NewEventHdr->EventType;
DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest;
- DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList);
- CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize));
- DigestBuffer = DigestBuffer + sizeof(NewEventHdr->EventSize);
+ EventSizePtr = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks);
+ CopyMem (EventSizePtr, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize));
//
// Enter critical region
@@ -1100,7 +1021,7 @@ TcgDxeLogHashEvent (
Status = TcgDxeLogEvent (
mTcg2EventInfo[Index].LogFormat,
&TcgPcrEvent2,
- sizeof(TcgPcrEvent2.PCRIndex) + sizeof(TcgPcrEvent2.EventType) + GetDigestListSize (DigestList) + sizeof(TcgPcrEvent2.EventSize),
+ sizeof(TcgPcrEvent2.PCRIndex) + sizeof(TcgPcrEvent2.EventType) + GetDigestListBinSize (DigestBuffer) + sizeof(TcgPcrEvent2.EventSize),
NewEventData,
NewEventHdr->EventSize
);
@@ -1208,7 +1129,7 @@ Tcg2HashLogExtendEvent (
TCG_PCR_EVENT_HDR NewEventHdr;
TPML_DIGEST_VALUES DigestList;
- DEBUG ((EFI_D_INFO, "Tcg2HashLogExtendEvent ...\n"));
+ DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent ...\n"));
if ((This == NULL) || (DataToHash == 0) || (Event == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -1258,7 +1179,7 @@ Tcg2HashLogExtendEvent (
Event->Event
);
}
- DEBUG ((EFI_D_INFO, "Tcg2HashLogExtendEvent - %r\n", Status));
+ DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent - %r\n", Status));
return Status;
}
@@ -1300,10 +1221,10 @@ Tcg2SubmitCommand (
return EFI_DEVICE_ERROR;
}
- if (InputParameterBlockSize >= mTcgDxeData.BsCap.MaxCommandSize) {
+ if (InputParameterBlockSize > mTcgDxeData.BsCap.MaxCommandSize) {
return EFI_INVALID_PARAMETER;
}
- if (OutputParameterBlockSize >= mTcgDxeData.BsCap.MaxResponseSize) {
+ if (OutputParameterBlockSize > mTcgDxeData.BsCap.MaxResponseSize) {
return EFI_INVALID_PARAMETER;
}
@@ -1450,14 +1371,20 @@ SetupEventLog (
EFI_PEI_HOB_POINTERS GuidHob;
EFI_PHYSICAL_ADDRESS Lasa;
UINTN Index;
+ VOID *DigestListBin;
+ TPML_DIGEST_VALUES TempDigestListBin;
UINT32 DigestListBinSize;
+ UINT8 *Event;
UINT32 EventSize;
+ UINT32 *EventSizePtr;
+ UINT32 HashAlgorithmMaskCopied;
TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct;
- UINT8 TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + (HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)];
+ UINT8 TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)];
TCG_PCR_EVENT_HDR FirstPcrEvent;
- TCG_EfiSpecIdEventAlgorithmSize *digestSize;
- UINT8 *vendorInfoSize;
- UINT32 numberOfAlgorithms;
+ TCG_EfiSpecIdEventAlgorithmSize *DigestSize;
+ TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize;
+ UINT8 *VendorInfoSize;
+ UINT32 NumberOfAlgorithms;
DEBUG ((EFI_D_INFO, "SetupEventLog\n"));
@@ -1467,23 +1394,22 @@ SetupEventLog (
for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {
if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
mTcgDxeData.EventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat;
- Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);
Status = gBS->AllocatePages (
- AllocateMaxAddress,
- EfiACPIMemoryNVS,
- EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE),
+ AllocateAnyPages,
+ EfiBootServicesData,
+ EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)),
&Lasa
);
if (EFI_ERROR (Status)) {
return Status;
}
mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa;
- mTcgDxeData.EventLogAreaStruct[Index].Laml = EFI_TCG_LOG_AREA_SIZE;
+ mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen);
//
// To initialize them as 0xFF is recommended
// because the OS can know the last entry for that.
//
- SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF);
+ SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF);
//
// Create first entry for Log Header Entry Data
//
@@ -1498,36 +1424,48 @@ SetupEventLog (
TcgEfiSpecIdEventStruct->specVersionMinor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2;
TcgEfiSpecIdEventStruct->specErrata = TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2;
TcgEfiSpecIdEventStruct->uintnSize = sizeof(UINTN)/sizeof(UINT32);
- numberOfAlgorithms = 0;
- digestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(numberOfAlgorithms));
+ NumberOfAlgorithms = 0;
+ DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms));
if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {
- digestSize[numberOfAlgorithms].algorithmId = TPM_ALG_SHA1;
- digestSize[numberOfAlgorithms].digestSize = SHA1_DIGEST_SIZE;
- numberOfAlgorithms++;
+ TempDigestSize = DigestSize;
+ TempDigestSize += NumberOfAlgorithms;
+ TempDigestSize->algorithmId = TPM_ALG_SHA1;
+ TempDigestSize->digestSize = SHA1_DIGEST_SIZE;
+ NumberOfAlgorithms++;
}
if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
- digestSize[numberOfAlgorithms].algorithmId = TPM_ALG_SHA256;
- digestSize[numberOfAlgorithms].digestSize = SHA256_DIGEST_SIZE;
- numberOfAlgorithms++;
+ TempDigestSize = DigestSize;
+ TempDigestSize += NumberOfAlgorithms;
+ TempDigestSize->algorithmId = TPM_ALG_SHA256;
+ TempDigestSize->digestSize = SHA256_DIGEST_SIZE;
+ NumberOfAlgorithms++;
}
if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
- digestSize[numberOfAlgorithms].algorithmId = TPM_ALG_SHA384;
- digestSize[numberOfAlgorithms].digestSize = SHA384_DIGEST_SIZE;
- numberOfAlgorithms++;
+ TempDigestSize = DigestSize;
+ TempDigestSize += NumberOfAlgorithms;
+ TempDigestSize->algorithmId = TPM_ALG_SHA384;
+ TempDigestSize->digestSize = SHA384_DIGEST_SIZE;
+ NumberOfAlgorithms++;
}
if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
- digestSize[numberOfAlgorithms].algorithmId = TPM_ALG_SHA512;
- digestSize[numberOfAlgorithms].digestSize = SHA512_DIGEST_SIZE;
- numberOfAlgorithms++;
+ TempDigestSize = DigestSize;
+ TempDigestSize += NumberOfAlgorithms;
+ TempDigestSize->algorithmId = TPM_ALG_SHA512;
+ TempDigestSize->digestSize = SHA512_DIGEST_SIZE;
+ NumberOfAlgorithms++;
}
if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
- digestSize[numberOfAlgorithms].algorithmId = TPM_ALG_SM3_256;
- digestSize[numberOfAlgorithms].digestSize = SM3_256_DIGEST_SIZE;
- numberOfAlgorithms++;
+ TempDigestSize = DigestSize;
+ TempDigestSize += NumberOfAlgorithms;
+ TempDigestSize->algorithmId = TPM_ALG_SM3_256;
+ TempDigestSize->digestSize = SM3_256_DIGEST_SIZE;
+ NumberOfAlgorithms++;
}
- CopyMem (TcgEfiSpecIdEventStruct + 1, &numberOfAlgorithms, sizeof(numberOfAlgorithms));
- vendorInfoSize = (UINT8 *)&digestSize[numberOfAlgorithms];
- *vendorInfoSize = 0;
+ CopyMem (TcgEfiSpecIdEventStruct + 1, &NumberOfAlgorithms, sizeof(NumberOfAlgorithms));
+ TempDigestSize = DigestSize;
+ TempDigestSize += NumberOfAlgorithms;
+ VendorInfoSize = (UINT8 *)TempDigestSize;
+ *VendorInfoSize = 0;
//
// FirstPcrEvent
@@ -1556,41 +1494,52 @@ SetupEventLog (
//
for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {
if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
- Lasa = (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1);
- Status = gBS->AllocatePages (
- AllocateMaxAddress,
- EfiACPIMemoryNVS,
- EFI_SIZE_TO_PAGES (EFI_TCG_FINAL_LOG_AREA_SIZE),
- &Lasa
- );
- if (EFI_ERROR (Status)) {
- return Status;
- }
- SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_FINAL_LOG_AREA_SIZE, 0xFF);
+ if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) {
+ Status = gBS->AllocatePages (
+ AllocateAnyPages,
+ EfiACPIMemoryNVS,
+ EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcg2FinalLogAreaLen)),
+ &Lasa
+ );
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), 0xFF);
- //
- // Initialize
- //
- mTcgDxeData.FinalEventsTable[Index] = (VOID *)(UINTN)Lasa;
- (mTcgDxeData.FinalEventsTable[Index])->Version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
- (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents = 0;
-
- mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat;
- mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + sizeof(EFI_TCG2_FINAL_EVENTS_TABLE);
- mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = EFI_TCG_FINAL_LOG_AREA_SIZE - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE);
- mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0;
- mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa;
- mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE;
- mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE;
+ //
+ // Initialize
+ //
+ mTcgDxeData.FinalEventsTable[Index] = (VOID *)(UINTN)Lasa;
+ (mTcgDxeData.FinalEventsTable[Index])->Version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
+ (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents = 0;
+
+ mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + sizeof(EFI_TCG2_FINAL_EVENTS_TABLE);
+ mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcg2FinalLogAreaLen) - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE);
+ mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE;
- if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) {
//
- // Install to configuration table
+ // Install to configuration table for EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
//
- Status = gBS->InstallConfigurationTable (&gEfiTcg2FinalEventsTableGuid, (VOID *)mTcgDxeData.FinalEventsTable[1]);
+ Status = gBS->InstallConfigurationTable (&gEfiTcg2FinalEventsTableGuid, (VOID *)mTcgDxeData.FinalEventsTable[Index]);
if (EFI_ERROR (Status)) {
return Status;
}
+ } else {
+ //
+ // No need to handle EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
+ //
+ mTcgDxeData.FinalEventsTable[Index] = NULL;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = 0;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = 0;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = 0;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE;
}
}
}
@@ -1605,7 +1554,8 @@ SetupEventLog (
Status = EFI_SUCCESS;
while (!EFI_ERROR (Status) &&
(GuidHob.Raw = GetNextGuidHob (mTcg2EventInfo[Index].EventGuid, GuidHob.Raw)) != NULL) {
- TcgEvent = GET_GUID_HOB_DATA (GuidHob.Guid);
+ TcgEvent = AllocateCopyPool (GET_GUID_HOB_DATA_SIZE (GuidHob.Guid), GET_GUID_HOB_DATA (GuidHob.Guid));
+ ASSERT (TcgEvent != NULL);
GuidHob.Raw = GET_NEXT_HOB (GuidHob);
switch (mTcg2EventInfo[Index].LogFormat) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
@@ -1618,17 +1568,47 @@ SetupEventLog (
);
break;
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2:
- DigestListBinSize = GetDigestListBinSize ((UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE));
- CopyMem (&EventSize, (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize, sizeof(UINT32));
+ DigestListBin = (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE);
+ DigestListBinSize = GetDigestListBinSize (DigestListBin);
+ //
+ // Save event size.
+ //
+ CopyMem (&EventSize, (UINT8 *)DigestListBin + DigestListBinSize, sizeof(UINT32));
+ Event = (UINT8 *)DigestListBin + DigestListBinSize + sizeof(UINT32);
+ //
+ // Filter inactive digest in the event2 log from PEI HOB.
+ //
+ CopyMem (&TempDigestListBin, DigestListBin, GetDigestListBinSize (DigestListBin));
+ EventSizePtr = CopyDigestListBinToBuffer (
+ DigestListBin,
+ &TempDigestListBin,
+ mTcgDxeData.BsCap.ActivePcrBanks,
+ &HashAlgorithmMaskCopied
+ );
+ if (HashAlgorithmMaskCopied != mTcgDxeData.BsCap.ActivePcrBanks) {
+ DEBUG ((
+ DEBUG_ERROR,
+ "ERROR: The event2 log includes digest hash mask 0x%x, but required digest hash mask is 0x%x\n",
+ HashAlgorithmMaskCopied,
+ mTcgDxeData.BsCap.ActivePcrBanks
+ ));
+ }
+ //
+ // Restore event size.
+ //
+ CopyMem (EventSizePtr, &EventSize, sizeof(UINT32));
+ DigestListBinSize = GetDigestListBinSize (DigestListBin);
+
Status = TcgDxeLogEvent (
mTcg2EventInfo[Index].LogFormat,
TcgEvent,
sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32),
- (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32),
+ Event,
EventSize
);
break;
}
+ FreePool (TcgEvent);
}
}
}
@@ -1677,42 +1657,13 @@ MeasureHandoffTables (
)
{
EFI_STATUS Status;
- SMBIOS_TABLE_ENTRY_POINT *SmbiosTable;
TCG_PCR_EVENT_HDR TcgEvent;
EFI_HANDOFF_TABLE_POINTERS HandoffTables;
UINTN ProcessorNum;
EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
ProcessorLocBuf = NULL;
-
- //
- // Measure SMBIOS with EV_EFI_HANDOFF_TABLES to PCR[1]
- //
- Status = EfiGetSystemConfigurationTable (
- &gEfiSmbiosTableGuid,
- (VOID **) &SmbiosTable
- );
-
- if (!EFI_ERROR (Status) && SmbiosTable != NULL) {
- TcgEvent.PCRIndex = 1;
- TcgEvent.EventType = EV_EFI_HANDOFF_TABLES;
- TcgEvent.EventSize = sizeof (HandoffTables);
-
- HandoffTables.NumberOfTables = 1;
- HandoffTables.TableEntry[0].VendorGuid = gEfiSmbiosTableGuid;
- HandoffTables.TableEntry[0].VendorTable = SmbiosTable;
-
- DEBUG ((DEBUG_INFO, "The Smbios Table starts at: 0x%x\n", SmbiosTable->TableAddress));
- DEBUG ((DEBUG_INFO, "The Smbios Table size: 0x%x\n", SmbiosTable->TableLength));
-
- Status = TcgDxeHashLogExtendEvent (
- 0,
- (UINT8*)(UINTN)SmbiosTable->TableAddress,
- SmbiosTable->TableLength,
- &TcgEvent,
- (UINT8*)&HandoffTables
- );
- }
+ Status = EFI_SUCCESS;
if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) {
//
@@ -1850,6 +1801,7 @@ MeasureVariable (
(UINT8*)VarLog
);
} else {
+ ASSERT (VarData != NULL);
Status = TcgDxeHashLogExtendEvent (
0,
(UINT8*)VarData,
@@ -2200,7 +2152,7 @@ OnReadyToBoot (
EFI_CALLING_EFI_APPLICATION
);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "%s not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION));
+ DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION));
}
//
@@ -2210,7 +2162,7 @@ OnReadyToBoot (
for (PcrIndex = 0; PcrIndex < 7; PcrIndex++) {
Status = MeasureSeparatorEvent (PcrIndex);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Seperator Event not Measured. Error!\n"));
+ DEBUG ((DEBUG_ERROR, "Separator Event not Measured. Error!\n"));
}
}
@@ -2233,7 +2185,7 @@ OnReadyToBoot (
EFI_RETURNING_FROM_EFI_APPLICATOIN
);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "%s not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATOIN));
+ DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATOIN));
}
}
@@ -2270,7 +2222,7 @@ OnExitBootServices (
EFI_EXIT_BOOT_SERVICES_INVOCATION
);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "%s not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION));
+ DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION));
}
//
@@ -2280,7 +2232,7 @@ OnExitBootServices (
EFI_EXIT_BOOT_SERVICES_SUCCEEDED
);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "%s not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED));
+ DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED));
}
}
@@ -2309,7 +2261,7 @@ OnExitBootServicesFailed (
EFI_EXIT_BOOT_SERVICES_FAILED
);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "%s not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED));
+ DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED));
}
}
@@ -2359,7 +2311,6 @@ DriverEntry (
VOID *Registration;
UINT32 MaxCommandSize;
UINT32 MaxResponseSize;
- TPML_PCR_SELECTION Pcrs;
UINTN Index;
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePCRBanks;
@@ -2429,61 +2380,22 @@ DriverEntry (
//
// Get supported PCR and current Active PCRs
//
- Status = Tpm2GetCapabilityPcrs (&Pcrs);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
- TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- NumberOfPCRBanks = 1;
- ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- } else {
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
- NumberOfPCRBanks = 0;
- TpmHashAlgorithmBitmap = 0;
- ActivePCRBanks = 0;
- for (Index = 0; Index < Pcrs.count; Index++) {
- DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash));
- switch (Pcrs.pcrSelections[Index].hash) {
- case TPM_ALG_SHA1:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- NumberOfPCRBanks ++;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- }
- break;
- case TPM_ALG_SHA256:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- NumberOfPCRBanks ++;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- }
- break;
- case TPM_ALG_SHA384:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- NumberOfPCRBanks ++;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- }
- break;
- case TPM_ALG_SHA512:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- NumberOfPCRBanks ++;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- }
- break;
- case TPM_ALG_SM3_256:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- NumberOfPCRBanks ++;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- }
- break;
- }
- }
- }
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePCRBanks);
+ ASSERT_EFI_ERROR (Status);
+
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
+ //
+ // Need calculate NumberOfPCRBanks here, because HashAlgorithmBitmap might be removed by PCD.
+ //
+ NumberOfPCRBanks = 0;
+ for (Index = 0; Index < 32; Index++) {
+ if ((mTcgDxeData.BsCap.HashAlgorithmBitmap & (1u << Index)) != 0) {
+ NumberOfPCRBanks++;
+ }
+ }
+
if (PcdGet32 (PcdTcg2NumberOfPCRBanks) == 0) {
mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks;
} else {
@@ -2495,11 +2407,11 @@ DriverEntry (
}
mTcgDxeData.BsCap.SupportedEventLogs = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
- if ((mTcgDxeData.BsCap.ActivePcrBanks & TREE_BOOT_HASH_ALG_SHA1) == 0) {
+ if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) == 0) {
//
// No need to expose TCG1.2 event log if SHA1 bank does not exist.
//
- mTcgDxeData.BsCap.SupportedEventLogs &= ~TREE_EVENT_LOG_FORMAT_TCG_1_2;
+ mTcgDxeData.BsCap.SupportedEventLogs &= ~EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
}
DEBUG ((EFI_D_INFO, "Tcg2.SupportedEventLogs - 0x%08x\n", mTcgDxeData.BsCap.SupportedEventLogs));