SecurityPkg Tcg2Dxe: Filter inactive digest in event2 log from PEI HOB

author Star Zeng <star.zeng@intel.com>

Thu, 17 Nov 2016 08:54:15 +0000 (16:54 +0800)

committer Star Zeng <star.zeng@intel.com>

Mon, 21 Nov 2016 02:38:32 +0000 (10:38 +0800)
author Star Zeng <star.zeng@intel.com>
Thu, 17 Nov 2016 08:54:15 +0000 (16:54 +0800)
committer Star Zeng <star.zeng@intel.com>
Mon, 21 Nov 2016 02:38:32 +0000 (10:38 +0800)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c

index f0545a6df856e9c6693a1a8463bdf0db788cc6cf..3d79a07d126292461a82e9777f23255c4d1d6d4a 100644 (file)
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -897,6 +897,60 @@ GetDigestListBinSize (
    return TotalSize;\r
  }\r
  \r
+/**\r
+  Copy TPML_DIGEST_VALUES compact binary into a buffer\r
+\r
+  @param[in,out]    Buffer                  Buffer to hold copied TPML_DIGEST_VALUES compact binary.\r
+  @param[in]        DigestListBin           TPML_DIGEST_VALUES compact binary buffer.\r
+  @param[in]        HashAlgorithmMask       HASH bits corresponding to the desired digests to copy.\r
+  @param[out]       HashAlgorithmMaskCopied Pointer to HASH bits corresponding to the digests copied.\r
+\r
+  @return The end of buffer to hold TPML_DIGEST_VALUES compact binary.\r
+**/\r
+VOID *\r
+CopyDigestListBinToBuffer (\r
+  IN OUT VOID                       *Buffer,\r
+  IN VOID                           *DigestListBin,\r
+  IN UINT32                         HashAlgorithmMask,\r
+  OUT UINT32                        *HashAlgorithmMaskCopied\r
+  )\r
+{\r
+  UINTN         Index;\r
+  UINT16        DigestSize;\r
+  UINT32        Count;\r
+  TPMI_ALG_HASH HashAlg;\r
+  UINT32        DigestListCount;\r
+  UINT32        *DigestListCountPtr;\r
+\r
+  DigestListCountPtr = (UINT32 *) Buffer;\r
+  DigestListCount = 0;\r
+  (*HashAlgorithmMaskCopied) = 0;\r
+\r
+  Count = ReadUnaligned32 (DigestListBin);\r
+  Buffer = (UINT8 *)Buffer + sizeof(Count);\r
+  DigestListBin = (UINT8 *)DigestListBin + sizeof(Count);\r
+  for (Index = 0; Index < Count; Index++) {\r
+    HashAlg = ReadUnaligned16 (DigestListBin);\r
+    DigestListBin = (UINT8 *)DigestListBin + sizeof(HashAlg);\r
+    DigestSize = GetHashSizeFromAlgo (HashAlg);\r
+\r
+    if (IsHashAlgSupportedInHashAlgorithmMask(HashAlg, HashAlgorithmMask)) {\r
+      CopyMem (Buffer, &HashAlg, sizeof(HashAlg));\r
+      Buffer = (UINT8 *)Buffer + sizeof(HashAlg);\r
+      CopyMem (Buffer, DigestListBin, DigestSize);\r
+      Buffer = (UINT8 *)Buffer + DigestSize;\r
+      DigestListCount++;\r
+      (*HashAlgorithmMaskCopied) |= GetHashMaskFromAlgo (HashAlg);\r
+    } else {\r
+      DEBUG ((DEBUG_ERROR, "WARNING: CopyDigestListBinToBuffer Event log has HashAlg unsupported by PCR bank (0x%x)\n", HashAlg));\r
+    }\r
+    DigestListBin = (UINT8 *)DigestListBin + DigestSize;\r
+  }\r
+  WriteUnaligned32 (DigestListCountPtr, DigestListCount);\r
+\r
+  return Buffer;\r
+}\r
+\r
  /**\r
    Add a new entry to the Event Log.\r
  \r
@@ -1317,8 +1371,13 @@ SetupEventLog (
    EFI_PEI_HOB_POINTERS            GuidHob;\r
    EFI_PHYSICAL_ADDRESS            Lasa;\r
    UINTN                           Index;\r
+  VOID                            *DigestListBin;\r
+  TPML_DIGEST_VALUES              TempDigestListBin;\r
    UINT32                          DigestListBinSize;\r
+  UINT8                           *Event;\r
    UINT32                          EventSize;\r
+  UINT32                          *EventSizePtr;\r
+  UINT32                          HashAlgorithmMaskCopied;\r
    TCG_EfiSpecIDEventStruct        *TcgEfiSpecIdEventStruct;\r
    UINT8                           TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)];\r
    TCG_PCR_EVENT_HDR               FirstPcrEvent;\r
@@ -1497,7 +1556,8 @@ SetupEventLog (
        Status = EFI_SUCCESS;\r
        while (!EFI_ERROR (Status) && \r
               (GuidHob.Raw = GetNextGuidHob (mTcg2EventInfo[Index].EventGuid, GuidHob.Raw)) != NULL) {\r
-        TcgEvent    = GET_GUID_HOB_DATA (GuidHob.Guid);\r
+        TcgEvent    = AllocateCopyPool (GET_GUID_HOB_DATA_SIZE (GuidHob.Guid), GET_GUID_HOB_DATA (GuidHob.Guid));\r
+        ASSERT (TcgEvent != NULL);\r
          GuidHob.Raw = GET_NEXT_HOB (GuidHob);\r
          switch (mTcg2EventInfo[Index].LogFormat) {\r
          case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:\r
@@ -1510,17 +1570,47 @@ SetupEventLog (
                       );\r
            break;\r
          case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2:\r
-          DigestListBinSize = GetDigestListBinSize ((UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE));\r
-          CopyMem (&EventSize, (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize, sizeof(UINT32));\r
+          DigestListBin = (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE);\r
+          DigestListBinSize = GetDigestListBinSize (DigestListBin);\r
+          //\r
+          // Save event size.\r
+          //\r
+          CopyMem (&EventSize, (UINT8 *)DigestListBin + DigestListBinSize, sizeof(UINT32));\r
+          Event = (UINT8 *)DigestListBin + DigestListBinSize + sizeof(UINT32);\r
+          //\r
+          // Filter inactive digest in the event2 log from PEI HOB.\r
+          //\r
+          CopyMem (&TempDigestListBin, DigestListBin, GetDigestListBinSize (DigestListBin));\r
+          EventSizePtr = CopyDigestListBinToBuffer (\r
+                           DigestListBin,\r
+                           &TempDigestListBin,\r
+                           mTcgDxeData.BsCap.ActivePcrBanks,\r
+                           &HashAlgorithmMaskCopied\r
+                           );\r
+          if (HashAlgorithmMaskCopied != mTcgDxeData.BsCap.ActivePcrBanks) {\r
+            DEBUG ((\r
+              DEBUG_ERROR,\r
+              "ERROR: The event2 log includes digest hash mask 0x%x, but required digest hash mask is 0x%x\n",\r
+              HashAlgorithmMaskCopied,\r
+              mTcgDxeData.BsCap.ActivePcrBanks\r
+              ));\r
+          }\r
+          //\r
+          // Restore event size.\r
+          //\r
+          CopyMem (EventSizePtr, &EventSize, sizeof(UINT32));\r
+          DigestListBinSize = GetDigestListBinSize (DigestListBin);\r
+\r
            Status = TcgDxeLogEvent (\r
                       mTcg2EventInfo[Index].LogFormat,\r
                       TcgEvent,\r
                       sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32),\r
-                     (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32),\r
+                     Event,\r
                       EventSize\r
                       );\r
            break;\r
          }\r
+        FreePool (TcgEvent);\r
        }\r
      }\r
    }\r
author	Star Zeng <star.zeng@intel.com>
	Thu, 17 Nov 2016 08:54:15 +0000 (16:54 +0800)
committer	Star Zeng <star.zeng@intel.com>
	Mon, 21 Nov 2016 02:38:32 +0000 (10:38 +0800)