SecurityPkg: Tcg2Dxe: Update PCR[4] measure logic

Update PCR[4] measure logic for each boot attempt.
1. Measure event to PCR[4] instead of PCR[5]
2. Measure “Calling UEFI Application from Boot Option”
http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf

Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 9aa16dc6592619032dc70888f38c529100b3b5e8..860ee5946dc4cc64b9e9de6b9fda7e2447434874 100644 (file)
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -1648,8 +1648,9 @@ SetupEventLog (
 }\r
 \r
 /**\r
-  Measure and log an action string, and extend the measurement result into PCR[5].\r
+  Measure and log an action string, and extend the measurement result into PCR[PCRIndex].\r
 \r
+  @param[in] PCRIndex         PCRIndex to extend\r
   @param[in] String           A specific string that indicates an Action event.  \r
   \r
   @retval EFI_SUCCESS         Operation completed successfully.\r
@@ -1658,12 +1659,13 @@ SetupEventLog (
 **/\r
 EFI_STATUS\r
 TcgMeasureAction (\r
-  IN      CHAR8                     *String\r
+  IN      TPM_PCRINDEX       PCRIndex,\r
+  IN      CHAR8              *String\r
   )\r
 {\r
   TCG_PCR_EVENT_HDR                 TcgEvent;\r
 \r
-  TcgEvent.PCRIndex  = 5;\r
+  TcgEvent.PCRIndex  = PCRIndex;\r
   TcgEvent.EventType = EV_EFI_ACTION;\r
   TcgEvent.EventSize = (UINT32)AsciiStrLen (String);\r
   return TcgDxeHashLogExtendEvent (\r
@@ -2180,6 +2182,7 @@ OnReadyToBoot (
     // 1. This is the first boot attempt.\r
     //\r
     Status = TcgMeasureAction (\r
+               4,\r
                EFI_CALLING_EFI_APPLICATION\r
                );\r
     if (EFI_ERROR (Status)) {\r
@@ -2213,11 +2216,24 @@ OnReadyToBoot (
     // 6. Not first attempt, meaning a return from last attempt\r
     //\r
     Status = TcgMeasureAction (\r
+               4,\r
                EFI_RETURNING_FROM_EFI_APPLICATOIN\r
                );\r
     if (EFI_ERROR (Status)) {\r
       DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATOIN));\r
     }\r
+\r
+    //\r
+    // 7. Next boot attempt, measure "Calling EFI Application from Boot Option" again\r
+    // TCG PC Client PFP spec Section 2.4.4.5 Step 4\r
+    //\r
+    Status = TcgMeasureAction (\r
+               4,\r
+               EFI_CALLING_EFI_APPLICATION\r
+               );\r
+    if (EFI_ERROR (Status)) {\r
+      DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION));\r
+    }\r
   }\r
 \r
   DEBUG ((EFI_D_INFO, "TPM2 Tcg2Dxe Measure Data when ReadyToBoot\n"));\r
@@ -2250,6 +2266,7 @@ OnExitBootServices (
   // Measure invocation of ExitBootServices,\r
   //\r
   Status = TcgMeasureAction (\r
+             5,\r
              EFI_EXIT_BOOT_SERVICES_INVOCATION\r
              );\r
   if (EFI_ERROR (Status)) {\r
@@ -2260,6 +2277,7 @@ OnExitBootServices (
   // Measure success of ExitBootServices\r
   //\r
   Status = TcgMeasureAction (\r
+             5,\r
              EFI_EXIT_BOOT_SERVICES_SUCCEEDED\r
              );\r
   if (EFI_ERROR (Status)) {\r
@@ -2289,6 +2307,7 @@ OnExitBootServicesFailed (
   // Measure Failure of ExitBootServices,\r
   //\r
   Status = TcgMeasureAction (\r
+             5,\r
              EFI_EXIT_BOOT_SERVICES_FAILED\r
              );\r
   if (EFI_ERROR (Status)) {\r