From 0758c830f7b4a388b15fb825b896f5f366985bbf Mon Sep 17 00:00:00 2001 From: czhang46 Date: Fri, 28 Sep 2012 00:57:02 +0000 Subject: [PATCH] Rename Trusted Hob to Measured FV hob and add Guided Hob layout structure Signed-off-by : Chao Zhang Reviewed-by : Dong Guo git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13762 6f19259b-4bc3-4df7-8a09-765794883524 --- .../Guid/{TrustedFvHob.h => MeasuredFvHob.h} | 19 +++++++++----- .../DxeTpmMeasureBootLib.c | 22 +++++++--------- .../DxeTpmMeasureBootLib.inf | 2 +- SecurityPkg/SecurityPkg.dec | 4 +-- SecurityPkg/Tcg/TcgPei/TcgPei.c | 26 +++++++++---------- SecurityPkg/Tcg/TcgPei/TcgPei.inf | 2 +- 6 files changed, 39 insertions(+), 36 deletions(-) rename SecurityPkg/Include/Guid/{TrustedFvHob.h => MeasuredFvHob.h} (56%) diff --git a/SecurityPkg/Include/Guid/TrustedFvHob.h b/SecurityPkg/Include/Guid/MeasuredFvHob.h similarity index 56% rename from SecurityPkg/Include/Guid/TrustedFvHob.h rename to SecurityPkg/Include/Guid/MeasuredFvHob.h index 3a3a607079..a2e6922335 100644 --- a/SecurityPkg/Include/Guid/TrustedFvHob.h +++ b/SecurityPkg/Include/Guid/MeasuredFvHob.h @@ -1,5 +1,5 @@ /** @file - Defines the HOB GUID used to pass all PEI trusted FV info to + Defines the HOB GUID used to pass all PEI measured FV info to DXE Driver. Copyright (c) 2012, Intel Corporation. All rights reserved.
@@ -13,17 +13,24 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/ -#ifndef _TRUSTED_FV_HOB_H_ -#define _TRUSTED_FV_HOB_H_ +#ifndef _MEASURED_FV_HOB_H_ +#define _MEASURED_FV_HOB_H_ + +#include /// -/// The Global ID of a GUIDed HOB used to pass all PEI trusted FV info to DXE Driver. +/// The Global ID of a GUIDed HOB used to pass all PEI measured FV info to DXE Driver. /// -#define EFI_TRUSTED_FV_HOB_GUID \ +#define EFI_MEASURED_FV_HOB_GUID \ { \ 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 } \ } -extern EFI_GUID gTrustedFvHobGuid; +extern EFI_GUID gMeasuredFvHobGuid; + +typedef struct { + UINT32 Num; + EFI_PLATFORM_FIRMWARE_BLOB MeasuredFvBuf[1]; +} MEASURED_HOB_DATA; #endif diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index f3e486eadc..eae68eab6b 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -34,7 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include -#include +#include #include #include @@ -59,7 +59,7 @@ UINTN mImageSize; // Measured FV handle cache // EFI_HANDLE mCacheMeasuredHandle = NULL; -UINT32 *mGuidHobData = NULL; +MEASURED_HOB_DATA *mMeasuredHobData = NULL; /** Reads contents of a PE/COFF image in memory buffer. @@ -740,7 +740,6 @@ DxeTpmMeasureBootHandler ( PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol; EFI_PHYSICAL_ADDRESS FvAddress; - EFI_PLATFORM_FIRMWARE_BLOB *TrustedFvBuf; UINT32 Index; Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); @@ -848,14 +847,14 @@ DxeTpmMeasureBootHandler ( return EFI_SUCCESS; } // - // The PE image from untrusted Firmware volume need be measured - // The PE image from trusted Firmware volume will be mearsured according to policy below. - // if it is driver, do not measure + // The PE image from unmeasured Firmware volume need be measured + // The PE image from measured Firmware volume will be mearsured according to policy below. + // If it is driver, do not measure // If it is application, still measure. // ApplicationRequired = TRUE; - if (mCacheMeasuredHandle != Handle && mGuidHobData != NULL) { + if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) { // // Search for Root FV of this PE image // @@ -877,11 +876,10 @@ DxeTpmMeasureBootHandler ( return Status; } - TrustedFvBuf = (EFI_PLATFORM_FIRMWARE_BLOB *)(mGuidHobData + 1); ApplicationRequired = FALSE; - for (Index = 0; Index < *mGuidHobData; Index++) { - if(TrustedFvBuf[Index].BlobBase == FvAddress) { + for (Index = 0; Index < mMeasuredHobData->Num; Index++) { + if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) { // // Cache measured FV for next measurement // @@ -996,10 +994,10 @@ DxeTpmMeasureBootLibConstructor ( GuidHob = NULL; - GuidHob = GetFirstGuidHob (&gTrustedFvHobGuid); + GuidHob = GetFirstGuidHob (&gMeasuredFvHobGuid); if (GuidHob != NULL) { - mGuidHobData = GET_GUID_HOB_DATA (GuidHob); + mMeasuredHobData = GET_GUID_HOB_DATA (GuidHob); } return RegisterSecurity2Handler ( diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf index 9b0e3cb79b..53b26b0284 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf @@ -53,7 +53,7 @@ HobLib [Guids] - gTrustedFvHobGuid + gMeasuredFvHobGuid [Protocols] gEfiTcgProtocolGuid ## CONSUMES diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 2438f987b6..8bd7145a2d 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -47,8 +47,8 @@ ## Include/Guid/TcgEventHob.h gTcgEventEntryHobGuid = { 0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 }} - ## Include/Guid/TrustedFvHob.h - gTrustedFvHobGuid = { 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }} + ## Include/Guid/MeasuredFvHob.h + gMeasuredFvHobGuid = { 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }} ## Include/Guid/PhysicalPresenceData.h gEfiPhysicalPresenceGuid = { 0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }} diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c index e8fd1f12d0..60d9192103 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -23,7 +23,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include #include -#include +#include #include #include @@ -148,35 +148,33 @@ EndofPeiSignalNotifyCallBack ( IN VOID *Ppi ) { - UINT8 *HobData; + MEASURED_HOB_DATA *MeasuredHobData; - HobData = NULL; + MeasuredHobData = NULL; // - // Create a Guid hob to save all trusted Fv + // Create a Guid hob to save all measured Fv // - HobData = BuildGuidHob( - &gTrustedFvHobGuid, - sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) - ); + MeasuredHobData = BuildGuidHob( + &gMeasuredFvHobGuid, + sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) + ); - if (HobData != NULL){ + if (MeasuredHobData != NULL){ // // Save measured FV info enty number // - *(UINT32 *)HobData = mMeasuredBaseFvIndex + mMeasuredChildFvIndex; + MeasuredHobData->Num = mMeasuredBaseFvIndex + mMeasuredChildFvIndex; - HobData += sizeof(UINT32); // // Save measured base Fv info // - CopyMem (HobData, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); + CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); - HobData += sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex); // // Save measured child Fv info // - CopyMem (HobData, mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex)); + CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex)); } return EFI_SUCCESS; diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf index 0143baa687..48d4efce5c 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -51,7 +51,7 @@ [Guids] gTcgEventEntryHobGuid - gTrustedFvHobGuid + gMeasuredFvHobGuid [Ppis] gPeiLockPhysicalPresencePpiGuid -- 2.39.2