SecurityPkg/FvReportPei: implement a common FV verifier and reporter
https://bugzilla.tianocore.org/show_bug.cgi?id=1617
This driver implements a common checker, verifier and reporter which is
independent of hardware based root-of-trust.
Usually the hardware based root-of-trust will not verify all BIOS but
part of it. For example, Boot Guard will only verify IBB segment. The IBB
needs to verify other part of BIOS, i.e. other FVs to transfer control to
from IBB. This driver plays the role in IBB to verify FVs not covered by
hardware root-of-trust to make sure integrity of the chain of trust.
To be hardware/platform independent, PPI
gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid
is introduced for platform to pass digest information to this driver.
This PPI should include all information needed to verify required FVs in
required boot mode.
struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
FV_HASH_INFO HashInfo;
UINTN FvNumber;
HASHED_FV_INFO FvInfo[1];
};
To avoid TOCTOU issue, all FVs to be verified will be copied to memory
before hash calculation. That also means this driver has to be run after
permanent memory has been discovered.
For a measured boot, this driver will install
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid
to report digest of each FV to TCG driver.
For a verified boot, this driver will verify the final hash value
(calculated from the concatenation of each FV's hash) for indicated
FVs against the hash got from platform/hardware.
If pass, it will build EFI_HOB_TYPE_FV (consumed by DXE core) and/or
install gEfiPeiFirmwareVolumeInfoPpiGuid (consumed by PEI core), and
then report status code PcdStatusCodeFvVerificationPass.
If fail, it just report status code PcdStatusCodeFvVerificationFail
and go to dead loop if status report returns.
The platform can register customized handler to process pass and fail
cases differently.
Currently, this driver only supports hash (sha256/384/512) verification
for the performance consideration.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
Cc: Harry Han <harry.han@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-05-10 04:19:36 +02:00
|
|
|
/** @file
|
|
|
|
Definitions for OBB FVs verification.
|
|
|
|
|
|
|
|
Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
|
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#ifndef __FV_REPORT_PEI_H__
|
|
|
|
#define __FV_REPORT_PEI_H__
|
|
|
|
|
|
|
|
#include <PiPei.h>
|
|
|
|
|
|
|
|
#include <IndustryStandard/Tpm20.h>
|
|
|
|
|
|
|
|
#include <Ppi/FirmwareVolumeInfoStoredHashFv.h>
|
|
|
|
|
|
|
|
#include <Library/PeiServicesLib.h>
|
|
|
|
#include <Library/PcdLib.h>
|
|
|
|
#include <Library/HobLib.h>
|
|
|
|
#include <Library/DebugLib.h>
|
|
|
|
#include <Library/BaseMemoryLib.h>
|
|
|
|
#include <Library/MemoryAllocationLib.h>
|
|
|
|
#include <Library/BaseCryptLib.h>
|
|
|
|
#include <Library/ReportStatusCodeLib.h>
|
|
|
|
|
|
|
|
#define HASH_INFO_PTR(PreHashedFvPpi) \
|
|
|
|
(HASH_INFO *)((UINT8 *)(PreHashedFvPpi) + sizeof (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI))
|
|
|
|
|
|
|
|
#define HASH_VALUE_PTR(HashInfo) \
|
|
|
|
(VOID *)((UINT8 *)(HashInfo) + sizeof (HASH_INFO))
|
|
|
|
|
|
|
|
/**
|
|
|
|
Computes the message digest of a input data buffer.
|
|
|
|
|
|
|
|
This function performs message digest of a given data buffer, and places
|
|
|
|
the digest value into the specified memory.
|
|
|
|
|
|
|
|
If this interface is not supported, then return FALSE.
|
|
|
|
|
|
|
|
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
|
|
|
@param[in] DataSize Size of Data buffer in bytes.
|
|
|
|
@param[out] HashValue Pointer to a buffer that receives digest value.
|
|
|
|
|
|
|
|
@retval TRUE The digest computation succeeded.
|
|
|
|
@retval FALSE The digest computation failed.
|
|
|
|
|
|
|
|
**/
|
|
|
|
typedef
|
|
|
|
BOOLEAN
|
2021-12-05 23:54:12 +01:00
|
|
|
(EFIAPI *HASH_ALL_METHOD)(
|
SecurityPkg/FvReportPei: implement a common FV verifier and reporter
https://bugzilla.tianocore.org/show_bug.cgi?id=1617
This driver implements a common checker, verifier and reporter which is
independent of hardware based root-of-trust.
Usually the hardware based root-of-trust will not verify all BIOS but
part of it. For example, Boot Guard will only verify IBB segment. The IBB
needs to verify other part of BIOS, i.e. other FVs to transfer control to
from IBB. This driver plays the role in IBB to verify FVs not covered by
hardware root-of-trust to make sure integrity of the chain of trust.
To be hardware/platform independent, PPI
gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid
is introduced for platform to pass digest information to this driver.
This PPI should include all information needed to verify required FVs in
required boot mode.
struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
FV_HASH_INFO HashInfo;
UINTN FvNumber;
HASHED_FV_INFO FvInfo[1];
};
To avoid TOCTOU issue, all FVs to be verified will be copied to memory
before hash calculation. That also means this driver has to be run after
permanent memory has been discovered.
For a measured boot, this driver will install
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid
to report digest of each FV to TCG driver.
For a verified boot, this driver will verify the final hash value
(calculated from the concatenation of each FV's hash) for indicated
FVs against the hash got from platform/hardware.
If pass, it will build EFI_HOB_TYPE_FV (consumed by DXE core) and/or
install gEfiPeiFirmwareVolumeInfoPpiGuid (consumed by PEI core), and
then report status code PcdStatusCodeFvVerificationPass.
If fail, it just report status code PcdStatusCodeFvVerificationFail
and go to dead loop if status report returns.
The platform can register customized handler to process pass and fail
cases differently.
Currently, this driver only supports hash (sha256/384/512) verification
for the performance consideration.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
Cc: Harry Han <harry.han@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-05-10 04:19:36 +02:00
|
|
|
IN CONST VOID *Data,
|
|
|
|
IN UINTN DataSize,
|
|
|
|
OUT UINT8 *HashValue
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Initializes user-supplied memory as hash context for subsequent use.
|
|
|
|
|
|
|
|
@param[out] HashContext Pointer to hash context being initialized.
|
|
|
|
|
|
|
|
@retval TRUE Hash context initialization succeeded.
|
|
|
|
@retval FALSE Hash context initialization failed.
|
|
|
|
@retval FALSE This interface is not supported.
|
|
|
|
|
|
|
|
**/
|
|
|
|
typedef
|
|
|
|
BOOLEAN
|
2021-12-05 23:54:12 +01:00
|
|
|
(EFIAPI *HASH_INIT_METHOD)(
|
SecurityPkg/FvReportPei: implement a common FV verifier and reporter
https://bugzilla.tianocore.org/show_bug.cgi?id=1617
This driver implements a common checker, verifier and reporter which is
independent of hardware based root-of-trust.
Usually the hardware based root-of-trust will not verify all BIOS but
part of it. For example, Boot Guard will only verify IBB segment. The IBB
needs to verify other part of BIOS, i.e. other FVs to transfer control to
from IBB. This driver plays the role in IBB to verify FVs not covered by
hardware root-of-trust to make sure integrity of the chain of trust.
To be hardware/platform independent, PPI
gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid
is introduced for platform to pass digest information to this driver.
This PPI should include all information needed to verify required FVs in
required boot mode.
struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
FV_HASH_INFO HashInfo;
UINTN FvNumber;
HASHED_FV_INFO FvInfo[1];
};
To avoid TOCTOU issue, all FVs to be verified will be copied to memory
before hash calculation. That also means this driver has to be run after
permanent memory has been discovered.
For a measured boot, this driver will install
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid
to report digest of each FV to TCG driver.
For a verified boot, this driver will verify the final hash value
(calculated from the concatenation of each FV's hash) for indicated
FVs against the hash got from platform/hardware.
If pass, it will build EFI_HOB_TYPE_FV (consumed by DXE core) and/or
install gEfiPeiFirmwareVolumeInfoPpiGuid (consumed by PEI core), and
then report status code PcdStatusCodeFvVerificationPass.
If fail, it just report status code PcdStatusCodeFvVerificationFail
and go to dead loop if status report returns.
The platform can register customized handler to process pass and fail
cases differently.
Currently, this driver only supports hash (sha256/384/512) verification
for the performance consideration.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
Cc: Harry Han <harry.han@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-05-10 04:19:36 +02:00
|
|
|
OUT VOID *HashContext
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Digests the input data and updates hash context.
|
|
|
|
|
|
|
|
@param[in, out] HashContext Pointer to the hash context.
|
|
|
|
@param[in] Data Pointer to the buffer containing the data to be hashed.
|
|
|
|
@param[in] DataSize Size of Data buffer in bytes.
|
|
|
|
|
|
|
|
@retval TRUE Hash data digest succeeded.
|
|
|
|
@retval FALSE Hash data digest failed.
|
|
|
|
@retval FALSE This interface is not supported.
|
|
|
|
|
|
|
|
**/
|
|
|
|
typedef
|
|
|
|
BOOLEAN
|
2021-12-05 23:54:12 +01:00
|
|
|
(EFIAPI *HASH_UPDATE_METHOD)(
|
SecurityPkg/FvReportPei: implement a common FV verifier and reporter
https://bugzilla.tianocore.org/show_bug.cgi?id=1617
This driver implements a common checker, verifier and reporter which is
independent of hardware based root-of-trust.
Usually the hardware based root-of-trust will not verify all BIOS but
part of it. For example, Boot Guard will only verify IBB segment. The IBB
needs to verify other part of BIOS, i.e. other FVs to transfer control to
from IBB. This driver plays the role in IBB to verify FVs not covered by
hardware root-of-trust to make sure integrity of the chain of trust.
To be hardware/platform independent, PPI
gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid
is introduced for platform to pass digest information to this driver.
This PPI should include all information needed to verify required FVs in
required boot mode.
struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
FV_HASH_INFO HashInfo;
UINTN FvNumber;
HASHED_FV_INFO FvInfo[1];
};
To avoid TOCTOU issue, all FVs to be verified will be copied to memory
before hash calculation. That also means this driver has to be run after
permanent memory has been discovered.
For a measured boot, this driver will install
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid
to report digest of each FV to TCG driver.
For a verified boot, this driver will verify the final hash value
(calculated from the concatenation of each FV's hash) for indicated
FVs against the hash got from platform/hardware.
If pass, it will build EFI_HOB_TYPE_FV (consumed by DXE core) and/or
install gEfiPeiFirmwareVolumeInfoPpiGuid (consumed by PEI core), and
then report status code PcdStatusCodeFvVerificationPass.
If fail, it just report status code PcdStatusCodeFvVerificationFail
and go to dead loop if status report returns.
The platform can register customized handler to process pass and fail
cases differently.
Currently, this driver only supports hash (sha256/384/512) verification
for the performance consideration.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
Cc: Harry Han <harry.han@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-05-10 04:19:36 +02:00
|
|
|
IN OUT VOID *HashContext,
|
|
|
|
IN CONST VOID *Data,
|
|
|
|
IN UINTN DataSize
|
|
|
|
);
|
|
|
|
|
|
|
|
/**
|
|
|
|
Completes computation of the hash digest value.
|
|
|
|
|
|
|
|
@param[in, out] HashContext Pointer to the hash context.
|
|
|
|
@param[out] HashValue Pointer to a buffer that receives the hash digest
|
|
|
|
value.
|
|
|
|
|
|
|
|
@retval TRUE Hash digest computation succeeded.
|
|
|
|
@retval FALSE Hash digest computation failed.
|
|
|
|
@retval FALSE This interface is not supported.
|
|
|
|
|
|
|
|
**/
|
|
|
|
typedef
|
|
|
|
BOOLEAN
|
2021-12-05 23:54:12 +01:00
|
|
|
(EFIAPI *HASH_FINAL_METHOD)(
|
SecurityPkg/FvReportPei: implement a common FV verifier and reporter
https://bugzilla.tianocore.org/show_bug.cgi?id=1617
This driver implements a common checker, verifier and reporter which is
independent of hardware based root-of-trust.
Usually the hardware based root-of-trust will not verify all BIOS but
part of it. For example, Boot Guard will only verify IBB segment. The IBB
needs to verify other part of BIOS, i.e. other FVs to transfer control to
from IBB. This driver plays the role in IBB to verify FVs not covered by
hardware root-of-trust to make sure integrity of the chain of trust.
To be hardware/platform independent, PPI
gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid
is introduced for platform to pass digest information to this driver.
This PPI should include all information needed to verify required FVs in
required boot mode.
struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
FV_HASH_INFO HashInfo;
UINTN FvNumber;
HASHED_FV_INFO FvInfo[1];
};
To avoid TOCTOU issue, all FVs to be verified will be copied to memory
before hash calculation. That also means this driver has to be run after
permanent memory has been discovered.
For a measured boot, this driver will install
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid
to report digest of each FV to TCG driver.
For a verified boot, this driver will verify the final hash value
(calculated from the concatenation of each FV's hash) for indicated
FVs against the hash got from platform/hardware.
If pass, it will build EFI_HOB_TYPE_FV (consumed by DXE core) and/or
install gEfiPeiFirmwareVolumeInfoPpiGuid (consumed by PEI core), and
then report status code PcdStatusCodeFvVerificationPass.
If fail, it just report status code PcdStatusCodeFvVerificationFail
and go to dead loop if status report returns.
The platform can register customized handler to process pass and fail
cases differently.
Currently, this driver only supports hash (sha256/384/512) verification
for the performance consideration.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
Cc: Harry Han <harry.han@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-05-10 04:19:36 +02:00
|
|
|
IN OUT VOID *HashContext,
|
|
|
|
OUT UINT8 *HashValue
|
|
|
|
);
|
|
|
|
|
|
|
|
typedef struct {
|
2021-12-05 23:54:12 +01:00
|
|
|
UINT16 HashAlgId;
|
|
|
|
UINTN HashSize;
|
|
|
|
HASH_INIT_METHOD HashInit;
|
|
|
|
HASH_UPDATE_METHOD HashUpdate;
|
|
|
|
HASH_FINAL_METHOD HashFinal;
|
|
|
|
HASH_ALL_METHOD HashAll;
|
SecurityPkg/FvReportPei: implement a common FV verifier and reporter
https://bugzilla.tianocore.org/show_bug.cgi?id=1617
This driver implements a common checker, verifier and reporter which is
independent of hardware based root-of-trust.
Usually the hardware based root-of-trust will not verify all BIOS but
part of it. For example, Boot Guard will only verify IBB segment. The IBB
needs to verify other part of BIOS, i.e. other FVs to transfer control to
from IBB. This driver plays the role in IBB to verify FVs not covered by
hardware root-of-trust to make sure integrity of the chain of trust.
To be hardware/platform independent, PPI
gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid
is introduced for platform to pass digest information to this driver.
This PPI should include all information needed to verify required FVs in
required boot mode.
struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI {
FV_HASH_INFO HashInfo;
UINTN FvNumber;
HASHED_FV_INFO FvInfo[1];
};
To avoid TOCTOU issue, all FVs to be verified will be copied to memory
before hash calculation. That also means this driver has to be run after
permanent memory has been discovered.
For a measured boot, this driver will install
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid
to report digest of each FV to TCG driver.
For a verified boot, this driver will verify the final hash value
(calculated from the concatenation of each FV's hash) for indicated
FVs against the hash got from platform/hardware.
If pass, it will build EFI_HOB_TYPE_FV (consumed by DXE core) and/or
install gEfiPeiFirmwareVolumeInfoPpiGuid (consumed by PEI core), and
then report status code PcdStatusCodeFvVerificationPass.
If fail, it just report status code PcdStatusCodeFvVerificationFail
and go to dead loop if status report returns.
The platform can register customized handler to process pass and fail
cases differently.
Currently, this driver only supports hash (sha256/384/512) verification
for the performance consideration.
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: "Hernandez Beltran, Jorge" <jorge.hernandez.beltran@intel.com>
Cc: Harry Han <harry.han@intel.com>
Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-05-10 04:19:36 +02:00
|
|
|
} HASH_ALG_INFO;
|
|
|
|
|
|
|
|
#endif //__FV_REPORT_PEI_H__
|