tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg/Tcg2: Add TcgPpi 

And do some code clean with updated function

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Qi Zhang <qi1.zhang@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Jiewen Yao 2020-07-22 16:21:05 +08:00 committed by mergify[bot]
parent 3e07c65641
commit 1f6fe5cb03
2 changed files with 86 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
View File

@ -1,7 +1,7 @@
/** @file
Initialize TPM2 device and measure FVs before handing off control to DXE.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Ppi/EndOfPeiPhase.h>
#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h>
#include <Ppi/FirmwareVolumeInfoPrehashedFV.h>
#include <Ppi/Tcg.h>
#include <Guid/TcgEventHob.h>
#include <Guid/MeasuredFvHob.h>
@ -66,6 +67,48 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
NULL
};
/**
Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
and build a GUIDed HOB recording the event which will be passed to the DXE phase and
added into the Event Log.
@param[in] This Indicates the calling context
@param[in] Flags Bitmap providing additional information.
@param[in] HashData If BIT0 of Flags is 0, it is physical address of the
start of the data buffer to be hashed, extended, and logged.
If BIT0 of Flags is 1, it is physical address of the
start of the pre-hash data buffter to be extended, and logged.
The pre-hash data format is TPML_DIGEST_VALUES.
@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
@param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
@param[in] NewEventData Pointer to the new event data.
@retval EFI_SUCCESS Operation completed successfully.
@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
@retval EFI_DEVICE_ERROR The command was unsuccessful.
**/
EFI_STATUS
EFIAPI
HashLogExtendEvent (
IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
);
EDKII_TCG_PPI mEdkiiTcgPpi = {
HashLogExtendEvent
};
EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = {
EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
&gEdkiiTcgPpiGuid,
&mEdkiiTcgPpi
};
//
// Number of firmware blobs to grow by each time we run out of room
//
@ -375,9 +418,13 @@ LogHashEvent (
and build a GUIDed HOB recording the event which will be passed to the DXE phase and
added into the Event Log.
@param[in] This Indicates the calling context
@param[in] Flags Bitmap providing additional information.
@param[in] HashData Physical address of the start of the data buffer
to be hashed, extended, and logged.
@param[in] HashData If BIT0 of Flags is 0, it is physical address of the
start of the data buffer to be hashed, extended, and logged.
If BIT0 of Flags is 1, it is physical address of the
start of the pre-hash data buffter to be extended, and logged.
The pre-hash data format is TPML_DIGEST_VALUES.
@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData.
@param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
@param[in] NewEventData Pointer to the new event data.
@ -388,7 +435,9 @@ LogHashEvent (
**/
EFI_STATUS
EFIAPI
HashLogExtendEvent (
IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
@ -403,16 +452,23 @@ HashLogExtendEvent (
return EFI_DEVICE_ERROR;
}
Status = HashAndExtend (
NewEventHdr->PCRIndex,
HashData,
HashDataLen,
if(Flags & EDKII_TCG_PRE_HASH) {
ZeroMem (&DigestList, sizeof(DigestList));
CopyMem (&DigestList, HashData, sizeof(DigestList));
Status = Tpm2PcrExtend (
0,
&DigestList
);
} else {
Status = HashAndExtend (
NewEventHdr->PCRIndex,
HashData,
HashDataLen,
&DigestList
);
}
if (!EFI_ERROR (Status)) {
if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) {
Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
}
Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
}
if (Status == EFI_DEVICE_ERROR) {
@ -452,6 +508,7 @@ MeasureCRTMVersion (
TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
return HashLogExtendEvent (
&mEdkiiTcgPpi,
0,
(UINT8*)PcdGetPtr (PcdFirmwareVersionString),
TcgEventHdr.EventSize,
@ -651,27 +708,22 @@ MeasureFvImage (
// FV pre-hash algos comply with current TPM hash requirement
// Skip hashing step in measure, only extend DigestList to PCR and log event
//
Status = Tpm2PcrExtend(
0,
&DigestList
Status = HashLogExtendEvent (
&mEdkiiTcgPpi,
EDKII_TCG_PRE_HASH,
(UINT8*) &DigestList, // HashData
(UINTN) sizeof(DigestList), // HashDataLen
&TcgEventHdr, // EventHdr
EventData // EventData
);
if (!EFI_ERROR(Status)) {
Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData);
DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase));
DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength));
} else if (Status == EFI_DEVICE_ERROR) {
BuildGuidHob (&gTpmErrorHobGuid,0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
(PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
);
}
DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase));
DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength));
} else {
//
// Hash the FV, extend digest to the TPM and log TCG event
//
Status = HashLogExtendEvent (
&mEdkiiTcgPpi,
0,
(UINT8*) (UINTN) FvBase, // HashData
(UINTN) FvLength, // HashDataLen
@ -849,6 +901,12 @@ PeimEntryMP (
{
EFI_STATUS Status;
//
// install Tcg Services
//
Status = PeiServicesInstallPpi (&mTcgPpiList);
ASSERT_EFI_ERROR (Status);
if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {
Status = MeasureCRTMVersion ();
}
@ -893,7 +951,7 @@ MeasureSeparatorEventWithError (
TcgEvent.PCRIndex = PCRIndex;
TcgEvent.EventType = EV_SEPARATOR;
TcgEvent.EventSize = (UINT32)sizeof (EventData);
return HashLogExtendEvent(0,(UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
}
/**

3
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
View File

@ -8,7 +8,7 @@
#
# This module will initialize TPM device, measure reported FVs and BIOS version.
#
# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@ -72,6 +72,7 @@
gPeiTpmInitializationDonePpiGuid ## PRODUCES
gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY
gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## SOMETIMES_CONSUMES
gEdkiiTcgPpiGuid ## PRODUCES
[Pcd]
gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES