mirror of https://github.com/acidanthera/audk.git
Add TPM2 definition in trusted computing group.
1) TCG Physical Presence Interface Specification 1.30 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification 2) TCG EFI Protocol Specification for TPM 2.0 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification 3) Update TPM2.0 header file to include Hash Algo definition. 4) Update UEFI TCG platform header file to include more TCG event structure. Test Win8/Win10 with secure boot enabled, PCR7 shows bound. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18218 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
26ecc55c02
commit
59b226d6d7
|
@ -0,0 +1,129 @@
|
|||
/** @file
|
||||
TCG Physical Presence definition.
|
||||
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef _TCG_PHYSICAL_PRESENCE_H_
|
||||
#define _TCG_PHYSICAL_PRESENCE_H_
|
||||
|
||||
//
|
||||
// TCG PP definition for physical presence ACPI function
|
||||
//
|
||||
#define TCG_ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION 1
|
||||
#define TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS 2
|
||||
#define TCG_ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS 3
|
||||
#define TCG_ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS 4
|
||||
#define TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS 5
|
||||
#define TCG_ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE 6
|
||||
#define TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7
|
||||
#define TCG_ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8
|
||||
|
||||
//
|
||||
// TCG PP definition for TPM Operation Response to OS Environment
|
||||
//
|
||||
#define TCG_PP_OPERATION_RESPONSE_SUCCESS 0x0
|
||||
#define TCG_PP_OPERATION_RESPONSE_USER_ABORT 0xFFFFFFF0
|
||||
#define TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFFFFFF1
|
||||
|
||||
//
|
||||
// TCG PP definition of return code for Return TPM Operation Response to OS Environment
|
||||
//
|
||||
#define TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS 0
|
||||
#define TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE 1
|
||||
|
||||
//
|
||||
// TCG PP definition of return code for Sumbit TPM Request to Pre-OS Environment
|
||||
// and Sumbit TPM Request to Pre-OS Environment 2
|
||||
//
|
||||
#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS 0
|
||||
#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED 1
|
||||
#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE 2
|
||||
#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS 3
|
||||
|
||||
//
|
||||
// TCG PP definition of return code for Get User Confirmation Status for Operation
|
||||
//
|
||||
#define TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED 0
|
||||
#define TCG_PP_GET_USER_CONFIRMATION_BIOS_ONLY 1
|
||||
#define TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION 2
|
||||
#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED 3
|
||||
#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED 4
|
||||
|
||||
//
|
||||
// TCG PP definition of physical presence operation actions for TPM12
|
||||
//
|
||||
#define TCG_PHYSICAL_PRESENCE_NO_ACTION 0
|
||||
#define TCG_PHYSICAL_PRESENCE_ENABLE 1
|
||||
#define TCG_PHYSICAL_PRESENCE_DISABLE 2
|
||||
#define TCG_PHYSICAL_PRESENCE_ACTIVATE 3
|
||||
#define TCG_PHYSICAL_PRESENCE_DEACTIVATE 4
|
||||
#define TCG_PHYSICAL_PRESENCE_CLEAR 5
|
||||
#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6
|
||||
#define TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE 7
|
||||
#define TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE 8
|
||||
#define TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE 9
|
||||
#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE 10
|
||||
#define TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE 11
|
||||
#define TCG_PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12
|
||||
#define TCG_PHYSICAL_PRESENCE_SET_OPERATOR_AUTH 13
|
||||
#define TCG_PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE 14
|
||||
#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE 15
|
||||
#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE 16
|
||||
#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17
|
||||
#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18
|
||||
#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE 19
|
||||
#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE 20
|
||||
#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR 21
|
||||
#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22
|
||||
|
||||
#define TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION 128
|
||||
|
||||
//
|
||||
// TCG PP definition of physical presence operation actions for TPM2
|
||||
//
|
||||
#define TCG2_PHYSICAL_PRESENCE_NO_ACTION 0
|
||||
#define TCG2_PHYSICAL_PRESENCE_ENABLE 1
|
||||
#define TCG2_PHYSICAL_PRESENCE_DISABLE 2
|
||||
#define TCG2_PHYSICAL_PRESENCE_CLEAR 5
|
||||
#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR 14
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE 17
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE 18
|
||||
#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2 21
|
||||
#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3 22
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS 23
|
||||
#define TCG2_PHYSICAL_PRESENCE_CHANGE_EPS 24
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_PCRS_FALSE 25
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_PCRS_TRUE 26
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_ON_FALSE 27
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_ON_TRUE 28
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_OFF_FALSE 29
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_OFF_TRUE 30
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_EPS_FALSE 31
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_EPS_TRUE 32
|
||||
#define TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS 33
|
||||
#define TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY 34
|
||||
#define TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX 34
|
||||
|
||||
//
|
||||
// TCG PP definition of physical presence operation actions for storage management
|
||||
//
|
||||
#define TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN 96
|
||||
#define TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID 96
|
||||
#define TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID 97
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE 98
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE 99
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE 100
|
||||
#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE 101
|
||||
|
||||
#define TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION 128
|
||||
|
||||
#endif
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
Check http://trustedcomputinggroup.org for latest specification updates.
|
||||
|
||||
Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
|
||||
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
|
@ -1806,4 +1806,13 @@ typedef struct {
|
|||
|
||||
#pragma pack ()
|
||||
|
||||
//
|
||||
// TCG Algorithm Registry
|
||||
//
|
||||
#define HASH_ALG_SHA1 0x00000001
|
||||
#define HASH_ALG_SHA256 0x00000002
|
||||
#define HASH_ALG_SHA384 0x00000004
|
||||
#define HASH_ALG_SHA512 0x00000008
|
||||
#define HASH_ALG_SM3_256 0x00000010
|
||||
|
||||
#endif
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/** @file
|
||||
TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final
|
||||
|
||||
Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
|
@ -16,12 +16,14 @@
|
|||
#define __UEFI_TCG_PLATFORM_H__
|
||||
|
||||
#include <IndustryStandard/Tpm12.h>
|
||||
#include <IndustryStandard/Tpm20.h>
|
||||
#include <Uefi.h>
|
||||
|
||||
//
|
||||
// Standard event types
|
||||
//
|
||||
#define EV_POST_CODE ((TCG_EVENTTYPE) 0x00000001)
|
||||
#define EV_NO_ACTION ((TCG_EVENTTYPE) 0x00000003)
|
||||
#define EV_SEPARATOR ((TCG_EVENTTYPE) 0x00000004)
|
||||
#define EV_S_CRTM_CONTENTS ((TCG_EVENTTYPE) 0x00000007)
|
||||
#define EV_S_CRTM_VERSION ((TCG_EVENTTYPE) 0x00000008)
|
||||
|
@ -41,6 +43,7 @@
|
|||
#define EV_EFI_ACTION (EV_EFI_EVENT_BASE + 7)
|
||||
#define EV_EFI_PLATFORM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 8)
|
||||
#define EV_EFI_HANDOFF_TABLES (EV_EFI_EVENT_BASE + 9)
|
||||
#define EV_EFI_VARIABLE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE0)
|
||||
|
||||
#define EFI_CALLING_EFI_APPLICATION \
|
||||
"Calling EFI Application from Boot Option"
|
||||
|
@ -72,6 +75,9 @@
|
|||
#define EV_POSTCODE_INFO_OPROM "Embedded Option ROM"
|
||||
#define OPROM_LEN (sizeof(EV_POSTCODE_INFO_OPROM) - 1)
|
||||
|
||||
#define FIRMWARE_DEBUGGER_EVENT_STRING "UEFI Debug Mode"
|
||||
#define FIRMWARE_DEBUGGER_EVENT_STRING_LEN (sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1)
|
||||
|
||||
//
|
||||
// Set structure alignment to 1-byte
|
||||
//
|
||||
|
@ -154,12 +160,114 @@ typedef struct tdEFI_VARIABLE_DATA {
|
|||
INT8 VariableData[1]; ///< Driver or platform-specific data
|
||||
} EFI_VARIABLE_DATA;
|
||||
|
||||
//
|
||||
// For TrEE1.0 compatibility
|
||||
//
|
||||
typedef struct {
|
||||
EFI_GUID VariableName;
|
||||
UINT64 UnicodeNameLength; // The TCG Definition used UINTN
|
||||
UINT64 VariableDataLength; // The TCG Definition used UINTN
|
||||
CHAR16 UnicodeName[1];
|
||||
INT8 VariableData[1];
|
||||
} EFI_VARIABLE_DATA_TREE;
|
||||
|
||||
typedef struct tdEFI_GPT_DATA {
|
||||
EFI_PARTITION_TABLE_HEADER EfiPartitionHeader;
|
||||
UINTN NumberOfPartitions;
|
||||
EFI_PARTITION_ENTRY Partitions[1];
|
||||
} EFI_GPT_DATA;
|
||||
|
||||
//
|
||||
// Crypto Agile Log Entry Format
|
||||
//
|
||||
typedef struct tdTCG_PCR_EVENT2 {
|
||||
TCG_PCRINDEX PCRIndex;
|
||||
TCG_EVENTTYPE EventType;
|
||||
TPML_DIGEST_VALUES Digest;
|
||||
UINT32 EventSize;
|
||||
UINT8 Event[1];
|
||||
} TCG_PCR_EVENT2;
|
||||
|
||||
//
|
||||
// Log Header Entry Data
|
||||
//
|
||||
typedef struct {
|
||||
//
|
||||
// TCG defined hashing algorithm ID.
|
||||
//
|
||||
UINT16 algorithmId;
|
||||
//
|
||||
// The size of the digest for the respective hashing algorithm.
|
||||
//
|
||||
UINT16 digestSize;
|
||||
} TCG_EfiSpecIdEventAlgorithmSize;
|
||||
|
||||
#define TCG_EfiSpecIDEventStruct_SIGNATURE_02 "Spec ID Event02"
|
||||
#define TCG_EfiSpecIDEventStruct_SIGNATURE_03 "Spec ID Event03"
|
||||
|
||||
#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM12 1
|
||||
#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM12 2
|
||||
#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM12 2
|
||||
|
||||
#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2 2
|
||||
#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2 0
|
||||
#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2 0
|
||||
|
||||
typedef struct {
|
||||
UINT8 signature[16];
|
||||
//
|
||||
// The value for the Platform Class.
|
||||
// The enumeration is defined in the TCG ACPI Specification Client Common Header.
|
||||
//
|
||||
UINT32 platformClass;
|
||||
//
|
||||
// The TCG EFI Platform Specification minor version number this BIOS supports.
|
||||
// Any BIOS supporting version (1.22) MUST set this value to 02h.
|
||||
// Any BIOS supporting version (2.0) SHALL set this value to 0x00.
|
||||
//
|
||||
UINT8 specVersionMinor;
|
||||
//
|
||||
// The TCG EFI Platform Specification major version number this BIOS supports.
|
||||
// Any BIOS supporting version (1.22) MUST set this value to 01h.
|
||||
// Any BIOS supporting version (2.0) SHALL set this value to 0x02.
|
||||
//
|
||||
UINT8 specVersionMajor;
|
||||
//
|
||||
// The TCG EFI Platform Specification errata for this specification this BIOS supports.
|
||||
// Any BIOS supporting version and errata (1.22) MUST set this value to 02h.
|
||||
// Any BIOS supporting version and errata (2.0) SHALL set this value to 0x00.
|
||||
//
|
||||
UINT8 specErrata;
|
||||
//
|
||||
// Specifies the size of the UINTN fields used in various data structures used in this specification.
|
||||
// 0x01 indicates UINT32 and 0x02 indicates UINT64.
|
||||
//
|
||||
UINT8 uintnSize;
|
||||
//
|
||||
// This field is added in "Spec ID Event03".
|
||||
// The number of hashing algorithms used in this event log (except the first event).
|
||||
// All events in this event log use all hashing algorithms defined here.
|
||||
//
|
||||
//UINT32 numberOfAlgorithms;
|
||||
//
|
||||
// This field is added in "Spec ID Event03".
|
||||
// An array of size numberOfAlgorithms of value pairs.
|
||||
//
|
||||
//TCG_EfiSpecIdEventAlgorithmSize digestSize[numberOfAlgorithms];
|
||||
//
|
||||
// Size in bytes of the VendorInfo field.
|
||||
// Maximum value SHALL be FFh bytes.
|
||||
//
|
||||
//UINT8 vendorInfoSize;
|
||||
//
|
||||
// Provided for use by the BIOS implementer.
|
||||
// The value might be used, for example, to provide more detailed information about the specific BIOS such as BIOS revision numbers, etc.
|
||||
// The values within this field are not standardized and are implementer-specific.
|
||||
// Platform-specific or -unique information SHALL NOT be provided in this field.
|
||||
//
|
||||
//UINT8 vendorInfo[vendorInfoSize];
|
||||
} TCG_EfiSpecIDEventStruct;
|
||||
|
||||
//
|
||||
// Restore original structure alignment
|
||||
//
|
||||
|
|
|
@ -0,0 +1,341 @@
|
|||
/** @file
|
||||
TPM2 Protocol as defined in TCG PC Client Platform EFI Protocol Specification Family "2.0".
|
||||
See http://trustedcomputinggroup.org for the latest specification
|
||||
|
||||
Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
|
||||
#ifndef __TCG2_PROTOCOL_H__
|
||||
#define __TCG2_PROTOCOL_H__
|
||||
|
||||
#include <IndustryStandard/UefiTcgPlatform.h>
|
||||
#include <IndustryStandard/Tpm20.h>
|
||||
|
||||
#define EFI_TCG2_PROTOCOL_GUID \
|
||||
{0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}
|
||||
|
||||
typedef struct tdEFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL;
|
||||
|
||||
typedef struct tdEFI_TCG2_VERSION {
|
||||
UINT8 Major;
|
||||
UINT8 Minor;
|
||||
} EFI_TCG2_VERSION;
|
||||
|
||||
typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP;
|
||||
typedef UINT32 EFI_TCG2_EVENT_LOG_FORMAT;
|
||||
typedef UINT32 EFI_TCG2_EVENT_ALGORITHM_BITMAP;
|
||||
|
||||
#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x00000001
|
||||
#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002
|
||||
|
||||
typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY {
|
||||
//
|
||||
// Allocated size of the structure
|
||||
//
|
||||
UINT8 Size;
|
||||
//
|
||||
// Version of the EFI_TCG2_BOOT_SERVICE_CAPABILITY structure itself.
|
||||
// For this version of the protocol, the Major version shall be set to 1
|
||||
// and the Minor version shall be set to 1.
|
||||
//
|
||||
EFI_TCG2_VERSION StructureVersion;
|
||||
//
|
||||
// Version of the EFI TCG2 protocol.
|
||||
// For this version of the protocol, the Major version shall be set to 1
|
||||
// and the Minor version shall be set to 1.
|
||||
//
|
||||
EFI_TCG2_VERSION ProtocolVersion;
|
||||
//
|
||||
// Supported hash algorithms (this bitmap is determined by the supported PCR
|
||||
// banks in the TPM and the hashing algorithms supported by the firmware)
|
||||
//
|
||||
EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
|
||||
//
|
||||
// Bitmap of supported event log formats
|
||||
//
|
||||
EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs;
|
||||
//
|
||||
// False = TPM not present
|
||||
//
|
||||
BOOLEAN TPMPresentFlag;
|
||||
//
|
||||
// Max size (in bytes) of a command that can be sent to the TPM
|
||||
//
|
||||
UINT16 MaxCommandSize;
|
||||
//
|
||||
// Max size (in bytes) of a response that can be provided by the TPM
|
||||
//
|
||||
UINT16 MaxResponseSize;
|
||||
//
|
||||
// 4-byte Vendor ID
|
||||
// (see TCG Vendor ID registry, Section "TPM Capabilities Vendor ID")
|
||||
//
|
||||
UINT32 ManufacturerID;
|
||||
//
|
||||
// Maximum number of PCR banks (hashing algorithms) supported.
|
||||
// No granularity is provided to support a specific set of algorithms.
|
||||
// Minimum value is 1.
|
||||
//
|
||||
UINT32 NumberOfPCRBanks;
|
||||
//
|
||||
// A bitmap of currently active PCR banks (hashing algorithms).
|
||||
// This is a subset of the supported hashing algorithms reported in HashAlgorithmBitMap.
|
||||
// NumberOfPcrBanks defines the number of bits that are set.
|
||||
//
|
||||
EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks;
|
||||
} EFI_TCG2_BOOT_SERVICE_CAPABILITY;
|
||||
|
||||
#define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001
|
||||
#define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002
|
||||
#define EFI_TCG2_BOOT_HASH_ALG_SHA384 0x00000004
|
||||
#define EFI_TCG2_BOOT_HASH_ALG_SHA512 0x00000008
|
||||
#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
|
||||
|
||||
//
|
||||
// This bit is shall be set when an event shall be extended but not logged.
|
||||
//
|
||||
#define EFI_TCG2_EXTEND_ONLY 0x0000000000000001
|
||||
//
|
||||
// This bit shall be set when the intent is to measure a PE/COFF image.
|
||||
//
|
||||
#define PE_COFF_IMAGE 0x0000000000000010
|
||||
|
||||
#define MAX_PCR_INDEX 23
|
||||
|
||||
#pragma pack(1)
|
||||
|
||||
#define EFI_TCG2_EVENT_HEADER_VERSION 1
|
||||
|
||||
typedef struct {
|
||||
//
|
||||
// Size of the event header itself (sizeof(EFI_TCG2_EVENT_HEADER)).
|
||||
//
|
||||
UINT32 HeaderSize;
|
||||
//
|
||||
// Header version. For this version of this specification, the value shall be 1.
|
||||
//
|
||||
UINT16 HeaderVersion;
|
||||
//
|
||||
// Index of the PCR that shall be extended (0 - 23).
|
||||
//
|
||||
TCG_PCRINDEX PCRIndex;
|
||||
//
|
||||
// Type of the event that shall be extended (and optionally logged).
|
||||
//
|
||||
TCG_EVENTTYPE EventType;
|
||||
} EFI_TCG2_EVENT_HEADER;
|
||||
|
||||
typedef struct tdEFI_TCG2_EVENT {
|
||||
//
|
||||
// Total size of the event including the Size component, the header and the Event data.
|
||||
//
|
||||
UINT32 Size;
|
||||
EFI_TCG2_EVENT_HEADER Header;
|
||||
UINT8 Event[1];
|
||||
} EFI_TCG2_EVENT;
|
||||
|
||||
#pragma pack()
|
||||
|
||||
/**
|
||||
The EFI_TCG2_PROTOCOL GetCapability function call provides protocol
|
||||
capability information and state information.
|
||||
|
||||
@param[in] This Indicates the calling context
|
||||
@param[in, out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY
|
||||
structure and sets the size field to the size of the structure allocated.
|
||||
The callee fills in the fields with the EFI protocol capability information
|
||||
and the current EFI TCG2 state information up to the number of fields which
|
||||
fit within the size of the structure passed in.
|
||||
|
||||
@retval EFI_SUCCESS Operation completed successfully.
|
||||
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
||||
The ProtocolCapability variable will not be populated.
|
||||
@retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
The ProtocolCapability variable will not be populated.
|
||||
@retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response.
|
||||
It will be partially populated (required Size field will be set).
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
(EFIAPI *EFI_TCG2_GET_CAPABILITY) (
|
||||
IN EFI_TCG2_PROTOCOL *This,
|
||||
IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability
|
||||
);
|
||||
|
||||
/**
|
||||
The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to
|
||||
retrieve the address of a given event log and its last entry.
|
||||
|
||||
@param[in] This Indicates the calling context
|
||||
@param[in] EventLogFormat The type of the event log for which the information is requested.
|
||||
@param[out] EventLogLocation A pointer to the memory address of the event log.
|
||||
@param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the
|
||||
address of the start of the last entry in the event log in memory.
|
||||
@param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would
|
||||
have exceeded the area allocated for events, this value is set to TRUE.
|
||||
Otherwise, the value will be FALSE and the Event Log will be complete.
|
||||
|
||||
@retval EFI_SUCCESS Operation completed successfully.
|
||||
@retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect
|
||||
(e.g. asking for an event log whose format is not supported).
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
(EFIAPI *EFI_TCG2_GET_EVENT_LOG) (
|
||||
IN EFI_TCG2_PROTOCOL *This,
|
||||
IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,
|
||||
OUT EFI_PHYSICAL_ADDRESS *EventLogLocation,
|
||||
OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry,
|
||||
OUT BOOLEAN *EventLogTruncated
|
||||
);
|
||||
|
||||
/**
|
||||
The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with
|
||||
an opportunity to extend and optionally log events without requiring
|
||||
knowledge of actual TPM commands.
|
||||
The extend operation will occur even if this function cannot create an event
|
||||
log entry (e.g. due to the event log being full).
|
||||
|
||||
@param[in] This Indicates the calling context
|
||||
@param[in] Flags Bitmap providing additional information.
|
||||
@param[in] DataToHash Physical address of the start of the data buffer to be hashed.
|
||||
@param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash.
|
||||
@param[in] EfiTcgEvent Pointer to data buffer containing information about the event.
|
||||
|
||||
@retval EFI_SUCCESS Operation completed successfully.
|
||||
@retval EFI_DEVICE_ERROR The command was unsuccessful.
|
||||
@retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs.
|
||||
@retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
@retval EFI_UNSUPPORTED The PE/COFF image type is not supported.
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
(EFIAPI * EFI_TCG2_HASH_LOG_EXTEND_EVENT) (
|
||||
IN EFI_TCG2_PROTOCOL *This,
|
||||
IN UINT64 Flags,
|
||||
IN EFI_PHYSICAL_ADDRESS DataToHash,
|
||||
IN UINT64 DataToHashLen,
|
||||
IN EFI_TCG2_EVENT *EfiTcgEvent
|
||||
);
|
||||
|
||||
/**
|
||||
This service enables the sending of commands to the TPM.
|
||||
|
||||
@param[in] This Indicates the calling context
|
||||
@param[in] InputParameterBlockSize Size of the TPM input parameter block.
|
||||
@param[in] InputParameterBlock Pointer to the TPM input parameter block.
|
||||
@param[in] OutputParameterBlockSize Size of the TPM output parameter block.
|
||||
@param[in] OutputParameterBlock Pointer to the TPM output parameter block.
|
||||
|
||||
@retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
|
||||
@retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
|
||||
@retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
@retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
(EFIAPI *EFI_TCG2_SUBMIT_COMMAND) (
|
||||
IN EFI_TCG2_PROTOCOL *This,
|
||||
IN UINT32 InputParameterBlockSize,
|
||||
IN UINT8 *InputParameterBlock,
|
||||
IN UINT32 OutputParameterBlockSize,
|
||||
IN UINT8 *OutputParameterBlock
|
||||
);
|
||||
|
||||
/**
|
||||
This service returns the currently active PCR banks.
|
||||
|
||||
@param[in] This Indicates the calling context
|
||||
@param[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks.
|
||||
|
||||
@retval EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter.
|
||||
@retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
(EFIAPI *EFI_TCG2_GET_ACTIVE_PCR_BANKS) (
|
||||
IN EFI_TCG2_PROTOCOL *This,
|
||||
OUT UINT32 *ActivePcrBanks
|
||||
);
|
||||
|
||||
/**
|
||||
This service sets the currently active PCR banks.
|
||||
|
||||
@param[in] This Indicates the calling context
|
||||
@param[in] ActivePcrBanks Bitmap of the requested active PCR banks. At least one bit SHALL be set.
|
||||
|
||||
@retval EFI_SUCCESS The bitmap in ActivePcrBank parameter is already active.
|
||||
@retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
(EFIAPI *EFI_TCG2_SET_ACTIVE_PCR_BANKS) (
|
||||
IN EFI_TCG2_PROTOCOL *This,
|
||||
IN UINT32 ActivePcrBanks
|
||||
);
|
||||
|
||||
/**
|
||||
This service retrieves the result of a previous invocation of SetActivePcrBanks.
|
||||
|
||||
@param[in] This Indicates the calling context
|
||||
@param[out] OperationPresent Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot.
|
||||
@param[out] Response The response from the SetActivePcrBank request.
|
||||
|
||||
@retval EFI_SUCCESS The result value could be returned.
|
||||
@retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
|
||||
**/
|
||||
typedef
|
||||
EFI_STATUS
|
||||
(EFIAPI *EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS) (
|
||||
IN EFI_TCG2_PROTOCOL *This,
|
||||
OUT UINT32 *OperationPresent,
|
||||
OUT UINT32 *Response
|
||||
);
|
||||
|
||||
struct tdEFI_TCG2_PROTOCOL {
|
||||
EFI_TCG2_GET_CAPABILITY GetCapability;
|
||||
EFI_TCG2_GET_EVENT_LOG GetEventLog;
|
||||
EFI_TCG2_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
|
||||
EFI_TCG2_SUBMIT_COMMAND SubmitCommand;
|
||||
EFI_TCG2_GET_ACTIVE_PCR_BANKS GetActivePcrBanks;
|
||||
EFI_TCG2_SET_ACTIVE_PCR_BANKS SetActivePcrBanks;
|
||||
EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS GetResultOfSetActivePcrBanks;
|
||||
};
|
||||
|
||||
extern EFI_GUID gEfiTcg2ProtocolGuid;
|
||||
|
||||
//
|
||||
// Log entries after Get Event Log service
|
||||
//
|
||||
|
||||
#define EFI_TCG2_FINAL_EVENTS_TABLE_GUID \
|
||||
{0x1e2ed096, 0x30e2, 0x4254, { 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25 }}
|
||||
|
||||
extern EFI_GUID gEfiTcg2FinalEventsTableGuid;
|
||||
|
||||
typedef struct tdEFI_TCG2_FINAL_EVENTS_TABLE {
|
||||
//
|
||||
// The version of this structure.
|
||||
//
|
||||
UINT64 Version;
|
||||
//
|
||||
// Number of events recorded after invocation of GetEventLog API
|
||||
//
|
||||
UINT64 NumberOfEvents;
|
||||
//
|
||||
// List of events of type TCG_PCR_EVENT2.
|
||||
//
|
||||
//TCG_PCR_EVENT2 Event[1];
|
||||
} EFI_TCG2_FINAL_EVENTS_TABLE;
|
||||
|
||||
#define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1
|
||||
|
||||
#endif
|
|
@ -1,7 +1,7 @@
|
|||
/** @file
|
||||
Ihis protocol is defined to abstract TPM2 hardware access in boot phase.
|
||||
|
||||
Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
|
@ -93,22 +93,6 @@ typedef TREE_BOOT_SERVICE_CAPABILITY_1_0 TREE_BOOT_SERVICE_CAPABILITY;
|
|||
//
|
||||
#define PE_COFF_IMAGE 0x0000000000000010
|
||||
|
||||
//#define EV_EFI_VARIABLE_DRIVER_CONFIG 0x80000001 // Defined in TCG
|
||||
//#define EV_EFI_ACTION 0x80000007 // Defined in TCG
|
||||
#define EV_EFI_VARIABLE_AUTHORITY 0x800000E0
|
||||
|
||||
#define FIRMWARE_DEBUGGER_EVENT_STRING "UEFI Debug Mode"
|
||||
|
||||
#pragma pack(1)
|
||||
typedef struct {
|
||||
EFI_GUID VariableName;
|
||||
UINT64 UnicodeNameLength; // The TCG Definition used UINTN
|
||||
UINT64 VariableDataLength; // The TCG Definition used UINTN
|
||||
CHAR16 UnicodeName[1];
|
||||
INT8 VariableData[1];
|
||||
} EFI_VARIABLE_DATA_TREE;
|
||||
#pragma pack()
|
||||
|
||||
typedef UINT32 TrEE_PCRINDEX;
|
||||
typedef UINT32 TrEE_EVENTTYPE;
|
||||
|
||||
|
|
|
@ -1361,6 +1361,10 @@
|
|||
|
||||
## Include/Protocol/TrEEProtocol.h
|
||||
gEfiTrEEProtocolGuid = {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}
|
||||
|
||||
## Include/Protocol/Tcg2Protocol.h
|
||||
gEfiTcg2ProtocolGuid = {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}
|
||||
gEfiTcg2FinalEventsTableGuid = {0x1e2ed096, 0x30e2, 0x4254, { 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25 }}
|
||||
|
||||
## Include/Protocol/FormBrowser2.h
|
||||
gEfiFormBrowser2ProtocolGuid = {0xb9d4c360, 0xbcfb, 0x4f9b, {0x92, 0x98, 0x53, 0xc1, 0x36, 0x98, 0x22, 0x58}}
|
||||
|
|
Loading…
Reference in New Issue