tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg: Delete TdTcg2Dxe and HashLibTdx in SecurityPkg 

BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4752

TdTcg2Dxe and HashLibTdx have been moved to OvmfPkg. So delete the codes
in SecurityPkg and update SecurityPkg.dsc.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Min Xu <min.m.xu@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Min M Xu 2024-04-15 15:55:54 +08:00 committed by mergify[bot]
parent 93fac4fd7b
commit 61185f1d50
6 changed files with 0 additions and 3293 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

213
SecurityPkg/Library/HashLibTdx/HashLibTdx.c
View File

@ -1,213 +0,0 @@
/** @file
This library is HashLib for Tdx.
Copyright (c) 2021 - 2022, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiPei.h>
#include <Library/BaseLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/DebugLib.h>
#include <Library/PcdLib.h>
#include <Library/HashLib.h>
#include <Library/TdxLib.h>
#include <Protocol/CcMeasurement.h>
EFI_GUID mSha384Guid = HASH_ALGORITHM_SHA384_GUID;
//
// Currently TDX supports SHA384.
//
HASH_INTERFACE mHashInterface = {
{ 0 }, NULL, NULL, NULL
};
UINTN mHashInterfaceCount = 0;
/**
Start hash sequence.
@param HashHandle Hash handle.
@retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
@retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
**/
EFI_STATUS
EFIAPI
HashStart (
OUT HASH_HANDLE *HashHandle
)
{
HASH_HANDLE HashCtx;
if (mHashInterfaceCount == 0) {
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
HashCtx = 0;
mHashInterface.HashInit (&HashCtx);
*HashHandle = HashCtx;
return EFI_SUCCESS;
}
/**
Update hash sequence data.
@param HashHandle Hash handle.
@param DataToHash Data to be hashed.
@param DataToHashLen Data size.
@retval EFI_SUCCESS Hash sequence updated.
**/
EFI_STATUS
EFIAPI
HashUpdate (
IN HASH_HANDLE HashHandle,
IN VOID *DataToHash,
IN UINTN DataToHashLen
)
{
if (mHashInterfaceCount == 0) {
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen);
return EFI_SUCCESS;
}
/**
Hash sequence complete and extend to PCR.
@param HashHandle Hash handle.
@param PcrIndex PCR to be extended.
@param DataToHash Data to be hashed.
@param DataToHashLen Data size.
@param DigestList Digest list.
@retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
**/
EFI_STATUS
EFIAPI
HashCompleteAndExtend (
IN HASH_HANDLE HashHandle,
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
)
{
TPML_DIGEST_VALUES Digest;
EFI_STATUS Status;
if (mHashInterfaceCount == 0) {
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
ZeroMem (DigestList, sizeof (*DigestList));
mHashInterface.HashUpdate (HashHandle, DataToHash, DataToHashLen);
mHashInterface.HashFinal (HashHandle, &Digest);
CopyMem (
&DigestList->digests[0],
&Digest.digests[0],
sizeof (Digest.digests[0])
);
DigestList->count++;
ASSERT (DigestList->count == 1 && DigestList->digests[0].hashAlg == TPM_ALG_SHA384);
Status = TdExtendRtmr (
(UINT32 *)DigestList->digests[0].digest.sha384,
SHA384_DIGEST_SIZE,
(UINT8)PcrIndex
);
ASSERT (!EFI_ERROR (Status));
return Status;
}
/**
Hash data and extend to RTMR.
@param PcrIndex PCR to be extended.
@param DataToHash Data to be hashed.
@param DataToHashLen Data size.
@param DigestList Digest list.
@retval EFI_SUCCESS Hash data and DigestList is returned.
**/
EFI_STATUS
EFIAPI
HashAndExtend (
IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash,
IN UINTN DataToHashLen,
OUT TPML_DIGEST_VALUES *DigestList
)
{
HASH_HANDLE HashHandle;
EFI_STATUS Status;
if (mHashInterfaceCount == 0) {
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
ASSERT (TdIsEnabled ());
HashStart (&HashHandle);
HashUpdate (HashHandle, DataToHash, DataToHashLen);
Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList);
return Status;
}
/**
This service register Hash.
@param HashInterface Hash interface
@retval EFI_SUCCESS This hash interface is registered successfully.
@retval EFI_UNSUPPORTED System does not support register this interface.
@retval EFI_ALREADY_STARTED System already register this interface.
**/
EFI_STATUS
EFIAPI
RegisterHashInterfaceLib (
IN HASH_INTERFACE *HashInterface
)
{
//
// HashLibTdx is designed for Tdx guest. So if it is not Tdx guest,
// return EFI_UNSUPPORTED.
//
if (!TdIsEnabled ()) {
return EFI_UNSUPPORTED;
}
//
// Only SHA384 is allowed.
//
if (!CompareGuid (&mSha384Guid, &HashInterface->HashGuid)) {
return EFI_UNSUPPORTED;
}
if (mHashInterfaceCount != 0) {
ASSERT (FALSE);
return EFI_OUT_OF_RESOURCES;
}
CopyMem (&mHashInterface, HashInterface, sizeof (*HashInterface));
mHashInterfaceCount++;
return EFI_SUCCESS;
}

37
SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
View File

@ -1,37 +0,0 @@
## @file
# Provides hash service by registered hash handler in Tdx.
#
# This library is HashLib for Tdx. Currently only SHA384 is supported.
#
# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = HashLibTdx
FILE_GUID = 77F6EA3E-1ABA-4467-A447-926E8CEB2D13
MODULE_TYPE = BASE
VERSION_STRING = 1.0
LIBRARY_CLASS = HashLib|SEC DXE_DRIVER
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = X64
#
[Sources]
HashLibTdx.c
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
[LibraryClasses]
BaseLib
BaseMemoryLib
DebugLib
PcdLib
TdxLib

14
SecurityPkg/SecurityPkg.dsc
View File

@ -97,12 +97,6 @@
[LibraryClasses.RISCV64] [LibraryClasses.RISCV64]
RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
[LibraryClasses.X64.SEC]
HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
[LibraryClasses.X64.DXE_DRIVER]
HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
[LibraryClasses.common.PEIM] [LibraryClasses.common.PEIM]
PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf
PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf
@ -293,14 +287,6 @@
# #
SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
[Components.X64]
SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf {
<LibraryClasses>
HashLib|SecurityPkg/Library/HashLibTdx/HashLibTdx.inf
NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf
}
[Components.IA32, Components.X64] [Components.IA32, Components.X64]
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf

407
SecurityPkg/Tcg/TdTcg2Dxe/MeasureBootPeCoff.c
View File

@ -1,407 +0,0 @@
/** @file
This module implements measuring PeCoff image for Tcg2 Protocol.
Caution: This file requires additional review when modified.
This driver will have external input - PE/COFF image.
This external input must be validated carefully to avoid security issue like
buffer overflow, integer overflow.
Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiDxe.h>
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/MemoryAllocationLib.h>
#include <Library/DevicePathLib.h>
#include <Library/UefiBootServicesTableLib.h>
#include <Library/PeCoffLib.h>
#include <Library/HashLib.h>
UINTN mTcg2DxeImageSize = 0;
/**
Reads contents of a PE/COFF image in memory buffer.
Caution: This function may receive untrusted input.
PE/COFF image is external input, so this function will make sure the PE/COFF image content
read is within the image buffer.
@param FileHandle Pointer to the file handle to read the PE/COFF image.
@param FileOffset Offset into the PE/COFF image to begin the read operation.
@param ReadSize On input, the size in bytes of the requested read operation.
On output, the number of bytes actually read.
@param Buffer Output buffer that contains the data read from the PE/COFF image.
@retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size
**/
EFI_STATUS
EFIAPI
Tcg2DxeImageRead (
IN VOID *FileHandle,
IN UINTN FileOffset,
IN OUT UINTN *ReadSize,
OUT VOID *Buffer
)
{
UINTN EndPosition;
if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
if (MAX_ADDRESS - FileOffset < *ReadSize) {
return EFI_INVALID_PARAMETER;
}
EndPosition = FileOffset + *ReadSize;
if (EndPosition > mTcg2DxeImageSize) {
*ReadSize = (UINT32)(mTcg2DxeImageSize - FileOffset);
}
if (FileOffset >= mTcg2DxeImageSize) {
*ReadSize = 0;
}
CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS;
}
/**
Measure PE image into TPM log based on the authenticode image hashing in
PE/COFF Specification 8.0 Appendix A.
Caution: This function may receive untrusted input.
PE/COFF image is external input, so this function will validate its data structure
within this image buffer before use.
Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInfo().
@param[in] RtmrIndex Rtmr index
@param[in] ImageAddress Start address of image buffer.
@param[in] ImageSize Image size
@param[out] DigestList Digest list of this image.
@retval EFI_SUCCESS Successfully measure image.
@retval EFI_OUT_OF_RESOURCES No enough resource to measure image.
@retval other error value
**/
EFI_STATUS
MeasurePeImageAndExtend (
IN UINT32 RtmrIndex,
IN EFI_PHYSICAL_ADDRESS ImageAddress,
IN UINTN ImageSize,
OUT TPML_DIGEST_VALUES *DigestList
)
{
EFI_STATUS Status;
EFI_IMAGE_DOS_HEADER *DosHdr;
UINT32 PeCoffHeaderOffset;
EFI_IMAGE_SECTION_HEADER *Section;
UINT8 *HashBase;
UINTN HashSize;
UINTN SumOfBytesHashed;
EFI_IMAGE_SECTION_HEADER *SectionHeader;
UINTN Index;
UINTN Pos;
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;
UINT32 NumberOfRvaAndSizes;
UINT32 CertSize;
HASH_HANDLE HashHandle;
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
HashHandle = 0xFFFFFFFF; // Know bad value
Status = EFI_UNSUPPORTED;
SectionHeader = NULL;
//
// Check PE/COFF image
//
ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *)(UINTN)ImageAddress;
mTcg2DxeImageSize = ImageSize;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)Tcg2DxeImageRead;
//
// Get information about the image being loaded
//
Status = PeCoffLoaderGetImageInfo (&ImageContext);
if (EFI_ERROR (Status)) {
//
// The information can't be got from the invalid PeImage
//
DEBUG ((DEBUG_INFO, "Tcg2Dxe: PeImage invalid. Cannot retrieve image information.\n"));
goto Finish;
}
DosHdr = (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress;
PeCoffHeaderOffset = 0;
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
PeCoffHeaderOffset = DosHdr->e_lfanew;
}
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset);
if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
Status = EFI_UNSUPPORTED;
goto Finish;
}
//
// PE/COFF Image Measurement
//
// NOTE: The following codes/steps are based upon the authenticode image hashing in
// PE/COFF Specification 8.0 Appendix A.
//
//
// 1. Load the image header into memory.
// 2. Initialize a SHA hash context.
Status = HashStart (&HashHandle);
if (EFI_ERROR (Status)) {
goto Finish;
}
//
// Measuring PE/COFF Image Header;
// But CheckSum field and SECURITY data directory (certificate) are excluded
//
//
// 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum.
//
HashBase = (UINT8 *)(UINTN)ImageAddress;
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset
//
NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset
//
NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase;
}
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {
goto Finish;
}
//
// 5. Skip over the image checksum (it occupies a single ULONG).
//
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
//
// 6. Since there is no Cert Directory in optional header, hash everything
// from the end of the checksum to the end of image header.
//
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset.
//
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else {
//
// Use PE32+ offset.
//
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
}
if (HashSize != 0) {
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {
goto Finish;
}
}
} else {
//
// 7. Hash everything from the end of the checksum to the start of the Cert Directory.
//
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset
//
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset
//
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
}
if (HashSize != 0) {
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {
goto Finish;
}
}
//
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
// 9. Hash everything from the end of the Cert Directory to the end of image header.
//
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset
//
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else {
//
// Use PE32+ offset
//
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
}
if (HashSize != 0) {
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {
goto Finish;
}
}
}
//
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header
//
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset
//
SumOfBytesHashed = Hdr.Pe32->OptionalHeader.SizeOfHeaders;
} else {
//
// Use PE32+ offset
//
SumOfBytesHashed = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders;
}
//
// 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER
// structures in the image. The 'NumberOfSections' field of the image
// header indicates how big the table should be. Do not include any
// IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
//
SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);
if (SectionHeader == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Finish;
}
//
// 12. Using the 'PointerToRawData' in the referenced section headers as
// a key, arrange the elements in the table in ascending order. In other
// words, sort the section headers according to the disk-file offset of
// the section.
//
Section = (EFI_IMAGE_SECTION_HEADER *)(
(UINT8 *)(UINTN)ImageAddress +
PeCoffHeaderOffset +
sizeof (UINT32) +
sizeof (EFI_IMAGE_FILE_HEADER) +
Hdr.Pe32->FileHeader.SizeOfOptionalHeader
);
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
Pos = Index;
while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--;
}
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1;
}
//
// 13. Walk through the sorted table, bring the corresponding section
// into memory, and hash the entire section (using the 'SizeOfRawData'
// field in the section header to determine the amount of data to hash).
// 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .
// 15. Repeat steps 13 and 14 for all the sections in the sorted table.
//
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
Section = (EFI_IMAGE_SECTION_HEADER *)&SectionHeader[Index];
if (Section->SizeOfRawData == 0) {
continue;
}
HashBase = (UINT8 *)(UINTN)ImageAddress + Section->PointerToRawData;
HashSize = (UINTN)Section->SizeOfRawData;
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {
goto Finish;
}
SumOfBytesHashed += HashSize;
}
//
// 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra
// data in the file that needs to be added to the hash. This data begins
// at file offset SUM_OF_BYTES_HASHED and its length is:
// FileSize - (CertDirectory->Size)
//
if (ImageSize > SumOfBytesHashed) {
HashBase = (UINT8 *)(UINTN)ImageAddress + SumOfBytesHashed;
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
CertSize = 0;
} else {
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset.
//
CertSize = Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
} else {
//
// Use PE32+ offset.
//
CertSize = Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
}
}
if (ImageSize > CertSize + SumOfBytesHashed) {
HashSize = (UINTN)(ImageSize - CertSize - SumOfBytesHashed);
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {
goto Finish;
}
} else if (ImageSize < CertSize + SumOfBytesHashed) {
Status = EFI_UNSUPPORTED;
goto Finish;
}
}
//
// 17. Finalize the SHA hash.
//
Status = HashCompleteAndExtend (HashHandle, RtmrIndex, NULL, 0, DigestList);
if (EFI_ERROR (Status)) {
goto Finish;
}
Finish:
if (SectionHeader != NULL) {
FreePool (SectionHeader);
}
return Status;
}

2522
SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.c
View File

File diff suppressed because it is too large Load Diff

100
SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
View File

@ -1,100 +0,0 @@
## @file
#
# Produces EFI_CC_MEASUREMENT_PROTOCOL and measure boot environment
#
#
# Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
##
[Defines]
INF_VERSION = 0x00010005
BASE_NAME = TdTcg2Dxe
FILE_GUID = F062221E-C607-44C2-B0B4-C3886331D351
MODULE_TYPE = DXE_DRIVER
VERSION_STRING = 1.0
ENTRY_POINT = DriverEntry
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = X64
#
[Sources]
TdTcg2Dxe.c
MeasureBootPeCoff.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
[LibraryClasses]
MemoryAllocationLib
BaseLib
UefiBootServicesTableLib
HobLib
UefiDriverEntryPoint
UefiRuntimeServicesTableLib
BaseMemoryLib
DebugLib
PrintLib
UefiLib
HashLib
PerformanceLib
ReportStatusCodeLib
PeCoffLib
TpmMeasurementLib
TdxLib
[Guids]
## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
## SOMETIMES_CONSUMES ## Variable:L"PK"
## SOMETIMES_CONSUMES ## Variable:L"KEK"
## SOMETIMES_CONSUMES ## Variable:L"BootXXXX"
gEfiGlobalVariableGuid
## SOMETIMES_CONSUMES ## Variable:L"db"
## SOMETIMES_CONSUMES ## Variable:L"dbx"
gEfiImageSecurityDatabaseGuid
# gTcgEventEntryHobGuid ## SOMETIMES_CONSUMES ## HOB
gEfiEventExitBootServicesGuid ## CONSUMES ## Event
gEventExitBootServicesFailedGuid ## SOMETIMES_CONSUMES ## Event
gCcEventEntryHobGuid ## SOMETIMES_CONSUMES ## HOB
gTcg800155PlatformIdEventHobGuid ## SOMETIMES_CONSUMES ## HOB
gEfiCcFinalEventsTableGuid ## PRODUCES
[Protocols]
gEfiCcMeasurementProtocolGuid ## PRODUCES
gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES
gEfiVariableWriteArchProtocolGuid ## NOTIFY
gEfiResetNotificationProtocolGuid ## CONSUMES
gEfiAcpiTableProtocolGuid ## NOTIFY
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized ## SOMETIMES_CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen ## CONSUMES
gEfiSecurityPkgTokenSpaceGuid.PcdCcEventlogAcpiTableLaml ## PRODUCES
gEfiSecurityPkgTokenSpaceGuid.PcdCcEventlogAcpiTableLasa ## PRODUCES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## CONSUMES
gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## CONSUMES
[Depex]
# According to PcdTpm2AcpiTableRev definition in SecurityPkg.dec
# This PCD should be configured at DynamicHii or DynamicHiiEx.
# So, this PCD read operation depends on GetVariable service.
# Add VariableArch protocol dependency to make sure PCD read works.
gEfiVariableArchProtocolGuid AND gEfiAcpiTableProtocolGuid