mirror of https://github.com/acidanthera/audk.git
IntelFsp2WrapperPkg/FspMeasurementLib: Add BaseFspMeasurementLib.
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2376 Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chasel Chiu <chasel.chiu@intel.com> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Qi Zhang <qi1.zhang@intel.com> Signed-off-by: Jiewen Yao <jiewen.yao@intel.com> Message-Id: <20200818062618.3698-4-qi1.zhang@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Chasel Chiu <chasel.chiu@intel.com>
This commit is contained in:
parent
17f65e4063
commit
6c02386403
|
@ -0,0 +1,54 @@
|
|||
## @file
|
||||
# Provides FSP measurement functions.
|
||||
#
|
||||
# This library provides MeasureFspFirmwareBlob() to measure FSP binary.
|
||||
#
|
||||
# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
|
||||
# SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
#
|
||||
##
|
||||
|
||||
[Defines]
|
||||
INF_VERSION = 0x00010005
|
||||
BASE_NAME = FspMeasurementLib
|
||||
FILE_GUID = 890B12B4-56CC-453E-B062-4597FC6D3D8C
|
||||
MODULE_TYPE = BASE
|
||||
VERSION_STRING = 1.0
|
||||
LIBRARY_CLASS = FspMeasurementLib
|
||||
|
||||
#
|
||||
# The following information is for reference only and not required by the build tools.
|
||||
#
|
||||
# VALID_ARCHITECTURES = IA32 X64
|
||||
#
|
||||
|
||||
[Sources]
|
||||
FspMeasurementLib.c
|
||||
|
||||
[Packages]
|
||||
MdePkg/MdePkg.dec
|
||||
MdeModulePkg/MdeModulePkg.dec
|
||||
SecurityPkg/SecurityPkg.dec
|
||||
IntelFsp2Pkg/IntelFsp2Pkg.dec
|
||||
IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dec
|
||||
|
||||
[LibraryClasses]
|
||||
BaseLib
|
||||
BaseMemoryLib
|
||||
DebugLib
|
||||
PrintLib
|
||||
PcdLib
|
||||
PeiServicesLib
|
||||
PeiServicesTablePointerLib
|
||||
FspWrapperApiLib
|
||||
TcgEventLogRecordLib
|
||||
HashLib
|
||||
|
||||
[Ppis]
|
||||
gEdkiiTcgPpiGuid ## CONSUMES
|
||||
|
||||
[Pcd]
|
||||
gIntelFsp2WrapperTokenSpaceGuid.PcdFspMeasurementConfig ## CONSUMES
|
||||
gIntelFsp2WrapperTokenSpaceGuid.PcdFspmBaseAddress ## CONSUMES
|
||||
gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES
|
||||
|
|
@ -0,0 +1,248 @@
|
|||
/** @file
|
||||
This library is used by FSP modules to measure data to TPM.
|
||||
|
||||
Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
|
||||
SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
#include <PiPei.h>
|
||||
#include <Uefi.h>
|
||||
|
||||
#include <Library/BaseMemoryLib.h>
|
||||
#include <Library/PeiServicesLib.h>
|
||||
#include <Library/PeiServicesTablePointerLib.h>
|
||||
#include <Library/PcdLib.h>
|
||||
#include <Library/PrintLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
#include <Library/FspWrapperApiLib.h>
|
||||
#include <Library/TpmMeasurementLib.h>
|
||||
#include <Library/FspMeasurementLib.h>
|
||||
#include <Library/TcgEventLogRecordLib.h>
|
||||
#include <Library/HashLib.h>
|
||||
|
||||
#include <Ppi/Tcg.h>
|
||||
#include <IndustryStandard/UefiTcgPlatform.h>
|
||||
|
||||
/**
|
||||
Tpm measure and log data, and extend the measurement result into a specific PCR.
|
||||
|
||||
@param[in] PcrIndex PCR Index.
|
||||
@param[in] EventType Event type.
|
||||
@param[in] EventLog Measurement event log.
|
||||
@param[in] LogLen Event log length in bytes.
|
||||
@param[in] HashData The start of the data buffer to be hashed, extended.
|
||||
@param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
|
||||
@param[in] Flags Bitmap providing additional information.
|
||||
|
||||
@retval EFI_SUCCESS Operation completed successfully.
|
||||
@retval EFI_UNSUPPORTED TPM device not available.
|
||||
@retval EFI_OUT_OF_RESOURCES Out of memory.
|
||||
@retval EFI_DEVICE_ERROR The operation was unsuccessful.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
TpmMeasureAndLogDataWithFlags (
|
||||
IN UINT32 PcrIndex,
|
||||
IN UINT32 EventType,
|
||||
IN VOID *EventLog,
|
||||
IN UINT32 LogLen,
|
||||
IN VOID *HashData,
|
||||
IN UINT64 HashDataLen,
|
||||
IN UINT64 Flags
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
EDKII_TCG_PPI *TcgPpi;
|
||||
TCG_PCR_EVENT_HDR TcgEventHdr;
|
||||
|
||||
Status = PeiServicesLocatePpi(
|
||||
&gEdkiiTcgPpiGuid,
|
||||
0,
|
||||
NULL,
|
||||
(VOID**)&TcgPpi
|
||||
);
|
||||
if (EFI_ERROR(Status)) {
|
||||
return Status;
|
||||
}
|
||||
|
||||
TcgEventHdr.PCRIndex = PcrIndex;
|
||||
TcgEventHdr.EventType = EventType;
|
||||
TcgEventHdr.EventSize = LogLen;
|
||||
|
||||
Status = TcgPpi->HashLogExtendEvent (
|
||||
TcgPpi,
|
||||
Flags,
|
||||
HashData,
|
||||
(UINTN)HashDataLen,
|
||||
&TcgEventHdr,
|
||||
EventLog
|
||||
);
|
||||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
Measure a FSP FirmwareBlob.
|
||||
|
||||
@param[in] Description Description for this FirmwareBlob.
|
||||
@param[in] FirmwareBlobBase Base address of this FirmwareBlob.
|
||||
@param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
|
||||
@param[in] CfgRegionOffset Configuration region offset in bytes.
|
||||
@param[in] CfgRegionSize Configuration region in bytes.
|
||||
|
||||
@retval EFI_SUCCESS Operation completed successfully.
|
||||
@retval EFI_UNSUPPORTED TPM device not available.
|
||||
@retval EFI_OUT_OF_RESOURCES Out of memory.
|
||||
@retval EFI_DEVICE_ERROR The operation was unsuccessful.
|
||||
**/
|
||||
STATIC
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
MeasureFspFirmwareBlobWithCfg (
|
||||
IN CHAR8 *Description OPTIONAL,
|
||||
IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
|
||||
IN UINT64 FirmwareBlobLength,
|
||||
IN UINT32 CfgRegionOffset,
|
||||
IN UINT32 CfgRegionSize
|
||||
)
|
||||
{
|
||||
EFI_PLATFORM_FIRMWARE_BLOB FvBlob, UpdBlob;
|
||||
PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2, UpdBlob2;
|
||||
VOID *FvName;
|
||||
UINT32 FvEventType;
|
||||
VOID *FvEventLog, *UpdEventLog;
|
||||
UINT32 FvEventLogSize, UpdEventLogSize;
|
||||
EFI_STATUS Status;
|
||||
HASH_HANDLE HashHandle;
|
||||
UINT8 *HashBase;
|
||||
UINTN HashSize;
|
||||
TPML_DIGEST_VALUES DigestList;
|
||||
|
||||
FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);
|
||||
|
||||
if (((Description != NULL) || (FvName != NULL)) &&
|
||||
(PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) {
|
||||
if (Description != NULL) {
|
||||
AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description);
|
||||
AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDescription), "%aUDP", Description);
|
||||
} else {
|
||||
AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
|
||||
AsciiSPrint((CHAR8*)UpdBlob2.BlobDescription, sizeof(UpdBlob2.BlobDescription), "(%g)UDP", FvName);
|
||||
}
|
||||
|
||||
FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
|
||||
FvBlob2.BlobBase = FirmwareBlobBase;
|
||||
FvBlob2.BlobLength = FirmwareBlobLength;
|
||||
FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
|
||||
FvEventLog = &FvBlob2;
|
||||
FvEventLogSize = sizeof(FvBlob2);
|
||||
|
||||
UpdBlob2.BlobDescriptionSize = sizeof(UpdBlob2.BlobDescription);
|
||||
UpdBlob2.BlobBase = CfgRegionOffset;
|
||||
UpdBlob2.BlobLength = CfgRegionSize;
|
||||
UpdEventLog = &UpdBlob2;
|
||||
UpdEventLogSize = sizeof(UpdBlob2);
|
||||
} else {
|
||||
FvBlob.BlobBase = FirmwareBlobBase;
|
||||
FvBlob.BlobLength = FirmwareBlobLength;
|
||||
FvEventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
|
||||
FvEventLog = &FvBlob;
|
||||
FvEventLogSize = sizeof(FvBlob);
|
||||
|
||||
UpdBlob.BlobBase = CfgRegionOffset;
|
||||
UpdBlob.BlobLength = CfgRegionSize;
|
||||
UpdEventLog = &UpdBlob;
|
||||
UpdEventLogSize = sizeof(UpdBlob);
|
||||
}
|
||||
|
||||
/** Initialize a SHA hash context. **/
|
||||
Status = HashStart (&HashHandle);
|
||||
if (EFI_ERROR (Status)) {
|
||||
DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));
|
||||
return Status;
|
||||
}
|
||||
|
||||
/** Hash FSP binary before UDP **/
|
||||
HashBase = (UINT8 *) (UINTN) FirmwareBlobBase;
|
||||
HashSize = (UINTN) CfgRegionOffset;
|
||||
Status = HashUpdate (HashHandle, HashBase, HashSize);
|
||||
if (EFI_ERROR (Status)) {
|
||||
DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
|
||||
return Status;
|
||||
}
|
||||
|
||||
/** Hash FSP binary after UDP **/
|
||||
HashBase = (UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset + CfgRegionSize;
|
||||
HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSize);
|
||||
Status = HashUpdate (HashHandle, HashBase, HashSize);
|
||||
if (EFI_ERROR (Status)) {
|
||||
DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
|
||||
return Status;
|
||||
}
|
||||
|
||||
/** Finalize the SHA hash. **/
|
||||
Status = HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList);
|
||||
if (EFI_ERROR (Status)) {
|
||||
DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status));
|
||||
return Status;
|
||||
}
|
||||
|
||||
Status = TpmMeasureAndLogDataWithFlags (
|
||||
0,
|
||||
FvEventType,
|
||||
FvEventLog,
|
||||
FvEventLogSize,
|
||||
(UINT8 *) &DigestList,
|
||||
(UINTN) sizeof(DigestList),
|
||||
EDKII_TCG_PRE_HASH_LOG_ONLY
|
||||
);
|
||||
|
||||
Status = TpmMeasureAndLogData (
|
||||
1,
|
||||
EV_PLATFORM_CONFIG_FLAGS,
|
||||
UpdEventLog,
|
||||
UpdEventLogSize,
|
||||
(UINT8 *) (UINTN) FirmwareBlobBase + CfgRegionOffset,
|
||||
CfgRegionSize
|
||||
);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
Measure a FSP FirmwareBlob.
|
||||
|
||||
@param[in] PcrIndex PCR Index.
|
||||
@param[in] Description Description for this FirmwareBlob.
|
||||
@param[in] FirmwareBlobBase Base address of this FirmwareBlob.
|
||||
@param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob.
|
||||
|
||||
@retval EFI_SUCCESS Operation completed successfully.
|
||||
@retval EFI_UNSUPPORTED TPM device not available.
|
||||
@retval EFI_OUT_OF_RESOURCES Out of memory.
|
||||
@retval EFI_DEVICE_ERROR The operation was unsuccessful.
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
MeasureFspFirmwareBlob (
|
||||
IN UINT32 PcrIndex,
|
||||
IN CHAR8 *Description OPTIONAL,
|
||||
IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase,
|
||||
IN UINT64 FirmwareBlobLength
|
||||
)
|
||||
{
|
||||
UINT32 FspMeasureMask;
|
||||
FSP_INFO_HEADER *FspHeaderPtr;
|
||||
|
||||
FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
|
||||
if ((FspMeasureMask & FSP_MEASURE_FSPUPD) != 0) {
|
||||
FspHeaderPtr = (FSP_INFO_HEADER *) FspFindFspHeader (FirmwareBlobBase);
|
||||
if (FspHeaderPtr != NULL) {
|
||||
return MeasureFspFirmwareBlobWithCfg(Description, FirmwareBlobBase, FirmwareBlobLength,
|
||||
FspHeaderPtr->CfgRegionOffset, FspHeaderPtr->CfgRegionSize);
|
||||
}
|
||||
}
|
||||
|
||||
return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, FirmwareBlobLength);
|
||||
}
|
||||
|
Loading…
Reference in New Issue