From 91e914f5876f35317638771103f64baf903a9bfc Mon Sep 17 00:00:00 2001 From: Chao Zhang Date: Tue, 12 Jan 2016 00:37:02 +0000 Subject: [PATCH] SecurityPkg: TcgDxe,Tcg2Dxe,TrEEDxe: New PCD for TCG event log and TCG2 final event log area TCG event log and TCG2 final event log area length can be configurable to meet platform event log requirement. PcdTcgLogAreaMinLen : 0x10000 based on minimum requirement in TCG ACPI Spec 00.37 PcdTcg2FinalLogAreaLen : 0x8000 based on experience value Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang Reviewed-by: Yao Jiewen Reviewed-by: Qin Long git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19639 6f19259b-4bc3-4df7-8a09-765794883524 --- SecurityPkg/SecurityPkg.dec | 11 ++++++++++- SecurityPkg/SecurityPkg.uni | 11 ++++++++++- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 15 ++++++--------- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +++- SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 14 ++++++-------- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 3 ++- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 12 +++++------- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 3 ++- 8 files changed, 44 insertions(+), 29 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index d568b4757a..b5f4eb75f2 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -5,7 +5,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) # and libraries instances, which are used for those features. # -# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
# (C) Copyright 2015 Hewlett Packard Enterprise Development LP
# This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License which accompanies this distribution. @@ -389,6 +389,15 @@ # gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, 0x96, 0xa2, 0xd4, 0xa6, 0x4d}|VOID*|0x00010013 + ## This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML). + # For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB. + # @Prompt Minimum length(in bytes) of the system preboot TCG event log area(LAML). + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen|0x10000|UINT32|0x00010017 + + ## This PCD defines length(in bytes) of the TCG2 Final event log area. + # @Prompt Length(in bytes) of the TCG2 Final event log area. + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen|0x8000|UINT32|0x00010018 + [PcdsDynamic, PcdsDynamicEx] ## This PCD indicates Hash mask for TPM 2.0.

diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni index 91fff94cc9..5fcd3f93c2 100644 --- a/SecurityPkg/SecurityPkg.uni +++ b/SecurityPkg/SecurityPkg.uni @@ -5,7 +5,7 @@ // It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) // and libraries instances, which are used for those features. // -// Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
+// Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
// // This program and the accompanying materials are licensed and made available under // the terms and conditions of the BSD License which accompanies this distribution. @@ -192,3 +192,12 @@ "Bios may choose to register a subset of PcdTpm2HashMask.\n" "So this PCD is final value of how many hash algo is extended to PCR." +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_PROMPT #language en-US "Minimum length(in bytes) of the system preboot TCG event log area(LAML)." + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_HELP #language en-US "This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML).\n" + "For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB." + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_PROMPT #language en-US "Length(in bytes) of the TCG2 Final event log area." + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_HELP #language en-US "This PCD defines length(in bytes) of the TCG2 Final event log area." + diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index ae5e0841c2..f0dbbac5b1 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -56,9 +56,6 @@ typedef struct { EFI_GUID *VendorGuid; } VARIABLE_TYPE; -#define EFI_TCG_LOG_AREA_SIZE 0x10000 -#define EFI_TCG_FINAL_LOG_AREA_SIZE 0x1000 - #define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000 #define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000 @@ -1470,19 +1467,19 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { return Status; } mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; - mTcgDxeData.EventLogAreaStruct[Index].Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen); // // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); // // Create first entry for Log Header Entry Data // @@ -1571,13 +1568,13 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_FINAL_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcg2FinalLogAreaLen)), &Lasa ); if (EFI_ERROR (Status)) { return Status; } - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_FINAL_LOG_AREA_SIZE, 0xFF); + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), 0xFF); // // Initialize @@ -1588,7 +1585,7 @@ SetupEventLog ( mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); - mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = EFI_TCG_FINAL_LOG_AREA_SIZE - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); + mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcg2FinalLogAreaLen) - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0; mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE; diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf index ca6741b3ad..fd120e5538 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -7,7 +7,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -100,6 +100,8 @@ gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen ## CONSUMES [Depex] TRUE diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index 4e2741c0cf..1e52179885 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -53,8 +53,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "TpmComm.h" -#define EFI_TCG_LOG_AREA_SIZE 0x10000 - #define TCG_DXE_DATA_FROM_THIS(this) \ BASE_CR (this, TCG_DXE_DATA, TcgProtocol) @@ -653,7 +651,7 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { @@ -664,8 +662,8 @@ SetupEventLog ( // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); - mTcgClientAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); + mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } else { Lasa = mTcgServerAcpiTemplate.Lasa; @@ -673,7 +671,7 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { @@ -684,8 +682,8 @@ SetupEventLog ( // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); - mTcgServerAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); + mTcgServerAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } GuidHob.Raw = GetHobList (); diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf index 0976304883..e5409dfefd 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf @@ -2,7 +2,7 @@ # Produces TCG protocol and measures boot environment # This module will produce TCG protocol and measure boot environment. # -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -75,6 +75,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES [Depex] TRUE diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c index 8f344fe93e..dfdee04688 100644 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c @@ -55,8 +55,6 @@ typedef struct { EFI_GUID *VendorGuid; } VARIABLE_TYPE; -#define EFI_TCG_LOG_AREA_SIZE 0x10000 - #define TREE_DEFAULT_MAX_COMMAND_SIZE 0x1000 #define TREE_DEFAULT_MAX_RESPONSE_SIZE 0x1000 @@ -949,19 +947,19 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { return Status; } mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; - mTcgDxeData.EventLogAreaStruct[Index].Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen); // // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); } // @@ -969,10 +967,10 @@ SetupEventLog ( // if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) { mTcgClientAcpiTemplate.Lasa = mTcgDxeData.EventLogAreaStruct[0].Lasa; - mTcgClientAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } else { mTcgServerAcpiTemplate.Lasa = mTcgDxeData.EventLogAreaStruct[0].Lasa; - mTcgServerAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgServerAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } // diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf index 258ab46db9..c22e8f0004 100644 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf @@ -7,7 +7,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
+# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -94,6 +94,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES [Depex] TRUE