From 1f6fe5cb0362471925a09903a56d2b06b6c1a8a2 Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Wed, 22 Jul 2020 16:21:05 +0800 Subject: SecurityPkg/Tcg2: Add TcgPpi And do some code clean with updated function REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2841 Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Cc: Rahul Kumar Signed-off-by: Jiewen Yao Reviewed-by: Qi Zhang Reviewed-by: Jian J Wang --- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 110 +++++++++++++++++++++++++++--------- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 3 +- 2 files changed, 86 insertions(+), 27 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index 19b8e4b..71695df 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -1,7 +1,7 @@ /** @file Initialize TPM2 device and measure FVs before handing off control to DXE. -Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
Copyright (c) 2017, Microsoft Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -17,6 +17,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include #include @@ -66,6 +67,48 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = { NULL }; +/** + Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, + and build a GUIDed HOB recording the event which will be passed to the DXE phase and + added into the Event Log. + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information. + @param[in] HashData If BIT0 of Flags is 0, it is physical address of the + start of the data buffer to be hashed, extended, and logged. + If BIT0 of Flags is 1, it is physical address of the + start of the pre-hash data buffter to be extended, and logged. + The pre-hash data format is TPML_DIGEST_VALUES. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +HashLogExtendEvent ( + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ); + +EDKII_TCG_PPI mEdkiiTcgPpi = { + HashLogExtendEvent +}; + +EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gEdkiiTcgPpiGuid, + &mEdkiiTcgPpi +}; + // // Number of firmware blobs to grow by each time we run out of room // @@ -375,9 +418,13 @@ LogHashEvent ( and build a GUIDed HOB recording the event which will be passed to the DXE phase and added into the Event Log. + @param[in] This Indicates the calling context @param[in] Flags Bitmap providing additional information. - @param[in] HashData Physical address of the start of the data buffer - to be hashed, extended, and logged. + @param[in] HashData If BIT0 of Flags is 0, it is physical address of the + start of the data buffer to be hashed, extended, and logged. + If BIT0 of Flags is 1, it is physical address of the + start of the pre-hash data buffter to be extended, and logged. + The pre-hash data format is TPML_DIGEST_VALUES. @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData. @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. @param[in] NewEventData Pointer to the new event data. @@ -388,7 +435,9 @@ LogHashEvent ( **/ EFI_STATUS +EFIAPI HashLogExtendEvent ( + IN EDKII_TCG_PPI *This, IN UINT64 Flags, IN UINT8 *HashData, IN UINTN HashDataLen, @@ -403,16 +452,23 @@ HashLogExtendEvent ( return EFI_DEVICE_ERROR; } - Status = HashAndExtend ( - NewEventHdr->PCRIndex, - HashData, - HashDataLen, + if(Flags & EDKII_TCG_PRE_HASH) { + ZeroMem (&DigestList, sizeof(DigestList)); + CopyMem (&DigestList, HashData, sizeof(DigestList)); + Status = Tpm2PcrExtend ( + 0, &DigestList ); + } else { + Status = HashAndExtend ( + NewEventHdr->PCRIndex, + HashData, + HashDataLen, + &DigestList + ); + } if (!EFI_ERROR (Status)) { - if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) { - Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData); - } + Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData); } if (Status == EFI_DEVICE_ERROR) { @@ -452,6 +508,7 @@ MeasureCRTMVersion ( TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString)); return HashLogExtendEvent ( + &mEdkiiTcgPpi, 0, (UINT8*)PcdGetPtr (PcdFirmwareVersionString), TcgEventHdr.EventSize, @@ -651,27 +708,22 @@ MeasureFvImage ( // FV pre-hash algos comply with current TPM hash requirement // Skip hashing step in measure, only extend DigestList to PCR and log event // - Status = Tpm2PcrExtend( - 0, - &DigestList + Status = HashLogExtendEvent ( + &mEdkiiTcgPpi, + EDKII_TCG_PRE_HASH, + (UINT8*) &DigestList, // HashData + (UINTN) sizeof(DigestList), // HashDataLen + &TcgEventHdr, // EventHdr + EventData // EventData ); - - if (!EFI_ERROR(Status)) { - Status = LogHashEvent (&DigestList, &TcgEventHdr, EventData); - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase)); - DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength)); - } else if (Status == EFI_DEVICE_ERROR) { - BuildGuidHob (&gTpmErrorHobGuid,0); - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) - ); - } + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength)); } else { // // Hash the FV, extend digest to the TPM and log TCG event // Status = HashLogExtendEvent ( + &mEdkiiTcgPpi, 0, (UINT8*) (UINTN) FvBase, // HashData (UINTN) FvLength, // HashDataLen @@ -849,6 +901,12 @@ PeimEntryMP ( { EFI_STATUS Status; + // + // install Tcg Services + // + Status = PeiServicesInstallPpi (&mTcgPpiList); + ASSERT_EFI_ERROR (Status); + if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) { Status = MeasureCRTMVersion (); } @@ -893,7 +951,7 @@ MeasureSeparatorEventWithError ( TcgEvent.PCRIndex = PCRIndex; TcgEvent.EventType = EV_SEPARATOR; TcgEvent.EventSize = (UINT32)sizeof (EventData); - return HashLogExtendEvent(0,(UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData); + return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData); } /** diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf index 3d361e8..f64b29f 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -8,7 +8,7 @@ # # This module will initialize TPM device, measure reported FVs and BIOS version. # -# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.
+# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.
# Copyright (c) 2017, Microsoft Corporation. All rights reserved.
# SPDX-License-Identifier: BSD-2-Clause-Patent # @@ -72,6 +72,7 @@ gPeiTpmInitializationDonePpiGuid ## PRODUCES gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## SOMETIMES_CONSUMES + gEdkiiTcgPpiGuid ## PRODUCES [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES -- cgit v1.1