SecurityPkg: Debug code to audit BIOS TPM extend operations

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858 In V2: Fixed patch format and uncrustify cleanup In V1: Add debug functionality to examine TPM extend operations performed by BIOS and inspect the PCR 00 value prior to any BIOS measurements. Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
2021-12-17 10:47:07 +08:00
parent b451c69088
commit 8ed8568922
3 changed files with 222 additions and 10 deletions
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -1,7 +1,7 @@
 /** @file
  Initialize TPM2 device and measure FVs before handing off control to DXE.

-Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
 Copyright (c) 2017, Microsoft Corporation.  All rights reserved. <BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent

@@ -1106,6 +1106,13 @@ PeimEntryMA (
      }
    }

+    DEBUG_CODE_BEGIN ();
+    //
+    // Peek into TPM PCR 00 before any BIOS measurement.
+    //
+    Tpm2PcrReadForActiveBank (00, NULL);
+    DEBUG_CODE_END ();
+
    //
    // Only install TpmInitializedPpi on success
    //