SecurityPkg: Clean up source files
1. Do not use tab characters 2. No trailing white space in one line 3. All files must end with CRLF Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Liming Gao <liming.gao@intel.com>
This commit is contained in:
@@ -1,5 +1,5 @@
|
||||
/** @file
|
||||
The library instance provides security service of TPM measure boot.
|
||||
The library instance provides security service of TPM measure boot.
|
||||
|
||||
Caution: This file requires additional review when modified.
|
||||
This library will have external input - PE/COFF image and GPT partition.
|
||||
@@ -15,13 +15,13 @@
|
||||
TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse
|
||||
partition data carefully.
|
||||
|
||||
Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
which accompanies this distribution. The full text of the license may be found at
|
||||
http://opensource.org/licenses/bsd-license.php
|
||||
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||
|
||||
**/
|
||||
@@ -68,11 +68,11 @@ MEASURED_HOB_DATA *mMeasuredHobData = NULL;
|
||||
|
||||
@param FileHandle Pointer to the file handle to read the PE/COFF image.
|
||||
@param FileOffset Offset into the PE/COFF image to begin the read operation.
|
||||
@param ReadSize On input, the size in bytes of the requested read operation.
|
||||
@param ReadSize On input, the size in bytes of the requested read operation.
|
||||
On output, the number of bytes actually read.
|
||||
@param Buffer Output buffer that contains the data read from the PE/COFF image.
|
||||
|
||||
@retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size
|
||||
|
||||
@retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size
|
||||
**/
|
||||
EFI_STATUS
|
||||
EFIAPI
|
||||
@@ -157,11 +157,11 @@ TcgMeasureGptTable (
|
||||
}
|
||||
//
|
||||
// Read the EFI Partition Table Header
|
||||
//
|
||||
//
|
||||
PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize);
|
||||
if (PrimaryHeader == NULL) {
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
}
|
||||
Status = DiskIo->ReadDisk (
|
||||
DiskIo,
|
||||
BlockIo->Media->MediaId,
|
||||
@@ -173,7 +173,7 @@ TcgMeasureGptTable (
|
||||
DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n"));
|
||||
FreePool (PrimaryHeader);
|
||||
return EFI_DEVICE_ERROR;
|
||||
}
|
||||
}
|
||||
//
|
||||
// Read the partition entry.
|
||||
//
|
||||
@@ -194,7 +194,7 @@ TcgMeasureGptTable (
|
||||
FreePool (EntryPtr);
|
||||
return EFI_DEVICE_ERROR;
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Count the valid partition
|
||||
//
|
||||
@@ -202,15 +202,15 @@ TcgMeasureGptTable (
|
||||
NumberOfPartition = 0;
|
||||
for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) {
|
||||
if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) {
|
||||
NumberOfPartition++;
|
||||
NumberOfPartition++;
|
||||
}
|
||||
PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry);
|
||||
}
|
||||
|
||||
//
|
||||
// Prepare Data for Measurement
|
||||
//
|
||||
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
|
||||
//
|
||||
EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions)
|
||||
+ NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry);
|
||||
TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR));
|
||||
if (TcgEvent == NULL) {
|
||||
@@ -222,11 +222,11 @@ TcgMeasureGptTable (
|
||||
TcgEvent->PCRIndex = 5;
|
||||
TcgEvent->EventType = EV_EFI_GPT_EVENT;
|
||||
TcgEvent->EventSize = EventSize;
|
||||
GptData = (EFI_GPT_DATA *) TcgEvent->Event;
|
||||
GptData = (EFI_GPT_DATA *) TcgEvent->Event;
|
||||
|
||||
//
|
||||
// Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition
|
||||
//
|
||||
//
|
||||
CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER));
|
||||
GptData->NumberOfPartitions = NumberOfPartition;
|
||||
//
|
||||
@@ -278,7 +278,7 @@ TcgMeasureGptTable (
|
||||
PE/COFF image is external input, so this function will validate its data structure
|
||||
within this image buffer before use.
|
||||
|
||||
Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in
|
||||
Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in
|
||||
its caller function DxeTpmMeasureBootHandler().
|
||||
|
||||
@param[in] TcgProtocol Pointer to the located TCG protocol instance.
|
||||
@@ -290,7 +290,7 @@ TcgMeasureGptTable (
|
||||
|
||||
@retval EFI_SUCCESS Successfully measure image.
|
||||
@retval EFI_OUT_OF_RESOURCES No enough resource to measure image.
|
||||
@retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.
|
||||
@retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.
|
||||
@retval other error value
|
||||
|
||||
**/
|
||||
@@ -420,8 +420,8 @@ TcgMeasurePeImage (
|
||||
//
|
||||
if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
|
||||
//
|
||||
// NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
|
||||
// in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
|
||||
// NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
|
||||
// in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
|
||||
// Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
|
||||
// then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
|
||||
//
|
||||
@@ -432,7 +432,7 @@ TcgMeasurePeImage (
|
||||
//
|
||||
Magic = Hdr.Pe32->OptionalHeader.Magic;
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// 3. Calculate the distance from the base of the image header to the image checksum address.
|
||||
// 4. Hash the image header from its base to beginning of the image checksum.
|
||||
@@ -455,7 +455,7 @@ TcgMeasurePeImage (
|
||||
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
|
||||
if (!HashStatus) {
|
||||
goto Finish;
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// 5. Skip over the image checksum (it occupies a single ULONG).
|
||||
@@ -484,7 +484,7 @@ TcgMeasurePeImage (
|
||||
if (!HashStatus) {
|
||||
goto Finish;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
//
|
||||
// 7. Hash everything from the end of the checksum to the start of the Cert Directory.
|
||||
@@ -498,7 +498,7 @@ TcgMeasurePeImage (
|
||||
} else {
|
||||
//
|
||||
// Use PE32+ offset
|
||||
//
|
||||
//
|
||||
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
|
||||
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
|
||||
}
|
||||
@@ -527,7 +527,7 @@ TcgMeasurePeImage (
|
||||
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
|
||||
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
|
||||
}
|
||||
|
||||
|
||||
if (HashSize != 0) {
|
||||
HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize);
|
||||
if (!HashStatus) {
|
||||
@@ -690,27 +690,27 @@ Finish:
|
||||
}
|
||||
|
||||
/**
|
||||
The security handler is used to abstract platform-specific policy
|
||||
from the DXE core response to an attempt to use a file that returns a
|
||||
given status for the authentication check from the section extraction protocol.
|
||||
The security handler is used to abstract platform-specific policy
|
||||
from the DXE core response to an attempt to use a file that returns a
|
||||
given status for the authentication check from the section extraction protocol.
|
||||
|
||||
The possible responses in a given SAP implementation may include locking
|
||||
flash upon failure to authenticate, attestation logging for all signed drivers,
|
||||
and other exception operations. The File parameter allows for possible logging
|
||||
The possible responses in a given SAP implementation may include locking
|
||||
flash upon failure to authenticate, attestation logging for all signed drivers,
|
||||
and other exception operations. The File parameter allows for possible logging
|
||||
within the SAP of the driver.
|
||||
|
||||
If File is NULL, then EFI_INVALID_PARAMETER is returned.
|
||||
|
||||
If the file specified by File with an authentication status specified by
|
||||
If the file specified by File with an authentication status specified by
|
||||
AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.
|
||||
|
||||
If the file specified by File with an authentication status specified by
|
||||
AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
|
||||
If the file specified by File with an authentication status specified by
|
||||
AuthenticationStatus is not safe for the DXE Core to use under any circumstances,
|
||||
then EFI_ACCESS_DENIED is returned.
|
||||
|
||||
If the file specified by File with an authentication status specified by
|
||||
AuthenticationStatus is not safe for the DXE Core to use right now, but it
|
||||
might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
|
||||
If the file specified by File with an authentication status specified by
|
||||
AuthenticationStatus is not safe for the DXE Core to use right now, but it
|
||||
might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is
|
||||
returned.
|
||||
|
||||
@param[in] AuthenticationStatus This is the authentication status returned
|
||||
@@ -764,7 +764,7 @@ DxeTpmMeasureBootHandler (
|
||||
|
||||
ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability);
|
||||
Status = TcgProtocol->StatusCheck (
|
||||
TcgProtocol,
|
||||
TcgProtocol,
|
||||
&ProtocolCapability,
|
||||
&TCGFeatureFlags,
|
||||
&EventLogLocation,
|
||||
@@ -781,7 +781,7 @@ DxeTpmMeasureBootHandler (
|
||||
// Copy File Device Path
|
||||
//
|
||||
OrigDevicePathNode = DuplicateDevicePath (File);
|
||||
|
||||
|
||||
//
|
||||
// 1. Check whether this device path support BlockIo protocol.
|
||||
// Is so, this device path may be a GPT device path.
|
||||
@@ -802,8 +802,8 @@ DxeTpmMeasureBootHandler (
|
||||
DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) {
|
||||
//
|
||||
// Check whether it is a gpt partition or not
|
||||
//
|
||||
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
|
||||
//
|
||||
if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER &&
|
||||
((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) {
|
||||
|
||||
//
|
||||
@@ -838,7 +838,7 @@ DxeTpmMeasureBootHandler (
|
||||
DevicePathNode = NextDevicePathNode (DevicePathNode);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// 2. Measure PE image.
|
||||
//
|
||||
@@ -872,7 +872,7 @@ DxeTpmMeasureBootHandler (
|
||||
TempHandle = Handle;
|
||||
do {
|
||||
Status = gBS->HandleProtocol(
|
||||
TempHandle,
|
||||
TempHandle,
|
||||
&gEfiFirmwareVolumeBlockProtocolGuid,
|
||||
(VOID**)&FvbProtocol
|
||||
);
|
||||
@@ -931,16 +931,16 @@ DxeTpmMeasureBootHandler (
|
||||
//
|
||||
goto Finish;
|
||||
}
|
||||
|
||||
|
||||
//
|
||||
// Measure only application if Application flag is set
|
||||
// Measure drivers and applications if Application flag is not set
|
||||
//
|
||||
if ((!ApplicationRequired) ||
|
||||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
|
||||
if ((!ApplicationRequired) ||
|
||||
(ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) {
|
||||
//
|
||||
// Print the image path to be measured.
|
||||
//
|
||||
//
|
||||
DEBUG_CODE_BEGIN ();
|
||||
CHAR16 *ToText;
|
||||
ToText = ConvertDevicePathToText (
|
||||
@@ -959,10 +959,10 @@ DxeTpmMeasureBootHandler (
|
||||
//
|
||||
Status = TcgMeasurePeImage (
|
||||
TcgProtocol,
|
||||
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,
|
||||
FileSize,
|
||||
(UINTN) ImageContext.ImageAddress,
|
||||
ImageContext.ImageType,
|
||||
(EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer,
|
||||
FileSize,
|
||||
(UINTN) ImageContext.ImageAddress,
|
||||
ImageContext.ImageType,
|
||||
DevicePathNode
|
||||
);
|
||||
}
|
||||
|
Reference in New Issue
Block a user