sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: Apply uncrustify changes

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737

Apply uncrustify changes to .c/.h files in the SecurityPkg package

Cc: Andrew Fish <afish@apple.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Michael Kubacki
2021-12-05 14:54:12 -08:00
committed by mergify[bot]
parent 39de741e2d
commit c411b485b6
185 changed files with 15251 additions and 14419 deletions
Download Patch File Download Diff File Expand all files Collapse all files

105
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c
View File

@@ -12,7 +12,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "TcgMor.h"
UINT8 mMorControl;
UINT8 mMorControl;
/**
Ready to Boot Event notification handler.
@@ -24,8 +24,8 @@ UINT8 mMorControl;
VOID
EFIAPI
OnReadyToBoot (
IN EFI_EVENT Event,
IN VOID *Context
IN EFI_EVENT Event,
IN VOID *Context
)
{
EFI_STATUS Status;
@@ -35,8 +35,9 @@ OnReadyToBoot (
//
// MorControl is expected, directly return to avoid unnecessary variable operation
//
return ;
return;
}
//
// Clear MOR_CLEAR_MEMORY_BIT
//
@@ -45,12 +46,12 @@ OnReadyToBoot (
DataSize = sizeof (mMorControl);
Status = gRT->SetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&mMorControl
);
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&mMorControl
);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "TcgMor: Clear MOR_CLEAR_MEMORY_BIT failure, Status = %r\n", Status));
}
@@ -70,11 +71,10 @@ OnReadyToBoot (
**/
VOID
InitiateTPerReset (
IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp,
IN UINT32 MediaId
IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp,
IN UINT32 MediaId
)
{
EFI_STATUS Status;
UINT8 *Buffer;
UINTN XferSize;
@@ -84,17 +84,17 @@ InitiateTPerReset (
BOOLEAN IeeeFlag;
SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA *Data;
Buffer = NULL;
TcgFlag = FALSE;
IeeeFlag = FALSE;
Buffer = NULL;
TcgFlag = FALSE;
IeeeFlag = FALSE;
//
// ATA8-ACS 7.57.6.1 indicates the Transfer Length field requirements a multiple of 512.
// If the length of the TRUSTED RECEIVE parameter data is greater than the Transfer Length,
// then the device shall return the TRUSTED RECEIVE parameter data truncated to the requested Transfer Length.
//
Len = ROUNDUP512(sizeof(SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA));
Buffer = AllocateZeroPool(Len);
Len = ROUNDUP512 (sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA));
Buffer = AllocateZeroPool (Len);
if (Buffer == NULL) {
return;
@@ -122,17 +122,18 @@ InitiateTPerReset (
// In returned data, the ListLength field indicates the total length, in bytes,
// of the supported security protocol list.
//
Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA*)Buffer;
Len = ROUNDUP512(sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA) +
(Data->SupportedSecurityListLength[0] << 8) +
(Data->SupportedSecurityListLength[1])
);
Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA *)Buffer;
Len = ROUNDUP512 (
sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA) +
(Data->SupportedSecurityListLength[0] << 8) +
(Data->SupportedSecurityListLength[1])
);
//
// Free original buffer and allocate new buffer.
//
FreePool(Buffer);
Buffer = AllocateZeroPool(Len);
FreePool (Buffer);
Buffer = AllocateZeroPool (Len);
if (Buffer == NULL) {
return;
}
@@ -155,7 +156,7 @@ InitiateTPerReset (
goto Exit;
}
Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA*)Buffer;
Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA *)Buffer;
Len = (Data->SupportedSecurityListLength[0] << 8) + Data->SupportedSecurityListLength[1];
//
@@ -219,7 +220,7 @@ InitiateTPerReset (
Exit:
if (Buffer != NULL) {
FreePool(Buffer);
FreePool (Buffer);
}
}
@@ -237,12 +238,12 @@ TPerResetAtEndOfDxe (
IN VOID *Context
)
{
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
EFI_STATUS Status;
UINTN HandleCount;
EFI_HANDLE *HandleBuffer;
UINTN Index;
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp;
EFI_BLOCK_IO_PROTOCOL *BlockIo;
EFI_STATUS Status;
UINTN HandleCount;
EFI_HANDLE *HandleBuffer;
UINTN Index;
//
// Locate all SSP protocol instances.
@@ -262,24 +263,24 @@ TPerResetAtEndOfDxe (
return;
}
for (Index = 0; Index < HandleCount; Index ++) {
for (Index = 0; Index < HandleCount; Index++) {
//
// Get the SSP interface.
//
Status = gBS->HandleProtocol(
Status = gBS->HandleProtocol (
HandleBuffer[Index],
&gEfiStorageSecurityCommandProtocolGuid,
(VOID **) &Ssp
(VOID **)&Ssp
);
if (EFI_ERROR (Status)) {
continue;
}
Status = gBS->HandleProtocol(
Status = gBS->HandleProtocol (
HandleBuffer[Index],
&gEfiBlockIoProtocolGuid,
(VOID **) &BlockIo
(VOID **)&BlockIo
);
if (EFI_ERROR (Status)) {
@@ -317,25 +318,25 @@ MorDriverEntryPoint (
///
DataSize = sizeof (mMorControl);
Status = gRT->GetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
NULL,
&DataSize,
&mMorControl
);
Status = gRT->GetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
NULL,
&DataSize,
&mMorControl
);
if (EFI_ERROR (Status)) {
//
// Set default value to 0
//
mMorControl = 0;
Status = gRT->SetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&mMorControl
);
Status = gRT->SetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&mMorControl
);
DEBUG ((DEBUG_INFO, "TcgMor: Create MOR variable! Status = %r\n", Status));
} else {
//

13
SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h
View File

@@ -28,15 +28,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Refer to ATA8-ACS Spec 7.57.6.2 Table 69 or SPC4 7.7.1.3 Table 511.
//
typedef struct {
UINT8 Reserved1[6];
UINT8 SupportedSecurityListLength[2];
UINT8 SupportedSecurityProtocol[1];
UINT8 Reserved1[6];
UINT8 SupportedSecurityListLength[2];
UINT8 SupportedSecurityProtocol[1];
} SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA;
#define SECURITY_PROTOCOL_TCG 0x02
#define SECURITY_PROTOCOL_IEEE1667 0xEE
#define SECURITY_PROTOCOL_TCG 0x02
#define SECURITY_PROTOCOL_IEEE1667 0xEE
#define ROUNDUP512(x) (((x) % 512 == 0) ? (x) : ((x) / 512 + 1) * 512)
#define ROUNDUP512(x) (((x) % 512 == 0) ? (x) : ((x) / 512 + 1) * 512)
#endif

61
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c
View File

@@ -18,13 +18,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "TcgMorLock.h"
typedef struct {
CHAR16 *VariableName;
EFI_GUID *VendorGuid;
CHAR16 *VariableName;
EFI_GUID *VendorGuid;
} VARIABLE_TYPE;
VARIABLE_TYPE mMorVariableType[] = {
{MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid},
{MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid},
{ MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid },
{ MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid },
};
/**
@@ -38,18 +38,20 @@ VARIABLE_TYPE mMorVariableType[] = {
**/
BOOLEAN
IsAnyMorVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
)
{
UINTN Index;
UINTN Index;
for (Index = 0; Index < sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) {
for (Index = 0; Index < sizeof (mMorVariableType)/sizeof (mMorVariableType[0]); Index++) {
if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) &&
(CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) {
(CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid)))
{
return TRUE;
}
}
return FALSE;
}
@@ -64,14 +66,16 @@ IsAnyMorVariable (
**/
BOOLEAN
IsMorLockVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid
)
{
if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) &&
(CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) {
(CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid)))
{
return TRUE;
}
return FALSE;
}
@@ -104,11 +108,11 @@ IsMorLockVariable (
EFI_STATUS
EFIAPI
SetVariableCheckHandlerMor (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
)
{
UINTN MorLockDataSize;
@@ -122,14 +126,14 @@ SetVariableCheckHandlerMor (
return EFI_SUCCESS;
}
MorLockDataSize = sizeof(MorLock);
Status = InternalGetVariable (
MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
&gEfiMemoryOverwriteRequestControlLockGuid,
NULL,
&MorLockDataSize,
&MorLock
);
MorLockDataSize = sizeof (MorLock);
Status = InternalGetVariable (
MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
&gEfiMemoryOverwriteRequestControlLockGuid,
NULL,
&MorLockDataSize,
&MorLock
);
if (!EFI_ERROR (Status) && MorLock) {
//
// If lock, deny access
@@ -140,14 +144,14 @@ SetVariableCheckHandlerMor (
//
// Delete not OK
//
if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) {
if ((DataSize != sizeof (UINT8)) || (Data == NULL) || (Attributes == 0)) {
return EFI_INVALID_PARAMETER;
}
//
// check format
//
if (IsMorLockVariable(VariableName, VendorGuid)) {
if (IsMorLockVariable (VariableName, VendorGuid)) {
//
// set to any other value not OK
//
@@ -155,6 +159,7 @@ SetVariableCheckHandlerMor (
return EFI_INVALID_PARAMETER;
}
}
//
// Or grant access
//
@@ -179,7 +184,7 @@ MorLockDriverInit (
EFI_STATUS Status;
UINT8 Data;
Data = 0;
Data = 0;
Status = InternalSetVariable (
MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME,
&gEfiMemoryOverwriteRequestControlLockGuid,

30
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h
View File

@@ -34,11 +34,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
InternalGetVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT UINT32 *Attributes OPTIONAL,
IN OUT UINTN *DataSize,
OUT VOID *Data
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT UINT32 *Attributes OPTIONAL,
IN OUT UINTN *DataSize,
OUT VOID *Data
);
/**
@@ -70,11 +70,11 @@ InternalGetVariable (
EFI_STATUS
EFIAPI
InternalSetVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
);
/**
@@ -106,11 +106,11 @@ InternalSetVariable (
EFI_STATUS
EFIAPI
SetVariableCheckHandlerMor (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
);
/**

42
SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c
View File

@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Protocol/SmmVariable.h>
#include "TcgMorLock.h"
EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
/**
This service is a wrapper for the UEFI Runtime Service GetVariable().
@@ -40,11 +40,11 @@ EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable;
EFI_STATUS
EFIAPI
InternalGetVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT UINT32 *Attributes OPTIONAL,
IN OUT UINTN *DataSize,
OUT VOID *Data
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
OUT UINT32 *Attributes OPTIONAL,
IN OUT UINTN *DataSize,
OUT VOID *Data
)
{
return mSmmVariable->SmmGetVariable (
@@ -85,11 +85,11 @@ InternalGetVariable (
EFI_STATUS
EFIAPI
InternalSetVariable (
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
IN CHAR16 *VariableName,
IN EFI_GUID *VendorGuid,
IN UINT32 Attributes,
IN UINTN DataSize,
IN VOID *Data
)
{
return mSmmVariable->SmmSetVariable (
@@ -113,8 +113,8 @@ InternalSetVariable (
EFI_STATUS
EFIAPI
MorLockDriverEntryPointSmm (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
@@ -126,17 +126,17 @@ MorLockDriverEntryPointSmm (
DEBUG ((DEBUG_INFO, "MorLockDriverEntryPointSmm\n"));
Status = gSmst->SmmLocateProtocol (
&gEfiSmmVariableProtocolGuid,
NULL,
(VOID **) &mSmmVariable
);
&gEfiSmmVariableProtocolGuid,
NULL,
(VOID **)&mSmmVariable
);
ASSERT_EFI_ERROR (Status);
Status = gSmst->SmmLocateProtocol (
&gEdkiiSmmVarCheckProtocolGuid,
NULL,
(VOID **) &SmmVarCheck
);
&gEdkiiSmmVarCheckProtocolGuid,
NULL,
(VOID **)&SmmVarCheck
);
ASSERT_EFI_ERROR (Status);
Status = MorLockDriverInit ();

92
SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c
View File

@@ -20,18 +20,17 @@ GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME_PROTOCOL gOpalComponentName =
//
// EFI Component Name 2 Protocol
//
GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2 = {
GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2 = {
OpalEfiDriverComponentName2GetDriverName,
OpalEfiDriverComponentName2GetControllerName,
"en"
};
/// The name of the driver in all the languages we support.
GLOBAL_REMOVE_IF_UNREFERENCED EFI_UNICODE_STRING_TABLE mOpalDriverNameTable[] = {
{ LANGUAGE_RFC_3066_ENGLISH, (CHAR16*)EFI_DRIVER_NAME_UNICODE },
{ LANGUAGE_ISO_639_2_ENGLISH, (CHAR16*)EFI_DRIVER_NAME_UNICODE },
{ 0, 0 }
GLOBAL_REMOVE_IF_UNREFERENCED EFI_UNICODE_STRING_TABLE mOpalDriverNameTable[] = {
{ LANGUAGE_RFC_3066_ENGLISH, (CHAR16 *)EFI_DRIVER_NAME_UNICODE },
{ LANGUAGE_ISO_639_2_ENGLISH, (CHAR16 *)EFI_DRIVER_NAME_UNICODE },
{ 0, 0 }
};
/**
@@ -75,19 +74,19 @@ GLOBAL_REMOVE_IF_UNREFERENCED EFI_UNICODE_STRING_TABLE mOpalDriverNameTable[] =
**/
EFI_STATUS
EFIAPI
OpalEfiDriverComponentNameGetDriverName(
EFI_COMPONENT_NAME_PROTOCOL* This,
CHAR8* Language,
CHAR16** DriverName
OpalEfiDriverComponentNameGetDriverName (
EFI_COMPONENT_NAME_PROTOCOL *This,
CHAR8 *Language,
CHAR16 **DriverName
)
{
return LookupUnicodeString2(
Language,
This->SupportedLanguages,
mOpalDriverNameTable,
DriverName,
TRUE
);
return LookupUnicodeString2 (
Language,
This->SupportedLanguages,
mOpalDriverNameTable,
DriverName,
TRUE
);
}
/**
@@ -131,19 +130,19 @@ OpalEfiDriverComponentNameGetDriverName(
**/
EFI_STATUS
EFIAPI
OpalEfiDriverComponentName2GetDriverName(
EFI_COMPONENT_NAME2_PROTOCOL* This,
CHAR8* Language,
CHAR16** DriverName
OpalEfiDriverComponentName2GetDriverName (
EFI_COMPONENT_NAME2_PROTOCOL *This,
CHAR8 *Language,
CHAR16 **DriverName
)
{
return LookupUnicodeString2(
Language,
This->SupportedLanguages,
mOpalDriverNameTable,
DriverName,
FALSE
);
return LookupUnicodeString2 (
Language,
This->SupportedLanguages,
mOpalDriverNameTable,
DriverName,
FALSE
);
}
/**
@@ -213,14 +212,14 @@ OpalEfiDriverComponentName2GetDriverName(
**/
EFI_STATUS
GetControllerName(
GetControllerName (
EFI_HANDLE ControllerHandle,
EFI_HANDLE ChildHandle,
CHAR8* Language,
CHAR16** ControllerName
CHAR8 *Language,
CHAR16 **ControllerName
)
{
if (Language == NULL || ControllerName == NULL || ControllerHandle == NULL) {
if ((Language == NULL) || (ControllerName == NULL) || (ControllerHandle == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -298,15 +297,15 @@ GetControllerName(
**/
EFI_STATUS
EFIAPI
OpalEfiDriverComponentNameGetControllerName(
EFI_COMPONENT_NAME_PROTOCOL* This,
EFI_HANDLE ControllerHandle,
EFI_HANDLE ChildHandle,
CHAR8* Language,
CHAR16** ControllerName
OpalEfiDriverComponentNameGetControllerName (
EFI_COMPONENT_NAME_PROTOCOL *This,
EFI_HANDLE ControllerHandle,
EFI_HANDLE ChildHandle,
CHAR8 *Language,
CHAR16 **ControllerName
)
{
return (GetControllerName( ControllerHandle, ChildHandle, Language, ControllerName));
return (GetControllerName (ControllerHandle, ChildHandle, Language, ControllerName));
}
/**
@@ -379,14 +378,13 @@ OpalEfiDriverComponentNameGetControllerName(
**/
EFI_STATUS
EFIAPI
OpalEfiDriverComponentName2GetControllerName(
EFI_COMPONENT_NAME2_PROTOCOL* This,
EFI_HANDLE ControllerHandle,
EFI_HANDLE ChildHandle,
CHAR8* Language,
CHAR16** ControllerName
OpalEfiDriverComponentName2GetControllerName (
EFI_COMPONENT_NAME2_PROTOCOL *This,
EFI_HANDLE ControllerHandle,
EFI_HANDLE ChildHandle,
CHAR8 *Language,
CHAR16 **ControllerName
)
{
return (GetControllerName(ControllerHandle, ChildHandle, Language, ControllerName));
return (GetControllerName (ControllerHandle, ChildHandle, Language, ControllerName));
}

1468
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c
View File

File diff suppressed because it is too large Load Diff

239
SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h
View File

@@ -44,37 +44,37 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "OpalPasswordCommon.h"
#include "OpalHiiFormValues.h"
#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"
#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver"
// UEFI 2.1
#define LANGUAGE_RFC_3066_ENGLISH ((CHAR8*)"en")
#define LANGUAGE_RFC_3066_ENGLISH ((CHAR8*)"en")
// UEFI/EFI < 2.1
#define LANGUAGE_ISO_639_2_ENGLISH ((CHAR8*)"eng")
#define LANGUAGE_ISO_639_2_ENGLISH ((CHAR8*)"eng")
#define CONCAT_(x, y) x ## y
#define CONCAT(x, y) CONCAT_(x, y)
#define CONCAT_(x, y) x ## y
#define CONCAT(x, y) CONCAT_(x, y)
#define UNICODE_STR(x) CONCAT( L, x )
#define UNICODE_STR(x) CONCAT( L, x )
extern EFI_DRIVER_BINDING_PROTOCOL gOpalDriverBinding;
extern EFI_COMPONENT_NAME_PROTOCOL gOpalComponentName;
extern EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2;
#define OPAL_MSID_LENGTH 128
#define OPAL_MSID_LENGTH 128
#define MAX_PASSWORD_TRY_COUNT 5
// PSID Length
#define PSID_CHARACTER_LENGTH 0x20
#define MAX_PSID_TRY_COUNT 5
#define PSID_CHARACTER_LENGTH 0x20
#define MAX_PSID_TRY_COUNT 5
//
// The max timeout value assume the user can wait for the revert action. The unit of this macro is second.
// If the revert time value bigger than this one, driver needs to popup a dialog to let user confirm the
// revert action.
//
#define MAX_ACCEPTABLE_REVERTING_TIME 10
#define MAX_ACCEPTABLE_REVERTING_TIME 10
#pragma pack(1)
@@ -84,66 +84,66 @@ extern EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2;
// by the consumer of this library.
//
typedef struct {
//
// Indicates if the disk can support PSID Revert action. should verify disk supports PSID authority
//
UINT16 PsidRevert : 1;
//
// Indicates if the disk can support PSID Revert action. should verify disk supports PSID authority
//
UINT16 PsidRevert : 1;
//
// Indicates if the disk can support Revert action
//
UINT16 Revert : 1;
//
// Indicates if the disk can support Revert action
//
UINT16 Revert : 1;
//
// Indicates if the user must keep data for revert action. It is true if no media encryption is supported.
//
UINT16 RevertKeepDataForced : 1;
//
// Indicates if the user must keep data for revert action. It is true if no media encryption is supported.
//
UINT16 RevertKeepDataForced : 1;
//
// Indicates if the disk can support set Admin password
//
UINT16 AdminPass : 1;
//
// Indicates if the disk can support set Admin password
//
UINT16 AdminPass : 1;
//
// Indicates if the disk can support set User password. This action requires that a user
// password is first enabled.
//
UINT16 UserPass : 1;
//
// Indicates if the disk can support set User password. This action requires that a user
// password is first enabled.
//
UINT16 UserPass : 1;
//
// Indicates if unlock action is available. Requires disk to be currently locked.
//
UINT16 Unlock : 1;
//
// Indicates if unlock action is available. Requires disk to be currently locked.
//
UINT16 Unlock : 1;
//
// Indicates if Secure Erase action is available. Action requires admin credentials and media encryption support.
//
UINT16 SecureErase : 1;
//
// Indicates if Secure Erase action is available. Action requires admin credentials and media encryption support.
//
UINT16 SecureErase : 1;
//
// Indicates if Disable User action is available. Action requires admin credentials.
//
UINT16 DisableUser : 1;
//
// Indicates if Disable User action is available. Action requires admin credentials.
//
UINT16 DisableUser : 1;
} OPAL_DISK_ACTIONS;
//
// Structure that is used to represent an OPAL_DISK.
//
typedef struct {
UINT32 MsidLength; // Byte length of MSID Pin for device
UINT8 Msid[OPAL_MSID_LENGTH]; // MSID Pin for device
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp;
UINT32 MediaId; // MediaId is used by Ssc Protocol.
EFI_DEVICE_PATH_PROTOCOL *OpalDevicePath;
UINT16 OpalBaseComId; // Opal SSC 1 base com id.
OPAL_OWNER_SHIP Owner;
OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes;
TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature; // Locking Feature Descriptor retrieved from performing a Level 0 Discovery
UINT8 PasswordLength;
UINT8 Password[OPAL_MAX_PASSWORD_SIZE];
UINT32 MsidLength; // Byte length of MSID Pin for device
UINT8 Msid[OPAL_MSID_LENGTH]; // MSID Pin for device
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp;
UINT32 MediaId; // MediaId is used by Ssc Protocol.
EFI_DEVICE_PATH_PROTOCOL *OpalDevicePath;
UINT16 OpalBaseComId; // Opal SSC 1 base com id.
OPAL_OWNER_SHIP Owner;
OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes;
TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature; // Locking Feature Descriptor retrieved from performing a Level 0 Discovery
UINT8 PasswordLength;
UINT8 Password[OPAL_MAX_PASSWORD_SIZE];
UINT32 EstimateTimeCost;
BOOLEAN SentBlockSID; // Check whether BlockSid command has been sent.
UINT32 EstimateTimeCost;
BOOLEAN SentBlockSID; // Check whether BlockSid command has been sent.
} OPAL_DISK;
//
@@ -152,23 +152,23 @@ typedef struct {
typedef struct _OPAL_DRIVER_DEVICE OPAL_DRIVER_DEVICE;
struct _OPAL_DRIVER_DEVICE {
OPAL_DRIVER_DEVICE *Next; ///< Linked list pointer
EFI_HANDLE Handle; ///< Device handle
OPAL_DISK OpalDisk; ///< User context
CHAR16 *Name16; ///< Allocated/freed by UEFI Filter Driver at device creation/removal
CHAR8 *NameZ; ///< Allocated/freed by UEFI Filter Driver at device creation/removal
UINT32 MediaId; ///< Required parameter for EFI_STORAGE_SECURITY_COMMAND_PROTOCOL, from BLOCK_IO_MEDIA
OPAL_DRIVER_DEVICE *Next; ///< Linked list pointer
EFI_HANDLE Handle; ///< Device handle
OPAL_DISK OpalDisk; ///< User context
CHAR16 *Name16; ///< Allocated/freed by UEFI Filter Driver at device creation/removal
CHAR8 *NameZ; ///< Allocated/freed by UEFI Filter Driver at device creation/removal
UINT32 MediaId; ///< Required parameter for EFI_STORAGE_SECURITY_COMMAND_PROTOCOL, from BLOCK_IO_MEDIA
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; /// Device protocols consumed
EFI_DEVICE_PATH_PROTOCOL *OpalDevicePath;
EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; /// Device protocols consumed
EFI_DEVICE_PATH_PROTOCOL *OpalDevicePath;
};
//
// Opal Driver UEFI Driver Model
//
typedef struct {
EFI_HANDLE Handle; ///< Driver image handle
OPAL_DRIVER_DEVICE *DeviceList; ///< Linked list of controllers owned by this Driver
EFI_HANDLE Handle; ///< Driver image handle
OPAL_DRIVER_DEVICE *DeviceList; ///< Linked list of controllers owned by this Driver
} OPAL_DRIVER;
#pragma pack()
@@ -176,15 +176,15 @@ typedef struct {
//
// Retrieves a OPAL_DRIVER_DEVICE based on the pointer to its StorageSecurity protocol.
//
#define DRIVER_DEVICE_FROM_OPALDISK(OpalDiskPointer) (OPAL_DRIVER_DEVICE*)(BASE_CR(OpalDiskPointer, OPAL_DRIVER_DEVICE, OpalDisk))
#define DRIVER_DEVICE_FROM_OPALDISK(OpalDiskPointer) (OPAL_DRIVER_DEVICE*)(BASE_CR(OpalDiskPointer, OPAL_DRIVER_DEVICE, OpalDisk))
/**
Get devcie list info.
@retval return the device list pointer.
**/
OPAL_DRIVER_DEVICE*
OpalDriverGetDeviceList(
OPAL_DRIVER_DEVICE *
OpalDriverGetDeviceList (
VOID
);
@@ -197,8 +197,8 @@ OpalDriverGetDeviceList(
@retval FALSE Not found the name for this device.
**/
BOOLEAN
OpalDriverGetDriverDeviceName(
OPAL_DRIVER_DEVICE *Dev
OpalDriverGetDriverDeviceName (
OPAL_DRIVER_DEVICE *Dev
);
/**
@@ -222,9 +222,9 @@ GetDeviceCount (
**/
VOID
OpalSupportUpdatePassword (
IN OUT OPAL_DISK *OpalDisk,
IN VOID *Password,
IN UINT32 PasswordLength
IN OUT OPAL_DISK *OpalDisk,
IN VOID *Password,
IN UINT32 PasswordLength
);
/**
@@ -239,11 +239,11 @@ OpalSupportUpdatePassword (
**/
TCG_RESULT
EFIAPI
OpalSupportGetAvailableActions(
IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature,
IN UINT16 OwnerShip,
OUT OPAL_DISK_ACTIONS *AvalDiskActions
OpalSupportGetAvailableActions (
IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes,
IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature,
IN UINT16 OwnerShip,
OUT OPAL_DISK_ACTIONS *AvalDiskActions
);
/**
@@ -259,11 +259,11 @@ OpalSupportGetAvailableActions(
TCG_RESULT
EFIAPI
OpalSupportEnableOpalFeature (
IN OPAL_SESSION *Session,
IN VOID *Msid,
IN UINT32 MsidLength,
IN VOID *Password,
IN UINT32 PassLength
IN OPAL_SESSION *Session,
IN VOID *Msid,
IN UINT32 MsidLength,
IN VOID *Password,
IN UINT32 PassLength
);
/**
@@ -276,11 +276,10 @@ OpalSupportEnableOpalFeature (
**/
EFI_STATUS
EFIAPI
EfiDriverUnload(
EFI_HANDLE ImageHandle
EfiDriverUnload (
EFI_HANDLE ImageHandle
);
/**
Test to see if this driver supports Controller.
@@ -296,10 +295,10 @@ EfiDriverUnload(
**/
EFI_STATUS
EFIAPI
OpalEfiDriverBindingSupported(
EFI_DRIVER_BINDING_PROTOCOL* This,
EFI_HANDLE Controller,
EFI_DEVICE_PATH_PROTOCOL* RemainingDevicePath
OpalEfiDriverBindingSupported (
EFI_DRIVER_BINDING_PROTOCOL *This,
EFI_HANDLE Controller,
EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath
);
/**
@@ -335,10 +334,10 @@ OpalEfiDriverBindingSupported(
**/
EFI_STATUS
EFIAPI
OpalEfiDriverBindingStart(
EFI_DRIVER_BINDING_PROTOCOL* This,
EFI_HANDLE Controller,
EFI_DEVICE_PATH_PROTOCOL* RemainingDevicePath
OpalEfiDriverBindingStart (
EFI_DRIVER_BINDING_PROTOCOL *This,
EFI_HANDLE Controller,
EFI_DEVICE_PATH_PROTOCOL *RemainingDevicePath
);
/**
@@ -356,11 +355,11 @@ OpalEfiDriverBindingStart(
**/
EFI_STATUS
EFIAPI
OpalEfiDriverBindingStop(
EFI_DRIVER_BINDING_PROTOCOL* This,
EFI_HANDLE Controller,
UINTN NumberOfChildren,
EFI_HANDLE* ChildHandleBuffer
OpalEfiDriverBindingStop (
EFI_DRIVER_BINDING_PROTOCOL *This,
EFI_HANDLE Controller,
UINTN NumberOfChildren,
EFI_HANDLE *ChildHandleBuffer
);
/**
@@ -404,10 +403,10 @@ OpalEfiDriverBindingStop(
**/
EFI_STATUS
EFIAPI
OpalEfiDriverComponentNameGetDriverName(
EFI_COMPONENT_NAME_PROTOCOL* This,
CHAR8* Language,
CHAR16** DriverName
OpalEfiDriverComponentNameGetDriverName (
EFI_COMPONENT_NAME_PROTOCOL *This,
CHAR8 *Language,
CHAR16 **DriverName
);
/**
@@ -480,12 +479,12 @@ OpalEfiDriverComponentNameGetDriverName(
**/
EFI_STATUS
EFIAPI
OpalEfiDriverComponentNameGetControllerName(
EFI_COMPONENT_NAME_PROTOCOL* This,
EFI_HANDLE ControllerHandle,
EFI_HANDLE ChildHandle,
CHAR8* Language,
CHAR16** ControllerName
OpalEfiDriverComponentNameGetControllerName (
EFI_COMPONENT_NAME_PROTOCOL *This,
EFI_HANDLE ControllerHandle,
EFI_HANDLE ChildHandle,
CHAR8 *Language,
CHAR16 **ControllerName
);
/**
@@ -529,10 +528,10 @@ OpalEfiDriverComponentNameGetControllerName(
**/
EFI_STATUS
EFIAPI
OpalEfiDriverComponentName2GetDriverName(
EFI_COMPONENT_NAME2_PROTOCOL* This,
CHAR8* Language,
CHAR16** DriverName
OpalEfiDriverComponentName2GetDriverName (
EFI_COMPONENT_NAME2_PROTOCOL *This,
CHAR8 *Language,
CHAR16 **DriverName
);
/**
@@ -605,12 +604,12 @@ OpalEfiDriverComponentName2GetDriverName(
**/
EFI_STATUS
EFIAPI
OpalEfiDriverComponentName2GetControllerName(
EFI_COMPONENT_NAME2_PROTOCOL* This,
EFI_HANDLE ControllerHandle,
EFI_HANDLE ChildHandle,
CHAR8* Language,
CHAR16** ControllerName
OpalEfiDriverComponentName2GetControllerName (
EFI_COMPONENT_NAME2_PROTOCOL *This,
EFI_HANDLE ControllerHandle,
EFI_HANDLE ChildHandle,
CHAR8 *Language,
CHAR16 **ControllerName
);
#endif //_OPAL_DRIVER_H_

592
SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c
View File

File diff suppressed because it is too large Load Diff

108
SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.h
View File

@@ -20,35 +20,35 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
0x0d510a4f, 0xa81b, 0x473f, { 0x87, 0x07, 0xb7, 0xfd, 0xfb, 0xc0, 0x45, 0xba } \
}
#define OPAL_REQUEST_VARIABLE_NAME L"OpalRequest"
#define OPAL_REQUEST_VARIABLE_NAME L"OpalRequest"
#pragma pack(1)
typedef struct {
UINT32 Length;
OPAL_REQUEST OpalRequest;
//EFI_DEVICE_PATH_PROTOCOL OpalDevicePath;
UINT32 Length;
OPAL_REQUEST OpalRequest;
// EFI_DEVICE_PATH_PROTOCOL OpalDevicePath;
} OPAL_REQUEST_VARIABLE;
typedef struct {
UINT16 Id: HII_KEY_ID_BITS;
UINT16 Index: HII_KEY_INDEX_BITS;
UINT16 Flag: HII_KEY_FLAG_BITS;
UINT16 Id : HII_KEY_ID_BITS;
UINT16 Index : HII_KEY_INDEX_BITS;
UINT16 Flag : HII_KEY_FLAG_BITS;
} KEY_BITS;
typedef union {
UINT16 Raw;
KEY_BITS KeyBits;
UINT16 Raw;
KEY_BITS KeyBits;
} HII_KEY;
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
#pragma pack()
extern const EFI_GUID gHiiSetupVariableGuid;
extern const EFI_GUID gHiiSetupVariableGuid;
/**
This function processes the results of changes in configuration.
@@ -70,10 +70,10 @@ extern const EFI_GUID gHiiSetupVariableGuid;
**/
EFI_STATUS
EFIAPI
RouteConfig(
CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
CONST EFI_STRING Configuration,
EFI_STRING *Progress
RouteConfig (
CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
CONST EFI_STRING Configuration,
EFI_STRING *Progress
);
/**
@@ -104,11 +104,11 @@ RouteConfig(
**/
EFI_STATUS
EFIAPI
ExtractConfig(
CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
CONST EFI_STRING Request,
EFI_STRING *Progress,
EFI_STRING *Results
ExtractConfig (
CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
CONST EFI_STRING Request,
EFI_STRING *Progress,
EFI_STRING *Results
);
/**
@@ -135,13 +135,13 @@ ExtractConfig(
**/
EFI_STATUS
EFIAPI
DriverCallback(
CONST EFI_HII_CONFIG_ACCESS_PROTOCOL* This,
EFI_BROWSER_ACTION Action,
EFI_QUESTION_ID QuestionId,
UINT8 Type,
EFI_IFR_TYPE_VALUE* Value,
EFI_BROWSER_ACTION_REQUEST* ActionRequest
DriverCallback (
CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
EFI_BROWSER_ACTION Action,
EFI_QUESTION_ID QuestionId,
UINT8 Type,
EFI_IFR_TYPE_VALUE *Value,
EFI_BROWSER_ACTION_REQUEST *ActionRequest
);
/**
@@ -171,7 +171,7 @@ OpalHiiGetBrowserData (
**/
EFI_STATUS
HiiPopulateDiskInfoForm(
HiiPopulateDiskInfoForm (
VOID
);
@@ -184,8 +184,8 @@ HiiPopulateDiskInfoForm(
**/
EFI_STATUS
HiiSelectDisk(
UINT8 Index
HiiSelectDisk (
UINT8 Index
);
/**
@@ -198,8 +198,8 @@ HiiSelectDisk(
**/
EFI_STATUS
HiiPasswordEntered(
EFI_STRING_ID Str
HiiPasswordEntered (
EFI_STRING_ID Str
);
/**
@@ -213,7 +213,7 @@ HiiPasswordEntered(
**/
EFI_STATUS
HiiSetBlockSidAction (
UINT32 PpRequest
UINT32 PpRequest
);
/**
@@ -225,8 +225,8 @@ HiiSetBlockSidAction (
**/
EFI_STATUS
HiiPsidRevert(
EFI_STRING_ID PsidStringId
HiiPsidRevert (
EFI_STRING_ID PsidStringId
);
/**
@@ -238,8 +238,8 @@ HiiPsidRevert(
**/
EFI_STRING_ID
GetDiskNameStringId(
UINT8 DiskIndex
GetDiskNameStringId (
UINT8 DiskIndex
);
/**
@@ -254,7 +254,7 @@ GetDiskNameStringId(
**/
EFI_STATUS
OpalDiskUpdateStatus (
OPAL_DISK *OpalDisk
OPAL_DISK *OpalDisk
);
/**
@@ -264,7 +264,7 @@ OpalDiskUpdateStatus (
**/
EFI_HANDLE
HiiGetDriverImageHandleCB(
HiiGetDriverImageHandleCB (
VOID
);
@@ -275,7 +275,7 @@ HiiGetDriverImageHandleCB(
@retval EFI_OUT_OF_RESOURCES Out of resource error.
**/
EFI_STATUS
OpalHiiAddPackages(
OpalHiiAddPackages (
VOID
);
@@ -287,9 +287,9 @@ OpalHiiAddPackages(
@retval The device pointer.
**/
OPAL_DISK*
HiiGetOpalDiskCB(
UINT8 DiskIndex
OPAL_DISK *
HiiGetOpalDiskCB (
UINT8 DiskIndex
);
/**
@@ -300,9 +300,9 @@ HiiGetOpalDiskCB(
@retval Returns the disk name.
**/
CHAR8*
HiiDiskGetNameCB(
UINT8 DiskIndex
CHAR8 *
HiiDiskGetNameCB (
UINT8 DiskIndex
);
/**
@@ -316,9 +316,9 @@ HiiDiskGetNameCB(
**/
EFI_STATUS
HiiSetFormString(
EFI_STRING_ID DestStringId,
CHAR8 *SrcAsciiStr
HiiSetFormString (
EFI_STRING_ID DestStringId,
CHAR8 *SrcAsciiStr
);
/**
@@ -328,7 +328,7 @@ HiiSetFormString(
@retval other Error occur when install the resources.
**/
EFI_STATUS
HiiInstall(
HiiInstall (
VOID
);
@@ -339,7 +339,7 @@ HiiInstall(
@retval others Other errors occur when unistall the hii resource.
**/
EFI_STATUS
HiiUninstall(
HiiUninstall (
VOID
);
@@ -354,7 +354,7 @@ HiiUninstall(
**/
EFI_STATUS
OpalDiskInitialize (
IN OPAL_DRIVER_DEVICE *Dev
IN OPAL_DRIVER_DEVICE *Dev
);
/**
@@ -369,7 +369,7 @@ OpalDiskInitialize (
**/
EFI_STATUS
OpalDiskUpdateOwnerShip (
OPAL_DISK *OpalDisk
OPAL_DISK *OpalDisk
);
#endif // _HII_H_

38
SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c
View File

@@ -16,7 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
EFI_HANDLE
HiiGetDriverImageHandleCB(
HiiGetDriverImageHandleCB (
VOID
)
{
@@ -32,17 +32,17 @@ HiiGetDriverImageHandleCB(
**/
VOID *
HiiGetDiskContextCB(
UINT8 DiskIndex
HiiGetDiskContextCB (
UINT8 DiskIndex
)
{
OPAL_DRIVER_DEVICE* Dev;
UINT8 CurrentDisk;
OPAL_DRIVER_DEVICE *Dev;
UINT8 CurrentDisk;
Dev = OpalDriverGetDeviceList();
Dev = OpalDriverGetDeviceList ();
CurrentDisk = 0;
if (DiskIndex >= GetDeviceCount()) {
if (DiskIndex >= GetDeviceCount ()) {
return NULL;
}
@@ -66,13 +66,13 @@ HiiGetDiskContextCB(
@retval The device pointer.
**/
OPAL_DISK*
HiiGetOpalDiskCB(
UINT8 DiskIndex
OPAL_DISK *
HiiGetOpalDiskCB (
UINT8 DiskIndex
)
{
VOID *Ctx;
OPAL_DRIVER_DEVICE *Tmp;
VOID *Ctx;
OPAL_DRIVER_DEVICE *Tmp;
Ctx = HiiGetDiskContextCB (DiskIndex);
@@ -80,7 +80,7 @@ HiiGetOpalDiskCB(
return NULL;
}
Tmp = (OPAL_DRIVER_DEVICE*) Ctx;
Tmp = (OPAL_DRIVER_DEVICE *)Ctx;
return &Tmp->OpalDisk;
}
@@ -93,20 +93,22 @@ HiiGetOpalDiskCB(
@retval Returns the disk name.
**/
CHAR8*
HiiDiskGetNameCB(
UINT8 DiskIndex
CHAR8 *
HiiDiskGetNameCB (
UINT8 DiskIndex
)
{
OPAL_DRIVER_DEVICE* Ctx;
OPAL_DRIVER_DEVICE *Ctx;
Ctx = (OPAL_DRIVER_DEVICE*) HiiGetDiskContextCB (DiskIndex);
Ctx = (OPAL_DRIVER_DEVICE *)HiiGetDiskContextCB (DiskIndex);
if (Ctx != NULL) {
if (Ctx->NameZ == NULL) {
OpalDriverGetDriverDeviceName (Ctx);
}
return Ctx->NameZ;
}
return NULL;
}

90
SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormValues.h
View File

@@ -6,28 +6,27 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#ifndef _OPAL_HII_FORM_VALUES_H_
#define _OPAL_HII_FORM_VALUES_H_
// ID's for various forms that will be used by HII
#define FORMID_VALUE_MAIN_MENU 0x01
#define FORMID_VALUE_DISK_INFO_FORM_MAIN 0x02
#define FORMID_VALUE_MAIN_MENU 0x01
#define FORMID_VALUE_DISK_INFO_FORM_MAIN 0x02
#pragma pack(1)
typedef struct {
UINT16 Lock:1;
UINT16 Unlock:1;
UINT16 SetAdminPwd:1;
UINT16 SetUserPwd:1;
UINT16 SecureErase:1;
UINT16 Revert:1;
UINT16 PsidRevert:1;
UINT16 DisableUser:1;
UINT16 DisableFeature:1;
UINT16 EnableFeature:1;
UINT16 Reserved:5;
UINT16 KeepUserData:1;
UINT16 Lock : 1;
UINT16 Unlock : 1;
UINT16 SetAdminPwd : 1;
UINT16 SetUserPwd : 1;
UINT16 SecureErase : 1;
UINT16 Revert : 1;
UINT16 PsidRevert : 1;
UINT16 DisableUser : 1;
UINT16 DisableFeature : 1;
UINT16 EnableFeature : 1;
UINT16 Reserved : 5;
UINT16 KeepUserData : 1;
} OPAL_REQUEST;
typedef struct {
@@ -43,17 +42,17 @@ typedef struct {
#pragma pack()
/* Action Flags */
#define HII_ACTION_NONE 0x0000
#define HII_ACTION_LOCK 0x0001
#define HII_ACTION_UNLOCK 0x0002
#define HII_ACTION_SET_ADMIN_PWD 0x0004
#define HII_ACTION_SET_USER_PWD 0x0008
#define HII_ACTION_SECURE_ERASE 0x0010
#define HII_ACTION_REVERT 0x0020
#define HII_ACTION_PSID_REVERT 0x0040
#define HII_ACTION_DISABLE_USER 0x0080
#define HII_ACTION_DISABLE_FEATURE 0x0100
#define HII_ACTION_ENABLE_FEATURE 0x0200
#define HII_ACTION_NONE 0x0000
#define HII_ACTION_LOCK 0x0001
#define HII_ACTION_UNLOCK 0x0002
#define HII_ACTION_SET_ADMIN_PWD 0x0004
#define HII_ACTION_SET_USER_PWD 0x0008
#define HII_ACTION_SECURE_ERASE 0x0010
#define HII_ACTION_REVERT 0x0020
#define HII_ACTION_PSID_REVERT 0x0040
#define HII_ACTION_DISABLE_USER 0x0080
#define HII_ACTION_DISABLE_FEATURE 0x0100
#define HII_ACTION_ENABLE_FEATURE 0x0200
/* Number of bits allocated for each part of a unique key for an HII_ITEM
* all bits together must be <= 16 (EFI_QUESTION_ID is UINT16)
@@ -61,32 +60,32 @@ typedef struct {
* | |-----------------------| |---------------------------|
* FLG INDEX ID
*/
#define HII_KEY_ID_BITS 8
#define HII_KEY_INDEX_BITS 7
#define HII_KEY_FLAG_BITS 1
#define HII_KEY_ID_BITS 8
#define HII_KEY_INDEX_BITS 7
#define HII_KEY_FLAG_BITS 1
#define HII_KEY_FLAG 0x8000 // bit 15 (zero based)
#define HII_KEY_FLAG 0x8000 // bit 15 (zero based)
/***********/
/* Key IDs */
/***********/
#define HII_KEY_ID_GOTO_DISK_INFO 1
#define HII_KEY_ID_GOTO_DISK_INFO 1
#define HII_KEY_ID_VAR_SUPPORTED_DISKS 2
#define HII_KEY_ID_VAR_SELECTED_DISK_AVAILABLE_ACTIONS 3
#define HII_KEY_ID_BLOCKSID 4
#define HII_KEY_ID_SET_ADMIN_PWD 5
#define HII_KEY_ID_SET_USER_PWD 6
#define HII_KEY_ID_SECURE_ERASE 7
#define HII_KEY_ID_REVERT 8
#define HII_KEY_ID_KEEP_USER_DATA 9
#define HII_KEY_ID_PSID_REVERT 0xA
#define HII_KEY_ID_DISABLE_USER 0xB
#define HII_KEY_ID_ENABLE_FEATURE 0xC
#define HII_KEY_ID_BLOCKSID 4
#define HII_KEY_ID_SET_ADMIN_PWD 5
#define HII_KEY_ID_SET_USER_PWD 6
#define HII_KEY_ID_SECURE_ERASE 7
#define HII_KEY_ID_REVERT 8
#define HII_KEY_ID_KEEP_USER_DATA 9
#define HII_KEY_ID_PSID_REVERT 0xA
#define HII_KEY_ID_DISABLE_USER 0xB
#define HII_KEY_ID_ENABLE_FEATURE 0xC
#define HII_KEY_ID_MAX 0xC // !!Update each time a new ID is added!!
#define HII_KEY_ID_MAX 0xC // !!Update each time a new ID is added!!
#define HII_KEY_WITH_INDEX(id, index) \
( \
@@ -95,15 +94,14 @@ typedef struct {
((index) << HII_KEY_ID_BITS) \
)
#define HII_KEY(id) HII_KEY_WITH_INDEX(id, 0)
#define HII_KEY(id) HII_KEY_WITH_INDEX(id, 0)
#define PACKAGE_LIST_GUID { 0xf0308176, 0x9058, 0x4153, { 0x93, 0x3d, 0xda, 0x2f, 0xdc, 0xc8, 0x3e, 0x44 } }
#define PACKAGE_LIST_GUID { 0xf0308176, 0x9058, 0x4153, { 0x93, 0x3d, 0xda, 0x2f, 0xdc, 0xc8, 0x3e, 0x44 } }
/* {410483CF-F4F9-4ece-848A-1958FD31CEB7} */
#define SETUP_FORMSET_GUID { 0x410483cf, 0xf4f9, 0x4ece, { 0x84, 0x8a, 0x19, 0x58, 0xfd, 0x31, 0xce, 0xb7 } }
#define SETUP_FORMSET_GUID { 0x410483cf, 0xf4f9, 0x4ece, { 0x84, 0x8a, 0x19, 0x58, 0xfd, 0x31, 0xce, 0xb7 } }
// {BBF1ACD2-28D8-44ea-A291-58A237FEDF1A}
#define SETUP_VARIABLE_GUID { 0xbbf1acd2, 0x28d8, 0x44ea, { 0xa2, 0x91, 0x58, 0xa2, 0x37, 0xfe, 0xdf, 0x1a } }
#define SETUP_VARIABLE_GUID { 0xbbf1acd2, 0x28d8, 0x44ea, { 0xa2, 0x91, 0x58, 0xa2, 0x37, 0xfe, 0xdf, 0x1a } }
#endif //_HII_FORM_VALUES_H_

18
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordCommon.h
View File

@@ -9,18 +9,18 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#ifndef _OPAL_PASSWORD_COMMON_H_
#define _OPAL_PASSWORD_COMMON_H_
#define OPAL_MAX_PASSWORD_SIZE 32
#define OPAL_MAX_PASSWORD_SIZE 32
#define OPAL_DEVICE_TYPE_UNKNOWN 0x0
#define OPAL_DEVICE_TYPE_ATA 0x1
#define OPAL_DEVICE_TYPE_NVME 0x2
#define OPAL_DEVICE_TYPE_UNKNOWN 0x0
#define OPAL_DEVICE_TYPE_ATA 0x1
#define OPAL_DEVICE_TYPE_NVME 0x2
typedef struct {
UINT16 Segment;
UINT8 Bus;
UINT8 Device;
UINT8 Function;
UINT8 Reserved;
UINT16 Segment;
UINT8 Bus;
UINT8 Device;
UINT8 Function;
UINT8 Reserved;
} OPAL_PCI_DEVICE;
typedef struct {

148
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c
View File

@@ -8,8 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "OpalPasswordPei.h"
EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID;
EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID;
/**
Send a security protocol command to a device that receives data and/or the result
@@ -86,17 +85,17 @@ EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID;
EFI_STATUS
EFIAPI
SecurityReceiveData (
IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
IN UINT32 MediaId,
IN UINT64 Timeout,
IN UINT8 SecurityProtocolId,
IN UINT16 SecurityProtocolSpecificData,
IN UINTN PayloadBufferSize,
OUT VOID *PayloadBuffer,
OUT UINTN *PayloadTransferSize
IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
IN UINT32 MediaId,
IN UINT64 Timeout,
IN UINT8 SecurityProtocolId,
IN UINT16 SecurityProtocolSpecificData,
IN UINTN PayloadBufferSize,
OUT VOID *PayloadBuffer,
OUT UINTN *PayloadTransferSize
)
{
OPAL_PEI_DEVICE *PeiDev;
OPAL_PEI_DEVICE *PeiDev;
PeiDev = OPAL_PEI_DEVICE_FROM_THIS (This);
if (PeiDev == NULL) {
@@ -179,16 +178,16 @@ SecurityReceiveData (
EFI_STATUS
EFIAPI
SecuritySendData (
IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
IN UINT32 MediaId,
IN UINT64 Timeout,
IN UINT8 SecurityProtocolId,
IN UINT16 SecurityProtocolSpecificData,
IN UINTN PayloadBufferSize,
IN VOID *PayloadBuffer
IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This,
IN UINT32 MediaId,
IN UINT64 Timeout,
IN UINT8 SecurityProtocolId,
IN UINT16 SecurityProtocolSpecificData,
IN UINTN PayloadBufferSize,
IN VOID *PayloadBuffer
)
{
OPAL_PEI_DEVICE *PeiDev;
OPAL_PEI_DEVICE *PeiDev;
PeiDev = OPAL_PEI_DEVICE_FROM_THIS (This);
if (PeiDev == NULL) {
@@ -217,18 +216,18 @@ SecuritySendData (
**/
BOOLEAN
IsOpalDeviceLocked(
OPAL_PEI_DEVICE *OpalDev,
BOOLEAN *BlockSidSupported
IsOpalDeviceLocked (
OPAL_PEI_DEVICE *OpalDev,
BOOLEAN *BlockSidSupported
)
{
OPAL_SESSION Session;
OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes;
TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature;
UINT16 OpalBaseComId;
TCG_RESULT Ret;
OPAL_SESSION Session;
OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes;
TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature;
UINT16 OpalBaseComId;
TCG_RESULT Ret;
Session.Sscp = &OpalDev->Sscp;
Session.Sscp = &OpalDev->Sscp;
Session.MediaId = 0;
Ret = OpalGetSupportedAttributesInfo (&Session, &SupportedAttributes, &OpalBaseComId);
@@ -236,10 +235,10 @@ IsOpalDeviceLocked(
return FALSE;
}
Session.OpalBaseComId = OpalBaseComId;
*BlockSidSupported = SupportedAttributes.BlockSid == 1 ? TRUE : FALSE;
Session.OpalBaseComId = OpalBaseComId;
*BlockSidSupported = SupportedAttributes.BlockSid == 1 ? TRUE : FALSE;
Ret = OpalGetLockingInfo(&Session, &LockingFeature);
Ret = OpalGetLockingInfo (&Session, &LockingFeature);
if (Ret != TcgResultSuccess) {
return FALSE;
}
@@ -255,20 +254,20 @@ IsOpalDeviceLocked(
**/
VOID
UnlockOpalPassword (
IN OPAL_PEI_DEVICE *OpalDev
IN OPAL_PEI_DEVICE *OpalDev
)
{
TCG_RESULT Result;
OPAL_SESSION Session;
BOOLEAN BlockSidSupport;
UINT32 PpStorageFlags;
BOOLEAN BlockSIDEnabled;
TCG_RESULT Result;
OPAL_SESSION Session;
BOOLEAN BlockSidSupport;
UINT32 PpStorageFlags;
BOOLEAN BlockSIDEnabled;
BlockSidSupport = FALSE;
if (IsOpalDeviceLocked (OpalDev, &BlockSidSupport)) {
ZeroMem(&Session, sizeof (Session));
Session.Sscp = &OpalDev->Sscp;
Session.MediaId = 0;
ZeroMem (&Session, sizeof (Session));
Session.Sscp = &OpalDev->Sscp;
Session.MediaId = 0;
Session.OpalBaseComId = OpalDev->Device->OpalBaseComId;
Result = OpalUtilUpdateGlobalLockingRange (
@@ -292,13 +291,14 @@ UnlockOpalPassword (
} else {
BlockSIDEnabled = FALSE;
}
if (BlockSIDEnabled && BlockSidSupport) {
DEBUG ((DEBUG_INFO, "OpalPassword: S3 phase send BlockSid command to device!\n"));
ZeroMem(&Session, sizeof (Session));
Session.Sscp = &OpalDev->Sscp;
Session.MediaId = 0;
ZeroMem (&Session, sizeof (Session));
Session.Sscp = &OpalDev->Sscp;
Session.MediaId = 0;
Session.OpalBaseComId = OpalDev->Device->OpalBaseComId;
Result = OpalBlockSid (&Session, TRUE);
Result = OpalBlockSid (&Session, TRUE);
DEBUG ((
DEBUG_INFO,
"%a() OpalBlockSid() Result = 0x%x\n",
@@ -316,33 +316,34 @@ UnlockOpalPassword (
**/
VOID
UnlockOpalPasswordDevices (
IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *SscPpi
IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *SscPpi
)
{
EFI_STATUS Status;
UINT8 *DevInfoBuffer;
UINT8 DummyData;
OPAL_DEVICE_LOCKBOX_DATA *DevInfo;
UINTN DevInfoLength;
EFI_DEVICE_PATH_PROTOCOL *SscDevicePath;
UINTN SscDevicePathLength;
UINTN SscDeviceNum;
UINTN SscDeviceIndex;
OPAL_PEI_DEVICE OpalDev;
EFI_STATUS Status;
UINT8 *DevInfoBuffer;
UINT8 DummyData;
OPAL_DEVICE_LOCKBOX_DATA *DevInfo;
UINTN DevInfoLength;
EFI_DEVICE_PATH_PROTOCOL *SscDevicePath;
UINTN SscDevicePathLength;
UINTN SscDeviceNum;
UINTN SscDeviceIndex;
OPAL_PEI_DEVICE OpalDev;
//
// Get OPAL devices info from LockBox.
//
DevInfoBuffer = &DummyData;
DevInfoLength = sizeof (DummyData);
Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength);
Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength);
if (Status == EFI_BUFFER_TOO_SMALL) {
DevInfoBuffer = AllocatePages (EFI_SIZE_TO_PAGES (DevInfoLength));
if (DevInfoBuffer != NULL) {
Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength);
}
}
if (DevInfoBuffer == NULL || DevInfoBuffer == &DummyData) {
if ((DevInfoBuffer == NULL) || (DevInfoBuffer == &DummyData)) {
return;
} else if (EFI_ERROR (Status)) {
FreePages (DevInfoBuffer, EFI_SIZE_TO_PAGES (DevInfoLength));
@@ -356,6 +357,7 @@ UnlockOpalPasswordDevices (
if (EFI_ERROR (Status)) {
goto Exit;
}
for (SscDeviceIndex = 1; SscDeviceIndex <= SscDeviceNum; SscDeviceIndex++) {
Status = SscPpi->GetDevicePath (
SscPpi,
@@ -373,9 +375,10 @@ UnlockOpalPasswordDevices (
//
// Search the device in the restored LockBox.
//
for (DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *) DevInfoBuffer;
(UINTN) DevInfo < ((UINTN) DevInfoBuffer + DevInfoLength);
DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *) ((UINTN) DevInfo + DevInfo->Length)) {
for (DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *)DevInfoBuffer;
(UINTN)DevInfo < ((UINTN)DevInfoBuffer + DevInfoLength);
DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *)((UINTN)DevInfo + DevInfo->Length))
{
//
// Find the matching device.
//
@@ -383,7 +386,9 @@ UnlockOpalPasswordDevices (
(CompareMem (
DevInfo->DevicePath,
SscDevicePath,
SscDevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) {
SscDevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)
) == 0))
{
OpalDev.Signature = OPAL_PEI_DEVICE_SIGNATURE;
OpalDev.Sscp.ReceiveData = SecurityReceiveData;
OpalDev.Sscp.SendData = SecuritySendData;
@@ -400,7 +405,6 @@ UnlockOpalPasswordDevices (
Exit:
ZeroMem (DevInfoBuffer, DevInfoLength);
FreePages (DevInfoBuffer, EFI_SIZE_TO_PAGES (DevInfoLength));
}
/**
@@ -418,28 +422,26 @@ Exit:
EFI_STATUS
EFIAPI
OpalPasswordStorageSecurityPpiNotify (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc,
IN VOID *Ppi
)
{
DEBUG ((DEBUG_INFO, "%a entered at S3 resume!\n", __FUNCTION__));
UnlockOpalPasswordDevices ((EDKII_PEI_STORAGE_SECURITY_CMD_PPI *) Ppi);
UnlockOpalPasswordDevices ((EDKII_PEI_STORAGE_SECURITY_CMD_PPI *)Ppi);
DEBUG ((DEBUG_INFO, "%a exit at S3 resume!\n", __FUNCTION__));
return EFI_SUCCESS;
}
EFI_PEI_NOTIFY_DESCRIPTOR mOpalPasswordStorageSecurityPpiNotifyDesc = {
EFI_PEI_NOTIFY_DESCRIPTOR mOpalPasswordStorageSecurityPpiNotifyDesc = {
(EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEdkiiPeiStorageSecurityCommandPpiGuid,
OpalPasswordStorageSecurityPpiNotify
};
/**
Main entry for this module.
@@ -452,12 +454,12 @@ EFI_PEI_NOTIFY_DESCRIPTOR mOpalPasswordStorageSecurityPpiNotifyDesc = {
EFI_STATUS
EFIAPI
OpalPasswordPeiInit (
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
EFI_STATUS Status;
EFI_BOOT_MODE BootMode;
EFI_STATUS Status;
EFI_BOOT_MODE BootMode;
Status = PeiServicesGetBootMode (&BootMode);
if ((EFI_ERROR (Status)) || (BootMode != BOOT_ON_S3_RESUME)) {

6
SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.h
View File

@@ -31,16 +31,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "OpalPasswordCommon.h"
//
// The generic command timeout value (unit in us) for Storage Security Command
// PPI ReceiveData/SendData services
//
#define SSC_PPI_GENERIC_TIMEOUT 30000000
#define SSC_PPI_GENERIC_TIMEOUT 30000000
#pragma pack(1)
#define OPAL_PEI_DEVICE_SIGNATURE SIGNATURE_32 ('o', 'p', 'd', 's')
#define OPAL_PEI_DEVICE_SIGNATURE SIGNATURE_32 ('o', 'p', 'd', 's')
typedef struct {
UINTN Signature;
@@ -57,4 +56,3 @@ typedef struct {
#pragma pack()
#endif // _OPAL_PASSWORD_PEI_H_

36
SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c
View File

@@ -27,17 +27,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
BOOLEAN
EFIAPI
LockTpmPhysicalPresence (
IN CONST EFI_PEI_SERVICES **PeiServices
IN CONST EFI_PEI_SERVICES **PeiServices
);
//
// Global definitions for lock physical presence PPI and its descriptor.
//
PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = {
PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = {
LockTpmPhysicalPresence
};
EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = {
EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = {
EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
&gPeiLockPhysicalPresencePpiGuid,
&mLockPhysicalPresencePpi
@@ -55,13 +55,13 @@ EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = {
BOOLEAN
EFIAPI
LockTpmPhysicalPresence (
IN CONST EFI_PEI_SERVICES **PeiServices
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
EFI_STATUS Status;
EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable;
UINTN DataSize;
EFI_PHYSICAL_PRESENCE TcgPpData;
EFI_STATUS Status;
EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable;
UINTN DataSize;
EFI_PHYSICAL_PRESENCE TcgPpData;
//
// The CRTM has sensed the physical presence assertion of the user. For example,
@@ -85,14 +85,14 @@ LockTpmPhysicalPresence (
);
if (!EFI_ERROR (Status)) {
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = Variable->GetVariable (
Variable,
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&TcgPpData
);
Status = Variable->GetVariable (
Variable,
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&TcgPpData
);
if (!EFI_ERROR (Status)) {
if (TcgPpData.PPRequest != 0) {
return FALSE;
@@ -120,8 +120,8 @@ LockTpmPhysicalPresence (
EFI_STATUS
EFIAPI
PeimEntry (
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList);

383
SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c
View File

@@ -43,19 +43,19 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// Physical Presence Interface Version supported by Platform
//
#define PHYSICAL_PRESENCE_VERSION_TAG "$PV"
#define PHYSICAL_PRESENCE_VERSION_SIZE 4
#define PHYSICAL_PRESENCE_VERSION_TAG "$PV"
#define PHYSICAL_PRESENCE_VERSION_SIZE 4
//
// PNP _HID for TPM2 device
//
#define TPM_HID_TAG "NNNN0000"
#define TPM_HID_PNP_SIZE 8
#define TPM_HID_ACPI_SIZE 9
#define TPM_HID_TAG "NNNN0000"
#define TPM_HID_PNP_SIZE 8
#define TPM_HID_ACPI_SIZE 9
#define TPM_PRS_RESL "RESL"
#define TPM_PRS_RESS "RESS"
#define TPM_PRS_RES_NAME_SIZE 4
#define TPM_PRS_RESL "RESL"
#define TPM_PRS_RESS "RESS"
#define TPM_PRS_RES_NAME_SIZE 4
//
// Minimum PRS resource template size
// 1 byte for BufferOp
@@ -65,27 +65,27 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// 5 bytes for Interrupt descriptor
// 2 bytes for END Tag
//
#define TPM_POS_RES_TEMPLATE_MIN_SIZE (1 + 1 + 2 + 12 + 5 + 2)
#define TPM_POS_RES_TEMPLATE_MIN_SIZE (1 + 1 + 2 + 12 + 5 + 2)
//
// Max Interrupt buffer size for PRS interrupt resource
// Now support 15 interrupts in maxmum
//
#define MAX_PRS_INT_BUF_SIZE (15*4)
#define MAX_PRS_INT_BUF_SIZE (15*4)
#pragma pack(1)
typedef struct {
EFI_ACPI_DESCRIPTION_HEADER Header;
EFI_ACPI_DESCRIPTION_HEADER Header;
// Flags field is replaced in version 4 and above
// BIT0~15: PlatformClass This field is only valid for version 4 and above
// BIT16~31: Reserved
UINT32 Flags;
UINT64 AddressOfControlArea;
UINT32 StartMethod;
UINT8 PlatformSpecificParameters[12]; // size up to 12
UINT32 Laml; // Optional
UINT64 Lasa; // Optional
UINT32 Flags;
UINT64 AddressOfControlArea;
UINT32 StartMethod;
UINT8 PlatformSpecificParameters[12]; // size up to 12
UINT32 Laml; // Optional
UINT64 Lasa; // Optional
} EFI_TPM2_ACPI_TABLE_V4;
#pragma pack()
@@ -102,11 +102,11 @@ EFI_TPM2_ACPI_TABLE_V4 mTpm2AcpiTemplate = {
},
0, // BIT0~15: PlatformClass
// BIT16~31: Reserved
0, // Control Area
0, // Control Area
EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod
};
TCG_NVS *mTcgNvs;
TCG_NVS *mTcgNvs;
/**
Find the operation region in TCG ACPI table by given Name and Size,
@@ -121,43 +121,45 @@ TCG_NVS *mTcgNvs;
**/
VOID *
AssignOpRegion (
EFI_ACPI_DESCRIPTION_HEADER *Table,
UINT32 Name,
UINT16 Size
EFI_ACPI_DESCRIPTION_HEADER *Table,
UINT32 Name,
UINT16 Size
)
{
EFI_STATUS Status;
AML_OP_REGION_32_8 *OpRegion;
EFI_PHYSICAL_ADDRESS MemoryAddress;
EFI_STATUS Status;
AML_OP_REGION_32_8 *OpRegion;
EFI_PHYSICAL_ADDRESS MemoryAddress;
MemoryAddress = SIZE_4GB - 1;
//
// Patch some pointers for the ASL code before loading the SSDT.
//
for (OpRegion = (AML_OP_REGION_32_8 *) (Table + 1);
OpRegion <= (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Length);
OpRegion = (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) {
for (OpRegion = (AML_OP_REGION_32_8 *)(Table + 1);
OpRegion <= (AML_OP_REGION_32_8 *)((UINT8 *)Table + Table->Length);
OpRegion = (AML_OP_REGION_32_8 *)((UINT8 *)OpRegion + 1))
{
if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) &&
(OpRegion->NameString == Name) &&
(OpRegion->DWordPrefix == AML_DWORD_PREFIX) &&
(OpRegion->BytePrefix == AML_BYTE_PREFIX)) {
Status = gBS->AllocatePages(AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress);
(OpRegion->BytePrefix == AML_BYTE_PREFIX))
{
Status = gBS->AllocatePages (AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress);
ASSERT_EFI_ERROR (Status);
ZeroMem ((VOID *)(UINTN)MemoryAddress, Size);
OpRegion->RegionOffset = (UINT32) (UINTN) MemoryAddress;
OpRegion->RegionLen = (UINT8) Size;
OpRegion->RegionOffset = (UINT32)(UINTN)MemoryAddress;
OpRegion->RegionLen = (UINT8)Size;
// Request to unblock this region from MM core
Status = MmUnblockMemoryRequest (MemoryAddress, EFI_SIZE_TO_PAGES (Size));
if (Status != EFI_UNSUPPORTED && EFI_ERROR (Status)) {
if ((Status != EFI_UNSUPPORTED) && EFI_ERROR (Status)) {
ASSERT_EFI_ERROR (Status);
}
break;
}
}
return (VOID *) (UINTN) MemoryAddress;
return (VOID *)(UINTN)MemoryAddress;
}
/**
@@ -172,17 +174,17 @@ AssignOpRegion (
EFI_STATUS
EFIAPI
ExchangeCommonBuffer (
IN OUT TCG_NVS *TcgNvs
)
IN OUT TCG_NVS *TcgNvs
)
{
EFI_STATUS Status;
EFI_MM_COMMUNICATION_PROTOCOL *MmCommunication;
EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *PiSmmCommunicationRegionTable;
EFI_MEMORY_DESCRIPTOR *MmCommMemRegion;
EFI_MM_COMMUNICATE_HEADER *CommHeader;
TPM_NVS_MM_COMM_BUFFER *CommBuffer;
UINTN CommBufferSize;
UINTN Index;
EFI_STATUS Status;
EFI_MM_COMMUNICATION_PROTOCOL *MmCommunication;
EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *PiSmmCommunicationRegionTable;
EFI_MEMORY_DESCRIPTOR *MmCommMemRegion;
EFI_MM_COMMUNICATE_HEADER *CommHeader;
TPM_NVS_MM_COMM_BUFFER *CommBuffer;
UINTN CommBufferSize;
UINTN Index;
// Step 0: Sanity check for input argument
if (TcgNvs == NULL) {
@@ -191,15 +193,15 @@ ExchangeCommonBuffer (
}
// Step 1: Grab the common buffer header
Status = EfiGetSystemConfigurationTable (&gEdkiiPiSmmCommunicationRegionTableGuid, (VOID**) &PiSmmCommunicationRegionTable);
Status = EfiGetSystemConfigurationTable (&gEdkiiPiSmmCommunicationRegionTableGuid, (VOID **)&PiSmmCommunicationRegionTable);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a - Failed to locate SMM communciation common buffer - %r!\n", __FUNCTION__, Status));
return Status;
}
// Step 2: Grab one that is large enough to hold TPM_NVS_MM_COMM_BUFFER, the IPL one should be sufficient
CommBufferSize = 0;
MmCommMemRegion = (EFI_MEMORY_DESCRIPTOR*) (PiSmmCommunicationRegionTable + 1);
CommBufferSize = 0;
MmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *)(PiSmmCommunicationRegionTable + 1);
for (Index = 0; Index < PiSmmCommunicationRegionTable->NumberOfEntries; Index++) {
if (MmCommMemRegion->Type == EfiConventionalMemory) {
CommBufferSize = EFI_PAGES_TO_SIZE ((UINTN)MmCommMemRegion->NumberOfPages);
@@ -207,7 +209,8 @@ ExchangeCommonBuffer (
break;
}
}
MmCommMemRegion = (EFI_MEMORY_DESCRIPTOR*)((UINT8*)MmCommMemRegion + PiSmmCommunicationRegionTable->DescriptorSize);
MmCommMemRegion = (EFI_MEMORY_DESCRIPTOR *)((UINT8 *)MmCommMemRegion + PiSmmCommunicationRegionTable->DescriptorSize);
}
if (Index >= PiSmmCommunicationRegionTable->NumberOfEntries) {
@@ -218,24 +221,23 @@ ExchangeCommonBuffer (
// Step 3: Start to populate contents
// Step 3.1: MM Communication common header
CommHeader = (EFI_MM_COMMUNICATE_HEADER *) (UINTN) MmCommMemRegion->PhysicalStart;
CommHeader = (EFI_MM_COMMUNICATE_HEADER *)(UINTN)MmCommMemRegion->PhysicalStart;
CommBufferSize = sizeof (TPM_NVS_MM_COMM_BUFFER) + OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data);
ZeroMem (CommHeader, CommBufferSize);
CopyGuid (&CommHeader->HeaderGuid, &gTpmNvsMmGuid);
CommHeader->MessageLength = sizeof (TPM_NVS_MM_COMM_BUFFER);
// Step 3.2: TPM_NVS_MM_COMM_BUFFER content per our needs
CommBuffer = (TPM_NVS_MM_COMM_BUFFER *) (CommHeader->Data);
CommBuffer->Function = TpmNvsMmExchangeInfo;
CommBuffer->TargetAddress = (EFI_PHYSICAL_ADDRESS) (UINTN) TcgNvs;
CommBuffer = (TPM_NVS_MM_COMM_BUFFER *)(CommHeader->Data);
CommBuffer->Function = TpmNvsMmExchangeInfo;
CommBuffer->TargetAddress = (EFI_PHYSICAL_ADDRESS)(UINTN)TcgNvs;
// Step 4: Locate the protocol and signal Mmi.
Status = gBS->LocateProtocol (&gEfiMmCommunicationProtocolGuid, NULL, (VOID**) &MmCommunication);
Status = gBS->LocateProtocol (&gEfiMmCommunicationProtocolGuid, NULL, (VOID **)&MmCommunication);
if (!EFI_ERROR (Status)) {
Status = MmCommunication->Communicate (MmCommunication, CommHeader, &CommBufferSize);
DEBUG ((DEBUG_INFO, "%a - Communicate() = %r\n", __FUNCTION__, Status));
}
else {
} else {
DEBUG ((DEBUG_ERROR, "%a - Failed to locate MmCommunication protocol - %r\n", __FUNCTION__, Status));
return Status;
}
@@ -243,8 +245,8 @@ ExchangeCommonBuffer (
// Step 5: If everything goes well, populate the channel number
if (!EFI_ERROR (CommBuffer->ReturnStatus)) {
// Need to demote to UINT8 according to SMI value definition
TcgNvs->PhysicalPresence.SoftwareSmi = (UINT8) CommBuffer->RegisteredPpSwiValue;
TcgNvs->MemoryClear.SoftwareSmi = (UINT8) CommBuffer->RegisteredMcSwiValue;
TcgNvs->PhysicalPresence.SoftwareSmi = (UINT8)CommBuffer->RegisteredPpSwiValue;
TcgNvs->MemoryClear.SoftwareSmi = (UINT8)CommBuffer->RegisteredMcSwiValue;
DEBUG ((
DEBUG_INFO,
"%a Communication returned software SMI value. PP: 0x%x; MC: 0x%x.\n",
@@ -254,7 +256,7 @@ ExchangeCommonBuffer (
));
}
return (EFI_STATUS) CommBuffer->ReturnStatus;
return (EFI_STATUS)CommBuffer->ReturnStatus;
}
/**
@@ -269,8 +271,8 @@ ACPI table is "$PV".
**/
EFI_STATUS
UpdatePPVersion (
EFI_ACPI_DESCRIPTION_HEADER *Table,
CHAR8 *PPVer
EFI_ACPI_DESCRIPTION_HEADER *Table,
CHAR8 *PPVer
)
{
EFI_STATUS Status;
@@ -280,11 +282,12 @@ UpdatePPVersion (
// Patch some pointers for the ASL code before loading the SSDT.
//
for (DataPtr = (UINT8 *)(Table + 1);
DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - PHYSICAL_PRESENCE_VERSION_SIZE);
DataPtr += 1) {
if (AsciiStrCmp((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_TAG) == 0) {
Status = AsciiStrCpyS((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_SIZE, PPVer);
DEBUG((DEBUG_INFO, "TPM2 Physical Presence Interface Version update status 0x%x\n", Status));
DataPtr <= (UINT8 *)((UINT8 *)Table + Table->Length - PHYSICAL_PRESENCE_VERSION_SIZE);
DataPtr += 1)
{
if (AsciiStrCmp ((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_TAG) == 0) {
Status = AsciiStrCpyS ((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_SIZE, PPVer);
DEBUG ((DEBUG_INFO, "TPM2 Physical Presence Interface Version update status 0x%x\n", Status));
return Status;
}
}
@@ -306,16 +309,16 @@ UpdatePPVersion (
**/
EFI_STATUS
UpdatePossibleResource (
IN OUT EFI_ACPI_DESCRIPTION_HEADER *Table,
IN UINT32 *IrqBuffer,
IN UINT32 IrqBuffserSize,
OUT BOOLEAN *IsShortFormPkgLength
IN OUT EFI_ACPI_DESCRIPTION_HEADER *Table,
IN UINT32 *IrqBuffer,
IN UINT32 IrqBuffserSize,
OUT BOOLEAN *IsShortFormPkgLength
)
{
UINT8 *DataPtr;
UINT8 *DataEndPtr;
UINT32 NewPkgLength;
UINT32 OrignalPkgLength;
UINT8 *DataPtr;
UINT8 *DataEndPtr;
UINT32 NewPkgLength;
UINT32 OrignalPkgLength;
NewPkgLength = 0;
OrignalPkgLength = 0;
@@ -345,24 +348,25 @@ UpdatePossibleResource (
// <bit 5-4: Only used if PkgLength <= 63 >
// <bit 3-0: Least significant package length nybble>
//
//==============BufferSize==================
// ==============BufferSize==================
// BufferSize := Integer
// Integer := ByteConst|WordConst|DwordConst....
//
// ByteConst := BytePrefix ByteData
//
//==============ByteList===================
// ==============ByteList===================
// ByteList := ByteData ByteList
//
//=========================================
// =========================================
//
// 1. Check TPM_PRS_RESS with PkgLength <=63 can hold the input interrupt number buffer for patching
//
for (DataPtr = (UINT8 *)(Table + 1);
DataPtr < (UINT8 *) ((UINT8 *) Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE));
DataPtr += 1) {
if (CompareMem(DataPtr, TPM_PRS_RESS, TPM_PRS_RES_NAME_SIZE) == 0) {
DataPtr < (UINT8 *)((UINT8 *)Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE));
DataPtr += 1)
{
if (CompareMem (DataPtr, TPM_PRS_RESS, TPM_PRS_RES_NAME_SIZE) == 0) {
//
// Jump over object name & BufferOp
//
@@ -387,11 +391,11 @@ UpdatePossibleResource (
} else if (*(DataPtr + 1) == AML_DWORD_PREFIX) {
NewPkgLength += 5;
} else {
ASSERT(FALSE);
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
} else {
ASSERT(FALSE);
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
@@ -404,7 +408,7 @@ UpdatePossibleResource (
}
if (NewPkgLength > OrignalPkgLength) {
ASSERT(FALSE);
ASSERT (FALSE);
return EFI_INVALID_PARAMETER;
}
@@ -435,9 +439,10 @@ UpdatePossibleResource (
NewPkgLength = 0;
OrignalPkgLength = 0;
for (DataPtr = (UINT8 *)(Table + 1);
DataPtr < (UINT8 *) ((UINT8 *) Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE));
DataPtr += 1) {
if (CompareMem(DataPtr, TPM_PRS_RESL, TPM_PRS_RES_NAME_SIZE) == 0) {
DataPtr < (UINT8 *)((UINT8 *)Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE));
DataPtr += 1)
{
if (CompareMem (DataPtr, TPM_PRS_RESL, TPM_PRS_RES_NAME_SIZE) == 0) {
//
// Jump over object name & BufferOp
//
@@ -461,11 +466,11 @@ UpdatePossibleResource (
} else if (*(DataPtr + NewPkgLength) == AML_DWORD_PREFIX) {
NewPkgLength += 5;
} else {
ASSERT(FALSE);
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
} else {
ASSERT(FALSE);
ASSERT (FALSE);
return EFI_UNSUPPORTED;
}
@@ -475,14 +480,14 @@ UpdatePossibleResource (
NewPkgLength += 19 + IrqBuffserSize;
if (NewPkgLength > OrignalPkgLength) {
ASSERT(FALSE);
ASSERT (FALSE);
return EFI_INVALID_PARAMETER;
}
//
// 2.1 Patch PkgLength. Only patch PkgLeadByte and first ByteData
//
*DataPtr = (UINT8)((*DataPtr) & 0xF0) | (NewPkgLength & 0x0F);
*DataPtr = (UINT8)((*DataPtr) & 0xF0) | (NewPkgLength & 0x0F);
*(DataPtr + 1) = (UINT8)((NewPkgLength & 0xFF0) >> 4);
//
@@ -500,7 +505,7 @@ UpdatePossibleResource (
}
}
if (DataPtr >= (UINT8 *) ((UINT8 *) Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE))) {
if (DataPtr >= (UINT8 *)((UINT8 *)Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE))) {
return EFI_NOT_FOUND;
}
@@ -516,11 +521,11 @@ UpdatePossibleResource (
//
// 3.2 Patch Interrupt Table Length
//
*(DataPtr + 4) = (UINT8)(IrqBuffserSize / sizeof(UINT32));
*(DataPtr + 4) = (UINT8)(IrqBuffserSize / sizeof (UINT32));
//
// 3.3 Copy patched InterruptNumBuffer
//
CopyMem(DataPtr + 5, IrqBuffer, IrqBuffserSize);
CopyMem (DataPtr + 5, IrqBuffer, IrqBuffserSize);
//
// 4. Jump over Interrupt descriptor and Patch END Tag, set Checksum field to 0
@@ -534,7 +539,7 @@ UpdatePossibleResource (
//
DataPtr += 2;
if (DataPtr < DataEndPtr) {
SetMem(DataPtr, (UINTN)DataEndPtr - (UINTN)DataPtr, AML_NOOP_OP);
SetMem (DataPtr, (UINTN)DataEndPtr - (UINTN)DataPtr, AML_NOOP_OP);
}
return EFI_SUCCESS;
@@ -550,7 +555,7 @@ UpdatePossibleResource (
**/
EFI_STATUS
UpdateHID (
EFI_ACPI_DESCRIPTION_HEADER *Table
EFI_ACPI_DESCRIPTION_HEADER *Table
)
{
EFI_STATUS Status;
@@ -566,54 +571,53 @@ UpdateHID (
//
// Initialize HID with Default PNP string
//
ZeroMem(Hid, TPM_HID_ACPI_SIZE);
ZeroMem (Hid, TPM_HID_ACPI_SIZE);
//
// Get Manufacturer ID
//
Status = Tpm2GetCapabilityManufactureID(&ManufacturerID);
if (!EFI_ERROR(Status)) {
DEBUG((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID));
Status = Tpm2GetCapabilityManufactureID (&ManufacturerID);
if (!EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID));
//
// ManufacturerID defined in TCG Vendor ID Registry
// may tailed with 0x00 or 0x20
//
if ((ManufacturerID >> 24) == 0x00 || ((ManufacturerID >> 24) == 0x20)) {
if (((ManufacturerID >> 24) == 0x00) || ((ManufacturerID >> 24) == 0x20)) {
//
// HID containing PNP ID "NNN####"
// NNN is uppercase letter for Vendor ID specified by manufacturer
//
CopyMem(Hid, &ManufacturerID, 3);
CopyMem (Hid, &ManufacturerID, 3);
} else {
//
// HID containing ACP ID "NNNN####"
// NNNN is uppercase letter for Vendor ID specified by manufacturer
//
CopyMem(Hid, &ManufacturerID, 4);
CopyMem (Hid, &ManufacturerID, 4);
PnpHID = FALSE;
}
} else {
DEBUG ((DEBUG_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", Status));
ASSERT(FALSE);
ASSERT (FALSE);
return Status;
}
Status = Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1, &FirmwareVersion2);
if (!EFI_ERROR(Status)) {
DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1));
DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2));
Status = Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &FirmwareVersion2);
if (!EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1));
DEBUG ((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2));
//
// #### is Firmware Version 1
//
if (PnpHID) {
AsciiSPrint(Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF));
AsciiSPrint (Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF));
} else {
AsciiSPrint(Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF));
AsciiSPrint (Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF));
}
} else {
DEBUG ((DEBUG_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", Status));
ASSERT(FALSE);
ASSERT (FALSE);
return Status;
}
@@ -621,26 +625,27 @@ UpdateHID (
// Patch HID in ASL code before loading the SSDT.
//
for (DataPtr = (UINT8 *)(Table + 1);
DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - TPM_HID_PNP_SIZE);
DataPtr += 1) {
if (AsciiStrCmp((CHAR8 *)DataPtr, TPM_HID_TAG) == 0) {
DataPtr <= (UINT8 *)((UINT8 *)Table + Table->Length - TPM_HID_PNP_SIZE);
DataPtr += 1)
{
if (AsciiStrCmp ((CHAR8 *)DataPtr, TPM_HID_TAG) == 0) {
if (PnpHID) {
CopyMem(DataPtr, Hid, TPM_HID_PNP_SIZE);
CopyMem (DataPtr, Hid, TPM_HID_PNP_SIZE);
//
// if HID is PNP ID, patch the last byte in HID TAG to Noop
//
*(DataPtr + TPM_HID_PNP_SIZE) = AML_NOOP_OP;
} else {
CopyMem(DataPtr, Hid, TPM_HID_ACPI_SIZE);
CopyMem (DataPtr, Hid, TPM_HID_ACPI_SIZE);
}
DEBUG((DEBUG_INFO, "TPM2 ACPI _HID is patched to %a\n", DataPtr));
DEBUG ((DEBUG_INFO, "TPM2 ACPI _HID is patched to %a\n", DataPtr));
return Status;
}
}
DEBUG((DEBUG_ERROR, "TPM2 ACPI HID TAG for patch not found!\n"));
DEBUG ((DEBUG_ERROR, "TPM2 ACPI HID TAG for patch not found!\n"));
return EFI_NOT_FOUND;
}
@@ -656,14 +661,14 @@ PublishAcpiTable (
VOID
)
{
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
UINTN TableKey;
EFI_ACPI_DESCRIPTION_HEADER *Table;
UINTN TableSize;
UINT32 *PossibleIrqNumBuf;
UINT32 PossibleIrqNumBufSize;
BOOLEAN IsShortFormPkgLength;
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
UINTN TableKey;
EFI_ACPI_DESCRIPTION_HEADER *Table;
UINTN TableSize;
UINT32 *PossibleIrqNumBuf;
UINT32 PossibleIrqNumBufSize;
BOOLEAN IsShortFormPkgLength;
IsShortFormPkgLength = FALSE;
@@ -671,7 +676,7 @@ PublishAcpiTable (
&gEfiCallerIdGuid,
EFI_SECTION_RAW,
0,
(VOID **) &Table,
(VOID **)&Table,
&TableSize
);
ASSERT_EFI_ERROR (Status);
@@ -682,7 +687,7 @@ PublishAcpiTable (
// Otherwise, the PCR record would be different after TPM FW update
// or the PCD configuration change.
//
TpmMeasureAndLogData(
TpmMeasureAndLogData (
0,
EV_POST_CODE,
EV_POSTCODE_INFO_ACPI_DATA,
@@ -694,32 +699,32 @@ PublishAcpiTable (
//
// Update Table version before measuring it to PCR
//
Status = UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer));
Status = UpdatePPVersion (Table, (CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer));
ASSERT_EFI_ERROR (Status);
DEBUG ((
DEBUG_INFO,
"Current physical presence interface version - %a\n",
(CHAR8 *) PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer)
(CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)
));
//
// Update TPM2 HID after measuring it to PCR
//
Status = UpdateHID(Table);
if (EFI_ERROR(Status)) {
Status = UpdateHID (Table);
if (EFI_ERROR (Status)) {
return Status;
}
if (PcdGet32(PcdTpm2CurrentIrqNum) != 0) {
if (PcdGet32 (PcdTpm2CurrentIrqNum) != 0) {
//
// Patch _PRS interrupt resource only when TPM interrupt is supported
//
PossibleIrqNumBuf = (UINT32 *)PcdGetPtr(PcdTpm2PossibleIrqNumBuf);
PossibleIrqNumBufSize = (UINT32)PcdGetSize(PcdTpm2PossibleIrqNumBuf);
PossibleIrqNumBuf = (UINT32 *)PcdGetPtr (PcdTpm2PossibleIrqNumBuf);
PossibleIrqNumBufSize = (UINT32)PcdGetSize (PcdTpm2PossibleIrqNumBuf);
if (PossibleIrqNumBufSize <= MAX_PRS_INT_BUF_SIZE && (PossibleIrqNumBufSize % sizeof(UINT32)) == 0) {
Status = UpdatePossibleResource(Table, PossibleIrqNumBuf, PossibleIrqNumBufSize, &IsShortFormPkgLength);
if ((PossibleIrqNumBufSize <= MAX_PRS_INT_BUF_SIZE) && ((PossibleIrqNumBufSize % sizeof (UINT32)) == 0)) {
Status = UpdatePossibleResource (Table, PossibleIrqNumBuf, PossibleIrqNumBufSize, &IsShortFormPkgLength);
DEBUG ((
DEBUG_INFO,
"UpdatePossibleResource status - %x. TPM2 service may not ready in OS.\n",
@@ -730,15 +735,15 @@ PublishAcpiTable (
DEBUG_INFO,
"PcdTpm2PossibleIrqNumBuf size %x is not correct. TPM2 service may not ready in OS.\n",
PossibleIrqNumBufSize
));
));
}
}
ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'p', 'm', '2', 'T', 'a', 'b', 'l'));
CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId) );
mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS));
CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId));
mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16)sizeof (TCG_NVS));
ASSERT (mTcgNvs != NULL);
mTcgNvs->TpmIrqNum = PcdGet32(PcdTpm2CurrentIrqNum);
mTcgNvs->TpmIrqNum = PcdGet32 (PcdTpm2CurrentIrqNum);
mTcgNvs->IsShortFormPkgLength = IsShortFormPkgLength;
Status = ExchangeCommonBuffer (mTcgNvs);
@@ -746,16 +751,16 @@ PublishAcpiTable (
//
// Publish the TPM ACPI table. Table is re-checksummed.
//
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable);
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable);
ASSERT_EFI_ERROR (Status);
TableKey = 0;
Status = AcpiTable->InstallAcpiTable (
AcpiTable,
Table,
TableSize,
&TableKey
);
Status = AcpiTable->InstallAcpiTable (
AcpiTable,
Table,
TableSize,
&TableKey
);
ASSERT_EFI_ERROR (Status);
return Status;
@@ -773,12 +778,12 @@ PublishTpm2 (
VOID
)
{
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
UINTN TableKey;
UINT64 OemTableId;
EFI_TPM2_ACPI_CONTROL_AREA *ControlArea;
TPM2_PTP_INTERFACE_TYPE InterfaceType;
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
UINTN TableKey;
UINT64 OemTableId;
EFI_TPM2_ACPI_CONTROL_AREA *ControlArea;
TPM2_PTP_INTERFACE_TYPE InterfaceType;
//
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA.
@@ -786,7 +791,7 @@ PublishTpm2 (
// Otherwise, the PCR record would be different after event log update
// or the PCD configuration change.
//
TpmMeasureAndLogData(
TpmMeasureAndLogData (
0,
EV_POST_CODE,
EV_POSTCODE_INFO_ACPI_DATA,
@@ -795,8 +800,8 @@ PublishTpm2 (
mTpm2AcpiTemplate.Header.Length
);
mTpm2AcpiTemplate.Header.Revision = PcdGet8(PcdTpm2AcpiTableRev);
DEBUG((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision));
mTpm2AcpiTemplate.Header.Revision = PcdGet8 (PcdTpm2AcpiTableRev);
DEBUG ((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision));
//
// PlatformClass is only valid for version 4 and above
@@ -804,50 +809,51 @@ PublishTpm2 (
// BIT16~31: Reserved
//
if (mTpm2AcpiTemplate.Header.Revision >= EFI_TPM2_ACPI_TABLE_REVISION_4) {
mTpm2AcpiTemplate.Flags = (mTpm2AcpiTemplate.Flags & 0xFFFF0000) | PcdGet8(PcdTpmPlatformClass);
DEBUG((DEBUG_INFO, "Tpm2 ACPI table PlatformClass is %d\n", (mTpm2AcpiTemplate.Flags & 0x0000FFFF)));
mTpm2AcpiTemplate.Flags = (mTpm2AcpiTemplate.Flags & 0xFFFF0000) | PcdGet8 (PcdTpmPlatformClass);
DEBUG ((DEBUG_INFO, "Tpm2 ACPI table PlatformClass is %d\n", (mTpm2AcpiTemplate.Flags & 0x0000FFFF)));
}
mTpm2AcpiTemplate.Laml = PcdGet32(PcdTpm2AcpiTableLaml);
mTpm2AcpiTemplate.Lasa = PcdGet64(PcdTpm2AcpiTableLasa);
mTpm2AcpiTemplate.Laml = PcdGet32 (PcdTpm2AcpiTableLaml);
mTpm2AcpiTemplate.Lasa = PcdGet64 (PcdTpm2AcpiTableLasa);
if ((mTpm2AcpiTemplate.Header.Revision < EFI_TPM2_ACPI_TABLE_REVISION_4) ||
(mTpm2AcpiTemplate.Laml == 0) || (mTpm2AcpiTemplate.Lasa == 0)) {
(mTpm2AcpiTemplate.Laml == 0) || (mTpm2AcpiTemplate.Lasa == 0))
{
//
// If version is smaller than 4 or Laml/Lasa is not valid, rollback to original Length.
//
mTpm2AcpiTemplate.Header.Length = sizeof(EFI_TPM2_ACPI_TABLE);
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE);
}
InterfaceType = PcdGet8(PcdActiveTpmInterfaceType);
InterfaceType = PcdGet8 (PcdActiveTpmInterfaceType);
switch (InterfaceType) {
case Tpm2PtpInterfaceCrb:
mTpm2AcpiTemplate.StartMethod = EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INTERFACE;
mTpm2AcpiTemplate.AddressOfControlArea = PcdGet64 (PcdTpmBaseAddress) + 0x40;
ControlArea = (EFI_TPM2_ACPI_CONTROL_AREA *)(UINTN)mTpm2AcpiTemplate.AddressOfControlArea;
ControlArea->CommandSize = 0xF80;
ControlArea->ResponseSize = 0xF80;
ControlArea->Command = PcdGet64 (PcdTpmBaseAddress) + 0x80;
ControlArea->Response = PcdGet64 (PcdTpmBaseAddress) + 0x80;
break;
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
break;
default:
DEBUG((DEBUG_ERROR, "TPM2 InterfaceType get error! %d\n", InterfaceType));
break;
case Tpm2PtpInterfaceCrb:
mTpm2AcpiTemplate.StartMethod = EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INTERFACE;
mTpm2AcpiTemplate.AddressOfControlArea = PcdGet64 (PcdTpmBaseAddress) + 0x40;
ControlArea = (EFI_TPM2_ACPI_CONTROL_AREA *)(UINTN)mTpm2AcpiTemplate.AddressOfControlArea;
ControlArea->CommandSize = 0xF80;
ControlArea->ResponseSize = 0xF80;
ControlArea->Command = PcdGet64 (PcdTpmBaseAddress) + 0x80;
ControlArea->Response = PcdGet64 (PcdTpmBaseAddress) + 0x80;
break;
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceTis:
break;
default:
DEBUG ((DEBUG_ERROR, "TPM2 InterfaceType get error! %d\n", InterfaceType));
break;
}
CopyMem (mTpm2AcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTpm2AcpiTemplate.Header.OemId));
OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId);
CopyMem (&mTpm2AcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64));
mTpm2AcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
mTpm2AcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
mTpm2AcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
mTpm2AcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
mTpm2AcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
mTpm2AcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
//
// Construct ACPI table
//
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable);
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable);
ASSERT_EFI_ERROR (Status);
Status = AcpiTable->InstallAcpiTable (
@@ -877,13 +883,13 @@ PublishTpm2 (
EFI_STATUS
EFIAPI
InitializeTcgAcpi (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)){
if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)) {
DEBUG ((DEBUG_ERROR, "No TPM2 DTPM instance required!\n"));
return EFI_UNSUPPORTED;
}
@@ -899,4 +905,3 @@ InitializeTcgAcpi (
return EFI_SUCCESS;
}

168
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c
View File

@@ -20,38 +20,42 @@ extern TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1];
**/
VOID
UpdateDefaultPCRBanks (
IN VOID *HiiPackage,
IN UINTN HiiPackageSize,
IN UINT32 PCRBanks
IN VOID *HiiPackage,
IN UINTN HiiPackageSize,
IN UINT32 PCRBanks
)
{
EFI_HII_PACKAGE_HEADER *HiiPackageHeader;
EFI_IFR_OP_HEADER *IfrOpCodeHeader;
EFI_IFR_CHECKBOX *IfrCheckBox;
EFI_IFR_DEFAULT *IfrDefault;
EFI_HII_PACKAGE_HEADER *HiiPackageHeader;
EFI_IFR_OP_HEADER *IfrOpCodeHeader;
EFI_IFR_CHECKBOX *IfrCheckBox;
EFI_IFR_DEFAULT *IfrDefault;
HiiPackageHeader = (EFI_HII_PACKAGE_HEADER *)HiiPackage;
switch (HiiPackageHeader->Type) {
case EFI_HII_PACKAGE_FORMS:
IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)(HiiPackageHeader + 1);
while ((UINTN)IfrOpCodeHeader < (UINTN)HiiPackageHeader + HiiPackageHeader->Length) {
switch (IfrOpCodeHeader->OpCode) {
case EFI_IFR_CHECKBOX_OP:
IfrCheckBox = (EFI_IFR_CHECKBOX *)IfrOpCodeHeader;
if ((IfrCheckBox->Question.QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (IfrCheckBox->Question.QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) {
IfrDefault = (EFI_IFR_DEFAULT *)(IfrCheckBox + 1);
ASSERT (IfrDefault->Header.OpCode == EFI_IFR_DEFAULT_OP);
ASSERT (IfrDefault->Type == EFI_IFR_TYPE_BOOLEAN);
IfrDefault->Value.b = (BOOLEAN)((PCRBanks >> (IfrCheckBox->Question.QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0)) & 0x1);
case EFI_HII_PACKAGE_FORMS:
IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)(HiiPackageHeader + 1);
while ((UINTN)IfrOpCodeHeader < (UINTN)HiiPackageHeader + HiiPackageHeader->Length) {
switch (IfrOpCodeHeader->OpCode) {
case EFI_IFR_CHECKBOX_OP:
IfrCheckBox = (EFI_IFR_CHECKBOX *)IfrOpCodeHeader;
if ((IfrCheckBox->Question.QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (IfrCheckBox->Question.QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) {
IfrDefault = (EFI_IFR_DEFAULT *)(IfrCheckBox + 1);
ASSERT (IfrDefault->Header.OpCode == EFI_IFR_DEFAULT_OP);
ASSERT (IfrDefault->Type == EFI_IFR_TYPE_BOOLEAN);
IfrDefault->Value.b = (BOOLEAN)((PCRBanks >> (IfrCheckBox->Question.QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0)) & 0x1);
}
break;
}
break;
IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)((UINTN)IfrOpCodeHeader + IfrOpCodeHeader->Length);
}
IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)((UINTN)IfrOpCodeHeader + IfrOpCodeHeader->Length);
}
break;
break;
}
return ;
return;
}
/**
@@ -67,16 +71,16 @@ UpdateDefaultPCRBanks (
**/
VOID
InitializeTcg2VersionInfo (
IN TCG2_CONFIG_PRIVATE_DATA *PrivateData
IN TCG2_CONFIG_PRIVATE_DATA *PrivateData
)
{
EFI_STATUS Status;
EFI_STRING ConfigRequestHdr;
BOOLEAN ActionFlag;
TCG2_VERSION Tcg2Version;
UINTN DataSize;
UINT64 PcdTcg2PpiVersion;
UINT8 PcdTpm2AcpiTableRev;
EFI_STATUS Status;
EFI_STRING ConfigRequestHdr;
BOOLEAN ActionFlag;
TCG2_VERSION Tcg2Version;
UINTN DataSize;
UINT64 PcdTcg2PpiVersion;
UINT8 PcdTpm2AcpiTableRev;
//
// Get the PCD value before initializing efi varstore configuration data.
@@ -85,7 +89,7 @@ InitializeTcg2VersionInfo (
CopyMem (
&PcdTcg2PpiVersion,
PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
);
PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev);
@@ -101,13 +105,13 @@ InitializeTcg2VersionInfo (
);
ASSERT (ConfigRequestHdr != NULL);
DataSize = sizeof (Tcg2Version);
Status = gRT->GetVariable (
TCG2_VERSION_NAME,
&gTcg2ConfigFormSetGuid,
NULL,
&DataSize,
&Tcg2Version
);
Status = gRT->GetVariable (
TCG2_VERSION_NAME,
&gTcg2ConfigFormSetGuid,
NULL,
&DataSize,
&Tcg2Version
);
if (!EFI_ERROR (Status)) {
//
// EFI variable does exist and validate current setting.
@@ -123,13 +127,13 @@ InitializeTcg2VersionInfo (
// Get the default values from variable.
//
DataSize = sizeof (Tcg2Version);
Status = gRT->GetVariable (
TCG2_VERSION_NAME,
&gTcg2ConfigFormSetGuid,
NULL,
&DataSize,
&Tcg2Version
);
Status = gRT->GetVariable (
TCG2_VERSION_NAME,
&gTcg2ConfigFormSetGuid,
NULL,
&DataSize,
&Tcg2Version
);
ASSERT_EFI_ERROR (Status);
}
} else {
@@ -160,24 +164,26 @@ InitializeTcg2VersionInfo (
// Get the default values from variable.
//
DataSize = sizeof (Tcg2Version);
Status = gRT->GetVariable (
TCG2_VERSION_NAME,
&gTcg2ConfigFormSetGuid,
NULL,
&DataSize,
&Tcg2Version
);
Status = gRT->GetVariable (
TCG2_VERSION_NAME,
&gTcg2ConfigFormSetGuid,
NULL,
&DataSize,
&Tcg2Version
);
ASSERT_EFI_ERROR (Status);
if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) {
DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer default value is not same with the default value in VFR\n"));
DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n"));
}
if (PcdTpm2AcpiTableRev != Tcg2Version.Tpm2AcpiTableRev) {
DEBUG ((DEBUG_WARN, "WARNING: PcdTpm2AcpiTableRev default value is not same with the default value in VFR\n"));
DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n"));
}
}
}
FreePool (ConfigRequestHdr);
//
@@ -189,7 +195,7 @@ InitializeTcg2VersionInfo (
CopyMem (
&PcdTcg2PpiVersion,
PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
);
if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) {
DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer is not DynamicHii type and does not map to TCG2_VERSION.PpiVersion\n"));
@@ -247,8 +253,8 @@ InitializeTcg2VersionInfo (
EFI_STATUS
EFIAPI
Tcg2ConfigDriverEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
@@ -289,36 +295,36 @@ Tcg2ConfigDriverEntryPoint (
);
ASSERT_EFI_ERROR (Status);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &PrivateData->Tcg2Protocol);
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **)&PrivateData->Tcg2Protocol);
ASSERT_EFI_ERROR (Status);
PrivateData->ProtocolCapability.Size = sizeof(PrivateData->ProtocolCapability);
Status = PrivateData->Tcg2Protocol->GetCapability (
PrivateData->Tcg2Protocol,
&PrivateData->ProtocolCapability
);
PrivateData->ProtocolCapability.Size = sizeof (PrivateData->ProtocolCapability);
Status = PrivateData->Tcg2Protocol->GetCapability (
PrivateData->Tcg2Protocol,
&PrivateData->ProtocolCapability
);
ASSERT_EFI_ERROR (Status);
DataSize = sizeof(Tcg2Configuration);
Status = gRT->GetVariable (
TCG2_STORAGE_NAME,
&gTcg2ConfigFormSetGuid,
NULL,
&DataSize,
&Tcg2Configuration
);
DataSize = sizeof (Tcg2Configuration);
Status = gRT->GetVariable (
TCG2_STORAGE_NAME,
&gTcg2ConfigFormSetGuid,
NULL,
&DataSize,
&Tcg2Configuration
);
if (EFI_ERROR (Status)) {
//
// Variable not ready, set default value
//
Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT;
Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT;
}
//
// Validation
//
if ((Tcg2Configuration.TpmDevice > TPM_DEVICE_MAX) || (Tcg2Configuration.TpmDevice < TPM_DEVICE_MIN)) {
Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT;
Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT;
}
//
@@ -328,21 +334,21 @@ Tcg2ConfigDriverEntryPoint (
Status = PrivateData->Tcg2Protocol->GetActivePcrBanks (PrivateData->Tcg2Protocol, &CurrentActivePCRBanks);
ASSERT_EFI_ERROR (Status);
PrivateData->PCRBanksDesired = CurrentActivePCRBanks;
UpdateDefaultPCRBanks (Tcg2ConfigBin + sizeof(UINT32), ReadUnaligned32((UINT32 *)Tcg2ConfigBin) - sizeof(UINT32), CurrentActivePCRBanks);
UpdateDefaultPCRBanks (Tcg2ConfigBin + sizeof (UINT32), ReadUnaligned32 ((UINT32 *)Tcg2ConfigBin) - sizeof (UINT32), CurrentActivePCRBanks);
//
// Sync data from PCD to variable, so that we do not need detect again in S3 phase.
//
Tcg2DeviceDetection.TpmDeviceDetected = TPM_DEVICE_NULL;
for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) {
if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) {
for (Index = 0; Index < sizeof (mTpmInstanceId)/sizeof (mTpmInstanceId[0]); Index++) {
if (CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) {
Tcg2DeviceDetection.TpmDeviceDetected = mTpmInstanceId[Index].TpmDevice;
break;
}
}
PrivateData->TpmDeviceDetected = Tcg2DeviceDetection.TpmDeviceDetected;
Tcg2Configuration.TpmDevice = Tcg2DeviceDetection.TpmDeviceDetected;
Tcg2Configuration.TpmDevice = Tcg2DeviceDetection.TpmDeviceDetected;
//
// Save to variable so platform driver can get it.
@@ -351,7 +357,7 @@ Tcg2ConfigDriverEntryPoint (
TCG2_DEVICE_DETECTION_NAME,
&gTcg2ConfigFormSetGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
sizeof(Tcg2DeviceDetection),
sizeof (Tcg2DeviceDetection),
&Tcg2DeviceDetection
);
if (EFI_ERROR (Status)) {
@@ -373,7 +379,7 @@ Tcg2ConfigDriverEntryPoint (
TCG2_STORAGE_NAME,
&gTcg2ConfigFormSetGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS,
sizeof(Tcg2Configuration),
sizeof (Tcg2Configuration),
&Tcg2Configuration
);
if (EFI_ERROR (Status)) {
@@ -428,13 +434,13 @@ Tcg2ConfigDriverUnload (
IN EFI_HANDLE ImageHandle
)
{
EFI_STATUS Status;
TCG2_CONFIG_PRIVATE_DATA *PrivateData;
EFI_STATUS Status;
TCG2_CONFIG_PRIVATE_DATA *PrivateData;
Status = gBS->HandleProtocol (
ImageHandle,
&gEfiCallerIdGuid,
(VOID **) &PrivateData
(VOID **)&PrivateData
);
if (EFI_ERROR (Status)) {
return Status;

449
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
View File

@@ -18,12 +18,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <IndustryStandard/TpmPtp.h>
#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1] = TPM_INSTANCE_ID_LIST;
TCG2_CONFIG_PRIVATE_DATA *mTcg2ConfigPrivateDate;
TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate = {
TCG2_CONFIG_PRIVATE_DATA *mTcg2ConfigPrivateDate;
TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate = {
TCG2_CONFIG_PRIVATE_DATA_SIGNATURE,
{
Tcg2ExtractConfig,
@@ -32,14 +32,14 @@ TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate = {
}
};
HII_VENDOR_DEVICE_PATH mTcg2HiiVendorDevicePath = {
HII_VENDOR_DEVICE_PATH mTcg2HiiVendorDevicePath = {
{
{
HARDWARE_DEVICE_PATH,
HW_VENDOR_DP,
{
(UINT8) (sizeof (VENDOR_DEVICE_PATH)),
(UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
(UINT8)(sizeof (VENDOR_DEVICE_PATH)),
(UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8)
}
},
TCG2_CONFIG_FORM_SET_GUID
@@ -48,8 +48,8 @@ HII_VENDOR_DEVICE_PATH mTcg2HiiVendorDevicePath = {
END_DEVICE_PATH_TYPE,
END_ENTIRE_DEVICE_PATH_SUBTYPE,
{
(UINT8) (END_DEVICE_PATH_LENGTH),
(UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
(UINT8)(END_DEVICE_PATH_LENGTH),
(UINT8)((END_DEVICE_PATH_LENGTH) >> 8)
}
}
};
@@ -66,7 +66,7 @@ UINT8 mCurrentPpRequest;
**/
BOOLEAN
IsPtpCrbSupported (
IN VOID *Register
IN VOID *Register
)
{
PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
@@ -78,9 +78,11 @@ IsPtpCrbSupported (
if (((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) ||
(InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) &&
(InterfaceId.Bits.CapCRB != 0)) {
(InterfaceId.Bits.CapCRB != 0))
{
return TRUE;
}
return FALSE;
}
@@ -94,7 +96,7 @@ IsPtpCrbSupported (
**/
BOOLEAN
IsPtpFifoSupported (
IN VOID *Register
IN VOID *Register
)
{
PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
@@ -106,9 +108,11 @@ IsPtpFifoSupported (
if (((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) ||
(InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) &&
(InterfaceId.Bits.CapFIFO != 0)) {
(InterfaceId.Bits.CapFIFO != 0))
{
return TRUE;
}
return FALSE;
}
@@ -126,40 +130,44 @@ IsPtpFifoSupported (
**/
EFI_STATUS
SetPtpInterface (
IN VOID *Register,
IN UINT8 PtpInterface
IN VOID *Register,
IN UINT8 PtpInterface
)
{
TPM2_PTP_INTERFACE_TYPE PtpInterfaceCurrent;
PTP_CRB_INTERFACE_IDENTIFIER InterfaceId;
PtpInterfaceCurrent = PcdGet8(PcdActiveTpmInterfaceType);
PtpInterfaceCurrent = PcdGet8 (PcdActiveTpmInterfaceType);
if ((PtpInterfaceCurrent != Tpm2PtpInterfaceFifo) &&
(PtpInterfaceCurrent != Tpm2PtpInterfaceCrb)) {
(PtpInterfaceCurrent != Tpm2PtpInterfaceCrb))
{
return EFI_UNSUPPORTED;
}
InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId);
if (InterfaceId.Bits.IntfSelLock != 0) {
return EFI_WRITE_PROTECTED;
}
switch (PtpInterface) {
case Tpm2PtpInterfaceFifo:
if (InterfaceId.Bits.CapFIFO == 0) {
return EFI_UNSUPPORTED;
}
InterfaceId.Bits.InterfaceSelector = PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_FIFO;
MmioWrite32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId, InterfaceId.Uint32);
return EFI_SUCCESS;
case Tpm2PtpInterfaceCrb:
if (InterfaceId.Bits.CapCRB == 0) {
return EFI_UNSUPPORTED;
}
InterfaceId.Bits.InterfaceSelector = PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_CRB;
MmioWrite32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId, InterfaceId.Uint32);
return EFI_SUCCESS;
default:
return EFI_INVALID_PARAMETER;
case Tpm2PtpInterfaceFifo:
if (InterfaceId.Bits.CapFIFO == 0) {
return EFI_UNSUPPORTED;
}
InterfaceId.Bits.InterfaceSelector = PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_FIFO;
MmioWrite32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId, InterfaceId.Uint32);
return EFI_SUCCESS;
case Tpm2PtpInterfaceCrb:
if (InterfaceId.Bits.CapCRB == 0) {
return EFI_UNSUPPORTED;
}
InterfaceId.Bits.InterfaceSelector = PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_CRB;
MmioWrite32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId, InterfaceId.Uint32);
return EFI_SUCCESS;
default:
return EFI_INVALID_PARAMETER;
}
}
@@ -192,13 +200,13 @@ SetPtpInterface (
EFI_STATUS
EFIAPI
Tcg2ExtractConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
)
{
if (Progress == NULL || Results == NULL) {
if ((Progress == NULL) || (Results == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -217,7 +225,7 @@ Tcg2ExtractConfig (
**/
EFI_STATUS
SaveTcg2PpRequest (
IN UINT8 PpRequest
IN UINT8 PpRequest
)
{
UINT32 ReturnCode;
@@ -226,7 +234,7 @@ SaveTcg2PpRequest (
ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (PpRequest, 0);
if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) {
mCurrentPpRequest = PpRequest;
Status = EFI_SUCCESS;
Status = EFI_SUCCESS;
} else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) {
Status = EFI_OUT_OF_RESOURCES;
} else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) {
@@ -249,7 +257,7 @@ SaveTcg2PpRequest (
**/
EFI_STATUS
SaveTcg2PpRequestParameter (
IN UINT32 PpRequestParameter
IN UINT32 PpRequestParameter
)
{
UINT32 ReturnCode;
@@ -281,8 +289,8 @@ SaveTcg2PpRequestParameter (
**/
EFI_STATUS
SaveTcg2PCRBanksRequest (
IN UINTN PCRBankIndex,
IN BOOLEAN Enable
IN UINTN PCRBankIndex,
IN BOOLEAN Enable
)
{
UINT32 ReturnCode;
@@ -329,12 +337,12 @@ SaveTcg2PCRBanksRequest (
EFI_STATUS
EFIAPI
Tcg2RouteConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
)
{
if (Configuration == NULL || Progress == NULL) {
if ((Configuration == NULL) || (Progress == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -353,9 +361,9 @@ Tcg2RouteConfig (
**/
EFI_STATUS
GetTpm2HID(
CHAR8 *Hid,
UINTN Size
GetTpm2HID (
CHAR8 *Hid,
UINTN Size
)
{
EFI_STATUS Status;
@@ -366,54 +374,53 @@ GetTpm2HID(
PnpHID = TRUE;
ZeroMem(Hid, Size);
ZeroMem (Hid, Size);
//
// Get Manufacturer ID
//
Status = Tpm2GetCapabilityManufactureID(&ManufacturerID);
if (!EFI_ERROR(Status)) {
DEBUG((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID));
Status = Tpm2GetCapabilityManufactureID (&ManufacturerID);
if (!EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID));
//
// ManufacturerID defined in TCG Vendor ID Registry
// may tailed with 0x00 or 0x20
//
if ((ManufacturerID >> 24) == 0x00 || ((ManufacturerID >> 24) == 0x20)) {
if (((ManufacturerID >> 24) == 0x00) || ((ManufacturerID >> 24) == 0x20)) {
//
// HID containing PNP ID "NNN####"
// NNN is uppercase letter for Vendor ID specified by manufacturer
//
CopyMem(Hid, &ManufacturerID, 3);
CopyMem (Hid, &ManufacturerID, 3);
} else {
//
// HID containing ACP ID "NNNN####"
// NNNN is uppercase letter for Vendor ID specified by manufacturer
//
CopyMem(Hid, &ManufacturerID, 4);
CopyMem (Hid, &ManufacturerID, 4);
PnpHID = FALSE;
}
} else {
DEBUG ((DEBUG_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", Status));
ASSERT(FALSE);
ASSERT (FALSE);
return Status;
}
Status = Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1, &FirmwareVersion2);
if (!EFI_ERROR(Status)) {
DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1));
DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2));
Status = Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &FirmwareVersion2);
if (!EFI_ERROR (Status)) {
DEBUG ((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1));
DEBUG ((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2));
//
// #### is Firmware Version 1
//
if (PnpHID) {
AsciiSPrint(Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF));
AsciiSPrint (Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF));
} else {
AsciiSPrint(Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF));
AsciiSPrint (Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF));
}
} else {
DEBUG ((DEBUG_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", Status));
ASSERT(FALSE);
ASSERT (FALSE);
return Status;
}
@@ -438,15 +445,15 @@ GetTpm2HID(
**/
EFI_STATUS
Tcg2VersionInfoCallback (
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value
)
{
EFI_INPUT_KEY Key;
UINT64 PcdTcg2PpiVersion;
UINT8 PcdTpm2AcpiTableRev;
EFI_INPUT_KEY Key;
UINT64 PcdTcg2PpiVersion;
UINT8 PcdTpm2AcpiTableRev;
ASSERT (Action == EFI_BROWSER_ACTION_SUBMITTED);
@@ -461,7 +468,7 @@ Tcg2VersionInfoCallback (
CopyMem (
&PcdTcg2PpiVersion,
PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer),
AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
AsciiStrSize ((CHAR8 *)PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer))
);
if (PcdTcg2PpiVersion != Value->u64) {
CreatePopUp (
@@ -472,7 +479,7 @@ Tcg2VersionInfoCallback (
NULL
);
}
} else if (QuestionId == KEY_TPM2_ACPI_REVISION){
} else if (QuestionId == KEY_TPM2_ACPI_REVISION) {
//
// Get the PCD value after EFI_BROWSER_ACTION_SUBMITTED,
// the SetVariable to TCG2_VERSION_NAME should have been done.
@@ -520,19 +527,19 @@ Tcg2VersionInfoCallback (
EFI_STATUS
EFIAPI
Tcg2Callback (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
)
{
EFI_STATUS Status;
EFI_INPUT_KEY Key;
CHAR8 HidStr[16];
CHAR16 UnHidStr[16];
TCG2_CONFIG_PRIVATE_DATA *Private;
EFI_STATUS Status;
EFI_INPUT_KEY Key;
CHAR8 HidStr[16];
CHAR16 UnHidStr[16];
TCG2_CONFIG_PRIVATE_DATA *Private;
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -545,24 +552,25 @@ Tcg2Callback (
// Update TPM2 HID info
//
if (QuestionId == KEY_TPM_DEVICE) {
Status = GetTpm2HID(HidStr, 16);
Status = GetTpm2HID (HidStr, 16);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
//
// Fail to get TPM2 HID
//
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_HID_CONTENT), L"Unknown", NULL);
} else {
AsciiStrToUnicodeStrS(HidStr, UnHidStr, 16);
AsciiStrToUnicodeStrS (HidStr, UnHidStr, 16);
HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_HID_CONTENT), UnHidStr, NULL);
}
}
return EFI_SUCCESS;
}
if (Action == EFI_BROWSER_ACTION_CHANGING) {
if (QuestionId == KEY_TPM_DEVICE_INTERFACE) {
Status = SetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress), Value->u8);
Status = SetPtpInterface ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress), Value->u8);
if (EFI_ERROR (Status)) {
CreatePopUp (
EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE,
@@ -579,19 +587,22 @@ Tcg2Callback (
if (QuestionId == KEY_TPM_DEVICE) {
return EFI_SUCCESS;
}
if (QuestionId == KEY_TPM2_OPERATION) {
return SaveTcg2PpRequest (Value->u8);
}
if (QuestionId == KEY_TPM2_OPERATION_PARAMETER) {
return SaveTcg2PpRequestParameter (Value->u32);
}
if ((QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) {
return SaveTcg2PCRBanksRequest (QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b);
}
}
if (Action == EFI_BROWSER_ACTION_SUBMITTED) {
if (QuestionId == KEY_TCG2_PPI_VERSION || QuestionId == KEY_TPM2_ACPI_REVISION) {
if ((QuestionId == KEY_TCG2_PPI_VERSION) || (QuestionId == KEY_TPM2_ACPI_REVISION)) {
return Tcg2VersionInfoCallback (Action, QuestionId, Type, Value);
}
}
@@ -615,36 +626,41 @@ AppendBufferWithTpmAlgHash (
)
{
switch (TpmAlgHash) {
case TPM_ALG_SHA1:
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1");
break;
case TPM_ALG_SHA256:
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256");
break;
case TPM_ALG_SHA384:
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384");
break;
case TPM_ALG_SHA512:
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512");
break;
case TPM_ALG_SM3_256:
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256");
break;
case TPM_ALG_SHA1:
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1");
break;
case TPM_ALG_SHA256:
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256");
break;
case TPM_ALG_SHA384:
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384");
break;
case TPM_ALG_SHA512:
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512");
break;
case TPM_ALG_SM3_256:
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256");
break;
}
}
@@ -668,30 +684,39 @@ FillBufferWithBootHashAlg (
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1");
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256");
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384");
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512");
}
if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256");
}
}
@@ -705,26 +730,26 @@ FillBufferWithBootHashAlg (
**/
VOID
SetConfigInfo (
IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo,
IN UINT32 TpmAlgHash
IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo,
IN UINT32 TpmAlgHash
)
{
switch (TpmAlgHash) {
case TPM_ALG_SHA1:
Tcg2ConfigInfo->Sha1Supported = TRUE;
break;
case TPM_ALG_SHA256:
Tcg2ConfigInfo->Sha256Supported = TRUE;
break;
case TPM_ALG_SHA384:
Tcg2ConfigInfo->Sha384Supported = TRUE;
break;
case TPM_ALG_SHA512:
Tcg2ConfigInfo->Sha512Supported = TRUE;
break;
case TPM_ALG_SM3_256:
Tcg2ConfigInfo->Sm3Supported = TRUE;
break;
case TPM_ALG_SHA1:
Tcg2ConfigInfo->Sha1Supported = TRUE;
break;
case TPM_ALG_SHA256:
Tcg2ConfigInfo->Sha256Supported = TRUE;
break;
case TPM_ALG_SHA384:
Tcg2ConfigInfo->Sha384Supported = TRUE;
break;
case TPM_ALG_SHA512:
Tcg2ConfigInfo->Sha512Supported = TRUE;
break;
case TPM_ALG_SM3_256:
Tcg2ConfigInfo->Sm3Supported = TRUE;
break;
}
}
@@ -748,18 +773,23 @@ FillBufferWithTCG2EventLogFormat (
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"TCG_1_2");
}
if ((TCG2EventLogFormat & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) != 0) {
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"TCG_2");
}
if ((TCG2EventLogFormat & (~EFI_TCG2_EVENT_LOG_FORMAT_ALL)) != 0) {
if (Buffer[0] != 0) {
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", ");
}
StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"UNKNOWN");
}
}
@@ -792,14 +822,14 @@ InstallTcg2ConfigForm (
DriverHandle = NULL;
ConfigAccess = &PrivateData->ConfigAccess;
Status = gBS->InstallMultipleProtocolInterfaces (
&DriverHandle,
&gEfiDevicePathProtocolGuid,
&mTcg2HiiVendorDevicePath,
&gEfiHiiConfigAccessProtocolGuid,
ConfigAccess,
NULL
);
Status = gBS->InstallMultipleProtocolInterfaces (
&DriverHandle,
&gEfiDevicePathProtocolGuid,
&mTcg2HiiVendorDevicePath,
&gEfiHiiConfigAccessProtocolGuid,
ConfigAccess,
NULL
);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -835,21 +865,21 @@ InstallTcg2ConfigForm (
// Update static data
//
switch (PrivateData->TpmDeviceDetected) {
case TPM_DEVICE_NULL:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"Not Found", NULL);
break;
case TPM_DEVICE_1_2:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"TPM 1.2", NULL);
break;
case TPM_DEVICE_2_0_DTPM:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"TPM 2.0", NULL);
break;
default:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"Unknown", NULL);
break;
case TPM_DEVICE_NULL:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"Not Found", NULL);
break;
case TPM_DEVICE_1_2:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"TPM 1.2", NULL);
break;
case TPM_DEVICE_2_0_DTPM:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"TPM 2.0", NULL);
break;
default:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"Unknown", NULL);
break;
}
ZeroMem (&Tcg2ConfigInfo, sizeof(Tcg2ConfigInfo));
ZeroMem (&Tcg2ConfigInfo, sizeof (Tcg2ConfigInfo));
Status = Tpm2GetCapabilityPcrs (&Pcrs);
if (EFI_ERROR (Status)) {
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), L"[Unknown]", NULL);
@@ -858,16 +888,18 @@ InstallTcg2ConfigForm (
TempBuffer[0] = 0;
for (Index = 0; Index < Pcrs.count; Index++) {
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer), Pcrs.pcrSelections[Index].hash);
AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), Pcrs.pcrSelections[Index].hash);
}
}
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), TempBuffer, NULL);
TempBuffer[0] = 0;
for (Index = 0; Index < Pcrs.count; Index++) {
AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer), Pcrs.pcrSelections[Index].hash);
AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), Pcrs.pcrSelections[Index].hash);
SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash);
}
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL);
}
@@ -875,77 +907,82 @@ InstallTcg2ConfigForm (
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status));
}
Tcg2ConfigInfo.ChangeEPSSupported = IsCmdImp;
FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PcdGet32 (PcdTcg2HashAlgorithmBitmap));
FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32 (PcdTcg2HashAlgorithmBitmap));
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_BIOS_HASH_ALGO_CONTENT), TempBuffer, NULL);
//
// Tcg2 Capability
//
FillBufferWithTCG2EventLogFormat (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.SupportedEventLogs);
FillBufferWithTCG2EventLogFormat (TempBuffer, sizeof (TempBuffer), PrivateData->ProtocolCapability.SupportedEventLogs);
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_SUPPORTED_EVENT_LOG_FORMAT_CONTENT), TempBuffer, NULL);
FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.HashAlgorithmBitmap);
FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PrivateData->ProtocolCapability.HashAlgorithmBitmap);
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_HASH_ALGO_BITMAP_CONTENT), TempBuffer, NULL);
UnicodeSPrint (TempBuffer, sizeof (TempBuffer), L"%d", PrivateData->ProtocolCapability.NumberOfPCRBanks);
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_NUMBER_OF_PCR_BANKS_CONTENT), TempBuffer, NULL);
FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.ActivePcrBanks);
FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PrivateData->ProtocolCapability.ActivePcrBanks);
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_ACTIVE_PCR_BANKS_CONTENT), TempBuffer, NULL);
//
// Update TPM device interface type
//
if (PrivateData->TpmDeviceDetected == TPM_DEVICE_2_0_DTPM) {
TpmDeviceInterfaceDetected = PcdGet8(PcdActiveTpmInterfaceType);
TpmDeviceInterfaceDetected = PcdGet8 (PcdActiveTpmInterfaceType);
switch (TpmDeviceInterfaceDetected) {
case Tpm2PtpInterfaceTis:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"TIS", NULL);
break;
case Tpm2PtpInterfaceFifo:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"PTP FIFO", NULL);
break;
case Tpm2PtpInterfaceCrb:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"PTP CRB", NULL);
break;
default:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"Unknown", NULL);
break;
case Tpm2PtpInterfaceTis:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"TIS", NULL);
break;
case Tpm2PtpInterfaceFifo:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"PTP FIFO", NULL);
break;
case Tpm2PtpInterfaceCrb:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"PTP CRB", NULL);
break;
default:
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"Unknown", NULL);
break;
}
Tcg2ConfigInfo.TpmDeviceInterfaceAttempt = TpmDeviceInterfaceDetected;
switch (TpmDeviceInterfaceDetected) {
case Tpm2PtpInterfaceTis:
Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = FALSE;
Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = FALSE;
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), L"TIS", NULL);
break;
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceCrb:
Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = IsPtpFifoSupported((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = IsPtpCrbSupported((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress));
TempBuffer[0] = 0;
if (Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported) {
if (TempBuffer[0] != 0) {
StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L", ");
case Tpm2PtpInterfaceTis:
Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = FALSE;
Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = FALSE;
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), L"TIS", NULL);
break;
case Tpm2PtpInterfaceFifo:
case Tpm2PtpInterfaceCrb:
Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = IsPtpFifoSupported ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = IsPtpCrbSupported ((VOID *)(UINTN)PcdGet64 (PcdTpmBaseAddress));
TempBuffer[0] = 0;
if (Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported) {
if (TempBuffer[0] != 0) {
StrCatS (TempBuffer, sizeof (TempBuffer) / sizeof (CHAR16), L", ");
}
StrCatS (TempBuffer, sizeof (TempBuffer) / sizeof (CHAR16), L"PTP FIFO");
}
StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L"PTP FIFO");
}
if (Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported) {
if (TempBuffer[0] != 0) {
StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L", ");
if (Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported) {
if (TempBuffer[0] != 0) {
StrCatS (TempBuffer, sizeof (TempBuffer) / sizeof (CHAR16), L", ");
}
StrCatS (TempBuffer, sizeof (TempBuffer) / sizeof (CHAR16), L"PTP CRB");
}
StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L"PTP CRB");
}
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), TempBuffer, NULL);
break;
default:
Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = FALSE;
Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = FALSE;
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), L"Unknown", NULL);
break;
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), TempBuffer, NULL);
break;
default:
Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = FALSE;
Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = FALSE;
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), L"Unknown", NULL);
break;
}
}
@@ -956,7 +993,7 @@ InstallTcg2ConfigForm (
TCG2_STORAGE_INFO_NAME,
&gTcg2ConfigFormSetGuid,
EFI_VARIABLE_BOOTSERVICE_ACCESS,
sizeof(Tcg2ConfigInfo),
sizeof (Tcg2ConfigInfo),
&Tcg2ConfigInfo
);
if (EFI_ERROR (Status)) {
@@ -974,7 +1011,7 @@ InstallTcg2ConfigForm (
**/
VOID
UninstallTcg2ConfigForm (
IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData
IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData
)
{
//

64
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h
View File

@@ -38,42 +38,42 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "Tcg2ConfigNvData.h"
#include "Tcg2Internal.h"
#define TCG2_PROTOCOL_VERSION_DEFAULT 0x0001
#define TCG2_PROTOCOL_VERSION_DEFAULT 0x0001
//
// Tool generated IFR binary data and String package data
//
extern UINT8 Tcg2ConfigBin[];
extern UINT8 Tcg2ConfigDxeStrings[];
extern UINT8 Tcg2ConfigBin[];
extern UINT8 Tcg2ConfigDxeStrings[];
///
/// HII specific Vendor Device Path definition.
///
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
typedef struct {
UINTN Signature;
UINTN Signature;
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
EFI_HII_HANDLE HiiHandle;
EFI_HANDLE DriverHandle;
EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess;
EFI_HII_HANDLE HiiHandle;
EFI_HANDLE DriverHandle;
UINT8 TpmDeviceDetected;
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;
UINT32 PCRBanksDesired;
UINT8 TpmDeviceDetected;
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;
UINT32 PCRBanksDesired;
} TCG2_CONFIG_PRIVATE_DATA;
extern TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate;
extern TCG2_CONFIG_PRIVATE_DATA *mTcg2ConfigPrivateDate;
#define TCG2_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'r', 'E', 'D')
extern TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate;
extern TCG2_CONFIG_PRIVATE_DATA *mTcg2ConfigPrivateDate;
#define TCG2_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'r', 'E', 'D')
#define TCG2_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, TCG2_CONFIG_PRIVATE_DATA, ConfigAccess, TCG2_CONFIG_PRIVATE_DATA_SIGNATURE)
#define TPM_HID_PNP_SIZE 8
#define TPM_HID_ACPI_SIZE 9
#define TPM_HID_PNP_SIZE 8
#define TPM_HID_ACPI_SIZE 9
/**
This function publish the TCG2 configuration Form for TPM device.
@@ -98,7 +98,7 @@ InstallTcg2ConfigForm (
**/
VOID
UninstallTcg2ConfigForm (
IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData
IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData
);
/**
@@ -130,10 +130,10 @@ UninstallTcg2ConfigForm (
EFI_STATUS
EFIAPI
Tcg2ExtractConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
);
/**
@@ -157,9 +157,9 @@ Tcg2ExtractConfig (
EFI_STATUS
EFIAPI
Tcg2RouteConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
);
/**
@@ -187,12 +187,12 @@ Tcg2RouteConfig (
EFI_STATUS
EFIAPI
Tcg2Callback (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
);
#endif

76
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h
View File

@@ -13,32 +13,32 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Guid/Tcg2ConfigHii.h>
#include <IndustryStandard/TcgPhysicalPresence.h>
#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001
#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
#define TCG2_VERSION_VARSTORE_ID 0x0003
#define TCG2_CONFIGURATION_FORM_ID 0x0001
#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001
#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
#define TCG2_VERSION_VARSTORE_ID 0x0003
#define TCG2_CONFIGURATION_FORM_ID 0x0001
#define KEY_TPM_DEVICE 0x2000
#define KEY_TPM2_OPERATION 0x2001
#define KEY_TPM2_OPERATION_PARAMETER 0x2002
#define KEY_TPM2_PCR_BANKS_REQUEST_0 0x2003
#define KEY_TPM2_PCR_BANKS_REQUEST_1 0x2004
#define KEY_TPM2_PCR_BANKS_REQUEST_2 0x2005
#define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006
#define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007
#define KEY_TPM_DEVICE_INTERFACE 0x2008
#define KEY_TCG2_PPI_VERSION 0x2009
#define KEY_TPM2_ACPI_REVISION 0x200A
#define KEY_TPM_DEVICE 0x2000
#define KEY_TPM2_OPERATION 0x2001
#define KEY_TPM2_OPERATION_PARAMETER 0x2002
#define KEY_TPM2_PCR_BANKS_REQUEST_0 0x2003
#define KEY_TPM2_PCR_BANKS_REQUEST_1 0x2004
#define KEY_TPM2_PCR_BANKS_REQUEST_2 0x2005
#define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006
#define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007
#define KEY_TPM_DEVICE_INTERFACE 0x2008
#define KEY_TCG2_PPI_VERSION 0x2009
#define KEY_TPM2_ACPI_REVISION 0x200A
#define TPM_DEVICE_NULL 0
#define TPM_DEVICE_1_2 1
#define TPM_DEVICE_2_0_DTPM 2
#define TPM_DEVICE_MIN TPM_DEVICE_1_2
#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM
#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2
#define TPM_DEVICE_NULL 0
#define TPM_DEVICE_1_2 1
#define TPM_DEVICE_2_0_DTPM 2
#define TPM_DEVICE_MIN TPM_DEVICE_1_2
#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM
#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2
#define TPM2_ACPI_REVISION_3 3
#define TPM2_ACPI_REVISION_4 4
#define TPM2_ACPI_REVISION_3 3
#define TPM2_ACPI_REVISION_4 4
#define TPM_DEVICE_INTERFACE_TIS 0
#define TPM_DEVICE_INTERFACE_PTP_FIFO 1
@@ -46,31 +46,31 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define TPM_DEVICE_INTERFACE_MAX TPM_DEVICE_INTERFACE_PTP_FIFO
#define TPM_DEVICE_INTERFACE_DEFAULT TPM_DEVICE_INTERFACE_PTP_CRB
#define TCG2_PPI_VERSION_1_2 0x322E31 // "1.2"
#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3"
#define TCG2_PPI_VERSION_1_2 0x322E31 // "1.2"
#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3"
//
// Nv Data structure referenced by IFR, TPM device user desired
//
typedef struct {
UINT8 TpmDevice;
UINT8 TpmDevice;
} TCG2_CONFIGURATION;
typedef struct {
UINT64 PpiVersion;
UINT8 Tpm2AcpiTableRev;
UINT64 PpiVersion;
UINT8 Tpm2AcpiTableRev;
} TCG2_VERSION;
typedef struct {
BOOLEAN Sha1Supported;
BOOLEAN Sha256Supported;
BOOLEAN Sha384Supported;
BOOLEAN Sha512Supported;
BOOLEAN Sm3Supported;
UINT8 TpmDeviceInterfaceAttempt;
BOOLEAN TpmDeviceInterfacePtpFifoSupported;
BOOLEAN TpmDeviceInterfacePtpCrbSupported;
BOOLEAN ChangeEPSSupported;
BOOLEAN Sha1Supported;
BOOLEAN Sha256Supported;
BOOLEAN Sha384Supported;
BOOLEAN Sha512Supported;
BOOLEAN Sm3Supported;
UINT8 TpmDeviceInterfaceAttempt;
BOOLEAN TpmDeviceInterfacePtpFifoSupported;
BOOLEAN TpmDeviceInterfacePtpCrbSupported;
BOOLEAN ChangeEPSSupported;
} TCG2_CONFIGURATION_INFO;
//
@@ -78,7 +78,7 @@ typedef struct {
// This variable is ReadOnly.
//
typedef struct {
UINT8 TpmDeviceDetected;
UINT8 TpmDeviceDetected;
} TCG2_DEVICE_DETECTION;
#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION"

31
SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c
View File

@@ -6,7 +6,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiPei.h>
#include <Guid/TpmInstance.h>
@@ -27,7 +26,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
TPM_INSTANCE_ID mTpmInstanceId[] = TPM_INSTANCE_ID_LIST;
CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi = {
CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi = {
(EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
&gEfiTpmDeviceSelectedGuid,
NULL
@@ -48,7 +47,7 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
**/
UINT8
DetectTpmDevice (
IN UINT8 SetupTpmDevice
IN UINT8 SetupTpmDevice
);
/**
@@ -67,18 +66,18 @@ Tcg2ConfigPeimEntryPoint (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
UINTN Size;
EFI_STATUS Status;
EFI_STATUS Status2;
EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
TCG2_CONFIGURATION Tcg2Configuration;
UINTN Index;
UINT8 TpmDevice;
UINTN Size;
EFI_STATUS Status;
EFI_STATUS Status2;
EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
TCG2_CONFIGURATION Tcg2Configuration;
UINTN Index;
UINT8 TpmDevice;
Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi);
Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **)&VariablePpi);
ASSERT_EFI_ERROR (Status);
Size = sizeof(Tcg2Configuration);
Size = sizeof (Tcg2Configuration);
Status = VariablePpi->GetVariable (
VariablePpi,
TCG2_STORAGE_NAME,
@@ -91,7 +90,7 @@ Tcg2ConfigPeimEntryPoint (
//
// Variable not ready, set default value
//
Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT;
Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT;
}
//
@@ -124,9 +123,9 @@ Tcg2ConfigPeimEntryPoint (
// NOTE: Tcg2Configuration variable contains the desired TpmDevice type,
// while PcdTpmInstanceGuid PCD contains the real detected TpmDevice type
//
for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) {
for (Index = 0; Index < sizeof (mTpmInstanceId)/sizeof (mTpmInstanceId[0]); Index++) {
if (TpmDevice == mTpmInstanceId[Index].TpmDevice) {
Size = sizeof(mTpmInstanceId[Index].TpmInstanceGuid);
Size = sizeof (mTpmInstanceId[Index].TpmInstanceGuid);
Status = PcdSetPtrS (PcdTpmInstanceGuid, &Size, &mTpmInstanceId[Index].TpmInstanceGuid);
ASSERT_EFI_ERROR (Status);
DEBUG ((DEBUG_INFO, "TpmDevice PCD: %g\n", &mTpmInstanceId[Index].TpmInstanceGuid));
@@ -145,7 +144,7 @@ Tcg2ConfigPeimEntryPoint (
// Because TcgPei or Tcg2Pei will not run, but we still need a way to notify other driver.
// Other driver can know TPM initialization state by TpmInitializedPpi.
//
if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid)) {
if (CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid)) {
Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList);
ASSERT_EFI_ERROR (Status2);
}

8
SecurityPkg/Tcg/Tcg2Config/Tcg2Internal.h
View File

@@ -9,8 +9,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#ifndef __TCG2_INTERNAL_H__
#define __TCG2_INTERNAL_H__
#define EFI_TCG2_EVENT_LOG_FORMAT_DEFAULT EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
#define EFI_TCG2_EVENT_LOG_FORMAT_DEFAULT EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2
#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
#define TPM_INSTANCE_ID_LIST { \
{TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \
@@ -19,8 +19,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
}
typedef struct {
GUID TpmInstanceGuid;
UINT8 TpmDevice;
GUID TpmInstanceGuid;
UINT8 TpmDevice;
} TPM_INSTANCE_ID;
#endif

23
SecurityPkg/Tcg/Tcg2Config/TpmDetection.c
View File

@@ -6,7 +6,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiPei.h>
#include <Ppi/ReadOnlyVariable2.h>
@@ -31,14 +30,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
UINT8
DetectTpmDevice (
IN UINT8 SetupTpmDevice
IN UINT8 SetupTpmDevice
)
{
EFI_STATUS Status;
EFI_BOOT_MODE BootMode;
TCG2_DEVICE_DETECTION Tcg2DeviceDetection;
EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
UINTN Size;
EFI_STATUS Status;
EFI_BOOT_MODE BootMode;
TCG2_DEVICE_DETECTION Tcg2DeviceDetection;
EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi;
UINTN Size;
Status = PeiServicesGetBootMode (&BootMode);
ASSERT_EFI_ERROR (Status);
@@ -49,11 +48,11 @@ DetectTpmDevice (
if (BootMode == BOOT_ON_S3_RESUME) {
DEBUG ((DEBUG_INFO, "DetectTpmDevice: S3 mode\n"));
Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi);
Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **)&VariablePpi);
ASSERT_EFI_ERROR (Status);
Size = sizeof(TCG2_DEVICE_DETECTION);
ZeroMem (&Tcg2DeviceDetection, sizeof(Tcg2DeviceDetection));
Size = sizeof (TCG2_DEVICE_DETECTION);
ZeroMem (&Tcg2DeviceDetection, sizeof (Tcg2DeviceDetection));
Status = VariablePpi->GetVariable (
VariablePpi,
TCG2_DEVICE_DETECTION_NAME,
@@ -64,7 +63,8 @@ DetectTpmDevice (
);
if (!EFI_ERROR (Status) &&
(Tcg2DeviceDetection.TpmDeviceDetected >= TPM_DEVICE_MIN) &&
(Tcg2DeviceDetection.TpmDeviceDetected <= TPM_DEVICE_MAX)) {
(Tcg2DeviceDetection.TpmDeviceDetected <= TPM_DEVICE_MAX))
{
DEBUG ((DEBUG_ERROR, "TpmDevice from DeviceDetection: %x\n", Tcg2DeviceDetection.TpmDeviceDetected));
return Tcg2DeviceDetection.TpmDeviceDetected;
}
@@ -89,6 +89,7 @@ DetectTpmDevice (
} else {
Status = Tpm12Startup (TPM_ST_CLEAR);
}
if (EFI_ERROR (Status)) {
return TPM_DEVICE_2_0_DTPM;
}

98
SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c
View File

@@ -43,15 +43,15 @@ UINTN mTcg2DxeImageSize = 0;
EFI_STATUS
EFIAPI
Tcg2DxeImageRead (
IN VOID *FileHandle,
IN UINTN FileOffset,
IN OUT UINTN *ReadSize,
OUT VOID *Buffer
IN VOID *FileHandle,
IN UINTN FileOffset,
IN OUT UINTN *ReadSize,
OUT VOID *Buffer
)
{
UINTN EndPosition;
UINTN EndPosition;
if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -68,7 +68,7 @@ Tcg2DxeImageRead (
*ReadSize = 0;
}
CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS;
}
@@ -94,10 +94,10 @@ Tcg2DxeImageRead (
**/
EFI_STATUS
MeasurePeImageAndExtend (
IN UINT32 PCRIndex,
IN EFI_PHYSICAL_ADDRESS ImageAddress,
IN UINTN ImageSize,
OUT TPML_DIGEST_VALUES *DigestList
IN UINT32 PCRIndex,
IN EFI_PHYSICAL_ADDRESS ImageAddress,
IN UINTN ImageSize,
OUT TPML_DIGEST_VALUES *DigestList
)
{
EFI_STATUS Status;
@@ -125,9 +125,9 @@ MeasurePeImageAndExtend (
// Check PE/COFF image
//
ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *) (UINTN) ImageAddress;
ImageContext.Handle = (VOID *)(UINTN)ImageAddress;
mTcg2DxeImageSize = ImageSize;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) Tcg2DxeImageRead;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)Tcg2DxeImageRead;
//
// Get information about the image being loaded
@@ -141,13 +141,13 @@ MeasurePeImageAndExtend (
goto Finish;
}
DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress;
DosHdr = (EFI_IMAGE_DOS_HEADER *)(UINTN)ImageAddress;
PeCoffHeaderOffset = 0;
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
PeCoffHeaderOffset = DosHdr->e_lfanew;
}
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset);
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset);
if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
Status = EFI_UNSUPPORTED;
goto Finish;
@@ -179,19 +179,19 @@ MeasurePeImageAndExtend (
// 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum.
//
HashBase = (UINT8 *) (UINTN) ImageAddress;
HashBase = (UINT8 *)(UINTN)ImageAddress;
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// Use PE32 offset
//
NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase;
HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset
//
NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase;
HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase;
}
Status = HashUpdate (HashHandle, HashBase, HashSize);
@@ -211,18 +211,18 @@ MeasurePeImageAndExtend (
//
// Use PE32 offset.
//
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else {
//
// Use PE32+ offset.
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
}
if (HashSize != 0) {
Status = HashUpdate (HashHandle, HashBase, HashSize);
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {
goto Finish;
}
@@ -235,18 +235,18 @@ MeasurePeImageAndExtend (
//
// Use PE32 offset
//
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
}
if (HashSize != 0) {
Status = HashUpdate (HashHandle, HashBase, HashSize);
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {
goto Finish;
}
@@ -260,18 +260,18 @@ MeasurePeImageAndExtend (
//
// Use PE32 offset
//
HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else {
//
// Use PE32+ offset
//
HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress);
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
}
if (HashSize != 0) {
Status = HashUpdate (HashHandle, HashBase, HashSize);
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {
goto Finish;
}
@@ -299,7 +299,7 @@ MeasurePeImageAndExtend (
// header indicates how big the table should be. Do not include any
// IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
//
SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);
SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections);
if (SectionHeader == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Finish;
@@ -311,20 +311,21 @@ MeasurePeImageAndExtend (
// words, sort the section headers according to the disk-file offset of
// the section.
//
Section = (EFI_IMAGE_SECTION_HEADER *) (
(UINT8 *) (UINTN) ImageAddress +
PeCoffHeaderOffset +
sizeof(UINT32) +
sizeof(EFI_IMAGE_FILE_HEADER) +
Hdr.Pe32->FileHeader.SizeOfOptionalHeader
);
Section = (EFI_IMAGE_SECTION_HEADER *)(
(UINT8 *)(UINTN)ImageAddress +
PeCoffHeaderOffset +
sizeof (UINT32) +
sizeof (EFI_IMAGE_FILE_HEADER) +
Hdr.Pe32->FileHeader.SizeOfOptionalHeader
);
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
Pos = Index;
while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER));
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--;
}
CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER));
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1;
}
@@ -336,12 +337,13 @@ MeasurePeImageAndExtend (
// 15. Repeat steps 13 and 14 for all the sections in the sorted table.
//
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) {
Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index];
Section = (EFI_IMAGE_SECTION_HEADER *)&SectionHeader[Index];
if (Section->SizeOfRawData == 0) {
continue;
}
HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData;
HashSize = (UINTN) Section->SizeOfRawData;
HashBase = (UINT8 *)(UINTN)ImageAddress + Section->PointerToRawData;
HashSize = (UINTN)Section->SizeOfRawData;
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {
@@ -358,7 +360,7 @@ MeasurePeImageAndExtend (
// FileSize - (CertDirectory->Size)
//
if (ImageSize > SumOfBytesHashed) {
HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed;
HashBase = (UINT8 *)(UINTN)ImageAddress + SumOfBytesHashed;
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
CertSize = 0;
@@ -377,7 +379,7 @@ MeasurePeImageAndExtend (
}
if (ImageSize > CertSize + SumOfBytesHashed) {
HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed);
HashSize = (UINTN)(ImageSize - CertSize - SumOfBytesHashed);
Status = HashUpdate (HashHandle, HashBase, HashSize);
if (EFI_ERROR (Status)) {

1270
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
View File

File diff suppressed because it is too large Load Diff

445
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
View File

@@ -44,17 +44,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define PERF_ID_TCG2_PEI 0x3080
typedef struct {
EFI_GUID *EventGuid;
EFI_TCG2_EVENT_LOG_FORMAT LogFormat;
EFI_GUID *EventGuid;
EFI_TCG2_EVENT_LOG_FORMAT LogFormat;
} TCG2_EVENT_INFO_STRUCT;
TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = {
{&gTcgEventEntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2},
{&gTcgEvent2EntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2},
TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = {
{ &gTcgEventEntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 },
{ &gTcgEvent2EntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 },
};
BOOLEAN mImageInMemory = FALSE;
EFI_PEI_FILE_HANDLE mFileHandle;
BOOLEAN mImageInMemory = FALSE;
EFI_PEI_FILE_HANDLE mFileHandle;
EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = {
EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
@@ -92,15 +92,15 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
EFI_STATUS
EFIAPI
HashLogExtendEvent (
IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
);
EDKII_TCG_PPI mEdkiiTcgPpi = {
EDKII_TCG_PPI mEdkiiTcgPpi = {
HashLogExtendEvent
};
@@ -113,24 +113,24 @@ EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = {
//
// Number of firmware blobs to grow by each time we run out of room
//
#define FIRMWARE_BLOB_GROWTH_STEP 4
#define FIRMWARE_BLOB_GROWTH_STEP 4
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;
UINT32 mMeasuredMaxBaseFvIndex = 0;
UINT32 mMeasuredBaseFvIndex = 0;
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;
UINT32 mMeasuredMaxBaseFvIndex = 0;
UINT32 mMeasuredBaseFvIndex = 0;
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;
UINT32 mMeasuredMaxChildFvIndex = 0;
UINT32 mMeasuredChildFvIndex = 0;
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;
UINT32 mMeasuredMaxChildFvIndex = 0;
UINT32 mMeasuredChildFvIndex = 0;
#pragma pack (1)
#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)"
typedef struct {
UINT8 BlobDescriptionSize;
UINT8 BlobDescription[sizeof(FV_HANDOFF_TABLE_DESC)];
EFI_PHYSICAL_ADDRESS BlobBase;
UINT64 BlobLength;
UINT8 BlobDescriptionSize;
UINT8 BlobDescription[sizeof (FV_HANDOFF_TABLE_DESC)];
EFI_PHYSICAL_ADDRESS BlobBase;
UINT64 BlobLength;
} FV_HANDOFF_TABLE_POINTERS2;
#pragma pack ()
@@ -149,9 +149,9 @@ typedef struct {
EFI_STATUS
EFIAPI
FirmwareVolumeInfoPpiNotifyCallback (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
);
/**
@@ -168,12 +168,12 @@ FirmwareVolumeInfoPpiNotifyCallback (
EFI_STATUS
EFIAPI
EndofPeiSignalNotifyCallBack (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
);
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
{
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,
&gEfiPeiFirmwareVolumeInfoPpiGuid,
@@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
}
};
/**
Record all measured Firmware Volume Information into a Guid Hob
Guid Hob payload layout is
@@ -210,12 +209,12 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
EFI_STATUS
EFIAPI
EndofPeiSignalNotifyCallBack (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
)
{
MEASURED_HOB_DATA *MeasuredHobData;
MEASURED_HOB_DATA *MeasuredHobData;
MeasuredHobData = NULL;
@@ -224,12 +223,12 @@ EndofPeiSignalNotifyCallBack (
//
// Create a Guid hob to save all measured Fv
//
MeasuredHobData = BuildGuidHob(
MeasuredHobData = BuildGuidHob (
&gMeasuredFvHobGuid,
sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex)
sizeof (UINTN) + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex)
);
if (MeasuredHobData != NULL){
if (MeasuredHobData != NULL) {
//
// Save measured FV info enty number
//
@@ -238,12 +237,12 @@ EndofPeiSignalNotifyCallBack (
//
// Save measured base Fv info
//
CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex));
CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex));
//
// Save measured child Fv info
//
CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));
CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex], mMeasuredChildFvInfo, sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));
}
PERF_CALLBACK_END (&gEfiEndOfPeiSignalPpiGuid);
@@ -260,12 +259,12 @@ SyncPcrAllocationsAndPcrMask (
VOID
)
{
EFI_STATUS Status;
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 TpmActivePcrBanks;
UINT32 NewTpmActivePcrBanks;
UINT32 Tpm2PcrMask;
UINT32 NewTpm2PcrMask;
EFI_STATUS Status;
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 TpmActivePcrBanks;
UINT32 NewTpmActivePcrBanks;
UINT32 Tpm2PcrMask;
UINT32 NewTpm2PcrMask;
DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
@@ -310,10 +309,11 @@ SyncPcrAllocationsAndPcrMask (
DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__));
ASSERT_EFI_ERROR (Status);
}
//
// Need reset system, since we just called Tpm2PcrAllocateBanks().
//
ResetCold();
ResetCold ();
}
}
@@ -347,66 +347,67 @@ SyncPcrAllocationsAndPcrMask (
**/
EFI_STATUS
LogHashEvent (
IN TPML_DIGEST_VALUES *DigestList,
IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
IN TPML_DIGEST_VALUES *DigestList,
IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
)
{
VOID *HobData;
EFI_STATUS Status;
UINTN Index;
EFI_STATUS RetStatus;
UINT32 SupportedEventLogs;
TCG_PCR_EVENT2 *TcgPcrEvent2;
UINT8 *DigestBuffer;
VOID *HobData;
EFI_STATUS Status;
UINTN Index;
EFI_STATUS RetStatus;
UINT32 SupportedEventLogs;
TCG_PCR_EVENT2 *TcgPcrEvent2;
UINT8 *DigestBuffer;
SupportedEventLogs = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
RetStatus = EFI_SUCCESS;
for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {
for (Index = 0; Index < sizeof (mTcg2EventInfo)/sizeof (mTcg2EventInfo[0]); Index++) {
if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
switch (mTcg2EventInfo[Index].LogFormat) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
HobData = BuildGuidHob (
&gTcgEventEntryHobGuid,
sizeof (*NewEventHdr) + NewEventHdr->EventSize
);
if (HobData == NULL) {
RetStatus = EFI_OUT_OF_RESOURCES;
break;
}
CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));
HobData = (VOID *)((UINT8 *)HobData + sizeof (*NewEventHdr));
CopyMem (HobData, NewEventData, NewEventHdr->EventSize);
}
break;
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2:
//
// Use GetDigestListSize (DigestList) in the GUID HOB DataLength calculation
// to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary.
//
HobData = BuildGuidHob (
&gTcgEventEntryHobGuid,
sizeof (*NewEventHdr) + NewEventHdr->EventSize
);
&gTcgEvent2EntryHobGuid,
sizeof (TcgPcrEvent2->PCRIndex) + sizeof (TcgPcrEvent2->EventType) + GetDigestListSize (DigestList) + sizeof (TcgPcrEvent2->EventSize) + NewEventHdr->EventSize
);
if (HobData == NULL) {
RetStatus = EFI_OUT_OF_RESOURCES;
break;
}
CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));
HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr));
CopyMem (HobData, NewEventData, NewEventHdr->EventSize);
}
break;
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2:
//
// Use GetDigestListSize (DigestList) in the GUID HOB DataLength calculation
// to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary.
//
HobData = BuildGuidHob (
&gTcgEvent2EntryHobGuid,
sizeof(TcgPcrEvent2->PCRIndex) + sizeof(TcgPcrEvent2->EventType) + GetDigestListSize (DigestList) + sizeof(TcgPcrEvent2->EventSize) + NewEventHdr->EventSize
);
if (HobData == NULL) {
RetStatus = EFI_OUT_OF_RESOURCES;
TcgPcrEvent2 = HobData;
TcgPcrEvent2->PCRIndex = NewEventHdr->PCRIndex;
TcgPcrEvent2->EventType = NewEventHdr->EventType;
DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest;
DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, PcdGet32 (PcdTpm2HashMask));
CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof (TcgPcrEvent2->EventSize));
DigestBuffer = DigestBuffer + sizeof (TcgPcrEvent2->EventSize);
CopyMem (DigestBuffer, NewEventData, NewEventHdr->EventSize);
break;
}
TcgPcrEvent2 = HobData;
TcgPcrEvent2->PCRIndex = NewEventHdr->PCRIndex;
TcgPcrEvent2->EventType = NewEventHdr->EventType;
DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest;
DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, PcdGet32 (PcdTpm2HashMask));
CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(TcgPcrEvent2->EventSize));
DigestBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize);
CopyMem (DigestBuffer, NewEventData, NewEventHdr->EventSize);
break;
}
}
}
@@ -438,30 +439,30 @@ LogHashEvent (
EFI_STATUS
EFIAPI
HashLogExtendEvent (
IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
)
{
EFI_STATUS Status;
TPML_DIGEST_VALUES DigestList;
EFI_STATUS Status;
TPML_DIGEST_VALUES DigestList;
if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
return EFI_DEVICE_ERROR;
}
if ((Flags & EDKII_TCG_PRE_HASH) != 0 || (Flags & EDKII_TCG_PRE_HASH_LOG_ONLY) != 0) {
ZeroMem (&DigestList, sizeof(DigestList));
CopyMem (&DigestList, HashData, sizeof(DigestList));
if (((Flags & EDKII_TCG_PRE_HASH) != 0) || ((Flags & EDKII_TCG_PRE_HASH_LOG_ONLY) != 0)) {
ZeroMem (&DigestList, sizeof (DigestList));
CopyMem (&DigestList, HashData, sizeof (DigestList));
Status = EFI_SUCCESS;
if ((Flags & EDKII_TCG_PRE_HASH) !=0 ) {
if ((Flags & EDKII_TCG_PRE_HASH) != 0 ) {
Status = Tpm2PcrExtend (
NewEventHdr->PCRIndex,
&DigestList
);
NewEventHdr->PCRIndex,
&DigestList
);
}
} else {
Status = HashAndExtend (
@@ -471,13 +472,14 @@ HashLogExtendEvent (
&DigestList
);
}
if (!EFI_ERROR (Status)) {
Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData);
}
if (Status == EFI_DEVICE_ERROR) {
DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
BuildGuidHob (&gTpmErrorHobGuid,0);
BuildGuidHob (&gTpmErrorHobGuid, 0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
(PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
@@ -500,7 +502,7 @@ MeasureCRTMVersion (
VOID
)
{
TCG_PCR_EVENT_HDR TcgEventHdr;
TCG_PCR_EVENT_HDR TcgEventHdr;
//
// Use FirmwareVersion string to represent CRTM version.
@@ -509,15 +511,15 @@ MeasureCRTMVersion (
TcgEventHdr.PCRIndex = 0;
TcgEventHdr.EventType = EV_S_CRTM_VERSION;
TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
TcgEventHdr.EventSize = (UINT32)StrSize ((CHAR16 *)PcdGetPtr (PcdFirmwareVersionString));
return HashLogExtendEvent (
&mEdkiiTcgPpi,
0,
(UINT8*)PcdGetPtr (PcdFirmwareVersionString),
(UINT8 *)PcdGetPtr (PcdFirmwareVersionString),
TcgEventHdr.EventSize,
&TcgEventHdr,
(UINT8*)PcdGetPtr (PcdFirmwareVersionString)
(UINT8 *)PcdGetPtr (PcdFirmwareVersionString)
);
}
@@ -534,8 +536,8 @@ MeasureCRTMVersion (
**/
VOID *
GetFvName (
IN EFI_PHYSICAL_ADDRESS FvBase,
IN UINT64 FvLength
IN EFI_PHYSICAL_ADDRESS FvBase,
IN UINT64 FvLength
)
{
EFI_FIRMWARE_VOLUME_HEADER *FvHeader;
@@ -544,20 +546,24 @@ GetFvName (
if (FvBase >= MAX_ADDRESS) {
return NULL;
}
if (FvLength >= MAX_ADDRESS - FvBase) {
return NULL;
}
if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
if (FvLength < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL;
}
FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase;
if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) {
if (FvHeader->ExtHeaderOffset < sizeof (EFI_FIRMWARE_VOLUME_HEADER)) {
return NULL;
}
if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
if (FvHeader->ExtHeaderOffset + sizeof (EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) {
return NULL;
}
FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset);
return &FvExtHeader->FvName;
@@ -578,45 +584,46 @@ GetFvName (
**/
EFI_STATUS
MeasureFvImage (
IN EFI_PHYSICAL_ADDRESS FvBase,
IN UINT64 FvLength
IN EFI_PHYSICAL_ADDRESS FvBase,
IN UINT64 FvLength
)
{
UINT32 Index;
EFI_STATUS Status;
EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
FV_HANDOFF_TABLE_POINTERS2 FvBlob2;
VOID *EventData;
VOID *FvName;
TCG_PCR_EVENT_HDR TcgEventHdr;
UINT32 Instance;
UINT32 Tpm2HashMask;
TPML_DIGEST_VALUES DigestList;
UINT32 DigestCount;
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi;
EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PrehashedFvPpi;
HASH_INFO *PreHashInfo;
UINT32 HashAlgoMask;
EFI_PHYSICAL_ADDRESS FvOrgBase;
EFI_PHYSICAL_ADDRESS FvDataBase;
EFI_PEI_HOB_POINTERS Hob;
EDKII_MIGRATED_FV_INFO *MigratedFvInfo;
UINT32 Index;
EFI_STATUS Status;
EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
FV_HANDOFF_TABLE_POINTERS2 FvBlob2;
VOID *EventData;
VOID *FvName;
TCG_PCR_EVENT_HDR TcgEventHdr;
UINT32 Instance;
UINT32 Tpm2HashMask;
TPML_DIGEST_VALUES DigestList;
UINT32 DigestCount;
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi;
EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PrehashedFvPpi;
HASH_INFO *PreHashInfo;
UINT32 HashAlgoMask;
EFI_PHYSICAL_ADDRESS FvOrgBase;
EFI_PHYSICAL_ADDRESS FvDataBase;
EFI_PEI_HOB_POINTERS Hob;
EDKII_MIGRATED_FV_INFO *MigratedFvInfo;
//
// Check Excluded FV list
//
Instance = 0;
do {
Status = PeiServicesLocatePpi(
&gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,
Instance,
NULL,
(VOID**)&MeasurementExcludedFvPpi
);
if (!EFI_ERROR(Status)) {
for (Index = 0; Index < MeasurementExcludedFvPpi->Count; Index ++) {
if (MeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase
&& MeasurementExcludedFvPpi->Fv[Index].FvLength == FvLength) {
Status = PeiServicesLocatePpi (
&gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,
Instance,
NULL,
(VOID **)&MeasurementExcludedFvPpi
);
if (!EFI_ERROR (Status)) {
for (Index = 0; Index < MeasurementExcludedFvPpi->Count; Index++) {
if ( (MeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase)
&& (MeasurementExcludedFvPpi->Fv[Index].FvLength == FvLength))
{
DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei starts at: 0x%x\n", FvBase));
DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei has the size: 0x%x\n", FvLength));
return EFI_SUCCESS;
@@ -625,13 +632,13 @@ MeasureFvImage (
Instance++;
}
} while (!EFI_ERROR(Status));
} while (!EFI_ERROR (Status));
//
// Check measured FV list
//
for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) {
if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase && mMeasuredBaseFvInfo[Index].BlobLength == FvLength) {
for (Index = 0; Index < mMeasuredBaseFvIndex; Index++) {
if ((mMeasuredBaseFvInfo[Index].BlobBase == FvBase) && (mMeasuredBaseFvInfo[Index].BlobLength == FvLength)) {
DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei starts at: 0x%x\n", FvBase));
DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei has the size: 0x%x\n", FvLength));
return EFI_SUCCESS;
@@ -648,23 +655,23 @@ MeasureFvImage (
&gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid,
Instance,
NULL,
(VOID**)&PrehashedFvPpi
(VOID **)&PrehashedFvPpi
);
if (!EFI_ERROR(Status) && PrehashedFvPpi->FvBase == FvBase && PrehashedFvPpi->FvLength == FvLength) {
ZeroMem (&DigestList, sizeof(TPML_DIGEST_VALUES));
if (!EFI_ERROR (Status) && (PrehashedFvPpi->FvBase == FvBase) && (PrehashedFvPpi->FvLength == FvLength)) {
ZeroMem (&DigestList, sizeof (TPML_DIGEST_VALUES));
//
// The FV is prehashed, check against TPM hash mask
//
PreHashInfo = (HASH_INFO *)(PrehashedFvPpi + 1);
for (Index = 0, DigestCount = 0; Index < PrehashedFvPpi->Count; Index++) {
DEBUG((DEBUG_INFO, "Hash Algo ID in PrehashedFvPpi=0x%x\n", PreHashInfo->HashAlgoId));
HashAlgoMask = GetHashMaskFromAlgo(PreHashInfo->HashAlgoId);
DEBUG ((DEBUG_INFO, "Hash Algo ID in PrehashedFvPpi=0x%x\n", PreHashInfo->HashAlgoId));
HashAlgoMask = GetHashMaskFromAlgo (PreHashInfo->HashAlgoId);
if ((Tpm2HashMask & HashAlgoMask) != 0 ) {
//
// Hash is required, copy it to DigestList
//
WriteUnaligned16(&(DigestList.digests[DigestCount].hashAlg), PreHashInfo->HashAlgoId);
WriteUnaligned16 (&(DigestList.digests[DigestCount].hashAlg), PreHashInfo->HashAlgoId);
CopyMem (
&DigestList.digests[DigestCount].digest,
PreHashInfo + 1,
@@ -676,32 +683,35 @@ MeasureFvImage (
//
Tpm2HashMask &= ~HashAlgoMask;
}
PreHashInfo = (HASH_INFO *)((UINT8 *)(PreHashInfo + 1) + PreHashInfo->HashSize);
}
WriteUnaligned32(&DigestList.count, DigestCount);
WriteUnaligned32 (&DigestList.count, DigestCount);
break;
}
Instance++;
} while (!EFI_ERROR(Status));
} while (!EFI_ERROR (Status));
//
// Search the matched migration FV info
//
FvOrgBase = FvBase;
FvDataBase = FvBase;
Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid);
Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid);
while (Hob.Raw != NULL) {
MigratedFvInfo = GET_GUID_HOB_DATA (Hob);
if ((MigratedFvInfo->FvNewBase == (UINT32) FvBase) && (MigratedFvInfo->FvLength == (UINT32) FvLength)) {
if ((MigratedFvInfo->FvNewBase == (UINT32)FvBase) && (MigratedFvInfo->FvLength == (UINT32)FvLength)) {
//
// Found the migrated FV info
//
FvOrgBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvOrgBase;
FvDataBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvDataBase;
FvOrgBase = (EFI_PHYSICAL_ADDRESS)(UINTN)MigratedFvInfo->FvOrgBase;
FvDataBase = (EFI_PHYSICAL_ADDRESS)(UINTN)MigratedFvInfo->FvDataBase;
break;
}
Hob.Raw = GET_NEXT_HOB (Hob);
Hob.Raw = GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw);
}
@@ -709,13 +719,14 @@ MeasureFvImage (
//
// Init the log event for FV measurement
//
if (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105) {
FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription);
CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof(FvBlob2.BlobDescription));
if (PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105) {
FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof (FvBlob2.BlobDescription));
FvName = GetFvName (FvBase, FvLength);
if (FvName != NULL) {
AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName);
AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
}
FvBlob2.BlobBase = FvOrgBase;
FvBlob2.BlobLength = FvLength;
TcgEventHdr.PCRIndex = 0;
@@ -739,8 +750,8 @@ MeasureFvImage (
Status = HashLogExtendEvent (
&mEdkiiTcgPpi,
EDKII_TCG_PRE_HASH,
(UINT8*) &DigestList, // HashData
(UINTN) sizeof(DigestList), // HashDataLen
(UINT8 *)&DigestList, // HashData
(UINTN)sizeof (DigestList), // HashDataLen
&TcgEventHdr, // EventHdr
EventData // EventData
);
@@ -753,16 +764,16 @@ MeasureFvImage (
Status = HashLogExtendEvent (
&mEdkiiTcgPpi,
0,
(UINT8*) (UINTN) FvDataBase, // HashData
(UINTN) FvLength, // HashDataLen
&TcgEventHdr, // EventHdr
EventData // EventData
(UINT8 *)(UINTN)FvDataBase, // HashData
(UINTN)FvLength, // HashDataLen
&TcgEventHdr, // EventHdr
EventData // EventData
);
DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x%x\n", FvBase));
DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size: 0x%x\n", FvLength));
}
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x%x\n", FvBase));
return Status;
}
@@ -800,10 +811,10 @@ MeasureMainBios (
VOID
)
{
EFI_STATUS Status;
EFI_PEI_FV_HANDLE VolumeHandle;
EFI_FV_INFO VolumeInfo;
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;
EFI_STATUS Status;
EFI_PEI_FV_HANDLE VolumeHandle;
EFI_FV_INFO VolumeInfo;
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;
PERF_START_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI);
@@ -830,11 +841,11 @@ MeasureMainBios (
&VolumeInfo.FvFormat,
0,
NULL,
(VOID**)&FvPpi
(VOID **)&FvPpi
);
ASSERT_EFI_ERROR (Status);
Status = MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize);
Status = MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)VolumeInfo.FvStart, VolumeInfo.FvSize);
PERF_END_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI + 1);
@@ -855,9 +866,9 @@ MeasureMainBios (
EFI_STATUS
EFIAPI
FirmwareVolumeInfoPpiNotifyCallback (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
)
{
EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv;
@@ -865,7 +876,7 @@ FirmwareVolumeInfoPpiNotifyCallback (
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;
UINTN Index;
Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi;
Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi;
//
// The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi.
@@ -874,7 +885,7 @@ FirmwareVolumeInfoPpiNotifyCallback (
&Fv->FvFormat,
0,
NULL,
(VOID**)&FvPpi
(VOID **)&FvPpi
);
if (EFI_ERROR (Status)) {
return EFI_SUCCESS;
@@ -884,8 +895,7 @@ FirmwareVolumeInfoPpiNotifyCallback (
// This is an FV from an FFS file, and the parent FV must have already been measured,
// No need to measure twice, so just record the FV and return
//
if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {
if ((Fv->ParentFvName != NULL) || (Fv->ParentFileName != NULL)) {
if (mMeasuredChildFvIndex >= mMeasuredMaxChildFvIndex) {
mMeasuredChildFvInfo = ReallocatePool (
sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasuredMaxChildFvIndex,
@@ -895,21 +905,23 @@ FirmwareVolumeInfoPpiNotifyCallback (
ASSERT (mMeasuredChildFvInfo != NULL);
mMeasuredMaxChildFvIndex = mMeasuredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP;
}
//
// Check whether FV is in the measured child FV list.
//
for (Index = 0; Index < mMeasuredChildFvIndex; Index++) {
if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) {
if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo) {
return EFI_SUCCESS;
}
}
mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo;
mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo;
mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize;
mMeasuredChildFvIndex++;
return EFI_SUCCESS;
}
return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize);
return MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo, Fv->FvInfoSize);
}
/**
@@ -924,10 +936,10 @@ FirmwareVolumeInfoPpiNotifyCallback (
**/
EFI_STATUS
PeimEntryMP (
IN EFI_PEI_SERVICES **PeiServices
IN EFI_PEI_SERVICES **PeiServices
)
{
EFI_STATUS Status;
EFI_STATUS Status;
//
// install Tcg Services
@@ -940,7 +952,7 @@ PeimEntryMP (
}
Status = MeasureMainBios ();
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
return Status;
}
@@ -966,20 +978,20 @@ PeimEntryMP (
**/
EFI_STATUS
MeasureSeparatorEventWithError (
IN TPM_PCRINDEX PCRIndex
IN TPM_PCRINDEX PCRIndex
)
{
TCG_PCR_EVENT_HDR TcgEvent;
UINT32 EventData;
TCG_PCR_EVENT_HDR TcgEvent;
UINT32 EventData;
//
// Use EventData 0x1 to indicate there is error.
//
EventData = 0x1;
EventData = 0x1;
TcgEvent.PCRIndex = PCRIndex;
TcgEvent.EventType = EV_SEPARATOR;
TcgEvent.EventSize = (UINT32)sizeof (EventData);
return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData);
return HashLogExtendEvent (&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent, (UINT8 *)&EventData);
}
/**
@@ -994,18 +1006,19 @@ MeasureSeparatorEventWithError (
EFI_STATUS
EFIAPI
PeimEntryMA (
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
EFI_STATUS Status;
EFI_STATUS Status2;
EFI_BOOT_MODE BootMode;
TPM_PCRINDEX PcrIndex;
BOOLEAN S3ErrorReport;
EFI_STATUS Status;
EFI_STATUS Status2;
EFI_BOOT_MODE BootMode;
TPM_PCRINDEX PcrIndex;
BOOLEAN S3ErrorReport;
if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||
CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
if (CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) ||
CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid))
{
DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n"));
return EFI_UNSUPPORTED;
}
@@ -1022,10 +1035,10 @@ PeimEntryMA (
// In S3 path, skip shadow logic. no measurement is required
//
if (BootMode != BOOT_ON_S3_RESUME) {
Status = (**PeiServices).RegisterForShadow(FileHandle);
Status = (**PeiServices).RegisterForShadow (FileHandle);
if (Status == EFI_ALREADY_STARTED) {
mImageInMemory = TRUE;
mFileHandle = FileHandle;
mFileHandle = FileHandle;
} else if (Status == EFI_NOT_FOUND) {
ASSERT_EFI_ERROR (Status);
}
@@ -1045,16 +1058,17 @@ PeimEntryMA (
if (PcdGet8 (PcdTpm2InitializationPolicy) == 1) {
if (BootMode == BOOT_ON_S3_RESUME) {
Status = Tpm2Startup (TPM_SU_STATE);
if (EFI_ERROR (Status) ) {
if (EFI_ERROR (Status)) {
Status = Tpm2Startup (TPM_SU_CLEAR);
if (!EFI_ERROR(Status)) {
if (!EFI_ERROR (Status)) {
S3ErrorReport = TRUE;
}
}
} else {
Status = Tpm2Startup (TPM_SU_CLEAR);
}
if (EFI_ERROR (Status) ) {
if (EFI_ERROR (Status)) {
goto Done;
}
}
@@ -1100,19 +1114,20 @@ PeimEntryMA (
}
if (mImageInMemory) {
Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);
Status = PeimEntryMP ((EFI_PEI_SERVICES **)PeiServices);
return Status;
}
Done:
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
BuildGuidHob (&gTpmErrorHobGuid,0);
BuildGuidHob (&gTpmErrorHobGuid, 0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
(PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
);
}
//
// Always install TpmInitializationDonePpi no matter success or fail.
// Other driver can know TPM initialization state by TpmInitializedPpi.

10
SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
View File

@@ -30,8 +30,8 @@ SmmReadyToLockEventCallBack (
IN VOID *Context
)
{
EFI_STATUS Status;
VOID *Interface;
EFI_STATUS Status;
VOID *Interface;
//
// Try to locate it because EfiCreateProtocolNotifyEvent will trigger it once when registration.
@@ -43,7 +43,7 @@ SmmReadyToLockEventCallBack (
&Interface
);
if (EFI_ERROR (Status)) {
return ;
return;
}
ConfigureTpmPlatformHierarchy ();
@@ -64,8 +64,8 @@ SmmReadyToLockEventCallBack (
EFI_STATUS
EFIAPI
Tcg2PlatformDxeEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
VOID *Registration;

14
SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
View File

@@ -20,7 +20,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Ppi/EndOfPeiPhase.h>
#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
/**
This function handles PlatformInit task at the end of PEI
@@ -41,14 +41,14 @@ PlatformInitEndOfPei (
IN VOID *Ppi
)
{
VOID *TcgEventLog;
VOID *TcgEventLog;
//
// Try to get TcgEventLog in S3 to see if S3 error is reported.
//
TcgEventLog = GetFirstGuidHob(&gTcgEventEntryHobGuid);
TcgEventLog = GetFirstGuidHob (&gTcgEventEntryHobGuid);
if (TcgEventLog == NULL) {
TcgEventLog = GetFirstGuidHob(&gTcgEvent2EntryHobGuid);
TcgEventLog = GetFirstGuidHob (&gTcgEvent2EntryHobGuid);
}
if (TcgEventLog == NULL) {
@@ -89,11 +89,11 @@ Tcg2PlatformPeiEntryPoint (
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
EFI_STATUS Status;
EFI_BOOT_MODE BootMode;
EFI_STATUS Status;
EFI_BOOT_MODE BootMode;
Status = PeiServicesGetBootMode (&BootMode);
ASSERT_EFI_ERROR(Status);
ASSERT_EFI_ERROR (Status);
if (BootMode != BOOT_ON_S3_RESUME) {
return EFI_SUCCESS;

8
SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c
View File

@@ -29,12 +29,12 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
Tcg2MmDependencyDxeEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
EFI_HANDLE Handle;
EFI_STATUS Status;
EFI_HANDLE Handle;
Handle = NULL;
Status = gBS->InstallProtocolInterface (

152
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
View File

@@ -18,10 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "Tcg2Smm.h"
EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable = NULL;
TCG_NVS *mTcgNvs = NULL;
UINTN mPpSoftwareSmi;
UINTN mMcSoftwareSmi;
EFI_HANDLE mReadyToLockHandle;
TCG_NVS *mTcgNvs = NULL;
UINTN mPpSoftwareSmi;
UINTN mMcSoftwareSmi;
EFI_HANDLE mReadyToLockHandle;
/**
Communication service SMI Handler entry.
@@ -47,32 +47,33 @@ EFI_HANDLE mReadyToLockHandle;
EFI_STATUS
EFIAPI
TpmNvsCommunciate (
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *RegisterContext,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *RegisterContext,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
)
{
EFI_STATUS Status;
UINTN TempCommBufferSize;
TPM_NVS_MM_COMM_BUFFER *CommParams;
EFI_STATUS Status;
UINTN TempCommBufferSize;
TPM_NVS_MM_COMM_BUFFER *CommParams;
DEBUG ((DEBUG_VERBOSE, "%a()\n", __FUNCTION__));
//
// If input is invalid, stop processing this SMI
//
if (CommBuffer == NULL || CommBufferSize == NULL) {
if ((CommBuffer == NULL) || (CommBufferSize == NULL)) {
return EFI_SUCCESS;
}
TempCommBufferSize = *CommBufferSize;
if(TempCommBufferSize != sizeof (TPM_NVS_MM_COMM_BUFFER)) {
if (TempCommBufferSize != sizeof (TPM_NVS_MM_COMM_BUFFER)) {
DEBUG ((DEBUG_ERROR, "[%a] MM Communication buffer size is invalid for this handler!\n", __FUNCTION__));
return EFI_ACCESS_DENIED;
}
if (!IsBufferOutsideMmValid ((UINTN) CommBuffer, TempCommBufferSize)) {
if (!IsBufferOutsideMmValid ((UINTN)CommBuffer, TempCommBufferSize)) {
DEBUG ((DEBUG_ERROR, "[%a] - MM Communication buffer in invalid location!\n", __FUNCTION__));
return EFI_ACCESS_DENIED;
}
@@ -80,14 +81,14 @@ TpmNvsCommunciate (
//
// Farm out the job to individual functions based on what was requested.
//
CommParams = (TPM_NVS_MM_COMM_BUFFER*) CommBuffer;
Status = EFI_SUCCESS;
CommParams = (TPM_NVS_MM_COMM_BUFFER *)CommBuffer;
Status = EFI_SUCCESS;
switch (CommParams->Function) {
case TpmNvsMmExchangeInfo:
DEBUG ((DEBUG_VERBOSE, "[%a] - Function requested: MM_EXCHANGE_NVS_INFO\n", __FUNCTION__));
CommParams->RegisteredPpSwiValue = mPpSoftwareSmi;
CommParams->RegisteredMcSwiValue = mMcSoftwareSmi;
mTcgNvs = (TCG_NVS*) (UINTN) CommParams->TargetAddress;
mTcgNvs = (TCG_NVS *)(UINTN)CommParams->TargetAddress;
break;
default:
@@ -96,7 +97,7 @@ TpmNvsCommunciate (
break;
}
CommParams->ReturnStatus = (UINT64) Status;
CommParams->ReturnStatus = (UINT64)Status;
return EFI_SUCCESS;
}
@@ -120,17 +121,16 @@ TpmNvsCommunciate (
EFI_STATUS
EFIAPI
PhysicalPresenceCallback (
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
)
{
UINT32 MostRecentRequest;
UINT32 Response;
UINT32 OperationRequest;
UINT32 RequestParameter;
UINT32 MostRecentRequest;
UINT32 Response;
UINT32 OperationRequest;
UINT32 RequestParameter;
if (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) {
mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (
@@ -138,18 +138,18 @@ PhysicalPresenceCallback (
&Response
);
mTcgNvs->PhysicalPresence.LastRequest = MostRecentRequest;
mTcgNvs->PhysicalPresence.Response = Response;
mTcgNvs->PhysicalPresence.Response = Response;
return EFI_SUCCESS;
} else if ((mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS)
|| (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) {
OperationRequest = mTcgNvs->PhysicalPresence.Request;
RequestParameter = mTcgNvs->PhysicalPresence.RequestParameter;
} else if ( (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS)
|| (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2))
{
OperationRequest = mTcgNvs->PhysicalPresence.Request;
RequestParameter = mTcgNvs->PhysicalPresence.RequestParameter;
mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx (
&OperationRequest,
&RequestParameter
);
mTcgNvs->PhysicalPresence.Request = OperationRequest;
mTcgNvs->PhysicalPresence.Request = OperationRequest;
mTcgNvs->PhysicalPresence.RequestParameter = RequestParameter;
} else if (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST) {
mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (mTcgNvs->PPRequestUserConfirm);
@@ -158,7 +158,6 @@ PhysicalPresenceCallback (
return EFI_SUCCESS;
}
/**
Software SMI callback for MemoryClear which is called from ACPI method.
@@ -179,28 +178,28 @@ PhysicalPresenceCallback (
EFI_STATUS
EFIAPI
MemoryClearCallback (
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
)
{
EFI_STATUS Status;
UINTN DataSize;
UINT8 MorControl;
EFI_STATUS Status;
UINTN DataSize;
UINT8 MorControl;
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_SUCCESS;
if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE) {
MorControl = (UINT8) mTcgNvs->MemoryClear.Request;
MorControl = (UINT8)mTcgNvs->MemoryClear.Request;
} else if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_PTS_CLEAR_MOR_BIT) {
DataSize = sizeof (UINT8);
Status = mSmmVariable->SmmGetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
NULL,
&DataSize,
&MorControl
);
Status = mSmmVariable->SmmGetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
NULL,
&DataSize,
&MorControl
);
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
DEBUG ((DEBUG_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status));
@@ -210,6 +209,7 @@ MemoryClearCallback (
if (MOR_CLEAR_MEMORY_VALUE (MorControl) == 0x0) {
return EFI_SUCCESS;
}
MorControl &= ~MOR_CLEAR_MEMORY_BIT_MASK;
} else {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
@@ -218,13 +218,13 @@ MemoryClearCallback (
}
DataSize = sizeof (UINT8);
Status = mSmmVariable->SmmSetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&MorControl
);
Status = mSmmVariable->SmmSetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&MorControl
);
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
DEBUG ((DEBUG_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status));
@@ -249,16 +249,17 @@ TcgMmReadyToLock (
IN CONST EFI_GUID *Protocol,
IN VOID *Interface,
IN EFI_HANDLE Handle
)
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = EFI_SUCCESS;
if (mReadyToLockHandle != NULL) {
Status = gMmst->MmiHandlerUnRegister (mReadyToLockHandle);
Status = gMmst->MmiHandlerUnRegister (mReadyToLockHandle);
mReadyToLockHandle = NULL;
}
return Status;
}
@@ -284,17 +285,17 @@ InitializeTcgCommon (
EFI_HANDLE McSwHandle;
EFI_HANDLE NotifyHandle;
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)){
if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)) {
DEBUG ((DEBUG_ERROR, "No TPM2 DTPM instance required!\n"));
return EFI_UNSUPPORTED;
}
// Initialize variables first
mReadyToLockHandle = NULL;
SwDispatch = NULL;
PpSwHandle = NULL;
McSwHandle = NULL;
NotifyHandle = NULL;
SwDispatch = NULL;
PpSwHandle = NULL;
McSwHandle = NULL;
NotifyHandle = NULL;
// Register a root handler to communicate the NVS region and SMI channel between MM and DXE
Status = gMmst->MmiHandlerRegister (TpmNvsCommunciate, &gTpmNvsMmGuid, &mReadyToLockHandle);
@@ -307,35 +308,37 @@ InitializeTcgCommon (
//
// Get the Sw dispatch protocol and register SMI callback functions.
//
Status = gMmst->MmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID**)&SwDispatch);
Status = gMmst->MmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID **)&SwDispatch);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[%a] Failed to locate Sw dispatch protocol - %r!\n", __FUNCTION__, Status));
goto Cleanup;
}
SwContext.SwSmiInputValue = (UINTN) -1;
Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &PpSwHandle);
SwContext.SwSmiInputValue = (UINTN)-1;
Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &PpSwHandle);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[%a] Failed to register PP callback as SW MM handler - %r!\n", __FUNCTION__, Status));
goto Cleanup;
}
mPpSoftwareSmi = SwContext.SwSmiInputValue;
SwContext.SwSmiInputValue = (UINTN) -1;
Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &McSwHandle);
SwContext.SwSmiInputValue = (UINTN)-1;
Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &McSwHandle);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "[%a] Failed to register MC callback as SW MM handler - %r!\n", __FUNCTION__, Status));
goto Cleanup;
}
mMcSoftwareSmi = SwContext.SwSmiInputValue;
//
// Locate SmmVariableProtocol.
//
Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mSmmVariable);
Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID **)&mSmmVariable);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
// Should not happen
@@ -359,12 +362,15 @@ Cleanup:
if (NotifyHandle != NULL) {
gMmst->MmRegisterProtocolNotify (&gEfiMmReadyToLockProtocolGuid, NULL, &NotifyHandle);
}
if (McSwHandle != NULL && SwDispatch != NULL) {
if ((McSwHandle != NULL) && (SwDispatch != NULL)) {
SwDispatch->UnRegister (SwDispatch, McSwHandle);
}
if (PpSwHandle != NULL && SwDispatch != NULL) {
if ((PpSwHandle != NULL) && (SwDispatch != NULL)) {
SwDispatch->UnRegister (SwDispatch, PpSwHandle);
}
if (mReadyToLockHandle != NULL) {
gMmst->MmiHandlerUnRegister (mReadyToLockHandle);
}

10
SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h
View File

@@ -37,14 +37,14 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// The definition for TCG MOR
//
#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1
#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2
#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1
#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2
//
// The return code for Memory Clear Interface Functions
//
#define MOR_REQUEST_SUCCESS 0
#define MOR_REQUEST_GENERAL_FAILURE 1
#define MOR_REQUEST_SUCCESS 0
#define MOR_REQUEST_GENERAL_FAILURE 1
/**
Notify the system that the SMM variable driver is ready.
@@ -84,4 +84,4 @@ InitializeTcgCommon (
VOID
);
#endif // __TCG_SMM_H__
#endif // __TCG_SMM_H__

4
SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c
View File

@@ -63,8 +63,8 @@ IsBufferOutsideMmValid (
EFI_STATUS
EFIAPI
InitializeTcgStandaloneMm (
IN EFI_HANDLE ImageHandle,
IN EFI_MM_SYSTEM_TABLE *SystemTable
IN EFI_HANDLE ImageHandle,
IN EFI_MM_SYSTEM_TABLE *SystemTable
)
{
return InitializeTcgCommon ();

8
SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c
View File

@@ -27,8 +27,8 @@ Tcg2NotifyMmReady (
VOID
)
{
EFI_STATUS Status;
EFI_HANDLE Handle;
EFI_STATUS Status;
EFI_HANDLE Handle;
Handle = NULL;
Status = gBS->InstallProtocolInterface (
@@ -74,8 +74,8 @@ IsBufferOutsideMmValid (
EFI_STATUS
EFIAPI
InitializeTcgSmm (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
return InitializeTcgCommon ();

20
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c
View File

@@ -24,15 +24,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
EFI_STATUS
EFIAPI
TcgConfigDriverEntryPoint (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
TCG_CONFIG_PRIVATE_DATA *PrivateData;
EFI_TCG_PROTOCOL *TcgProtocol;
EFI_STATUS Status;
TCG_CONFIG_PRIVATE_DATA *PrivateData;
EFI_TCG_PROTOCOL *TcgProtocol;
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
DEBUG ((DEBUG_ERROR, "No TPM12 instance required!\n"));
return EFI_UNSUPPORTED;
}
@@ -43,7 +43,7 @@ TcgConfigDriverEntryPoint (
return Status;
}
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol);
if (EFI_ERROR (Status)) {
TcgProtocol = NULL;
}
@@ -123,13 +123,13 @@ TcgConfigDriverUnload (
IN EFI_HANDLE ImageHandle
)
{
EFI_STATUS Status;
TCG_CONFIG_PRIVATE_DATA *PrivateData;
EFI_STATUS Status;
TCG_CONFIG_PRIVATE_DATA *PrivateData;
Status = gBS->HandleProtocol (
ImageHandle,
&gEfiCallerIdGuid,
(VOID **) &PrivateData
(VOID **)&PrivateData
);
if (EFI_ERROR (Status)) {
return Status;

184
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c
View File

@@ -8,9 +8,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include "TcgConfigImpl.h"
CHAR16 mTcgStorageName[] = L"TCG_CONFIGURATION";
CHAR16 mTcgStorageName[] = L"TCG_CONFIGURATION";
TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate = {
TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate = {
TCG_CONFIG_PRIVATE_DATA_SIGNATURE,
{
TcgExtractConfig,
@@ -19,14 +19,14 @@ TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate = {
}
};
HII_VENDOR_DEVICE_PATH mTcgHiiVendorDevicePath = {
HII_VENDOR_DEVICE_PATH mTcgHiiVendorDevicePath = {
{
{
HARDWARE_DEVICE_PATH,
HW_VENDOR_DP,
{
(UINT8) (sizeof (VENDOR_DEVICE_PATH)),
(UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8)
(UINT8)(sizeof (VENDOR_DEVICE_PATH)),
(UINT8)((sizeof (VENDOR_DEVICE_PATH)) >> 8)
}
},
TCG_CONFIG_FORM_SET_GUID
@@ -35,8 +35,8 @@ HII_VENDOR_DEVICE_PATH mTcgHiiVendorDevicePath = {
END_DEVICE_PATH_TYPE,
END_ENTIRE_DEVICE_PATH_SUBTYPE,
{
(UINT8) (END_DEVICE_PATH_LENGTH),
(UINT8) ((END_DEVICE_PATH_LENGTH) >> 8)
(UINT8)(END_DEVICE_PATH_LENGTH),
(UINT8)((END_DEVICE_PATH_LENGTH) >> 8)
}
}
};
@@ -55,16 +55,16 @@ HII_VENDOR_DEVICE_PATH mTcgHiiVendorDevicePath = {
**/
EFI_STATUS
GetTpmState (
IN EFI_TCG_PROTOCOL *TcgProtocol,
OUT BOOLEAN *TpmEnable OPTIONAL,
OUT BOOLEAN *TpmActivate OPTIONAL
IN EFI_TCG_PROTOCOL *TcgProtocol,
OUT BOOLEAN *TpmEnable OPTIONAL,
OUT BOOLEAN *TpmActivate OPTIONAL
)
{
EFI_STATUS Status;
TPM_RSP_COMMAND_HDR *TpmRsp;
UINT32 TpmSendSize;
TPM_PERMANENT_FLAGS *TpmPermanentFlags;
UINT8 CmdBuf[64];
EFI_STATUS Status;
TPM_RSP_COMMAND_HDR *TpmRsp;
UINT32 TpmSendSize;
TPM_PERMANENT_FLAGS *TpmPermanentFlags;
UINT8 CmdBuf[64];
ASSERT (TcgProtocol != NULL);
@@ -73,13 +73,13 @@ GetTpmState (
//
if ((TpmEnable != NULL) || (TpmActivate != NULL)) {
TpmSendSize = sizeof (TPM_RQU_COMMAND_HDR) + sizeof (UINT32) * 3;
*(UINT16*)&CmdBuf[0] = SwapBytes16 (TPM_TAG_RQU_COMMAND);
*(UINT32*)&CmdBuf[2] = SwapBytes32 (TpmSendSize);
*(UINT32*)&CmdBuf[6] = SwapBytes32 (TPM_ORD_GetCapability);
*(UINT16 *)&CmdBuf[0] = SwapBytes16 (TPM_TAG_RQU_COMMAND);
*(UINT32 *)&CmdBuf[2] = SwapBytes32 (TpmSendSize);
*(UINT32 *)&CmdBuf[6] = SwapBytes32 (TPM_ORD_GetCapability);
*(UINT32*)&CmdBuf[10] = SwapBytes32 (TPM_CAP_FLAG);
*(UINT32*)&CmdBuf[14] = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT));
*(UINT32*)&CmdBuf[18] = SwapBytes32 (TPM_CAP_FLAG_PERMANENT);
*(UINT32 *)&CmdBuf[10] = SwapBytes32 (TPM_CAP_FLAG);
*(UINT32 *)&CmdBuf[14] = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT));
*(UINT32 *)&CmdBuf[18] = SwapBytes32 (TPM_CAP_FLAG_PERMANENT);
Status = TcgProtocol->PassThroughToTpm (
TcgProtocol,
@@ -88,12 +88,12 @@ GetTpmState (
sizeof (CmdBuf),
CmdBuf
);
TpmRsp = (TPM_RSP_COMMAND_HDR *) &CmdBuf[0];
TpmRsp = (TPM_RSP_COMMAND_HDR *)&CmdBuf[0];
if (EFI_ERROR (Status) || (TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) {
return EFI_DEVICE_ERROR;
}
TpmPermanentFlags = (TPM_PERMANENT_FLAGS *) &CmdBuf[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];
TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&CmdBuf[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)];
if (TpmEnable != NULL) {
*TpmEnable = (BOOLEAN) !TpmPermanentFlags->disable;
@@ -136,22 +136,22 @@ GetTpmState (
EFI_STATUS
EFIAPI
TcgExtractConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
)
{
EFI_STATUS Status;
TCG_CONFIG_PRIVATE_DATA *PrivateData;
EFI_STRING ConfigRequestHdr;
EFI_STRING ConfigRequest;
BOOLEAN AllocatedRequest;
UINTN Size;
BOOLEAN TpmEnable;
BOOLEAN TpmActivate;
EFI_STATUS Status;
TCG_CONFIG_PRIVATE_DATA *PrivateData;
EFI_STRING ConfigRequestHdr;
EFI_STRING ConfigRequest;
BOOLEAN AllocatedRequest;
UINTN Size;
BOOLEAN TpmEnable;
BOOLEAN TpmActivate;
if (Progress == NULL || Results == NULL) {
if ((Progress == NULL) || (Results == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -193,8 +193,8 @@ TcgExtractConfig (
// followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator
//
ConfigRequestHdr = HiiConstructConfigHdr (&gTcgConfigFormSetGuid, mTcgStorageName, PrivateData->DriverHandle);
Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
ConfigRequest = AllocateZeroPool (Size);
Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16);
ConfigRequest = AllocateZeroPool (Size);
ASSERT (ConfigRequest != NULL);
AllocatedRequest = TRUE;
UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, sizeof (TCG_CONFIGURATION));
@@ -204,7 +204,7 @@ TcgExtractConfig (
Status = gHiiConfigRouting->BlockToConfig (
gHiiConfigRouting,
ConfigRequest,
(UINT8 *) PrivateData->Configuration,
(UINT8 *)PrivateData->Configuration,
sizeof (TCG_CONFIGURATION),
Results,
Progress
@@ -215,6 +215,7 @@ TcgExtractConfig (
if (AllocatedRequest) {
FreePool (ConfigRequest);
}
//
// Set Progress string to the original request string.
//
@@ -248,16 +249,16 @@ TcgExtractConfig (
EFI_STATUS
EFIAPI
TcgRouteConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
)
{
EFI_STATUS Status;
UINTN BufferSize;
TCG_CONFIGURATION TcgConfiguration;
EFI_STATUS Status;
UINTN BufferSize;
TCG_CONFIGURATION TcgConfiguration;
if (Configuration == NULL || Progress == NULL) {
if ((Configuration == NULL) || (Progress == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -270,13 +271,13 @@ TcgRouteConfig (
// Convert <ConfigResp> to buffer data by helper function ConfigToBlock()
//
BufferSize = sizeof (TCG_CONFIGURATION);
Status = gHiiConfigRouting->ConfigToBlock (
gHiiConfigRouting,
Configuration,
(UINT8 *) &TcgConfiguration,
&BufferSize,
Progress
);
Status = gHiiConfigRouting->ConfigToBlock (
gHiiConfigRouting,
Configuration,
(UINT8 *)&TcgConfiguration,
&BufferSize,
Progress
);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -295,37 +296,37 @@ TcgRouteConfig (
**/
EFI_STATUS
SavePpRequest (
IN UINT8 PpRequest
IN UINT8 PpRequest
)
{
EFI_STATUS Status;
UINTN DataSize;
EFI_PHYSICAL_PRESENCE PpData;
EFI_STATUS Status;
UINTN DataSize;
EFI_PHYSICAL_PRESENCE PpData;
//
// Save TPM command to variable.
//
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = gRT->GetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
Status = gRT->GetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
return Status;
}
PpData.PPRequest = PpRequest;
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&PpData
);
if (EFI_ERROR(Status)) {
Status = gRT->SetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&PpData
);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -357,16 +358,16 @@ SavePpRequest (
EFI_STATUS
EFIAPI
TcgCallback (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
)
{
TCG_CONFIG_PRIVATE_DATA *PrivateData;
CHAR16 State[32];
TCG_CONFIG_PRIVATE_DATA *PrivateData;
CHAR16 State[32];
if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) {
return EFI_INVALID_PARAMETER;
@@ -374,7 +375,6 @@ TcgCallback (
if (Action == EFI_BROWSER_ACTION_FORM_OPEN) {
if (QuestionId == KEY_TPM_ACTION) {
PrivateData = TCG_CONFIG_PRIVATE_DATA_FROM_THIS (This);
UnicodeSPrint (
State,
@@ -385,6 +385,7 @@ TcgCallback (
);
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM_STATE_CONTENT), State, NULL);
}
return EFI_SUCCESS;
}
@@ -420,14 +421,14 @@ InstallTcgConfigForm (
DriverHandle = NULL;
ConfigAccess = &PrivateData->ConfigAccess;
Status = gBS->InstallMultipleProtocolInterfaces (
&DriverHandle,
&gEfiDevicePathProtocolGuid,
&mTcgHiiVendorDevicePath,
&gEfiHiiConfigAccessProtocolGuid,
ConfigAccess,
NULL
);
Status = gBS->InstallMultipleProtocolInterfaces (
&DriverHandle,
&gEfiDevicePathProtocolGuid,
&mTcgHiiVendorDevicePath,
&gEfiHiiConfigAccessProtocolGuid,
ConfigAccess,
NULL
);
if (EFI_ERROR (Status)) {
return Status;
}
@@ -470,7 +471,7 @@ InstallTcgConfigForm (
**/
VOID
UninstallTcgConfigForm (
IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData
IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData
)
{
//
@@ -497,7 +498,8 @@ UninstallTcgConfigForm (
}
if (PrivateData->Configuration != NULL) {
FreePool(PrivateData->Configuration);
FreePool (PrivateData->Configuration);
}
FreePool (PrivateData);
}

41
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h
View File

@@ -37,15 +37,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
//
// Tool generated IFR binary data and String package data
//
extern UINT8 TcgConfigBin[];
extern UINT8 TcgConfigDxeStrings[];
extern UINT8 TcgConfigBin[];
extern UINT8 TcgConfigDxeStrings[];
///
/// HII specific Vendor Device Path definition.
///
typedef struct {
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
VENDOR_DEVICE_PATH VendorDevicePath;
EFI_DEVICE_PATH_PROTOCOL End;
} HII_VENDOR_DEVICE_PATH;
typedef struct {
@@ -59,12 +59,11 @@ typedef struct {
EFI_TCG_PROTOCOL *TcgProtocol;
} TCG_CONFIG_PRIVATE_DATA;
extern TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate;
extern TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate;
#define TCG_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'C', 'G', 'D')
#define TCG_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'C', 'G', 'D')
#define TCG_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, TCG_CONFIG_PRIVATE_DATA, ConfigAccess, TCG_CONFIG_PRIVATE_DATA_SIGNATURE)
/**
This function publish the TCG configuration Form for TPM device.
@@ -88,7 +87,7 @@ InstallTcgConfigForm (
**/
VOID
UninstallTcgConfigForm (
IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData
IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData
);
/**
@@ -120,10 +119,10 @@ UninstallTcgConfigForm (
EFI_STATUS
EFIAPI
TcgExtractConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Request,
OUT EFI_STRING *Progress,
OUT EFI_STRING *Results
);
/**
@@ -147,9 +146,9 @@ TcgExtractConfig (
EFI_STATUS
EFIAPI
TcgRouteConfig (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN CONST EFI_STRING Configuration,
OUT EFI_STRING *Progress
);
/**
@@ -177,12 +176,12 @@ TcgRouteConfig (
EFI_STATUS
EFIAPI
TcgCallback (
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This,
IN EFI_BROWSER_ACTION Action,
IN EFI_QUESTION_ID QuestionId,
IN UINT8 Type,
IN EFI_IFR_TYPE_VALUE *Value,
OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest
);
#endif

8
SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h
View File

@@ -16,7 +16,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#define TCG_CONFIGURATION_VARSTORE_ID 0x0001
#define TCG_CONFIGURATION_FORM_ID 0x0001
#define KEY_TPM_ACTION 0x3000
#define KEY_TPM_ACTION 0x3000
#define LABEL_TCG_CONFIGURATION_TPM_OPERATION 0x0001
#define LABEL_END 0xffff
@@ -25,9 +25,9 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Nv Data structure referenced by IFR
//
typedef struct {
UINT8 TpmOperation;
BOOLEAN TpmEnable;
BOOLEAN TpmActivate;
UINT8 TpmOperation;
BOOLEAN TpmEnable;
BOOLEAN TpmActivate;
} TCG_CONFIGURATION;
#endif

473
SecurityPkg/Tcg/TcgDxe/TcgDxe.c
View File

@@ -52,29 +52,27 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
BASE_CR (this, TCG_DXE_DATA, TcgProtocol)
typedef struct _TCG_DXE_DATA {
EFI_TCG_PROTOCOL TcgProtocol;
TCG_EFI_BOOT_SERVICE_CAPABILITY BsCap;
EFI_TCG_CLIENT_ACPI_TABLE *TcgClientAcpiTable;
EFI_TCG_SERVER_ACPI_TABLE *TcgServerAcpiTable;
UINTN EventLogSize;
UINT8 *LastEvent;
EFI_TCG_PROTOCOL TcgProtocol;
TCG_EFI_BOOT_SERVICE_CAPABILITY BsCap;
EFI_TCG_CLIENT_ACPI_TABLE *TcgClientAcpiTable;
EFI_TCG_SERVER_ACPI_TABLE *TcgServerAcpiTable;
UINTN EventLogSize;
UINT8 *LastEvent;
} TCG_DXE_DATA;
EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = {
EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = {
{
EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE,
sizeof (mTcgClientAcpiTemplate),
0x02 //Revision
0x02 // Revision
//
// Compiler initializes the remaining bytes to 0
// These fields should be filled in in production
//
},
0, // 0 for PC Client Platform Class
0, // Log Area Max Length
(EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1) // Log Area Start Address
0, // 0 for PC Client Platform Class
0, // Log Area Max Length
(EFI_PHYSICAL_ADDRESS)(SIZE_4GB - 1) // Log Area Start Address
};
//
@@ -83,26 +81,26 @@ EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = {
// this _UID can be changed and should match with the _UID setting of the TPM
// ACPI device object
//
EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = {
EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = {
{
EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE,
sizeof (mTcgServerAcpiTemplate),
0x02 //Revision
0x02 // Revision
//
// Compiler initializes the remaining bytes to 0
// These fields should be filled in in production
//
},
1, // 1 for Server Platform Class
0, // Reserved
0, // Log Area Max Length
(EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1), // Log Area Start Address
0x0120, // TCG Specification revision 1.2
0, // Device Flags
0, // Interrupt Flags
0, // GPE
{0}, // Reserved 3 bytes
0, // Global System Interrupt
1, // 1 for Server Platform Class
0, // Reserved
0, // Log Area Max Length
(EFI_PHYSICAL_ADDRESS)(SIZE_4GB - 1), // Log Area Start Address
0x0120, // TCG Specification revision 1.2
0, // Device Flags
0, // Interrupt Flags
0, // GPE
{ 0 }, // Reserved 3 bytes
0, // Global System Interrupt
{
EFI_ACPI_3_0_SYSTEM_MEMORY,
0,
@@ -111,15 +109,15 @@ EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = {
0 // Base Address
},
0, // Reserved
{0}, // Configuration Address
{ 0 }, // Configuration Address
0xFF, // ACPI _UID value of the device, can be changed for different platforms
0, // ACPI _UID value of the device, can be changed for different platforms
0, // ACPI _UID value of the device, can be changed for different platforms
0 // ACPI _UID value of the device, can be changed for different platforms
};
UINTN mBootAttempts = 0;
CHAR16 mBootVarName[] = L"BootOrder";
UINTN mBootAttempts = 0;
CHAR16 mBootVarName[] = L"BootOrder";
/**
Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function
@@ -134,19 +132,19 @@ CHAR16 mBootVarName[] = L"BootOrder";
**/
EFI_STATUS
GetProcessorsCpuLocation (
OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf,
OUT UINTN *Num
OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf,
OUT UINTN *Num
)
{
EFI_STATUS Status;
EFI_MP_SERVICES_PROTOCOL *MpProtocol;
UINTN ProcessorNum;
UINTN EnabledProcessorNum;
EFI_PROCESSOR_INFORMATION ProcessorInfo;
EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
UINTN Index;
EFI_STATUS Status;
EFI_MP_SERVICES_PROTOCOL *MpProtocol;
UINTN ProcessorNum;
UINTN EnabledProcessorNum;
EFI_PROCESSOR_INFORMATION ProcessorInfo;
EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
UINTN Index;
Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **) &MpProtocol);
Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **)&MpProtocol);
if (EFI_ERROR (Status)) {
//
// MP protocol is not installed
@@ -154,21 +152,21 @@ GetProcessorsCpuLocation (
return EFI_UNSUPPORTED;
}
Status = MpProtocol->GetNumberOfProcessors(
Status = MpProtocol->GetNumberOfProcessors (
MpProtocol,
&ProcessorNum,
&EnabledProcessorNum
);
if (EFI_ERROR(Status)){
if (EFI_ERROR (Status)) {
return Status;
}
Status = gBS->AllocatePool(
Status = gBS->AllocatePool (
EfiBootServicesData,
sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,
(VOID **) &ProcessorLocBuf
sizeof (EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,
(VOID **)&ProcessorLocBuf
);
if (EFI_ERROR(Status)){
if (EFI_ERROR (Status)) {
return Status;
}
@@ -176,28 +174,28 @@ GetProcessorsCpuLocation (
// Get each processor Location info
//
for (Index = 0; Index < ProcessorNum; Index++) {
Status = MpProtocol->GetProcessorInfo(
Status = MpProtocol->GetProcessorInfo (
MpProtocol,
Index,
&ProcessorInfo
);
if (EFI_ERROR(Status)){
FreePool(ProcessorLocBuf);
if (EFI_ERROR (Status)) {
FreePool (ProcessorLocBuf);
return Status;
}
//
// Get all Processor Location info & measure
//
CopyMem(
CopyMem (
&ProcessorLocBuf[Index],
&ProcessorInfo.Location,
sizeof(EFI_CPU_PHYSICAL_LOCATION)
sizeof (EFI_CPU_PHYSICAL_LOCATION)
);
}
*LocationBuf = ProcessorLocBuf;
*Num = ProcessorNum;
*Num = ProcessorNum;
return Status;
}
@@ -234,7 +232,7 @@ TcgDxeStatusCheck (
OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry
)
{
TCG_DXE_DATA *TcgData;
TCG_DXE_DATA *TcgData;
TcgData = TCG_DXE_DATA_FROM_THIS (This);
@@ -320,15 +318,15 @@ TpmCommHashAll (
EFI_STATUS
EFIAPI
TcgDxeHashAll (
IN EFI_TCG_PROTOCOL *This,
IN UINT8 *HashData,
IN UINT64 HashDataLen,
IN TCG_ALGORITHM_ID AlgorithmId,
IN OUT UINT64 *HashedDataLen,
IN OUT UINT8 **HashedDataResult
IN EFI_TCG_PROTOCOL *This,
IN UINT8 *HashData,
IN UINT64 HashDataLen,
IN TCG_ALGORITHM_ID AlgorithmId,
IN OUT UINT64 *HashedDataLen,
IN OUT UINT8 **HashedDataResult
)
{
if (HashedDataLen == NULL || HashedDataResult == NULL) {
if ((HashedDataLen == NULL) || (HashedDataResult == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -336,7 +334,7 @@ TcgDxeHashAll (
case TPM_ALG_SHA:
if (*HashedDataLen == 0) {
*HashedDataLen = sizeof (TPM_DIGEST);
*HashedDataResult = AllocatePool ((UINTN) *HashedDataLen);
*HashedDataResult = AllocatePool ((UINTN)*HashedDataLen);
if (*HashedDataResult == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -346,16 +344,17 @@ TcgDxeHashAll (
*HashedDataLen = sizeof (TPM_DIGEST);
return EFI_BUFFER_TOO_SMALL;
}
*HashedDataLen = sizeof (TPM_DIGEST);
if (*HashedDataResult == NULL) {
*HashedDataResult = AllocatePool ((UINTN) *HashedDataLen);
*HashedDataResult = AllocatePool ((UINTN)*HashedDataLen);
}
return TpmCommHashAll (
HashData,
(UINTN) HashDataLen,
(TPM_DIGEST*)*HashedDataResult
(UINTN)HashDataLen,
(TPM_DIGEST *)*HashedDataResult
);
default:
return EFI_UNSUPPORTED;
@@ -377,19 +376,19 @@ Add a new entry to the Event Log.
**/
EFI_STATUS
TpmCommLogEvent (
IN OUT UINT8 **EventLogPtr,
IN OUT UINTN *LogSize,
IN UINTN MaxSize,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
IN OUT UINT8 **EventLogPtr,
IN OUT UINTN *LogSize,
IN UINTN MaxSize,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
)
{
UINTN NewLogSize;
UINTN NewLogSize;
//
// Prevent Event Overflow
//
if ((UINTN) NewEventHdr->EventSize > MAX_UINTN - sizeof (*NewEventHdr)) {
if ((UINTN)NewEventHdr->EventSize > MAX_UINTN - sizeof (*NewEventHdr)) {
return EFI_OUT_OF_RESOURCES;
}
@@ -399,7 +398,7 @@ TpmCommLogEvent (
}
*EventLogPtr += *LogSize;
*LogSize += NewLogSize;
*LogSize += NewLogSize;
CopyMem (*EventLogPtr, NewEventHdr, sizeof (*NewEventHdr));
CopyMem (
*EventLogPtr + sizeof (*NewEventHdr),
@@ -423,13 +422,13 @@ TpmCommLogEvent (
EFI_STATUS
EFIAPI
TcgDxeLogEventI (
IN TCG_DXE_DATA *TcgData,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
IN TCG_DXE_DATA *TcgData,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
)
{
if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) {
TcgData->LastEvent = (UINT8*)(UINTN)TcgData->TcgClientAcpiTable->Lasa;
TcgData->LastEvent = (UINT8 *)(UINTN)TcgData->TcgClientAcpiTable->Lasa;
return TpmCommLogEvent (
&TcgData->LastEvent,
&TcgData->EventLogSize,
@@ -438,7 +437,7 @@ TcgDxeLogEventI (
NewEventData
);
} else {
TcgData->LastEvent = (UINT8*)(UINTN)TcgData->TcgServerAcpiTable->Lasa;
TcgData->LastEvent = (UINT8 *)(UINTN)TcgData->TcgServerAcpiTable->Lasa;
return TpmCommLogEvent (
&TcgData->LastEvent,
&TcgData->EventLogSize,
@@ -469,15 +468,15 @@ TcgDxeLogEventI (
EFI_STATUS
EFIAPI
TcgDxeLogEvent (
IN EFI_TCG_PROTOCOL *This,
IN TCG_PCR_EVENT *TCGLogData,
IN OUT UINT32 *EventNumber,
IN UINT32 Flags
IN EFI_TCG_PROTOCOL *This,
IN TCG_PCR_EVENT *TCGLogData,
IN OUT UINT32 *EventNumber,
IN UINT32 Flags
)
{
TCG_DXE_DATA *TcgData;
if (TCGLogData == NULL){
if (TCGLogData == NULL) {
return EFI_INVALID_PARAMETER;
}
@@ -486,9 +485,10 @@ TcgDxeLogEvent (
if (TcgData->BsCap.TPMDeactivatedFlag || (!TcgData->BsCap.TPMPresentFlag)) {
return EFI_DEVICE_ERROR;
}
return TcgDxeLogEventI (
TcgData,
(TCG_PCR_EVENT_HDR*)TCGLogData,
(TCG_PCR_EVENT_HDR *)TCGLogData,
TCGLogData->Event
);
}
@@ -511,17 +511,18 @@ TcgDxeLogEvent (
EFI_STATUS
EFIAPI
TcgDxePassThroughToTpm (
IN EFI_TCG_PROTOCOL *This,
IN UINT32 TpmInputParameterBlockSize,
IN UINT8 *TpmInputParameterBlock,
IN UINT32 TpmOutputParameterBlockSize,
IN UINT8 *TpmOutputParameterBlock
IN EFI_TCG_PROTOCOL *This,
IN UINT32 TpmInputParameterBlockSize,
IN UINT8 *TpmInputParameterBlock,
IN UINT32 TpmOutputParameterBlockSize,
IN UINT8 *TpmOutputParameterBlock
)
{
if (TpmInputParameterBlock == NULL ||
TpmOutputParameterBlock == NULL ||
TpmInputParameterBlockSize == 0 ||
TpmOutputParameterBlockSize == 0) {
if ((TpmInputParameterBlock == NULL) ||
(TpmOutputParameterBlock == NULL) ||
(TpmInputParameterBlockSize == 0) ||
(TpmOutputParameterBlockSize == 0))
{
return EFI_INVALID_PARAMETER;
}
@@ -552,26 +553,26 @@ TcgDxePassThroughToTpm (
EFI_STATUS
EFIAPI
TcgDxeHashLogExtendEventI (
IN TCG_DXE_DATA *TcgData,
IN UINT8 *HashData,
IN UINT64 HashDataLen,
IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
IN TCG_DXE_DATA *TcgData,
IN UINT8 *HashData,
IN UINT64 HashDataLen,
IN OUT TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
)
{
EFI_STATUS Status;
EFI_STATUS Status;
if (!TcgData->BsCap.TPMPresentFlag) {
return EFI_DEVICE_ERROR;
}
if (HashDataLen > 0 || HashData != NULL) {
if ((HashDataLen > 0) || (HashData != NULL)) {
Status = TpmCommHashAll (
HashData,
(UINTN) HashDataLen,
(UINTN)HashDataLen,
&NewEventHdr->Digest
);
if (EFI_ERROR(Status)) {
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "TpmCommHashAll Failed. %x\n", Status));
goto Done;
}
@@ -627,19 +628,19 @@ Done:
EFI_STATUS
EFIAPI
TcgDxeHashLogExtendEvent (
IN EFI_TCG_PROTOCOL *This,
IN EFI_PHYSICAL_ADDRESS HashData,
IN UINT64 HashDataLen,
IN TPM_ALGORITHM_ID AlgorithmId,
IN OUT TCG_PCR_EVENT *TCGLogData,
IN OUT UINT32 *EventNumber,
OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry
IN EFI_TCG_PROTOCOL *This,
IN EFI_PHYSICAL_ADDRESS HashData,
IN UINT64 HashDataLen,
IN TPM_ALGORITHM_ID AlgorithmId,
IN OUT TCG_PCR_EVENT *TCGLogData,
IN OUT UINT32 *EventNumber,
OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry
)
{
TCG_DXE_DATA *TcgData;
EFI_STATUS Status;
if (TCGLogData == NULL || EventLogLastEntry == NULL){
if ((TCGLogData == NULL) || (EventLogLastEntry == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -653,26 +654,26 @@ TcgDxeHashLogExtendEvent (
return EFI_UNSUPPORTED;
}
if (HashData == 0 && HashDataLen > 0) {
if ((HashData == 0) && (HashDataLen > 0)) {
return EFI_INVALID_PARAMETER;
}
Status = TcgDxeHashLogExtendEventI (
TcgData,
(UINT8 *) (UINTN) HashData,
(UINT8 *)(UINTN)HashData,
HashDataLen,
(TCG_PCR_EVENT_HDR*)TCGLogData,
(TCG_PCR_EVENT_HDR *)TCGLogData,
TCGLogData->Event
);
if (!EFI_ERROR(Status)){
*EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN) TcgData->LastEvent;
if (!EFI_ERROR (Status)) {
*EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)TcgData->LastEvent;
}
return Status;
}
TCG_DXE_DATA mTcgDxeData = {
TCG_DXE_DATA mTcgDxeData = {
{
TcgDxeStatusCheck,
TcgDxeHashAll,
@@ -724,6 +725,7 @@ SetupEventLog (
if (EFI_ERROR (Status)) {
return Status;
}
mTcgClientAcpiTemplate.Lasa = Lasa;
//
// To initialize them as 0xFF is recommended
@@ -731,7 +733,6 @@ SetupEventLog (
//
SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF);
mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen);
} else {
Lasa = mTcgServerAcpiTemplate.Lasa;
@@ -744,6 +745,7 @@ SetupEventLog (
if (EFI_ERROR (Status)) {
return Status;
}
mTcgServerAcpiTemplate.Lasa = Lasa;
//
// To initialize them as 0xFF is recommended
@@ -755,14 +757,15 @@ SetupEventLog (
GuidHob.Raw = GetHobList ();
while (!EFI_ERROR (Status) &&
(GuidHob.Raw = GetNextGuidHob (&gTcgEventEntryHobGuid, GuidHob.Raw)) != NULL) {
(GuidHob.Raw = GetNextGuidHob (&gTcgEventEntryHobGuid, GuidHob.Raw)) != NULL)
{
TcgEvent = GET_GUID_HOB_DATA (GuidHob.Guid);
GuidHob.Raw = GET_NEXT_HOB (GuidHob);
Status = TcgDxeLogEventI (
&mTcgDxeData,
(TCG_PCR_EVENT_HDR*)TcgEvent,
TcgEvent->Event
);
Status = TcgDxeLogEventI (
&mTcgDxeData,
(TCG_PCR_EVENT_HDR *)TcgEvent,
TcgEvent->Event
);
}
return Status;
@@ -780,20 +783,20 @@ SetupEventLog (
EFI_STATUS
EFIAPI
TcgMeasureAction (
IN CHAR8 *String
IN CHAR8 *String
)
{
TCG_PCR_EVENT_HDR TcgEvent;
TCG_PCR_EVENT_HDR TcgEvent;
TcgEvent.PCRIndex = 5;
TcgEvent.EventType = EV_EFI_ACTION;
TcgEvent.EventSize = (UINT32)AsciiStrLen (String);
return TcgDxeHashLogExtendEventI (
&mTcgDxeData,
(UINT8*)String,
(UINT8 *)String,
TcgEvent.EventSize,
&TcgEvent,
(UINT8 *) String
(UINT8 *)String
);
}
@@ -810,40 +813,40 @@ MeasureHandoffTables (
VOID
)
{
EFI_STATUS Status;
TCG_PCR_EVENT_HDR TcgEvent;
EFI_HANDOFF_TABLE_POINTERS HandoffTables;
UINTN ProcessorNum;
EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
EFI_STATUS Status;
TCG_PCR_EVENT_HDR TcgEvent;
EFI_HANDOFF_TABLE_POINTERS HandoffTables;
UINTN ProcessorNum;
EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
ProcessorLocBuf = NULL;
Status = EFI_SUCCESS;
Status = EFI_SUCCESS;
if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) {
//
// Tcg Server spec.
// Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1]
//
Status = GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum);
Status = GetProcessorsCpuLocation (&ProcessorLocBuf, &ProcessorNum);
if (!EFI_ERROR(Status)){
if (!EFI_ERROR (Status)) {
TcgEvent.PCRIndex = 1;
TcgEvent.EventType = EV_TABLE_OF_DEVICES;
TcgEvent.EventSize = sizeof (HandoffTables);
HandoffTables.NumberOfTables = 1;
HandoffTables.NumberOfTables = 1;
HandoffTables.TableEntry[0].VendorGuid = gEfiMpServiceProtocolGuid;
HandoffTables.TableEntry[0].VendorTable = ProcessorLocBuf;
Status = TcgDxeHashLogExtendEventI (
&mTcgDxeData,
(UINT8*)(UINTN)ProcessorLocBuf,
sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,
(UINT8 *)(UINTN)ProcessorLocBuf,
sizeof (EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,
&TcgEvent,
(UINT8*)&HandoffTables
(UINT8 *)&HandoffTables
);
FreePool(ProcessorLocBuf);
FreePool (ProcessorLocBuf);
}
}
@@ -862,13 +865,13 @@ MeasureHandoffTables (
EFI_STATUS
EFIAPI
MeasureSeparatorEvent (
IN TPM_PCRINDEX PCRIndex
IN TPM_PCRINDEX PCRIndex
)
{
TCG_PCR_EVENT_HDR TcgEvent;
UINT32 EventData;
TCG_PCR_EVENT_HDR TcgEvent;
UINT32 EventData;
EventData = 0;
EventData = 0;
TcgEvent.PCRIndex = PCRIndex;
TcgEvent.EventType = EV_SEPARATOR;
TcgEvent.EventSize = (UINT32)sizeof (EventData);
@@ -897,22 +900,22 @@ MeasureSeparatorEvent (
VOID *
EFIAPI
ReadVariable (
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
OUT UINTN *VarSize
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
OUT UINTN *VarSize
)
{
EFI_STATUS Status;
VOID *VarData;
EFI_STATUS Status;
VOID *VarData;
*VarSize = 0;
Status = gRT->GetVariable (
VarName,
VendorGuid,
NULL,
VarSize,
NULL
);
Status = gRT->GetVariable (
VarName,
VendorGuid,
NULL,
VarSize,
NULL
);
if (Status != EFI_BUFFER_TOO_SMALL) {
return NULL;
}
@@ -928,10 +931,11 @@ ReadVariable (
);
if (EFI_ERROR (Status)) {
FreePool (VarData);
VarData = NULL;
VarData = NULL;
*VarSize = 0;
}
}
return VarData;
}
@@ -953,26 +957,26 @@ ReadVariable (
EFI_STATUS
EFIAPI
MeasureVariable (
IN TPM_PCRINDEX PCRIndex,
IN TCG_EVENTTYPE EventType,
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
IN VOID *VarData,
IN UINTN VarSize
IN TPM_PCRINDEX PCRIndex,
IN TCG_EVENTTYPE EventType,
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
IN VOID *VarData,
IN UINTN VarSize
)
{
EFI_STATUS Status;
TCG_PCR_EVENT_HDR TcgEvent;
UINTN VarNameLength;
EFI_VARIABLE_DATA *VarLog;
EFI_STATUS Status;
TCG_PCR_EVENT_HDR TcgEvent;
UINTN VarNameLength;
EFI_VARIABLE_DATA *VarLog;
VarNameLength = StrLen (VarName);
TcgEvent.PCRIndex = PCRIndex;
TcgEvent.EventType = EventType;
TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize
- sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
- sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
VarLog = (EFI_VARIABLE_DATA*)AllocatePool (TcgEvent.EventSize);
VarLog = (EFI_VARIABLE_DATA *)AllocatePool (TcgEvent.EventSize);
if (VarLog == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -981,22 +985,22 @@ MeasureVariable (
VarLog->UnicodeNameLength = VarNameLength;
VarLog->VariableDataLength = VarSize;
CopyMem (
VarLog->UnicodeName,
VarName,
VarNameLength * sizeof (*VarName)
);
VarLog->UnicodeName,
VarName,
VarNameLength * sizeof (*VarName)
);
CopyMem (
(CHAR16 *)VarLog->UnicodeName + VarNameLength,
VarData,
VarSize
);
(CHAR16 *)VarLog->UnicodeName + VarNameLength,
VarData,
VarSize
);
Status = TcgDxeHashLogExtendEventI (
&mTcgDxeData,
(UINT8*)VarLog,
(UINT8 *)VarLog,
TcgEvent.EventSize,
&TcgEvent,
(UINT8*)VarLog
(UINT8 *)VarLog
);
FreePool (VarLog);
return Status;
@@ -1018,13 +1022,13 @@ MeasureVariable (
EFI_STATUS
EFIAPI
ReadAndMeasureBootVariable (
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
OUT UINTN *VarSize,
OUT VOID **VarData
IN CHAR16 *VarName,
IN EFI_GUID *VendorGuid,
OUT UINTN *VarSize,
OUT VOID **VarData
)
{
EFI_STATUS Status;
EFI_STATUS Status;
*VarData = ReadVariable (VarName, VendorGuid, VarSize);
if (*VarData == NULL) {
@@ -1058,20 +1062,20 @@ MeasureAllBootVariables (
VOID
)
{
EFI_STATUS Status;
UINT16 *BootOrder;
UINTN BootCount;
UINTN Index;
VOID *BootVarData;
UINTN Size;
EFI_STATUS Status;
UINT16 *BootOrder;
UINTN BootCount;
UINTN Index;
VOID *BootVarData;
UINTN Size;
Status = ReadAndMeasureBootVariable (
mBootVarName,
&gEfiGlobalVariableGuid,
&BootCount,
(VOID **) &BootOrder
(VOID **)&BootOrder
);
if (Status == EFI_NOT_FOUND || BootOrder == NULL) {
if ((Status == EFI_NOT_FOUND) || (BootOrder == NULL)) {
return EFI_SUCCESS;
}
@@ -1113,15 +1117,14 @@ MeasureAllBootVariables (
VOID
EFIAPI
OnReadyToBoot (
IN EFI_EVENT Event,
IN VOID *Context
IN EFI_EVENT Event,
IN VOID *Context
)
{
EFI_STATUS Status;
TPM_PCRINDEX PcrIndex;
EFI_STATUS Status;
TPM_PCRINDEX PcrIndex;
if (mBootAttempts == 0) {
//
// Measure handoff tables.
//
@@ -1201,15 +1204,15 @@ OnReadyToBoot (
VOID
EFIAPI
InstallAcpiTable (
IN EFI_EVENT Event,
IN VOID* Context
IN EFI_EVENT Event,
IN VOID *Context
)
{
UINTN TableKey;
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
UINT8 Checksum;
UINT64 OemTableId;
UINTN TableKey;
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
UINT8 Checksum;
UINT64 OemTableId;
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable);
if (EFI_ERROR (Status)) {
@@ -1220,47 +1223,47 @@ InstallAcpiTable (
CopyMem (mTcgClientAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTcgClientAcpiTemplate.Header.OemId));
OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId);
CopyMem (&mTcgClientAcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64));
mTcgClientAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
mTcgClientAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
mTcgClientAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
mTcgClientAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
mTcgClientAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
mTcgClientAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
//
// The ACPI table must be checksummed before calling the InstallAcpiTable()
// service of the ACPI table protocol to install it.
//
Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, sizeof (mTcgClientAcpiTemplate));
Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, sizeof (mTcgClientAcpiTemplate));
mTcgClientAcpiTemplate.Header.Checksum = Checksum;
Status = AcpiTable->InstallAcpiTable (
AcpiTable,
&mTcgClientAcpiTemplate,
sizeof (mTcgClientAcpiTemplate),
&TableKey
);
AcpiTable,
&mTcgClientAcpiTemplate,
sizeof (mTcgClientAcpiTemplate),
&TableKey
);
} else {
CopyMem (mTcgServerAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTcgServerAcpiTemplate.Header.OemId));
OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId);
CopyMem (&mTcgServerAcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64));
mTcgServerAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
mTcgServerAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
mTcgServerAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
mTcgServerAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
mTcgServerAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
mTcgServerAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
//
// The ACPI table must be checksummed before calling the InstallAcpiTable()
// service of the ACPI table protocol to install it.
//
Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, sizeof (mTcgServerAcpiTemplate));
Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, sizeof (mTcgServerAcpiTemplate));
mTcgServerAcpiTemplate.Header.Checksum = Checksum;
mTcgServerAcpiTemplate.BaseAddress.Address = PcdGet64 (PcdTpmBaseAddress);
Status = AcpiTable->InstallAcpiTable (
AcpiTable,
&mTcgServerAcpiTemplate,
sizeof (mTcgServerAcpiTemplate),
&TableKey
);
Status = AcpiTable->InstallAcpiTable (
AcpiTable,
&mTcgServerAcpiTemplate,
sizeof (mTcgServerAcpiTemplate),
&TableKey
);
}
if (EFI_ERROR (Status)) {
DEBUG((DEBUG_ERROR, "Tcg Acpi Table installation failure"));
DEBUG ((DEBUG_ERROR, "Tcg Acpi Table installation failure"));
}
}
@@ -1276,11 +1279,11 @@ InstallAcpiTable (
VOID
EFIAPI
OnExitBootServices (
IN EFI_EVENT Event,
IN VOID *Context
IN EFI_EVENT Event,
IN VOID *Context
)
{
EFI_STATUS Status;
EFI_STATUS Status;
//
// Measure invocation of ExitBootServices,
@@ -1298,7 +1301,7 @@ OnExitBootServices (
Status = TcgMeasureAction (
EFI_EXIT_BOOT_SERVICES_SUCCEEDED
);
if (EFI_ERROR (Status)){
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED));
}
}
@@ -1315,11 +1318,11 @@ OnExitBootServices (
VOID
EFIAPI
OnExitBootServicesFailed (
IN EFI_EVENT Event,
IN VOID *Context
IN EFI_EVENT Event,
IN VOID *Context
)
{
EFI_STATUS Status;
EFI_STATUS Status;
//
// Measure Failure of ExitBootServices,
@@ -1327,7 +1330,7 @@ OnExitBootServicesFailed (
Status = TcgMeasureAction (
EFI_EXIT_BOOT_SERVICES_FAILED
);
if (EFI_ERROR (Status)){
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED));
}
}
@@ -1372,15 +1375,15 @@ GetTpmStatus (
EFI_STATUS
EFIAPI
DriverEntry (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
EFI_EVENT Event;
VOID *Registration;
EFI_STATUS Status;
EFI_EVENT Event;
VOID *Registration;
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
DEBUG ((DEBUG_ERROR, "No TPM12 instance required!\n"));
return EFI_UNSUPPORTED;
}

252
SecurityPkg/Tcg/TcgPei/TcgPei.c
View File

@@ -39,7 +39,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/BaseCryptLib.h>
#include <Library/PerformanceLib.h>
BOOLEAN mImageInMemory = FALSE;
BOOLEAN mImageInMemory = FALSE;
EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = {
EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST,
@@ -74,15 +74,15 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = {
EFI_STATUS
EFIAPI
HashLogExtendEvent (
IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
);
EDKII_TCG_PPI mEdkiiTcgPpi = {
EDKII_TCG_PPI mEdkiiTcgPpi = {
HashLogExtendEvent
};
@@ -95,17 +95,17 @@ EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = {
//
// Number of firmware blobs to grow by each time we run out of room
//
#define FIRMWARE_BLOB_GROWTH_STEP 4
#define FIRMWARE_BLOB_GROWTH_STEP 4
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;
UINT32 mMeasuredMaxBaseFvIndex = 0;
UINT32 mMeasuredBaseFvIndex = 0;
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo;
UINT32 mMeasuredMaxBaseFvIndex = 0;
UINT32 mMeasuredBaseFvIndex = 0;
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;
UINT32 mMeasuredMaxChildFvIndex = 0;
UINT32 mMeasuredChildFvIndex = 0;
EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo;
UINT32 mMeasuredMaxChildFvIndex = 0;
UINT32 mMeasuredChildFvIndex = 0;
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;
/**
Lock physical presence if needed.
@@ -120,9 +120,9 @@ EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi
EFI_STATUS
EFIAPI
PhysicalPresencePpiNotifyCallback (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
);
/**
@@ -139,9 +139,9 @@ PhysicalPresencePpiNotifyCallback (
EFI_STATUS
EFIAPI
FirmwareVolumeInfoPpiNotifyCallback (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
);
/**
@@ -158,12 +158,12 @@ FirmwareVolumeInfoPpiNotifyCallback (
EFI_STATUS
EFIAPI
EndofPeiSignalNotifyCallBack (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
);
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
{
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,
&gPeiLockPhysicalPresencePpiGuid,
@@ -204,12 +204,12 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
EFI_STATUS
EFIAPI
EndofPeiSignalNotifyCallBack (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
)
{
MEASURED_HOB_DATA *MeasuredHobData;
MEASURED_HOB_DATA *MeasuredHobData;
MeasuredHobData = NULL;
@@ -218,12 +218,12 @@ EndofPeiSignalNotifyCallBack (
//
// Create a Guid hob to save all measured Fv
//
MeasuredHobData = BuildGuidHob(
MeasuredHobData = BuildGuidHob (
&gMeasuredFvHobGuid,
sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex)
sizeof (UINTN) + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex)
);
if (MeasuredHobData != NULL){
if (MeasuredHobData != NULL) {
//
// Save measured FV info enty number
//
@@ -232,12 +232,12 @@ EndofPeiSignalNotifyCallBack (
//
// Save measured base Fv info
//
CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex));
CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex));
//
// Save measured child Fv info
//
CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));
CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex], mMeasuredChildFvInfo, sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));
}
PERF_CALLBACK_END (&gEfiEndOfPeiSignalPpiGuid);
@@ -300,16 +300,16 @@ TpmCommHashAll (
EFI_STATUS
EFIAPI
HashLogExtendEvent (
IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
IN EDKII_TCG_PPI *This,
IN UINT64 Flags,
IN UINT8 *HashData,
IN UINTN HashDataLen,
IN TCG_PCR_EVENT_HDR *NewEventHdr,
IN UINT8 *NewEventData
)
{
EFI_STATUS Status;
VOID *HobData;
EFI_STATUS Status;
VOID *HobData;
if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
return EFI_DEVICE_ERROR;
@@ -337,28 +337,29 @@ HashLogExtendEvent (
}
HobData = BuildGuidHob (
&gTcgEventEntryHobGuid,
sizeof (*NewEventHdr) + NewEventHdr->EventSize
);
&gTcgEventEntryHobGuid,
sizeof (*NewEventHdr) + NewEventHdr->EventSize
);
if (HobData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Done;
}
CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr));
HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr));
HobData = (VOID *)((UINT8 *)HobData + sizeof (*NewEventHdr));
CopyMem (HobData, NewEventData, NewEventHdr->EventSize);
Done:
if ((Status == EFI_DEVICE_ERROR) || (Status == EFI_TIMEOUT)) {
DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
BuildGuidHob (&gTpmErrorHobGuid,0);
BuildGuidHob (&gTpmErrorHobGuid, 0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
(PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
);
Status = EFI_DEVICE_ERROR;
}
return Status;
}
@@ -375,10 +376,10 @@ Done:
EFI_STATUS
EFIAPI
MeasureCRTMVersion (
IN EFI_PEI_SERVICES **PeiServices
IN EFI_PEI_SERVICES **PeiServices
)
{
TCG_PCR_EVENT_HDR TcgEventHdr;
TCG_PCR_EVENT_HDR TcgEventHdr;
//
// Use FirmwareVersion string to represent CRTM version.
@@ -387,15 +388,15 @@ MeasureCRTMVersion (
TcgEventHdr.PCRIndex = 0;
TcgEventHdr.EventType = EV_S_CRTM_VERSION;
TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString));
TcgEventHdr.EventSize = (UINT32)StrSize ((CHAR16 *)PcdGetPtr (PcdFirmwareVersionString));
return HashLogExtendEvent (
&mEdkiiTcgPpi,
0,
(UINT8*)PcdGetPtr (PcdFirmwareVersionString),
(UINT8 *)PcdGetPtr (PcdFirmwareVersionString),
TcgEventHdr.EventSize,
&TcgEventHdr,
(UINT8*)PcdGetPtr (PcdFirmwareVersionString)
(UINT8 *)PcdGetPtr (PcdFirmwareVersionString)
);
}
@@ -415,24 +416,24 @@ MeasureCRTMVersion (
EFI_STATUS
EFIAPI
MeasureFvImage (
IN EFI_PHYSICAL_ADDRESS FvBase,
IN UINT64 FvLength
IN EFI_PHYSICAL_ADDRESS FvBase,
IN UINT64 FvLength
)
{
UINT32 Index;
EFI_STATUS Status;
EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
TCG_PCR_EVENT_HDR TcgEventHdr;
EFI_PHYSICAL_ADDRESS FvOrgBase;
EFI_PHYSICAL_ADDRESS FvDataBase;
EFI_PEI_HOB_POINTERS Hob;
EDKII_MIGRATED_FV_INFO *MigratedFvInfo;
UINT32 Index;
EFI_STATUS Status;
EFI_PLATFORM_FIRMWARE_BLOB FvBlob;
TCG_PCR_EVENT_HDR TcgEventHdr;
EFI_PHYSICAL_ADDRESS FvOrgBase;
EFI_PHYSICAL_ADDRESS FvDataBase;
EFI_PEI_HOB_POINTERS Hob;
EDKII_MIGRATED_FV_INFO *MigratedFvInfo;
//
// Check if it is in Excluded FV list
//
if (mMeasurementExcludedFvPpi != NULL) {
for (Index = 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) {
for (Index = 0; Index < mMeasurementExcludedFvPpi->Count; Index++) {
if (mMeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase) {
DEBUG ((DEBUG_INFO, "The FV which is excluded by TcgPei starts at: 0x%x\n", FvBase));
DEBUG ((DEBUG_INFO, "The FV which is excluded by TcgPei has the size: 0x%x\n", FvLength));
@@ -444,7 +445,7 @@ MeasureFvImage (
//
// Check whether FV is in the measured FV list.
//
for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) {
for (Index = 0; Index < mMeasuredBaseFvIndex; Index++) {
if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase) {
return EFI_SUCCESS;
}
@@ -455,17 +456,18 @@ MeasureFvImage (
//
FvOrgBase = FvBase;
FvDataBase = FvBase;
Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid);
Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid);
while (Hob.Raw != NULL) {
MigratedFvInfo = GET_GUID_HOB_DATA (Hob);
if ((MigratedFvInfo->FvNewBase == (UINT32) FvBase) && (MigratedFvInfo->FvLength == (UINT32) FvLength)) {
if ((MigratedFvInfo->FvNewBase == (UINT32)FvBase) && (MigratedFvInfo->FvLength == (UINT32)FvLength)) {
//
// Found the migrated FV info
//
FvOrgBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvOrgBase;
FvDataBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvDataBase;
FvOrgBase = (EFI_PHYSICAL_ADDRESS)(UINTN)MigratedFvInfo->FvOrgBase;
FvDataBase = (EFI_PHYSICAL_ADDRESS)(UINTN)MigratedFvInfo->FvDataBase;
break;
}
Hob.Raw = GET_NEXT_HOB (Hob);
Hob.Raw = GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw);
}
@@ -479,17 +481,17 @@ MeasureFvImage (
DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei starts at: 0x%x\n", FvBlob.BlobBase));
DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei has the size: 0x%x\n", FvBlob.BlobLength));
TcgEventHdr.PCRIndex = 0;
TcgEventHdr.PCRIndex = 0;
TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB;
TcgEventHdr.EventSize = sizeof (FvBlob);
Status = HashLogExtendEvent (
&mEdkiiTcgPpi,
0,
(UINT8*) (UINTN) FvDataBase,
(UINTN) FvBlob.BlobLength,
(UINT8 *)(UINTN)FvDataBase,
(UINTN)FvBlob.BlobLength,
&TcgEventHdr,
(UINT8*) &FvBlob
(UINT8 *)&FvBlob
);
//
@@ -525,16 +527,16 @@ MeasureFvImage (
EFI_STATUS
EFIAPI
MeasureMainBios (
IN EFI_PEI_SERVICES **PeiServices
IN EFI_PEI_SERVICES **PeiServices
)
{
EFI_STATUS Status;
UINT32 FvInstances;
EFI_PEI_FV_HANDLE VolumeHandle;
EFI_FV_INFO VolumeInfo;
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;
EFI_STATUS Status;
UINT32 FvInstances;
EFI_PEI_FV_HANDLE VolumeHandle;
EFI_FV_INFO VolumeInfo;
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;
FvInstances = 0;
FvInstances = 0;
while (TRUE) {
//
// Traverse all firmware volume instances of Static Core Root of Trust for Measurement
@@ -558,10 +560,10 @@ MeasureMainBios (
&VolumeInfo.FvFormat,
0,
NULL,
(VOID**)&FvPpi
(VOID **)&FvPpi
);
if (!EFI_ERROR (Status)) {
MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize);
MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)VolumeInfo.FvStart, VolumeInfo.FvSize);
}
FvInstances++;
@@ -584,9 +586,9 @@ MeasureMainBios (
EFI_STATUS
EFIAPI
FirmwareVolumeInfoPpiNotifyCallback (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
)
{
EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv;
@@ -594,7 +596,7 @@ FirmwareVolumeInfoPpiNotifyCallback (
EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi;
UINTN Index;
Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi;
Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *)Ppi;
//
// The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi.
@@ -603,7 +605,7 @@ FirmwareVolumeInfoPpiNotifyCallback (
&Fv->FvFormat,
0,
NULL,
(VOID**)&FvPpi
(VOID **)&FvPpi
);
if (EFI_ERROR (Status)) {
return EFI_SUCCESS;
@@ -613,8 +615,7 @@ FirmwareVolumeInfoPpiNotifyCallback (
// This is an FV from an FFS file, and the parent FV must have already been measured,
// No need to measure twice, so just record the FV and return
//
if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {
if ((Fv->ParentFvName != NULL) || (Fv->ParentFileName != NULL)) {
if (mMeasuredChildFvIndex >= mMeasuredMaxChildFvIndex) {
mMeasuredChildFvInfo = ReallocatePool (
sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasuredMaxChildFvIndex,
@@ -624,21 +625,23 @@ FirmwareVolumeInfoPpiNotifyCallback (
ASSERT (mMeasuredChildFvInfo != NULL);
mMeasuredMaxChildFvIndex = mMeasuredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP;
}
//
// Check whether FV is in the measured child FV list.
//
for (Index = 0; Index < mMeasuredChildFvIndex; Index++) {
if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) {
if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo) {
return EFI_SUCCESS;
}
}
mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo;
mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo;
mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize;
mMeasuredChildFvIndex++;
return EFI_SUCCESS;
}
return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize);
return MeasureFvImage ((EFI_PHYSICAL_ADDRESS)(UINTN)Fv->FvInfo, Fv->FvInfoSize);
}
/**
@@ -657,15 +660,15 @@ FirmwareVolumeInfoPpiNotifyCallback (
EFI_STATUS
EFIAPI
PhysicalPresencePpiNotifyCallback (
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
IN EFI_PEI_SERVICES **PeiServices,
IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
IN VOID *Ppi
)
{
EFI_STATUS Status;
TPM_PERMANENT_FLAGS TpmPermanentFlags;
PEI_LOCK_PHYSICAL_PRESENCE_PPI *LockPhysicalPresencePpi;
TPM_PHYSICAL_PRESENCE PhysicalPresenceValue;
EFI_STATUS Status;
TPM_PERMANENT_FLAGS TpmPermanentFlags;
PEI_LOCK_PHYSICAL_PRESENCE_PPI *LockPhysicalPresencePpi;
TPM_PHYSICAL_PRESENCE PhysicalPresenceValue;
Status = Tpm12GetCapabilityFlagPermanent (&TpmPermanentFlags);
if (EFI_ERROR (Status)) {
@@ -679,14 +682,14 @@ PhysicalPresencePpiNotifyCallback (
//
// Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet.
//
PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK;
PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK;
TpmPermanentFlags.physicalPresenceLifetimeLock = TRUE;
if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) {
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE;
TpmPermanentFlags.physicalPresenceCMDEnable = TRUE;
} else {
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE;
PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE;
TpmPermanentFlags.physicalPresenceCMDEnable = FALSE;
}
@@ -707,8 +710,8 @@ PhysicalPresencePpiNotifyCallback (
//
// 2. Lock physical presence if it is required.
//
LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi;
if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) {
LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *)Ppi;
if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES **)PeiServices)) {
return EFI_SUCCESS;
}
@@ -736,8 +739,8 @@ PhysicalPresencePpiNotifyCallback (
// Lock physical presence
//
Status = Tpm12PhysicalPresence (
TPM_PHYSICAL_PRESENCE_LOCK
);
TPM_PHYSICAL_PRESENCE_LOCK
);
return Status;
}
@@ -762,6 +765,7 @@ IsTpmUsable (
if (EFI_ERROR (Status)) {
return FALSE;
}
return (BOOLEAN)(!TpmPermanentFlags.deactivated);
}
@@ -778,17 +782,17 @@ IsTpmUsable (
EFI_STATUS
EFIAPI
PeimEntryMP (
IN EFI_PEI_SERVICES **PeiServices
IN EFI_PEI_SERVICES **PeiServices
)
{
EFI_STATUS Status;
EFI_STATUS Status;
Status = PeiServicesLocatePpi (
&gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,
0,
NULL,
(VOID**)&mMeasurementExcludedFvPpi
);
&gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,
0,
NULL,
(VOID **)&mMeasurementExcludedFvPpi
);
// Do not check status, because it is optional
Status = Tpm12RequestUseTpm ();
@@ -835,15 +839,15 @@ PeimEntryMP (
EFI_STATUS
EFIAPI
PeimEntryMA (
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
IN EFI_PEI_FILE_HANDLE FileHandle,
IN CONST EFI_PEI_SERVICES **PeiServices
)
{
EFI_STATUS Status;
EFI_STATUS Status2;
EFI_BOOT_MODE BootMode;
EFI_STATUS Status;
EFI_STATUS Status2;
EFI_BOOT_MODE BootMode;
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
DEBUG ((DEBUG_ERROR, "No TPM12 instance required!\n"));
return EFI_UNSUPPORTED;
}
@@ -863,7 +867,7 @@ PeimEntryMA (
// In S3 path, skip shadow logic. no measurement is required
//
if (BootMode != BOOT_ON_S3_RESUME) {
Status = (**PeiServices).RegisterForShadow(FileHandle);
Status = (**PeiServices).RegisterForShadow (FileHandle);
if (Status == EFI_ALREADY_STARTED) {
mImageInMemory = TRUE;
} else if (Status == EFI_NOT_FOUND) {
@@ -884,7 +888,8 @@ PeimEntryMA (
} else {
Status = Tpm12Startup (TPM_ST_CLEAR);
}
if (EFI_ERROR (Status) ) {
if (EFI_ERROR (Status)) {
goto Done;
}
}
@@ -907,19 +912,20 @@ PeimEntryMA (
}
if (mImageInMemory) {
Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices);
Status = PeimEntryMP ((EFI_PEI_SERVICES **)PeiServices);
return Status;
}
Done:
if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "TPM error! Build Hob\n"));
BuildGuidHob (&gTpmErrorHobGuid,0);
BuildGuidHob (&gTpmErrorHobGuid, 0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
(PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR)
);
}
//
// Always install TpmInitializationDonePpi no matter success or fail.
// Other driver can know TPM initialization state by TpmInitializedPpi.

230
SecurityPkg/Tcg/TcgSmm/TcgSmm.c
View File

@@ -38,29 +38,29 @@ TCG_NVS *mTcgNvs;
EFI_STATUS
EFIAPI
PhysicalPresenceCallback (
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
)
{
EFI_STATUS Status;
UINTN DataSize;
EFI_PHYSICAL_PRESENCE PpData;
EFI_PHYSICAL_PRESENCE_FLAGS Flags;
BOOLEAN RequestConfirmed;
EFI_STATUS Status;
UINTN DataSize;
EFI_PHYSICAL_PRESENCE PpData;
EFI_PHYSICAL_PRESENCE_FLAGS Flags;
BOOLEAN RequestConfirmed;
//
// Get the Physical Presence variable
//
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = mSmmVariable->SmmGetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
Status = mSmmVariable->SmmGetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&PpData
);
DEBUG ((DEBUG_INFO, "[TPM] PP callback, Parameter = %x\n", mTcgNvs->PhysicalPresence.Parameter));
if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) {
@@ -71,16 +71,19 @@ PhysicalPresenceCallback (
DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
mTcgNvs->PhysicalPresence.ReturnCode = PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS;
mTcgNvs->PhysicalPresence.LastRequest = PpData.LastPPRequest;
mTcgNvs->PhysicalPresence.Response = PpData.PPResponse;
} else if ((mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS)
|| (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) {
} else if ( (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS)
|| (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2))
{
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
if (mTcgNvs->PhysicalPresence.Request == PHYSICAL_PRESENCE_SET_OPERATOR_AUTH) {
//
// This command requires UI to prompt user for Auth data.
@@ -90,35 +93,37 @@ PhysicalPresenceCallback (
}
if (PpData.PPRequest != mTcgNvs->PhysicalPresence.Request) {
PpData.PPRequest = (UINT8) mTcgNvs->PhysicalPresence.Request;
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = mSmmVariable->SmmSetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&PpData
);
PpData.PPRequest = (UINT8)mTcgNvs->PhysicalPresence.Request;
DataSize = sizeof (EFI_PHYSICAL_PRESENCE);
Status = mSmmVariable->SmmSetVariable (
PHYSICAL_PRESENCE_VARIABLE,
&gEfiPhysicalPresenceGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&PpData
);
}
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE;
return EFI_SUCCESS;
}
mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS;
if (mTcgNvs->PhysicalPresence.Request >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);
Status = mSmmVariable->SmmGetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
Status = mSmmVariable->SmmGetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
if (EFI_ERROR (Status)) {
Flags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION;
}
mTcgNvs->PhysicalPresence.ReturnCode = TcgPpVendorLibSubmitRequestToPreOSFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags);
}
} else if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST) {
@@ -127,17 +132,18 @@ PhysicalPresenceCallback (
DEBUG ((DEBUG_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status));
return EFI_SUCCESS;
}
//
// Get the Physical Presence flags
//
DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS);
Status = mSmmVariable->SmmGetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
Status = mSmmVariable->SmmGetVariable (
PHYSICAL_PRESENCE_FLAGS_VARIABLE,
&gEfiPhysicalPresenceGuid,
NULL,
&DataSize,
&Flags
);
if (EFI_ERROR (Status)) {
mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION;
DEBUG ((DEBUG_ERROR, "[TPM] Get PP flags failure! Status = %r\n", Status));
@@ -160,6 +166,7 @@ PhysicalPresenceCallback (
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_CLEAR:
@@ -167,19 +174,22 @@ PhysicalPresenceCallback (
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) {
RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE:
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) {
RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE:
case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE:
if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) {
if (((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) && ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0)) {
RequestConfirmed = TRUE;
}
break;
case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE:
@@ -204,6 +214,7 @@ PhysicalPresenceCallback (
} else {
mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED;
}
if (mTcgNvs->PhysicalPresence.Request >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) {
mTcgNvs->PhysicalPresence.ReturnCode = TcgPpVendorLibGetUserConfirmationStatusFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags);
}
@@ -212,7 +223,6 @@ PhysicalPresenceCallback (
return EFI_SUCCESS;
}
/**
Software SMI callback for MemoryClear which is called from ACPI method.
@@ -233,28 +243,28 @@ PhysicalPresenceCallback (
EFI_STATUS
EFIAPI
MemoryClearCallback (
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
IN EFI_HANDLE DispatchHandle,
IN CONST VOID *Context,
IN OUT VOID *CommBuffer,
IN OUT UINTN *CommBufferSize
)
{
EFI_STATUS Status;
UINTN DataSize;
UINT8 MorControl;
EFI_STATUS Status;
UINTN DataSize;
UINT8 MorControl;
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_SUCCESS;
if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE) {
MorControl = (UINT8) mTcgNvs->MemoryClear.Request;
MorControl = (UINT8)mTcgNvs->MemoryClear.Request;
} else if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_PTS_CLEAR_MOR_BIT) {
DataSize = sizeof (UINT8);
Status = mSmmVariable->SmmGetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
NULL,
&DataSize,
&MorControl
);
Status = mSmmVariable->SmmGetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
NULL,
&DataSize,
&MorControl
);
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
DEBUG ((DEBUG_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status));
@@ -264,6 +274,7 @@ MemoryClearCallback (
if (MOR_CLEAR_MEMORY_VALUE (MorControl) == 0x0) {
return EFI_SUCCESS;
}
MorControl &= ~MOR_CLEAR_MEMORY_BIT_MASK;
} else {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
@@ -272,13 +283,13 @@ MemoryClearCallback (
}
DataSize = sizeof (UINT8);
Status = mSmmVariable->SmmSetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&MorControl
);
Status = mSmmVariable->SmmSetVariable (
MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME,
&gEfiMemoryOverwriteControlDataGuid,
EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS,
DataSize,
&MorControl
);
if (EFI_ERROR (Status)) {
mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE;
DEBUG ((DEBUG_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status));
@@ -300,38 +311,39 @@ MemoryClearCallback (
**/
VOID *
AssignOpRegion (
EFI_ACPI_DESCRIPTION_HEADER *Table,
UINT32 Name,
UINT16 Size
EFI_ACPI_DESCRIPTION_HEADER *Table,
UINT32 Name,
UINT16 Size
)
{
EFI_STATUS Status;
AML_OP_REGION_32_8 *OpRegion;
EFI_PHYSICAL_ADDRESS MemoryAddress;
EFI_STATUS Status;
AML_OP_REGION_32_8 *OpRegion;
EFI_PHYSICAL_ADDRESS MemoryAddress;
MemoryAddress = SIZE_4GB - 1;
//
// Patch some pointers for the ASL code before loading the SSDT.
//
for (OpRegion = (AML_OP_REGION_32_8 *) (Table + 1);
OpRegion <= (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Length);
OpRegion = (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) {
for (OpRegion = (AML_OP_REGION_32_8 *)(Table + 1);
OpRegion <= (AML_OP_REGION_32_8 *)((UINT8 *)Table + Table->Length);
OpRegion = (AML_OP_REGION_32_8 *)((UINT8 *)OpRegion + 1))
{
if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) &&
(OpRegion->NameString == Name) &&
(OpRegion->DWordPrefix == AML_DWORD_PREFIX) &&
(OpRegion->BytePrefix == AML_BYTE_PREFIX)) {
Status = gBS->AllocatePages(AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress);
(OpRegion->BytePrefix == AML_BYTE_PREFIX))
{
Status = gBS->AllocatePages (AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress);
ASSERT_EFI_ERROR (Status);
ZeroMem ((VOID *)(UINTN)MemoryAddress, Size);
OpRegion->RegionOffset = (UINT32) (UINTN) MemoryAddress;
OpRegion->RegionLen = (UINT8) Size;
OpRegion->RegionOffset = (UINT32)(UINTN)MemoryAddress;
OpRegion->RegionLen = (UINT8)Size;
break;
}
}
return (VOID *) (UINTN) MemoryAddress;
return (VOID *)(UINTN)MemoryAddress;
}
/**
@@ -346,26 +358,25 @@ PublishAcpiTable (
VOID
)
{
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
UINTN TableKey;
EFI_ACPI_DESCRIPTION_HEADER *Table;
UINTN TableSize;
EFI_STATUS Status;
EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
UINTN TableKey;
EFI_ACPI_DESCRIPTION_HEADER *Table;
UINTN TableSize;
Status = GetSectionFromFv (
&gEfiCallerIdGuid,
EFI_SECTION_RAW,
0,
(VOID **) &Table,
(VOID **)&Table,
&TableSize
);
ASSERT_EFI_ERROR (Status);
//
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA
//
TpmMeasureAndLogData(
TpmMeasureAndLogData (
0,
EV_POST_CODE,
EV_POSTCODE_INFO_ACPI_DATA,
@@ -374,25 +385,24 @@ PublishAcpiTable (
TableSize
);
ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'c', 'g', 'T', 'a', 'b', 'l', 'e'));
CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId) );
mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS));
CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId));
mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16)sizeof (TCG_NVS));
ASSERT (mTcgNvs != NULL);
//
// Publish the TPM ACPI table
//
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable);
Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable);
ASSERT_EFI_ERROR (Status);
TableKey = 0;
Status = AcpiTable->InstallAcpiTable (
AcpiTable,
Table,
TableSize,
&TableKey
);
Status = AcpiTable->InstallAcpiTable (
AcpiTable,
Table,
TableSize,
&TableKey
);
ASSERT_EFI_ERROR (Status);
return Status;
@@ -414,8 +424,8 @@ PublishAcpiTable (
EFI_STATUS
EFIAPI
InitializeTcgSmm (
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
IN EFI_HANDLE ImageHandle,
IN EFI_SYSTEM_TABLE *SystemTable
)
{
EFI_STATUS Status;
@@ -423,7 +433,7 @@ InitializeTcgSmm (
EFI_SMM_SW_REGISTER_CONTEXT SwContext;
EFI_HANDLE SwHandle;
if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){
if (!CompareGuid (PcdGetPtr (PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)) {
DEBUG ((DEBUG_ERROR, "No TPM12 instance required!\n"));
return EFI_UNSUPPORTED;
}
@@ -434,28 +444,30 @@ InitializeTcgSmm (
//
// Get the Sw dispatch protocol and register SMI callback functions.
//
Status = gSmst->SmmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID**)&SwDispatch);
Status = gSmst->SmmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID **)&SwDispatch);
ASSERT_EFI_ERROR (Status);
SwContext.SwSmiInputValue = (UINTN) -1;
Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &SwHandle);
SwContext.SwSmiInputValue = (UINTN)-1;
Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &SwHandle);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
return Status;
}
mTcgNvs->PhysicalPresence.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue;
SwContext.SwSmiInputValue = (UINTN) -1;
Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &SwHandle);
mTcgNvs->PhysicalPresence.SoftwareSmi = (UINT8)SwContext.SwSmiInputValue;
SwContext.SwSmiInputValue = (UINTN)-1;
Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &SwHandle);
ASSERT_EFI_ERROR (Status);
if (EFI_ERROR (Status)) {
return Status;
}
mTcgNvs->MemoryClear.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue;
mTcgNvs->MemoryClear.SoftwareSmi = (UINT8)SwContext.SwSmiInputValue;
//
// Locate SmmVariableProtocol.
//
Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mSmmVariable);
Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID **)&mSmmVariable);
ASSERT_EFI_ERROR (Status);
return EFI_SUCCESS;

70
SecurityPkg/Tcg/TcgSmm/TcgSmm.h
View File

@@ -34,66 +34,66 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#pragma pack(1)
typedef struct {
UINT8 SoftwareSmi;
UINT32 Parameter;
UINT32 Response;
UINT32 Request;
UINT32 LastRequest;
UINT32 ReturnCode;
UINT8 SoftwareSmi;
UINT32 Parameter;
UINT32 Response;
UINT32 Request;
UINT32 LastRequest;
UINT32 ReturnCode;
} PHYSICAL_PRESENCE_NVS;
typedef struct {
UINT8 SoftwareSmi;
UINT32 Parameter;
UINT32 Request;
UINT32 ReturnCode;
UINT8 SoftwareSmi;
UINT32 Parameter;
UINT32 Request;
UINT32 ReturnCode;
} MEMORY_CLEAR_NVS;
typedef struct {
PHYSICAL_PRESENCE_NVS PhysicalPresence;
MEMORY_CLEAR_NVS MemoryClear;
UINT32 PPRequestUserConfirm;
PHYSICAL_PRESENCE_NVS PhysicalPresence;
MEMORY_CLEAR_NVS MemoryClear;
UINT32 PPRequestUserConfirm;
} TCG_NVS;
typedef struct {
UINT8 OpRegionOp;
UINT32 NameString;
UINT8 RegionSpace;
UINT8 DWordPrefix;
UINT32 RegionOffset;
UINT8 BytePrefix;
UINT8 RegionLen;
UINT8 OpRegionOp;
UINT32 NameString;
UINT8 RegionSpace;
UINT8 DWordPrefix;
UINT32 RegionOffset;
UINT8 BytePrefix;
UINT8 RegionLen;
} AML_OP_REGION_32_8;
#pragma pack()
//
// The definition for TCG physical presence ACPI function
//
#define ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION 1
#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS 2
#define ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS 3
#define ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS 4
#define ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS 5
#define ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE 6
#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7
#define ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8
#define ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION 1
#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS 2
#define ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS 3
#define ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS 4
#define ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS 5
#define ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE 6
#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7
#define ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8
//
// The return code for Return TPM Operation Response to OS Environment
//
#define PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS 0
#define PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE 1
#define PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS 0
#define PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE 1
//
// The definition for TCG MOR
//
#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1
#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2
#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1
#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2
//
// The return code for Memory Clear Interface Functions
//
#define MOR_REQUEST_SUCCESS 0
#define MOR_REQUEST_GENERAL_FAILURE 1
#define MOR_REQUEST_SUCCESS 0
#define MOR_REQUEST_GENERAL_FAILURE 1
#endif // __TCG_SMM_H__
#endif // __TCG_SMM_H__