sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MdeModulePkg: Variable: Update PCR[7] measure for new TCG spec

Browse Source 
Measure DBT into PCR[7] when it is updated between initial measure and
ExitBootService. Measure "SecureBoot" change after PK update.
Spec version : TCG PC Client PFP 00.37. http://www.trustedcomputinggroup.org/wp-content/uploads/PC-ClientSpecific_Platform_Profile_for_TPM_2p0_Systems_v21.pdf

Cc: Star Zeng <star.zeng@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
This commit is contained in:
Zhang, Chao B
2017-01-18 11:32:47 +08:00
parent 1404e3a150
commit dc9bd6ed28
5 changed files with 128 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c
View File

@@ -3,7 +3,7 @@
and volatile storage space and install variable architecture protocol.
Copyright (C) 2013, Red Hat, Inc.
Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2006 - 2017, Intel Corporation. All rights reserved.<BR>
(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -31,6 +31,17 @@ EDKII_VAR_CHECK_PROTOCOL mVarCheck = { VarCheckRegis
VarCheckVariablePropertySet,
VarCheckVariablePropertyGet };
/**
Some Secure Boot Policy Variable may update following other variable changes(SecureBoot follows PK change, etc).
Record their initial State when variable write service is ready.
**/
VOID
EFIAPI
RecordSecureBootPolicyVarData(
VOID
);
/**
Return TRUE if ExitBootServices () has been called.
@@ -414,6 +425,12 @@ FtwNotificationEvent (
DEBUG ((DEBUG_ERROR, "Variable write service initialization failed. Status = %r\n", Status));
}
//
// Some Secure Boot Policy Var (SecureBoot, etc) updates following other
// Secure Boot Policy Variable change. Record their initial value.
//
RecordSecureBootPolicyVarData();
//
// Install the Variable Write Architectural protocol.
//