summaryrefslogtreecommitdiff
path: root/MdePkg
diff options
context:
space:
mode:
authorYao, Jiewen <Jiewen.Yao@intel.com>2015-08-13 08:22:05 +0000
committerjyao1 <jyao1@Edk2>2015-08-13 08:22:05 +0000
commit59b226d6d7e2b9e6ea8751abb366dd1a7d643a4c (patch)
tree3efaecce2eae8b03f86c3e0f840ae5dd8aa3e0ad /MdePkg
parent26ecc55c027d77ebe6d73cb26dd93f814639a279 (diff)
downloadedk2-platforms-59b226d6d7e2b9e6ea8751abb366dd1a7d643a4c.tar.xz
Add TPM2 definition in trusted computing group.
1) TCG Physical Presence Interface Specification 1.30 at http://www.trustedcomputinggroup.org/resources/tcg_physical_presence_interface_specification 2) TCG EFI Protocol Specification for TPM 2.0 at http://www.trustedcomputinggroup.org/resources/tcg_efi_protocol_specification 3) Update TPM2.0 header file to include Hash Algo definition. 4) Update UEFI TCG platform header file to include more TCG event structure. Test Win8/Win10 with secure boot enabled, PCR7 shows bound. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <Jiewen.Yao@intel.com> Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18218 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'MdePkg')
-rw-r--r--MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h129
-rw-r--r--MdePkg/Include/IndustryStandard/Tpm20.h11
-rw-r--r--MdePkg/Include/IndustryStandard/UefiTcgPlatform.h110
-rw-r--r--MdePkg/Include/Protocol/Tcg2Protocol.h341
-rw-r--r--MdePkg/Include/Protocol/TrEEProtocol.h18
-rw-r--r--MdePkg/MdePkg.dec4
6 files changed, 594 insertions, 19 deletions
diff --git a/MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h b/MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h
new file mode 100644
index 0000000000..80ae7d33ef
--- /dev/null
+++ b/MdePkg/Include/IndustryStandard/TcgPhysicalPresence.h
@@ -0,0 +1,129 @@
+/** @file
+ TCG Physical Presence definition.
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef _TCG_PHYSICAL_PRESENCE_H_
+#define _TCG_PHYSICAL_PRESENCE_H_
+
+//
+// TCG PP definition for physical presence ACPI function
+//
+#define TCG_ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION 1
+#define TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS 2
+#define TCG_ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS 3
+#define TCG_ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS 4
+#define TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS 5
+#define TCG_ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE 6
+#define TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7
+#define TCG_ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8
+
+//
+// TCG PP definition for TPM Operation Response to OS Environment
+//
+#define TCG_PP_OPERATION_RESPONSE_SUCCESS 0x0
+#define TCG_PP_OPERATION_RESPONSE_USER_ABORT 0xFFFFFFF0
+#define TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFFFFFF1
+
+//
+// TCG PP definition of return code for Return TPM Operation Response to OS Environment
+//
+#define TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS 0
+#define TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE 1
+
+//
+// TCG PP definition of return code for Sumbit TPM Request to Pre-OS Environment
+// and Sumbit TPM Request to Pre-OS Environment 2
+//
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS 0
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED 1
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE 2
+#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS 3
+
+//
+// TCG PP definition of return code for Get User Confirmation Status for Operation
+//
+#define TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED 0
+#define TCG_PP_GET_USER_CONFIRMATION_BIOS_ONLY 1
+#define TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION 2
+#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED 3
+#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED 4
+
+//
+// TCG PP definition of physical presence operation actions for TPM12
+//
+#define TCG_PHYSICAL_PRESENCE_NO_ACTION 0
+#define TCG_PHYSICAL_PRESENCE_ENABLE 1
+#define TCG_PHYSICAL_PRESENCE_DISABLE 2
+#define TCG_PHYSICAL_PRESENCE_ACTIVATE 3
+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE 4
+#define TCG_PHYSICAL_PRESENCE_CLEAR 5
+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6
+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE 7
+#define TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE 8
+#define TCG_PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE 9
+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE 10
+#define TCG_PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE 11
+#define TCG_PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12
+#define TCG_PHYSICAL_PRESENCE_SET_OPERATOR_AUTH 13
+#define TCG_PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE 14
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE 15
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE 16
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE 19
+#define TCG_PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE 20
+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR 21
+#define TCG_PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22
+
+#define TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION 128
+
+//
+// TCG PP definition of physical presence operation actions for TPM2
+//
+#define TCG2_PHYSICAL_PRESENCE_NO_ACTION 0
+#define TCG2_PHYSICAL_PRESENCE_ENABLE 1
+#define TCG2_PHYSICAL_PRESENCE_DISABLE 2
+#define TCG2_PHYSICAL_PRESENCE_CLEAR 5
+#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR 14
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE 17
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE 18
+#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2 21
+#define TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3 22
+#define TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS 23
+#define TCG2_PHYSICAL_PRESENCE_CHANGE_EPS 24
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_PCRS_FALSE 25
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_PCRS_TRUE 26
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_ON_FALSE 27
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_ON_TRUE 28
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_OFF_FALSE 29
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_TURN_OFF_TRUE 30
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_EPS_FALSE 31
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CHANGE_EPS_TRUE 32
+#define TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS 33
+#define TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY 34
+#define TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX 34
+
+//
+// TCG PP definition of physical presence operation actions for storage management
+//
+#define TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN 96
+#define TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID 96
+#define TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID 97
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE 98
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE 99
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE 100
+#define TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE 101
+
+#define TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION 128
+
+#endif \ No newline at end of file
diff --git a/MdePkg/Include/IndustryStandard/Tpm20.h b/MdePkg/Include/IndustryStandard/Tpm20.h
index 5074d899d0..2abfc57df8 100644
--- a/MdePkg/Include/IndustryStandard/Tpm20.h
+++ b/MdePkg/Include/IndustryStandard/Tpm20.h
@@ -5,7 +5,7 @@
Check http://trustedcomputinggroup.org for latest specification updates.
-Copyright (c) 2013, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -1806,4 +1806,13 @@ typedef struct {
#pragma pack ()
+//
+// TCG Algorithm Registry
+//
+#define HASH_ALG_SHA1 0x00000001
+#define HASH_ALG_SHA256 0x00000002
+#define HASH_ALG_SHA384 0x00000004
+#define HASH_ALG_SHA512 0x00000008
+#define HASH_ALG_SM3_256 0x00000010
+
#endif
diff --git a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
index 8db86a137c..23eaa53acd 100644
--- a/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
+++ b/MdePkg/Include/IndustryStandard/UefiTcgPlatform.h
@@ -1,7 +1,7 @@
/** @file
TCG EFI Platform Definition in TCG_EFI_Platform_1_20_Final
- Copyright (c) 2006 - 2012, Intel Corporation. All rights reserved.<BR>
+ Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -16,12 +16,14 @@
#define __UEFI_TCG_PLATFORM_H__
#include <IndustryStandard/Tpm12.h>
+#include <IndustryStandard/Tpm20.h>
#include <Uefi.h>
//
// Standard event types
//
#define EV_POST_CODE ((TCG_EVENTTYPE) 0x00000001)
+#define EV_NO_ACTION ((TCG_EVENTTYPE) 0x00000003)
#define EV_SEPARATOR ((TCG_EVENTTYPE) 0x00000004)
#define EV_S_CRTM_CONTENTS ((TCG_EVENTTYPE) 0x00000007)
#define EV_S_CRTM_VERSION ((TCG_EVENTTYPE) 0x00000008)
@@ -41,6 +43,7 @@
#define EV_EFI_ACTION (EV_EFI_EVENT_BASE + 7)
#define EV_EFI_PLATFORM_FIRMWARE_BLOB (EV_EFI_EVENT_BASE + 8)
#define EV_EFI_HANDOFF_TABLES (EV_EFI_EVENT_BASE + 9)
+#define EV_EFI_VARIABLE_AUTHORITY (EV_EFI_EVENT_BASE + 0xE0)
#define EFI_CALLING_EFI_APPLICATION \
"Calling EFI Application from Boot Option"
@@ -72,6 +75,9 @@
#define EV_POSTCODE_INFO_OPROM "Embedded Option ROM"
#define OPROM_LEN (sizeof(EV_POSTCODE_INFO_OPROM) - 1)
+#define FIRMWARE_DEBUGGER_EVENT_STRING "UEFI Debug Mode"
+#define FIRMWARE_DEBUGGER_EVENT_STRING_LEN (sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1)
+
//
// Set structure alignment to 1-byte
//
@@ -154,6 +160,17 @@ typedef struct tdEFI_VARIABLE_DATA {
INT8 VariableData[1]; ///< Driver or platform-specific data
} EFI_VARIABLE_DATA;
+//
+// For TrEE1.0 compatibility
+//
+typedef struct {
+ EFI_GUID VariableName;
+ UINT64 UnicodeNameLength; // The TCG Definition used UINTN
+ UINT64 VariableDataLength; // The TCG Definition used UINTN
+ CHAR16 UnicodeName[1];
+ INT8 VariableData[1];
+} EFI_VARIABLE_DATA_TREE;
+
typedef struct tdEFI_GPT_DATA {
EFI_PARTITION_TABLE_HEADER EfiPartitionHeader;
UINTN NumberOfPartitions;
@@ -161,6 +178,97 @@ typedef struct tdEFI_GPT_DATA {
} EFI_GPT_DATA;
//
+// Crypto Agile Log Entry Format
+//
+typedef struct tdTCG_PCR_EVENT2 {
+ TCG_PCRINDEX PCRIndex;
+ TCG_EVENTTYPE EventType;
+ TPML_DIGEST_VALUES Digest;
+ UINT32 EventSize;
+ UINT8 Event[1];
+} TCG_PCR_EVENT2;
+
+//
+// Log Header Entry Data
+//
+typedef struct {
+ //
+ // TCG defined hashing algorithm ID.
+ //
+ UINT16 algorithmId;
+ //
+ // The size of the digest for the respective hashing algorithm.
+ //
+ UINT16 digestSize;
+} TCG_EfiSpecIdEventAlgorithmSize;
+
+#define TCG_EfiSpecIDEventStruct_SIGNATURE_02 "Spec ID Event02"
+#define TCG_EfiSpecIDEventStruct_SIGNATURE_03 "Spec ID Event03"
+
+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM12 1
+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM12 2
+#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM12 2
+
+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2 2
+#define TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2 0
+#define TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2 0
+
+typedef struct {
+ UINT8 signature[16];
+ //
+ // The value for the Platform Class.
+ // The enumeration is defined in the TCG ACPI Specification Client Common Header.
+ //
+ UINT32 platformClass;
+ //
+ // The TCG EFI Platform Specification minor version number this BIOS supports.
+ // Any BIOS supporting version (1.22) MUST set this value to 02h.
+ // Any BIOS supporting version (2.0) SHALL set this value to 0x00.
+ //
+ UINT8 specVersionMinor;
+ //
+ // The TCG EFI Platform Specification major version number this BIOS supports.
+ // Any BIOS supporting version (1.22) MUST set this value to 01h.
+ // Any BIOS supporting version (2.0) SHALL set this value to 0x02.
+ //
+ UINT8 specVersionMajor;
+ //
+ // The TCG EFI Platform Specification errata for this specification this BIOS supports.
+ // Any BIOS supporting version and errata (1.22) MUST set this value to 02h.
+ // Any BIOS supporting version and errata (2.0) SHALL set this value to 0x00.
+ //
+ UINT8 specErrata;
+ //
+ // Specifies the size of the UINTN fields used in various data structures used in this specification.
+ // 0x01 indicates UINT32 and 0x02 indicates UINT64.
+ //
+ UINT8 uintnSize;
+ //
+ // This field is added in "Spec ID Event03".
+ // The number of hashing algorithms used in this event log (except the first event).
+ // All events in this event log use all hashing algorithms defined here.
+ //
+//UINT32 numberOfAlgorithms;
+ //
+ // This field is added in "Spec ID Event03".
+ // An array of size numberOfAlgorithms of value pairs.
+ //
+//TCG_EfiSpecIdEventAlgorithmSize digestSize[numberOfAlgorithms];
+ //
+ // Size in bytes of the VendorInfo field.
+ // Maximum value SHALL be FFh bytes.
+ //
+//UINT8 vendorInfoSize;
+ //
+ // Provided for use by the BIOS implementer.
+ // The value might be used, for example, to provide more detailed information about the specific BIOS such as BIOS revision numbers, etc.
+ // The values within this field are not standardized and are implementer-specific.
+ // Platform-specific or -unique information SHALL NOT be provided in this field.
+ //
+//UINT8 vendorInfo[vendorInfoSize];
+} TCG_EfiSpecIDEventStruct;
+
+//
// Restore original structure alignment
//
#pragma pack ()
diff --git a/MdePkg/Include/Protocol/Tcg2Protocol.h b/MdePkg/Include/Protocol/Tcg2Protocol.h
new file mode 100644
index 0000000000..0bda105a44
--- /dev/null
+++ b/MdePkg/Include/Protocol/Tcg2Protocol.h
@@ -0,0 +1,341 @@
+/** @file
+ TPM2 Protocol as defined in TCG PC Client Platform EFI Protocol Specification Family "2.0".
+ See http://trustedcomputinggroup.org for the latest specification
+
+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution. The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __TCG2_PROTOCOL_H__
+#define __TCG2_PROTOCOL_H__
+
+#include <IndustryStandard/UefiTcgPlatform.h>
+#include <IndustryStandard/Tpm20.h>
+
+#define EFI_TCG2_PROTOCOL_GUID \
+ {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}
+
+typedef struct tdEFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL;
+
+typedef struct tdEFI_TCG2_VERSION {
+ UINT8 Major;
+ UINT8 Minor;
+} EFI_TCG2_VERSION;
+
+typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP;
+typedef UINT32 EFI_TCG2_EVENT_LOG_FORMAT;
+typedef UINT32 EFI_TCG2_EVENT_ALGORITHM_BITMAP;
+
+#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x00000001
+#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002
+
+typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY {
+ //
+ // Allocated size of the structure
+ //
+ UINT8 Size;
+ //
+ // Version of the EFI_TCG2_BOOT_SERVICE_CAPABILITY structure itself.
+ // For this version of the protocol, the Major version shall be set to 1
+ // and the Minor version shall be set to 1.
+ //
+ EFI_TCG2_VERSION StructureVersion;
+ //
+ // Version of the EFI TCG2 protocol.
+ // For this version of the protocol, the Major version shall be set to 1
+ // and the Minor version shall be set to 1.
+ //
+ EFI_TCG2_VERSION ProtocolVersion;
+ //
+ // Supported hash algorithms (this bitmap is determined by the supported PCR
+ // banks in the TPM and the hashing algorithms supported by the firmware)
+ //
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
+ //
+ // Bitmap of supported event log formats
+ //
+ EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs;
+ //
+ // False = TPM not present
+ //
+ BOOLEAN TPMPresentFlag;
+ //
+ // Max size (in bytes) of a command that can be sent to the TPM
+ //
+ UINT16 MaxCommandSize;
+ //
+ // Max size (in bytes) of a response that can be provided by the TPM
+ //
+ UINT16 MaxResponseSize;
+ //
+ // 4-byte Vendor ID
+ // (see TCG Vendor ID registry, Section "TPM Capabilities Vendor ID")
+ //
+ UINT32 ManufacturerID;
+ //
+ // Maximum number of PCR banks (hashing algorithms) supported.
+ // No granularity is provided to support a specific set of algorithms.
+ // Minimum value is 1.
+ //
+ UINT32 NumberOfPCRBanks;
+ //
+ // A bitmap of currently active PCR banks (hashing algorithms).
+ // This is a subset of the supported hashing algorithms reported in HashAlgorithmBitMap.
+ // NumberOfPcrBanks defines the number of bits that are set.
+ //
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks;
+} EFI_TCG2_BOOT_SERVICE_CAPABILITY;
+
+#define EFI_TCG2_BOOT_HASH_ALG_SHA1 0x00000001
+#define EFI_TCG2_BOOT_HASH_ALG_SHA256 0x00000002
+#define EFI_TCG2_BOOT_HASH_ALG_SHA384 0x00000004
+#define EFI_TCG2_BOOT_HASH_ALG_SHA512 0x00000008
+#define EFI_TCG2_BOOT_HASH_ALG_SM3_256 0x00000010
+
+//
+// This bit is shall be set when an event shall be extended but not logged.
+//
+#define EFI_TCG2_EXTEND_ONLY 0x0000000000000001
+//
+// This bit shall be set when the intent is to measure a PE/COFF image.
+//
+#define PE_COFF_IMAGE 0x0000000000000010
+
+#define MAX_PCR_INDEX 23
+
+#pragma pack(1)
+
+#define EFI_TCG2_EVENT_HEADER_VERSION 1
+
+typedef struct {
+ //
+ // Size of the event header itself (sizeof(EFI_TCG2_EVENT_HEADER)).
+ //
+ UINT32 HeaderSize;
+ //
+ // Header version. For this version of this specification, the value shall be 1.
+ //
+ UINT16 HeaderVersion;
+ //
+ // Index of the PCR that shall be extended (0 - 23).
+ //
+ TCG_PCRINDEX PCRIndex;
+ //
+ // Type of the event that shall be extended (and optionally logged).
+ //
+ TCG_EVENTTYPE EventType;
+} EFI_TCG2_EVENT_HEADER;
+
+typedef struct tdEFI_TCG2_EVENT {
+ //
+ // Total size of the event including the Size component, the header and the Event data.
+ //
+ UINT32 Size;
+ EFI_TCG2_EVENT_HEADER Header;
+ UINT8 Event[1];
+} EFI_TCG2_EVENT;
+
+#pragma pack()
+
+/**
+ The EFI_TCG2_PROTOCOL GetCapability function call provides protocol
+ capability information and state information.
+
+ @param[in] This Indicates the calling context
+ @param[in, out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY
+ structure and sets the size field to the size of the structure allocated.
+ The callee fills in the fields with the EFI protocol capability information
+ and the current EFI TCG2 state information up to the number of fields which
+ fit within the size of the structure passed in.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+ The ProtocolCapability variable will not be populated.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
+ The ProtocolCapability variable will not be populated.
+ @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response.
+ It will be partially populated (required Size field will be set).
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_GET_CAPABILITY) (
+ IN EFI_TCG2_PROTOCOL *This,
+ IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability
+ );
+
+/**
+ The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to
+ retrieve the address of a given event log and its last entry.
+
+ @param[in] This Indicates the calling context
+ @param[in] EventLogFormat The type of the event log for which the information is requested.
+ @param[out] EventLogLocation A pointer to the memory address of the event log.
+ @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the
+ address of the start of the last entry in the event log in memory.
+ @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would
+ have exceeded the area allocated for events, this value is set to TRUE.
+ Otherwise, the value will be FALSE and the Event Log will be complete.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect
+ (e.g. asking for an event log whose format is not supported).
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_GET_EVENT_LOG) (
+ IN EFI_TCG2_PROTOCOL *This,
+ IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,
+ OUT EFI_PHYSICAL_ADDRESS *EventLogLocation,
+ OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry,
+ OUT BOOLEAN *EventLogTruncated
+ );
+
+/**
+ The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with
+ an opportunity to extend and optionally log events without requiring
+ knowledge of actual TPM commands.
+ The extend operation will occur even if this function cannot create an event
+ log entry (e.g. due to the event log being full).
+
+ @param[in] This Indicates the calling context
+ @param[in] Flags Bitmap providing additional information.
+ @param[in] DataToHash Physical address of the start of the data buffer to be hashed.
+ @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash.
+ @param[in] EfiTcgEvent Pointer to data buffer containing information about the event.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+ @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
+ @retval EFI_UNSUPPORTED The PE/COFF image type is not supported.
+**/
+typedef
+EFI_STATUS
+(EFIAPI * EFI_TCG2_HASH_LOG_EXTEND_EVENT) (
+ IN EFI_TCG2_PROTOCOL *This,
+ IN UINT64 Flags,
+ IN EFI_PHYSICAL_ADDRESS DataToHash,
+ IN UINT64 DataToHashLen,
+ IN EFI_TCG2_EVENT *EfiTcgEvent
+ );
+
+/**
+ This service enables the sending of commands to the TPM.
+
+ @param[in] This Indicates the calling context
+ @param[in] InputParameterBlockSize Size of the TPM input parameter block.
+ @param[in] InputParameterBlock Pointer to the TPM input parameter block.
+ @param[in] OutputParameterBlockSize Size of the TPM output parameter block.
+ @param[in] OutputParameterBlock Pointer to the TPM output parameter block.
+
+ @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
+ @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
+ @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_SUBMIT_COMMAND) (
+ IN EFI_TCG2_PROTOCOL *This,
+ IN UINT32 InputParameterBlockSize,
+ IN UINT8 *InputParameterBlock,
+ IN UINT32 OutputParameterBlockSize,
+ IN UINT8 *OutputParameterBlock
+ );
+
+/**
+ This service returns the currently active PCR banks.
+
+ @param[in] This Indicates the calling context
+ @param[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks.
+
+ @retval EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_GET_ACTIVE_PCR_BANKS) (
+ IN EFI_TCG2_PROTOCOL *This,
+ OUT UINT32 *ActivePcrBanks
+ );
+
+/**
+ This service sets the currently active PCR banks.
+
+ @param[in] This Indicates the calling context
+ @param[in] ActivePcrBanks Bitmap of the requested active PCR banks. At least one bit SHALL be set.
+
+ @retval EFI_SUCCESS The bitmap in ActivePcrBank parameter is already active.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_SET_ACTIVE_PCR_BANKS) (
+ IN EFI_TCG2_PROTOCOL *This,
+ IN UINT32 ActivePcrBanks
+ );
+
+/**
+ This service retrieves the result of a previous invocation of SetActivePcrBanks.
+
+ @param[in] This Indicates the calling context
+ @param[out] OperationPresent Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot.
+ @param[out] Response The response from the SetActivePcrBank request.
+
+ @retval EFI_SUCCESS The result value could be returned.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS) (
+ IN EFI_TCG2_PROTOCOL *This,
+ OUT UINT32 *OperationPresent,
+ OUT UINT32 *Response
+ );
+
+struct tdEFI_TCG2_PROTOCOL {
+ EFI_TCG2_GET_CAPABILITY GetCapability;
+ EFI_TCG2_GET_EVENT_LOG GetEventLog;
+ EFI_TCG2_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
+ EFI_TCG2_SUBMIT_COMMAND SubmitCommand;
+ EFI_TCG2_GET_ACTIVE_PCR_BANKS GetActivePcrBanks;
+ EFI_TCG2_SET_ACTIVE_PCR_BANKS SetActivePcrBanks;
+ EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS GetResultOfSetActivePcrBanks;
+};
+
+extern EFI_GUID gEfiTcg2ProtocolGuid;
+
+//
+// Log entries after Get Event Log service
+//
+
+#define EFI_TCG2_FINAL_EVENTS_TABLE_GUID \
+ {0x1e2ed096, 0x30e2, 0x4254, { 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25 }}
+
+extern EFI_GUID gEfiTcg2FinalEventsTableGuid;
+
+typedef struct tdEFI_TCG2_FINAL_EVENTS_TABLE {
+ //
+ // The version of this structure.
+ //
+ UINT64 Version;
+ //
+ // Number of events recorded after invocation of GetEventLog API
+ //
+ UINT64 NumberOfEvents;
+ //
+ // List of events of type TCG_PCR_EVENT2.
+ //
+//TCG_PCR_EVENT2 Event[1];
+} EFI_TCG2_FINAL_EVENTS_TABLE;
+
+#define EFI_TCG2_FINAL_EVENTS_TABLE_VERSION 1
+
+#endif
diff --git a/MdePkg/Include/Protocol/TrEEProtocol.h b/MdePkg/Include/Protocol/TrEEProtocol.h
index 2f535348ff..96eadc23a9 100644
--- a/MdePkg/Include/Protocol/TrEEProtocol.h
+++ b/MdePkg/Include/Protocol/TrEEProtocol.h
@@ -1,7 +1,7 @@
/** @file
Ihis protocol is defined to abstract TPM2 hardware access in boot phase.
-Copyright (c) 2013, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -93,22 +93,6 @@ typedef TREE_BOOT_SERVICE_CAPABILITY_1_0 TREE_BOOT_SERVICE_CAPABILITY;
//
#define PE_COFF_IMAGE 0x0000000000000010
-//#define EV_EFI_VARIABLE_DRIVER_CONFIG 0x80000001 // Defined in TCG
-//#define EV_EFI_ACTION 0x80000007 // Defined in TCG
-#define EV_EFI_VARIABLE_AUTHORITY 0x800000E0
-
-#define FIRMWARE_DEBUGGER_EVENT_STRING "UEFI Debug Mode"
-
-#pragma pack(1)
-typedef struct {
- EFI_GUID VariableName;
- UINT64 UnicodeNameLength; // The TCG Definition used UINTN
- UINT64 VariableDataLength; // The TCG Definition used UINTN
- CHAR16 UnicodeName[1];
- INT8 VariableData[1];
-} EFI_VARIABLE_DATA_TREE;
-#pragma pack()
-
typedef UINT32 TrEE_PCRINDEX;
typedef UINT32 TrEE_EVENTTYPE;
diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
index 7d74b69769..64dc5f903a 100644
--- a/MdePkg/MdePkg.dec
+++ b/MdePkg/MdePkg.dec
@@ -1361,6 +1361,10 @@
## Include/Protocol/TrEEProtocol.h
gEfiTrEEProtocolGuid = {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}
+
+ ## Include/Protocol/Tcg2Protocol.h
+ gEfiTcg2ProtocolGuid = {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}
+ gEfiTcg2FinalEventsTableGuid = {0x1e2ed096, 0x30e2, 0x4254, { 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25 }}
## Include/Protocol/FormBrowser2.h
gEfiFormBrowser2ProtocolGuid = {0xb9d4c360, 0xbcfb, 0x4f9b, {0x92, 0x98, 0x53, 0xc1, 0x36, 0x98, 0x22, 0x58}}