summaryrefslogtreecommitdiff
path: root/SecurityPkg/Tcg
diff options
context:
space:
mode:
authorczhang46 <czhang46@6f19259b-4bc3-4df7-8a09-765794883524>2012-09-11 02:26:50 +0000
committerczhang46 <czhang46@6f19259b-4bc3-4df7-8a09-765794883524>2012-09-11 02:26:50 +0000
commit2aadc9205b8c1ea8b002e2bc05dcaed7b1505121 (patch)
treec24b5fb392f17b23bfad734da88fb717c07ae126 /SecurityPkg/Tcg
parent884ed923564f35084c45a8f3f132c076b26f2423 (diff)
downloadedk2-platforms-2aadc9205b8c1ea8b002e2bc05dcaed7b1505121.tar.xz
Enable TPM measurement lib to measure all PE image from a FV unmeasured by TcgPei
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by : Dong, Guo <guo.dong@intel.com> git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13714 6f19259b-4bc3-4df7-8a09-765794883524
Diffstat (limited to 'SecurityPkg/Tcg')
-rw-r--r--SecurityPkg/Tcg/TcgPei/TcgPei.c116
-rw-r--r--SecurityPkg/Tcg/TcgPei/TcgPei.inf2
2 files changed, 108 insertions, 10 deletions
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c
index d465ad55f3..e8fd1f12d0 100644
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.c
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c
@@ -20,7 +20,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Ppi/LockPhysicalPresence.h>
#include <Ppi/TpmInitialized.h>
#include <Ppi/FirmwareVolume.h>
+#include <Ppi/EndOfPeiPhase.h>
+
#include <Guid/TcgEventHob.h>
+#include <Guid/TrustedFvHob.h>
+
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
#include <Library/PeiServicesLib.h>
@@ -41,6 +45,12 @@ EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = {
NULL
};
+EFI_PLATFORM_FIRMWARE_BLOB mMeasuredBaseFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];
+UINT32 mMeasuredBaseFvIndex = 0;
+
+EFI_PLATFORM_FIRMWARE_BLOB mMeasuredChildFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];
+UINT32 mMeasuredChildFvIndex = 0;
+
/**
Lock physical presence if needed.
@@ -78,6 +88,25 @@ FirmwareVolmeInfoPpiNotifyCallback (
IN VOID *Ppi
);
+/**
+ Record all measured Firmware Volum Information into a Guid Hob
+
+ @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
+ @param[in] NotifyDescriptor Address of the notification descriptor data structure.
+ @param[in] Ppi Address of the PPI that was installed.
+
+ @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.
+ @return Others Fail to measure FV.
+
+**/
+EFI_STATUS
+EFIAPI
+EndofPeiSignalNotifyCallBack (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
+ IN VOID *Ppi
+ );
+
EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
{
EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,
@@ -85,14 +114,73 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
PhysicalPresencePpiNotifyCallback
},
{
- (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK,
&gEfiPeiFirmwareVolumeInfoPpiGuid,
FirmwareVolmeInfoPpiNotifyCallback
+ },
+ {
+ (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST),
+ &gEfiEndOfPeiSignalPpiGuid,
+ EndofPeiSignalNotifyCallBack
}
};
-EFI_PLATFORM_FIRMWARE_BLOB mMeasuredFvInfo[FixedPcdGet32 (PcdPeiCoreMaxFvSupported)];
-UINT32 mMeasuredFvIndex = 0;
+/**
+ Record all measured Firmware Volum Information into a Guid Hob
+ Guid Hob payload layout is
+
+ UINT32 *************************** FIRMWARE_BLOB number
+ EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array
+
+ @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation.
+ @param[in] NotifyDescriptor Address of the notification descriptor data structure.
+ @param[in] Ppi Address of the PPI that was installed.
+
+ @retval EFI_SUCCESS The FV Info is measured and recorded to TPM.
+ @return Others Fail to measure FV.
+
+**/
+EFI_STATUS
+EFIAPI
+EndofPeiSignalNotifyCallBack (
+ IN EFI_PEI_SERVICES **PeiServices,
+ IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor,
+ IN VOID *Ppi
+ )
+{
+ UINT8 *HobData;
+
+ HobData = NULL;
+
+ //
+ // Create a Guid hob to save all trusted Fv
+ //
+ HobData = BuildGuidHob(
+ &gTrustedFvHobGuid,
+ sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex)
+ );
+
+ if (HobData != NULL){
+ //
+ // Save measured FV info enty number
+ //
+ *(UINT32 *)HobData = mMeasuredBaseFvIndex + mMeasuredChildFvIndex;
+
+ HobData += sizeof(UINT32);
+ //
+ // Save measured base Fv info
+ //
+ CopyMem (HobData, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex));
+
+ HobData += sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex);
+ //
+ // Save measured child Fv info
+ //
+ CopyMem (HobData, mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));
+ }
+
+ return EFI_SUCCESS;
+}
/**
Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result,
@@ -228,8 +316,8 @@ MeasureFvImage (
//
// Check whether FV is in the measured FV list.
//
- for (Index = 0; Index < mMeasuredFvIndex; Index ++) {
- if (mMeasuredFvInfo[Index].BlobBase == FvBase) {
+ for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) {
+ if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase) {
return EFI_SUCCESS;
}
}
@@ -260,10 +348,11 @@ MeasureFvImage (
//
// Add new FV into the measured FV list.
//
- ASSERT (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));
- if (mMeasuredFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {
- mMeasuredFvInfo[mMeasuredFvIndex].BlobBase = FvBase;
- mMeasuredFvInfo[mMeasuredFvIndex++].BlobLength = FvLength;
+ ASSERT (mMeasuredBaseFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));
+ if (mMeasuredBaseFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {
+ mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase;
+ mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength;
+ mMeasuredBaseFvIndex++;
}
return Status;
@@ -369,9 +458,16 @@ FirmwareVolmeInfoPpiNotifyCallback (
//
// This is an FV from an FFS file, and the parent FV must have already been measured,
- // No need to measure twice, so just returns
+ // No need to measure twice, so just record the FV and return
//
if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) {
+
+ ASSERT (mMeasuredChildFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported));
+ if (mMeasuredChildFvIndex < FixedPcdGet32 (PcdPeiCoreMaxFvSupported)) {
+ mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo;
+ mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize;
+ mMeasuredChildFvIndex++;
+ }
return EFI_SUCCESS;
}
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
index 8ae1712ee4..0143baa687 100644
--- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf
+++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf
@@ -51,11 +51,13 @@
[Guids]
gTcgEventEntryHobGuid
+ gTrustedFvHobGuid
[Ppis]
gPeiLockPhysicalPresencePpiGuid
gEfiPeiFirmwareVolumeInfoPpiGuid
gPeiTpmInitializedPpiGuid
+ gEfiEndOfPeiSignalPpiGuid
[Pcd]
gEfiSecurityPkgTokenSpaceGuid.PcdHideTpm