diff options
Diffstat (limited to 'Board/EM/FIT/Pei/BootGuardTPMPei')
| -rw-r--r-- | Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c | 469 | ||||
| -rw-r--r-- | Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif | 11 | ||||
| -rw-r--r-- | Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h | 242 | ||||
| -rw-r--r-- | Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak | 50 | ||||
| -rw-r--r-- | Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl | 96 |
5 files changed, 868 insertions, 0 deletions
diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c new file mode 100644 index 0000000..5959528 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c @@ -0,0 +1,469 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c 3 9/06/13 6:10a Bensonlai $ +// +// $Revision: 3 $ +// +// $Date: 9/06/13 6:10a $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.c $ +// +// 3 9/06/13 6:10a Bensonlai +// [TAG] EIP135513 +// [Category] Improvement +// [Description] Support the TPM1.2 for WHCK test +// +// 2 7/25/13 11:02p Bensonlai +// [TAG] EIP130647 +// [Category] Bug Fix +// [Severity] Normal +// [Symptom] Detail PCR is incorrect for Boot Guard. +// [RootCause] Coding error. +// +// 1 6/04/13 5:15a Bensonlai +// [TAG] EIP125148 +// [Category] Spec Update +// [Severity] Normal +// [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor +// based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0 +// [Files] BootGuardTPMPei.cif +// BootGuardTPMPei.c +// BootGuardTPMPei.h +// BootGuardTPMPei.sdl +// BootGuardTPMPei.mak +// +//********************************************************************** +//<AMI_FHDR_START> +// +// Name: BootGuardTPMPei.c +// +// Description: TPM Initialization Flow for Boot Guard +// +//<AMI_FHDR_END> +//********************************************************************** + +#include <Efi.h> +#include <Pei.h> +#include <TcgCommon.h> +#include <AmiPeiLib.h> +#include <TcgMisc.h> +#include "PPI\TcgService\TcgTcmService.h" +#include "PPI\TcgService\TcgService.h" +#include "PPI\TpmDevice\TpmDevice.h" +#include "PPI\CpuIo.h" +#include "PPI\LoadFile.h" +#include <Ppi\ReadOnlyVariable.h> +#include "AmiTcgPlatformPei.h" +#include "TcgPlatformSetupPeiPolicy.h" +#include <Token.h> +#include "CpuRegs.h" +#include <AmiCspLibInc.h> +#include "BootGuardTPMPei.h" + +static +EFI_STATUS +__stdcall __FillCallbackContext( + IN EFI_PEI_SERVICES **PeiService, + OUT TCG_PEI_CALLBACK_CONTEXT *CallbackContext ) +{ + EFI_GUID _gPeiTpmPpiGuid = PEI_TPM_PPI_GUID; + CallbackContext->PeiServices = PeiService; + return (*PeiService)->LocatePpi( + PeiService, + &_gPeiTpmPpiGuid, + 0, + NULL, + &CallbackContext->TpmDevice + ); +} + +#define TCGPASSTHROUGH( cb, in, out ) \ + TcgCommonPassThrough( \ + cb, \ + sizeof (in) / sizeof (*(in)), \ + (in), \ + sizeof (out) / sizeof (*(out)), \ + (out) \ + ) + +EFI_STATUS TcgCommonSha1Complete( + IN VOID *CallbackContext, + IN VOID *Data, + IN UINT32 DataLen, + OUT TCG_DIGEST *Digest ) +{ + TPM_1_2_CMD_SHA1COMPLETE cmdSHA1Complete; + TPM_1_2_RET_HEADER retSHA1Complete; + TPM_TRANSMIT_BUFFER InBuffer[2], OutBuffer[2]; + + if ( DataLen >= 64 ) + { + return EFI_INVALID_PARAMETER; + } + + cmdSHA1Complete.Header.Tag = TPM_H2NS( TPM_TAG_RQU_COMMAND ); + cmdSHA1Complete.Header.ParamSize = TPM_H2NL(sizeof(cmdSHA1Complete) + DataLen); + cmdSHA1Complete.Header.Ordinal = TPM_H2NL( TPM_ORD_SHA1Complete ); + +// if(AutoSupportType()){ +// cmdSHA1Complete.Header.Ordinal = TPM_H2NL(TCM_ORD_SHA1Complete); +// } + + cmdSHA1Complete.NumBytes = TPM_H2NL( DataLen ); + + InBuffer[0].Buffer = &cmdSHA1Complete; + InBuffer[0].Size = sizeof (cmdSHA1Complete); + InBuffer[1].Buffer = Data; + InBuffer[1].Size = DataLen; + + OutBuffer[0].Buffer = &retSHA1Complete; + OutBuffer[0].Size = sizeof (retSHA1Complete); + OutBuffer[1].Buffer = Digest; + OutBuffer[1].Size = sizeof (*Digest); + + return TCGPASSTHROUGH( CallbackContext, InBuffer, OutBuffer ); +} + +EFI_STATUS +SHA1HashFunc ( + IN EFI_PEI_SERVICES **PeiServices, + IN UINT8 *HashData, + IN UINT32 HashDataLen, + OUT TCG_DIGEST *Digest +) +{ + EFI_STATUS Status; + UINT32 Sha1MaxBytes; + TCG_PEI_CALLBACK_CONTEXT Context; + + Status = __FillCallbackContext( PeiServices, &Context ); + ASSERT_PEI_ERROR( PeiServices, Status ); + + Status = Context.TpmDevice->Init( Context.TpmDevice, PeiServices ); + + if ( EFI_ERROR( Status )) { + goto Exit; + } + + Status = TcgCommonSha1Start( &Context, TCG_ALG_SHA, &Sha1MaxBytes ); + + if ( EFI_ERROR( Status )) { + goto Exit; + } + + Status = TcgCommonSha1Update( + &Context, + HashData, + HashDataLen, + Sha1MaxBytes + ); + + if ( EFI_ERROR( Status )) { + goto Exit; + } + + HashData += (HashDataLen & ~63); + HashDataLen &= 63; + + Status = TcgCommonSha1Complete( + &Context, + (UINT8 *)HashData, + (UINT32)HashDataLen, + Digest + ); + + if ( EFI_ERROR( Status )) { + goto Exit; + } + +Exit: + Context.TpmDevice->Close( Context.TpmDevice, PeiServices ); + return Status; +} + +EFI_STATUS ACM_PostSuccess( + IN EFI_PEI_SERVICES **PeiServices +) +{ + UINT32 MsrValue; + + MsrValue = (UINT32) ReadMsr (MSR_BOOT_GUARD_SACM_INFO); + if ( ((MsrValue & B_NEM_INIT) == B_NEM_INIT) && + ((MsrValue & B_MEASURED) == B_MEASURED) && + (((MsrValue & V_TPM_PRESENT_DTPM_12) == V_TPM_PRESENT_DTPM_12) || ((MsrValue & V_TPM_PRESENT_DTPM_20) == V_TPM_PRESENT_DTPM_20)) && + ((MsrValue & B_TPM_SUCCESS) == B_TPM_SUCCESS) ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : ACM_PostSuccess : EFI_SUCCESS\n")); + return EFI_SUCCESS; + } + + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : ACM_PostSuccess : EFI_UNSUPPORTED\n")); + return EFI_UNSUPPORTED; +} + +EFI_STATUS LogDetailPCREvent( + IN EFI_PEI_SERVICES **PeiServices +) +{ + UINT8 FoundACM, FoundKM, FoundBPM; + UINT32 u32HashLen = 0; + EFI_TCG_PCR_EVENT TcgEvent; + UINT32 EventNum, FitEntryPointer, FitEntryNumber, i; + UINTN Len; + CHAR8 DetailPCRStr[] = "Boot Guard Measured S-CRTM"; + PEI_TPM_PPI *TpmPpi = NULL; + PEI_TCG_PPI *TcgPpi = NULL; + EFI_STATUS Status; + BOOT_POLICY *BP; + FIT_ENTRY *FitEntry; + KEY_MANIFEST_STRAUCTURE *KmStructure; + BpmStruct *BpmStructure; + + Len = sizeof(DetailPCRStr) < sizeof(EFI_GUID) ? sizeof(DetailPCRStr) : sizeof(EFI_GUID); + + TcgEvent.Header.PCRIndex = 0; + TcgEvent.Header.EventType = EV_S_CRTM_VERSION; + TcgEvent.Header.EventDataSize = Len; + + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Starting 1")); + + MemCpy( + &TcgEvent.Event.SCrtmVersion, + DetailPCRStr, + Len + ); + + Status = LocateTcgPpi(PeiServices,&TpmPpi, &TcgPpi); + if(EFI_ERROR(Status))return EFI_NOT_FOUND; + + // On page 44. + // The pHashData must be the format . + // SHA-1 { + // 1) One byte containing the lower 8 bit of the BP.RSTR + // 2) One byte contain the lower 8 bits of BP.TYPE + // .... + // 7) Digest of Hashed IBB Segments(s) + + Status = (*PeiServices)->AllocatePool(PeiServices, sizeof (BOOT_POLICY),&BP); + if ( EFI_ERROR( Status ) ) { + return EFI_OUT_OF_RESOURCES; + } + + BP->RSTR0 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT4) ? 1 : 0; + BP->RSTR1 = (MmioRead32 (ACM_STATUS) & BIT21) ? 1 : 0; + BP->RSTR2 = (MmioRead32 (ACM_STATUS) & BIT22) ? 1 : 0; + BP->RSTR3 = (MmioRead32 (ACM_STATUS) & BIT23) ? 1 : 0; + BP->RSTR4 = (MmioRead32 (ACM_STATUS) & BIT24) ? 1 : 0; + BP->RSTR5 = 0; + BP->RSTR6 = 0; + BP->RSTR7 = 0; + + BP->TYPE0 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT5) ? 1 : 0; + BP->TYPE1 = (ReadMsr (MSR_BOOT_GUARD_SACM_INFO) & BIT6) ? 1 : 0; + BP->TYPE2 = (MmioRead32 (ACM_STATUS) & BIT20) ? 1 : 0; + BP->TYPE3 = 0; + BP->TYPE4 = 0; + BP->TYPE5 = 0; + BP->TYPE6 = 0; + BP->TYPE7 = 0; + + BP->ACM_SVN = ACMSVN; + { + FitEntryPointer = MmioRead32(IBB_ENTRYPOINT_M); + if ( FitEntryPointer == 0xFFFFFFFF ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntryPointer(%lx) is empty\n", FitEntryPointer)); + ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY ); + } + + FitEntry = (FIT_ENTRY*)FitEntryPointer; + if ( FitEntry->TblAddress != EFI_SIGNATURE_64 ('_', 'F', 'I', 'T', '_', ' ', ' ', ' ') ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : [Type 0] FitEntry->TblAddress(%lx) is error\n", FitEntry->TblAddress)); + ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY ); + } + + FitEntryNumber = FitEntry->TblSIZE; + + FoundACM = 0; + for(i=1; i<FitEntryNumber; i++) { + FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16); + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType)); + if ( FitEntry->TblType == 0x02 ) { // FIT type 0x02 - Anc ACM location + FoundACM =1; + break; + } + } + + if ( FoundACM == 0 ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard ACM")); + ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY ); + } + + PEI_TRACE((-1, PeiServices, "BP->ACM_Signature \n")); + + for ( i=0; i<256; i++ ) { + if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n")); + BP->ACM_Signature[i] = MmioRead8( FitEntry->TblAddress + 0x184 + i ); + PEI_TRACE((-1, PeiServices, "%02x ", BP->ACM_Signature[i])); + } + + FoundKM = 0; + for(i=1; i<FitEntryNumber; i++) { + FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16); + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType)); + if ( FitEntry->TblType == 0x0B ) { // FIT Type 0x0B - Key Manifest + FoundKM =1; + break; + } + } + + if ( FoundKM == 0 ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard KM")); + ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY ); + } + + KmStructure = (KEY_MANIFEST_STRAUCTURE*)FitEntry->TblAddress; + PEI_TRACE((-1, PeiServices, "\nKmStructure:\n")); + + for ( i=0; i<256; i++ ) { + if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n")); + BP->Key_Manifest_Signature[i] = KmStructure->KeyManifestSignature.Signature.Signature[i]; + PEI_TRACE((-1, PeiServices, "%02x ", BP->Key_Manifest_Signature[i])); + } + + FoundBPM = 0; + for(i=1; i<FitEntryNumber; i++) { + FitEntry = (FIT_ENTRY*)(FitEntryPointer + i*16); + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : FitEntry->TblType = %x\n", FitEntry->TblType)); + if ( FitEntry->TblType == 0x0C ) { // FIT type 0x0C - Boot Policy Manifest + FoundBPM =1; + break; + } + } + + if ( FoundBPM == 0 ) { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] : Can't find the Boot Guard BPM")); + ASSERT_PEI_ERROR( PeiServices, EFI_NOT_READY ); + } + + BpmStructure = (BpmStruct*)FitEntry->TblAddress; + PEI_TRACE((-1, PeiServices, "\nBpmStructure:\n")); + + for ( i=0; i<256; i++ ) { + if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n")); + BP->Boot_Policy_Manifest_Signature[i] = BpmStructure->Bpm_Signature_Element.KeySignature.Signature.Signature[i]; + PEI_TRACE((-1, PeiServices, "%02x ", BP->Boot_Policy_Manifest_Signature[i])); + } + + PEI_TRACE((-1, PeiServices, "\n\nBpmStructure->Digest_of_Hashed_IBB_Segment:\n\n")); + + for ( i=0; i<32; i++ ) { + if (i % 16 == 0) PEI_TRACE((-1, PeiServices, "\n")); + BP->Digest_of_Hashed_IBB_Segment[i] = BpmStructure->Ibb_Element.Digest.HashBuffer[i]; + PEI_TRACE((-1, PeiServices, "%02x ", BP->Digest_of_Hashed_IBB_Segment[i])); + } + + PEI_TRACE((-1, PeiServices, "\n")); + } + + SHA1HashFunc( PeiServices, (UINT8*)BP, u32HashLen, &TcgEvent.Header.Digest ); + + Status = TcgPpi->TCGLogEvent(TcgPpi, PeiServices, (TCG_PCR_EVENT*)&TcgEvent, &EventNum); + + return Status; +} + +/* +EFI_STATUS LogAuthorityPCREvent( + IN EFI_PEI_SERVICES **PeiServices +) +{ + UINT8* pHashData = NULL; + UINT32 u32HashLen = 0; + + EFI_TCG_PCR_EVENT TcgEvent; + UINT32 EventNum; + UINTN Len; + CHAR16 AuthorityPCRStr[] = L"Boot Guard Measured S-CRTM"; + PEI_TPM_PPI *TpmPpi = NULL; + PEI_TCG_PPI *TcgPpi = NULL; + EFI_STATUS Status; + + Len = sizeof(AuthorityPCRStr) < sizeof(EFI_GUID) ? sizeof(AuthorityPCRStr) : sizeof(EFI_GUID); + + TcgEvent.Header.PCRIndex = 6; + TcgEvent.Header.EventType = EV_EFI_VARIABLE_DRIVER_CONFIG; + TcgEvent.Header.EventDataSize = Len; + + MemCpy( + &TcgEvent.Event.SCrtmVersion, + AuthorityPCRStr, + Len + ); + + Status = LocateTcgPpi(PeiServices,&TpmPpi, &TcgPpi); + if(EFI_ERROR(Status))return EFI_NOT_FOUND; + + // On page 45~46. + // The pHashData must be the format . + // SHA-1 { + // 1) One byte containing the lower 8 bit of the BP.RSTR + // 2) One byte contain the lower 8 bits of BP.TYPE + // .... + // 7) One byte indicating status of verified boot. + +// SHA1HashFunc( PeiServices, pHashData, u32HashLen, &TcgEvent.Header.Digest ); + + Status = TcgPpi->TCGLogEvent(TcgPpi, PeiServices, (TCG_PCR_EVENT*)&TcgEvent, &EventNum); + return Status; +} +*/ + +EFI_STATUS +BootGuardMeasureCRTMVersion( + IN EFI_PEI_SERVICES **PeiServices ) +{ + EFI_STATUS Status; + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Start of BootGuardMeasureCRTMVersion\n")); + + Status = ACM_PostSuccess( PeiServices ); + if( !EFI_ERROR(Status) ) + { + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] Start the LogDetailPCREvent\n")); + Status = LogDetailPCREvent( PeiServices ); + ASSERT_PEI_ERROR( PeiServices, Status ); +// Status = LogAuthorityPCREvent( PeiServices ); +// ASSERT_PEI_ERROR( PeiServices, Status ); + } + + PEI_TRACE((-1, PeiServices, "[BootGuardTPMPei.c] End of BootGuardMeasureCRTMVersion\n")); + + return MeasureCRTMVersion( PeiServices ); +} + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif new file mode 100644 index 0000000..91cf398 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.cif @@ -0,0 +1,11 @@ +<component> + name = "BootGuardTPMPei" + category = ModulePart + LocalRoot = "Board\EM\FIT\Pei\BootGuardTPMPei" + RefName = "BootGuardTPMPei" +[files] +"BootGuardTPMPei.c" +"BootGuardTPMPei.h" +"BootGuardTPMPei.sdl" +"BootGuardTPMPei.mak" +<endComponent> diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h new file mode 100644 index 0000000..5d03aa0 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h @@ -0,0 +1,242 @@ +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** + +//********************************************************************** +// $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h 2 7/25/13 11:03p Bensonlai $ +// +// $Revision: 2 $ +// +// $Date: 7/25/13 11:03p $ +//********************************************************************** +// Revision History +// ---------------- +// $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.h $ +// +// 2 7/25/13 11:03p Bensonlai +// [TAG] EIP130647 +// [Category] Bug Fix +// [Severity] Normal +// [Symptom] Detail PCR is incorrect for Boot Guard. +// [RootCause] Coding error. +// +// 1 6/04/13 5:15a Bensonlai +// [TAG] EIP125148 +// [Category] Spec Update +// [Severity] Normal +// [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor +// based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0 +// [Files] BootGuardTPMPei.cif +// BootGuardTPMPei.c +// BootGuardTPMPei.h +// BootGuardTPMPei.sdl +// BootGuardTPMPei.mak +// +//********************************************************************** +//<AMI_FHDR_START> +// +// Name: BootGuardTPMPei.c +// +// Description: TPM Initialization Flow for Boot Guard +// +//<AMI_FHDR_END> +//********************************************************************** + +#ifndef _BOOT_GUARD_TPM_PEI_H_ +#define _BOOT_GUARD_TPM_PEI_H_ + +// +// Define macros to build data structure signatures from characters. +// +#define EFI_SIGNATURE_16(A, B) ((A) | (B << 8)) +#define EFI_SIGNATURE_32(A, B, C, D) (EFI_SIGNATURE_16 (A, B) | (EFI_SIGNATURE_16 (C, D) << 16)) +#define EFI_SIGNATURE_64(A, B, C, D, E, F, G, H) \ + (EFI_SIGNATURE_32 (A, B, C, D) | ((UINT64) (EFI_SIGNATURE_32 (E, F, G, H)) << 32)) + +#define IBB_ENTRYPOINT_M 0xFFFFFFC0 +#define ACM_STATUS 0xFED30328 + +// The LocateTcgPPi(...) entry is call the AmiTcgPlatformPeiLib.obj +EFI_STATUS LocateTcgPpi( + IN EFI_PEI_SERVICES **PeiServices, + IN PEI_TPM_PPI **gTpmDevicePpi, + IN PEI_TCG_PPI **gTcgPpi +); + +#pragma pack(1) +typedef struct _TCG_PEI_CALLBACK_CONTEXT +{ + PEI_TPM_PPI *TpmDevice; + EFI_PEI_SERVICES **PeiServices; +} TCG_PEI_CALLBACK_CONTEXT; + +typedef struct _BOOT_POLICY +{ + UINT8 RSTR0:1; + UINT8 RSTR1:1; + UINT8 RSTR2:1; + UINT8 RSTR3:1; + UINT8 RSTR4:1; + UINT8 RSTR5:1; + UINT8 RSTR6:1; + UINT8 RSTR7:1; + UINT8 TYPE0:1; + UINT8 TYPE1:1; + UINT8 TYPE2:1; + UINT8 TYPE3:1; + UINT8 TYPE4:1; + UINT8 TYPE5:1; + UINT8 TYPE6:1; + UINT8 TYPE7:1; + UINT16 ACM_SVN; + UINT8 ACM_Signature[256]; + UINT8 Key_Manifest_Signature[256]; + UINT8 Boot_Policy_Manifest_Signature[256]; + UINT8 Digest_of_Hashed_IBB_Segment[32]; +} BOOT_POLICY; + +typedef struct _FIT_ENTRY +{ + UINT64 TblAddress; + UINT32 TblSIZE; + UINT16 TblVer; + UINT8 TblType; + UINT8 TblChkSum; +} FIT_ENTRY; + +// +// Manifest definition +// +#define TPM_ALG_SHA1 0x4 +#define TPM_ALG_SHA256 0xB +#define SHA1_DIGEST_SIZE 20 +#define SHA256_DIGEST_SIZE 32 + +typedef struct { + UINT16 HashAlg; + UINT16 Size; + UINT8 HashBuffer[SHA256_DIGEST_SIZE]; +} HASH_STRUCTURE; + +#define RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT 2048 +#define RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT (RSA_PUBLIC_KEY_STRUCT_KEY_SIZE_DEFAULT/8) +#define RSA_PUBLIC_KEY_STRUCT_KEY_EXPONENT_DEFAULT 0x10001 // NOT 0x10001 +typedef struct { + UINT8 Version; + UINT16 KeySize; + UINT32 Exponent; + UINT8 Modulus[RSA_PUBLIC_KEY_STRUCT_KEY_LEN_DEFAULT]; +} RSA_PUBLIC_KEY_STRUCT; + +#define RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT 2048 +#define RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT (RSASSA_SIGNATURE_STRUCT_KEY_SIZE_DEFAULT/8) +typedef struct { + UINT8 Version; + UINT16 KeySize; + UINT16 HashAlg; + UINT8 Signature[RSASSA_SIGNATURE_STRUCT_KEY_LEN_DEFAULT]; +} RSASSA_SIGNATURE_STRUCT; + +typedef struct { + UINT8 Version; + UINT16 KeyAlg; + RSA_PUBLIC_KEY_STRUCT Key; + UINT16 SigScheme; + RSASSA_SIGNATURE_STRUCT Signature; +} KEY_SIGNATURE_STRUCT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT8 HdrStructVersion; + UINT8 PMBPMVersion; + UINT8 BPSVN_BPM; + UINT8 ACMSVN_BPM; + UINT8 Reserved; + UINT16 NEMDataStack; +} BOOT_POLICY_MANIFEST_HEADER; + +typedef struct { + UINT16 Reserved; + UINT16 Flags; + UINT32 Base; + UINT32 Size; +} IBB_SEGMENT_ELEMENT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT8 SetNumber; + UINT8 Reserved; + UINT8 PBETValue; + UINT32 Flags; + UINT64 IBB_MCHBAR; + UINT64 VTD_BAR; + UINT32 PMRL_Base; + UINT32 PMRL_Limit; + UINT64 PMRH_Base; + UINT64 PMRH_Limit; + HASH_STRUCTURE PostIbbHash; + UINT32 EntryPoint; + HASH_STRUCTURE Digest; + UINT8 SegmentCount; // 1 ~ 8 + IBB_SEGMENT_ELEMENT IBBSegment[1]; +} IBB_ELEMENT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT16 PMDataSize; +//UINT8 PMData[PMDataSize]; +} PLATFORM_MANUFACTURER_ELEMENT; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + KEY_SIGNATURE_STRUCT KeySignature; +} BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT; + +typedef struct { + BOOT_POLICY_MANIFEST_HEADER Bpm_Header; + IBB_ELEMENT Ibb_Element; + //PLATFORM_MANUFACTURER_ELEMENT Platform_Manufacture_Element; + BOOT_POLICY_MANIFEST_SIGNATURE_ELEMENT Bpm_Signature_Element; +} BpmStruct; + +typedef struct { + UINT8 StructureID[8]; + UINT8 StructVersion; + UINT8 KeyManifestVersion; + UINT8 KMSVN; + UINT8 KeyManifestID; + HASH_STRUCTURE BPKey; + KEY_SIGNATURE_STRUCT KeyManifestSignature; +} KEY_MANIFEST_STRAUCTURE; + +#pragma pack() + +#endif + +//********************************************************************** +//********************************************************************** +//** ** +//** (C)Copyright 1985-2013, American Megatrends, Inc. ** +//** ** +//** All Rights Reserved. ** +//** ** +//** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +//** ** +//** Phone: (770)-246-8600 ** +//** ** +//********************************************************************** +//********************************************************************** diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak new file mode 100644 index 0000000..0967d28 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.mak @@ -0,0 +1,50 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 6145-F Northbelt Pkwy, Norcross, GA 30071 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** + +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: BootGuardTPMPei.mak +# +# Description: TPM Initialization Flow for Boot Guard +# +#<AMI_FHDR_END> +#********************************************************************** + +TCG_FILE_INCLUDE=\ + /I$(TcgPlatformSetupPeiPolicy_DIR)\ + /I$(TCG_DIR)\ + /I$(AMI_TCG_PLATFORM_PEI_DIR) + +AMI_TCG_LIB_OBJECTS = $(AMI_TCG_LIB_OBJECTS) \ +$(BUILD)\BootGuardTPMPei.obj + +Make_AMITTCG_LIB : $(BUILD_DIR)\BootGuardTPMPei.obj + +$(BUILD_DIR)\BootGuardTPMPei.obj : $(BootGuardTPMPei_PATH)\BootGuardTPMPei.c + $(CC) $(CFLAGS) /I$(PROJECT_DIR) /I$(PROJECT_DIR)\Include $(TCG_FILE_INCLUDE) $(PROJECT_CPU_INCLUDES) /Fo$(BUILD_DIR)\BootGuardTPMPei.obj $(BootGuardTPMPei_PATH)\BootGuardTPMPei.c + +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 6145-F Northbelt Pkwy, Norcross, GA 30071 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** diff --git a/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl new file mode 100644 index 0000000..e2c81a1 --- /dev/null +++ b/Board/EM/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl @@ -0,0 +1,96 @@ +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** + +#********************************************************************** +# $Header: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl 3 10/29/13 5:18a Bensonlai $ +# +# $Revision: 3 $ +# +# $Date: 10/29/13 5:18a $ +#********************************************************************** +# Revision History +# ---------------- +# $Log: /Alaska/SOURCE/Modules/SharkBayRefCodes/FIT/Pei/BootGuardTPMPei/BootGuardTPMPei.sdl $ +# +# 3 10/29/13 5:18a Bensonlai +# +# 2 9/06/13 6:10a Bensonlai +# [TAG] EIP135513 +# [Category] Improvement +# [Description] Support the TPM1.2 for WHCK test +# +# 1 6/04/13 5:15a Bensonlai +# [TAG] EIP125148 +# [Category] Spec Update +# [Severity] Normal +# [Description] [SBY ULT] Boot Guard for 4th Gen Intel Core Processor +# based on Mobile U-Processor Line - BIOS Writer's Guide - Rev 1.0 +# [Files] BootGuardTPMPei.cif +# BootGuardTPMPei.c +# BootGuardTPMPei.h +# BootGuardTPMPei.sdl +# BootGuardTPMPei.mak +# +#********************************************************************** +#<AMI_FHDR_START> +# +# Name: BootGuardTPMPei.sdl +# +# Description: SDL file for BootGuardTPMPei +# +#<AMI_FHDR_END> +#********************************************************************** + +TOKEN + Name = "BootGuardTPMPei_SUPPORT" + Value = "1" + Help = "Main switch to enable BootGuardTPMPei support in Project" + TokenType = Boolean + TargetEQU = Yes + TargetMAK = Yes + Master = Yes + Token = "TCG_SUPPORT" "=" "1" + Token = "INTEL_BOOT_GUARD_SUPPORT" "=" "1" +End + +PATH + Name = "BootGuardTPMPei_PATH" +End + +MODULE + File = "BootGuardTPMPei.mak" + Help = "Includes BootGuardTPMPei.mak to Project" +End + +TOKEN + Name = "MEASURE_CRTM_VERSION_PEI_FUNCTION" + Value = "BootGuardMeasureCRTMVersion" + Help = "Function to measure crtm version. Input:EFI_PEI_SERVICES **. AMI function Modified Pcr 0" + TokenType = Expression + TargetH = Yes +End + +#********************************************************************** +#********************************************************************** +#** ** +#** (C)Copyright 1985-2013, American Megatrends, Inc. ** +#** ** +#** All Rights Reserved. ** +#** ** +#** 5555 Oakbrook Parkway, Suite 200, Norcross, GA 30093 ** +#** ** +#** Phone: (770)-246-8600 ** +#** ** +#********************************************************************** +#********************************************************************** |