REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2439
The TCG2 DXE supports to parse the 800-155 event GUID from PEI
and puts to the beginning of the TCG2 event.
The TCG2 DXE also supports a DXE driver produces 800-155 event
and let TCG2 DXE driver record.
The 800-155 is a NO-ACTION event which does not need extend
anything to TPM2. The TCG2 DXE also supports that.
Multiple 800-155 events are supported. All of them will be put
to the beginning of the TCG2 event, just after the SpecId event.
Cc: Jian J Wang <jian.j.w...@intel.com>
Cc: Chao Zhang <chao.b.zh...@intel.com>
Signed-off-by: Jiewen Yao <jiewen....@intel.com>
---
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 157 +++++++++++++++++++++++-----
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 +
2 files changed, 129 insertions(+), 29 deletions(-)
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 3cd16c2fa3..b185b56703 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -75,6 +75,7 @@ typedef struct {
UINT8 *LastEvent;
BOOLEAN EventLogStarted;
BOOLEAN EventLogTruncated;
+ UINTN Next800155EventOffset;
} TCG_EVENT_LOG_AREA_STRUCT;
typedef struct _TCG_DXE_DATA {
@@ -771,16 +772,42 @@ Tcg2GetEventLog (
return EFI_SUCCESS;
}
+/*
+ Return if this is a Tcg800155PlatformIdEvent.
+
+ @param[in] NewEventHdr Pointer to a
TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
+ @param[in] NewEventHdrSize New event header size.
+ @param[in] NewEventData Pointer to the new event data.
+ @param[in] NewEventSize New event data size.
+
+ @retval TRUE This is a Tcg800155PlatformIdEvent.
+ @retval FALSE This is NOT a Tcg800155PlatformIdEvent.
+
+*/
+BOOLEAN
+Is800155Event (
+ IN VOID *NewEventHdr,
+ IN UINT32 NewEventHdrSize,
+ IN UINT8 *NewEventData,
+ IN UINT32 NewEventSize
+ )
+{
+ if ((((TCG_PCR_EVENT2_HDR *)NewEventHdr)->EventType == EV_NO_ACTION) &&
+ (NewEventSize >= sizeof(TCG_Sp800_155_PlatformId_Event2)) &&
+ (CompareMem (NewEventData, TCG_Sp800_155_PlatformId_Event2_SIGNATURE,
sizeof(TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1) == 0)) {
+ return TRUE;
+ }
+ return FALSE;
+}
+
/**
Add a new entry to the Event Log.
- @param[in, out] EventLogPtr Pointer to the Event Log data.
- @param[in, out] LogSize Size of the Event Log.
- @param[in] MaxSize Maximum size of the Event Log.
- @param[in] NewEventHdr Pointer to a
TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
- @param[in] NewEventHdrSize New event header size.
- @param[in] NewEventData Pointer to the new event data.
- @param[in] NewEventSize New event data size.
+ @param[in, out] EventLogAreaStruct The event log area data structure
+ @param[in] NewEventHdr Pointer to a
TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
+ @param[in] NewEventHdrSize New event header size.
+ @param[in] NewEventData Pointer to the new event data.
+ @param[in] NewEventSize New event data size.
@retval EFI_SUCCESS The new event log entry was added.
@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event.
@@ -788,9 +815,7 @@ Tcg2GetEventLog (
**/
EFI_STATUS
TcgCommLogEvent (
- IN OUT UINT8 **EventLogPtr,
- IN OUT UINTN *LogSize,
- IN UINTN MaxSize,
+ IN OUT TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct,
IN VOID *NewEventHdr,
IN UINT32 NewEventHdrSize,
IN UINT8 *NewEventData,
@@ -798,6 +823,7 @@ TcgCommLogEvent (
)
{
UINTN NewLogSize;
+ BOOLEAN Record800155Event;
if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) {
return EFI_OUT_OF_RESOURCES;
@@ -805,23 +831,55 @@ TcgCommLogEvent (
NewLogSize = NewEventHdrSize + NewEventSize;
- if (NewLogSize > MAX_ADDRESS - *LogSize) {
+ if (NewLogSize > MAX_ADDRESS - EventLogAreaStruct->EventLogSize) {
return EFI_OUT_OF_RESOURCES;
}
- if (NewLogSize + *LogSize > MaxSize) {
- DEBUG ((EFI_D_INFO, " MaxSize - 0x%x\n", MaxSize));
- DEBUG ((EFI_D_INFO, " NewLogSize - 0x%x\n", NewLogSize));
- DEBUG ((EFI_D_INFO, " LogSize - 0x%x\n", *LogSize));
- DEBUG ((EFI_D_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES));
+ if (NewLogSize + EventLogAreaStruct->EventLogSize >
EventLogAreaStruct->Laml) {
+ DEBUG ((DEBUG_INFO, " Laml - 0x%x\n", EventLogAreaStruct->Laml));
+ DEBUG ((DEBUG_INFO, " NewLogSize - 0x%x\n", NewLogSize));
+ DEBUG ((DEBUG_INFO, " LogSize - 0x%x\n",
EventLogAreaStruct->EventLogSize));
+ DEBUG ((DEBUG_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES));
return EFI_OUT_OF_RESOURCES;
}
- *EventLogPtr += *LogSize;
- *LogSize += NewLogSize;
- CopyMem (*EventLogPtr, NewEventHdr, NewEventHdrSize);
+ //
+ // Check 800-155 event
+ // Record to 800-155 event offset only.
+ // If the offset is 0, no need to record.
+ //
+ Record800155Event = Is800155Event (NewEventHdr, NewEventHdrSize,
NewEventData, NewEventSize);
+ if (Record800155Event) {
+ if (EventLogAreaStruct->Next800155EventOffset != 0) {
+ CopyMem (
+ (UINT8 *)(UINTN)EventLogAreaStruct->Lasa +
EventLogAreaStruct->Next800155EventOffset + NewLogSize,
+ (UINT8 *)(UINTN)EventLogAreaStruct->Lasa +
EventLogAreaStruct->Next800155EventOffset,
+ EventLogAreaStruct->EventLogSize -
EventLogAreaStruct->Next800155EventOffset
+ );
+
+ CopyMem (
+ (UINT8 *)(UINTN)EventLogAreaStruct->Lasa +
EventLogAreaStruct->Next800155EventOffset,
+ NewEventHdr,
+ NewEventHdrSize
+ );
+ CopyMem (
+ (UINT8 *)(UINTN)EventLogAreaStruct->Lasa +
EventLogAreaStruct->Next800155EventOffset + NewEventHdrSize,
+ NewEventData,
+ NewEventSize
+ );
+
+ EventLogAreaStruct->Next800155EventOffset += NewLogSize;
+ EventLogAreaStruct->LastEvent += NewLogSize;
+ EventLogAreaStruct->EventLogSize += NewLogSize;
+ }
+ return EFI_SUCCESS;
+ }
+
+ EventLogAreaStruct->LastEvent = (UINT8 *)(UINTN)EventLogAreaStruct->Lasa +
EventLogAreaStruct->EventLogSize;
+ EventLogAreaStruct->EventLogSize += NewLogSize;
+ CopyMem (EventLogAreaStruct->LastEvent, NewEventHdr, NewEventHdrSize);
CopyMem (
- *EventLogPtr + NewEventHdrSize,
+ EventLogAreaStruct->LastEvent + NewEventHdrSize,
NewEventData,
NewEventSize
);
@@ -873,11 +931,8 @@ TcgDxeLogEvent (
return EFI_VOLUME_FULL;
}
- EventLogAreaStruct->LastEvent = (UINT8*)(UINTN)EventLogAreaStruct->Lasa;
Status = TcgCommLogEvent (
- &EventLogAreaStruct->LastEvent,
- &EventLogAreaStruct->EventLogSize,
- (UINTN)EventLogAreaStruct->Laml,
+ EventLogAreaStruct,
NewEventHdr,
NewEventHdrSize,
NewEventData,
@@ -907,11 +962,8 @@ TcgDxeLogEvent (
return EFI_VOLUME_FULL;
}
- EventLogAreaStruct->LastEvent = (UINT8*)(UINTN)EventLogAreaStruct->Lasa;
Status = TcgCommLogEvent (
- &EventLogAreaStruct->LastEvent,
- &EventLogAreaStruct->EventLogSize,
- (UINTN)EventLogAreaStruct->Laml,
+ EventLogAreaStruct,
NewEventHdr,
NewEventHdrSize,
NewEventData,
@@ -1138,11 +1190,25 @@ TcgDxeHashLogExtendEvent (
{
EFI_STATUS Status;
TPML_DIGEST_VALUES DigestList;
+ TCG_PCR_EVENT2_HDR NoActionEvent;
if (!mTcgDxeData.BsCap.TPMPresentFlag) {
return EFI_DEVICE_ERROR;
}
+ if (NewEventHdr->EventType == EV_NO_ACTION) {
+ //
+ // Do not do TPM extend for EV_NO_ACTION
+ //
+ Status = EFI_SUCCESS;
+ InitNoActionEvent (&NoActionEvent, NewEventHdr->EventSize);
+ if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) {
+ Status = TcgDxeLogHashEvent (&(NoActionEvent.Digests), NewEventHdr,
NewEventData);
+ }
+
+ return Status;
+ }
+
Status = HashAndExtend (
NewEventHdr->PCRIndex,
HashData,
@@ -1202,7 +1268,13 @@ Tcg2HashLogExtendEvent (
DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent ...\n"));
- if ((This == NULL) || (DataToHash == 0) || (Event == NULL)) {
+ if ((This == NULL) || (Event == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+ //
+ // Do not check hash data size for EV_NO_ACTION event.
+ //
+ if ((Event->Header.EventType != EV_NO_ACTION) && (DataToHash == 0)) {
return EFI_INVALID_PARAMETER;
}
@@ -1487,6 +1559,7 @@ SetupEventLog (
}
mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa;
mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32
(PcdTcgLogAreaMinLen);
+ mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset = 0;
if ((PcdGet8(PcdTpm2AcpiTableRev) >= 4) ||
(mTcg2EventInfo[Index].LogFormat ==
EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)) {
@@ -1577,6 +1650,30 @@ SetupEventLog (
(UINT8 *)TcgEfiSpecIdEventStruct,
SpecIdEvent.EventSize
);
+ //
+ // record the offset at the end of 800-155 event.
+ // the future 800-155 event can be inserted here.
+ //
+ mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset =
mTcgDxeData.EventLogAreaStruct[Index].EventLogSize;
+
+ //
+ // Tcg800155PlatformIdEvent. Event format is TCG_PCR_EVENT2
+ //
+ GuidHob.Guid = GetFirstGuidHob (&gTcg800155PlatformIdEventHobGuid);
+ while (GuidHob.Guid != NULL) {
+ InitNoActionEvent(&NoActionEvent, GET_GUID_HOB_DATA_SIZE
(GuidHob.Guid));
+
+ Status = TcgDxeLogEvent (
+ mTcg2EventInfo[Index].LogFormat,
+ &NoActionEvent,
+ sizeof(NoActionEvent.PCRIndex) +
sizeof(NoActionEvent.EventType) + GetDigestListBinSize (&NoActionEvent.Digests)
+ sizeof(NoActionEvent.EventSize),
+ GET_GUID_HOB_DATA (GuidHob.Guid),
+ GET_GUID_HOB_DATA_SIZE (GuidHob.Guid)
+ );
+
+ GuidHob.Guid = GET_NEXT_HOB (GuidHob);
+ GuidHob.Guid = GetNextGuidHob (&gTcg800155PlatformIdEventHobGuid,
GuidHob.Guid);
+ }
//
// EfiStartupLocalityEvent. Event format is TCG_PCR_EVENT2
@@ -1643,6 +1740,7 @@ SetupEventLog (
mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID
*)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa;
mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE;
mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = 0;
//
// Install to configuration table for EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
@@ -1663,6 +1761,7 @@ SetupEventLog (
mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = 0;
mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE;
mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE;
+ mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = 0;
}
}
}
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
index 0127a31e97..576cf80d06 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -85,6 +85,7 @@
gTcgEvent2EntryHobGuid ## SOMETIMES_CONSUMES ##
HOB
gTpm2StartupLocalityHobGuid ## SOMETIMES_CONSUMES ##
HOB
+ gTcg800155PlatformIdEventHobGuid ## SOMETIMES_CONSUMES ##
HOB
[Protocols]
gEfiTcg2ProtocolGuid ## PRODUCES
--
2.19.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#52625): https://edk2.groups.io/g/devel/message/52625
Mute This Topic: https://groups.io/mt/69344969/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
