SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c File Reference


Defines

#define PERF_ID_TCG2_DXE   0x3120
#define EFI_TCG_LOG_AREA_SIZE   0x10000
#define EFI_TCG_FINAL_LOG_AREA_SIZE   0x1000
#define TCG2_DEFAULT_MAX_COMMAND_SIZE   0x1000
#define TCG2_DEFAULT_MAX_RESPONSE_SIZE   0x1000
#define TCG_EVENT_LOG_AREA_COUNT_MAX   2
#define COLUME_SIZE   (16 * 2)

Typedefs

typedef struct _TCG_DXE_DATA TCG_DXE_DATA

Functions

EFI_STATUS MeasurePeImageAndExtend (IN UINT32 PCRIndex, IN EFI_PHYSICAL_ADDRESS ImageAddress, IN UINTN ImageSize, OUT TPML_DIGEST_VALUES *DigestList)
VOID InternalDumpData (IN UINT8 *Data, IN UINTN Size)
VOID InternalDumpHex (IN UINT8 *Data, IN UINTN Size)
BOOLEAN IsZeroBuffer (IN VOID *Buffer, IN UINTN BufferSize)
EFI_STATUS GetProcessorsCpuLocation (OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, OUT UINTN *Num)
EFI_STATUS EFIAPI Tcg2GetCapability (IN EFI_TCG2_PROTOCOL *This, IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability)
VOID DumpEvent (IN TCG_PCR_EVENT_HDR *EventHdr)
VOID DumpTcgEfiSpecIdEventStruct (IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct)
UINTN GetTcgEfiSpecIdEventStructSize (IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct)
VOID DumpEvent2 (IN TCG_PCR_EVENT2 *TcgPcrEvent2)
UINTN GetPcrEvent2Size (IN TCG_PCR_EVENT2 *TcgPcrEvent2)
VOID DumpEventLog (IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, IN EFI_PHYSICAL_ADDRESS EventLogLocation, IN EFI_PHYSICAL_ADDRESS EventLogLastEntry, IN EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable)
EFI_STATUS EFIAPI Tcg2GetEventLog (IN EFI_TCG2_PROTOCOL *This, IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, OUT BOOLEAN *EventLogTruncated)
EFI_STATUS TcgCommLogEvent (IN OUT UINT8 **EventLogPtr, IN OUT UINTN *LogSize, IN UINTN MaxSize, IN VOID *NewEventHdr, IN UINT32 NewEventHdrSize, IN UINT8 *NewEventData, IN UINT32 NewEventSize)
EFI_STATUS TcgDxeLogEvent (IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, IN VOID *NewEventHdr, IN UINT32 NewEventHdrSize, IN UINT8 *NewEventData, IN UINT32 NewEventSize)
EFI_STATUS Tpm2GetDigestFromDigestList (IN TPMI_ALG_HASH HashAlg, IN TPML_DIGEST_VALUES *DigestList, IN VOID *Digest)
UINT32 GetDigestListSize (IN TPML_DIGEST_VALUES *DigestList)
UINT32 GetDigestListBinSize (IN VOID *DigestListBin)
BOOLEAN IsHashAlgSupportedInPcrBank (IN TPMI_ALG_HASH HashAlg)
VOID * CopyDigestListToBuffer (IN OUT VOID *Buffer, IN TPML_DIGEST_VALUES *DigestList)
EFI_STATUS TcgDxeLogHashEvent (IN TPML_DIGEST_VALUES *DigestList, IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, IN UINT8 *NewEventData)
EFI_STATUS TcgDxeHashLogExtendEvent (IN UINT64 Flags, IN UINT8 *HashData, IN UINT64 HashDataLen, IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, IN UINT8 *NewEventData)
EFI_STATUS EFIAPI Tcg2HashLogExtendEvent (IN EFI_TCG2_PROTOCOL *This, IN UINT64 Flags, IN EFI_PHYSICAL_ADDRESS DataToHash, IN UINT64 DataToHashLen, IN EFI_TCG2_EVENT *Event)
EFI_STATUS EFIAPI Tcg2SubmitCommand (IN EFI_TCG2_PROTOCOL *This, IN UINT32 InputParameterBlockSize, IN UINT8 *InputParameterBlock, IN UINT32 OutputParameterBlockSize, IN UINT8 *OutputParameterBlock)
EFI_STATUS EFIAPI Tcg2GetActivePCRBanks (IN EFI_TCG2_PROTOCOL *This, OUT UINT32 *ActivePcrBanks)
EFI_STATUS EFIAPI Tcg2SetActivePCRBanks (IN EFI_TCG2_PROTOCOL *This, IN UINT32 ActivePcrBanks)
EFI_STATUS EFIAPI Tcg2GetResultOfSetActivePcrBanks (IN EFI_TCG2_PROTOCOL *This, OUT UINT32 *OperationPresent, OUT UINT32 *Response)
EFI_STATUS SetupEventLog (VOID)
EFI_STATUS TcgMeasureAction (IN CHAR8 *String)
EFI_STATUS MeasureHandoffTables (VOID)
EFI_STATUS MeasureSeparatorEvent (IN TPM_PCRINDEX PCRIndex)
EFI_STATUS MeasureVariable (IN TPM_PCRINDEX PCRIndex, IN TCG_EVENTTYPE EventType, IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, IN VOID *VarData, IN UINTN VarSize)
EFI_STATUS ReadAndMeasureVariable (IN TPM_PCRINDEX PCRIndex, IN TCG_EVENTTYPE EventType, IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, OUT UINTN *VarSize, OUT VOID **VarData)
EFI_STATUS ReadAndMeasureBootVariable (IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, OUT UINTN *VarSize, OUT VOID **VarData)
EFI_STATUS ReadAndMeasureSecureVariable (IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, OUT UINTN *VarSize, OUT VOID **VarData)
EFI_STATUS MeasureAllBootVariables (VOID)
EFI_STATUS MeasureAllSecureVariables (VOID)
EFI_STATUS MeasureLaunchOfFirmwareDebugger (VOID)
VOID EFIAPI MeasureSecureBootPolicy (IN EFI_EVENT Event, IN VOID *Context)
VOID EFIAPI OnReadyToBoot (IN EFI_EVENT Event, IN VOID *Context)
VOID EFIAPI OnExitBootServices (IN EFI_EVENT Event, IN VOID *Context)
VOID EFIAPI OnExitBootServicesFailed (IN EFI_EVENT Event, IN VOID *Context)
EFI_STATUS InstallTcg2 (VOID)
EFI_STATUS EFIAPI DriverEntry (IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)

Variables

TCG2_EVENT_INFO_STRUCT mTcg2EventInfo []
TCG_DXE_DATA mTcgDxeData
UINTN mBootAttempts = 0
CHAR16 mBootVarName [] = L"BootOrder"
VARIABLE_TYPE mVariableType []
EFI_HANDLE mImageHandle
EFI_TCG2_PROTOCOL mTcg2Protocol

Detailed Description

This module implements Tcg2 Protocol.

Copyright (c) 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Define Documentation

#define COLUME_SIZE   (16 * 2)

Referenced by InternalDumpHex().

#define EFI_TCG_FINAL_LOG_AREA_SIZE   0x1000

Referenced by SetupEventLog().

#define EFI_TCG_LOG_AREA_SIZE   0x10000

Referenced by SetupEventLog().

#define PERF_ID_TCG2_DXE   0x3120

Referenced by OnReadyToBoot().

#define TCG2_DEFAULT_MAX_COMMAND_SIZE   0x1000

#define TCG2_DEFAULT_MAX_RESPONSE_SIZE   0x1000

#define TCG_EVENT_LOG_AREA_COUNT_MAX   2

Referenced by DriverEntry().


Typedef Documentation

typedef struct _TCG_DXE_DATA TCG_DXE_DATA


Function Documentation

VOID* CopyDigestListToBuffer ( IN OUT VOID *  Buffer,
IN TPML_DIGEST_VALUES *  DigestList 
)

Copy TPML_DIGEST_VALUES into a buffer

Parameters:
[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
[in] DigestList TPML_DIGEST_VALUES to be copied.
Returns:
The end of buffer to hold TPML_DIGEST_VALUES.

References GetHashSizeFromAlgo(), IsHashAlgSupportedInPcrBank(), and UINTN().

Referenced by LogHashEvent(), and TcgDxeLogHashEvent().

EFI_STATUS EFIAPI DriverEntry ( IN EFI_HANDLE  ImageHandle,
IN EFI_SYSTEM_TABLE *  SystemTable 
)

The driver's entry point. It publishes EFI Tcg2 Protocol.

Parameters:
[in] ImageHandle The firmware allocated handle for the EFI image.
[in] SystemTable A pointer to the EFI System Table.
Return values:
EFI_SUCCESS The entry point is executed successfully.
other Some error occurs when executing this entry point.

References EFI_STATUS(), EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2, gEfiTpmDeviceInstanceNoneGuid, gEfiTpmDeviceInstanceTpm12Guid, gTpmErrorHobGuid, InstallTcg2(), IsZeroBuffer(), MeasureSecureBootPolicy(), mImageHandle, mTcg2EventInfo, mTcgDxeData, OnExitBootServices(), OnExitBootServicesFailed(), OnReadyToBoot(), SetupEventLog(), TCG_EVENT_LOG_AREA_COUNT_MAX, Tpm2GetCapabilityFirmwareVersion(), Tpm2GetCapabilityManufactureID(), Tpm2GetCapabilityMaxCommandResponseSize(), Tpm2GetCapabilityPcrs(), Tpm2RequestUseTpm(), and UINTN().

VOID DumpEvent ( IN TCG_PCR_EVENT_HDR *  EventHdr  ) 

This function dump PCR event.

Parameters:
[in] EventHdr TCG PCR event structure.

References InternalDumpHex(), and UINTN().

Referenced by DumpEventLog().

VOID DumpEvent2 ( IN TCG_PCR_EVENT2 *  TcgPcrEvent2  ) 

This function dump PCR event 2.

Parameters:
[in] TcgPcrEvent2 TCG PCR event 2 structure.

References GetHashSizeFromAlgo(), InternalDumpHex(), and UINTN().

Referenced by DumpEventLog().

VOID DumpEventLog ( IN EFI_TCG2_EVENT_LOG_FORMAT  EventLogFormat,
IN EFI_PHYSICAL_ADDRESS  EventLogLocation,
IN EFI_PHYSICAL_ADDRESS  EventLogLastEntry,
IN EFI_TCG2_FINAL_EVENTS_TABLE *  FinalEventsTable 
)

This function dump event log.

Parameters:
[in] EventLogFormat The type of the event log for which the information is requested.
[in] EventLogLocation A pointer to the memory address of the event log.
[in] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the address of the start of the last entry in the event log in memory.
[in] FinalEventsTable A pointer to the memory address of the final event table.

References DumpEvent(), DumpEvent2(), DumpTcgEfiSpecIdEventStruct(), EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2, GetPcrEvent2Size(), GetTcgEfiSpecIdEventStructSize(), and UINTN().

Referenced by Tcg2GetEventLog(), and TreeGetEventLog().

VOID DumpTcgEfiSpecIdEventStruct ( IN TCG_EfiSpecIDEventStruct *  TcgEfiSpecIdEventStruct  ) 

This function dump TCG_EfiSpecIDEventStruct.

Parameters:
[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct.

References UINTN().

Referenced by DumpEventLog().

UINT32 GetDigestListBinSize ( IN VOID *  DigestListBin  ) 

Get TPML_DIGEST_VALUES compact binary buffer size.

Parameters:
[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer.
Returns:
TPML_DIGEST_VALUES compact binary buffer size.

References GetHashSizeFromAlgo(), and UINTN().

Referenced by SetupEventLog().

UINT32 GetDigestListSize ( IN TPML_DIGEST_VALUES *  DigestList  ) 

Get TPML_DIGEST_VALUES data size.

Parameters:
[in] DigestList TPML_DIGEST_VALUES data.
Returns:
TPML_DIGEST_VALUES data size.

References GetHashSizeFromAlgo(), and UINTN().

Referenced by LogHashEvent(), and TcgDxeLogHashEvent().

UINTN GetPcrEvent2Size ( IN TCG_PCR_EVENT2 *  TcgPcrEvent2  ) 

This function returns size of TCG PCR event 2.

Parameters:
[in] TcgPcrEvent2 TCG PCR event 2 structure.
Returns:
size of TCG PCR event 2.

References GetHashSizeFromAlgo(), and UINTN().

Referenced by DumpEventLog().

EFI_STATUS GetProcessorsCpuLocation ( OUT EFI_CPU_PHYSICAL_LOCATION **  LocationBuf,
OUT UINTN *  Num 
)

Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function Caller is responsible to free LocationBuf.

Parameters:
[out] LocationBuf Returns Processor Location Buffer.
[out] Num Returns processor number.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_UNSUPPORTED MpService protocol not found.

References EFI_STATUS(), and UINTN().

Referenced by MeasureHandoffTables().

UINTN GetTcgEfiSpecIdEventStructSize ( IN TCG_EfiSpecIDEventStruct *  TcgEfiSpecIdEventStruct  ) 

This function get size of TCG_EfiSpecIDEventStruct.

Parameters:
[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct.

Referenced by DumpEventLog(), and SetupEventLog().

EFI_STATUS InstallTcg2 ( VOID   ) 

The function install Tcg2 protocol.

Return values:
EFI_SUCCESS Tcg2 protocol is installed.
other Some error occurs.

References EFI_STATUS(), and mTcg2Protocol.

Referenced by DriverEntry().

VOID InternalDumpData ( IN UINT8 *  Data,
IN UINTN  Size 
)

This function dump raw data.

Parameters:
Data raw data
Size raw data size

References UINTN().

Referenced by InternalDumpHex().

VOID InternalDumpHex ( IN UINT8 *  Data,
IN UINTN  Size 
)

This function dump raw data with colume format.

Parameters:
Data raw data
Size raw data size

References COLUME_SIZE, InternalDumpData(), and UINTN().

Referenced by DumpEvent(), DumpEvent2(), and DumpEventLog().

BOOLEAN IsHashAlgSupportedInPcrBank ( IN TPMI_ALG_HASH  HashAlg  ) 

Return if hash alg is supported in TPM PCR bank.

Parameters:
HashAlg Hash algorithm to be checked.
Return values:
TRUE Hash algorithm is supported.
FALSE Hash algorithm is not supported.

References mTcgDxeData, and TRUE.

Referenced by CopyDigestListToBuffer().

BOOLEAN IsZeroBuffer ( IN VOID *  Buffer,
IN UINTN  BufferSize 
)

Check if buffer is all zero.

Parameters:
[in] Buffer Buffer to be checked.
[in] BufferSize Size of buffer to be checked.
Return values:
TRUE Buffer is all zero.
FALSE Buffer is not all zero.

References TRUE, and UINTN().

EFI_STATUS MeasureAllBootVariables ( VOID   ) 

Measure and log all EFI boot variables, and extend the measurement result into a specific PCR.

The EFI boot variables are BootOrder and Boot#### variables.

Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.
EFI_DEVICE_ERROR The operation was unsuccessful.

References EFI_STATUS(), mBootVarName, ReadAndMeasureBootVariable(), and UINTN().

Referenced by OnReadyToBoot().

EFI_STATUS MeasureAllSecureVariables ( VOID   ) 

Measure and log all EFI Secure variables, and extend the measurement result into a specific PCR.

The EFI boot variables are BootOrder and Boot#### variables.

Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.
EFI_DEVICE_ERROR The operation was unsuccessful.

References EFI_STATUS(), mVariableType, ReadAndMeasureSecureVariable(), and UINTN().

Referenced by MeasureSecureBootPolicy().

EFI_STATUS MeasureHandoffTables ( VOID   ) 

Measure and log EFI handoff tables, and extend the measurement result into PCR[1].

Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The operation was unsuccessful.

References EFI_STATUS(), GetProcessorsCpuLocation(), TCG_PLATFORM_TYPE_SERVER, TcgDxeHashLogExtendEvent(), and UINTN().

Referenced by OnReadyToBoot().

EFI_STATUS MeasureLaunchOfFirmwareDebugger ( VOID   ) 

Measure and log launch of FirmwareDebugger, and extend the measurement result into a specific PCR.

Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.
EFI_DEVICE_ERROR The operation was unsuccessful.

References TcgDxeHashLogExtendEvent().

Referenced by MeasureSecureBootPolicy().

EFI_STATUS MeasurePeImageAndExtend ( IN UINT32  PCRIndex,
IN EFI_PHYSICAL_ADDRESS  ImageAddress,
IN UINTN  ImageSize,
OUT TPML_DIGEST_VALUES *  DigestList 
)

Measure PE image into TPM log based on the authenticode image hashing in PE/COFF Specification 8.0 Appendix A.

Caution: This function may receive untrusted input. PE/COFF image is external input, so this function will validate its data structure within this image buffer before use.

Parameters:
[in] PCRIndex TPM PCR index
[in] ImageAddress Start address of image buffer.
[in] ImageSize Image size
[out] DigestList Digeest list of this image.
Return values:
EFI_SUCCESS Successfully measure image.
EFI_OUT_OF_RESOURCES No enough resource to measure image.
other error value

Referenced by Tcg2HashLogExtendEvent(), and TreeHashLogExtendEvent().

VOID EFIAPI MeasureSecureBootPolicy ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

Measure and log all Secure Boot Policy, and extend the measurement result into a specific PCR.

Platform firmware adhering to the policy must therefore measure the following values into PCR[7]: (in order listed)

  • The contents of the SecureBoot variable
  • The contents of the PK variable
  • The contents of the KEK variable
  • The contents of the EFI_IMAGE_SECURITY_DATABASE variable
  • The contents of the EFI_IMAGE_SECURITY_DATABASE1 variable
  • Separator
  • Entries in the EFI_IMAGE_SECURITY_DATABASE that are used to validate EFI Drivers or EFI Boot Applications in the boot path

NOTE: Because of the above, UEFI variables PK, KEK, EFI_IMAGE_SECURITY_DATABASE, EFI_IMAGE_SECURITY_DATABASE1 and SecureBoot SHALL NOT be measured into PCR[3].

Parameters:
[in] Event Event whose notification function is being invoked
[in] Context Pointer to the notification function's context

References EFI_STATUS(), MeasureAllSecureVariables(), MeasureLaunchOfFirmwareDebugger(), and MeasureSeparatorEvent().

Referenced by DriverEntry().

EFI_STATUS MeasureSeparatorEvent ( IN TPM_PCRINDEX  PCRIndex  ) 

Measure and log Separator event, and extend the measurement result into a specific PCR.

Parameters:
[in] PCRIndex PCR index.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The operation was unsuccessful.

References TcgDxeHashLogExtendEvent().

Referenced by MeasureSecureBootPolicy(), and OnReadyToBoot().

EFI_STATUS MeasureVariable ( IN TPM_PCRINDEX  PCRIndex,
IN TCG_EVENTTYPE  EventType,
IN CHAR16 *  VarName,
IN EFI_GUID *  VendorGuid,
IN VOID *  VarData,
IN UINTN  VarSize 
)

Measure and log an EFI variable, and extend the measurement result into a specific PCR.

Parameters:
[in] PCRIndex PCR Index.
[in] EventType Event type.
[in] VarName A Null-terminated string that is the name of the vendor's variable.
[in] VendorGuid A unique identifier for the vendor.
[in] VarData The content of the variable data.
[in] VarSize The size of the variable data.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.
EFI_DEVICE_ERROR The operation was unsuccessful.

References EFI_STATUS(), TcgDxeHashLogExtendEvent(), and UINTN().

VOID EFIAPI OnExitBootServices ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

Exit Boot Services Event notification handler.

Measure invocation and success of ExitBootServices.

Parameters:
[in] Event Event whose notification function is being invoked
[in] Context Pointer to the notification function's context

References EFI_STATUS(), and TcgMeasureAction().

Referenced by DriverEntry().

VOID EFIAPI OnExitBootServicesFailed ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

Exit Boot Services Failed Event notification handler.

Measure Failure of ExitBootServices.

Parameters:
[in] Event Event whose notification function is being invoked
[in] Context Pointer to the notification function's context

References EFI_STATUS(), and TcgMeasureAction().

Referenced by DriverEntry().

VOID EFIAPI OnReadyToBoot ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

Ready to Boot Event notification handler.

Sequence of OS boot events is measured in this event notification handler.

Parameters:
[in] Event Event whose notification function is being invoked
[in] Context Pointer to the notification function's context

References EFI_STATUS(), mBootAttempts, MeasureAllBootVariables(), MeasureHandoffTables(), MeasureSeparatorEvent(), mImageHandle, PERF_ID_TCG2_DXE, and TcgMeasureAction().

EFI_STATUS ReadAndMeasureBootVariable ( IN CHAR16 *  VarName,
IN EFI_GUID *  VendorGuid,
OUT UINTN *  VarSize,
OUT VOID **  VarData 
)

Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[5].

Parameters:
[in] VarName A Null-terminated string that is the name of the vendor's variable.
[in] VendorGuid A unique identifier for the vendor.
[out] VarSize The size of the variable data.
[out] VarData Pointer to the content of the variable.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.
EFI_DEVICE_ERROR The operation was unsuccessful.

References ReadAndMeasureVariable().

Referenced by MeasureAllBootVariables().

EFI_STATUS ReadAndMeasureSecureVariable ( IN CHAR16 *  VarName,
IN EFI_GUID *  VendorGuid,
OUT UINTN *  VarSize,
OUT VOID **  VarData 
)

Read then Measure and log an EFI Secure variable, and extend the measurement result into PCR[7].

Parameters:
[in] VarName A Null-terminated string that is the name of the vendor's variable.
[in] VendorGuid A unique identifier for the vendor.
[out] VarSize The size of the variable data.
[out] VarData Pointer to the content of the variable.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.
EFI_DEVICE_ERROR The operation was unsuccessful.

References ReadAndMeasureVariable().

Referenced by MeasureAllSecureVariables().

EFI_STATUS ReadAndMeasureVariable ( IN TPM_PCRINDEX  PCRIndex,
IN TCG_EVENTTYPE  EventType,
IN CHAR16 *  VarName,
IN EFI_GUID *  VendorGuid,
OUT UINTN *  VarSize,
OUT VOID **  VarData 
)

Read then Measure and log an EFI variable, and extend the measurement result into a specific PCR.

Parameters:
[in] PCRIndex PCR Index.
[in] EventType Event type.
[in] VarName A Null-terminated string that is the name of the vendor's variable.
[in] VendorGuid A unique identifier for the vendor.
[out] VarSize The size of the variable data.
[out] VarData Pointer to the content of the variable.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.
EFI_DEVICE_ERROR The operation was unsuccessful.

References EFI_STATUS(), and MeasureVariable().

Referenced by ReadAndMeasureBootVariable(), and ReadAndMeasureSecureVariable().

EFI_STATUS SetupEventLog ( VOID   ) 

Initialize the Event Log and log events passed from the PEI phase.

Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.

References EFI_STATUS(), EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2, EFI_TCG_FINAL_LOG_AREA_SIZE, EFI_TCG_LOG_AREA_SIZE, GetDigestListBinSize(), GetTcgEfiSpecIdEventStructSize(), mTcg2EventInfo, mTcgDxeData, SHA1_DIGEST_SIZE, SHA256_DIGEST_SIZE, SHA384_DIGEST_SIZE, SHA512_DIGEST_SIZE, TcgDxeLogEvent(), and UINTN().

Referenced by DriverEntry().

EFI_STATUS EFIAPI Tcg2GetActivePCRBanks ( IN EFI_TCG2_PROTOCOL *  This,
OUT UINT32 *  ActivePcrBanks 
)

This service returns the currently active PCR banks.

Parameters:
[in] This Indicates the calling context
[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks.
Return values:
EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter.
EFI_INVALID_PARAMETER One or more of the parameters are incorrect.

References mTcgDxeData.

EFI_STATUS EFIAPI Tcg2GetCapability ( IN EFI_TCG2_PROTOCOL *  This,
IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *  ProtocolCapability 
)

The EFI_TCG2_PROTOCOL GetCapability function call provides protocol capability information and state information.

Parameters:
[in] This Indicates the calling context
[in,out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY structure and sets the size field to the size of the structure allocated. The callee fills in the fields with the EFI protocol capability information and the current EFI TCG2 state information up to the number of fields which fit within the size of the structure passed in.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The command was unsuccessful. The ProtocolCapability variable will not be populated.
EFI_INVALID_PARAMETER One or more of the parameters are incorrect. The ProtocolCapability variable will not be populated.
EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response. It will be partially populated (required Size field will be set).

References mTcgDxeData.

EFI_STATUS EFIAPI Tcg2GetEventLog ( IN EFI_TCG2_PROTOCOL *  This,
IN EFI_TCG2_EVENT_LOG_FORMAT  EventLogFormat,
OUT EFI_PHYSICAL_ADDRESS *  EventLogLocation,
OUT EFI_PHYSICAL_ADDRESS *  EventLogLastEntry,
OUT BOOLEAN *  EventLogTruncated 
)

The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to retrieve the address of a given event log and its last entry.

Parameters:
[in] This Indicates the calling context
[in] EventLogFormat The type of the event log for which the information is requested.
[out] EventLogLocation A pointer to the memory address of the event log.
[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the address of the start of the last entry in the event log in memory.
[out] EventLogTruncated If the Event Log is missing at least one entry because an event would have exceeded the area allocated for events, this value is set to TRUE. Otherwise, the value will be FALSE and the Event Log will be complete.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_INVALID_PARAMETER One or more of the parameters are incorrect (e.g. asking for an event log whose format is not supported).

References DumpEventLog(), mTcg2EventInfo, mTcgDxeData, TRUE, and UINTN().

EFI_STATUS EFIAPI Tcg2GetResultOfSetActivePcrBanks ( IN EFI_TCG2_PROTOCOL *  This,
OUT UINT32 *  OperationPresent,
OUT UINT32 *  Response 
)

This service retrieves the result of a previous invocation of SetActivePcrBanks.

Parameters:
[in] This Indicates the calling context
[out] OperationPresent Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot.
[out] Response The response from the SetActivePcrBank request.
Return values:
EFI_SUCCESS The result value could be returned.
EFI_INVALID_PARAMETER One or more of the parameters are incorrect.

References Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction().

EFI_STATUS EFIAPI Tcg2HashLogExtendEvent ( IN EFI_TCG2_PROTOCOL *  This,
IN UINT64  Flags,
IN EFI_PHYSICAL_ADDRESS  DataToHash,
IN UINT64  DataToHashLen,
IN EFI_TCG2_EVENT *  Event 
)

The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with an opportunity to extend and optionally log events without requiring knowledge of actual TPM commands. The extend operation will occur even if this function cannot create an event log entry (e.g. due to the event log being full).

Parameters:
[in] This Indicates the calling context
[in] Flags Bitmap providing additional information.
[in] DataToHash Physical address of the start of the data buffer to be hashed.
[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash.
[in] Event Pointer to data buffer containing information about the event.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The command was unsuccessful.
EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs.
EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
EFI_UNSUPPORTED The PE/COFF image type is not supported.

References EFI_STATUS(), MeasurePeImageAndExtend(), mTcgDxeData, TcgDxeHashLogExtendEvent(), TcgDxeLogHashEvent(), and UINTN().

EFI_STATUS EFIAPI Tcg2SetActivePCRBanks ( IN EFI_TCG2_PROTOCOL *  This,
IN UINT32  ActivePcrBanks 
)

This service sets the currently active PCR banks.

Parameters:
[in] This Indicates the calling context
[in] ActivePcrBanks Bitmap of the requested active PCR banks. At least one bit SHALL be set.
Return values:
EFI_SUCCESS The bitmap in ActivePcrBank parameter is already active.
EFI_INVALID_PARAMETER One or more of the parameters are incorrect.

References EFI_STATUS(), mTcgDxeData, Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction(), TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE, TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED, and TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS.

EFI_STATUS EFIAPI Tcg2SubmitCommand ( IN EFI_TCG2_PROTOCOL *  This,
IN UINT32  InputParameterBlockSize,
IN UINT8 *  InputParameterBlock,
IN UINT32  OutputParameterBlockSize,
IN UINT8 *  OutputParameterBlock 
)

This service enables the sending of commands to the TPM.

Parameters:
[in] This Indicates the calling context
[in] InputParameterBlockSize Size of the TPM input parameter block.
[in] InputParameterBlock Pointer to the TPM input parameter block.
[in] OutputParameterBlockSize Size of the TPM output parameter block.
[in] OutputParameterBlock Pointer to the TPM output parameter block.
Return values:
EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received.
EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device.
EFI_INVALID_PARAMETER One or more of the parameters are incorrect.
EFI_BUFFER_TOO_SMALL The output parameter block is too small.

References EFI_STATUS(), mTcgDxeData, and Tpm2SubmitCommand().

EFI_STATUS TcgCommLogEvent ( IN OUT UINT8 **  EventLogPtr,
IN OUT UINTN *  LogSize,
IN UINTN  MaxSize,
IN VOID *  NewEventHdr,
IN UINT32  NewEventHdrSize,
IN UINT8 *  NewEventData,
IN UINT32  NewEventSize 
)

Add a new entry to the Event Log.

Parameters:
[in,out] EventLogPtr Pointer to the Event Log data.
[in,out] LogSize Size of the Event Log.
[in] MaxSize Maximum size of the Event Log.
[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
[in] NewEventHdrSize New event header size.
[in] NewEventData Pointer to the new event data.
[in] NewEventSize New event data size.
Return values:
EFI_SUCCESS The new event log entry was added.
EFI_OUT_OF_RESOURCES No enough memory to log the new event.

References UINTN().

Referenced by TcgDxeLogEvent().

EFI_STATUS TcgDxeHashLogExtendEvent ( IN UINT64  Flags,
IN UINT8 *  HashData,
IN UINT64  HashDataLen,
IN OUT TCG_PCR_EVENT_HDR *  NewEventHdr,
IN UINT8 *  NewEventData 
)

Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, and add an entry to the Event Log.

Parameters:
[in] Flags Bitmap providing additional information.
[in] HashData Physical address of the start of the data buffer to be hashed, extended, and logged.
[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
[in] NewEventData Pointer to the new event data.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES No enough memory to log the new event.
EFI_DEVICE_ERROR The command was unsuccessful.

References EFI_STATUS(), HashAndExtend(), mTcgDxeData, TcgDxeLogHashEvent(), and UINTN().

Referenced by MeasureHandoffTables(), MeasureLaunchOfFirmwareDebugger(), MeasureSeparatorEvent(), MeasureVariable(), Tcg2HashLogExtendEvent(), TcgMeasureAction(), and TreeHashLogExtendEvent().

EFI_STATUS TcgDxeLogEvent ( IN EFI_TCG2_EVENT_LOG_FORMAT  EventLogFormat,
IN VOID *  NewEventHdr,
IN UINT32  NewEventHdrSize,
IN UINT8 *  NewEventData,
IN UINT32  NewEventSize 
)

Add a new entry to the Event Log.

Parameters:
[in] EventLogFormat The type of the event log for which the information is requested.
[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure.
[in] NewEventHdrSize New event header size.
[in] NewEventData Pointer to the new event data.
[in] NewEventSize New event data size.
Return values:
EFI_SUCCESS The new event log entry was added.
EFI_OUT_OF_RESOURCES No enough memory to log the new event.

References EFI_STATUS(), mTcg2EventInfo, mTcgDxeData, TcgCommLogEvent(), TRUE, and UINTN().

Referenced by SetupEventLog(), and TcgDxeLogHashEvent().

EFI_STATUS TcgDxeLogHashEvent ( IN TPML_DIGEST_VALUES *  DigestList,
IN OUT TCG_PCR_EVENT_HDR *  NewEventHdr,
IN UINT8 *  NewEventData 
)

Add a new entry to the Event Log.

Parameters:
[in] DigestList A list of digest.
[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
[in] NewEventData Pointer to the new event data.
Return values:
EFI_SUCCESS The new event log entry was added.
EFI_OUT_OF_RESOURCES No enough memory to log the new event.

References CopyDigestListToBuffer(), EFI_STATUS(), EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2, GetDigestListSize(), mTcg2EventInfo, mTcgDxeData, TcgDxeLogEvent(), Tpm2GetDigestFromDigestList(), and UINTN().

Referenced by Tcg2HashLogExtendEvent(), TcgDxeHashLogExtendEvent(), and TreeHashLogExtendEvent().

EFI_STATUS TcgMeasureAction ( IN CHAR8 *  String  ) 

Measure and log an action string, and extend the measurement result into PCR[5].

Parameters:
[in] String A specific string that indicates an Action event.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The operation was unsuccessful.

References TcgDxeHashLogExtendEvent().

Referenced by OnExitBootServices(), OnExitBootServicesFailed(), and OnReadyToBoot().

EFI_STATUS Tpm2GetDigestFromDigestList ( IN TPMI_ALG_HASH  HashAlg,
IN TPML_DIGEST_VALUES *  DigestList,
IN VOID *  Digest 
)

This function get digest from digest list.

Parameters:
HashAlg digest algorithm
DigestList digest list
Digest digest
Return values:
EFI_SUCCESS Sha1Digest is found and returned.
EFI_NOT_FOUND Sha1Digest is not found.

References GetHashSizeFromAlgo(), and UINTN().

Referenced by LogHashEvent(), and TcgDxeLogHashEvent().


Variable Documentation

UINTN mBootAttempts = 0

Referenced by OnReadyToBoot().

CHAR16 mBootVarName[] = L"BootOrder"

Referenced by MeasureAllBootVariables().

EFI_HANDLE mImageHandle

Referenced by DriverEntry(), and OnReadyToBoot().

TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[]

EFI_TCG2_PROTOCOL mTcg2Protocol

VARIABLE_TYPE mVariableType[]

Initial value:

 {
  {EFI_SECURE_BOOT_MODE_NAME,    &gEfiGlobalVariableGuid},
  {EFI_PLATFORM_KEY_NAME,        &gEfiGlobalVariableGuid},
  {EFI_KEY_EXCHANGE_KEY_NAME,    &gEfiGlobalVariableGuid},
  {EFI_IMAGE_SECURITY_DATABASE,  &gEfiImageSecurityDatabaseGuid},
  {EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid},
}


Generated on Thu Sep 24 23:44:24 2015 for SecurityPkg[ALL] by  doxygen 1.5.7.1