SecurityPkg/Tcg/TcgDxe/TcgDxe.c File Reference


Defines

#define EFI_TCG_LOG_AREA_SIZE   0x10000
#define TCG_DXE_DATA_FROM_THIS(this)   BASE_CR (this, TCG_DXE_DATA, TcgProtocol)

Typedefs

typedef struct _TCG_DXE_DATA TCG_DXE_DATA

Functions

EFI_STATUS GetProcessorsCpuLocation (OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, OUT UINTN *Num)
EFI_STATUS EFIAPI TcgDxeStatusCheck (IN EFI_TCG_PROTOCOL *This, OUT TCG_EFI_BOOT_SERVICE_CAPABILITY *ProtocolCapability, OUT UINT32 *TCGFeatureFlags, OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry)
EFI_STATUS EFIAPI TcgDxeHashAll (IN EFI_TCG_PROTOCOL *This, IN UINT8 *HashData, IN UINT64 HashDataLen, IN TCG_ALGORITHM_ID AlgorithmId, IN OUT UINT64 *HashedDataLen, IN OUT UINT8 **HashedDataResult)
EFI_STATUS EFIAPI TcgDxeLogEventI (IN TCG_DXE_DATA *TcgData, IN TCG_PCR_EVENT_HDR *NewEventHdr, IN UINT8 *NewEventData)
EFI_STATUS EFIAPI TcgDxeLogEvent (IN EFI_TCG_PROTOCOL *This, IN TCG_PCR_EVENT *TCGLogData, IN OUT UINT32 *EventNumber, IN UINT32 Flags)
EFI_STATUS EFIAPI TcgDxePassThroughToTpm (IN EFI_TCG_PROTOCOL *This, IN UINT32 TpmInputParameterBlockSize, IN UINT8 *TpmInputParameterBlock, IN UINT32 TpmOutputParameterBlockSize, IN UINT8 *TpmOutputParameterBlock)
EFI_STATUS EFIAPI TcgDxeHashLogExtendEventI (IN TCG_DXE_DATA *TcgData, IN UINT8 *HashData, IN UINT64 HashDataLen, IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, IN UINT8 *NewEventData)
EFI_STATUS EFIAPI TcgDxeHashLogExtendEvent (IN EFI_TCG_PROTOCOL *This, IN EFI_PHYSICAL_ADDRESS HashData, IN UINT64 HashDataLen, IN TPM_ALGORITHM_ID AlgorithmId, IN OUT TCG_PCR_EVENT *TCGLogData, IN OUT UINT32 *EventNumber, OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry)
EFI_STATUS EFIAPI SetupEventLog (VOID)
EFI_STATUS EFIAPI TcgMeasureAction (IN CHAR8 *String)
EFI_STATUS EFIAPI MeasureHandoffTables (VOID)
EFI_STATUS EFIAPI MeasureSeparatorEvent (IN TPM_PCRINDEX PCRIndex)
VOID *EFIAPI ReadVariable (IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, OUT UINTN *VarSize)
EFI_STATUS EFIAPI MeasureVariable (IN TPM_PCRINDEX PCRIndex, IN TCG_EVENTTYPE EventType, IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, IN VOID *VarData, IN UINTN VarSize)
EFI_STATUS EFIAPI ReadAndMeasureBootVariable (IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, OUT UINTN *VarSize, OUT VOID **VarData)
EFI_STATUS EFIAPI MeasureAllBootVariables (VOID)
VOID EFIAPI OnReadyToBoot (IN EFI_EVENT Event, IN VOID *Context)
VOID EFIAPI InstallAcpiTable (IN EFI_EVENT Event, IN VOID *Context)
VOID EFIAPI OnExitBootServices (IN EFI_EVENT Event, IN VOID *Context)
VOID EFIAPI OnExitBootServicesFailed (IN EFI_EVENT Event, IN VOID *Context)
EFI_STATUS GetTpmStatus (OUT BOOLEAN *TPMDeactivatedFlag)
EFI_STATUS EFIAPI DriverEntry (IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)

Variables

EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate
EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate
UINTN mBootAttempts = 0
CHAR16 mBootVarName [] = L"BootOrder"
TCG_DXE_DATA mTcgDxeData

Detailed Description

This module implements TCG EFI Protocol.

Caution: This module requires additional review when modified. This driver will have external input - TcgDxePassThroughToTpm This external input must be validated carefully to avoid security issue like buffer overflow, integer overflow.

TcgDxePassThroughToTpm() will receive untrusted input and do basic validation.

Copyright (c) 2005 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Define Documentation

#define EFI_TCG_LOG_AREA_SIZE   0x10000

#define TCG_DXE_DATA_FROM_THIS ( this   )     BASE_CR (this, TCG_DXE_DATA, TcgProtocol)


Typedef Documentation

typedef struct _TCG_DXE_DATA TCG_DXE_DATA


Function Documentation

EFI_STATUS EFIAPI DriverEntry ( IN EFI_HANDLE  ImageHandle,
IN EFI_SYSTEM_TABLE *  SystemTable 
)

The driver's entry point.

It publishes EFI TCG Protocol.

Parameters:
[in] ImageHandle The firmware allocated handle for the EFI image.
[in] SystemTable A pointer to the EFI System Table.
Return values:
EFI_SUCCESS The entry point is executed successfully.
other Some error occurs when executing this entry point.

References EFI_STATUS(), gEfiTpmDeviceInstanceTpm12Guid, GetTpmStatus(), gTpmErrorHobGuid, InstallAcpiTable(), OnExitBootServices(), OnExitBootServicesFailed(), OnReadyToBoot(), SetupEventLog(), TisPcRequestUseTpm(), TPM_BASE_ADDRESS, and UINTN().

EFI_STATUS GetProcessorsCpuLocation ( OUT EFI_CPU_PHYSICAL_LOCATION **  LocationBuf,
OUT UINTN *  Num 
)

Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function Caller is responsible to free LocationBuf.

Parameters:
[out] LocationBuf Returns Processor Location Buffer.
[out] Num Returns processor number.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_UNSUPPORTED MpService protocol not found.

References EFI_STATUS(), and UINTN().

EFI_STATUS GetTpmStatus ( OUT BOOLEAN *  TPMDeactivatedFlag  ) 

Get TPM Deactivated state.

Parameters:
[out] TPMDeactivatedFlag Returns TPM Deactivated state.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The operation was unsuccessful.

References EFI_STATUS(), and TpmCommGetFlags().

Referenced by DriverEntry().

VOID EFIAPI InstallAcpiTable ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

Install TCG ACPI Table when ACPI Table Protocol is available.

A system's firmware uses an ACPI table to identify the system's TCG capabilities to the Post-Boot environment. The information in this ACPI table is not guaranteed to be valid until the Host Platform transitions from pre-boot state to post-boot state.

Parameters:
[in] Event Event whose notification function is being invoked
[in] Context Pointer to the notification function's context

References EFI_STATUS(), mTcgClientAcpiTemplate, TCG_PLATFORM_TYPE_CLIENT, and UINTN().

Referenced by DriverEntry().

EFI_STATUS EFIAPI MeasureAllBootVariables ( VOID   ) 

Measure and log all EFI boot variables, and extend the measurement result into a specific PCR.

The EFI boot variables are BootOrder and Boot#### variables.

Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.
EFI_DEVICE_ERROR The operation was unsuccessful.

References EFI_STATUS(), ReadAndMeasureBootVariable(), and UINTN().

EFI_STATUS EFIAPI MeasureHandoffTables ( VOID   ) 

Measure and log EFI handoff tables, and extend the measurement result into PCR[1].

Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The operation was unsuccessful.

References EFI_STATUS(), GetProcessorsCpuLocation(), TCG_PLATFORM_TYPE_SERVER, TcgDxeHashLogExtendEventI(), and UINTN().

EFI_STATUS EFIAPI MeasureSeparatorEvent ( IN TPM_PCRINDEX  PCRIndex  ) 

Measure and log Separator event, and extend the measurement result into a specific PCR.

Parameters:
[in] PCRIndex PCR index.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The operation was unsuccessful.

References TcgDxeHashLogExtendEventI().

EFI_STATUS EFIAPI MeasureVariable ( IN TPM_PCRINDEX  PCRIndex,
IN TCG_EVENTTYPE  EventType,
IN CHAR16 *  VarName,
IN EFI_GUID *  VendorGuid,
IN VOID *  VarData,
IN UINTN  VarSize 
)

Measure and log an EFI variable, and extend the measurement result into a specific PCR.

Parameters:
[in] PCRIndex PCR Index.
[in] EventType Event type.
[in] VarName A Null-terminated string that is the name of the vendor's variable.
[in] VendorGuid A unique identifier for the vendor.
[in] VarData The content of the variable data.
[in] VarSize The size of the variable data.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.
EFI_DEVICE_ERROR The operation was unsuccessful.

References EFI_STATUS(), TcgDxeHashLogExtendEventI(), and UINTN().

VOID EFIAPI OnExitBootServices ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

Exit Boot Services Event notification handler.

Measure invocation and success of ExitBootServices.

Parameters:
[in] Event Event whose notification function is being invoked
[in] Context Pointer to the notification function's context

References EFI_STATUS(), and TcgMeasureAction().

VOID EFIAPI OnExitBootServicesFailed ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

Exit Boot Services Failed Event notification handler.

Measure Failure of ExitBootServices.

Parameters:
[in] Event Event whose notification function is being invoked
[in] Context Pointer to the notification function's context

References EFI_STATUS(), and TcgMeasureAction().

VOID EFIAPI OnReadyToBoot ( IN EFI_EVENT  Event,
IN VOID *  Context 
)

Ready to Boot Event notification handler.

Sequence of OS boot events is measured in this event notification handler.

Parameters:
[in] Event Event whose notification function is being invoked
[in] Context Pointer to the notification function's context

References EFI_STATUS(), MeasureAllBootVariables(), MeasureHandoffTables(), MeasureSeparatorEvent(), and TcgMeasureAction().

EFI_STATUS EFIAPI ReadAndMeasureBootVariable ( IN CHAR16 *  VarName,
IN EFI_GUID *  VendorGuid,
OUT UINTN *  VarSize,
OUT VOID **  VarData 
)

Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[5].

Parameters:
[in] VarName A Null-terminated string that is the name of the vendor's variable.
[in] VendorGuid A unique identifier for the vendor.
[out] VarSize The size of the variable data.
[out] VarData Pointer to the content of the variable.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.
EFI_DEVICE_ERROR The operation was unsuccessful.

References EFI_STATUS(), MeasureVariable(), and ReadVariable().

VOID* EFIAPI ReadVariable ( IN CHAR16 *  VarName,
IN EFI_GUID *  VendorGuid,
OUT UINTN *  VarSize 
)

Read an EFI Variable.

This function allocates a buffer to return the contents of the variable. The caller is responsible for freeing the buffer.

Parameters:
[in] VarName A Null-terminated string that is the name of the vendor's variable.
[in] VendorGuid A unique identifier for the vendor.
[out] VarSize The size of the variable data.
Returns:
A pointer to the buffer to return the contents of the variable.Otherwise NULL.

References EFI_STATUS().

Referenced by ReadAndMeasureBootVariable().

EFI_STATUS EFIAPI SetupEventLog ( VOID   ) 

Initialize the Event Log and log events passed from the PEI phase.

Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Out of memory.

References EFI_STATUS(), EFI_TCG_LOG_AREA_SIZE, gTcgEventEntryHobGuid, mTcgClientAcpiTemplate, TCG_PLATFORM_TYPE_CLIENT, TcgDxeLogEventI(), and UINTN().

EFI_STATUS EFIAPI TcgDxeHashAll ( IN EFI_TCG_PROTOCOL *  This,
IN UINT8 *  HashData,
IN UINT64  HashDataLen,
IN TCG_ALGORITHM_ID  AlgorithmId,
IN OUT UINT64 *  HashedDataLen,
IN OUT UINT8 **  HashedDataResult 
)

This service abstracts the capability to do a hash operation on a data buffer.

Parameters:
[in] This Indicates the calling context
[in] HashData Pointer to the data buffer to be hashed
[in] HashDataLen Length of the data buffer to be hashed
[in] AlgorithmId Identification of the Algorithm to use for the hashing operation
[in,out] HashedDataLen Resultant length of the hashed data
[in,out] HashedDataResult Resultant buffer of the hashed data
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_INVALID_PARAMETER HashDataLen is NULL.
EFI_INVALID_PARAMETER HashDataLenResult is NULL.
EFI_OUT_OF_RESOURCES Cannot allocate buffer of size *HashedDataLen.
EFI_UNSUPPORTED AlgorithmId not supported.
EFI_BUFFER_TOO_SMALL *HashedDataLen < sizeof (TCG_DIGEST).

References TpmCommHashAll(), and UINTN().

EFI_STATUS EFIAPI TcgDxeHashLogExtendEvent ( IN EFI_TCG_PROTOCOL *  This,
IN EFI_PHYSICAL_ADDRESS  HashData,
IN UINT64  HashDataLen,
IN TPM_ALGORITHM_ID  AlgorithmId,
IN OUT TCG_PCR_EVENT *  TCGLogData,
IN OUT UINT32 *  EventNumber,
OUT EFI_PHYSICAL_ADDRESS *  EventLogLastEntry 
)

This service abstracts the capability to do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, and add an entry to the Event Log

Parameters:
[in] This Indicates the calling context
[in] HashData Physical address of the start of the data buffer to be hashed, extended, and logged.
[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
[in] AlgorithmId Identification of the Algorithm to use for the hashing operation
[in,out] TCGLogData The physical address of the start of the data buffer containing the TCG_PCR_EVENT data structure.
[in,out] EventNumber The event number of the event just logged.
[out] EventLogLastEntry Physical address of the first byte of the entry just placed in the Event Log. If the Event Log was empty when this function was called then this physical address will be the same as the physical address of the start of the Event Log.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_UNSUPPORTED AlgorithmId != TPM_ALG_SHA.
EFI_UNSUPPORTED Current TPL >= EFI_TPL_CALLBACK.
EFI_DEVICE_ERROR The command was unsuccessful.

References EFI_STATUS(), TCG_DXE_DATA_FROM_THIS, TcgDxeHashLogExtendEventI(), and UINTN().

EFI_STATUS EFIAPI TcgDxeHashLogExtendEventI ( IN TCG_DXE_DATA TcgData,
IN UINT8 *  HashData,
IN UINT64  HashDataLen,
IN OUT TCG_PCR_EVENT_HDR *  NewEventHdr,
IN UINT8 *  NewEventData 
)

Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, and add an entry to the Event Log.

Parameters:
[in] TcgData TCG_DXE_DATA structure.
[in] HashData Physical address of the start of the data buffer to be hashed, extended, and logged.
[in] HashDataLen The length, in bytes, of the buffer referenced by HashData
[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
[in] NewEventData Pointer to the new event data.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES No enough memory to log the new event.
EFI_DEVICE_ERROR The command was unsuccessful.

References EFI_STATUS(), TcgDxeLogEventI(), TpmCommExtend(), TpmCommHashAll(), and UINTN().

Referenced by MeasureHandoffTables(), MeasureSeparatorEvent(), MeasureVariable(), TcgDxeHashLogExtendEvent(), and TcgMeasureAction().

EFI_STATUS EFIAPI TcgDxeLogEvent ( IN EFI_TCG_PROTOCOL *  This,
IN TCG_PCR_EVENT *  TCGLogData,
IN OUT UINT32 *  EventNumber,
IN UINT32  Flags 
)

This service abstracts the capability to add an entry to the Event Log.

Parameters:
[in] This Indicates the calling context
[in] TCGLogData Pointer to the start of the data buffer containing the TCG_PCR_EVENT data structure. All fields in this structure are properly filled by the caller.
[in,out] EventNumber The event number of the event just logged
[in] Flags Indicate additional flags. Only one flag has been defined at this time, which is 0x01 and means the extend operation should not be performed. All other bits are reserved.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_OUT_OF_RESOURCES Insufficient memory in the event log to complete this action.

References TCG_DXE_DATA_FROM_THIS, and TcgDxeLogEventI().

EFI_STATUS EFIAPI TcgDxeLogEventI ( IN TCG_DXE_DATA TcgData,
IN TCG_PCR_EVENT_HDR *  NewEventHdr,
IN UINT8 *  NewEventData 
)

Add a new entry to the Event Log.

Parameters:
[in] TcgData TCG_DXE_DATA structure.
[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure.
[in] NewEventData Pointer to the new event data.
Return values:
EFI_SUCCESS The new event log entry was added.
EFI_OUT_OF_RESOURCES No enough memory to log the new event.

References TCG_PLATFORM_TYPE_CLIENT, TpmCommLogEvent(), and UINTN().

Referenced by SetupEventLog(), TcgDxeHashLogExtendEventI(), and TcgDxeLogEvent().

EFI_STATUS EFIAPI TcgDxePassThroughToTpm ( IN EFI_TCG_PROTOCOL *  This,
IN UINT32  TpmInputParameterBlockSize,
IN UINT8 *  TpmInputParameterBlock,
IN UINT32  TpmOutputParameterBlockSize,
IN UINT8 *  TpmOutputParameterBlock 
)

This service is a proxy for commands to the TPM.

Parameters:
[in] This Indicates the calling context
[in] TpmInputParameterBlockSize Size of the TPM input parameter block
[in] TpmInputParameterBlock Pointer to the TPM input parameter block
[in] TpmOutputParameterBlockSize Size of the TPM output parameter block
[in] TpmOutputParameterBlock Pointer to the TPM output parameter block
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_INVALID_PARAMETER Invalid ordinal.
EFI_UNSUPPORTED Current Task Priority Level >= EFI_TPL_CALLBACK.
EFI_TIMEOUT The TIS timed-out.

References TCG_DXE_DATA_FROM_THIS, TisPcExecute(), and UINTN().

EFI_STATUS EFIAPI TcgDxeStatusCheck ( IN EFI_TCG_PROTOCOL *  This,
OUT TCG_EFI_BOOT_SERVICE_CAPABILITY *  ProtocolCapability,
OUT UINT32 *  TCGFeatureFlags,
OUT EFI_PHYSICAL_ADDRESS *  EventLogLocation,
OUT EFI_PHYSICAL_ADDRESS *  EventLogLastEntry 
)

This service provides EFI protocol capability information, state information about the TPM, and Event Log state information.

Parameters:
[in] This Indicates the calling context
[out] ProtocolCapability The callee allocates memory for a TCG_BOOT_SERVICE_CAPABILITY structure and fills in the fields with the EFI protocol capability information and the current TPM state information.
[out] TCGFeatureFlags This is a pointer to the feature flags. No feature flags are currently defined so this parameter MUST be set to 0. However, in the future, feature flags may be defined that, for example, enable hash algorithm agility.
[out] EventLogLocation This is a pointer to the address of the event log in memory.
[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the address of the start of the last entry in the event log in memory.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_INVALID_PARAMETER ProtocolCapability does not match TCG capability.

References TCG_DXE_DATA_FROM_THIS, TCG_PLATFORM_TYPE_CLIENT, and UINTN().

EFI_STATUS EFIAPI TcgMeasureAction ( IN CHAR8 *  String  ) 

Measure and log an action string, and extend the measurement result into PCR[5].

Parameters:
[in] String A specific string that indicates an Action event.
Return values:
EFI_SUCCESS Operation completed successfully.
EFI_DEVICE_ERROR The operation was unsuccessful.

References TcgDxeHashLogExtendEventI().


Variable Documentation

UINTN mBootAttempts = 0

CHAR16 mBootVarName[] = L"BootOrder"

EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate

Initial value:

 {
  {
    EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE,
    sizeof (mTcgClientAcpiTemplate),
    0x02                      
    
    
    
    
  },
  0,                          
  0,                          
  (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1)  
}

Referenced by InstallAcpiTable(), and SetupEventLog().

Initial value:

 {
  {
    TcgDxeStatusCheck,
    TcgDxeHashAll,
    TcgDxeLogEvent,
    TcgDxePassThroughToTpm,
    TcgDxeHashLogExtendEvent
  },
  {
    sizeof (mTcgDxeData.BsCap),
    { 1, 2, 0, 0 },
    { 1, 2, 0, 0 },
    1,
    TRUE,
    FALSE
  },
  &mTcgClientAcpiTemplate,
  &mTcgServerAcpiTemplate,
  0,
  NULL,
  NULL
}

EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate


Generated on Thu Sep 24 23:44:24 2015 for SecurityPkg[ALL] by  doxygen 1.5.7.1