SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c File Reference


Functions

EFI_STATUS EFIAPI DxeTpm2MeasureBootLibImageRead (IN VOID *FileHandle, IN UINTN FileOffset, IN OUT UINTN *ReadSize, OUT VOID *Buffer)
EFI_STATUS EFIAPI Tcg2MeasureGptTable (IN EFI_TCG2_PROTOCOL *Tcg2Protocol, IN EFI_HANDLE GptHandle)
EFI_STATUS EFIAPI Tcg2MeasurePeImage (IN EFI_TCG2_PROTOCOL *Tcg2Protocol, IN EFI_PHYSICAL_ADDRESS ImageAddress, IN UINTN ImageSize, IN UINTN LinkTimeBase, IN UINT16 ImageType, IN EFI_DEVICE_PATH_PROTOCOL *FilePath)
EFI_STATUS EFIAPI DxeTpm2MeasureBootHandler (IN UINT32 AuthenticationStatus, IN CONST EFI_DEVICE_PATH_PROTOCOL *File, IN VOID *FileBuffer, IN UINTN FileSize, IN BOOLEAN BootPolicy)
EFI_STATUS EFIAPI DxeTpm2MeasureBootLibConstructor (IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)

Variables

BOOLEAN mTcg2MeasureGptTableFlag = FALSE
UINTN mTcg2MeasureGptCount = 0
VOID * mTcg2FileBuffer
UINTN mTcg2ImageSize
EFI_HANDLE mTcg2CacheMeasuredHandle = NULL
MEASURED_HOB_DATAmTcg2MeasuredHobData = NULL

Detailed Description

The library instance provides security service of TPM2 measure boot.

Caution: This file requires additional review when modified. This library will have external input - PE/COFF image and GPT partition. This external input must be validated carefully to avoid security issue like buffer overflow, integer overflow.

DxeTpm2MeasureBootLibImageRead() function will make sure the PE/COFF image content read is within the image buffer.

Tcg2MeasurePeImage() function will accept untrusted PE/COFF image and validate its data structure within this image buffer before use.

Tcg2MeasureGptTable() function will receive untrusted GPT partition table, and parse partition data carefully.

Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at http://opensource.org/licenses/bsd-license.php

THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.


Function Documentation

EFI_STATUS EFIAPI DxeTpm2MeasureBootHandler ( IN UINT32  AuthenticationStatus,
IN CONST EFI_DEVICE_PATH_PROTOCOL *  File,
IN VOID *  FileBuffer,
IN UINTN  FileSize,
IN BOOLEAN  BootPolicy 
)

The security handler is used to abstract platform-specific policy from the DXE core response to an attempt to use a file that returns a given status for the authentication check from the section extraction protocol.

The possible responses in a given SAP implementation may include locking flash upon failure to authenticate, attestation logging for all signed drivers, and other exception operations. The File parameter allows for possible logging within the SAP of the driver.

If File is NULL, then EFI_INVALID_PARAMETER is returned.

If the file specified by File with an authentication status specified by AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.

If the file specified by File with an authentication status specified by AuthenticationStatus is not safe for the DXE Core to use under any circumstances, then EFI_ACCESS_DENIED is returned.

If the file specified by File with an authentication status specified by AuthenticationStatus is not safe for the DXE Core to use right now, but it might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is returned.

Parameters:
[in] AuthenticationStatus This is the authentication status returned from the securitymeasurement services for the input file.
[in] File This is a pointer to the device path of the file that is being dispatched. This will optionally be used for logging.
[in] FileBuffer File buffer matches the input file device path.
[in] FileSize Size of File buffer matches the input file device path.
[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.
Return values:
EFI_SUCCESS The file specified by DevicePath and non-NULL FileBuffer did authenticate, and the platform policy dictates that the DXE Foundation may use the file.
other error value

References BOOLEAN(), DxeTpm2MeasureBootLibImageRead(), EFI_STATUS(), MEASURED_HOB_DATA::MeasuredFvBuf, mTcg2CacheMeasuredHandle, mTcg2FileBuffer, mTcg2ImageSize, mTcg2MeasureGptTableFlag, MEASURED_HOB_DATA::Num, Tcg2MeasureGptTable(), Tcg2MeasurePeImage(), TRUE, and UINTN().

Referenced by DxeTpm2MeasureBootLibConstructor().

EFI_STATUS EFIAPI DxeTpm2MeasureBootLibConstructor ( IN EFI_HANDLE  ImageHandle,
IN EFI_SYSTEM_TABLE *  SystemTable 
)

Register the security handler to provide TPM measure boot service.

Parameters:
ImageHandle ImageHandle of the loaded driver.
SystemTable Pointer to the EFI System Table.
Return values:
EFI_SUCCESS Register successfully.
EFI_OUT_OF_RESOURCES No enough memory to register this handler.

References DxeTpm2MeasureBootHandler(), and gMeasuredFvHobGuid.

EFI_STATUS EFIAPI DxeTpm2MeasureBootLibImageRead ( IN VOID *  FileHandle,
IN UINTN  FileOffset,
IN OUT UINTN *  ReadSize,
OUT VOID *  Buffer 
)

Reads contents of a PE/COFF image in memory buffer.

Caution: This function may receive untrusted input. PE/COFF image is external input, so this function will make sure the PE/COFF image content read is within the image buffer.

Parameters:
FileHandle Pointer to the file handle to read the PE/COFF image.
FileOffset Offset into the PE/COFF image to begin the read operation.
ReadSize On input, the size in bytes of the requested read operation. On output, the number of bytes actually read.
Buffer Output buffer that contains the data read from the PE/COFF image.
Return values:
EFI_SUCCESS The specified portion of the PE/COFF image was read and the size

References mTcg2ImageSize, and UINTN().

Referenced by DxeTpm2MeasureBootHandler().

EFI_STATUS EFIAPI Tcg2MeasureGptTable ( IN EFI_TCG2_PROTOCOL *  Tcg2Protocol,
IN EFI_HANDLE  GptHandle 
)

Measure GPT table data into TPM log.

Caution: This function may receive untrusted input. The GPT partition table is external input, so this function should parse partition data carefully.

Parameters:
Tcg2Protocol Pointer to the located TCG2 protocol instance.
GptHandle Handle that GPT partition was installed.
Return values:
EFI_SUCCESS Successfully measure GPT table.
EFI_UNSUPPORTED Not support GPT table on the given handle.
EFI_DEVICE_ERROR Can't get GPT table because device error.
EFI_OUT_OF_RESOURCES No enough resource to measure GPT table.
other error value

References EFI_STATUS(), mTcg2MeasureGptCount, and UINTN().

Referenced by DxeTpm2MeasureBootHandler().

EFI_STATUS EFIAPI Tcg2MeasurePeImage ( IN EFI_TCG2_PROTOCOL *  Tcg2Protocol,
IN EFI_PHYSICAL_ADDRESS  ImageAddress,
IN UINTN  ImageSize,
IN UINTN  LinkTimeBase,
IN UINT16  ImageType,
IN EFI_DEVICE_PATH_PROTOCOL *  FilePath 
)

Measure PE image into TPM log based on the authenticode image hashing in PE/COFF Specification 8.0 Appendix A.

Caution: This function may receive untrusted input. PE/COFF image is external input, so this function will validate its data structure within this image buffer before use.

Parameters:
[in] Tcg2Protocol Pointer to the located TCG2 protocol instance.
[in] ImageAddress Start address of image buffer.
[in] ImageSize Image size
[in] LinkTimeBase Address that the image is loaded into memory.
[in] ImageType Image subsystem type.
[in] FilePath File path is corresponding to the input image.
Return values:
EFI_SUCCESS Successfully measure image.
EFI_OUT_OF_RESOURCES No enough resource to measure image.
EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format.
other error value

References EFI_STATUS().

Referenced by DxeTpm2MeasureBootHandler().


Variable Documentation

EFI_HANDLE mTcg2CacheMeasuredHandle = NULL

Referenced by Tcg2MeasureGptTable().

BOOLEAN mTcg2MeasureGptTableFlag = FALSE


Generated on Thu Sep 24 23:44:24 2015 for SecurityPkg[ALL] by  doxygen 1.5.7.1