SecurityPkg/Include/Library/Tpm2CommandLib.h | 25 +- .../Library/Tpm2CommandLib/Tpm2Integrity.c | 468 ++++++++++++------ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 32 +- 3 files changed, 364 insertions(+), 161 deletions(-)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
Add debug functionality to examine TPM extend operations
performed by BIOS and inspect the PCR 00 value prior to
any BIOS measurements.
Replaced usage of EFI_D_* for DEBUG_* definitions in debug
messages.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 25 +-
.../Library/Tpm2CommandLib/Tpm2Integrity.c | 468 ++++++++++++------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 32 +-
3 files changed, 364 insertions(+), 161 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ce381e786b..bfa5bd82f4 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -505,7 +505,7 @@ EFIAPI
Tpm2PcrEvent (
IN TPMI_DH_PCR PcrHandle,
IN TPM2B_EVENT *EventData,
- OUT TPML_DIGEST_VALUES *Digests
+ OUT TPML_DIGEST_VALUES *Digests
);
/**
@@ -523,9 +523,26 @@ EFI_STATUS
EFIAPI
Tpm2PcrRead (
IN TPML_PCR_SELECTION *PcrSelectionIn,
- OUT UINT32 *PcrUpdateCounter,
- OUT TPML_PCR_SELECTION *PcrSelectionOut,
- OUT TPML_DIGEST *PcrValues
+ OUT UINT32 *PcrUpdateCounter,
+ OUT TPML_PCR_SELECTION *PcrSelectionOut,
+ OUT TPML_DIGEST *PcrValues
+ );
+
+/**
+ This function will query the TPM to determine which hashing algorithms and
+ get the digests of all active and supported PCR banks of a specific PCR register.
+
+ @param[in] PcrHandle The index of the PCR register to be read.
+ @param[out] HashList List of digests from PCR register being read.
+
+ @retval EFI_SUCCESS The Pcr was read successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2ActivePcrRegisterRead (
+ IN TPMI_DH_PCR PcrHandle,
+ OUT TPML_DIGEST *HashList
);
/**
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
index ddb15178fb..229fc44139 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
@@ -76,6 +76,297 @@ typedef struct {
#pragma pack()
+/**
+ This command returns the values of all PCR specified in pcrSelect.
+
+ @param[in] PcrSelectionIn The selection of PCR to read.
+ @param[out] PcrUpdateCounter The current value of the PCR update counter.
+ @param[out] PcrSelectionOut The PCR in the returned list.
+ @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrRead (
+ IN TPML_PCR_SELECTION *PcrSelectionIn,
+ OUT UINT32 *PcrUpdateCounter,
+ OUT TPML_PCR_SELECTION *PcrSelectionOut,
+ OUT TPML_DIGEST *PcrValues
+ )
+{
+ EFI_STATUS Status;
+ TPM2_PCR_READ_COMMAND SendBuffer;
+ TPM2_PCR_READ_RESPONSE RecvBuffer;
+ UINT32 SendBufferSize;
+ UINT32 RecvBufferSize;
+ UINTN Index;
+ TPML_DIGEST *PcrValuesOut;
+ TPM2B_DIGEST *Digests;
+
+ //
+ // Construct command
+ //
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
+
+ SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
+ for (Index = 0; Index < PcrSelectionIn->count; Index++) {
+ SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
+ SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect;
+ CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
+ }
+
+ SendBufferSize = sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSelectionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
+
+ //
+ // send Tpm command
+ //
+ RecvBufferSize = sizeof (RecvBuffer);
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+ return EFI_NOT_FOUND;
+ }
+
+ //
+ // Return the response
+ //
+
+ //
+ // PcrUpdateCounter
+ //
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
+
+ //
+ // PcrSelectionOut
+ //
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
+ if (PcrSelectionOut->count > HASH_COUNT) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count));
+ return EFI_DEVICE_ERROR;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ for (Index = 0; Index < PcrSelectionOut->count; Index++) {
+ PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
+ PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
+ if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
+ return EFI_DEVICE_ERROR;
+ }
+ CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect);
+ }
+
+ //
+ // PcrValues
+ //
+ PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
+ PcrValues->count = SwapBytes32(PcrValuesOut->count);
+ //
+ // The number of digests in list is not greater than 8 per TPML_DIGEST definition
+ //
+ if (PcrValues->count > 8) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count));
+ return EFI_DEVICE_ERROR;
+ }
+ Digests = PcrValuesOut->digests;
+ for (Index = 0; Index < PcrValues->count; Index++) {
+ PcrValues->digests[Index].size = SwapBytes16(Digests->size);
+ if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size));
+ return EFI_DEVICE_ERROR;
+ }
+ CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size);
+ Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + PcrValues->digests[Index].size);
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This function will query the TPM to determine which hashing algorithms and
+ get the digests of all active and supported PCR banks of a specific PCR register.
+
+ @param[in] PcrHandle The index of the PCR register to be read.
+ @param[out] HashList List of digests from PCR register being read.
+
+ @retval EFI_SUCCESS The Pcr was read successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2ActivePcrRegisterRead (
+ IN TPMI_DH_PCR PcrHandle,
+ OUT TPML_DIGEST *HashList
+)
+{
+ EFI_STATUS Status;
+ TPML_PCR_SELECTION Pcrs;
+ TPML_PCR_SELECTION PcrSelectionIn;
+ TPML_PCR_SELECTION PcrSelectionOut;
+ TPML_DIGEST PcrValues;
+ UINT32 PcrUpdateCounter;
+ UINT32 PcrIndex;
+ UINT32 TpmHashAlgorithmBitmap;
+ TPMI_ALG_HASH CurrentPcrBankHash;
+ UINT32 ActivePcrBanks;
+ UINT32 TcgRegistryHashAlg;
+ UINT32 Index;
+ UINT32 Index2;
+
+ PcrIndex = (UINT8)PcrHandle;
+
+ if ((PcrIndex < 0) ||
+ (PcrIndex >= IMPLEMENTATION_PCR)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
+ ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
+ ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
+ ZeroMem (&PcrValues, sizeof (PcrValues));
+ ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
+
+ DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
+
+ //
+ // Read TPM capabilities
+ //
+ Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Get Active Pcrs
+ //
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (
+ &TpmHashAlgorithmBitmap,
+ &ActivePcrBanks
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and active PCRs\n"));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Select from Active PCRs
+ //
+ for (Index = 0; Index < Pcrs.count; Index++) {
+ CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
+
+ switch (CurrentPcrBankHash) {
+ case TPM_ALG_SHA1:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA1;
+ break;
+ case TPM_ALG_SHA256:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA256;
+ break;
+ case TPM_ALG_SHA384:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA384;
+ break;
+ case TPM_ALG_SHA512:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA512;
+ break;
+ case TPM_ALG_SM3_256:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SM3_256;
+ break;
+ default:
+ //
+ // Unsupported algorithm
+ //
+ DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
+ TcgRegistryHashAlg = 0;
+ break;
+ }
+ //
+ // Skip unsupported and inactive PCR banks
+ //
+ if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
+ DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank: 0x%04x\n", CurrentPcrBankHash));
+ continue;
+ }
+
+ //
+ // Select PCR from current active bank
+ //
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash = Pcrs.pcrSelections[Index].hash;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect = PCR_SELECT_MAX;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex < 8) ? 1 << PcrIndex : 0;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex > 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex > 15) ? 1 << (PcrIndex - 16) : 0;
+ PcrSelectionIn.count++;
+ }
+
+ //
+ // Read PCRs
+ //
+ Status = Tpm2PcrRead (
+ &PcrSelectionIn,
+ &PcrUpdateCounter,
+ &PcrSelectionOut,
+ &PcrValues
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
+ return EFI_DEVICE_ERROR;
+ }
+
+ for (Index = 0; Index < PcrValues.count; Index++) {
+ DEBUG ((
+ DEBUG_INFO,
+ "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
+ PcrSelectionOut.pcrSelections[Index].hash,
+ PcrIndex
+ ));
+
+ for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
+ DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
+ }
+ DEBUG ((DEBUG_INFO, "\n"));
+ }
+
+ if (HashList != NULL) {
+ CopyMem (
+ HashList,
+ &PcrValues,
+ sizeof (TPML_DIGEST)
+ );
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
This command is used to cause an update to the indicated PCR.
The digests parameter contains one or more tagged digest value identified by an algorithm ID.
@@ -130,14 +421,26 @@ Tpm2PcrExtend (
Buffer += sizeof(UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) {
- DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
+ DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
+
CopyMem(
Buffer,
&Digests->digests[Index].digest,
DigestSize
);
+
+ DEBUG_CODE_BEGIN ();
+ UINTN Index2;
+ DEBUG ((DEBUG_INFO, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d], digest = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));
+
+ for (Index2 = 0; Index2 < DigestSize; Index2++) {
+ DEBUG ((DEBUG_INFO, "%02x ", Buffer[Index2]));
+ }
+ DEBUG ((DEBUG_INFO, "\n"));
+ DEBUG_CODE_END ();
+
Buffer += DigestSize;
}
@@ -151,7 +454,7 @@ Tpm2PcrExtend (
}
if (ResultBufSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -160,7 +463,7 @@ Tpm2PcrExtend (
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -168,10 +471,15 @@ Tpm2PcrExtend (
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
+ DEBUG_CODE_BEGIN ();
+ DEBUG ((DEBUG_INFO, "Tpm2PcrExtend: PCR read after extend...\n"));
+ Tpm2ActivePcrRegisterRead (PcrHandle, NULL);
+ DEBUG_CODE_END ();
+
//
// Unmarshal the response
//
@@ -246,7 +554,7 @@ Tpm2PcrEvent (
}
if (ResultBufSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -255,7 +563,7 @@ Tpm2PcrEvent (
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -263,7 +571,7 @@ Tpm2PcrEvent (
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -284,7 +592,7 @@ Tpm2PcrEvent (
Buffer += sizeof(UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) {
- DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
+ DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem(
@@ -298,134 +606,6 @@ Tpm2PcrEvent (
return EFI_SUCCESS;
}
-/**
- This command returns the values of all PCR specified in pcrSelect.
-
- @param[in] PcrSelectionIn The selection of PCR to read.
- @param[out] PcrUpdateCounter The current value of the PCR update counter.
- @param[out] PcrSelectionOut The PCR in the returned list.
- @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PcrRead (
- IN TPML_PCR_SELECTION *PcrSelectionIn,
- OUT UINT32 *PcrUpdateCounter,
- OUT TPML_PCR_SELECTION *PcrSelectionOut,
- OUT TPML_DIGEST *PcrValues
- )
-{
- EFI_STATUS Status;
- TPM2_PCR_READ_COMMAND SendBuffer;
- TPM2_PCR_READ_RESPONSE RecvBuffer;
- UINT32 SendBufferSize;
- UINT32 RecvBufferSize;
- UINTN Index;
- TPML_DIGEST *PcrValuesOut;
- TPM2B_DIGEST *Digests;
-
- //
- // Construct command
- //
- SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
- SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
-
- SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
- for (Index = 0; Index < PcrSelectionIn->count; Index++) {
- SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
- SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect;
- CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
- }
-
- SendBufferSize = sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSelectionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
- SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
-
- //
- // send Tpm command
- //
- RecvBufferSize = sizeof (RecvBuffer);
- Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
- return EFI_DEVICE_ERROR;
- }
- if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
- return EFI_NOT_FOUND;
- }
-
- //
- // Return the response
- //
-
- //
- // PcrUpdateCounter
- //
- if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
- return EFI_DEVICE_ERROR;
- }
- *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
-
- //
- // PcrSelectionOut
- //
- if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
- return EFI_DEVICE_ERROR;
- }
- PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
- if (PcrSelectionOut->count > HASH_COUNT) {
- DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count));
- return EFI_DEVICE_ERROR;
- }
-
- if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
- return EFI_DEVICE_ERROR;
- }
- for (Index = 0; Index < PcrSelectionOut->count; Index++) {
- PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
- PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
- if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
- return EFI_DEVICE_ERROR;
- }
- CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect);
- }
-
- //
- // PcrValues
- //
- PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
- PcrValues->count = SwapBytes32(PcrValuesOut->count);
- //
- // The number of digests in list is not greater than 8 per TPML_DIGEST definition
- //
- if (PcrValues->count > 8) {
- DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count));
- return EFI_DEVICE_ERROR;
- }
- Digests = PcrValuesOut->digests;
- for (Index = 0; Index < PcrValues->count; Index++) {
- PcrValues->digests[Index].size = SwapBytes16(Digests->size);
- if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {
- DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size));
- return EFI_DEVICE_ERROR;
- }
- CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size);
- Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + PcrValues->digests[Index].size);
- }
-
- return EFI_SUCCESS;
-}
-
/**
This command is used to set the desired PCR allocation of PCR and algorithms.
@@ -513,7 +693,7 @@ Tpm2PcrAllocate (
}
if (ResultBufSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
@@ -523,7 +703,7 @@ Tpm2PcrAllocate (
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
@@ -532,7 +712,7 @@ Tpm2PcrAllocate (
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
+ DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -673,15 +853,15 @@ Tpm2PcrAllocateBanks (
&SizeNeeded,
&SizeAvailable
);
- DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
+ DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
if (EFI_ERROR (Status)) {
goto Done;
}
- DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
- DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
- DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
- DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
+ DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
+ DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR));
+ DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded));
+ DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
Done:
ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 19b8e4b318..678826f8a5 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -147,7 +147,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
}
};
-
/**
Record all measured Firmware Volume Information into a Guid Hob
Guid Hob payload layout is
@@ -223,7 +222,7 @@ SyncPcrAllocationsAndPcrMask (
UINT32 Tpm2PcrMask;
UINT32 NewTpm2PcrMask;
- DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
+ DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
//
// Determine the current TPM support and the Platform PCR mask.
@@ -234,7 +233,7 @@ SyncPcrAllocationsAndPcrMask (
Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
if (Tpm2PcrMask == 0) {
//
- // if PcdTPm2HashMask is zero, use ActivePcr setting
+ // if PcdTpm2HashMask is zero, use ActivePcr setting
//
PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
Tpm2PcrMask = TpmActivePcrBanks;
@@ -253,9 +252,9 @@ SyncPcrAllocationsAndPcrMask (
if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
- DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
+ DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
if (NewTpmActivePcrBanks == 0) {
- DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
+ DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
ASSERT (FALSE);
} else {
Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap, NewTpmActivePcrBanks);
@@ -263,7 +262,7 @@ SyncPcrAllocationsAndPcrMask (
//
// We can't do much here, but we hope that this doesn't happen.
//
- DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__));
+ DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__));
ASSERT_EFI_ERROR (Status);
}
//
@@ -280,9 +279,9 @@ SyncPcrAllocationsAndPcrMask (
if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
- DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
+ DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
if (NewTpm2PcrMask == 0) {
- DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
+ DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
ASSERT (FALSE);
}
@@ -321,7 +320,7 @@ LogHashEvent (
RetStatus = EFI_SUCCESS;
for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {
if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
- DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
+ DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
switch (mTcg2EventInfo[Index].LogFormat) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
@@ -416,7 +415,7 @@ HashLogExtendEvent (
}
if (Status == EFI_DEVICE_ERROR) {
- DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
+ DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
BuildGuidHob (&gTpmErrorHobGuid,0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
@@ -925,7 +924,7 @@ PeimEntryMA (
}
if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
- DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
+ DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));
return EFI_DEVICE_ERROR;
}
@@ -989,7 +988,7 @@ PeimEntryMA (
for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
Status = MeasureSeparatorEventWithError (PcrIndex);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured. Error!\n"));
+ DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured. Error!\n"));
}
}
}
@@ -1006,6 +1005,13 @@ PeimEntryMA (
}
}
+ DEBUG_CODE_BEGIN ();
+ //
+ // Peek into TPM PCR 00 before any BIOS measurement.
+ //
+ Tpm2ActivePcrRegisterRead (00, NULL);
+ DEBUG_CODE_END ();
+
//
// Only install TpmInitializedPpi on success
//
@@ -1020,7 +1026,7 @@ PeimEntryMA (
Done:
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
+ DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
BuildGuidHob (&gTpmErrorHobGuid,0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
--
2.27.0.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#62903): https://edk2.groups.io/g/devel/message/62903
Mute This Topic: https://groups.io/mt/75694164/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Here is some initial feedback: 1) Please don't change function header Tpm2PcrEvent() and Tpm2PcrRead() in Tpm2CommandLib.h 2) Please don't move Tpm2PcrRead() function in Tpm2Integrity.c, so that I can know what you have changed. 3) Please add Tpm2ActivePcrRegisterRead() as the last function in Tpm2Integrity.c 4) Please use DEBUG_VERBOSE for the new debug log. We got feedback before that there are too many debug messages in TPM driver. 5) Below code is weird in Tpm2ActivePcrRegisterRead(). UINT32 PcrIndex; PcrIndex = (UINT8)PcrHandle; Why you define it as UINT32 and cast it as UINT8? 6) Please use 2 spaces indent for the function header. EFI_STATUS EFIAPI Tpm2ActivePcrRegisterRead ( IN TPMI_DH_PCR PcrHandle, OUT TPML_DIGEST *HashList ) 7) The name of Tpm2ActivePcrRegisterRead() is confusing. What you try to do is to read the PCR for the active bank. Maybe Tpm2PcrReadForActiveBank() ? Thank you Yao Jiewen > -----Original Message----- > From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com> > Sent: Tuesday, July 21, 2020 6:29 AM > To: devel@edk2.groups.io > Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>; Yao, > Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Zhang, > Qi1 <qi1.zhang@intel.com> > Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations. > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858 > > Add debug functionality to examine TPM extend operations > performed by BIOS and inspect the PCR 00 value prior to > any BIOS measurements. > > Replaced usage of EFI_D_* for DEBUG_* definitions in debug > messages. > > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Jian J Wang <jian.j.wang@intel.com> > Cc: Qi Zhang <qi1.zhang@intel.com> > Signed-off-by: Rodrigo Gonzalez del Cueto > <rodrigo.gonzalez.del.cueto@intel.com> > --- > SecurityPkg/Include/Library/Tpm2CommandLib.h | 25 +- > .../Library/Tpm2CommandLib/Tpm2Integrity.c | 468 ++++++++++++------ > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 32 +- > 3 files changed, 364 insertions(+), 161 deletions(-) > > diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h > b/SecurityPkg/Include/Library/Tpm2CommandLib.h > index ce381e786b..bfa5bd82f4 100644 > --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h > +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h > @@ -505,7 +505,7 @@ EFIAPI > Tpm2PcrEvent ( > > IN TPMI_DH_PCR PcrHandle, > > IN TPM2B_EVENT *EventData, > > - OUT TPML_DIGEST_VALUES *Digests > > + OUT TPML_DIGEST_VALUES *Digests > > ); [Jiewen] Why you need this this? > > > > /** > > @@ -523,9 +523,26 @@ EFI_STATUS > EFIAPI > > Tpm2PcrRead ( > > IN TPML_PCR_SELECTION *PcrSelectionIn, > > - OUT UINT32 *PcrUpdateCounter, > > - OUT TPML_PCR_SELECTION *PcrSelectionOut, > > - OUT TPML_DIGEST *PcrValues > > + OUT UINT32 *PcrUpdateCounter, > > + OUT TPML_PCR_SELECTION *PcrSelectionOut, > > + OUT TPML_DIGEST *PcrValues > > + ); > > + > > +/** > > + This function will query the TPM to determine which hashing algorithms and > > + get the digests of all active and supported PCR banks of a specific PCR > register. > > + > > + @param[in] PcrHandle The index of the PCR register to be read. > > + @param[out] HashList List of digests from PCR register being read. > > + > > + @retval EFI_SUCCESS The Pcr was read successfully. > > + @retval EFI_DEVICE_ERROR The command was unsuccessful. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +Tpm2ActivePcrRegisterRead ( > > + IN TPMI_DH_PCR PcrHandle, > > + OUT TPML_DIGEST *HashList > > ); > > > > /** > > diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > index ddb15178fb..229fc44139 100644 > --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > @@ -76,6 +76,297 @@ typedef struct { > > > #pragma pack() > > > > +/** > > + This command returns the values of all PCR specified in pcrSelect. > > + > > + @param[in] PcrSelectionIn The selection of PCR to read. > > + @param[out] PcrUpdateCounter The current value of the PCR update > counter. > > + @param[out] PcrSelectionOut The PCR in the returned list. > > + @param[out] PcrValues The contents of the PCR indicated in pcrSelect. > > + > > + @retval EFI_SUCCESS Operation completed successfully. > > + @retval EFI_DEVICE_ERROR The command was unsuccessful. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +Tpm2PcrRead ( > > + IN TPML_PCR_SELECTION *PcrSelectionIn, > > + OUT UINT32 *PcrUpdateCounter, > > + OUT TPML_PCR_SELECTION *PcrSelectionOut, > > + OUT TPML_DIGEST *PcrValues > > + ) > > +{ > > + EFI_STATUS Status; > > + TPM2_PCR_READ_COMMAND SendBuffer; > > + TPM2_PCR_READ_RESPONSE RecvBuffer; > > + UINT32 SendBufferSize; > > + UINT32 RecvBufferSize; > > + UINTN Index; > > + TPML_DIGEST *PcrValuesOut; > > + TPM2B_DIGEST *Digests; > > + > > + // > > + // Construct command > > + // > > + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); > > + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read); > > + > > + SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count); > > + for (Index = 0; Index < PcrSelectionIn->count; Index++) { > > + SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = > SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash); > > + SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn- > >pcrSelections[Index].sizeofSelect; > > + CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, > &PcrSelectionIn->pcrSelections[Index].pcrSelect, > SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect); > > + } > > + > > + SendBufferSize = sizeof(SendBuffer.Header) + > sizeof(SendBuffer.PcrSelectionIn.count) + > sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count; > > + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); > > + > > + // > > + // send Tpm command > > + // > > + RecvBufferSize = sizeof (RecvBuffer); > > + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, > &RecvBufferSize, (UINT8 *)&RecvBuffer); > > + if (EFI_ERROR (Status)) { > > + return Status; > > + } > > + > > + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > > + return EFI_DEVICE_ERROR; > > + } > > + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", > SwapBytes32(RecvBuffer.Header.responseCode))); > > + return EFI_NOT_FOUND; > > + } > > + > > + // > > + // Return the response > > + // > > + > > + // > > + // PcrUpdateCounter > > + // > > + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter)) { > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > > + return EFI_DEVICE_ERROR; > > + } > > + *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter); > > + > > + // > > + // PcrSelectionOut > > + // > > + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count)) { > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > > + return EFI_DEVICE_ERROR; > > + } > > + PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count); > > + if (PcrSelectionOut->count > HASH_COUNT) { > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count > error %x\n", PcrSelectionOut->count)); > > + return EFI_DEVICE_ERROR; > > + } > > + > > + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count) + > sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) { > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > > + return EFI_DEVICE_ERROR; > > + } > > + for (Index = 0; Index < PcrSelectionOut->count; Index++) { > > + PcrSelectionOut->pcrSelections[Index].hash = > SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash); > > + PcrSelectionOut->pcrSelections[Index].sizeofSelect = > RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect; > > + if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) { > > + return EFI_DEVICE_ERROR; > > + } > > + CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, > &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut- > >pcrSelections[Index].sizeofSelect); > > + } > > + > > + // > > + // PcrValues > > + // > > + PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof > (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count) + > sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count); > > + PcrValues->count = SwapBytes32(PcrValuesOut->count); > > + // > > + // The number of digests in list is not greater than 8 per TPML_DIGEST > definition > > + // > > + if (PcrValues->count > 8) { > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", > PcrValues->count)); > > + return EFI_DEVICE_ERROR; > > + } > > + Digests = PcrValuesOut->digests; > > + for (Index = 0; Index < PcrValues->count; Index++) { > > + PcrValues->digests[Index].size = SwapBytes16(Digests->size); > > + if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) { > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", > PcrValues->digests[Index].size)); > > + return EFI_DEVICE_ERROR; > > + } > > + CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues- > >digests[Index].size); > > + Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + > PcrValues->digests[Index].size); > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > +/** > > + This function will query the TPM to determine which hashing algorithms and > > + get the digests of all active and supported PCR banks of a specific PCR > register. > > + > > + @param[in] PcrHandle The index of the PCR register to be read. > > + @param[out] HashList List of digests from PCR register being read. > > + > > + @retval EFI_SUCCESS The Pcr was read successfully. > > + @retval EFI_DEVICE_ERROR The command was unsuccessful. > > +**/ > > +EFI_STATUS > > +EFIAPI > > +Tpm2ActivePcrRegisterRead ( > > + IN TPMI_DH_PCR PcrHandle, > > + OUT TPML_DIGEST *HashList > > +) > > +{ > > + EFI_STATUS Status; > > + TPML_PCR_SELECTION Pcrs; > > + TPML_PCR_SELECTION PcrSelectionIn; > > + TPML_PCR_SELECTION PcrSelectionOut; > > + TPML_DIGEST PcrValues; > > + UINT32 PcrUpdateCounter; > > + UINT32 PcrIndex; > > + UINT32 TpmHashAlgorithmBitmap; > > + TPMI_ALG_HASH CurrentPcrBankHash; > > + UINT32 ActivePcrBanks; > > + UINT32 TcgRegistryHashAlg; > > + UINT32 Index; > > + UINT32 Index2; > > + > > + PcrIndex = (UINT8)PcrHandle; > > + > > + if ((PcrIndex < 0) || > > + (PcrIndex >= IMPLEMENTATION_PCR)) { > > + return EFI_INVALID_PARAMETER; > > + } > > + > > + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn)); > > + ZeroMem (&PcrUpdateCounter, sizeof (UINT32)); > > + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut)); > > + ZeroMem (&PcrValues, sizeof (PcrValues)); > > + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); > > + > > + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex)); > > + > > + // > > + // Read TPM capabilities > > + // > > + Status = Tpm2GetCapabilityPcrs (&Pcrs); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n")); > > + return EFI_DEVICE_ERROR; > > + } > > + > > + // > > + // Get Active Pcrs > > + // > > + Status = Tpm2GetCapabilitySupportedAndActivePcrs ( > > + &TpmHashAlgorithmBitmap, > > + &ActivePcrBanks > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and > active PCRs\n")); > > + return EFI_DEVICE_ERROR; > > + } > > + > > + // > > + // Select from Active PCRs > > + // > > + for (Index = 0; Index < Pcrs.count; Index++) { > > + CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash; > > + > > + switch (CurrentPcrBankHash) { > > + case TPM_ALG_SHA1: > > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n")); > > + TcgRegistryHashAlg = HASH_ALG_SHA1; > > + break; > > + case TPM_ALG_SHA256: > > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n")); > > + TcgRegistryHashAlg = HASH_ALG_SHA256; > > + break; > > + case TPM_ALG_SHA384: > > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n")); > > + TcgRegistryHashAlg = HASH_ALG_SHA384; > > + break; > > + case TPM_ALG_SHA512: > > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n")); > > + TcgRegistryHashAlg = HASH_ALG_SHA512; > > + break; > > + case TPM_ALG_SM3_256: > > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n")); > > + TcgRegistryHashAlg = HASH_ALG_SM3_256; > > + break; > > + default: > > + // > > + // Unsupported algorithm > > + // > > + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n")); > > + TcgRegistryHashAlg = 0; > > + break; > > + } > > + // > > + // Skip unsupported and inactive PCR banks > > + // > > + if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) { > > + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank: > 0x%04x\n", CurrentPcrBankHash)); > > + continue; > > + } > > + > > + // > > + // Select PCR from current active bank > > + // > > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash = > Pcrs.pcrSelections[Index].hash; > > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect = > PCR_SELECT_MAX; > > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex < > 8) ? 1 << PcrIndex : 0; > > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex > > 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0; > > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex > > 15) ? 1 << (PcrIndex - 16) : 0; > > + PcrSelectionIn.count++; > > + } > > + > > + // > > + // Read PCRs > > + // > > + Status = Tpm2PcrRead ( > > + &PcrSelectionIn, > > + &PcrUpdateCounter, > > + &PcrSelectionOut, > > + &PcrValues > > + ); > > + > > + if (EFI_ERROR (Status)) { > > + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status)); > > + return EFI_DEVICE_ERROR; > > + } > > + > > + for (Index = 0; Index < PcrValues.count; Index++) { > > + DEBUG (( > > + DEBUG_INFO, > > + "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ", > > + PcrSelectionOut.pcrSelections[Index].hash, > > + PcrIndex > > + )); > > + > > + for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) { > > + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2])); > > + } > > + DEBUG ((DEBUG_INFO, "\n")); > > + } > > + > > + if (HashList != NULL) { > > + CopyMem ( > > + HashList, > > + &PcrValues, > > + sizeof (TPML_DIGEST) > > + ); > > + } > > + > > + return EFI_SUCCESS; > > +} > > + > > /** > > This command is used to cause an update to the indicated PCR. > > The digests parameter contains one or more tagged digest value identified by > an algorithm ID. > > @@ -130,14 +421,26 @@ Tpm2PcrExtend ( > Buffer += sizeof(UINT16); > > DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); > > if (DigestSize == 0) { > > - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > > + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > > return EFI_DEVICE_ERROR; > > } > > + > > CopyMem( > > Buffer, > > &Digests->digests[Index].digest, > > DigestSize > > ); > > + > > + DEBUG_CODE_BEGIN (); > > + UINTN Index2; > > + DEBUG ((DEBUG_INFO, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d], digest > = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle)); > > + > > + for (Index2 = 0; Index2 < DigestSize; Index2++) { > > + DEBUG ((DEBUG_INFO, "%02x ", Buffer[Index2])); > > + } > > + DEBUG ((DEBUG_INFO, "\n")); > > + DEBUG_CODE_END (); > > + > > Buffer += DigestSize; > > } > > > > @@ -151,7 +454,7 @@ Tpm2PcrExtend ( > } > > > > if (ResultBufSize > sizeof(Res)) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer > Too Small\r\n")); > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer > Too Small\r\n")); > > return EFI_BUFFER_TOO_SMALL; > > } > > > > @@ -160,7 +463,7 @@ Tpm2PcrExtend ( > // > > RespSize = SwapBytes32(Res.Header.paramSize); > > if (RespSize > sizeof(Res)) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", > RespSize)); > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", > RespSize)); > > return EFI_BUFFER_TOO_SMALL; > > } > > > > @@ -168,10 +471,15 @@ Tpm2PcrExtend ( > // Fail if command failed > > // > > if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", > SwapBytes32(Res.Header.responseCode))); > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); > > return EFI_DEVICE_ERROR; > > } > > > > + DEBUG_CODE_BEGIN (); > > + DEBUG ((DEBUG_INFO, "Tpm2PcrExtend: PCR read after extend...\n")); > > + Tpm2ActivePcrRegisterRead (PcrHandle, NULL); > > + DEBUG_CODE_END (); > > + > > // > > // Unmarshal the response > > // > > @@ -246,7 +554,7 @@ Tpm2PcrEvent ( > } > > > > if (ResultBufSize > sizeof(Res)) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer > Too Small\r\n")); > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer > Too Small\r\n")); > > return EFI_BUFFER_TOO_SMALL; > > } > > > > @@ -255,7 +563,7 @@ Tpm2PcrEvent ( > // > > RespSize = SwapBytes32(Res.Header.paramSize); > > if (RespSize > sizeof(Res)) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", > RespSize)); > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", > RespSize)); > > return EFI_BUFFER_TOO_SMALL; > > } > > > > @@ -263,7 +571,7 @@ Tpm2PcrEvent ( > // Fail if command failed > > // > > if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", > SwapBytes32(Res.Header.responseCode))); > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); > > return EFI_DEVICE_ERROR; > > } > > > > @@ -284,7 +592,7 @@ Tpm2PcrEvent ( > Buffer += sizeof(UINT16); > > DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); > > if (DigestSize == 0) { > > - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > > + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); > > return EFI_DEVICE_ERROR; > > } > > CopyMem( > > @@ -298,134 +606,6 @@ Tpm2PcrEvent ( > return EFI_SUCCESS; > > } > > > > -/** > > - This command returns the values of all PCR specified in pcrSelect. > > - > > - @param[in] PcrSelectionIn The selection of PCR to read. > > - @param[out] PcrUpdateCounter The current value of the PCR update > counter. > > - @param[out] PcrSelectionOut The PCR in the returned list. > > - @param[out] PcrValues The contents of the PCR indicated in pcrSelect. > > - > > - @retval EFI_SUCCESS Operation completed successfully. > > - @retval EFI_DEVICE_ERROR The command was unsuccessful. > > -**/ > > -EFI_STATUS > > -EFIAPI > > -Tpm2PcrRead ( > > - IN TPML_PCR_SELECTION *PcrSelectionIn, > > - OUT UINT32 *PcrUpdateCounter, > > - OUT TPML_PCR_SELECTION *PcrSelectionOut, > > - OUT TPML_DIGEST *PcrValues > > - ) > > -{ > > - EFI_STATUS Status; > > - TPM2_PCR_READ_COMMAND SendBuffer; > > - TPM2_PCR_READ_RESPONSE RecvBuffer; > > - UINT32 SendBufferSize; > > - UINT32 RecvBufferSize; > > - UINTN Index; > > - TPML_DIGEST *PcrValuesOut; > > - TPM2B_DIGEST *Digests; > > - > > - // > > - // Construct command > > - // > > - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); > > - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read); > > - > > - SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count); > > - for (Index = 0; Index < PcrSelectionIn->count; Index++) { > > - SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = > SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash); > > - SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn- > >pcrSelections[Index].sizeofSelect; > > - CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, > &PcrSelectionIn->pcrSelections[Index].pcrSelect, > SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect); > > - } > > - > > - SendBufferSize = sizeof(SendBuffer.Header) + > sizeof(SendBuffer.PcrSelectionIn.count) + > sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count; > > - SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); > > - > > - // > > - // send Tpm command > > - // > > - RecvBufferSize = sizeof (RecvBuffer); > > - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, > &RecvBufferSize, (UINT8 *)&RecvBuffer); > > - if (EFI_ERROR (Status)) { > > - return Status; > > - } > > - > > - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > > - return EFI_DEVICE_ERROR; > > - } > > - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n", > SwapBytes32(RecvBuffer.Header.responseCode))); > > - return EFI_NOT_FOUND; > > - } > > - > > - // > > - // Return the response > > - // > > - > > - // > > - // PcrUpdateCounter > > - // > > - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter)) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > > - return EFI_DEVICE_ERROR; > > - } > > - *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter); > > - > > - // > > - // PcrSelectionOut > > - // > > - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count)) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > > - return EFI_DEVICE_ERROR; > > - } > > - PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count); > > - if (PcrSelectionOut->count > HASH_COUNT) { > > - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count > error %x\n", PcrSelectionOut->count)); > > - return EFI_DEVICE_ERROR; > > - } > > - > > - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count) + > sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); > > - return EFI_DEVICE_ERROR; > > - } > > - for (Index = 0; Index < PcrSelectionOut->count; Index++) { > > - PcrSelectionOut->pcrSelections[Index].hash = > SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash); > > - PcrSelectionOut->pcrSelections[Index].sizeofSelect = > RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect; > > - if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) { > > - return EFI_DEVICE_ERROR; > > - } > > - CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, > &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut- > >pcrSelections[Index].sizeofSelect); > > - } > > - > > - // > > - // PcrValues > > - // > > - PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof > (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count) + > sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count); > > - PcrValues->count = SwapBytes32(PcrValuesOut->count); > > - // > > - // The number of digests in list is not greater than 8 per TPML_DIGEST > definition > > - // > > - if (PcrValues->count > 8) { > > - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", > PcrValues->count)); > > - return EFI_DEVICE_ERROR; > > - } > > - Digests = PcrValuesOut->digests; > > - for (Index = 0; Index < PcrValues->count; Index++) { > > - PcrValues->digests[Index].size = SwapBytes16(Digests->size); > > - if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) { > > - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", > PcrValues->digests[Index].size)); > > - return EFI_DEVICE_ERROR; > > - } > > - CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues- > >digests[Index].size); > > - Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + > PcrValues->digests[Index].size); > > - } > > - > > - return EFI_SUCCESS; > > -} > > - > > /** > > This command is used to set the desired PCR allocation of PCR and algorithms. > > > > @@ -513,7 +693,7 @@ Tpm2PcrAllocate ( > } > > > > if (ResultBufSize > sizeof(Res)) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer > Too Small\r\n")); > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: > Buffer Too Small\r\n")); > > Status = EFI_BUFFER_TOO_SMALL; > > goto Done; > > } > > @@ -523,7 +703,7 @@ Tpm2PcrAllocate ( > // > > RespSize = SwapBytes32(Res.Header.paramSize); > > if (RespSize > sizeof(Res)) { > > - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", > RespSize)); > > + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too > large! %d\r\n", RespSize)); > > Status = EFI_BUFFER_TOO_SMALL; > > goto Done; > > } > > @@ -532,7 +712,7 @@ Tpm2PcrAllocate ( > // Fail if command failed > > // > > if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { > > - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", > SwapBytes32(Res.Header.responseCode))); > > + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); > > Status = EFI_DEVICE_ERROR; > > goto Done; > > } > > @@ -673,15 +853,15 @@ Tpm2PcrAllocateBanks ( > &SizeNeeded, > > &SizeAvailable > > ); > > - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", > Status)); > > + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", > Status)); > > if (EFI_ERROR (Status)) { > > goto Done; > > } > > > > - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); > > - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR)); > > - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded)); > > - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable)); > > + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); > > + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR)); > > + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded)); > > + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable)); > > > > Done: > > ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); > > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > index 19b8e4b318..678826f8a5 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > @@ -147,7 +147,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { > } > > }; > > > > - > > /** > > Record all measured Firmware Volume Information into a Guid Hob > > Guid Hob payload layout is > > @@ -223,7 +222,7 @@ SyncPcrAllocationsAndPcrMask ( > UINT32 Tpm2PcrMask; > > UINT32 NewTpm2PcrMask; > > > > - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n")); > > + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n")); > > > > // > > // Determine the current TPM support and the Platform PCR mask. > > @@ -234,7 +233,7 @@ SyncPcrAllocationsAndPcrMask ( > Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask); > > if (Tpm2PcrMask == 0) { > > // > > - // if PcdTPm2HashMask is zero, use ActivePcr setting > > + // if PcdTpm2HashMask is zero, use ActivePcr setting > > // > > PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks); > > Tpm2PcrMask = TpmActivePcrBanks; > > @@ -253,9 +252,9 @@ SyncPcrAllocationsAndPcrMask ( > if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) { > > NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask; > > > > - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", > __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks)); > > + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", > __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks)); > > if (NewTpmActivePcrBanks == 0) { > > - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > > + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > > ASSERT (FALSE); > > } else { > > Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap, > NewTpmActivePcrBanks); > > @@ -263,7 +262,7 @@ SyncPcrAllocationsAndPcrMask ( > // > > // We can't do much here, but we hope that this doesn't happen. > > // > > - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n", > __FUNCTION__)); > > + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", > __FUNCTION__)); > > ASSERT_EFI_ERROR (Status); > > } > > // > > @@ -280,9 +279,9 @@ SyncPcrAllocationsAndPcrMask ( > if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) { > > NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap; > > > > - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to > 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask)); > > + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to > 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask)); > > if (NewTpm2PcrMask == 0) { > > - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > > + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); > > ASSERT (FALSE); > > } > > > > @@ -321,7 +320,7 @@ LogHashEvent ( > RetStatus = EFI_SUCCESS; > > for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); > Index++) { > > if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { > > - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", > mTcg2EventInfo[Index].LogFormat)); > > + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", > mTcg2EventInfo[Index].LogFormat)); > > switch (mTcg2EventInfo[Index].LogFormat) { > > case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: > > Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, > &NewEventHdr->Digest); > > @@ -416,7 +415,7 @@ HashLogExtendEvent ( > } > > > > if (Status == EFI_DEVICE_ERROR) { > > - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status)); > > + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", > Status)); > > BuildGuidHob (&gTpmErrorHobGuid,0); > > REPORT_STATUS_CODE ( > > EFI_ERROR_CODE | EFI_ERROR_MINOR, > > @@ -925,7 +924,7 @@ PeimEntryMA ( > } > > > > if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { > > - DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); > > + DEBUG ((DEBUG_ERROR, "TPM2 error!\n")); > > return EFI_DEVICE_ERROR; > > } > > > > @@ -989,7 +988,7 @@ PeimEntryMA ( > for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) { > > Status = MeasureSeparatorEventWithError (PcrIndex); > > if (EFI_ERROR (Status)) { > > - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured. > Error!\n")); > > + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured. > Error!\n")); > > } > > } > > } > > @@ -1006,6 +1005,13 @@ PeimEntryMA ( > } > > } > > > > + DEBUG_CODE_BEGIN (); > > + // > > + // Peek into TPM PCR 00 before any BIOS measurement. > > + // > > + Tpm2ActivePcrRegisterRead (00, NULL); > > + DEBUG_CODE_END (); > > + > > // > > // Only install TpmInitializedPpi on success > > // > > @@ -1020,7 +1026,7 @@ PeimEntryMA ( > > > Done: > > if (EFI_ERROR (Status)) { > > - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n")); > > + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n")); > > BuildGuidHob (&gTpmErrorHobGuid,0); > > REPORT_STATUS_CODE ( > > EFI_ERROR_CODE | EFI_ERROR_MINOR, > > -- > 2.27.0.windows.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#63173): https://edk2.groups.io/g/devel/message/63173 Mute This Topic: https://groups.io/mt/75694164/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=-=-=-=-=-=-=-=-=-=-=-
© 2016 - 2024 Red Hat, Inc.