From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EF2DD2253FB6F for ; Thu, 15 Mar 2018 00:29:28 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860150" Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:51 -0700 From: "Zhang, Chao B" To: edk2-devel@lists.01.org Cc: Jiewen Yao , Chao B Zhang Date: Thu, 15 Mar 2018 15:35:31 +0800 Message-Id: <20180315073537.16692-10-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [PATCH 09/15] SecurityPkg/TrEEPei: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Mar 2018 07:29:29 -0000 From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 690 -------------------- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf | 86 --- SecurityPkg/Tcg/TrEEPei/TrEEPei.uni | 21 - SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni | 19 - 4 files changed, 816 deletions(-) diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c deleted file mode 100644 index b561245790..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c +++ /dev/null @@ -1,690 +0,0 @@ -/** @file - Initialize TPM2 device and measure FVs before handing off control to DXE. - -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials -are licensed and made available under the terms and conditions of the BSD License -which accompanies this distribution. The full text of the license may be found at -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. - -**/ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define PERF_ID_TREE_PEI 0x3080 - -typedef struct { - EFI_GUID *EventGuid; - TREE_EVENT_LOG_FORMAT LogFormat; -} TREE_EVENT_INFO_STRUCT; - -TREE_EVENT_INFO_STRUCT mTreeEventInfo[] = { - {&gTcgEventEntryHobGuid, TREE_EVENT_LOG_FORMAT_TCG_1_2}, -}; - -BOOLEAN mImageInMemory = FALSE; -EFI_PEI_FILE_HANDLE mFileHandle; - -EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = { - EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, - &gPeiTpmInitializedPpiGuid, - NULL -}; - -EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = { - EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, - &gPeiTpmInitializationDonePpiGuid, - NULL -}; - -EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; -UINT32 mMeasuredBaseFvIndex = 0; - -EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; -UINT32 mMeasuredChildFvIndex = 0; - -/** - Measure and record the Firmware Volum Information once FvInfoPPI install. - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -FirmwareVolmeInfoPpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ); - -/** - Record all measured Firmware Volum Information into a Guid Hob - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -EndofPeiSignalNotifyCallBack ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ); - -EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { - { - EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, - &gEfiPeiFirmwareVolumeInfoPpiGuid, - FirmwareVolmeInfoPpiNotifyCallback - }, - { - EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, - &gEfiPeiFirmwareVolumeInfo2PpiGuid, - FirmwareVolmeInfoPpiNotifyCallback - }, - { - (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), - &gEfiEndOfPeiSignalPpiGuid, - EndofPeiSignalNotifyCallBack - } -}; - -EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi; - -/** - Record all measured Firmware Volum Information into a Guid Hob - Guid Hob payload layout is - - UINT32 *************************** FIRMWARE_BLOB number - EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -EndofPeiSignalNotifyCallBack ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ) -{ - MEASURED_HOB_DATA *MeasuredHobData; - - MeasuredHobData = NULL; - - // - // Create a Guid hob to save all measured Fv - // - MeasuredHobData = BuildGuidHob( - &gMeasuredFvHobGuid, - sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) - ); - - if (MeasuredHobData != NULL){ - // - // Save measured FV info enty number - // - MeasuredHobData->Num = mMeasuredBaseFvIndex + mMeasuredChildFvIndex; - - // - // Save measured base Fv info - // - CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); - - // - // Save measured child Fv info - // - CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex)); - } - - return EFI_SUCCESS; -} - -/** - Add a new entry to the Event Log. - - @param[in] DigestList A list of digest. - @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. - @param[in] NewEventData Pointer to the new event data. - - @retval EFI_SUCCESS The new event log entry was added. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. -**/ -EFI_STATUS -LogHashEvent ( - IN TPML_DIGEST_VALUES *DigestList, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData - ) -{ - VOID *HobData; - EFI_STATUS Status; - UINTN Index; - EFI_STATUS RetStatus; - - RetStatus = EFI_SUCCESS; - for (Index = 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0]); Index++) { - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].LogFormat)); - switch (mTreeEventInfo[Index].LogFormat) { - case TREE_EVENT_LOG_FORMAT_TCG_1_2: - Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest); - if (!EFI_ERROR (Status)) { - HobData = BuildGuidHob ( - &gTcgEventEntryHobGuid, - sizeof (*NewEventHdr) + NewEventHdr->EventSize - ); - if (HobData == NULL) { - RetStatus = EFI_OUT_OF_RESOURCES; - break; - } - - CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr)); - HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr)); - CopyMem (HobData, NewEventData, NewEventHdr->EventSize); - } - break; - } - } - - return RetStatus; -} - -/** - Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, - and build a GUIDed HOB recording the event which will be passed to the DXE phase and - added into the Event Log. - - @param[in] Flags Bitmap providing additional information. - @param[in] HashData Physical address of the start of the data buffer - to be hashed, extended, and logged. - @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. - @param[in] NewEventData Pointer to the new event data. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -HashLogExtendEvent ( - IN UINT64 Flags, - IN UINT8 *HashData, - IN UINTN HashDataLen, - IN TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData - ) -{ - EFI_STATUS Status; - TPML_DIGEST_VALUES DigestList; - - if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { - return EFI_DEVICE_ERROR; - } - - Status = HashAndExtend ( - NewEventHdr->PCRIndex, - HashData, - HashDataLen, - &DigestList - ); - if (!EFI_ERROR (Status)) { - if ((Flags & TREE_EXTEND_ONLY) == 0) { - Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData); - } - } - - if (Status == EFI_DEVICE_ERROR) { - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status)); - BuildGuidHob (&gTpmErrorHobGuid,0); - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) - ); - } - - return Status; -} - -/** - Measure CRTM version. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -MeasureCRTMVersion ( - VOID - ) -{ - TCG_PCR_EVENT_HDR TcgEventHdr; - - // - // Use FirmwareVersion string to represent CRTM version. - // OEMs should get real CRTM version string and measure it. - // - - TcgEventHdr.PCRIndex = 0; - TcgEventHdr.EventType = EV_S_CRTM_VERSION; - TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString)); - - return HashLogExtendEvent ( - 0, - (UINT8*)PcdGetPtr (PcdFirmwareVersionString), - TcgEventHdr.EventSize, - &TcgEventHdr, - (UINT8*)PcdGetPtr (PcdFirmwareVersionString) - ); -} - -/** - Measure FV image. - Add it into the measured FV list after the FV is measured successfully. - - @param[in] FvBase Base address of FV image. - @param[in] FvLength Length of FV image. - - @retval EFI_SUCCESS Fv image is measured successfully - or it has been already measured. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -MeasureFvImage ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength - ) -{ - UINT32 Index; - EFI_STATUS Status; - EFI_PLATFORM_FIRMWARE_BLOB FvBlob; - TCG_PCR_EVENT_HDR TcgEventHdr; - - // - // Check if it is in Excluded FV list - // - if (mMeasurementExcludedFvPpi != NULL) { - for (Index = 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) { - if (mMeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase) { - DEBUG ((DEBUG_INFO, "The FV which is excluded by TrEEPei starts at: 0x%x\n", FvBase)); - DEBUG ((DEBUG_INFO, "The FV which is excluded by TrEEPei has the size: 0x%x\n", FvLength)); - return EFI_SUCCESS; - } - } - } - - // - // Check whether FV is in the measured FV list. - // - for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) { - if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase) { - return EFI_SUCCESS; - } - } - - // - // Measure and record the FV to the TPM - // - FvBlob.BlobBase = FvBase; - FvBlob.BlobLength = FvLength; - - DEBUG ((DEBUG_INFO, "The FV which is measured by TrEEPei starts at: 0x%x\n", FvBlob.BlobBase)); - DEBUG ((DEBUG_INFO, "The FV which is measured by TrEEPei has the size: 0x%x\n", FvBlob.BlobLength)); - - TcgEventHdr.PCRIndex = 0; - TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB; - TcgEventHdr.EventSize = sizeof (FvBlob); - - Status = HashLogExtendEvent ( - 0, - (UINT8*) (UINTN) FvBlob.BlobBase, - (UINTN) FvBlob.BlobLength, - &TcgEventHdr, - (UINT8*) &FvBlob - ); - - // - // Add new FV into the measured FV list. - // - ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); - if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { - mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase; - mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength; - mMeasuredBaseFvIndex++; - } - - return Status; -} - -/** - Measure main BIOS. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -MeasureMainBios ( - VOID - ) -{ - EFI_STATUS Status; - UINT32 FvInstances; - EFI_PEI_FV_HANDLE VolumeHandle; - EFI_FV_INFO VolumeInfo; - EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; - - PERF_START_EX (mFileHandle, "EventRec", "TrEEPei", 0, PERF_ID_TREE_PEI); - FvInstances = 0; - while (TRUE) { - // - // Traverse all firmware volume instances of Static Core Root of Trust for Measurement - // (S-CRTM), this firmware volume measure policy can be modified/enhanced by special - // platform for special CRTM TPM measuring. - // - Status = PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle); - if (EFI_ERROR (Status)) { - break; - } - - // - // Measure and record the firmware volume that is dispatched by PeiCore - // - Status = PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo); - ASSERT_EFI_ERROR (Status); - // - // Locate the corresponding FV_PPI according to founded FV's format guid - // - Status = PeiServicesLocatePpi ( - &VolumeInfo.FvFormat, - 0, - NULL, - (VOID**)&FvPpi - ); - if (!EFI_ERROR (Status)) { - MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize); - } - - FvInstances++; - } - PERF_END_EX (mFileHandle, "EventRec", "TrEEPei", 0, PERF_ID_TREE_PEI + 1); - - return EFI_SUCCESS; -} - -/** - Measure and record the Firmware Volum Information once FvInfoPPI install. - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -FirmwareVolmeInfoPpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ) -{ - EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv; - EFI_STATUS Status; - EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; - UINTN Index; - - Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi; - - // - // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi. - // - Status = PeiServicesLocatePpi ( - &Fv->FvFormat, - 0, - NULL, - (VOID**)&FvPpi - ); - if (EFI_ERROR (Status)) { - return EFI_SUCCESS; - } - - // - // This is an FV from an FFS file, and the parent FV must have already been measured, - // No need to measure twice, so just record the FV and return - // - if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) { - - ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); - if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { - // - // Check whether FV is in the measured child FV list. - // - for (Index = 0; Index < mMeasuredChildFvIndex; Index++) { - if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) { - return EFI_SUCCESS; - } - } - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo; - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize; - mMeasuredChildFvIndex++; - } - return EFI_SUCCESS; - } - - return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize); -} - -/** - Do measurement after memory is ready. - - @param[in] PeiServices Describes the list of possible PEI Services. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -PeimEntryMP ( - IN EFI_PEI_SERVICES **PeiServices - ) -{ - EFI_STATUS Status; - - Status = PeiServicesLocatePpi ( - &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, - 0, - NULL, - (VOID**)&mMeasurementExcludedFvPpi - ); - // Do not check status, because it is optional - - mMeasuredBaseFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)); - ASSERT (mMeasuredBaseFvInfo != NULL); - mMeasuredChildFvInfo = (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)); - ASSERT (mMeasuredChildFvInfo != NULL); - - if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) { - Status = MeasureCRTMVersion (); - } - - Status = MeasureMainBios (); - - // - // Post callbacks: - // for the FvInfoPpi services to measure and record - // the additional Fvs to TPM - // - Status = PeiServicesNotifyPpi (&mNotifyList[0]); - ASSERT_EFI_ERROR (Status); - - return Status; -} - -/** - Entry point of this module. - - @param[in] FileHandle Handle of the file being invoked. - @param[in] PeiServices Describes the list of possible PEI Services. - - @return Status. - -**/ -EFI_STATUS -EFIAPI -PeimEntryMA ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices - ) -{ - EFI_STATUS Status; - EFI_STATUS Status2; - EFI_BOOT_MODE BootMode; - - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) || - CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ - DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); - return EFI_UNSUPPORTED; - } - - if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { - DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); - return EFI_DEVICE_ERROR; - } - - Status = PeiServicesGetBootMode (&BootMode); - ASSERT_EFI_ERROR (Status); - - // - // In S3 path, skip shadow logic. no measurement is required - // - if (BootMode != BOOT_ON_S3_RESUME) { - Status = (**PeiServices).RegisterForShadow(FileHandle); - if (Status == EFI_ALREADY_STARTED) { - mImageInMemory = TRUE; - mFileHandle = FileHandle; - } else if (Status == EFI_NOT_FOUND) { - ASSERT_EFI_ERROR (Status); - } - } - - if (!mImageInMemory) { - // - // Initialize TPM device - // - Status = Tpm2RequestUseTpm (); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n")); - goto Done; - } - - if (PcdGet8 (PcdTpm2InitializationPolicy) == 1) { - if (BootMode == BOOT_ON_S3_RESUME) { - Status = Tpm2Startup (TPM_SU_STATE); - if (EFI_ERROR (Status) ) { - Status = Tpm2Startup (TPM_SU_CLEAR); - } - } else { - Status = Tpm2Startup (TPM_SU_CLEAR); - } - if (EFI_ERROR (Status) ) { - goto Done; - } - } - - // - // TpmSelfTest is optional on S3 path, skip it to save S3 time - // - if (BootMode != BOOT_ON_S3_RESUME) { - if (PcdGet8 (PcdTpm2SelfTestPolicy) == 1) { - Status = Tpm2SelfTest (NO); - if (EFI_ERROR (Status)) { - goto Done; - } - } - } - - // - // Only intall TpmInitializedPpi on success - // - Status = PeiServicesInstallPpi (&mTpmInitializedPpiList); - ASSERT_EFI_ERROR (Status); - } - - if (mImageInMemory) { - Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices); - return Status; - } - -Done: - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n")); - BuildGuidHob (&gTpmErrorHobGuid,0); - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) - ); - } - // - // Always intall TpmInitializationDonePpi no matter success or fail. - // Other driver can know TPM initialization state by TpmInitializedPpi. - // - Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList); - ASSERT_EFI_ERROR (Status2); - - return Status; -} diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf b/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf deleted file mode 100644 index 61a8cd0824..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf +++ /dev/null @@ -1,86 +0,0 @@ -## @file -# Initializes TPM 2.0 device and measure FVs in PEI phase -# -# This module will initialize TPM device, measure reported FVs and BIOS version. -# -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BSD License -# which accompanies this distribution. The full text of the license may be found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -# -## - -[Defines] - INF_VERSION = 0x00010005 - BASE_NAME = TrEEPei - MODULE_UNI_FILE = TrEEPei.uni - FILE_GUID = CA5A1928-6523-409d-A9FE-5DCC87387222 - MODULE_TYPE = PEIM - VERSION_STRING = 1.0 - ENTRY_POINT = PeimEntryMA - -# -# The following information is for reference only and not required by the build tools. -# -# VALID_ARCHITECTURES = IA32 X64 IPF EBC -# -# [BootMode] -# S3_RESUME ## SOMETIMES_CONSUMES -# - -[Sources] - TrEEPei.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - HobLib - PeimEntryPoint - PeiServicesLib - BaseMemoryLib - DebugLib - Tpm2CommandLib - PeiServicesTablePointerLib - Tpm2DeviceLib - HashLib - PerformanceLib - MemoryAllocationLib - ReportStatusCodeLib - -[Guids] - gTcgEventEntryHobGuid ## PRODUCES ## HOB - gTpmErrorHobGuid ## SOMETIMES_PRODUCES ## HOB - gMeasuredFvHobGuid ## PRODUCES ## HOB - gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_PRODUCES ## GUID # TPM device identifier - gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_PRODUCES ## GUID # TPM device identifier - -[Ppis] - gEfiPeiFirmwareVolumeInfoPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY - gEfiPeiFirmwareVolumeInfo2PpiGuid ## SOMETIMES_CONSUMES ## NOTIFY - gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## SOMETIMES_CONSUMES - gPeiTpmInitializedPpiGuid ## SOMETIMES_PRODUCES - gPeiTpmInitializationDonePpiGuid ## PRODUCES - gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY - -[Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy ## CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES - -[Depex] - gEfiPeiMasterBootModePpiGuid AND - gEfiPeiReadOnlyVariable2PpiGuid AND - gEfiTpmDeviceSelectedGuid - -[UserExtensions.TianoCore."ExtraFiles"] - TrEEPeiExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.uni b/SecurityPkg/Tcg/TrEEPei/TrEEPei.uni deleted file mode 100644 index 619484abfc..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.uni +++ /dev/null @@ -1,21 +0,0 @@ -// /** @file -// Initializes TPM 2.0 device and measure FVs in PEI phase -// -// This module will initialize TPM device, measure reported FVs and BIOS version. -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Initializes TPM 2.0 device and measure FVs in PEI phase" - -#string STR_MODULE_DESCRIPTION #language en-US "This module will initialize TPM device, measure reported FVs and BIOS version." - diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni b/SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni deleted file mode 100644 index b6743ab953..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni +++ /dev/null @@ -1,19 +0,0 @@ -// /** @file -// TrEEPei Localized Strings and Content -// -// Copyright (c) 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the BSD License -// which accompanies this distribution. The full text of the license may be found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME -#language en-US -"TrEE (Trusted Execution Environment) PEI" - - -- 2.16.2.windows.1