* [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
@ 2020-07-20 22:28 Rodrigo Gonzalez del Cueto
2020-07-23 2:06 ` Yao, Jiewen
0 siblings, 1 reply; 9+ messages in thread
From: Rodrigo Gonzalez del Cueto @ 2020-07-20 22:28 UTC (permalink / raw)
To: devel; +Cc: Rodrigo Gonzalez del Cueto, Jiewen Yao, Jian J Wang, Qi Zhang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
Add debug functionality to examine TPM extend operations
performed by BIOS and inspect the PCR 00 value prior to
any BIOS measurements.
Replaced usage of EFI_D_* for DEBUG_* definitions in debug
messages.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 25 +-
.../Library/Tpm2CommandLib/Tpm2Integrity.c | 468 ++++++++++++------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 32 +-
3 files changed, 364 insertions(+), 161 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ce381e786b..bfa5bd82f4 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -505,7 +505,7 @@ EFIAPI
Tpm2PcrEvent (
IN TPMI_DH_PCR PcrHandle,
IN TPM2B_EVENT *EventData,
- OUT TPML_DIGEST_VALUES *Digests
+ OUT TPML_DIGEST_VALUES *Digests
);
/**
@@ -523,9 +523,26 @@ EFI_STATUS
EFIAPI
Tpm2PcrRead (
IN TPML_PCR_SELECTION *PcrSelectionIn,
- OUT UINT32 *PcrUpdateCounter,
- OUT TPML_PCR_SELECTION *PcrSelectionOut,
- OUT TPML_DIGEST *PcrValues
+ OUT UINT32 *PcrUpdateCounter,
+ OUT TPML_PCR_SELECTION *PcrSelectionOut,
+ OUT TPML_DIGEST *PcrValues
+ );
+
+/**
+ This function will query the TPM to determine which hashing algorithms and
+ get the digests of all active and supported PCR banks of a specific PCR register.
+
+ @param[in] PcrHandle The index of the PCR register to be read.
+ @param[out] HashList List of digests from PCR register being read.
+
+ @retval EFI_SUCCESS The Pcr was read successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2ActivePcrRegisterRead (
+ IN TPMI_DH_PCR PcrHandle,
+ OUT TPML_DIGEST *HashList
);
/**
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
index ddb15178fb..229fc44139 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
@@ -76,6 +76,297 @@ typedef struct {
#pragma pack()
+/**
+ This command returns the values of all PCR specified in pcrSelect.
+
+ @param[in] PcrSelectionIn The selection of PCR to read.
+ @param[out] PcrUpdateCounter The current value of the PCR update counter.
+ @param[out] PcrSelectionOut The PCR in the returned list.
+ @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
+
+ @retval EFI_SUCCESS Operation completed successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrRead (
+ IN TPML_PCR_SELECTION *PcrSelectionIn,
+ OUT UINT32 *PcrUpdateCounter,
+ OUT TPML_PCR_SELECTION *PcrSelectionOut,
+ OUT TPML_DIGEST *PcrValues
+ )
+{
+ EFI_STATUS Status;
+ TPM2_PCR_READ_COMMAND SendBuffer;
+ TPM2_PCR_READ_RESPONSE RecvBuffer;
+ UINT32 SendBufferSize;
+ UINT32 RecvBufferSize;
+ UINTN Index;
+ TPML_DIGEST *PcrValuesOut;
+ TPM2B_DIGEST *Digests;
+
+ //
+ // Construct command
+ //
+ SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
+ SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
+
+ SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
+ for (Index = 0; Index < PcrSelectionIn->count; Index++) {
+ SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
+ SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect;
+ CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
+ }
+
+ SendBufferSize = sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSelectionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
+ SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
+
+ //
+ // send Tpm command
+ //
+ RecvBufferSize = sizeof (RecvBuffer);
+ Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+ return EFI_NOT_FOUND;
+ }
+
+ //
+ // Return the response
+ //
+
+ //
+ // PcrUpdateCounter
+ //
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
+
+ //
+ // PcrSelectionOut
+ //
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
+ if (PcrSelectionOut->count > HASH_COUNT) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count));
+ return EFI_DEVICE_ERROR;
+ }
+
+ if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ return EFI_DEVICE_ERROR;
+ }
+ for (Index = 0; Index < PcrSelectionOut->count; Index++) {
+ PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
+ PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
+ if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
+ return EFI_DEVICE_ERROR;
+ }
+ CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect);
+ }
+
+ //
+ // PcrValues
+ //
+ PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
+ PcrValues->count = SwapBytes32(PcrValuesOut->count);
+ //
+ // The number of digests in list is not greater than 8 per TPML_DIGEST definition
+ //
+ if (PcrValues->count > 8) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count));
+ return EFI_DEVICE_ERROR;
+ }
+ Digests = PcrValuesOut->digests;
+ for (Index = 0; Index < PcrValues->count; Index++) {
+ PcrValues->digests[Index].size = SwapBytes16(Digests->size);
+ if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size));
+ return EFI_DEVICE_ERROR;
+ }
+ CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size);
+ Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + PcrValues->digests[Index].size);
+ }
+
+ return EFI_SUCCESS;
+}
+
+/**
+ This function will query the TPM to determine which hashing algorithms and
+ get the digests of all active and supported PCR banks of a specific PCR register.
+
+ @param[in] PcrHandle The index of the PCR register to be read.
+ @param[out] HashList List of digests from PCR register being read.
+
+ @retval EFI_SUCCESS The Pcr was read successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2ActivePcrRegisterRead (
+ IN TPMI_DH_PCR PcrHandle,
+ OUT TPML_DIGEST *HashList
+)
+{
+ EFI_STATUS Status;
+ TPML_PCR_SELECTION Pcrs;
+ TPML_PCR_SELECTION PcrSelectionIn;
+ TPML_PCR_SELECTION PcrSelectionOut;
+ TPML_DIGEST PcrValues;
+ UINT32 PcrUpdateCounter;
+ UINT32 PcrIndex;
+ UINT32 TpmHashAlgorithmBitmap;
+ TPMI_ALG_HASH CurrentPcrBankHash;
+ UINT32 ActivePcrBanks;
+ UINT32 TcgRegistryHashAlg;
+ UINT32 Index;
+ UINT32 Index2;
+
+ PcrIndex = (UINT8)PcrHandle;
+
+ if ((PcrIndex < 0) ||
+ (PcrIndex >= IMPLEMENTATION_PCR)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
+ ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
+ ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
+ ZeroMem (&PcrValues, sizeof (PcrValues));
+ ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
+
+ DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
+
+ //
+ // Read TPM capabilities
+ //
+ Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Get Active Pcrs
+ //
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (
+ &TpmHashAlgorithmBitmap,
+ &ActivePcrBanks
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and active PCRs\n"));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Select from Active PCRs
+ //
+ for (Index = 0; Index < Pcrs.count; Index++) {
+ CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
+
+ switch (CurrentPcrBankHash) {
+ case TPM_ALG_SHA1:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA1;
+ break;
+ case TPM_ALG_SHA256:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA256;
+ break;
+ case TPM_ALG_SHA384:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA384;
+ break;
+ case TPM_ALG_SHA512:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA512;
+ break;
+ case TPM_ALG_SM3_256:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SM3_256;
+ break;
+ default:
+ //
+ // Unsupported algorithm
+ //
+ DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
+ TcgRegistryHashAlg = 0;
+ break;
+ }
+ //
+ // Skip unsupported and inactive PCR banks
+ //
+ if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
+ DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank: 0x%04x\n", CurrentPcrBankHash));
+ continue;
+ }
+
+ //
+ // Select PCR from current active bank
+ //
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash = Pcrs.pcrSelections[Index].hash;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect = PCR_SELECT_MAX;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex < 8) ? 1 << PcrIndex : 0;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex > 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex > 15) ? 1 << (PcrIndex - 16) : 0;
+ PcrSelectionIn.count++;
+ }
+
+ //
+ // Read PCRs
+ //
+ Status = Tpm2PcrRead (
+ &PcrSelectionIn,
+ &PcrUpdateCounter,
+ &PcrSelectionOut,
+ &PcrValues
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
+ return EFI_DEVICE_ERROR;
+ }
+
+ for (Index = 0; Index < PcrValues.count; Index++) {
+ DEBUG ((
+ DEBUG_INFO,
+ "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
+ PcrSelectionOut.pcrSelections[Index].hash,
+ PcrIndex
+ ));
+
+ for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
+ DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
+ }
+ DEBUG ((DEBUG_INFO, "\n"));
+ }
+
+ if (HashList != NULL) {
+ CopyMem (
+ HashList,
+ &PcrValues,
+ sizeof (TPML_DIGEST)
+ );
+ }
+
+ return EFI_SUCCESS;
+}
+
/**
This command is used to cause an update to the indicated PCR.
The digests parameter contains one or more tagged digest value identified by an algorithm ID.
@@ -130,14 +421,26 @@ Tpm2PcrExtend (
Buffer += sizeof(UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) {
- DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
+ DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
+
CopyMem(
Buffer,
&Digests->digests[Index].digest,
DigestSize
);
+
+ DEBUG_CODE_BEGIN ();
+ UINTN Index2;
+ DEBUG ((DEBUG_INFO, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d], digest = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));
+
+ for (Index2 = 0; Index2 < DigestSize; Index2++) {
+ DEBUG ((DEBUG_INFO, "%02x ", Buffer[Index2]));
+ }
+ DEBUG ((DEBUG_INFO, "\n"));
+ DEBUG_CODE_END ();
+
Buffer += DigestSize;
}
@@ -151,7 +454,7 @@ Tpm2PcrExtend (
}
if (ResultBufSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -160,7 +463,7 @@ Tpm2PcrExtend (
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -168,10 +471,15 @@ Tpm2PcrExtend (
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
+ DEBUG_CODE_BEGIN ();
+ DEBUG ((DEBUG_INFO, "Tpm2PcrExtend: PCR read after extend...\n"));
+ Tpm2ActivePcrRegisterRead (PcrHandle, NULL);
+ DEBUG_CODE_END ();
+
//
// Unmarshal the response
//
@@ -246,7 +554,7 @@ Tpm2PcrEvent (
}
if (ResultBufSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -255,7 +563,7 @@ Tpm2PcrEvent (
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -263,7 +571,7 @@ Tpm2PcrEvent (
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -284,7 +592,7 @@ Tpm2PcrEvent (
Buffer += sizeof(UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) {
- DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
+ DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem(
@@ -298,134 +606,6 @@ Tpm2PcrEvent (
return EFI_SUCCESS;
}
-/**
- This command returns the values of all PCR specified in pcrSelect.
-
- @param[in] PcrSelectionIn The selection of PCR to read.
- @param[out] PcrUpdateCounter The current value of the PCR update counter.
- @param[out] PcrSelectionOut The PCR in the returned list.
- @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
-
- @retval EFI_SUCCESS Operation completed successfully.
- @retval EFI_DEVICE_ERROR The command was unsuccessful.
-**/
-EFI_STATUS
-EFIAPI
-Tpm2PcrRead (
- IN TPML_PCR_SELECTION *PcrSelectionIn,
- OUT UINT32 *PcrUpdateCounter,
- OUT TPML_PCR_SELECTION *PcrSelectionOut,
- OUT TPML_DIGEST *PcrValues
- )
-{
- EFI_STATUS Status;
- TPM2_PCR_READ_COMMAND SendBuffer;
- TPM2_PCR_READ_RESPONSE RecvBuffer;
- UINT32 SendBufferSize;
- UINT32 RecvBufferSize;
- UINTN Index;
- TPML_DIGEST *PcrValuesOut;
- TPM2B_DIGEST *Digests;
-
- //
- // Construct command
- //
- SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
- SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
-
- SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
- for (Index = 0; Index < PcrSelectionIn->count; Index++) {
- SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
- SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect;
- CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
- }
-
- SendBufferSize = sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSelectionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
- SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
-
- //
- // send Tpm command
- //
- RecvBufferSize = sizeof (RecvBuffer);
- Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
- if (EFI_ERROR (Status)) {
- return Status;
- }
-
- if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
- return EFI_DEVICE_ERROR;
- }
- if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
- return EFI_NOT_FOUND;
- }
-
- //
- // Return the response
- //
-
- //
- // PcrUpdateCounter
- //
- if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
- return EFI_DEVICE_ERROR;
- }
- *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
-
- //
- // PcrSelectionOut
- //
- if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
- return EFI_DEVICE_ERROR;
- }
- PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
- if (PcrSelectionOut->count > HASH_COUNT) {
- DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count));
- return EFI_DEVICE_ERROR;
- }
-
- if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
- return EFI_DEVICE_ERROR;
- }
- for (Index = 0; Index < PcrSelectionOut->count; Index++) {
- PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
- PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
- if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
- return EFI_DEVICE_ERROR;
- }
- CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect);
- }
-
- //
- // PcrValues
- //
- PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
- PcrValues->count = SwapBytes32(PcrValuesOut->count);
- //
- // The number of digests in list is not greater than 8 per TPML_DIGEST definition
- //
- if (PcrValues->count > 8) {
- DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count));
- return EFI_DEVICE_ERROR;
- }
- Digests = PcrValuesOut->digests;
- for (Index = 0; Index < PcrValues->count; Index++) {
- PcrValues->digests[Index].size = SwapBytes16(Digests->size);
- if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {
- DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size));
- return EFI_DEVICE_ERROR;
- }
- CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size);
- Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + PcrValues->digests[Index].size);
- }
-
- return EFI_SUCCESS;
-}
-
/**
This command is used to set the desired PCR allocation of PCR and algorithms.
@@ -513,7 +693,7 @@ Tpm2PcrAllocate (
}
if (ResultBufSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
@@ -523,7 +703,7 @@ Tpm2PcrAllocate (
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
@@ -532,7 +712,7 @@ Tpm2PcrAllocate (
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
+ DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -673,15 +853,15 @@ Tpm2PcrAllocateBanks (
&SizeNeeded,
&SizeAvailable
);
- DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
+ DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
if (EFI_ERROR (Status)) {
goto Done;
}
- DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
- DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
- DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
- DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
+ DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
+ DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR));
+ DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded));
+ DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
Done:
ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 19b8e4b318..678826f8a5 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -147,7 +147,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
}
};
-
/**
Record all measured Firmware Volume Information into a Guid Hob
Guid Hob payload layout is
@@ -223,7 +222,7 @@ SyncPcrAllocationsAndPcrMask (
UINT32 Tpm2PcrMask;
UINT32 NewTpm2PcrMask;
- DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
+ DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
//
// Determine the current TPM support and the Platform PCR mask.
@@ -234,7 +233,7 @@ SyncPcrAllocationsAndPcrMask (
Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
if (Tpm2PcrMask == 0) {
//
- // if PcdTPm2HashMask is zero, use ActivePcr setting
+ // if PcdTpm2HashMask is zero, use ActivePcr setting
//
PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
Tpm2PcrMask = TpmActivePcrBanks;
@@ -253,9 +252,9 @@ SyncPcrAllocationsAndPcrMask (
if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
- DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
+ DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
if (NewTpmActivePcrBanks == 0) {
- DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
+ DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
ASSERT (FALSE);
} else {
Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap, NewTpmActivePcrBanks);
@@ -263,7 +262,7 @@ SyncPcrAllocationsAndPcrMask (
//
// We can't do much here, but we hope that this doesn't happen.
//
- DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__));
+ DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__));
ASSERT_EFI_ERROR (Status);
}
//
@@ -280,9 +279,9 @@ SyncPcrAllocationsAndPcrMask (
if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
- DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
+ DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
if (NewTpm2PcrMask == 0) {
- DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
+ DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
ASSERT (FALSE);
}
@@ -321,7 +320,7 @@ LogHashEvent (
RetStatus = EFI_SUCCESS;
for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {
if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
- DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
+ DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
switch (mTcg2EventInfo[Index].LogFormat) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
@@ -416,7 +415,7 @@ HashLogExtendEvent (
}
if (Status == EFI_DEVICE_ERROR) {
- DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
+ DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
BuildGuidHob (&gTpmErrorHobGuid,0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
@@ -925,7 +924,7 @@ PeimEntryMA (
}
if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
- DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
+ DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));
return EFI_DEVICE_ERROR;
}
@@ -989,7 +988,7 @@ PeimEntryMA (
for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
Status = MeasureSeparatorEventWithError (PcrIndex);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured. Error!\n"));
+ DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured. Error!\n"));
}
}
}
@@ -1006,6 +1005,13 @@ PeimEntryMA (
}
}
+ DEBUG_CODE_BEGIN ();
+ //
+ // Peek into TPM PCR 00 before any BIOS measurement.
+ //
+ Tpm2ActivePcrRegisterRead (00, NULL);
+ DEBUG_CODE_END ();
+
//
// Only install TpmInitializedPpi on success
//
@@ -1020,7 +1026,7 @@ PeimEntryMA (
Done:
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
+ DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
BuildGuidHob (&gTpmErrorHobGuid,0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
--
2.27.0.windows.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
2020-07-20 22:28 Rodrigo Gonzalez del Cueto
@ 2020-07-23 2:06 ` Yao, Jiewen
0 siblings, 0 replies; 9+ messages in thread
From: Yao, Jiewen @ 2020-07-23 2:06 UTC (permalink / raw)
To: Gonzalez Del Cueto, Rodrigo, devel@edk2.groups.io
Cc: Wang, Jian J, Zhang, Qi1
Here is some initial feedback:
1) Please don't change function header Tpm2PcrEvent() and Tpm2PcrRead() in Tpm2CommandLib.h
2) Please don't move Tpm2PcrRead() function in Tpm2Integrity.c, so that I can know what you have changed.
3) Please add Tpm2ActivePcrRegisterRead() as the last function in Tpm2Integrity.c
4) Please use DEBUG_VERBOSE for the new debug log. We got feedback before that there are too many debug messages in TPM driver.
5) Below code is weird in Tpm2ActivePcrRegisterRead().
UINT32 PcrIndex;
PcrIndex = (UINT8)PcrHandle;
Why you define it as UINT32 and cast it as UINT8?
6) Please use 2 spaces indent for the function header.
EFI_STATUS
EFIAPI
Tpm2ActivePcrRegisterRead (
IN TPMI_DH_PCR PcrHandle,
OUT TPML_DIGEST *HashList
)
7) The name of Tpm2ActivePcrRegisterRead() is confusing. What you try to do is to read the PCR for the active bank. Maybe Tpm2PcrReadForActiveBank() ?
Thank you
Yao Jiewen
> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>
> Sent: Tuesday, July 21, 2020 6:29 AM
> To: devel@edk2.groups.io
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Zhang,
> Qi1 <qi1.zhang@intel.com>
> Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
>
> Add debug functionality to examine TPM extend operations
> performed by BIOS and inspect the PCR 00 value prior to
> any BIOS measurements.
>
> Replaced usage of EFI_D_* for DEBUG_* definitions in debug
> messages.
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cueto@intel.com>
> ---
> SecurityPkg/Include/Library/Tpm2CommandLib.h | 25 +-
> .../Library/Tpm2CommandLib/Tpm2Integrity.c | 468 ++++++++++++------
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 32 +-
> 3 files changed, 364 insertions(+), 161 deletions(-)
>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index ce381e786b..bfa5bd82f4 100644
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -505,7 +505,7 @@ EFIAPI
> Tpm2PcrEvent (
>
> IN TPMI_DH_PCR PcrHandle,
>
> IN TPM2B_EVENT *EventData,
>
> - OUT TPML_DIGEST_VALUES *Digests
>
> + OUT TPML_DIGEST_VALUES *Digests
>
> );
[Jiewen] Why you need this this?
>
>
>
> /**
>
> @@ -523,9 +523,26 @@ EFI_STATUS
> EFIAPI
>
> Tpm2PcrRead (
>
> IN TPML_PCR_SELECTION *PcrSelectionIn,
>
> - OUT UINT32 *PcrUpdateCounter,
>
> - OUT TPML_PCR_SELECTION *PcrSelectionOut,
>
> - OUT TPML_DIGEST *PcrValues
>
> + OUT UINT32 *PcrUpdateCounter,
>
> + OUT TPML_PCR_SELECTION *PcrSelectionOut,
>
> + OUT TPML_DIGEST *PcrValues
>
> + );
>
> +
>
> +/**
>
> + This function will query the TPM to determine which hashing algorithms and
>
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
>
> +
>
> + @param[in] PcrHandle The index of the PCR register to be read.
>
> + @param[out] HashList List of digests from PCR register being read.
>
> +
>
> + @retval EFI_SUCCESS The Pcr was read successfully.
>
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +Tpm2ActivePcrRegisterRead (
>
> + IN TPMI_DH_PCR PcrHandle,
>
> + OUT TPML_DIGEST *HashList
>
> );
>
>
>
> /**
>
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> index ddb15178fb..229fc44139 100644
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> @@ -76,6 +76,297 @@ typedef struct {
>
>
> #pragma pack()
>
>
>
> +/**
>
> + This command returns the values of all PCR specified in pcrSelect.
>
> +
>
> + @param[in] PcrSelectionIn The selection of PCR to read.
>
> + @param[out] PcrUpdateCounter The current value of the PCR update
> counter.
>
> + @param[out] PcrSelectionOut The PCR in the returned list.
>
> + @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
>
> +
>
> + @retval EFI_SUCCESS Operation completed successfully.
>
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +Tpm2PcrRead (
>
> + IN TPML_PCR_SELECTION *PcrSelectionIn,
>
> + OUT UINT32 *PcrUpdateCounter,
>
> + OUT TPML_PCR_SELECTION *PcrSelectionOut,
>
> + OUT TPML_DIGEST *PcrValues
>
> + )
>
> +{
>
> + EFI_STATUS Status;
>
> + TPM2_PCR_READ_COMMAND SendBuffer;
>
> + TPM2_PCR_READ_RESPONSE RecvBuffer;
>
> + UINT32 SendBufferSize;
>
> + UINT32 RecvBufferSize;
>
> + UINTN Index;
>
> + TPML_DIGEST *PcrValuesOut;
>
> + TPM2B_DIGEST *Digests;
>
> +
>
> + //
>
> + // Construct command
>
> + //
>
> + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
>
> + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
>
> +
>
> + SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
>
> + for (Index = 0; Index < PcrSelectionIn->count; Index++) {
>
> + SendBuffer.PcrSelectionIn.pcrSelections[Index].hash =
> SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
>
> + SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn-
> >pcrSelections[Index].sizeofSelect;
>
> + CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect,
> &PcrSelectionIn->pcrSelections[Index].pcrSelect,
> SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
>
> + }
>
> +
>
> + SendBufferSize = sizeof(SendBuffer.Header) +
> sizeof(SendBuffer.PcrSelectionIn.count) +
> sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
>
> + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
>
> +
>
> + //
>
> + // send Tpm command
>
> + //
>
> + RecvBufferSize = sizeof (RecvBuffer);
>
> + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer,
> &RecvBufferSize, (UINT8 *)&RecvBuffer);
>
> + if (EFI_ERROR (Status)) {
>
> + return Status;
>
> + }
>
> +
>
> + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
>
> + return EFI_NOT_FOUND;
>
> + }
>
> +
>
> + //
>
> + // Return the response
>
> + //
>
> +
>
> + //
>
> + // PcrUpdateCounter
>
> + //
>
> + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter)) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
>
> +
>
> + //
>
> + // PcrSelectionOut
>
> + //
>
> + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count)) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
>
> + if (PcrSelectionOut->count > HASH_COUNT) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count
> error %x\n", PcrSelectionOut->count));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> +
>
> + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + for (Index = 0; Index < PcrSelectionOut->count; Index++) {
>
> + PcrSelectionOut->pcrSelections[Index].hash =
> SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
>
> + PcrSelectionOut->pcrSelections[Index].sizeofSelect =
> RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
>
> + if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect,
> &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut-
> >pcrSelections[Index].sizeofSelect);
>
> + }
>
> +
>
> + //
>
> + // PcrValues
>
> + //
>
> + PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof
> (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
>
> + PcrValues->count = SwapBytes32(PcrValuesOut->count);
>
> + //
>
> + // The number of digests in list is not greater than 8 per TPML_DIGEST
> definition
>
> + //
>
> + if (PcrValues->count > 8) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n",
> PcrValues->count));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + Digests = PcrValuesOut->digests;
>
> + for (Index = 0; Index < PcrValues->count; Index++) {
>
> + PcrValues->digests[Index].size = SwapBytes16(Digests->size);
>
> + if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n",
> PcrValues->digests[Index].size));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> + CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues-
> >digests[Index].size);
>
> + Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) +
> PcrValues->digests[Index].size);
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> +/**
>
> + This function will query the TPM to determine which hashing algorithms and
>
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
>
> +
>
> + @param[in] PcrHandle The index of the PCR register to be read.
>
> + @param[out] HashList List of digests from PCR register being read.
>
> +
>
> + @retval EFI_SUCCESS The Pcr was read successfully.
>
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +Tpm2ActivePcrRegisterRead (
>
> + IN TPMI_DH_PCR PcrHandle,
>
> + OUT TPML_DIGEST *HashList
>
> +)
>
> +{
>
> + EFI_STATUS Status;
>
> + TPML_PCR_SELECTION Pcrs;
>
> + TPML_PCR_SELECTION PcrSelectionIn;
>
> + TPML_PCR_SELECTION PcrSelectionOut;
>
> + TPML_DIGEST PcrValues;
>
> + UINT32 PcrUpdateCounter;
>
> + UINT32 PcrIndex;
>
> + UINT32 TpmHashAlgorithmBitmap;
>
> + TPMI_ALG_HASH CurrentPcrBankHash;
>
> + UINT32 ActivePcrBanks;
>
> + UINT32 TcgRegistryHashAlg;
>
> + UINT32 Index;
>
> + UINT32 Index2;
>
> +
>
> + PcrIndex = (UINT8)PcrHandle;
>
> +
>
> + if ((PcrIndex < 0) ||
>
> + (PcrIndex >= IMPLEMENTATION_PCR)) {
>
> + return EFI_INVALID_PARAMETER;
>
> + }
>
> +
>
> + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
>
> + ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
>
> + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
>
> + ZeroMem (&PcrValues, sizeof (PcrValues));
>
> + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
>
> +
>
> + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
>
> +
>
> + //
>
> + // Read TPM capabilities
>
> + //
>
> + Status = Tpm2GetCapabilityPcrs (&Pcrs);
>
> +
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> +
>
> + //
>
> + // Get Active Pcrs
>
> + //
>
> + Status = Tpm2GetCapabilitySupportedAndActivePcrs (
>
> + &TpmHashAlgorithmBitmap,
>
> + &ActivePcrBanks
>
> + );
>
> +
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and
> active PCRs\n"));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> +
>
> + //
>
> + // Select from Active PCRs
>
> + //
>
> + for (Index = 0; Index < Pcrs.count; Index++) {
>
> + CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
>
> +
>
> + switch (CurrentPcrBankHash) {
>
> + case TPM_ALG_SHA1:
>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
>
> + TcgRegistryHashAlg = HASH_ALG_SHA1;
>
> + break;
>
> + case TPM_ALG_SHA256:
>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
>
> + TcgRegistryHashAlg = HASH_ALG_SHA256;
>
> + break;
>
> + case TPM_ALG_SHA384:
>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
>
> + TcgRegistryHashAlg = HASH_ALG_SHA384;
>
> + break;
>
> + case TPM_ALG_SHA512:
>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
>
> + TcgRegistryHashAlg = HASH_ALG_SHA512;
>
> + break;
>
> + case TPM_ALG_SM3_256:
>
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
>
> + TcgRegistryHashAlg = HASH_ALG_SM3_256;
>
> + break;
>
> + default:
>
> + //
>
> + // Unsupported algorithm
>
> + //
>
> + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
>
> + TcgRegistryHashAlg = 0;
>
> + break;
>
> + }
>
> + //
>
> + // Skip unsupported and inactive PCR banks
>
> + //
>
> + if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
>
> + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank:
> 0x%04x\n", CurrentPcrBankHash));
>
> + continue;
>
> + }
>
> +
>
> + //
>
> + // Select PCR from current active bank
>
> + //
>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =
> Pcrs.pcrSelections[Index].hash;
>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =
> PCR_SELECT_MAX;
>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex <
> 8) ? 1 << PcrIndex : 0;
>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex >
> 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
>
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex >
> 15) ? 1 << (PcrIndex - 16) : 0;
>
> + PcrSelectionIn.count++;
>
> + }
>
> +
>
> + //
>
> + // Read PCRs
>
> + //
>
> + Status = Tpm2PcrRead (
>
> + &PcrSelectionIn,
>
> + &PcrUpdateCounter,
>
> + &PcrSelectionOut,
>
> + &PcrValues
>
> + );
>
> +
>
> + if (EFI_ERROR (Status)) {
>
> + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
>
> + return EFI_DEVICE_ERROR;
>
> + }
>
> +
>
> + for (Index = 0; Index < PcrValues.count; Index++) {
>
> + DEBUG ((
>
> + DEBUG_INFO,
>
> + "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
>
> + PcrSelectionOut.pcrSelections[Index].hash,
>
> + PcrIndex
>
> + ));
>
> +
>
> + for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
>
> + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
>
> + }
>
> + DEBUG ((DEBUG_INFO, "\n"));
>
> + }
>
> +
>
> + if (HashList != NULL) {
>
> + CopyMem (
>
> + HashList,
>
> + &PcrValues,
>
> + sizeof (TPML_DIGEST)
>
> + );
>
> + }
>
> +
>
> + return EFI_SUCCESS;
>
> +}
>
> +
>
> /**
>
> This command is used to cause an update to the indicated PCR.
>
> The digests parameter contains one or more tagged digest value identified by
> an algorithm ID.
>
> @@ -130,14 +421,26 @@ Tpm2PcrExtend (
> Buffer += sizeof(UINT16);
>
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
>
> if (DigestSize == 0) {
>
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>
> return EFI_DEVICE_ERROR;
>
> }
>
> +
>
> CopyMem(
>
> Buffer,
>
> &Digests->digests[Index].digest,
>
> DigestSize
>
> );
>
> +
>
> + DEBUG_CODE_BEGIN ();
>
> + UINTN Index2;
>
> + DEBUG ((DEBUG_INFO, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d], digest
> = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));
>
> +
>
> + for (Index2 = 0; Index2 < DigestSize; Index2++) {
>
> + DEBUG ((DEBUG_INFO, "%02x ", Buffer[Index2]));
>
> + }
>
> + DEBUG ((DEBUG_INFO, "\n"));
>
> + DEBUG_CODE_END ();
>
> +
>
> Buffer += DigestSize;
>
> }
>
>
>
> @@ -151,7 +454,7 @@ Tpm2PcrExtend (
> }
>
>
>
> if (ResultBufSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>
> return EFI_BUFFER_TOO_SMALL;
>
> }
>
>
>
> @@ -160,7 +463,7 @@ Tpm2PcrExtend (
> //
>
> RespSize = SwapBytes32(Res.Header.paramSize);
>
> if (RespSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
>
> return EFI_BUFFER_TOO_SMALL;
>
> }
>
>
>
> @@ -168,10 +471,15 @@ Tpm2PcrExtend (
> // Fail if command failed
>
> //
>
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>
> return EFI_DEVICE_ERROR;
>
> }
>
>
>
> + DEBUG_CODE_BEGIN ();
>
> + DEBUG ((DEBUG_INFO, "Tpm2PcrExtend: PCR read after extend...\n"));
>
> + Tpm2ActivePcrRegisterRead (PcrHandle, NULL);
>
> + DEBUG_CODE_END ();
>
> +
>
> //
>
> // Unmarshal the response
>
> //
>
> @@ -246,7 +554,7 @@ Tpm2PcrEvent (
> }
>
>
>
> if (ResultBufSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>
> return EFI_BUFFER_TOO_SMALL;
>
> }
>
>
>
> @@ -255,7 +563,7 @@ Tpm2PcrEvent (
> //
>
> RespSize = SwapBytes32(Res.Header.paramSize);
>
> if (RespSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
>
> return EFI_BUFFER_TOO_SMALL;
>
> }
>
>
>
> @@ -263,7 +571,7 @@ Tpm2PcrEvent (
> // Fail if command failed
>
> //
>
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>
> return EFI_DEVICE_ERROR;
>
> }
>
>
>
> @@ -284,7 +592,7 @@ Tpm2PcrEvent (
> Buffer += sizeof(UINT16);
>
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
>
> if (DigestSize == 0) {
>
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
>
> return EFI_DEVICE_ERROR;
>
> }
>
> CopyMem(
>
> @@ -298,134 +606,6 @@ Tpm2PcrEvent (
> return EFI_SUCCESS;
>
> }
>
>
>
> -/**
>
> - This command returns the values of all PCR specified in pcrSelect.
>
> -
>
> - @param[in] PcrSelectionIn The selection of PCR to read.
>
> - @param[out] PcrUpdateCounter The current value of the PCR update
> counter.
>
> - @param[out] PcrSelectionOut The PCR in the returned list.
>
> - @param[out] PcrValues The contents of the PCR indicated in pcrSelect.
>
> -
>
> - @retval EFI_SUCCESS Operation completed successfully.
>
> - @retval EFI_DEVICE_ERROR The command was unsuccessful.
>
> -**/
>
> -EFI_STATUS
>
> -EFIAPI
>
> -Tpm2PcrRead (
>
> - IN TPML_PCR_SELECTION *PcrSelectionIn,
>
> - OUT UINT32 *PcrUpdateCounter,
>
> - OUT TPML_PCR_SELECTION *PcrSelectionOut,
>
> - OUT TPML_DIGEST *PcrValues
>
> - )
>
> -{
>
> - EFI_STATUS Status;
>
> - TPM2_PCR_READ_COMMAND SendBuffer;
>
> - TPM2_PCR_READ_RESPONSE RecvBuffer;
>
> - UINT32 SendBufferSize;
>
> - UINT32 RecvBufferSize;
>
> - UINTN Index;
>
> - TPML_DIGEST *PcrValuesOut;
>
> - TPM2B_DIGEST *Digests;
>
> -
>
> - //
>
> - // Construct command
>
> - //
>
> - SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS);
>
> - SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read);
>
> -
>
> - SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count);
>
> - for (Index = 0; Index < PcrSelectionIn->count; Index++) {
>
> - SendBuffer.PcrSelectionIn.pcrSelections[Index].hash =
> SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash);
>
> - SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn-
> >pcrSelections[Index].sizeofSelect;
>
> - CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect,
> &PcrSelectionIn->pcrSelections[Index].pcrSelect,
> SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect);
>
> - }
>
> -
>
> - SendBufferSize = sizeof(SendBuffer.Header) +
> sizeof(SendBuffer.PcrSelectionIn.count) +
> sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count;
>
> - SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
>
> -
>
> - //
>
> - // send Tpm command
>
> - //
>
> - RecvBufferSize = sizeof (RecvBuffer);
>
> - Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer,
> &RecvBufferSize, (UINT8 *)&RecvBuffer);
>
> - if (EFI_ERROR (Status)) {
>
> - return Status;
>
> - }
>
> -
>
> - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
>
> - return EFI_NOT_FOUND;
>
> - }
>
> -
>
> - //
>
> - // Return the response
>
> - //
>
> -
>
> - //
>
> - // PcrUpdateCounter
>
> - //
>
> - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
>
> -
>
> - //
>
> - // PcrSelectionOut
>
> - //
>
> - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
>
> - if (PcrSelectionOut->count > HASH_COUNT) {
>
> - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count
> error %x\n", PcrSelectionOut->count));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> -
>
> - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - for (Index = 0; Index < PcrSelectionOut->count; Index++) {
>
> - PcrSelectionOut->pcrSelections[Index].hash =
> SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash);
>
> - PcrSelectionOut->pcrSelections[Index].sizeofSelect =
> RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect;
>
> - if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) {
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect,
> &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut-
> >pcrSelections[Index].sizeofSelect);
>
> - }
>
> -
>
> - //
>
> - // PcrValues
>
> - //
>
> - PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof
> (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count);
>
> - PcrValues->count = SwapBytes32(PcrValuesOut->count);
>
> - //
>
> - // The number of digests in list is not greater than 8 per TPML_DIGEST
> definition
>
> - //
>
> - if (PcrValues->count > 8) {
>
> - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n",
> PcrValues->count));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - Digests = PcrValuesOut->digests;
>
> - for (Index = 0; Index < PcrValues->count; Index++) {
>
> - PcrValues->digests[Index].size = SwapBytes16(Digests->size);
>
> - if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {
>
> - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n",
> PcrValues->digests[Index].size));
>
> - return EFI_DEVICE_ERROR;
>
> - }
>
> - CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues-
> >digests[Index].size);
>
> - Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) +
> PcrValues->digests[Index].size);
>
> - }
>
> -
>
> - return EFI_SUCCESS;
>
> -}
>
> -
>
> /**
>
> This command is used to set the desired PCR allocation of PCR and algorithms.
>
>
>
> @@ -513,7 +693,7 @@ Tpm2PcrAllocate (
> }
>
>
>
> if (ResultBufSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand:
> Buffer Too Small\r\n"));
>
> Status = EFI_BUFFER_TOO_SMALL;
>
> goto Done;
>
> }
>
> @@ -523,7 +703,7 @@ Tpm2PcrAllocate (
> //
>
> RespSize = SwapBytes32(Res.Header.paramSize);
>
> if (RespSize > sizeof(Res)) {
>
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n",
> RespSize));
>
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too
> large! %d\r\n", RespSize));
>
> Status = EFI_BUFFER_TOO_SMALL;
>
> goto Done;
>
> }
>
> @@ -532,7 +712,7 @@ Tpm2PcrAllocate (
> // Fail if command failed
>
> //
>
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
>
> - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
>
> + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
>
> Status = EFI_DEVICE_ERROR;
>
> goto Done;
>
> }
>
> @@ -673,15 +853,15 @@ Tpm2PcrAllocateBanks (
> &SizeNeeded,
>
> &SizeAvailable
>
> );
>
> - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
>
> + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
>
> if (EFI_ERROR (Status)) {
>
> goto Done;
>
> }
>
>
>
> - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
>
> - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
>
> - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
>
> - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
>
> + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
>
> + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR));
>
> + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded));
>
> + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
>
>
>
> Done:
>
> ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
>
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> index 19b8e4b318..678826f8a5 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> @@ -147,7 +147,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
> }
>
> };
>
>
>
> -
>
> /**
>
> Record all measured Firmware Volume Information into a Guid Hob
>
> Guid Hob payload layout is
>
> @@ -223,7 +222,7 @@ SyncPcrAllocationsAndPcrMask (
> UINT32 Tpm2PcrMask;
>
> UINT32 NewTpm2PcrMask;
>
>
>
> - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
>
> + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
>
>
>
> //
>
> // Determine the current TPM support and the Platform PCR mask.
>
> @@ -234,7 +233,7 @@ SyncPcrAllocationsAndPcrMask (
> Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
>
> if (Tpm2PcrMask == 0) {
>
> //
>
> - // if PcdTPm2HashMask is zero, use ActivePcr setting
>
> + // if PcdTpm2HashMask is zero, use ActivePcr setting
>
> //
>
> PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
>
> Tpm2PcrMask = TpmActivePcrBanks;
>
> @@ -253,9 +252,9 @@ SyncPcrAllocationsAndPcrMask (
> if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
>
> NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
>
>
>
> - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
>
> + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
>
> if (NewTpmActivePcrBanks == 0) {
>
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>
> ASSERT (FALSE);
>
> } else {
>
> Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap,
> NewTpmActivePcrBanks);
>
> @@ -263,7 +262,7 @@ SyncPcrAllocationsAndPcrMask (
> //
>
> // We can't do much here, but we hope that this doesn't happen.
>
> //
>
> - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
>
> + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
>
> ASSERT_EFI_ERROR (Status);
>
> }
>
> //
>
> @@ -280,9 +279,9 @@ SyncPcrAllocationsAndPcrMask (
> if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
>
> NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
>
>
>
> - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
>
> + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
>
> if (NewTpm2PcrMask == 0) {
>
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
>
> ASSERT (FALSE);
>
> }
>
>
>
> @@ -321,7 +320,7 @@ LogHashEvent (
> RetStatus = EFI_SUCCESS;
>
> for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]);
> Index++) {
>
> if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
>
> - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
>
> + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
>
> switch (mTcg2EventInfo[Index].LogFormat) {
>
> case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
>
> Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList,
> &NewEventHdr->Digest);
>
> @@ -416,7 +415,7 @@ HashLogExtendEvent (
> }
>
>
>
> if (Status == EFI_DEVICE_ERROR) {
>
> - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
>
> + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n",
> Status));
>
> BuildGuidHob (&gTpmErrorHobGuid,0);
>
> REPORT_STATUS_CODE (
>
> EFI_ERROR_CODE | EFI_ERROR_MINOR,
>
> @@ -925,7 +924,7 @@ PeimEntryMA (
> }
>
>
>
> if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
>
> - DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
>
> + DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));
>
> return EFI_DEVICE_ERROR;
>
> }
>
>
>
> @@ -989,7 +988,7 @@ PeimEntryMA (
> for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
>
> Status = MeasureSeparatorEventWithError (PcrIndex);
>
> if (EFI_ERROR (Status)) {
>
> - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
>
> + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
>
> }
>
> }
>
> }
>
> @@ -1006,6 +1005,13 @@ PeimEntryMA (
> }
>
> }
>
>
>
> + DEBUG_CODE_BEGIN ();
>
> + //
>
> + // Peek into TPM PCR 00 before any BIOS measurement.
>
> + //
>
> + Tpm2ActivePcrRegisterRead (00, NULL);
>
> + DEBUG_CODE_END ();
>
> +
>
> //
>
> // Only install TpmInitializedPpi on success
>
> //
>
> @@ -1020,7 +1026,7 @@ PeimEntryMA (
>
>
> Done:
>
> if (EFI_ERROR (Status)) {
>
> - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
>
> + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
>
> BuildGuidHob (&gTpmErrorHobGuid,0);
>
> REPORT_STATUS_CODE (
>
> EFI_ERROR_CODE | EFI_ERROR_MINOR,
>
> --
> 2.27.0.windows.1
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
@ 2021-07-29 22:43 Rodrigo Gonzalez del Cueto
2021-08-09 1:24 ` Yao, Jiewen
0 siblings, 1 reply; 9+ messages in thread
From: Rodrigo Gonzalez del Cueto @ 2021-07-29 22:43 UTC (permalink / raw)
To: devel; +Cc: Rodrigo Gonzalez del Cueto, Jiewen Yao, Jian J Wang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
Add debug functionality to examine TPM extend operations
performed by BIOS and inspect the PCR 00 value prior to
any BIOS measurements.
Replaced usage of EFI_D_* for DEBUG_* definitions in debug
messages.
Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 28 ++++++++++++++++++++++------
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 226 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 34 ++++++++++++++++++++--------------
3 files changed, 245 insertions(+), 43 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb62295..5e5c340893 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -1,7 +1,7 @@
/** @file
This library is used by other modules to send TPM2 command.
-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -505,7 +505,7 @@ EFIAPI
Tpm2PcrEvent (
IN TPMI_DH_PCR PcrHandle,
IN TPM2B_EVENT *EventData,
- OUT TPML_DIGEST_VALUES *Digests
+ OUT TPML_DIGEST_VALUES *Digests
);
/**
@@ -522,10 +522,10 @@ Tpm2PcrEvent (
EFI_STATUS
EFIAPI
Tpm2PcrRead (
- IN TPML_PCR_SELECTION *PcrSelectionIn,
- OUT UINT32 *PcrUpdateCounter,
- OUT TPML_PCR_SELECTION *PcrSelectionOut,
- OUT TPML_DIGEST *PcrValues
+ IN TPML_PCR_SELECTION *PcrSelectionIn,
+ OUT UINT32 *PcrUpdateCounter,
+ OUT TPML_PCR_SELECTION *PcrSelectionOut,
+ OUT TPML_DIGEST *PcrValues
);
/**
@@ -1113,4 +1113,20 @@ GetDigestFromDigestList(
OUT VOID *Digest
);
+ /**
+ This function will query the TPM to determine which hashing algorithms and
+ get the digests of all active and supported PCR banks of a specific PCR register.
+
+ @param[in] PcrHandle The index of the PCR register to be read.
+ @param[out] HashList List of digests from PCR register being read.
+
+ @retval EFI_SUCCESS The Pcr was read successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrReadForActiveBank (
+ IN TPMI_DH_PCR PcrHandle,
+ OUT TPML_DIGEST *HashList
+ );
#endif
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
index ddb15178fb..3b49192b93 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
@@ -1,7 +1,7 @@
/** @file
Implement TPM2 Integrity related command.
-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -109,7 +109,6 @@ Tpm2PcrExtend (
Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend);
Cmd.PcrHandle = SwapBytes32(PcrHandle);
-
//
// Add in Auth session
//
@@ -130,14 +129,26 @@ Tpm2PcrExtend (
Buffer += sizeof(UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) {
- DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
+ DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
+
CopyMem(
Buffer,
&Digests->digests[Index].digest,
DigestSize
);
+
+ DEBUG_CODE_BEGIN ();
+ UINTN Index2;
+ DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d], digest = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));
+
+ for (Index2 = 0; Index2 < DigestSize; Index2++) {
+ DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2]));
+ }
+ DEBUG ((DEBUG_VERBOSE, "\n"));
+ DEBUG_CODE_END ();
+
Buffer += DigestSize;
}
@@ -151,7 +162,7 @@ Tpm2PcrExtend (
}
if (ResultBufSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -160,7 +171,7 @@ Tpm2PcrExtend (
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -168,10 +179,15 @@ Tpm2PcrExtend (
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
+ DEBUG_CODE_BEGIN ();
+ DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n"));
+ Tpm2PcrReadForActiveBank (PcrHandle, NULL);
+ DEBUG_CODE_END ();
+
//
// Unmarshal the response
//
@@ -246,7 +262,7 @@ Tpm2PcrEvent (
}
if (ResultBufSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n"));
return EFI_BUFFER_TOO_SMALL;
}
@@ -255,7 +271,7 @@ Tpm2PcrEvent (
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize));
return EFI_BUFFER_TOO_SMALL;
}
@@ -263,7 +279,7 @@ Tpm2PcrEvent (
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
return EFI_DEVICE_ERROR;
}
@@ -284,7 +300,7 @@ Tpm2PcrEvent (
Buffer += sizeof(UINT16);
DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
if (DigestSize == 0) {
- DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
+ DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg));
return EFI_DEVICE_ERROR;
}
CopyMem(
@@ -298,6 +314,7 @@ Tpm2PcrEvent (
return EFI_SUCCESS;
}
+
/**
This command returns the values of all PCR specified in pcrSelect.
@@ -353,11 +370,11 @@ Tpm2PcrRead (
}
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
return EFI_NOT_FOUND;
}
@@ -369,7 +386,7 @@ Tpm2PcrRead (
// PcrUpdateCounter
//
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
*PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
@@ -378,7 +395,7 @@ Tpm2PcrRead (
// PcrSelectionOut
//
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
@@ -388,7 +405,7 @@ Tpm2PcrRead (
}
if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize));
return EFI_DEVICE_ERROR;
}
for (Index = 0; Index < PcrSelectionOut->count; Index++) {
@@ -513,7 +530,7 @@ Tpm2PcrAllocate (
}
if (ResultBufSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n"));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
@@ -523,7 +540,7 @@ Tpm2PcrAllocate (
//
RespSize = SwapBytes32(Res.Header.paramSize);
if (RespSize > sizeof(Res)) {
- DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize));
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize));
Status = EFI_BUFFER_TOO_SMALL;
goto Done;
}
@@ -532,7 +549,7 @@ Tpm2PcrAllocate (
// Fail if command failed
//
if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
- DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
+ DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
Status = EFI_DEVICE_ERROR;
goto Done;
}
@@ -673,17 +690,180 @@ Tpm2PcrAllocateBanks (
&SizeNeeded,
&SizeAvailable
);
- DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
+ DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
if (EFI_ERROR (Status)) {
goto Done;
}
- DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
- DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
- DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
- DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
+ DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
+ DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR));
+ DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded));
+ DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
Done:
ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
return Status;
}
+
+/**
+ This function will query the TPM to determine which hashing algorithms and
+ get the digests of all active and supported PCR banks of a specific PCR register.
+
+ @param[in] PcrHandle The index of the PCR register to be read.
+ @param[out] HashList List of digests from PCR register being read.
+
+ @retval EFI_SUCCESS The Pcr was read successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrReadForActiveBank (
+ IN TPMI_DH_PCR PcrHandle,
+ OUT TPML_DIGEST *HashList
+)
+{
+ EFI_STATUS Status;
+ TPML_PCR_SELECTION Pcrs;
+ TPML_PCR_SELECTION PcrSelectionIn;
+ TPML_PCR_SELECTION PcrSelectionOut;
+ TPML_DIGEST PcrValues;
+ UINT32 PcrUpdateCounter;
+ UINT8 PcrIndex;
+ UINT32 TpmHashAlgorithmBitmap;
+ TPMI_ALG_HASH CurrentPcrBankHash;
+ UINT32 ActivePcrBanks;
+ UINT32 TcgRegistryHashAlg;
+ UINTN Index;
+ UINTN Index2;
+
+ PcrIndex = (UINT8) PcrHandle;
+
+ if ((PcrIndex < 0) ||
+ (PcrIndex >= IMPLEMENTATION_PCR)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
+ ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
+ ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
+ ZeroMem (&PcrValues, sizeof (PcrValues));
+ ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
+
+ DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
+
+ //
+ // Read TPM capabilities
+ //
+ Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Get Active Pcrs
+ //
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (
+ &TpmHashAlgorithmBitmap,
+ &ActivePcrBanks
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and active PCRs\n"));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Select from Active PCRs
+ //
+ for (Index = 0; Index < Pcrs.count; Index++) {
+ CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
+
+ switch (CurrentPcrBankHash) {
+ case TPM_ALG_SHA1:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA1;
+ break;
+ case TPM_ALG_SHA256:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA256;
+ break;
+ case TPM_ALG_SHA384:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA384;
+ break;
+ case TPM_ALG_SHA512:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA512;
+ break;
+ case TPM_ALG_SM3_256:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SM3_256;
+ break;
+ default:
+ //
+ // Unsupported algorithm
+ //
+ DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
+ TcgRegistryHashAlg = 0;
+ break;
+ }
+ //
+ // Skip unsupported and inactive PCR banks
+ //
+ if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
+ DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank: 0x%04x\n", CurrentPcrBankHash));
+ continue;
+ }
+
+ //
+ // Select PCR from current active bank
+ //
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash = Pcrs.pcrSelections[Index].hash;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect = PCR_SELECT_MAX;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex < 8) ? 1 << PcrIndex : 0;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex > 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex > 15) ? 1 << (PcrIndex - 16) : 0;
+ PcrSelectionIn.count++;
+ }
+
+ //
+ // Read PCRs
+ //
+ Status = Tpm2PcrRead (
+ &PcrSelectionIn,
+ &PcrUpdateCounter,
+ &PcrSelectionOut,
+ &PcrValues
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
+ return EFI_DEVICE_ERROR;
+ }
+
+ for (Index = 0; Index < PcrValues.count; Index++) {
+ DEBUG ((
+ DEBUG_INFO,
+ "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
+ PcrSelectionOut.pcrSelections[Index].hash,
+ PcrIndex
+ ));
+
+ for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
+ DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
+ }
+ DEBUG ((DEBUG_INFO, "\n"));
+ }
+
+ if (HashList != NULL) {
+ CopyMem (
+ HashList,
+ &PcrValues,
+ sizeof (TPML_DIGEST)
+ );
+ }
+
+ return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 93a8803ff6..ea79fa0af6 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -1,7 +1,7 @@
/** @file
Initialize TPM2 device and measure FVs before handing off control to DXE.
-Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
}
};
-
/**
Record all measured Firmware Volume Information into a Guid Hob
Guid Hob payload layout is
@@ -267,7 +266,7 @@ SyncPcrAllocationsAndPcrMask (
UINT32 Tpm2PcrMask;
UINT32 NewTpm2PcrMask;
- DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
+ DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
//
// Determine the current TPM support and the Platform PCR mask.
@@ -278,7 +277,7 @@ SyncPcrAllocationsAndPcrMask (
Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
if (Tpm2PcrMask == 0) {
//
- // if PcdTPm2HashMask is zero, use ActivePcr setting
+ // if PcdTpm2HashMask is zero, use ActivePcr setting
//
PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
Tpm2PcrMask = TpmActivePcrBanks;
@@ -297,9 +296,9 @@ SyncPcrAllocationsAndPcrMask (
if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
- DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
+ DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
if (NewTpmActivePcrBanks == 0) {
- DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
+ DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
ASSERT (FALSE);
} else {
Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap, NewTpmActivePcrBanks);
@@ -307,7 +306,7 @@ SyncPcrAllocationsAndPcrMask (
//
// We can't do much here, but we hope that this doesn't happen.
//
- DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__));
+ DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__));
ASSERT_EFI_ERROR (Status);
}
//
@@ -324,9 +323,9 @@ SyncPcrAllocationsAndPcrMask (
if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
- DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
+ DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
if (NewTpm2PcrMask == 0) {
- DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
+ DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
ASSERT (FALSE);
}
@@ -365,7 +364,7 @@ LogHashEvent (
RetStatus = EFI_SUCCESS;
for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) {
if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
- DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
+ DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
switch (mTcg2EventInfo[Index].LogFormat) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
@@ -476,7 +475,7 @@ HashLogExtendEvent (
}
if (Status == EFI_DEVICE_ERROR) {
- DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
+ DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
BuildGuidHob (&gTpmErrorHobGuid,0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
@@ -1011,7 +1010,7 @@ PeimEntryMA (
}
if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
- DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
+ DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));
return EFI_DEVICE_ERROR;
}
@@ -1075,7 +1074,7 @@ PeimEntryMA (
for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
Status = MeasureSeparatorEventWithError (PcrIndex);
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured. Error!\n"));
+ DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured. Error!\n"));
}
}
}
@@ -1092,6 +1091,13 @@ PeimEntryMA (
}
}
+ DEBUG_CODE_BEGIN ();
+ //
+ // Peek into TPM PCR 00 before any BIOS measurement.
+ //
+ Tpm2PcrReadForActiveBank (00, NULL);
+ DEBUG_CODE_END ();
+
//
// Only install TpmInitializedPpi on success
//
@@ -1106,7 +1112,7 @@ PeimEntryMA (
Done:
if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
+ DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
BuildGuidHob (&gTpmErrorHobGuid,0);
REPORT_STATUS_CODE (
EFI_ERROR_CODE | EFI_ERROR_MINOR,
--
2.31.1.windows.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
2021-07-29 22:43 Rodrigo Gonzalez del Cueto
@ 2021-08-09 1:24 ` Yao, Jiewen
2021-08-10 6:40 ` Rodrigo Gonzalez del Cueto
0 siblings, 1 reply; 9+ messages in thread
From: Yao, Jiewen @ 2021-08-09 1:24 UTC (permalink / raw)
To: Gonzalez Del Cueto, Rodrigo, devel@edk2.groups.io; +Cc: Wang, Jian J
Some feedback:
1) I think it is OK to add Tpm2PcrReadForActiveBank() API.
But I feel we will add too many noise to dump Tpm2PcrReadForActiveBank() in the code everytime.
I am not sure why it is needed.
What is the problem statement?
2) Below definition does not follow EDKII coding style. Please use 2 "space" as indent.
EFI_STATUS
EFIAPI
Tpm2PcrReadForActiveBank (
IN TPMI_DH_PCR PcrHandle,
OUT TPML_DIGEST *HashList
)
> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>
> Sent: Friday, July 30, 2021 6:43 AM
> To: devel@edk2.groups.io
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
> Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
>
> Add debug functionality to examine TPM extend operations
> performed by BIOS and inspect the PCR 00 value prior to
> any BIOS measurements.
>
> Replaced usage of EFI_D_* for DEBUG_* definitions in debug
> messages.
>
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cueto@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> ---
> SecurityPkg/Include/Library/Tpm2CommandLib.h | 28
> ++++++++++++++++++++++------
> SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 226
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++-----------------------
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 34 ++++++++++++++++++++------
> --------
> 3 files changed, 245 insertions(+), 43 deletions(-)
>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index ee8eb62295..5e5c340893 100644
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -1,7 +1,7 @@
> /** @file
> This library is used by other modules to send TPM2 command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -505,7 +505,7 @@ EFIAPI
> Tpm2PcrEvent (
> IN TPMI_DH_PCR PcrHandle,
> IN TPM2B_EVENT *EventData,
> - OUT TPML_DIGEST_VALUES *Digests
> + OUT TPML_DIGEST_VALUES *Digests
> );
>
> /**
> @@ -522,10 +522,10 @@ Tpm2PcrEvent (
> EFI_STATUS
> EFIAPI
> Tpm2PcrRead (
> - IN TPML_PCR_SELECTION *PcrSelectionIn,
> - OUT UINT32 *PcrUpdateCounter,
> - OUT TPML_PCR_SELECTION *PcrSelectionOut,
> - OUT TPML_DIGEST *PcrValues
> + IN TPML_PCR_SELECTION *PcrSelectionIn,
> + OUT UINT32 *PcrUpdateCounter,
> + OUT TPML_PCR_SELECTION *PcrSelectionOut,
> + OUT TPML_DIGEST *PcrValues
> );
>
> /**
> @@ -1113,4 +1113,20 @@ GetDigestFromDigestList(
> OUT VOID *Digest
> );
>
> + /**
> + This function will query the TPM to determine which hashing algorithms and
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
> +
> + @param[in] PcrHandle The index of the PCR register to be read.
> + @param[out] HashList List of digests from PCR register being read.
> +
> + @retval EFI_SUCCESS The Pcr was read successfully.
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> + IN TPMI_DH_PCR PcrHandle,
> + OUT TPML_DIGEST *HashList
> + );
> #endif
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> index ddb15178fb..3b49192b93 100644
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> @@ -1,7 +1,7 @@
> /** @file
> Implement TPM2 Integrity related command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -109,7 +109,6 @@ Tpm2PcrExtend (
> Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend);
> Cmd.PcrHandle = SwapBytes32(PcrHandle);
>
> -
> //
> // Add in Auth session
> //
> @@ -130,14 +129,26 @@ Tpm2PcrExtend (
> Buffer += sizeof(UINT16);
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
> if (DigestSize == 0) {
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> return EFI_DEVICE_ERROR;
> }
> +
> CopyMem(
> Buffer,
> &Digests->digests[Index].digest,
> DigestSize
> );
> +
> + DEBUG_CODE_BEGIN ();
> + UINTN Index2;
> + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d],
> digest = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));
> +
> + for (Index2 = 0; Index2 < DigestSize; Index2++) {
> + DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2]));
> + }
> + DEBUG ((DEBUG_VERBOSE, "\n"));
> + DEBUG_CODE_END ();
> +
> Buffer += DigestSize;
> }
>
> @@ -151,7 +162,7 @@ Tpm2PcrExtend (
> }
>
> if (ResultBufSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -160,7 +171,7 @@ Tpm2PcrExtend (
> //
> RespSize = SwapBytes32(Res.Header.paramSize);
> if (RespSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -168,10 +179,15 @@ Tpm2PcrExtend (
> // Fail if command failed
> //
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
> return EFI_DEVICE_ERROR;
> }
>
> + DEBUG_CODE_BEGIN ();
> + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n"));
> + Tpm2PcrReadForActiveBank (PcrHandle, NULL);
> + DEBUG_CODE_END ();
> +
> //
> // Unmarshal the response
> //
> @@ -246,7 +262,7 @@ Tpm2PcrEvent (
> }
>
> if (ResultBufSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -255,7 +271,7 @@ Tpm2PcrEvent (
> //
> RespSize = SwapBytes32(Res.Header.paramSize);
> if (RespSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -263,7 +279,7 @@ Tpm2PcrEvent (
> // Fail if command failed
> //
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
> return EFI_DEVICE_ERROR;
> }
>
> @@ -284,7 +300,7 @@ Tpm2PcrEvent (
> Buffer += sizeof(UINT16);
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
> if (DigestSize == 0) {
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> return EFI_DEVICE_ERROR;
> }
> CopyMem(
> @@ -298,6 +314,7 @@ Tpm2PcrEvent (
> return EFI_SUCCESS;
> }
>
> +
> /**
> This command returns the values of all PCR specified in pcrSelect.
>
> @@ -353,11 +370,11 @@ Tpm2PcrRead (
> }
>
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
> return EFI_NOT_FOUND;
> }
>
> @@ -369,7 +386,7 @@ Tpm2PcrRead (
> // PcrUpdateCounter
> //
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
> @@ -378,7 +395,7 @@ Tpm2PcrRead (
> // PcrSelectionOut
> //
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
> @@ -388,7 +405,7 @@ Tpm2PcrRead (
> }
>
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> for (Index = 0; Index < PcrSelectionOut->count; Index++) {
> @@ -513,7 +530,7 @@ Tpm2PcrAllocate (
> }
>
> if (ResultBufSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand:
> Buffer Too Small\r\n"));
> Status = EFI_BUFFER_TOO_SMALL;
> goto Done;
> }
> @@ -523,7 +540,7 @@ Tpm2PcrAllocate (
> //
> RespSize = SwapBytes32(Res.Header.paramSize);
> if (RespSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n",
> RespSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too
> large! %d\r\n", RespSize));
> Status = EFI_BUFFER_TOO_SMALL;
> goto Done;
> }
> @@ -532,7 +549,7 @@ Tpm2PcrAllocate (
> // Fail if command failed
> //
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
> Status = EFI_DEVICE_ERROR;
> goto Done;
> }
> @@ -673,17 +690,180 @@ Tpm2PcrAllocateBanks (
> &SizeNeeded,
> &SizeAvailable
> );
> - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
> + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
> if (EFI_ERROR (Status)) {
> goto Done;
> }
>
> - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
> - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
> - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
> - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
> + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
> + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR));
> + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded));
> + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
>
> Done:
> ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
> return Status;
> }
> +
> +/**
> + This function will query the TPM to determine which hashing algorithms and
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
> +
> + @param[in] PcrHandle The index of the PCR register to be read.
> + @param[out] HashList List of digests from PCR register being read.
> +
> + @retval EFI_SUCCESS The Pcr was read successfully.
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> + IN TPMI_DH_PCR PcrHandle,
> + OUT TPML_DIGEST *HashList
> +)
> +{
> + EFI_STATUS Status;
> + TPML_PCR_SELECTION Pcrs;
> + TPML_PCR_SELECTION PcrSelectionIn;
> + TPML_PCR_SELECTION PcrSelectionOut;
> + TPML_DIGEST PcrValues;
> + UINT32 PcrUpdateCounter;
> + UINT8 PcrIndex;
> + UINT32 TpmHashAlgorithmBitmap;
> + TPMI_ALG_HASH CurrentPcrBankHash;
> + UINT32 ActivePcrBanks;
> + UINT32 TcgRegistryHashAlg;
> + UINTN Index;
> + UINTN Index2;
> +
> + PcrIndex = (UINT8) PcrHandle;
> +
> + if ((PcrIndex < 0) ||
> + (PcrIndex >= IMPLEMENTATION_PCR)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
> + ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
> + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
> + ZeroMem (&PcrValues, sizeof (PcrValues));
> + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
> +
> + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
> +
> + //
> + // Read TPM capabilities
> + //
> + Status = Tpm2GetCapabilityPcrs (&Pcrs);
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + //
> + // Get Active Pcrs
> + //
> + Status = Tpm2GetCapabilitySupportedAndActivePcrs (
> + &TpmHashAlgorithmBitmap,
> + &ActivePcrBanks
> + );
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and
> active PCRs\n"));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + //
> + // Select from Active PCRs
> + //
> + for (Index = 0; Index < Pcrs.count; Index++) {
> + CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
> +
> + switch (CurrentPcrBankHash) {
> + case TPM_ALG_SHA1:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA1;
> + break;
> + case TPM_ALG_SHA256:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA256;
> + break;
> + case TPM_ALG_SHA384:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA384;
> + break;
> + case TPM_ALG_SHA512:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA512;
> + break;
> + case TPM_ALG_SM3_256:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SM3_256;
> + break;
> + default:
> + //
> + // Unsupported algorithm
> + //
> + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
> + TcgRegistryHashAlg = 0;
> + break;
> + }
> + //
> + // Skip unsupported and inactive PCR banks
> + //
> + if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
> + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank:
> 0x%04x\n", CurrentPcrBankHash));
> + continue;
> + }
> +
> + //
> + // Select PCR from current active bank
> + //
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =
> Pcrs.pcrSelections[Index].hash;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =
> PCR_SELECT_MAX;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex <
> 8) ? 1 << PcrIndex : 0;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex >
> 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex >
> 15) ? 1 << (PcrIndex - 16) : 0;
> + PcrSelectionIn.count++;
> + }
> +
> + //
> + // Read PCRs
> + //
> + Status = Tpm2PcrRead (
> + &PcrSelectionIn,
> + &PcrUpdateCounter,
> + &PcrSelectionOut,
> + &PcrValues
> + );
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + for (Index = 0; Index < PcrValues.count; Index++) {
> + DEBUG ((
> + DEBUG_INFO,
> + "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
> + PcrSelectionOut.pcrSelections[Index].hash,
> + PcrIndex
> + ));
> +
> + for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
> + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
> + }
> + DEBUG ((DEBUG_INFO, "\n"));
> + }
> +
> + if (HashList != NULL) {
> + CopyMem (
> + HashList,
> + &PcrValues,
> + sizeof (TPML_DIGEST)
> + );
> + }
> +
> + return EFI_SUCCESS;
> +}
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> index 93a8803ff6..ea79fa0af6 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> @@ -1,7 +1,7 @@
> /** @file
> Initialize TPM2 device and measure FVs before handing off control to DXE.
>
> -Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
> Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
> }
> };
>
> -
> /**
> Record all measured Firmware Volume Information into a Guid Hob
> Guid Hob payload layout is
> @@ -267,7 +266,7 @@ SyncPcrAllocationsAndPcrMask (
> UINT32 Tpm2PcrMask;
> UINT32 NewTpm2PcrMask;
>
> - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
> + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
>
> //
> // Determine the current TPM support and the Platform PCR mask.
> @@ -278,7 +277,7 @@ SyncPcrAllocationsAndPcrMask (
> Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
> if (Tpm2PcrMask == 0) {
> //
> - // if PcdTPm2HashMask is zero, use ActivePcr setting
> + // if PcdTpm2HashMask is zero, use ActivePcr setting
> //
> PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
> Tpm2PcrMask = TpmActivePcrBanks;
> @@ -297,9 +296,9 @@ SyncPcrAllocationsAndPcrMask (
> if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
> NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
>
> - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
> + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
> if (NewTpmActivePcrBanks == 0) {
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> ASSERT (FALSE);
> } else {
> Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap,
> NewTpmActivePcrBanks);
> @@ -307,7 +306,7 @@ SyncPcrAllocationsAndPcrMask (
> //
> // We can't do much here, but we hope that this doesn't happen.
> //
> - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
> + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
> ASSERT_EFI_ERROR (Status);
> }
> //
> @@ -324,9 +323,9 @@ SyncPcrAllocationsAndPcrMask (
> if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
> NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
>
> - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
> + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
> if (NewTpm2PcrMask == 0) {
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> ASSERT (FALSE);
> }
>
> @@ -365,7 +364,7 @@ LogHashEvent (
> RetStatus = EFI_SUCCESS;
> for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]);
> Index++) {
> if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
> - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
> + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
> switch (mTcg2EventInfo[Index].LogFormat) {
> case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
> Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList,
> &NewEventHdr->Digest);
> @@ -476,7 +475,7 @@ HashLogExtendEvent (
> }
>
> if (Status == EFI_DEVICE_ERROR) {
> - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
> + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n",
> Status));
> BuildGuidHob (&gTpmErrorHobGuid,0);
> REPORT_STATUS_CODE (
> EFI_ERROR_CODE | EFI_ERROR_MINOR,
> @@ -1011,7 +1010,7 @@ PeimEntryMA (
> }
>
> if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
> - DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
> + DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));
> return EFI_DEVICE_ERROR;
> }
>
> @@ -1075,7 +1074,7 @@ PeimEntryMA (
> for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
> Status = MeasureSeparatorEventWithError (PcrIndex);
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
> + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
> }
> }
> }
> @@ -1092,6 +1091,13 @@ PeimEntryMA (
> }
> }
>
> + DEBUG_CODE_BEGIN ();
> + //
> + // Peek into TPM PCR 00 before any BIOS measurement.
> + //
> + Tpm2PcrReadForActiveBank (00, NULL);
> + DEBUG_CODE_END ();
> +
> //
> // Only install TpmInitializedPpi on success
> //
> @@ -1106,7 +1112,7 @@ PeimEntryMA (
>
> Done:
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
> + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
> BuildGuidHob (&gTpmErrorHobGuid,0);
> REPORT_STATUS_CODE (
> EFI_ERROR_CODE | EFI_ERROR_MINOR,
> --
> 2.31.1.windows.1
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
2021-08-09 1:24 ` Yao, Jiewen
@ 2021-08-10 6:40 ` Rodrigo Gonzalez del Cueto
2021-08-11 5:39 ` Yao, Jiewen
0 siblings, 1 reply; 9+ messages in thread
From: Rodrigo Gonzalez del Cueto @ 2021-08-10 6:40 UTC (permalink / raw)
To: Yao, Jiewen, devel@edk2.groups.io; +Cc: Wang, Jian J
[-- Attachment #1: Type: text/plain, Size: 26252 bytes --]
Hi Jiewen,
The intention of such API would be to ease debugging and auditing PCR attestation along the boot; it has been a common task while debugging several issues and TPM configurations.
a) Configurations in which BIOS is not the S-CRTM and we need to attest what has been measured to the TPM prior to any measurements performed by BIOS.
b) Verifying the values in all the active and supported PCR banks: attestation or capping of the PCRs. (See BZ: 3515<https://bugzilla.tianocore.org/show_bug.cgi?id=3515>)
Such API together with the TCG event log print out it allows us to audit and debug the measured boot sequence.
Regards,
-Rodrigo
________________________________
From: Yao, Jiewen <jiewen.yao@intel.com>
Sent: Sunday, August 8, 2021 6:24 PM
To: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>; devel@edk2.groups.io <devel@edk2.groups.io>
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: RE: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
Some feedback:
1) I think it is OK to add Tpm2PcrReadForActiveBank() API.
But I feel we will add too many noise to dump Tpm2PcrReadForActiveBank() in the code everytime.
I am not sure why it is needed.
What is the problem statement?
2) Below definition does not follow EDKII coding style. Please use 2 "space" as indent.
EFI_STATUS
EFIAPI
Tpm2PcrReadForActiveBank (
IN TPMI_DH_PCR PcrHandle,
OUT TPML_DIGEST *HashList
)
> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>
> Sent: Friday, July 30, 2021 6:43 AM
> To: devel@edk2.groups.io
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
> Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
>
> Add debug functionality to examine TPM extend operations
> performed by BIOS and inspect the PCR 00 value prior to
> any BIOS measurements.
>
> Replaced usage of EFI_D_* for DEBUG_* definitions in debug
> messages.
>
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cueto@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> ---
> SecurityPkg/Include/Library/Tpm2CommandLib.h | 28
> ++++++++++++++++++++++------
> SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 226
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++-----------------------
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 34 ++++++++++++++++++++------
> --------
> 3 files changed, 245 insertions(+), 43 deletions(-)
>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index ee8eb62295..5e5c340893 100644
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -1,7 +1,7 @@
> /** @file
> This library is used by other modules to send TPM2 command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -505,7 +505,7 @@ EFIAPI
> Tpm2PcrEvent (
> IN TPMI_DH_PCR PcrHandle,
> IN TPM2B_EVENT *EventData,
> - OUT TPML_DIGEST_VALUES *Digests
> + OUT TPML_DIGEST_VALUES *Digests
> );
>
> /**
> @@ -522,10 +522,10 @@ Tpm2PcrEvent (
> EFI_STATUS
> EFIAPI
> Tpm2PcrRead (
> - IN TPML_PCR_SELECTION *PcrSelectionIn,
> - OUT UINT32 *PcrUpdateCounter,
> - OUT TPML_PCR_SELECTION *PcrSelectionOut,
> - OUT TPML_DIGEST *PcrValues
> + IN TPML_PCR_SELECTION *PcrSelectionIn,
> + OUT UINT32 *PcrUpdateCounter,
> + OUT TPML_PCR_SELECTION *PcrSelectionOut,
> + OUT TPML_DIGEST *PcrValues
> );
>
> /**
> @@ -1113,4 +1113,20 @@ GetDigestFromDigestList(
> OUT VOID *Digest
> );
>
> + /**
> + This function will query the TPM to determine which hashing algorithms and
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
> +
> + @param[in] PcrHandle The index of the PCR register to be read.
> + @param[out] HashList List of digests from PCR register being read.
> +
> + @retval EFI_SUCCESS The Pcr was read successfully.
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> + IN TPMI_DH_PCR PcrHandle,
> + OUT TPML_DIGEST *HashList
> + );
> #endif
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> index ddb15178fb..3b49192b93 100644
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> @@ -1,7 +1,7 @@
> /** @file
> Implement TPM2 Integrity related command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -109,7 +109,6 @@ Tpm2PcrExtend (
> Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend);
> Cmd.PcrHandle = SwapBytes32(PcrHandle);
>
> -
> //
> // Add in Auth session
> //
> @@ -130,14 +129,26 @@ Tpm2PcrExtend (
> Buffer += sizeof(UINT16);
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
> if (DigestSize == 0) {
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> return EFI_DEVICE_ERROR;
> }
> +
> CopyMem(
> Buffer,
> &Digests->digests[Index].digest,
> DigestSize
> );
> +
> + DEBUG_CODE_BEGIN ();
> + UINTN Index2;
> + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d],
> digest = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));
> +
> + for (Index2 = 0; Index2 < DigestSize; Index2++) {
> + DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2]));
> + }
> + DEBUG ((DEBUG_VERBOSE, "\n"));
> + DEBUG_CODE_END ();
> +
> Buffer += DigestSize;
> }
>
> @@ -151,7 +162,7 @@ Tpm2PcrExtend (
> }
>
> if (ResultBufSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -160,7 +171,7 @@ Tpm2PcrExtend (
> //
> RespSize = SwapBytes32(Res.Header.paramSize);
> if (RespSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -168,10 +179,15 @@ Tpm2PcrExtend (
> // Fail if command failed
> //
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
> return EFI_DEVICE_ERROR;
> }
>
> + DEBUG_CODE_BEGIN ();
> + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n"));
> + Tpm2PcrReadForActiveBank (PcrHandle, NULL);
> + DEBUG_CODE_END ();
> +
> //
> // Unmarshal the response
> //
> @@ -246,7 +262,7 @@ Tpm2PcrEvent (
> }
>
> if (ResultBufSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -255,7 +271,7 @@ Tpm2PcrEvent (
> //
> RespSize = SwapBytes32(Res.Header.paramSize);
> if (RespSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -263,7 +279,7 @@ Tpm2PcrEvent (
> // Fail if command failed
> //
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
> return EFI_DEVICE_ERROR;
> }
>
> @@ -284,7 +300,7 @@ Tpm2PcrEvent (
> Buffer += sizeof(UINT16);
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
> if (DigestSize == 0) {
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> return EFI_DEVICE_ERROR;
> }
> CopyMem(
> @@ -298,6 +314,7 @@ Tpm2PcrEvent (
> return EFI_SUCCESS;
> }
>
> +
> /**
> This command returns the values of all PCR specified in pcrSelect.
>
> @@ -353,11 +370,11 @@ Tpm2PcrRead (
> }
>
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
> return EFI_NOT_FOUND;
> }
>
> @@ -369,7 +386,7 @@ Tpm2PcrRead (
> // PcrUpdateCounter
> //
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
> @@ -378,7 +395,7 @@ Tpm2PcrRead (
> // PcrSelectionOut
> //
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
> @@ -388,7 +405,7 @@ Tpm2PcrRead (
> }
>
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> for (Index = 0; Index < PcrSelectionOut->count; Index++) {
> @@ -513,7 +530,7 @@ Tpm2PcrAllocate (
> }
>
> if (ResultBufSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand:
> Buffer Too Small\r\n"));
> Status = EFI_BUFFER_TOO_SMALL;
> goto Done;
> }
> @@ -523,7 +540,7 @@ Tpm2PcrAllocate (
> //
> RespSize = SwapBytes32(Res.Header.paramSize);
> if (RespSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n",
> RespSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too
> large! %d\r\n", RespSize));
> Status = EFI_BUFFER_TOO_SMALL;
> goto Done;
> }
> @@ -532,7 +549,7 @@ Tpm2PcrAllocate (
> // Fail if command failed
> //
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
> Status = EFI_DEVICE_ERROR;
> goto Done;
> }
> @@ -673,17 +690,180 @@ Tpm2PcrAllocateBanks (
> &SizeNeeded,
> &SizeAvailable
> );
> - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
> + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
> if (EFI_ERROR (Status)) {
> goto Done;
> }
>
> - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
> - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
> - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
> - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
> + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
> + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR));
> + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded));
> + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
>
> Done:
> ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
> return Status;
> }
> +
> +/**
> + This function will query the TPM to determine which hashing algorithms and
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
> +
> + @param[in] PcrHandle The index of the PCR register to be read.
> + @param[out] HashList List of digests from PCR register being read.
> +
> + @retval EFI_SUCCESS The Pcr was read successfully.
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> + IN TPMI_DH_PCR PcrHandle,
> + OUT TPML_DIGEST *HashList
> +)
> +{
> + EFI_STATUS Status;
> + TPML_PCR_SELECTION Pcrs;
> + TPML_PCR_SELECTION PcrSelectionIn;
> + TPML_PCR_SELECTION PcrSelectionOut;
> + TPML_DIGEST PcrValues;
> + UINT32 PcrUpdateCounter;
> + UINT8 PcrIndex;
> + UINT32 TpmHashAlgorithmBitmap;
> + TPMI_ALG_HASH CurrentPcrBankHash;
> + UINT32 ActivePcrBanks;
> + UINT32 TcgRegistryHashAlg;
> + UINTN Index;
> + UINTN Index2;
> +
> + PcrIndex = (UINT8) PcrHandle;
> +
> + if ((PcrIndex < 0) ||
> + (PcrIndex >= IMPLEMENTATION_PCR)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
> + ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
> + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
> + ZeroMem (&PcrValues, sizeof (PcrValues));
> + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
> +
> + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
> +
> + //
> + // Read TPM capabilities
> + //
> + Status = Tpm2GetCapabilityPcrs (&Pcrs);
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + //
> + // Get Active Pcrs
> + //
> + Status = Tpm2GetCapabilitySupportedAndActivePcrs (
> + &TpmHashAlgorithmBitmap,
> + &ActivePcrBanks
> + );
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and
> active PCRs\n"));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + //
> + // Select from Active PCRs
> + //
> + for (Index = 0; Index < Pcrs.count; Index++) {
> + CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
> +
> + switch (CurrentPcrBankHash) {
> + case TPM_ALG_SHA1:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA1;
> + break;
> + case TPM_ALG_SHA256:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA256;
> + break;
> + case TPM_ALG_SHA384:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA384;
> + break;
> + case TPM_ALG_SHA512:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA512;
> + break;
> + case TPM_ALG_SM3_256:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SM3_256;
> + break;
> + default:
> + //
> + // Unsupported algorithm
> + //
> + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
> + TcgRegistryHashAlg = 0;
> + break;
> + }
> + //
> + // Skip unsupported and inactive PCR banks
> + //
> + if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
> + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank:
> 0x%04x\n", CurrentPcrBankHash));
> + continue;
> + }
> +
> + //
> + // Select PCR from current active bank
> + //
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =
> Pcrs.pcrSelections[Index].hash;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =
> PCR_SELECT_MAX;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex <
> 8) ? 1 << PcrIndex : 0;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex >
> 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex >
> 15) ? 1 << (PcrIndex - 16) : 0;
> + PcrSelectionIn.count++;
> + }
> +
> + //
> + // Read PCRs
> + //
> + Status = Tpm2PcrRead (
> + &PcrSelectionIn,
> + &PcrUpdateCounter,
> + &PcrSelectionOut,
> + &PcrValues
> + );
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + for (Index = 0; Index < PcrValues.count; Index++) {
> + DEBUG ((
> + DEBUG_INFO,
> + "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
> + PcrSelectionOut.pcrSelections[Index].hash,
> + PcrIndex
> + ));
> +
> + for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
> + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
> + }
> + DEBUG ((DEBUG_INFO, "\n"));
> + }
> +
> + if (HashList != NULL) {
> + CopyMem (
> + HashList,
> + &PcrValues,
> + sizeof (TPML_DIGEST)
> + );
> + }
> +
> + return EFI_SUCCESS;
> +}
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> index 93a8803ff6..ea79fa0af6 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> @@ -1,7 +1,7 @@
> /** @file
> Initialize TPM2 device and measure FVs before handing off control to DXE.
>
> -Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
> Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
> }
> };
>
> -
> /**
> Record all measured Firmware Volume Information into a Guid Hob
> Guid Hob payload layout is
> @@ -267,7 +266,7 @@ SyncPcrAllocationsAndPcrMask (
> UINT32 Tpm2PcrMask;
> UINT32 NewTpm2PcrMask;
>
> - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
> + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
>
> //
> // Determine the current TPM support and the Platform PCR mask.
> @@ -278,7 +277,7 @@ SyncPcrAllocationsAndPcrMask (
> Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
> if (Tpm2PcrMask == 0) {
> //
> - // if PcdTPm2HashMask is zero, use ActivePcr setting
> + // if PcdTpm2HashMask is zero, use ActivePcr setting
> //
> PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
> Tpm2PcrMask = TpmActivePcrBanks;
> @@ -297,9 +296,9 @@ SyncPcrAllocationsAndPcrMask (
> if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
> NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
>
> - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
> + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
> if (NewTpmActivePcrBanks == 0) {
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> ASSERT (FALSE);
> } else {
> Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap,
> NewTpmActivePcrBanks);
> @@ -307,7 +306,7 @@ SyncPcrAllocationsAndPcrMask (
> //
> // We can't do much here, but we hope that this doesn't happen.
> //
> - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
> + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
> ASSERT_EFI_ERROR (Status);
> }
> //
> @@ -324,9 +323,9 @@ SyncPcrAllocationsAndPcrMask (
> if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
> NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
>
> - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
> + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
> if (NewTpm2PcrMask == 0) {
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> ASSERT (FALSE);
> }
>
> @@ -365,7 +364,7 @@ LogHashEvent (
> RetStatus = EFI_SUCCESS;
> for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]);
> Index++) {
> if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
> - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
> + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
> switch (mTcg2EventInfo[Index].LogFormat) {
> case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
> Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList,
> &NewEventHdr->Digest);
> @@ -476,7 +475,7 @@ HashLogExtendEvent (
> }
>
> if (Status == EFI_DEVICE_ERROR) {
> - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
> + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n",
> Status));
> BuildGuidHob (&gTpmErrorHobGuid,0);
> REPORT_STATUS_CODE (
> EFI_ERROR_CODE | EFI_ERROR_MINOR,
> @@ -1011,7 +1010,7 @@ PeimEntryMA (
> }
>
> if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
> - DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
> + DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));
> return EFI_DEVICE_ERROR;
> }
>
> @@ -1075,7 +1074,7 @@ PeimEntryMA (
> for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
> Status = MeasureSeparatorEventWithError (PcrIndex);
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
> + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
> }
> }
> }
> @@ -1092,6 +1091,13 @@ PeimEntryMA (
> }
> }
>
> + DEBUG_CODE_BEGIN ();
> + //
> + // Peek into TPM PCR 00 before any BIOS measurement.
> + //
> + Tpm2PcrReadForActiveBank (00, NULL);
> + DEBUG_CODE_END ();
> +
> //
> // Only install TpmInitializedPpi on success
> //
> @@ -1106,7 +1112,7 @@ PeimEntryMA (
>
> Done:
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
> + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
> BuildGuidHob (&gTpmErrorHobGuid,0);
> REPORT_STATUS_CODE (
> EFI_ERROR_CODE | EFI_ERROR_MINOR,
> --
> 2.31.1.windows.1
[-- Attachment #2: Type: text/html, Size: 46863 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
2021-08-10 6:40 ` Rodrigo Gonzalez del Cueto
@ 2021-08-11 5:39 ` Yao, Jiewen
0 siblings, 0 replies; 9+ messages in thread
From: Yao, Jiewen @ 2021-08-11 5:39 UTC (permalink / raw)
To: Gonzalez Del Cueto, Rodrigo, devel@edk2.groups.io; +Cc: Wang, Jian J
[-- Attachment #1: Type: text/plain, Size: 27341 bytes --]
I am OK to add API to the library.
I am OK to add one function call to dump PCR[0] in TcgPei to show if there is any measurement before BIOS. That is good use case for BootGuard.
But I don't think we need dump the PCR every time in PCR_Extend - assuming TPM hardware is good, then it should always be correct.
Thank you
Yao Jiewen
From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>
Sent: Tuesday, August 10, 2021 2:41 PM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
Cc: Wang, Jian J <jian.j.wang@intel.com>
Subject: Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
Hi Jiewen,
The intention of such API would be to ease debugging and auditing PCR attestation along the boot; it has been a common task while debugging several issues and TPM configurations.
a) Configurations in which BIOS is not the S-CRTM and we need to attest what has been measured to the TPM prior to any measurements performed by BIOS.
b) Verifying the values in all the active and supported PCR banks: attestation or capping of the PCRs. (See BZ: 3515<https://bugzilla.tianocore.org/show_bug.cgi?id=3515>)
Such API together with the TCG event log print out it allows us to audit and debug the measured boot sequence.
Regards,
-Rodrigo
________________________________
From: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Sent: Sunday, August 8, 2021 6:24 PM
To: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com<mailto:rodrigo.gonzalez.del.cueto@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Subject: RE: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
Some feedback:
1) I think it is OK to add Tpm2PcrReadForActiveBank() API.
But I feel we will add too many noise to dump Tpm2PcrReadForActiveBank() in the code everytime.
I am not sure why it is needed.
What is the problem statement?
2) Below definition does not follow EDKII coding style. Please use 2 "space" as indent.
EFI_STATUS
EFIAPI
Tpm2PcrReadForActiveBank (
IN TPMI_DH_PCR PcrHandle,
OUT TPML_DIGEST *HashList
)
> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com<mailto:rodrigo.gonzalez.del.cueto@intel.com>>
> Sent: Friday, July 30, 2021 6:43 AM
> To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com<mailto:rodrigo.gonzalez.del.cueto@intel.com>>; Yao,
> Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations.
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
>
> Add debug functionality to examine TPM extend operations
> performed by BIOS and inspect the PCR 00 value prior to
> any BIOS measurements.
>
> Replaced usage of EFI_D_* for DEBUG_* definitions in debug
> messages.
>
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cueto@intel.com<mailto:rodrigo.gonzalez.del.cueto@intel.com>>
> Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
> Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
> ---
> SecurityPkg/Include/Library/Tpm2CommandLib.h | 28
> ++++++++++++++++++++++------
> SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 226
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++-----------------------
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 34 ++++++++++++++++++++------
> --------
> 3 files changed, 245 insertions(+), 43 deletions(-)
>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index ee8eb62295..5e5c340893 100644
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -1,7 +1,7 @@
> /** @file
> This library is used by other modules to send TPM2 command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -505,7 +505,7 @@ EFIAPI
> Tpm2PcrEvent (
> IN TPMI_DH_PCR PcrHandle,
> IN TPM2B_EVENT *EventData,
> - OUT TPML_DIGEST_VALUES *Digests
> + OUT TPML_DIGEST_VALUES *Digests
> );
>
> /**
> @@ -522,10 +522,10 @@ Tpm2PcrEvent (
> EFI_STATUS
> EFIAPI
> Tpm2PcrRead (
> - IN TPML_PCR_SELECTION *PcrSelectionIn,
> - OUT UINT32 *PcrUpdateCounter,
> - OUT TPML_PCR_SELECTION *PcrSelectionOut,
> - OUT TPML_DIGEST *PcrValues
> + IN TPML_PCR_SELECTION *PcrSelectionIn,
> + OUT UINT32 *PcrUpdateCounter,
> + OUT TPML_PCR_SELECTION *PcrSelectionOut,
> + OUT TPML_DIGEST *PcrValues
> );
>
> /**
> @@ -1113,4 +1113,20 @@ GetDigestFromDigestList(
> OUT VOID *Digest
> );
>
> + /**
> + This function will query the TPM to determine which hashing algorithms and
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
> +
> + @param[in] PcrHandle The index of the PCR register to be read.
> + @param[out] HashList List of digests from PCR register being read.
> +
> + @retval EFI_SUCCESS The Pcr was read successfully.
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> + IN TPMI_DH_PCR PcrHandle,
> + OUT TPML_DIGEST *HashList
> + );
> #endif
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> index ddb15178fb..3b49192b93 100644
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> @@ -1,7 +1,7 @@
> /** @file
> Implement TPM2 Integrity related command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -109,7 +109,6 @@ Tpm2PcrExtend (
> Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend);
> Cmd.PcrHandle = SwapBytes32(PcrHandle);
>
> -
> //
> // Add in Auth session
> //
> @@ -130,14 +129,26 @@ Tpm2PcrExtend (
> Buffer += sizeof(UINT16);
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
> if (DigestSize == 0) {
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> return EFI_DEVICE_ERROR;
> }
> +
> CopyMem(
> Buffer,
> &Digests->digests[Index].digest,
> DigestSize
> );
> +
> + DEBUG_CODE_BEGIN ();
> + UINTN Index2;
> + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d],
> digest = ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));
> +
> + for (Index2 = 0; Index2 < DigestSize; Index2++) {
> + DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2]));
> + }
> + DEBUG ((DEBUG_VERBOSE, "\n"));
> + DEBUG_CODE_END ();
> +
> Buffer += DigestSize;
> }
>
> @@ -151,7 +162,7 @@ Tpm2PcrExtend (
> }
>
> if (ResultBufSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -160,7 +171,7 @@ Tpm2PcrExtend (
> //
> RespSize = SwapBytes32(Res.Header.paramSize);
> if (RespSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",
> RespSize));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -168,10 +179,15 @@ Tpm2PcrExtend (
> // Fail if command failed
> //
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
> return EFI_DEVICE_ERROR;
> }
>
> + DEBUG_CODE_BEGIN ();
> + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n"));
> + Tpm2PcrReadForActiveBank (PcrHandle, NULL);
> + DEBUG_CODE_END ();
> +
> //
> // Unmarshal the response
> //
> @@ -246,7 +262,7 @@ Tpm2PcrEvent (
> }
>
> if (ResultBufSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -255,7 +271,7 @@ Tpm2PcrEvent (
> //
> RespSize = SwapBytes32(Res.Header.paramSize);
> if (RespSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n",
> RespSize));
> return EFI_BUFFER_TOO_SMALL;
> }
>
> @@ -263,7 +279,7 @@ Tpm2PcrEvent (
> // Fail if command failed
> //
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
> return EFI_DEVICE_ERROR;
> }
>
> @@ -284,7 +300,7 @@ Tpm2PcrEvent (
> Buffer += sizeof(UINT16);
> DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);
> if (DigestSize == 0) {
> - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests-
> >digests[Index].hashAlg));
> return EFI_DEVICE_ERROR;
> }
> CopyMem(
> @@ -298,6 +314,7 @@ Tpm2PcrEvent (
> return EFI_SUCCESS;
> }
>
> +
> /**
> This command returns the values of all PCR specified in pcrSelect.
>
> @@ -353,11 +370,11 @@ Tpm2PcrRead (
> }
>
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n",
> SwapBytes32(RecvBuffer.Header.responseCode)));
> return EFI_NOT_FOUND;
> }
>
> @@ -369,7 +386,7 @@ Tpm2PcrRead (
> // PcrUpdateCounter
> //
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter);
> @@ -378,7 +395,7 @@ Tpm2PcrRead (
> // PcrSelectionOut
> //
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count);
> @@ -388,7 +405,7 @@ Tpm2PcrRead (
> }
>
> if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) +
> sizeof(RecvBuffer.PcrUpdateCounter) +
> sizeof(RecvBuffer.PcrSelectionOut.count) +
> sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n",
> RecvBufferSize));
> return EFI_DEVICE_ERROR;
> }
> for (Index = 0; Index < PcrSelectionOut->count; Index++) {
> @@ -513,7 +530,7 @@ Tpm2PcrAllocate (
> }
>
> if (ResultBufSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer
> Too Small\r\n"));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand:
> Buffer Too Small\r\n"));
> Status = EFI_BUFFER_TOO_SMALL;
> goto Done;
> }
> @@ -523,7 +540,7 @@ Tpm2PcrAllocate (
> //
> RespSize = SwapBytes32(Res.Header.paramSize);
> if (RespSize > sizeof(Res)) {
> - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n",
> RespSize));
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too
> large! %d\r\n", RespSize));
> Status = EFI_BUFFER_TOO_SMALL;
> goto Done;
> }
> @@ -532,7 +549,7 @@ Tpm2PcrAllocate (
> // Fail if command failed
> //
> if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) {
> - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n",
> SwapBytes32(Res.Header.responseCode)));
> + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error!
> 0x%08x\r\n", SwapBytes32(Res.Header.responseCode)));
> Status = EFI_DEVICE_ERROR;
> goto Done;
> }
> @@ -673,17 +690,180 @@ Tpm2PcrAllocateBanks (
> &SizeNeeded,
> &SizeAvailable
> );
> - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
> + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n",
> Status));
> if (EFI_ERROR (Status)) {
> goto Done;
> }
>
> - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
> - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
> - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
> - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
> + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
> + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR));
> + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded));
> + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));
>
> Done:
> ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
> return Status;
> }
> +
> +/**
> + This function will query the TPM to determine which hashing algorithms and
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
> +
> + @param[in] PcrHandle The index of the PCR register to be read.
> + @param[out] HashList List of digests from PCR register being read.
> +
> + @retval EFI_SUCCESS The Pcr was read successfully.
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> + IN TPMI_DH_PCR PcrHandle,
> + OUT TPML_DIGEST *HashList
> +)
> +{
> + EFI_STATUS Status;
> + TPML_PCR_SELECTION Pcrs;
> + TPML_PCR_SELECTION PcrSelectionIn;
> + TPML_PCR_SELECTION PcrSelectionOut;
> + TPML_DIGEST PcrValues;
> + UINT32 PcrUpdateCounter;
> + UINT8 PcrIndex;
> + UINT32 TpmHashAlgorithmBitmap;
> + TPMI_ALG_HASH CurrentPcrBankHash;
> + UINT32 ActivePcrBanks;
> + UINT32 TcgRegistryHashAlg;
> + UINTN Index;
> + UINTN Index2;
> +
> + PcrIndex = (UINT8) PcrHandle;
> +
> + if ((PcrIndex < 0) ||
> + (PcrIndex >= IMPLEMENTATION_PCR)) {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
> + ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
> + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
> + ZeroMem (&PcrValues, sizeof (PcrValues));
> + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
> +
> + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
> +
> + //
> + // Read TPM capabilities
> + //
> + Status = Tpm2GetCapabilityPcrs (&Pcrs);
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + //
> + // Get Active Pcrs
> + //
> + Status = Tpm2GetCapabilitySupportedAndActivePcrs (
> + &TpmHashAlgorithmBitmap,
> + &ActivePcrBanks
> + );
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and
> active PCRs\n"));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + //
> + // Select from Active PCRs
> + //
> + for (Index = 0; Index < Pcrs.count; Index++) {
> + CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
> +
> + switch (CurrentPcrBankHash) {
> + case TPM_ALG_SHA1:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA1;
> + break;
> + case TPM_ALG_SHA256:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA256;
> + break;
> + case TPM_ALG_SHA384:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA384;
> + break;
> + case TPM_ALG_SHA512:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA512;
> + break;
> + case TPM_ALG_SM3_256:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SM3_256;
> + break;
> + default:
> + //
> + // Unsupported algorithm
> + //
> + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
> + TcgRegistryHashAlg = 0;
> + break;
> + }
> + //
> + // Skip unsupported and inactive PCR banks
> + //
> + if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
> + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank:
> 0x%04x\n", CurrentPcrBankHash));
> + continue;
> + }
> +
> + //
> + // Select PCR from current active bank
> + //
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =
> Pcrs.pcrSelections[Index].hash;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =
> PCR_SELECT_MAX;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex <
> 8) ? 1 << PcrIndex : 0;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex >
> 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex >
> 15) ? 1 << (PcrIndex - 16) : 0;
> + PcrSelectionIn.count++;
> + }
> +
> + //
> + // Read PCRs
> + //
> + Status = Tpm2PcrRead (
> + &PcrSelectionIn,
> + &PcrUpdateCounter,
> + &PcrSelectionOut,
> + &PcrValues
> + );
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + for (Index = 0; Index < PcrValues.count; Index++) {
> + DEBUG ((
> + DEBUG_INFO,
> + "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
> + PcrSelectionOut.pcrSelections[Index].hash,
> + PcrIndex
> + ));
> +
> + for(Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
> + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
> + }
> + DEBUG ((DEBUG_INFO, "\n"));
> + }
> +
> + if (HashList != NULL) {
> + CopyMem (
> + HashList,
> + &PcrValues,
> + sizeof (TPML_DIGEST)
> + );
> + }
> +
> + return EFI_SUCCESS;
> +}
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> index 93a8803ff6..ea79fa0af6 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> @@ -1,7 +1,7 @@
> /** @file
> Initialize TPM2 device and measure FVs before handing off control to DXE.
>
> -Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
> Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -191,7 +191,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
> }
> };
>
> -
> /**
> Record all measured Firmware Volume Information into a Guid Hob
> Guid Hob payload layout is
> @@ -267,7 +266,7 @@ SyncPcrAllocationsAndPcrMask (
> UINT32 Tpm2PcrMask;
> UINT32 NewTpm2PcrMask;
>
> - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
> + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));
>
> //
> // Determine the current TPM support and the Platform PCR mask.
> @@ -278,7 +277,7 @@ SyncPcrAllocationsAndPcrMask (
> Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
> if (Tpm2PcrMask == 0) {
> //
> - // if PcdTPm2HashMask is zero, use ActivePcr setting
> + // if PcdTpm2HashMask is zero, use ActivePcr setting
> //
> PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
> Tpm2PcrMask = TpmActivePcrBanks;
> @@ -297,9 +296,9 @@ SyncPcrAllocationsAndPcrMask (
> if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) {
> NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask;
>
> - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
> + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n",
> __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));
> if (NewTpmActivePcrBanks == 0) {
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> ASSERT (FALSE);
> } else {
> Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap,
> NewTpmActivePcrBanks);
> @@ -307,7 +306,7 @@ SyncPcrAllocationsAndPcrMask (
> //
> // We can't do much here, but we hope that this doesn't happen.
> //
> - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
> + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n",
> __FUNCTION__));
> ASSERT_EFI_ERROR (Status);
> }
> //
> @@ -324,9 +323,9 @@ SyncPcrAllocationsAndPcrMask (
> if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) {
> NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap;
>
> - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
> + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to
> 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));
> if (NewTpm2PcrMask == 0) {
> - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a less
> restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));
> ASSERT (FALSE);
> }
>
> @@ -365,7 +364,7 @@ LogHashEvent (
> RetStatus = EFI_SUCCESS;
> for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]);
> Index++) {
> if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) {
> - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
> + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n",
> mTcg2EventInfo[Index].LogFormat));
> switch (mTcg2EventInfo[Index].LogFormat) {
> case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
> Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList,
> &NewEventHdr->Digest);
> @@ -476,7 +475,7 @@ HashLogExtendEvent (
> }
>
> if (Status == EFI_DEVICE_ERROR) {
> - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status));
> + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n",
> Status));
> BuildGuidHob (&gTpmErrorHobGuid,0);
> REPORT_STATUS_CODE (
> EFI_ERROR_CODE | EFI_ERROR_MINOR,
> @@ -1011,7 +1010,7 @@ PeimEntryMA (
> }
>
> if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) {
> - DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));
> + DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));
> return EFI_DEVICE_ERROR;
> }
>
> @@ -1075,7 +1074,7 @@ PeimEntryMA (
> for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) {
> Status = MeasureSeparatorEventWithError (PcrIndex);
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
> + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured.
> Error!\n"));
> }
> }
> }
> @@ -1092,6 +1091,13 @@ PeimEntryMA (
> }
> }
>
> + DEBUG_CODE_BEGIN ();
> + //
> + // Peek into TPM PCR 00 before any BIOS measurement.
> + //
> + Tpm2PcrReadForActiveBank (00, NULL);
> + DEBUG_CODE_END ();
> +
> //
> // Only install TpmInitializedPpi on success
> //
> @@ -1106,7 +1112,7 @@ PeimEntryMA (
>
> Done:
> if (EFI_ERROR (Status)) {
> - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));
> + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));
> BuildGuidHob (&gTpmErrorHobGuid,0);
> REPORT_STATUS_CODE (
> EFI_ERROR_CODE | EFI_ERROR_MINOR,
> --
> 2.31.1.windows.1
[-- Attachment #2: Type: text/html, Size: 49851 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations
@ 2021-12-17 2:47 Rodrigo Gonzalez del Cueto
2021-12-17 4:23 ` [edk2-devel] " Rodrigo Gonzalez del Cueto
2021-12-17 15:08 ` Yao, Jiewen
0 siblings, 2 replies; 9+ messages in thread
From: Rodrigo Gonzalez del Cueto @ 2021-12-17 2:47 UTC (permalink / raw)
To: devel; +Cc: Rodrigo Gonzalez del Cueto, Jiewen Yao, Jian J Wang
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
In V2: Fixed patch format and uncrustify cleanup
In V1: Add debug functionality to examine TPM extend operations
performed by BIOS and inspect the PCR 00 value prior to
any BIOS measurements.
Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 33 +++++++++++++++++++++++++--------
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 190 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 9 ++++++++-
3 files changed, 222 insertions(+), 10 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 2e83a2f474..a2fb97f18d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -1,7 +1,7 @@
/** @file
This library is used by other modules to send TPM2 command.
-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -503,9 +503,9 @@ Tpm2PcrExtend (
EFI_STATUS
EFIAPI
Tpm2PcrEvent (
- IN TPMI_DH_PCR PcrHandle,
- IN TPM2B_EVENT *EventData,
- OUT TPML_DIGEST_VALUES *Digests
+ IN TPMI_DH_PCR PcrHandle,
+ IN TPM2B_EVENT *EventData,
+ OUT TPML_DIGEST_VALUES *Digests
);
/**
@@ -522,10 +522,10 @@ Tpm2PcrEvent (
EFI_STATUS
EFIAPI
Tpm2PcrRead (
- IN TPML_PCR_SELECTION *PcrSelectionIn,
- OUT UINT32 *PcrUpdateCounter,
- OUT TPML_PCR_SELECTION *PcrSelectionOut,
- OUT TPML_DIGEST *PcrValues
+ IN TPML_PCR_SELECTION *PcrSelectionIn,
+ OUT UINT32 *PcrUpdateCounter,
+ OUT TPML_PCR_SELECTION *PcrSelectionOut,
+ OUT TPML_DIGEST *PcrValues
);
/**
@@ -1113,4 +1113,21 @@ GetDigestFromDigestList (
OUT VOID *Digest
);
+/**
+ This function will query the TPM to determine which hashing algorithms and
+ get the digests of all active and supported PCR banks of a specific PCR register.
+
+ @param[in] PcrHandle The index of the PCR register to be read.
+ @param[out] HashList List of digests from PCR register being read.
+
+ @retval EFI_SUCCESS The Pcr was read successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrReadForActiveBank (
+ IN TPMI_DH_PCR PcrHandle,
+ OUT TPML_DIGEST *HashList
+ );
+
#endif
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
index 8dde5f34a2..94e93b2642 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
@@ -1,7 +1,7 @@
/** @file
Implement TPM2 Integrity related command.
-Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -138,6 +138,23 @@ Tpm2PcrExtend (
&Digests->digests[Index].digest,
DigestSize
);
+
+ DEBUG_CODE_BEGIN ();
+ UINTN Index2;
+ DEBUG ((
+ DEBUG_VERBOSE,
+ "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d], digest = ",
+ Digests->digests[Index].hashAlg,
+ (UINT8)PcrHandle
+ ));
+
+ for (Index2 = 0; Index2 < DigestSize; Index2++) {
+ DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2]));
+ }
+
+ DEBUG ((DEBUG_VERBOSE, "\n"));
+ DEBUG_CODE_END ();
+
Buffer += DigestSize;
}
@@ -172,6 +189,11 @@ Tpm2PcrExtend (
return EFI_DEVICE_ERROR;
}
+ DEBUG_CODE_BEGIN ();
+ DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n"));
+ Tpm2PcrReadForActiveBank (PcrHandle, NULL);
+ DEBUG_CODE_END ();
+
//
// Unmarshal the response
//
@@ -705,3 +727,169 @@ Done:
ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
return Status;
}
+
+/**
+ This function will query the TPM to determine which hashing algorithms and
+ get the digests of all active and supported PCR banks of a specific PCR register.
+
+ @param[in] PcrHandle The index of the PCR register to be read.
+ @param[out] HashList List of digests from PCR register being read.
+
+ @retval EFI_SUCCESS The Pcr was read successfully.
+ @retval EFI_DEVICE_ERROR The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrReadForActiveBank (
+ IN TPMI_DH_PCR PcrHandle,
+ OUT TPML_DIGEST *HashList
+ )
+{
+ EFI_STATUS Status;
+ TPML_PCR_SELECTION Pcrs;
+ TPML_PCR_SELECTION PcrSelectionIn;
+ TPML_PCR_SELECTION PcrSelectionOut;
+ TPML_DIGEST PcrValues;
+ UINT32 PcrUpdateCounter;
+ UINT8 PcrIndex;
+ UINT32 TpmHashAlgorithmBitmap;
+ TPMI_ALG_HASH CurrentPcrBankHash;
+ UINT32 ActivePcrBanks;
+ UINT32 TcgRegistryHashAlg;
+ UINTN Index;
+ UINTN Index2;
+
+ PcrIndex = (UINT8)PcrHandle;
+
+ if ((PcrIndex < 0) ||
+ (PcrIndex >= IMPLEMENTATION_PCR))
+ {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
+ ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
+ ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
+ ZeroMem (&PcrValues, sizeof (PcrValues));
+ ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
+
+ DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
+
+ //
+ // Read TPM capabilities
+ //
+ Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Get Active Pcrs
+ //
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (
+ &TpmHashAlgorithmBitmap,
+ &ActivePcrBanks
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and active PCRs\n"));
+ return EFI_DEVICE_ERROR;
+ }
+
+ //
+ // Select from Active PCRs
+ //
+ for (Index = 0; Index < Pcrs.count; Index++) {
+ CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
+
+ switch (CurrentPcrBankHash) {
+ case TPM_ALG_SHA1:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA1;
+ break;
+ case TPM_ALG_SHA256:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA256;
+ break;
+ case TPM_ALG_SHA384:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA384;
+ break;
+ case TPM_ALG_SHA512:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SHA512;
+ break;
+ case TPM_ALG_SM3_256:
+ DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
+ TcgRegistryHashAlg = HASH_ALG_SM3_256;
+ break;
+ default:
+ //
+ // Unsupported algorithm
+ //
+ DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
+ TcgRegistryHashAlg = 0;
+ break;
+ }
+
+ //
+ // Skip unsupported and inactive PCR banks
+ //
+ if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
+ DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank: 0x%04x\n", CurrentPcrBankHash));
+ continue;
+ }
+
+ //
+ // Select PCR from current active bank
+ //
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash = Pcrs.pcrSelections[Index].hash;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect = PCR_SELECT_MAX;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex < 8) ? 1 << PcrIndex : 0;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex > 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
+ PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex > 15) ? 1 << (PcrIndex - 16) : 0;
+ PcrSelectionIn.count++;
+ }
+
+ //
+ // Read PCRs
+ //
+ Status = Tpm2PcrRead (
+ &PcrSelectionIn,
+ &PcrUpdateCounter,
+ &PcrSelectionOut,
+ &PcrValues
+ );
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
+ return EFI_DEVICE_ERROR;
+ }
+
+ for (Index = 0; Index < PcrValues.count; Index++) {
+ DEBUG ((
+ DEBUG_INFO,
+ "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
+ PcrSelectionOut.pcrSelections[Index].hash,
+ PcrIndex
+ ));
+
+ for (Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
+ DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
+ }
+
+ DEBUG ((DEBUG_INFO, "\n"));
+ }
+
+ if (HashList != NULL) {
+ CopyMem (
+ HashList,
+ &PcrValues,
+ sizeof (TPML_DIGEST)
+ );
+ }
+
+ return EFI_SUCCESS;
+}
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index a97a4e7f2d..622989aff3 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -1,7 +1,7 @@
/** @file
Initialize TPM2 device and measure FVs before handing off control to DXE.
-Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
@@ -1106,6 +1106,13 @@ PeimEntryMA (
}
}
+ DEBUG_CODE_BEGIN ();
+ //
+ // Peek into TPM PCR 00 before any BIOS measurement.
+ //
+ Tpm2PcrReadForActiveBank (00, NULL);
+ DEBUG_CODE_END ();
+
//
// Only install TpmInitializedPpi on success
//
--
2.26.2.windows.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [edk2-devel] [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations
2021-12-17 2:47 [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations Rodrigo Gonzalez del Cueto
@ 2021-12-17 4:23 ` Rodrigo Gonzalez del Cueto
2021-12-17 15:08 ` Yao, Jiewen
1 sibling, 0 replies; 9+ messages in thread
From: Rodrigo Gonzalez del Cueto @ 2021-12-17 4:23 UTC (permalink / raw)
To: Rodrigo Gonzalez del Cueto, devel
[-- Attachment #1: Type: text/plain, Size: 244 bytes --]
Ran CI on this version of the patch using a draft pull request: SecurityPkg: Debug code to audit BIOS TPM extend operations by rodrigog-intel · Pull Request #2321 · tianocore/edk2 (github.com) ( https://github.com/tianocore/edk2/pull/2321 )
[-- Attachment #2: Type: text/html, Size: 271 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations
2021-12-17 2:47 [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations Rodrigo Gonzalez del Cueto
2021-12-17 4:23 ` [edk2-devel] " Rodrigo Gonzalez del Cueto
@ 2021-12-17 15:08 ` Yao, Jiewen
1 sibling, 0 replies; 9+ messages in thread
From: Yao, Jiewen @ 2021-12-17 15:08 UTC (permalink / raw)
To: Gonzalez Del Cueto, Rodrigo, devel@edk2.groups.io; +Cc: Wang, Jian J
Pushed: 8ed8568922be9b5f7111fc1297317106aba7ab52
> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>
> Sent: Friday, December 17, 2021 10:47 AM
> To: devel@edk2.groups.io
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>; Yao,
> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>
> Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations
>
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858
>
> In V2: Fixed patch format and uncrustify cleanup
>
> In V1: Add debug functionality to examine TPM extend operations
> performed by BIOS and inspect the PCR 00 value prior to
> any BIOS measurements.
>
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cueto@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> ---
> SecurityPkg/Include/Library/Tpm2CommandLib.h | 33
> +++++++++++++++++++++++++--------
> SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 190
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 9 ++++++++-
> 3 files changed, 222 insertions(+), 10 deletions(-)
>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index 2e83a2f474..a2fb97f18d 100644
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -1,7 +1,7 @@
> /** @file
> This library is used by other modules to send TPM2 command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -503,9 +503,9 @@ Tpm2PcrExtend (
> EFI_STATUS
> EFIAPI
> Tpm2PcrEvent (
> - IN TPMI_DH_PCR PcrHandle,
> - IN TPM2B_EVENT *EventData,
> - OUT TPML_DIGEST_VALUES *Digests
> + IN TPMI_DH_PCR PcrHandle,
> + IN TPM2B_EVENT *EventData,
> + OUT TPML_DIGEST_VALUES *Digests
> );
>
> /**
> @@ -522,10 +522,10 @@ Tpm2PcrEvent (
> EFI_STATUS
> EFIAPI
> Tpm2PcrRead (
> - IN TPML_PCR_SELECTION *PcrSelectionIn,
> - OUT UINT32 *PcrUpdateCounter,
> - OUT TPML_PCR_SELECTION *PcrSelectionOut,
> - OUT TPML_DIGEST *PcrValues
> + IN TPML_PCR_SELECTION *PcrSelectionIn,
> + OUT UINT32 *PcrUpdateCounter,
> + OUT TPML_PCR_SELECTION *PcrSelectionOut,
> + OUT TPML_DIGEST *PcrValues
> );
>
> /**
> @@ -1113,4 +1113,21 @@ GetDigestFromDigestList (
> OUT VOID *Digest
> );
>
> +/**
> + This function will query the TPM to determine which hashing algorithms and
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
> +
> + @param[in] PcrHandle The index of the PCR register to be read.
> + @param[out] HashList List of digests from PCR register being read.
> +
> + @retval EFI_SUCCESS The Pcr was read successfully.
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> + IN TPMI_DH_PCR PcrHandle,
> + OUT TPML_DIGEST *HashList
> + );
> +
> #endif
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> index 8dde5f34a2..94e93b2642 100644
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
> @@ -1,7 +1,7 @@
> /** @file
> Implement TPM2 Integrity related command.
>
> -Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR>
> +Copyright (c) 2013 - 2021, Intel Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> **/
> @@ -138,6 +138,23 @@ Tpm2PcrExtend (
> &Digests->digests[Index].digest,
> DigestSize
> );
> +
> + DEBUG_CODE_BEGIN ();
> + UINTN Index2;
> + DEBUG ((
> + DEBUG_VERBOSE,
> + "Tpm2PcrExtend - Hash = 0x%04x, Pcr[%02d], digest = ",
> + Digests->digests[Index].hashAlg,
> + (UINT8)PcrHandle
> + ));
> +
> + for (Index2 = 0; Index2 < DigestSize; Index2++) {
> + DEBUG ((DEBUG_VERBOSE, "%02x ", Buffer[Index2]));
> + }
> +
> + DEBUG ((DEBUG_VERBOSE, "\n"));
> + DEBUG_CODE_END ();
> +
> Buffer += DigestSize;
> }
>
> @@ -172,6 +189,11 @@ Tpm2PcrExtend (
> return EFI_DEVICE_ERROR;
> }
>
> + DEBUG_CODE_BEGIN ();
> + DEBUG ((DEBUG_VERBOSE, "Tpm2PcrExtend: PCR read after extend...\n"));
> + Tpm2PcrReadForActiveBank (PcrHandle, NULL);
> + DEBUG_CODE_END ();
> +
> //
> // Unmarshal the response
> //
> @@ -705,3 +727,169 @@ Done:
> ZeroMem (&LocalAuthSession.hmac, sizeof (LocalAuthSession.hmac));
> return Status;
> }
> +
> +/**
> + This function will query the TPM to determine which hashing algorithms and
> + get the digests of all active and supported PCR banks of a specific PCR
> register.
> +
> + @param[in] PcrHandle The index of the PCR register to be read.
> + @param[out] HashList List of digests from PCR register being read.
> +
> + @retval EFI_SUCCESS The Pcr was read successfully.
> + @retval EFI_DEVICE_ERROR The command was unsuccessful.
> +**/
> +EFI_STATUS
> +EFIAPI
> +Tpm2PcrReadForActiveBank (
> + IN TPMI_DH_PCR PcrHandle,
> + OUT TPML_DIGEST *HashList
> + )
> +{
> + EFI_STATUS Status;
> + TPML_PCR_SELECTION Pcrs;
> + TPML_PCR_SELECTION PcrSelectionIn;
> + TPML_PCR_SELECTION PcrSelectionOut;
> + TPML_DIGEST PcrValues;
> + UINT32 PcrUpdateCounter;
> + UINT8 PcrIndex;
> + UINT32 TpmHashAlgorithmBitmap;
> + TPMI_ALG_HASH CurrentPcrBankHash;
> + UINT32 ActivePcrBanks;
> + UINT32 TcgRegistryHashAlg;
> + UINTN Index;
> + UINTN Index2;
> +
> + PcrIndex = (UINT8)PcrHandle;
> +
> + if ((PcrIndex < 0) ||
> + (PcrIndex >= IMPLEMENTATION_PCR))
> + {
> + return EFI_INVALID_PARAMETER;
> + }
> +
> + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));
> + ZeroMem (&PcrUpdateCounter, sizeof (UINT32));
> + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));
> + ZeroMem (&PcrValues, sizeof (PcrValues));
> + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
> +
> + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));
> +
> + //
> + // Read TPM capabilities
> + //
> + Status = Tpm2GetCapabilityPcrs (&Pcrs);
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + //
> + // Get Active Pcrs
> + //
> + Status = Tpm2GetCapabilitySupportedAndActivePcrs (
> + &TpmHashAlgorithmBitmap,
> + &ActivePcrBanks
> + );
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and
> active PCRs\n"));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + //
> + // Select from Active PCRs
> + //
> + for (Index = 0; Index < Pcrs.count; Index++) {
> + CurrentPcrBankHash = Pcrs.pcrSelections[Index].hash;
> +
> + switch (CurrentPcrBankHash) {
> + case TPM_ALG_SHA1:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA1;
> + break;
> + case TPM_ALG_SHA256:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA256;
> + break;
> + case TPM_ALG_SHA384:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA384;
> + break;
> + case TPM_ALG_SHA512:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SHA512;
> + break;
> + case TPM_ALG_SM3_256:
> + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));
> + TcgRegistryHashAlg = HASH_ALG_SM3_256;
> + break;
> + default:
> + //
> + // Unsupported algorithm
> + //
> + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));
> + TcgRegistryHashAlg = 0;
> + break;
> + }
> +
> + //
> + // Skip unsupported and inactive PCR banks
> + //
> + if ((TcgRegistryHashAlg & ActivePcrBanks) == 0) {
> + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank:
> 0x%04x\n", CurrentPcrBankHash));
> + continue;
> + }
> +
> + //
> + // Select PCR from current active bank
> + //
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =
> Pcrs.pcrSelections[Index].hash;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =
> PCR_SELECT_MAX;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] = (PcrIndex <
> 8) ? 1 << PcrIndex : 0;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] = (PcrIndex >
> 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;
> + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] = (PcrIndex >
> 15) ? 1 << (PcrIndex - 16) : 0;
> + PcrSelectionIn.count++;
> + }
> +
> + //
> + // Read PCRs
> + //
> + Status = Tpm2PcrRead (
> + &PcrSelectionIn,
> + &PcrUpdateCounter,
> + &PcrSelectionOut,
> + &PcrValues
> + );
> +
> + if (EFI_ERROR (Status)) {
> + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead failed Status = %r \n", Status));
> + return EFI_DEVICE_ERROR;
> + }
> +
> + for (Index = 0; Index < PcrValues.count; Index++) {
> + DEBUG ((
> + DEBUG_INFO,
> + "ReadPcr - HashAlg = 0x%04x, Pcr[%02d], digest = ",
> + PcrSelectionOut.pcrSelections[Index].hash,
> + PcrIndex
> + ));
> +
> + for (Index2 = 0; Index2 < PcrValues.digests[Index].size; Index2++) {
> + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]));
> + }
> +
> + DEBUG ((DEBUG_INFO, "\n"));
> + }
> +
> + if (HashList != NULL) {
> + CopyMem (
> + HashList,
> + &PcrValues,
> + sizeof (TPML_DIGEST)
> + );
> + }
> +
> + return EFI_SUCCESS;
> +}
> diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> index a97a4e7f2d..622989aff3 100644
> --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
> @@ -1,7 +1,7 @@
> /** @file
> Initialize TPM2 device and measure FVs before handing off control to DXE.
>
> -Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>
> Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR>
> SPDX-License-Identifier: BSD-2-Clause-Patent
>
> @@ -1106,6 +1106,13 @@ PeimEntryMA (
> }
> }
>
> + DEBUG_CODE_BEGIN ();
> + //
> + // Peek into TPM PCR 00 before any BIOS measurement.
> + //
> + Tpm2PcrReadForActiveBank (00, NULL);
> + DEBUG_CODE_END ();
> +
> //
> // Only install TpmInitializedPpi on success
> //
> --
> 2.26.2.windows.1
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2021-12-17 15:09 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-17 2:47 [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations Rodrigo Gonzalez del Cueto
2021-12-17 4:23 ` [edk2-devel] " Rodrigo Gonzalez del Cueto
2021-12-17 15:08 ` Yao, Jiewen
-- strict thread matches above, loose matches on Subject: below --
2021-07-29 22:43 Rodrigo Gonzalez del Cueto
2021-08-09 1:24 ` Yao, Jiewen
2021-08-10 6:40 ` Rodrigo Gonzalez del Cueto
2021-08-11 5:39 ` Yao, Jiewen
2020-07-20 22:28 Rodrigo Gonzalez del Cueto
2020-07-23 2:06 ` Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox