From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=192.55.52.88; helo=mga01.intel.com; envelope-from=qin.long@intel.com; receiver=edk2-devel@lists.01.org Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 5D03321EA15D7 for ; Tue, 10 Oct 2017 18:58:46 -0700 (PDT) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Oct 2017 19:02:14 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.43,359,1503385200"; d="scan'208";a="161238161" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga005.fm.intel.com with ESMTP; 10 Oct 2017 19:02:14 -0700 Received: from fmsmsx124.amr.corp.intel.com (10.18.125.39) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 10 Oct 2017 19:02:14 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx124.amr.corp.intel.com (10.18.125.39) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 10 Oct 2017 19:02:14 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.152]) with mapi id 14.03.0319.002; Wed, 11 Oct 2017 10:02:12 +0800 From: "Long, Qin" To: "Zhang, Chao B" , "edk2-devel@lists.01.org" CC: "Yao, Jiewen" , "sean.brogan@microsoft.com" Thread-Topic: [PATCH] SecurityPkg\Tcg2Pei: FV measure performance enhancement Thread-Index: AQHTQNus6szZf1Zq90qc6gLly1J9BqLd5/yg Date: Wed, 11 Oct 2017 02:02:12 +0000 Message-ID: References: <20171009085013.608-1-chao.b.zhang@intel.com> In-Reply-To: <20171009085013.608-1-chao.b.zhang@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] SecurityPkg\Tcg2Pei: FV measure performance enhancement X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Oct 2017 01:58:46 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Long Qin Best Regards & Thanks, LONG, Qin -----Original Message----- From: Zhang, Chao B=20 Sent: Monday, October 9, 2017 4:50 PM To: edk2-devel@lists.01.org Cc: Long, Qin ; Yao, Jiewen ; sea= n.brogan@microsoft.com; Zhang, Chao B Subject: [PATCH] SecurityPkg\Tcg2Pei: FV measure performance enhancement 1. Leverage Pre-Hashed FV PPI to reduce duplicated hash 2. Only measure BFV= at the beginning. Other FVs are measured in FVinfo callback with nested FV check. https://bugzilla.tianocore.org/show_bug.cgi?id=3D662 Cc: Long Qin Cc: Yao Jiewen Cc: Sean Brogan Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang --- .../Include/Ppi/FirmwareVolumeInfoPrehashedFV.h | 70 ++++++ SecurityPkg/SecurityPkg.dec | 7 +- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 245 +++++++++++++++--= ---- SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 2 + 4 files changed, 250 insertions(+), 74 deletions(-) create mode 100644 Se= curityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h diff --git a/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h b/Secu= rityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h new file mode 100644 index 0000000..2273357 --- /dev/null +++ b/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h @@ -0,0 +1,70 @@ +/** @file +PPI to describe all hash digests for a given FV + +Copyright (c) 2017, Intel Corporation. All rights reserved.
This=20 +program and the accompanying materials are licensed and made available=20 +under the terms and conditions of the BSD License which accompanies=20 +this distribution. The full text of the license may be found at=20 +http://opensource.org/licenses/bsd-license.php + +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. + +**/ +/** +PPI to describe all hash digests for a given FV + +Copyright (c) 2017, Microsoft Corporation + +All rights reserved. +Redistribution and use in source and binary forms, with or without=20 +modification, are permitted provided that the following conditions are met= : +1. Redistributions of source code must retain the above copyright=20 +notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright=20 +notice, this list of conditions and the following disclaimer in the=20 +documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS=20 +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED=20 +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR= PURPOSE ARE DISCLAIMED. +IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR=20 +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL=20 +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS=20 +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)=20 +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,=20 +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING=20 +IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBI= LITY OF SUCH DAMAGE. + +**/ + +#ifndef __PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_H__ +#define __PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_H__ + +#define EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI_GUID \ {=20 +0x3ce1e631, 0x7008, 0x477c, { 0xad, 0xa7, 0x5d, 0xcf, 0xc7, 0xc1, 0x49,=20 +0x4b } } + +// +// HashAlgoId is TPM_ALG_ID in Tpm20.h +// +typedef struct _HASH_INFO { + UINT16 HashAlgoId; + UINT16 HashSize; + //UINT8 Hash[]; +} HASH_INFO; + +// +// This PPI indicates a FV is already hashed, platform should ensure 1:1 m= apping between pre-hashed PPI and FV. +// The Count field in PPI is followed by Count number of FV hash info entr= ies, which can be extended to PCR and logged to TCG event log directly by T= CG modules. +// +typedef struct { + UINT32 FvBase; + UINT32 FvLength; + UINT32 Count; + //HASH_INFO HashInfo[]; +} EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI; + +extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; + +#endif + diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec inde= x 7a900dc..45d95c5 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -7,6 +7,7 @@ # # Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
= # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
+# Copyright (c) 2017, Microsoft Corporation. All rights reserved.
# This program and the accompanying materials are licensed and made availa= ble under # the terms and conditions of the BSD License which accompanies = this distribution. # The full text of the license may be found at @@ -222,6 +223,9 @@ ## Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid =3D { 0x6e056ff9, 0x= c695, 0x4364, { 0x9e, 0x2c, 0x61, 0x26, 0xf5, 0xce, 0xea, 0xae } } =20 + ## Include/Ppi/FirmwareVolumeInfoPrehashedFV.h + gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid =3D { 0x3ce1e631, 0x7008,= =20 + 0x477c, { 0xad, 0xa7, 0x5d, 0xcf, 0xc7, 0xc1, 0x49, 0x4b } } + # # [Error.gEfiSecurityPkgTokenSpaceGuid] # 0x80000001 | Invalid value provided. @@ -452,9 +456,10 @@ =20 [PcdsDynamic, PcdsDynamicEx] =20 - ## This PCD indicates Hash mask for TPM 2.0.

+ ## This PCD indicates Hash mask for TPM 2.0. Bit definition strictly=20 + follows TCG Algorithm Registry.

# If this bit is set, that means this algorithm is needed to extend to = PCR.
# If this bit is clear, that means this algorithm is NOT needed to exte= nd to PCR.
+ # If all the bits are clear, that means hash algorithm is determined=20 + by current Active PCR Banks.
# BIT0 - SHA1.
# BIT1 - SHA256.
# BIT2 - SHA384.
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 69adad4..fdc44bd 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -2,6 +2,7 @@ Initialize TPM2 device and measure FVs before handing off control to DXE= . =20 Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2017, Microsoft Corporation. All rights reserved.
This program and the accompanying materials are licensed and made availab= le under the terms and conditions of the BSD License which accompanies thi= s distribution. The full text of the license may be found at @@ -22,6 +23,= 7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR I= MPLIED. #include #include #include +#include =20 #include #include @@ -133,7 +135,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] =3D { } }; =20 -EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExclude= dFvPpi; =20 /** Record all measured Firmware Volum Information into a Guid Hob @@ -215,6= +216,13 @@ SyncPcrAllocationsAndPcrMask ( ASSERT_EFI_ERROR (Status); =20 Tpm2PcrMask =3D PcdGet32 (PcdTpm2HashMask); + if (Tpm2PcrMask =3D=3D 0) { + // + // if PcdTPm2HashMask is zero, use ActivePcr setting + // + PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks); + Tpm2PcrMask =3D TpmActivePcrBanks; + } =20 // // Find the intersection of Pcd support and TPM support. @@ -455,53 +463,152 @@ MeasureFvImage ( IN UINT64 FvLength ) { - UINT32 Index; - EFI_STATUS Status; - EFI_PLATFORM_FIRMWARE_BLOB FvBlob; - TCG_PCR_EVENT_HDR TcgEventHdr; - - // - // Check if it is in Excluded FV list - // - if (mMeasurementExcludedFvPpi !=3D NULL) { - for (Index =3D 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) = { - if (mMeasurementExcludedFvPpi->Fv[Index].FvBase =3D=3D FvBase) { - DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei starts at= : 0x%x\n", FvBase)); - DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei has the s= ize: 0x%x\n", FvLength)); - return EFI_SUCCESS; + UINT32 Index; + EFI_STATUS Status; + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + TCG_PCR_EVENT_HDR TcgEventHdr; + UINT32 Instance; + UINT32 Tpm2HashMask; + TPML_DIGEST_VALUES DigestList; + UINT32 DigestCount; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExclud= edFvPpi; + EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PrehashedFvPpi; + HASH_INFO *PreHashInfo; + UINT32 HashAlgoMask; + + // + // Check Excluded FV list + // + Instance =3D 0; + do { + Status =3D PeiServicesLocatePpi( + &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, + Instance, + NULL, + (VOID**)&MeasurementExcludedFvPpi + ); + if (!EFI_ERROR(Status)) { + for (Index =3D 0; Index < MeasurementExcludedFvPpi->Count; Index ++)= { + if (MeasurementExcludedFvPpi->Fv[Index].FvBase =3D=3D FvBase + && MeasurementExcludedFvPpi->Fv[Index].FvLength =3D=3D FvLength) = { + DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei starts = at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei has the= size: 0x%x\n", FvLength)); + return EFI_SUCCESS; + } } + + Instance++; } - } + } while (!EFI_ERROR(Status)); =20 // - // Check whether FV is in the measured FV list. + // Check measured FV list // for (Index =3D 0; Index < mMeasuredBaseFvIndex; Index ++) { - if (mMeasuredBaseFvInfo[Index].BlobBase =3D=3D FvBase) { + if (mMeasuredBaseFvInfo[Index].BlobBase =3D=3D FvBase && mMeasuredBase= FvInfo[Index].BlobLength =3D=3D FvLength) { + DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei sta= rts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei=20 + has the size: 0x%x\n", FvLength)); return EFI_SUCCESS; } } - =20 + // - // Measure and record the FV to the TPM + // Check pre-hashed FV list // - FvBlob.BlobBase =3D FvBase; - FvBlob.BlobLength =3D FvLength; + Instance =3D 0; + Tpm2HashMask =3D PcdGet32 (PcdTpm2HashMask); do { + Status =3D PeiServicesLocatePpi ( + &gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid, + Instance, + NULL, + (VOID**)&PrehashedFvPpi + ); + if (!EFI_ERROR(Status) && PrehashedFvPpi->FvBase =3D=3D FvBase && Preh= ashedFvPpi->FvLength =3D=3D FvLength) { + ZeroMem (&DigestList, sizeof(TPML_DIGEST_VALUES)); + + // + // The FV is prehashed, check against TPM hash mask + // + PreHashInfo =3D (HASH_INFO *)(PrehashedFvPpi + 1); + for (Index =3D 0, DigestCount =3D 0; Index < PrehashedFvPpi->Count; = Index++) { + DEBUG((DEBUG_INFO, "Hash Algo ID in PrehashedFvPpi=3D0x%x\n", PreH= ashInfo->HashAlgoId)); + HashAlgoMask =3D GetHashMaskFromAlgo(PreHashInfo->HashAlgoId); + if ((Tpm2HashMask & HashAlgoMask) !=3D 0 ) { + // + // Hash is required, copy it to DigestList + // + WriteUnaligned16(&(DigestList.digests[DigestList.count].hashAlg)= , PreHashInfo->HashAlgoId); + CopyMem ( + &DigestList.digests[DigestCount].digest, + PreHashInfo + 1, + PreHashInfo->HashSize + ); + DigestCount++; + // + // Clean the corresponding Hash Algo mask bit + // + Tpm2HashMask &=3D ~HashAlgoMask; + } + PreHashInfo =3D (HASH_INFO *)((UINT8 *)(PreHashInfo + 1) + PreHash= Info->HashSize); + } + + WriteUnaligned32(&DigestList.count, DigestCount); =20 - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x%x= \n", FvBlob.BlobBase)); - DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size: 0= x%x\n", FvBlob.BlobLength)); + break; + } + Instance++; + } while (!EFI_ERROR(Status)); =20 - TcgEventHdr.PCRIndex =3D 0; + // + // Init the log event for FV measurement // + FvBlob.BlobBase =3D FvBase; + FvBlob.BlobLength =3D FvLength; + TcgEventHdr.PCRIndex =3D 0; TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; TcgEventHdr.EventSize =3D sizeof (FvBlob); =20 - Status =3D HashLogExtendEvent ( - 0, - (UINT8*) (UINTN) FvBlob.BlobBase, - (UINTN) FvBlob.BlobLength, - &TcgEventHdr, - (UINT8*) &FvBlob - ); + if (Tpm2HashMask =3D=3D 0) { + // + // FV pre-hash algos comply with current TPM hash requirement + // Skip hashing step in measure, only extend DigestList to PCR and log= event + // + Status =3D Tpm2PcrExtend( + 0, + &DigestList + ); + + if (!EFI_ERROR(Status)) { + Status =3D LogHashEvent (&DigestList, &TcgEventHdr, (UINT8*) &FvBlo= b); + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged b= y Tcg2Pei starts at: 0x%x\n", FvBlob.BlobBase)); + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged b= y Tcg2Pei has the size: 0x%x\n", FvBlob.BlobLength)); + } else if (Status =3D=3D EFI_DEVICE_ERROR) { + BuildGuidHob (&gTpmErrorHobGuid,0); + REPORT_STATUS_CODE ( + EFI_ERROR_CODE | EFI_ERROR_MINOR, + (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ER= ROR) + ); + } + } else { + // + // Hash the FV, extend digest to the TPM and log TCG event + // + Status =3D HashLogExtendEvent ( + 0, + (UINT8*) (UINTN) FvBlob.BlobBase, + (UINTN) FvBlob.BlobLength, + &TcgEventHdr, + (UINT8*) &FvBlob + ); + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x= %x\n", FvBlob.BlobBase)); + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the=20 + size: 0x%x\n", FvBlob.BlobLength)); } + + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x= %x\n", FvBase)); + return Status; + } =20 // // Add new FV into the measured FV list. @@ -530,47 +637,44 @@ MeasureMainBios ( ) { EFI_STATUS Status; - UINT32 FvInstances; EFI_PEI_FV_HANDLE VolumeHandle; EFI_FV_INFO VolumeInfo; EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; =20 PERF_START_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI); - FvInstances =3D 0; - while (TRUE) { - // - // Traverse all firmware volume instances of Static Core Root of Trust= for Measurement - // (S-CRTM), this firmware volume measure policy can be modified/enhan= ced by special - // platform for special CRTM TPM measuring. - // - Status =3D PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle); - if (EFI_ERROR (Status)) { - break; - } - =20 - // - // Measure and record the firmware volume that is dispatched by PeiCor= e - // - Status =3D PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo); - ASSERT_EFI_ERROR (Status); - // - // Locate the corresponding FV_PPI according to founded FV's format gu= id - // - Status =3D PeiServicesLocatePpi ( - &VolumeInfo.FvFormat,=20 - 0,=20 - NULL, - (VOID**)&FvPpi - ); - if (!EFI_ERROR (Status)) { - MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, V= olumeInfo.FvSize); - } =20 - FvInstances++; - } + // + // Only measure BFV at the very beginning. Other parts of Static Core=20 + Root of // Trust for Measurement(S-CRTM) will be measured later on FvInf= oNotify. + // BFV is processed without installing FV Info Ppi. Other FVs either=20 + inside BFV or // reported by platform will be installed with Fv Info=20 + Ppi // This firmware volume measure policy can be modified/enhanced=20 + by special // platform for special CRTM TPM measuring. + // + Status =3D PeiServicesFfsFindNextVolume (0, &VolumeHandle); =20 + ASSERT_EFI_ERROR (Status); + + // + // Measure and record the firmware volume that is dispatched by=20 + PeiCore // Status =3D PeiServicesFfsGetVolumeInfo (VolumeHandle,=20 + &VolumeInfo); ASSERT_EFI_ERROR (Status); // // Locate the=20 + corresponding FV_PPI according to founded FV's format guid // Status=20 + =3D PeiServicesLocatePpi ( + &VolumeInfo.FvFormat, + 0, + NULL, + (VOID**)&FvPpi + ); + ASSERT_EFI_ERROR (Status); + + Status =3D MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN)=20 + VolumeInfo.FvStart, VolumeInfo.FvSize); + PERF_END_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI + 1= ); =20 - return EFI_SUCCESS; + return Status; } =20 /** @@ -655,14 +759,6 @@ PeimEntryMP ( { EFI_STATUS Status; =20 - Status =3D PeiServicesLocatePpi ( - &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,=20 - 0,=20 - NULL, - (VOID**)&mMeasurementExcludedFvPpi - ); - // Do not check status, because it is optional - mMeasuredBaseFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool= (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)= ); ASSERT (mMeasuredBaseFvInfo !=3D NULL); mMeasuredChildFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool= (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)= ); @@ -673,6 +769,9 @@ PeimEntryMP ( } =20 Status =3D MeasureMainBios (); + if (EFI_ERROR(Status)) { + return Status; + } =20 // // Post callbacks: diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/= Tcg2Pei.inf index 1b79ee4..f7b8544 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -9,6 +9,7 @@ # This module will initialize TPM device, measure reported FVs and BIOS v= ersion. # # Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.
+# Copyright (c) 2017, Microsoft Corporation. All rights reserved.
# This program and the accompanying materials # are licensed and made ava= ilable under the terms and conditions of the BSD License # which accompani= es this distribution. The full text of the license may be found at @@ -75,6= +76,7 @@ gPeiTpmInitializedPpiGuid ## = SOMETIMES_PRODUCES gPeiTpmInitializationDonePpiGuid ## = PRODUCES gEfiEndOfPeiSignalPpiGuid ## = SOMETIMES_CONSUMES ## NOTIFY + gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## = SOMETIMES_CONSUMES =20 [Pcd] gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## = SOMETIMES_CONSUMES -- 1.9.5.msysgit.1