From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by mx.groups.io with SMTP id smtpd.web11.3945.1595470004676842487 for ; Wed, 22 Jul 2020 19:06:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=Y4fXp1nN; spf=pass (domain: intel.com, ip: 134.134.136.24, mailfrom: jiewen.yao@intel.com) IronPort-SDR: 9nygPTuh4OT39wowlqimmKp8ove+31jiKiTivxJ/CjGDErVI6bQlAoQy0tkUNypLN7un+ODalP QJbtOr/9UMZg== X-IronPort-AV: E=McAfee;i="6000,8403,9690"; a="151763260" X-IronPort-AV: E=Sophos;i="5.75,385,1589266800"; d="scan'208";a="151763260" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jul 2020 19:06:42 -0700 IronPort-SDR: o+V47BaceQR0/rqGIsaQTgGYh6XIJjDP41USDaR5F8czBbok3vNmxM7+z8uX0dwvXtcMmQ80Ue EwWnn89rKUFA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,385,1589266800"; d="scan'208";a="320485175" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by fmsmga002.fm.intel.com with ESMTP; 22 Jul 2020 19:06:42 -0700 Received: from fmsmsx605.amr.corp.intel.com (10.18.126.85) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 22 Jul 2020 19:06:41 -0700 Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by fmsmsx605.amr.corp.intel.com (10.18.126.85) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Wed, 22 Jul 2020 19:06:41 -0700 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.109) by edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 22 Jul 2020 19:06:40 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cbgbwT4Guln/3Z4fiCQ9yqFBbU8YerL/ZBwGSJRxu+aOvT20tuqm7LeNOQvX0j/ZTmeyRg2G26LKSrkgLHo3FfTjg+5bbePjP4eWYE//7fpP38VCO2e52/TWTVwGsQPxE4qdt6ri81fFHoTtp3mT3jYIaOXOwSlRDZ0laN4P7+yV7TUrj3ZiQEBOtSnqO+H7SIeJftF3zOUw9G/oqHmd3Zn4hivdyrZXExq57nSA4qTIyQiDda3BrN57r+gWgyudV2c2FcwQsporuGa8N/UQ3/ctar4DomyzU4/tDqBBgiw1DqXthVaJGyFXW7QRCkRTihIRHeh+0UsFmgjI4lxCPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wRzgtol+tR0dEC9/DPk2Tmo9nUAceKqXc9hLKv0L7Pk=; b=NIXdv3bIJ6r41Eirz9geaPsxv3rhWdidzuNTtv4WAzT1yWSuEInTYv6kj1uBe7hjmtIaaCCWvpPsIS4SRz8nWTFq+INggVzmG1cgUYEIfTbX8pfvNx0PKTdjs+zjiRtbz6szHyCh4n+8sylL7l+CzzeKAoTsuJBai9EtFeRINPQvGqt2fgCaW9iJaOKePeumQ8+eFWx7UGVSY0DLgpo68ZSqCY/qy5JNZUgTE3UxbhyyzhXQM5NqxGAIjBjXEMK7OXrJFQk7gG09BffacDyVKjsbCqmMFHzU4232HQiVMeSPJ08XiaVuivU25HfqpAnFZ0rkk6vVUT60HDxqvES5Jg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wRzgtol+tR0dEC9/DPk2Tmo9nUAceKqXc9hLKv0L7Pk=; b=Y4fXp1nNVms/H3khn7VdRQMY5IHOg3r39Vyirr52AHUN1rzBXrJiW1J9eoI1uOohJ5APCDaw3x/jRco4epCfoQfQg2NIH9yAKnQ9XdaiDeMl+Rdac+MtzDA18nxDi+Xb+VjQEzs5s6LBtPpbArp7G7mDMiBXU3Wc617BPDjOXRM= Received: from DM5PR11MB2026.namprd11.prod.outlook.com (2603:10b6:3:10::17) by DM6PR11MB3561.namprd11.prod.outlook.com (2603:10b6:5:136::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.20; Thu, 23 Jul 2020 02:06:38 +0000 Received: from DM5PR11MB2026.namprd11.prod.outlook.com ([fe80::e19d:1de4:c479:da4]) by DM5PR11MB2026.namprd11.prod.outlook.com ([fe80::e19d:1de4:c479:da4%4]) with mapi id 15.20.3216.020; Thu, 23 Jul 2020 02:06:38 +0000 From: "Yao, Jiewen" To: "Gonzalez Del Cueto, Rodrigo" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Zhang, Qi1" Subject: Re: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations. Thread-Topic: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations. Thread-Index: AQHWXuUi+yjo1dyD306XqmDJHzghP6kUacnQ Date: Thu, 23 Jul 2020 02:06:38 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOWI4ZWM4ZGEtMTQ1Mi00MTJkLWE5OGMtZDk1YWQwYmVkNmM4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiWHRjVW9kTTlSSFZsNk5SVGYzYk1pRzkrT3NGcmlmZWF4alRHRUxjeG13Q0o3VG1nR2t5ZUFCZ3RlbFZDM050SCJ9 x-ctpclassification: CTP_NT dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [122.224.132.227] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 562e1db9-f725-4f6a-ecfd-08d82ead08d2 x-ms-traffictypediagnostic: DM6PR11MB3561: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:415; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /TeomRRwtb8jtAnqXPJ2V8qL8+hJKu/1EFUBxo7cZPX4+ir/TBCn5gaWJCm9EVXWawB0ZouPpKORalW1O3RwP+ec2iQyqfaxt54oTPKK5e+uhQ31Y/cjysUCm5zcm266ttUUVT3sZiEQtwo+6gVj0MmsYtRhZ0nxgxVDTGn7KmMvP7/tIRcMFb0v+b0Nqb+uY3M9pzRr/ljlYarvB/ZO3G3fjbiCAzgyZw9yCozi6Rfjd33o2zCmAecDvKiTULpj95pn/a82Jws+uD1LaYQqqOfs5cOYksVXxyo7G4obwj7+9PLwhoGhPs+0vjOJiZYqmGxDE1YprCyCT7WOlbm+1N+gkbndOrs7s6bzEscfXQIszzDdBC+R/CF9tnBlX8e6ek+XTfx0mdF3mIISwQq3zw== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR11MB2026.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(346002)(136003)(396003)(376002)(39860400002)(366004)(9686003)(8676002)(478600001)(186003)(64756008)(66446008)(66556008)(7696005)(966005)(52536014)(19627235002)(6506007)(66476007)(83380400001)(53546011)(15650500001)(76116006)(66946007)(55016002)(316002)(33656002)(107886003)(54906003)(26005)(30864003)(8936002)(5660300002)(4326008)(86362001)(2906002)(110136005)(71200400001)(559001)(579004);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: hV5RXNqIUDej8N8ZKNRUGxeYsRGd6vOYZ2GAPyLLOWFrUHAQIheS7unc/jhPPkVBLv4VHunEP4K8cjUqxXkT+l7OVsM/q35sutnMKTfOxohvXmabf8aIQqLG/KX6JJ87EZU4l2JnEjwr1FzbKW7polrF0yHIbq6r2E6DoAWHvBVs2HiM443jMsPyNbmSrOqr2pvmFRLV5fgiQ39sizziJvQYEEO3JHlyZllbqf5wDKpd5rGS4DRYovGAfF9JxVhfUYTMu3EERhPeUZKlzUzuccUIicUy4cLRlfZIiP/K3UdZMTAqY21CcwrBFnRhIonq2Dryy/c5goyqmo6sqTj4To6IKxU4O9SahKwxjm51m+w6tAZqlt+HrR9xoWeoZ04iImId+WMPRd83pmSfdJTyOUU5qWnmicxYfJa46tWJFHB4UABbo1Jp0GRGZL0nBkVWmPJ/Kj1rS0VHrzEjJuZxDiH2UWlacd5PU49c0ZepaxeNJPgg6cKncur0yH8a5Mw3 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM5PR11MB2026.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 562e1db9-f725-4f6a-ecfd-08d82ead08d2 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2020 02:06:38.3776 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: c0c0RnKQGiOzvjQDtQO2OHC3l7YoWGzigyiCO1SHd6aqaN8le4+uoo3k3X/VY/X0WXpoPgY0hSK8X7d4u1MofQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3561 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Here is some initial feedback: 1) Please don't change function header Tpm2PcrEvent() and Tpm2PcrRead() in = Tpm2CommandLib.h 2) Please don't move Tpm2PcrRead() function in Tpm2Integrity.c, so that I c= an know what you have changed. 3) Please add Tpm2ActivePcrRegisterRead() as the last function in Tpm2Integ= rity.c 4) Please use DEBUG_VERBOSE for the new debug log. We got feedback before t= hat there are too many debug messages in TPM driver. 5) Below code is weird in Tpm2ActivePcrRegisterRead(). UINT32 PcrIndex;=20 PcrIndex =3D (UINT8)PcrHandle; Why you define it as UINT32 and cast it as UINT8? 6) Please use 2 spaces indent for the function header. EFI_STATUS EFIAPI Tpm2ActivePcrRegisterRead ( IN TPMI_DH_PCR PcrHandle, OUT TPML_DIGEST *HashList ) 7) The name of Tpm2ActivePcrRegisterRead() is confusing. What you try to do= is to read the PCR for the active bank. Maybe Tpm2PcrReadForActiveBank() ? Thank you Yao Jiewen > -----Original Message----- > From: Gonzalez Del Cueto, Rodrigo > Sent: Tuesday, July 21, 2020 6:29 AM > To: devel@edk2.groups.io > Cc: Gonzalez Del Cueto, Rodrigo ; Y= ao, > Jiewen ; Wang, Jian J ; Zhan= g, > Qi1 > Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operati= ons. >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2858 >=20 > Add debug functionality to examine TPM extend operations > performed by BIOS and inspect the PCR 00 value prior to > any BIOS measurements. >=20 > Replaced usage of EFI_D_* for DEBUG_* definitions in debug > messages. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Qi Zhang > Signed-off-by: Rodrigo Gonzalez del Cueto > > --- > SecurityPkg/Include/Library/Tpm2CommandLib.h | 25 +- > .../Library/Tpm2CommandLib/Tpm2Integrity.c | 468 ++++++++++++------ > SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 32 +- > 3 files changed, 364 insertions(+), 161 deletions(-) >=20 > diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h > b/SecurityPkg/Include/Library/Tpm2CommandLib.h > index ce381e786b..bfa5bd82f4 100644 > --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h > +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h > @@ -505,7 +505,7 @@ EFIAPI > Tpm2PcrEvent ( >=20 > IN TPMI_DH_PCR PcrHandle, >=20 > IN TPM2B_EVENT *EventData, >=20 > - OUT TPML_DIGEST_VALUES *Digests >=20 > + OUT TPML_DIGEST_VALUES *Digests >=20 > ); [Jiewen] Why you need this this? >=20 >=20 >=20 > /** >=20 > @@ -523,9 +523,26 @@ EFI_STATUS > EFIAPI >=20 > Tpm2PcrRead ( >=20 > IN TPML_PCR_SELECTION *PcrSelectionIn, >=20 > - OUT UINT32 *PcrUpdateCounter, >=20 > - OUT TPML_PCR_SELECTION *PcrSelectionOut, >=20 > - OUT TPML_DIGEST *PcrValues >=20 > + OUT UINT32 *PcrUpdateCounter, >=20 > + OUT TPML_PCR_SELECTION *PcrSelectionOut, >=20 > + OUT TPML_DIGEST *PcrValues >=20 > + );=20 >=20 > + >=20 > +/** >=20 > + This function will query the TPM to determine which hashing algorithm= s and >=20 > + get the digests of all active and supported PCR banks of a specific P= CR > register. >=20 > + >=20 > + @param[in] PcrHandle The index of the PCR register to be read= . >=20 > + @param[out] HashList List of digests from PCR register being = read. >=20 > + >=20 > + @retval EFI_SUCCESS The Pcr was read successfully. >=20 > + @retval EFI_DEVICE_ERROR The command was unsuccessful. >=20 > +**/ >=20 > +EFI_STATUS >=20 > +EFIAPI >=20 > +Tpm2ActivePcrRegisterRead ( >=20 > + IN TPMI_DH_PCR PcrHandle, >=20 > + OUT TPML_DIGEST *HashList >=20 > ); >=20 >=20 >=20 > /** >=20 > diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > index ddb15178fb..229fc44139 100644 > --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c > @@ -76,6 +76,297 @@ typedef struct { >=20 >=20 > #pragma pack() >=20 >=20 >=20 > +/** >=20 > + This command returns the values of all PCR specified in pcrSelect. >=20 > + >=20 > + @param[in] PcrSelectionIn The selection of PCR to read. >=20 > + @param[out] PcrUpdateCounter The current value of the PCR update > counter. >=20 > + @param[out] PcrSelectionOut The PCR in the returned list. >=20 > + @param[out] PcrValues The contents of the PCR indicated in pc= rSelect. >=20 > + >=20 > + @retval EFI_SUCCESS Operation completed successfully. >=20 > + @retval EFI_DEVICE_ERROR The command was unsuccessful. >=20 > +**/ >=20 > +EFI_STATUS >=20 > +EFIAPI >=20 > +Tpm2PcrRead ( >=20 > + IN TPML_PCR_SELECTION *PcrSelectionIn, >=20 > + OUT UINT32 *PcrUpdateCounter, >=20 > + OUT TPML_PCR_SELECTION *PcrSelectionOut, >=20 > + OUT TPML_DIGEST *PcrValues >=20 > + ) >=20 > +{ >=20 > + EFI_STATUS Status; >=20 > + TPM2_PCR_READ_COMMAND SendBuffer; >=20 > + TPM2_PCR_READ_RESPONSE RecvBuffer; >=20 > + UINT32 SendBufferSize; >=20 > + UINT32 RecvBufferSize; >=20 > + UINTN Index; >=20 > + TPML_DIGEST *PcrValuesOut; >=20 > + TPM2B_DIGEST *Digests; >=20 > + >=20 > + // >=20 > + // Construct command >=20 > + // >=20 > + SendBuffer.Header.tag =3D SwapBytes16(TPM_ST_NO_SESSIONS); >=20 > + SendBuffer.Header.commandCode =3D SwapBytes32(TPM_CC_PCR_Read); >=20 > + >=20 > + SendBuffer.PcrSelectionIn.count =3D SwapBytes32(PcrSelectionIn->count)= ; >=20 > + for (Index =3D 0; Index < PcrSelectionIn->count; Index++) { >=20 > + SendBuffer.PcrSelectionIn.pcrSelections[Index].hash =3D > SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash); >=20 > + SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect =3D PcrS= electionIn- > >pcrSelections[Index].sizeofSelect; >=20 > + CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, > &PcrSelectionIn->pcrSelections[Index].pcrSelect, > SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect); >=20 > + } >=20 > + >=20 > + SendBufferSize =3D sizeof(SendBuffer.Header) + > sizeof(SendBuffer.PcrSelectionIn.count) + > sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->coun= t; >=20 > + SendBuffer.Header.paramSize =3D SwapBytes32 (SendBufferSize); >=20 > + >=20 > + // >=20 > + // send Tpm command >=20 > + // >=20 > + RecvBufferSize =3D sizeof (RecvBuffer); >=20 > + Status =3D Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, > &RecvBufferSize, (UINT8 *)&RecvBuffer); >=20 > + if (EFI_ERROR (Status)) { >=20 > + return Status; >=20 > + } >=20 > + >=20 > + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) { >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", > SwapBytes32(RecvBuffer.Header.responseCode))); >=20 > + return EFI_NOT_FOUND; >=20 > + } >=20 > + >=20 > + // >=20 > + // Return the response >=20 > + // >=20 > + >=20 > + // >=20 > + // PcrUpdateCounter >=20 > + // >=20 > + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter)) { >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + *PcrUpdateCounter =3D SwapBytes32(RecvBuffer.PcrUpdateCounter); >=20 > + >=20 > + // >=20 > + // PcrSelectionOut >=20 > + // >=20 > + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count)) { >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + PcrSelectionOut->count =3D SwapBytes32(RecvBuffer.PcrSelectionOut.coun= t); >=20 > + if (PcrSelectionOut->count > HASH_COUNT) { >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count > error %x\n", PcrSelectionOut->count)); >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + >=20 > + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count) + > sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->co= unt) { >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + for (Index =3D 0; Index < PcrSelectionOut->count; Index++) { >=20 > + PcrSelectionOut->pcrSelections[Index].hash =3D > SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash); >=20 > + PcrSelectionOut->pcrSelections[Index].sizeofSelect =3D > RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect; >=20 > + if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_= MAX) { >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, > &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionO= ut- > >pcrSelections[Index].sizeofSelect); >=20 > + } >=20 > + >=20 > + // >=20 > + // PcrValues >=20 > + // >=20 > + PcrValuesOut =3D (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof > (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count) + > sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->co= unt); >=20 > + PcrValues->count =3D SwapBytes32(PcrValuesOut->count); >=20 > + // >=20 > + // The number of digests in list is not greater than 8 per TPML_DIGEST > definition >=20 > + // >=20 > + if (PcrValues->count > 8) { >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", > PcrValues->count)); >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + Digests =3D PcrValuesOut->digests; >=20 > + for (Index =3D 0; Index < PcrValues->count; Index++) { >=20 > + PcrValues->digests[Index].size =3D SwapBytes16(Digests->size); >=20 > + if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) { >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", > PcrValues->digests[Index].size)); >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrVal= ues- > >digests[Index].size); >=20 > + Digests =3D (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size= ) + > PcrValues->digests[Index].size); >=20 > + } >=20 > + >=20 > + return EFI_SUCCESS; >=20 > +} >=20 > + >=20 > +/** >=20 > + This function will query the TPM to determine which hashing algorithm= s and >=20 > + get the digests of all active and supported PCR banks of a specific P= CR > register. >=20 > + >=20 > + @param[in] PcrHandle The index of the PCR register to be read= . >=20 > + @param[out] HashList List of digests from PCR register being = read. >=20 > + >=20 > + @retval EFI_SUCCESS The Pcr was read successfully. >=20 > + @retval EFI_DEVICE_ERROR The command was unsuccessful. >=20 > +**/ >=20 > +EFI_STATUS >=20 > +EFIAPI >=20 > +Tpm2ActivePcrRegisterRead ( >=20 > + IN TPMI_DH_PCR PcrHandle, >=20 > + OUT TPML_DIGEST *HashList >=20 > +) >=20 > +{ >=20 > + EFI_STATUS Status; >=20 > + TPML_PCR_SELECTION Pcrs; >=20 > + TPML_PCR_SELECTION PcrSelectionIn; >=20 > + TPML_PCR_SELECTION PcrSelectionOut; >=20 > + TPML_DIGEST PcrValues; >=20 > + UINT32 PcrUpdateCounter; >=20 > + UINT32 PcrIndex; >=20 > + UINT32 TpmHashAlgorithmBitmap; >=20 > + TPMI_ALG_HASH CurrentPcrBankHash; >=20 > + UINT32 ActivePcrBanks; >=20 > + UINT32 TcgRegistryHashAlg; >=20 > + UINT32 Index; >=20 > + UINT32 Index2; >=20 > + >=20 > + PcrIndex =3D (UINT8)PcrHandle; >=20 > + >=20 > + if ((PcrIndex < 0) || >=20 > + (PcrIndex >=3D IMPLEMENTATION_PCR)) { >=20 > + return EFI_INVALID_PARAMETER; >=20 > + } >=20 > + >=20 > + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn)); >=20 > + ZeroMem (&PcrUpdateCounter, sizeof (UINT32)); >=20 > + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut)); >=20 > + ZeroMem (&PcrValues, sizeof (PcrValues)); >=20 > + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION)); >=20 > + >=20 > + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex)); >=20 > + >=20 > + // >=20 > + // Read TPM capabilities >=20 > + // >=20 > + Status =3D Tpm2GetCapabilityPcrs (&Pcrs); >=20 > + >=20 > + if (EFI_ERROR (Status)) { >=20 > + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n")); >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + >=20 > + // >=20 > + // Get Active Pcrs >=20 > + // >=20 > + Status =3D Tpm2GetCapabilitySupportedAndActivePcrs ( >=20 > + &TpmHashAlgorithmBitmap, >=20 > + &ActivePcrBanks >=20 > + ); >=20 > + >=20 > + if (EFI_ERROR (Status)) { >=20 > + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and > active PCRs\n")); >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + >=20 > + // >=20 > + // Select from Active PCRs >=20 > + // >=20 > + for (Index =3D 0; Index < Pcrs.count; Index++) { >=20 > + CurrentPcrBankHash =3D Pcrs.pcrSelections[Index].hash; >=20 > + >=20 > + switch (CurrentPcrBankHash) { >=20 > + case TPM_ALG_SHA1: >=20 > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n")); >=20 > + TcgRegistryHashAlg =3D HASH_ALG_SHA1; >=20 > + break; >=20 > + case TPM_ALG_SHA256: >=20 > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n")); >=20 > + TcgRegistryHashAlg =3D HASH_ALG_SHA256; >=20 > + break; >=20 > + case TPM_ALG_SHA384: >=20 > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n")); >=20 > + TcgRegistryHashAlg =3D HASH_ALG_SHA384; >=20 > + break; >=20 > + case TPM_ALG_SHA512: >=20 > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n")); >=20 > + TcgRegistryHashAlg =3D HASH_ALG_SHA512; >=20 > + break; >=20 > + case TPM_ALG_SM3_256: >=20 > + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n")); >=20 > + TcgRegistryHashAlg =3D HASH_ALG_SM3_256; >=20 > + break; >=20 > + default: >=20 > + // >=20 > + // Unsupported algorithm >=20 > + // >=20 > + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n")); >=20 > + TcgRegistryHashAlg =3D 0; >=20 > + break; >=20 > + } >=20 > + // >=20 > + // Skip unsupported and inactive PCR banks >=20 > + // >=20 > + if ((TcgRegistryHashAlg & ActivePcrBanks) =3D=3D 0) { >=20 > + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank: > 0x%04x\n", CurrentPcrBankHash)); >=20 > + continue; >=20 > + } >=20 > + >=20 > + // >=20 > + // Select PCR from current active bank >=20 > + // >=20 > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =3D > Pcrs.pcrSelections[Index].hash; >=20 > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =3D > PCR_SELECT_MAX; >=20 > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] =3D = (PcrIndex < > 8) ? 1 << PcrIndex : 0; >=20 > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] =3D = (PcrIndex > > 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0; >=20 > + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] =3D = (PcrIndex > > 15) ? 1 << (PcrIndex - 16) : 0; >=20 > + PcrSelectionIn.count++; >=20 > + } >=20 > + >=20 > + // >=20 > + // Read PCRs >=20 > + // >=20 > + Status =3D Tpm2PcrRead ( >=20 > + &PcrSelectionIn, >=20 > + &PcrUpdateCounter, >=20 > + &PcrSelectionOut, >=20 > + &PcrValues >=20 > + ); >=20 > + >=20 > + if (EFI_ERROR (Status)) { >=20 > + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status =3D %r \n", Status)); >=20 > + return EFI_DEVICE_ERROR; >=20 > + } >=20 > + >=20 > + for (Index =3D 0; Index < PcrValues.count; Index++) { >=20 > + DEBUG (( >=20 > + DEBUG_INFO, >=20 > + "ReadPcr - HashAlg =3D 0x%04x, Pcr[%02d], digest =3D ", >=20 > + PcrSelectionOut.pcrSelections[Index].hash, >=20 > + PcrIndex >=20 > + )); >=20 > + >=20 > + for(Index2 =3D 0; Index2 < PcrValues.digests[Index].size; Index2++) = { >=20 > + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index= 2])); >=20 > + } >=20 > + DEBUG ((DEBUG_INFO, "\n")); >=20 > + } >=20 > + >=20 > + if (HashList !=3D NULL) { >=20 > + CopyMem ( >=20 > + HashList, >=20 > + &PcrValues, >=20 > + sizeof (TPML_DIGEST) >=20 > + ); >=20 > + } >=20 > + >=20 > + return EFI_SUCCESS; >=20 > +} >=20 > + >=20 > /** >=20 > This command is used to cause an update to the indicated PCR. >=20 > The digests parameter contains one or more tagged digest value identif= ied by > an algorithm ID. >=20 > @@ -130,14 +421,26 @@ Tpm2PcrExtend ( > Buffer +=3D sizeof(UINT16); >=20 > DigestSize =3D GetHashSizeFromAlgo (Digests->digests[Index].hashAlg)= ; >=20 > if (DigestSize =3D=3D 0) { >=20 > - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); >=20 > + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); >=20 > return EFI_DEVICE_ERROR; >=20 > } >=20 > + >=20 > CopyMem( >=20 > Buffer, >=20 > &Digests->digests[Index].digest, >=20 > DigestSize >=20 > ); >=20 > + >=20 > + DEBUG_CODE_BEGIN (); >=20 > + UINTN Index2; >=20 > + DEBUG ((DEBUG_INFO, "Tpm2PcrExtend - Hash =3D 0x%04x, Pcr[%02d], dig= est > =3D ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle)); >=20 > + >=20 > + for (Index2 =3D 0; Index2 < DigestSize; Index2++) { >=20 > + DEBUG ((DEBUG_INFO, "%02x ", Buffer[Index2])); >=20 > + } >=20 > + DEBUG ((DEBUG_INFO, "\n")); >=20 > + DEBUG_CODE_END (); >=20 > + >=20 > Buffer +=3D DigestSize; >=20 > } >=20 >=20 >=20 > @@ -151,7 +454,7 @@ Tpm2PcrExtend ( > } >=20 >=20 >=20 > if (ResultBufSize > sizeof(Res)) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer > Too Small\r\n")); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer > Too Small\r\n")); >=20 > return EFI_BUFFER_TOO_SMALL; >=20 > } >=20 >=20 >=20 > @@ -160,7 +463,7 @@ Tpm2PcrExtend ( > // >=20 > RespSize =3D SwapBytes32(Res.Header.paramSize); >=20 > if (RespSize > sizeof(Res)) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n= ", > RespSize)); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n= ", > RespSize)); >=20 > return EFI_BUFFER_TOO_SMALL; >=20 > } >=20 >=20 >=20 > @@ -168,10 +471,15 @@ Tpm2PcrExtend ( > // Fail if command failed >=20 > // >=20 > if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC_SUCCESS) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n= ", > SwapBytes32(Res.Header.responseCode))); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); >=20 > return EFI_DEVICE_ERROR; >=20 > } >=20 >=20 >=20 > + DEBUG_CODE_BEGIN (); >=20 > + DEBUG ((DEBUG_INFO, "Tpm2PcrExtend: PCR read after extend...\n")); >=20 > + Tpm2ActivePcrRegisterRead (PcrHandle, NULL); >=20 > + DEBUG_CODE_END (); >=20 > + >=20 > // >=20 > // Unmarshal the response >=20 > // >=20 > @@ -246,7 +554,7 @@ Tpm2PcrEvent ( > } >=20 >=20 >=20 > if (ResultBufSize > sizeof(Res)) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer > Too Small\r\n")); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer > Too Small\r\n")); >=20 > return EFI_BUFFER_TOO_SMALL; >=20 > } >=20 >=20 >=20 > @@ -255,7 +563,7 @@ Tpm2PcrEvent ( > // >=20 > RespSize =3D SwapBytes32(Res.Header.paramSize); >=20 > if (RespSize > sizeof(Res)) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n"= , > RespSize)); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n"= , > RespSize)); >=20 > return EFI_BUFFER_TOO_SMALL; >=20 > } >=20 >=20 >=20 > @@ -263,7 +571,7 @@ Tpm2PcrEvent ( > // Fail if command failed >=20 > // >=20 > if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC_SUCCESS) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n"= , > SwapBytes32(Res.Header.responseCode))); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); >=20 > return EFI_DEVICE_ERROR; >=20 > } >=20 >=20 >=20 > @@ -284,7 +592,7 @@ Tpm2PcrEvent ( > Buffer +=3D sizeof(UINT16); >=20 > DigestSize =3D GetHashSizeFromAlgo (Digests->digests[Index].hashAlg)= ; >=20 > if (DigestSize =3D=3D 0) { >=20 > - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); >=20 > + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests- > >digests[Index].hashAlg)); >=20 > return EFI_DEVICE_ERROR; >=20 > } >=20 > CopyMem( >=20 > @@ -298,134 +606,6 @@ Tpm2PcrEvent ( > return EFI_SUCCESS; >=20 > } >=20 >=20 >=20 > -/** >=20 > - This command returns the values of all PCR specified in pcrSelect. >=20 > - >=20 > - @param[in] PcrSelectionIn The selection of PCR to read. >=20 > - @param[out] PcrUpdateCounter The current value of the PCR update > counter. >=20 > - @param[out] PcrSelectionOut The PCR in the returned list. >=20 > - @param[out] PcrValues The contents of the PCR indicated in pc= rSelect. >=20 > - >=20 > - @retval EFI_SUCCESS Operation completed successfully. >=20 > - @retval EFI_DEVICE_ERROR The command was unsuccessful. >=20 > -**/ >=20 > -EFI_STATUS >=20 > -EFIAPI >=20 > -Tpm2PcrRead ( >=20 > - IN TPML_PCR_SELECTION *PcrSelectionIn, >=20 > - OUT UINT32 *PcrUpdateCounter, >=20 > - OUT TPML_PCR_SELECTION *PcrSelectionOut, >=20 > - OUT TPML_DIGEST *PcrValues >=20 > - ) >=20 > -{ >=20 > - EFI_STATUS Status; >=20 > - TPM2_PCR_READ_COMMAND SendBuffer; >=20 > - TPM2_PCR_READ_RESPONSE RecvBuffer; >=20 > - UINT32 SendBufferSize; >=20 > - UINT32 RecvBufferSize; >=20 > - UINTN Index; >=20 > - TPML_DIGEST *PcrValuesOut; >=20 > - TPM2B_DIGEST *Digests; >=20 > - >=20 > - // >=20 > - // Construct command >=20 > - // >=20 > - SendBuffer.Header.tag =3D SwapBytes16(TPM_ST_NO_SESSIONS); >=20 > - SendBuffer.Header.commandCode =3D SwapBytes32(TPM_CC_PCR_Read); >=20 > - >=20 > - SendBuffer.PcrSelectionIn.count =3D SwapBytes32(PcrSelectionIn->count)= ; >=20 > - for (Index =3D 0; Index < PcrSelectionIn->count; Index++) { >=20 > - SendBuffer.PcrSelectionIn.pcrSelections[Index].hash =3D > SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash); >=20 > - SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect =3D PcrS= electionIn- > >pcrSelections[Index].sizeofSelect; >=20 > - CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, > &PcrSelectionIn->pcrSelections[Index].pcrSelect, > SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect); >=20 > - } >=20 > - >=20 > - SendBufferSize =3D sizeof(SendBuffer.Header) + > sizeof(SendBuffer.PcrSelectionIn.count) + > sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->coun= t; >=20 > - SendBuffer.Header.paramSize =3D SwapBytes32 (SendBufferSize); >=20 > - >=20 > - // >=20 > - // send Tpm command >=20 > - // >=20 > - RecvBufferSize =3D sizeof (RecvBuffer); >=20 > - Status =3D Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, > &RecvBufferSize, (UINT8 *)&RecvBuffer); >=20 > - if (EFI_ERROR (Status)) { >=20 > - return Status; >=20 > - } >=20 > - >=20 > - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); >=20 > - return EFI_DEVICE_ERROR; >=20 > - } >=20 > - if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n", > SwapBytes32(RecvBuffer.Header.responseCode))); >=20 > - return EFI_NOT_FOUND; >=20 > - } >=20 > - >=20 > - // >=20 > - // Return the response >=20 > - // >=20 > - >=20 > - // >=20 > - // PcrUpdateCounter >=20 > - // >=20 > - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter)) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); >=20 > - return EFI_DEVICE_ERROR; >=20 > - } >=20 > - *PcrUpdateCounter =3D SwapBytes32(RecvBuffer.PcrUpdateCounter); >=20 > - >=20 > - // >=20 > - // PcrSelectionOut >=20 > - // >=20 > - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count)) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); >=20 > - return EFI_DEVICE_ERROR; >=20 > - } >=20 > - PcrSelectionOut->count =3D SwapBytes32(RecvBuffer.PcrSelectionOut.coun= t); >=20 > - if (PcrSelectionOut->count > HASH_COUNT) { >=20 > - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count > error %x\n", PcrSelectionOut->count)); >=20 > - return EFI_DEVICE_ERROR; >=20 > - } >=20 > - >=20 > - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + > sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count) + > sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->co= unt) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", > RecvBufferSize)); >=20 > - return EFI_DEVICE_ERROR; >=20 > - } >=20 > - for (Index =3D 0; Index < PcrSelectionOut->count; Index++) { >=20 > - PcrSelectionOut->pcrSelections[Index].hash =3D > SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash); >=20 > - PcrSelectionOut->pcrSelections[Index].sizeofSelect =3D > RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect; >=20 > - if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_= MAX) { >=20 > - return EFI_DEVICE_ERROR; >=20 > - } >=20 > - CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, > &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionO= ut- > >pcrSelections[Index].sizeofSelect); >=20 > - } >=20 > - >=20 > - // >=20 > - // PcrValues >=20 > - // >=20 > - PcrValuesOut =3D (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof > (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + > sizeof(RecvBuffer.PcrSelectionOut.count) + > sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->co= unt); >=20 > - PcrValues->count =3D SwapBytes32(PcrValuesOut->count); >=20 > - // >=20 > - // The number of digests in list is not greater than 8 per TPML_DIGEST > definition >=20 > - // >=20 > - if (PcrValues->count > 8) { >=20 > - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", > PcrValues->count)); >=20 > - return EFI_DEVICE_ERROR; >=20 > - } >=20 > - Digests =3D PcrValuesOut->digests; >=20 > - for (Index =3D 0; Index < PcrValues->count; Index++) { >=20 > - PcrValues->digests[Index].size =3D SwapBytes16(Digests->size); >=20 > - if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) { >=20 > - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", > PcrValues->digests[Index].size)); >=20 > - return EFI_DEVICE_ERROR; >=20 > - } >=20 > - CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrVal= ues- > >digests[Index].size); >=20 > - Digests =3D (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size= ) + > PcrValues->digests[Index].size); >=20 > - } >=20 > - >=20 > - return EFI_SUCCESS; >=20 > -} >=20 > - >=20 > /** >=20 > This command is used to set the desired PCR allocation of PCR and algo= rithms. >=20 >=20 >=20 > @@ -513,7 +693,7 @@ Tpm2PcrAllocate ( > } >=20 >=20 >=20 > if (ResultBufSize > sizeof(Res)) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer > Too Small\r\n")); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: > Buffer Too Small\r\n")); >=20 > Status =3D EFI_BUFFER_TOO_SMALL; >=20 > goto Done; >=20 > } >=20 > @@ -523,7 +703,7 @@ Tpm2PcrAllocate ( > // >=20 > RespSize =3D SwapBytes32(Res.Header.paramSize); >=20 > if (RespSize > sizeof(Res)) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r= \n", > RespSize)); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too > large! %d\r\n", RespSize)); >=20 > Status =3D EFI_BUFFER_TOO_SMALL; >=20 > goto Done; >=20 > } >=20 > @@ -532,7 +712,7 @@ Tpm2PcrAllocate ( > // Fail if command failed >=20 > // >=20 > if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC_SUCCESS) { >=20 > - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n= ", > SwapBytes32(Res.Header.responseCode))); >=20 > + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! > 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); >=20 > Status =3D EFI_DEVICE_ERROR; >=20 > goto Done; >=20 > } >=20 > @@ -673,15 +853,15 @@ Tpm2PcrAllocateBanks ( > &SizeNeeded, >=20 > &SizeAvailable >=20 > ); >=20 > - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n"= , > Status)); >=20 > + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n"= , > Status)); >=20 > if (EFI_ERROR (Status)) { >=20 > goto Done; >=20 > } >=20 >=20 >=20 > - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); >=20 > - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR)); >=20 > - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded)); >=20 > - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable)); >=20 > + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); >=20 > + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR)); >=20 > + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded)); >=20 > + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable)); >=20 >=20 >=20 > Done: >=20 > ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > index 19b8e4b318..678826f8a5 100644 > --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c > @@ -147,7 +147,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] =3D= { > } >=20 > }; >=20 >=20 >=20 > - >=20 > /** >=20 > Record all measured Firmware Volume Information into a Guid Hob >=20 > Guid Hob payload layout is >=20 > @@ -223,7 +222,7 @@ SyncPcrAllocationsAndPcrMask ( > UINT32 Tpm2PcrMask; >=20 > UINT32 NewTpm2PcrMask; >=20 >=20 >=20 > - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n")); >=20 > + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n")); >=20 >=20 >=20 > // >=20 > // Determine the current TPM support and the Platform PCR mask. >=20 > @@ -234,7 +233,7 @@ SyncPcrAllocationsAndPcrMask ( > Tpm2PcrMask =3D PcdGet32 (PcdTpm2HashMask); >=20 > if (Tpm2PcrMask =3D=3D 0) { >=20 > // >=20 > - // if PcdTPm2HashMask is zero, use ActivePcr setting >=20 > + // if PcdTpm2HashMask is zero, use ActivePcr setting >=20 > // >=20 > PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks); >=20 > Tpm2PcrMask =3D TpmActivePcrBanks; >=20 > @@ -253,9 +252,9 @@ SyncPcrAllocationsAndPcrMask ( > if ((TpmActivePcrBanks & Tpm2PcrMask) !=3D TpmActivePcrBanks) { >=20 > NewTpmActivePcrBanks =3D TpmActivePcrBanks & Tpm2PcrMask; >=20 >=20 >=20 > - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\= n", > __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks)); >=20 > + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\= n", > __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks)); >=20 > if (NewTpmActivePcrBanks =3D=3D 0) { >=20 > - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a les= s > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); >=20 > + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a les= s > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); >=20 > ASSERT (FALSE); >=20 > } else { >=20 > Status =3D Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBit= map, > NewTpmActivePcrBanks); >=20 > @@ -263,7 +262,7 @@ SyncPcrAllocationsAndPcrMask ( > // >=20 > // We can't do much here, but we hope that this doesn't happen. >=20 > // >=20 > - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n", > __FUNCTION__)); >=20 > + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", > __FUNCTION__)); >=20 > ASSERT_EFI_ERROR (Status); >=20 > } >=20 > // >=20 > @@ -280,9 +279,9 @@ SyncPcrAllocationsAndPcrMask ( > if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) !=3D Tpm2PcrMask) { >=20 > NewTpm2PcrMask =3D Tpm2PcrMask & TpmHashAlgorithmBitmap; >=20 >=20 >=20 > - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to > 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask)); >=20 > + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to > 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask)); >=20 > if (NewTpm2PcrMask =3D=3D 0) { >=20 > - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a = less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); >=20 > + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a = less > restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); >=20 > ASSERT (FALSE); >=20 > } >=20 >=20 >=20 > @@ -321,7 +320,7 @@ LogHashEvent ( > RetStatus =3D EFI_SUCCESS; >=20 > for (Index =3D 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo= [0]); > Index++) { >=20 > if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) !=3D 0) { >=20 > - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", > mTcg2EventInfo[Index].LogFormat)); >=20 > + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", > mTcg2EventInfo[Index].LogFormat)); >=20 > switch (mTcg2EventInfo[Index].LogFormat) { >=20 > case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: >=20 > Status =3D GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, > &NewEventHdr->Digest); >=20 > @@ -416,7 +415,7 @@ HashLogExtendEvent ( > } >=20 >=20 >=20 > if (Status =3D=3D EFI_DEVICE_ERROR) { >=20 > - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Stat= us)); >=20 > + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", > Status)); >=20 > BuildGuidHob (&gTpmErrorHobGuid,0); >=20 > REPORT_STATUS_CODE ( >=20 > EFI_ERROR_CODE | EFI_ERROR_MINOR, >=20 > @@ -925,7 +924,7 @@ PeimEntryMA ( > } >=20 >=20 >=20 > if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { >=20 > - DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); >=20 > + DEBUG ((DEBUG_ERROR, "TPM2 error!\n")); >=20 > return EFI_DEVICE_ERROR; >=20 > } >=20 >=20 >=20 > @@ -989,7 +988,7 @@ PeimEntryMA ( > for (PcrIndex =3D 0; PcrIndex < 8; PcrIndex++) { >=20 > Status =3D MeasureSeparatorEventWithError (PcrIndex); >=20 > if (EFI_ERROR (Status)) { >=20 > - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured. > Error!\n")); >=20 > + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured. > Error!\n")); >=20 > } >=20 > } >=20 > } >=20 > @@ -1006,6 +1005,13 @@ PeimEntryMA ( > } >=20 > } >=20 >=20 >=20 > + DEBUG_CODE_BEGIN (); >=20 > + // >=20 > + // Peek into TPM PCR 00 before any BIOS measurement. >=20 > + // >=20 > + Tpm2ActivePcrRegisterRead (00, NULL); >=20 > + DEBUG_CODE_END (); >=20 > + >=20 > // >=20 > // Only install TpmInitializedPpi on success >=20 > // >=20 > @@ -1020,7 +1026,7 @@ PeimEntryMA ( >=20 >=20 > Done: >=20 > if (EFI_ERROR (Status)) { >=20 > - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n")); >=20 > + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n")); >=20 > BuildGuidHob (&gTpmErrorHobGuid,0); >=20 > REPORT_STATUS_CODE ( >=20 > EFI_ERROR_CODE | EFI_ERROR_MINOR, >=20 > -- > 2.27.0.windows.1