From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web10.7100.1595284118736963106 for ; Mon, 20 Jul 2020 15:28:39 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: rodrigo.gonzalez.del.cueto@intel.com) IronPort-SDR: Qj0LTp8v4UovKsWJuDbtWML3BJ8BNYYxkxVbzl8/QwAeKcJbwtFrtRfxgdw9vDcIXj8/FU8Nt7 VXQAGEa4z4MQ== X-IronPort-AV: E=McAfee;i="6000,8403,9688"; a="150005441" X-IronPort-AV: E=Sophos;i="5.75,375,1589266800"; d="scan'208";a="150005441" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2020 15:28:37 -0700 IronPort-SDR: Iji+F16qwSDxCRPPLdldkX3rSIHtscqh16c/nv3a75XTeGoJSeRkCV79d550Tu4ioMPhk/31Ol BiFnrHF3fO3w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,375,1589266800"; d="scan'208";a="392164753" Received: from fm73lab177-1.amr.corp.intel.com ([10.80.209.189]) by fmsmga001.fm.intel.com with ESMTP; 20 Jul 2020 15:28:36 -0700 From: "Rodrigo Gonzalez del Cueto" To: devel@edk2.groups.io Cc: Rodrigo Gonzalez del Cueto , Jiewen Yao , Jian J Wang , Qi Zhang Subject: [PATCH] SecurityPkg: Debug code to audit BIOS TPM extend operations. Date: Mon, 20 Jul 2020 15:28:32 -0700 Message-Id: X-Mailer: git-send-email 2.27.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2858 Add debug functionality to examine TPM extend operations performed by BIOS and inspect the PCR 00 value prior to any BIOS measurements. Replaced usage of EFI_D_* for DEBUG_* definitions in debug messages. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Signed-off-by: Rodrigo Gonzalez del Cueto --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 25 +- .../Library/Tpm2CommandLib/Tpm2Integrity.c | 468 ++++++++++++------ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 32 +- 3 files changed, 364 insertions(+), 161 deletions(-) diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Inc= lude/Library/Tpm2CommandLib.h index ce381e786b..bfa5bd82f4 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -505,7 +505,7 @@ EFIAPI Tpm2PcrEvent (=0D IN TPMI_DH_PCR PcrHandle,=0D IN TPM2B_EVENT *EventData,=0D - OUT TPML_DIGEST_VALUES *Digests=0D + OUT TPML_DIGEST_VALUES *Digests=0D );=0D =0D /**=0D @@ -523,9 +523,26 @@ EFI_STATUS EFIAPI=0D Tpm2PcrRead (=0D IN TPML_PCR_SELECTION *PcrSelectionIn,=0D - OUT UINT32 *PcrUpdateCounter,=0D - OUT TPML_PCR_SELECTION *PcrSelectionOut,=0D - OUT TPML_DIGEST *PcrValues=0D + OUT UINT32 *PcrUpdateCounter,=0D + OUT TPML_PCR_SELECTION *PcrSelectionOut,=0D + OUT TPML_DIGEST *PcrValues=0D + );=0D +=0D +/**=0D + This function will query the TPM to determine which hashing algorithms = and=0D + get the digests of all active and supported PCR banks of a specific PCR= register.=0D +=0D + @param[in] PcrHandle The index of the PCR register to be read.= =0D + @param[out] HashList List of digests from PCR register being re= ad.=0D +=0D + @retval EFI_SUCCESS The Pcr was read successfully.=0D + @retval EFI_DEVICE_ERROR The command was unsuccessful.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +Tpm2ActivePcrRegisterRead (=0D + IN TPMI_DH_PCR PcrHandle,=0D + OUT TPML_DIGEST *HashList=0D );=0D =0D /**=0D diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityP= kg/Library/Tpm2CommandLib/Tpm2Integrity.c index ddb15178fb..229fc44139 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c @@ -76,6 +76,297 @@ typedef struct { =0D #pragma pack()=0D =0D +/**=0D + This command returns the values of all PCR specified in pcrSelect.=0D +=0D + @param[in] PcrSelectionIn The selection of PCR to read.=0D + @param[out] PcrUpdateCounter The current value of the PCR update count= er.=0D + @param[out] PcrSelectionOut The PCR in the returned list.=0D + @param[out] PcrValues The contents of the PCR indicated in pcrS= elect.=0D +=0D + @retval EFI_SUCCESS Operation completed successfully.=0D + @retval EFI_DEVICE_ERROR The command was unsuccessful.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +Tpm2PcrRead (=0D + IN TPML_PCR_SELECTION *PcrSelectionIn,=0D + OUT UINT32 *PcrUpdateCounter,=0D + OUT TPML_PCR_SELECTION *PcrSelectionOut,=0D + OUT TPML_DIGEST *PcrValues=0D + )=0D +{=0D + EFI_STATUS Status;=0D + TPM2_PCR_READ_COMMAND SendBuffer;=0D + TPM2_PCR_READ_RESPONSE RecvBuffer;=0D + UINT32 SendBufferSize;=0D + UINT32 RecvBufferSize;=0D + UINTN Index;=0D + TPML_DIGEST *PcrValuesOut;=0D + TPM2B_DIGEST *Digests;=0D +=0D + //=0D + // Construct command=0D + //=0D + SendBuffer.Header.tag =3D SwapBytes16(TPM_ST_NO_SESSIONS);=0D + SendBuffer.Header.commandCode =3D SwapBytes32(TPM_CC_PCR_Read);=0D +=0D + SendBuffer.PcrSelectionIn.count =3D SwapBytes32(PcrSelectionIn->count);= =0D + for (Index =3D 0; Index < PcrSelectionIn->count; Index++) {=0D + SendBuffer.PcrSelectionIn.pcrSelections[Index].hash =3D SwapBytes16(Pc= rSelectionIn->pcrSelections[Index].hash);=0D + SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect =3D PcrSel= ectionIn->pcrSelections[Index].sizeofSelect;=0D + CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &P= crSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pc= rSelections[Index].sizeofSelect);=0D + }=0D +=0D + SendBufferSize =3D sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSele= ctionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSe= lectionIn->count;=0D + SendBuffer.Header.paramSize =3D SwapBytes32 (SendBufferSize);=0D +=0D + //=0D + // send Tpm command=0D + //=0D + RecvBufferSize =3D sizeof (RecvBuffer);=0D + Status =3D Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &Rec= vBufferSize, (UINT8 *)&RecvBuffer);=0D + if (EFI_ERROR (Status)) {=0D + return Status;=0D + }=0D +=0D + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", Recv= BufferSize));=0D + return EFI_DEVICE_ERROR;=0D + }=0D + if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) {=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(= RecvBuffer.Header.responseCode)));=0D + return EFI_NOT_FOUND;=0D + }=0D +=0D + //=0D + // Return the response=0D + //=0D +=0D + //=0D + // PcrUpdateCounter=0D + //=0D + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.P= crUpdateCounter)) {=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", Recv= BufferSize));=0D + return EFI_DEVICE_ERROR;=0D + }=0D + *PcrUpdateCounter =3D SwapBytes32(RecvBuffer.PcrUpdateCounter);=0D +=0D + //=0D + // PcrSelectionOut=0D + //=0D + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.P= crUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) {=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", Recv= BufferSize));=0D + return EFI_DEVICE_ERROR;=0D + }=0D + PcrSelectionOut->count =3D SwapBytes32(RecvBuffer.PcrSelectionOut.count)= ;=0D + if (PcrSelectionOut->count > HASH_COUNT) {=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n"= , PcrSelectionOut->count));=0D + return EFI_DEVICE_ERROR;=0D + }=0D +=0D + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.P= crUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBu= ffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", Recv= BufferSize));=0D + return EFI_DEVICE_ERROR;=0D + }=0D + for (Index =3D 0; Index < PcrSelectionOut->count; Index++) {=0D + PcrSelectionOut->pcrSelections[Index].hash =3D SwapBytes16(RecvBuffer.= PcrSelectionOut.pcrSelections[Index].hash);=0D + PcrSelectionOut->pcrSelections[Index].sizeofSelect =3D RecvBuffer.PcrS= electionOut.pcrSelections[Index].sizeofSelect;=0D + if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MA= X) {=0D + return EFI_DEVICE_ERROR;=0D + }=0D + CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer= .PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelect= ions[Index].sizeofSelect);=0D + }=0D +=0D + //=0D + // PcrValues=0D + //=0D + PcrValuesOut =3D (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RES= PONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.Pcr= SelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) *= PcrSelectionOut->count);=0D + PcrValues->count =3D SwapBytes32(PcrValuesOut->count);=0D + //=0D + // The number of digests in list is not greater than 8 per TPML_DIGEST d= efinition=0D + //=0D + if (PcrValues->count > 8) {=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrV= alues->count));=0D + return EFI_DEVICE_ERROR;=0D + }=0D + Digests =3D PcrValuesOut->digests;=0D + for (Index =3D 0; Index < PcrValues->count; Index++) {=0D + PcrValues->digests[Index].size =3D SwapBytes16(Digests->size);=0D + if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValu= es->digests[Index].size));=0D + return EFI_DEVICE_ERROR;=0D + }=0D + CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValue= s->digests[Index].size);=0D + Digests =3D (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) = + PcrValues->digests[Index].size);=0D + }=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D +/**=0D + This function will query the TPM to determine which hashing algorithms = and=0D + get the digests of all active and supported PCR banks of a specific PCR= register.=0D +=0D + @param[in] PcrHandle The index of the PCR register to be read.= =0D + @param[out] HashList List of digests from PCR register being re= ad.=0D +=0D + @retval EFI_SUCCESS The Pcr was read successfully.=0D + @retval EFI_DEVICE_ERROR The command was unsuccessful.=0D +**/=0D +EFI_STATUS=0D +EFIAPI=0D +Tpm2ActivePcrRegisterRead (=0D + IN TPMI_DH_PCR PcrHandle,=0D + OUT TPML_DIGEST *HashList=0D +)=0D +{=0D + EFI_STATUS Status;=0D + TPML_PCR_SELECTION Pcrs;=0D + TPML_PCR_SELECTION PcrSelectionIn;=0D + TPML_PCR_SELECTION PcrSelectionOut;=0D + TPML_DIGEST PcrValues;=0D + UINT32 PcrUpdateCounter;=0D + UINT32 PcrIndex;=0D + UINT32 TpmHashAlgorithmBitmap;=0D + TPMI_ALG_HASH CurrentPcrBankHash;=0D + UINT32 ActivePcrBanks;=0D + UINT32 TcgRegistryHashAlg;=0D + UINT32 Index;=0D + UINT32 Index2;=0D +=0D + PcrIndex =3D (UINT8)PcrHandle;=0D +=0D + if ((PcrIndex < 0) ||=0D + (PcrIndex >=3D IMPLEMENTATION_PCR)) {=0D + return EFI_INVALID_PARAMETER;=0D + }=0D +=0D + ZeroMem (&PcrSelectionIn, sizeof (PcrSelectionIn));=0D + ZeroMem (&PcrUpdateCounter, sizeof (UINT32));=0D + ZeroMem (&PcrSelectionOut, sizeof (PcrSelectionOut));=0D + ZeroMem (&PcrValues, sizeof (PcrValues));=0D + ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));=0D +=0D + DEBUG ((DEBUG_INFO, "ReadPcr - %02d\n", PcrIndex));=0D +=0D + //=0D + // Read TPM capabilities=0D + //=0D + Status =3D Tpm2GetCapabilityPcrs (&Pcrs);=0D +=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities\n"));=0D + return EFI_DEVICE_ERROR;=0D + }=0D +=0D + //=0D + // Get Active Pcrs=0D + //=0D + Status =3D Tpm2GetCapabilitySupportedAndActivePcrs (=0D + &TpmHashAlgorithmBitmap,=0D + &ActivePcrBanks=0D + );=0D +=0D + if (EFI_ERROR (Status)) {=0D + DEBUG ((DEBUG_ERROR, "ReadPcr: Unable to read TPM capabilities and act= ive PCRs\n"));=0D + return EFI_DEVICE_ERROR;=0D + }=0D +=0D + //=0D + // Select from Active PCRs=0D + //=0D + for (Index =3D 0; Index < Pcrs.count; Index++) {=0D + CurrentPcrBankHash =3D Pcrs.pcrSelections[Index].hash;=0D +=0D + switch (CurrentPcrBankHash) {=0D + case TPM_ALG_SHA1:=0D + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA1 Present\n"));=0D + TcgRegistryHashAlg =3D HASH_ALG_SHA1;=0D + break;=0D + case TPM_ALG_SHA256:=0D + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA256 Present\n"));=0D + TcgRegistryHashAlg =3D HASH_ALG_SHA256;=0D + break;=0D + case TPM_ALG_SHA384:=0D + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA384 Present\n"));=0D + TcgRegistryHashAlg =3D HASH_ALG_SHA384;=0D + break;=0D + case TPM_ALG_SHA512:=0D + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SHA512 Present\n"));=0D + TcgRegistryHashAlg =3D HASH_ALG_SHA512;=0D + break;=0D + case TPM_ALG_SM3_256:=0D + DEBUG ((DEBUG_VERBOSE, "HASH_ALG_SM3 Present\n"));=0D + TcgRegistryHashAlg =3D HASH_ALG_SM3_256;=0D + break;=0D + default:=0D + //=0D + // Unsupported algorithm=0D + //=0D + DEBUG ((DEBUG_VERBOSE, "Unknown algorithm present\n"));=0D + TcgRegistryHashAlg =3D 0;=0D + break;=0D + }=0D + //=0D + // Skip unsupported and inactive PCR banks=0D + //=0D + if ((TcgRegistryHashAlg & ActivePcrBanks) =3D=3D 0) {=0D + DEBUG ((DEBUG_VERBOSE, "Skipping unsupported or inactive bank: 0x%04= x\n", CurrentPcrBankHash));=0D + continue;=0D + }=0D +=0D + //=0D + // Select PCR from current active bank=0D + //=0D + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].hash =3D Pcrs.pcrSe= lections[Index].hash;=0D + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].sizeofSelect =3D PC= R_SELECT_MAX;=0D + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[0] =3D (P= crIndex < 8) ? 1 << PcrIndex : 0;=0D + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[1] =3D (P= crIndex > 7) && (PcrIndex < 16) ? 1 << (PcrIndex - 8) : 0;=0D + PcrSelectionIn.pcrSelections[PcrSelectionIn.count].pcrSelect[2] =3D (P= crIndex > 15) ? 1 << (PcrIndex - 16) : 0;=0D + PcrSelectionIn.count++;=0D + }=0D +=0D + //=0D + // Read PCRs=0D + //=0D + Status =3D Tpm2PcrRead (=0D + &PcrSelectionIn,=0D + &PcrUpdateCounter,=0D + &PcrSelectionOut,=0D + &PcrValues=0D + );=0D +=0D + if (EFI_ERROR (Status)) {=0D + DEBUG((DEBUG_ERROR, "Tpm2PcrRead failed Status =3D %r \n", Status));=0D + return EFI_DEVICE_ERROR;=0D + }=0D +=0D + for (Index =3D 0; Index < PcrValues.count; Index++) {=0D + DEBUG ((=0D + DEBUG_INFO,=0D + "ReadPcr - HashAlg =3D 0x%04x, Pcr[%02d], digest =3D ",=0D + PcrSelectionOut.pcrSelections[Index].hash,=0D + PcrIndex=0D + ));=0D +=0D + for(Index2 =3D 0; Index2 < PcrValues.digests[Index].size; Index2++) {= =0D + DEBUG ((DEBUG_INFO, "%02x ", PcrValues.digests[Index].buffer[Index2]= ));=0D + }=0D + DEBUG ((DEBUG_INFO, "\n"));=0D + }=0D +=0D + if (HashList !=3D NULL) {=0D + CopyMem (=0D + HashList,=0D + &PcrValues,=0D + sizeof (TPML_DIGEST)=0D + );=0D + }=0D +=0D + return EFI_SUCCESS;=0D +}=0D +=0D /**=0D This command is used to cause an update to the indicated PCR.=0D The digests parameter contains one or more tagged digest value identifie= d by an algorithm ID.=0D @@ -130,14 +421,26 @@ Tpm2PcrExtend ( Buffer +=3D sizeof(UINT16);=0D DigestSize =3D GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);= =0D if (DigestSize =3D=3D 0) {=0D - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->diges= ts[Index].hashAlg));=0D + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->diges= ts[Index].hashAlg));=0D return EFI_DEVICE_ERROR;=0D }=0D +=0D CopyMem(=0D Buffer,=0D &Digests->digests[Index].digest,=0D DigestSize=0D );=0D +=0D + DEBUG_CODE_BEGIN ();=0D + UINTN Index2;=0D + DEBUG ((DEBUG_INFO, "Tpm2PcrExtend - Hash =3D 0x%04x, Pcr[%02d], diges= t =3D ", Digests->digests[Index].hashAlg, (UINT8) PcrHandle));=0D +=0D + for (Index2 =3D 0; Index2 < DigestSize; Index2++) {=0D + DEBUG ((DEBUG_INFO, "%02x ", Buffer[Index2]));=0D + }=0D + DEBUG ((DEBUG_INFO, "\n"));=0D + DEBUG_CODE_END ();=0D +=0D Buffer +=3D DigestSize;=0D }=0D =0D @@ -151,7 +454,7 @@ Tpm2PcrExtend ( }=0D =0D if (ResultBufSize > sizeof(Res)) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too= Small\r\n"));=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too= Small\r\n"));=0D return EFI_BUFFER_TOO_SMALL;=0D }=0D =0D @@ -160,7 +463,7 @@ Tpm2PcrExtend ( //=0D RespSize =3D SwapBytes32(Res.Header.paramSize);=0D if (RespSize > sizeof(Res)) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",= RespSize));=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n",= RespSize));=0D return EFI_BUFFER_TOO_SMALL;=0D }=0D =0D @@ -168,10 +471,15 @@ Tpm2PcrExtend ( // Fail if command failed=0D //=0D if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC_SUCCESS) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n",= SwapBytes32(Res.Header.responseCode)));=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n",= SwapBytes32(Res.Header.responseCode)));=0D return EFI_DEVICE_ERROR;=0D }=0D =0D + DEBUG_CODE_BEGIN ();=0D + DEBUG ((DEBUG_INFO, "Tpm2PcrExtend: PCR read after extend...\n"));=0D + Tpm2ActivePcrRegisterRead (PcrHandle, NULL);=0D + DEBUG_CODE_END ();=0D +=0D //=0D // Unmarshal the response=0D //=0D @@ -246,7 +554,7 @@ Tpm2PcrEvent ( }=0D =0D if (ResultBufSize > sizeof(Res)) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too = Small\r\n"));=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too = Small\r\n"));=0D return EFI_BUFFER_TOO_SMALL;=0D }=0D =0D @@ -255,7 +563,7 @@ Tpm2PcrEvent ( //=0D RespSize =3D SwapBytes32(Res.Header.paramSize);=0D if (RespSize > sizeof(Res)) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", = RespSize));=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", = RespSize));=0D return EFI_BUFFER_TOO_SMALL;=0D }=0D =0D @@ -263,7 +571,7 @@ Tpm2PcrEvent ( // Fail if command failed=0D //=0D if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC_SUCCESS) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", = SwapBytes32(Res.Header.responseCode)));=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", = SwapBytes32(Res.Header.responseCode)));=0D return EFI_DEVICE_ERROR;=0D }=0D =0D @@ -284,7 +592,7 @@ Tpm2PcrEvent ( Buffer +=3D sizeof(UINT16);=0D DigestSize =3D GetHashSizeFromAlgo (Digests->digests[Index].hashAlg);= =0D if (DigestSize =3D=3D 0) {=0D - DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->diges= ts[Index].hashAlg));=0D + DEBUG ((DEBUG_ERROR, "Unknown hash algorithm %d\r\n", Digests->diges= ts[Index].hashAlg));=0D return EFI_DEVICE_ERROR;=0D }=0D CopyMem(=0D @@ -298,134 +606,6 @@ Tpm2PcrEvent ( return EFI_SUCCESS;=0D }=0D =0D -/**=0D - This command returns the values of all PCR specified in pcrSelect.=0D -=0D - @param[in] PcrSelectionIn The selection of PCR to read.=0D - @param[out] PcrUpdateCounter The current value of the PCR update count= er.=0D - @param[out] PcrSelectionOut The PCR in the returned list.=0D - @param[out] PcrValues The contents of the PCR indicated in pcrS= elect.=0D -=0D - @retval EFI_SUCCESS Operation completed successfully.=0D - @retval EFI_DEVICE_ERROR The command was unsuccessful.=0D -**/=0D -EFI_STATUS=0D -EFIAPI=0D -Tpm2PcrRead (=0D - IN TPML_PCR_SELECTION *PcrSelectionIn,=0D - OUT UINT32 *PcrUpdateCounter,=0D - OUT TPML_PCR_SELECTION *PcrSelectionOut,=0D - OUT TPML_DIGEST *PcrValues=0D - )=0D -{=0D - EFI_STATUS Status;=0D - TPM2_PCR_READ_COMMAND SendBuffer;=0D - TPM2_PCR_READ_RESPONSE RecvBuffer;=0D - UINT32 SendBufferSize;=0D - UINT32 RecvBufferSize;=0D - UINTN Index;=0D - TPML_DIGEST *PcrValuesOut;=0D - TPM2B_DIGEST *Digests;=0D -=0D - //=0D - // Construct command=0D - //=0D - SendBuffer.Header.tag =3D SwapBytes16(TPM_ST_NO_SESSIONS);=0D - SendBuffer.Header.commandCode =3D SwapBytes32(TPM_CC_PCR_Read);=0D -=0D - SendBuffer.PcrSelectionIn.count =3D SwapBytes32(PcrSelectionIn->count);= =0D - for (Index =3D 0; Index < PcrSelectionIn->count; Index++) {=0D - SendBuffer.PcrSelectionIn.pcrSelections[Index].hash =3D SwapBytes16(Pc= rSelectionIn->pcrSelections[Index].hash);=0D - SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect =3D PcrSel= ectionIn->pcrSelections[Index].sizeofSelect;=0D - CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &P= crSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pc= rSelections[Index].sizeofSelect);=0D - }=0D -=0D - SendBufferSize =3D sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSele= ctionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSe= lectionIn->count;=0D - SendBuffer.Header.paramSize =3D SwapBytes32 (SendBufferSize);=0D -=0D - //=0D - // send Tpm command=0D - //=0D - RecvBufferSize =3D sizeof (RecvBuffer);=0D - Status =3D Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &Rec= vBufferSize, (UINT8 *)&RecvBuffer);=0D - if (EFI_ERROR (Status)) {=0D - return Status;=0D - }=0D -=0D - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", Recv= BufferSize));=0D - return EFI_DEVICE_ERROR;=0D - }=0D - if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(= RecvBuffer.Header.responseCode)));=0D - return EFI_NOT_FOUND;=0D - }=0D -=0D - //=0D - // Return the response=0D - //=0D -=0D - //=0D - // PcrUpdateCounter=0D - //=0D - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.P= crUpdateCounter)) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", Recv= BufferSize));=0D - return EFI_DEVICE_ERROR;=0D - }=0D - *PcrUpdateCounter =3D SwapBytes32(RecvBuffer.PcrUpdateCounter);=0D -=0D - //=0D - // PcrSelectionOut=0D - //=0D - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.P= crUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", Recv= BufferSize));=0D - return EFI_DEVICE_ERROR;=0D - }=0D - PcrSelectionOut->count =3D SwapBytes32(RecvBuffer.PcrSelectionOut.count)= ;=0D - if (PcrSelectionOut->count > HASH_COUNT) {=0D - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n"= , PcrSelectionOut->count));=0D - return EFI_DEVICE_ERROR;=0D - }=0D -=0D - if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.P= crUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBu= ffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", Recv= BufferSize));=0D - return EFI_DEVICE_ERROR;=0D - }=0D - for (Index =3D 0; Index < PcrSelectionOut->count; Index++) {=0D - PcrSelectionOut->pcrSelections[Index].hash =3D SwapBytes16(RecvBuffer.= PcrSelectionOut.pcrSelections[Index].hash);=0D - PcrSelectionOut->pcrSelections[Index].sizeofSelect =3D RecvBuffer.PcrS= electionOut.pcrSelections[Index].sizeofSelect;=0D - if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MA= X) {=0D - return EFI_DEVICE_ERROR;=0D - }=0D - CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer= .PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelect= ions[Index].sizeofSelect);=0D - }=0D -=0D - //=0D - // PcrValues=0D - //=0D - PcrValuesOut =3D (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RES= PONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.Pcr= SelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) *= PcrSelectionOut->count);=0D - PcrValues->count =3D SwapBytes32(PcrValuesOut->count);=0D - //=0D - // The number of digests in list is not greater than 8 per TPML_DIGEST d= efinition=0D - //=0D - if (PcrValues->count > 8) {=0D - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrV= alues->count));=0D - return EFI_DEVICE_ERROR;=0D - }=0D - Digests =3D PcrValuesOut->digests;=0D - for (Index =3D 0; Index < PcrValues->count; Index++) {=0D - PcrValues->digests[Index].size =3D SwapBytes16(Digests->size);=0D - if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) {=0D - DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValu= es->digests[Index].size));=0D - return EFI_DEVICE_ERROR;=0D - }=0D - CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValue= s->digests[Index].size);=0D - Digests =3D (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) = + PcrValues->digests[Index].size);=0D - }=0D -=0D - return EFI_SUCCESS;=0D -}=0D -=0D /**=0D This command is used to set the desired PCR allocation of PCR and algori= thms.=0D =0D @@ -513,7 +693,7 @@ Tpm2PcrAllocate ( }=0D =0D if (ResultBufSize > sizeof(Res)) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer T= oo Small\r\n"));=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer T= oo Small\r\n"));=0D Status =3D EFI_BUFFER_TOO_SMALL;=0D goto Done;=0D }=0D @@ -523,7 +703,7 @@ Tpm2PcrAllocate ( //=0D RespSize =3D SwapBytes32(Res.Header.paramSize);=0D if (RespSize > sizeof(Res)) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n= ", RespSize));=0D + DEBUG ((DEBUG_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n= ", RespSize));=0D Status =3D EFI_BUFFER_TOO_SMALL;=0D goto Done;=0D }=0D @@ -532,7 +712,7 @@ Tpm2PcrAllocate ( // Fail if command failed=0D //=0D if (SwapBytes32(Res.Header.responseCode) !=3D TPM_RC_SUCCESS) {=0D - DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n",= SwapBytes32(Res.Header.responseCode)));=0D + DEBUG((DEBUG_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n",= SwapBytes32(Res.Header.responseCode)));=0D Status =3D EFI_DEVICE_ERROR;=0D goto Done;=0D }=0D @@ -673,15 +853,15 @@ Tpm2PcrAllocateBanks ( &SizeNeeded,=0D &SizeAvailable=0D );=0D - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", = Status));=0D + DEBUG ((DEBUG_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", = Status));=0D if (EFI_ERROR (Status)) {=0D goto Done;=0D }=0D =0D - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));=0D - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));=0D - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));=0D - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));=0D + DEBUG ((DEBUG_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));=0D + DEBUG ((DEBUG_INFO, "MaxPCR - %08x\n", MaxPCR));=0D + DEBUG ((DEBUG_INFO, "SizeNeeded - %08x\n", SizeNeeded));=0D + DEBUG ((DEBUG_INFO, "SizeAvailable - %08x\n", SizeAvailable));=0D =0D Done:=0D ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));=0D diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tc= g2Pei.c index 19b8e4b318..678826f8a5 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -147,7 +147,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] =3D { }=0D };=0D =0D -=0D /**=0D Record all measured Firmware Volume Information into a Guid Hob=0D Guid Hob payload layout is=0D @@ -223,7 +222,7 @@ SyncPcrAllocationsAndPcrMask ( UINT32 Tpm2PcrMask;=0D UINT32 NewTpm2PcrMask;=0D =0D - DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));=0D + DEBUG ((DEBUG_ERROR, "SyncPcrAllocationsAndPcrMask!\n"));=0D =0D //=0D // Determine the current TPM support and the Platform PCR mask.=0D @@ -234,7 +233,7 @@ SyncPcrAllocationsAndPcrMask ( Tpm2PcrMask =3D PcdGet32 (PcdTpm2HashMask);=0D if (Tpm2PcrMask =3D=3D 0) {=0D //=0D - // if PcdTPm2HashMask is zero, use ActivePcr setting=0D + // if PcdTpm2HashMask is zero, use ActivePcr setting=0D //=0D PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);=0D Tpm2PcrMask =3D TpmActivePcrBanks;=0D @@ -253,9 +252,9 @@ SyncPcrAllocationsAndPcrMask ( if ((TpmActivePcrBanks & Tpm2PcrMask) !=3D TpmActivePcrBanks) {=0D NewTpmActivePcrBanks =3D TpmActivePcrBanks & Tpm2PcrMask;=0D =0D - DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n"= , __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));=0D + DEBUG ((DEBUG_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n"= , __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks));=0D if (NewTpmActivePcrBanks =3D=3D 0) {=0D - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less = restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));=0D + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs active! Please set a less = restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));=0D ASSERT (FALSE);=0D } else {=0D Status =3D Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitma= p, NewTpmActivePcrBanks);=0D @@ -263,7 +262,7 @@ SyncPcrAllocationsAndPcrMask ( //=0D // We can't do much here, but we hope that this doesn't happen.=0D //=0D - DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTI= ON__));=0D + DEBUG ((DEBUG_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTI= ON__));=0D ASSERT_EFI_ERROR (Status);=0D }=0D //=0D @@ -280,9 +279,9 @@ SyncPcrAllocationsAndPcrMask ( if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) !=3D Tpm2PcrMask) {=0D NewTpm2PcrMask =3D Tpm2PcrMask & TpmHashAlgorithmBitmap;=0D =0D - DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\= n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));=0D + DEBUG ((DEBUG_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\= n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask));=0D if (NewTpm2PcrMask =3D=3D 0) {=0D - DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a le= ss restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));=0D + DEBUG ((DEBUG_ERROR, "%a - No viable PCRs supported! Please set a le= ss restrictive value for PcdTpm2HashMask!\n", __FUNCTION__));=0D ASSERT (FALSE);=0D }=0D =0D @@ -321,7 +320,7 @@ LogHashEvent ( RetStatus =3D EFI_SUCCESS;=0D for (Index =3D 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0= ]); Index++) {=0D if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) !=3D 0) {=0D - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].= LogFormat));=0D + DEBUG ((DEBUG_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].= LogFormat));=0D switch (mTcg2EventInfo[Index].LogFormat) {=0D case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:=0D Status =3D GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &New= EventHdr->Digest);=0D @@ -416,7 +415,7 @@ HashLogExtendEvent ( }=0D =0D if (Status =3D=3D EFI_DEVICE_ERROR) {=0D - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status= ));=0D + DEBUG ((DEBUG_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status= ));=0D BuildGuidHob (&gTpmErrorHobGuid,0);=0D REPORT_STATUS_CODE (=0D EFI_ERROR_CODE | EFI_ERROR_MINOR,=0D @@ -925,7 +924,7 @@ PeimEntryMA ( }=0D =0D if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) {=0D - DEBUG ((EFI_D_ERROR, "TPM2 error!\n"));=0D + DEBUG ((DEBUG_ERROR, "TPM2 error!\n"));=0D return EFI_DEVICE_ERROR;=0D }=0D =0D @@ -989,7 +988,7 @@ PeimEntryMA ( for (PcrIndex =3D 0; PcrIndex < 8; PcrIndex++) {=0D Status =3D MeasureSeparatorEventWithError (PcrIndex);=0D if (EFI_ERROR (Status)) {=0D - DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured. E= rror!\n"));=0D + DEBUG ((DEBUG_ERROR, "Separator Event with Error not Measured. E= rror!\n"));=0D }=0D }=0D }=0D @@ -1006,6 +1005,13 @@ PeimEntryMA ( }=0D }=0D =0D + DEBUG_CODE_BEGIN ();=0D + //=0D + // Peek into TPM PCR 00 before any BIOS measurement.=0D + //=0D + Tpm2ActivePcrRegisterRead (00, NULL);=0D + DEBUG_CODE_END ();=0D +=0D //=0D // Only install TpmInitializedPpi on success=0D //=0D @@ -1020,7 +1026,7 @@ PeimEntryMA ( =0D Done:=0D if (EFI_ERROR (Status)) {=0D - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n"));=0D + DEBUG ((DEBUG_ERROR, "TPM2 error! Build Hob\n"));=0D BuildGuidHob (&gTpmErrorHobGuid,0);=0D REPORT_STATUS_CODE (=0D EFI_ERROR_CODE | EFI_ERROR_MINOR,=0D --=20 2.27.0.windows.1