From nobody Mon Dec 23 05:05:00 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099366794744.9543868326828; Thu, 15 Mar 2018 00:36:06 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 6D93E2264D257; Thu, 15 Mar 2018 00:29:31 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EF2DD2253FB6F for ; Thu, 15 Mar 2018 00:29:28 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:52 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:51 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860150" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:31 +0800 Message-Id: <20180315073537.16692-10-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 09/15] SecurityPkg/TrEEPei: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 690 -------------------- SecurityPkg/Tcg/TrEEPei/TrEEPei.inf | 86 --- SecurityPkg/Tcg/TrEEPei/TrEEPei.uni | 21 - SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni | 19 - 4 files changed, 816 deletions(-) diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c b/SecurityPkg/Tcg/TrEEPei/Tr= EEPei.c deleted file mode 100644 index b561245790..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c +++ /dev/null @@ -1,690 +0,0 @@ -/** @file - Initialize TPM2 device and measure FVs before handing off control to DXE. - -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define PERF_ID_TREE_PEI 0x3080 - -typedef struct { - EFI_GUID *EventGuid; - TREE_EVENT_LOG_FORMAT LogFormat; -} TREE_EVENT_INFO_STRUCT; - -TREE_EVENT_INFO_STRUCT mTreeEventInfo[] =3D { - {&gTcgEventEntryHobGuid, TREE_EVENT_LOG_FORMAT_TCG_1_2}, -}; - -BOOLEAN mImageInMemory =3D FALSE; -EFI_PEI_FILE_HANDLE mFileHandle; - -EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList =3D { - EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, - &gPeiTpmInitializedPpiGuid, - NULL -}; - -EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList =3D { - EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, - &gPeiTpmInitializationDonePpiGuid, - NULL -}; - -EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; -UINT32 mMeasuredBaseFvIndex =3D 0; - -EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; -UINT32 mMeasuredChildFvIndex =3D 0; - -/** - Measure and record the Firmware Volum Information once FvInfoPPI install. - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES= table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data= structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -FirmwareVolmeInfoPpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ); - -/** - Record all measured Firmware Volum Information into a Guid Hob - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES= table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data= structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -EndofPeiSignalNotifyCallBack ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ); - -EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] =3D { - { - EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, - &gEfiPeiFirmwareVolumeInfoPpiGuid, - FirmwareVolmeInfoPpiNotifyCallback=20 - }, - { - EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, - &gEfiPeiFirmwareVolumeInfo2PpiGuid, - FirmwareVolmeInfoPpiNotifyCallback=20 - }, - { - (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMI= NATE_LIST), - &gEfiEndOfPeiSignalPpiGuid, - EndofPeiSignalNotifyCallBack - } -}; - -EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExclude= dFvPpi; - -/** - Record all measured Firmware Volum Information into a Guid Hob - Guid Hob payload layout is=20 - - UINT32 *************************** FIRMWARE_BLOB number - EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES= table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data= structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -EndofPeiSignalNotifyCallBack ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ) -{ =20 - MEASURED_HOB_DATA *MeasuredHobData; - - MeasuredHobData =3D NULL; - - // - // Create a Guid hob to save all measured Fv=20 - // - MeasuredHobData =3D BuildGuidHob( - &gMeasuredFvHobGuid, - sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) *= (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) - ); - - if (MeasuredHobData !=3D NULL){ - // - // Save measured FV info enty number - // - MeasuredHobData->Num =3D mMeasuredBaseFvIndex + mMeasuredChildFvIndex; - - // - // Save measured base Fv info - // - CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(E= FI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); - - // - // Save measured child Fv info - // - CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeas= uredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvInde= x)); - } - - return EFI_SUCCESS; -} - -/** - Add a new entry to the Event Log. - - @param[in] DigestList A list of digest. - @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structu= re. - @param[in] NewEventData Pointer to the new event data. - - @retval EFI_SUCCESS The new event log entry was added. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. -**/ -EFI_STATUS -LogHashEvent ( - IN TPML_DIGEST_VALUES *DigestList, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData - ) -{ - VOID *HobData; - EFI_STATUS Status; - UINTN Index; - EFI_STATUS RetStatus; - - RetStatus =3D EFI_SUCCESS; - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].= LogFormat)); - switch (mTreeEventInfo[Index].LogFormat) { - case TREE_EVENT_LOG_FORMAT_TCG_1_2: - Status =3D GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &New= EventHdr->Digest); - if (!EFI_ERROR (Status)) { - HobData =3D BuildGuidHob ( - &gTcgEventEntryHobGuid, - sizeof (*NewEventHdr) + NewEventHdr->EventSize - ); - if (HobData =3D=3D NULL) { - RetStatus =3D EFI_OUT_OF_RESOURCES; - break; - } - - CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr)); - HobData =3D (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr)); - CopyMem (HobData, NewEventData, NewEventHdr->EventSize); - } - break; - } - } - - return RetStatus; -} - -/** - Do a hash operation on a data buffer, extend a specific TPM PCR with the= hash result, - and build a GUIDed HOB recording the event which will be passed to the D= XE phase and - added into the Event Log. - - @param[in] Flags Bitmap providing additional information. - @param[in] HashData Physical address of the start of the data = buffer=20 - to be hashed, extended, and logged. - @param[in] HashDataLen The length, in bytes, of the buffer refere= nced by HashData. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data struct= ure. =20 - @param[in] NewEventData Pointer to the new event data. =20 - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -HashLogExtendEvent ( - IN UINT64 Flags, - IN UINT8 *HashData, - IN UINTN HashDataLen, - IN TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData - ) -{ - EFI_STATUS Status; - TPML_DIGEST_VALUES DigestList; - - if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { - return EFI_DEVICE_ERROR; - } - - Status =3D HashAndExtend ( - NewEventHdr->PCRIndex, - HashData, - HashDataLen, - &DigestList - ); - if (!EFI_ERROR (Status)) { - if ((Flags & TREE_EXTEND_ONLY) =3D=3D 0) { - Status =3D LogHashEvent (&DigestList, NewEventHdr, NewEventData); - } - } - =20 - if (Status =3D=3D EFI_DEVICE_ERROR) { - DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status= )); - BuildGuidHob (&gTpmErrorHobGuid,0); - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERRO= R) - ); - } - - return Status; -} - -/** - Measure CRTM version. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -MeasureCRTMVersion ( - VOID - ) -{ - TCG_PCR_EVENT_HDR TcgEventHdr; - - // - // Use FirmwareVersion string to represent CRTM version. - // OEMs should get real CRTM version string and measure it. - // - - TcgEventHdr.PCRIndex =3D 0; - TcgEventHdr.EventType =3D EV_S_CRTM_VERSION; - TcgEventHdr.EventSize =3D (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwa= reVersionString)); - - return HashLogExtendEvent ( - 0, - (UINT8*)PcdGetPtr (PcdFirmwareVersionString), - TcgEventHdr.EventSize, - &TcgEventHdr, - (UINT8*)PcdGetPtr (PcdFirmwareVersionString) - ); -} - -/** - Measure FV image.=20 - Add it into the measured FV list after the FV is measured successfully.=20 - - @param[in] FvBase Base address of FV image. - @param[in] FvLength Length of FV image. - - @retval EFI_SUCCESS Fv image is measured successfully=20 - or it has been already measured. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -MeasureFvImage ( - IN EFI_PHYSICAL_ADDRESS FvBase, - IN UINT64 FvLength - ) -{ - UINT32 Index; - EFI_STATUS Status; - EFI_PLATFORM_FIRMWARE_BLOB FvBlob; - TCG_PCR_EVENT_HDR TcgEventHdr; - - // - // Check if it is in Excluded FV list - // - if (mMeasurementExcludedFvPpi !=3D NULL) { - for (Index =3D 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) { - if (mMeasurementExcludedFvPpi->Fv[Index].FvBase =3D=3D FvBase) { - DEBUG ((DEBUG_INFO, "The FV which is excluded by TrEEPei starts at= : 0x%x\n", FvBase)); - DEBUG ((DEBUG_INFO, "The FV which is excluded by TrEEPei has the s= ize: 0x%x\n", FvLength)); - return EFI_SUCCESS; - } - } - } - - // - // Check whether FV is in the measured FV list. - // - for (Index =3D 0; Index < mMeasuredBaseFvIndex; Index ++) { - if (mMeasuredBaseFvInfo[Index].BlobBase =3D=3D FvBase) { - return EFI_SUCCESS; - } - } - =20 - // - // Measure and record the FV to the TPM - // - FvBlob.BlobBase =3D FvBase; - FvBlob.BlobLength =3D FvLength; - - DEBUG ((DEBUG_INFO, "The FV which is measured by TrEEPei starts at: 0x%x= \n", FvBlob.BlobBase)); - DEBUG ((DEBUG_INFO, "The FV which is measured by TrEEPei has the size: 0= x%x\n", FvBlob.BlobLength)); - - TcgEventHdr.PCRIndex =3D 0; - TcgEventHdr.EventType =3D EV_EFI_PLATFORM_FIRMWARE_BLOB; - TcgEventHdr.EventSize =3D sizeof (FvBlob); - - Status =3D HashLogExtendEvent ( - 0, - (UINT8*) (UINTN) FvBlob.BlobBase, - (UINTN) FvBlob.BlobLength, - &TcgEventHdr, - (UINT8*) &FvBlob - ); - - // - // Add new FV into the measured FV list. - // - ASSERT (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); - if (mMeasuredBaseFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { - mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase =3D FvBase; - mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength =3D FvLength; - mMeasuredBaseFvIndex++; - } - - return Status; -} - -/** - Measure main BIOS. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -MeasureMainBios ( - VOID - ) -{ - EFI_STATUS Status; - UINT32 FvInstances; - EFI_PEI_FV_HANDLE VolumeHandle; - EFI_FV_INFO VolumeInfo; - EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; - - PERF_START_EX (mFileHandle, "EventRec", "TrEEPei", 0, PERF_ID_TREE_PEI); - FvInstances =3D 0; - while (TRUE) { - // - // Traverse all firmware volume instances of Static Core Root of Trust= for Measurement - // (S-CRTM), this firmware volume measure policy can be modified/enhan= ced by special - // platform for special CRTM TPM measuring. - // - Status =3D PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle); - if (EFI_ERROR (Status)) { - break; - } - =20 - // - // Measure and record the firmware volume that is dispatched by PeiCore - // - Status =3D PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo); - ASSERT_EFI_ERROR (Status); - // - // Locate the corresponding FV_PPI according to founded FV's format gu= id - // - Status =3D PeiServicesLocatePpi ( - &VolumeInfo.FvFormat,=20 - 0,=20 - NULL, - (VOID**)&FvPpi - ); - if (!EFI_ERROR (Status)) { - MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, V= olumeInfo.FvSize); - } - - FvInstances++; - } - PERF_END_EX (mFileHandle, "EventRec", "TrEEPei", 0, PERF_ID_TREE_PEI + 1= ); - - return EFI_SUCCESS; -} - -/** - Measure and record the Firmware Volum Information once FvInfoPPI install. - - @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES= table published by the PEI Foundation. - @param[in] NotifyDescriptor Address of the notification descriptor data= structure. - @param[in] Ppi Address of the PPI that was installed. - - @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. - @return Others Fail to measure FV. - -**/ -EFI_STATUS -EFIAPI -FirmwareVolmeInfoPpiNotifyCallback ( - IN EFI_PEI_SERVICES **PeiServices, - IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, - IN VOID *Ppi - ) -{ - EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv; - EFI_STATUS Status; - EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; - UINTN Index; - - Fv =3D (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi; - - // - // The PEI Core can not dispatch or load files from memory mapped FVs th= at do not support FvPpi. - // - Status =3D PeiServicesLocatePpi ( - &Fv->FvFormat,=20 - 0,=20 - NULL, - (VOID**)&FvPpi - ); - if (EFI_ERROR (Status)) { - return EFI_SUCCESS; - } - =20 - // - // This is an FV from an FFS file, and the parent FV must have already b= een measured, - // No need to measure twice, so just record the FV and return - // - if (Fv->ParentFvName !=3D NULL || Fv->ParentFileName !=3D NULL ) { - =20 - ASSERT (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)); - if (mMeasuredChildFvIndex < PcdGet32 (PcdPeiCoreMaxFvSupported)) { - // - // Check whether FV is in the measured child FV list. - // - for (Index =3D 0; Index < mMeasuredChildFvIndex; Index++) { - if (mMeasuredChildFvInfo[Index].BlobBase =3D=3D (EFI_PHYSICAL_ADDR= ESS) (UINTN) Fv->FvInfo) { - return EFI_SUCCESS; - } - } - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase =3D (EFI_PHYS= ICAL_ADDRESS) (UINTN) Fv->FvInfo; - mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength =3D Fv->FvInf= oSize; - mMeasuredChildFvIndex++; - } - return EFI_SUCCESS; - } - - return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->Fv= InfoSize); -} - -/** - Do measurement after memory is ready. - - @param[in] PeiServices Describes the list of possible PEI Service= s. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -PeimEntryMP ( - IN EFI_PEI_SERVICES **PeiServices - ) -{ - EFI_STATUS Status; - - Status =3D PeiServicesLocatePpi ( - &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid,=20 - 0,=20 - NULL, - (VOID**)&mMeasurementExcludedFvPpi - ); - // Do not check status, because it is optional - - mMeasuredBaseFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool= (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)= ); - ASSERT (mMeasuredBaseFvInfo !=3D NULL); - mMeasuredChildFvInfo =3D (EFI_PLATFORM_FIRMWARE_BLOB *) AllocateZeroPool= (sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * PcdGet32 (PcdPeiCoreMaxFvSupported)= ); - ASSERT (mMeasuredChildFvInfo !=3D NULL); - =20 - if (PcdGet8 (PcdTpm2ScrtmPolicy) =3D=3D 1) { - Status =3D MeasureCRTMVersion (); - } - - Status =3D MeasureMainBios (); - - // - // Post callbacks: - // for the FvInfoPpi services to measure and record - // the additional Fvs to TPM - // - Status =3D PeiServicesNotifyPpi (&mNotifyList[0]); - ASSERT_EFI_ERROR (Status); - - return Status; -} - -/** - Entry point of this module. - - @param[in] FileHandle Handle of the file being invoked. - @param[in] PeiServices Describes the list of possible PEI Services. - - @return Status. - -**/ -EFI_STATUS -EFIAPI -PeimEntryMA ( - IN EFI_PEI_FILE_HANDLE FileHandle, - IN CONST EFI_PEI_SERVICES **PeiServices - ) -{ - EFI_STATUS Status; - EFI_STATUS Status2; - EFI_BOOT_MODE BootMode; - - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNo= neGuid) || - CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTp= m12Guid)){ - DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); - return EFI_UNSUPPORTED; - } - - if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { - DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); - return EFI_DEVICE_ERROR; - } - - Status =3D PeiServicesGetBootMode (&BootMode); - ASSERT_EFI_ERROR (Status); - - // - // In S3 path, skip shadow logic. no measurement is required - // - if (BootMode !=3D BOOT_ON_S3_RESUME) { - Status =3D (**PeiServices).RegisterForShadow(FileHandle); - if (Status =3D=3D EFI_ALREADY_STARTED) { - mImageInMemory =3D TRUE; - mFileHandle =3D FileHandle; - } else if (Status =3D=3D EFI_NOT_FOUND) { - ASSERT_EFI_ERROR (Status); - } - } - - if (!mImageInMemory) { - // - // Initialize TPM device - // - Status =3D Tpm2RequestUseTpm (); - if (EFI_ERROR (Status)) { - DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n")); - goto Done; - } - - if (PcdGet8 (PcdTpm2InitializationPolicy) =3D=3D 1) { - if (BootMode =3D=3D BOOT_ON_S3_RESUME) { - Status =3D Tpm2Startup (TPM_SU_STATE); - if (EFI_ERROR (Status) ) { - Status =3D Tpm2Startup (TPM_SU_CLEAR); - } - } else { - Status =3D Tpm2Startup (TPM_SU_CLEAR); - } - if (EFI_ERROR (Status) ) { - goto Done; - } - } - - // - // TpmSelfTest is optional on S3 path, skip it to save S3 time - // - if (BootMode !=3D BOOT_ON_S3_RESUME) { - if (PcdGet8 (PcdTpm2SelfTestPolicy) =3D=3D 1) { - Status =3D Tpm2SelfTest (NO); - if (EFI_ERROR (Status)) { - goto Done; - } - } - } - - // - // Only intall TpmInitializedPpi on success - // - Status =3D PeiServicesInstallPpi (&mTpmInitializedPpiList); - ASSERT_EFI_ERROR (Status); - } - - if (mImageInMemory) { - Status =3D PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices); - return Status; - } - -Done: - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n")); - BuildGuidHob (&gTpmErrorHobGuid,0); - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERRO= R) - ); - } - // - // Always intall TpmInitializationDonePpi no matter success or fail. - // Other driver can know TPM initialization state by TpmInitializedPpi. - // - Status2 =3D PeiServicesInstallPpi (&mTpmInitializationDonePpiList); - ASSERT_EFI_ERROR (Status2); - - return Status; -} diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf b/SecurityPkg/Tcg/TrEEPei/= TrEEPei.inf deleted file mode 100644 index 61a8cd0824..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.inf +++ /dev/null @@ -1,86 +0,0 @@ -## @file -# Initializes TPM 2.0 device and measure FVs in PEI phase -# -# This module will initialize TPM device, measure reported FVs and BIOS v= ersion. -# -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BS= D License -# which accompanies this distribution. The full text of the license may be= found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D TrEEPei - MODULE_UNI_FILE =3D TrEEPei.uni - FILE_GUID =3D CA5A1928-6523-409d-A9FE-5DCC87387222 - MODULE_TYPE =3D PEIM - VERSION_STRING =3D 1.0 - ENTRY_POINT =3D PeimEntryMA - -# -# The following information is for reference only and not required by the = build tools. -# -# VALID_ARCHITECTURES =3D IA32 X64 IPF EBC -# -# [BootMode] -# S3_RESUME ## SOMETIMES_CONSUMES -# - -[Sources] - TrEEPei.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - -[LibraryClasses] - HobLib - PeimEntryPoint - PeiServicesLib - BaseMemoryLib - DebugLib - Tpm2CommandLib - PeiServicesTablePointerLib - Tpm2DeviceLib - HashLib - PerformanceLib - MemoryAllocationLib - ReportStatusCodeLib - -[Guids] - gTcgEventEntryHobGuid ## = PRODUCES ## HOB - gTpmErrorHobGuid ## = SOMETIMES_PRODUCES ## HOB - gMeasuredFvHobGuid ## = PRODUCES ## HOB - gEfiTpmDeviceInstanceNoneGuid ## = SOMETIMES_PRODUCES ## GUID # TPM device identifier - gEfiTpmDeviceInstanceTpm12Guid ## = SOMETIMES_PRODUCES ## GUID # TPM device identifier - -[Ppis] - gEfiPeiFirmwareVolumeInfoPpiGuid ## = SOMETIMES_CONSUMES ## NOTIFY - gEfiPeiFirmwareVolumeInfo2PpiGuid ## = SOMETIMES_CONSUMES ## NOTIFY - gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## = SOMETIMES_CONSUMES - gPeiTpmInitializedPpiGuid ## = SOMETIMES_PRODUCES - gPeiTpmInitializationDonePpiGuid ## = PRODUCES - gEfiEndOfPeiSignalPpiGuid ## = SOMETIMES_CONSUMES ## NOTIFY - -[Pcd] - gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## = SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## = CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ## = CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## = SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy ## = CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdPeiCoreMaxFvSupported ## = CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## = SOMETIMES_CONSUMES - -[Depex] - gEfiPeiMasterBootModePpiGuid AND - gEfiPeiReadOnlyVariable2PpiGuid AND - gEfiTpmDeviceSelectedGuid - -[UserExtensions.TianoCore."ExtraFiles"] - TrEEPeiExtra.uni \ No newline at end of file diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.uni b/SecurityPkg/Tcg/TrEEPei/= TrEEPei.uni deleted file mode 100644 index 619484abfc..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.uni +++ /dev/null @@ -1,21 +0,0 @@ -// /** @file -// Initializes TPM 2.0 device and measure FVs in PEI phase -// -// This module will initialize TPM device, measure reported FVs and BIOS v= ersion. -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Initializes TPM 2= .0 device and measure FVs in PEI phase" - -#string STR_MODULE_DESCRIPTION #language en-US "This module will = initialize TPM device, measure reported FVs and BIOS version." - diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni b/SecurityPkg/Tcg/TrE= EPei/TrEEPeiExtra.uni deleted file mode 100644 index b6743ab953..0000000000 --- a/SecurityPkg/Tcg/TrEEPei/TrEEPeiExtra.uni +++ /dev/null @@ -1,19 +0,0 @@ -// /** @file -// TrEEPei Localized Strings and Content -// -// Copyright (c) 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME=20 -#language en-US=20 -"TrEE (Trusted Execution Environment) PEI" - - --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel