From nobody Mon Dec 23 04:24:07 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1521099363249526.9412178434915; Thu, 15 Mar 2018 00:36:03 -0700 (PDT) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 058092264D23D; Thu, 15 Mar 2018 00:29:31 -0700 (PDT) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id E7D0E2264D223 for ; Thu, 15 Mar 2018 00:29:27 -0700 (PDT) Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Mar 2018 00:35:51 -0700 Received: from czhan46-mobl1.ccr.corp.intel.com ([10.239.192.117]) by orsmga007.jf.intel.com with ESMTP; 15 Mar 2018 00:35:50 -0700 X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=chao.b.zhang@intel.com; receiver=edk2-devel@lists.01.org X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,308,1517904000"; d="scan'208";a="24860144" From: "Zhang, Chao B" To: edk2-devel@lists.01.org Date: Thu, 15 Mar 2018 15:35:30 +0800 Message-Id: <20180315073537.16692-9-chao.b.zhang@intel.com> X-Mailer: git-send-email 2.11.0.windows.1 In-Reply-To: <20180315073537.16692-1-chao.b.zhang@intel.com> References: <20180315073537.16692-1-chao.b.zhang@intel.com> Subject: [edk2] [PATCH 08/15] SecurityPkg/TrEEDxe: remove TrEE. X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jiewen Yao , Chao B Zhang MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail: RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Jiewen Yao TrEE is deprecated. We need use Tcg2. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Jiewen Yao --- SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c | 427 ----- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 1877 -------------------- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 104 -- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni | 26 - SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni | 17 - 5 files changed, 2451 deletions(-) diff --git a/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/= TrEEDxe/MeasureBootPeCoff.c deleted file mode 100644 index a7de5883cc..0000000000 --- a/SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c +++ /dev/null @@ -1,427 +0,0 @@ -/** @file - This module implements measuring PeCoff image for TrEE Protocol. - =20 - Caution: This file requires additional review when modified. - This driver will have external input - PE/COFF image. - This external input must be validated carefully to avoid security issue = like - buffer overflow, integer overflow. - -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -UINTN mTrEEDxeImageSize =3D 0; - -/** - Reads contents of a PE/COFF image in memory buffer. - - Caution: This function may receive untrusted input. - PE/COFF image is external input, so this function will make sure the PE/= COFF image content - read is within the image buffer. - - @param FileHandle Pointer to the file handle to read the PE/COFF i= mage. - @param FileOffset Offset into the PE/COFF image to begin the read = operation. - @param ReadSize On input, the size in bytes of the requested rea= d operation. - On output, the number of bytes actually read. - @param Buffer Output buffer that contains the data read from t= he PE/COFF image. - - @retval EFI_SUCCESS The specified portion of the PE/COFF image was r= ead and the size -**/ -EFI_STATUS -EFIAPI -TrEEDxeImageRead ( - IN VOID *FileHandle, - IN UINTN FileOffset, - IN OUT UINTN *ReadSize, - OUT VOID *Buffer - ) -{ - UINTN EndPosition; - - if (FileHandle =3D=3D NULL || ReadSize =3D=3D NULL || Buffer =3D=3D NULL= ) { - return EFI_INVALID_PARAMETER; - } - - if (MAX_ADDRESS - FileOffset < *ReadSize) { - return EFI_INVALID_PARAMETER; - } - - EndPosition =3D FileOffset + *ReadSize; - if (EndPosition > mTrEEDxeImageSize) { - *ReadSize =3D (UINT32)(mTrEEDxeImageSize - FileOffset); - } - - if (FileOffset >=3D mTrEEDxeImageSize) { - *ReadSize =3D 0; - } - - CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); - - return EFI_SUCCESS; -} - -/** - Measure PE image into TPM log based on the authenticode image hashing in - PE/COFF Specification 8.0 Appendix A. - - Caution: This function may receive untrusted input. - PE/COFF image is external input, so this function will validate its data= structure - within this image buffer before use. - - Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInf= o(). - - @param[in] PCRIndex TPM PCR index - @param[in] ImageAddress Start address of image buffer. - @param[in] ImageSize Image size - @param[out] DigestList Digeest list of this image. - - @retval EFI_SUCCESS Successfully measure image. - @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. - @retval other error value -**/ -EFI_STATUS -MeasurePeImageAndExtend ( - IN UINT32 PCRIndex, - IN EFI_PHYSICAL_ADDRESS ImageAddress, - IN UINTN ImageSize, - OUT TPML_DIGEST_VALUES *DigestList - ) -{ - EFI_STATUS Status; - EFI_IMAGE_DOS_HEADER *DosHdr; - UINT32 PeCoffHeaderOffset; - EFI_IMAGE_SECTION_HEADER *Section; - UINT8 *HashBase; - UINTN HashSize; - UINTN SumOfBytesHashed; - EFI_IMAGE_SECTION_HEADER *SectionHeader; - UINTN Index; - UINTN Pos; - UINT16 Magic; - EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; - UINT32 NumberOfRvaAndSizes; - UINT32 CertSize; - HASH_HANDLE HashHandle; - PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; - - HashHandle =3D 0xFFFFFFFF; // Know bad value - - Status =3D EFI_UNSUPPORTED; - SectionHeader =3D NULL; - - // - // Check PE/COFF image - // - ZeroMem (&ImageContext, sizeof (ImageContext)); - ImageContext.Handle =3D (VOID *) (UINTN) ImageAddress; - mTrEEDxeImageSize =3D ImageSize; - ImageContext.ImageRead =3D (PE_COFF_LOADER_READ_FILE) TrEEDxeImageRead; - - // - // Get information about the image being loaded - // - Status =3D PeCoffLoaderGetImageInfo (&ImageContext); - if (EFI_ERROR (Status)) { - // - // The information can't be got from the invalid PeImage - // - DEBUG ((DEBUG_INFO, "TreeDxe: PeImage invalid. Cannot retrieve image i= nformation.\n")); - goto Finish; - } - - DosHdr =3D (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress; - PeCoffHeaderOffset =3D 0; - if (DosHdr->e_magic =3D=3D EFI_IMAGE_DOS_SIGNATURE) { - PeCoffHeaderOffset =3D DosHdr->e_lfanew; - } - - Hdr.Pe32 =3D (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress += PeCoffHeaderOffset); - if (Hdr.Pe32->Signature !=3D EFI_IMAGE_NT_SIGNATURE) { - Status =3D EFI_UNSUPPORTED; - goto Finish; - } - - // - // PE/COFF Image Measurement - // - // NOTE: The following codes/steps are based upon the authenticode im= age hashing in - // PE/COFF Specification 8.0 Appendix A. - // - // - - // 1. Load the image header into memory. - - // 2. Initialize a SHA hash context. - - Status =3D HashStart (&HashHandle); - if (EFI_ERROR (Status)) { - goto Finish; - } - - // - // Measuring PE/COFF Image Header; - // But CheckSum field and SECURITY data directory (certificate) are excl= uded - // - if (Hdr.Pe32->FileHeader.Machine =3D=3D IMAGE_FILE_MACHINE_IA64 && Hdr.P= e32->OptionalHeader.Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // NOTE: Some versions of Linux ELILO for Itanium have an incorrect ma= gic value=20 - // in the PE/COFF Header. If the MachineType is Itanium(IA64) an= d the=20 - // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HD= R32_MAGIC - // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_= MAGIC - // - Magic =3D EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC; - } else { - // - // Get the magic value from the PE/COFF Optional Header - // - Magic =3D Hdr.Pe32->OptionalHeader.Magic; - } - =20 - // - // 3. Calculate the distance from the base of the image header to the i= mage checksum address. - // 4. Hash the image header from its base to beginning of the image che= cksum. - // - HashBase =3D (UINT8 *) (UINTN) ImageAddress; - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset - // - NumberOfRvaAndSizes =3D Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) Ha= shBase; - } else { - // - // Use PE32+ offset - // - NumberOfRvaAndSizes =3D Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSiz= es; - HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN= ) HashBase; - } - - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } =20 - - // - // 5. Skip over the image checksum (it occupies a single ULONG). - // - if (NumberOfRvaAndSizes <=3D EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { - // - // 6. Since there is no Cert Directory in optional header, hash every= thing - // from the end of the checksum to the end of image header. - // - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset. - // - HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (= UINT32); - HashSize =3D Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashB= ase - ImageAddress); - } else { - // - // Use PE32+ offset. - // - HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (H= ashBase - ImageAddress); - } - - if (HashSize !=3D 0) { - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } - } =20 - } else { - // - // 7. Hash everything from the end of the checksum to the start of th= e Cert Directory. - // - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset - // - HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (= UINT32); - HashSize =3D (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IM= AGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; - } else { - // - // Use PE32+ offset - // =20 - HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + size= of (UINT32); - HashSize =3D (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EF= I_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; - } - - if (HashSize !=3D 0) { - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } - } - - // - // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTOR= Y) bytes.) - // 9. Hash everything from the end of the Cert Directory to the end o= f image header. - // - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset - // - HashBase =3D (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_I= MAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashB= ase - ImageAddress); - } else { - // - // Use PE32+ offset - // - HashBase =3D (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[E= FI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize =3D Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (H= ashBase - ImageAddress); - } - =20 - if (HashSize !=3D 0) { - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } - } - } - - // - // 10. Set the SUM_OF_BYTES_HASHED to the size of the header - // - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset - // - SumOfBytesHashed =3D Hdr.Pe32->OptionalHeader.SizeOfHeaders; - } else { - // - // Use PE32+ offset - // - SumOfBytesHashed =3D Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders; - } - - // - // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEAD= ER - // structures in the image. The 'NumberOfSections' field of the image - // header indicates how big the table should be. Do not include any - // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is= zero. - // - SectionHeader =3D (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof = (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); - if (SectionHeader =3D=3D NULL) { - Status =3D EFI_OUT_OF_RESOURCES; - goto Finish; - } - - // - // 12. Using the 'PointerToRawData' in the referenced section headers as - // a key, arrange the elements in the table in ascending order. In = other - // words, sort the section headers according to the disk-file offse= t of - // the section. - // - Section =3D (EFI_IMAGE_SECTION_HEADER *) ( - (UINT8 *) (UINTN) ImageAddress + - PeCoffHeaderOffset + - sizeof(UINT32) + - sizeof(EFI_IMAGE_FILE_HEADER) + - Hdr.Pe32->FileHeader.SizeOfOptionalHeader - ); - for (Index =3D 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++= ) { - Pos =3D Index; - while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1= ].PointerToRawData)) { - CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IM= AGE_SECTION_HEADER)); - Pos--; - } - CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER= )); - Section +=3D 1; - } - - // - // 13. Walk through the sorted table, bring the corresponding section - // into memory, and hash the entire section (using the 'SizeOfRawDa= ta' - // field in the section header to determine the amount of data to h= ash). - // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED . - // 15. Repeat steps 13 and 14 for all the sections in the sorted table. - // - for (Index =3D 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++= ) { - Section =3D (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index]; - if (Section->SizeOfRawData =3D=3D 0) { - continue; - } - HashBase =3D (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawDat= a; - HashSize =3D (UINTN) Section->SizeOfRawData; - - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } - - SumOfBytesHashed +=3D HashSize; - } - - // - // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is e= xtra - // data in the file that needs to be added to the hash. This data b= egins - // at file offset SUM_OF_BYTES_HASHED and its length is: - // FileSize - (CertDirectory->Size) - // - if (ImageSize > SumOfBytesHashed) { - HashBase =3D (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed; - - if (NumberOfRvaAndSizes <=3D EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { - CertSize =3D 0; - } else { - if (Magic =3D=3D EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { - // - // Use PE32 offset. - // - CertSize =3D Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRE= CTORY_ENTRY_SECURITY].Size; - } else { - // - // Use PE32+ offset. - // - CertSize =3D Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_= DIRECTORY_ENTRY_SECURITY].Size; - } - } - - if (ImageSize > CertSize + SumOfBytesHashed) { - HashSize =3D (UINTN) (ImageSize - CertSize - SumOfBytesHashed); - - Status =3D HashUpdate (HashHandle, HashBase, HashSize); - if (EFI_ERROR (Status)) { - goto Finish; - } - } else if (ImageSize < CertSize + SumOfBytesHashed) { - Status =3D EFI_UNSUPPORTED; - goto Finish; - } - } - - // - // 17. Finalize the SHA hash. - // - Status =3D HashCompleteAndExtend (HashHandle, PCRIndex, NULL, 0, DigestL= ist); - if (EFI_ERROR (Status)) { - goto Finish; - } - -Finish: - if (SectionHeader !=3D NULL) { - FreePool (SectionHeader); - } - - return Status; -} diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/Tr= EEDxe.c deleted file mode 100644 index 95e9d745ad..0000000000 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c +++ /dev/null @@ -1,1877 +0,0 @@ -/** @file - This module implements TrEE Protocol. - =20 -Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
-This program and the accompanying materials=20 -are licensed and made available under the terms and conditions of the BSD = License=20 -which accompanies this distribution. The full text of the license may be = found at=20 -http://opensource.org/licenses/bsd-license.php - -THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,=20 -WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLI= ED. - -**/ - -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define PERF_ID_TREE_DXE 0x3120 - -typedef struct { - CHAR16 *VariableName; - EFI_GUID *VendorGuid; -} VARIABLE_TYPE; - -#define TREE_DEFAULT_MAX_COMMAND_SIZE 0x1000 -#define TREE_DEFAULT_MAX_RESPONSE_SIZE 0x1000 - -typedef struct { - EFI_GUID *EventGuid; - TREE_EVENT_LOG_FORMAT LogFormat; -} TREE_EVENT_INFO_STRUCT; - -TREE_EVENT_INFO_STRUCT mTreeEventInfo[] =3D { - {&gTcgEventEntryHobGuid, TREE_EVENT_LOG_FORMAT_TCG_1_2}, -}; - -#define TCG_EVENT_LOG_AREA_COUNT_MAX 2 - -typedef struct { - TREE_EVENT_LOG_FORMAT EventLogFormat; - EFI_PHYSICAL_ADDRESS Lasa; - UINT64 Laml; - UINTN EventLogSize; - UINT8 *LastEvent; - BOOLEAN EventLogStarted; - BOOLEAN EventLogTruncated; -} TCG_EVENT_LOG_AREA_STRUCT; - -typedef struct _TCG_DXE_DATA { - TREE_BOOT_SERVICE_CAPABILITY BsCap; - EFI_TCG_CLIENT_ACPI_TABLE *TcgClientAcpiTable; - EFI_TCG_SERVER_ACPI_TABLE *TcgServerAcpiTable; - TCG_EVENT_LOG_AREA_STRUCT EventLogAreaStruct[TCG_EVENT_LOG_AREA_= COUNT_MAX]; -} TCG_DXE_DATA; - -EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate =3D { - { - EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SI= GNATURE, - sizeof (mTcgClientAcpiTemplate), - 0x02 //Revision - // - // Compiler initializes the remaining bytes to 0 - // These fields should be filled in in production - // - }, - 0, // 0 for PC Client Platform Class - 0, // Log Area Max Length - (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1) // Log Area Start Address -}; - -// -// The following EFI_TCG_SERVER_ACPI_TABLE default setting is just one exa= mple, -// the TPM device connectes to LPC, and also defined the ACPI _UID as 0xFF, -// this _UID can be changed and should match with the _UID setting of the = TPM=20 -// ACPI device object =20 -// -EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate =3D { - { - EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SI= GNATURE, - sizeof (mTcgServerAcpiTemplate), - 0x02 //Revision - // - // Compiler initializes the remaining bytes to 0 - // These fields should be filled in in production - // - }, - 1, // 1 for Server Platform Class - 0, // Reserved - 0, // Log Area Max Length - (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1), // Log Area Start Address - 0x0100, // TCG Specification revision 1.0 - 2, // Device Flags - 0, // Interrupt Flags - 0, // GPE - {0}, // Reserved 3 bytes - 0, // Global System Interrupt - { - EFI_ACPI_3_0_SYSTEM_MEMORY, - 0, - 0, - EFI_ACPI_3_0_BYTE, - 0x0 // Base Address - }, - 0, // Reserved - {0}, // Configuration Address - 0xFF, // ACPI _UID value of the device, can be cha= nged for different platforms - 0, // ACPI _UID value of the device, can be cha= nged for different platforms - 0, // ACPI _UID value of the device, can be cha= nged for different platforms - 0 // ACPI _UID value of the device, can be cha= nged for different platforms -}; - -TCG_DXE_DATA mTcgDxeData =3D { - { - sizeof (TREE_BOOT_SERVICE_CAPABILITY_1_0), // Size - { 1, 0 }, // StructureVersion - { 1, 0 }, // ProtocolVersion - TREE_BOOT_HASH_ALG_SHA1, // HashAlgorithmBitmap - TREE_EVENT_LOG_FORMAT_TCG_1_2, // SupportedEventLogs - TRUE, // TrEEPresentFlag - TREE_DEFAULT_MAX_COMMAND_SIZE, // MaxCommandSize - TREE_DEFAULT_MAX_RESPONSE_SIZE, // MaxResponseSize - 0 // ManufacturerID - }, - &mTcgClientAcpiTemplate, - &mTcgServerAcpiTemplate, -}; - -UINTN mBootAttempts =3D 0; -CHAR16 mBootVarName[] =3D L"BootOrder"; - -VARIABLE_TYPE mVariableType[] =3D { - {EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid}, - {EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid}, - {EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid}, - {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid}, - {EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid}, -}; - -EFI_HANDLE mImageHandle; - -/** - Measure PE image into TPM log based on the authenticode image hashing in - PE/COFF Specification 8.0 Appendix A. - - Caution: This function may receive untrusted input. - PE/COFF image is external input, so this function will validate its data= structure - within this image buffer before use. - - Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInf= o(). - - @param[in] PCRIndex TPM PCR index - @param[in] ImageAddress Start address of image buffer. - @param[in] ImageSize Image size - @param[out] DigestList Digeest list of this image. - - @retval EFI_SUCCESS Successfully measure image. - @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. - @retval other error value -**/ -EFI_STATUS -MeasurePeImageAndExtend ( - IN UINT32 PCRIndex, - IN EFI_PHYSICAL_ADDRESS ImageAddress, - IN UINTN ImageSize, - OUT TPML_DIGEST_VALUES *DigestList - ); - -/** - - This function dump raw data. - - @param Data raw data - @param Size raw data size - -**/ -VOID -InternalDumpData ( - IN UINT8 *Data, - IN UINTN Size - ) -{ - UINTN Index; - for (Index =3D 0; Index < Size; Index++) { - DEBUG ((EFI_D_INFO, "%02x", (UINTN)Data[Index])); - } -} - -/** - - This function dump raw data with colume format. - - @param Data raw data - @param Size raw data size - -**/ -VOID -InternalDumpHex ( - IN UINT8 *Data, - IN UINTN Size - ) -{ - UINTN Index; - UINTN Count; - UINTN Left; - -#define COLUME_SIZE (16 * 2) - - Count =3D Size / COLUME_SIZE; - Left =3D Size % COLUME_SIZE; - for (Index =3D 0; Index < Count; Index++) { - DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); - InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE); - DEBUG ((EFI_D_INFO, "\n")); - } - - if (Left !=3D 0) { - DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); - InternalDumpData (Data + Index * COLUME_SIZE, Left); - DEBUG ((EFI_D_INFO, "\n")); - } -} - -/** - Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated = inside the function - Caller is responsible to free LocationBuf. - - @param[out] LocationBuf Returns Processor Location Buffer. - @param[out] Num Returns processor number. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_UNSUPPORTED MpService protocol not found. - -**/ -EFI_STATUS -GetProcessorsCpuLocation ( - OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, - OUT UINTN *Num - ) -{ - EFI_STATUS Status; - EFI_MP_SERVICES_PROTOCOL *MpProtocol; - UINTN ProcessorNum; - UINTN EnabledProcessorNum; - EFI_PROCESSOR_INFORMATION ProcessorInfo; - EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; - UINTN Index; - - Status =3D gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID = **) &MpProtocol); - if (EFI_ERROR (Status)) { - // - // MP protocol is not installed - // - return EFI_UNSUPPORTED; - } - - Status =3D MpProtocol->GetNumberOfProcessors( - MpProtocol, - &ProcessorNum, - &EnabledProcessorNum - ); - if (EFI_ERROR(Status)){ - return Status; - } - - Status =3D gBS->AllocatePool( - EfiBootServicesData, - sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, - (VOID **) &ProcessorLocBuf - ); - if (EFI_ERROR(Status)){ - return Status; - } - - // - // Get each processor Location info - // - for (Index =3D 0; Index < ProcessorNum; Index++) { - Status =3D MpProtocol->GetProcessorInfo( - MpProtocol, - Index, - &ProcessorInfo - ); - if (EFI_ERROR(Status)){ - FreePool(ProcessorLocBuf); - return Status; - } - - // - // Get all Processor Location info & measure - // - CopyMem( - &ProcessorLocBuf[Index], - &ProcessorInfo.Location, - sizeof(EFI_CPU_PHYSICAL_LOCATION) - ); - } - - *LocationBuf =3D ProcessorLocBuf; - *Num =3D ProcessorNum; - - return Status; -} - -/** - The EFI_TREE_PROTOCOL GetCapability function call provides protocol - capability information and state information about the TrEE. - - @param[in] This Indicates the calling context - @param[in, out] ProtocolCapability The caller allocates memory for a TRE= E_BOOT_SERVICE_CAPABILITY - structure and sets the size field to = the size of the structure allocated. - The callee fills in the fields with t= he EFI protocol capability information - and the current TrEE state informatio= n up to the number of fields which - fit within the size of the structure = passed in. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - The ProtocolCapability variable will not = be populated.=20 - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorre= ct. - The ProtocolCapability variable will not = be populated. - @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too sm= all to hold the full response. - It will be partially populated (required = Size field will be set).=20 -**/ -EFI_STATUS -EFIAPI -TreeGetCapability ( - IN EFI_TREE_PROTOCOL *This, - IN OUT TREE_BOOT_SERVICE_CAPABILITY *ProtocolCapability - ) -{ - DEBUG ((EFI_D_INFO, "TreeGetCapability ...\n")); - - if ((This =3D=3D NULL) || (ProtocolCapability =3D=3D NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (ProtocolCapability->Size < mTcgDxeData.BsCap.Size) { - ProtocolCapability->Size =3D mTcgDxeData.BsCap.Size; - return EFI_BUFFER_TOO_SMALL; - } - - CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, mTcgDxeData.BsCap.Size); - DEBUG ((EFI_D_INFO, "TreeGetCapability - %r\n", EFI_SUCCESS)); - return EFI_SUCCESS; -} - -/** - This function dump event log. - - @param[in] EventLogFormat The type of the event log for which the i= nformation is requested. - @param[in] EventLogLocation A pointer to the memory address of the ev= ent log. - @param[in] EventLogLastEntry If the Event Log contains more than one e= ntry, this is a pointer to the - address of the start of the last entry in= the event log in memory. -**/ -VOID -DumpEventLog ( - IN TREE_EVENT_LOG_FORMAT EventLogFormat, - IN EFI_PHYSICAL_ADDRESS EventLogLocation, - IN EFI_PHYSICAL_ADDRESS EventLogLastEntry - ) -{ - TCG_PCR_EVENT_HDR *EventHdr; - UINTN Index; - - DEBUG ((EFI_D_INFO, "EventLogFormat: (0x%x)\n", EventLogFormat)); - =20 - switch (EventLogFormat) { - case TREE_EVENT_LOG_FORMAT_TCG_1_2: - EventHdr =3D (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; - while ((UINTN)EventHdr <=3D EventLogLastEntry) { - DEBUG ((EFI_D_INFO, " Event:\n")); - DEBUG ((EFI_D_INFO, " PCRIndex - %d\n", EventHdr->PCRIndex)); - DEBUG ((EFI_D_INFO, " EventType - 0x%08x\n", EventHdr->EventType)= ); - DEBUG ((EFI_D_INFO, " Digest - ")); - for (Index =3D 0; Index < sizeof(TCG_DIGEST); Index++) { - DEBUG ((EFI_D_INFO, "%02x ", EventHdr->Digest.digest[Index])); - } - DEBUG ((EFI_D_INFO, "\n")); - DEBUG ((EFI_D_INFO, " EventSize - 0x%08x\n", EventHdr->EventSize)= ); - InternalDumpHex ((UINT8 *)(EventHdr + 1), EventHdr->EventSize); - EventHdr =3D (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof(TCG_PCR_= EVENT_HDR) + EventHdr->EventSize); - } - break; - } - - return ; -} - -/** - The EFI_TREE_PROTOCOL Get Event Log function call allows a caller to - retrieve the address of a given event log and its last entry.=20 - - @param[in] This Indicates the calling context - @param[in] EventLogFormat The type of the event log for which the i= nformation is requested. - @param[out] EventLogLocation A pointer to the memory address of the ev= ent log. - @param[out] EventLogLastEntry If the Event Log contains more than one e= ntry, this is a pointer to the - address of the start of the last entry in= the event log in memory. - @param[out] EventLogTruncated If the Event Log is missing at least one = entry because an event would - have exceeded the area allocated for even= ts, this value is set to TRUE. - Otherwise, the value will be FALSE and th= e Event Log will be complete. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorre= ct - (e.g. asking for an event log whose forma= t is not supported). -**/ -EFI_STATUS -EFIAPI -TreeGetEventLog ( - IN EFI_TREE_PROTOCOL *This, - IN TREE_EVENT_LOG_FORMAT EventLogFormat, - OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, - OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, - OUT BOOLEAN *EventLogTruncated - ) -{ - UINTN Index; - - DEBUG ((EFI_D_INFO, "TreeGetEventLog ...\n")); - - if (This =3D=3D NULL) { - return EFI_INVALID_PARAMETER; - } - - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - if (EventLogFormat =3D=3D mTreeEventInfo[Index].LogFormat) { - break; - } - } - - if (Index =3D=3D sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0])) { - return EFI_INVALID_PARAMETER; - } - - if (!mTcgDxeData.BsCap.TrEEPresentFlag) { - if (EventLogLocation !=3D NULL) { - *EventLogLocation =3D 0; - } - if (EventLogLastEntry !=3D NULL) { - *EventLogLastEntry =3D 0; - } - if (EventLogTruncated !=3D NULL) { - *EventLogTruncated =3D FALSE; - } - return EFI_SUCCESS; - } - - if (EventLogLocation !=3D NULL) { - *EventLogLocation =3D mTcgDxeData.EventLogAreaStruct[Index].Lasa; - DEBUG ((EFI_D_INFO, "TreeGetEventLog (EventLogLocation - %x)\n", *Even= tLogLocation)); - } - - if (EventLogLastEntry !=3D NULL) { - if (!mTcgDxeData.EventLogAreaStruct[Index].EventLogStarted) { - *EventLogLastEntry =3D (EFI_PHYSICAL_ADDRESS)(UINTN)0; - } else { - *EventLogLastEntry =3D (EFI_PHYSICAL_ADDRESS)(UINTN)mTcgDxeData.Even= tLogAreaStruct[Index].LastEvent; - } - DEBUG ((EFI_D_INFO, "TreeGetEventLog (EventLogLastEntry - %x)\n", *Eve= ntLogLastEntry)); - } - - if (EventLogTruncated !=3D NULL) { - *EventLogTruncated =3D mTcgDxeData.EventLogAreaStruct[Index].EventLogT= runcated; - DEBUG ((EFI_D_INFO, "TreeGetEventLog (EventLogTruncated - %x)\n", *Eve= ntLogTruncated)); - } - - DEBUG ((EFI_D_INFO, "TreeGetEventLog - %r\n", EFI_SUCCESS)); - - // Dump Event Log for debug purpose - if ((EventLogLocation !=3D NULL) && (EventLogLastEntry !=3D NULL)) { - DumpEventLog (EventLogFormat, *EventLogLocation, *EventLogLastEntry); - } - - return EFI_SUCCESS; -} - -/** - Add a new entry to the Event Log. - - @param[in, out] EventLogPtr Pointer to the Event Log data. =20 - @param[in, out] LogSize Size of the Event Log. =20 - @param[in] MaxSize Maximum size of the Event Log. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_E= VENT_EX data structure. =20 - @param[in] NewEventHdrSize New event header size. - @param[in] NewEventData Pointer to the new event data. =20 - @param[in] NewEventSize New event data size. - =20 - @retval EFI_SUCCESS The new event log entry was added. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - -**/ -EFI_STATUS -TcgCommLogEvent ( - IN OUT UINT8 **EventLogPtr, - IN OUT UINTN *LogSize, - IN UINTN MaxSize, - IN VOID *NewEventHdr, - IN UINT32 NewEventHdrSize, - IN UINT8 *NewEventData, - IN UINT32 NewEventSize - ) -{ - UINTN NewLogSize; - - if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) { - return EFI_OUT_OF_RESOURCES; - } - - NewLogSize =3D NewEventHdrSize + NewEventSize; - - if (NewLogSize > MAX_ADDRESS - *LogSize) { - return EFI_OUT_OF_RESOURCES; - } - - if (NewLogSize + *LogSize > MaxSize) { - DEBUG ((EFI_D_INFO, " MaxSize - 0x%x\n", MaxSize)); - DEBUG ((EFI_D_INFO, " NewLogSize - 0x%x\n", NewLogSize)); - DEBUG ((EFI_D_INFO, " LogSize - 0x%x\n", *LogSize)); - DEBUG ((EFI_D_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES)); - return EFI_OUT_OF_RESOURCES; - } - - *EventLogPtr +=3D *LogSize; - *LogSize +=3D NewLogSize; - CopyMem (*EventLogPtr, NewEventHdr, NewEventHdrSize); - CopyMem ( - *EventLogPtr + NewEventHdrSize, - NewEventData, - NewEventSize - ); - return EFI_SUCCESS; -} - -/** - Add a new entry to the Event Log. - - @param[in] EventLogFormat The type of the event log for which the infor= mation is requested. - @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_= EX data structure. =20 - @param[in] NewEventHdrSize New event header size. - @param[in] NewEventData Pointer to the new event data. =20 - @param[in] NewEventSize New event data size. - - @retval EFI_SUCCESS The new event log entry was added. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - -**/ -EFI_STATUS -TcgDxeLogEvent ( - IN TREE_EVENT_LOG_FORMAT EventLogFormat, - IN VOID *NewEventHdr, - IN UINT32 NewEventHdrSize, - IN UINT8 *NewEventData, - IN UINT32 NewEventSize - ) -{ - EFI_STATUS Status; - UINTN Index; - - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - if (EventLogFormat =3D=3D mTreeEventInfo[Index].LogFormat) { - break; - } - } - - if (Index =3D=3D sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0])) { - return EFI_INVALID_PARAMETER; - } - - if (mTcgDxeData.EventLogAreaStruct[Index].EventLogTruncated) { - return EFI_VOLUME_FULL; - } - - mTcgDxeData.EventLogAreaStruct[Index].LastEvent =3D (UINT8*)(UINTN)mTcgD= xeData.EventLogAreaStruct[Index].Lasa; - Status =3D TcgCommLogEvent ( - &mTcgDxeData.EventLogAreaStruct[Index].LastEvent, - &mTcgDxeData.EventLogAreaStruct[Index].EventLogSize, - (UINTN)mTcgDxeData.EventLogAreaStruct[Index].Laml, - NewEventHdr, - NewEventHdrSize, - NewEventData, - NewEventSize - ); - =20 - if (Status =3D=3D EFI_DEVICE_ERROR) { - return EFI_DEVICE_ERROR; - } else if (Status =3D=3D EFI_OUT_OF_RESOURCES) { - mTcgDxeData.EventLogAreaStruct[Index].EventLogTruncated =3D TRUE; - return EFI_VOLUME_FULL; - } else if (Status =3D=3D EFI_SUCCESS) { - mTcgDxeData.EventLogAreaStruct[Index].EventLogStarted =3D TRUE; - } - - return Status; -} - -/** - Add a new entry to the Event Log. - - @param[in] DigestList A list of digest. - @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structu= re. - @param[in] NewEventData Pointer to the new event data. - - @retval EFI_SUCCESS The new event log entry was added. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. -**/ -EFI_STATUS -TcgDxeLogHashEvent ( - IN TPML_DIGEST_VALUES *DigestList, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData - ) -{ - EFI_STATUS Status; - EFI_TPL OldTpl; - UINTN Index; - EFI_STATUS RetStatus; - - RetStatus =3D EFI_SUCCESS; - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].= LogFormat)); - switch (mTreeEventInfo[Index].LogFormat) { - case TREE_EVENT_LOG_FORMAT_TCG_1_2: - Status =3D GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &New= EventHdr->Digest); - if (!EFI_ERROR (Status)) { - // - // Enter critical region - // - OldTpl =3D gBS->RaiseTPL (TPL_HIGH_LEVEL); - Status =3D TcgDxeLogEvent ( - mTreeEventInfo[Index].LogFormat, - NewEventHdr, - sizeof(TCG_PCR_EVENT_HDR), - NewEventData, - NewEventHdr->EventSize - ); - if (Status !=3D EFI_SUCCESS) { - RetStatus =3D Status; - } - gBS->RestoreTPL (OldTpl); - // - // Exit critical region - // - } - break; - } - } - - return RetStatus; -} - -/** - Do a hash operation on a data buffer, extend a specific TPM PCR with the= hash result, - and add an entry to the Event Log. - - @param[in] Flags Bitmap providing additional information. - @param[in] HashData Physical address of the start of the data = buffer=20 - to be hashed, extended, and logged. - @param[in] HashDataLen The length, in bytes, of the buffer refere= nced by HashData - @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data struct= ure. =20 - @param[in] NewEventData Pointer to the new event data. =20 - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - -**/ -EFI_STATUS -TcgDxeHashLogExtendEvent ( - IN UINT64 Flags, - IN UINT8 *HashData, - IN UINT64 HashDataLen, - IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, - IN UINT8 *NewEventData - ) -{ - EFI_STATUS Status; - TPML_DIGEST_VALUES DigestList; - =20 - if (!mTcgDxeData.BsCap.TrEEPresentFlag) { - return EFI_DEVICE_ERROR; - } - - Status =3D HashAndExtend ( - NewEventHdr->PCRIndex, - HashData, - (UINTN)HashDataLen, - &DigestList - ); - if (!EFI_ERROR (Status)) { - if ((Flags & TREE_EXTEND_ONLY) =3D=3D 0) { - Status =3D TcgDxeLogHashEvent (&DigestList, NewEventHdr, NewEventDat= a); - } - } - - if (Status =3D=3D EFI_DEVICE_ERROR) { - DEBUG ((EFI_D_ERROR, "TcgDxeHashLogExtendEvent - %r. Disable TPM.\n", = Status)); - mTcgDxeData.BsCap.TrEEPresentFlag =3D FALSE; - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERRO= R) - ); - } - - return Status; -} - -/** - The EFI_TREE_PROTOCOL HashLogExtendEvent function call provides callers = with - an opportunity to extend and optionally log events without requiring - knowledge of actual TPM commands.=20 - The extend operation will occur even if this function cannot create an e= vent - log entry (e.g. due to the event log being full).=20 - - @param[in] This Indicates the calling context - @param[in] Flags Bitmap providing additional information. - @param[in] DataToHash Physical address of the start of the data= buffer to be hashed.=20 - @param[in] DataToHashLen The length in bytes of the buffer referen= ced by DataToHash. - @param[in] Event Pointer to data buffer containing informa= tion about the event. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_DEVICE_ERROR The command was unsuccessful. - @retval EFI_VOLUME_FULL The extend operation occurred, but the ev= ent could not be written to one or more event logs. - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorre= ct. - @retval EFI_UNSUPPORTED The PE/COFF image type is not supported. -**/ -EFI_STATUS -EFIAPI -TreeHashLogExtendEvent ( - IN EFI_TREE_PROTOCOL *This, - IN UINT64 Flags, - IN EFI_PHYSICAL_ADDRESS DataToHash, - IN UINT64 DataToHashLen, - IN TrEE_EVENT *Event - ) -{ - EFI_STATUS Status; - TCG_PCR_EVENT_HDR NewEventHdr; - TPML_DIGEST_VALUES DigestList; - - DEBUG ((EFI_D_INFO, "TreeHashLogExtendEvent ...\n")); - - if ((This =3D=3D NULL) || (DataToHash =3D=3D 0) || (Event =3D=3D NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (!mTcgDxeData.BsCap.TrEEPresentFlag) { - return EFI_UNSUPPORTED; - } - - if (Event->Size < Event->Header.HeaderSize + sizeof(UINT32)) { - return EFI_INVALID_PARAMETER; - } - - if (Event->Header.PCRIndex > MAX_PCR_INDEX) { - return EFI_INVALID_PARAMETER; - } - - NewEventHdr.PCRIndex =3D Event->Header.PCRIndex; - NewEventHdr.EventType =3D Event->Header.EventType; - NewEventHdr.EventSize =3D Event->Size - sizeof(UINT32) - Event->Header.H= eaderSize; - if ((Flags & PE_COFF_IMAGE) !=3D 0) { - Status =3D MeasurePeImageAndExtend ( - NewEventHdr.PCRIndex, - DataToHash, - (UINTN)DataToHashLen, - &DigestList - ); - if (!EFI_ERROR (Status)) { - if ((Flags & TREE_EXTEND_ONLY) =3D=3D 0) { - Status =3D TcgDxeLogHashEvent (&DigestList, &NewEventHdr, Event->E= vent); - } - } - if (Status =3D=3D EFI_DEVICE_ERROR) { - DEBUG ((EFI_D_ERROR, "MeasurePeImageAndExtend - %r. Disable TPM.\n",= Status)); - mTcgDxeData.BsCap.TrEEPresentFlag =3D FALSE; - REPORT_STATUS_CODE ( - EFI_ERROR_CODE | EFI_ERROR_MINOR, - (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ER= ROR) - ); - } - } else { - Status =3D TcgDxeHashLogExtendEvent ( - Flags, - (UINT8 *) (UINTN) DataToHash, - DataToHashLen, - &NewEventHdr, - Event->Event - ); - } - DEBUG ((EFI_D_INFO, "TreeHashLogExtendEvent - %r\n", Status)); - return Status; -} - -/** - This service enables the sending of commands to the TrEE. - - @param[in] This Indicates the calling context - @param[in] InputParameterBlockSize Size of the TrEE input parameter bl= ock. - @param[in] InputParameterBlock Pointer to the TrEE input parameter= block. - @param[in] OutputParameterBlockSize Size of the TrEE output parameter b= lock. - @param[in] OutputParameterBlock Pointer to the TrEE output paramete= r block. - - @retval EFI_SUCCESS The command byte stream was successfully = sent to the device and a response was successfully received. - @retval EFI_DEVICE_ERROR The command was not successfully sent to = the device or a response was not successfully received from the device. - @retval EFI_INVALID_PARAMETER One or more of the parameters are incorre= ct. - @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small.=20 -**/ -EFI_STATUS -EFIAPI -TreeSubmitCommand ( - IN EFI_TREE_PROTOCOL *This, - IN UINT32 InputParameterBlockSize, - IN UINT8 *InputParameterBlock, - IN UINT32 OutputParameterBlockSize, - IN UINT8 *OutputParameterBlock - ) -{ - EFI_STATUS Status; - - DEBUG ((EFI_D_INFO, "TreeSubmitCommand ...\n")); - - if ((This =3D=3D NULL) || - (InputParameterBlockSize =3D=3D 0) || (InputParameterBlock =3D=3D NU= LL) || - (OutputParameterBlockSize =3D=3D 0) || (OutputParameterBlock =3D=3D = NULL)) { - return EFI_INVALID_PARAMETER; - } - - if (!mTcgDxeData.BsCap.TrEEPresentFlag) { - return EFI_UNSUPPORTED; - } - - if (InputParameterBlockSize > mTcgDxeData.BsCap.MaxCommandSize) { - return EFI_INVALID_PARAMETER; - } - if (OutputParameterBlockSize > mTcgDxeData.BsCap.MaxResponseSize) { - return EFI_INVALID_PARAMETER; - } - - Status =3D Tpm2SubmitCommand ( - InputParameterBlockSize, - InputParameterBlock, - &OutputParameterBlockSize, - OutputParameterBlock - ); - DEBUG ((EFI_D_INFO, "TreeSubmitCommand - %r\n", Status)); - return Status; -} - - -EFI_TREE_PROTOCOL mTreeProtocol =3D { - TreeGetCapability, - TreeGetEventLog, - TreeHashLogExtendEvent, - TreeSubmitCommand -}; - -/** - Initialize the Event Log and log events passed from the PEI phase. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - -**/ -EFI_STATUS -SetupEventLog ( - VOID - ) -{ - EFI_STATUS Status; - VOID *TcgEvent; - EFI_PEI_HOB_POINTERS GuidHob; - EFI_PHYSICAL_ADDRESS Lasa; - UINTN Index; - - DEBUG ((EFI_D_INFO, "SetupEventLog\n")); - - // - // 1. Create Log Area - // - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - mTcgDxeData.EventLogAreaStruct[Index].EventLogFormat =3D mTreeEventI= nfo[Index].LogFormat; - Lasa =3D (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1); - Status =3D gBS->AllocatePages ( - AllocateMaxAddress, - EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), - &Lasa - ); - if (EFI_ERROR (Status)) { - return Status; - } - mTcgDxeData.EventLogAreaStruct[Index].Lasa =3D Lasa; - mTcgDxeData.EventLogAreaStruct[Index].Laml =3D PcdGet32 (PcdTcgLogAr= eaMinLen); - // - // To initialize them as 0xFF is recommended=20 - // because the OS can know the last entry for that. - // - SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); - } - - // - // 2. Create ACPI table for TCG1.2 only - // - if (PcdGet8 (PcdTpmPlatformClass) =3D=3D TCG_PLATFORM_TYPE_CLIENT) { - mTcgClientAcpiTemplate.Lasa =3D mTcgDxeData.EventLogAreaStruct[0].La= sa; - mTcgClientAcpiTemplate.Laml =3D PcdGet32 (PcdTcgLogAreaMinLen); - } else { - mTcgServerAcpiTemplate.Lasa =3D mTcgDxeData.EventLogAreaStruct[0].La= sa; - mTcgServerAcpiTemplate.Laml =3D PcdGet32 (PcdTcgLogAreaMinLen); - } - - // - // 3. Sync data from PEI to DXE - // - Status =3D EFI_SUCCESS; - for (Index =3D 0; Index < sizeof(mTreeEventInfo)/sizeof(mTreeEventInfo[0= ]); Index++) { - GuidHob.Raw =3D GetHobList (); - Status =3D EFI_SUCCESS; - while (!EFI_ERROR (Status) &&=20 - (GuidHob.Raw =3D GetNextGuidHob (mTreeEventInfo[Index].EventG= uid, GuidHob.Raw)) !=3D NULL) { - TcgEvent =3D GET_GUID_HOB_DATA (GuidHob.Guid); - GuidHob.Raw =3D GET_NEXT_HOB (GuidHob); - switch (mTreeEventInfo[Index].LogFormat) { - case TREE_EVENT_LOG_FORMAT_TCG_1_2: - Status =3D TcgDxeLogEvent ( - mTreeEventInfo[Index].LogFormat, - TcgEvent, - sizeof(TCG_PCR_EVENT_HDR), - ((TCG_PCR_EVENT*)TcgEvent)->Event, - ((TCG_PCR_EVENT_HDR*)TcgEvent)->EventSize - ); - break; - } - } - } - - return Status; -} - -/** - Measure and log an action string, and extend the measurement result into= PCR[5]. - - @param[in] String A specific string that indicates an Action e= vent. =20 - =20 - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -TcgMeasureAction ( - IN CHAR8 *String - ) -{ - TCG_PCR_EVENT_HDR TcgEvent; - - TcgEvent.PCRIndex =3D 5; - TcgEvent.EventType =3D EV_EFI_ACTION; - TcgEvent.EventSize =3D (UINT32)AsciiStrLen (String); - return TcgDxeHashLogExtendEvent ( - 0, - (UINT8*)String, - TcgEvent.EventSize, - &TcgEvent, - (UINT8 *) String - ); -} - -/** - Measure and log EFI handoff tables, and extend the measurement result in= to PCR[1]. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureHandoffTables ( - VOID - ) -{ - EFI_STATUS Status; - TCG_PCR_EVENT_HDR TcgEvent; - EFI_HANDOFF_TABLE_POINTERS HandoffTables; - UINTN ProcessorNum; - EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; - - ProcessorLocBuf =3D NULL; - Status =3D EFI_SUCCESS; - - if (PcdGet8 (PcdTpmPlatformClass) =3D=3D TCG_PLATFORM_TYPE_SERVER) { - // - // Tcg Server spec.=20 - // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_D= EVICES to PCR[1] - // - Status =3D GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum); - - if (!EFI_ERROR(Status)){ - TcgEvent.PCRIndex =3D 1; - TcgEvent.EventType =3D EV_TABLE_OF_DEVICES; - TcgEvent.EventSize =3D sizeof (HandoffTables); - - HandoffTables.NumberOfTables =3D 1; - HandoffTables.TableEntry[0].VendorGuid =3D gEfiMpServiceProtocolGui= d; - HandoffTables.TableEntry[0].VendorTable =3D ProcessorLocBuf; - - Status =3D TcgDxeHashLogExtendEvent ( - 0, - (UINT8*)(UINTN)ProcessorLocBuf, - sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, - &TcgEvent, - (UINT8*)&HandoffTables - ); - - FreePool(ProcessorLocBuf); - } - } - - return Status; -} - -/** - Measure and log Separator event, and extend the measurement result into = a specific PCR. - - @param[in] PCRIndex PCR index. =20 - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureSeparatorEvent ( - IN TPM_PCRINDEX PCRIndex - ) -{ - TCG_PCR_EVENT_HDR TcgEvent; - UINT32 EventData; - - DEBUG ((EFI_D_INFO, "MeasureSeparatorEvent Pcr - %x\n", PCRIndex)); - - EventData =3D 0; - TcgEvent.PCRIndex =3D PCRIndex; - TcgEvent.EventType =3D EV_SEPARATOR; - TcgEvent.EventSize =3D (UINT32)sizeof (EventData); - return TcgDxeHashLogExtendEvent ( - 0, - (UINT8 *)&EventData, - sizeof (EventData), - &TcgEvent, - (UINT8 *)&EventData - ); -} - -/** - Measure and log an EFI variable, and extend the measurement result into = a specific PCR. - - @param[in] PCRIndex PCR Index. =20 - @param[in] EventType Event type. =20 - @param[in] VarName A Null-terminated string that is the name = of the vendor's variable. - @param[in] VendorGuid A unique identifier for the vendor. - @param[in] VarData The content of the variable data. =20 - @param[in] VarSize The size of the variable data. =20 -=20 - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureVariable ( - IN TPM_PCRINDEX PCRIndex, - IN TCG_EVENTTYPE EventType, - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - IN VOID *VarData, - IN UINTN VarSize - ) -{ - EFI_STATUS Status; - TCG_PCR_EVENT_HDR TcgEvent; - UINTN VarNameLength; - EFI_VARIABLE_DATA_TREE *VarLog; - - DEBUG ((EFI_D_INFO, "TrEEDxe: MeasureVariable (Pcr - %x, EventType - %x,= ", (UINTN)PCRIndex, (UINTN)EventType)); - DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, Ve= ndorGuid)); - - VarNameLength =3D StrLen (VarName); - TcgEvent.PCRIndex =3D PCRIndex; - TcgEvent.EventType =3D EventType; - TcgEvent.EventSize =3D (UINT32)(sizeof (*VarLog) + VarNameLength * sizeo= f (*VarName) + VarSize - - sizeof (VarLog->UnicodeName) - sizeof (VarLog->V= ariableData)); - - VarLog =3D (EFI_VARIABLE_DATA_TREE*)AllocatePool (TcgEvent.EventSize); - if (VarLog =3D=3D NULL) { - return EFI_OUT_OF_RESOURCES; - } - - VarLog->VariableName =3D *VendorGuid; - VarLog->UnicodeNameLength =3D VarNameLength; - VarLog->VariableDataLength =3D VarSize; - CopyMem ( - VarLog->UnicodeName, - VarName, - VarNameLength * sizeof (*VarName) - ); - if (VarSize !=3D 0 && VarData !=3D NULL) { - CopyMem ( - (CHAR16 *)VarLog->UnicodeName + VarNameLength, - VarData, - VarSize - ); - } - - Status =3D TcgDxeHashLogExtendEvent ( - 0, - (UINT8*)VarLog, - TcgEvent.EventSize, - &TcgEvent, - (UINT8*)VarLog - ); - - FreePool (VarLog); - return Status; -} - -/** - Read then Measure and log an EFI variable, and extend the measurement re= sult into a specific PCR. - - @param[in] PCRIndex PCR Index. =20 - @param[in] EventType Event type. =20 - @param[in] VarName A Null-terminated string that is the name = of the vendor's variable. - @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. =20 - @param[out] VarData Pointer to the content of the variable. =20 -=20 - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -ReadAndMeasureVariable ( - IN TPM_PCRINDEX PCRIndex, - IN TCG_EVENTTYPE EventType, - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize, - OUT VOID **VarData - ) -{ - EFI_STATUS Status; - - Status =3D GetVariable2 (VarName, VendorGuid, VarData, VarSize); - if (EventType =3D=3D EV_EFI_VARIABLE_DRIVER_CONFIG) { - if (EFI_ERROR (Status)) { - // - // It is valid case, so we need handle it. - // - *VarData =3D NULL; - *VarSize =3D 0; - } - } else { - // - // if status error, VarData is freed and set NULL by GetVariable2 - // - if (EFI_ERROR (Status)) { - return EFI_NOT_FOUND; - } - } - - Status =3D MeasureVariable ( - PCRIndex, - EventType, - VarName, - VendorGuid, - *VarData, - *VarSize - ); - return Status; -} - -/** - Read then Measure and log an EFI boot variable, and extend the measureme= nt result into PCR[5]. - - @param[in] VarName A Null-terminated string that is the name = of the vendor's variable. - @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. =20 - @param[out] VarData Pointer to the content of the variable. =20 -=20 - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -ReadAndMeasureBootVariable ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize, - OUT VOID **VarData - ) -{ - return ReadAndMeasureVariable ( - 5, - EV_EFI_VARIABLE_BOOT, - VarName, - VendorGuid, - VarSize, - VarData - ); -} - -/** - Read then Measure and log an EFI Secure variable, and extend the measure= ment result into PCR[7]. - - @param[in] VarName A Null-terminated string that is the name = of the vendor's variable. - @param[in] VendorGuid A unique identifier for the vendor. - @param[out] VarSize The size of the variable data. =20 - @param[out] VarData Pointer to the content of the variable. =20 -=20 - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -ReadAndMeasureSecureVariable ( - IN CHAR16 *VarName, - IN EFI_GUID *VendorGuid, - OUT UINTN *VarSize, - OUT VOID **VarData - ) -{ - return ReadAndMeasureVariable ( - 7, - EV_EFI_VARIABLE_DRIVER_CONFIG, - VarName, - VendorGuid, - VarSize, - VarData - ); -} - -/** - Measure and log all EFI boot variables, and extend the measurement resul= t into a specific PCR. - - The EFI boot variables are BootOrder and Boot#### variables. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureAllBootVariables ( - VOID - ) -{ - EFI_STATUS Status; - UINT16 *BootOrder; - UINTN BootCount; - UINTN Index; - VOID *BootVarData; - UINTN Size; - - Status =3D ReadAndMeasureBootVariable ( - mBootVarName, - &gEfiGlobalVariableGuid, - &BootCount, - (VOID **) &BootOrder - ); - if (Status =3D=3D EFI_NOT_FOUND || BootOrder =3D=3D NULL) { - return EFI_SUCCESS; - } - - if (EFI_ERROR (Status)) { - // - // BootOrder can't be NULL if status is not EFI_NOT_FOUND - // - FreePool (BootOrder); - return Status; - } - - BootCount /=3D sizeof (*BootOrder); - for (Index =3D 0; Index < BootCount; Index++) { - UnicodeSPrint (mBootVarName, sizeof (mBootVarName), L"Boot%04x", BootO= rder[Index]); - Status =3D ReadAndMeasureBootVariable ( - mBootVarName, - &gEfiGlobalVariableGuid, - &Size, - &BootVarData - ); - if (!EFI_ERROR (Status)) { - FreePool (BootVarData); - } - } - - FreePool (BootOrder); - return EFI_SUCCESS; -} - -/** - Measure and log all EFI Secure variables, and extend the measurement res= ult into a specific PCR. - - The EFI boot variables are BootOrder and Boot#### variables. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureAllSecureVariables ( - VOID - ) -{ - EFI_STATUS Status; - VOID *Data; - UINTN DataSize; - UINTN Index; - - Status =3D EFI_NOT_FOUND; - for (Index =3D 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0])= ; Index++) { - Status =3D ReadAndMeasureSecureVariable ( - mVariableType[Index].VariableName, - mVariableType[Index].VendorGuid, - &DataSize, - &Data - ); - if (!EFI_ERROR (Status)) { - if (Data !=3D NULL) { - FreePool (Data); - } - } - } - - return EFI_SUCCESS; -} - -/** - Measure and log launch of FirmwareDebugger, and extend the measurement r= esult into a specific PCR. - - @retval EFI_SUCCESS Operation completed successfully. - @retval EFI_OUT_OF_RESOURCES Out of memory. - @retval EFI_DEVICE_ERROR The operation was unsuccessful. - -**/ -EFI_STATUS -MeasureLaunchOfFirmwareDebugger ( - VOID - ) -{ - TCG_PCR_EVENT_HDR TcgEvent; - - TcgEvent.PCRIndex =3D 7; - TcgEvent.EventType =3D EV_EFI_ACTION; - TcgEvent.EventSize =3D sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1; - return TcgDxeHashLogExtendEvent ( - 0, - (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING, - sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1, - &TcgEvent, - (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING - ); -} - -/** - Measure and log all Secure Boot Policy, and extend the measurement resul= t into a specific PCR. - - Platform firmware adhering to the policy must therefore measure the foll= owing values into PCR[7]: (in order listed) - - The contents of the SecureBoot variable - - The contents of the PK variable - - The contents of the KEK variable - - The contents of the EFI_IMAGE_SECURITY_DATABASE variable - - The contents of the EFI_IMAGE_SECURITY_DATABASE1 variable - - Separator - - Entries in the EFI_IMAGE_SECURITY_DATABASE that are used to validate = EFI Drivers or EFI Boot Applications in the boot path - - NOTE: Because of the above, UEFI variables PK, KEK, EFI_IMAGE_SECURITY_D= ATABASE, - EFI_IMAGE_SECURITY_DATABASE1 and SecureBoot SHALL NOT be measured into P= CR[3]. - - @param[in] Event Event whose notification function is being invoked - @param[in] Context Pointer to the notification function's context -**/ -VOID -EFIAPI -MeasureSecureBootPolicy ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EFI_STATUS Status; - VOID *Protocol; - - Status =3D gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL= , (VOID **)&Protocol); - if (EFI_ERROR (Status)) { - return; - } - - if (PcdGetBool (PcdFirmwareDebuggerInitialized)) { - Status =3D MeasureLaunchOfFirmwareDebugger (); - DEBUG ((EFI_D_INFO, "MeasureLaunchOfFirmwareDebugger - %r\n", Status)); - } - - Status =3D MeasureAllSecureVariables (); - DEBUG ((EFI_D_INFO, "MeasureAllSecureVariables - %r\n", Status)); - - // - // We need measure Separator(7) here, because this event must be between= SecureBootPolicy (Configure) - // and ImageVerification (Authority) - // There might be a case that we need measure UEFI image from DriverOrde= r, besides BootOrder. So - // the Authority measurement happen before ReadToBoot event. - // - Status =3D MeasureSeparatorEvent (7); - DEBUG ((EFI_D_INFO, "MeasureSeparatorEvent - %r\n", Status)); - return ; -} - -/** - Ready to Boot Event notification handler. - - Sequence of OS boot events is measured in this event notification handle= r. - - @param[in] Event Event whose notification function is being invoked - @param[in] Context Pointer to the notification function's context - -**/ -VOID -EFIAPI -OnReadyToBoot ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EFI_STATUS Status; - TPM_PCRINDEX PcrIndex; - - PERF_START_EX (mImageHandle, "EventRec", "TrEEDxe", 0, PERF_ID_TREE_DXE); - if (mBootAttempts =3D=3D 0) { - - // - // Measure handoff tables. - // - Status =3D MeasureHandoffTables (); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "HOBs not Measured. Error!\n")); - } - - // - // Measure BootOrder & Boot#### variables. - // - Status =3D MeasureAllBootVariables (); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Boot Variables not Measured. Error!\n")); - } - - // - // 1. This is the first boot attempt. - // - Status =3D TcgMeasureAction ( - EFI_CALLING_EFI_APPLICATION - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_AP= PLICATION)); - } - - // - // 2. Draw a line between pre-boot env and entering post-boot env. - // PCR[7] is already done. - // - for (PcrIndex =3D 0; PcrIndex < 7; PcrIndex++) { - Status =3D MeasureSeparatorEvent (PcrIndex); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Seperator Event not Measured. Error!\n")); - } - } - - // - // 3. Measure GPT. It would be done in SAP driver. - // - - // - // 4. Measure PE/COFF OS loader. It would be done in SAP driver. - // - - // - // 5. Read & Measure variable. BootOrder already measured. - // - } else { - // - // 6. Not first attempt, meaning a return from last attempt - // - Status =3D TcgMeasureAction ( - EFI_RETURNING_FROM_EFI_APPLICATOIN - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM= _EFI_APPLICATOIN)); - } - } - - DEBUG ((EFI_D_INFO, "TPM2 TrEEDxe Measure Data when ReadyToBoot\n")); - // - // Increase boot attempt counter. - // - mBootAttempts++; - PERF_END_EX (mImageHandle, "EventRec", "TrEEDxe", 0, PERF_ID_TREE_DXE + = 1); -} - -/** - Install TCG ACPI Table when ACPI Table Protocol is available. - - A system's firmware uses an ACPI table to identify the system's TCG capa= bilities=20 - to the Post-Boot environment. The information in this ACPI table is not = guaranteed=20 - to be valid until the Host Platform transitions from pre-boot state to p= ost-boot state. =20 - - @param[in] Event Event whose notification function is being invoked - @param[in] Context Pointer to the notification function's context -**/ -VOID -EFIAPI -InstallAcpiTable ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - UINTN TableKey; - EFI_STATUS Status; - EFI_ACPI_TABLE_PROTOCOL *AcpiTable; - UINT8 Checksum; - UINT64 OemTableId; - - Status =3D gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID = **)&AcpiTable); - if (EFI_ERROR (Status)) { - return; - } - - if (PcdGet8 (PcdTpmPlatformClass) =3D=3D TCG_PLATFORM_TYPE_CLIENT) { - CopyMem (mTcgClientAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaul= tOemId), sizeof (mTcgClientAcpiTemplate.Header.OemId)); - OemTableId =3D PcdGet64 (PcdAcpiDefaultOemTableId); - CopyMem (&mTcgClientAcpiTemplate.Header.OemTableId, &OemTableId, sizeo= f (UINT64)); - mTcgClientAcpiTemplate.Header.OemRevision =3D PcdGet32 (PcdAcpiDe= faultOemRevision); - mTcgClientAcpiTemplate.Header.CreatorId =3D PcdGet32 (PcdAcpiDe= faultCreatorId); - mTcgClientAcpiTemplate.Header.CreatorRevision =3D PcdGet32 (PcdAcpiDe= faultCreatorRevision); - // - // The ACPI table must be checksumed before calling the InstallAcpiTab= le()=20 - // service of the ACPI table protocol to install it. - // - Checksum =3D CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, siz= eof (mTcgClientAcpiTemplate)); - mTcgClientAcpiTemplate.Header.Checksum =3D Checksum; - - Status =3D AcpiTable->InstallAcpiTable ( - AcpiTable, - &mTcgClientAcpiTemplate, - sizeof (mTcgClientAcpiTemplate), - &TableKey - ); - } else { - CopyMem (mTcgServerAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaul= tOemId), sizeof (mTcgServerAcpiTemplate.Header.OemId)); - OemTableId =3D PcdGet64 (PcdAcpiDefaultOemTableId); - CopyMem (&mTcgServerAcpiTemplate.Header.OemTableId, &OemTableId, sizeo= f (UINT64)); - mTcgServerAcpiTemplate.Header.OemRevision =3D PcdGet32 (PcdAcpiDe= faultOemRevision); - mTcgServerAcpiTemplate.Header.CreatorId =3D PcdGet32 (PcdAcpiDe= faultCreatorId); - mTcgServerAcpiTemplate.Header.CreatorRevision =3D PcdGet32 (PcdAcpiDe= faultCreatorRevision); - // - // The ACPI table must be checksumed before calling the InstallAcpiTab= le()=20 - // service of the ACPI table protocol to install it. - // - Checksum =3D CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, siz= eof (mTcgServerAcpiTemplate)); - mTcgServerAcpiTemplate.Header.Checksum =3D Checksum; - - mTcgServerAcpiTemplate.BaseAddress.Address =3D PcdGet64 (PcdTpmBaseAdd= ress); - Status =3D AcpiTable->InstallAcpiTable ( - AcpiTable, - &mTcgServerAcpiTemplate, - sizeof (mTcgServerAcpiTemplate), - &TableKey - ); - } - - if (EFI_ERROR (Status)) { - DEBUG((EFI_D_ERROR, "Tcg Acpi Table installation failure")); - } -} - -/** - Exit Boot Services Event notification handler. - - Measure invocation and success of ExitBootServices. - - @param[in] Event Event whose notification function is being invoked - @param[in] Context Pointer to the notification function's context - -**/ -VOID -EFIAPI -OnExitBootServices ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EFI_STATUS Status; - - // - // Measure invocation of ExitBootServices, - // - Status =3D TcgMeasureAction ( - EFI_EXIT_BOOT_SERVICES_INVOCATION - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVIC= ES_INVOCATION)); - } - - // - // Measure success of ExitBootServices - // - Status =3D TcgMeasureAction ( - EFI_EXIT_BOOT_SERVICES_SUCCEEDED - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVIC= ES_SUCCEEDED)); - } -} - -/** - Exit Boot Services Failed Event notification handler. - - Measure Failure of ExitBootServices. - - @param[in] Event Event whose notification function is being invoked - @param[in] Context Pointer to the notification function's context - -**/ -VOID -EFIAPI -OnExitBootServicesFailed ( - IN EFI_EVENT Event, - IN VOID *Context - ) -{ - EFI_STATUS Status; - - // - // Measure Failure of ExitBootServices, - // - Status =3D TcgMeasureAction ( - EFI_EXIT_BOOT_SERVICES_FAILED - ); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVIC= ES_FAILED)); - } - -} - -/** - The function install TrEE protocol. - =20 - @retval EFI_SUCCESS TrEE protocol is installed. - @retval other Some error occurs. -**/ -EFI_STATUS -InstallTrEE ( - VOID - ) -{ - EFI_STATUS Status; - EFI_HANDLE Handle; - - Handle =3D NULL; - Status =3D gBS->InstallMultipleProtocolInterfaces ( - &Handle, - &gEfiTrEEProtocolGuid, - &mTreeProtocol, - NULL - ); - return Status; -} - -/** - The driver's entry point. It publishes EFI TrEE Protocol. - - @param[in] ImageHandle The firmware allocated handle for the EFI image.= =20 - @param[in] SystemTable A pointer to the EFI System Table. - =20 - @retval EFI_SUCCESS The entry point is executed successfully. - @retval other Some error occurs when executing this entry poin= t. -**/ -EFI_STATUS -EFIAPI -DriverEntry ( - IN EFI_HANDLE ImageHandle, - IN EFI_SYSTEM_TABLE *SystemTable - ) -{ - EFI_STATUS Status; - EFI_EVENT Event; - VOID *Registration; - UINT32 MaxCommandSize; - UINT32 MaxResponseSize; - TPML_PCR_SELECTION Pcrs; - UINTN Index; - UINT32 TpmHashAlgorithmBitmap; - - mImageHandle =3D ImageHandle; - - if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNo= neGuid) || - CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTp= m12Guid)){ - DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); - return EFI_UNSUPPORTED; - } - - if (GetFirstGuidHob (&gTpmErrorHobGuid) !=3D NULL) { - DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); - return EFI_DEVICE_ERROR; - } - =20 - Status =3D Tpm2RequestUseTpm (); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n")); - return Status; - } - =20 - // - // Fill information - // - DEBUG ((EFI_D_INFO, "TrEE.ProtocolVersion - %02x.%02x\n", mTcgDxeData.B= sCap.ProtocolVersion.Major, mTcgDxeData.BsCap.ProtocolVersion.Minor)); - DEBUG ((EFI_D_INFO, "TrEE.StructureVersion - %02x.%02x\n", mTcgDxeData.B= sCap.StructureVersion.Major, mTcgDxeData.BsCap.StructureVersion.Minor)); - - Status =3D Tpm2GetCapabilityManufactureID (&mTcgDxeData.BsCap.Manufactur= erID); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityManufactureID fail!\n")); - } else { - DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityManufactureID - %08x\n", mTcgDxe= Data.BsCap.ManufacturerID)); - } - - DEBUG_CODE ( - UINT32 FirmwareVersion1; - UINT32 FirmwareVersion2; - - Status =3D Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &Firmw= areVersion2); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityFirmwareVersion fail!\n")); - } else { - DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityFirmwareVersion - %08x %08x\n"= , FirmwareVersion1, FirmwareVersion2)); - } - ); - - Status =3D Tpm2GetCapabilityMaxCommandResponseSize (&MaxCommandSize, &Ma= xResponseSize); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityMaxCommandResponseSize fail!\n"= )); - } else { - mTcgDxeData.BsCap.MaxCommandSize =3D (UINT16)MaxCommandSize; - mTcgDxeData.BsCap.MaxResponseSize =3D (UINT16)MaxResponseSize; - DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityMaxCommandResponseSize - %08x, %= 08x\n", MaxCommandSize, MaxResponseSize)); - } - - Status =3D Tpm2GetCapabilityPcrs (&Pcrs); - if (EFI_ERROR (Status)) { - DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n")); - TpmHashAlgorithmBitmap =3D TREE_BOOT_HASH_ALG_SHA1; - } else { - DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count= )); - TpmHashAlgorithmBitmap =3D 0; - for (Index =3D 0; Index < Pcrs.count; Index++) { - DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash)); - switch (Pcrs.pcrSelections[Index].hash) { - case TPM_ALG_SHA1: - TpmHashAlgorithmBitmap |=3D TREE_BOOT_HASH_ALG_SHA1; - break; - case TPM_ALG_SHA256: - TpmHashAlgorithmBitmap |=3D TREE_BOOT_HASH_ALG_SHA256; - break; - case TPM_ALG_SHA384: - TpmHashAlgorithmBitmap |=3D TREE_BOOT_HASH_ALG_SHA384; - break; - case TPM_ALG_SHA512: - TpmHashAlgorithmBitmap |=3D TREE_BOOT_HASH_ALG_SHA512; - break; - case TPM_ALG_SM3_256: - // TBD: Spec not define TREE_BOOT_HASH_ALG_SM3_256 yet - break; - } - } - } - DEBUG ((EFI_D_INFO, "TPM.HashAlgorithmBitmap - 0x%08x\n", TpmHashAlgorit= hmBitmap)); - - DEBUG ((EFI_D_INFO, "TrEE.SupportedEventLogs - 0x%08x\n", mTcgDxeData.Bs= Cap.SupportedEventLogs)); - mTcgDxeData.BsCap.HashAlgorithmBitmap =3D TpmHashAlgorithmBitmap; - DEBUG ((EFI_D_INFO, "TrEE.HashAlgorithmBitmap - 0x%08x\n", mTcgDxeData.B= sCap.HashAlgorithmBitmap)); - - if (mTcgDxeData.BsCap.TrEEPresentFlag) { - // - // Setup the log area and copy event log from hob list to it - // - Status =3D SetupEventLog (); - ASSERT_EFI_ERROR (Status); - - // - // Measure handoff tables, Boot#### variables etc. - // - Status =3D EfiCreateEventReadyToBootEx ( - TPL_CALLBACK, - OnReadyToBoot, - NULL, - &Event - ); - - Status =3D gBS->CreateEventEx ( - EVT_NOTIFY_SIGNAL, - TPL_NOTIFY, - OnExitBootServices, - NULL, - &gEfiEventExitBootServicesGuid, - &Event - ); - - // - // Measure Exit Boot Service failed=20 - // - Status =3D gBS->CreateEventEx ( - EVT_NOTIFY_SIGNAL, - TPL_NOTIFY, - OnExitBootServicesFailed, - NULL, - &gEventExitBootServicesFailedGuid, - &Event - ); - - // - // Create event callback, because we need access variable on SecureBoo= tPolicyVariable - // We should use VariableWriteArch instead of VariableArch, because Va= riable driver - // may update SecureBoot value based on last setting. - // - EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_= CALLBACK, MeasureSecureBootPolicy, NULL, &Registration); - } - - // - // Install ACPI Table - // - EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid, TPL_CALLBACK, = InstallAcpiTable, NULL, &Registration); - - // - // Install TrEEProtocol - // - Status =3D InstallTrEE (); - DEBUG ((EFI_D_INFO, "InstallTrEE - %r\n", Status)); - - return Status; -} diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf b/SecurityPkg/Tcg/TrEEDxe/= TrEEDxe.inf deleted file mode 100644 index 2dd038aba3..0000000000 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +++ /dev/null @@ -1,104 +0,0 @@ -## @file -# Produces TrEE protocol and measure boot environment -# This module will produce TrEE protocol and measure boot environment. -# -# Caution: This module requires additional review when modified. -# This driver will have external input - PE/COFF image. -# This external input must be validated carefully to avoid security issue= like -# buffer overflow, integer overflow. -# -# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
-# This program and the accompanying materials -# are licensed and made available under the terms and conditions of the BS= D License -# which accompanies this distribution. The full text of the license may be= found at -# http://opensource.org/licenses/bsd-license.php -# THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -# WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMP= LIED. -# -## - -[Defines] - INF_VERSION =3D 0x00010005 - BASE_NAME =3D TrEEDxe - MODULE_UNI_FILE =3D TrEEDxe.uni - FILE_GUID =3D 2A7946E3-1AB2-49a9-ACCB-C6275139C1A5 - MODULE_TYPE =3D DXE_DRIVER - VERSION_STRING =3D 1.0 - ENTRY_POINT =3D DriverEntry - -# -# The following information is for reference only and not required by the = build tools. -# -# VALID_ARCHITECTURES =3D IA32 X64 IPF -# - -[Sources] - TrEEDxe.c - MeasureBootPeCoff.c - -[Packages] - MdePkg/MdePkg.dec - MdeModulePkg/MdeModulePkg.dec - SecurityPkg/SecurityPkg.dec - CryptoPkg/CryptoPkg.dec - -[LibraryClasses] - MemoryAllocationLib - BaseLib - UefiBootServicesTableLib - HobLib - UefiDriverEntryPoint - UefiRuntimeServicesTableLib - BaseMemoryLib - DebugLib - Tpm2CommandLib - PrintLib - UefiLib - Tpm2DeviceLib - HashLib - PerformanceLib - ReportStatusCodeLib - PeCoffLib - -[Guids] - ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" - ## SOMETIMES_CONSUMES ## Variable:L"PK" - ## SOMETIMES_CONSUMES ## Variable:L"KEK" - ## SOMETIMES_CONSUMES ## Variable:L"BootXXXX" - gEfiGlobalVariableGuid - - ## SOMETIMES_CONSUMES ## Variable:L"db" - ## SOMETIMES_CONSUMES ## Variable:L"dbx" - gEfiImageSecurityDatabaseGuid - =20 - gTcgEventEntryHobGuid ## SOMETIMES_CONSUMES= ## HOB - gTpmErrorHobGuid ## SOMETIMES_CONSUMES= ## HOB - gEfiEventExitBootServicesGuid ## CONSUMES = ## Event - gEventExitBootServicesFailedGuid ## SOMETIMES_CONSUMES= ## Event - gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_CONSUMES= ## GUID # TPM device identifier - gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES= ## GUID # TPM device identifier - -[Protocols] - gEfiTrEEProtocolGuid ## PRODUCES - gEfiAcpiTableProtocolGuid ## NOTIFY - gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES - gEfiVariableWriteArchProtocolGuid ## NOTIFY - -[Pcd] - gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass = ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized = ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid = ## CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress = ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId = ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId = ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision = ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId = ## SOMETIMES_CONSUMES - gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision = ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice = ## SOMETIMES_CONSUMES - gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen = ## CONSUMES - -[Depex] - TRUE - -[UserExtensions.TianoCore."ExtraFiles"] - TrEEDxeExtra.uni diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni b/SecurityPkg/Tcg/TrEEDxe/= TrEEDxe.uni deleted file mode 100644 index fd7292d3a8..0000000000 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.uni +++ /dev/null @@ -1,26 +0,0 @@ -// /** @file -// Produces TrEE protocol and measure boot environment -// -// This module will produce TrEE protocol and measure boot environment. -//=20 -// Caution: This module requires additional review when modified. -// This driver will have external input - PE/COFF image. -// This external input must be validated carefully to avoid security issue= like -// buffer overflow, integer overflow. -// -// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - - -#string STR_MODULE_ABSTRACT #language en-US "Produces TrEE pro= tocol and measure boot environment" - -#string STR_MODULE_DESCRIPTION #language en-US "This module will = produce TrEE protocol and measure boot environment." - diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni b/SecurityPkg/Tcg/TrE= EDxe/TrEEDxeExtra.uni deleted file mode 100644 index 2ca23ebab7..0000000000 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxeExtra.uni +++ /dev/null @@ -1,17 +0,0 @@ -// /** @file -// TrEEDxe Localized Strings and Content -// -// Copyright (c) 2014, Intel Corporation. All rights reserved.
-// -// This program and the accompanying materials -// are licensed and made available under the terms and conditions of the B= SD License -// which accompanies this distribution. The full text of the license may b= e found at -// http://opensource.org/licenses/bsd-license.php -// THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, -// WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IM= PLIED. -// -// **/ - -#string STR_PROPERTIES_MODULE_NAME=20 -#language en-US=20 -"TrEE (Trusted Execution Environment) DXE" \ No newline at end of file --=20 2.16.2.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel