- Generated on Fri Nov 15 2024 18:01:41 for TianoCore EDK2 by
1.9.6
|
TianoCore EDK2 master
|
#include <PiDxe.h>#include <Protocol/Tcg2Protocol.h>#include <Protocol/BlockIo.h>#include <Protocol/DiskIo.h>#include <Protocol/DevicePathToText.h>#include <Protocol/FirmwareVolumeBlock.h>#include <Guid/MeasuredFvHob.h>#include <Library/BaseLib.h>#include <Library/DebugLib.h>#include <Library/BaseMemoryLib.h>#include <Library/MemoryAllocationLib.h>#include <Library/DevicePathLib.h>#include <Library/UefiBootServicesTableLib.h>#include <Library/BaseCryptLib.h>#include <Library/PeCoffLib.h>#include <Library/SecurityManagementLib.h>#include <Library/HobLib.h>#include <Protocol/CcMeasurement.h>#include "DxeTpm2MeasureBootLibSanitization.h"Go to the source code of this file.
Data Structures | |
| struct | MEASURE_BOOT_PROTOCOLS |
Functions | |
| EFI_STATUS EFIAPI | DxeTpm2MeasureBootLibImageRead (IN VOID *FileHandle, IN UINTN FileOffset, IN OUT UINTN *ReadSize, OUT VOID *Buffer) |
| EFI_STATUS EFIAPI | Tcg2MeasureGptTable (IN MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols, IN EFI_HANDLE GptHandle) |
| EFI_STATUS EFIAPI | Tcg2MeasurePeImage (IN MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols, IN EFI_PHYSICAL_ADDRESS ImageAddress, IN UINTN ImageSize, IN UINTN LinkTimeBase, IN UINT16 ImageType, IN EFI_DEVICE_PATH_PROTOCOL *FilePath) |
| EFI_STATUS EFIAPI | GetMeasureBootProtocols (MEASURE_BOOT_PROTOCOLS *MeasureBootProtocols) |
| EFI_STATUS EFIAPI | DxeTpm2MeasureBootHandler (IN UINT32 AuthenticationStatus, IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL, IN VOID *FileBuffer, IN UINTN FileSize, IN BOOLEAN BootPolicy) |
| EFI_STATUS EFIAPI | DxeTpm2MeasureBootLibConstructor (IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable) |
Variables | |
| BOOLEAN | mTcg2MeasureGptTableFlag = FALSE |
| UINTN | mTcg2MeasureGptCount = 0 |
| VOID * | mTcg2FileBuffer |
| UINTN | mTcg2ImageSize |
| EFI_HANDLE | mTcg2CacheMeasuredHandle = NULL |
| MEASURED_HOB_DATA * | mTcg2MeasuredHobData = NULL |
The library instance provides security service of TPM2 measure boot and Confidential Computing (CC) measure boot.
Caution: This file requires additional review when modified. This library will have external input - PE/COFF image and GPT partition. This external input must be validated carefully to avoid security issue like buffer overflow, integer overflow.
DxeTpm2MeasureBootLibImageRead() function will make sure the PE/COFF image content read is within the image buffer.
Tcg2MeasurePeImage() function will accept untrusted PE/COFF image and validate its data structure within this image buffer before use.
Tcg2MeasureGptTable() function will receive untrusted GPT partition table, and parse partition data carefully.
Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.
(C) Copyright 2015 Hewlett Packard Enterprise Development LP
SPDX-License-Identifier: BSD-2-Clause-Patent
Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent
Definition in file DxeTpm2MeasureBootLib.c.
| EFI_STATUS EFIAPI DxeTpm2MeasureBootHandler | ( | IN UINT32 | AuthenticationStatus, |
| IN CONST EFI_DEVICE_PATH_PROTOCOL *File | OPTIONAL, | ||
| IN VOID * | FileBuffer, | ||
| IN UINTN | FileSize, | ||
| IN BOOLEAN | BootPolicy | ||
| ) |
The security handler is used to abstract platform-specific policy from the DXE core response to an attempt to use a file that returns a given status for the authentication check from the section extraction protocol.
The possible responses in a given SAP implementation may include locking flash upon failure to authenticate, attestation logging for all signed drivers, and other exception operations. The File parameter allows for possible logging within the SAP of the driver.
If the file specified by File with an authentication status specified by AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned.
If the file specified by File with an authentication status specified by AuthenticationStatus is not safe for the DXE Core to use under any circumstances, then EFI_ACCESS_DENIED is returned.
If the file specified by File with an authentication status specified by AuthenticationStatus is not safe for the DXE Core to use right now, but it might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is returned.
If check image specified by FileBuffer and File is NULL meanwhile, return EFI_ACCESS_DENIED.
| [in] | AuthenticationStatus | This is the authentication status returned from the securitymeasurement services for the input file. |
| [in] | File | This is a pointer to the device path of the file that is being dispatched. This will optionally be used for logging. |
| [in] | FileBuffer | File buffer matches the input file device path. |
| [in] | FileSize | Size of File buffer matches the input file device path. |
| [in] | BootPolicy | A boot policy that was used to call LoadImage() UEFI service. |
| EFI_SUCCESS | The file specified by DevicePath and non-NULL FileBuffer did authenticate, and the platform policy dictates that the DXE Foundation may use the file. |
| other | error value |
Definition at line 628 of file DxeTpm2MeasureBootLib.c.
| EFI_STATUS EFIAPI DxeTpm2MeasureBootLibConstructor | ( | IN EFI_HANDLE | ImageHandle, |
| IN EFI_SYSTEM_TABLE * | SystemTable | ||
| ) |
Register the security handler to provide TPM measure boot service.
| ImageHandle | ImageHandle of the loaded driver. |
| SystemTable | Pointer to the EFI System Table. |
| EFI_SUCCESS | Register successfully. |
| EFI_OUT_OF_RESOURCES | No enough memory to register this handler. |
Definition at line 899 of file DxeTpm2MeasureBootLib.c.
| EFI_STATUS EFIAPI DxeTpm2MeasureBootLibImageRead | ( | IN VOID * | FileHandle, |
| IN UINTN | FileOffset, | ||
| IN OUT UINTN * | ReadSize, | ||
| OUT VOID * | Buffer | ||
| ) |
Reads contents of a PE/COFF image in memory buffer.
Caution: This function may receive untrusted input. PE/COFF image is external input, so this function will make sure the PE/COFF image content read is within the image buffer.
| FileHandle | Pointer to the file handle to read the PE/COFF image. |
| FileOffset | Offset into the PE/COFF image to begin the read operation. |
| ReadSize | On input, the size in bytes of the requested read operation. On output, the number of bytes actually read. |
| Buffer | Output buffer that contains the data read from the PE/COFF image. |
| EFI_SUCCESS | The specified portion of the PE/COFF image was read and the size |
Definition at line 86 of file DxeTpm2MeasureBootLib.c.
| EFI_STATUS EFIAPI GetMeasureBootProtocols | ( | MEASURE_BOOT_PROTOCOLS * | MeasureBootProtocols | ) |
Get the measure boot protocols.
There are 2 measure boot, TCG2 protocol based and Cc measurement protocol based.
| MeasureBootProtocols | Pointer to the located measure boot protocol instances. |
| EFI_SUCCESS | Successfully locate the measure boot protocol instances (at least one instance). |
| EFI_UNSUPPORTED | Measure boot is not supported. |
Definition at line 536 of file DxeTpm2MeasureBootLib.c.
| EFI_STATUS EFIAPI Tcg2MeasureGptTable | ( | IN MEASURE_BOOT_PROTOCOLS * | MeasureBootProtocols, |
| IN EFI_HANDLE | GptHandle | ||
| ) |
Measure GPT table data into TPM log.
Caution: This function may receive untrusted input. The GPT partition table is external input, so this function should parse partition data carefully.
| MeasureBootProtocols | Pointer to the located MeasureBoot protocol instances (i.e. TCG2/CC protocol). |
| GptHandle | Handle that GPT partition was installed. |
| EFI_SUCCESS | Successfully measure GPT table. |
| EFI_UNSUPPORTED | Not support GPT table on the given handle. |
| EFI_DEVICE_ERROR | Can't get GPT table because device error. |
| EFI_OUT_OF_RESOURCES | No enough resource to measure GPT table. |
| other | error value |
Definition at line 134 of file DxeTpm2MeasureBootLib.c.
| EFI_STATUS EFIAPI Tcg2MeasurePeImage | ( | IN MEASURE_BOOT_PROTOCOLS * | MeasureBootProtocols, |
| IN EFI_PHYSICAL_ADDRESS | ImageAddress, | ||
| IN UINTN | ImageSize, | ||
| IN UINTN | LinkTimeBase, | ||
| IN UINT16 | ImageType, | ||
| IN EFI_DEVICE_PATH_PROTOCOL * | FilePath | ||
| ) |
Measure PE image into TPM log based on the authenticode image hashing in PE/COFF Specification 8.0 Appendix A.
Caution: This function may receive untrusted input. PE/COFF image is external input, so this function will validate its data structure within this image buffer before use.
| [in] | MeasureBootProtocols | Pointer to the located MeasureBoot protocol instances. |
| [in] | ImageAddress | Start address of image buffer. |
| [in] | ImageSize | Image size |
| [in] | LinkTimeBase | Address that the image is loaded into memory. |
| [in] | ImageType | Image subsystem type. |
| [in] | FilePath | File path is corresponding to the input image. |
| EFI_SUCCESS | Successfully measure image. |
| EFI_OUT_OF_RESOURCES | No enough resource to measure image. |
| EFI_UNSUPPORTED | ImageType is unsupported or PE image is mal-format. |
| other | error value |
Definition at line 384 of file DxeTpm2MeasureBootLib.c.
| EFI_HANDLE mTcg2CacheMeasuredHandle = NULL |
Definition at line 66 of file DxeTpm2MeasureBootLib.c.
| VOID* mTcg2FileBuffer |
Definition at line 61 of file DxeTpm2MeasureBootLib.c.
| UINTN mTcg2ImageSize |
Definition at line 62 of file DxeTpm2MeasureBootLib.c.
| MEASURED_HOB_DATA* mTcg2MeasuredHobData = NULL |
Definition at line 67 of file DxeTpm2MeasureBootLib.c.
| UINTN mTcg2MeasureGptCount = 0 |
Definition at line 60 of file DxeTpm2MeasureBootLib.c.
| BOOLEAN mTcg2MeasureGptTableFlag = FALSE |
Definition at line 59 of file DxeTpm2MeasureBootLib.c.
1.9.6