FvReportPei.c File Reference

#include "FvReportPei.h"

Go to the source code of this file.

Functions
STATIC CONST HASH_ALG_INFO *	FindHashAlgInfo (IN UINT16 HashAlgId)
STATIC VOID	InstallPreHashFvPpi (IN VOID *FvBuffer, IN UINTN FvLength, IN UINT16 HashAlgoId, IN UINT16 HashSize, IN UINT8 *HashValue)
STATIC EFI_STATUS	VerifyHashedFv (IN FV_HASH_INFO *HashInfo, IN HASHED_FV_INFO *FvInfo, IN UINTN FvNumber, IN EFI_BOOT_MODE BootMode)
STATIC VOID	ReportHashedFv (IN HASHED_FV_INFO *FvInfo)
STATIC FV_HASH_INFO *	GetHashInfo (IN EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI *StoredHashFvPpi, IN EFI_BOOT_MODE BootMode)
STATIC EFI_STATUS	CheckStoredHashFv (IN CONST EFI_PEI_SERVICES **PeiServices, IN EFI_BOOT_MODE BootMode)
EFI_STATUS EFIAPI	FvReportEntryPoint (IN EFI_PEI_FILE_HANDLE FileHandle, IN CONST EFI_PEI_SERVICES **PeiServices)

Variables
STATIC CONST HASH_ALG_INFO	mHashAlgInfo []

Detailed Description

This driver verifies and reports OBB FVs.

Copyright (c) 2019, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent

Definition in file FvReportPei.c.

Function Documentation

CheckStoredHashFv()

STATIC EFI_STATUS CheckStoredHashFv	(	IN CONST EFI_PEI_SERVICES **	PeiServices,
		IN EFI_BOOT_MODE	BootMode
	)

Verify and report pre-hashed FVs.

Doing this must be at post-memory to make sure there's enough memory to hold all FVs to be verified. This is necessary for mitigating TOCTOU issue.

This function will never return if the verification is failed.

Parameters

[in]	PeiServices	General purpose services available to every PEIM.
[in]	BootMode	Current boot mode.

Return values

EFI_SUCCESS

The function completed successfully.

Definition at line 360 of file FvReportPei.c.

FindHashAlgInfo()

STATIC CONST HASH_ALG_INFO * FindHashAlgInfo

(

IN UINT16

HashAlgId

)

Find hash algorithm information from mHashAlgInfo according to given ID.

Parameters

[in]

HashAlgId

Hash algorithm type id.

Return values

Pointer	to HASH_ALG_INFO if given hash algorithm is supported.
NULL	if given algorithm is not supported.

Definition at line 28 of file FvReportPei.c.

FvReportEntryPoint()

EFI_STATUS EFIAPI FvReportEntryPoint	(	IN EFI_PEI_FILE_HANDLE	FileHandle,
		IN CONST EFI_PEI_SERVICES **	PeiServices
	)

Main entry for FvReport PEIM.

Parameters

[in]	FileHandle	Handle of the file being invoked.
[in]	PeiServices	Pointer to PEI Services table.

Return values

EFI_SUCCESS

If all FVs reported by StoredHashFvPpi are verified.

Definition at line 444 of file FvReportPei.c.

GetHashInfo()

STATIC FV_HASH_INFO * GetHashInfo	(	IN EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI *	StoredHashFvPpi,
		IN EFI_BOOT_MODE	BootMode
	)

Verify and report pre-hashed FVs.

Doing this must be at post-memory to make sure there's enough memory to hold all FVs to be verified. This is necessary for mitigating TOCTOU issue.

This function will never return if the verification is failed.

Parameters

[in]	StoredHashFvPpi	Pointer to PPI containing hash information.
[in]	BootMode	Current boot mode.

Return values

Pointer	to structure containing valid hash information for current boot mode.
NULL	if there's no hash associated with current boot mode.

Definition at line 329 of file FvReportPei.c.

InstallPreHashFvPpi()

STATIC VOID InstallPreHashFvPpi	(	IN VOID *	FvBuffer,
		IN UINTN	FvLength,
		IN UINT16	HashAlgoId,
		IN UINT16	HashSize,
		IN UINT8 *	HashValue
	)

Install a EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI instance so that TCG driver may use to extend PCRs.

Parameters

[in]	FvBuffer	Buffer containing the whole FV.
[in]	FvLength	Length of the FV.
[in]	HashAlgoId	Hash algorithm type id.
[in]	HashSize	Hash size.
[in]	HashValue	Hash value buffer.

Definition at line 55 of file FvReportPei.c.

ReportHashedFv()

STATIC VOID ReportHashedFv

(

IN HASHED_FV_INFO *

FvInfo

)

Report FV to PEI and/or DXE core for dispatch.

Parameters

[in]

FvInfo

Information of a FV.

Definition at line 280 of file FvReportPei.c.

VerifyHashedFv()

STATIC EFI_STATUS VerifyHashedFv	(	IN FV_HASH_INFO *	HashInfo,
		IN HASHED_FV_INFO *	FvInfo,
		IN UINTN	FvNumber,
		IN EFI_BOOT_MODE	BootMode
	)

Calculate and verify hash value for given FV.

Parameters

[in]	HashInfo	Hash information of the FV.
[in]	FvInfo	Information of FV used for verification.
[in]	FvNumber	Length of the FV.
[in]	BootMode	Length of the FV.

Return values

EFI_SUCCESS	The given FV is integrate.
EFI_VOLUME_CORRUPTED	The given FV is corrupted (hash mismatch).
EFI_UNSUPPORTED	The hash algorithm is not supported.

Definition at line 110 of file FvReportPei.c.

Variable Documentation

mHashAlgInfo

STATIC CONST HASH_ALG_INFO mHashAlgInfo[]

Initial value:

= {
  { TPM_ALG_SHA256, SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final, Sha256HashAll }, 
  { TPM_ALG_SHA384, SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final, Sha384HashAll }, 
  { TPM_ALG_SHA512, SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final, Sha512HashAll }, 
}

Definition at line 11 of file FvReportPei.c.