docs/master/_spdm_authentication_8c_source.html

#include "SpdmSecurityLibInternal.h"


EFI_STATUS

EFIAPI

MeasureVariable (

  IN      UINT32    PcrIndex,

  IN      UINT32    EventType,

  IN      CHAR16    *VarName,

  IN      EFI_GUID  *VendorGuid,

  IN      VOID      *VarData,

  IN      UINTN     VarSize

  )

{

  EFI_STATUS          Status;

  UINTN               VarNameLength;

  UEFI_VARIABLE_DATA  *VarLog;

  UINT32              VarLogSize;


  if (!(((VarSize == 0) && (VarData == NULL)) || ((VarSize != 0) && (VarData != NULL)))) {

    ASSERT_EFI_ERROR (EFI_INVALID_PARAMETER);

    return EFI_INVALID_PARAMETER;

  }


  VarNameLength = StrLen (VarName);

  VarLogSize    = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize

                           - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));


  VarLog = (UEFI_VARIABLE_DATA *)AllocateZeroPool (VarLogSize);

  if (VarLog == NULL) {

    return EFI_OUT_OF_RESOURCES;

  }


  CopyMem (&VarLog->VariableName, VendorGuid, sizeof (VarLog->VariableName));

  VarLog->UnicodeNameLength  = VarNameLength;

  VarLog->VariableDataLength = VarSize;

  CopyMem (

    VarLog->UnicodeName,

    VarName,

    VarNameLength * sizeof (*VarName)

    );

  if (VarSize != 0) {

    CopyMem (

      (CHAR16 *)VarLog->UnicodeName + VarNameLength,

      VarData,

      VarSize

      );

  }


  DEBUG ((DEBUG_INFO, "VariableDxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)PcrIndex, (UINTN)EventType));

  DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));


  Status = TpmMeasureAndLogData (

             PcrIndex,

             EventType,

             VarLog,

             VarLogSize,

             VarLog,

             VarLogSize

             );

  FreePool (VarLog);

  return Status;

}


EFI_STATUS

ExtendCertificate (

  IN  SPDM_DEVICE_CONTEXT          *SpdmDeviceContext,

  IN UINT8                         AuthState,

  IN UINTN                         CertChainSize,

  IN UINT8                         *CertChain,

  IN VOID                          *TrustAnchor,

  IN UINTN                         TrustAnchorSize,

  IN UINT8                         SlotId,

  OUT EDKII_DEVICE_SECURITY_STATE  *SecurityState

  )

{

  VOID                                                       *EventLog;

  UINT32                                                     EventLogSize;

  UINT8                                                      *EventLogPtr;

  TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT                     *NvIndexInstance;

  TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2                     *EventData2;

  TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN  *TcgSpdmCertChain;

  VOID                                                       *DeviceContext;

  UINTN                                                      DeviceContextSize;

  EFI_STATUS                                                 Status;

  UINTN                                                      DevicePathSize;

  UINT32                                                     BaseHashAlgo;

  UINTN                                                      DataSize;

  VOID                                                       *SpdmContext;

  SPDM_DATA_PARAMETER                                        Parameter;

  EFI_SIGNATURE_DATA                                         *SignatureData;

  UINTN                                                      SignatureDataSize;


  SpdmContext = SpdmDeviceContext->SpdmContext;


  EventLog = NULL;

  ZeroMem (&Parameter, sizeof (Parameter));

  Parameter.location = SpdmDataLocationConnection;

  DataSize           = sizeof (BaseHashAlgo);

  Status             = SpdmGetData (SpdmContext, SpdmDataBaseHashAlgo, &Parameter, &BaseHashAlgo, &DataSize);

  ASSERT_EFI_ERROR (Status);


  DeviceContextSize = GetDeviceMeasurementContextSize (SpdmDeviceContext);

  DevicePathSize    = GetDevicePathSize (SpdmDeviceContext->DevicePath);


  switch (AuthState) {

    case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS:

    case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH:

    case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_BINDING:

      EventLogSize = (UINT32)(sizeof (TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT) +

                              sizeof (TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2) +

                              sizeof (UINT64) + DevicePathSize +

                              sizeof (TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN) +

                              CertChainSize +

                              DeviceContextSize);

      EventLog = AllocatePool (EventLogSize);

      if (EventLog == NULL) {

        SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_OUT_OF_RESOURCE;

        return EFI_OUT_OF_RESOURCES;

      }


      EventLogPtr = EventLog;


      NvIndexInstance = (VOID *)EventLogPtr;

      CopyMem (NvIndexInstance->Signature, TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE, sizeof (TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE));

      NvIndexInstance->Version = TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT_VERSION;

      ZeroMem (NvIndexInstance->Reserved, sizeof (NvIndexInstance->Reserved));

      EventLogPtr += sizeof (TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT);


      EventData2 = (VOID *)EventLogPtr;

      CopyMem (EventData2->Signature, TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE_2, sizeof (EventData2->Signature));

      EventData2->Version    = TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2;

      EventData2->AuthState  = AuthState;

      EventData2->Reserved   = 0;

      EventData2->Length     = (UINT32)EventLogSize;

      EventData2->DeviceType = GetSpdmDeviceType (SpdmDeviceContext);


      EventData2->SubHeaderType   = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN;

      EventData2->SubHeaderLength = (UINT32)(sizeof (TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN) + CertChainSize);

      EventData2->SubHeaderUID    = SpdmDeviceContext->DeviceUID;


      EventLogPtr = (VOID *)(EventData2 + 1);


      *(UINT64 *)EventLogPtr = (UINT64)DevicePathSize;

      EventLogPtr           += sizeof (UINT64);

      CopyMem (EventLogPtr, SpdmDeviceContext->DevicePath, DevicePathSize);

      EventLogPtr += DevicePathSize;


      TcgSpdmCertChain               = (VOID *)EventLogPtr;

      TcgSpdmCertChain->SpdmVersion  = SpdmDeviceContext->SpdmVersion;

      TcgSpdmCertChain->SpdmSlotId   = SlotId;

      TcgSpdmCertChain->Reserved     = 0;

      TcgSpdmCertChain->SpdmHashAlgo = BaseHashAlgo;

      EventLogPtr                   += sizeof (TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN);


      CopyMem (EventLogPtr, CertChain, CertChainSize);

      EventLogPtr += CertChainSize;


      if (DeviceContextSize != 0) {

        DeviceContext = (VOID *)EventLogPtr;

        Status        = CreateDeviceMeasurementContext (SpdmDeviceContext, DeviceContext, DeviceContextSize);

        if (Status != EFI_SUCCESS) {

          SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR;

          Status                             = EFI_DEVICE_ERROR;

          goto Exit;

        }

      }


      Status = TpmMeasureAndLogData (

                 TCG_NV_EXTEND_INDEX_FOR_INSTANCE,

                 EV_NO_ACTION,

                 EventLog,

                 EventLogSize,

                 EventLog,

                 EventLogSize

                 );

      if (EFI_ERROR (Status)) {

        SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_TCG_EXTEND_TPM_PCR;

      }


      DEBUG ((DEBUG_INFO, "TpmMeasureAndLogData (Instance) - %r\n", Status));


      break;

    case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID:

      EventLogSize = (UINT32)(sizeof (TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT) +

                              sizeof (TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2) +

                              sizeof (UINT64) + DevicePathSize +

                              sizeof (TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN) +

                              DeviceContextSize);

      EventLog = AllocatePool (EventLogSize);

      if (EventLog == NULL) {

        SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_OUT_OF_RESOURCE;

        return EFI_OUT_OF_RESOURCES;

      }


      EventLogPtr = EventLog;


      NvIndexInstance = (VOID *)EventLogPtr;

      CopyMem (NvIndexInstance->Signature, TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE, sizeof (TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE));

      NvIndexInstance->Version = TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT_VERSION;

      ZeroMem (NvIndexInstance->Reserved, sizeof (NvIndexInstance->Reserved));

      EventLogPtr += sizeof (TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT);


      EventData2 = (VOID *)EventLogPtr;

      CopyMem (EventData2->Signature, TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE_2, sizeof (EventData2->Signature));

      EventData2->Version    = TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2;

      EventData2->AuthState  = AuthState;

      EventData2->Reserved   = 0;

      EventData2->Length     = (UINT32)EventLogSize;

      EventData2->DeviceType = GetSpdmDeviceType (SpdmDeviceContext);


      EventData2->SubHeaderType   = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN;

      EventData2->SubHeaderLength = sizeof (TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN);

      EventData2->SubHeaderUID    = SpdmDeviceContext->DeviceUID;


      EventLogPtr = (VOID *)(EventData2 + 1);


      *(UINT64 *)EventLogPtr = (UINT64)DevicePathSize;

      EventLogPtr           += sizeof (UINT64);

      CopyMem (EventLogPtr, SpdmDeviceContext->DevicePath, DevicePathSize);

      EventLogPtr += DevicePathSize;


      TcgSpdmCertChain               = (VOID *)EventLogPtr;

      TcgSpdmCertChain->SpdmVersion  = SpdmDeviceContext->SpdmVersion;

      TcgSpdmCertChain->SpdmSlotId   = SlotId;

      TcgSpdmCertChain->Reserved     = 0;

      TcgSpdmCertChain->SpdmHashAlgo = BaseHashAlgo;

      EventLogPtr                   += sizeof (TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN);


      if (DeviceContextSize != 0) {

        DeviceContext = (VOID *)EventLogPtr;

        Status        = CreateDeviceMeasurementContext (SpdmDeviceContext, DeviceContext, DeviceContextSize);

        if (Status != EFI_SUCCESS) {

          SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR;

          Status                             = EFI_DEVICE_ERROR;

          goto Exit;

        }

      }


      Status = TpmMeasureAndLogData (

                 TCG_NV_EXTEND_INDEX_FOR_INSTANCE,

                 EV_NO_ACTION,

                 EventLog,

                 EventLogSize,

                 EventLog,

                 EventLogSize

                 );

      if (EFI_ERROR (Status)) {

        SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_TCG_EXTEND_TPM_PCR;

      }


      DEBUG ((DEBUG_INFO, "TpmMeasureAndLogData (Instance) - %r\n", Status));


      goto Exit;

    case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG:

    case TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_SPDM:

      EventLogSize = (UINT32)(sizeof (TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT) +

                              sizeof (TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2) +

                              sizeof (UINT64) + DevicePathSize +

                              DeviceContextSize);

      EventLog = AllocatePool (EventLogSize);

      if (EventLog == NULL) {

        SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_OUT_OF_RESOURCE;

        return EFI_OUT_OF_RESOURCES;

      }


      EventLogPtr = EventLog;


      NvIndexInstance = (VOID *)EventLogPtr;

      CopyMem (NvIndexInstance->Signature, TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE, sizeof (TCG_NV_EXTEND_INDEX_FOR_INSTANCE_SIGNATURE));

      NvIndexInstance->Version = TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT_VERSION;

      ZeroMem (NvIndexInstance->Reserved, sizeof (NvIndexInstance->Reserved));

      EventLogPtr += sizeof (TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT);


      EventData2 = (VOID *)EventLogPtr;

      CopyMem (EventData2->Signature, TCG_DEVICE_SECURITY_EVENT_DATA_SIGNATURE_2, sizeof (EventData2->Signature));

      EventData2->Version    = TCG_DEVICE_SECURITY_EVENT_DATA_VERSION_2;

      EventData2->AuthState  = AuthState;

      EventData2->Reserved   = 0;

      EventData2->Length     = (UINT32)EventLogSize;

      EventData2->DeviceType = GetSpdmDeviceType (SpdmDeviceContext);


      EventData2->SubHeaderType   = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_SUB_HEADER_TYPE_SPDM_CERT_CHAIN;

      EventData2->SubHeaderLength = 0;

      EventData2->SubHeaderUID    = SpdmDeviceContext->DeviceUID;


      EventLogPtr = (VOID *)(EventData2 + 1);


      *(UINT64 *)EventLogPtr = (UINT64)DevicePathSize;

      EventLogPtr           += sizeof (UINT64);

      CopyMem (EventLogPtr, SpdmDeviceContext->DevicePath, DevicePathSize);

      EventLogPtr += DevicePathSize;


      if (DeviceContextSize != 0) {

        DeviceContext = (VOID *)EventLogPtr;

        Status        = CreateDeviceMeasurementContext (SpdmDeviceContext, DeviceContext, DeviceContextSize);

        if (Status != EFI_SUCCESS) {

          SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR;

          Status                             = EFI_DEVICE_ERROR;

          goto Exit;

        }

      }


      Status = TpmMeasureAndLogData (

                 TCG_NV_EXTEND_INDEX_FOR_INSTANCE,

                 EV_NO_ACTION,

                 EventLog,

                 EventLogSize,

                 EventLog,

                 EventLogSize

                 );

      if (EFI_ERROR (Status)) {

        SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_TCG_EXTEND_TPM_PCR;

      }


      DEBUG ((DEBUG_INFO, "TpmMeasureAndLogData (Instance) - %r\n", Status));


      goto Exit;

    default:

      SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_UNSUPPORTED;

      return EFI_UNSUPPORTED;

  }


  if ((TrustAnchor != NULL) && (TrustAnchorSize != 0)) {

    SignatureDataSize = sizeof (EFI_GUID) + TrustAnchorSize;

    SignatureData     = AllocateZeroPool (SignatureDataSize);

    if (SignatureData == NULL) {

      ASSERT (SignatureData != NULL);

      SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_UEFI_OUT_OF_RESOURCE;

      Status                             = EFI_OUT_OF_RESOURCES;

      goto Exit;

    }


    CopyGuid (&SignatureData->SignatureOwner, &gEfiCallerIdGuid);

    CopyMem (

      (UINT8 *)SignatureData + sizeof (EFI_GUID),

      TrustAnchor,

      TrustAnchorSize

      );


    MeasureVariable (

      PCR_INDEX_FOR_SIGNATURE_DB,

      EV_EFI_SPDM_DEVICE_AUTHORITY,

      EFI_DEVICE_SECURITY_DATABASE,

      &gEfiDeviceSignatureDatabaseGuid,

      SignatureData,

      SignatureDataSize

      );

    FreePool (SignatureData);

  }


Exit:

  if (EventLog != NULL) {

    FreePool (EventLog);

  }


  return Status;

}


EFI_STATUS

ExtendAuthentication (

  IN  SPDM_DEVICE_CONTEXT          *SpdmDeviceContext,

  IN UINT8                         AuthState,

  IN UINT8                         *RequesterNonce,

  IN UINT8                         *ResponderNonce,

  OUT EDKII_DEVICE_SECURITY_STATE  *SecurityState

  )

{

  EFI_STATUS  Status;


  {

    TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE       DynamicEventLogSpdmChallengeEvent;

    TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE_AUTH  DynamicEventLogSpdmChallengeAuthEvent;


    CopyMem (DynamicEventLogSpdmChallengeEvent.Header.Signature, TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE, sizeof (TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE));

    DynamicEventLogSpdmChallengeEvent.Header.Version = TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_VERSION;

    ZeroMem (DynamicEventLogSpdmChallengeEvent.Header.Reserved, sizeof (DynamicEventLogSpdmChallengeEvent.Header.Reserved));

    DynamicEventLogSpdmChallengeEvent.Header.Uid      = SpdmDeviceContext->DeviceUID;

    DynamicEventLogSpdmChallengeEvent.DescriptionSize = sizeof (TCG_SPDM_CHALLENGE_DESCRIPTION);

    CopyMem (DynamicEventLogSpdmChallengeEvent.Description, TCG_SPDM_CHALLENGE_DESCRIPTION, sizeof (TCG_SPDM_CHALLENGE_DESCRIPTION));

    DynamicEventLogSpdmChallengeEvent.DataSize = SPDM_NONCE_SIZE;

    CopyMem (DynamicEventLogSpdmChallengeEvent.Data, RequesterNonce, SPDM_NONCE_SIZE);


    Status = TpmMeasureAndLogData (

               TCG_NV_EXTEND_INDEX_FOR_DYNAMIC,

               EV_NO_ACTION,

               &DynamicEventLogSpdmChallengeEvent,

               sizeof (DynamicEventLogSpdmChallengeEvent),

               &DynamicEventLogSpdmChallengeEvent,

               sizeof (DynamicEventLogSpdmChallengeEvent)

               );

    if (EFI_ERROR (Status)) {

      SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_TCG_EXTEND_TPM_PCR;

    }


    DEBUG ((DEBUG_INFO, "TpmMeasureAndLogData (Dynamic) - %r\n", Status));


    CopyMem (DynamicEventLogSpdmChallengeAuthEvent.Header.Signature, TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE, sizeof (TCG_NV_EXTEND_INDEX_FOR_DYNAMIC_SIGNATURE));

    DynamicEventLogSpdmChallengeAuthEvent.Header.Version = TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_VERSION;

    ZeroMem (DynamicEventLogSpdmChallengeAuthEvent.Header.Reserved, sizeof (DynamicEventLogSpdmChallengeAuthEvent.Header.Reserved));

    DynamicEventLogSpdmChallengeAuthEvent.Header.Uid      = SpdmDeviceContext->DeviceUID;

    DynamicEventLogSpdmChallengeAuthEvent.DescriptionSize = sizeof (TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION);

    CopyMem (DynamicEventLogSpdmChallengeAuthEvent.Description, TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION, sizeof (TCG_SPDM_CHALLENGE_AUTH_DESCRIPTION));

    DynamicEventLogSpdmChallengeAuthEvent.DataSize = SPDM_NONCE_SIZE;

    CopyMem (DynamicEventLogSpdmChallengeAuthEvent.Data, ResponderNonce, SPDM_NONCE_SIZE);


    Status = TpmMeasureAndLogData (

               TCG_NV_EXTEND_INDEX_FOR_DYNAMIC,

               EV_NO_ACTION,

               &DynamicEventLogSpdmChallengeAuthEvent,

               sizeof (DynamicEventLogSpdmChallengeAuthEvent),

               &DynamicEventLogSpdmChallengeAuthEvent,

               sizeof (DynamicEventLogSpdmChallengeAuthEvent)

               );

    if (EFI_ERROR (Status)) {

      SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_TCG_EXTEND_TPM_PCR;

    }


    DEBUG ((DEBUG_INFO, "TpmMeasureAndLogData (Dynamic) - %r\n", Status));

  }


  return Status;

}


EFI_STATUS

EFIAPI

DoDeviceCertificate (

  IN  SPDM_DEVICE_CONTEXT          *SpdmDeviceContext,

  OUT UINT8                        *AuthState,

  OUT UINT8                        *ValidSlotId,

  OUT EDKII_DEVICE_SECURITY_STATE  *SecurityState,

  OUT BOOLEAN                      *IsValidCertChain,

  OUT BOOLEAN                      *RootCertMatch

  )

{

  EFI_STATUS           Status;

  SPDM_RETURN          SpdmReturn;

  VOID                 *SpdmContext;

  UINT32               CapabilityFlags;

  UINTN                DataSize;

  SPDM_DATA_PARAMETER  Parameter;

  UINT8                SlotMask;

  UINT8                TotalDigestBuffer[LIBSPDM_MAX_HASH_SIZE * SPDM_MAX_SLOT_COUNT];

  UINTN                CertChainSize;

  UINT8                CertChain[LIBSPDM_MAX_CERT_CHAIN_SIZE];

  VOID                 *TrustAnchor;

  UINTN                TrustAnchorSize;

  UINT8                SlotId;


  SpdmContext = SpdmDeviceContext->SpdmContext;


  ZeroMem (&Parameter, sizeof (Parameter));

  Parameter.location = SpdmDataLocationConnection;

  DataSize           = sizeof (CapabilityFlags);

  SpdmReturn         = SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize);

  if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {

    SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR;

    return EFI_DEVICE_ERROR;

  }


  *IsValidCertChain = FALSE;

  *RootCertMatch    = FALSE;

  CertChainSize     = sizeof (CertChain);

  ZeroMem (CertChain, sizeof (CertChain));

  TrustAnchor     = NULL;

  TrustAnchorSize = 0;


  //

  // Init *ValidSlotId to invalid slot_id

  //

  *ValidSlotId = SPDM_MAX_SLOT_COUNT;


  if ((CapabilityFlags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CERT_CAP) == 0) {

    *AuthState                         = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_NO_SIG;

    SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_NO_CAPABILITIES;

    Status                             = ExtendCertificate (SpdmDeviceContext, *AuthState, 0, NULL, NULL, 0, 0, SecurityState);

    return Status;

  } else {

    ZeroMem (TotalDigestBuffer, sizeof (TotalDigestBuffer));

    SpdmReturn = SpdmGetDigest (SpdmContext, NULL, &SlotMask, TotalDigestBuffer);

    if ((LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) || ((SlotMask & 0x01) == 0)) {

      *AuthState                         = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID;

      SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_CERTIFIACTE_FAILURE;

      SlotId                             = 0;

      Status                             = ExtendCertificate (SpdmDeviceContext, *AuthState, 0, NULL, NULL, 0, SlotId, SecurityState);

      return Status;

    }


    for (SlotId = 0; SlotId < SPDM_MAX_SLOT_COUNT; SlotId++) {

      if (((SlotMask >> SlotId) & 0x01) == 0) {

        continue;

      }


      CertChainSize = sizeof (CertChain);

      ZeroMem (CertChain, sizeof (CertChain));

      SpdmReturn = SpdmGetCertificateEx (SpdmContext, NULL, SlotId, &CertChainSize, CertChain, (CONST VOID **)&TrustAnchor, &TrustAnchorSize);

      if (LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) {

        *IsValidCertChain = TRUE;

        break;

      } else if (SpdmReturn == LIBSPDM_STATUS_VERIF_FAIL) {

        *IsValidCertChain                  = FALSE;

        *AuthState                         = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID;

        SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_CERTIFIACTE_FAILURE;

        Status                             = ExtendCertificate (SpdmDeviceContext, *AuthState, 0, NULL, NULL, 0, SlotId, SecurityState);

      } else if (SpdmReturn == LIBSPDM_STATUS_VERIF_NO_AUTHORITY) {

        *IsValidCertChain                  = TRUE;

        *AuthState                         = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH;

        SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_CERTIFIACTE_FAILURE;

        *ValidSlotId                       = SlotId;

      }

    }


    if ((SlotId >= SPDM_MAX_SLOT_COUNT) && (*ValidSlotId == SPDM_MAX_SLOT_COUNT)) {

      SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR;

      return EFI_DEVICE_ERROR;

    }


    if (TrustAnchor != NULL) {

      *RootCertMatch = TRUE;

      *ValidSlotId   = SlotId;

    } else {

      *ValidSlotId = 0;

    }


    DEBUG ((DEBUG_INFO, "SpdmGetCertificateEx - SpdmReturn %p, TrustAnchorSize 0x%x, RootCertMatch %d\n", SpdmReturn, TrustAnchorSize, *RootCertMatch));


    return EFI_SUCCESS;

  }

}


EFI_STATUS

EFIAPI

DoDeviceAuthentication (

  IN  SPDM_DEVICE_CONTEXT          *SpdmDeviceContext,

  OUT UINT8                        *AuthState,

  IN  UINT8                        ValidSlotId,

  IN  BOOLEAN                      IsValidCertChain,

  IN  BOOLEAN                      RootCertMatch,

  OUT EDKII_DEVICE_SECURITY_STATE  *SecurityState

  )

{

  EFI_STATUS           Status;

  SPDM_RETURN          SpdmReturn;

  VOID                 *SpdmContext;

  UINT32               CapabilityFlags;

  UINTN                DataSize;

  SPDM_DATA_PARAMETER  Parameter;

  UINTN                CertChainSize;

  UINT8                CertChain[LIBSPDM_MAX_CERT_CHAIN_SIZE];

  UINT8                RequesterNonce[SPDM_NONCE_SIZE];

  UINT8                ResponderNonce[SPDM_NONCE_SIZE];

  VOID                 *TrustAnchor;

  UINTN                TrustAnchorSize;

  BOOLEAN              IsValidChallengeAuthSig;


  SpdmContext = SpdmDeviceContext->SpdmContext;


  ZeroMem (&Parameter, sizeof (Parameter));

  Parameter.location = SpdmDataLocationConnection;

  DataSize           = sizeof (CapabilityFlags);

  SpdmReturn         = SpdmGetData (SpdmContext, SpdmDataCapabilityFlags, &Parameter, &CapabilityFlags, &DataSize);

  if (LIBSPDM_STATUS_IS_ERROR (SpdmReturn)) {

    SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_ERROR;

    return EFI_DEVICE_ERROR;

  }


  IsValidChallengeAuthSig = FALSE;


  // get the valid CertChain

  CertChainSize = sizeof (CertChain);

  ZeroMem (CertChain, sizeof (CertChain));

  SpdmReturn = SpdmGetCertificateEx (SpdmContext, NULL, ValidSlotId, &CertChainSize, CertChain, (CONST VOID **)&TrustAnchor, &TrustAnchorSize);

  if ((!LIBSPDM_STATUS_IS_SUCCESS (SpdmReturn)) && (!(SpdmReturn == LIBSPDM_STATUS_VERIF_NO_AUTHORITY))) {

    return EFI_DEVICE_ERROR;

  }


  if ((CapabilityFlags & SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_CHAL_CAP) == 0) {

    *AuthState                         = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_BINDING;

    SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_DEVICE_NO_CAPABILITIES;

    Status                             = ExtendCertificate (SpdmDeviceContext, *AuthState, CertChainSize, CertChain, NULL, 0, ValidSlotId, SecurityState);

    return Status;

  } else {

    ZeroMem (RequesterNonce, sizeof (RequesterNonce));

    ZeroMem (ResponderNonce, sizeof (ResponderNonce));

    SpdmReturn = SpdmChallengeEx (SpdmContext, NULL, ValidSlotId, SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH, NULL, NULL, NULL, RequesterNonce, ResponderNonce, NULL, 0);

    if (SpdmReturn == LIBSPDM_STATUS_SUCCESS) {

      IsValidChallengeAuthSig = TRUE;

    } else if ((LIBSPDM_STATUS_IS_ERROR (SpdmReturn))) {

      IsValidChallengeAuthSig            = FALSE;

      *AuthState                         = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_FAIL_INVALID;

      SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_CHALLENGE_FAILURE;

      Status                             = ExtendCertificate (SpdmDeviceContext, *AuthState, 0, NULL, NULL, 0, ValidSlotId, SecurityState);

      return Status;

    } else {

      return EFI_DEVICE_ERROR;

    }


    if (IsValidCertChain && IsValidChallengeAuthSig && !RootCertMatch) {

      *AuthState                         = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_NO_AUTH;

      SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_ERROR_NO_CERT_PROVISION;

      Status                             = ExtendCertificate (SpdmDeviceContext, *AuthState, CertChainSize, CertChain, NULL, 0, ValidSlotId, SecurityState);

    } else if (IsValidCertChain && IsValidChallengeAuthSig && RootCertMatch) {

      *AuthState                         = TCG_DEVICE_SECURITY_EVENT_DATA_DEVICE_AUTH_STATE_SUCCESS;

      SecurityState->AuthenticationState = EDKII_DEVICE_SECURITY_STATE_SUCCESS;

      Status                             = ExtendCertificate (SpdmDeviceContext, *AuthState, CertChainSize, CertChain, TrustAnchor, TrustAnchorSize, ValidSlotId, SecurityState);

    }


    Status = ExtendAuthentication (SpdmDeviceContext, *AuthState, RequesterNonce, ResponderNonce, SecurityState);

  }


  return Status;

}

UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112

StrLen
UINTN EFIAPI StrLen(IN CONST CHAR16 *String)
Definition: String.c:30

CopyMem
VOID *EFIAPI CopyMem(OUT VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition: CopyMemWrapper.c:41

CopyGuid
GUID *EFIAPI CopyGuid(OUT GUID *DestinationGuid, IN CONST GUID *SourceGuid)
Definition: MemLibGuid.c:39

ZeroMem
VOID *EFIAPI ZeroMem(OUT VOID *Buffer, IN UINTN Length)
Definition: ZeroMemWrapper.c:38

GetDevicePathSize
UINTN EFIAPI GetDevicePathSize(IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath)
Definition: UefiDevicePathLib.c:33

EDKII_DEVICE_SECURITY_STATE_SUCCESS
#define EDKII_DEVICE_SECURITY_STATE_SUCCESS
Definition: DeviceSecurityPolicy.h:54

AllocateZeroPool
VOID *EFIAPI AllocateZeroPool(IN UINTN AllocationSize)
Definition: MemoryAllocationLib.c:234

FreePool
VOID EFIAPI FreePool(IN VOID *Buffer)
Definition: MemoryAllocationLib.c:266

NULL
#define NULL
Definition: Base.h:319

CONST
#define CONST
Definition: Base.h:259

TRUE
#define TRUE
Definition: Base.h:301

FALSE
#define FALSE
Definition: Base.h:307

IN
#define IN
Definition: Base.h:279

OUT
#define OUT
Definition: Base.h:284

ASSERT_EFI_ERROR
#define ASSERT_EFI_ERROR(StatusParameter)
Definition: DebugLib.h:462

DEBUG
#define DEBUG(Expression)
Definition: DebugLib.h:434

AllocatePool
VOID *EFIAPI AllocatePool(IN UINTN AllocationSize)
Definition: MemoryAllocationLib.c:195

SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
#define SPDM_CHALLENGE_REQUEST_NO_MEASUREMENT_SUMMARY_HASH
Definition: Spdm.h:577

DoDeviceCertificate
EFI_STATUS EFIAPI DoDeviceCertificate(IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, OUT UINT8 *AuthState, OUT UINT8 *ValidSlotId, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState, OUT BOOLEAN *IsValidCertChain, OUT BOOLEAN *RootCertMatch)
Definition: SpdmAuthentication.c:497

ExtendCertificate
EFI_STATUS ExtendCertificate(IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, IN UINT8 AuthState, IN UINTN CertChainSize, IN UINT8 *CertChain, IN VOID *TrustAnchor, IN UINTN TrustAnchorSize, IN UINT8 SlotId, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState)
Definition: SpdmAuthentication.c:107

DoDeviceAuthentication
EFI_STATUS EFIAPI DoDeviceAuthentication(IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, OUT UINT8 *AuthState, IN UINT8 ValidSlotId, IN BOOLEAN IsValidCertChain, IN BOOLEAN RootCertMatch, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState)
Definition: SpdmAuthentication.c:618

ExtendAuthentication
EFI_STATUS ExtendAuthentication(IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, IN UINT8 AuthState, IN UINT8 *RequesterNonce, IN UINT8 *ResponderNonce, OUT EDKII_DEVICE_SECURITY_STATE *SecurityState)
Definition: SpdmAuthentication.c:416

MeasureVariable
EFI_STATUS EFIAPI MeasureVariable(IN UINT32 PcrIndex, IN UINT32 EventType, IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, IN VOID *VarData, IN UINTN VarSize)
Definition: SpdmAuthentication.c:29

CreateDeviceMeasurementContext
EFI_STATUS EFIAPI CreateDeviceMeasurementContext(IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext, IN OUT VOID *DeviceContext, IN UINTN DeviceContextSize)
Definition: SpdmMeasurement.c:122

GetSpdmDeviceType
UINT32 EFIAPI GetSpdmDeviceType(IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext)
Definition: SpdmMeasurement.c:21

GetDeviceMeasurementContextSize
UINTN EFIAPI GetDeviceMeasurementContextSize(IN SPDM_DEVICE_CONTEXT *SpdmDeviceContext)
Definition: SpdmMeasurement.c:45

SpdmSecurityLibInternal.h

TpmMeasureAndLogData
EFI_STATUS EFIAPI TpmMeasureAndLogData(IN UINT32 PcrIndex, IN UINT32 EventType, IN VOID *EventLog, IN UINT32 LogLen, IN VOID *HashData, IN UINT64 HashDataLen)
Definition: TpmMeasurementLibNull.c:26

Exit
VOID EFIAPI Exit(IN EFI_STATUS Status)
Definition: ApplicationEntryPoint.c:83

EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29

EFI_GUID
GUID EFI_GUID
Definition: UefiBaseType.h:25

EFI_SUCCESS
#define EFI_SUCCESS
Definition: UefiBaseType.h:112

EDKII_DEVICE_SECURITY_STATE
Definition: DeviceSecurityPolicy.h:70

EFI_SIGNATURE_DATA
Definition: ImageAuthentication.h:55

EFI_SIGNATURE_DATA::SignatureOwner
EFI_GUID SignatureOwner
Definition: ImageAuthentication.h:59

GUID
Definition: Base.h:213

SPDM_DEVICE_CONTEXT
Definition: SpdmSecurityLibInternal.h:43

TCG_DEVICE_SECURITY_EVENT_DATA_HEADER2
Definition: UefiTcgPlatform.h:573

TCG_DEVICE_SECURITY_EVENT_DATA_SUB_HEADER_SPDM_CERT_CHAIN
Definition: UefiTcgPlatform.h:605

TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE_AUTH
Definition: UefiTcgPlatform.h:695

TCG_NV_INDEX_DYNAMIC_EVENT_LOG_STRUCT_SPDM_CHALLENGE
Definition: UefiTcgPlatform.h:687

TCG_NV_INDEX_INSTANCE_EVENT_LOG_STRUCT
Definition: UefiTcgPlatform.h:661

tdUEFI_VARIABLE_DATA
Definition: UefiTcgPlatform.h:257

tdUEFI_VARIABLE_DATA::VariableData
INT8 VariableData[1]
Driver or platform-specific data.
Definition: UefiTcgPlatform.h:262