TianoCore EDK2 master
Loading...
Searching...
No Matches
TdTcg2Dxe.c
Go to the documentation of this file.
1
9#include <PiDxe.h>
10#include <IndustryStandard/Acpi.h>
11#include <IndustryStandard/PeImage.h>
12#include <IndustryStandard/TcpaAcpi.h>
13
14#include <Guid/GlobalVariable.h>
15#include <Guid/HobList.h>
16#include <Guid/EventGroup.h>
17#include <Guid/EventExitBootServiceFailed.h>
18#include <Guid/ImageAuthentication.h>
19#include <Guid/TpmInstance.h>
20
21#include <Protocol/DevicePath.h>
22#include <Protocol/MpService.h>
23#include <Protocol/VariableWrite.h>
24#include <Protocol/Tcg2Protocol.h>
25#include <Protocol/TrEEProtocol.h>
26#include <Protocol/AcpiTable.h>
27
28#include <Library/DebugLib.h>
29#include <Library/BaseMemoryLib.h>
30#include <Library/UefiRuntimeServicesTableLib.h>
31#include <Library/UefiDriverEntryPoint.h>
32#include <Library/HobLib.h>
33#include <Library/UefiBootServicesTableLib.h>
34#include <Library/BaseLib.h>
35#include <Library/MemoryAllocationLib.h>
36#include <Library/PrintLib.h>
37#include <Library/PcdLib.h>
38#include <Library/UefiLib.h>
39#include <Library/HashLib.h>
40#include <Library/PerformanceLib.h>
41#include <Library/ReportStatusCodeLib.h>
42#include <Library/TpmMeasurementLib.h>
43
44#include <Protocol/CcMeasurement.h>
45#include <Guid/CcEventHob.h>
46#include <Library/TdxLib.h>
47
48#define PERF_ID_CC_TCG2_DXE 0x3130
49
50#define CC_EVENT_LOG_AREA_COUNT_MAX 1
51#define CC_MR_INDEX_0_MRTD 0
52#define CC_MR_INDEX_1_RTMR0 1
53#define CC_MR_INDEX_2_RTMR1 2
54#define CC_MR_INDEX_3_RTMR2 3
55#define CC_MR_INDEX_INVALID 4
56
57typedef struct {
58 CHAR16 *VariableName;
59 EFI_GUID *VendorGuid;
60} VARIABLE_TYPE;
61
62typedef struct {
63 EFI_GUID *EventGuid;
64 EFI_CC_EVENT_LOG_FORMAT LogFormat;
65} CC_EVENT_INFO_STRUCT;
66
67typedef struct {
68 EFI_CC_EVENT_LOG_FORMAT EventLogFormat;
69 EFI_PHYSICAL_ADDRESS Lasa;
70 UINT64 Laml;
71 UINTN EventLogSize;
72 UINT8 *LastEvent;
73 BOOLEAN EventLogStarted;
74 BOOLEAN EventLogTruncated;
75 UINTN Next800155EventOffset;
76} CC_EVENT_LOG_AREA_STRUCT;
77
78typedef struct _TDX_DXE_DATA {
79 EFI_CC_BOOT_SERVICE_CAPABILITY BsCap;
80 CC_EVENT_LOG_AREA_STRUCT EventLogAreaStruct[CC_EVENT_LOG_AREA_COUNT_MAX];
81 BOOLEAN GetEventLogCalled[CC_EVENT_LOG_AREA_COUNT_MAX];
82 CC_EVENT_LOG_AREA_STRUCT FinalEventLogAreaStruct[CC_EVENT_LOG_AREA_COUNT_MAX];
83 EFI_CC_FINAL_EVENTS_TABLE *FinalEventsTable[CC_EVENT_LOG_AREA_COUNT_MAX];
84} TDX_DXE_DATA;
85
86typedef struct {
87 TPMI_ALG_HASH HashAlgo;
88 UINT16 HashSize;
89 UINT32 HashMask;
90} TDX_HASH_INFO;
91
92//
93//
94CC_EVENT_INFO_STRUCT mCcEventInfo[] = {
95 { &gCcEventEntryHobGuid, EFI_CC_EVENT_LOG_FORMAT_TCG_2 },
96};
97
98TDX_DXE_DATA mTdxDxeData = {
99 {
100 sizeof (EFI_CC_BOOT_SERVICE_CAPABILITY), // Size
101 { 1, 1 }, // StructureVersion
102 { 1, 1 }, // ProtocolVersion
103 EFI_CC_BOOT_HASH_ALG_SHA384, // HashAlgorithmBitmap
104 EFI_CC_EVENT_LOG_FORMAT_TCG_2, // SupportedEventLogs
105 { 2, 0 } // {CC_TYPE, CC_SUBTYPE}
106 },
107};
108
109UINTN mBootAttempts = 0;
110CHAR16 mBootVarName[] = L"BootOrder";
111
112VARIABLE_TYPE mVariableType[] = {
113 { EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid },
114 { EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid },
115 { EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid },
116 { EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid },
117 { EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid },
118};
119
120EFI_CC_EVENTLOG_ACPI_TABLE mTdxEventlogAcpiTemplate = {
121 {
122 EFI_CC_EVENTLOG_ACPI_TABLE_SIGNATURE,
123 sizeof (mTdxEventlogAcpiTemplate),
124 EFI_CC_EVENTLOG_ACPI_TABLE_REVISION,
125 //
126 // Compiler initializes the remaining bytes to 0
127 // These fields should be filled in production
128 //
129 },
130 { EFI_CC_TYPE_TDX, 0 }, // CcType
131 0, // rsvd
132 0, // laml
133 0, // lasa
134};
135
136//
137// Supported Hash list in Td guest.
138// Currently SHA384 is supported.
139//
140TDX_HASH_INFO mHashInfo[] = {
141 { TPM_ALG_SHA384, SHA384_DIGEST_SIZE, HASH_ALG_SHA384 }
142};
143
151UINT16
152GetHashSizeFromAlgo (
153 IN TPMI_ALG_HASH HashAlgo
154 )
155{
156 UINTN Index;
157
158 for (Index = 0; Index < sizeof (mHashInfo)/sizeof (mHashInfo[0]); Index++) {
159 if (mHashInfo[Index].HashAlgo == HashAlgo) {
160 return mHashInfo[Index].HashSize;
161 }
162 }
163
164 return 0;
165}
166
174UINT32
175GetHashMaskFromAlgo (
176 IN TPMI_ALG_HASH HashAlgo
177 )
178{
179 UINTN Index;
180
181 for (Index = 0; Index < ARRAY_SIZE (mHashInfo); Index++) {
182 if (mHashInfo[Index].HashAlgo == HashAlgo) {
183 return mHashInfo[Index].HashMask;
184 }
185 }
186
187 ASSERT (FALSE);
188 return 0;
189}
190
200VOID *
201CopyDigestListToBuffer (
202 IN OUT VOID *Buffer,
203 IN TPML_DIGEST_VALUES *DigestList,
204 IN UINT32 HashAlgorithmMask
205 )
206{
207 UINTN Index;
208 UINT16 DigestSize;
209 UINT32 DigestListCount;
210 UINT32 *DigestListCountPtr;
211
212 DigestListCountPtr = (UINT32 *)Buffer;
213 DigestListCount = 0;
214 Buffer = (UINT8 *)Buffer + sizeof (DigestList->count);
215 for (Index = 0; Index < DigestList->count; Index++) {
216 if ((DigestList->digests[Index].hashAlg & HashAlgorithmMask) == 0) {
217 DEBUG ((DEBUG_ERROR, "WARNING: TD Event log has HashAlg unsupported (0x%x)\n", DigestList->digests[Index].hashAlg));
218 continue;
219 }
220
221 CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof (DigestList->digests[Index].hashAlg));
222 Buffer = (UINT8 *)Buffer + sizeof (DigestList->digests[Index].hashAlg);
223 DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
224 CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
225 Buffer = (UINT8 *)Buffer + DigestSize;
226 DigestListCount++;
227 }
228
229 WriteUnaligned32 (DigestListCountPtr, DigestListCount);
230
231 return Buffer;
232}
233
234EFI_HANDLE mImageHandle;
235
255EFI_STATUS
256MeasurePeImageAndExtend (
257 IN UINT32 RtmrIndex,
258 IN EFI_PHYSICAL_ADDRESS ImageAddress,
259 IN UINTN ImageSize,
260 OUT TPML_DIGEST_VALUES *DigestList
261 );
262
263#define COLUME_SIZE (16 * 2)
264
273VOID
274InternalDumpData (
275 IN UINT8 *Data,
276 IN UINTN Size
277 )
278{
279 UINTN Index;
280
281 for (Index = 0; Index < Size; Index++) {
282 DEBUG ((DEBUG_INFO, Index == COLUME_SIZE/2 ? " | %02x" : " %02x", (UINTN)Data[Index]));
283 }
284}
285
294VOID
295InternalDumpHex (
296 IN UINT8 *Data,
297 IN UINTN Size
298 )
299{
300 UINTN Index;
301 UINTN Count;
302 UINTN Left;
303
304 Count = Size / COLUME_SIZE;
305 Left = Size % COLUME_SIZE;
306 for (Index = 0; Index < Count; Index++) {
307 DEBUG ((DEBUG_INFO, "%04x: ", Index * COLUME_SIZE));
308 InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE);
309 DEBUG ((DEBUG_INFO, "\n"));
310 }
311
312 if (Left != 0) {
313 DEBUG ((DEBUG_INFO, "%04x: ", Index * COLUME_SIZE));
314 InternalDumpData (Data + Index * COLUME_SIZE, Left);
315 DEBUG ((DEBUG_INFO, "\n"));
316 }
317}
318
329VOID
330InitNoActionEvent (
331 IN OUT CC_EVENT_HDR *NoActionEvent,
332 IN UINT32 EventSize
333 )
334{
335 UINT32 DigestListCount;
336 TPMI_ALG_HASH HashAlgId;
337 UINT8 *DigestBuffer;
338
339 DigestBuffer = (UINT8 *)NoActionEvent->Digests.digests;
340 DigestListCount = 0;
341
342 NoActionEvent->MrIndex = 0;
343 NoActionEvent->EventType = EV_NO_ACTION;
344
345 //
346 // Set Hash count & hashAlg accordingly, while Digest.digests[n].digest to all 0
347 //
348 ZeroMem (&NoActionEvent->Digests, sizeof (NoActionEvent->Digests));
349
350 if ((mTdxDxeData.BsCap.HashAlgorithmBitmap & EFI_CC_BOOT_HASH_ALG_SHA384) != 0) {
351 HashAlgId = TPM_ALG_SHA384;
352 CopyMem (DigestBuffer, &HashAlgId, sizeof (TPMI_ALG_HASH));
353 DigestBuffer += sizeof (TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId);
354 DigestListCount++;
355 }
356
357 //
358 // Set Digests Count
359 //
360 WriteUnaligned32 ((UINT32 *)&NoActionEvent->Digests.count, DigestListCount);
361
362 //
363 // Set Event Size
364 //
365 WriteUnaligned32 ((UINT32 *)DigestBuffer, EventSize);
366}
367
379EFI_STATUS
380GetProcessorsCpuLocation (
381 OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf,
382 OUT UINTN *Num
383 )
384{
385 EFI_STATUS Status;
386 EFI_MP_SERVICES_PROTOCOL *MpProtocol;
387 UINTN ProcessorNum;
388 UINTN EnabledProcessorNum;
389 EFI_PROCESSOR_INFORMATION ProcessorInfo;
390 EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
391 UINTN Index;
392
393 Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **)&MpProtocol);
394 if (EFI_ERROR (Status)) {
395 //
396 // MP protocol is not installed
397 //
398 return EFI_UNSUPPORTED;
399 }
400
401 Status = MpProtocol->GetNumberOfProcessors (
402 MpProtocol,
403 &ProcessorNum,
404 &EnabledProcessorNum
405 );
406 if (EFI_ERROR (Status)) {
407 return Status;
408 }
409
410 Status = gBS->AllocatePool (
411 EfiBootServicesData,
412 sizeof (EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,
413 (VOID **)&ProcessorLocBuf
414 );
415 if (EFI_ERROR (Status)) {
416 return Status;
417 }
418
419 //
420 // Get each processor Location info
421 //
422 for (Index = 0; Index < ProcessorNum; Index++) {
423 Status = MpProtocol->GetProcessorInfo (
424 MpProtocol,
425 Index,
426 &ProcessorInfo
427 );
428 if (EFI_ERROR (Status)) {
429 FreePool (ProcessorLocBuf);
430 return Status;
431 }
432
433 //
434 // Get all Processor Location info & measure
435 //
436 CopyMem (
437 &ProcessorLocBuf[Index],
438 &ProcessorInfo.Location,
439 sizeof (EFI_CPU_PHYSICAL_LOCATION)
440 );
441 }
442
443 *LocationBuf = ProcessorLocBuf;
444 *Num = ProcessorNum;
445
446 return Status;
447}
448
468EFI_STATUS
469EFIAPI
470TdGetCapability (
471 IN EFI_CC_MEASUREMENT_PROTOCOL *This,
472 IN OUT EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability
473 )
474{
475 DEBUG ((DEBUG_VERBOSE, "TdGetCapability\n"));
476
477 if ((This == NULL) || (ProtocolCapability == NULL)) {
478 return EFI_INVALID_PARAMETER;
479 }
480
481 CopyMem (ProtocolCapability, &mTdxDxeData.BsCap, sizeof (EFI_CC_BOOT_SERVICE_CAPABILITY));
482
483 return EFI_SUCCESS;
484}
485
494VOID
495DumpPcrEvent (
496 IN TCG_PCR_EVENT_HDR *EventHdr
497 )
498{
499 UINTN Index;
500
501 DEBUG ((DEBUG_INFO, " Event:\n"));
502 DEBUG ((DEBUG_INFO, " MrIndex - %d\n", EventHdr->PCRIndex));
503 DEBUG ((DEBUG_INFO, " EventType - 0x%08x\n", EventHdr->EventType));
504 DEBUG ((DEBUG_INFO, " Digest - "));
505 for (Index = 0; Index < sizeof (TCG_DIGEST); Index++) {
506 DEBUG ((DEBUG_INFO, "%02x ", EventHdr->Digest.digest[Index]));
507 }
508
509 DEBUG ((DEBUG_INFO, "\n"));
510 DEBUG ((DEBUG_INFO, " EventSize - 0x%08x\n", EventHdr->EventSize));
511 InternalDumpHex ((UINT8 *)(EventHdr + 1), EventHdr->EventSize);
512}
513
519VOID
520DumpTcgEfiSpecIdEventStruct (
521 IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct
522 )
523{
524 TCG_EfiSpecIdEventAlgorithmSize *DigestSize;
525 UINTN Index;
526 UINT8 *VendorInfoSize;
527 UINT8 *VendorInfo;
528 UINT32 NumberOfAlgorithms;
529
530 DEBUG ((DEBUG_INFO, " TCG_EfiSpecIDEventStruct:\n"));
531 DEBUG ((DEBUG_INFO, " signature - '"));
532 for (Index = 0; Index < sizeof (TcgEfiSpecIdEventStruct->signature); Index++) {
533 DEBUG ((DEBUG_INFO, "%c", TcgEfiSpecIdEventStruct->signature[Index]));
534 }
535
536 DEBUG ((DEBUG_INFO, "'\n"));
537 DEBUG ((DEBUG_INFO, " platformClass - 0x%08x\n", TcgEfiSpecIdEventStruct->platformClass));
538 DEBUG ((DEBUG_INFO, " specVersion - %d.%d%d\n", TcgEfiSpecIdEventStruct->specVersionMajor, TcgEfiSpecIdEventStruct->specVersionMinor, TcgEfiSpecIdEventStruct->specErrata));
539 DEBUG ((DEBUG_INFO, " uintnSize - 0x%02x\n", TcgEfiSpecIdEventStruct->uintnSize));
540
541 CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof (NumberOfAlgorithms));
542 DEBUG ((DEBUG_INFO, " NumberOfAlgorithms - 0x%08x\n", NumberOfAlgorithms));
543
544 DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (NumberOfAlgorithms));
545 for (Index = 0; Index < NumberOfAlgorithms; Index++) {
546 DEBUG ((DEBUG_INFO, " digest(%d)\n", Index));
547 DEBUG ((DEBUG_INFO, " algorithmId - 0x%04x\n", DigestSize[Index].algorithmId));
548 DEBUG ((DEBUG_INFO, " digestSize - 0x%04x\n", DigestSize[Index].digestSize));
549 }
550
551 VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms];
552 DEBUG ((DEBUG_INFO, " VendorInfoSize - 0x%02x\n", *VendorInfoSize));
553 VendorInfo = VendorInfoSize + 1;
554 DEBUG ((DEBUG_INFO, " VendorInfo - "));
555 for (Index = 0; Index < *VendorInfoSize; Index++) {
556 DEBUG ((DEBUG_INFO, "%02x ", VendorInfo[Index]));
557 }
558
559 DEBUG ((DEBUG_INFO, "\n"));
560}
561
567UINTN
568GetTcgEfiSpecIdEventStructSize (
569 IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct
570 )
571{
572 TCG_EfiSpecIdEventAlgorithmSize *DigestSize;
573 UINT8 *VendorInfoSize;
574 UINT32 NumberOfAlgorithms;
575
576 CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof (NumberOfAlgorithms));
577
578 DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof (*TcgEfiSpecIdEventStruct) + sizeof (NumberOfAlgorithms));
579 VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms];
580 return sizeof (TCG_EfiSpecIDEventStruct) + sizeof (UINT32) + (NumberOfAlgorithms * sizeof (TCG_EfiSpecIdEventAlgorithmSize)) + sizeof (UINT8) + (*VendorInfoSize);
581}
582
588VOID
589DumpCcEvent (
590 IN CC_EVENT *CcEvent
591 )
592{
593 UINT32 DigestIndex;
594 UINT32 DigestCount;
595 TPMI_ALG_HASH HashAlgo;
596 UINT32 DigestSize;
597 UINT8 *DigestBuffer;
598 UINT32 EventSize;
599 UINT8 *EventBuffer;
600
601 DEBUG ((DEBUG_INFO, "Cc Event:\n"));
602 DEBUG ((DEBUG_INFO, " MrIndex - %d\n", CcEvent->MrIndex));
603 DEBUG ((DEBUG_INFO, " EventType - 0x%08x\n", CcEvent->EventType));
604 DEBUG ((DEBUG_INFO, " DigestCount: 0x%08x\n", CcEvent->Digests.count));
605
606 DigestCount = CcEvent->Digests.count;
607 HashAlgo = CcEvent->Digests.digests[0].hashAlg;
608 DigestBuffer = (UINT8 *)&CcEvent->Digests.digests[0].digest;
609 for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) {
610 DEBUG ((DEBUG_INFO, " HashAlgo : 0x%04x\n", HashAlgo));
611 DEBUG ((DEBUG_INFO, " Digest(%d): \n", DigestIndex));
612 DigestSize = GetHashSizeFromAlgo (HashAlgo);
613 InternalDumpHex (DigestBuffer, DigestSize);
614 //
615 // Prepare next
616 //
617 CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof (TPMI_ALG_HASH));
618 DigestBuffer = DigestBuffer + DigestSize + sizeof (TPMI_ALG_HASH);
619 }
620
621 DigestBuffer = DigestBuffer - sizeof (TPMI_ALG_HASH);
622
623 CopyMem (&EventSize, DigestBuffer, sizeof (CcEvent->EventSize));
624 DEBUG ((DEBUG_INFO, " EventSize - 0x%08x\n", EventSize));
625 EventBuffer = DigestBuffer + sizeof (CcEvent->EventSize);
626 InternalDumpHex (EventBuffer, EventSize);
627 DEBUG ((DEBUG_INFO, "\n"));
628}
629
637UINTN
638GetCcEventSize (
639 IN CC_EVENT *CcEvent
640 )
641{
642 UINT32 DigestIndex;
643 UINT32 DigestCount;
644 TPMI_ALG_HASH HashAlgo;
645 UINT32 DigestSize;
646 UINT8 *DigestBuffer;
647 UINT32 EventSize;
648 UINT8 *EventBuffer;
649
650 DigestCount = CcEvent->Digests.count;
651 HashAlgo = CcEvent->Digests.digests[0].hashAlg;
652 DigestBuffer = (UINT8 *)&CcEvent->Digests.digests[0].digest;
653 for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) {
654 DigestSize = GetHashSizeFromAlgo (HashAlgo);
655 //
656 // Prepare next
657 //
658 CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof (TPMI_ALG_HASH));
659 DigestBuffer = DigestBuffer + DigestSize + sizeof (TPMI_ALG_HASH);
660 }
661
662 DigestBuffer = DigestBuffer - sizeof (TPMI_ALG_HASH);
663
664 CopyMem (&EventSize, DigestBuffer, sizeof (CcEvent->EventSize));
665 EventBuffer = DigestBuffer + sizeof (CcEvent->EventSize);
666
667 return (UINTN)EventBuffer + EventSize - (UINTN)CcEvent;
668}
669
680VOID
681DumpCcEventLog (
682 IN EFI_CC_EVENT_LOG_FORMAT EventLogFormat,
683 IN EFI_PHYSICAL_ADDRESS EventLogLocation,
684 IN EFI_PHYSICAL_ADDRESS EventLogLastEntry,
685 IN EFI_CC_FINAL_EVENTS_TABLE *FinalEventsTable
686 )
687{
688 TCG_PCR_EVENT_HDR *EventHdr;
689 CC_EVENT *CcEvent;
690 TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct;
691 UINTN NumberOfEvents;
692
693 DEBUG ((DEBUG_INFO, "EventLogFormat: (0x%x)\n", EventLogFormat));
694 ASSERT (EventLogFormat == EFI_CC_EVENT_LOG_FORMAT_TCG_2);
695
696 //
697 // Dump first event.
698 // The first event is always the TCG_PCR_EVENT_HDR
699 // After this event is a TCG_EfiSpecIDEventStruct
700 //
701 EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation;
702 DumpPcrEvent (EventHdr);
703
704 TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)(EventHdr + 1);
705 DumpTcgEfiSpecIdEventStruct (TcgEfiSpecIdEventStruct);
706
707 //
708 // Then the CcEvent (Its structure is similar to TCG_PCR_EVENT2)
709 //
710 CcEvent = (CC_EVENT *)((UINTN)TcgEfiSpecIdEventStruct + GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct));
711 while ((UINTN)CcEvent <= EventLogLastEntry) {
712 DumpCcEvent (CcEvent);
713 CcEvent = (CC_EVENT *)((UINTN)CcEvent + GetCcEventSize (CcEvent));
714 }
715
716 if (FinalEventsTable == NULL) {
717 DEBUG ((DEBUG_INFO, "FinalEventsTable: NOT FOUND\n"));
718 } else {
719 DEBUG ((DEBUG_INFO, "FinalEventsTable: (0x%x)\n", FinalEventsTable));
720 DEBUG ((DEBUG_INFO, " Version: (0x%x)\n", FinalEventsTable->Version));
721 DEBUG ((DEBUG_INFO, " NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents));
722
723 CcEvent = (CC_EVENT *)(UINTN)(FinalEventsTable + 1);
724 for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) {
725 DumpCcEvent (CcEvent);
726 CcEvent = (CC_EVENT *)((UINTN)CcEvent + GetCcEventSize (CcEvent));
727 }
728 }
729
730 return;
731}
732
750EFI_STATUS
751EFIAPI
752TdGetEventLog (
753 IN EFI_CC_MEASUREMENT_PROTOCOL *This,
754 IN EFI_CC_EVENT_LOG_FORMAT EventLogFormat,
755 OUT EFI_PHYSICAL_ADDRESS *EventLogLocation,
756 OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry,
757 OUT BOOLEAN *EventLogTruncated
758 )
759{
760 UINTN Index = 0;
761
762 DEBUG ((DEBUG_INFO, "TdGetEventLog ... (0x%x)\n", EventLogFormat));
763 ASSERT (EventLogFormat == EFI_CC_EVENT_LOG_FORMAT_TCG_2);
764
765 if (EventLogLocation != NULL) {
766 *EventLogLocation = mTdxDxeData.EventLogAreaStruct[Index].Lasa;
767 DEBUG ((DEBUG_INFO, "TdGetEventLog (EventLogLocation - %x)\n", *EventLogLocation));
768 }
769
770 if (EventLogLastEntry != NULL) {
771 if (!mTdxDxeData.EventLogAreaStruct[Index].EventLogStarted) {
772 *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)0;
773 } else {
774 *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)mTdxDxeData.EventLogAreaStruct[Index].LastEvent;
775 }
776
777 DEBUG ((DEBUG_INFO, "TdGetEventLog (EventLogLastEntry - %x)\n", *EventLogLastEntry));
778 }
779
780 if (EventLogTruncated != NULL) {
781 *EventLogTruncated = mTdxDxeData.EventLogAreaStruct[Index].EventLogTruncated;
782 DEBUG ((DEBUG_INFO, "TdGetEventLog (EventLogTruncated - %x)\n", *EventLogTruncated));
783 }
784
785 DEBUG ((DEBUG_INFO, "TdGetEventLog - %r\n", EFI_SUCCESS));
786
787 // Dump Event Log for debug purpose
788 if ((EventLogLocation != NULL) && (EventLogLastEntry != NULL)) {
789 DumpCcEventLog (EventLogFormat, *EventLogLocation, *EventLogLastEntry, mTdxDxeData.FinalEventsTable[Index]);
790 }
791
792 //
793 // All events generated after the invocation of EFI_TCG2_GET_EVENT_LOG SHALL be stored
794 // in an instance of an EFI_CONFIGURATION_TABLE named by the VendorGuid of EFI_TCG2_FINAL_EVENTS_TABLE_GUID.
795 //
796 mTdxDxeData.GetEventLogCalled[Index] = TRUE;
797
798 return EFI_SUCCESS;
799}
800
813BOOLEAN
814Is800155Event (
815 IN VOID *NewEventHdr,
816 IN UINT32 NewEventHdrSize,
817 IN UINT8 *NewEventData,
818 IN UINT32 NewEventSize
819 )
820{
821 if ((((TCG_PCR_EVENT2_HDR *)NewEventHdr)->EventType == EV_NO_ACTION) &&
822 (NewEventSize >= sizeof (TCG_Sp800_155_PlatformId_Event2)) &&
823 ((CompareMem (
824 NewEventData,
825 TCG_Sp800_155_PlatformId_Event2_SIGNATURE,
826 sizeof (TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1
827 ) == 0) ||
828 (CompareMem (
829 NewEventData,
830 TCG_Sp800_155_PlatformId_Event3_SIGNATURE,
831 sizeof (TCG_Sp800_155_PlatformId_Event3_SIGNATURE) - 1
832 ) == 0)))
833 {
834 return TRUE;
835 }
836
837 return FALSE;
838}
839
853EFI_STATUS
854TcgCommLogEvent (
855 IN OUT CC_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct,
856 IN VOID *NewEventHdr,
857 IN UINT32 NewEventHdrSize,
858 IN UINT8 *NewEventData,
859 IN UINT32 NewEventSize
860 )
861{
862 UINTN NewLogSize;
863 BOOLEAN Record800155Event;
864 CC_EVENT_HDR *CcEventHdr;
865
866 CcEventHdr = (CC_EVENT_HDR *)NewEventHdr;
867 DEBUG ((DEBUG_VERBOSE, "Td: Try to log event. Index = %d, EventType = 0x%x\n", CcEventHdr->MrIndex, CcEventHdr->EventType));
868
869 if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) {
870 return EFI_OUT_OF_RESOURCES;
871 }
872
873 NewLogSize = NewEventHdrSize + NewEventSize;
874
875 if (NewLogSize > MAX_ADDRESS - EventLogAreaStruct->EventLogSize) {
876 return EFI_OUT_OF_RESOURCES;
877 }
878
879 if (NewLogSize + EventLogAreaStruct->EventLogSize > EventLogAreaStruct->Laml) {
880 DEBUG ((DEBUG_INFO, " Laml - 0x%x\n", EventLogAreaStruct->Laml));
881 DEBUG ((DEBUG_INFO, " NewLogSize - 0x%x\n", NewLogSize));
882 DEBUG ((DEBUG_INFO, " LogSize - 0x%x\n", EventLogAreaStruct->EventLogSize));
883 DEBUG ((DEBUG_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES));
884 return EFI_OUT_OF_RESOURCES;
885 }
886
887 //
888 // Check 800-155 event
889 // Record to 800-155 event offset only.
890 // If the offset is 0, no need to record.
891 //
892 Record800155Event = Is800155Event (NewEventHdr, NewEventHdrSize, NewEventData, NewEventSize);
893 if (Record800155Event) {
894 DEBUG ((DEBUG_INFO, "It is 800155Event.\n"));
895
896 if (EventLogAreaStruct->Next800155EventOffset != 0) {
897 CopyMem (
898 (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset + NewLogSize,
899 (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset,
900 EventLogAreaStruct->EventLogSize - EventLogAreaStruct->Next800155EventOffset
901 );
902
903 CopyMem (
904 (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset,
905 NewEventHdr,
906 NewEventHdrSize
907 );
908 CopyMem (
909 (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset + NewEventHdrSize,
910 NewEventData,
911 NewEventSize
912 );
913
914 EventLogAreaStruct->Next800155EventOffset += NewLogSize;
915 EventLogAreaStruct->LastEvent += NewLogSize;
916 EventLogAreaStruct->EventLogSize += NewLogSize;
917 }
918
919 return EFI_SUCCESS;
920 }
921
922 EventLogAreaStruct->LastEvent = (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->EventLogSize;
923 EventLogAreaStruct->EventLogSize += NewLogSize;
924
925 CopyMem (EventLogAreaStruct->LastEvent, NewEventHdr, NewEventHdrSize);
926 CopyMem (
927 EventLogAreaStruct->LastEvent + NewEventHdrSize,
928 NewEventData,
929 NewEventSize
930 );
931
932 return EFI_SUCCESS;
933}
934
953UINT32
954EFIAPI
955MapPcrToMrIndex (
956 IN UINT32 PCRIndex
957 )
958{
959 UINT32 MrIndex;
960
961 if (PCRIndex > 15) {
962 ASSERT (FALSE);
963 return CC_MR_INDEX_INVALID;
964 }
965
966 MrIndex = 0;
967 if (PCRIndex == 0) {
968 MrIndex = CC_MR_INDEX_0_MRTD;
969 } else if ((PCRIndex == 1) || (PCRIndex == 7)) {
970 MrIndex = CC_MR_INDEX_1_RTMR0;
971 } else if ((PCRIndex >= 2) && (PCRIndex <= 6)) {
972 MrIndex = CC_MR_INDEX_2_RTMR1;
973 } else if ((PCRIndex >= 8) && (PCRIndex <= 15)) {
974 MrIndex = CC_MR_INDEX_3_RTMR2;
975 }
976
977 return MrIndex;
978}
979
980EFI_STATUS
981EFIAPI
982TdMapPcrToMrIndex (
983 IN EFI_CC_MEASUREMENT_PROTOCOL *This,
984 IN UINT32 PCRIndex,
985 OUT UINT32 *MrIndex
986 )
987{
988 if (MrIndex == NULL) {
989 return EFI_INVALID_PARAMETER;
990 }
991
992 *MrIndex = MapPcrToMrIndex (PCRIndex);
993
994 return *MrIndex == CC_MR_INDEX_INVALID ? EFI_INVALID_PARAMETER : EFI_SUCCESS;
995}
996
1010EFI_STATUS
1011TdxDxeLogEvent (
1012 IN EFI_CC_EVENT_LOG_FORMAT EventLogFormat,
1013 IN VOID *NewEventHdr,
1014 IN UINT32 NewEventHdrSize,
1015 IN UINT8 *NewEventData,
1016 IN UINT32 NewEventSize
1017 )
1018{
1019 EFI_STATUS Status;
1020 UINTN Index;
1021 CC_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct;
1022
1023 if (EventLogFormat != EFI_CC_EVENT_LOG_FORMAT_TCG_2) {
1024 ASSERT (FALSE);
1025 return EFI_INVALID_PARAMETER;
1026 }
1027
1028 Index = 0;
1029
1030 //
1031 // Record to normal event log
1032 //
1033 EventLogAreaStruct = &mTdxDxeData.EventLogAreaStruct[Index];
1034
1035 if (EventLogAreaStruct->EventLogTruncated) {
1036 return EFI_VOLUME_FULL;
1037 }
1038
1039 Status = TcgCommLogEvent (
1040 EventLogAreaStruct,
1041 NewEventHdr,
1042 NewEventHdrSize,
1043 NewEventData,
1044 NewEventSize
1045 );
1046
1047 if (Status == EFI_OUT_OF_RESOURCES) {
1048 EventLogAreaStruct->EventLogTruncated = TRUE;
1049 return EFI_VOLUME_FULL;
1050 } else if (Status == EFI_SUCCESS) {
1051 EventLogAreaStruct->EventLogStarted = TRUE;
1052 }
1053
1054 //
1055 // If GetEventLog is called, record to FinalEventsTable, too.
1056 //
1057 if (mTdxDxeData.GetEventLogCalled[Index]) {
1058 if (mTdxDxeData.FinalEventsTable[Index] == NULL) {
1059 //
1060 // no need for FinalEventsTable
1061 //
1062 return EFI_SUCCESS;
1063 }
1064
1065 EventLogAreaStruct = &mTdxDxeData.FinalEventLogAreaStruct[Index];
1066
1067 if (EventLogAreaStruct->EventLogTruncated) {
1068 return EFI_VOLUME_FULL;
1069 }
1070
1071 Status = TcgCommLogEvent (
1072 EventLogAreaStruct,
1073 NewEventHdr,
1074 NewEventHdrSize,
1075 NewEventData,
1076 NewEventSize
1077 );
1078 if (Status == EFI_OUT_OF_RESOURCES) {
1079 EventLogAreaStruct->EventLogTruncated = TRUE;
1080 return EFI_VOLUME_FULL;
1081 } else if (Status == EFI_SUCCESS) {
1082 EventLogAreaStruct->EventLogStarted = TRUE;
1083 //
1084 // Increase the NumberOfEvents in FinalEventsTable
1085 //
1086 (mTdxDxeData.FinalEventsTable[Index])->NumberOfEvents++;
1087 DEBUG ((DEBUG_INFO, "FinalEventsTable->NumberOfEvents - 0x%x\n", (mTdxDxeData.FinalEventsTable[Index])->NumberOfEvents));
1088 DEBUG ((DEBUG_INFO, " Size - 0x%x\n", (UINTN)EventLogAreaStruct->EventLogSize));
1089 }
1090 }
1091
1092 return Status;
1093}
1094
1102UINT32
1103GetDigestListBinSize (
1104 IN VOID *DigestListBin
1105 )
1106{
1107 UINTN Index;
1108 UINT16 DigestSize;
1109 UINT32 TotalSize;
1110 UINT32 Count;
1111 TPMI_ALG_HASH HashAlg;
1112
1113 Count = ReadUnaligned32 (DigestListBin);
1114 TotalSize = sizeof (Count);
1115 DigestListBin = (UINT8 *)DigestListBin + sizeof (Count);
1116 for (Index = 0; Index < Count; Index++) {
1117 HashAlg = ReadUnaligned16 (DigestListBin);
1118 TotalSize += sizeof (HashAlg);
1119 DigestListBin = (UINT8 *)DigestListBin + sizeof (HashAlg);
1120
1121 DigestSize = GetHashSizeFromAlgo (HashAlg);
1122 TotalSize += DigestSize;
1123 DigestListBin = (UINT8 *)DigestListBin + DigestSize;
1124 }
1125
1126 return TotalSize;
1127}
1128
1139VOID *
1140CopyDigestListBinToBuffer (
1141 IN OUT VOID *Buffer,
1142 IN VOID *DigestListBin,
1143 IN UINT32 HashAlgorithmMask,
1144 OUT UINT32 *HashAlgorithmMaskCopied
1145 )
1146{
1147 UINTN Index;
1148 UINT16 DigestSize;
1149 UINT32 Count;
1150 TPMI_ALG_HASH HashAlg;
1151 UINT32 DigestListCount;
1152 UINT32 *DigestListCountPtr;
1153
1154 DigestListCountPtr = (UINT32 *)Buffer;
1155 DigestListCount = 0;
1156 *HashAlgorithmMaskCopied = 0;
1157
1158 Count = ReadUnaligned32 (DigestListBin);
1159 Buffer = (UINT8 *)Buffer + sizeof (Count);
1160 DigestListBin = (UINT8 *)DigestListBin + sizeof (Count);
1161 for (Index = 0; Index < Count; Index++) {
1162 HashAlg = ReadUnaligned16 (DigestListBin);
1163 DigestListBin = (UINT8 *)DigestListBin + sizeof (HashAlg);
1164 DigestSize = GetHashSizeFromAlgo (HashAlg);
1165
1166 if ((HashAlg & HashAlgorithmMask) != 0) {
1167 CopyMem (Buffer, &HashAlg, sizeof (HashAlg));
1168 Buffer = (UINT8 *)Buffer + sizeof (HashAlg);
1169 CopyMem (Buffer, DigestListBin, DigestSize);
1170 Buffer = (UINT8 *)Buffer + DigestSize;
1171 DigestListCount++;
1172 (*HashAlgorithmMaskCopied) |= GetHashMaskFromAlgo (HashAlg);
1173 } else {
1174 DEBUG ((DEBUG_ERROR, "WARNING: CopyDigestListBinToBuffer Event log has HashAlg unsupported by PCR bank (0x%x)\n", HashAlg));
1175 }
1176
1177 DigestListBin = (UINT8 *)DigestListBin + DigestSize;
1178 }
1179
1180 WriteUnaligned32 (DigestListCountPtr, DigestListCount);
1181
1182 return Buffer;
1183}
1184
1199EFI_STATUS
1200TdxDxeLogHashEvent (
1201 IN TPML_DIGEST_VALUES *DigestList,
1202 IN OUT CC_EVENT_HDR *NewEventHdr,
1203 IN UINT8 *NewEventData
1204 )
1205{
1206 EFI_STATUS Status;
1207 EFI_TPL OldTpl;
1208 EFI_STATUS RetStatus;
1209 CC_EVENT CcEvent;
1210 UINT8 *DigestBuffer;
1211 UINT32 *EventSizePtr;
1212 EFI_CC_EVENT_LOG_FORMAT LogFormat;
1213
1214 RetStatus = EFI_SUCCESS;
1215 LogFormat = EFI_CC_EVENT_LOG_FORMAT_TCG_2;
1216
1217 ZeroMem (&CcEvent, sizeof (CcEvent));
1218 CcEvent.MrIndex = NewEventHdr->MrIndex;
1219 CcEvent.EventType = NewEventHdr->EventType;
1220 DigestBuffer = (UINT8 *)&CcEvent.Digests;
1221 EventSizePtr = CopyDigestListToBuffer (DigestBuffer, DigestList, HASH_ALG_SHA384);
1222 CopyMem (EventSizePtr, &NewEventHdr->EventSize, sizeof (NewEventHdr->EventSize));
1223
1224 //
1225 // Enter critical region
1226 //
1227 OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
1228 Status = TdxDxeLogEvent (
1229 LogFormat,
1230 &CcEvent,
1231 sizeof (CcEvent.MrIndex) + sizeof (CcEvent.EventType) + GetDigestListBinSize (DigestBuffer) + sizeof (CcEvent.EventSize),
1232 NewEventData,
1233 NewEventHdr->EventSize
1234 );
1235 if (Status != EFI_SUCCESS) {
1236 RetStatus = Status;
1237 }
1238
1239 gBS->RestoreTPL (OldTpl);
1240
1241 return RetStatus;
1242}
1243
1260EFI_STATUS
1261TdxDxeHashLogExtendEvent (
1262 IN UINT64 Flags,
1263 IN UINT8 *HashData,
1264 IN UINT64 HashDataLen,
1265 IN OUT CC_EVENT_HDR *NewEventHdr,
1266 IN UINT8 *NewEventData
1267 )
1268{
1269 EFI_STATUS Status;
1270 TPML_DIGEST_VALUES DigestList;
1271 CC_EVENT_HDR NoActionEvent;
1272
1273 if (NewEventHdr->EventType == EV_NO_ACTION) {
1274 //
1275 // Do not do RTMR extend for EV_NO_ACTION
1276 //
1277 Status = EFI_SUCCESS;
1278 InitNoActionEvent (&NoActionEvent, NewEventHdr->EventSize);
1279 if ((Flags & EFI_CC_FLAG_EXTEND_ONLY) == 0) {
1280 Status = TdxDxeLogHashEvent (&(NoActionEvent.Digests), NewEventHdr, NewEventData);
1281 }
1282
1283 return Status;
1284 }
1285
1286 //
1287 // According to UEFI Spec 2.10 Section 38.4.1 the mapping between MrIndex and Intel
1288 // TDX Measurement Register is:
1289 // MrIndex 0 <--> MRTD
1290 // MrIndex 1-3 <--> RTMR[0-2]
1291 // Only the RMTR registers can be extended in TDVF by HashAndExtend. So MrIndex will
1292 // decreased by 1 before it is sent to HashAndExtend.
1293 //
1294 Status = HashAndExtend (
1295 NewEventHdr->MrIndex - 1,
1296 HashData,
1297 (UINTN)HashDataLen,
1298 &DigestList
1299 );
1300 if (!EFI_ERROR (Status)) {
1301 if ((Flags & EFI_CC_FLAG_EXTEND_ONLY) == 0) {
1302 Status = TdxDxeLogHashEvent (&DigestList, NewEventHdr, NewEventData);
1303 }
1304 }
1305
1306 return Status;
1307}
1308
1328EFI_STATUS
1329EFIAPI
1330TdHashLogExtendEvent (
1331 IN EFI_CC_MEASUREMENT_PROTOCOL *This,
1332 IN UINT64 Flags,
1333 IN EFI_PHYSICAL_ADDRESS DataToHash,
1334 IN UINT64 DataToHashLen,
1335 IN EFI_CC_EVENT *CcEvent
1336 )
1337{
1338 EFI_STATUS Status;
1339 CC_EVENT_HDR NewEventHdr;
1340 TPML_DIGEST_VALUES DigestList;
1341
1342 DEBUG ((DEBUG_VERBOSE, "TdHashLogExtendEvent ...\n"));
1343
1344 if ((This == NULL) || (CcEvent == NULL)) {
1345 return EFI_INVALID_PARAMETER;
1346 }
1347
1348 //
1349 // Do not check hash data size for EV_NO_ACTION event.
1350 //
1351 if ((CcEvent->Header.EventType != EV_NO_ACTION) && (DataToHash == 0)) {
1352 return EFI_INVALID_PARAMETER;
1353 }
1354
1355 if (CcEvent->Size < CcEvent->Header.HeaderSize + sizeof (UINT32)) {
1356 return EFI_INVALID_PARAMETER;
1357 }
1358
1359 if (CcEvent->Header.MrIndex == CC_MR_INDEX_0_MRTD) {
1360 DEBUG ((DEBUG_ERROR, "%a: MRTD cannot be extended in TDVF.\n", __func__));
1361 return EFI_INVALID_PARAMETER;
1362 }
1363
1364 if (CcEvent->Header.MrIndex >= CC_MR_INDEX_INVALID) {
1365 DEBUG ((DEBUG_ERROR, "%a: MrIndex is invalid. (%d)\n", __func__, CcEvent->Header.MrIndex));
1366 return EFI_INVALID_PARAMETER;
1367 }
1368
1369 NewEventHdr.MrIndex = CcEvent->Header.MrIndex;
1370 NewEventHdr.EventType = CcEvent->Header.EventType;
1371 NewEventHdr.EventSize = CcEvent->Size - sizeof (UINT32) - CcEvent->Header.HeaderSize;
1372 if ((Flags & EFI_CC_FLAG_PE_COFF_IMAGE) != 0) {
1373 //
1374 // According to UEFI Spec 2.10 Section 38.4.1 the mapping between MrIndex and Intel
1375 // TDX Measurement Register is:
1376 // MrIndex 0 <--> MRTD
1377 // MrIndex 1-3 <--> RTMR[0-2]
1378 // Only the RMTR registers can be extended in TDVF by HashAndExtend. So MrIndex will
1379 // decreased by 1 before it is sent to MeasurePeImageAndExtend.
1380 //
1381 Status = MeasurePeImageAndExtend (
1382 NewEventHdr.MrIndex - 1,
1383 DataToHash,
1384 (UINTN)DataToHashLen,
1385 &DigestList
1386 );
1387 if (!EFI_ERROR (Status)) {
1388 if ((Flags & EFI_CC_FLAG_EXTEND_ONLY) == 0) {
1389 Status = TdxDxeLogHashEvent (&DigestList, &NewEventHdr, CcEvent->Event);
1390 }
1391 }
1392 } else {
1393 Status = TdxDxeHashLogExtendEvent (
1394 Flags,
1395 (UINT8 *)(UINTN)DataToHash,
1396 DataToHashLen,
1397 &NewEventHdr,
1398 CcEvent->Event
1399 );
1400 }
1401
1402 DEBUG ((DEBUG_VERBOSE, "TdHashLogExtendEvent - %r\n", Status));
1403 return Status;
1404}
1405
1406EFI_CC_MEASUREMENT_PROTOCOL mTdProtocol = {
1407 TdGetCapability,
1408 TdGetEventLog,
1409 TdHashLogExtendEvent,
1410 TdMapPcrToMrIndex,
1411};
1412
1413#define TD_HASH_COUNT 1
1414#define TEMP_BUF_LEN (sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) \
1415 + (TD_HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8))
1416
1424EFI_STATUS
1425SetupCcEventLog (
1426 VOID
1427 )
1428{
1429 EFI_STATUS Status;
1430 EFI_PHYSICAL_ADDRESS Lasa;
1431 UINTN Index;
1432 TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct;
1433 UINT8 TempBuf[TEMP_BUF_LEN];
1434 TCG_PCR_EVENT_HDR SpecIdEvent;
1435 TCG_EfiSpecIdEventAlgorithmSize *DigestSize;
1436 TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize;
1437 UINT8 *VendorInfoSize;
1438 UINT32 NumberOfAlgorithms;
1439 EFI_CC_EVENT_LOG_FORMAT LogFormat;
1440 EFI_PEI_HOB_POINTERS GuidHob;
1441 CC_EVENT_HDR NoActionEvent;
1442
1443 Status = EFI_SUCCESS;
1444 DEBUG ((DEBUG_INFO, "SetupCcEventLog\n"));
1445
1446 Index = 0;
1447 LogFormat = EFI_CC_EVENT_LOG_FORMAT_TCG_2;
1448
1449 //
1450 // 1. Create Log Area
1451 //
1452 mTdxDxeData.EventLogAreaStruct[Index].EventLogFormat = LogFormat;
1453
1454 // allocate pages for TD Event log
1455 Status = gBS->AllocatePages (
1456 AllocateAnyPages,
1457 EfiACPIMemoryNVS,
1458 EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)),
1459 &Lasa
1460 );
1461 if (EFI_ERROR (Status)) {
1462 return Status;
1463 }
1464
1465 mTdxDxeData.EventLogAreaStruct[Index].Lasa = Lasa;
1466 mTdxDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen);
1467 mTdxDxeData.EventLogAreaStruct[Index].Next800155EventOffset = 0;
1468
1469 //
1470 // Report TD event log address and length, so that they can be reported in
1471 // TD ACPI table. Ignore the return status, because those fields are optional.
1472 //
1473 PcdSet32S (PcdCcEventlogAcpiTableLaml, (UINT32)mTdxDxeData.EventLogAreaStruct[Index].Laml);
1474 PcdSet64S (PcdCcEventlogAcpiTableLasa, mTdxDxeData.EventLogAreaStruct[Index].Lasa);
1475
1476 //
1477 // To initialize them as 0xFF is recommended
1478 // because the OS can know the last entry for that.
1479 //
1480 SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF);
1481
1482 //
1483 // Create first entry for Log Header Entry Data
1484 //
1485
1486 //
1487 // TcgEfiSpecIdEventStruct
1488 //
1489 TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)TempBuf;
1490 CopyMem (TcgEfiSpecIdEventStruct->signature, TCG_EfiSpecIDEventStruct_SIGNATURE_03, sizeof (TcgEfiSpecIdEventStruct->signature));
1491
1492 TcgEfiSpecIdEventStruct->platformClass = PcdGet8 (PcdTpmPlatformClass);
1493
1494 TcgEfiSpecIdEventStruct->specVersionMajor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2;
1495 TcgEfiSpecIdEventStruct->specVersionMinor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2;
1496 TcgEfiSpecIdEventStruct->specErrata = TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2;
1497 TcgEfiSpecIdEventStruct->uintnSize = sizeof (UINTN)/sizeof (UINT32);
1498 NumberOfAlgorithms = 0;
1499 DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct
1500 + sizeof (*TcgEfiSpecIdEventStruct)
1501 + sizeof (NumberOfAlgorithms));
1502
1503 TempDigestSize = DigestSize;
1504 TempDigestSize += NumberOfAlgorithms;
1505 TempDigestSize->algorithmId = TPM_ALG_SHA384;
1506 TempDigestSize->digestSize = SHA384_DIGEST_SIZE;
1507 NumberOfAlgorithms++;
1508
1509 CopyMem (TcgEfiSpecIdEventStruct + 1, &NumberOfAlgorithms, sizeof (NumberOfAlgorithms));
1510 TempDigestSize = DigestSize;
1511 TempDigestSize += NumberOfAlgorithms;
1512 VendorInfoSize = (UINT8 *)TempDigestSize;
1513 *VendorInfoSize = 0;
1514
1515 SpecIdEvent.PCRIndex = 1; // PCRIndex 0 maps to MrIndex 1
1516 SpecIdEvent.EventType = EV_NO_ACTION;
1517 ZeroMem (&SpecIdEvent.Digest, sizeof (SpecIdEvent.Digest));
1518 SpecIdEvent.EventSize = (UINT32)GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct);
1519
1520 //
1521 // TD Event log re-use the spec of TCG2 Event log.
1522 // Log TcgEfiSpecIdEventStruct as the first Event. Event format is TCG_PCR_EVENT.
1523 // TCG EFI Protocol Spec. Section 5.3 Event Log Header
1524 // TCG PC Client PFP spec. Section 9.2 Measurement Event Entries and Log
1525 //
1526 Status = TdxDxeLogEvent (
1527 LogFormat,
1528 &SpecIdEvent,
1529 sizeof (SpecIdEvent),
1530 (UINT8 *)TcgEfiSpecIdEventStruct,
1531 SpecIdEvent.EventSize
1532 );
1533 //
1534 // record the offset at the end of 800-155 event.
1535 // the future 800-155 event can be inserted here.
1536 //
1537 mTdxDxeData.EventLogAreaStruct[Index].Next800155EventOffset = mTdxDxeData.EventLogAreaStruct[Index].EventLogSize;
1538
1539 //
1540 // Tcg800155PlatformIdEvent. Event format is TCG_PCR_EVENT2
1541 //
1542 GuidHob.Guid = GetFirstGuidHob (&gTcg800155PlatformIdEventHobGuid);
1543 while (GuidHob.Guid != NULL) {
1544 InitNoActionEvent (&NoActionEvent, GET_GUID_HOB_DATA_SIZE (GuidHob.Guid));
1545
1546 Status = TdxDxeLogEvent (
1547 LogFormat,
1548 &NoActionEvent,
1549 sizeof (NoActionEvent.MrIndex) + sizeof (NoActionEvent.EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof (NoActionEvent.EventSize),
1550 GET_GUID_HOB_DATA (GuidHob.Guid),
1551 GET_GUID_HOB_DATA_SIZE (GuidHob.Guid)
1552 );
1553
1554 GuidHob.Guid = GET_NEXT_HOB (GuidHob);
1555 GuidHob.Guid = GetNextGuidHob (&gTcg800155PlatformIdEventHobGuid, GuidHob.Guid);
1556 }
1557
1558 //
1559 // 2. Create Final Log Area
1560 //
1561 Status = gBS->AllocatePages (
1562 AllocateAnyPages,
1563 EfiACPIMemoryNVS,
1564 EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcg2FinalLogAreaLen)),
1565 &Lasa
1566 );
1567 if (EFI_ERROR (Status)) {
1568 return Status;
1569 }
1570
1571 SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), 0xFF);
1572
1573 //
1574 // Initialize
1575 //
1576 mTdxDxeData.FinalEventsTable[Index] = (VOID *)(UINTN)Lasa;
1577 (mTdxDxeData.FinalEventsTable[Index])->Version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
1578 (mTdxDxeData.FinalEventsTable[Index])->NumberOfEvents = 0;
1579
1580 mTdxDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = LogFormat;
1581 mTdxDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + sizeof (EFI_CC_FINAL_EVENTS_TABLE);
1582 mTdxDxeData.FinalEventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcg2FinalLogAreaLen) - sizeof (EFI_CC_FINAL_EVENTS_TABLE);
1583 mTdxDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0;
1584 mTdxDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTdxDxeData.FinalEventLogAreaStruct[Index].Lasa;
1585 mTdxDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE;
1586 mTdxDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE;
1587 mTdxDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = 0;
1588
1589 //
1590 // Install to configuration table for EFI_CC_EVENT_LOG_FORMAT_TCG_2
1591 //
1592 Status = gBS->InstallConfigurationTable (&gEfiCcFinalEventsTableGuid, (VOID *)mTdxDxeData.FinalEventsTable[Index]);
1593 if (EFI_ERROR (Status)) {
1594 return Status;
1595 }
1596
1597 return Status;
1598}
1599
1610EFI_STATUS
1611TdMeasureAction (
1612 IN UINT32 MrIndex,
1613 IN CHAR8 *String
1614 )
1615{
1616 CC_EVENT_HDR CcEvent;
1617
1618 CcEvent.MrIndex = MrIndex;
1619 CcEvent.EventType = EV_EFI_ACTION;
1620 CcEvent.EventSize = (UINT32)AsciiStrLen (String);
1621 return TdxDxeHashLogExtendEvent (
1622 0,
1623 (UINT8 *)String,
1624 CcEvent.EventSize,
1625 &CcEvent,
1626 (UINT8 *)String
1627 );
1628}
1629
1637EFI_STATUS
1638MeasureHandoffTables (
1639 VOID
1640 )
1641{
1642 EFI_STATUS Status;
1643 CC_EVENT_HDR CcEvent;
1644 EFI_HANDOFF_TABLE_POINTERS HandoffTables;
1645 UINTN ProcessorNum;
1646 EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf;
1647
1648 ProcessorLocBuf = NULL;
1649 Status = EFI_SUCCESS;
1650
1651 if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) {
1652 //
1653 // Tcg Server spec.
1654 // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1]
1655 //
1656 Status = GetProcessorsCpuLocation (&ProcessorLocBuf, &ProcessorNum);
1657
1658 if (!EFI_ERROR (Status)) {
1659 CcEvent.MrIndex = MapPcrToMrIndex (1);
1660 CcEvent.EventType = EV_TABLE_OF_DEVICES;
1661 CcEvent.EventSize = sizeof (HandoffTables);
1662
1663 HandoffTables.NumberOfTables = 1;
1664 HandoffTables.TableEntry[0].VendorGuid = gEfiMpServiceProtocolGuid;
1665 HandoffTables.TableEntry[0].VendorTable = ProcessorLocBuf;
1666
1667 Status = TdxDxeHashLogExtendEvent (
1668 0,
1669 (UINT8 *)(UINTN)ProcessorLocBuf,
1670 sizeof (EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,
1671 &CcEvent,
1672 (UINT8 *)&HandoffTables
1673 );
1674
1675 FreePool (ProcessorLocBuf);
1676 }
1677 }
1678
1679 return Status;
1680}
1681
1691EFI_STATUS
1692MeasureSeparatorEvent (
1693 IN UINT32 MrIndex
1694 )
1695{
1696 CC_EVENT_HDR CcEvent;
1697 UINT32 EventData;
1698
1699 DEBUG ((DEBUG_INFO, "MeasureSeparatorEvent to Rtmr - %d\n", MrIndex));
1700
1701 EventData = 0;
1702 CcEvent.MrIndex = MrIndex;
1703 CcEvent.EventType = EV_SEPARATOR;
1704 CcEvent.EventSize = (UINT32)sizeof (EventData);
1705
1706 return TdxDxeHashLogExtendEvent (
1707 0,
1708 (UINT8 *)&EventData,
1709 sizeof (EventData),
1710 &CcEvent,
1711 (UINT8 *)&EventData
1712 );
1713}
1714
1730EFI_STATUS
1731MeasureVariable (
1732 IN UINT32 MrIndex,
1733 IN TCG_EVENTTYPE EventType,
1734 IN CHAR16 *VarName,
1735 IN EFI_GUID *VendorGuid,
1736 IN VOID *VarData,
1737 IN UINTN VarSize
1738 )
1739{
1740 EFI_STATUS Status;
1741 CC_EVENT_HDR CcEvent;
1742 UINTN VarNameLength;
1743 UEFI_VARIABLE_DATA *VarLog;
1744
1745 DEBUG ((DEBUG_INFO, "TdTcg2Dxe: MeasureVariable (Rtmr - %x, EventType - %x, ", (UINTN)MrIndex, (UINTN)EventType));
1746 DEBUG ((DEBUG_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid));
1747
1748 VarNameLength = StrLen (VarName);
1749 CcEvent.MrIndex = MrIndex;
1750 CcEvent.EventType = EventType;
1751
1752 CcEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize
1753 - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData));
1754
1755 VarLog = (UEFI_VARIABLE_DATA *)AllocatePool (CcEvent.EventSize);
1756 if (VarLog == NULL) {
1757 return EFI_OUT_OF_RESOURCES;
1758 }
1759
1760 VarLog->VariableName = *VendorGuid;
1761 VarLog->UnicodeNameLength = VarNameLength;
1762 VarLog->VariableDataLength = VarSize;
1763 CopyMem (
1764 VarLog->UnicodeName,
1765 VarName,
1766 VarNameLength * sizeof (*VarName)
1767 );
1768 if ((VarSize != 0) && (VarData != NULL)) {
1769 CopyMem (
1770 (CHAR16 *)VarLog->UnicodeName + VarNameLength,
1771 VarData,
1772 VarSize
1773 );
1774 }
1775
1776 if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) {
1777 //
1778 // Digest is the event data (UEFI_VARIABLE_DATA)
1779 //
1780 Status = TdxDxeHashLogExtendEvent (
1781 0,
1782 (UINT8 *)VarLog,
1783 CcEvent.EventSize,
1784 &CcEvent,
1785 (UINT8 *)VarLog
1786 );
1787 } else {
1788 ASSERT (VarData != NULL);
1789 Status = TdxDxeHashLogExtendEvent (
1790 0,
1791 (UINT8 *)VarData,
1792 VarSize,
1793 &CcEvent,
1794 (UINT8 *)VarLog
1795 );
1796 }
1797
1798 FreePool (VarLog);
1799 return Status;
1800}
1801
1817EFI_STATUS
1818ReadAndMeasureVariable (
1819 IN UINT32 MrIndex,
1820 IN TCG_EVENTTYPE EventType,
1821 IN CHAR16 *VarName,
1822 IN EFI_GUID *VendorGuid,
1823 OUT UINTN *VarSize,
1824 OUT VOID **VarData
1825 )
1826{
1827 EFI_STATUS Status;
1828
1829 Status = GetVariable2 (VarName, VendorGuid, VarData, VarSize);
1830 if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) {
1831 if (EFI_ERROR (Status)) {
1832 //
1833 // It is valid case, so we need handle it.
1834 //
1835 *VarData = NULL;
1836 *VarSize = 0;
1837 }
1838 } else {
1839 //
1840 // if status error, VarData is freed and set NULL by GetVariable2
1841 //
1842 if (EFI_ERROR (Status)) {
1843 return EFI_NOT_FOUND;
1844 }
1845 }
1846
1847 Status = MeasureVariable (
1848 MrIndex,
1849 EventType,
1850 VarName,
1851 VendorGuid,
1852 *VarData,
1853 *VarSize
1854 );
1855 return Status;
1856}
1857
1872EFI_STATUS
1873ReadAndMeasureBootVariable (
1874 IN CHAR16 *VarName,
1875 IN EFI_GUID *VendorGuid,
1876 OUT UINTN *VarSize,
1877 OUT VOID **VarData
1878 )
1879{
1880 return ReadAndMeasureVariable (
1881 MapPcrToMrIndex (1),
1882 EV_EFI_VARIABLE_BOOT,
1883 VarName,
1884 VendorGuid,
1885 VarSize,
1886 VarData
1887 );
1888}
1889
1903EFI_STATUS
1904ReadAndMeasureSecureVariable (
1905 IN CHAR16 *VarName,
1906 IN EFI_GUID *VendorGuid,
1907 OUT UINTN *VarSize,
1908 OUT VOID **VarData
1909 )
1910{
1911 return ReadAndMeasureVariable (
1912 MapPcrToMrIndex (7),
1913 EV_EFI_VARIABLE_DRIVER_CONFIG,
1914 VarName,
1915 VendorGuid,
1916 VarSize,
1917 VarData
1918 );
1919}
1920
1931EFI_STATUS
1932MeasureAllBootVariables (
1933 VOID
1934 )
1935{
1936 EFI_STATUS Status;
1937 UINT16 *BootOrder;
1938 UINTN BootCount;
1939 UINTN Index;
1940 VOID *BootVarData;
1941 UINTN Size;
1942
1943 Status = ReadAndMeasureBootVariable (
1944 mBootVarName,
1945 &gEfiGlobalVariableGuid,
1946 &BootCount,
1947 (VOID **)&BootOrder
1948 );
1949 if ((Status == EFI_NOT_FOUND) || (BootOrder == NULL)) {
1950 return EFI_SUCCESS;
1951 }
1952
1953 if (EFI_ERROR (Status)) {
1954 //
1955 // BootOrder can't be NULL if status is not EFI_NOT_FOUND
1956 //
1957 FreePool (BootOrder);
1958 return Status;
1959 }
1960
1961 BootCount /= sizeof (*BootOrder);
1962 for (Index = 0; Index < BootCount; Index++) {
1963 UnicodeSPrint (mBootVarName, sizeof (mBootVarName), L"Boot%04x", BootOrder[Index]);
1964 Status = ReadAndMeasureBootVariable (
1965 mBootVarName,
1966 &gEfiGlobalVariableGuid,
1967 &Size,
1968 &BootVarData
1969 );
1970 if (!EFI_ERROR (Status)) {
1971 FreePool (BootVarData);
1972 }
1973 }
1974
1975 FreePool (BootOrder);
1976 return EFI_SUCCESS;
1977}
1978
1989EFI_STATUS
1990MeasureAllSecureVariables (
1991 VOID
1992 )
1993{
1994 EFI_STATUS Status;
1995 VOID *Data;
1996 UINTN DataSize;
1997 UINTN Index;
1998
1999 Status = EFI_NOT_FOUND;
2000 for (Index = 0; Index < sizeof (mVariableType)/sizeof (mVariableType[0]); Index++) {
2001 Status = ReadAndMeasureSecureVariable (
2002 mVariableType[Index].VariableName,
2003 mVariableType[Index].VendorGuid,
2004 &DataSize,
2005 &Data
2006 );
2007 if (!EFI_ERROR (Status)) {
2008 if (Data != NULL) {
2009 FreePool (Data);
2010 }
2011 }
2012 }
2013
2014 //
2015 // Measure DBT if present and not empty
2016 //
2017 Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize);
2018 if (!EFI_ERROR (Status)) {
2019 Status = MeasureVariable (
2020 MapPcrToMrIndex (7),
2021 EV_EFI_VARIABLE_DRIVER_CONFIG,
2022 EFI_IMAGE_SECURITY_DATABASE2,
2023 &gEfiImageSecurityDatabaseGuid,
2024 Data,
2025 DataSize
2026 );
2027 FreePool (Data);
2028 } else {
2029 DEBUG ((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2));
2030 }
2031
2032 return EFI_SUCCESS;
2033}
2034
2043EFI_STATUS
2044MeasureLaunchOfFirmwareDebugger (
2045 VOID
2046 )
2047{
2048 CC_EVENT_HDR CcEvent;
2049
2050 CcEvent.MrIndex = MapPcrToMrIndex (7);
2051 CcEvent.EventType = EV_EFI_ACTION;
2052 CcEvent.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1;
2053 return TdxDxeHashLogExtendEvent (
2054 0,
2055 (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING,
2056 sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1,
2057 &CcEvent,
2058 (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING
2059 );
2060}
2061
2080VOID
2081EFIAPI
2082MeasureSecureBootPolicy (
2083 IN EFI_EVENT Event,
2084 IN VOID *Context
2085 )
2086{
2087 EFI_STATUS Status;
2088 VOID *Protocol;
2089
2090 Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, (VOID **)&Protocol);
2091 if (EFI_ERROR (Status)) {
2092 return;
2093 }
2094
2095 if (PcdGetBool (PcdFirmwareDebuggerInitialized)) {
2096 Status = MeasureLaunchOfFirmwareDebugger ();
2097 DEBUG ((DEBUG_INFO, "MeasureLaunchOfFirmwareDebugger - %r\n", Status));
2098 }
2099
2100 Status = MeasureAllSecureVariables ();
2101 DEBUG ((DEBUG_INFO, "MeasureAllSecureVariables - %r\n", Status));
2102
2103 //
2104 // We need measure Separator(7) here, because this event must be between SecureBootPolicy (Configure)
2105 // and ImageVerification (Authority)
2106 // There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So
2107 // the Authority measurement happen before ReadToBoot event.
2108 //
2109 Status = MeasureSeparatorEvent (MapPcrToMrIndex (7));
2110 DEBUG ((DEBUG_INFO, "MeasureSeparatorEvent - %r\n", Status));
2111 return;
2112}
2113
2123VOID
2124EFIAPI
2125OnReadyToBoot (
2126 IN EFI_EVENT Event,
2127 IN VOID *Context
2128 )
2129{
2130 EFI_STATUS Status;
2131
2132 PERF_START_EX (mImageHandle, "EventRec", "TdTcg2Dxe", 0, PERF_ID_CC_TCG2_DXE);
2133 if (mBootAttempts == 0) {
2134 //
2135 // Measure handoff tables.
2136 //
2137 Status = MeasureHandoffTables ();
2138 if (EFI_ERROR (Status)) {
2139 DEBUG ((DEBUG_ERROR, "HOBs not Measured. Error!\n"));
2140 }
2141
2142 //
2143 // Measure BootOrder & Boot#### variables.
2144 //
2145 Status = MeasureAllBootVariables ();
2146 if (EFI_ERROR (Status)) {
2147 DEBUG ((DEBUG_ERROR, "Boot Variables not Measured. Error!\n"));
2148 }
2149
2150 //
2151 // 1. This is the first boot attempt.
2152 //
2153 Status = TdMeasureAction (
2154 MapPcrToMrIndex (4),
2155 EFI_CALLING_EFI_APPLICATION
2156 );
2157 if (EFI_ERROR (Status)) {
2158 DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION));
2159 }
2160
2161 //
2162 // 2. Draw a line between pre-boot env and entering post-boot env.
2163 //
2164 // According to UEFI Spec 2.10 Section 38.4.1 the mapping between MrIndex and Intel
2165 // TDX Measurement Register is:
2166 // MrIndex 0 <--> MRTD
2167 // MrIndex 1-3 <--> RTMR[0-2]
2168 // RTMR[0] (i.e. MrIndex 1) is already done. So SepartorEvent shall be extended to
2169 // RTMR[1] (i.e. MrIndex 2) as well.
2170 //
2171 Status = MeasureSeparatorEvent (CC_MR_INDEX_2_RTMR1);
2172 if (EFI_ERROR (Status)) {
2173 DEBUG ((DEBUG_ERROR, "Separator Event not Measured to RTMR[1]. Error!\n"));
2174 }
2175
2176 //
2177 // 3. Measure GPT. It would be done in SAP driver.
2178 //
2179
2180 //
2181 // 4. Measure PE/COFF OS loader. It would be done in SAP driver.
2182 //
2183
2184 //
2185 // 5. Read & Measure variable. BootOrder already measured.
2186 //
2187 } else {
2188 //
2189 // 6. Not first attempt, meaning a return from last attempt
2190 //
2191 Status = TdMeasureAction (
2192 MapPcrToMrIndex (4),
2193 EFI_RETURNING_FROM_EFI_APPLICATION
2194 );
2195 if (EFI_ERROR (Status)) {
2196 DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATION));
2197 }
2198
2199 //
2200 // 7. Next boot attempt, measure "Calling EFI Application from Boot Option" again
2201 // TCG PC Client PFP spec Section 2.4.4.5 Step 4
2202 //
2203 Status = TdMeasureAction (
2204 MapPcrToMrIndex (4),
2205 EFI_CALLING_EFI_APPLICATION
2206 );
2207 if (EFI_ERROR (Status)) {
2208 DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION));
2209 }
2210 }
2211
2212 DEBUG ((DEBUG_INFO, "TdTcg2Dxe Measure Data when ReadyToBoot\n"));
2213 //
2214 // Increase boot attempt counter.
2215 //
2216 mBootAttempts++;
2217 PERF_END_EX (mImageHandle, "EventRec", "Tcg2Dxe", 0, PERF_ID_CC_TCG2_DXE + 1);
2218}
2219
2229VOID
2230EFIAPI
2231OnExitBootServices (
2232 IN EFI_EVENT Event,
2233 IN VOID *Context
2234 )
2235{
2236 EFI_STATUS Status;
2237
2238 //
2239 // Measure invocation of ExitBootServices,
2240 //
2241 Status = TdMeasureAction (
2242 MapPcrToMrIndex (5),
2243 EFI_EXIT_BOOT_SERVICES_INVOCATION
2244 );
2245 if (EFI_ERROR (Status)) {
2246 DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION));
2247 }
2248
2249 //
2250 // Measure success of ExitBootServices
2251 //
2252 Status = TdMeasureAction (
2253 MapPcrToMrIndex (5),
2254 EFI_EXIT_BOOT_SERVICES_SUCCEEDED
2255 );
2256 if (EFI_ERROR (Status)) {
2257 DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED));
2258 }
2259}
2260
2270VOID
2271EFIAPI
2272OnExitBootServicesFailed (
2273 IN EFI_EVENT Event,
2274 IN VOID *Context
2275 )
2276{
2277 EFI_STATUS Status;
2278
2279 //
2280 // Measure Failure of ExitBootServices,
2281 //
2282 Status = TdMeasureAction (
2283 MapPcrToMrIndex (5),
2284 EFI_EXIT_BOOT_SERVICES_FAILED
2285 );
2286 if (EFI_ERROR (Status)) {
2287 DEBUG ((DEBUG_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED));
2288 }
2289}
2290
2291EFI_STATUS
2292SyncCcEvent (
2293 VOID
2294 )
2295{
2296 EFI_STATUS Status;
2297 EFI_PEI_HOB_POINTERS GuidHob;
2298 VOID *CcEvent;
2299 VOID *DigestListBin;
2300 UINT32 DigestListBinSize;
2301 UINT8 *Event;
2302 UINT32 EventSize;
2303 EFI_CC_EVENT_LOG_FORMAT LogFormat;
2304
2305 DEBUG ((DEBUG_INFO, "Sync Cc event from SEC\n"));
2306
2307 Status = EFI_SUCCESS;
2308 LogFormat = EFI_CC_EVENT_LOG_FORMAT_TCG_2;
2309 GuidHob.Guid = GetFirstGuidHob (&gCcEventEntryHobGuid);
2310
2311 while (!EFI_ERROR (Status) && GuidHob.Guid != NULL) {
2312 CcEvent = AllocateCopyPool (GET_GUID_HOB_DATA_SIZE (GuidHob.Guid), GET_GUID_HOB_DATA (GuidHob.Guid));
2313 if (CcEvent == NULL) {
2314 return EFI_OUT_OF_RESOURCES;
2315 }
2316
2317 GuidHob.Guid = GET_NEXT_HOB (GuidHob);
2318 GuidHob.Guid = GetNextGuidHob (&gCcEventEntryHobGuid, GuidHob.Guid);
2319
2320 DigestListBin = (UINT8 *)CcEvent + sizeof (UINT32) + sizeof (TCG_EVENTTYPE);
2321 DigestListBinSize = GetDigestListBinSize (DigestListBin);
2322
2323 //
2324 // Event size.
2325 //
2326 EventSize = *(UINT32 *)((UINT8 *)DigestListBin + DigestListBinSize);
2327 Event = (UINT8 *)DigestListBin + DigestListBinSize + sizeof (UINT32);
2328
2329 //
2330 // Log the event
2331 //
2332 Status = TdxDxeLogEvent (
2333 LogFormat,
2334 CcEvent,
2335 sizeof (UINT32) + sizeof (TCG_EVENTTYPE) + DigestListBinSize + sizeof (UINT32),
2336 Event,
2337 EventSize
2338 );
2339
2340 DumpCcEvent ((CC_EVENT *)CcEvent);
2341 FreePool (CcEvent);
2342 }
2343
2344 return Status;
2345}
2346
2353VOID
2354EFIAPI
2355InstallAcpiTable (
2356 IN EFI_EVENT Event,
2357 IN VOID *Context
2358 )
2359{
2360 UINTN TableKey;
2361 EFI_STATUS Status;
2362 EFI_ACPI_TABLE_PROTOCOL *AcpiTable;
2363
2364 Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable);
2365 if (EFI_ERROR (Status)) {
2366 DEBUG ((DEBUG_ERROR, "TD: AcpiTableProtocol is not installed. %r\n", Status));
2367 return;
2368 }
2369
2370 mTdxEventlogAcpiTemplate.Laml = (UINT64)PcdGet32 (PcdCcEventlogAcpiTableLaml);
2371 mTdxEventlogAcpiTemplate.Lasa = PcdGet64 (PcdCcEventlogAcpiTableLasa);
2372 CopyMem (mTdxEventlogAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTdxEventlogAcpiTemplate.Header.OemId));
2373 mTdxEventlogAcpiTemplate.Header.OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId);
2374 mTdxEventlogAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision);
2375 mTdxEventlogAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId);
2376 mTdxEventlogAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision);
2377
2378 //
2379 // Construct ACPI Table
2380 Status = AcpiTable->InstallAcpiTable (
2381 AcpiTable,
2382 &mTdxEventlogAcpiTemplate,
2383 mTdxEventlogAcpiTemplate.Header.Length,
2384 &TableKey
2385 );
2386 ASSERT_EFI_ERROR (Status);
2387
2388 DEBUG ((DEBUG_INFO, "TDVF Eventlog ACPI Table is installed.\n"));
2389}
2390
2397EFI_STATUS
2398InstallCcMeasurementProtocol (
2399 VOID
2400 )
2401{
2402 EFI_STATUS Status;
2403 EFI_HANDLE Handle;
2404
2405 Handle = NULL;
2406 Status = gBS->InstallMultipleProtocolInterfaces (
2407 &Handle,
2408 &gEfiCcMeasurementProtocolGuid,
2409 &mTdProtocol,
2410 NULL
2411 );
2412 DEBUG ((DEBUG_INFO, "CcProtocol: Install %r\n", Status));
2413 return Status;
2414}
2415
2425EFI_STATUS
2426EFIAPI
2427DriverEntry (
2428 IN EFI_HANDLE ImageHandle,
2429 IN EFI_SYSTEM_TABLE *SystemTable
2430 )
2431{
2432 EFI_STATUS Status;
2433 EFI_EVENT Event;
2434 VOID *Registration;
2435
2436 if (!TdIsEnabled ()) {
2437 return EFI_UNSUPPORTED;
2438 }
2439
2440 mImageHandle = ImageHandle;
2441
2442 //
2443 // Fill information
2444 //
2445 // ASSERT (TD_EVENT_LOG_AREA_COUNT_MAX == sizeof(mTEventInfo)/sizeof(mTcg2EventInfo[0]));
2446
2447 mTdxDxeData.BsCap.Size = sizeof (EFI_CC_BOOT_SERVICE_CAPABILITY);
2448 mTdxDxeData.BsCap.ProtocolVersion.Major = 1;
2449 mTdxDxeData.BsCap.ProtocolVersion.Minor = 0;
2450 mTdxDxeData.BsCap.StructureVersion.Major = 1;
2451 mTdxDxeData.BsCap.StructureVersion.Minor = 0;
2452
2453 //
2454 // Get supported PCR and current Active PCRs
2455 // For TD gueset HA384 is supported.
2456 //
2457 mTdxDxeData.BsCap.HashAlgorithmBitmap = HASH_ALG_SHA384;
2458
2459 // TD guest only supports EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
2460 mTdxDxeData.BsCap.SupportedEventLogs = EFI_CC_EVENT_LOG_FORMAT_TCG_2;
2461
2462 //
2463 // Setup the log area and copy event log from hob list to it
2464 //
2465 Status = SetupCcEventLog ();
2466 ASSERT_EFI_ERROR (Status);
2467
2468 if (!EFI_ERROR (Status)) {
2469 Status = SyncCcEvent ();
2470 ASSERT_EFI_ERROR (Status);
2471 }
2472
2473 //
2474 // Measure handoff tables, Boot#### variables etc.
2475 //
2476 Status = EfiCreateEventReadyToBootEx (
2477 TPL_CALLBACK,
2478 OnReadyToBoot,
2479 NULL,
2480 &Event
2481 );
2482
2483 Status = gBS->CreateEventEx (
2484 EVT_NOTIFY_SIGNAL,
2485 TPL_NOTIFY,
2486 OnExitBootServices,
2487 NULL,
2488 &gEfiEventExitBootServicesGuid,
2489 &Event
2490 );
2491
2492 //
2493 // Measure Exit Boot Service failed
2494 //
2495 Status = gBS->CreateEventEx (
2496 EVT_NOTIFY_SIGNAL,
2497 TPL_NOTIFY,
2498 OnExitBootServicesFailed,
2499 NULL,
2500 &gEventExitBootServicesFailedGuid,
2501 &Event
2502 );
2503
2504 //
2505 // Create event callback, because we need access variable on SecureBootPolicyVariable
2506 // We should use VariableWriteArch instead of VariableArch, because Variable driver
2507 // may update SecureBoot value based on last setting.
2508 //
2509 EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_CALLBACK, MeasureSecureBootPolicy, NULL, &Registration);
2510
2511 //
2512 // Install CcMeasurementProtocol
2513 //
2514 Status = InstallCcMeasurementProtocol ();
2515 DEBUG ((DEBUG_INFO, "InstallCcMeasurementProtocol - %r\n", Status));
2516
2517 if (Status == EFI_SUCCESS) {
2518 //
2519 // Create event callback to install CC EventLog ACPI Table
2520 EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid, TPL_CALLBACK, InstallAcpiTable, NULL, &Registration);
2521 } else {
2522 //
2523 // Cc measurement feature is crucial to a td-guest and it shall stop running immediately
2524 // when it is failed to be installed.
2525 DEBUG ((DEBUG_ERROR, "%a: CcMeasurement protocol failed to be installed - %r\n", __func__, Status));
2526 CpuDeadLoop ();
2527 }
2528
2529 return Status;
2530}
UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112
MAX_ADDRESS
#define MAX_ADDRESS
Definition: ProcessorBind.h:137
GetFirstGuidHob
VOID *EFIAPI GetFirstGuidHob(IN CONST EFI_GUID *Guid)
Definition: HobLib.c:215
GetNextGuidHob
VOID *EFIAPI GetNextGuidHob(IN CONST EFI_GUID *Guid, IN CONST VOID *HobStart)
Definition: HobLib.c:176
SHA384_DIGEST_SIZE
#define SHA384_DIGEST_SIZE
Definition: BaseCryptLib.h:49
AsciiStrLen
UINTN EFIAPI AsciiStrLen(IN CONST CHAR8 *String)
Definition: String.c:641
ReadUnaligned16
UINT16 EFIAPI ReadUnaligned16(IN CONST UINT16 *Buffer)
Definition: Unaligned.c:29
CpuDeadLoop
VOID EFIAPI CpuDeadLoop(VOID)
Definition: CpuDeadLoop.c:25
WriteUnaligned32
UINT32 EFIAPI WriteUnaligned32(OUT UINT32 *Buffer, IN UINT32 Value)
Definition: Unaligned.c:177
StrLen
UINTN EFIAPI StrLen(IN CONST CHAR16 *String)
Definition: String.c:30
ReadUnaligned32
UINT32 EFIAPI ReadUnaligned32(IN CONST UINT32 *Buffer)
Definition: Unaligned.c:145
CompareMem
INTN EFIAPI CompareMem(IN CONST VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition: CompareMemWrapper.c:45
CopyMem
VOID *EFIAPI CopyMem(OUT VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition: CopyMemWrapper.c:41
SetMem
VOID *EFIAPI SetMem(OUT VOID *Buffer, IN UINTN Length, IN UINT8 Value)
Definition: SetMemWrapper.c:38
ZeroMem
VOID *EFIAPI ZeroMem(OUT VOID *Buffer, IN UINTN Length)
Definition: ZeroMemWrapper.c:38
FreePool
VOID EFIAPI FreePool(IN VOID *Buffer)
Definition: MemoryAllocationLib.c:266
AllocateCopyPool
VOID *EFIAPI AllocateCopyPool(IN UINTN AllocationSize, IN CONST VOID *Buffer)
Definition: MemoryAllocationLib.c:590
EFI_KEY_EXCHANGE_KEY_NAME
#define EFI_KEY_EXCHANGE_KEY_NAME
Definition: GlobalVariable.h:126
EFI_PLATFORM_KEY_NAME
#define EFI_PLATFORM_KEY_NAME
Definition: GlobalVariable.h:131
EFI_SECURE_BOOT_MODE_NAME
#define EFI_SECURE_BOOT_MODE_NAME
Definition: GlobalVariable.h:143
HashAndExtend
EFI_STATUS EFIAPI HashAndExtend(IN TPMI_DH_PCR PcrIndex, IN VOID *DataToHash, IN UINTN DataToHashLen, OUT TPML_DIGEST_VALUES *DigestList)
Definition: HashLibTdx.c:150
EFI_IMAGE_SECURITY_DATABASE2
#define EFI_IMAGE_SECURITY_DATABASE2
Definition: ImageAuthentication.h:36
EFI_IMAGE_SECURITY_DATABASE1
#define EFI_IMAGE_SECURITY_DATABASE1
Definition: ImageAuthentication.h:31
EFI_IMAGE_SECURITY_DATABASE
#define EFI_IMAGE_SECURITY_DATABASE
Definition: ImageAuthentication.h:26
UnicodeSPrint
UINTN EFIAPI UnicodeSPrint(OUT CHAR16 *StartOfBuffer, IN UINTN BufferSize, IN CONST CHAR16 *FormatString,...)
Definition: PrintLib.c:408
NULL
#define NULL
Definition: Base.h:319
TRUE
#define TRUE
Definition: Base.h:301
FALSE
#define FALSE
Definition: Base.h:307
ARRAY_SIZE
#define ARRAY_SIZE(Array)
Definition: Base.h:1393
IN
#define IN
Definition: Base.h:279
OUT
#define OUT
Definition: Base.h:284
ASSERT_EFI_ERROR
#define ASSERT_EFI_ERROR(StatusParameter)
Definition: DebugLib.h:462
DEBUG
#define DEBUG(Expression)
Definition: DebugLib.h:434
TdIsEnabled
BOOLEAN EFIAPI TdIsEnabled()
Definition: IntelTdxNull.c:79
PcdGet64
#define PcdGet64(TokenName)
Definition: PcdLib.h:375
PcdGet8
#define PcdGet8(TokenName)
Definition: PcdLib.h:336
PcdGet32
#define PcdGet32(TokenName)
Definition: PcdLib.h:362
PcdGetBool
#define PcdGetBool(TokenName)
Definition: PcdLib.h:401
PcdSet64S
#define PcdSet64S(TokenName, Value)
Definition: PcdLib.h:511
PcdSet32S
#define PcdSet32S(TokenName, Value)
Definition: PcdLib.h:497
PcdGetPtr
#define PcdGetPtr(TokenName)
Definition: PcdLib.h:388
PERF_START_EX
#define PERF_START_EX(Handle, Token, Module, TimeStamp, Identifier)
Definition: PerformanceLib.h:722
PERF_END_EX
#define PERF_END_EX(Handle, Token, Module, TimeStamp, Identifier)
Definition: PerformanceLib.h:708
AllocatePool
VOID *EFIAPI AllocatePool(IN UINTN AllocationSize)
Definition: MemoryAllocationLib.c:195
OnExitBootServicesFailed
VOID EFIAPI OnExitBootServicesFailed(IN EFI_EVENT Event, IN VOID *Context)
Definition: TdTcg2Dxe.c:2272
InternalDumpData
VOID InternalDumpData(IN UINT8 *Data, IN UINTN Size)
Definition: TdTcg2Dxe.c:274
GetTcgEfiSpecIdEventStructSize
UINTN GetTcgEfiSpecIdEventStructSize(IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct)
Definition: TdTcg2Dxe.c:568
CopyDigestListBinToBuffer
VOID * CopyDigestListBinToBuffer(IN OUT VOID *Buffer, IN VOID *DigestListBin, IN UINT32 HashAlgorithmMask, OUT UINT32 *HashAlgorithmMaskCopied)
Definition: TdTcg2Dxe.c:1140
MeasureLaunchOfFirmwareDebugger
EFI_STATUS MeasureLaunchOfFirmwareDebugger(VOID)
Definition: TdTcg2Dxe.c:2044
TdGetEventLog
EFI_STATUS EFIAPI TdGetEventLog(IN EFI_CC_MEASUREMENT_PROTOCOL *This, IN EFI_CC_EVENT_LOG_FORMAT EventLogFormat, OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, OUT BOOLEAN *EventLogTruncated)
Definition: TdTcg2Dxe.c:752
MeasureAllSecureVariables
EFI_STATUS MeasureAllSecureVariables(VOID)
Definition: TdTcg2Dxe.c:1990
InternalDumpHex
VOID InternalDumpHex(IN UINT8 *Data, IN UINTN Size)
Definition: TdTcg2Dxe.c:295
TcgCommLogEvent
EFI_STATUS TcgCommLogEvent(IN OUT CC_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct, IN VOID *NewEventHdr, IN UINT32 NewEventHdrSize, IN UINT8 *NewEventData, IN UINT32 NewEventSize)
Definition: TdTcg2Dxe.c:854
DumpTcgEfiSpecIdEventStruct
VOID DumpTcgEfiSpecIdEventStruct(IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct)
Definition: TdTcg2Dxe.c:520
Is800155Event
BOOLEAN Is800155Event(IN VOID *NewEventHdr, IN UINT32 NewEventHdrSize, IN UINT8 *NewEventData, IN UINT32 NewEventSize)
Definition: TdTcg2Dxe.c:814
TdxDxeLogHashEvent
EFI_STATUS TdxDxeLogHashEvent(IN TPML_DIGEST_VALUES *DigestList, IN OUT CC_EVENT_HDR *NewEventHdr, IN UINT8 *NewEventData)
Definition: TdTcg2Dxe.c:1200
GetProcessorsCpuLocation
EFI_STATUS GetProcessorsCpuLocation(OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, OUT UINTN *Num)
Definition: TdTcg2Dxe.c:380
DumpCcEvent
VOID DumpCcEvent(IN CC_EVENT *CcEvent)
Definition: TdTcg2Dxe.c:589
MeasureSecureBootPolicy
VOID EFIAPI MeasureSecureBootPolicy(IN EFI_EVENT Event, IN VOID *Context)
Definition: TdTcg2Dxe.c:2082
GetDigestListBinSize
UINT32 GetDigestListBinSize(IN VOID *DigestListBin)
Definition: TdTcg2Dxe.c:1103
MeasureVariable
EFI_STATUS MeasureVariable(IN UINT32 MrIndex, IN TCG_EVENTTYPE EventType, IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, IN VOID *VarData, IN UINTN VarSize)
Definition: TdTcg2Dxe.c:1731
TdHashLogExtendEvent
EFI_STATUS EFIAPI TdHashLogExtendEvent(IN EFI_CC_MEASUREMENT_PROTOCOL *This, IN UINT64 Flags, IN EFI_PHYSICAL_ADDRESS DataToHash, IN UINT64 DataToHashLen, IN EFI_CC_EVENT *CcEvent)
Definition: TdTcg2Dxe.c:1330
OnReadyToBoot
VOID EFIAPI OnReadyToBoot(IN EFI_EVENT Event, IN VOID *Context)
Definition: TdTcg2Dxe.c:2125
InitNoActionEvent
VOID InitNoActionEvent(IN OUT CC_EVENT_HDR *NoActionEvent, IN UINT32 EventSize)
Definition: TdTcg2Dxe.c:330
MeasurePeImageAndExtend
EFI_STATUS MeasurePeImageAndExtend(IN UINT32 RtmrIndex, IN EFI_PHYSICAL_ADDRESS ImageAddress, IN UINTN ImageSize, OUT TPML_DIGEST_VALUES *DigestList)
Definition: MeasureBootPeCoff.c:95
OnExitBootServices
VOID EFIAPI OnExitBootServices(IN EFI_EVENT Event, IN VOID *Context)
Definition: TdTcg2Dxe.c:2231
DumpPcrEvent
VOID DumpPcrEvent(IN TCG_PCR_EVENT_HDR *EventHdr)
Definition: TdTcg2Dxe.c:495
ReadAndMeasureBootVariable
EFI_STATUS ReadAndMeasureBootVariable(IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, OUT UINTN *VarSize, OUT VOID **VarData)
Definition: TdTcg2Dxe.c:1873
MeasureSeparatorEvent
EFI_STATUS MeasureSeparatorEvent(IN UINT32 MrIndex)
Definition: TdTcg2Dxe.c:1692
InstallAcpiTable
VOID EFIAPI InstallAcpiTable(IN EFI_EVENT Event, IN VOID *Context)
Definition: TdTcg2Dxe.c:2355
InstallCcMeasurementProtocol
EFI_STATUS InstallCcMeasurementProtocol(VOID)
Definition: TdTcg2Dxe.c:2398
DumpCcEventLog
VOID DumpCcEventLog(IN EFI_CC_EVENT_LOG_FORMAT EventLogFormat, IN EFI_PHYSICAL_ADDRESS EventLogLocation, IN EFI_PHYSICAL_ADDRESS EventLogLastEntry, IN EFI_CC_FINAL_EVENTS_TABLE *FinalEventsTable)
Definition: TdTcg2Dxe.c:681
TdxDxeLogEvent
EFI_STATUS TdxDxeLogEvent(IN EFI_CC_EVENT_LOG_FORMAT EventLogFormat, IN VOID *NewEventHdr, IN UINT32 NewEventHdrSize, IN UINT8 *NewEventData, IN UINT32 NewEventSize)
Definition: TdTcg2Dxe.c:1011
TdMeasureAction
EFI_STATUS TdMeasureAction(IN UINT32 MrIndex, IN CHAR8 *String)
Definition: TdTcg2Dxe.c:1611
TdxDxeHashLogExtendEvent
EFI_STATUS TdxDxeHashLogExtendEvent(IN UINT64 Flags, IN UINT8 *HashData, IN UINT64 HashDataLen, IN OUT CC_EVENT_HDR *NewEventHdr, IN UINT8 *NewEventData)
Definition: TdTcg2Dxe.c:1261
MeasureHandoffTables
EFI_STATUS MeasureHandoffTables(VOID)
Definition: TdTcg2Dxe.c:1638
ReadAndMeasureSecureVariable
EFI_STATUS ReadAndMeasureSecureVariable(IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, OUT UINTN *VarSize, OUT VOID **VarData)
Definition: TdTcg2Dxe.c:1904
ReadAndMeasureVariable
EFI_STATUS ReadAndMeasureVariable(IN UINT32 MrIndex, IN TCG_EVENTTYPE EventType, IN CHAR16 *VarName, IN EFI_GUID *VendorGuid, OUT UINTN *VarSize, OUT VOID **VarData)
Definition: TdTcg2Dxe.c:1818
MeasureAllBootVariables
EFI_STATUS MeasureAllBootVariables(VOID)
Definition: TdTcg2Dxe.c:1932
MapPcrToMrIndex
UINT32 EFIAPI MapPcrToMrIndex(IN UINT32 PCRIndex)
Definition: TdTcg2Dxe.c:955
TdGetCapability
EFI_STATUS EFIAPI TdGetCapability(IN EFI_CC_MEASUREMENT_PROTOCOL *This, IN OUT EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability)
Definition: TdTcg2Dxe.c:470
DriverEntry
EFI_STATUS EFIAPI DriverEntry(IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)
Definition: TdTcg2Dxe.c:2427
GetHashMaskFromAlgo
UINT32 GetHashMaskFromAlgo(IN TPMI_ALG_HASH HashAlgo)
Definition: TdTcg2Dxe.c:175
CopyDigestListToBuffer
VOID * CopyDigestListToBuffer(IN OUT VOID *Buffer, IN TPML_DIGEST_VALUES *DigestList, IN UINT32 HashAlgorithmMask)
Definition: TdTcg2Dxe.c:201
GetCcEventSize
UINTN GetCcEventSize(IN CC_EVENT *CcEvent)
Definition: TdTcg2Dxe.c:638
SetupCcEventLog
EFI_STATUS SetupCcEventLog(VOID)
Definition: TdTcg2Dxe.c:1425
GetHashSizeFromAlgo
UINT16 GetHashSizeFromAlgo(IN TPMI_ALG_HASH HashAlgo)
Definition: TdTcg2Dxe.c:152
EFI_PHYSICAL_ADDRESS
UINT64 EFI_PHYSICAL_ADDRESS
Definition: UefiBaseType.h:50
EFI_STATUS
RETURN_STATUS EFI_STATUS
Definition: UefiBaseType.h:29
EFI_EVENT
VOID * EFI_EVENT
Definition: UefiBaseType.h:37
EFI_TPL
UINTN EFI_TPL
Definition: UefiBaseType.h:41
EFI_SIZE_TO_PAGES
#define EFI_SIZE_TO_PAGES(Size)
Definition: UefiBaseType.h:200
EFI_HANDLE
VOID * EFI_HANDLE
Definition: UefiBaseType.h:33
EFI_SUCCESS
#define EFI_SUCCESS
Definition: UefiBaseType.h:112
gBS
EFI_BOOT_SERVICES * gBS
Definition: UefiBootServicesTableLib.c:17
UefiDriverEntryPoint.h
GetVariable2
EFI_STATUS EFIAPI GetVariable2(IN CONST CHAR16 *Name, IN CONST EFI_GUID *Guid, OUT VOID **Value, OUT UINTN *Size OPTIONAL)
Definition: UefiLib.c:1317
EfiCreateEventReadyToBootEx
EFI_STATUS EFIAPI EfiCreateEventReadyToBootEx(IN EFI_TPL NotifyTpl, IN EFI_EVENT_NOTIFY NotifyFunction OPTIONAL, IN VOID *NotifyContext OPTIONAL, OUT EFI_EVENT *ReadyToBootEvent)
Definition: UefiNotTiano.c:164
EfiCreateProtocolNotifyEvent
EFI_EVENT EFIAPI EfiCreateProtocolNotifyEvent(IN EFI_GUID *ProtocolGuid, IN EFI_TPL NotifyTpl, IN EFI_EVENT_NOTIFY NotifyFunction, IN VOID *NotifyContext OPTIONAL, OUT VOID **Registration)
Definition: UefiLib.c:134
EfiBootServicesData
@ EfiBootServicesData
Definition: UefiMultiPhase.h:61
EfiACPIMemoryNVS
@ EfiACPIMemoryNVS
Definition: UefiMultiPhase.h:86
AllocateAnyPages
@ AllocateAnyPages
Definition: UefiSpec.h:33
_EFI_ACPI_TABLE_PROTOCOL
Definition: AcpiTable.h:114
_EFI_CC_MEASUREMENT_PROTOCOL
Definition: CcMeasurement.h:238
_EFI_MP_SERVICES_PROTOCOL
Definition: MpService.h:662
_TDX_DXE_DATA
Definition: TdTcg2Dxe.c:78
CC_EVENT_HDR
Definition: CcMeasurement.h:267
CC_EVENT_INFO_STRUCT
Definition: TdTcg2Dxe.c:62
CC_EVENT_LOG_AREA_STRUCT
Definition: TdTcg2Dxe.c:67
CC_EVENT
Definition: CcMeasurement.h:255
EFI_CC_BOOT_SERVICE_CAPABILITY
Definition: CcMeasurement.h:105
EFI_CC_EVENT
Definition: CcMeasurement.h:94
EFI_CC_EVENTLOG_ACPI_TABLE
Definition: CcMeasurement.h:307
EFI_CC_FINAL_EVENTS_TABLE
Definition: CcMeasurement.h:282
EFI_CONFIGURATION_TABLE::VendorTable
VOID * VendorTable
Definition: UefiSpec.h:2022
EFI_CONFIGURATION_TABLE::VendorGuid
EFI_GUID VendorGuid
Definition: UefiSpec.h:2018
EFI_CPU_PHYSICAL_LOCATION
Definition: MpService.h:89
EFI_PROCESSOR_INFORMATION
Definition: MpService.h:146
EFI_PROCESSOR_INFORMATION::Location
EFI_CPU_PHYSICAL_LOCATION Location
Definition: MpService.h:178
EFI_SYSTEM_TABLE
Definition: UefiSpec.h:2028
GUID
Definition: Base.h:213
TCG_EfiSpecIDEventStruct
Definition: UefiTcgPlatform.h:391
TCG_EfiSpecIdEventAlgorithmSize
Definition: UefiTcgPlatform.h:367
TDX_HASH_INFO
Definition: TdTcg2Dxe.c:86
TPML_DIGEST_VALUES
Definition: Tpm20.h:1073
VARIABLE_TYPE
Definition: Measurement.c:24
tdEFI_HANDOFF_TABLE_POINTERS
Definition: UefiTcgPlatform.h:204
tdTCG_PCR_EVENT2_HDR
Definition: UefiTcgPlatform.h:357
tdTCG_PCR_EVENT_HDR
Definition: UefiTcgPlatform.h:128
tdTCG_Sp800_155_PlatformId_Event2
Definition: UefiTcgPlatform.h:456
tdTPM_DIGEST
Definition: Tpm12.h:439
tdUEFI_VARIABLE_DATA
Definition: UefiTcgPlatform.h:257
tdUEFI_VARIABLE_DATA::VariableData
INT8 VariableData[1]
Driver or platform-specific data.
Definition: UefiTcgPlatform.h:262
EFI_PEI_HOB_POINTERS
Definition: PiHob.h:493