diff options
Diffstat (limited to 'src/VBox/Devices/EFI/Firmware/SecurityPkg')
337 files changed, 77937 insertions, 0 deletions
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.c new file mode 100644 index 00000000..3029fa74 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.c @@ -0,0 +1,424 @@ +/** @file + This driver verifies and reports OBB FVs. + +Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "FvReportPei.h" + +STATIC CONST HASH_ALG_INFO mHashAlgInfo[] = { + {TPM_ALG_SHA256, SHA256_DIGEST_SIZE, Sha256Init, Sha256Update, Sha256Final, Sha256HashAll}, // 000B + {TPM_ALG_SHA384, SHA384_DIGEST_SIZE, Sha384Init, Sha384Update, Sha384Final, Sha384HashAll}, // 000C + {TPM_ALG_SHA512, SHA512_DIGEST_SIZE, Sha512Init, Sha512Update, Sha512Final, Sha512HashAll}, // 000D +}; + +/** + Find hash algorithm information from mHashAlgInfo according to given ID. + + @param[in] HashAlgId Hash algorithm type id. + + @retval Pointer to HASH_ALG_INFO if given hash algorithm is supported. + @retval NULL if given algorithm is not supported. +**/ +STATIC +CONST +HASH_ALG_INFO * +FindHashAlgInfo ( + IN UINT16 HashAlgId + ) +{ + UINTN Index; + + for (Index = 0; Index < ARRAY_SIZE (mHashAlgInfo); ++Index) { + if (mHashAlgInfo[Index].HashAlgId == HashAlgId) { + return &mHashAlgInfo[Index]; + } + } + + return NULL; +} + +/** + Install a EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI instance so that + TCG driver may use to extend PCRs. + + @param[in] FvBuffer Buffer containing the whole FV. + @param[in] FvLength Length of the FV. + @param[in] HashAlgoId Hash algorithm type id. + @param[in] HashSize Hash size. + @param[in] HashValue Hash value buffer. +**/ +STATIC +VOID +InstallPreHashFvPpi ( + IN VOID *FvBuffer, + IN UINTN FvLength, + IN UINT16 HashAlgoId, + IN UINT16 HashSize, + IN UINT8 *HashValue + ) +{ + EFI_STATUS Status; + EFI_PEI_PPI_DESCRIPTOR *FvInfoPpiDescriptor; + EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PreHashedFvPpi; + UINTN PpiSize; + HASH_INFO *HashInfo; + + PpiSize = sizeof (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI) + + sizeof (HASH_INFO) + + HashSize; + + PreHashedFvPpi = AllocatePool (PpiSize); + ASSERT (PreHashedFvPpi != NULL); + + PreHashedFvPpi->FvBase = (UINT32)(UINTN)FvBuffer; + PreHashedFvPpi->FvLength = (UINT32)FvLength; + PreHashedFvPpi->Count = 1; + + HashInfo = HASH_INFO_PTR (PreHashedFvPpi); + HashInfo->HashAlgoId = HashAlgoId; + HashInfo->HashSize = HashSize; + CopyMem (HASH_VALUE_PTR (HashInfo), HashValue, HashSize); + + FvInfoPpiDescriptor = AllocatePool (sizeof (EFI_PEI_PPI_DESCRIPTOR)); + ASSERT (FvInfoPpiDescriptor != NULL); + + FvInfoPpiDescriptor->Guid = &gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; + FvInfoPpiDescriptor->Flags = EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST; + FvInfoPpiDescriptor->Ppi = (VOID *) PreHashedFvPpi; + + Status = PeiServicesInstallPpi (FvInfoPpiDescriptor); + ASSERT_EFI_ERROR (Status); +} + +/** + Calculate and verify hash value for given FV. + + @param[in] HashInfo Hash information of the FV. + @param[in] FvInfo Information of FV used for verification. + @param[in] FvNumber Length of the FV. + @param[in] BootMode Length of the FV. + + @retval EFI_SUCCESS The given FV is integrate. + @retval EFI_VOLUME_CORRUPTED The given FV is corrupted (hash mismatch). + @retval EFI_UNSUPPORTED The hash algorithm is not supported. +**/ +STATIC +EFI_STATUS +VerifyHashedFv ( + IN FV_HASH_INFO *HashInfo, + IN HASHED_FV_INFO *FvInfo, + IN UINTN FvNumber, + IN EFI_BOOT_MODE BootMode + ) +{ + UINTN FvIndex; + CONST HASH_ALG_INFO *AlgInfo; + UINT8 *HashValue; + UINT8 *FvHashValue; + VOID *FvBuffer; + EFI_STATUS Status; + + if (HashInfo == NULL || + HashInfo->HashSize == 0 || + HashInfo->HashAlgoId == TPM_ALG_NULL) { + DEBUG ((DEBUG_INFO, "Bypass FV hash verification\r\n")); + return EFI_SUCCESS; + } + + AlgInfo = FindHashAlgInfo (HashInfo->HashAlgoId); + if (AlgInfo == NULL || AlgInfo->HashSize != HashInfo->HashSize) { + DEBUG ((DEBUG_ERROR, "Unsupported or wrong hash algorithm: %04X (size=%d)\r\n", + HashInfo->HashAlgoId, HashInfo->HashSize)); + return EFI_UNSUPPORTED; + } + + ASSERT (FvInfo != NULL); + ASSERT (FvNumber > 0); + + // + // We need a hash value for each FV as well as one for all FVs. + // + HashValue = AllocateZeroPool (AlgInfo->HashSize * (FvNumber + 1)); + ASSERT (HashValue != NULL); + + // + // Calculate hash value for each FV first. + // + FvHashValue = HashValue; + for (FvIndex = 0; FvIndex < FvNumber; ++FvIndex) { + // + // FV must be meant for verified boot and/or measured boot. + // + ASSERT ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) != 0 || + (FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) != 0); + + // + // Skip any FV not meant for current boot mode. + // + if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) != 0) { + DEBUG ((DEBUG_INFO, "Skip FV[%016lX] for boot mode[%d]\r\n", + FvInfo[FvIndex].Base, BootMode)); + continue; + } + + DEBUG (( + DEBUG_INFO, + "Pre-hashed[alg=%04X,size=%d,flag=%016lX] FV: 0x%016lX (%08lX) (Flag=%016lX)\r\n", + HashInfo->HashAlgoId, + HashInfo->HashSize, + HashInfo->HashFlag, + FvInfo[FvIndex].Base, + FvInfo[FvIndex].Length, + FvInfo[FvIndex].Flag + )); + + // + // Copy FV to permanent memory to avoid potential TOC/TOU. + // + FvBuffer = AllocatePages (EFI_SIZE_TO_PAGES((UINTN)FvInfo[FvIndex].Length)); + ASSERT (FvBuffer != NULL); + CopyMem (FvBuffer, (CONST VOID *)(UINTN)FvInfo[FvIndex].Base, (UINTN)FvInfo[FvIndex].Length); + + if (!AlgInfo->HashAll (FvBuffer, (UINTN)FvInfo[FvIndex].Length, FvHashValue)) { + Status = EFI_ABORTED; + goto Done; + } + + // + // Report the FV measurement. + // + if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_MEASURED_BOOT) != 0) { + InstallPreHashFvPpi ( + FvBuffer, + (UINTN)FvInfo[FvIndex].Length, + HashInfo->HashAlgoId, + HashInfo->HashSize, + FvHashValue + ); + } + + // + // Don't keep the hash value of current FV if we don't need to verify it. + // + if ((FvInfo[FvIndex].Flag & HASHED_FV_FLAG_VERIFIED_BOOT) != 0) { + FvHashValue += AlgInfo->HashSize; + } + + // + // Use memory copy of the FV from now on. + // + FvInfo[FvIndex].Base = (UINT64)(UINTN)FvBuffer; + } + + // + // Check final hash for all FVs. + // + if (FvHashValue == HashValue || + (AlgInfo->HashAll (HashValue, FvHashValue - HashValue, FvHashValue) && + CompareMem (HashInfo->Hash, FvHashValue, AlgInfo->HashSize) == 0)) { + Status = EFI_SUCCESS; + } else { + Status = EFI_VOLUME_CORRUPTED; + } + +Done: + FreePool (HashValue); + return Status; +} + +/** + Report FV to PEI and/or DXE core for dispatch. + + @param[in] FvInfo Information of a FV. + +**/ +STATIC +VOID +ReportHashedFv ( + IN HASHED_FV_INFO *FvInfo + ) +{ + CONST EFI_GUID *FvFormat; + + if ((FvInfo->Flag & HASHED_FV_FLAG_REPORT_FV_HOB) != 0) { + // + // Require DXE core to process this FV. + // + BuildFvHob ( + (EFI_PHYSICAL_ADDRESS)FvInfo->Base, + FvInfo->Length + ); + DEBUG ((DEBUG_INFO, "Reported FV HOB: %016lX (%08lX)\r\n", FvInfo->Base, FvInfo->Length)); + } + + if ((FvInfo->Flag & HASHED_FV_FLAG_REPORT_FV_INFO_PPI) != 0) { + // + // Require PEI core to process this FV. + // + FvFormat = &((EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvInfo->Base)->FileSystemGuid; + PeiServicesInstallFvInfoPpi ( + FvFormat, + (VOID *)(UINTN)FvInfo->Base, + (UINT32)FvInfo->Length, + NULL, + NULL + ); + DEBUG ((DEBUG_INFO, "Reported FV PPI: %016lX (%08lX)\r\n", FvInfo->Base, FvInfo->Length)); + } +} + +/** + Verify and report pre-hashed FVs. + + Doing this must be at post-memory to make sure there's enough memory to hold + all FVs to be verified. This is necessary for mitigating TOCTOU issue. + + This function will never return if the verification is failed. + + @param[in] StoredHashFvPpi Pointer to PPI containing hash information. + @param[in] BootMode Current boot mode. + + @retval Pointer to structure containing valid hash information for current boot mode. + @retval NULL if there's no hash associated with current boot mode. +**/ +STATIC +FV_HASH_INFO * +GetHashInfo ( + IN EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI *StoredHashFvPpi, + IN EFI_BOOT_MODE BootMode + ) +{ + FV_HASH_INFO *HashInfo; + + if ((StoredHashFvPpi->HashInfo.HashFlag & FV_HASH_FLAG_BOOT_MODE (BootMode)) != 0) { + HashInfo = &StoredHashFvPpi->HashInfo; + } else { + HashInfo = NULL; + } + + return HashInfo; +} + +/** + Verify and report pre-hashed FVs. + + Doing this must be at post-memory to make sure there's enough memory to hold + all FVs to be verified. This is necessary for mitigating TOCTOU issue. + + This function will never return if the verification is failed. + + @param[in] PeiServices General purpose services available to every PEIM. + @param[in] BootMode Current boot mode. + + @retval EFI_SUCCESS The function completed successfully. +**/ +STATIC +EFI_STATUS +CheckStoredHashFv ( + IN CONST EFI_PEI_SERVICES **PeiServices, + IN EFI_BOOT_MODE BootMode + ) +{ + EFI_STATUS Status; + EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI *StoredHashFvPpi; + FV_HASH_INFO *HashInfo; + UINTN FvIndex; + + // + // Check pre-hashed FV list + // + StoredHashFvPpi = NULL; + Status = PeiServicesLocatePpi ( + &gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid, + 0, + NULL, + (VOID**)&StoredHashFvPpi + ); + if (!EFI_ERROR(Status) && StoredHashFvPpi != NULL && StoredHashFvPpi->FvNumber > 0) { + + HashInfo = GetHashInfo (StoredHashFvPpi, BootMode); + Status = VerifyHashedFv (HashInfo, StoredHashFvPpi->FvInfo, + StoredHashFvPpi->FvNumber, BootMode); + if (!EFI_ERROR (Status)) { + + // + // Report the FVs to PEI core and/or DXE core. + // + for (FvIndex = 0; FvIndex < StoredHashFvPpi->FvNumber; ++FvIndex) { + if ((StoredHashFvPpi->FvInfo[FvIndex].Flag + & HASHED_FV_FLAG_SKIP_BOOT_MODE (BootMode)) == 0) { + ReportHashedFv (&StoredHashFvPpi->FvInfo[FvIndex]); + } + } + + REPORT_STATUS_CODE ( + EFI_PROGRESS_CODE, + PcdGet32 (PcdStatusCodeFvVerificationPass) + ); + + } else { + + DEBUG ((DEBUG_ERROR, "ERROR: Failed to verify OBB FVs (%r)\r\n", Status)); + + REPORT_STATUS_CODE_EX ( + EFI_PROGRESS_CODE, + PcdGet32 (PcdStatusCodeFvVerificationFail), + 0, + NULL, + &gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid, + StoredHashFvPpi, + sizeof (*StoredHashFvPpi) + ); + + ASSERT_EFI_ERROR (Status); + + } + + } else { + + DEBUG ((DEBUG_ERROR, "ERROR: No/invalid StoredHashFvPpi located\r\n")); + + ASSERT_EFI_ERROR (Status); + ASSERT (StoredHashFvPpi != NULL && StoredHashFvPpi->FvNumber > 0); + + Status = EFI_NOT_FOUND; + } + + return Status; +} + +/** + Main entry for FvReport PEIM. + + @param[in] FileHandle Handle of the file being invoked. + @param[in] PeiServices Pointer to PEI Services table. + + @retval EFI_SUCCESS If all FVs reported by StoredHashFvPpi are verified. + +**/ +EFI_STATUS +EFIAPI +FvReportEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; + + Status = PeiServicesGetBootMode (&BootMode); + ASSERT_EFI_ERROR (Status); + + Status = CheckStoredHashFv (PeiServices, BootMode); + if (EFI_ERROR (Status)) { + // + // Never pass control to left part of BIOS if any error. + // + CpuDeadLoop (); + } + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.h new file mode 100644 index 00000000..a27e6f9a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.h @@ -0,0 +1,122 @@ +/** @file + Definitions for OBB FVs verification. + +Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __FV_REPORT_PEI_H__ +#define __FV_REPORT_PEI_H__ + +#include <PiPei.h> + +#include <IndustryStandard/Tpm20.h> + +#include <Ppi/FirmwareVolumeInfoStoredHashFv.h> + +#include <Library/PeiServicesLib.h> +#include <Library/PcdLib.h> +#include <Library/HobLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/ReportStatusCodeLib.h> + +#define HASH_INFO_PTR(PreHashedFvPpi) \ + (HASH_INFO *)((UINT8 *)(PreHashedFvPpi) + sizeof (EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI)) + +#define HASH_VALUE_PTR(HashInfo) \ + (VOID *)((UINT8 *)(HashInfo) + sizeof (HASH_INFO)) + +/** + Computes the message digest of a input data buffer. + + This function performs message digest of a given data buffer, and places + the digest value into the specified memory. + + If this interface is not supported, then return FALSE. + + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + @param[out] HashValue Pointer to a buffer that receives digest value. + + @retval TRUE The digest computation succeeded. + @retval FALSE The digest computation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *HASH_ALL_METHOD) ( + IN CONST VOID *Data, + IN UINTN DataSize, + OUT UINT8 *HashValue + ); + +/** + Initializes user-supplied memory as hash context for subsequent use. + + @param[out] HashContext Pointer to hash context being initialized. + + @retval TRUE Hash context initialization succeeded. + @retval FALSE Hash context initialization failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *HASH_INIT_METHOD) ( + OUT VOID *HashContext + ); + +/** + Digests the input data and updates hash context. + + @param[in, out] HashContext Pointer to the hash context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE Hash data digest succeeded. + @retval FALSE Hash data digest failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *HASH_UPDATE_METHOD) ( + IN OUT VOID *HashContext, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of the hash digest value. + + @param[in, out] HashContext Pointer to the hash context. + @param[out] HashValue Pointer to a buffer that receives the hash digest + value. + + @retval TRUE Hash digest computation succeeded. + @retval FALSE Hash digest computation failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *HASH_FINAL_METHOD) ( + IN OUT VOID *HashContext, + OUT UINT8 *HashValue + ); + +typedef struct { + UINT16 HashAlgId; + UINTN HashSize; + HASH_INIT_METHOD HashInit; + HASH_UPDATE_METHOD HashUpdate; + HASH_FINAL_METHOD HashFinal; + HASH_ALL_METHOD HashAll; +} HASH_ALG_INFO; + +#endif //__FV_REPORT_PEI_H__ + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.inf new file mode 100644 index 00000000..1dfe8d4e --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.inf @@ -0,0 +1,58 @@ +## @file +# FV Report/Verify PEI Driver. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = FvReportPei + MODULE_UNI_FILE = FvReportPei.uni + FILE_GUID = 72405B40-38DA-4ABA-9283-CA8321C23E63 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = FvReportEntryPoint + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + FvReportPei.c + FvReportPei.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + PeimEntryPoint + PeiServicesLib + BaseLib + DebugLib + BaseMemoryLib + PcdLib + HobLib + MemoryAllocationLib + BaseCryptLib + ReportStatusCodeLib + +[Ppis] + gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## PRODUCES + gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail + +[Depex] + gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid AND gEfiPeiMemoryDiscoveredPpiGuid + +[UserExtensions.TianoCore."ExtraFiles"] + FvReportPeiPeiExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.uni new file mode 100644 index 00000000..bad43403 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPei.uni @@ -0,0 +1,14 @@ +// /** @file
+// FV Verify/Report PEI Driver.
+//
+// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "This module verifies and reports FVs."
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module verifies FVs' digest passed through gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid, "
+ "and installs gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid, gEfiPeiFirmwareVolumeInfoPpiGuid and/or FV HOB if passed."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPeiPeiExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPeiPeiExtra.uni new file mode 100644 index 00000000..6214bbda --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/FvReportPei/FvReportPeiPeiExtra.uni @@ -0,0 +1,12 @@ +// /** @file
+// FV Verify/Report PEI Driver.
+//
+// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US "FV Verify/Report PEI Driver"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Driver.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Driver.c new file mode 100644 index 00000000..06ae8121 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Driver.c @@ -0,0 +1,236 @@ +/** @file + This is service binding for Hash driver. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Driver.h" + +EFI_SERVICE_BINDING_PROTOCOL mHash2ServiceBindingProtocol = { + Hash2ServiceBindingCreateChild, + Hash2ServiceBindingDestroyChild +}; + +/** + Creates a child handle with a set of I/O services. + + @param[in] This Protocol instance pointer. + @param[in, out] ChildHandle Pointer to the handle of the child to create. If + it is NULL, then a new handle is created. If + it is not NULL, then the I/O services are added + to the existing child handle. + + @retval EFI_SUCCESS The protocol was added to ChildHandle. + @retval EFI_INVALID_PARAMETER ChildHandle is NULL. + @retval EFI_OUT_OF_RESOURCES There are not enough resources available to + create the child. + @retval Others The child handle was not created. + +**/ +EFI_STATUS +EFIAPI +Hash2ServiceBindingCreateChild ( + IN EFI_SERVICE_BINDING_PROTOCOL *This, + IN OUT EFI_HANDLE *ChildHandle + ) +{ + EFI_STATUS Status; + HASH2_SERVICE_DATA *Hash2ServiceData; + HASH2_INSTANCE_DATA *Instance; + EFI_TPL OldTpl; + + if ((This == NULL) || (ChildHandle == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Hash2ServiceData = HASH2_SERVICE_DATA_FROM_THIS (This); + + // + // Allocate buffer for the new instance. + // + Instance = AllocateZeroPool (sizeof (HASH2_INSTANCE_DATA)); + if (Instance == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Init the instance data. + // + Instance->Signature = HASH2_INSTANCE_DATA_SIGNATURE; + CopyMem (&Instance->Hash2Protocol, &mHash2Protocol, sizeof (Instance->Hash2Protocol)); + Instance->Hash2ServiceData = Hash2ServiceData; + + Status = gBS->InstallMultipleProtocolInterfaces ( + ChildHandle, + &gEfiHash2ProtocolGuid, + &Instance->Hash2Protocol, + NULL + ); + if (EFI_ERROR (Status)) { + FreePool (Instance); + return Status; + } + + Instance->Handle = *ChildHandle; + + // + // Add the child instance into ChildrenList. + // + OldTpl = gBS->RaiseTPL (TPL_CALLBACK); + + InsertTailList (&Hash2ServiceData->ChildrenList, &Instance->InstEntry); + + gBS->RestoreTPL (OldTpl); + + return Status; +} + + +/** + Destroys a child handle with a set of I/O services. + + The DestroyChild() function does the opposite of CreateChild(). It removes a + protocol that was installed by CreateChild() from ChildHandle. If the removed + protocol is the last protocol on ChildHandle, then ChildHandle is destroyed. + + @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL + instance. + @param[in] ChildHandle Handle of the child to destroy. + + @retval EFI_SUCCESS The protocol was removed from ChildHandle. + @retval EFI_UNSUPPORTED ChildHandle does not support the protocol that + is being removed. + @retval EFI_INVALID_PARAMETER ChildHandle is NULL. + @retval EFI_ACCESS_DENIED The protocol could not be removed from the + ChildHandle because its services are being + used. + @retval Others The child handle was not destroyed. + +**/ +EFI_STATUS +EFIAPI +Hash2ServiceBindingDestroyChild ( + IN EFI_SERVICE_BINDING_PROTOCOL *This, + IN EFI_HANDLE ChildHandle + ) +{ + EFI_STATUS Status; + HASH2_SERVICE_DATA *Hash2ServiceData; + EFI_HASH2_PROTOCOL *Hash2Protocol; + HASH2_INSTANCE_DATA *Instance; + EFI_TPL OldTpl; + LIST_ENTRY *Entry; + + if ((This == NULL) || (ChildHandle == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Hash2ServiceData = HASH2_SERVICE_DATA_FROM_THIS (This); + + // + // Check if this ChildHandle is valid + // + Instance = NULL; + for(Entry = (&Hash2ServiceData->ChildrenList)->ForwardLink; Entry != (&Hash2ServiceData->ChildrenList); Entry = Entry->ForwardLink) { + Instance = HASH2_INSTANCE_DATA_FROM_LINK (Entry); + if (Instance->Handle == ChildHandle) { + break; + } else { + Instance = NULL; + } + } + if (Instance == NULL) { + DEBUG ((EFI_D_ERROR, "Hash2ServiceBindingDestroyChild - Invalid handle\n")); + return EFI_UNSUPPORTED; + } + + // + // Get HashProtocol + // + Status = gBS->HandleProtocol ( + ChildHandle, + &gEfiHash2ProtocolGuid, + (VOID **)&Hash2Protocol + ); + if (EFI_ERROR (Status)) { + return Status; + } + + ASSERT (Hash2Protocol == &Instance->Hash2Protocol); + + // + // Uninstall the Hash protocol. + // + Status = gBS->UninstallMultipleProtocolInterfaces ( + ChildHandle, + &gEfiHash2ProtocolGuid, + &Instance->Hash2Protocol, + NULL + ); + if (EFI_ERROR (Status)) { + return Status; + } + + OldTpl = gBS->RaiseTPL (TPL_CALLBACK); + + // + // Remove this instance from the ChildrenList. + // + RemoveEntryList (&Instance->InstEntry); + + gBS->RestoreTPL (OldTpl); + + FreePool (Instance); + + return Status; +} + +/** + The entry point for Hash driver which installs the service binding protocol. + + @param[in] ImageHandle The image handle of the driver. + @param[in] SystemTable The system table. + + @retval EFI_SUCCESS The service binding protocols is successfully installed. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +EFIAPI +Hash2DriverEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + HASH2_SERVICE_DATA *Hash2ServiceData; + + // + // Initialize the Hash Service Data. + // + Hash2ServiceData = AllocateZeroPool (sizeof (HASH2_SERVICE_DATA)); + if (Hash2ServiceData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Hash2ServiceData->Signature = HASH2_SERVICE_DATA_SIGNATURE; + CopyMem (&Hash2ServiceData->ServiceBinding, &mHash2ServiceBindingProtocol, sizeof (EFI_SERVICE_BINDING_PROTOCOL)); + InitializeListHead (&Hash2ServiceData->ChildrenList); + + // + // Install the HASH Service Binding Protocol + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &Hash2ServiceData->ServiceHandle, + &gEfiHash2ServiceBindingProtocolGuid, + &Hash2ServiceData->ServiceBinding, + NULL + ); + if (EFI_ERROR (Status)) { + FreePool (Hash2ServiceData); + } + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Driver.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Driver.h new file mode 100644 index 00000000..823dfca6 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Driver.h @@ -0,0 +1,126 @@ +/** @file + This is definition for service binding for Hash driver. + +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _HASH2_DRIVER_H_ +#define _HASH2_DRIVER_H_ + +#include <Uefi.h> + +#include <Protocol/ServiceBinding.h> +#include <Protocol/Hash2.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/DevicePathLib.h> +#include <Library/UefiLib.h> + +#define HASH2_SERVICE_DATA_SIGNATURE SIGNATURE_32 ('H', 'S', '2', 'S') + +typedef struct { + UINT32 Signature; + EFI_HANDLE ServiceHandle; + EFI_SERVICE_BINDING_PROTOCOL ServiceBinding; + + LIST_ENTRY ChildrenList; +} HASH2_SERVICE_DATA; + +#define HASH2_SERVICE_DATA_FROM_THIS(a) \ + CR ( \ + (a), \ + HASH2_SERVICE_DATA, \ + ServiceBinding, \ + HASH2_SERVICE_DATA_SIGNATURE \ + ) + +#define HASH2_INSTANCE_DATA_SIGNATURE SIGNATURE_32 ('H', 's', '2', 'I') + +typedef struct { + UINT32 Signature; + HASH2_SERVICE_DATA *Hash2ServiceData; + EFI_HANDLE Handle; + LIST_ENTRY InstEntry; + EFI_HASH2_PROTOCOL Hash2Protocol; + VOID *HashContext; + VOID *HashInfoContext; + BOOLEAN Updated; +} HASH2_INSTANCE_DATA; + +#define HASH2_INSTANCE_DATA_FROM_THIS(a) \ + CR ( \ + (a), \ + HASH2_INSTANCE_DATA, \ + Hash2Protocol, \ + HASH2_INSTANCE_DATA_SIGNATURE \ + ) + +#define HASH2_INSTANCE_DATA_FROM_LINK(a) \ + CR ( \ + (a), \ + HASH2_INSTANCE_DATA, \ + InstEntry, \ + HASH2_INSTANCE_DATA_SIGNATURE \ + ) + +/** + Creates a child handle with a set of I/O services. + + @param[in] This Protocol instance pointer. + @param[in, out] ChildHandle Pointer to the handle of the child to create. If + it is NULL, then a new handle is created. If + it is not NULL, then the I/O services are added + to the existing child handle. + + @retval EFI_SUCCESS The protocol was added to ChildHandle. + @retval EFI_INVALID_PARAMETER ChildHandle is NULL. + @retval EFI_OUT_OF_RESOURCES There are not enough resources available to + create the child. + @retval Others The child handle was not created. + +**/ +EFI_STATUS +EFIAPI +Hash2ServiceBindingCreateChild ( + IN EFI_SERVICE_BINDING_PROTOCOL *This, + IN OUT EFI_HANDLE *ChildHandle + ); + +/** + Destroys a child handle with a set of I/O services. + + The DestroyChild() function does the opposite of CreateChild(). It removes a + protocol that was installed by CreateChild() from ChildHandle. If the removed + protocol is the last protocol on ChildHandle, then ChildHandle is destroyed. + + @param[in] This Pointer to the EFI_SERVICE_BINDING_PROTOCOL + instance. + @param[in] ChildHandle Handle of the child to destroy. + + @retval EFI_SUCCESS The protocol was removed from ChildHandle. + @retval EFI_UNSUPPORTED ChildHandle does not support the protocol that + is being removed. + @retval EFI_INVALID_PARAMETER ChildHandle is NULL. + @retval EFI_ACCESS_DENIED The protocol could not be removed from the + ChildHandle because its services are being + used. + @retval Others The child handle was not destroyed. + +**/ +EFI_STATUS +EFIAPI +Hash2ServiceBindingDestroyChild ( + IN EFI_SERVICE_BINDING_PROTOCOL *This, + IN EFI_HANDLE ChildHandle + ); + +extern EFI_HASH2_PROTOCOL mHash2Protocol; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c new file mode 100644 index 00000000..b6785cf2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.c @@ -0,0 +1,610 @@ +/** @file + This module implements Hash2 Protocol. + +(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Uefi.h> +#include <Protocol/Hash2.h> +#include <Library/BaseLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseCryptLib.h> + +#include "Driver.h" + +/** + Retrieves the size, in bytes, of the context buffer required for hash operations. + + If this interface is not supported, then return zero. + + @return The size, in bytes, of the context buffer required for hash operations. + @retval 0 This interface is not supported. + +**/ +typedef +UINTN +(EFIAPI *EFI_HASH_GET_CONTEXT_SIZE) ( + VOID + ); + +/** + Initializes user-supplied memory pointed by Sha1Context as hash context for + subsequent use. + + If HashContext is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[out] HashContext Pointer to Hashcontext being initialized. + + @retval TRUE Hash context initialization succeeded. + @retval FALSE Hash context initialization failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_HASH_INIT) ( + OUT VOID *HashContext + ); + +/** + Digests the input data and updates Hash context. + + This function performs Hash digest on a data buffer of the specified size. + It can be called multiple times to compute the digest of long or discontinuous data streams. + Hash context should be already correctly initialized by HashInit(), and should not be finalized + by HashFinal(). Behavior with invalid context is undefined. + + If HashContext is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HashContext Pointer to the Hash context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataSize Size of Data buffer in bytes. + + @retval TRUE SHA-1 data digest succeeded. + @retval FALSE SHA-1 data digest failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_HASH_UPDATE) ( + IN OUT VOID *HashContext, + IN CONST VOID *Data, + IN UINTN DataSize + ); + +/** + Completes computation of the Hash digest value. + + This function completes hash computation and retrieves the digest value into + the specified memory. After this function has been called, the Hash context cannot + be used again. + Hash context should be already correctly initialized by HashInit(), and should not be + finalized by HashFinal(). Behavior with invalid Hash context is undefined. + + If HashContext is NULL, then return FALSE. + If HashValue is NULL, then return FALSE. + If this interface is not supported, then return FALSE. + + @param[in, out] HashContext Pointer to the Hash context. + @param[out] HashValue Pointer to a buffer that receives the Hash digest + value. + + @retval TRUE Hash digest computation succeeded. + @retval FALSE Hash digest computation failed. + @retval FALSE This interface is not supported. + +**/ +typedef +BOOLEAN +(EFIAPI *EFI_HASH_FINAL) ( + IN OUT VOID *HashContext, + OUT UINT8 *HashValue + ); + +typedef struct { + EFI_GUID *Guid; + UINT32 HashSize; + EFI_HASH_GET_CONTEXT_SIZE GetContextSize; + EFI_HASH_INIT Init; + EFI_HASH_UPDATE Update; + EFI_HASH_FINAL Final; +} EFI_HASH_INFO; + +EFI_HASH_INFO mHashInfo[] = { + {&gEfiHashAlgorithmSha256Guid, sizeof(EFI_SHA256_HASH2), Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final }, + {&gEfiHashAlgorithmSha384Guid, sizeof(EFI_SHA384_HASH2), Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final }, + {&gEfiHashAlgorithmSha512Guid, sizeof(EFI_SHA512_HASH2), Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final }, +}; + +/** + Returns the size of the hash which results from a specific algorithm. + + @param[in] This Points to this instance of EFI_HASH2_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + @param[out] HashSize Holds the returned size of the algorithm's hash. + + @retval EFI_SUCCESS Hash size returned successfully. + @retval EFI_INVALID_PARAMETER This or HashSize is NULL. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this driver + or HashAlgorithm is null. + +**/ +EFI_STATUS +EFIAPI +BaseCrypto2GetHashSize ( + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + OUT UINTN *HashSize + ); + +/** + Creates a hash for the specified message text. The hash is not extendable. + The output is final with any algorithm-required padding added by the function. + + @param[in] This Points to this instance of EFI_HASH2_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + @param[in] Message Points to the start of the message. + @param[in] MessageSize The size of Message, in bytes. + @param[in,out] Hash On input, points to a caller-allocated buffer of the size + returned by GetHashSize() for the specified HashAlgorithm. + On output, the buffer holds the resulting hash computed from the message. + + @retval EFI_SUCCESS Hash returned successfully. + @retval EFI_INVALID_PARAMETER This or Hash is NULL. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this driver + or HashAlgorithm is Null. + @retval EFI_OUT_OF_RESOURCES Some resource required by the function is not available + or MessageSize is greater than platform maximum. + +**/ +EFI_STATUS +EFIAPI +BaseCrypto2Hash ( + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + IN CONST UINT8 *Message, + IN UINTN MessageSize, + IN OUT EFI_HASH2_OUTPUT *Hash + ); + +/** + This function must be called to initialize a digest calculation to be subsequently performed using the + EFI_HASH2_PROTOCOL functions HashUpdate() and HashFinal(). + + @param[in] This Points to this instance of EFI_HASH2_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + + @retval EFI_SUCCESS Initialized successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this driver + or HashAlgorithm is Null. + @retval EFI_OUT_OF_RESOURCES Process failed due to lack of required resource. + @retval EFI_ALREADY_STARTED This function is called when the operation in progress is still in processing Hash(), + or HashInit() is already called before and not terminated by HashFinal() yet on the same instance. + +**/ +EFI_STATUS +EFIAPI +BaseCrypto2HashInit ( + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm + ); + +/** + Updates the hash of a computation in progress by adding a message text. + + @param[in] This Points to this instance of EFI_HASH2_PROTOCOL. + @param[in] Message Points to the start of the message. + @param[in] MessageSize The size of Message, in bytes. + + @retval EFI_SUCCESS Digest in progress updated successfully. + @retval EFI_INVALID_PARAMETER This or Hash is NULL. + @retval EFI_OUT_OF_RESOURCES Some resource required by the function is not available + or MessageSize is greater than platform maximum. + @retval EFI_NOT_READY This call was not preceded by a valid call to HashInit(), + or the operation in progress was terminated by a call to Hash() or HashFinal() on the same instance. + +**/ +EFI_STATUS +EFIAPI +BaseCrypto2HashUpdate ( + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST UINT8 *Message, + IN UINTN MessageSize + ); + +/** + Finalizes a hash operation in progress and returns calculation result. + The output is final with any necessary padding added by the function. + The hash may not be further updated or extended after HashFinal(). + + @param[in] This Points to this instance of EFI_HASH2_PROTOCOL. + @param[in,out] Hash On input, points to a caller-allocated buffer of the size + returned by GetHashSize() for the specified HashAlgorithm specified in preceding HashInit(). + On output, the buffer holds the resulting hash computed from the message. + + @retval EFI_SUCCESS Hash returned successfully. + @retval EFI_INVALID_PARAMETER This or Hash is NULL. + @retval EFI_NOT_READY This call was not preceded by a valid call to HashInit() and at least one call to HashUpdate(), + or the operation in progress was canceled by a call to Hash() on the same instance. + +**/ +EFI_STATUS +EFIAPI +BaseCrypto2HashFinal ( + IN CONST EFI_HASH2_PROTOCOL *This, + IN OUT EFI_HASH2_OUTPUT *Hash + ); + +EFI_HASH2_PROTOCOL mHash2Protocol = { + BaseCrypto2GetHashSize, + BaseCrypto2Hash, + BaseCrypto2HashInit, + BaseCrypto2HashUpdate, + BaseCrypto2HashFinal, +}; + +/** + Returns hash information. + + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + + @return Hash information. +**/ +EFI_HASH_INFO * +GetHashInfo ( + IN CONST EFI_GUID *HashAlgorithm + ) +{ + UINTN Index; + + for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) { + if (CompareGuid (HashAlgorithm, mHashInfo[Index].Guid)) { + return &mHashInfo[Index]; + } + } + return NULL; +} + +/** + Returns the size of the hash which results from a specific algorithm. + + @param[in] This Points to this instance of EFI_HASH2_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + @param[out] HashSize Holds the returned size of the algorithm's hash. + + @retval EFI_SUCCESS Hash size returned successfully. + @retval EFI_INVALID_PARAMETER This or HashSize is NULL. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this driver + or HashAlgorithm is null. + +**/ +EFI_STATUS +EFIAPI +BaseCrypto2GetHashSize ( + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + OUT UINTN *HashSize + ) +{ + EFI_HASH_INFO *HashInfo; + + if ((This == NULL) || (HashSize == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (HashAlgorithm == NULL) { + return EFI_UNSUPPORTED; + } + + HashInfo = GetHashInfo (HashAlgorithm); + if (HashInfo == NULL) { + return EFI_UNSUPPORTED; + } + + *HashSize = HashInfo->HashSize; + return EFI_SUCCESS; +} + +/** + Creates a hash for the specified message text. The hash is not extendable. + The output is final with any algorithm-required padding added by the function. + + @param[in] This Points to this instance of EFI_HASH2_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + @param[in] Message Points to the start of the message. + @param[in] MessageSize The size of Message, in bytes. + @param[in,out] Hash On input, points to a caller-allocated buffer of the size + returned by GetHashSize() for the specified HashAlgorithm. + On output, the buffer holds the resulting hash computed from the message. + + @retval EFI_SUCCESS Hash returned successfully. + @retval EFI_INVALID_PARAMETER This or Hash is NULL. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this driver + or HashAlgorithm is Null. + @retval EFI_OUT_OF_RESOURCES Some resource required by the function is not available + or MessageSize is greater than platform maximum. + +**/ +EFI_STATUS +EFIAPI +BaseCrypto2Hash ( + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm, + IN CONST UINT8 *Message, + IN UINTN MessageSize, + IN OUT EFI_HASH2_OUTPUT *Hash + ) +{ + EFI_HASH_INFO *HashInfo; + VOID *HashCtx; + UINTN CtxSize; + BOOLEAN Ret; + EFI_STATUS Status; + HASH2_INSTANCE_DATA *Instance; + + Status = EFI_SUCCESS; + + if ((This == NULL) || (Hash == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (HashAlgorithm == NULL) { + return EFI_UNSUPPORTED; + } + + HashInfo = GetHashInfo (HashAlgorithm); + if (HashInfo == NULL) { + return EFI_UNSUPPORTED; + } + + Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); + if (Instance->HashContext != NULL) { + FreePool (Instance->HashContext); + } + Instance->HashInfoContext = NULL; + Instance->HashContext = NULL; + + // + // Start hash sequence + // + CtxSize = HashInfo->GetContextSize (); + if (CtxSize == 0) { + return EFI_UNSUPPORTED; + } + HashCtx = AllocatePool (CtxSize); + if (HashCtx == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Ret = HashInfo->Init (HashCtx); + if (!Ret) { + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + + // + // Setup the context + // + Instance->HashContext = HashCtx; + Instance->HashInfoContext = HashInfo; + + Ret = HashInfo->Update (HashCtx, Message, MessageSize); + if (!Ret) { + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + + Ret = HashInfo->Final (HashCtx, (UINT8 *)Hash->Sha1Hash); + if (!Ret) { + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } +Done: + // + // Cleanup the context + // + FreePool (HashCtx); + Instance->HashInfoContext = NULL; + Instance->HashContext = NULL; + return Status; +} + +/** + This function must be called to initialize a digest calculation to be subsequently performed using the + EFI_HASH2_PROTOCOL functions HashUpdate() and HashFinal(). + + @param[in] This Points to this instance of EFI_HASH2_PROTOCOL. + @param[in] HashAlgorithm Points to the EFI_GUID which identifies the algorithm to use. + + @retval EFI_SUCCESS Initialized successfully. + @retval EFI_INVALID_PARAMETER This is NULL. + @retval EFI_UNSUPPORTED The algorithm specified by HashAlgorithm is not supported by this driver + or HashAlgorithm is Null. + @retval EFI_OUT_OF_RESOURCES Process failed due to lack of required resource. + @retval EFI_ALREADY_STARTED This function is called when the operation in progress is still in processing Hash(), + or HashInit() is already called before and not terminated by HashFinal() yet on the same instance. + +**/ +EFI_STATUS +EFIAPI +BaseCrypto2HashInit ( + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST EFI_GUID *HashAlgorithm + ) +{ + EFI_HASH_INFO *HashInfo; + VOID *HashCtx; + UINTN CtxSize; + BOOLEAN Ret; + HASH2_INSTANCE_DATA *Instance; + + if (This == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (HashAlgorithm == NULL) { + return EFI_UNSUPPORTED; + } + + HashInfo = GetHashInfo (HashAlgorithm); + if (HashInfo == NULL) { + return EFI_UNSUPPORTED; + } + + // + // Consistency Check + // + Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); + if ((Instance->HashContext != NULL) || (Instance->HashInfoContext != NULL)) { + return EFI_ALREADY_STARTED; + } + + // + // Start hash sequence + // + CtxSize = HashInfo->GetContextSize (); + if (CtxSize == 0) { + return EFI_UNSUPPORTED; + } + HashCtx = AllocatePool (CtxSize); + if (HashCtx == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Ret = HashInfo->Init (HashCtx); + if (!Ret) { + FreePool (HashCtx); + return EFI_OUT_OF_RESOURCES; + } + + // + // Setup the context + // + Instance->HashContext = HashCtx; + Instance->HashInfoContext = HashInfo; + Instance->Updated = FALSE; + + return EFI_SUCCESS; +} + +/** + Updates the hash of a computation in progress by adding a message text. + + @param[in] This Points to this instance of EFI_HASH2_PROTOCOL. + @param[in] Message Points to the start of the message. + @param[in] MessageSize The size of Message, in bytes. + + @retval EFI_SUCCESS Digest in progress updated successfully. + @retval EFI_INVALID_PARAMETER This or Hash is NULL. + @retval EFI_OUT_OF_RESOURCES Some resource required by the function is not available + or MessageSize is greater than platform maximum. + @retval EFI_NOT_READY This call was not preceded by a valid call to HashInit(), + or the operation in progress was terminated by a call to Hash() or HashFinal() on the same instance. + +**/ +EFI_STATUS +EFIAPI +BaseCrypto2HashUpdate ( + IN CONST EFI_HASH2_PROTOCOL *This, + IN CONST UINT8 *Message, + IN UINTN MessageSize + ) +{ + EFI_HASH_INFO *HashInfo; + VOID *HashCtx; + BOOLEAN Ret; + HASH2_INSTANCE_DATA *Instance; + + if (This == NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // Consistency Check + // + Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); + if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL)) { + return EFI_NOT_READY; + } + HashInfo = Instance->HashInfoContext; + HashCtx = Instance->HashContext; + + Ret = HashInfo->Update (HashCtx, Message, MessageSize); + if (!Ret) { + return EFI_OUT_OF_RESOURCES; + } + + Instance->Updated = TRUE; + + return EFI_SUCCESS; +} + +/** + Finalizes a hash operation in progress and returns calculation result. + The output is final with any necessary padding added by the function. + The hash may not be further updated or extended after HashFinal(). + + @param[in] This Points to this instance of EFI_HASH2_PROTOCOL. + @param[in,out] Hash On input, points to a caller-allocated buffer of the size + returned by GetHashSize() for the specified HashAlgorithm specified in preceding HashInit(). + On output, the buffer holds the resulting hash computed from the message. + + @retval EFI_SUCCESS Hash returned successfully. + @retval EFI_INVALID_PARAMETER This or Hash is NULL. + @retval EFI_NOT_READY This call was not preceded by a valid call to HashInit() and at least one call to HashUpdate(), + or the operation in progress was canceled by a call to Hash() on the same instance. + +**/ +EFI_STATUS +EFIAPI +BaseCrypto2HashFinal ( + IN CONST EFI_HASH2_PROTOCOL *This, + IN OUT EFI_HASH2_OUTPUT *Hash + ) +{ + EFI_HASH_INFO *HashInfo; + VOID *HashCtx; + BOOLEAN Ret; + HASH2_INSTANCE_DATA *Instance; + + if ((This == NULL) || (Hash == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Consistency Check + // + Instance = HASH2_INSTANCE_DATA_FROM_THIS(This); + if ((Instance->HashContext == NULL) || (Instance->HashInfoContext == NULL) || + (!Instance->Updated)) { + return EFI_NOT_READY; + } + HashInfo = Instance->HashInfoContext; + HashCtx = Instance->HashContext; + + Ret = HashInfo->Final (HashCtx, (UINT8 *)Hash->Sha1Hash); + + // + // Cleanup the context + // + FreePool (HashCtx); + Instance->HashInfoContext = NULL; + Instance->HashContext = NULL; + Instance->Updated = FALSE; + + if (!Ret) { + return EFI_OUT_OF_RESOURCES; + } + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf new file mode 100644 index 00000000..bc9ff5b4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf @@ -0,0 +1,56 @@ +## @file +# Produces the UEFI HASH2 protocol +# +# This module will use EDKII crypto library to HASH2 protocol. +# +# (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> +# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Hash2DxeCrypto + FILE_GUID = 63E3BDCF-2AC7-4ac0-9B92-03A7541422FF + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = Hash2DriverEntryPoint + MODULE_UNI_FILE = Hash2DxeCrypto.uni + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources.common] + Hash2DxeCrypto.c + Driver.h + Driver.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + UefiBootServicesTableLib + BaseLib + BaseMemoryLib + BaseCryptLib + MemoryAllocationLib + UefiDriverEntryPoint + DebugLib + UefiLib + +[Guids] + gEfiHashAlgorithmSha256Guid ## CONSUMES ## GUID + gEfiHashAlgorithmSha384Guid ## CONSUMES ## GUID + gEfiHashAlgorithmSha512Guid ## CONSUMES ## GUID + +[Protocols] + gEfiHash2ProtocolGuid ## PRODUCES + gEfiHash2ServiceBindingProtocolGuid ## PRODUCES + +[UserExtensions.TianoCore."ExtraFiles"] + Hash2DxeCryptoExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.uni new file mode 100644 index 00000000..9e168373 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.uni @@ -0,0 +1,16 @@ +// /** @file
+// Produces the UEFI HASH2 protocol
+//
+// This module will use EDKII crypto library to HASH2 protocol.
+//
+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Produces UEFI HASH2 protocol"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module will use EDKII crypto library to HASH2 protocol."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCryptoExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCryptoExtra.uni new file mode 100644 index 00000000..4edb3944 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Hash2DxeCrypto/Hash2DxeCryptoExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// Hash2DxeCrypto Localized Strings and Content
+//
+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"UEFI Random Number Generator DXE"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPassword.vfr b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPassword.vfr new file mode 100644 index 00000000..65b5196a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPassword.vfr @@ -0,0 +1,181 @@ +/** @file + HDD Password Configuration Formset. + + Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include "HddPasswordHiiDataStruc.h" + +formset + guid = HDD_PASSWORD_CONFIG_GUID, + title = STRING_TOKEN(STR_HDD_SECURITY_CONFIG), + help = STRING_TOKEN(STR_HDD_SECURITY_CONFIG), + classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, + + varstore HDD_PASSWORD_CONFIG, + name = HDD_PASSWORD_CONFIG, + guid = HDD_PASSWORD_CONFIG_GUID; + + form formid = FORMID_HDD_MAIN_FORM, + title = STRING_TOKEN(STR_HDD_SECURITY_CONFIG); + + label HDD_DEVICE_ENTRY_LABEL; + label HDD_DEVICE_LABEL_END; + + endform; + + form + formid = FORMID_HDD_DEVICE_FORM, + title = STRING_TOKEN(STR_HDD_SECURITY_HD); + + subtitle text = STRING_TOKEN(STR_SECURITY_HDD_PWD_DESC); + + subtitle text = STRING_TOKEN(STR_NULL); + + subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_ONE); + subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_TWO); + subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_THREE); + subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_FOUR); + subtitle text = STRING_TOKEN(STR_SECURITY_HDD_BANNER_FIVE); + + subtitle text = STRING_TOKEN(STR_NULL); + + subtitle text = STRING_TOKEN(STR_HDD_PASSWORD_CONFIG); + + subtitle text = STRING_TOKEN(STR_NULL); + + grayoutif TRUE; + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 0; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_SEC_SUPPORTED), + text = STRING_TOKEN(STR_YES), + flags = 0, + key = 0; + endif; + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 1; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_SEC_SUPPORTED), + text = STRING_TOKEN(STR_NO), + flags = 0, + key = 0; + endif; + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Enabled == 0; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_SEC_ENABLED), + text = STRING_TOKEN(STR_YES), + flags = 0, + key = 0; + endif; + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Enabled == 1; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_SEC_ENABLED), + text = STRING_TOKEN(STR_NO), + flags = 0, + key = 0; + endif; + + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Locked == 0; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_SEC_LOCKED), + text = STRING_TOKEN(STR_YES), + flags = 0, + key = 0; + endif; + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Locked == 1; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_SEC_LOCKED), + text = STRING_TOKEN(STR_NO), + flags = 0, + key = 0; + endif; + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Frozen == 0; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_SEC_FROZEN), + text = STRING_TOKEN(STR_YES), + flags = 0, + key = 0; + endif; + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.Frozen == 1; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_SEC_FROZEN), + text = STRING_TOKEN(STR_NO), + flags = 0, + key = 0; + endif; + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.UserPasswordStatus == 0; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_HDD_USER_PASSWORD_STS), + text = STRING_TOKEN(STR_INSTALLED), + flags = 0, + key = 0; + endif; + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.UserPasswordStatus == 1; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_HDD_USER_PASSWORD_STS), + text = STRING_TOKEN(STR_NOT_INSTALLED), + flags = 0, + key = 0; + endif; + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.MasterPasswordStatus == 0; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_HDD_MASTER_PASSWORD_STS), + text = STRING_TOKEN(STR_INSTALLED), + flags = 0, + key = 0; + endif; + + suppressif ideqvallist HDD_PASSWORD_CONFIG.SecurityStatus.MasterPasswordStatus == 1; + text + help = STRING_TOKEN(STR_EMPTY), + text = STRING_TOKEN(STR_HDD_MASTER_PASSWORD_STS), + text = STRING_TOKEN(STR_NOT_INSTALLED), + flags = 0, + key = 0; + endif; + endif; + + subtitle text = STRING_TOKEN(STR_NULL); + + grayoutif ideqval HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 0; + checkbox varid = HDD_PASSWORD_CONFIG.Request.UserPassword, + prompt = STRING_TOKEN(STR_HDD_USER_PASSWORD), + help = STRING_TOKEN(STR_HDD_USER_PASSWORD_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + key = KEY_HDD_USER_PASSWORD, + endcheckbox; + endif; + + grayoutif ideqval HDD_PASSWORD_CONFIG.SecurityStatus.Supported == 0; + checkbox varid = HDD_PASSWORD_CONFIG.Request.MasterPassword, + prompt = STRING_TOKEN(STR_HDD_MASTER_PASSWORD), + help = STRING_TOKEN(STR_HDD_MASTER_PASSWORD_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + key = KEY_HDD_MASTER_PASSWORD, + endcheckbox; + endif; + endform; + +endformset; diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordCommon.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordCommon.h new file mode 100644 index 00000000..e7c14749 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordCommon.h @@ -0,0 +1,54 @@ +/** @file + HDD Password common header file. + + Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _HDD_PASSWORD_COMMON_H_ +#define _HDD_PASSWORD_COMMON_H_ + +// +// The payload length of HDD related ATA commands +// +#define HDD_PAYLOAD 512 + +#define ATA_SECURITY_SET_PASSWORD_CMD 0xF1 +#define ATA_SECURITY_UNLOCK_CMD 0xF2 +#define ATA_SECURITY_FREEZE_LOCK_CMD 0xF5 +#define ATA_SECURITY_DIS_PASSWORD_CMD 0xF6 + +// +// The max retry count specified in ATA 8 spec. +// +#define MAX_HDD_PASSWORD_RETRY_COUNT 5 + +// +// According to ATA spec, the max length of hdd password is 32 bytes +// +#define HDD_PASSWORD_MAX_LENGTH 32 + +#define HDD_PASSWORD_DEVICE_INFO_GUID { 0x96d877ad, 0x48af, 0x4b39, { 0x9b, 0x27, 0x4d, 0x97, 0x43, 0x9, 0xae, 0x47 } } + +typedef struct { + UINT8 Bus; + UINT8 Device; + UINT8 Function; + UINT8 Reserved; + UINT16 Port; + UINT16 PortMultiplierPort; +} HDD_PASSWORD_DEVICE; + +// +// It will be used to unlock HDD password for S3. +// +typedef struct { + HDD_PASSWORD_DEVICE Device; + CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; + UINT32 DevicePathLength; + EFI_DEVICE_PATH_PROTOCOL DevicePath[]; +} HDD_PASSWORD_DEVICE_INFO; + +#endif // _HDD_PASSWORD_COMMON_H_ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordDxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordDxe.c new file mode 100644 index 00000000..1b52a79f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -0,0 +1,2824 @@ +/** @file + HDD password driver which is used to support HDD security feature. + + Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> + Copyright (c) Microsoft Corporation.<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "HddPasswordDxe.h" + +EFI_GUID mHddPasswordVendorGuid = HDD_PASSWORD_CONFIG_GUID; +CHAR16 mHddPasswordVendorStorageName[] = L"HDD_PASSWORD_CONFIG"; +LIST_ENTRY mHddPasswordConfigFormList; +UINT32 mNumberOfHddDevices = 0; + +EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID; +BOOLEAN mHddPasswordEndOfDxe = FALSE; +HDD_PASSWORD_REQUEST_VARIABLE *mHddPasswordRequestVariable = NULL; +UINTN mHddPasswordRequestVariableSize = 0; + +HII_VENDOR_DEVICE_PATH mHddPasswordHiiVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + HDD_PASSWORD_CONFIG_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + + +/** + Check if the password is full zero. + + @param[in] Password Points to the data buffer + + @retval TRUE This password string is full zero. + @retval FALSE This password string is not full zero. + +**/ +BOOLEAN +PasswordIsFullZero ( + IN CHAR8 *Password + ) +{ + UINTN Index; + + for (Index = 0; Index < HDD_PASSWORD_MAX_LENGTH; Index++) { + if (Password[Index] != 0) { + return FALSE; + } + } + + return TRUE; +} + +/** + Save device info. + + @param[in] ConfigFormEntry Points to HDD_PASSWORD_CONFIG_FORM_ENTRY buffer + @param[in,out] TempDevInfo Points to HDD_PASSWORD_DEVICE_INFO buffer + +**/ +VOID +SaveDeviceInfo ( + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, + IN OUT HDD_PASSWORD_DEVICE_INFO *TempDevInfo + ) +{ + TempDevInfo->Device.Bus = (UINT8) ConfigFormEntry->Bus; + TempDevInfo->Device.Device = (UINT8) ConfigFormEntry->Device; + TempDevInfo->Device.Function = (UINT8) ConfigFormEntry->Function; + TempDevInfo->Device.Port = ConfigFormEntry->Port; + TempDevInfo->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; + CopyMem (TempDevInfo->Password, ConfigFormEntry->Password, HDD_PASSWORD_MAX_LENGTH); + TempDevInfo->DevicePathLength = (UINT32) GetDevicePathSize (ConfigFormEntry->DevicePath); + CopyMem (TempDevInfo->DevicePath, ConfigFormEntry->DevicePath, TempDevInfo->DevicePathLength); +} + +/** + Build HDD password device info and save them to LockBox. + + **/ +VOID +BuildHddPasswordDeviceInfo ( + VOID + ) +{ + EFI_STATUS Status; + LIST_ENTRY *Entry; + HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; + HDD_PASSWORD_DEVICE_INFO *DevInfo; + HDD_PASSWORD_DEVICE_INFO *TempDevInfo; + UINTN DevInfoLength; + UINT8 DummyData; + BOOLEAN S3InitDevicesExist; + UINTN S3InitDevicesLength; + EFI_DEVICE_PATH_PROTOCOL *S3InitDevices; + EFI_DEVICE_PATH_PROTOCOL *S3InitDevicesBak; + + // + // Build HDD password device info and save them to LockBox. + // + DevInfoLength = 0; + BASE_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) { + ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link); + + // + // 1. Handle device which already set password. + // 2. When request to send freeze command, driver also needs to handle device + // which support security feature. + // + if ((!PasswordIsFullZero (ConfigFormEntry->Password)) || + ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) && + (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) { + DevInfoLength += sizeof (HDD_PASSWORD_DEVICE_INFO) + + GetDevicePathSize (ConfigFormEntry->DevicePath); + } + } + + if (DevInfoLength == 0) { + return; + } + + S3InitDevicesLength = sizeof (DummyData); + Status = RestoreLockBox ( + &gS3StorageDeviceInitListGuid, + &DummyData, + &S3InitDevicesLength + ); + ASSERT ((Status == EFI_NOT_FOUND) || (Status == EFI_BUFFER_TOO_SMALL)); + if (Status == EFI_NOT_FOUND) { + S3InitDevices = NULL; + S3InitDevicesExist = FALSE; + } else if (Status == EFI_BUFFER_TOO_SMALL) { + S3InitDevices = AllocatePool (S3InitDevicesLength); + ASSERT (S3InitDevices != NULL); + + Status = RestoreLockBox ( + &gS3StorageDeviceInitListGuid, + S3InitDevices, + &S3InitDevicesLength + ); + ASSERT_EFI_ERROR (Status); + S3InitDevicesExist = TRUE; + } else { + return; + } + + DevInfo = AllocateZeroPool (DevInfoLength); + ASSERT (DevInfo != NULL); + + TempDevInfo = DevInfo; + BASE_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) { + ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link); + + if ((!PasswordIsFullZero (ConfigFormEntry->Password)) || + ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) && + (ConfigFormEntry->IfrData.SecurityStatus.Enabled == 0))) { + SaveDeviceInfo (ConfigFormEntry, TempDevInfo); + + S3InitDevicesBak = S3InitDevices; + S3InitDevices = AppendDevicePathInstance ( + S3InitDevicesBak, + ConfigFormEntry->DevicePath + ); + if (S3InitDevicesBak != NULL) { + FreePool (S3InitDevicesBak); + } + ASSERT (S3InitDevices != NULL); + + TempDevInfo = (HDD_PASSWORD_DEVICE_INFO *) ((UINTN)TempDevInfo + + sizeof (HDD_PASSWORD_DEVICE_INFO) + + TempDevInfo->DevicePathLength); + } + } + + Status = SaveLockBox ( + &mHddPasswordDeviceInfoGuid, + DevInfo, + DevInfoLength + ); + ASSERT_EFI_ERROR (Status); + + Status = SetLockBoxAttributes ( + &mHddPasswordDeviceInfoGuid, + LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY + ); + ASSERT_EFI_ERROR (Status); + + S3InitDevicesLength = GetDevicePathSize (S3InitDevices); + if (S3InitDevicesExist) { + Status = UpdateLockBox ( + &gS3StorageDeviceInitListGuid, + 0, + S3InitDevices, + S3InitDevicesLength + ); + ASSERT_EFI_ERROR (Status); + } else { + Status = SaveLockBox ( + &gS3StorageDeviceInitListGuid, + S3InitDevices, + S3InitDevicesLength + ); + ASSERT_EFI_ERROR (Status); + + Status = SetLockBoxAttributes ( + &gS3StorageDeviceInitListGuid, + LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY + ); + ASSERT_EFI_ERROR (Status); + } + + ZeroMem (DevInfo, DevInfoLength); + FreePool (DevInfo); + FreePool (S3InitDevices); +} + +/** + Send freeze lock cmd through Ata Pass Thru Protocol. + + @param[in] AtaPassThru The pointer to the ATA_PASS_THRU protocol. + @param[in] Port The port number of the ATA device to send the command. + @param[in] PortMultiplierPort The port multiplier port number of the ATA device to send the command. + If there is no port multiplier, then specify 0xFFFF. + + @retval EFI_SUCCESS Successful to send freeze lock cmd. + @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid. + @retval EFI_OUT_OF_RESOURCES Not enough memory to send freeze lock cmd. + @retval EFI_DEVICE_ERROR Can not send freeze lock cmd. + +**/ +EFI_STATUS +FreezeLockDevice ( + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort + ) +{ + EFI_STATUS Status; + EFI_ATA_COMMAND_BLOCK Acb; + EFI_ATA_STATUS_BLOCK *Asb; + EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; + + if (AtaPassThru == NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in + // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by + // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile, + // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it + // may not be aligned when allocated on stack for some compilers. Hence, we + // use the API AllocateAlignedPages to ensure this structure is properly + // aligned. + // + Asb = AllocateAlignedPages ( + EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)), + AtaPassThru->Mode->IoAlign + ); + if (Asb == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Prepare for ATA command block. + // + ZeroMem (&Acb, sizeof (Acb)); + ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); + Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD; + Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + + // + // Prepare for ATA pass through packet. + // + ZeroMem (&Packet, sizeof (Packet)); + Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_ATA_NON_DATA; + Packet.Length = EFI_ATA_PASS_THRU_LENGTH_NO_DATA_TRANSFER; + Packet.Asb = Asb; + Packet.Acb = &Acb; + Packet.Timeout = ATA_TIMEOUT; + + Status = AtaPassThru->PassThru ( + AtaPassThru, + Port, + PortMultiplierPort, + &Packet, + NULL + ); + if (!EFI_ERROR (Status) && + ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + Status = EFI_DEVICE_ERROR; + } + + FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK))); + + DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status)); + return Status; +} + +/** + Get attached harddisk identify data through Ata Pass Thru Protocol. + + @param[in] AtaPassThru The pointer to the ATA_PASS_THRU protocol. + @param[in] Port The port number of the ATA device to send the command. + @param[in] PortMultiplierPort The port multiplier port number of the ATA device to send the command. + If there is no port multiplier, then specify 0xFFFF. + @param[in] IdentifyData The buffer to store identify data. + + @retval EFI_SUCCESS Successful to get identify data. + @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid. + @retval EFI_OUT_OF_RESOURCES Not enough memory to get identify data. + @retval EFI_DEVICE_ERROR Can not get identify data. + +**/ +EFI_STATUS +GetHddDeviceIdentifyData ( + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN ATA_IDENTIFY_DATA *IdentifyData + ) +{ + EFI_STATUS Status; + EFI_ATA_COMMAND_BLOCK Acb; + EFI_ATA_STATUS_BLOCK *Asb; + EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; + + if ((AtaPassThru == NULL) || (IdentifyData == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in + // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by + // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile, + // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it + // may not be aligned when allocated on stack for some compilers. Hence, we + // use the API AllocateAlignedPages to ensure this structure is properly + // aligned. + // + Asb = AllocateAlignedPages ( + EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)), + AtaPassThru->Mode->IoAlign + ); + if (Asb == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Prepare for ATA command block. + // + ZeroMem (&Acb, sizeof (Acb)); + ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); + Acb.AtaCommand = ATA_CMD_IDENTIFY_DRIVE; + Acb.AtaDeviceHead = (UINT8) (BIT7 | BIT6 | BIT5 | (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4))); + + // + // Prepare for ATA pass through packet. + // + ZeroMem (&Packet, sizeof (Packet)); + Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_IN; + Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES | EFI_ATA_PASS_THRU_LENGTH_SECTOR_COUNT; + Packet.Asb = Asb; + Packet.Acb = &Acb; + Packet.InDataBuffer = IdentifyData; + Packet.InTransferLength = sizeof (ATA_IDENTIFY_DATA); + Packet.Timeout = ATA_TIMEOUT; + + Status = AtaPassThru->PassThru ( + AtaPassThru, + Port, + PortMultiplierPort, + &Packet, + NULL + ); + + FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK))); + + return Status; +} + +/** + Parse security status according to identify data. + + @param[in] IdentifyData The buffer to store identify data. + @param[in, out] IfrData IFR data to hold security status. + +**/ +VOID +GetHddPasswordSecurityStatus ( + IN ATA_IDENTIFY_DATA *IdentifyData, + IN OUT HDD_PASSWORD_CONFIG *IfrData + ) +{ + IfrData->SecurityStatus.Supported = (IdentifyData->command_set_supported_82 & BIT1) ? 1 : 0; + IfrData->SecurityStatus.Enabled = (IdentifyData->security_status & BIT1) ? 1 : 0; + IfrData->SecurityStatus.Locked = (IdentifyData->security_status & BIT2) ? 1 : 0; + IfrData->SecurityStatus.Frozen = (IdentifyData->security_status & BIT3) ? 1 : 0; + IfrData->SecurityStatus.UserPasswordStatus = IfrData->SecurityStatus.Enabled; + IfrData->SecurityStatus.MasterPasswordStatus = IfrData->SecurityStatus.Supported; + + DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.Supported = %x\n", IfrData->SecurityStatus.Supported)); + DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.Enabled = %x\n", IfrData->SecurityStatus.Enabled)); + DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.Locked = %x\n", IfrData->SecurityStatus.Locked)); + DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.Frozen = %x\n", IfrData->SecurityStatus.Frozen)); + DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.UserPasswordStatus = %x\n", IfrData->SecurityStatus.UserPasswordStatus)); + DEBUG ((DEBUG_INFO, "IfrData->SecurityStatus.MasterPasswordStatus = %x\n", IfrData->SecurityStatus.MasterPasswordStatus)); +} + +/** + Notification function of EFI_END_OF_DXE_EVENT_GROUP_GUID event group. + + This is a notification function registered on EFI_END_OF_DXE_EVENT_GROUP_GUID event group. + + @param Event Event whose notification function is being invoked. + @param Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +HddPasswordEndOfDxeEventNotify ( + EFI_EVENT Event, + VOID *Context + ) +{ + LIST_ENTRY *Entry; + HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; + EFI_STATUS Status; + ATA_IDENTIFY_DATA IdentifyData; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + mHddPasswordEndOfDxe = TRUE; + + if (mHddPasswordRequestVariable != NULL) { + // + // Free the HDD password request variable buffer here + // as the HDD password requests should have been processed. + // + FreePool (mHddPasswordRequestVariable); + mHddPasswordRequestVariable = NULL; + mHddPasswordRequestVariableSize = 0; + } + + // + // If no any device, return directly. + // + if (IsListEmpty (&mHddPasswordConfigFormList)) { + gBS->CloseEvent (Event); + return; + } + + BuildHddPasswordDeviceInfo (); + + // + // Zero passsword and freeze lock device. + // + BASE_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) { + ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link); + + ZeroMem (ConfigFormEntry->Password, HDD_PASSWORD_MAX_LENGTH); + + // + // Check whether need send freeze lock command. + // Below device will be froze: + // 1. Device not enable password. + // 2. Device enable password and unlocked. + // + if ((ConfigFormEntry->IfrData.SecurityStatus.Supported != 0) && + (ConfigFormEntry->IfrData.SecurityStatus.Locked == 0) && + (ConfigFormEntry->IfrData.SecurityStatus.Frozen == 0)) { + Status = FreezeLockDevice (ConfigFormEntry->AtaPassThru, ConfigFormEntry->Port, ConfigFormEntry->PortMultiplierPort); + DEBUG ((DEBUG_INFO, "FreezeLockDevice return %r!\n", Status)); + Status = GetHddDeviceIdentifyData ( + ConfigFormEntry->AtaPassThru, + ConfigFormEntry->Port, + ConfigFormEntry->PortMultiplierPort, + &IdentifyData + ); + GetHddPasswordSecurityStatus (&IdentifyData, &ConfigFormEntry->IfrData); + } + } + + DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); + + gBS->CloseEvent (Event); +} + +/** + Generate Salt value. + + @param[in, out] SaltValue Points to the salt buffer, 32 bytes + +**/ +VOID +GenSalt ( + IN OUT UINT8 *SaltValue + ) +{ + RandomSeed (NULL, 0); + RandomBytes (SaltValue, PASSWORD_SALT_SIZE); +} + +/** + Hash the data to get credential. + + @param[in] Buffer Points to the data buffer + @param[in] BufferSize Buffer size + @param[in] SaltValue Points to the salt buffer, 32 bytes + @param[out] Credential Points to the hashed result + + @retval TRUE Hash the data successfully. + @retval FALSE Failed to hash the data. + +**/ +BOOLEAN +GenerateCredential ( + IN UINT8 *Buffer, + IN UINTN BufferSize, + IN UINT8 *SaltValue, + OUT UINT8 *Credential + ) +{ + BOOLEAN Status; + UINTN HashSize; + VOID *Hash; + VOID *HashData; + + Hash = NULL; + HashData = NULL; + Status = FALSE; + + HashSize = Sha256GetContextSize (); + Hash = AllocateZeroPool (HashSize); + ASSERT (Hash != NULL); + if (Hash == NULL) { + goto Done; + } + + Status = Sha256Init (Hash); + if (!Status) { + goto Done; + } + + HashData = AllocateZeroPool (PASSWORD_SALT_SIZE + BufferSize); + ASSERT (HashData != NULL); + if (HashData == NULL) { + goto Done; + } + + CopyMem (HashData, SaltValue, PASSWORD_SALT_SIZE); + CopyMem ((UINT8 *) HashData + PASSWORD_SALT_SIZE, Buffer, BufferSize); + + Status = Sha256Update (Hash, HashData, PASSWORD_SALT_SIZE + BufferSize); + if (!Status) { + goto Done; + } + + Status = Sha256Final (Hash, Credential); + +Done: + if (Hash != NULL) { + FreePool (Hash); + } + if (HashData != NULL) { + ZeroMem (HashData, PASSWORD_SALT_SIZE + BufferSize); + FreePool (HashData); + } + return Status; +} + +/** + Save HDD password variable that will be used to validate HDD password + when the device is at frozen state. + + @param[in] ConfigFormEntry The HDD Password configuration form entry. + @param[in] Password The hdd password of attached ATA device. + +**/ +VOID +SaveHddPasswordVariable ( + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, + IN CHAR8 *Password + ) +{ + EFI_STATUS Status; + HDD_PASSWORD_VARIABLE *TempVariable; + UINTN TempVariableSize; + HDD_PASSWORD_VARIABLE *NextNode; + HDD_PASSWORD_VARIABLE *Variable; + UINTN VariableSize; + HDD_PASSWORD_VARIABLE *NewVariable; + UINTN NewVariableSize; + BOOLEAN Delete; + BOOLEAN HashOk; + UINT8 HashData[SHA256_DIGEST_SIZE]; + UINT8 SaltData[PASSWORD_SALT_SIZE]; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + Delete = FALSE; + if (!PasswordIsFullZero (Password)) { + // + // It is Set/Update HDD Password. + // + ZeroMem (HashData, sizeof (HashData)); + ZeroMem (SaltData, sizeof (SaltData)); + GenSalt (SaltData); + HashOk = GenerateCredential ((UINT8 *) Password, HDD_PASSWORD_MAX_LENGTH, SaltData, HashData); + if (!HashOk) { + DEBUG ((DEBUG_INFO, "GenerateCredential failed\n")); + return; + } + } else { + // + // It is Disable HDD Password. + // Go to delete the variable node for the HDD password device. + // + Delete = TRUE; + } + + Variable = NULL; + VariableSize = 0; + NewVariable = NULL; + NewVariableSize = 0; + + Status = GetVariable2 ( + HDD_PASSWORD_VARIABLE_NAME, + &mHddPasswordVendorGuid, + (VOID **) &Variable, + &VariableSize + ); + if (Delete) { + if (!EFI_ERROR (Status) && (Variable != NULL)) { + TempVariable = Variable; + TempVariableSize = VariableSize; + while (TempVariableSize >= sizeof (HDD_PASSWORD_VARIABLE)) { + if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) && + (TempVariable->Device.Device == ConfigFormEntry->Device) && + (TempVariable->Device.Function == ConfigFormEntry->Function) && + (TempVariable->Device.Port == ConfigFormEntry->Port) && + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + // + // Found the node for the HDD password device. + // Delete the node. + // + NextNode = TempVariable + 1; + CopyMem (TempVariable, NextNode, (UINTN) Variable + VariableSize - (UINTN) NextNode); + NewVariable = Variable; + NewVariableSize = VariableSize - sizeof (HDD_PASSWORD_VARIABLE); + break; + } + TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE); + TempVariable += 1; + } + if (NewVariable == NULL) { + DEBUG ((DEBUG_INFO, "The variable node for the HDD password device is not found\n")); + } + } else { + DEBUG ((DEBUG_INFO, "HddPassword variable get failed (%r)\n", Status)); + } + } else { + if (!EFI_ERROR (Status) && (Variable != NULL)) { + TempVariable = Variable; + TempVariableSize = VariableSize; + while (TempVariableSize >= sizeof (HDD_PASSWORD_VARIABLE)) { + if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) && + (TempVariable->Device.Device == ConfigFormEntry->Device) && + (TempVariable->Device.Function == ConfigFormEntry->Function) && + (TempVariable->Device.Port == ConfigFormEntry->Port) && + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + // + // Found the node for the HDD password device. + // Update the node. + // + CopyMem (TempVariable->PasswordHash, HashData, sizeof (HashData)); + CopyMem (TempVariable->PasswordSalt, SaltData, sizeof (SaltData)); + NewVariable = Variable; + NewVariableSize = VariableSize; + break; + } + TempVariableSize -= sizeof (HDD_PASSWORD_VARIABLE); + TempVariable += 1; + } + if (NewVariable == NULL) { + // + // The node for the HDD password device is not found. + // Create node for the HDD password device. + // + NewVariableSize = VariableSize + sizeof (HDD_PASSWORD_VARIABLE); + NewVariable = AllocateZeroPool (NewVariableSize); + ASSERT (NewVariable != NULL); + CopyMem (NewVariable, Variable, VariableSize); + TempVariable = (HDD_PASSWORD_VARIABLE *) ((UINTN) NewVariable + VariableSize); + TempVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; + TempVariable->Device.Device = (UINT8) ConfigFormEntry->Device; + TempVariable->Device.Function = (UINT8) ConfigFormEntry->Function; + TempVariable->Device.Port = ConfigFormEntry->Port; + TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; + CopyMem (TempVariable->PasswordHash, HashData, sizeof (HashData)); + CopyMem (TempVariable->PasswordSalt, SaltData, sizeof (SaltData)); + } + } else { + NewVariableSize = sizeof (HDD_PASSWORD_VARIABLE); + NewVariable = AllocateZeroPool (NewVariableSize); + ASSERT (NewVariable != NULL); + NewVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; + NewVariable->Device.Device = (UINT8) ConfigFormEntry->Device; + NewVariable->Device.Function = (UINT8) ConfigFormEntry->Function; + NewVariable->Device.Port = ConfigFormEntry->Port; + NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; + CopyMem (NewVariable->PasswordHash, HashData, sizeof (HashData)); + CopyMem (NewVariable->PasswordSalt, SaltData, sizeof (SaltData)); + } + } + + if (NewVariable != NULL) { + Status = gRT->SetVariable ( + HDD_PASSWORD_VARIABLE_NAME, + &mHddPasswordVendorGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + NewVariableSize, + NewVariable + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "HddPassword variable set failed (%r)\n", Status)); + } + } + + if (NewVariable != Variable) { + FreePool (NewVariable); + } + if (Variable != NULL) { + FreePool (Variable); + } + + DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); +} + +/** + Get saved HDD password variable that will be used to validate HDD password + when the device is at frozen state. + + @param[in] ConfigFormEntry The HDD Password configuration form entry. + @param[out] HddPasswordVariable The variable node for the HDD password device. + + @retval TRUE The variable node for the HDD password device is found and returned. + @retval FALSE The variable node for the HDD password device is not found. + +**/ +BOOLEAN +GetSavedHddPasswordVariable ( + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, + OUT HDD_PASSWORD_VARIABLE *HddPasswordVariable + ) +{ + EFI_STATUS Status; + HDD_PASSWORD_VARIABLE *TempVariable; + HDD_PASSWORD_VARIABLE *Variable; + UINTN VariableSize; + BOOLEAN Found; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + Variable = NULL; + VariableSize = 0; + + Status = GetVariable2 ( + HDD_PASSWORD_VARIABLE_NAME, + &mHddPasswordVendorGuid, + (VOID **) &Variable, + &VariableSize + ); + if (EFI_ERROR (Status) || (Variable == NULL)) { + DEBUG ((DEBUG_INFO, "HddPassword variable get failed (%r)\n", Status)); + return FALSE; + } + + Found = FALSE; + TempVariable = Variable; + while (VariableSize >= sizeof (HDD_PASSWORD_VARIABLE)) { + if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) && + (TempVariable->Device.Device == ConfigFormEntry->Device) && + (TempVariable->Device.Function == ConfigFormEntry->Function) && + (TempVariable->Device.Port == ConfigFormEntry->Port) && + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + // + // Found the node for the HDD password device. + // Get the node. + // + CopyMem (HddPasswordVariable, TempVariable, sizeof (HDD_PASSWORD_VARIABLE)); + Found = TRUE; + break; + } + VariableSize -= sizeof (HDD_PASSWORD_VARIABLE); + TempVariable += 1; + } + + FreePool (Variable); + + if (!Found) { + DEBUG ((DEBUG_INFO, "The variable node for the HDD password device is not found\n")); + } + + DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); + + return Found; +} + +/** + Use saved HDD password variable to validate HDD password + when the device is at frozen state. + + @param[in] ConfigFormEntry The HDD Password configuration form entry. + @param[in] Password The hdd password of attached ATA device. + + @retval EFI_SUCCESS Pass to validate the HDD password. + @retval EFI_NOT_FOUND The variable node for the HDD password device is not found. + @retval EFI_DEVICE_ERROR Failed to generate credential for the HDD password. + @retval EFI_INVALID_PARAMETER Failed to validate the HDD password. + +**/ +EFI_STATUS +ValidateHddPassword ( + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry, + IN CHAR8 *Password + ) +{ + EFI_STATUS Status; + HDD_PASSWORD_VARIABLE HddPasswordVariable; + BOOLEAN HashOk; + UINT8 HashData[SHA256_DIGEST_SIZE]; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + if (!GetSavedHddPasswordVariable (ConfigFormEntry, &HddPasswordVariable)) { + DEBUG ((DEBUG_INFO, "GetSavedHddPasswordVariable failed\n")); + return EFI_NOT_FOUND; + } + + ZeroMem (HashData, sizeof (HashData)); + HashOk = GenerateCredential ((UINT8 *) Password, HDD_PASSWORD_MAX_LENGTH, HddPasswordVariable.PasswordSalt, HashData); + if (!HashOk) { + DEBUG ((DEBUG_INFO, "GenerateCredential failed\n")); + return EFI_DEVICE_ERROR; + } + + if (CompareMem (HddPasswordVariable.PasswordHash, HashData, sizeof (HashData)) != 0) { + Status = EFI_INVALID_PARAMETER; + } else { + Status = EFI_SUCCESS; + } + + DEBUG ((DEBUG_INFO, "%a() - exit (%r)\n", __FUNCTION__, Status)); + return Status; +} + +/** + Send unlock hdd password cmd through Ata Pass Thru Protocol. + + @param[in] AtaPassThru The pointer to the ATA_PASS_THRU protocol. + @param[in] Port The port number of the ATA device to send the command. + @param[in] PortMultiplierPort The port multiplier port number of the ATA device to send the command. + If there is no port multiplier, then specify 0xFFFF. + @param[in] Identifier The identifier to set user or master password. + @param[in] Password The hdd password of attached ATA device. + + @retval EFI_SUCCESS Successful to send unlock hdd password cmd. + @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid. + @retval EFI_OUT_OF_RESOURCES Not enough memory to send unlock hdd password cmd. + @retval EFI_DEVICE_ERROR Can not send unlock hdd password cmd. + +**/ +EFI_STATUS +UnlockHddPassword ( + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN CHAR8 Identifier, + IN CHAR8 *Password + ) +{ + EFI_STATUS Status; + EFI_ATA_COMMAND_BLOCK Acb; + EFI_ATA_STATUS_BLOCK *Asb; + EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; + UINT8 Buffer[HDD_PAYLOAD]; + + if ((AtaPassThru == NULL) || (Password == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in + // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by + // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile, + // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it + // may not be aligned when allocated on stack for some compilers. Hence, we + // use the API AllocateAlignedPages to ensure this structure is properly + // aligned. + // + Asb = AllocateAlignedPages ( + EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)), + AtaPassThru->Mode->IoAlign + ); + if (Asb == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Prepare for ATA command block. + // + ZeroMem (&Acb, sizeof (Acb)); + ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); + Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD; + Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + + // + // Prepare for ATA pass through packet. + // + ZeroMem (&Packet, sizeof (Packet)); + Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_OUT; + Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES; + Packet.Asb = Asb; + Packet.Acb = &Acb; + + ((CHAR16 *) Buffer)[0] = Identifier & BIT0; + CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); + + Packet.OutDataBuffer = Buffer; + Packet.OutTransferLength = sizeof (Buffer); + Packet.Timeout = ATA_TIMEOUT; + + Status = AtaPassThru->PassThru ( + AtaPassThru, + Port, + PortMultiplierPort, + &Packet, + NULL + ); + if (!EFI_ERROR (Status) && + ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + Status = EFI_DEVICE_ERROR; + } + + FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK))); + + ZeroMem (Buffer, sizeof (Buffer)); + + DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status)); + return Status; +} + +/** + Send disable hdd password cmd through Ata Pass Thru Protocol. + + @param[in] AtaPassThru The pointer to the ATA_PASS_THRU protocol. + @param[in] Port The port number of the ATA device to send the command. + @param[in] PortMultiplierPort The port multiplier port number of the ATA device to send the command. + If there is no port multiplier, then specify 0xFFFF. + @param[in] Identifier The identifier to set user or master password. + @param[in] Password The hdd password of attached ATA device. + + @retval EFI_SUCCESS Successful to disable hdd password cmd. + @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid. + @retval EFI_OUT_OF_RESOURCES Not enough memory to disable hdd password cmd. + @retval EFI_DEVICE_ERROR Can not disable hdd password cmd. + +**/ +EFI_STATUS +DisableHddPassword ( + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN CHAR8 Identifier, + IN CHAR8 *Password + ) +{ + EFI_STATUS Status; + EFI_ATA_COMMAND_BLOCK Acb; + EFI_ATA_STATUS_BLOCK *Asb; + EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; + UINT8 Buffer[HDD_PAYLOAD]; + + if ((AtaPassThru == NULL) || (Password == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in + // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by + // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile, + // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it + // may not be aligned when allocated on stack for some compilers. Hence, we + // use the API AllocateAlignedPages to ensure this structure is properly + // aligned. + // + Asb = AllocateAlignedPages ( + EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)), + AtaPassThru->Mode->IoAlign + ); + if (Asb == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Prepare for ATA command block. + // + ZeroMem (&Acb, sizeof (Acb)); + ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); + Acb.AtaCommand = ATA_SECURITY_DIS_PASSWORD_CMD; + Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + + // + // Prepare for ATA pass through packet. + // + ZeroMem (&Packet, sizeof (Packet)); + Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_OUT; + Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES; + Packet.Asb = Asb; + Packet.Acb = &Acb; + + ((CHAR16 *) Buffer)[0] = Identifier & BIT0; + CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); + + Packet.OutDataBuffer = Buffer; + Packet.OutTransferLength = sizeof (Buffer); + Packet.Timeout = ATA_TIMEOUT; + + Status = AtaPassThru->PassThru ( + AtaPassThru, + Port, + PortMultiplierPort, + &Packet, + NULL + ); + if (!EFI_ERROR (Status) && + ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + Status = EFI_DEVICE_ERROR; + } + + FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK))); + + ZeroMem (Buffer, sizeof (Buffer)); + + DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status)); + return Status; +} + +/** + Send set hdd password cmd through Ata Pass Thru Protocol. + + @param[in] AtaPassThru The pointer to the ATA_PASS_THRU protocol. + @param[in] Port The port number of the ATA device to send the command. + @param[in] PortMultiplierPort The port multiplier port number of the ATA device to send the command. + If there is no port multiplier, then specify 0xFFFF. + @param[in] Identifier The identifier to set user or master password. + @param[in] SecurityLevel The security level to be set to device. + @param[in] MasterPasswordIdentifier The master password identifier to be set to device. + @param[in] Password The hdd password of attached ATA device. + + @retval EFI_SUCCESS Successful to set hdd password cmd. + @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid. + @retval EFI_OUT_OF_RESOURCES Not enough memory to set hdd password cmd. + @retval EFI_DEVICE_ERROR Can not set hdd password cmd. + +**/ +EFI_STATUS +SetHddPassword ( + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN CHAR8 Identifier, + IN CHAR8 SecurityLevel, + IN CHAR16 MasterPasswordIdentifier, + IN CHAR8 *Password + ) +{ + EFI_STATUS Status; + EFI_ATA_COMMAND_BLOCK Acb; + EFI_ATA_STATUS_BLOCK *Asb; + EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; + UINT8 Buffer[HDD_PAYLOAD]; + + if ((AtaPassThru == NULL) || (Password == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in + // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by + // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile, + // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it + // may not be aligned when allocated on stack for some compilers. Hence, we + // use the API AllocateAlignedPages to ensure this structure is properly + // aligned. + // + Asb = AllocateAlignedPages ( + EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)), + AtaPassThru->Mode->IoAlign + ); + if (Asb == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Prepare for ATA command block. + // + ZeroMem (&Acb, sizeof (Acb)); + ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); + Acb.AtaCommand = ATA_SECURITY_SET_PASSWORD_CMD; + Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + + // + // Prepare for ATA pass through packet. + // + ZeroMem (&Packet, sizeof (Packet)); + Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_OUT; + Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES; + Packet.Asb = Asb; + Packet.Acb = &Acb; + + ((CHAR16 *) Buffer)[0] = (Identifier | (UINT16)(SecurityLevel << 8)) & (BIT0 | BIT8); + CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); + if ((Identifier & BIT0) != 0) { + ((CHAR16 *) Buffer)[17] = MasterPasswordIdentifier; + } + + Packet.OutDataBuffer = Buffer; + Packet.OutTransferLength = sizeof (Buffer); + Packet.Timeout = ATA_TIMEOUT; + + Status = AtaPassThru->PassThru ( + AtaPassThru, + Port, + PortMultiplierPort, + &Packet, + NULL + ); + if (!EFI_ERROR (Status) && + ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + Status = EFI_DEVICE_ERROR; + } + + FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK))); + + ZeroMem (Buffer, sizeof (Buffer)); + + DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status)); + return Status; +} + +/** + Get attached harddisk model number from identify data buffer. + + @param[in] IdentifyData Pointer to identify data buffer. + @param[in, out] String The buffer to store harddisk model number. + +**/ +VOID +GetHddDeviceModelNumber ( + IN ATA_IDENTIFY_DATA *IdentifyData, + IN OUT CHAR16 *String + ) +{ + UINTN Index; + + // + // Swap the byte order in the original module name. + // From Ata spec, the maximum length is 40 bytes. + // + for (Index = 0; Index < 40; Index += 2) { + String[Index] = IdentifyData->ModelName[Index + 1]; + String[Index + 1] = IdentifyData->ModelName[Index]; + } + + // + // Chap it off after 20 characters + // + String[20] = L'\0'; + + return ; +} + +/** + Get password input from the popup windows. + + @param[in] PopUpString1 Pop up string 1. + @param[in] PopUpString2 Pop up string 2. + @param[in, out] Password The buffer to hold the input password. + + @retval EFI_ABORTED It is given up by pressing 'ESC' key. + @retval EFI_SUCCESS Get password input successfully. + +**/ +EFI_STATUS +PopupHddPasswordInputWindows ( + IN CHAR16 *PopUpString1, + IN CHAR16 *PopUpString2, + IN OUT CHAR8 *Password + ) +{ + EFI_INPUT_KEY Key; + UINTN Length; + CHAR16 Mask[HDD_PASSWORD_MAX_LENGTH + 1]; + CHAR16 Unicode[HDD_PASSWORD_MAX_LENGTH + 1]; + CHAR8 Ascii[HDD_PASSWORD_MAX_LENGTH + 1]; + + ZeroMem (Unicode, sizeof (Unicode)); + ZeroMem (Ascii, sizeof (Ascii)); + ZeroMem (Mask, sizeof (Mask)); + + gST->ConOut->ClearScreen(gST->ConOut); + + Length = 0; + while (TRUE) { + Mask[Length] = L'_'; + if (PopUpString2 == NULL) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + PopUpString1, + L"---------------------", + Mask, + NULL + ); + } else { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + PopUpString1, + PopUpString2, + L"---------------------", + Mask, + NULL + ); + } + // + // Check key. + // + if (Key.ScanCode == SCAN_NULL) { + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + // + // Add the null terminator. + // + Unicode[Length] = 0; + break; + } else if ((Key.UnicodeChar == CHAR_NULL) || + (Key.UnicodeChar == CHAR_TAB) || + (Key.UnicodeChar == CHAR_LINEFEED) + ) { + continue; + } else { + if (Key.UnicodeChar == CHAR_BACKSPACE) { + if (Length > 0) { + Unicode[Length] = 0; + Mask[Length] = 0; + Length--; + } + } else { + Unicode[Length] = Key.UnicodeChar; + Mask[Length] = L'*'; + Length++; + if (Length == HDD_PASSWORD_MAX_LENGTH) { + // + // Add the null terminator. + // + Unicode[Length] = 0; + Mask[Length] = 0; + break; + } + } + } + } + + if (Key.ScanCode == SCAN_ESC) { + ZeroMem (Unicode, sizeof (Unicode)); + ZeroMem (Ascii, sizeof (Ascii)); + gST->ConOut->ClearScreen(gST->ConOut); + return EFI_ABORTED; + } + } + + UnicodeStrToAsciiStrS (Unicode, Ascii, sizeof (Ascii)); + CopyMem (Password, Ascii, HDD_PASSWORD_MAX_LENGTH); + ZeroMem (Unicode, sizeof (Unicode)); + ZeroMem (Ascii, sizeof (Ascii)); + + gST->ConOut->ClearScreen(gST->ConOut); + return EFI_SUCCESS; +} + +/** + Check if disk is locked, show popup window and ask for password if it is. + + @param[in] AtaPassThru Pointer to ATA_PASSTHRU instance. + @param[in] Port The port number of attached ATA device. + @param[in] PortMultiplierPort The port number of port multiplier of attached ATA device. + @param[in] ConfigFormEntry The HDD Password configuration form entry. + +**/ +VOID +HddPasswordRequestPassword ( + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + ) +{ + EFI_STATUS Status; + CHAR16 PopUpString[100]; + ATA_IDENTIFY_DATA IdentifyData; + EFI_INPUT_KEY Key; + UINT16 RetryCount; + CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; + + RetryCount = 0; + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + UnicodeSPrint (PopUpString, sizeof (PopUpString), L"Unlock: %s", ConfigFormEntry->HddString); + + // + // Check the device security status. + // + if ((ConfigFormEntry->IfrData.SecurityStatus.Supported) && + (ConfigFormEntry->IfrData.SecurityStatus.Enabled)) { + + // + // Add PcdSkipHddPasswordPrompt to determin whether to skip password prompt. + // Due to board design, device may not power off during system warm boot, which result in + // security status remain unlocked status, hence we add device security status check here. + // + // If device is in the locked status, device keeps locked and system continues booting. + // If device is in the unlocked status, system is forced shutdown for security concern. + // + if (PcdGetBool (PcdSkipHddPasswordPrompt)) { + if (ConfigFormEntry->IfrData.SecurityStatus.Locked) { + return; + } else { + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } + } + // + // As soon as the HDD password is in enabled state, we pop up a window to unlock hdd + // no matter it's really in locked or unlocked state. + // This way forces user to enter password every time to provide best safety. + // + while (TRUE) { + Status = PopupHddPasswordInputWindows (PopUpString, NULL, Password); + if (!EFI_ERROR (Status)) { + // + // The HDD is in locked state, unlock it by user input. + // + if (!PasswordIsFullZero (Password)) { + if (!ConfigFormEntry->IfrData.SecurityStatus.Frozen) { + Status = UnlockHddPassword (AtaPassThru, Port, PortMultiplierPort, 0, Password); + } else { + // + // Use saved HDD password variable to validate HDD password + // when the device is at frozen state. + // + Status = ValidateHddPassword (ConfigFormEntry, Password); + } + } else { + Status = EFI_INVALID_PARAMETER; + } + if (!EFI_ERROR (Status)) { + CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH); + if (!ConfigFormEntry->IfrData.SecurityStatus.Frozen) { + SaveHddPasswordVariable (ConfigFormEntry, Password); + } + ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); + Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData); + ASSERT_EFI_ERROR (Status); + + // + // Check the device security status again. + // + GetHddPasswordSecurityStatus (&IdentifyData, &ConfigFormEntry->IfrData); + return; + } + + ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); + + if (EFI_ERROR (Status)) { + RetryCount ++; + if (RetryCount < MAX_HDD_PASSWORD_RETRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Invalid password.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + continue; + } else { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Hdd password retry count is expired. Please shutdown the machine.", + L"Press ENTER to shutdown", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + break; + } + } + } else if (Status == EFI_ABORTED) { + if (ConfigFormEntry->IfrData.SecurityStatus.Locked) { + // + // Current device in the lock status and + // User not input password and press ESC, + // keep device in lock status and continue boot. + // + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + // + // Keep lock and continue boot. + // + return; + } else { + // + // Let user input password again. + // + continue; + } + } else { + // + // Current device in the unlock status and + // User not input password and press ESC, + // Shutdown the device. + // + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to shutdown, Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } else { + // + // Let user input password again. + // + continue; + } + } + } + } + } +} + +/** + Process Set User Pwd HDD password request. + + @param[in] AtaPassThru Pointer to ATA_PASSTHRU instance. + @param[in] Port The port number of attached ATA device. + @param[in] PortMultiplierPort The port number of port multiplier of attached ATA device. + @param[in] ConfigFormEntry The HDD Password configuration form entry. + +**/ +VOID +ProcessHddPasswordRequestSetUserPwd ( + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + ) +{ + EFI_STATUS Status; + CHAR16 PopUpString[100]; + ATA_IDENTIFY_DATA IdentifyData; + EFI_INPUT_KEY Key; + UINT16 RetryCount; + CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; + CHAR8 PasswordConfirm[HDD_PASSWORD_MAX_LENGTH]; + + RetryCount = 0; + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + if (ConfigFormEntry->IfrData.SecurityStatus.Frozen) { + DEBUG ((DEBUG_INFO, "%s is frozen, do nothing\n", ConfigFormEntry->HddString)); + return; + } + + if (ConfigFormEntry->IfrData.SecurityStatus.Locked) { + DEBUG ((DEBUG_INFO, "%s is locked, do nothing\n", ConfigFormEntry->HddString)); + return; + } + + UnicodeSPrint (PopUpString, sizeof (PopUpString), L"Set User Pwd: %s", ConfigFormEntry->HddString); + + // + // Check the device security status. + // + if (ConfigFormEntry->IfrData.SecurityStatus.Supported) { + while (TRUE) { + Status = PopupHddPasswordInputWindows (PopUpString, L"Please type in your new password", Password); + if (!EFI_ERROR (Status)) { + Status = PopupHddPasswordInputWindows (PopUpString, L"Please confirm your new password", PasswordConfirm); + if (!EFI_ERROR (Status)) { + if (CompareMem (Password, PasswordConfirm, HDD_PASSWORD_MAX_LENGTH) == 0) { + if (!PasswordIsFullZero (Password)) { + Status = SetHddPassword (AtaPassThru, Port, PortMultiplierPort, 0, 1, 0, Password); + } else { + if (ConfigFormEntry->IfrData.SecurityStatus.Enabled) { + Status = DisableHddPassword (AtaPassThru, Port, PortMultiplierPort, 0, ConfigFormEntry->Password); + } else { + Status = EFI_INVALID_PARAMETER; + } + } + if (!EFI_ERROR (Status)) { + CopyMem (ConfigFormEntry->Password, Password, HDD_PASSWORD_MAX_LENGTH); + SaveHddPasswordVariable (ConfigFormEntry, Password); + ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); + ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH); + Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData); + ASSERT_EFI_ERROR (Status); + + // + // Check the device security status again. + // + GetHddPasswordSecurityStatus (&IdentifyData, &ConfigFormEntry->IfrData); + return; + } else { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Set/Disable User Pwd failed or invalid password.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } + } else { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Passwords are not the same.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + Status = EFI_INVALID_PARAMETER; + } + } + + ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); + ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH); + + if (EFI_ERROR (Status)) { + RetryCount ++; + if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Hdd password retry count is expired.", + L"Press ENTER to skip the request and continue boot", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gST->ConOut->ClearScreen(gST->ConOut); + return; + } + } + } else if (Status == EFI_ABORTED) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + return; + } else { + // + // Let user input password again. + // + continue; + } + } + } + } +} + +/** + Process Set Master Pwd HDD password request. + + @param[in] AtaPassThru Pointer to ATA_PASSTHRU instance. + @param[in] Port The port number of attached ATA device. + @param[in] PortMultiplierPort The port number of port multiplier of attached ATA device. + @param[in] ConfigFormEntry The HDD Password configuration form entry. + +**/ +VOID +ProcessHddPasswordRequestSetMasterPwd ( + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + ) +{ + EFI_STATUS Status; + CHAR16 PopUpString[100]; + EFI_INPUT_KEY Key; + UINT16 RetryCount; + CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; + CHAR8 PasswordConfirm[HDD_PASSWORD_MAX_LENGTH]; + + RetryCount = 0; + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + if (ConfigFormEntry->IfrData.SecurityStatus.Frozen) { + DEBUG ((DEBUG_INFO, "%s is frozen, do nothing\n", ConfigFormEntry->HddString)); + return; + } + + if (ConfigFormEntry->IfrData.SecurityStatus.Locked) { + DEBUG ((DEBUG_INFO, "%s is locked, do nothing\n", ConfigFormEntry->HddString)); + return; + } + + UnicodeSPrint (PopUpString, sizeof (PopUpString), L"Set Master Pwd: %s", ConfigFormEntry->HddString); + + // + // Check the device security status. + // + if (ConfigFormEntry->IfrData.SecurityStatus.Supported) { + while (TRUE) { + Status = PopupHddPasswordInputWindows (PopUpString, L"Please type in your new password", Password); + if (!EFI_ERROR (Status)) { + Status = PopupHddPasswordInputWindows (PopUpString, L"Please confirm your new password", PasswordConfirm); + if (!EFI_ERROR (Status)) { + if (CompareMem (Password, PasswordConfirm, HDD_PASSWORD_MAX_LENGTH) == 0) { + if (!PasswordIsFullZero (Password)) { + Status = SetHddPassword (AtaPassThru, Port, PortMultiplierPort, 1, 1, 1, Password); + } else { + Status = EFI_INVALID_PARAMETER; + } + if (!EFI_ERROR (Status)) { + ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); + ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH); + return; + } else { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Set Master Pwd failed or invalid password.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } + } else { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Passwords are not the same.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + Status = EFI_INVALID_PARAMETER; + } + } + + ZeroMem (Password, HDD_PASSWORD_MAX_LENGTH); + ZeroMem (PasswordConfirm, HDD_PASSWORD_MAX_LENGTH); + + if (EFI_ERROR (Status)) { + RetryCount ++; + if (RetryCount >= MAX_HDD_PASSWORD_RETRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Hdd password retry count is expired.", + L"Press ENTER to skip the request and continue boot", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gST->ConOut->ClearScreen(gST->ConOut); + return; + } + } + } else if (Status == EFI_ABORTED) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + return; + } else { + // + // Let user input password again. + // + continue; + } + } + } + } +} + +/** + Process HDD password request. + + @param[in] AtaPassThru Pointer to ATA_PASSTHRU instance. + @param[in] Port The port number of attached ATA device. + @param[in] PortMultiplierPort The port number of port multiplier of attached ATA device. + @param[in] ConfigFormEntry The HDD Password configuration form entry. + +**/ +VOID +ProcessHddPasswordRequest ( + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + ) +{ + EFI_STATUS Status; + HDD_PASSWORD_REQUEST_VARIABLE *TempVariable; + HDD_PASSWORD_REQUEST_VARIABLE *Variable; + UINTN VariableSize; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + if (mHddPasswordRequestVariable == NULL) { + Status = GetVariable2 ( + HDD_PASSWORD_REQUEST_VARIABLE_NAME, + &mHddPasswordVendorGuid, + (VOID **) &Variable, + &VariableSize + ); + if (EFI_ERROR (Status) || (Variable == NULL)) { + return; + } + mHddPasswordRequestVariable = Variable; + mHddPasswordRequestVariableSize = VariableSize; + + // + // Delete the HDD password request variable. + // + Status = gRT->SetVariable ( + HDD_PASSWORD_REQUEST_VARIABLE_NAME, + &mHddPasswordVendorGuid, + 0, + 0, + NULL + ); + ASSERT_EFI_ERROR (Status); + } else { + Variable = mHddPasswordRequestVariable; + VariableSize = mHddPasswordRequestVariableSize; + } + + // + // Process the HDD password requests. + // + TempVariable = Variable; + while (VariableSize >= sizeof (HDD_PASSWORD_REQUEST_VARIABLE)) { + if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) && + (TempVariable->Device.Device == ConfigFormEntry->Device) && + (TempVariable->Device.Function == ConfigFormEntry->Function) && + (TempVariable->Device.Port == ConfigFormEntry->Port) && + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + // + // Found the node for the HDD password device. + // + if (TempVariable->Request.UserPassword != 0) { + ProcessHddPasswordRequestSetUserPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry); + } + if (TempVariable->Request.MasterPassword != 0) { + ProcessHddPasswordRequestSetMasterPwd (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry); + } + + break; + } + + VariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE); + TempVariable += 1; + } + + DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); +} + +/** + Get saved HDD password request. + + @param[in, out] ConfigFormEntry The HDD Password configuration form entry. + +**/ +VOID +GetSavedHddPasswordRequest ( + IN OUT HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + ) +{ + EFI_STATUS Status; + HDD_PASSWORD_REQUEST_VARIABLE *TempVariable; + HDD_PASSWORD_REQUEST_VARIABLE *Variable; + UINTN VariableSize; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + Variable = NULL; + VariableSize = 0; + + Status = GetVariable2 ( + HDD_PASSWORD_REQUEST_VARIABLE_NAME, + &mHddPasswordVendorGuid, + (VOID **) &Variable, + &VariableSize + ); + if (EFI_ERROR (Status) || (Variable == NULL)) { + return; + } + + TempVariable = Variable; + while (VariableSize >= sizeof (HDD_PASSWORD_REQUEST_VARIABLE)) { + if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) && + (TempVariable->Device.Device == ConfigFormEntry->Device) && + (TempVariable->Device.Function == ConfigFormEntry->Function) && + (TempVariable->Device.Port == ConfigFormEntry->Port) && + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + // + // Found the node for the HDD password device. + // Get the HDD password request. + // + CopyMem (&ConfigFormEntry->IfrData.Request, &TempVariable->Request, sizeof (HDD_PASSWORD_REQUEST)); + DEBUG (( + DEBUG_INFO, + "HddPasswordRequest got: 0x%x\n", + ConfigFormEntry->IfrData.Request + )); + break; + } + VariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE); + TempVariable += 1; + } + + FreePool (Variable); + + DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); +} + +/** + Save HDD password request. + + @param[in] ConfigFormEntry The HDD Password configuration form entry. + +**/ +VOID +SaveHddPasswordRequest ( + IN HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry + ) +{ + EFI_STATUS Status; + HDD_PASSWORD_REQUEST_VARIABLE *TempVariable; + UINTN TempVariableSize; + HDD_PASSWORD_REQUEST_VARIABLE *Variable; + UINTN VariableSize; + HDD_PASSWORD_REQUEST_VARIABLE *NewVariable; + UINTN NewVariableSize; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + DEBUG (( + DEBUG_INFO, + "HddPasswordRequest to save: 0x%x\n", + ConfigFormEntry->IfrData.Request + )); + + Variable = NULL; + VariableSize = 0; + NewVariable = NULL; + NewVariableSize = 0; + + Status = GetVariable2 ( + HDD_PASSWORD_REQUEST_VARIABLE_NAME, + &mHddPasswordVendorGuid, + (VOID **) &Variable, + &VariableSize + ); + if (!EFI_ERROR (Status) && (Variable != NULL)) { + TempVariable = Variable; + TempVariableSize = VariableSize; + while (TempVariableSize >= sizeof (HDD_PASSWORD_REQUEST_VARIABLE)) { + if ((TempVariable->Device.Bus == ConfigFormEntry->Bus) && + (TempVariable->Device.Device == ConfigFormEntry->Device) && + (TempVariable->Device.Function == ConfigFormEntry->Function) && + (TempVariable->Device.Port == ConfigFormEntry->Port) && + (TempVariable->Device.PortMultiplierPort == ConfigFormEntry->PortMultiplierPort)) { + // + // Found the node for the HDD password device. + // Update the HDD password request. + // + CopyMem (&TempVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST)); + NewVariable = Variable; + NewVariableSize = VariableSize; + break; + } + TempVariableSize -= sizeof (HDD_PASSWORD_REQUEST_VARIABLE); + TempVariable += 1; + } + if (NewVariable == NULL) { + // + // The node for the HDD password device is not found. + // Create node for the HDD password device. + // + NewVariableSize = VariableSize + sizeof (HDD_PASSWORD_REQUEST_VARIABLE); + NewVariable = AllocateZeroPool (NewVariableSize); + ASSERT (NewVariable != NULL); + CopyMem (NewVariable, Variable, VariableSize); + TempVariable = (HDD_PASSWORD_REQUEST_VARIABLE *) ((UINTN) NewVariable + VariableSize); + TempVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; + TempVariable->Device.Device = (UINT8) ConfigFormEntry->Device; + TempVariable->Device.Function = (UINT8) ConfigFormEntry->Function; + TempVariable->Device.Port = ConfigFormEntry->Port; + TempVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; + CopyMem (&TempVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST)); + } + } else { + NewVariableSize = sizeof (HDD_PASSWORD_REQUEST_VARIABLE); + NewVariable = AllocateZeroPool (NewVariableSize); + ASSERT (NewVariable != NULL); + NewVariable->Device.Bus = (UINT8) ConfigFormEntry->Bus; + NewVariable->Device.Device = (UINT8) ConfigFormEntry->Device; + NewVariable->Device.Function = (UINT8) ConfigFormEntry->Function; + NewVariable->Device.Port = ConfigFormEntry->Port; + NewVariable->Device.PortMultiplierPort = ConfigFormEntry->PortMultiplierPort; + CopyMem (&NewVariable->Request, &ConfigFormEntry->IfrData.Request, sizeof (HDD_PASSWORD_REQUEST)); + } + Status = gRT->SetVariable ( + HDD_PASSWORD_REQUEST_VARIABLE_NAME, + &mHddPasswordVendorGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + NewVariableSize, + NewVariable + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "HddPasswordRequest variable set failed (%r)\n", Status)); + } + if (NewVariable != Variable) { + FreePool (NewVariable); + } + if (Variable != NULL) { + FreePool (Variable); + } + + DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); +} + +/** + Get the HDD Password configuration form entry by the index of the goto opcode activated. + + @param[in] Index The 0-based index of the goto opcode activated. + + @return The HDD Password configuration form entry found. +**/ +HDD_PASSWORD_CONFIG_FORM_ENTRY * +HddPasswordGetConfigFormEntryByIndex ( + IN UINT32 Index + ) +{ + LIST_ENTRY *Entry; + UINT32 CurrentIndex; + HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; + + CurrentIndex = 0; + ConfigFormEntry = NULL; + + BASE_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) { + if (CurrentIndex == Index) { + ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link); + break; + } + + CurrentIndex++; + } + + return ConfigFormEntry; +} + +/** + This function allows the caller to request the current + configuration for one or more named elements. The resulting + string is in <ConfigAltResp> format. Any and all alternative + configuration strings shall also be appended to the end of the + current configuration string. If they are, they must appear + after the current configuration. They must contain the same + routing (GUID, NAME, PATH) as the current configuration string. + They must have an additional description indicating the type of + alternative configuration the string represents, + "ALTCFG=<StringToken>". That <StringToken> (when + converted from Hex UNICODE to binary) is a reference to a + string in the associated string pack. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Request A null-terminated Unicode string in + <ConfigRequest> format. Note that this + includes the routing information as well as + the configurable name / value pairs. It is + invalid for this string to be in + <MultiConfigRequest> format. + @param[out] Progress On return, points to a character in the + Request string. Points to the string's null + terminator if request was successful. Points + to the most recent "&" before the first + failing name / value pair (or the beginning + of the string if the failure is in the first + name / value pair) if the request was not + successful. + @param[out] Results A null-terminated Unicode string in + <ConfigAltResp> format which has all values + filled in for the names in the Request string. + String to be allocated by the called function. + + @retval EFI_SUCCESS The Results string is filled with the + values corresponding to all requested + names. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the + parts of the results that must be + stored awaiting possible future + protocols. + @retval EFI_INVALID_PARAMETER For example, passing in a NULL + for the Request parameter + would result in this type of + error. In this case, the + Progress parameter would be + set to NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any + known driver. Progress set to the + first character in the routing header. + Note: There is no requirement that the + driver validate the routing data. It + must skip the <ConfigHdr> in order to + process the names. + @retval EFI_INVALID_PARAMETER Illegal syntax. Progress set + to most recent & before the + error or the beginning of the + string. + @retval EFI_INVALID_PARAMETER Unknown name. Progress points + to the & before the name in + question.Currently not implemented. +**/ +EFI_STATUS +EFIAPI +HddPasswordFormExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + HDD_PASSWORD_CONFIG *IfrData; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + EFI_STRING ConfigRequestHdr; + EFI_STRING ConfigRequest; + BOOLEAN AllocatedRequest; + UINTN Size; + + if (Progress == NULL || Results == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Request; + if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &mHddPasswordVendorGuid, mHddPasswordVendorStorageName)) { + return EFI_NOT_FOUND; + } + + ConfigRequestHdr = NULL; + ConfigRequest = NULL; + AllocatedRequest = FALSE; + Size = 0; + + Private = HDD_PASSWORD_DXE_PRIVATE_FROM_THIS (This); + IfrData = AllocateZeroPool (sizeof (HDD_PASSWORD_CONFIG)); + ASSERT (IfrData != NULL); + if (Private->Current != NULL) { + CopyMem (IfrData, &Private->Current->IfrData, sizeof (HDD_PASSWORD_CONFIG)); + } + + // + // Convert buffer data to <ConfigResp> by helper function BlockToConfig() + // + BufferSize = sizeof (HDD_PASSWORD_CONFIG); + ConfigRequest = Request; + if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) { + // + // Request has no request element, construct full request string. + // Allocate and fill a buffer large enough to hold the <ConfigHdr> template + // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator + // + ConfigRequestHdr = HiiConstructConfigHdr (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, Private->DriverHandle); + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); + ASSERT (ConfigRequest != NULL); + AllocatedRequest = TRUE; + UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize); + FreePool (ConfigRequestHdr); + } + Status = gHiiConfigRouting->BlockToConfig ( + gHiiConfigRouting, + ConfigRequest, + (UINT8 *) IfrData, + BufferSize, + Results, + Progress + ); + FreePool (IfrData); + // + // Free the allocated config request string. + // + if (AllocatedRequest) { + FreePool (ConfigRequest); + ConfigRequest = NULL; + } + + // + // Set Progress string to the original request string. + // + if (Request == NULL) { + *Progress = NULL; + } else if (StrStr (Request, L"OFFSET") == NULL) { + *Progress = Request + StrLen (Request); + } + + return Status; +} + +/** + This function applies changes in a driver's configuration. + Input is a Configuration, which has the routing data for this + driver followed by name / value configuration pairs. The driver + must apply those pairs to its configurable storage. If the + driver's configuration is stored in a linear block of data + and the driver's name / value pairs are in <BlockConfig> + format, it may use the ConfigToBlock helper function (above) to + simplify the job. Currently not implemented. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Configuration A null-terminated Unicode string in + <ConfigString> format. + @param[out] Progress A pointer to a string filled in with the + offset of the most recent '&' before the + first failing name / value pair (or the + beginn ing of the string if the failure + is in the first name / value pair) or + the terminating NULL if all was + successful. + + @retval EFI_SUCCESS The results have been distributed or are + awaiting distribution. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the + parts of the results that must be + stored awaiting possible future + protocols. + @retval EFI_INVALID_PARAMETERS Passing in a NULL for the + Results parameter would result + in this type of error. + @retval EFI_NOT_FOUND Target for the specified routing data + was not found. +**/ +EFI_STATUS +EFIAPI +HddPasswordFormRouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ) +{ + if (Configuration == NULL || Progress == NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // Check routing data in <ConfigHdr>. + // Note: if only one Storage is used, then this checking could be skipped. + // + if (!HiiIsConfigHdrMatch (Configuration, &mHddPasswordVendorGuid, mHddPasswordVendorStorageName)) { + *Progress = Configuration; + return EFI_NOT_FOUND; + } + + *Progress = Configuration + StrLen (Configuration); + return EFI_SUCCESS; +} + +/** + This function is called to provide results data to the driver. + This data consists of a unique key that is used to identify + which data is either being passed back or being asked for. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Action Specifies the type of action taken by the browser. + @param[in] QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. The format of the data tends to + vary based on the opcode that enerated the callback. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the original + exporting driver. + @param[out] ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback.Currently not implemented. + @retval EFI_INVALID_PARAMETERS Passing in wrong parameter. + @retval Others Other errors as indicated. +**/ +EFI_STATUS +EFIAPI +HddPasswordFormCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + EFI_STRING_ID DeviceFormTitleToken; + HDD_PASSWORD_CONFIG *IfrData; + HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; + + if (ActionRequest != NULL) { + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE; + } else { + return EFI_INVALID_PARAMETER; + } + + if ((Action != EFI_BROWSER_ACTION_CHANGING) && (Action != EFI_BROWSER_ACTION_CHANGED)) { + // + // Do nothing for other UEFI Action. Only do call back when data is changing or changed. + // + return EFI_UNSUPPORTED; + } + + Private = HDD_PASSWORD_DXE_PRIVATE_FROM_THIS (This); + + // + // Retrive data from Browser + // + IfrData = AllocateZeroPool (sizeof (HDD_PASSWORD_CONFIG)); + ASSERT (IfrData != NULL); + if (!HiiGetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *) IfrData)) { + FreePool (IfrData); + return EFI_NOT_FOUND; + } + + switch (QuestionId) { + case KEY_HDD_USER_PASSWORD: + if (Action == EFI_BROWSER_ACTION_CHANGED) { + DEBUG ((DEBUG_INFO, "KEY_HDD_USER_PASSWORD\n")); + ConfigFormEntry = Private->Current; + ConfigFormEntry->IfrData.Request.UserPassword = Value->b; + SaveHddPasswordRequest (ConfigFormEntry); + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + } + break; + case KEY_HDD_MASTER_PASSWORD: + if (Action == EFI_BROWSER_ACTION_CHANGED) { + DEBUG ((DEBUG_INFO, "KEY_HDD_MASTER_PASSWORD\n")); + ConfigFormEntry = Private->Current; + ConfigFormEntry->IfrData.Request.MasterPassword = Value->b; + SaveHddPasswordRequest (ConfigFormEntry); + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + } + break; + + default: + if ((QuestionId >= KEY_HDD_DEVICE_ENTRY_BASE) && (QuestionId < (mNumberOfHddDevices + KEY_HDD_DEVICE_ENTRY_BASE))) { + if (Action == EFI_BROWSER_ACTION_CHANGING) { + // + // In case goto the device configuration form, update the device form title. + // + ConfigFormEntry = HddPasswordGetConfigFormEntryByIndex ((UINT32) (QuestionId - KEY_HDD_DEVICE_ENTRY_BASE)); + ASSERT (ConfigFormEntry != NULL); + + DeviceFormTitleToken = (EFI_STRING_ID) STR_HDD_SECURITY_HD; + HiiSetString (Private->HiiHandle, DeviceFormTitleToken, ConfigFormEntry->HddString, NULL); + + Private->Current = ConfigFormEntry; + CopyMem (IfrData, &ConfigFormEntry->IfrData, sizeof (HDD_PASSWORD_CONFIG)); + } + } + + break; + } + + // + // Pass changed uncommitted data back to Form Browser + // + HiiSetBrowserData (&mHddPasswordVendorGuid, mHddPasswordVendorStorageName, sizeof (HDD_PASSWORD_CONFIG), (UINT8 *) IfrData, NULL); + + FreePool (IfrData); + return EFI_SUCCESS; +} + +/** + Updates the HDD Password configuration form to add an entry for the attached + ata harddisk device specified by the Controller. + + @param[in] HiiHandle The HII Handle associated with the registered package list. + @param[in] AtaPassThru Pointer to ATA_PASSTHRU instance. + @param[in] PciIo Pointer to PCI_IO instance. + @param[in] Controller The controller handle of the attached ata controller. + @param[in] Bus The bus number of ATA controller. + @param[in] Device The device number of ATA controller. + @param[in] Function The function number of ATA controller. + @param[in] Port The port number of attached ATA device. + @param[in] PortMultiplierPort The port number of port multiplier of attached ATA device. + + @retval EFI_SUCCESS The Hdd Password configuration form is updated. + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +HddPasswordConfigUpdateForm ( + IN EFI_HII_HANDLE HiiHandle, + IN EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru, + IN EFI_PCI_IO_PROTOCOL *PciIo, + IN EFI_HANDLE Controller, + IN UINTN Bus, + IN UINTN Device, + IN UINTN Function, + IN UINT16 Port, + IN UINT16 PortMultiplierPort + ) +{ + LIST_ENTRY *Entry; + HDD_PASSWORD_CONFIG_FORM_ENTRY *ConfigFormEntry; + BOOLEAN EntryExisted; + EFI_STATUS Status; + VOID *StartOpCodeHandle; + VOID *EndOpCodeHandle; + EFI_IFR_GUID_LABEL *StartLabel; + EFI_IFR_GUID_LABEL *EndLabel; + CHAR16 HddString[40]; + ATA_IDENTIFY_DATA IdentifyData; + EFI_DEVICE_PATH_PROTOCOL *AtaDeviceNode; + + ConfigFormEntry = NULL; + EntryExisted = FALSE; + + BASE_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) { + ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link); + + if ((ConfigFormEntry->Bus == Bus) && + (ConfigFormEntry->Device == Device) && + (ConfigFormEntry->Function == Function) && + (ConfigFormEntry->Port == Port) && + (ConfigFormEntry->PortMultiplierPort == PortMultiplierPort)) { + EntryExisted = TRUE; + break; + } + } + + if (!EntryExisted) { + // + // Add a new form. + // + ConfigFormEntry = AllocateZeroPool (sizeof (HDD_PASSWORD_CONFIG_FORM_ENTRY)); + if (ConfigFormEntry == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + InitializeListHead (&ConfigFormEntry->Link); + ConfigFormEntry->Controller = Controller; + ConfigFormEntry->Bus = Bus; + ConfigFormEntry->Device = Device; + ConfigFormEntry->Function = Function; + ConfigFormEntry->Port = Port; + ConfigFormEntry->PortMultiplierPort = PortMultiplierPort; + ConfigFormEntry->AtaPassThru = AtaPassThru; + + DEBUG ((DEBUG_INFO, "HddPasswordDxe: Create new form for device[%d][%d] at Bus 0x%x Dev 0x%x Func 0x%x\n", Port, PortMultiplierPort, Bus, Device, Function)); + + // + // Construct the device path for the HDD password device + // + Status = AtaPassThru->BuildDevicePath ( + AtaPassThru, + Port, + PortMultiplierPort, + &AtaDeviceNode + ); + if (EFI_ERROR (Status)) { + return Status; + } + ConfigFormEntry->DevicePath = AppendDevicePathNode (DevicePathFromHandle (Controller), AtaDeviceNode); + FreePool (AtaDeviceNode); + if (ConfigFormEntry->DevicePath == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Get attached harddisk model number + // + Status = GetHddDeviceIdentifyData (AtaPassThru, Port, PortMultiplierPort, &IdentifyData); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + return Status; + } + GetHddDeviceModelNumber (&IdentifyData, HddString); + // + // Compose the HDD title string and help string of this port and create a new EFI_STRING_ID. + // + UnicodeSPrint (ConfigFormEntry->HddString, sizeof (ConfigFormEntry->HddString), L"HDD %d:%s", mNumberOfHddDevices, HddString); + ConfigFormEntry->TitleToken = HiiSetString (HiiHandle, 0, ConfigFormEntry->HddString, NULL); + ConfigFormEntry->TitleHelpToken = HiiSetString (HiiHandle, 0, L"Request to set HDD Password", NULL); + + GetHddPasswordSecurityStatus (&IdentifyData, &ConfigFormEntry->IfrData); + + InsertTailList (&mHddPasswordConfigFormList, &ConfigFormEntry->Link); + + // + // Init OpCode Handle + // + StartOpCodeHandle = HiiAllocateOpCodeHandle (); + ASSERT (StartOpCodeHandle != NULL); + + EndOpCodeHandle = HiiAllocateOpCodeHandle (); + ASSERT (EndOpCodeHandle != NULL); + + // + // Create Hii Extend Label OpCode as the start opcode + // + StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (StartOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartLabel->Number = HDD_DEVICE_ENTRY_LABEL; + + // + // Create Hii Extend Label OpCode as the end opcode + // + EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (EndOpCodeHandle, &gEfiIfrTianoGuid, NULL, sizeof (EFI_IFR_GUID_LABEL)); + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number = HDD_DEVICE_LABEL_END; + + mNumberOfHddDevices = 0; + BASE_LIST_FOR_EACH (Entry, &mHddPasswordConfigFormList) { + ConfigFormEntry = BASE_CR (Entry, HDD_PASSWORD_CONFIG_FORM_ENTRY, Link); + + HiiCreateGotoOpCode ( + StartOpCodeHandle, // Container for dynamic created opcodes + FORMID_HDD_DEVICE_FORM, // Target Form ID + ConfigFormEntry->TitleToken, // Prompt text + ConfigFormEntry->TitleHelpToken, // Help text + EFI_IFR_FLAG_CALLBACK, // Question flag + (UINT16) (KEY_HDD_DEVICE_ENTRY_BASE + mNumberOfHddDevices) // Question ID + ); + + mNumberOfHddDevices++; + } + + HiiUpdateForm ( + HiiHandle, + &mHddPasswordVendorGuid, + FORMID_HDD_MAIN_FORM, + StartOpCodeHandle, + EndOpCodeHandle + ); + + HiiFreeOpCodeHandle (StartOpCodeHandle); + HiiFreeOpCodeHandle (EndOpCodeHandle); + + // + // Check if device is locked and prompt for password. + // + HddPasswordRequestPassword (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry); + + // + // Process HDD password request from last boot. + // + ProcessHddPasswordRequest (AtaPassThru, Port, PortMultiplierPort, ConfigFormEntry); + } + + return EFI_SUCCESS; +} + +/** + Ata Pass Thru Protocol notification event handler. + + Check attached harddisk status to see if it's locked. If yes, then pop up a password windows to require user input. + It also registers a form for user configuration on Hdd password configuration. + + @param[in] Event Event whose notification function is being invoked. + @param[in] Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +HddPasswordNotificationEvent ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru; + UINT16 Port; + UINT16 PortMultiplierPort; + EFI_HANDLE Controller; + EFI_HANDLE *HandleBuffer; + UINTN HandleCount; + UINTN Index; + EFI_PCI_IO_PROTOCOL *PciIo; + UINTN SegNum; + UINTN BusNum; + UINTN DevNum; + UINTN FuncNum; + + if (mHddPasswordEndOfDxe) { + gBS->CloseEvent (Event); + return; + } + + Private = (HDD_PASSWORD_DXE_PRIVATE_DATA *)Context; + + // + // Locate all handles of AtaPassThru protocol + // + Status = gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiAtaPassThruProtocolGuid, + NULL, + &HandleCount, + &HandleBuffer + ); + if (EFI_ERROR (Status)) { + return ; + } + + // + // Check attached hard disk status to see if it's locked + // + for (Index = 0; Index < HandleCount; Index += 1) { + Controller = HandleBuffer[Index]; + Status = gBS->HandleProtocol ( + Controller, + &gEfiAtaPassThruProtocolGuid, + (VOID **) &AtaPassThru + ); + if (EFI_ERROR (Status)) { + break; + } + + // + // Ignore those logical ATA_PASS_THRU instance. + // + if ((AtaPassThru->Mode->Attributes & EFI_ATA_PASS_THRU_ATTRIBUTES_PHYSICAL) == 0) { + continue; + } + + Status = gBS->HandleProtocol ( + Controller, + &gEfiPciIoProtocolGuid, + (VOID **) &PciIo + ); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + break; + } + + Status = PciIo->GetLocation ( + PciIo, + &SegNum, + &BusNum, + &DevNum, + &FuncNum + ); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + break; + } + + // + // Assume and only support Segment == 0. + // + ASSERT (SegNum == 0); + + // + // traverse all attached harddisk devices to update form and unlock it + // + Port = 0xFFFF; + + while (TRUE) { + Status = AtaPassThru->GetNextPort (AtaPassThru, &Port); + if (EFI_ERROR (Status)) { + // + // We cannot find more legal port then we are done. + // + break; + } + + PortMultiplierPort = 0xFFFF; + while (TRUE) { + Status = AtaPassThru->GetNextDevice (AtaPassThru, Port, &PortMultiplierPort); + if (EFI_ERROR (Status)) { + // + // We cannot find more legal port multiplier port number for ATA device + // on the port, then we are done. + // + break; + } + // + // Find out the attached harddisk devices. + // Try to add a HDD Password configuration page for the attached devices. + // + gBS->RestoreTPL (TPL_APPLICATION); + Status = HddPasswordConfigUpdateForm (Private->HiiHandle, AtaPassThru, PciIo, Controller, BusNum, DevNum, FuncNum, Port, PortMultiplierPort); + gBS->RaiseTPL (TPL_CALLBACK); + if (EFI_ERROR (Status)) { + break; + } + } + } + } + + FreePool (HandleBuffer); + return ; +} + +/** + Initialize the HDD Password configuration form. + + @param[out] Instance Pointer to private instance. + + @retval EFI_SUCCESS The HDD Password configuration form is initialized. + @retval EFI_OUT_OF_RESOURCES Failed to allocate memory. + @retval Others Other errors as indicated. +**/ +EFI_STATUS +HddPasswordConfigFormInit ( + OUT HDD_PASSWORD_DXE_PRIVATE_DATA **Instance + ) +{ + EFI_STATUS Status; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + + InitializeListHead (&mHddPasswordConfigFormList); + + Private = AllocateZeroPool (sizeof (HDD_PASSWORD_DXE_PRIVATE_DATA)); + if (Private == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Private->Signature = HDD_PASSWORD_DXE_PRIVATE_SIGNATURE; + + Private->ConfigAccess.ExtractConfig = HddPasswordFormExtractConfig; + Private->ConfigAccess.RouteConfig = HddPasswordFormRouteConfig; + Private->ConfigAccess.Callback = HddPasswordFormCallback; + + // + // Install Device Path Protocol and Config Access protocol to driver handle + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &Private->DriverHandle, + &gEfiDevicePathProtocolGuid, + &mHddPasswordHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &Private->ConfigAccess, + NULL + ); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + FreePool(Private); + return Status; + } + + // + // Publish our HII data + // + Private->HiiHandle = HiiAddPackages ( + &mHddPasswordVendorGuid, + Private->DriverHandle, + HddPasswordDxeStrings, + HddPasswordBin, + NULL + ); + if (Private->HiiHandle == NULL) { + FreePool(Private); + return EFI_OUT_OF_RESOURCES; + } + + *Instance = Private; + return Status; +} + +/** + Main entry for this driver. + + @param ImageHandle Image handle this driver. + @param SystemTable Pointer to SystemTable. + + @retval EFI_SUCCESS This function always complete successfully. + +**/ +EFI_STATUS +EFIAPI +HddPasswordDxeInit ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + VOID *Registration; + EFI_EVENT EndOfDxeEvent; + EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; + + Private = NULL; + + // + // Initialize the configuration form of HDD Password. + // + Status = HddPasswordConfigFormInit (&Private); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Register HddPasswordNotificationEvent() notify function. + // + EfiCreateProtocolNotifyEvent ( + &gEfiAtaPassThruProtocolGuid, + TPL_CALLBACK, + HddPasswordNotificationEvent, + (VOID *)Private, + &Registration + ); + + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + HddPasswordEndOfDxeEventNotify, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &EndOfDxeEvent + ); + ASSERT_EFI_ERROR (Status); + + // + // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. + // + Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **) &VariableLock); + if (!EFI_ERROR (Status)) { + Status = VariableLock->RequestToLock ( + VariableLock, + HDD_PASSWORD_VARIABLE_NAME, + &mHddPasswordVendorGuid + ); + DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __FUNCTION__, HDD_PASSWORD_VARIABLE_NAME, Status)); + ASSERT_EFI_ERROR (Status); + } + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordDxe.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordDxe.h new file mode 100644 index 00000000..40b49298 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordDxe.h @@ -0,0 +1,136 @@ +/** @file + + Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> + Copyright (c) Microsoft Corporation.<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _HDD_PASSWORD_DXE_H_ +#define _HDD_PASSWORD_DXE_H_ + +#include <Uefi.h> + +#include <IndustryStandard/Atapi.h> +#include <IndustryStandard/Pci.h> +#include <Protocol/AtaPassThru.h> +#include <Protocol/PciIo.h> +#include <Protocol/HiiConfigAccess.h> +#include <Protocol/VariableLock.h> + +#include <Guid/MdeModuleHii.h> +#include <Guid/EventGroup.h> +#include <Guid/S3StorageDeviceInitList.h> + +#include <Library/DebugLib.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/UefiDriverEntryPoint.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/DxeServicesTableLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/UefiHiiServicesLib.h> +#include <Library/HiiLib.h> +#include <Library/DevicePathLib.h> +#include <Library/PrintLib.h> +#include <Library/UefiLib.h> +#include <Library/LockBoxLib.h> +#include <Library/S3BootScriptLib.h> +#include <Library/PciLib.h> +#include <Library/BaseCryptLib.h> + +#include "HddPasswordCommon.h" +#include "HddPasswordHiiDataStruc.h" + +// +// This is the generated IFR binary data for each formset defined in VFR. +// This data array is ready to be used as input of HiiAddPackages() to +// create a packagelist (which contains Form packages, String packages, etc). +// +extern UINT8 HddPasswordBin[]; + +// +// This is the generated String package data for all .UNI files. +// This data array is ready to be used as input of HiiAddPackages() to +// create a packagelist (which contains Form packages, String packages, etc). +// +extern UINT8 HddPasswordDxeStrings[]; + +#define HDD_PASSWORD_DXE_PRIVATE_SIGNATURE SIGNATURE_32 ('H', 'D', 'D', 'P') + +typedef struct _HDD_PASSWORD_CONFIG_FORM_ENTRY { + LIST_ENTRY Link; + EFI_HANDLE Controller; + UINTN Bus; + UINTN Device; + UINTN Function; + UINT16 Port; + UINT16 PortMultiplierPort; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + CHAR16 HddString[64]; + CHAR8 Password[HDD_PASSWORD_MAX_LENGTH]; + EFI_STRING_ID TitleToken; + EFI_STRING_ID TitleHelpToken; + + HDD_PASSWORD_CONFIG IfrData; + EFI_ATA_PASS_THRU_PROTOCOL *AtaPassThru; +} HDD_PASSWORD_CONFIG_FORM_ENTRY; + +typedef struct _HDD_PASSWORD_DXE_PRIVATE_DATA { + UINTN Signature; + EFI_HANDLE DriverHandle; + EFI_HII_HANDLE HiiHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + HDD_PASSWORD_CONFIG_FORM_ENTRY *Current; +} HDD_PASSWORD_DXE_PRIVATE_DATA; + +#define HDD_PASSWORD_DXE_PRIVATE_FROM_THIS(a) CR (a, HDD_PASSWORD_DXE_PRIVATE_DATA, ConfigAccess, HDD_PASSWORD_DXE_PRIVATE_SIGNATURE) + +#define PASSWORD_SALT_SIZE 32 + +#define HDD_PASSWORD_REQUEST_VARIABLE_NAME L"HddPasswordRequest" + +// +// It needs to be locked before EndOfDxe. +// +#define HDD_PASSWORD_VARIABLE_NAME L"HddPassword" + +#pragma pack(1) + +typedef struct { + HDD_PASSWORD_DEVICE Device; + HDD_PASSWORD_REQUEST Request; +} HDD_PASSWORD_REQUEST_VARIABLE; + +// +// It will be used to validate HDD password when the device is at frozen state. +// +typedef struct { + HDD_PASSWORD_DEVICE Device; + UINT8 PasswordHash[SHA256_DIGEST_SIZE]; + UINT8 PasswordSalt[PASSWORD_SALT_SIZE]; +} HDD_PASSWORD_VARIABLE; + +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; + +#pragma pack() + +// +// Time out value for ATA pass through protocol +// +#define ATA_TIMEOUT EFI_TIMER_PERIOD_SECONDS (3) + +typedef struct { + UINT32 Address; + S3_BOOT_SCRIPT_LIB_WIDTH Width; +} HDD_HC_PCI_REGISTER_SAVE; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordDxe.inf new file mode 100644 index 00000000..06a94aaa --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -0,0 +1,73 @@ +## @file +# HddPasswordDxe driver which is used to set/clear hdd password at attached harddisk +# devices. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HddPasswordDxe + FILE_GUID = 9BD549CD-86D1-4925-9F7D-3686DDD876FC + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = HddPasswordDxeInit + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + HddPasswordDxe.c + HddPasswordDxe.h + HddPasswordHiiDataStruc.h + HddPassword.vfr + HddPasswordStrings.uni + HddPasswordCommon.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + MemoryAllocationLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiHiiServicesLib + UefiRuntimeServicesTableLib + DxeServicesTableLib + BaseMemoryLib + DebugLib + HiiLib + PrintLib + UefiLib + LockBoxLib + S3BootScriptLib + PciLib + BaseCryptLib + +[Guids] + gEfiIfrTianoGuid ## CONSUMES ## GUID + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event + gS3StorageDeviceInitListGuid ## SOMETIMES_PRODUCES ## UNDEFINED + +[Protocols] + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiAtaPassThruProtocolGuid ## CONSUMES + gEfiPciIoProtocolGuid ## CONSUMES + gEdkiiVariableLockProtocolGuid ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES + +[Depex] + gEfiVariableWriteArchProtocolGuid + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordHiiDataStruc.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordHiiDataStruc.h new file mode 100644 index 00000000..4aa0824e --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordHiiDataStruc.h @@ -0,0 +1,56 @@ +/** @file + HddPassword HII data structure used by the driver. + + Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _HDD_PASSWORD_HII_DATASTRUC_H_ +#define _HDD_PASSWORD_HII_DATASTRUC_H_ + +#include <Guid/HiiPlatformSetupFormset.h> + +#define HDD_PASSWORD_CONFIG_GUID \ + { \ + 0x737cded7, 0x448b, 0x4801, { 0xb5, 0x7d, 0xb1, 0x94, 0x83, 0xec, 0x60, 0x6f } \ + } + +#define FORMID_HDD_MAIN_FORM 1 +#define FORMID_HDD_DEVICE_FORM 2 + +#define HDD_DEVICE_ENTRY_LABEL 0x1234 +#define HDD_DEVICE_LABEL_END 0xffff + +#define KEY_HDD_DEVICE_ENTRY_BASE 0x1000 + +#define KEY_HDD_USER_PASSWORD 0x101 +#define KEY_HDD_MASTER_PASSWORD 0x102 + +#pragma pack(1) + +typedef struct { + UINT8 Supported:1; + UINT8 Enabled:1; + UINT8 Locked:1; + UINT8 Frozen:1; + UINT8 UserPasswordStatus:1; + UINT8 MasterPasswordStatus:1; + UINT8 Reserved:2; +} HDD_PASSWORD_SECURITY_STATUS; + +typedef struct { + UINT8 UserPassword:1; + UINT8 MasterPassword:1; + UINT8 Reserved:6; +} HDD_PASSWORD_REQUEST; + +typedef struct _HDD_PASSWORD_CONFIG { + HDD_PASSWORD_SECURITY_STATUS SecurityStatus; + HDD_PASSWORD_REQUEST Request; +} HDD_PASSWORD_CONFIG; + +#pragma pack() + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordPei.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordPei.c new file mode 100644 index 00000000..7ad8a9f1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordPei.c @@ -0,0 +1,367 @@ +/** @file + HddPassword PEI module which is used to unlock HDD password for S3. + + Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "HddPasswordPei.h" + +EFI_GUID mHddPasswordDeviceInfoGuid = HDD_PASSWORD_DEVICE_INFO_GUID; + + +/** + Send unlock hdd password cmd through ATA PassThru PPI. + + @param[in] AtaPassThru The pointer to the ATA PassThru PPI. + @param[in] Port The port number of the ATA device. + @param[in] PortMultiplierPort The port multiplier port number of the ATA device. + @param[in] Identifier The identifier to set user or master password. + @param[in] Password The hdd password of attached ATA device. + + @retval EFI_SUCCESS Successful to send unlock hdd password cmd. + @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid. + @retval EFI_OUT_OF_RESOURCES Not enough memory to send unlock hdd password cmd. + @retval EFI_DEVICE_ERROR Can not send unlock hdd password cmd. + +**/ +EFI_STATUS +UnlockDevice ( + IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort, + IN CHAR8 Identifier, + IN CHAR8 *Password + ) +{ + EFI_STATUS Status; + EFI_ATA_COMMAND_BLOCK Acb; + EFI_ATA_STATUS_BLOCK *Asb; + EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; + UINT8 Buffer[HDD_PAYLOAD]; + + if ((AtaPassThru == NULL) || (Password == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in + // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by + // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile, + // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it + // may not be aligned when allocated on stack for some compilers. Hence, we + // use the API AllocateAlignedPages to ensure this structure is properly + // aligned. + // + Asb = AllocateAlignedPages ( + EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)), + AtaPassThru->Mode->IoAlign + ); + if (Asb == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Prepare for ATA command block. + // + ZeroMem (&Acb, sizeof (Acb)); + ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); + Acb.AtaCommand = ATA_SECURITY_UNLOCK_CMD; + Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + + // + // Prepare for ATA pass through packet. + // + ZeroMem (&Packet, sizeof (Packet)); + Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_PIO_DATA_OUT; + Packet.Length = EFI_ATA_PASS_THRU_LENGTH_BYTES; + Packet.Asb = Asb; + Packet.Acb = &Acb; + + ((CHAR16 *) Buffer)[0] = Identifier & BIT0; + CopyMem (&((CHAR16 *) Buffer)[1], Password, HDD_PASSWORD_MAX_LENGTH); + + Packet.OutDataBuffer = Buffer; + Packet.OutTransferLength = sizeof (Buffer); + Packet.Timeout = ATA_TIMEOUT; + + Status = AtaPassThru->PassThru ( + AtaPassThru, + Port, + PortMultiplierPort, + &Packet + ); + if (!EFI_ERROR (Status) && + ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + Status = EFI_DEVICE_ERROR; + } + + FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK))); + + ZeroMem (Buffer, sizeof (Buffer)); + + DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status)); + return Status; +} + +/** + Send security freeze lock cmd through ATA PassThru PPI. + + @param[in] AtaPassThru The pointer to the ATA PassThru PPI. + @param[in] Port The port number of the ATA device. + @param[in] PortMultiplierPort The port multiplier port number of the ATA device. + + @retval EFI_SUCCESS Successful to send security freeze lock cmd. + @retval EFI_INVALID_PARAMETER The parameter passed-in is invalid. + @retval EFI_OUT_OF_RESOURCES Not enough memory to send unlock hdd password cmd. + @retval EFI_DEVICE_ERROR Can not send security freeze lock cmd. + +**/ +EFI_STATUS +FreezeLockDevice ( + IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThru, + IN UINT16 Port, + IN UINT16 PortMultiplierPort + ) +{ + EFI_STATUS Status; + EFI_ATA_COMMAND_BLOCK Acb; + EFI_ATA_STATUS_BLOCK *Asb; + EFI_ATA_PASS_THRU_COMMAND_PACKET Packet; + + if (AtaPassThru == NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // The 'Asb' field (a pointer to the EFI_ATA_STATUS_BLOCK structure) in + // EFI_ATA_PASS_THRU_COMMAND_PACKET is required to be aligned specified by + // the 'IoAlign' field in the EFI_ATA_PASS_THRU_MODE structure. Meanwhile, + // the structure EFI_ATA_STATUS_BLOCK is composed of only UINT8 fields, so it + // may not be aligned when allocated on stack for some compilers. Hence, we + // use the API AllocateAlignedPages to ensure this structure is properly + // aligned. + // + Asb = AllocateAlignedPages ( + EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK)), + AtaPassThru->Mode->IoAlign + ); + if (Asb == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Prepare for ATA command block. + // + ZeroMem (&Acb, sizeof (Acb)); + ZeroMem (Asb, sizeof (EFI_ATA_STATUS_BLOCK)); + Acb.AtaCommand = ATA_SECURITY_FREEZE_LOCK_CMD; + Acb.AtaDeviceHead = (UINT8) (PortMultiplierPort == 0xFFFF ? 0 : (PortMultiplierPort << 4)); + + // + // Prepare for ATA pass through packet. + // + ZeroMem (&Packet, sizeof (Packet)); + Packet.Protocol = EFI_ATA_PASS_THRU_PROTOCOL_ATA_NON_DATA; + Packet.Length = EFI_ATA_PASS_THRU_LENGTH_NO_DATA_TRANSFER; + Packet.Asb = Asb; + Packet.Acb = &Acb; + Packet.Timeout = ATA_TIMEOUT; + + Status = AtaPassThru->PassThru ( + AtaPassThru, + Port, + PortMultiplierPort, + &Packet + ); + if (!EFI_ERROR (Status) && + ((Asb->AtaStatus & ATA_STSREG_ERR) != 0) && + ((Asb->AtaError & ATA_ERRREG_ABRT) != 0)) { + Status = EFI_DEVICE_ERROR; + } + + FreeAlignedPages (Asb, EFI_SIZE_TO_PAGES (sizeof (EFI_ATA_STATUS_BLOCK))); + + DEBUG ((DEBUG_INFO, "%a() - %r\n", __FUNCTION__, Status)); + return Status; +} + +/** + Unlock HDD password for S3. + + @param[in] AtaPassThruPpi Pointer to the EDKII_PEI_ATA_PASS_THRU_PPI instance. + +**/ +VOID +UnlockHddPassword ( + IN EDKII_PEI_ATA_PASS_THRU_PPI *AtaPassThruPpi + ) +{ + EFI_STATUS Status; + VOID *Buffer; + UINTN Length; + UINT8 DummyData; + HDD_PASSWORD_DEVICE_INFO *DevInfo; + UINT16 Port; + UINT16 PortMultiplierPort; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + UINTN DevicePathLength; + + // + // Get HDD password device info from LockBox. + // + Buffer = (VOID *) &DummyData; + Length = sizeof (DummyData); + Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length); + if (Status == EFI_BUFFER_TOO_SMALL) { + Buffer = AllocatePages (EFI_SIZE_TO_PAGES (Length)); + if (Buffer != NULL) { + Status = RestoreLockBox (&mHddPasswordDeviceInfoGuid, Buffer, &Length); + } + } + if ((Buffer == NULL) || (Buffer == (VOID *) &DummyData)) { + return; + } else if (EFI_ERROR (Status)) { + FreePages (Buffer, EFI_SIZE_TO_PAGES (Length)); + return; + } + + Status = AtaPassThruPpi->GetDevicePath (AtaPassThruPpi, &DevicePathLength, &DevicePath); + if (EFI_ERROR (Status) || (DevicePathLength <= sizeof (EFI_DEVICE_PATH_PROTOCOL))) { + goto Exit; + } + + // + // Go through all the devices managed by the AtaPassThru PPI instance. + // + Port = 0xFFFF; + while (TRUE) { + Status = AtaPassThruPpi->GetNextPort (AtaPassThruPpi, &Port); + if (EFI_ERROR (Status)) { + // + // We cannot find more legal port then we are done. + // + break; + } + + PortMultiplierPort = 0xFFFF; + while (TRUE) { + Status = AtaPassThruPpi->GetNextDevice (AtaPassThruPpi, Port, &PortMultiplierPort); + if (EFI_ERROR (Status)) { + // + // We cannot find more legal port multiplier port number for ATA device + // on the port, then we are done. + // + break; + } + + // + // Search the device in the restored LockBox. + // + DevInfo = (HDD_PASSWORD_DEVICE_INFO *) Buffer; + while ((UINTN) DevInfo < ((UINTN) Buffer + Length)) { + // + // Find the matching device. + // + if ((DevInfo->Device.Port == Port) && + (DevInfo->Device.PortMultiplierPort == PortMultiplierPort) && + (DevInfo->DevicePathLength >= DevicePathLength) && + (CompareMem ( + DevInfo->DevicePath, + DevicePath, + DevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) { + // + // If device locked, unlock first. + // + if (!IsZeroBuffer (DevInfo->Password, HDD_PASSWORD_MAX_LENGTH)) { + UnlockDevice (AtaPassThruPpi, Port, PortMultiplierPort, 0, DevInfo->Password); + } + // + // Freeze lock the device. + // + FreezeLockDevice (AtaPassThruPpi, Port, PortMultiplierPort); + break; + } + + DevInfo = (HDD_PASSWORD_DEVICE_INFO *) + ((UINTN) DevInfo + sizeof (HDD_PASSWORD_DEVICE_INFO) + DevInfo->DevicePathLength); + } + } + } + +Exit: + ZeroMem (Buffer, Length); + FreePages (Buffer, EFI_SIZE_TO_PAGES (Length)); + +} + +/** + Entry point of the notification callback function itself within the PEIM. + It is to unlock HDD password for S3. + + @param PeiServices Indirect reference to the PEI Services Table. + @param NotifyDescriptor Address of the notification descriptor data structure. + @param Ppi Address of the PPI that was installed. + + @return Status of the notification. + The status code returned from this function is ignored. +**/ +EFI_STATUS +EFIAPI +HddPasswordAtaPassThruNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + DEBUG ((DEBUG_INFO, "%a() - enter at S3 resume\n", __FUNCTION__)); + + UnlockHddPassword ((EDKII_PEI_ATA_PASS_THRU_PPI *) Ppi); + + DEBUG ((DEBUG_INFO, "%a() - exit at S3 resume\n", __FUNCTION__)); + + return EFI_SUCCESS; +} + + +EFI_PEI_NOTIFY_DESCRIPTOR mHddPasswordAtaPassThruPpiNotifyDesc = { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEdkiiPeiAtaPassThruPpiGuid, + HddPasswordAtaPassThruNotify +}; + + +/** + Main entry for this module. + + @param FileHandle Handle of the file being invoked. + @param PeiServices Pointer to PEI Services table. + + @return Status from PeiServicesNotifyPpi. + +**/ +EFI_STATUS +EFIAPI +HddPasswordPeiInit ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; + + Status = PeiServicesGetBootMode (&BootMode); + if ((EFI_ERROR (Status)) || (BootMode != BOOT_ON_S3_RESUME)) { + return EFI_UNSUPPORTED; + } + + DEBUG ((DEBUG_INFO, "%a: Enters in S3 path.\n", __FUNCTION__)); + + Status = PeiServicesNotifyPpi (&mHddPasswordAtaPassThruPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + return Status; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordPei.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordPei.h new file mode 100644 index 00000000..f4ad4741 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordPei.h @@ -0,0 +1,35 @@ +/** @file + HddPassword PEI module which is used to unlock HDD password for S3. + + Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _HDD_PASSWORD_PEI_H_ +#define _HDD_PASSWORD_PEI_H_ + +#include <PiPei.h> +#include <IndustryStandard/Atapi.h> + +#include <Library/DebugLib.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/PeimEntryPoint.h> +#include <Library/PeiServicesLib.h> +#include <Library/PciLib.h> +#include <Library/LockBoxLib.h> + +#include <Ppi/AtaPassThru.h> + +#include "HddPasswordCommon.h" + + +// +// Time out value for ATA PassThru PPI +// +#define ATA_TIMEOUT 30000000 + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordPei.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordPei.inf new file mode 100644 index 00000000..aec48af1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordPei.inf @@ -0,0 +1,48 @@ +## @file +# HddPassword PEI module which is used to unlock HDD password for S3. +# +# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HddPasswordPei + FILE_GUID = 91AD7375-8E8E-49D2-A343-68BC78273955 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = HddPasswordPeiInit + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 IPF EBC +# + +[Sources] + HddPasswordPei.c + HddPasswordPei.h + HddPasswordCommon.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + PeimEntryPoint + PeiServicesLib + DebugLib + BaseLib + BaseMemoryLib + MemoryAllocationLib + PciLib + LockBoxLib + +[Ppis] + gEdkiiPeiAtaPassThruPpiGuid ## NOTIFY + +[Depex] + gEfiPeiMasterBootModePpiGuid + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordStrings.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordStrings.uni new file mode 100644 index 00000000..b6fddffc --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/HddPassword/HddPasswordStrings.uni @@ -0,0 +1,41 @@ +// /** @file
+// String definitions for HddPassword Setup Form.
+//
+// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#langdef en-US "English"
+
+#string STR_HDD_SECURITY_CONFIG #language en-US "HDD Security Configuration"
+
+#string STR_SECURITY_HDD_PWD_DESC #language en-US "HDD Password Description :"
+
+#string STR_SECURITY_HDD_BANNER_ONE #language en-US "Allows Access to Set, Modify and Clear HardDisk User and"
+#string STR_SECURITY_HDD_BANNER_TWO #language en-US "Master Passwords."
+#string STR_SECURITY_HDD_BANNER_THREE #language en-US "User Password need to be installed for Enabling Security."
+#string STR_SECURITY_HDD_BANNER_FOUR #language en-US "Master Password can be modified only when successfully"
+#string STR_SECURITY_HDD_BANNER_FIVE #language en-US "unlocked with User Password in POST."
+
+#string STR_HDD_SECURITY_HD #language en-US "HDD Password"
+#string STR_HDD_SECURITY_HELP #language en-US "Set HDD Password"
+#string STR_HDD_PASSWORD_CONFIG #language en-US "HDD PASSWORD CONFIGURATION:"
+#string STR_SEC_SUPPORTED #language en-US "Security Supported :"
+#string STR_SEC_ENABLED #language en-US "Security Enabled :"
+#string STR_SEC_LOCKED #language en-US "Security Locked :"
+#string STR_SEC_FROZEN #language en-US "Security Frozen :"
+#string STR_YES #language en-US "Yes"
+#string STR_NO #language en-US "No"
+#string STR_HDD_USER_PASSWORD #language en-US "Request to set User Password"
+#string STR_HDD_USER_PASSWORD_HELP #language en-US "Request to set HDD User Password. \n*** Reset is required for the request to be processed in next boot *** \n*** G3 circle is required to disable freeze state when Security Frozen state is Yes, otherwise the request will be ignored. *** "
+#string STR_HDD_MASTER_PASSWORD #language en-US "Request to set Master Password"
+#string STR_HDD_MASTER_PASSWORD_HELP #language en-US "Request to set HDD Master Password. \n*** Reset is required for the request to be processed in next boot *** \n*** G3 circle is required to disable freeze state when Security Frozen state is Yes, otherwise the request will be ignored. *** "
+
+#string STR_INSTALLED #language en-US "INSTALLED"
+#string STR_NOT_INSTALLED #language en-US "NOT INSTALLED"
+#string STR_HDD_USER_PASSWORD_STS #language en-US "HDD User Password Status :"
+#string STR_HDD_MASTER_PASSWORD_STS #language en-US "HDD Master Password Status:"
+#string STR_NULL #language en-US ""
+#string STR_EMPTY #language en-US ""
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h new file mode 100644 index 00000000..95e77179 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/AuthenticatedVariableFormat.h @@ -0,0 +1,69 @@ +/** @file + The variable data structures are related to EDKII-specific + implementation of UEFI authenticated variables. + AuthenticatedVariableFormat.h defines variable data headers + and variable storage region headers that has been moved to + VariableFormat.h. + +Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __AUTHENTICATED_VARIABLE_FORMAT_H__ +#define __AUTHENTICATED_VARIABLE_FORMAT_H__ + +#include <Guid/VariableFormat.h> + +#define EFI_SECURE_BOOT_ENABLE_DISABLE \ + { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } } + +extern EFI_GUID gEfiSecureBootEnableDisableGuid; +extern EFI_GUID gEfiCertDbGuid; +extern EFI_GUID gEfiCustomModeEnableGuid; +extern EFI_GUID gEfiVendorKeysNvGuid; + +/// +/// "SecureBootEnable" variable for the Secure Boot feature enable/disable. +/// This variable is used for allowing a physically present user to disable +/// Secure Boot via firmware setup without the possession of PKpriv. +/// +/// GUID: gEfiSecureBootEnableDisableGuid +/// +/// Format: UINT8 +/// +#define EFI_SECURE_BOOT_ENABLE_NAME L"SecureBootEnable" +#define SECURE_BOOT_ENABLE 1 +#define SECURE_BOOT_DISABLE 0 + +/// +/// "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard". +/// Standard Secure Boot mode is the default mode as UEFI Spec's description. +/// Custom Secure Boot mode allows for more flexibility as specified in the following: +/// Can enroll or delete PK without existing PK's private key. +/// Can enroll or delete KEK without existing PK's private key. +/// Can enroll or delete signature from DB/DBX without KEK's private key. +/// +/// GUID: gEfiCustomModeEnableGuid +/// +/// Format: UINT8 +/// +#define EFI_CUSTOM_MODE_NAME L"CustomMode" +#define CUSTOM_SECURE_BOOT_MODE 1 +#define STANDARD_SECURE_BOOT_MODE 0 + +/// +/// "VendorKeysNv" variable to record the out of band secure boot keys modification. +/// This variable is a read-only NV variable that indicates whether someone other than +/// the platform vendor has used a mechanism not defined by the UEFI Specification to +/// transition the system to setup mode or to update secure boot keys. +/// +/// GUID: gEfiVendorKeysNvGuid +/// +/// Format: UINT8 +/// +#define EFI_VENDOR_KEYS_NV_VARIABLE_NAME L"VendorKeysNv" +#define VENDOR_KEYS_VALID 1 +#define VENDOR_KEYS_MODIFIED 0 + +#endif // __AUTHENTICATED_VARIABLE_FORMAT_H__ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/MeasuredFvHob.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/MeasuredFvHob.h new file mode 100644 index 00000000..ac93c08a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/MeasuredFvHob.h @@ -0,0 +1,30 @@ +/** @file + Defines the HOB GUID used to pass all PEI measured FV info to + DXE Driver. + +Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _MEASURED_FV_HOB_H_ +#define _MEASURED_FV_HOB_H_ + +#include <IndustryStandard/UefiTcgPlatform.h> + +/// +/// The Global ID of a GUIDed HOB used to pass all PEI measured FV info to DXE Driver. +/// +#define EFI_MEASURED_FV_HOB_GUID \ + { \ + 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 } \ + } + +extern EFI_GUID gMeasuredFvHobGuid; + +typedef struct { + UINT32 Num; + EFI_PLATFORM_FIRMWARE_BLOB MeasuredFvBuf[1]; +} MEASURED_HOB_DATA; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/PhysicalPresenceData.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/PhysicalPresenceData.h new file mode 100644 index 00000000..8ac3b424 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/PhysicalPresenceData.h @@ -0,0 +1,75 @@ +/** @file + Define the variable data structures used for TCG physical presence. + The TPM request from firmware or OS is saved to variable. And it is + cleared after it is processed in the next boot cycle. The TPM response + is saved to variable. + +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __PHYSICAL_PRESENCE_DATA_GUID_H__ +#define __PHYSICAL_PRESENCE_DATA_GUID_H__ + +#define EFI_PHYSICAL_PRESENCE_DATA_GUID \ + { \ + 0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }\ + } + +#define PHYSICAL_PRESENCE_VARIABLE L"PhysicalPresence" + +typedef struct { + UINT8 PPRequest; ///< Physical Presence request command. + UINT8 LastPPRequest; + UINT32 PPResponse; +} EFI_PHYSICAL_PRESENCE; + +// +// The definition of physical presence operation actions +// +#define PHYSICAL_PRESENCE_NO_ACTION 0 +#define PHYSICAL_PRESENCE_ENABLE 1 +#define PHYSICAL_PRESENCE_DISABLE 2 +#define PHYSICAL_PRESENCE_ACTIVATE 3 +#define PHYSICAL_PRESENCE_DEACTIVATE 4 +#define PHYSICAL_PRESENCE_CLEAR 5 +#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE 6 +#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE 7 +#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE 8 +#define PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE 9 +#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE 10 +#define PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE 11 +#define PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE 12 +#define PHYSICAL_PRESENCE_SET_OPERATOR_AUTH 13 +#define PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE 14 +#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE 15 +#define PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE 16 +#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE 17 +#define PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE 18 +#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE 19 +#define PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE 20 +#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR 21 +#define PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE 22 + +// +// This variable is used to save TPM Management Flags and corresponding operations. +// It should be protected from malicious software (e.g. Set it as read-only variable). +// +#define PHYSICAL_PRESENCE_FLAGS_VARIABLE L"PhysicalPresenceFlags" +typedef struct { + UINT8 PPFlags; +} EFI_PHYSICAL_PRESENCE_FLAGS; + +// +// The definition bit of the TPM Management Flags +// +#define FLAG_NO_PPI_PROVISION BIT0 +#define FLAG_NO_PPI_CLEAR BIT1 +#define FLAG_NO_PPI_MAINTENANCE BIT2 +#define FLAG_RESET_TRACK BIT3 + +extern EFI_GUID gEfiPhysicalPresenceGuid; + +#endif + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h new file mode 100644 index 00000000..3fea4a00 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/PwdCredentialProviderHii.h @@ -0,0 +1,23 @@ +/** @file + GUID used as HII FormSet and HII Package list GUID in PwdCredentialProviderDxe driver. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __PWD_CREDENTIAL_PROVIDER_HII_H__ +#define __PWD_CREDENTIAL_PROVIDER_HII_H__ + +// +// Used for save password credential and form browser. +// Also used as provider identifier. +// +#define PWD_CREDENTIAL_PROVIDER_GUID \ + { \ + 0x78b9ec8b, 0xc000, 0x46c5, { 0xac, 0x93, 0x24, 0xa0, 0xc1, 0xbb, 0x0, 0xce } \ + } + +extern EFI_GUID gPwdCredentialProviderGuid; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/SecureBootConfigHii.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/SecureBootConfigHii.h new file mode 100644 index 00000000..4eb61b00 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/SecureBootConfigHii.h @@ -0,0 +1,20 @@ +/** @file + GUIDs used as HII FormSet and HII Package list GUID in SecureBootConfigDxe driver. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SECUREBOOT_CONFIG_HII_GUID_H__ +#define __SECUREBOOT_CONFIG_HII_GUID_H__ + +#define SECUREBOOT_CONFIG_FORM_SET_GUID \ + { \ + 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14} \ + } + + +extern EFI_GUID gSecureBootConfigFormSetGuid; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h new file mode 100644 index 00000000..305acc02 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/SecurityPkgTokenSpace.h @@ -0,0 +1,19 @@ +/** @file + GUID for SecurityPkg PCD Token Space. + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _SECURITYPKG_TOKEN_SPACE_GUID_H_ +#define _SECURITYPKG_TOKEN_SPACE_GUID_H_ + +#define SECURITYPKG_TOKEN_SPACE_GUID \ + { \ + 0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba } \ + } + +extern EFI_GUID gEfiSecurityPkgTokenSpaceGuid; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/Tcg2ConfigHii.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/Tcg2ConfigHii.h new file mode 100644 index 00000000..eabd394f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/Tcg2ConfigHii.h @@ -0,0 +1,19 @@ +/** @file + GUIDs used as HII FormSet and HII Package list GUID in Tcg2Config driver. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG2_CONFIG_HII_GUID_H__ +#define __TCG2_CONFIG_HII_GUID_H__ + +#define TCG2_CONFIG_FORM_SET_GUID \ + { \ + 0x6339d487, 0x26ba, 0x424b, { 0x9a, 0x5d, 0x68, 0x7e, 0x25, 0xd7, 0x40, 0xbc } \ + } + +extern EFI_GUID gTcg2ConfigFormSetGuid; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h new file mode 100644 index 00000000..9840e980 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/Tcg2PhysicalPresenceData.h @@ -0,0 +1,41 @@ +/** @file + Define the variable data structures used for TCG2 physical presence. + The TPM2 request from firmware or OS is saved to variable. And it is + cleared after it is processed in the next boot cycle. The TPM2 response + is saved to variable. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG2_PHYSICAL_PRESENCE_DATA_GUID_H__ +#define __TCG2_PHYSICAL_PRESENCE_DATA_GUID_H__ + +#define EFI_TCG2_PHYSICAL_PRESENCE_DATA_GUID \ + { \ + 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 } \ + } + +#define TCG2_PHYSICAL_PRESENCE_VARIABLE L"Tcg2PhysicalPresence" + +typedef struct { + UINT8 PPRequest; ///< Physical Presence request command. + UINT32 PPRequestParameter; ///< Physical Presence request Parameter. + UINT8 LastPPRequest; + UINT32 PPResponse; +} EFI_TCG2_PHYSICAL_PRESENCE; + +// +// This variable is used to save TCG2 Management Flags and corresponding operations. +// It should be protected from malicious software (e.g. Set it as read-only variable). +// +#define TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE L"Tcg2PhysicalPresenceFlags" +typedef struct { + UINT32 PPFlags; +} EFI_TCG2_PHYSICAL_PRESENCE_FLAGS; + +extern EFI_GUID gEfiTcg2PhysicalPresenceGuid; + +#endif + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TcgConfigHii.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TcgConfigHii.h new file mode 100644 index 00000000..48b74bdc --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TcgConfigHii.h @@ -0,0 +1,19 @@ +/** @file + GUIDs used as HII FormSet and HII Package list GUID in TcgConfig driver. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG_CONFIG_HII_GUID_H__ +#define __TCG_CONFIG_HII_GUID_H__ + +#define TCG_CONFIG_FORM_SET_GUID \ + { \ + 0xb0f901e4, 0xc424, 0x45de, {0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 } \ + } + +extern EFI_GUID gTcgConfigFormSetGuid; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TcgEventHob.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TcgEventHob.h new file mode 100644 index 00000000..18d020bf --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TcgEventHob.h @@ -0,0 +1,63 @@ +/** @file + Defines the HOB GUID used to pass a TCG_PCR_EVENT or TCG_PCR_EVENT2 from a TPM PEIM to + a TPM DXE Driver. A GUIDed HOB is generated for each measurement + made in the PEI Phase. + +Copyright (c) 2007 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TCG_EVENT_HOB_H_ +#define _TCG_EVENT_HOB_H_ + +/// +/// The Global ID of a GUIDed HOB used to pass a TCG_PCR_EVENT from a TPM PEIM to a TPM DXE Driver. +/// +#define EFI_TCG_EVENT_HOB_GUID \ + { \ + 0x2b9ffb52, 0x1b13, 0x416f, { 0xa8, 0x7b, 0xbc, 0x93, 0xd, 0xef, 0x92, 0xa8 } \ + } + +extern EFI_GUID gTcgEventEntryHobGuid; + +#define EFI_TCG_EVENT2_HOB_GUID \ + { \ + 0xd26c221e, 0x2430, 0x4c8a, { 0x91, 0x70, 0x3f, 0xcb, 0x45, 0x0, 0x41, 0x3f } \ + } + +extern EFI_GUID gTcgEvent2EntryHobGuid; + +/// +/// The Global ID of a GUIDed HOB used to record TPM device error. +/// +#define EFI_TPM_ERROR_GUID \ + { \ + 0xef598499, 0xb25e, 0x473a, { 0xbf, 0xaf, 0xe7, 0xe5, 0x7d, 0xce, 0x82, 0xc4 } \ + } + +extern EFI_GUID gTpmErrorHobGuid; + +/// +/// The Global ID of a GUIDed HOB used to record TPM2 Startup Locality. +/// HOB payload is UINT8 according to Startup Locality Event. +/// +#define EFI_TPM2_STARTUP_LOCALITY_HOB_GUID \ + { \ + 0xef598499, 0xb25e, 0x473a, { 0xbf, 0xaf, 0xe7, 0xe5, 0x7d, 0xce, 0x82, 0xc4 } \ + } + +extern EFI_GUID gTpm2StartupLocalityHobGuid; + +/// +/// The Global ID of a GUIDed HOB used to record TCG 800-155 PlatformId Event. +/// HOB payload is the whole TCG_Sp800_155_PlatformId_Event2 according to TCG 800-155 PlatformId Event. +/// +#define EFI_TCG_800_155_PLATFORM_ID_EVENT_HOB_GUID \ + { \ + 0xe2c3bc69, 0x615c, 0x4b5b, { 0x8e, 0x5c, 0xa0, 0x33, 0xa9, 0xc2, 0x5e, 0xd6 } \ + } + +extern EFI_GUID gTcg800155PlatformIdEventHobGuid; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TpmInstance.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TpmInstance.h new file mode 100644 index 00000000..ce617778 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TpmInstance.h @@ -0,0 +1,32 @@ +/** @file + TPM instance guid, used for PcdTpmInstanceGuid. + +Copyright (c) 2013, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TPM_INSTANCE_GUID_H__ +#define __TPM_INSTANCE_GUID_H__ + +#define TPM_DEVICE_INTERFACE_NONE \ + { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } } + +#define TPM_DEVICE_INTERFACE_TPM12 \ + { 0x8b01e5b6, 0x4f19, 0x46e8, { 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc } } + +#define TPM_DEVICE_INTERFACE_TPM20_DTPM \ + { 0x286bf25a, 0xc2c3, 0x408c, { 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17 } } + +extern EFI_GUID gEfiTpmDeviceInstanceNoneGuid; +extern EFI_GUID gEfiTpmDeviceInstanceTpm12Guid; +extern EFI_GUID gEfiTpmDeviceInstanceTpm20DtpmGuid; + + +#define TPM_DEVICE_SELECTED_GUID \ + { 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } } + +extern EFI_GUID gEfiTpmDeviceSelectedGuid; + +#endif + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TpmNvsMm.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TpmNvsMm.h new file mode 100644 index 00000000..51abd89a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Guid/TpmNvsMm.h @@ -0,0 +1,68 @@ +/** @file + TPM NVS MM guid, used for exchanging information, including SWI value and NVS region + information, for patching TPM ACPI table. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef TCG2_NVS_MM_H_ +#define TCG2_NVS_MM_H_ + +#define MM_TPM_NVS_HOB_GUID \ + { 0xc96c76eb, 0xbc78, 0x429c, { 0x9f, 0x4b, 0xda, 0x51, 0x78, 0xc2, 0x84, 0x57 }} + +extern EFI_GUID gTpmNvsMmGuid; + +#pragma pack(1) +typedef struct { + UINT8 SoftwareSmi; + UINT32 Parameter; + UINT32 Response; + UINT32 Request; + UINT32 RequestParameter; + UINT32 LastRequest; + UINT32 ReturnCode; +} PHYSICAL_PRESENCE_NVS; + +typedef struct { + UINT8 SoftwareSmi; + UINT32 Parameter; + UINT32 Request; + UINT32 ReturnCode; +} MEMORY_CLEAR_NVS; + +typedef struct { + PHYSICAL_PRESENCE_NVS PhysicalPresence; + MEMORY_CLEAR_NVS MemoryClear; + UINT32 PPRequestUserConfirm; + UINT32 TpmIrqNum; + BOOLEAN IsShortFormPkgLength; +} TCG_NVS; + +typedef struct { + UINT8 OpRegionOp; + UINT32 NameString; + UINT8 RegionSpace; + UINT8 DWordPrefix; + UINT32 RegionOffset; + UINT8 BytePrefix; + UINT8 RegionLen; +} AML_OP_REGION_32_8; + +typedef struct { + UINT64 Function; + UINT64 ReturnStatus; + EFI_PHYSICAL_ADDRESS TargetAddress; + UINT64 RegisteredPpSwiValue; + UINT64 RegisteredMcSwiValue; +} TPM_NVS_MM_COMM_BUFFER; +#pragma pack() + +typedef enum { + TpmNvsMmExchangeInfo, +} TPM_NVS_MM_FUNCTION; + +#endif // TCG2_NVS_MM_H_ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/HashLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/HashLib.h new file mode 100644 index 00000000..c6fb4e23 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/HashLib.h @@ -0,0 +1,167 @@ +/** @file + This library abstract TPM2 hash calculation. + The platform can choose multiply hash, while caller just need invoke these API. + Then all hash value will be returned and/or extended. + +Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _HASH_LIB_H_ +#define _HASH_LIB_H_ + +#include <Uefi.h> +#include <Protocol/Hash.h> +#include <IndustryStandard/Tpm20.h> +typedef UINTN HASH_HANDLE; + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +HashStart ( + OUT HASH_HANDLE *HashHandle + ); + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ); + +/** + Hash sequence complete and extend to PCR. + + @param HashHandle Hash handle. + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashCompleteAndExtend ( + IN HASH_HANDLE HashHandle, + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ); + +/** + Hash data and extend to PCR. + + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash data and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashAndExtend ( + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ); + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +typedef +EFI_STATUS +(EFIAPI *HASH_INIT) ( + OUT HASH_HANDLE *HashHandle + ); + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +typedef +EFI_STATUS +(EFIAPI *HASH_UPDATE) ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ); + +/** + Complete hash sequence complete. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +typedef +EFI_STATUS +(EFIAPI *HASH_FINAL) ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ); + +#define HASH_ALGORITHM_SHA1_GUID EFI_HASH_ALGORITHM_SHA1_GUID +#define HASH_ALGORITHM_SHA256_GUID EFI_HASH_ALGORITHM_SHA256_GUID +#define HASH_ALGORITHM_SHA384_GUID EFI_HASH_ALGORITHM_SHA384_GUID +#define HASH_ALGORITHM_SHA512_GUID EFI_HASH_ALGORITHM_SHA512_GUID +#define HASH_ALGORITHM_SM3_256_GUID \ + { \ + 0x251C7818, 0x0DBF, 0xE619, { 0x7F, 0xC2, 0xD6, 0xAC, 0x43, 0x42, 0x7D, 0xA3 } \ + } + +typedef struct { + EFI_GUID HashGuid; + HASH_INIT HashInit; + HASH_UPDATE HashUpdate; + HASH_FINAL HashFinal; +} HASH_INTERFACE; + +/** + This service register Hash. + + @param HashInterface Hash interface + + @retval EFI_SUCCESS This hash interface is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this interface. + @retval EFI_ALREADY_STARTED System already register this interface. +**/ +EFI_STATUS +EFIAPI +RegisterHashInterfaceLib ( + IN HASH_INTERFACE *HashInterface + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/PlatformSecureLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/PlatformSecureLib.h new file mode 100644 index 00000000..2e7b6672 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/PlatformSecureLib.h @@ -0,0 +1,36 @@ +/** @file + Provides a secure platform-specific method to detect physically present user. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __PLATFORM_SECURE_LIB_H__ +#define __PLATFORM_SECURE_LIB_H__ + + +/** + + This function provides a platform-specific method to detect whether the platform + is operating by a physically present user. + + Programmatic changing of platform security policy (such as disable Secure Boot, + or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during + Boot Services or after exiting EFI Boot Services. Only a physically present user + is allowed to perform these operations. + + NOTE THAT: This function cannot depend on any EFI Variable Service since they are + not available when this function is called in AuthenticateVariable driver. + + @retval TRUE The platform is operated by a physically present user. + @retval FALSE The platform is NOT operated by a physically present user. + +**/ +BOOLEAN +EFIAPI +UserPhysicalPresent ( + VOID + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/RpmcLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/RpmcLib.h new file mode 100644 index 00000000..663d425d --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/RpmcLib.h @@ -0,0 +1,43 @@ +/** @file + Public definitions for the Replay Protected Monotonic Counter (RPMC) Library. + +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _RPMC_LIB_H_ +#define _RPMC_LIB_H_ + +#include <Uefi/UefiBaseType.h> + +/** + Requests the monotonic counter from the designated RPMC counter. + + @param[out] CounterValue A pointer to a buffer to store the RPMC value. + + @retval EFI_SUCCESS The operation completed successfully. + @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. + @retval EFI_UNSUPPORTED The operation is un-supported. +**/ +EFI_STATUS +EFIAPI +RequestMonotonicCounter ( + OUT UINT32 *CounterValue + ); + +/** + Increments the monotonic counter in the SPI flash device by 1. + + @retval EFI_SUCCESS The operation completed successfully. + @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. + @retval EFI_UNSUPPORTED The operation is un-supported. +**/ +EFI_STATUS +EFIAPI +IncrementMonotonicCounter ( + VOID + ); + +#endif + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h new file mode 100644 index 00000000..fa26a9c3 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tcg2PhysicalPresenceLib.h @@ -0,0 +1,167 @@ +/** @file + This library is intended to be used by BDS modules. + This library will execute TPM2 request. + +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TCG2_PHYSICAL_PRESENCE_LIB_H_ +#define _TCG2_PHYSICAL_PRESENCE_LIB_H_ + +#include <IndustryStandard/Tpm20.h> +#include <IndustryStandard/TcgPhysicalPresence.h> +#include <Protocol/Tcg2Protocol.h> + +// +// UEFI TCG2 library definition bit of the BIOS TPM Management Flags +// +// BIT0 is reserved +#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR BIT1 +// BIT2 is reserved +#define TCG2_LIB_PP_FLAG_RESET_TRACK BIT3 +#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON BIT4 +#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF BIT5 +#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS BIT6 +#define TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS BIT7 + +// +// UEFI TCG2 library definition bit of the BIOS Information Flags +// +#define TCG2_BIOS_INFORMATION_FLAG_HIERARCHY_CONTROL_STORAGE_DISABLE BIT8 +#define TCG2_BIOS_INFORMATION_FLAG_HIERARCHY_CONTROL_ENDORSEMENT_DISABLE BIT9 + +// +// UEFI TCG2 library definition bit of the BIOS Storage Management Flags +// +#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID BIT16 +#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID BIT17 +#define TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID BIT18 + +/** + Check and execute the pending TPM request. + + The TPM request may come from OS or BIOS. This API will display request information and wait + for user confirmation if TPM request exists. The TPM request will be sent to TPM device after + the TPM request is confirmed, and one or more reset may be required to make TPM request to + take effect. + + This API should be invoked after console in and console out are all ready as they are required + to display request information and get user input to confirm the request. + + @param PlatformAuth platform auth value. NULL means no platform auth change. +**/ +VOID +EFIAPI +Tcg2PhysicalPresenceLibProcessRequest ( + IN TPM2B_AUTH *PlatformAuth OPTIONAL + ); + +/** + Check if the pending TPM request needs user input to confirm. + + The TPM request may come from OS. This API will check if TPM request exists and need user + input to confirmation. + + @retval TRUE TPM needs input to confirm user physical presence. + @retval FALSE TPM doesn't need input to confirm user physical presence. + +**/ +BOOLEAN +EFIAPI +Tcg2PhysicalPresenceLibNeedUserConfirm ( + VOID + ); + +/** + Return TPM2 ManagementFlags set by PP interface. + + @retval ManagementFlags TPM2 Management Flags. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibGetManagementFlags ( + VOID + ); + +/** + The handler for TPM physical presence function: + Return TPM Operation Response to OS Environment. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + @param[out] MostRecentRequest Most recent operation request. + @param[out] Response Response to the most recent operation request. + + @return Return Code for Return TPM Operation Response to OS Environment. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( + OUT UINT32 *MostRecentRequest, + OUT UINT32 *Response + ); + +/** + The handler for TPM physical presence function: + Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + @param[in, out] Pointer to OperationRequest TPM physical presence operation request. + @param[in, out] Pointer to RequestParameter TPM physical presence operation request parameter. + + @return Return Code for Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + **/ +UINT32 +Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( + IN OUT UINT32 *OperationRequest, + IN OUT UINT32 *RequestParameter + ); + +/** + The handler for TPM physical presence function: + Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] RequestParameter TPM physical presence operation request parameter. + + @return Return Code for Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( + IN UINT32 OperationRequest, + IN UINT32 RequestParameter + ); + +/** + The handler for TPM physical presence function: + Get User Confirmation Status for Operation. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + @param[in] OperationRequest TPM physical presence operation request. + + @return Return Code for Get User Confirmation Status for Operation. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( + IN UINT32 OperationRequest + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tcg2PpVendorLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tcg2PpVendorLib.h new file mode 100644 index 00000000..456b2ddb --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tcg2PpVendorLib.h @@ -0,0 +1,123 @@ +/** @file + This library is to support TCG PC Client Platform Physical Presence Interface Specification + Family "2.0" part, >= 128 Vendor Specific PPI Operation. + + The Vendor Specific PPI operation may change TPM state, BIOS TPM management + flags, and may need additional boot cycle. + + Caution: This function may receive untrusted input. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TCG2_PP_VENDOR_LIB_H_ +#define _TCG2_PP_VENDOR_LIB_H_ + +#include <IndustryStandard/Tpm20.h> +#include <Protocol/Tcg2Protocol.h> +#include <Library/Tcg2PhysicalPresenceLib.h> + +/** + Check and execute the requested physical presence command. + + This API should be invoked in BIOS boot phase to process pending request. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] OperationRequest TPM physical presence operation request. + @param[in, out] ManagementFlags BIOS TPM Management Flags. + @param[out] ResetRequired If reset is required to vendor settings in effect. + True, it indicates the reset is required. + False, it indicates the reset is not required. + + @return TPM Operation Response to OS Environment. +**/ +UINT32 +EFIAPI +Tcg2PpVendorLibExecutePendingRequest ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN UINT32 OperationRequest, + IN OUT UINT32 *ManagementFlags, + OUT BOOLEAN *ResetRequired + ); + +/** + Check if there is a valid physical presence command request. + + This API should be invoked in BIOS boot phase to process pending request. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. + True, it indicates the command doesn't require user confirm. + False, it indicates the command need user confirm from UI. + + @retval TRUE Physical Presence operation command is valid. + @retval FALSE Physical Presence operation command is invalid. +**/ +BOOLEAN +EFIAPI +Tcg2PpVendorLibHasValidRequest ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + OUT BOOLEAN *RequestConfirmed + ); + +/** + The callback for TPM vendor specific physical presence which is called for + Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + @param[in] RequestParameter Extra parameter from the passed package. + + @return Return Code for Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. +**/ +UINT32 +EFIAPI +Tcg2PpVendorLibSubmitRequestToPreOSFunction ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + IN UINT32 RequestParameter + ); + +/** + The callback for TPM vendor specific physical presence which is called for + Get User Confirmation Status for Operation. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + + @return Return Code for Get User Confirmation Status for Operation. +**/ +UINT32 +EFIAPI +Tcg2PpVendorLibGetUserConfirmationStatusFunction ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgEventLogRecordLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgEventLogRecordLib.h new file mode 100644 index 00000000..8631b5b9 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgEventLogRecordLib.h @@ -0,0 +1,97 @@ +/** @file + This library is used by other modules to measure Firmware to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TCG_EVENTLOGRECORD_LIB_H_ +#define _TCG_EVENTLOGRECORD_LIB_H_ + +#include <Uefi.h> + +#pragma pack (1) + +#define PLATFORM_FIRMWARE_BLOB_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(PLATFORM_FIRMWARE_BLOB_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} PLATFORM_FIRMWARE_BLOB2_STRUCT; + +#define HANDOFF_TABLE_POINTER_DESC "1234567890ABCDEF" +typedef struct { + UINT8 TableDescriptionSize; + UINT8 TableDescription[sizeof(HANDOFF_TABLE_POINTER_DESC)]; + UINT64 NumberOfTables; + EFI_CONFIGURATION_TABLE TableEntry[1]; +} HANDOFF_TABLE_POINTERS2_STRUCT; + +#pragma pack () + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ); + +/** + Measure a FirmwareBlob. + + @param[in] PcrIndex PCR Index. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ); + +/** + Measure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurement. + @param[in] Description Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +*/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h new file mode 100644 index 00000000..8a9c535a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgPhysicalPresenceLib.h @@ -0,0 +1,48 @@ +/** @file + This library is intended to be used by BDS modules. + This library will lock TPM after executing TPM request. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TCG_PHYSICAL_PRESENCE_LIB_H_ +#define _TCG_PHYSICAL_PRESENCE_LIB_H_ + +/** + Check and execute the pending TPM request and Lock TPM. + + The TPM request may come from OS or BIOS. This API will display request information and wait + for user confirmation if TPM request exists. The TPM request will be sent to TPM device after + the TPM request is confirmed, and one or more reset may be required to make TPM request to + take effect. At last, it will lock TPM to prevent TPM state change by malware. + + This API should be invoked after console in and console out are all ready as they are required + to display request information and get user input to confirm the request. This API should also + be invoked as early as possible as TPM is locked in this function. + +**/ +VOID +EFIAPI +TcgPhysicalPresenceLibProcessRequest ( + VOID + ); + +/** + Check if the pending TPM request needs user input to confirm. + + The TPM request may come from OS. This API will check if TPM request exists and need user + input to confirmation. + + @retval TRUE TPM needs input to confirm user physical presence. + @retval FALSE TPM doesn't need input to confirm user physical presence. + +**/ +BOOLEAN +EFIAPI +TcgPhysicalPresenceLibNeedUserConfirm( + VOID + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgPpVendorLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgPpVendorLib.h new file mode 100644 index 00000000..d57316b0 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgPpVendorLib.h @@ -0,0 +1,153 @@ +/** @file + This library is to support TCG Physical Presence Interface (PPI) specification + >= 128 Vendor Specific PPI Operation. + + The Vendor Specific PPI operation may change TPM state, BIOS TPM management + flags, and may need additional boot cycle. + + Caution: This function may receive untrusted input. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TCG_PP_VENDOR_LIB_H_ +#define _TCG_PP_VENDOR_LIB_H_ + +// +// The definition of physical presence operation actions +// +#define TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION 128 + +// +// The definition bit of the BIOS TPM Management Flags +// +#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION BIT0 +#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR BIT1 +#define TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE BIT2 +#define TCG_VENDOR_LIB_FLAG_RESET_TRACK BIT3 + +// +// The definition for TPM Operation Response to OS Environment +// +#define TCG_PP_OPERATION_RESPONSE_SUCCESS 0x0 +#define TCG_PP_OPERATION_RESPONSE_USER_ABORT 0xFFFFFFF0 +#define TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE 0xFFFFFFF1 + +// +// The return code for Submit TPM Request to Pre-OS Environment +// and Submit TPM Request to Pre-OS Environment 2 +// +#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS 0 +#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED 1 +#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE 2 +#define TCG_PP_SUBMIT_REQUEST_TO_PREOS_BLOCKED_BY_BIOS_SETTINGS 3 + +// +// The return code for Get User Confirmation Status for Operation +// +#define TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED 0 +#define TCG_PP_GET_USER_CONFIRMATION_BIOS_ONLY 1 +#define TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION 2 +#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED 3 +#define TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED 4 + +/** + Check and execute the requested physical presence command. + + This API should be invoked in BIOS boot phase to process pending request. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in, out] ManagementFlags BIOS TPM Management Flags. + @param[out] ResetRequired If reset is required to vendor settings in effect. + True, it indicates the reset is required. + False, it indicates the reset is not required. + + @return TPM Operation Response to OS Environment. +**/ +UINT32 +EFIAPI +TcgPpVendorLibExecutePendingRequest ( + IN UINT32 OperationRequest, + IN OUT UINT32 *ManagementFlags, + OUT BOOLEAN *ResetRequired + ); + +/** + Check if there is a valid physical presence command request. + + This API should be invoked in BIOS boot phase to process pending request. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. + True, it indicates the command doesn't require user confirm. + False, it indicates the command need user confirm from UI. + + @retval TRUE Physical Presence operation command is valid. + @retval FALSE Physical Presence operation command is invalid. +**/ +BOOLEAN +EFIAPI +TcgPpVendorLibHasValidRequest ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + OUT BOOLEAN *RequestConfirmed + ); + +/** + The callback for TPM vendor specific physical presence which is called for + Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + + @return Return Code for Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. +**/ +UINT32 +EFIAPI +TcgPpVendorLibSubmitRequestToPreOSFunction ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags + ); + +/** + The callback for TPM vendor specific physical presence which is called for + Get User Confirmation Status for Operation. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + + @return Return Code for Get User Confirmation Status for Operation. +**/ +UINT32 +EFIAPI +TcgPpVendorLibGetUserConfirmationStatusFunction ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgStorageCoreLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgStorageCoreLib.h new file mode 100644 index 00000000..3ec22418 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgStorageCoreLib.h @@ -0,0 +1,1309 @@ +/** @file + Public API for the Tcg Core library to perform the lowest level TCG Data encoding. + + (TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00, + https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/) + + Check http://trustedcomputinggroup.org for latest specification updates. + +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TCG_CORE_H_ +#define _TCG_CORE_H_ + +#include <IndustryStandard/TcgStorageCore.h> + +#define ERROR_CHECK(arg) \ + { \ + TCG_RESULT ret = (arg); \ + if (ret != TcgResultSuccess) { \ + DEBUG ((DEBUG_INFO, "ERROR_CHECK failed at %a:%u\n", __FILE__, __LINE__)); \ + return ret; \ + } \ + } + +#define METHOD_STATUS_ERROR_CHECK(arg, failRet) \ + if ((arg) != TCG_METHOD_STATUS_CODE_SUCCESS) { \ + DEBUG ((DEBUG_INFO, "Method Status error: 0x%02X (%a)\n", arg, TcgMethodStatusString(arg))); \ + return (failRet); \ + } + +#define NULL_CHECK(arg) \ + do { \ + if ((arg) == NULL) { \ + DEBUG ((DEBUG_INFO, "NULL_CHECK(%a) failed at %a:%u\n", #arg, __FILE__, __LINE__)); \ + return TcgResultFailureNullPointer; \ + } \ + } while (0) + +#pragma pack(1) + +/** +Tcg result codes. + +The result code indicates if the Tcg function call was successful or not +**/ +typedef enum { + // + // This is the return result upon successful completion of a Tcg function call + // + TcgResultSuccess, + + // + // This is the return "catchall" result for the failure of a Tcg function call + // + TcgResultFailure, + + // + // This is the return result if a required parameter was Null for a Tcg function call + // + TcgResultFailureNullPointer, + + // + // This is the return result if a required buffersize was 0 for a Tcg function call + // + TcgResultFailureZeroSize, + + // + // This is the return result if a Tcg function call was executed out of order. + // For instance, starting a Tcg subpacket before starting its Tcg packet. + // + TcgResultFailureInvalidAction, + + // + // This is the return result if the buffersize provided is not big enough to add a requested Tcg encoded item. + // + TcgResultFailureBufferTooSmall, + + // + // This is the return result for a Tcg parse function if the end of the parsed Buffer is reached, yet Data is still attempted to be retrieved. + // For instance, attempting to retrieve another Tcg token from the Buffer after it has reached the end of the Tcg subpacket payload. + // + TcgResultFailureEndBuffer, + + // + // This is the return result for a Tcg parse function if the Tcg Token item requested is not the expected type. + // For instance, the caller requested to receive an integer and the Tcg token was a byte sequence. + // + TcgResultFailureInvalidType, +} TCG_RESULT; + +// +// Structure that is used to build the Tcg ComPacket. It contains the start Buffer pointer and the current position of the +// Tcg ComPacket, current Tcg Packet and Tcg SubPacket. This structure must be initialized +// by calling tcgInitTcgCreateStruct before it is used as parameter to any other Tcg function. +// This structure should NOT be directly modified by the client of this library. +// +// NOTE: WE MAY MAKE THIS AN ABSTRACT STRUCTURE WITH A DEFINED SIZE AND KEEP THE VARIABLES +// INTERNAL AND ONLY KNOWN TO THE TCG LIBRARY +// +// tcgInitTcgCreateStruct +// +typedef struct { + // + // Buffer allocated and freed by the client of the Tcg library. + // This is the Buffer that shall contain the final Tcg encoded compacket. + // + VOID *Buffer; + + // + // Size of the Buffer provided. + // + UINT32 BufferSize; + + // + //Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer. + // + TCG_COM_PACKET *ComPacket; + + // + // Current Tcg Packet that is being created. It should point to a location within Buffer. + // + TCG_PACKET *CurPacket; + + // + // Current Tcg SubPacket that is being created. It should point to a location within Buffer. + // + TCG_SUB_PACKET *CurSubPacket; + + // + // Flag used to indicate if the Buffer of the structure should be filled out. + // This is intended to be used to support a use-case where the client of library + // can perform all the desired tcg calls to determine what the actual Size of the final compacket will be. + // Then the client can allocate the required Buffer Size and re-run the tcg calls. + // THIS MAY NOT BE IMPLEMENTED... REQUIRES MORE THOUGHT BECAUSE YOU CANNOT SOLVE ISSUE FOR RECEIVE + // + BOOLEAN DryRun; +} TCG_CREATE_STRUCT; + +// +// Structure that is used to parse the Tcg response received. It contains the response Buffer pointer +// and the current position of the Tcg ComPacket, current Tcg Packet and Tcg SubPacket being parsed. +// This structure must be initialized by calling tcgInitTcgParseStruct before it is used as parameter to any other Tcg parse function. +// This structure should NOT be directly modified by the client of this library. +// +// NOTE: WE MAY MAKE THIS AN ABSTRACT STRUCTURE WITH A DEFINED SIZE AND KEEP THE VARIABLES +// INTERNAL AND ONLY KNOWN TO THE TCG LIBRARY +// +// @sa tcgInitTcgParseStruct +// +typedef struct { + // + // Buffer allocated and freed by the client of the Tcg library. + // This is the Buffer that contains the Tcg response to decode/parse. + // + const VOID* Buffer; + + // + //Size of the Buffer provided. + // + UINT32 BufferSize; + + // + // Pointer to the start of the Tcg ComPacket. It should point to a location within Buffer. + // + TCG_COM_PACKET *ComPacket; + + // + // Current Tcg Packet that is being created. It should point to a location within Buffer. + // + TCG_PACKET *CurPacket; + + // + // Current Tcg SubPacket that is being created. It should point to a location within Buffer. + // + TCG_SUB_PACKET *CurSubPacket; + + // + // Current pointer within the current subpacket payload. + // + UINT8 *CurPtr; +} TCG_PARSE_STRUCT ; + + +// +// Structure that is used to represent a Tcg Token that is retrieved by Tcg parse functions. +// +typedef struct { + // + // Describes the type of Tcg token the Hdr start points to. + // + TCG_TOKEN_TYPE Type; + + // + // Pointer to the beginning of the Header of the Tcg token + // + UINT8 *HdrStart; +} TCG_TOKEN ; + +/** + + Required to be called before calling any other Tcg functions with the TCG_CREATE_STRUCT. + Initializes the packet variables to NULL. Additionally, the buffer will be memset. + + @param[in/out] CreateStruct Structure to initialize + @param[in] Buffer Buffer allocated by client of library. It will contain the Tcg encoded packet. This cannot be null. + @param[in] BufferSize Size of buffer provided. It cannot be 0. + +**/ +TCG_RESULT +EFIAPI +TcgInitTcgCreateStruct( + TCG_CREATE_STRUCT *CreateStruct, + VOID *Buffer, + UINT32 BufferSize + ); + + +/** + + Encodes the ComPacket header to the data structure. + + @param[in/out] CreateStruct Structure to initialize + @param[in] ComId ComID of the Tcg ComPacket. + @param[in] ComIdExtension ComID Extension of the Tcg ComPacket. + +**/ +TCG_RESULT +EFIAPI +TcgStartComPacket( + TCG_CREATE_STRUCT *CreateStruct, + UINT16 ComId, + UINT16 ComIdExtension + ); + + +/** + + Starts a new ComPacket in the Data structure. + + @param[in/out] CreateStruct Structure used to add Tcg Packet + @param[in] Tsn Packet Tper session number + @param[in] Hsn Packet Host session number + @param[in] SeqNumber Packet Sequence Number + @param[in] AckType Packet Acknowledge Type + @param[in] Ack Packet Acknowledge + +**/ +TCG_RESULT +EFIAPI +TcgStartPacket( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 Tsn, + UINT32 Hsn, + UINT32 SeqNumber, + UINT16 AckType, + UINT32 Ack + ); + +/** + + Starts a new SubPacket in the Data structure. + + @param[in/out] CreateStruct Structure used to start Tcg SubPacket + @param[in] Kind SubPacket kind + +**/ +TCG_RESULT +EFIAPI +TcgStartSubPacket( + TCG_CREATE_STRUCT *CreateStruct, + UINT16 Kind + ); + + +/** + + Ends the current SubPacket in the Data structure. This function will also perform the 4-byte padding + required for Subpackets. + + @param[in/out] CreateStruct Structure used to end the current Tcg SubPacket + +**/ +TCG_RESULT +EFIAPI +TcgEndSubPacket( + TCG_CREATE_STRUCT *CreateStruct + ); + + +/** + + Ends the current Packet in the Data structure. + + @param[in/out] CreateStruct Structure used to end the current Tcg Packet + +**/ +TCG_RESULT +EFIAPI +TcgEndPacket( + TCG_CREATE_STRUCT *CreateStruct + ); + + +/** + + Ends the ComPacket in the Data structure and ret + + @param[in/out] CreateStruct Structure used to end the Tcg ComPacket + @param[in/out] Size Describes the Size of the entire ComPacket (Header and payload). Filled out by function. + +**/ +TCG_RESULT +EFIAPI +TcgEndComPacket( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size + ); + +/** + Adds a single raw token byte to the Data structure. + + @param[in/out] CreateStruct Structure used to add the byte + @param [in] Byte Byte to add + +**/ +TCG_RESULT +EFIAPI +TcgAddRawByte( + TCG_CREATE_STRUCT *CreateStruct, + UINT8 Byte + ); + + +/** + + Adds the Data parameter as a byte sequence to the Data structure. + + @param [in/out] CreateStruct Structure used to add the byte sequence + @param[in] Data Byte sequence that will be encoded and copied into Data structure + @param[in] DataSize Length of Data provided + @param[in] Continued TRUE if byte sequence is continued or + FALSE if the Data contains the entire byte sequence to be encoded + +**/ +TCG_RESULT +EFIAPI +TcgAddByteSequence( + TCG_CREATE_STRUCT *CreateStruct, + const VOID *Data, + UINT32 DataSize, + BOOLEAN Continued + ); + + +/** + + Adds an arbitrary-Length integer to the Data structure. + + The integer will be encoded using the shortest possible atom. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Data Integer in host byte order that will be encoded and copied into Data structure + @param[in] DataSize Length in bytes of the Data provided + @param[in] SignedInteger TRUE if the integer is signed or FALSE if the integer is unsigned + +**/ +TCG_RESULT +EFIAPI +TcgAddInteger( + TCG_CREATE_STRUCT *CreateStruct, + const VOID *Data, + UINT32 DataSize, + BOOLEAN SignedInteger + ); + + +/** + Adds an 8-bit unsigned integer to the Data structure. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Value Integer Value to add + +**/ +TCG_RESULT +EFIAPI +TcgAddUINT8( + TCG_CREATE_STRUCT *CreateStruct, + UINT8 Value + ); + +/** + + Adds a 16-bit unsigned integer to the Data structure. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Value Integer Value to add + +**/ +TCG_RESULT +EFIAPI +TcgAddUINT16 ( + TCG_CREATE_STRUCT *CreateStruct, + UINT16 Value + ); + +/** + + Adds a 32-bit unsigned integer to the Data structure. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Value Integer Value to add + +**/ +TCG_RESULT +EFIAPI +TcgAddUINT32( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 Value + ); + + +/** + + Adds a 64-bit unsigned integer to the Data structure. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Value Integer Value to add + +**/ +TCG_RESULT +EFIAPI +TcgAddUINT64( + TCG_CREATE_STRUCT *CreateStruct, + UINT64 Value + ); + +/** + Adds a BOOLEAN to the Data structure. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Value BOOLEAN Value to add + +**/ +TCG_RESULT +EFIAPI +TcgAddBOOLEAN( + TCG_CREATE_STRUCT *CreateStruct, + BOOLEAN Value + ); + +/** + Add tcg uid info. + + @param [in/out] CreateStruct Structure used to add the integer + @param Uid Input uid info. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddTcgUid( + TCG_CREATE_STRUCT *CreateStruct, + TCG_UID Uid + ); + +/** + Adds a Start List token to the Data structure. + + @param[in/out] CreateStruct Structure used to add the token + +**/ +TCG_RESULT +EFIAPI +TcgAddStartList( + TCG_CREATE_STRUCT *CreateStruct + ); + + +/** + + Adds an End List token to the Data structure. + + @param [in/out] CreateStruct Structure used to add the token + +**/ +TCG_RESULT +EFIAPI +TcgAddEndList( + TCG_CREATE_STRUCT *CreateStruct + ); + + +/** + Adds a Start Name token to the Data structure. + + @param[in/out] CreateStruct Structure used to add the token + +**/ +TCG_RESULT +EFIAPI +TcgAddStartName( + TCG_CREATE_STRUCT *CreateStruct + ); + + +/** + + Adds an End Name token to the Data structure. + + @param [in/out] CreateStruct Structure used to add the token + +**/ +TCG_RESULT +EFIAPI +TcgAddEndName( + TCG_CREATE_STRUCT *CreateStruct + ); + + +/** + Adds a Call token to the Data structure. + + @param [in/out] CreateStruct Structure used to add the token + +**/ +TCG_RESULT +EFIAPI +TcgAddCall( + TCG_CREATE_STRUCT *CreateStruct + ); + + +/** + +Adds an End of Data token to the Data structure. + +@param[in/out] CreateStruct Structure used to add the token + +**/ +TCG_RESULT +EFIAPI +TcgAddEndOfData( + TCG_CREATE_STRUCT *CreateStruct + ); + + +/** + +Adds an End of Session token to the Data structure. + +@param [in/out] CreateStruct Structure used to add the token + +**/ +TCG_RESULT +EFIAPI +TcgAddEndOfSession( + TCG_CREATE_STRUCT *CreateStruct + ); + + +/** + Adds a Start Transaction token to the Data structure. + + @param [in/out] CreateStruct Structure used to add the token + +**/ +TCG_RESULT +EFIAPI +TcgAddStartTransaction( + TCG_CREATE_STRUCT *CreateStruct + ); + + +/** + Adds an End Transaction token to the Data structure. + + @param[in/out] CreateStruct Structure used to add the token + +**/ +TCG_RESULT +EFIAPI +TcgAddEndTransaction( + TCG_CREATE_STRUCT *CreateStruct + ); + +/** + Initial the tcg parse structure. + + @param ParseStruct Input parse structure. + @param Buffer Input buffer data. + @param BufferSize Input buffer size. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgInitTcgParseStruct( + TCG_PARSE_STRUCT *ParseStruct, + const VOID *Buffer, + UINT32 BufferSize + ); + +/** + Get next token info. + + @param ParseStruct Input parse structure info. + @param TcgToken return the tcg token info. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextToken( + TCG_PARSE_STRUCT *ParseStruct, + TCG_TOKEN *TcgToken + ); + +/** + Get next token Type. + + @param ParseStruct Input parse structure. + @param Type Input the type need to check. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextTokenType( + TCG_PARSE_STRUCT *ParseStruct, + TCG_TOKEN_TYPE Type + ); + +/** + Get atom info. + + @param TcgToken Input token info. + @param HeaderLength return the header length. + @param DataLength return the data length. + @param ByteOrInt return the atom Type. + @param SignOrCont return the sign or count info. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetAtomInfo( + const TCG_TOKEN *TcgToken, + UINT32 *HeaderLength, + UINT32 *DataLength, + UINT8 *ByteOrInt, + UINT8 *SignOrCont + ); + +/** + Get token byte sequence. + + @param TcgToken Input token info. + @param Length Input the length info. + + @retval Return the value data. + +**/ +UINT8* +EFIAPI +TcgGetTokenByteSequence( + const TCG_TOKEN *TcgToken, + UINT32 *Length + ); + +/** + Get token specified value. + + @param TcgToken Input token info. + @param Value return the value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetTokenUINT64( + const TCG_TOKEN *TcgToken, + UINT64 *Value + ); + + +/** + Get next specify value. + + @param ParseStruct Input parse structure. + @param Value Return value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextUINT8( + TCG_PARSE_STRUCT *ParseStruct, + UINT8 *Value + ); + + +/** + Get next specify value. + + @param ParseStruct Input parse structure. + @param Value Return value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextUINT16( + TCG_PARSE_STRUCT *ParseStruct, + UINT16 *Value + ); + +/** + Get next specify value. + + @param ParseStruct Input parse structure. + @param Value Return value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextUINT32( + TCG_PARSE_STRUCT *ParseStruct, + UINT32 *Value + ); + +/** + Get next specify value. + + @param ParseStruct Input parse structure. + @param Value Return value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextUINT64( + TCG_PARSE_STRUCT *ParseStruct, + UINT64 *Value + ); + +/** + Get next specify value. + + @param ParseStruct Input parse structure. + @param Value Return value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextBOOLEAN( + TCG_PARSE_STRUCT *ParseStruct, + BOOLEAN *Value + ); + +/** + Get next tcg uid info. + + @param ParseStruct Input parse structure. + @param Uid Get the uid info. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextTcgUid( + TCG_PARSE_STRUCT *ParseStruct, + TCG_UID *Uid + ); + +/** + Get next byte sequence. + + @param ParseStruct Input parse structure. + @param Data return the data. + @param Length return the length. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextByteSequence( + TCG_PARSE_STRUCT *ParseStruct, + const VOID **Data, + UINT32 *Length + ); + +/** + Get next start list. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextStartList( + TCG_PARSE_STRUCT *ParseStruct + ); + +/** + Get next end list. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextEndList( + TCG_PARSE_STRUCT *ParseStruct + ); + +/** + Get next start name. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextStartName( + TCG_PARSE_STRUCT *ParseStruct + ); + +/** + Get next end name. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextEndName( + TCG_PARSE_STRUCT *ParseStruct + ); + +/** + Get next call. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextCall( + TCG_PARSE_STRUCT *ParseStruct + ); + +/** + Get next end data. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextEndOfData( + TCG_PARSE_STRUCT *ParseStruct + ); + +/** + Get next end of session. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextEndOfSession( + TCG_PARSE_STRUCT *ParseStruct + ); + +/** + Get next start transaction. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextStartTransaction( + TCG_PARSE_STRUCT *ParseStruct + ); + +/** + Get next end transaction. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextEndTransaction( + TCG_PARSE_STRUCT *ParseStruct + ); + +// end of parse functions + + +typedef +BOOLEAN +(EFIAPI* TCG_LEVEL0_ENUM_CALLBACK) ( + const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, + TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature, + UINTN FeatureSize, // includes header + VOID *Context +); + +/** + Adds call token and method Header (invoking id, and method id). + + @param CreateStruct The input create structure. + @param InvokingId Invoking id. + @param MethodId Method id. + +**/ +TCG_RESULT +EFIAPI +TcgStartMethodCall( + TCG_CREATE_STRUCT *CreateStruct, + TCG_UID InvokingId, + TCG_UID MethodId + ); + +/** + Adds START LIST token. + + @param CreateStruct The input create structure. + +**/ +TCG_RESULT +EFIAPI +TcgStartParameters( + TCG_CREATE_STRUCT *CreateStruct + ); + +/** + Adds END LIST token. + + @param CreateStruct The input create structure. + +**/ +TCG_RESULT +EFIAPI +TcgEndParameters( + TCG_CREATE_STRUCT *CreateStruct + ); + +/** + Adds END Data token and method list. + + @param CreateStruct The input create structure. + +**/ +TCG_RESULT +EFIAPI +TcgEndMethodCall( + TCG_CREATE_STRUCT *CreateStruct + ); + +/** + + Adds Start Session call to the data structure. This creates the entire ComPacket structure and + returns the size of the entire compacket in the size parameter. + + @param [in/out] CreateStruct Structure used to add the start session call + @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function. + @param [in] ComId ComID for the ComPacket + @param [in] ComIdExtension Extended ComID for the ComPacket + @param [in] HostSessionId Host Session ID + @param [in] SpId Security Provider to start session with + @param [in] Write Write option for start session. TRUE = start session requests write access + @param [in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL + @param [in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge shall be sent. + @param [in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority shall be sent. + +**/ +TCG_RESULT +EFIAPI +TcgCreateStartSession( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 HostSessionId, + TCG_UID SpId, + BOOLEAN Write, + UINT32 HostChallengeLength, + const VOID *HostChallenge, + TCG_UID HostSigningAuthority + ); + +/** + Creates ComPacket with a Method call that sets the PIN column for the row specified. + This assumes a start session has already been opened with the desired SP. + + @param [in/out] CreateStruct Structure used to add method call. + @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function. + @param [in] ComId ComID for the ComPacket + @param [in] ComIdExtension Extended ComID for the ComPacket + @param [in] TperSession Tper Session ID for the Packet + @param [in] HostSession Host Session ID for the Packet + @param [in] SidRow UID of row of current SP to set PIN column + @param [in] Password value of PIN to set + @param [in] PasswordSize Size of PIN + +**/ +TCG_RESULT +EFIAPI +TcgCreateSetCPin( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID SidRow, + const VOID *Password, + UINT32 PasswordSize + ); + +/** + Creates ComPacket with a Method call that sets the "Enabled" column for the row specified using the value specified. + This assumes a start session has already been opened with the desired SP. + + @param [in/out] CreateStruct Structure used to add method call + @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function. + @param [in] ComId ComID for the ComPacket + @param [in] ComIdExtension Extended ComID for the ComPacket + @param [in] TperSession Tper Session ID for the Packet + @param [in] HostSession Host Session ID for the Packet + @param [in] AuthorityUid Authority UID to modify the "Enabled" column for + @param [in] Enabled Value to set the "Enabled" column to + +**/ +TCG_RESULT +EFIAPI +TcgSetAuthorityEnabled( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID AuthorityUid, + BOOLEAN Enabled + ); + +/** + + Creates ComPacket with EndSession. + This assumes a start session has already been opened. + + @param [in/out] CreateStruct Structure used to add Endsession + @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function. + @param [in] ComId ComID for the ComPacket + @param [in] ComIdExtension Extended ComID for the ComPacket + @param [in] HostSessionId Host Session ID for the Packet + @param [in] TpSessionId Tper Session ID for the Packet + +**/ +TCG_RESULT +EFIAPI +TcgCreateEndSession( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 HostSessionId, + UINT32 TpSessionId + ); + + +/** + + Retrieves human-readable token type name. + + @param[in] Type Token type to retrieve + +**/ +CHAR8* +EFIAPI +TcgTokenTypeString( + TCG_TOKEN_TYPE Type + ); + +/** + Returns the method status of the current subpacket. Does not affect the current position + in the ComPacket. In other words, it can be called whenever you have a valid SubPacket. + + @param [in/out] ParseStruct Structure used to parse received TCG response + @param [in/out] MethodStatus Method status retrieved of the current SubPacket + +**/ +TCG_RESULT +EFIAPI +TcgGetMethodStatus( + const TCG_PARSE_STRUCT *ParseStruct, + UINT8 *MethodStatus + ); + +/** + Returns a human-readable string representing a method status return code. + + @param[in] MethodStatus Method status to translate to a string + + + @retval return the string info. +**/ +CHAR8* +EFIAPI +TcgMethodStatusString( + UINT8 MethodStatus + ); + + +/** + Retrieves the comID and Extended comID of the ComPacket in the Tcg response. + It is intended to be used to confirm the received Tcg response is intended for user that received it. + + @param [in] ParseStruct Structure used to parse received TCG response. + @param [in/out] ComId comID retrieved from received ComPacket. + @param [in/out] ComIdExtension Extended comID retrieved from received ComPacket + +**/ +TCG_RESULT +EFIAPI +TcgGetComIds( + const TCG_PARSE_STRUCT *ParseStruct, + UINT16 *ComId, + UINT16 *ComIdExtension + ); + +/** + Checks if the ComIDs of the response match the expected values. + + @param[in] ParseStruct Structure used to parse received TCG response + @param[in] ExpectedComId Expected comID + @param[in] ExpectedComIdExtension Expected extended comID + +**/ +TCG_RESULT +EFIAPI +TcgCheckComIds( + const TCG_PARSE_STRUCT *ParseStruct, + UINT16 ExpectedComId, + UINT16 ExpectedComIdExtension + ); + +/** + Parses the Sync Session response contained in the parseStruct to retrieve Tper session ID. If the Sync Session response + parameters do not match the comID, extended ComID and host session ID then a failure is returned. + + @param[in/out] ParseStruct Structure used to parse received TCG response, contains Sync Session response. + @param[in] ComId Expected ComID that is compared to actual ComID of response + @param[in] ComIdExtension Expected Extended ComID that is compared to actual Extended ComID of response + @param[in] HostSessionId Expected Host Session ID that is compared to actual Host Session ID of response + @param[in/out] TperSessionId Tper Session ID retrieved from the Sync Session response. + +**/ +TCG_RESULT +EFIAPI +TcgParseSyncSession( + const TCG_PARSE_STRUCT *ParseStruct, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 HostSessionId, + UINT32 *TperSessionId + ); + +/** + Create set ace. + + @param CreateStruct Input create structure. + @param Size size info. + @param ComId ComId info. + @param ComIdExtension ComId extension info. + @param TperSession Tper session data. + @param HostSession Host session data. + @param AceRow Ace row info. + @param Authority1 Authority 1 info. + @param LogicalOperator Logical operator info. + @param Authority2 Authority 2 info. + + @retval Return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgCreateSetAce( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID AceRow, + TCG_UID Authority1, + BOOLEAN LogicalOperator, + TCG_UID Authority2 + ); + +/** + Enum level 0 discovery. + + @param DiscoveryHeader Discovery header. + @param Callback Callback function. + @param Context The context for the function. + + @retval return true if the callback return TRUE, else return FALSE. + +**/ +BOOLEAN +EFIAPI +TcgEnumLevel0Discovery( + const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, + TCG_LEVEL0_ENUM_CALLBACK Callback, + VOID *Context + ); + +/** + Get Feature code from the header. + + @param DiscoveryHeader The discovery header. + @param FeatureCode return the Feature code. + @param FeatureSize return the Feature size. + + @retval return the Feature code data. +**/ +TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER* +EFIAPI +TcgGetFeature( + const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, + UINT16 FeatureCode, + UINTN *FeatureSize + ); + +/** + Determines if the protocol provided is part of the provided supported protocol list. + + @param[in] ProtocolList Supported protocol list to investigate + @param[in] Protocol Protocol value to determine if supported + + @return TRUE = protocol is supported, FALSE = protocol is not supported +**/ +BOOLEAN +EFIAPI +TcgIsProtocolSupported( + const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList, + UINT16 Protocol + ); + +/** + Determines if the Locking Feature "Locked" bit is set in the level 0 discovery response. + + @param[in] Discovery Level 0 discovery response + + @return TRUE = Locked is set, FALSE = Locked is false + +**/ +BOOLEAN +EFIAPI +TcgIsLocked( + const TCG_LEVEL0_DISCOVERY_HEADER *Discovery + ); + +#pragma pack() + + +#endif // _TCG_CORE_H_ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgStorageOpalLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgStorageOpalLib.h new file mode 100644 index 00000000..cb21e7c5 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TcgStorageOpalLib.h @@ -0,0 +1,892 @@ +/** @file + Public API for Opal Core library. + + (TCG Storage Architecture Core Specification, Version 2.01, Revision 1.00, + https://trustedcomputinggroup.org/tcg-storage-architecture-core-specification/ + + Storage Work Group Storage Security Subsystem Class: Pyrite, Specification Version 2.00, Revision 1.00, + https://trustedcomputinggroup.org/resource/tcg-storage-security-subsystem-class-pyrite/ + + Storage Work Group Storage Security Subsystem Class: Opal, Version 2.01 Final, Revision 1.00, + https://trustedcomputinggroup.org/storage-work-group-storage-security-subsystem-class-opal/ + + TCG Storage Security Subsystem Class: Opalite Version 1.00 Revision 1.00, + https://trustedcomputinggroup.org/tcg-storage-security-subsystem-class-opalite/ + + TCG Storage Feature Set: Block SID Authentication, Version 1.00 Final, Revision 1.00, + https://trustedcomputinggroup.org/tcg-storage-feature-set-block-sid-authentication-specification/ + + TCG Storage Opal SSC Feature Set: PSID Version 1.00, Revision 1.00, + https://trustedcomputinggroup.org/tcg-storage-opal-feature-set-psid/) + + Check http://trustedcomputinggroup.org for latest specification updates. + +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _OPAL_CORE_H_ +#define _OPAL_CORE_H_ + +#include <IndustryStandard/TcgStorageOpal.h> + +#include <Library/TcgStorageCoreLib.h> +#include <Protocol/StorageSecurityCommand.h> + +#pragma pack(1) + +typedef struct { + // + // Opal SSC 1 support (0 - not supported, 1 - supported) + // + UINT32 OpalSsc1 : 1; + + // + // Opal SSC 2support (0 - not supported, 1 - supported) + // + UINT32 OpalSsc2 : 1; + + // + // Opal SSC Lite support (0 - not supported, 1 - supported) + // + UINT32 OpalSscLite : 1; + + // + // Pyrite SSC support (0 - not supported, 1 - supported) + // + UINT32 PyriteSsc : 1; + + // + // Security protocol 1 support (0 - not supported, 1 - supported) + // + UINT32 Sp1 : 1; + + // + // Security protocol 2 support (0 - not supported, 1 - supported) + // + UINT32 Sp2 : 1; + + // + // Security protocol IEEE1667 support (0 - not supported, 1 - supported) + // + UINT32 SpIeee1667 : 1; + + // + // Media encryption supported (0 - not supported, 1 - supported) + // + UINT32 MediaEncryption : 1; + + // + // Initial C_PIN_SID PIN Indicator + // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value + // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value + // + UINT32 InitCpinIndicator : 1; + + // + // Behavior of C_PIN_SID PIN upon TPer Revert + // 0 - The initial C_PIN_SID PIN value is NOT equal to the C_PIN_MSID PIN value + // 1 - The initial C_PIN_SID PIN value is equal to the C_PIN_MSID PIN value + // + UINT32 CpinUponRevert : 1; + + // + // Media encryption supported (0 - not supported, 1 - supported) + // + UINT32 BlockSid : 1; + + // + // Pyrite SSC V2 support (0 - not supported, 1 - supported) + // + UINT32 PyriteSscV2 : 1; + + // + // Supported Data Removal Mechanism support (0 - not supported, 1 - supported) + // + UINT32 DataRemoval : 1; +} OPAL_DISK_SUPPORT_ATTRIBUTE; + +// +// Opal device ownership type +// The type indicates who was the determined owner of the device. +// +typedef enum { + // + // Represents the device ownership is unknown because starting a session as the SID authority with the ADMIN SP + //was unsuccessful with the provided PIN + // + OpalOwnershipUnknown, + + // + // Represents that the ADMIN SP SID authority contains the same PIN as the MSID PIN + // + OpalOwnershipNobody, +} OPAL_OWNER_SHIP; + +// +// Structure that is used to represent an Opal session. +// The structure must be initialized by calling OpalStartSession before being used as a parameter +// for any other Opal function. +// This structure should NOT be directly modified by the client of this library. +// +// +typedef struct { + UINT32 HostSessionId; + UINT32 TperSessionId; + UINT16 ComIdExtension; + + UINT16 OpalBaseComId; + + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; + UINT32 MediaId; +} OPAL_SESSION; +#pragma pack() + +/** + + The function fills in the provided Buffer with the supported protocol list + of the device specified. + + @param[in] Session OPAL_SESSION data. + @param[in] BufferSize Size of Buffer provided (in bytes) + @param[in] BuffAddress Buffer address to fill with security protocol list + +**/ +TCG_RESULT +EFIAPI +OpalRetrieveSupportedProtocolList( + OPAL_SESSION *Session, + UINTN BufferSize, + VOID *BuffAddress + ); + +/** + + The function fills in the provided Buffer with the level 0 discovery Header + of the device specified. + + @param[in] Session OPAL_SESSION data. + @param[in] BufferSize Size of Buffer provided (in bytes) + @param[in] BuffAddress Buffer address to fill with Level 0 Discovery response + +**/ +TCG_RESULT +EFIAPI +OpalRetrieveLevel0DiscoveryHeader( + OPAL_SESSION *Session, + UINTN BufferSize, + VOID *BuffAddress + ); + +/** + Starts a session with a security provider (SP). + + If a session is started successfully, the caller must end the session with OpalEndSession when finished + performing Opal actions. + + @param[in/out] Session OPAL_SESSION to initialize. + @param[in] SpId Security provider ID to start the session with. + @param[in] Write Whether the session should be read-only (FALSE) or read/write (TRUE). + @param[in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL + @param[in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge will be sent. + @param[in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority will be sent. + @param[in/out] MethodStatus Status of the StartSession method; only valid if TcgResultSuccess is returned. + + @return TcgResultSuccess indicates that the function completed without any internal errors. + The caller must inspect the MethodStatus field to determine whether the method completed successfully. + +**/ +TCG_RESULT +EFIAPI +OpalStartSession( + OPAL_SESSION *Session, + TCG_UID SpId, + BOOLEAN Write, + UINT32 HostChallengeLength, + const VOID *HostChallenge, + TCG_UID HostSigningAuthority, + UINT8 *MethodStatus + ); + +/** + Close a session opened with OpalStartSession. + + @param[in/out] Session OPAL_SESSION to end. + +**/ +TCG_RESULT +EFIAPI +OpalEndSession( + OPAL_SESSION *Session + ); + +/** + + Reverts device using Admin SP Revert method. + + @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert. + +**/ +TCG_RESULT +EFIAPI +OpalPsidRevert( + OPAL_SESSION *AdminSpSession + ); + + +/** + + The function retrieves the MSID from the device specified + + @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert. + @param[in] MsidBufferSize Allocated buffer size (in bytes) for MSID allocated by caller + @param[in] Msid Variable length byte sequence representing MSID of device + @param[in] MsidLength Actual length of MSID retrieved from device + +**/ +TCG_RESULT +EFIAPI +OpalGetMsid( + OPAL_SESSION *AdminSpSession, + UINT32 MsidBufferSize, + UINT8 *Msid, + UINT32 *MsidLength + ); + +/** + + The function activates the Locking SP. + Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN. + If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs. + + @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalActivateLockingSp( + OPAL_SESSION *AdminSpSession, + UINT8 *MethodStatus + ); + + +/** + + The function sets the PIN column of the specified cpinRowUid (authority) with the newPin value. + + @param[in/out] Session OPAL_SESSION to set password + @param[in] CpinRowUid UID of row (authority) to update PIN column + @param[in] NewPin New Pin to set for cpinRowUid specified + @param[in] NewPinLength Length in bytes of newPin + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalSetPassword( + OPAL_SESSION *Session, + TCG_UID CpinRowUid, + const VOID *NewPin, + UINT32 NewPinLength, + UINT8 *MethodStatus + ); + +/** + + The function retrieves the active key of the global locking range + and calls the GenKey method on the active key retrieved. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalGlobalLockingRangeGenKey( + OPAL_SESSION *LockingSpSession, + UINT8 *MethodStatus + ); + + +/** + + The function updates the ReadLocked and WriteLocked columns of the Global Locking Range. + This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns + (not ReadLockEnabled and WriteLockEnabled columns). + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key + @param[in] ReadLocked Value to set ReadLocked column for Global Locking Range + @param[in] WriteLocked Value to set WriteLocked column for Global Locking Range + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalUpdateGlobalLockingRange( + OPAL_SESSION *LockingSpSession, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked, + UINT8 *MethodStatus + ); + + +/** + + The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns + of the specified Locking Range. This function requires admin authority of a locking SP session. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key + @param[in] LockingRangeUid Locking range UID to set values + @param[in] RangeStart Value to set RangeStart column for Locking Range + @param[in] RangeLength Value to set RangeLength column for Locking Range + @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range + @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range + @param[in] ReadLocked Value to set ReadLocked column for Locking Range + @param[in] WriteLocked Value to set WriteLocked column for Locking Range + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalSetLockingRange( + OPAL_SESSION *LockingSpSession, + TCG_UID LockingRangeUid, + UINT64 RangeStart, + UINT64 RangeLength, + BOOLEAN ReadLockEnabled, + BOOLEAN WriteLockEnabled, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked, + UINT8 *MethodStatus + ); + +/** + + The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided + using the newPin provided. AuthorityUid and cpinRowUid should describe the same authority. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update + @param[in] CpinRowUid Row UID of C_PIN table of Locking SP to update PIN + @param[in] AuthorityUid UID of Locking SP authority to update Pin column with + @param[in] NewPin New Password used to set Pin column + @param[in] NewPinLength Length in bytes of new password + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalSetLockingSpAuthorityEnabledAndPin( + OPAL_SESSION *LockingSpSession, + TCG_UID CpinRowUid, + TCG_UID AuthorityUid, + const VOID *NewPin, + UINT32 NewPinLength, + UINT8 *MethodStatus + ); + + +/** + + The function sets the Enabled column to FALSE for the USER1 authority. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1 + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalDisableUser( + OPAL_SESSION *LockingSpSession, + UINT8 *MethodStatus + ); + + +/** + + The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter + to keep the user data is set to True, otherwise the optional parameter is not provided. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP + @param[in] KeepUserData Specifies whether or not to keep user data when performing RevertSP action. True = keeps user data. + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalAdminRevert( + OPAL_SESSION *LockingSpSession, + BOOLEAN KeepUserData, + UINT8 *MethodStatus + ); + + +/** + + The function retrieves the TryLimit column for the specified rowUid (authority). + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit + @param[in] RowUid Row UID of the Locking SP C_PIN table to retrieve TryLimit column + @param[in/out] TryLimit Value from TryLimit column + +**/ +TCG_RESULT +EFIAPI +OpalGetTryLimit( + OPAL_SESSION *LockingSpSession, + TCG_UID RowUid, + UINT32 *TryLimit + ); + + +/** + + The function populates the CreateStruct with a payload that will retrieve the global locking range active key. + It is intended to be called with a session that is already started with a valid credential. + The function does not send the payload. + + @param[in] Session OPAL_SESSION to populate command for, needs comId + @param[in/out] CreateStruct Structure to populate with encoded TCG command + @param[in/out] Size Size in bytes of the command created. + +**/ +TCG_RESULT +EFIAPI +OpalCreateRetrieveGlobalLockingRangeActiveKey( + const OPAL_SESSION *Session, + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size + ); + + +/** + + The function acquires the activeKey specified for the Global Locking Range from the parseStruct. + + @param[in] ParseStruct Structure that contains the device's response with the activekey + @param[in/out] ActiveKey The UID of the active key retrieved + +**/ +TCG_RESULT +EFIAPI +OpalParseRetrieveGlobalLockingRangeActiveKey( + TCG_PARSE_STRUCT *ParseStruct, + TCG_UID *ActiveKey + ); + +/** + + Get the support attribute info. + + @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info. + @param[in/out] LockingFeature Return the Locking info. + +**/ +TCG_RESULT +EFIAPI +OpalGetLockingInfo( + OPAL_SESSION *Session, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature + ); + +/** + + The function determines whether or not all of the requirements for the Opal Feature (not full specification) + are met by the specified device. + + @param[in] SupportedAttributes Opal device attribute. + +**/ +BOOLEAN +EFIAPI +OpalFeatureSupported( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes + ); + +/** + + The function returns whether or not the device is Opal Enabled. + TRUE means that the device is partially or fully locked. + This will perform a Level 0 Discovery and parse the locking feature descriptor + + @param[in] SupportedAttributes Opal device attribute. + @param[in] LockingFeature Opal device locking status. + + +**/ +BOOLEAN +EFIAPI +OpalFeatureEnabled( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature + ); + +/** + + The function returns whether or not the device is Opal Locked. + TRUE means that the device is partially or fully locked. + This will perform a Level 0 Discovery and parse the locking feature descriptor + + @param[in] SupportedAttributes Opal device attribute. + @param[in] LockingFeature Opal device locking status. + +**/ +BOOLEAN +OpalDeviceLocked( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature + ); + +/** + Trig the block sid action. + + @param[in] Session OPAL_SESSION to populate command for, needs comId + @param[in] HardwareReset Whether need to do hardware reset. + +**/ +TCG_RESULT +EFIAPI +OpalBlockSid( + OPAL_SESSION *Session, + BOOLEAN HardwareReset + ); + +/** + + Get the support attribute info. + + @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info. + @param[in/out] SupportedAttributes Return the support attribute info. + @param[out] OpalBaseComId Return the base com id info. + +**/ +TCG_RESULT +EFIAPI +OpalGetSupportedAttributesInfo( + OPAL_SESSION *Session, + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + UINT16 *OpalBaseComId + ); + +/** + Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method. + + @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId + @param[in] Psid PSID of device to revert. + @param[in] PsidLength Length of PSID in bytes. + +**/ +TCG_RESULT +EFIAPI +OpalUtilPsidRevert( + OPAL_SESSION *AdminSpSession, + const VOID *Psid, + UINT32 PsidLength + ); + +/** + Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY, + sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password, + and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN. + + @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId + @param[in] GeneratedSid Generated SID of disk + @param[in] SidLength Length of generatedSid in bytes + @param[in] Password New admin password to set + @param[in] PassLength Length of password in bytes + +**/ +TCG_RESULT +EFIAPI +OpalUtilSetAdminPasswordAsSid( + OPAL_SESSION *AdminSpSession, + const VOID *GeneratedSid, + UINT32 SidLength, + const VOID *Password, + UINT32 PassLength + ); + +/** + + Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + and updates the specified locking range with the provided column values. + + @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId + @param[in] Password New admin password to set + @param[in] PassLength Length of password in bytes + @param[in] LockingRangeUid Locking range UID to set values + @param[in] RangeStart Value to set RangeStart column for Locking Range + @param[in] RangeLength Value to set RangeLength column for Locking Range + @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range + @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range + @param[in] ReadLocked Value to set ReadLocked column for Locking Range + @param[in] WriteLocked Value to set WriteLocked column for Locking Range + +**/ +TCG_RESULT +EFIAPI +OpalUtilSetOpalLockingRange( + OPAL_SESSION *LockingSpSession, + const VOID *Password, + UINT32 PassLength, + TCG_UID LockingRangeUid, + UINT64 RangeStart, + UINT64 RangeLength, + BOOLEAN ReadLockEnabled, + BOOLEAN WriteLockEnabled, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked + ); + +/** + Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY, + sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password, + and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password. + + @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId + @param[in] OldPassword Current admin password + @param[in] OldPasswordLength Length of current admin password in bytes + @param[in] NewPassword New admin password to set + @param[in] NewPasswordLength Length of new password in bytes + +**/ +TCG_RESULT +EFIAPI +OpalUtilSetAdminPassword( + OPAL_SESSION *AdminSpSession, + const VOID *OldPassword, + UINT32 OldPasswordLength, + const VOID *NewPassword, + UINT32 NewPasswordLength + ); + +/** + Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY + and sets the User1 SP authority to enabled and sets the User1 password. + + @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId + @param[in] OldPassword Current admin password + @param[in] OldPasswordLength Length of current admin password in bytes + @param[in] NewPassword New admin password to set + @param[in] NewPasswordLength Length of new password in bytes + +**/ +TCG_RESULT +EFIAPI +OpalUtilSetUserPassword( + OPAL_SESSION *LockingSpSession, + const VOID *OldPassword, + UINT32 OldPasswordLength, + const VOID *NewPassword, + UINT32 NewPasswordLength + ); + +/** + Verify whether user input the correct password. + + @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId + @param[in] Password Admin password + @param[in] PasswordLength Length of password in bytes + @param[in/out] HostSigningAuthority Use the Host signing authority type. + +**/ +TCG_RESULT +EFIAPI +OpalUtilVerifyPassword ( + OPAL_SESSION *LockingSpSession, + const VOID *Password, + UINT32 PasswordLength, + TCG_UID HostSigningAuthority + ); + +/** + Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY + and generates a new global locking range key to erase the Data. + + @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId + @param[in] Password Admin or user password + @param[in] PasswordLength Length of password in bytes + @param[in/out] PasswordFailed indicates if password failed (start session didn't work) + +**/ +TCG_RESULT +EFIAPI +OpalUtilSecureErase( + OPAL_SESSION *LockingSpSession, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed + ); + +/** + Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority. + + @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId + @param[in] Password Admin password + @param[in] PasswordLength Length of password in bytes + @param[in/out] PasswordFailed indicates if password failed (start session didn't work) + +**/ +TCG_RESULT +EFIAPI +OpalUtilDisableUser( + OPAL_SESSION *LockingSpSession, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed + ); + +/** + Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method. + + @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId + @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it + @param[in] Password Admin password + @param[in] PasswordLength Length of password in bytes + @param[in/out] PasswordFailed indicates if password failed (start session didn't work) + @param[in] Msid Input Msid info. + @param[in] MsidLength Input Msid info length. + +**/ +TCG_RESULT +EFIAPI +OpalUtilRevert( + OPAL_SESSION *LockingSpSession, + BOOLEAN KeepUserData, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed, + UINT8 *Msid, + UINT32 MsidLength + ); + +/** + After revert success, set SID to MSID. + + @param[in] AdminSpSession OPAL_SESSION to populate command for, needs comId + @param Password, Input password info. + @param PasswordLength, Input password length. + @param[in] Msid Input Msid info. + @param[in] MsidLength Input Msid info length. + +**/ +TCG_RESULT +EFIAPI +OpalUtilSetSIDtoMSID ( + OPAL_SESSION *AdminSpSession, + const VOID *Password, + UINT32 PasswordLength, + UINT8 *Msid, + UINT32 MsidLength + ); + +/** + Update global locking range. + + @param[in] LockingSpSession OPAL_SESSION to populate command for, needs comId + @param Password, Input password info. + @param PasswordLength, Input password length. + @param ReadLocked, Read lock info. + @param WriteLocked write lock info. + +**/ +TCG_RESULT +EFIAPI +OpalUtilUpdateGlobalLockingRange( + OPAL_SESSION *LockingSpSession, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked + ); + +/** + Update global locking range. + + @param Session, The session info for one opal device. + @param Msid, The data buffer to save Msid info. + @param MsidBufferLength, The data buffer length for Msid. + @param MsidLength, The actual data length for Msid. + +**/ +TCG_RESULT +EFIAPI +OpalUtilGetMsid( + OPAL_SESSION *Session, + UINT8 *Msid, + UINT32 MsidBufferLength, + UINT32 *MsidLength + ); + +/** + + The function determines who owns the device by attempting to start a session with different credentials. + If the SID PIN matches the MSID PIN, the no one owns the device. + If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown. + + + @param[in] Session The session info for one opal device. + @param Msid, The Msid info. + @param MsidLength, The data length for Msid. + +**/ +OPAL_OWNER_SHIP +EFIAPI +OpalUtilDetermineOwnership( + OPAL_SESSION *Session, + UINT8 *Msid, + UINT32 MsidLength + ); + +/** + + The function returns if admin password exists. + + @param[in] OwnerShip The owner ship of the opal device. + @param[in] LockingFeature The locking info of the opal device. + + @retval TRUE Admin password existed. + @retval FALSE Admin password not existed. + +**/ +BOOLEAN +EFIAPI +OpalUtilAdminPasswordExists( + IN UINT16 OwnerShip, + IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature + ); + +/** + Get Active Data Removal Mechanism Value. + + @param[in] Session, The session info for one opal device. + @param[in] GeneratedSid Generated SID of disk + @param[in] SidLength Length of generatedSid in bytes + @param[out] ActiveDataRemovalMechanism Return the active data removal mechanism. + +**/ +TCG_RESULT +EFIAPI +OpalUtilGetActiveDataRemovalMechanism ( + OPAL_SESSION *Session, + const VOID *GeneratedSid, + UINT32 SidLength, + UINT8 *ActiveDataRemovalMechanism + ); + +/** + Get the supported Data Removal Mechanism list. + + @param[in] Session, The session info for one opal device. + @param[out] RemovalMechanismLists Return the supported data removal mechanism lists. + +**/ +TCG_RESULT +EFIAPI +OpalUtilGetDataRemovalMechanismLists ( + IN OPAL_SESSION *Session, + OUT UINT32 *RemovalMechanismLists + ); + +#endif // _OPAL_CORE_H_ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm12CommandLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm12CommandLib.h new file mode 100644 index 00000000..8dc5002a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm12CommandLib.h @@ -0,0 +1,219 @@ +/** @file + This library is used by other modules to send TPM12 command. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TPM12_COMMAND_LIB_H_ +#define _TPM12_COMMAND_LIB_H_ + +#include <IndustryStandard/Tpm12.h> + +/** + Send Startup command to TPM1.2. + + @param TpmSt Startup Type. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12Startup ( + IN TPM_STARTUP_TYPE TpmSt + ); + +/** + Send SaveState command to TPM1.2. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12SaveState ( + VOID + ); + +/** + Send ForceClear command to TPM1.2. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12ForceClear ( + VOID + ); + +#pragma pack(1) + +typedef struct { + UINT16 sizeOfSelect; + UINT8 pcrSelect[3]; +} TPM12_PCR_SELECTION; + +typedef struct { + TPM12_PCR_SELECTION pcrSelection; + TPM_LOCALITY_SELECTION localityAtRelease; + TPM_COMPOSITE_HASH digestAtRelease; +} TPM12_PCR_INFO_SHORT; + +typedef struct { + TPM_STRUCTURE_TAG tag; + TPM_NV_INDEX nvIndex; + TPM12_PCR_INFO_SHORT pcrInfoRead; + TPM12_PCR_INFO_SHORT pcrInfoWrite; + TPM_NV_ATTRIBUTES permission; + BOOLEAN bReadSTClear; + BOOLEAN bWriteSTClear; + BOOLEAN bWriteDefine; + UINT32 dataSize; +} TPM12_NV_DATA_PUBLIC; + +#pragma pack() + +/** + Send NV DefineSpace command to TPM1.2. + + @param PubInfo The public parameters of the NV area. + @param EncAuth The encrypted AuthData, only valid if the attributes require subsequent authorization. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12NvDefineSpace ( + IN TPM12_NV_DATA_PUBLIC *PubInfo, + IN TPM_ENCAUTH *EncAuth + ); + +/** + Send NV ReadValue command to TPM1.2. + + @param NvIndex The index of the area to set. + @param Offset The offset into the area. + @param DataSize The size of the data area. + @param Data The data to set the area to. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12NvReadValue ( + IN TPM_NV_INDEX NvIndex, + IN UINT32 Offset, + IN OUT UINT32 *DataSize, + OUT UINT8 *Data + ); + +/** + Send NV WriteValue command to TPM1.2. + + @param NvIndex The index of the area to set. + @param Offset The offset into the NV Area. + @param DataSize The size of the data parameter. + @param Data The data to set the area to. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12NvWriteValue ( + IN TPM_NV_INDEX NvIndex, + IN UINT32 Offset, + IN UINT32 DataSize, + IN UINT8 *Data + ); + +/** +Extend a TPM PCR. + +@param[in] DigestToExtend The 160 bit value representing the event to be recorded. +@param[in] PcrIndex The PCR to be updated. +@param[out] NewPcrValue New PCR value after extend. + +@retval EFI_SUCCESS Operation completed successfully. +@retval EFI_TIMEOUT The register can't run into the expected status in time. +@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. +@retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +Tpm12Extend ( + IN TPM_DIGEST *DigestToExtend, + IN TPM_PCRINDEX PcrIndex, + OUT TPM_DIGEST *NewPcrValue + ); + +/** +Send TSC_PhysicalPresence command to TPM. + +@param[in] PhysicalPresence The state to set the TPMs Physical Presence flags. + +@retval EFI_SUCCESS Operation completed successfully. +@retval EFI_TIMEOUT The register can't run into the expected status in time. +@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. +@retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +Tpm12PhysicalPresence ( + IN TPM_PHYSICAL_PRESENCE PhysicalPresence + ); + +/** +Send TPM_ContinueSelfTest command to TPM. + +@retval EFI_SUCCESS Operation completed successfully. +@retval EFI_TIMEOUT The register can't run into the expected status in time. +@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. +@retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +Tpm12ContinueSelfTest ( + VOID + ); + +/** +Get TPM capability permanent flags. + +@param[out] TpmPermanentFlags Pointer to the buffer for returned flag structure. + +@retval EFI_SUCCESS Operation completed successfully. +@retval EFI_TIMEOUT The register can't run into the expected status in time. +@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. +@retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +Tpm12GetCapabilityFlagPermanent ( + OUT TPM_PERMANENT_FLAGS *TpmPermanentFlags + ); + +/** +Get TPM capability volatile flags. + +@param[out] VolatileFlags Pointer to the buffer for returned flag structure. + +@retval EFI_SUCCESS Operation completed successfully. +@retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +Tpm12GetCapabilityFlagVolatile ( + OUT TPM_STCLEAR_FLAGS *VolatileFlags + ); +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm12DeviceLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm12DeviceLib.h new file mode 100644 index 00000000..e9de93e1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm12DeviceLib.h @@ -0,0 +1,48 @@ +/** @file + This library abstract how to access TPM12 hardware device. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TPM12_DEVICE_LIB_H_ +#define _TPM12_DEVICE_LIB_H_ + +#include <IndustryStandard/Tpm12.h> + +/** + This service enables the sending of commands to the TPM12. + + @param[in] InputParameterBlockSize Size of the TPM12 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM12 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM12 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM12 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm12SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ); + +/** + This service requests use TPM12. + + @retval EFI_SUCCESS Get the control of TPM12 chip. + @retval EFI_NOT_FOUND TPM12 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12RequestUseTpm ( + VOID + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm2CommandLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm2CommandLib.h new file mode 100644 index 00000000..cccf3a68 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -0,0 +1,1116 @@ +/** @file + This library is used by other modules to send TPM2 command. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TPM2_COMMAND_LIB_H_ +#define _TPM2_COMMAND_LIB_H_ + +#include <IndustryStandard/Tpm20.h> + +/** + This command starts a hash or an Event sequence. + If hashAlg is an implemented hash, then a hash sequence is started. + If hashAlg is TPM_ALG_NULL, then an Event sequence is started. + + @param[in] HashAlg The hash algorithm to use for the hash sequence + An Event sequence starts if this is TPM_ALG_NULL. + @param[out] SequenceHandle A handle to reference the sequence + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2HashSequenceStart ( + IN TPMI_ALG_HASH HashAlg, + OUT TPMI_DH_OBJECT *SequenceHandle + ); + +/** + This command is used to add data to a hash or HMAC sequence. + The amount of data in buffer may be any size up to the limits of the TPM. + NOTE: In all TPM, a buffer size of 1,024 octets is allowed. + + @param[in] SequenceHandle Handle for the sequence object + @param[in] Buffer Data to be added to hash + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2SequenceUpdate ( + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer + ); + +/** + This command adds the last part of data, if any, to an Event sequence and returns the result in a digest list. + If pcrHandle references a PCR and not TPM_RH_NULL, then the returned digest list is processed in + the same manner as the digest list input parameter to TPM2_PCR_Extend() with the pcrHandle in each + bank extended with the associated digest value. + + @param[in] PcrHandle PCR to be extended with the Event data + @param[in] SequenceHandle Authorization for the sequence + @param[in] Buffer Data to be added to the Event + @param[out] Results List of digests computed for the PCR + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2EventSequenceComplete ( + IN TPMI_DH_PCR PcrHandle, + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer, + OUT TPML_DIGEST_VALUES *Results + ); + +/** + This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result. + + @param[in] SequenceHandle Authorization for the sequence + @param[in] Buffer Data to be added to the hash/HMAC + @param[out] Result The returned HMAC or digest in a sized buffer + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2SequenceComplete ( + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer, + OUT TPM2B_DIGEST *Result + ); + +/** + Send Startup command to TPM2. + + @param[in] StartupType TPM_SU_CLEAR or TPM_SU_STATE + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2Startup ( + IN TPM_SU StartupType + ); + +/** + Send Shutdown command to TPM2. + + @param[in] ShutdownType TPM_SU_CLEAR or TPM_SU_STATE. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2Shutdown ( + IN TPM_SU ShutdownType + ); + +/** + This command causes the TPM to perform a test of its capabilities. + If the fullTest is YES, the TPM will test all functions. + If fullTest = NO, the TPM will only test those functions that have not previously been tested. + + @param[in] FullTest YES if full test to be performed + NO if only test of untested functions required + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2SelfTest ( + IN TPMI_YES_NO FullTest + ); + +/** + This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the + storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy). + + @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated + @param[in] AuthSession Auth Session context + @param[in] AuthPolicy An authorization policy hash + @param[in] HashAlg The hash algorithm to use for the policy + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2SetPrimaryPolicy ( + IN TPMI_RH_HIERARCHY_AUTH AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPM2B_DIGEST *AuthPolicy, + IN TPMI_ALG_HASH HashAlg + ); + +/** + This command removes all TPM context associated with a specific Owner. + + @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2Clear ( + IN TPMI_RH_CLEAR AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + ); + +/** + Disables and enables the execution of TPM2_Clear(). + + @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + @param[in] Disable YES if the disableOwnerClear flag is to be SET, + NO if the flag is to be CLEAR. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2ClearControl ( + IN TPMI_RH_CLEAR AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL + IN TPMI_YES_NO Disable + ); + +/** + This command allows the authorization secret for a hierarchy or lockout to be changed using the current + authorization value as the command authorization. + + @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + @param[in] NewAuth New authorization secret + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2HierarchyChangeAuth ( + IN TPMI_RH_HIERARCHY_AUTH AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPM2B_AUTH *NewAuth + ); + +/** + This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to + their default initialization values. + + @param[in] AuthHandle TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2ChangeEPS ( + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession + ); + +/** + This replaces the current PPS with a value from the RNG and sets platformPolicy to the default + initialization value (the Empty Buffer). + + @param[in] AuthHandle TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2ChangePPS ( + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession + ); + +/** + This command enables and disables use of a hierarchy. + + @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + @param[in] Hierarchy Hierarchy of the enable being modified + @param[in] State YES if the enable should be SET, + NO if the enable should be CLEAR + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2HierarchyControl ( + IN TPMI_RH_HIERARCHY AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPMI_RH_HIERARCHY Hierarchy, + IN TPMI_YES_NO State + ); + +/** + This command cancels the effect of a TPM lockout due to a number of successive authorization failures. + If this command is properly authorized, the lockout counter is set to zero. + + @param[in] LockHandle LockHandle + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2DictionaryAttackLockReset ( + IN TPMI_RH_LOCKOUT LockHandle, + IN TPMS_AUTH_COMMAND *AuthSession + ); + +/** + This command cancels the effect of a TPM lockout due to a number of successive authorization failures. + If this command is properly authorized, the lockout counter is set to zero. + + @param[in] LockHandle LockHandle + @param[in] AuthSession Auth Session context + @param[in] NewMaxTries Count of authorization failures before the lockout is imposed + @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented + @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2DictionaryAttackParameters ( + IN TPMI_RH_LOCKOUT LockHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN UINT32 NewMaxTries, + IN UINT32 NewRecoveryTime, + IN UINT32 LockoutRecovery + ); + +/** + This command is used to read the public area and Name of an NV Index. + + @param[in] NvIndex The NV Index. + @param[out] NvPublic The public area of the index. + @param[out] NvName The Name of the nvIndex. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2NvReadPublic ( + IN TPMI_RH_NV_INDEX NvIndex, + OUT TPM2B_NV_PUBLIC *NvPublic, + OUT TPM2B_NAME *NvName + ); + +/** + This command defines the attributes of an NV Index and causes the TPM to + reserve space to hold the data associated with the index. + If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED. + + @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. + @param[in] AuthSession Auth Session context + @param[in] Auth The authorization data. + @param[in] NvPublic The public area of the index. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined. +**/ +EFI_STATUS +EFIAPI +Tpm2NvDefineSpace ( + IN TPMI_RH_PROVISION AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL + IN TPM2B_AUTH *Auth, + IN TPM2B_NV_PUBLIC *NvPublic + ); + +/** + This command removes an index from the TPM. + + @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. + @param[in] NvIndex The NV Index. + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvUndefineSpace ( + IN TPMI_RH_PROVISION AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + ); + +/** + This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace(). + + @param[in] AuthHandle the handle indicating the source of the authorization value. + @param[in] NvIndex The index to be read. + @param[in] AuthSession Auth Session context + @param[in] Size Number of bytes to read. + @param[in] Offset Byte offset into the area. + @param[in,out] OutData The data read. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvRead ( + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL + IN UINT16 Size, + IN UINT16 Offset, + IN OUT TPM2B_MAX_BUFFER *OutData + ); + +/** + This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace(). + + @param[in] AuthHandle the handle indicating the source of the authorization value. + @param[in] NvIndex The NV Index of the area to write. + @param[in] AuthSession Auth Session context + @param[in] InData The data to write. + @param[in] Offset The offset into the NV Area. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvWrite ( + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL + IN TPM2B_MAX_BUFFER *InData, + IN UINT16 Offset + ); + +/** + This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR). + + @param[in] AuthHandle the handle indicating the source of the authorization value. + @param[in] NvIndex The NV Index of the area to lock. + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvReadLock ( + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + ); + +/** + This command may be used to inhibit further writes of the Index. + + @param[in] AuthHandle the handle indicating the source of the authorization value. + @param[in] NvIndex The NV Index of the area to lock. + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvWriteLock ( + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + ); + +/** + The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET. + + @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvGlobalWriteLock ( + IN TPMI_RH_PROVISION AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + ); + +/** + This command is used to cause an update to the indicated PCR. + The digests parameter contains one or more tagged digest value identified by an algorithm ID. + For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg). + + @param[in] PcrHandle Handle of the PCR + @param[in] Digests List of tagged digest values to be extended + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrExtend ( + IN TPMI_DH_PCR PcrHandle, + IN TPML_DIGEST_VALUES *Digests + ); + +/** + This command is used to cause an update to the indicated PCR. + The data in eventData is hashed using the hash algorithm associated with each bank in which the + indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle + references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in + TPM2_PCR_Extend(). + A TPM shall support an Event.size of zero through 1,024 inclusive. + + @param[in] PcrHandle Handle of the PCR + @param[in] EventData Event data in sized buffer + @param[out] Digests List of digest + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrEvent ( + IN TPMI_DH_PCR PcrHandle, + IN TPM2B_EVENT *EventData, + OUT TPML_DIGEST_VALUES *Digests + ); + +/** + This command returns the values of all PCR specified in pcrSelect. + + @param[in] PcrSelectionIn The selection of PCR to read. + @param[out] PcrUpdateCounter The current value of the PCR update counter. + @param[out] PcrSelectionOut The PCR in the returned list. + @param[out] PcrValues The contents of the PCR indicated in pcrSelect. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrRead ( + IN TPML_PCR_SELECTION *PcrSelectionIn, + OUT UINT32 *PcrUpdateCounter, + OUT TPML_PCR_SELECTION *PcrSelectionOut, + OUT TPML_DIGEST *PcrValues + ); + +/** + This command is used to set the desired PCR allocation of PCR and algorithms. + + @param[in] AuthHandle TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + @param[in] PcrAllocation The requested allocation + @param[out] AllocationSuccess YES if the allocation succeeded + @param[out] MaxPCR maximum number of PCR that may be in a bank + @param[out] SizeNeeded number of octets required to satisfy the request + @param[out] SizeAvailable Number of octets available. Computed before the allocation + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrAllocate ( + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPML_PCR_SELECTION *PcrAllocation, + OUT TPMI_YES_NO *AllocationSuccess, + OUT UINT32 *MaxPCR, + OUT UINT32 *SizeNeeded, + OUT UINT32 *SizeAvailable + ); + +/** + Alloc PCR data. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] SupportedPCRBanks Supported PCR banks + @param[in] PCRBanks PCR banks + + @retval EFI_SUCCESS Operation completed successfully. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrAllocateBanks ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN UINT32 SupportedPCRBanks, + IN UINT32 PCRBanks + ); + +/** + This command returns various information regarding the TPM and its current state. + + The capability parameter determines the category of data returned. The property parameter + selects the first value of the selected category to be returned. If there is no property + that corresponds to the value of property, the next higher value is returned, if it exists. + The moreData parameter will have a value of YES if there are more values of the requested + type that were not returned. + If no next capability exists, the TPM will return a zero-length list and moreData will have + a value of NO. + + NOTE: + To simplify this function, leave returned CapabilityData for caller to unpack since there are + many capability categories and only few categories will be used in firmware. It means the caller + need swap the byte order for the fields in CapabilityData. + + @param[in] Capability Group selection; determines the format of the response. + @param[in] Property Further definition of information. + @param[in] PropertyCount Number of properties of the indicated type to return. + @param[out] MoreData Flag to indicate if there are more values of this type. + @param[out] CapabilityData The capability data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapability ( + IN TPM_CAP Capability, + IN UINT32 Property, + IN UINT32 PropertyCount, + OUT TPMI_YES_NO *MoreData, + OUT TPMS_CAPABILITY_DATA *CapabilityData + ); + +/** + This command returns the information of TPM Family. + + This function parse the value got from TPM2_GetCapability and return the Family. + + @param[out] Family The Family of TPM. (a 4-octet character string) + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityFamily ( + OUT CHAR8 *Family + ); + +/** + This command returns the information of TPM manufacture ID. + + This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID. + + @param[out] ManufactureId The manufacture ID of TPM. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityManufactureID ( + OUT UINT32 *ManufactureId + ); + +/** + This command returns the information of TPM FirmwareVersion. + + This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion. + + @param[out] FirmwareVersion1 The FirmwareVersion1. + @param[out] FirmwareVersion2 The FirmwareVersion2. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityFirmwareVersion ( + OUT UINT32 *FirmwareVersion1, + OUT UINT32 *FirmwareVersion2 + ); + +/** + This command returns the information of the maximum value for commandSize and responseSize in a command. + + This function parse the value got from TPM2_GetCapability and return the max command size and response size + + @param[out] MaxCommandSize The maximum value for commandSize in a command. + @param[out] MaxResponseSize The maximum value for responseSize in a command. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityMaxCommandResponseSize ( + OUT UINT32 *MaxCommandSize, + OUT UINT32 *MaxResponseSize + ); + +/** + This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an + algorithm ID and a set of properties of the algorithm. + + This function parse the value got from TPM2_GetCapability and return the list. + + @param[out] AlgList List of algorithm. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilitySupportedAlg ( + OUT TPML_ALG_PROPERTY *AlgList + ); + +/** + This command returns the information of TPM LockoutCounter. + + This function parse the value got from TPM2_GetCapability and return the LockoutCounter. + + @param[out] LockoutCounter The LockoutCounter of TPM. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityLockoutCounter ( + OUT UINT32 *LockoutCounter + ); + +/** + This command returns the information of TPM LockoutInterval. + + This function parse the value got from TPM2_GetCapability and return the LockoutInterval. + + @param[out] LockoutInterval The LockoutInterval of TPM. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityLockoutInterval ( + OUT UINT32 *LockoutInterval + ); + +/** + This command returns the information of TPM InputBufferSize. + + This function parse the value got from TPM2_GetCapability and return the InputBufferSize. + + @param[out] InputBufferSize The InputBufferSize of TPM. + the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER) + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityInputBufferSize ( + OUT UINT32 *InputBufferSize + ); + +/** + This command returns the information of TPM PCRs. + + This function parse the value got from TPM2_GetCapability and return the PcrSelection. + + @param[out] Pcrs The Pcr Selection + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityPcrs ( + OUT TPML_PCR_SELECTION *Pcrs + ); + +/** + This function will query the TPM to determine which hashing algorithms + are supported and which PCR banks are currently active. + + @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM. + @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated. + + @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted. + @retval Others An error occurred, likely in communication with the TPM. + +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilitySupportedAndActivePcrs( + OUT UINT32 *TpmHashAlgorithmBitmap, + OUT UINT32 *ActivePcrBanks + ); + +/** + This command returns the information of TPM AlgorithmSet. + + This function parse the value got from TPM2_GetCapability and return the AlgorithmSet. + + @param[out] AlgorithmSet The AlgorithmSet of TPM. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityAlgorithmSet ( + OUT UINT32 *AlgorithmSet + ); + +/** + This function will query if the command is supported. + + @param[In] Command TPM_CC command starts from TPM_CC_FIRST. + @param[out] IsCmdImpl The command is supported or not. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityIsCommandImplemented ( + IN TPM_CC Command, + OUT BOOLEAN *IsCmdImpl + ); + +/** + This command is used to check to see if specific combinations of algorithm parameters are supported. + + @param[in] Parameters Algorithm parameters to be validated + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2TestParms ( + IN TPMT_PUBLIC_PARMS *Parameters + ); + +/** + This command allows the platform to change the set of algorithms that are used by the TPM. + The algorithmSet setting is a vendor-dependent value. + + @param[in] AuthHandle TPM_RH_PLATFORM + @param[in] AuthSession Auth Session context + @param[in] AlgorithmSet A TPM vendor-dependent value indicating the + algorithm set selection + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2SetAlgorithmSet ( + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN UINT32 AlgorithmSet + ); + +/** + This command is used to start an authorization session using alternative methods of + establishing the session key (sessionKey) that is used for authorization and encrypting value. + + @param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt. + @param[in] Bind Entity providing the authValue. + @param[in] NonceCaller Initial nonceCaller, sets nonce size for the session. + @param[in] Salt Value encrypted according to the type of tpmKey. + @param[in] SessionType Indicates the type of the session. + @param[in] Symmetric The algorithm and key size for parameter encryption. + @param[in] AuthHash Hash algorithm to use for the session. + @param[out] SessionHandle Handle for the newly created session. + @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2StartAuthSession ( + IN TPMI_DH_OBJECT TpmKey, + IN TPMI_DH_ENTITY Bind, + IN TPM2B_NONCE *NonceCaller, + IN TPM2B_ENCRYPTED_SECRET *Salt, + IN TPM_SE SessionType, + IN TPMT_SYM_DEF *Symmetric, + IN TPMI_ALG_HASH AuthHash, + OUT TPMI_SH_AUTH_SESSION *SessionHandle, + OUT TPM2B_NONCE *NonceTPM + ); + +/** + This command causes all context associated with a loaded object or session to be removed from TPM memory. + + @param[in] FlushHandle The handle of the item to flush. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2FlushContext ( + IN TPMI_DH_CONTEXT FlushHandle + ); + +/** + This command includes a secret-based authorization to a policy. + The caller proves knowledge of the secret value using an authorization + session using the authValue associated with authHandle. + + @param[in] AuthHandle Handle for an entity providing the authorization + @param[in] PolicySession Handle for the policy session being extended. + @param[in] AuthSession Auth Session context + @param[in] NonceTPM The policy nonce for the session. + @param[in] CpHashA Digest of the command parameters to which this authorization is limited. + @param[in] PolicyRef A reference to a policy relating to the authorization. + @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated. + @param[out] Timeout Time value used to indicate to the TPM when the ticket expires. + @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PolicySecret ( + IN TPMI_DH_ENTITY AuthHandle, + IN TPMI_SH_POLICY PolicySession, + IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL + IN TPM2B_NONCE *NonceTPM, + IN TPM2B_DIGEST *CpHashA, + IN TPM2B_NONCE *PolicyRef, + IN INT32 Expiration, + OUT TPM2B_TIMEOUT *Timeout, + OUT TPMT_TK_AUTH *PolicyTicket + ); + +/** + This command allows options in authorizations without requiring that the TPM evaluate all of the options. + If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that + satisfies the policy. This command will indicate that one of the required sets of conditions has been + satisfied. + + @param[in] PolicySession Handle for the policy session being extended. + @param[in] HashList the list of hashes to check for a match. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PolicyOR ( + IN TPMI_SH_POLICY PolicySession, + IN TPML_DIGEST *HashList + ); + +/** + This command indicates that the authorization will be limited to a specific command code. + + @param[in] PolicySession Handle for the policy session being extended. + @param[in] Code The allowed commandCode. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PolicyCommandCode ( + IN TPMI_SH_POLICY PolicySession, + IN TPM_CC Code + ); + +/** + This command returns the current policyDigest of the session. This command allows the TPM + to be used to perform the actions required to precompute the authPolicy for an object. + + @param[in] PolicySession Handle for the policy session. + @param[out] PolicyHash the current value of the policyHash of policySession. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PolicyGetDigest ( + IN TPMI_SH_POLICY PolicySession, + OUT TPM2B_DIGEST *PolicyHash + ); + +/** + This command allows access to the public area of a loaded object. + + @param[in] ObjectHandle TPM handle of an object + @param[out] OutPublic Structure containing the public area of an object + @param[out] Name Name of the object + @param[out] QualifiedName The Qualified Name of the object + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2ReadPublic ( + IN TPMI_DH_OBJECT ObjectHandle, + OUT TPM2B_PUBLIC *OutPublic, + OUT TPM2B_NAME *Name, + OUT TPM2B_NAME *QualifiedName + ); + +// +// Help function +// + +/** + Copy AuthSessionIn to TPM2 command buffer. + + @param [in] AuthSessionIn Input AuthSession data + @param [out] AuthSessionOut Output AuthSession data in TPM2 command buffer + + @return AuthSession size +**/ +UINT32 +EFIAPI +CopyAuthSessionCommand ( + IN TPMS_AUTH_COMMAND *AuthSessionIn, OPTIONAL + OUT UINT8 *AuthSessionOut + ); + +/** + Copy AuthSessionIn from TPM2 response buffer. + + @param [in] AuthSessionIn Input AuthSession data in TPM2 response buffer + @param [out] AuthSessionOut Output AuthSession data + + @return AuthSession size +**/ +UINT32 +EFIAPI +CopyAuthSessionResponse ( + IN UINT8 *AuthSessionIn, + OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL + ); + +/** + Return size of digest. + + @param[in] HashAlgo Hash algorithm + + @return size of digest +**/ +UINT16 +EFIAPI +GetHashSizeFromAlgo ( + IN TPMI_ALG_HASH HashAlgo + ); + +/** + Get hash mask from algorithm. + + @param[in] HashAlgo Hash algorithm + + @return Hash mask +**/ +UINT32 +EFIAPI +GetHashMaskFromAlgo ( + IN TPMI_ALG_HASH HashAlgo + ); + +/** + Return if hash alg is supported in HashAlgorithmMask. + + @param HashAlg Hash algorithm to be checked. + @param HashAlgorithmMask Bitfield of allowed hash algorithms. + + @retval TRUE Hash algorithm is supported. + @retval FALSE Hash algorithm is not supported. +**/ +BOOLEAN +EFIAPI +IsHashAlgSupportedInHashAlgorithmMask( + IN TPMI_ALG_HASH HashAlg, + IN UINT32 HashAlgorithmMask + ); + +/** + Copy TPML_DIGEST_VALUES into a buffer + + @param[in,out] Buffer Buffer to hold copied TPML_DIGEST_VALUES compact binary. + @param[in] DigestList TPML_DIGEST_VALUES to be copied. + @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy. + + @return The end of buffer to hold TPML_DIGEST_VALUES. +**/ +VOID * +EFIAPI +CopyDigestListToBuffer( + IN OUT VOID *Buffer, + IN TPML_DIGEST_VALUES *DigestList, + IN UINT32 HashAlgorithmMask + ); + +/** + Get TPML_DIGEST_VALUES data size. + + @param[in] DigestList TPML_DIGEST_VALUES data. + + @return TPML_DIGEST_VALUES data size. +**/ +UINT32 +EFIAPI +GetDigestListSize( + IN TPML_DIGEST_VALUES *DigestList + ); + +/** + This function get digest from digest list. + + @param[in] HashAlg Digest algorithm + @param[in] DigestList Digest list + @param[out] Digest Digest + + @retval EFI_SUCCESS Digest is found and returned. + @retval EFI_NOT_FOUND Digest is not found. +**/ +EFI_STATUS +EFIAPI +GetDigestFromDigestList( + IN TPMI_ALG_HASH HashAlg, + IN TPML_DIGEST_VALUES *DigestList, + OUT VOID *Digest + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm2DeviceLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm2DeviceLib.h new file mode 100644 index 00000000..ccf0ada6 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/Tpm2DeviceLib.h @@ -0,0 +1,113 @@ +/** @file + This library abstract how to access TPM2 hardware device. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TPM2_DEVICE_LIB_H_ +#define _TPM2_DEVICE_LIB_H_ + +#include <Uefi.h> + +// +// Used in PcdActiveTpmInterfaceType to identify TPM interface type +// +typedef enum { + Tpm2PtpInterfaceTis, + Tpm2PtpInterfaceFifo, + Tpm2PtpInterfaceCrb, + Tpm2PtpInterfaceMax, +} TPM2_PTP_INTERFACE_TYPE; + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ); + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2RequestUseTpm ( + VOID + ); + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +typedef +EFI_STATUS +(EFIAPI *TPM2_SUBMIT_COMMAND) ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ); + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +typedef +EFI_STATUS +(EFIAPI *TPM2_REQUEST_USE_TPM) ( + VOID + ); + +typedef struct { + EFI_GUID ProviderGuid; + TPM2_SUBMIT_COMMAND Tpm2SubmitCommand; + TPM2_REQUEST_USE_TPM Tpm2RequestUseTpm; +} TPM2_DEVICE_INTERFACE; + +/** + This service register TPM2 device. + + @param Tpm2Device TPM2 device + + @retval EFI_SUCCESS This TPM2 device is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this TPM2 device. + @retval EFI_ALREADY_STARTED System already register this TPM2 device. +**/ +EFI_STATUS +EFIAPI +Tpm2RegisterTpm2DeviceLib ( + IN TPM2_DEVICE_INTERFACE *Tpm2Device + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TpmCommLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TpmCommLib.h new file mode 100644 index 00000000..ba18075f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/TpmCommLib.h @@ -0,0 +1,281 @@ +/** @file + This library is only intended to be used by TPM modules. + It provides basic TPM Interface Specification (TIS) and Command functions. + +Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TPM_COMM_LIB_H_ +#define _TPM_COMM_LIB_H_ + +#include <IndustryStandard/Tpm12.h> + +typedef EFI_HANDLE TIS_TPM_HANDLE; + +/// +/// TPM register base address. +/// +#define TPM_BASE_ADDRESS 0xfed40000 + +// +// Set structure alignment to 1-byte +// +#pragma pack (1) + +// +// Register set map as specified in TIS specification Chapter 10 +// +typedef struct { + /// + /// Used to gain ownership for this particular port. + /// + UINT8 Access; // 0 + UINT8 Reserved1[7]; // 1 + /// + /// Controls interrupts. + /// + UINT32 IntEnable; // 8 + /// + /// SIRQ vector to be used by the TPM. + /// + UINT8 IntVector; // 0ch + UINT8 Reserved2[3]; // 0dh + /// + /// What caused interrupt. + /// + UINT32 IntSts; // 10h + /// + /// Shows which interrupts are supported by that particular TPM. + /// + UINT32 IntfCapability; // 14h + /// + /// Status Register. Provides status of the TPM. + /// + UINT8 Status; // 18h + /// + /// Number of consecutive writes that can be done to the TPM. + /// + UINT16 BurstCount; // 19h + UINT8 Reserved3[9]; + /// + /// Read or write FIFO, depending on transaction. + /// + UINT32 DataFifo; // 24 + UINT8 Reserved4[0xed8]; // 28h + /// + /// Vendor ID + /// + UINT16 Vid; // 0f00h + /// + /// Device ID + /// + UINT16 Did; // 0f02h + /// + /// Revision ID + /// + UINT8 Rid; // 0f04h + /// + /// TCG defined configuration registers. + /// + UINT8 TcgDefined[0x7b]; // 0f05h + /// + /// Alias to I/O legacy space. + /// + UINT32 LegacyAddress1; // 0f80h + /// + /// Additional 8 bits for I/O legacy space extension. + /// + UINT32 LegacyAddress1Ex; // 0f84h + /// + /// Alias to second I/O legacy space. + /// + UINT32 LegacyAddress2; // 0f88h + /// + /// Additional 8 bits for second I/O legacy space extension. + /// + UINT32 LegacyAddress2Ex; // 0f8ch + /// + /// Vendor-defined configuration registers. + /// + UINT8 VendorDefined[0x70];// 0f90h +} TIS_PC_REGISTERS; + +// +// Restore original structure alignment +// +#pragma pack () + +// +// Define pointer types used to access TIS registers on PC +// +typedef TIS_PC_REGISTERS *TIS_PC_REGISTERS_PTR; + +// +// TCG Platform Type based on TCG ACPI Specification Version 1.00 +// +#define TCG_PLATFORM_TYPE_CLIENT 0 +#define TCG_PLATFORM_TYPE_SERVER 1 + +// +// Define bits of ACCESS and STATUS registers +// + +/// +/// This bit is a 1 to indicate that the other bits in this register are valid. +/// +#define TIS_PC_VALID BIT7 +/// +/// Indicate that this locality is active. +/// +#define TIS_PC_ACC_ACTIVE BIT5 +/// +/// Set to 1 to indicate that this locality had the TPM taken away while +/// this locality had the TIS_PC_ACC_ACTIVE bit set. +/// +#define TIS_PC_ACC_SEIZED BIT4 +/// +/// Set to 1 to indicate that TPM MUST reset the +/// TIS_PC_ACC_ACTIVE bit and remove ownership for localities less than the +/// locality that is writing this bit. +/// +#define TIS_PC_ACC_SEIZE BIT3 +/// +/// When this bit is 1, another locality is requesting usage of the TPM. +/// +#define TIS_PC_ACC_PENDIND BIT2 +/// +/// Set to 1 to indicate that this locality is requesting to use TPM. +/// +#define TIS_PC_ACC_RQUUSE BIT1 +/// +/// A value of 1 indicates that a T/OS has not been established on the platform +/// +#define TIS_PC_ACC_ESTABLISH BIT0 + +/// +/// When this bit is 1, TPM is in the Ready state, +/// indicating it is ready to receive a new command. +/// +#define TIS_PC_STS_READY BIT6 +/// +/// Write a 1 to this bit to cause the TPM to execute that command. +/// +#define TIS_PC_STS_GO BIT5 +/// +/// This bit indicates that the TPM has data available as a response. +/// +#define TIS_PC_STS_DATA BIT4 +/// +/// The TPM sets this bit to a value of 1 when it expects another byte of data for a command. +/// +#define TIS_PC_STS_EXPECT BIT3 +/// +/// Writes a 1 to this bit to force the TPM to re-send the response. +/// +#define TIS_PC_STS_RETRY BIT1 + +// +// Default TimeOut value +// +#define TIS_TIMEOUT_A 750 * 1000 // 750ms +#define TIS_TIMEOUT_B 2000 * 1000 // 2s +#define TIS_TIMEOUT_C 750 * 1000 // 750ms +#define TIS_TIMEOUT_D 750 * 1000 // 750ms + +// +// Max TPM command/response length +// +#define TPMCMDBUFLENGTH 1024 + +/** + Check whether the value of a TPM chip register satisfies the input BIT setting. + + @param[in] Register Address port of register to be checked. + @param[in] BitSet Check these data bits are set. + @param[in] BitClear Check these data bits are clear. + @param[in] TimeOut The max wait time (unit MicroSecond) when checking register. + + @retval EFI_SUCCESS The register satisfies the check bit. + @retval EFI_TIMEOUT The register can't run into the expected status in time. +**/ +EFI_STATUS +EFIAPI +TisPcWaitRegisterBits ( + IN UINT8 *Register, + IN UINT8 BitSet, + IN UINT8 BitClear, + IN UINT32 TimeOut + ); + +/** + Get BurstCount by reading the burstCount field of a TIS register + in the time of default TIS_TIMEOUT_D. + + @param[in] TisReg Pointer to TIS register. + @param[out] BurstCount Pointer to a buffer to store the got BurstCount. + + @retval EFI_SUCCESS Get BurstCount. + @retval EFI_INVALID_PARAMETER TisReg is NULL or BurstCount is NULL. + @retval EFI_TIMEOUT BurstCount can't be got in time. +**/ +EFI_STATUS +EFIAPI +TisPcReadBurstCount ( + IN TIS_PC_REGISTERS_PTR TisReg, + OUT UINT16 *BurstCount + ); + +/** + Set TPM chip to ready state by sending ready command TIS_PC_STS_READY + to Status Register in time. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS TPM chip enters into ready state. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_TIMEOUT TPM chip can't be set to ready state in time. +**/ +EFI_STATUS +EFIAPI +TisPcPrepareCommand ( + IN TIS_PC_REGISTERS_PTR TisReg + ); + +/** + Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE + to ACCESS Register in the time of default TIS_TIMEOUT_D. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS Get the control of TPM chip. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_NOT_FOUND TPM chip doesn't exit. + @retval EFI_TIMEOUT Can't get the TPM control in time. +**/ +EFI_STATUS +EFIAPI +TisPcRequestUseTpm ( + IN TIS_PC_REGISTERS_PTR TisReg + ); + +/** + Single function calculates SHA1 digest value for all raw data. It + combines Sha1Init(), Sha1Update() and Sha1Final(). + + @param[in] Data Raw data to be digested. + @param[in] DataLen Size of the raw data. + @param[out] Digest Pointer to a buffer that stores the final digest. + + @retval EFI_SUCCESS Always successfully calculate the final digest. +**/ +EFI_STATUS +EFIAPI +TpmCommHashAll ( + IN CONST UINT8 *Data, + IN UINTN DataLen, + OUT TPM_DIGEST *Digest + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/VariableKeyLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/VariableKeyLib.h new file mode 100644 index 00000000..b3d42ea8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Library/VariableKeyLib.h @@ -0,0 +1,60 @@ +/** @file + Public definitions for Variable Key Library. + +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _VARIABLE_KEY_LIB_H_ +#define _VARIABLE_KEY_LIB_H_ + +#include <Uefi/UefiBaseType.h> + +/** + Retrieves the key for integrity and/or confidentiality of variables. + + @param[out] VariableKey A pointer to pointer for the variable key buffer. + @param[in,out] VariableKeySize The size in bytes of the variable key. + + @retval EFI_SUCCESS The variable key was returned. + @retval EFI_DEVICE_ERROR An error occurred while attempting to get the variable key. + @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. + @retval EFI_UNSUPPORTED The variable key is not supported in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +GetVariableKey ( + OUT VOID **VariableKey, + IN OUT UINTN *VariableKeySize + ); + +/** + Regenerates the variable key. + + @retval EFI_SUCCESS The variable key was regenerated successfully. + @retval EFI_DEVICE_ERROR An error occurred while attempting to regenerate the key. + @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. + @retval EFI_UNSUPPORTED Key regeneration is not supported in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +RegenerateVariableKey ( + VOID + ); + +/** + Locks the regenerate key interface. + + @retval EFI_SUCCESS The key interface was locked successfully. + @retval EFI_UNSUPPORTED Locking the key interface is not supported in the current boot configuration. + @retval Others An error occurred while attempting to lock the key interface. +**/ +EFI_STATUS +EFIAPI +LockVariableKeyInterface ( + VOID + ); + +#endif + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h new file mode 100644 index 00000000..4e8bf990 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h @@ -0,0 +1,31 @@ +/** @file + This PPI means a FV does not need to be extended to PCR by TCG modules. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_H__ +#define __EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_H__ + +#define EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI_GUID \ + { 0x6e056ff9, 0xc695, 0x4364, { 0x9e, 0x2c, 0x61, 0x26, 0xf5, 0xce, 0xea, 0xae } } + +typedef struct { + EFI_PHYSICAL_ADDRESS FvBase; + UINT64 FvLength; +} EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_FV; + +// +// This PPI means a FV does not need to be extended to PCR by TCG modules. +// +typedef struct { + UINT32 Count; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_FV Fv[1]; +} EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI; + +extern EFI_GUID gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid; + +#endif + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h new file mode 100644 index 00000000..c59ef9db --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/FirmwareVolumeInfoPrehashedFV.h @@ -0,0 +1,44 @@ +/** @file +PPI to describe all hash digests for a given FV + +Copyright (c) 2017, Microsoft Corporation +Copyright (c) 2017, Intel Corporation. All rights reserved.<BR> + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_H__ +#define __PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_H__ + +#define EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI_GUID \ + { 0x3ce1e631, 0x7008, 0x477c, { 0xad, 0xa7, 0x5d, 0xcf, 0xc7, 0xc1, 0x49, 0x4b } } + +// +// HashAlgoId is TPM_ALG_ID in Tpm20.h +// +typedef struct _HASH_INFO { + UINT16 HashAlgoId; + UINT16 HashSize; + //UINT8 Hash[]; +} HASH_INFO; + +// +// This PPI carries prehashsed data for one FV. Platform should ensure 1:1 mapping between pre-hashed PPI and corresponding FV. +// The Count field in PPI is followed by Count number of FV hash info entries, which can be extended to PCR and logged to TCG event log directly by TCG modules. +// TCG module checks TPM required hash algorithms(PcdTpm2HashMask) with each pre-hashed PPIs +// For each pre-hashed PPI +// If PPI carries hash generated by equivalent or larger algorithm set than TPM required, directly use PPI +// else, drops PPI data and calculate all hash again +// +typedef struct { + UINT32 FvBase; + UINT32 FvLength; + UINT32 Count; + //HASH_INFO HashInfo[]; +} EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI; + +extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid; + +#endif + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h new file mode 100644 index 00000000..511c19b8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/FirmwareVolumeInfoStoredHashFv.h @@ -0,0 +1,62 @@ +/** @file +PPI to describe stored hash digest for FVs. + +Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_H__ +#define __PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_H__ + +#include <Ppi/FirmwareVolumeInfoPrehashedFV.h> + +// {7F5E4E31-81B1-47E5-9E21-1E4B5BC2F61D} +#define EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI_GUID \ + {0x7f5e4e31, 0x81b1, 0x47e5, {0x9e, 0x21, 0x1e, 0x4b, 0x5b, 0xc2, 0xf6, 0x1d}} + +// +// Hashed FV flags. +// +#define HASHED_FV_FLAG_REPORT_FV_INFO_PPI 0x0000000000000001 +#define HASHED_FV_FLAG_REPORT_FV_HOB 0x0000000000000002 +#define HASHED_FV_FLAG_VERIFIED_BOOT 0x0000000000000010 +#define HASHED_FV_FLAG_MEASURED_BOOT 0x0000000000000020 +#define HASHED_FV_FLAG_SKIP_ALL 0xFFFFFFFFFFFFFF00 +#define HASHED_FV_FLAG_SKIP_BOOT_MODE(Mode) LShiftU64 (0x100, (Mode)) + +// +// FV hash flags +// +#define FV_HASH_FLAG_BOOT_MODE(Mode) LShiftU64 (0x100, (Mode)) + +typedef struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI + EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI; + +typedef struct _HASHED_FV_INFO { + UINT64 Base; + UINT64 Length; + UINT64 Flag; +} HASHED_FV_INFO; + +typedef struct _FV_HASH_INFO { + UINT64 HashFlag; + UINT16 HashAlgoId; + UINT16 HashSize; + UINT8 Hash[64]; +} FV_HASH_INFO; + +// +// PPI used to convey FVs and hash information of a specific platform. Only one +// instance of this PPI is allowed in the platform. +// +struct _EDKII_PEI_FIRMWARE_VOLUME_INFO_STORED_HASH_FV_PPI { + FV_HASH_INFO HashInfo; + UINTN FvNumber; + HASHED_FV_INFO FvInfo[1]; +}; + +extern EFI_GUID gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid; + +#endif + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/LockPhysicalPresence.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/LockPhysicalPresence.h new file mode 100644 index 00000000..a5e2199d --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/LockPhysicalPresence.h @@ -0,0 +1,54 @@ +/** @file + This file defines the lock physical Presence PPI. This PPI is + produced by a platform specific PEIM and consumed by the TPM + PEIM. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __PEI_LOCK_PHYSICAL_PRESENCE_H__ +#define __PEI_LOCK_PHYSICAL_PRESENCE_H__ + +/// +/// Global ID for the PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID. +/// +#define PEI_LOCK_PHYSICAL_PRESENCE_PPI_GUID \ + { \ + 0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } \ + } + +/// +/// Forward declaration for the PEI_LOCK_PHYSICAL_PRESENCE_PPI +/// +typedef struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI PEI_LOCK_PHYSICAL_PRESENCE_PPI; + +/** + This interface returns whether TPM physical presence needs be locked. + + @param[in] PeiServices The pointer to the PEI Services Table. + + @retval TRUE The TPM physical presence should be locked. + @retval FALSE The TPM physical presence cannot be locked. + +**/ +typedef +BOOLEAN +(EFIAPI *PEI_LOCK_PHYSICAL_PRESENCE)( + IN CONST EFI_PEI_SERVICES **PeiServices +); + +/// +/// This service abstracts TPM physical presence lock interface. It is necessary for +/// safety to convey this information to the TPM driver so that TPM physical presence +/// can be locked as early as possible. This PPI is produced by a platform specific +/// PEIM and consumed by the TPM PEIM. +/// +struct _PEI_LOCK_PHYSICAL_PRESENCE_PPI { + PEI_LOCK_PHYSICAL_PRESENCE LockPhysicalPresence; +}; + +extern EFI_GUID gPeiLockPhysicalPresencePpiGuid; + +#endif // __PEI_LOCK_PHYSICAL_PRESENCE_H__ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/Tcg.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/Tcg.h new file mode 100644 index 00000000..5ec971f1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/Tcg.h @@ -0,0 +1,65 @@ +/** @file + TCG PPI services. + +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TCG_PPI_H_ +#define _TCG_PPI_H_ + +#include <IndustryStandard/UefiTcgPlatform.h> + +typedef struct _EDKII_TCG_PPI EDKII_TCG_PPI; + +// +// This bit is shall be set when HashData is the pre-hash digest. +// +#define EDKII_TCG_PRE_HASH 0x0000000000000001 + +// +// This bit is shall be set when HashData is the pre-hash digest and log only. +// +#define EDKII_TCG_PRE_HASH_LOG_ONLY 0x0000000000000002 + +/** + Tpm measure and log data, and extend the measurement result into a specific PCR. + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information + @param[in] HashData If BIT0 of Flags is 0, it is physical address of the + start of the data buffer to be hashed, extended, and logged. + If BIT0 of Flags is 1, it is physical address of the + start of the pre-hash data buffter to be extended, and logged. + The pre-hash data format is TPML_DIGEST_VALUES. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +typedef +EFI_STATUS +(EFIAPI *EDKII_TCG_HASH_LOG_EXTEND_EVENT)( + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ); + +/// +/// The EFI_TCG Protocol abstracts TCG activity. +/// +struct _EDKII_TCG_PPI { + EDKII_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent; +}; + +extern EFI_GUID gEdkiiTcgPpiGuid; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/TpmInitialized.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/TpmInitialized.h new file mode 100644 index 00000000..938f5774 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Include/Ppi/TpmInitialized.h @@ -0,0 +1,34 @@ +/** @file + Tag GUID that must be installed by the TPM PEIM after the TPM hardware is + initialized. PEIMs that must execute after TPM hardware initialization + may use this GUID in their dependency expressions. + +Copyright (c) 2008 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _PEI_TPM_INITIALIZED_PPI_H_ +#define _PEI_TPM_INITIALIZED_PPI_H_ + +/// +/// Global ID for the PEI_TPM_INITIALIZED_PPI which always uses a NULL interface. +/// +#define PEI_TPM_INITIALIZED_PPI_GUID \ + { \ + 0xe9db0d58, 0xd48d, 0x47f6, 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 \ + } + +extern EFI_GUID gPeiTpmInitializedPpiGuid; + +/// +/// Global ID for the PEI_TPM_INITIALIZATION_DONE_PPI which always uses a NULL interface. +/// +#define PEI_TPM_INITIALIZATION_DONE_PPI_GUID \ + { \ + 0xa030d115, 0x54dd, 0x447b, { 0x90, 0x64, 0xf2, 0x6, 0x88, 0x3d, 0x7c, 0xcc \ + } + +extern EFI_GUID gPeiTpmInitializationDonePpiGuid; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthService.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthService.c new file mode 100644 index 00000000..b035a343 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -0,0 +1,2318 @@ +/** @file + Implement authentication services for the authenticated variables. + + Caution: This module requires additional review when modified. + This driver will have external input - variable data. It may be input in SMM mode. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + Variable attribute should also be checked to avoid authentication bypass. + The whole SMM authentication variable design relies on the integrity of flash part and SMM. + which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory + may not be modified without authorization. If platform fails to protect these resources, + the authentication service provided in this driver will be broken, and the behavior is undefined. + + ProcessVarWithPk(), ProcessVarWithKek() and ProcessVariable() are the function to do + variable authentication. + + VerifyTimeBasedPayloadAndUpdate() and VerifyCounterBasedPayload() are sub function to do verification. + They will do basic validation for authentication data structure, then call crypto library + to verify the signature. + +Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "AuthServiceInternal.h" + +#include <Protocol/VariablePolicy.h> +#include <Library/VariablePolicyLib.h> + +// +// Public Exponent of RSA Key. +// +CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; + +CONST UINT8 mSha256OidValue[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 }; + +// +// Requirement for different signature type which have been defined in UEFI spec. +// These data are used to perform SignatureList format check while setting PK/KEK variable. +// +EFI_SIGNATURE_ITEM mSupportSigItem[] = { +//{SigType, SigHeaderSize, SigDataSize } + {EFI_CERT_SHA256_GUID, 0, 32 }, + {EFI_CERT_RSA2048_GUID, 0, 256 }, + {EFI_CERT_RSA2048_SHA256_GUID, 0, 256 }, + {EFI_CERT_SHA1_GUID, 0, 20 }, + {EFI_CERT_RSA2048_SHA1_GUID, 0, 256 }, + {EFI_CERT_X509_GUID, 0, ((UINT32) ~0)}, + {EFI_CERT_SHA224_GUID, 0, 28 }, + {EFI_CERT_SHA384_GUID, 0, 48 }, + {EFI_CERT_SHA512_GUID, 0, 64 }, + {EFI_CERT_X509_SHA256_GUID, 0, 48 }, + {EFI_CERT_X509_SHA384_GUID, 0, 64 }, + {EFI_CERT_X509_SHA512_GUID, 0, 80 } +}; + +/** + Finds variable in storage blocks of volatile and non-volatile storage areas. + + This code finds variable in storage blocks of volatile and non-volatile storage areas. + If VariableName is an empty string, then we just return the first + qualified variable without comparing VariableName and VendorGuid. + + @param[in] VariableName Name of the variable to be found. + @param[in] VendorGuid Variable vendor GUID to be found. + @param[out] Data Pointer to data address. + @param[out] DataSize Pointer to data size. + + @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, + while VendorGuid is NULL. + @retval EFI_SUCCESS Variable successfully found. + @retval EFI_NOT_FOUND Variable not found + +**/ +EFI_STATUS +AuthServiceInternalFindVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT VOID **Data, + OUT UINTN *DataSize + ) +{ + EFI_STATUS Status; + AUTH_VARIABLE_INFO AuthVariableInfo; + + ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo)); + Status = mAuthVarLibContextIn->FindVariable ( + VariableName, + VendorGuid, + &AuthVariableInfo + ); + *Data = AuthVariableInfo.Data; + *DataSize = AuthVariableInfo.DataSize; + return Status; +} + +/** + Update the variable region with Variable information. + + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data. + @param[in] Attributes Attribute value of the variable. + + @retval EFI_SUCCESS The update operation is success. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_WRITE_PROTECTED Variable is write-protected. + @retval EFI_OUT_OF_RESOURCES There is not enough resource. + +**/ +EFI_STATUS +AuthServiceInternalUpdateVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes + ) +{ + AUTH_VARIABLE_INFO AuthVariableInfo; + + ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo)); + AuthVariableInfo.VariableName = VariableName; + AuthVariableInfo.VendorGuid = VendorGuid; + AuthVariableInfo.Data = Data; + AuthVariableInfo.DataSize = DataSize; + AuthVariableInfo.Attributes = Attributes; + + return mAuthVarLibContextIn->UpdateVariable ( + &AuthVariableInfo + ); +} + +/** + Update the variable region with Variable information. + + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data. + @param[in] Attributes Attribute value of the variable. + @param[in] TimeStamp Value of associated TimeStamp. + + @retval EFI_SUCCESS The update operation is success. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_WRITE_PROTECTED Variable is write-protected. + @retval EFI_OUT_OF_RESOURCES There is not enough resource. + +**/ +EFI_STATUS +AuthServiceInternalUpdateVariableWithTimeStamp ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN EFI_TIME *TimeStamp + ) +{ + EFI_STATUS FindStatus; + VOID *OrgData; + UINTN OrgDataSize; + AUTH_VARIABLE_INFO AuthVariableInfo; + + FindStatus = AuthServiceInternalFindVariable ( + VariableName, + VendorGuid, + &OrgData, + &OrgDataSize + ); + + // + // EFI_VARIABLE_APPEND_WRITE attribute only effects for existing variable + // + if (!EFI_ERROR (FindStatus) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) != 0)) { + if ((CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && + ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || + (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0))) || + (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0))) { + // + // For variables with formatted as EFI_SIGNATURE_LIST, the driver shall not perform an append of + // EFI_SIGNATURE_DATA values that are already part of the existing variable value. + // + FilterSignatureList ( + OrgData, + OrgDataSize, + Data, + &DataSize + ); + } + } + + ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo)); + AuthVariableInfo.VariableName = VariableName; + AuthVariableInfo.VendorGuid = VendorGuid; + AuthVariableInfo.Data = Data; + AuthVariableInfo.DataSize = DataSize; + AuthVariableInfo.Attributes = Attributes; + AuthVariableInfo.TimeStamp = TimeStamp; + return mAuthVarLibContextIn->UpdateVariable ( + &AuthVariableInfo + ); +} + +/** + Determine whether this operation needs a physical present user. + + @param[in] VariableName Name of the Variable. + @param[in] VendorGuid GUID of the Variable. + + @retval TRUE This variable is protected, only a physical present user could set this variable. + @retval FALSE This variable is not protected. + +**/ +BOOLEAN +NeedPhysicallyPresent( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. + if (IsVariablePolicyEnabled()) { + if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0)) + || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) { + return TRUE; + } + } + + return FALSE; +} + +/** + Determine whether the platform is operating in Custom Secure Boot mode. + + @retval TRUE The platform is operating in Custom mode. + @retval FALSE The platform is operating in Standard mode. + +**/ +BOOLEAN +InCustomMode ( + VOID + ) +{ + EFI_STATUS Status; + VOID *Data; + UINTN DataSize; + + Status = AuthServiceInternalFindVariable (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, &Data, &DataSize); + if (!EFI_ERROR (Status) && (*(UINT8 *) Data == CUSTOM_SECURE_BOOT_MODE)) { + return TRUE; + } + + return FALSE; +} + +/** + Update platform mode. + + @param[in] Mode SETUP_MODE or USER_MODE. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_SUCCESS Update platform mode successfully. + +**/ +EFI_STATUS +UpdatePlatformMode ( + IN UINT32 Mode + ) +{ + EFI_STATUS Status; + VOID *Data; + UINTN DataSize; + UINT8 SecureBootMode; + UINT8 SecureBootEnable; + UINTN VariableDataSize; + + Status = AuthServiceInternalFindVariable ( + EFI_SETUP_MODE_NAME, + &gEfiGlobalVariableGuid, + &Data, + &DataSize + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Update the value of SetupMode variable by a simple mem copy, this could avoid possible + // variable storage reclaim at runtime. + // + mPlatformMode = (UINT8) Mode; + CopyMem (Data, &mPlatformMode, sizeof(UINT8)); + + if (mAuthVarLibContextIn->AtRuntime ()) { + // + // SecureBoot Variable indicates whether the platform firmware is operating + // in Secure boot mode (1) or not (0), so we should not change SecureBoot + // Variable in runtime. + // + return Status; + } + + // + // Check "SecureBoot" variable's existence. + // If it doesn't exist, firmware has no capability to perform driver signing verification, + // then set "SecureBoot" to 0. + // + Status = AuthServiceInternalFindVariable ( + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + &Data, + &DataSize + ); + // + // If "SecureBoot" variable exists, then check "SetupMode" variable update. + // If "SetupMode" variable is USER_MODE, "SecureBoot" variable is set to 1. + // If "SetupMode" variable is SETUP_MODE, "SecureBoot" variable is set to 0. + // + if (EFI_ERROR (Status)) { + SecureBootMode = SECURE_BOOT_MODE_DISABLE; + } else { + if (mPlatformMode == USER_MODE) { + SecureBootMode = SECURE_BOOT_MODE_ENABLE; + } else if (mPlatformMode == SETUP_MODE) { + SecureBootMode = SECURE_BOOT_MODE_DISABLE; + } else { + return EFI_NOT_FOUND; + } + } + + Status = AuthServiceInternalUpdateVariable ( + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + &SecureBootMode, + sizeof(UINT8), + EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Check "SecureBootEnable" variable's existence. It can enable/disable secure boot feature. + // + Status = AuthServiceInternalFindVariable ( + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + &Data, + &DataSize + ); + + if (SecureBootMode == SECURE_BOOT_MODE_ENABLE) { + // + // Create the "SecureBootEnable" variable as secure boot is enabled. + // + SecureBootEnable = SECURE_BOOT_ENABLE; + VariableDataSize = sizeof (SecureBootEnable); + } else { + // + // Delete the "SecureBootEnable" variable if this variable exist as "SecureBoot" + // variable is not in secure boot state. + // + if (EFI_ERROR (Status)) { + return EFI_SUCCESS; + } + SecureBootEnable = SECURE_BOOT_DISABLE; + VariableDataSize = 0; + } + + Status = AuthServiceInternalUpdateVariable ( + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + &SecureBootEnable, + VariableDataSize, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); + return Status; +} + +/** + Check input data form to make sure it is a valid EFI_SIGNATURE_LIST for PK/KEK/db/dbx/dbt variable. + + @param[in] VariableName Name of Variable to be check. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Point to the variable data to be checked. + @param[in] DataSize Size of Data. + + @return EFI_INVALID_PARAMETER Invalid signature list format. + @return EFI_SUCCESS Passed signature list format check successfully. + +**/ +EFI_STATUS +CheckSignatureListFormat( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize + ) +{ + EFI_SIGNATURE_LIST *SigList; + UINTN SigDataSize; + UINT32 Index; + UINT32 SigCount; + BOOLEAN IsPk; + VOID *RsaContext; + EFI_SIGNATURE_DATA *CertData; + UINTN CertLen; + + if (DataSize == 0) { + return EFI_SUCCESS; + } + + ASSERT (VariableName != NULL && VendorGuid != NULL && Data != NULL); + + if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){ + IsPk = TRUE; + } else if ((CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) || + (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && + ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || + (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0)))) { + IsPk = FALSE; + } else { + return EFI_SUCCESS; + } + + SigCount = 0; + SigList = (EFI_SIGNATURE_LIST *) Data; + SigDataSize = DataSize; + RsaContext = NULL; + + // + // Walk through the input signature list and check the data format. + // If any signature is incorrectly formed, the whole check will fail. + // + while ((SigDataSize > 0) && (SigDataSize >= SigList->SignatureListSize)) { + for (Index = 0; Index < (sizeof (mSupportSigItem) / sizeof (EFI_SIGNATURE_ITEM)); Index++ ) { + if (CompareGuid (&SigList->SignatureType, &mSupportSigItem[Index].SigType)) { + // + // The value of SignatureSize should always be 16 (size of SignatureOwner + // component) add the data length according to signature type. + // + if (mSupportSigItem[Index].SigDataSize != ((UINT32) ~0) && + (SigList->SignatureSize - sizeof (EFI_GUID)) != mSupportSigItem[Index].SigDataSize) { + return EFI_INVALID_PARAMETER; + } + if (mSupportSigItem[Index].SigHeaderSize != ((UINT32) ~0) && + SigList->SignatureHeaderSize != mSupportSigItem[Index].SigHeaderSize) { + return EFI_INVALID_PARAMETER; + } + break; + } + } + + if (Index == (sizeof (mSupportSigItem) / sizeof (EFI_SIGNATURE_ITEM))) { + // + // Undefined signature type. + // + return EFI_INVALID_PARAMETER; + } + + if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)) { + // + // Try to retrieve the RSA public key from the X.509 certificate. + // If this operation fails, it's not a valid certificate. + // + RsaContext = RsaNew (); + if (RsaContext == NULL) { + return EFI_INVALID_PARAMETER; + } + CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + SigList->SignatureHeaderSize); + CertLen = SigList->SignatureSize - sizeof (EFI_GUID); + if (!RsaGetPublicKeyFromX509 (CertData->SignatureData, CertLen, &RsaContext)) { + RsaFree (RsaContext); + return EFI_INVALID_PARAMETER; + } + RsaFree (RsaContext); + } + + if ((SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) % SigList->SignatureSize != 0) { + return EFI_INVALID_PARAMETER; + } + SigCount += (SigList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - SigList->SignatureHeaderSize) / SigList->SignatureSize; + + SigDataSize -= SigList->SignatureListSize; + SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize); + } + + if (((UINTN) SigList - (UINTN) Data) != DataSize) { + return EFI_INVALID_PARAMETER; + } + + if (IsPk && SigCount > 1) { + return EFI_INVALID_PARAMETER; + } + + return EFI_SUCCESS; +} + +/** + Update "VendorKeys" variable to record the out of band secure boot key modification. + + @return EFI_SUCCESS Variable is updated successfully. + @return Others Failed to update variable. + +**/ +EFI_STATUS +VendorKeyIsModified ( + VOID + ) +{ + EFI_STATUS Status; + + if (mVendorKeyState == VENDOR_KEYS_MODIFIED) { + return EFI_SUCCESS; + } + mVendorKeyState = VENDOR_KEYS_MODIFIED; + + Status = AuthServiceInternalUpdateVariable ( + EFI_VENDOR_KEYS_NV_VARIABLE_NAME, + &gEfiVendorKeysNvGuid, + &mVendorKeyState, + sizeof (UINT8), + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + ); + if (EFI_ERROR (Status)) { + return Status; + } + + return AuthServiceInternalUpdateVariable ( + EFI_VENDOR_KEYS_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + &mVendorKeyState, + sizeof (UINT8), + EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); +} + +/** + Process variable with platform key for verification. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are external input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security issues, like + buffer overflow, integer overflow. + This function will check attribute carefully to avoid authentication bypass. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data found. If size is less than the + data, this value contains the required size. + @param[in] Attributes Attribute value of the variable + @param[in] IsPk Indicate whether it is to process pk. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation. + check carried out by the firmware. + @return EFI_SUCCESS Variable passed validation successfully. + +**/ +EFI_STATUS +ProcessVarWithPk ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes OPTIONAL, + IN BOOLEAN IsPk + ) +{ + EFI_STATUS Status; + BOOLEAN Del; + UINT8 *Payload; + UINTN PayloadSize; + + if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 || + (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { + // + // PK, KEK and db/dbx/dbt should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based + // authenticated variable. + // + return EFI_INVALID_PARAMETER; + } + + // + // Init state of Del. State may change due to secure check + // + Del = FALSE; + if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) { + Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data); + PayloadSize = DataSize - AUTHINFO2_SIZE (Data); + if (PayloadSize == 0) { + Del = TRUE; + } + + Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = AuthServiceInternalUpdateVariableWithTimeStamp ( + VariableName, + VendorGuid, + Payload, + PayloadSize, + Attributes, + &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp + ); + if (EFI_ERROR(Status)) { + return Status; + } + + if ((mPlatformMode != SETUP_MODE) || IsPk) { + Status = VendorKeyIsModified (); + } + } else if (mPlatformMode == USER_MODE) { + // + // Verify against X509 Cert in PK database. + // + Status = VerifyTimeBasedPayloadAndUpdate ( + VariableName, + VendorGuid, + Data, + DataSize, + Attributes, + AuthVarTypePk, + &Del + ); + } else { + // + // Verify against the certificate in data payload. + // + Status = VerifyTimeBasedPayloadAndUpdate ( + VariableName, + VendorGuid, + Data, + DataSize, + Attributes, + AuthVarTypePayload, + &Del + ); + } + + if (!EFI_ERROR(Status) && IsPk) { + if (mPlatformMode == SETUP_MODE && !Del) { + // + // If enroll PK in setup mode, need change to user mode. + // + Status = UpdatePlatformMode (USER_MODE); + } else if (mPlatformMode == USER_MODE && Del){ + // + // If delete PK in user mode, need change to setup mode. + // + Status = UpdatePlatformMode (SETUP_MODE); + } + } + + return Status; +} + +/** + Process variable with key exchange key for verification. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are external input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security issues, like + buffer overflow, integer overflow. + This function will check attribute carefully to avoid authentication bypass. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data found. If size is less than the + data, this value contains the required size. + @param[in] Attributes Attribute value of the variable. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation + check carried out by the firmware. + @return EFI_SUCCESS Variable pass validation successfully. + +**/ +EFI_STATUS +ProcessVarWithKek ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes OPTIONAL + ) +{ + EFI_STATUS Status; + UINT8 *Payload; + UINTN PayloadSize; + + if ((Attributes & EFI_VARIABLE_NON_VOLATILE) == 0 || + (Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { + // + // DB, DBX and DBT should set EFI_VARIABLE_NON_VOLATILE attribute and should be a time-based + // authenticated variable. + // + return EFI_INVALID_PARAMETER; + } + + Status = EFI_SUCCESS; + if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) { + // + // Time-based, verify against X509 Cert KEK. + // + return VerifyTimeBasedPayloadAndUpdate ( + VariableName, + VendorGuid, + Data, + DataSize, + Attributes, + AuthVarTypeKek, + NULL + ); + } else { + // + // If in setup mode or custom secure boot mode, no authentication needed. + // + Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data); + PayloadSize = DataSize - AUTHINFO2_SIZE (Data); + + Status = CheckSignatureListFormat(VariableName, VendorGuid, Payload, PayloadSize); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = AuthServiceInternalUpdateVariableWithTimeStamp ( + VariableName, + VendorGuid, + Payload, + PayloadSize, + Attributes, + &((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->TimeStamp + ); + if (EFI_ERROR (Status)) { + return Status; + } + + if (mPlatformMode != SETUP_MODE) { + Status = VendorKeyIsModified (); + } + } + + return Status; +} + +/** + Check if it is to delete auth variable. + + @param[in] OrgAttributes Original attribute value of the variable. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data. + @param[in] Attributes Attribute value of the variable. + + @retval TRUE It is to delete auth variable. + @retval FALSE It is not to delete auth variable. + +**/ +BOOLEAN +IsDeleteAuthVariable ( + IN UINT32 OrgAttributes, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes + ) +{ + BOOLEAN Del; + UINTN PayloadSize; + + Del = FALSE; + + // + // To delete a variable created with the EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS + // or the EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute, + // SetVariable must be used with attributes matching the existing variable + // and the DataSize set to the size of the AuthInfo descriptor. + // + if ((Attributes == OrgAttributes) && + ((Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) { + if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { + PayloadSize = DataSize - AUTHINFO2_SIZE (Data); + if (PayloadSize == 0) { + Del = TRUE; + } + } else { + PayloadSize = DataSize - AUTHINFO_SIZE; + if (PayloadSize == 0) { + Del = TRUE; + } + } + } + + return Del; +} + +/** + Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are external input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security issues, like + buffer overflow, integer overflow. + This function will check attribute carefully to avoid authentication bypass. + + @param[in] VariableName Name of the variable. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data. + @param[in] Attributes Attribute value of the variable. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with + EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. + @return EFI_OUT_OF_RESOURCES The Database to save the public key is full. + @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + set, but the AuthInfo does NOT pass the validation + check carried out by the firmware. + @return EFI_SUCCESS Variable is not write-protected or pass validation successfully. + +**/ +EFI_STATUS +ProcessVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes + ) +{ + EFI_STATUS Status; + AUTH_VARIABLE_INFO OrgVariableInfo; + + Status = EFI_SUCCESS; + + ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo)); + Status = mAuthVarLibContextIn->FindVariable ( + VariableName, + VendorGuid, + &OrgVariableInfo + ); + + // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. + if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent() || !IsVariablePolicyEnabled())) { + // + // Allow the delete operation of common authenticated variable(AT or AW) at user physical presence. + // + Status = AuthServiceInternalUpdateVariable ( + VariableName, + VendorGuid, + NULL, + 0, + 0 + ); + if (!EFI_ERROR (Status) && ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0)) { + Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes); + } + + return Status; + } + + if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) { + // + // This variable is protected, only physical present user could modify its value. + // + return EFI_SECURITY_VIOLATION; + } + + // + if ((Attributes & EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS) != 0) { + // + // Reject Counter Based Auth Variable processing request. + // + return EFI_UNSUPPORTED; + } else if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { + // + // Process Time-based Authenticated variable. + // + return VerifyTimeBasedPayloadAndUpdate ( + VariableName, + VendorGuid, + Data, + DataSize, + Attributes, + AuthVarTypePriv, + NULL + ); + } + + if ((OrgVariableInfo.Data != NULL) && + ((OrgVariableInfo.Attributes & (EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)) != 0)) { + // + // If the variable is already write-protected, it always needs authentication before update. + // + return EFI_WRITE_PROTECTED; + } + + // + // Not authenticated variable, just update variable as usual. + // + Status = AuthServiceInternalUpdateVariable (VariableName, VendorGuid, Data, DataSize, Attributes); + return Status; + +} + +/** + Filter out the duplicated EFI_SIGNATURE_DATA from the new data by comparing to the original data. + + @param[in] Data Pointer to original EFI_SIGNATURE_LIST. + @param[in] DataSize Size of Data buffer. + @param[in, out] NewData Pointer to new EFI_SIGNATURE_LIST. + @param[in, out] NewDataSize Size of NewData buffer. + +**/ +EFI_STATUS +FilterSignatureList ( + IN VOID *Data, + IN UINTN DataSize, + IN OUT VOID *NewData, + IN OUT UINTN *NewDataSize + ) +{ + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINTN CertCount; + EFI_SIGNATURE_LIST *NewCertList; + EFI_SIGNATURE_DATA *NewCert; + UINTN NewCertCount; + UINTN Index; + UINTN Index2; + UINTN Size; + UINT8 *Tail; + UINTN CopiedCount; + UINTN SignatureListSize; + BOOLEAN IsNewCert; + UINT8 *TempData; + UINTN TempDataSize; + EFI_STATUS Status; + + if (*NewDataSize == 0) { + return EFI_SUCCESS; + } + + TempDataSize = *NewDataSize; + Status = mAuthVarLibContextIn->GetScratchBuffer (&TempDataSize, (VOID **) &TempData); + if (EFI_ERROR (Status)) { + return EFI_OUT_OF_RESOURCES; + } + + Tail = TempData; + + NewCertList = (EFI_SIGNATURE_LIST *) NewData; + while ((*NewDataSize > 0) && (*NewDataSize >= NewCertList->SignatureListSize)) { + NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCertList + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize); + NewCertCount = (NewCertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - NewCertList->SignatureHeaderSize) / NewCertList->SignatureSize; + + CopiedCount = 0; + for (Index = 0; Index < NewCertCount; Index++) { + IsNewCert = TRUE; + + Size = DataSize; + CertList = (EFI_SIGNATURE_LIST *) Data; + while ((Size > 0) && (Size >= CertList->SignatureListSize)) { + if (CompareGuid (&CertList->SignatureType, &NewCertList->SignatureType) && + (CertList->SignatureSize == NewCertList->SignatureSize)) { + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + for (Index2 = 0; Index2 < CertCount; Index2++) { + // + // Iterate each Signature Data in this Signature List. + // + if (CompareMem (NewCert, Cert, CertList->SignatureSize) == 0) { + IsNewCert = FALSE; + break; + } + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + } + } + + if (!IsNewCert) { + break; + } + Size -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + + if (IsNewCert) { + // + // New EFI_SIGNATURE_DATA, keep it. + // + if (CopiedCount == 0) { + // + // Copy EFI_SIGNATURE_LIST header for only once. + // + CopyMem (Tail, NewCertList, sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize); + Tail = Tail + sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize; + } + + CopyMem (Tail, NewCert, NewCertList->SignatureSize); + Tail += NewCertList->SignatureSize; + CopiedCount++; + } + + NewCert = (EFI_SIGNATURE_DATA *) ((UINT8 *) NewCert + NewCertList->SignatureSize); + } + + // + // Update SignatureListSize in the kept EFI_SIGNATURE_LIST. + // + if (CopiedCount != 0) { + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + NewCertList->SignatureHeaderSize + (CopiedCount * NewCertList->SignatureSize); + CertList = (EFI_SIGNATURE_LIST *) (Tail - SignatureListSize); + CertList->SignatureListSize = (UINT32) SignatureListSize; + } + + *NewDataSize -= NewCertList->SignatureListSize; + NewCertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) NewCertList + NewCertList->SignatureListSize); + } + + TempDataSize = (Tail - (UINT8 *) TempData); + + CopyMem (NewData, TempData, TempDataSize); + *NewDataSize = TempDataSize; + + return EFI_SUCCESS; +} + +/** + Compare two EFI_TIME data. + + + @param FirstTime A pointer to the first EFI_TIME data. + @param SecondTime A pointer to the second EFI_TIME data. + + @retval TRUE The FirstTime is not later than the SecondTime. + @retval FALSE The FirstTime is later than the SecondTime. + +**/ +BOOLEAN +AuthServiceInternalCompareTimeStamp ( + IN EFI_TIME *FirstTime, + IN EFI_TIME *SecondTime + ) +{ + if (FirstTime->Year != SecondTime->Year) { + return (BOOLEAN) (FirstTime->Year < SecondTime->Year); + } else if (FirstTime->Month != SecondTime->Month) { + return (BOOLEAN) (FirstTime->Month < SecondTime->Month); + } else if (FirstTime->Day != SecondTime->Day) { + return (BOOLEAN) (FirstTime->Day < SecondTime->Day); + } else if (FirstTime->Hour != SecondTime->Hour) { + return (BOOLEAN) (FirstTime->Hour < SecondTime->Hour); + } else if (FirstTime->Minute != SecondTime->Minute) { + return (BOOLEAN) (FirstTime->Minute < SecondTime->Minute); + } + + return (BOOLEAN) (FirstTime->Second <= SecondTime->Second); +} + +/** + Calculate SHA256 digest of SignerCert CommonName + ToplevelCert tbsCertificate + SignerCert and ToplevelCert are inside the signer certificate chain. + + @param[in] SignerCert A pointer to SignerCert data. + @param[in] SignerCertSize Length of SignerCert data. + @param[in] TopLevelCert A pointer to TopLevelCert data. + @param[in] TopLevelCertSize Length of TopLevelCert data. + @param[out] Sha256Digest Sha256 digest calculated. + + @return EFI_ABORTED Digest process failed. + @return EFI_SUCCESS SHA256 Digest is successfully calculated. + +**/ +EFI_STATUS +CalculatePrivAuthVarSignChainSHA256Digest( + IN UINT8 *SignerCert, + IN UINTN SignerCertSize, + IN UINT8 *TopLevelCert, + IN UINTN TopLevelCertSize, + OUT UINT8 *Sha256Digest + ) +{ + UINT8 *TbsCert; + UINTN TbsCertSize; + CHAR8 CertCommonName[128]; + UINTN CertCommonNameSize; + BOOLEAN CryptoStatus; + EFI_STATUS Status; + + CertCommonNameSize = sizeof(CertCommonName); + + // + // Get SignerCert CommonName + // + Status = X509GetCommonName(SignerCert, SignerCertSize, CertCommonName, &CertCommonNameSize); + if (EFI_ERROR(Status)) { + DEBUG((DEBUG_INFO, "%a Get SignerCert CommonName failed with status %x\n", __FUNCTION__, Status)); + return EFI_ABORTED; + } + + // + // Get TopLevelCert tbsCertificate + // + if (!X509GetTBSCert(TopLevelCert, TopLevelCertSize, &TbsCert, &TbsCertSize)) { + DEBUG((DEBUG_INFO, "%a Get Top-level Cert tbsCertificate failed!\n", __FUNCTION__)); + return EFI_ABORTED; + } + + // + // Digest SignerCert CN + TopLevelCert tbsCertificate + // + ZeroMem (Sha256Digest, SHA256_DIGEST_SIZE); + CryptoStatus = Sha256Init (mHashCtx); + if (!CryptoStatus) { + return EFI_ABORTED; + } + + // + // '\0' is forced in CertCommonName. No overflow issue + // + CryptoStatus = Sha256Update ( + mHashCtx, + CertCommonName, + AsciiStrLen (CertCommonName) + ); + if (!CryptoStatus) { + return EFI_ABORTED; + } + + CryptoStatus = Sha256Update (mHashCtx, TbsCert, TbsCertSize); + if (!CryptoStatus) { + return EFI_ABORTED; + } + + CryptoStatus = Sha256Final (mHashCtx, Sha256Digest); + if (!CryptoStatus) { + return EFI_ABORTED; + } + + return EFI_SUCCESS; +} + +/** + Find matching signer's certificates for common authenticated variable + by corresponding VariableName and VendorGuid from "certdb" or "certdbv". + + The data format of "certdb" or "certdbv": + // + // UINT32 CertDbListSize; + // /// AUTH_CERT_DB_DATA Certs1[]; + // /// AUTH_CERT_DB_DATA Certs2[]; + // /// ... + // /// AUTH_CERT_DB_DATA Certsn[]; + // + + @param[in] VariableName Name of authenticated Variable. + @param[in] VendorGuid Vendor GUID of authenticated Variable. + @param[in] Data Pointer to variable "certdb" or "certdbv". + @param[in] DataSize Size of variable "certdb" or "certdbv". + @param[out] CertOffset Offset of matching CertData, from starting of Data. + @param[out] CertDataSize Length of CertData in bytes. + @param[out] CertNodeOffset Offset of matching AUTH_CERT_DB_DATA , from + starting of Data. + @param[out] CertNodeSize Length of AUTH_CERT_DB_DATA in bytes. + + @retval EFI_INVALID_PARAMETER Any input parameter is invalid. + @retval EFI_NOT_FOUND Fail to find matching certs. + @retval EFI_SUCCESS Find matching certs and output parameters. + +**/ +EFI_STATUS +FindCertsFromDb ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT8 *Data, + IN UINTN DataSize, + OUT UINT32 *CertOffset, OPTIONAL + OUT UINT32 *CertDataSize, OPTIONAL + OUT UINT32 *CertNodeOffset,OPTIONAL + OUT UINT32 *CertNodeSize OPTIONAL + ) +{ + UINT32 Offset; + AUTH_CERT_DB_DATA *Ptr; + UINT32 CertSize; + UINT32 NameSize; + UINT32 NodeSize; + UINT32 CertDbListSize; + + if ((VariableName == NULL) || (VendorGuid == NULL) || (Data == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Check whether DataSize matches recorded CertDbListSize. + // + if (DataSize < sizeof (UINT32)) { + return EFI_INVALID_PARAMETER; + } + + CertDbListSize = ReadUnaligned32 ((UINT32 *) Data); + + if (CertDbListSize != (UINT32) DataSize) { + return EFI_INVALID_PARAMETER; + } + + Offset = sizeof (UINT32); + + // + // Get corresponding certificates by VendorGuid and VariableName. + // + while (Offset < (UINT32) DataSize) { + Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset); + // + // Check whether VendorGuid matches. + // + if (CompareGuid (&Ptr->VendorGuid, VendorGuid)) { + NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize); + NameSize = ReadUnaligned32 (&Ptr->NameSize); + CertSize = ReadUnaligned32 (&Ptr->CertDataSize); + + if (NodeSize != sizeof (EFI_GUID) + sizeof (UINT32) * 3 + CertSize + + sizeof (CHAR16) * NameSize) { + return EFI_INVALID_PARAMETER; + } + + Offset = Offset + sizeof (EFI_GUID) + sizeof (UINT32) * 3; + // + // Check whether VariableName matches. + // + if ((NameSize == StrLen (VariableName)) && + (CompareMem (Data + Offset, VariableName, NameSize * sizeof (CHAR16)) == 0)) { + Offset = Offset + NameSize * sizeof (CHAR16); + + if (CertOffset != NULL) { + *CertOffset = Offset; + } + + if (CertDataSize != NULL) { + *CertDataSize = CertSize; + } + + if (CertNodeOffset != NULL) { + *CertNodeOffset = (UINT32) ((UINT8 *) Ptr - Data); + } + + if (CertNodeSize != NULL) { + *CertNodeSize = NodeSize; + } + + return EFI_SUCCESS; + } else { + Offset = Offset + NameSize * sizeof (CHAR16) + CertSize; + } + } else { + NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize); + Offset = Offset + NodeSize; + } + } + + return EFI_NOT_FOUND; +} + +/** + Retrieve signer's certificates for common authenticated variable + by corresponding VariableName and VendorGuid from "certdb" + or "certdbv" according to authenticated variable attributes. + + @param[in] VariableName Name of authenticated Variable. + @param[in] VendorGuid Vendor GUID of authenticated Variable. + @param[in] Attributes Attributes of authenticated variable. + @param[out] CertData Pointer to signer's certificates. + @param[out] CertDataSize Length of CertData in bytes. + + @retval EFI_INVALID_PARAMETER Any input parameter is invalid. + @retval EFI_NOT_FOUND Fail to find "certdb"/"certdbv" or matching certs. + @retval EFI_SUCCESS Get signer's certificates successfully. + +**/ +EFI_STATUS +GetCertsFromDb ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + OUT UINT8 **CertData, + OUT UINT32 *CertDataSize + ) +{ + EFI_STATUS Status; + UINT8 *Data; + UINTN DataSize; + UINT32 CertOffset; + CHAR16 *DbName; + + if ((VariableName == NULL) || (VendorGuid == NULL) || (CertData == NULL) || (CertDataSize == NULL)) { + return EFI_INVALID_PARAMETER; + } + + + if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { + // + // Get variable "certdb". + // + DbName = EFI_CERT_DB_NAME; + } else { + // + // Get variable "certdbv". + // + DbName = EFI_CERT_DB_VOLATILE_NAME; + } + + // + // Get variable "certdb" or "certdbv". + // + Status = AuthServiceInternalFindVariable ( + DbName, + &gEfiCertDbGuid, + (VOID **) &Data, + &DataSize + ); + if (EFI_ERROR (Status)) { + return Status; + } + + if ((DataSize == 0) || (Data == NULL)) { + ASSERT (FALSE); + return EFI_NOT_FOUND; + } + + Status = FindCertsFromDb ( + VariableName, + VendorGuid, + Data, + DataSize, + &CertOffset, + CertDataSize, + NULL, + NULL + ); + + if (EFI_ERROR (Status)) { + return Status; + } + + *CertData = Data + CertOffset; + return EFI_SUCCESS; +} + +/** + Delete matching signer's certificates when deleting common authenticated + variable by corresponding VariableName and VendorGuid from "certdb" or + "certdbv" according to authenticated variable attributes. + + @param[in] VariableName Name of authenticated Variable. + @param[in] VendorGuid Vendor GUID of authenticated Variable. + @param[in] Attributes Attributes of authenticated variable. + + @retval EFI_INVALID_PARAMETER Any input parameter is invalid. + @retval EFI_NOT_FOUND Fail to find "certdb"/"certdbv" or matching certs. + @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources. + @retval EFI_SUCCESS The operation is completed successfully. + +**/ +EFI_STATUS +DeleteCertsFromDb ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes + ) +{ + EFI_STATUS Status; + UINT8 *Data; + UINTN DataSize; + UINT32 VarAttr; + UINT32 CertNodeOffset; + UINT32 CertNodeSize; + UINT8 *NewCertDb; + UINT32 NewCertDbSize; + CHAR16 *DbName; + + if ((VariableName == NULL) || (VendorGuid == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { + // + // Get variable "certdb". + // + DbName = EFI_CERT_DB_NAME; + VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + } else { + // + // Get variable "certdbv". + // + DbName = EFI_CERT_DB_VOLATILE_NAME; + VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + } + + Status = AuthServiceInternalFindVariable ( + DbName, + &gEfiCertDbGuid, + (VOID **) &Data, + &DataSize + ); + + if (EFI_ERROR (Status)) { + return Status; + } + + if ((DataSize == 0) || (Data == NULL)) { + ASSERT (FALSE); + return EFI_NOT_FOUND; + } + + if (DataSize == sizeof (UINT32)) { + // + // There is no certs in "certdb" or "certdbv". + // + return EFI_SUCCESS; + } + + // + // Get corresponding cert node from "certdb" or "certdbv". + // + Status = FindCertsFromDb ( + VariableName, + VendorGuid, + Data, + DataSize, + NULL, + NULL, + &CertNodeOffset, + &CertNodeSize + ); + + if (EFI_ERROR (Status)) { + return Status; + } + + if (DataSize < (CertNodeOffset + CertNodeSize)) { + return EFI_NOT_FOUND; + } + + // + // Construct new data content of variable "certdb" or "certdbv". + // + NewCertDbSize = (UINT32) DataSize - CertNodeSize; + NewCertDb = (UINT8*) mCertDbStore; + + // + // Copy the DB entries before deleting node. + // + CopyMem (NewCertDb, Data, CertNodeOffset); + // + // Update CertDbListSize. + // + CopyMem (NewCertDb, &NewCertDbSize, sizeof (UINT32)); + // + // Copy the DB entries after deleting node. + // + if (DataSize > (CertNodeOffset + CertNodeSize)) { + CopyMem ( + NewCertDb + CertNodeOffset, + Data + CertNodeOffset + CertNodeSize, + DataSize - CertNodeOffset - CertNodeSize + ); + } + + // + // Set "certdb" or "certdbv". + // + Status = AuthServiceInternalUpdateVariable ( + DbName, + &gEfiCertDbGuid, + NewCertDb, + NewCertDbSize, + VarAttr + ); + + return Status; +} + +/** + Insert signer's certificates for common authenticated variable with VariableName + and VendorGuid in AUTH_CERT_DB_DATA to "certdb" or "certdbv" according to + time based authenticated variable attributes. CertData is the SHA256 digest of + SignerCert CommonName + TopLevelCert tbsCertificate. + + @param[in] VariableName Name of authenticated Variable. + @param[in] VendorGuid Vendor GUID of authenticated Variable. + @param[in] Attributes Attributes of authenticated variable. + @param[in] SignerCert Signer certificate data. + @param[in] SignerCertSize Length of signer certificate. + @param[in] TopLevelCert Top-level certificate data. + @param[in] TopLevelCertSize Length of top-level certificate. + + @retval EFI_INVALID_PARAMETER Any input parameter is invalid. + @retval EFI_ACCESS_DENIED An AUTH_CERT_DB_DATA entry with same VariableName + and VendorGuid already exists. + @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources. + @retval EFI_SUCCESS Insert an AUTH_CERT_DB_DATA entry to "certdb" or "certdbv" + +**/ +EFI_STATUS +InsertCertsToDb ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINT8 *SignerCert, + IN UINTN SignerCertSize, + IN UINT8 *TopLevelCert, + IN UINTN TopLevelCertSize + ) +{ + EFI_STATUS Status; + UINT8 *Data; + UINTN DataSize; + UINT32 VarAttr; + UINT8 *NewCertDb; + UINT32 NewCertDbSize; + UINT32 CertNodeSize; + UINT32 NameSize; + UINT32 CertDataSize; + AUTH_CERT_DB_DATA *Ptr; + CHAR16 *DbName; + UINT8 Sha256Digest[SHA256_DIGEST_SIZE]; + + if ((VariableName == NULL) || (VendorGuid == NULL) || (SignerCert == NULL) ||(TopLevelCert == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if ((Attributes & EFI_VARIABLE_NON_VOLATILE) != 0) { + // + // Get variable "certdb". + // + DbName = EFI_CERT_DB_NAME; + VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + } else { + // + // Get variable "certdbv". + // + DbName = EFI_CERT_DB_VOLATILE_NAME; + VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + } + + // + // Get variable "certdb" or "certdbv". + // + Status = AuthServiceInternalFindVariable ( + DbName, + &gEfiCertDbGuid, + (VOID **) &Data, + &DataSize + ); + if (EFI_ERROR (Status)) { + return Status; + } + + if ((DataSize == 0) || (Data == NULL)) { + ASSERT (FALSE); + return EFI_NOT_FOUND; + } + + // + // Find whether matching cert node already exists in "certdb" or "certdbv". + // If yes return error. + // + Status = FindCertsFromDb ( + VariableName, + VendorGuid, + Data, + DataSize, + NULL, + NULL, + NULL, + NULL + ); + + if (!EFI_ERROR (Status)) { + ASSERT (FALSE); + return EFI_ACCESS_DENIED; + } + + // + // Construct new data content of variable "certdb" or "certdbv". + // + NameSize = (UINT32) StrLen (VariableName); + CertDataSize = sizeof(Sha256Digest); + CertNodeSize = sizeof (AUTH_CERT_DB_DATA) + (UINT32) CertDataSize + NameSize * sizeof (CHAR16); + NewCertDbSize = (UINT32) DataSize + CertNodeSize; + if (NewCertDbSize > mMaxCertDbSize) { + return EFI_OUT_OF_RESOURCES; + } + + Status = CalculatePrivAuthVarSignChainSHA256Digest( + SignerCert, + SignerCertSize, + TopLevelCert, + TopLevelCertSize, + Sha256Digest + ); + if (EFI_ERROR (Status)) { + return Status; + } + + NewCertDb = (UINT8*) mCertDbStore; + + // + // Copy the DB entries before inserting node. + // + CopyMem (NewCertDb, Data, DataSize); + // + // Update CertDbListSize. + // + CopyMem (NewCertDb, &NewCertDbSize, sizeof (UINT32)); + // + // Construct new cert node. + // + Ptr = (AUTH_CERT_DB_DATA *) (NewCertDb + DataSize); + CopyGuid (&Ptr->VendorGuid, VendorGuid); + CopyMem (&Ptr->CertNodeSize, &CertNodeSize, sizeof (UINT32)); + CopyMem (&Ptr->NameSize, &NameSize, sizeof (UINT32)); + CopyMem (&Ptr->CertDataSize, &CertDataSize, sizeof (UINT32)); + + CopyMem ( + (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA), + VariableName, + NameSize * sizeof (CHAR16) + ); + + CopyMem ( + (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA) + NameSize * sizeof (CHAR16), + Sha256Digest, + CertDataSize + ); + + // + // Set "certdb" or "certdbv". + // + Status = AuthServiceInternalUpdateVariable ( + DbName, + &gEfiCertDbGuid, + NewCertDb, + NewCertDbSize, + VarAttr + ); + + return Status; +} + +/** + Clean up signer's certificates for common authenticated variable + by corresponding VariableName and VendorGuid from "certdb". + System may break down during Timebased Variable update & certdb update, + make them inconsistent, this function is called in AuthVariable Init + to ensure consistency. + + @retval EFI_NOT_FOUND Fail to find variable "certdb". + @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources. + @retval EFI_SUCCESS The operation is completed successfully. + +**/ +EFI_STATUS +CleanCertsFromDb ( + VOID + ) +{ + UINT32 Offset; + AUTH_CERT_DB_DATA *Ptr; + UINT32 NameSize; + UINT32 NodeSize; + CHAR16 *VariableName; + EFI_STATUS Status; + BOOLEAN CertCleaned; + UINT8 *Data; + UINTN DataSize; + EFI_GUID AuthVarGuid; + AUTH_VARIABLE_INFO AuthVariableInfo; + + Status = EFI_SUCCESS; + + // + // Get corresponding certificates by VendorGuid and VariableName. + // + do { + CertCleaned = FALSE; + + // + // Get latest variable "certdb" + // + Status = AuthServiceInternalFindVariable ( + EFI_CERT_DB_NAME, + &gEfiCertDbGuid, + (VOID **) &Data, + &DataSize + ); + if (EFI_ERROR (Status)) { + return Status; + } + + if ((DataSize == 0) || (Data == NULL)) { + ASSERT (FALSE); + return EFI_NOT_FOUND; + } + + Offset = sizeof (UINT32); + + while (Offset < (UINT32) DataSize) { + Ptr = (AUTH_CERT_DB_DATA *) (Data + Offset); + NodeSize = ReadUnaligned32 (&Ptr->CertNodeSize); + NameSize = ReadUnaligned32 (&Ptr->NameSize); + + // + // Get VarName tailed with '\0' + // + VariableName = AllocateZeroPool((NameSize + 1) * sizeof(CHAR16)); + if (VariableName == NULL) { + return EFI_OUT_OF_RESOURCES; + } + CopyMem (VariableName, (UINT8 *) Ptr + sizeof (AUTH_CERT_DB_DATA), NameSize * sizeof(CHAR16)); + // + // Keep VarGuid aligned + // + CopyMem (&AuthVarGuid, &Ptr->VendorGuid, sizeof(EFI_GUID)); + + // + // Find corresponding time auth variable + // + ZeroMem (&AuthVariableInfo, sizeof (AuthVariableInfo)); + Status = mAuthVarLibContextIn->FindVariable ( + VariableName, + &AuthVarGuid, + &AuthVariableInfo + ); + + if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { + // + // While cleaning certdb, always delete the variable in certdb regardless of it attributes. + // + Status = DeleteCertsFromDb( + VariableName, + &AuthVarGuid, + AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE + ); + CertCleaned = TRUE; + DEBUG((EFI_D_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid)); + FreePool(VariableName); + break; + } + + FreePool(VariableName); + Offset = Offset + NodeSize; + } + } while (CertCleaned); + + return Status; +} + +/** + Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are external input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security issues, like + buffer overflow, integer overflow. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data found. If size is less than the + data, this value contains the required size. + @param[in] Attributes Attribute value of the variable. + @param[in] AuthVarType Verify against PK, KEK database, private database or certificate in data payload. + @param[in] OrgTimeStamp Pointer to original time stamp, + original variable is not found if NULL. + @param[out] VarPayloadPtr Pointer to variable payload address. + @param[out] VarPayloadSize Pointer to variable payload size. + + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation + check carried out by the firmware. + @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack + of resources. + @retval EFI_SUCCESS Variable pass validation successfully. + +**/ +EFI_STATUS +VerifyTimeBasedPayload ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN AUTHVAR_TYPE AuthVarType, + IN EFI_TIME *OrgTimeStamp, + OUT UINT8 **VarPayloadPtr, + OUT UINTN *VarPayloadSize + ) +{ + EFI_VARIABLE_AUTHENTICATION_2 *CertData; + UINT8 *SigData; + UINT32 SigDataSize; + UINT8 *PayloadPtr; + UINTN PayloadSize; + UINT32 Attr; + BOOLEAN VerifyStatus; + EFI_STATUS Status; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINTN Index; + UINTN CertCount; + UINT32 KekDataSize; + UINT8 *NewData; + UINTN NewDataSize; + UINT8 *Buffer; + UINTN Length; + UINT8 *TopLevelCert; + UINTN TopLevelCertSize; + UINT8 *TrustedCert; + UINTN TrustedCertSize; + UINT8 *SignerCerts; + UINTN CertStackSize; + UINT8 *CertsInCertDb; + UINT32 CertsSizeinDb; + UINT8 Sha256Digest[SHA256_DIGEST_SIZE]; + EFI_CERT_DATA *CertDataPtr; + + // + // 1. TopLevelCert is the top-level issuer certificate in signature Signer Cert Chain + // 2. TrustedCert is the certificate which firmware trusts. It could be saved in protected + // storage or PK payload on PK init + // + VerifyStatus = FALSE; + CertData = NULL; + NewData = NULL; + Attr = Attributes; + SignerCerts = NULL; + TopLevelCert = NULL; + CertsInCertDb = NULL; + CertDataPtr = NULL; + + // + // When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is + // set, then the Data buffer shall begin with an instance of a complete (and serialized) + // EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall be followed by the new + // variable value and DataSize shall reflect the combined size of the descriptor and the new + // variable value. The authentication descriptor is not part of the variable data and is not + // returned by subsequent calls to GetVariable(). + // + CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data; + + // + // Verify that Pad1, Nanosecond, TimeZone, Daylight and Pad2 components of the + // TimeStamp value are set to zero. + // + if ((CertData->TimeStamp.Pad1 != 0) || + (CertData->TimeStamp.Nanosecond != 0) || + (CertData->TimeStamp.TimeZone != 0) || + (CertData->TimeStamp.Daylight != 0) || + (CertData->TimeStamp.Pad2 != 0)) { + return EFI_SECURITY_VIOLATION; + } + + if ((OrgTimeStamp != NULL) && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) { + if (AuthServiceInternalCompareTimeStamp (&CertData->TimeStamp, OrgTimeStamp)) { + // + // TimeStamp check fail, suspicious replay attack, return EFI_SECURITY_VIOLATION. + // + return EFI_SECURITY_VIOLATION; + } + } + + // + // wCertificateType should be WIN_CERT_TYPE_EFI_GUID. + // Cert type should be EFI_CERT_TYPE_PKCS7_GUID. + // + if ((CertData->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) || + !CompareGuid (&CertData->AuthInfo.CertType, &gEfiCertPkcs7Guid)) { + // + // Invalid AuthInfo type, return EFI_SECURITY_VIOLATION. + // + return EFI_SECURITY_VIOLATION; + } + + // + // Find out Pkcs7 SignedData which follows the EFI_VARIABLE_AUTHENTICATION_2 descriptor. + // AuthInfo.Hdr.dwLength is the length of the entire certificate, including the length of the header. + // + SigData = CertData->AuthInfo.CertData; + SigDataSize = CertData->AuthInfo.Hdr.dwLength - (UINT32) (OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)); + + // + // SignedData.digestAlgorithms shall contain the digest algorithm used when preparing the + // signature. Only a digest algorithm of SHA-256 is accepted. + // + // According to PKCS#7 Definition: + // SignedData ::= SEQUENCE { + // version Version, + // digestAlgorithms DigestAlgorithmIdentifiers, + // contentInfo ContentInfo, + // .... } + // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm + // in VARIABLE_AUTHENTICATION_2 descriptor. + // This field has the fixed offset (+13) and be calculated based on two bytes of length encoding. + // + if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { + if (SigDataSize >= (13 + sizeof (mSha256OidValue))) { + if (((*(SigData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) || + (CompareMem (SigData + 13, &mSha256OidValue, sizeof (mSha256OidValue)) != 0)) { + return EFI_SECURITY_VIOLATION; + } + } + } + + // + // Find out the new data payload which follows Pkcs7 SignedData directly. + // + PayloadPtr = SigData + SigDataSize; + PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize; + + // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables. + if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) { + VerifyStatus = TRUE; + goto Exit; + } + + // + // Construct a serialization buffer of the values of the VariableName, VendorGuid and Attributes + // parameters of the SetVariable() call and the TimeStamp component of the + // EFI_VARIABLE_AUTHENTICATION_2 descriptor followed by the variable's new value + // i.e. (VariableName, VendorGuid, Attributes, TimeStamp, Data) + // + NewDataSize = PayloadSize + sizeof (EFI_TIME) + sizeof (UINT32) + + sizeof (EFI_GUID) + StrSize (VariableName) - sizeof (CHAR16); + + // + // Here is to reuse scratch data area(at the end of volatile variable store) + // to reduce SMRAM consumption for SMM variable driver. + // The scratch buffer is enough to hold the serialized data and safe to use, + // because it is only used at here to do verification temporarily first + // and then used in UpdateVariable() for a time based auth variable set. + // + Status = mAuthVarLibContextIn->GetScratchBuffer (&NewDataSize, (VOID **) &NewData); + if (EFI_ERROR (Status)) { + return EFI_OUT_OF_RESOURCES; + } + + Buffer = NewData; + Length = StrLen (VariableName) * sizeof (CHAR16); + CopyMem (Buffer, VariableName, Length); + Buffer += Length; + + Length = sizeof (EFI_GUID); + CopyMem (Buffer, VendorGuid, Length); + Buffer += Length; + + Length = sizeof (UINT32); + CopyMem (Buffer, &Attr, Length); + Buffer += Length; + + Length = sizeof (EFI_TIME); + CopyMem (Buffer, &CertData->TimeStamp, Length); + Buffer += Length; + + CopyMem (Buffer, PayloadPtr, PayloadSize); + + if (AuthVarType == AuthVarTypePk) { + // + // Verify that the signature has been made with the current Platform Key (no chaining for PK). + // First, get signer's certificates from SignedData. + // + VerifyStatus = Pkcs7GetSigners ( + SigData, + SigDataSize, + &SignerCerts, + &CertStackSize, + &TopLevelCert, + &TopLevelCertSize + ); + if (!VerifyStatus) { + goto Exit; + } + + // + // Second, get the current platform key from variable. Check whether it's identical with signer's certificates + // in SignedData. If not, return error immediately. + // + Status = AuthServiceInternalFindVariable ( + EFI_PLATFORM_KEY_NAME, + &gEfiGlobalVariableGuid, + &Data, + &DataSize + ); + if (EFI_ERROR (Status)) { + VerifyStatus = FALSE; + goto Exit; + } + CertList = (EFI_SIGNATURE_LIST *) Data; + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + if ((TopLevelCertSize != (CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1))) || + (CompareMem (Cert->SignatureData, TopLevelCert, TopLevelCertSize) != 0)) { + VerifyStatus = FALSE; + goto Exit; + } + + // + // Verify Pkcs7 SignedData via Pkcs7Verify library. + // + VerifyStatus = Pkcs7Verify ( + SigData, + SigDataSize, + TopLevelCert, + TopLevelCertSize, + NewData, + NewDataSize + ); + + } else if (AuthVarType == AuthVarTypeKek) { + + // + // Get KEK database from variable. + // + Status = AuthServiceInternalFindVariable ( + EFI_KEY_EXCHANGE_KEY_NAME, + &gEfiGlobalVariableGuid, + &Data, + &DataSize + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Ready to verify Pkcs7 SignedData. Go through KEK Signature Database to find out X.509 CertList. + // + KekDataSize = (UINT32) DataSize; + CertList = (EFI_SIGNATURE_LIST *) Data; + while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) { + if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + for (Index = 0; Index < CertCount; Index++) { + // + // Iterate each Signature Data Node within this CertList for a verify + // + TrustedCert = Cert->SignatureData; + TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1); + + // + // Verify Pkcs7 SignedData via Pkcs7Verify library. + // + VerifyStatus = Pkcs7Verify ( + SigData, + SigDataSize, + TrustedCert, + TrustedCertSize, + NewData, + NewDataSize + ); + if (VerifyStatus) { + goto Exit; + } + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + } + } + KekDataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + } else if (AuthVarType == AuthVarTypePriv) { + + // + // Process common authenticated variable except PK/KEK/DB/DBX/DBT. + // Get signer's certificates from SignedData. + // + VerifyStatus = Pkcs7GetSigners ( + SigData, + SigDataSize, + &SignerCerts, + &CertStackSize, + &TopLevelCert, + &TopLevelCertSize + ); + if (!VerifyStatus) { + goto Exit; + } + + // + // Get previously stored signer's certificates from certdb or certdbv for existing + // variable. Check whether they are identical with signer's certificates + // in SignedData. If not, return error immediately. + // + if (OrgTimeStamp != NULL) { + VerifyStatus = FALSE; + + Status = GetCertsFromDb (VariableName, VendorGuid, Attributes, &CertsInCertDb, &CertsSizeinDb); + if (EFI_ERROR (Status)) { + goto Exit; + } + + if (CertsSizeinDb == SHA256_DIGEST_SIZE) { + // + // Check hash of signer cert CommonName + Top-level issuer tbsCertificate against data in CertDb + // + CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1); + Status = CalculatePrivAuthVarSignChainSHA256Digest( + CertDataPtr->CertDataBuffer, + ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)), + TopLevelCert, + TopLevelCertSize, + Sha256Digest + ); + if (EFI_ERROR(Status) || CompareMem (Sha256Digest, CertsInCertDb, CertsSizeinDb) != 0){ + goto Exit; + } + } else { + // + // Keep backward compatible with previous solution which saves whole signer certs stack in CertDb + // + if ((CertStackSize != CertsSizeinDb) || + (CompareMem (SignerCerts, CertsInCertDb, CertsSizeinDb) != 0)) { + goto Exit; + } + } + } + + VerifyStatus = Pkcs7Verify ( + SigData, + SigDataSize, + TopLevelCert, + TopLevelCertSize, + NewData, + NewDataSize + ); + if (!VerifyStatus) { + goto Exit; + } + + if ((OrgTimeStamp == NULL) && (PayloadSize != 0)) { + // + // When adding a new common authenticated variable, always save Hash of cn of signer cert + tbsCertificate of Top-level issuer + // + CertDataPtr = (EFI_CERT_DATA *)(SignerCerts + 1); + Status = InsertCertsToDb ( + VariableName, + VendorGuid, + Attributes, + CertDataPtr->CertDataBuffer, + ReadUnaligned32 ((UINT32 *)&(CertDataPtr->CertDataLength)), + TopLevelCert, + TopLevelCertSize + ); + if (EFI_ERROR (Status)) { + VerifyStatus = FALSE; + goto Exit; + } + } + } else if (AuthVarType == AuthVarTypePayload) { + CertList = (EFI_SIGNATURE_LIST *) PayloadPtr; + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + TrustedCert = Cert->SignatureData; + TrustedCertSize = CertList->SignatureSize - (sizeof (EFI_SIGNATURE_DATA) - 1); + // + // Verify Pkcs7 SignedData via Pkcs7Verify library. + // + VerifyStatus = Pkcs7Verify ( + SigData, + SigDataSize, + TrustedCert, + TrustedCertSize, + NewData, + NewDataSize + ); + } else { + return EFI_SECURITY_VIOLATION; + } + +Exit: + + if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) { + if (TopLevelCert != NULL) { + Pkcs7FreeSigners (TopLevelCert); + } + if (SignerCerts != NULL) { + Pkcs7FreeSigners (SignerCerts); + } + } + + if (!VerifyStatus) { + return EFI_SECURITY_VIOLATION; + } + + Status = CheckSignatureListFormat(VariableName, VendorGuid, PayloadPtr, PayloadSize); + if (EFI_ERROR (Status)) { + return Status; + } + + *VarPayloadPtr = PayloadPtr; + *VarPayloadSize = PayloadSize; + + return EFI_SUCCESS; +} + +/** + Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are external input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security issues, like + buffer overflow, integer overflow. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data found. If size is less than the + data, this value contains the required size. + @param[in] Attributes Attribute value of the variable. + @param[in] AuthVarType Verify against PK, KEK database, private database or certificate in data payload. + @param[out] VarDel Delete the variable or not. + + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation + check carried out by the firmware. + @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack + of resources. + @retval EFI_SUCCESS Variable pass validation successfully. + +**/ +EFI_STATUS +VerifyTimeBasedPayloadAndUpdate ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN AUTHVAR_TYPE AuthVarType, + OUT BOOLEAN *VarDel + ) +{ + EFI_STATUS Status; + EFI_STATUS FindStatus; + UINT8 *PayloadPtr; + UINTN PayloadSize; + EFI_VARIABLE_AUTHENTICATION_2 *CertData; + AUTH_VARIABLE_INFO OrgVariableInfo; + BOOLEAN IsDel; + + ZeroMem (&OrgVariableInfo, sizeof (OrgVariableInfo)); + FindStatus = mAuthVarLibContextIn->FindVariable ( + VariableName, + VendorGuid, + &OrgVariableInfo + ); + + Status = VerifyTimeBasedPayload ( + VariableName, + VendorGuid, + Data, + DataSize, + Attributes, + AuthVarType, + (!EFI_ERROR (FindStatus)) ? OrgVariableInfo.TimeStamp : NULL, + &PayloadPtr, + &PayloadSize + ); + if (EFI_ERROR (Status)) { + return Status; + } + + if (!EFI_ERROR(FindStatus) + && (PayloadSize == 0) + && ((Attributes & EFI_VARIABLE_APPEND_WRITE) == 0)) { + IsDel = TRUE; + } else { + IsDel = FALSE; + } + + CertData = (EFI_VARIABLE_AUTHENTICATION_2 *) Data; + + // + // Final step: Update/Append Variable if it pass Pkcs7Verify + // + Status = AuthServiceInternalUpdateVariableWithTimeStamp ( + VariableName, + VendorGuid, + PayloadPtr, + PayloadSize, + Attributes, + &CertData->TimeStamp + ); + + // + // Delete signer's certificates when delete the common authenticated variable. + // + if (IsDel && AuthVarType == AuthVarTypePriv && !EFI_ERROR(Status) ) { + Status = DeleteCertsFromDb (VariableName, VendorGuid, Attributes); + } + + if (VarDel != NULL) { + if (IsDel && !EFI_ERROR(Status)) { + *VarDel = TRUE; + } else { + *VarDel = FALSE; + } + } + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h new file mode 100644 index 00000000..7cbb1b73 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h @@ -0,0 +1,369 @@ +/** @file + The internal header file includes the common header files, defines + internal structure and functions used by AuthService module. + + Caution: This module requires additional review when modified. + This driver will have external input - variable data. It may be input in SMM mode. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + Variable attribute should also be checked to avoid authentication bypass. + The whole SMM authentication variable design relies on the integrity of flash part and SMM. + which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory + may not be modified without authorization. If platform fails to protect these resources, + the authentication service provided in this driver will be broken, and the behavior is undefined. + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _AUTHSERVICE_INTERNAL_H_ +#define _AUTHSERVICE_INTERNAL_H_ + +#include <Library/AuthVariableLib.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/PlatformSecureLib.h> + +#include <Guid/AuthenticatedVariableFormat.h> +#include <Guid/ImageAuthentication.h> + +#define TWO_BYTE_ENCODE 0x82 + +/// +/// Struct to record signature requirement defined by UEFI spec. +/// For SigHeaderSize and SigDataSize, ((UINT32) ~0) means NO exact length requirement for this field. +/// +typedef struct { + EFI_GUID SigType; + // Expected SignatureHeader size in Bytes. + UINT32 SigHeaderSize; + // Expected SignatureData size in Bytes. + UINT32 SigDataSize; +} EFI_SIGNATURE_ITEM; + +typedef enum { + AuthVarTypePk, + AuthVarTypeKek, + AuthVarTypePriv, + AuthVarTypePayload +} AUTHVAR_TYPE; + +/// +/// "certdb" variable stores the signer's certificates for non PK/KEK/DB/DBX +/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS|EFI_VARIABLE_NON_VOLATILE set. +/// "certdbv" variable stores the signer's certificates for non PK/KEK/DB/DBX +/// variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set +/// +/// GUID: gEfiCertDbGuid +/// +/// We need maintain atomicity. +/// +/// Format: +/// +----------------------------+ +/// | UINT32 | <-- CertDbListSize, including this UINT32 +/// +----------------------------+ +/// | AUTH_CERT_DB_DATA | <-- First CERT +/// +----------------------------+ +/// | ........ | +/// +----------------------------+ +/// | AUTH_CERT_DB_DATA | <-- Last CERT +/// +----------------------------+ +/// +#define EFI_CERT_DB_NAME L"certdb" +#define EFI_CERT_DB_VOLATILE_NAME L"certdbv" + +#pragma pack(1) +typedef struct { + EFI_GUID VendorGuid; + UINT32 CertNodeSize; + UINT32 NameSize; + UINT32 CertDataSize; + /// CHAR16 VariableName[NameSize]; + /// UINT8 CertData[CertDataSize]; +} AUTH_CERT_DB_DATA; +#pragma pack() + +extern UINT8 *mCertDbStore; +extern UINT32 mMaxCertDbSize; +extern UINT32 mPlatformMode; +extern UINT8 mVendorKeyState; + +extern VOID *mHashCtx; + +extern AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn; + + +/** + Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are external input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security issues, like + buffer overflow, integer overflow. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data found. If size is less than the + data, this value contains the required size. + @param[in] Attributes Attribute value of the variable. + @param[in] AuthVarType Verify against PK, KEK database, private database or certificate in data payload. + @param[out] VarDel Delete the variable or not. + + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_SECURITY_VIOLATION The variable does NOT pass the validation + check carried out by the firmware. + @retval EFI_OUT_OF_RESOURCES Failed to process variable due to lack + of resources. + @retval EFI_SUCCESS Variable pass validation successfully. + +**/ +EFI_STATUS +VerifyTimeBasedPayloadAndUpdate ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN AUTHVAR_TYPE AuthVarType, + OUT BOOLEAN *VarDel + ); + +/** + Delete matching signer's certificates when deleting common authenticated + variable by corresponding VariableName and VendorGuid from "certdb" or + "certdbv" according to authenticated variable attributes. + + @param[in] VariableName Name of authenticated Variable. + @param[in] VendorGuid Vendor GUID of authenticated Variable. + @param[in] Attributes Attributes of authenticated variable. + + @retval EFI_INVALID_PARAMETER Any input parameter is invalid. + @retval EFI_NOT_FOUND Fail to find "certdb"/"certdbv" or matching certs. + @retval EFI_OUT_OF_RESOURCES The operation is failed due to lack of resources. + @retval EFI_SUCCESS The operation is completed successfully. + +**/ +EFI_STATUS +DeleteCertsFromDb ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes + ); + +/** + Clean up signer's certificates for common authenticated variable + by corresponding VariableName and VendorGuid from "certdb". + System may break down during Timebased Variable update & certdb update, + make them inconsistent, this function is called in AuthVariable Init to ensure + consistency + + @retval EFI_NOT_FOUND Fail to find matching certs. + @retval EFI_SUCCESS Find matching certs and output parameters. + +**/ +EFI_STATUS +CleanCertsFromDb ( + VOID + ); + +/** + Filter out the duplicated EFI_SIGNATURE_DATA from the new data by comparing to the original data. + + @param[in] Data Pointer to original EFI_SIGNATURE_LIST. + @param[in] DataSize Size of Data buffer. + @param[in, out] NewData Pointer to new EFI_SIGNATURE_LIST. + @param[in, out] NewDataSize Size of NewData buffer. + +**/ +EFI_STATUS +FilterSignatureList ( + IN VOID *Data, + IN UINTN DataSize, + IN OUT VOID *NewData, + IN OUT UINTN *NewDataSize + ); + +/** + Process variable with platform key for verification. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are external input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security issues, like + buffer overflow, integer overflow. + This function will check attribute carefully to avoid authentication bypass. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data found. If size is less than the + data, this value contains the required size. + @param[in] Attributes Attribute value of the variable + @param[in] IsPk Indicate whether it is to process pk. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation. + check carried out by the firmware. + @return EFI_SUCCESS Variable passed validation successfully. + +**/ +EFI_STATUS +ProcessVarWithPk ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes OPTIONAL, + IN BOOLEAN IsPk + ); + +/** + Process variable with key exchange key for verification. + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are external input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security issues, like + buffer overflow, integer overflow. + This function will check attribute carefully to avoid authentication bypass. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data found. If size is less than the + data, this value contains the required size. + @param[in] Attributes Attribute value of the variable. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_SECURITY_VIOLATION The variable does NOT pass the validation + check carried out by the firmware. + @return EFI_SUCCESS Variable pass validation successfully. + +**/ +EFI_STATUS +ProcessVarWithKek ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes OPTIONAL + ); + +/** + Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set + + Caution: This function may receive untrusted input. + This function may be invoked in SMM mode, and datasize and data are external input. + This function will do basic validation, before parse the data. + This function will parse the authentication carefully to avoid security issues, like + buffer overflow, integer overflow. + This function will check attribute carefully to avoid authentication bypass. + + @param[in] VariableName Name of the variable. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data. + @param[in] Attributes Attribute value of the variable. + + @return EFI_INVALID_PARAMETER Invalid parameter. + @return EFI_WRITE_PROTECTED Variable is write-protected and needs authentication with + EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS or EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. + @return EFI_OUT_OF_RESOURCES The Database to save the public key is full. + @return EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + set, but the AuthInfo does NOT pass the validation + check carried out by the firmware. + @return EFI_SUCCESS Variable is not write-protected or pass validation successfully. + +**/ +EFI_STATUS +ProcessVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes + ); + +/** + Finds variable in storage blocks of volatile and non-volatile storage areas. + + This code finds variable in storage blocks of volatile and non-volatile storage areas. + If VariableName is an empty string, then we just return the first + qualified variable without comparing VariableName and VendorGuid. + + @param[in] VariableName Name of the variable to be found. + @param[in] VendorGuid Variable vendor GUID to be found. + @param[out] Data Pointer to data address. + @param[out] DataSize Pointer to data size. + + @retval EFI_INVALID_PARAMETER If VariableName is not an empty string, + while VendorGuid is NULL. + @retval EFI_SUCCESS Variable successfully found. + @retval EFI_NOT_FOUND Variable not found + +**/ +EFI_STATUS +AuthServiceInternalFindVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT VOID **Data, + OUT UINTN *DataSize + ); + +/** + Update the variable region with Variable information. + + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data. + @param[in] Attributes Attribute value of the variable. + + @retval EFI_SUCCESS The update operation is success. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_WRITE_PROTECTED Variable is write-protected. + @retval EFI_OUT_OF_RESOURCES There is not enough resource. + +**/ +EFI_STATUS +AuthServiceInternalUpdateVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes + ); + +/** + Update the variable region with Variable information. + + @param[in] VariableName Name of variable. + @param[in] VendorGuid Guid of variable. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data. + @param[in] Attributes Attribute value of the variable. + @param[in] TimeStamp Value of associated TimeStamp. + + @retval EFI_SUCCESS The update operation is success. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_WRITE_PROTECTED Variable is write-protected. + @retval EFI_OUT_OF_RESOURCES There is not enough resource. + +**/ +EFI_STATUS +AuthServiceInternalUpdateVariableWithTimeStamp ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes, + IN EFI_TIME *TimeStamp + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c new file mode 100644 index 00000000..b611ef9b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -0,0 +1,421 @@ +/** @file + Implement authentication services for the authenticated variables. + + Caution: This module requires additional review when modified. + This driver will have external input - variable data. It may be input in SMM mode. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + Variable attribute should also be checked to avoid authentication bypass. + The whole SMM authentication variable design relies on the integrity of flash part and SMM. + which is assumed to be protected by platform. All variable code and metadata in flash/SMM Memory + may not be modified without authorization. If platform fails to protect these resources, + the authentication service provided in this driver will be broken, and the behavior is undefined. + +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "AuthServiceInternal.h" + +/// +/// Global database array for scratch +/// +UINT8 *mCertDbStore; +UINT32 mMaxCertDbSize; +UINT32 mPlatformMode; +UINT8 mVendorKeyState; + +EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID}; + +// +// Hash context pointer +// +VOID *mHashCtx = NULL; + +VARIABLE_ENTRY_PROPERTY mAuthVarEntry[] = { + { + &gEfiSecureBootEnableDisableGuid, + EFI_SECURE_BOOT_ENABLE_NAME, + { + VAR_CHECK_VARIABLE_PROPERTY_REVISION, + 0, + VARIABLE_ATTRIBUTE_NV_BS, + sizeof (UINT8), + sizeof (UINT8) + } + }, + { + &gEfiCustomModeEnableGuid, + EFI_CUSTOM_MODE_NAME, + { + VAR_CHECK_VARIABLE_PROPERTY_REVISION, + 0, + VARIABLE_ATTRIBUTE_NV_BS, + sizeof (UINT8), + sizeof (UINT8) + } + }, + { + &gEfiVendorKeysNvGuid, + EFI_VENDOR_KEYS_NV_VARIABLE_NAME, + { + VAR_CHECK_VARIABLE_PROPERTY_REVISION, + VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, + VARIABLE_ATTRIBUTE_NV_BS_RT_AT, + sizeof (UINT8), + sizeof (UINT8) + } + }, + { + &gEfiCertDbGuid, + EFI_CERT_DB_NAME, + { + VAR_CHECK_VARIABLE_PROPERTY_REVISION, + VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, + VARIABLE_ATTRIBUTE_NV_BS_RT_AT, + sizeof (UINT32), + MAX_UINTN + } + }, + { + &gEfiCertDbGuid, + EFI_CERT_DB_VOLATILE_NAME, + { + VAR_CHECK_VARIABLE_PROPERTY_REVISION, + VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY, + VARIABLE_ATTRIBUTE_BS_RT_AT, + sizeof (UINT32), + MAX_UINTN + } + }, +}; + +VOID **mAuthVarAddressPointer[9]; + +AUTH_VAR_LIB_CONTEXT_IN *mAuthVarLibContextIn = NULL; + +/** + Initialization for authenticated variable services. + If this initialization returns error status, other APIs will not work + and expect to be not called then. + + @param[in] AuthVarLibContextIn Pointer to input auth variable lib context. + @param[out] AuthVarLibContextOut Pointer to output auth variable lib context. + + @retval EFI_SUCCESS Function successfully executed. + @retval EFI_INVALID_PARAMETER If AuthVarLibContextIn == NULL or AuthVarLibContextOut == NULL. + @retval EFI_OUT_OF_RESOURCES Fail to allocate enough resource. + @retval EFI_UNSUPPORTED Unsupported to process authenticated variable. + +**/ +EFI_STATUS +EFIAPI +AuthVariableLibInitialize ( + IN AUTH_VAR_LIB_CONTEXT_IN *AuthVarLibContextIn, + OUT AUTH_VAR_LIB_CONTEXT_OUT *AuthVarLibContextOut + ) +{ + EFI_STATUS Status; + UINT32 VarAttr; + UINT8 *Data; + UINTN DataSize; + UINTN CtxSize; + UINT8 SecureBootMode; + UINT8 SecureBootEnable; + UINT8 CustomMode; + UINT32 ListSize; + + if ((AuthVarLibContextIn == NULL) || (AuthVarLibContextOut == NULL)) { + return EFI_INVALID_PARAMETER; + } + + mAuthVarLibContextIn = AuthVarLibContextIn; + + // + // Initialize hash context. + // + CtxSize = Sha256GetContextSize (); + mHashCtx = AllocateRuntimePool (CtxSize); + if (mHashCtx == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Reserve runtime buffer for certificate database. The size excludes variable header and name size. + // Use EFI_CERT_DB_VOLATILE_NAME size since it is longer. + // + mMaxCertDbSize = (UINT32) (mAuthVarLibContextIn->MaxAuthVariableSize - sizeof (EFI_CERT_DB_VOLATILE_NAME)); + mCertDbStore = AllocateRuntimePool (mMaxCertDbSize); + if (mCertDbStore == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = AuthServiceInternalFindVariable (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID **) &Data, &DataSize); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_INFO, "Variable %s does not exist.\n", EFI_PLATFORM_KEY_NAME)); + } else { + DEBUG ((EFI_D_INFO, "Variable %s exists.\n", EFI_PLATFORM_KEY_NAME)); + } + + // + // Create "SetupMode" variable with BS+RT attribute set. + // + if (EFI_ERROR (Status)) { + mPlatformMode = SETUP_MODE; + } else { + mPlatformMode = USER_MODE; + } + Status = AuthServiceInternalUpdateVariable ( + EFI_SETUP_MODE_NAME, + &gEfiGlobalVariableGuid, + &mPlatformMode, + sizeof(UINT8), + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Create "SignatureSupport" variable with BS+RT attribute set. + // + Status = AuthServiceInternalUpdateVariable ( + EFI_SIGNATURE_SUPPORT_NAME, + &gEfiGlobalVariableGuid, + mSignatureSupport, + sizeof(mSignatureSupport), + EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // If "SecureBootEnable" variable exists, then update "SecureBoot" variable. + // If "SecureBootEnable" variable is SECURE_BOOT_ENABLE and in USER_MODE, Set "SecureBoot" variable to SECURE_BOOT_MODE_ENABLE. + // If "SecureBootEnable" variable is SECURE_BOOT_DISABLE, Set "SecureBoot" variable to SECURE_BOOT_MODE_DISABLE. + // + SecureBootEnable = SECURE_BOOT_DISABLE; + Status = AuthServiceInternalFindVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID **) &Data, &DataSize); + if (!EFI_ERROR (Status)) { + if (mPlatformMode == USER_MODE){ + SecureBootEnable = *(UINT8 *) Data; + } + } else if (mPlatformMode == USER_MODE) { + // + // "SecureBootEnable" not exist, initialize it in USER_MODE. + // + SecureBootEnable = SECURE_BOOT_ENABLE; + Status = AuthServiceInternalUpdateVariable ( + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + &SecureBootEnable, + sizeof (UINT8), + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + // + // Create "SecureBoot" variable with BS+RT attribute set. + // + if (SecureBootEnable == SECURE_BOOT_ENABLE && mPlatformMode == USER_MODE) { + SecureBootMode = SECURE_BOOT_MODE_ENABLE; + } else { + SecureBootMode = SECURE_BOOT_MODE_DISABLE; + } + Status = AuthServiceInternalUpdateVariable ( + EFI_SECURE_BOOT_MODE_NAME, + &gEfiGlobalVariableGuid, + &SecureBootMode, + sizeof (UINT8), + EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); + if (EFI_ERROR (Status)) { + return Status; + } + + DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SETUP_MODE_NAME, mPlatformMode)); + DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_MODE_NAME, SecureBootMode)); + DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_SECURE_BOOT_ENABLE_NAME, SecureBootEnable)); + + // + // Initialize "CustomMode" in STANDARD_SECURE_BOOT_MODE state. + // + CustomMode = STANDARD_SECURE_BOOT_MODE; + Status = AuthServiceInternalUpdateVariable ( + EFI_CUSTOM_MODE_NAME, + &gEfiCustomModeEnableGuid, + &CustomMode, + sizeof (UINT8), + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); + if (EFI_ERROR (Status)) { + return Status; + } + + DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_CUSTOM_MODE_NAME, CustomMode)); + + // + // Check "certdb" variable's existence. + // If it doesn't exist, then create a new one with + // EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. + // + Status = AuthServiceInternalFindVariable ( + EFI_CERT_DB_NAME, + &gEfiCertDbGuid, + (VOID **) &Data, + &DataSize + ); + if (EFI_ERROR (Status)) { + VarAttr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + ListSize = sizeof (UINT32); + Status = AuthServiceInternalUpdateVariable ( + EFI_CERT_DB_NAME, + &gEfiCertDbGuid, + &ListSize, + sizeof (UINT32), + VarAttr + ); + if (EFI_ERROR (Status)) { + return Status; + } + } else { + // + // Clean up Certs to make certDB & Time based auth variable consistent + // + Status = CleanCertsFromDb(); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Clean up CertDB fail! Status %x\n", Status)); + return Status; + } + } + + // + // Create "certdbv" variable with RT+BS+AT set. + // + VarAttr = EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + ListSize = sizeof (UINT32); + Status = AuthServiceInternalUpdateVariable ( + EFI_CERT_DB_VOLATILE_NAME, + &gEfiCertDbGuid, + &ListSize, + sizeof (UINT32), + VarAttr + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Check "VendorKeysNv" variable's existence and create "VendorKeys" variable accordingly. + // + Status = AuthServiceInternalFindVariable (EFI_VENDOR_KEYS_NV_VARIABLE_NAME, &gEfiVendorKeysNvGuid, (VOID **) &Data, &DataSize); + if (!EFI_ERROR (Status)) { + mVendorKeyState = *(UINT8 *)Data; + } else { + // + // "VendorKeysNv" not exist, initialize it in VENDOR_KEYS_VALID state. + // + mVendorKeyState = VENDOR_KEYS_VALID; + Status = AuthServiceInternalUpdateVariable ( + EFI_VENDOR_KEYS_NV_VARIABLE_NAME, + &gEfiVendorKeysNvGuid, + &mVendorKeyState, + sizeof (UINT8), + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + // + // Create "VendorKeys" variable with BS+RT attribute set. + // + Status = AuthServiceInternalUpdateVariable ( + EFI_VENDOR_KEYS_VARIABLE_NAME, + &gEfiGlobalVariableGuid, + &mVendorKeyState, + sizeof (UINT8), + EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS + ); + if (EFI_ERROR (Status)) { + return Status; + } + + DEBUG ((EFI_D_INFO, "Variable %s is %x\n", EFI_VENDOR_KEYS_VARIABLE_NAME, mVendorKeyState)); + + AuthVarLibContextOut->StructVersion = AUTH_VAR_LIB_CONTEXT_OUT_STRUCT_VERSION; + AuthVarLibContextOut->StructSize = sizeof (AUTH_VAR_LIB_CONTEXT_OUT); + AuthVarLibContextOut->AuthVarEntry = mAuthVarEntry; + AuthVarLibContextOut->AuthVarEntryCount = ARRAY_SIZE (mAuthVarEntry); + mAuthVarAddressPointer[0] = (VOID **) &mCertDbStore; + mAuthVarAddressPointer[1] = (VOID **) &mHashCtx; + mAuthVarAddressPointer[2] = (VOID **) &mAuthVarLibContextIn; + mAuthVarAddressPointer[3] = (VOID **) &(mAuthVarLibContextIn->FindVariable), + mAuthVarAddressPointer[4] = (VOID **) &(mAuthVarLibContextIn->FindNextVariable), + mAuthVarAddressPointer[5] = (VOID **) &(mAuthVarLibContextIn->UpdateVariable), + mAuthVarAddressPointer[6] = (VOID **) &(mAuthVarLibContextIn->GetScratchBuffer), + mAuthVarAddressPointer[7] = (VOID **) &(mAuthVarLibContextIn->CheckRemainingSpaceForConsistency), + mAuthVarAddressPointer[8] = (VOID **) &(mAuthVarLibContextIn->AtRuntime), + AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer; + AuthVarLibContextOut->AddressPointerCount = ARRAY_SIZE (mAuthVarAddressPointer); + + return Status; +} + +/** + Process variable with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set. + + @param[in] VariableName Name of the variable. + @param[in] VendorGuid Variable vendor GUID. + @param[in] Data Data pointer. + @param[in] DataSize Size of Data. + @param[in] Attributes Attribute value of the variable. + + @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as + defined by the Attributes. + @retval EFI_INVALID_PARAMETER Invalid parameter. + @retval EFI_WRITE_PROTECTED Variable is write-protected. + @retval EFI_OUT_OF_RESOURCES There is not enough resource. + @retval EFI_SECURITY_VIOLATION The variable is with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + set, but the AuthInfo does NOT pass the validation + check carried out by the firmware. + @retval EFI_UNSUPPORTED Unsupported to process authenticated variable. + +**/ +EFI_STATUS +EFIAPI +AuthVariableLibProcessVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN DataSize, + IN UINT32 Attributes + ) +{ + EFI_STATUS Status; + + if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_PLATFORM_KEY_NAME) == 0)){ + Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, TRUE); + } else if (CompareGuid (VendorGuid, &gEfiGlobalVariableGuid) && (StrCmp (VariableName, EFI_KEY_EXCHANGE_KEY_NAME) == 0)) { + Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE); + } else if (CompareGuid (VendorGuid, &gEfiImageSecurityDatabaseGuid) && + ((StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) || + (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE1) == 0) || + (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0) + )) { + Status = ProcessVarWithPk (VariableName, VendorGuid, Data, DataSize, Attributes, FALSE); + if (EFI_ERROR (Status)) { + Status = ProcessVarWithKek (VariableName, VendorGuid, Data, DataSize, Attributes); + } + } else { + Status = ProcessVariable (VariableName, VendorGuid, Data, DataSize, Attributes); + } + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf new file mode 100644 index 00000000..6f94b63c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf @@ -0,0 +1,88 @@ +## @file +# Provides authenticated variable services. +# +# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2018, ARM Limited. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = AuthVariableLib + MODULE_UNI_FILE = AuthVariableLib.uni + FILE_GUID = B23CF5FB-6FCC-4422-B145-D855DBC05457 + MODULE_TYPE = DXE_RUNTIME_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = AuthVariableLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER MM_STANDALONE + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources] + AuthVariableLib.c + AuthService.c + AuthServiceInternal.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib + PlatformSecureLib + VariablePolicyLib + +[Guids] + ## CONSUMES ## Variable:L"SetupMode" + ## PRODUCES ## Variable:L"SetupMode" + ## SOMETIMES_CONSUMES ## Variable:L"PK" + ## SOMETIMES_CONSUMES ## Variable:L"KEK" + ## CONSUMES ## Variable:L"SecureBoot" + ## PRODUCES ## Variable:L"SecureBoot" + ## CONSUMES ## Variable:L"SignatureSupport" + ## PRODUCES ## Variable:L"SignatureSupport" + ## PRODUCES ## Variable:L"VendorKeys" + gEfiGlobalVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"DB" + ## SOMETIMES_CONSUMES ## Variable:L"DBX" + ## SOMETIMES_CONSUMES ## Variable:L"DBT" + gEfiImageSecurityDatabaseGuid + + ## CONSUMES ## Variable:L"SecureBootEnable" + ## PRODUCES ## Variable:L"SecureBootEnable" + gEfiSecureBootEnableDisableGuid + + ## CONSUMES ## Variable:L"CustomMode" + ## PRODUCES ## Variable:L"CustomMode" + gEfiCustomModeEnableGuid + + ## CONSUMES ## Variable:L"certdb" + ## CONSUMES ## Variable:L"certdbv" + ## PRODUCES ## Variable:L"certdb" + ## PRODUCES ## Variable:L"certdbv" + gEfiCertDbGuid + + ## CONSUMES ## Variable:L"VendorKeysNv" + ## PRODUCES ## Variable:L"VendorKeysNv" + gEfiVendorKeysNvGuid + + ## CONSUMES ## Variable:L"AuthVarKeyDatabase" + ## PRODUCES ## Variable:L"AuthVarKeyDatabase" + gEfiAuthenticatedVariableGuid + + gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. + gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. + gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.uni new file mode 100644 index 00000000..b0884b35 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.uni @@ -0,0 +1,16 @@ +// /** @file
+// Provides authenticated variable services.
+//
+// Provides authenticated variable services.
+//
+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides authenticated variable services"
+
+#string STR_MODULE_DESCRIPTION #language en-US "Provides authenticated variable services."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c new file mode 100644 index 00000000..297e5ae4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.c @@ -0,0 +1,70 @@ +/** @file + Implement image authentication status check in UEFI2.3.1. + +Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> +#include <Library/SecurityManagementLib.h> + + +/** + Check image authentication status returned from Section Extraction Protocol + + @param[in] AuthenticationStatus This is the authentication status returned from + the Section Extraction Protocol when reading the input file. + @param[in] File This is a pointer to the device path of the file that is + being dispatched. This will optionally be used for logging. + @param[in] FileBuffer File buffer matches the input file device path. + @param[in] FileSize Size of File buffer matches the input file device path. + @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service. + + @retval EFI_SUCCESS The input file specified by File did authenticate, and the + platform policy dictates that the DXE Core may use File. + @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not + authenticate, and the platform policy dictates that the DXE + Foundation many not use File. + +**/ +EFI_STATUS +EFIAPI +DxeImageAuthenticationStatusHandler ( + IN UINT32 AuthenticationStatus, + IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL + IN VOID *FileBuffer, + IN UINTN FileSize, + IN BOOLEAN BootPolicy + ) +{ + if ((AuthenticationStatus & EFI_AUTH_STATUS_IMAGE_SIGNED) != 0) { + if ((AuthenticationStatus & (EFI_AUTH_STATUS_TEST_FAILED | EFI_AUTH_STATUS_NOT_TESTED)) != 0) { + return EFI_ACCESS_DENIED; + } + } + + return EFI_SUCCESS; +} + + +/** + Register image authentication status check handler. + + @param ImageHandle ImageHandle of the loaded driver. + @param SystemTable Pointer to the EFI System Table. + + @retval EFI_SUCCESS The handlers were registered successfully. +**/ +EFI_STATUS +EFIAPI +DxeImageAuthenticationStatusLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return RegisterSecurity2Handler ( + DxeImageAuthenticationStatusHandler, + EFI_AUTH_OPERATION_AUTHENTICATION_STATE + ); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf new file mode 100644 index 00000000..b99b8cf8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf @@ -0,0 +1,35 @@ +## @file +# Provides security service of image authentication status check +# +# Authentication Status Library module supports UEFI2.3.1 +# +# Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeImageAuthenticationStatusLib + MODULE_UNI_FILE = DxeImageAuthenticationStatusLib.uni + FILE_GUID = EB92D1DE-7C36-4680-BB88-A67E96049F72 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = DxeImageAuthenticationStatusLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DxeImageAuthenticationStatusLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + SecurityManagementLib diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.uni new file mode 100644 index 00000000..99b25081 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.uni @@ -0,0 +1,16 @@ +// /** @file
+// Provides security service of image authentication status check
+//
+// Authentication Status Library module supports UEFI2.3.1
+//
+// Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides security service of image authentication status check"
+
+#string STR_MODULE_DESCRIPTION #language en-US "The Authentication Status Library module supports UEFI2.3.1."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c new file mode 100644 index 00000000..275e86f6 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -0,0 +1,2081 @@ +/** @file + Implement image verification services for secure boot service + + Caution: This file requires additional review when modified. + This library will have external input - PE/COFF image. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + + DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content + read is within the image buffer. + + DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept + untrusted PE/COFF image and validate its data structure within this image buffer before use. + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "DxeImageVerificationLib.h" + +// +// Caution: This is used by a function which may receive untrusted input. +// These global variables hold PE/COFF image data, and they should be validated before use. +// +EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader; +UINT32 mPeCoffHeaderOffset; +EFI_GUID mCertType; + +// +// Information on current PE/COFF image +// +UINTN mImageSize; +UINT8 *mImageBase = NULL; +UINT8 mImageDigest[MAX_DIGEST_SIZE]; +UINTN mImageDigestSize; + +// +// Notify string for authorization UI. +// +CHAR16 mNotifyString1[MAX_NOTIFY_STRING_LEN] = L"Image verification pass but not found in authorized database!"; +CHAR16 mNotifyString2[MAX_NOTIFY_STRING_LEN] = L"Launch this image anyway? (Yes/Defer/No)"; +// +// Public Exponent of RSA Key. +// +CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; + + +// +// OID ASN.1 Value for Hash Algorithms +// +UINT8 mHashOidValue[] = { + 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512 + }; + +HASH_TABLE mHash[] = { +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES + { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final }, +#else + { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, NULL, NULL }, +#endif + { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL }, + { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final}, + { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final}, + { L"SHA512", 64, &mHashOidValue[32], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final} +}; + +EFI_STRING mHashTypeStr; + +/** + SecureBoot Hook for processing image verification. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[in] DataSize Size of Data found. If size is less than the + data, this value contains the required size. + @param[in] Data Data pointer. + +**/ +VOID +EFIAPI +SecureBootHook ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINTN DataSize, + IN VOID *Data + ); + +/** + Reads contents of a PE/COFF image in memory buffer. + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will make sure the PE/COFF image content + read is within the image buffer. + + @param FileHandle Pointer to the file handle to read the PE/COFF image. + @param FileOffset Offset into the PE/COFF image to begin the read operation. + @param ReadSize On input, the size in bytes of the requested read operation. + On output, the number of bytes actually read. + @param Buffer Output buffer that contains the data read from the PE/COFF image. + + @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size +**/ +EFI_STATUS +EFIAPI +DxeImageVerificationLibImageRead ( + IN VOID *FileHandle, + IN UINTN FileOffset, + IN OUT UINTN *ReadSize, + OUT VOID *Buffer + ) +{ + UINTN EndPosition; + + if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (MAX_ADDRESS - FileOffset < *ReadSize) { + return EFI_INVALID_PARAMETER; + } + + EndPosition = FileOffset + *ReadSize; + if (EndPosition > mImageSize) { + *ReadSize = (UINT32)(mImageSize - FileOffset); + } + + if (FileOffset >= mImageSize) { + *ReadSize = 0; + } + + CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); + + return EFI_SUCCESS; +} + + +/** + Get the image type. + + @param[in] File This is a pointer to the device path of the file that is + being dispatched. + + @return UINT32 Image Type + +**/ +UINT32 +GetImageType ( + IN CONST EFI_DEVICE_PATH_PROTOCOL *File + ) +{ + EFI_STATUS Status; + EFI_HANDLE DeviceHandle; + EFI_DEVICE_PATH_PROTOCOL *TempDevicePath; + EFI_BLOCK_IO_PROTOCOL *BlockIo; + + if (File == NULL) { + return IMAGE_UNKNOWN; + } + + // + // First check to see if File is from a Firmware Volume + // + DeviceHandle = NULL; + TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; + Status = gBS->LocateDevicePath ( + &gEfiFirmwareVolume2ProtocolGuid, + &TempDevicePath, + &DeviceHandle + ); + if (!EFI_ERROR (Status)) { + Status = gBS->OpenProtocol ( + DeviceHandle, + &gEfiFirmwareVolume2ProtocolGuid, + NULL, + NULL, + NULL, + EFI_OPEN_PROTOCOL_TEST_PROTOCOL + ); + if (!EFI_ERROR (Status)) { + return IMAGE_FROM_FV; + } + } + + // + // Next check to see if File is from a Block I/O device + // + DeviceHandle = NULL; + TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; + Status = gBS->LocateDevicePath ( + &gEfiBlockIoProtocolGuid, + &TempDevicePath, + &DeviceHandle + ); + if (!EFI_ERROR (Status)) { + BlockIo = NULL; + Status = gBS->OpenProtocol ( + DeviceHandle, + &gEfiBlockIoProtocolGuid, + (VOID **) &BlockIo, + NULL, + NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL + ); + if (!EFI_ERROR (Status) && BlockIo != NULL) { + if (BlockIo->Media != NULL) { + if (BlockIo->Media->RemovableMedia) { + // + // Block I/O is present and specifies the media is removable + // + return IMAGE_FROM_REMOVABLE_MEDIA; + } else { + // + // Block I/O is present and specifies the media is not removable + // + return IMAGE_FROM_FIXED_MEDIA; + } + } + } + } + + // + // File is not in a Firmware Volume or on a Block I/O device, so check to see if + // the device path supports the Simple File System Protocol. + // + DeviceHandle = NULL; + TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; + Status = gBS->LocateDevicePath ( + &gEfiSimpleFileSystemProtocolGuid, + &TempDevicePath, + &DeviceHandle + ); + if (!EFI_ERROR (Status)) { + // + // Simple File System is present without Block I/O, so assume media is fixed. + // + return IMAGE_FROM_FIXED_MEDIA; + } + + // + // File is not from an FV, Block I/O or Simple File System, so the only options + // left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC. + // + TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File; + while (!IsDevicePathEndType (TempDevicePath)) { + switch (DevicePathType (TempDevicePath)) { + + case MEDIA_DEVICE_PATH: + if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) { + return IMAGE_FROM_OPTION_ROM; + } + break; + + case MESSAGING_DEVICE_PATH: + if (DevicePathSubType(TempDevicePath) == MSG_MAC_ADDR_DP) { + return IMAGE_FROM_REMOVABLE_MEDIA; + } + break; + + default: + break; + } + TempDevicePath = NextDevicePathNode (TempDevicePath); + } + return IMAGE_UNKNOWN; +} + +/** + Calculate hash of Pe/Coff image based on the authenticode image hashing in + PE/COFF Specification 8.0 Appendix A + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. + + Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in + its caller function DxeImageVerificationHandler(). + + @param[in] HashAlg Hash algorithm type. + + @retval TRUE Successfully hash image. + @retval FALSE Fail in hash image. + +**/ +BOOLEAN +HashPeImage ( + IN UINT32 HashAlg + ) +{ + BOOLEAN Status; + EFI_IMAGE_SECTION_HEADER *Section; + VOID *HashCtx; + UINTN CtxSize; + UINT8 *HashBase; + UINTN HashSize; + UINTN SumOfBytesHashed; + EFI_IMAGE_SECTION_HEADER *SectionHeader; + UINTN Index; + UINTN Pos; + UINT32 CertSize; + UINT32 NumberOfRvaAndSizes; + + HashCtx = NULL; + SectionHeader = NULL; + Status = FALSE; + + if ((HashAlg >= HASHALG_MAX)) { + return FALSE; + } + + // + // Initialize context of hash. + // + ZeroMem (mImageDigest, MAX_DIGEST_SIZE); + + switch (HashAlg) { +#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES + case HASHALG_SHA1: + mImageDigestSize = SHA1_DIGEST_SIZE; + mCertType = gEfiCertSha1Guid; + break; +#endif + + case HASHALG_SHA256: + mImageDigestSize = SHA256_DIGEST_SIZE; + mCertType = gEfiCertSha256Guid; + break; + + case HASHALG_SHA384: + mImageDigestSize = SHA384_DIGEST_SIZE; + mCertType = gEfiCertSha384Guid; + break; + + case HASHALG_SHA512: + mImageDigestSize = SHA512_DIGEST_SIZE; + mCertType = gEfiCertSha512Guid; + break; + + default: + return FALSE; + } + + mHashTypeStr = mHash[HashAlg].Name; + CtxSize = mHash[HashAlg].GetContextSize(); + + HashCtx = AllocatePool (CtxSize); + if (HashCtx == NULL) { + return FALSE; + } + + // 1. Load the image header into memory. + + // 2. Initialize a SHA hash context. + Status = mHash[HashAlg].HashInit(HashCtx); + + if (!Status) { + goto Done; + } + + // + // Measuring PE/COFF Image Header; + // But CheckSum field and SECURITY data directory (certificate) are excluded + // + + // + // 3. Calculate the distance from the base of the image header to the image checksum address. + // 4. Hash the image header from its base to beginning of the image checksum. + // + HashBase = mImageBase; + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; + NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes; + } else if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { + // + // Use PE32+ offset. + // + HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase; + NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; + } else { + // + // Invalid header magic number. + // + Status = FALSE; + goto Done; + } + + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + + // + // 5. Skip over the image checksum (it occupies a single ULONG). + // + if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { + // + // 6. Since there is no Cert Directory in optional header, hash everything + // from the end of the checksum to the end of image header. + // + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); + } else { + // + // Use PE32+ offset. + // + HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); + } + + if (HashSize != 0) { + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + } + } else { + // + // 7. Hash everything from the end of the checksum to the start of the Cert Directory. + // + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + } else { + // + // Use PE32+ offset. + // + HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + } + + if (HashSize != 0) { + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + } + + // + // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) + // 9. Hash everything from the end of the Cert Directory to the end of image header. + // + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset + // + HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); + } else { + // + // Use PE32+ offset. + // + HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase); + } + + if (HashSize != 0) { + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + } + } + + // + // 10. Set the SUM_OF_BYTES_HASHED to the size of the header. + // + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + SumOfBytesHashed = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders; + } else { + // + // Use PE32+ offset + // + SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders; + } + + + Section = (EFI_IMAGE_SECTION_HEADER *) ( + mImageBase + + mPeCoffHeaderOffset + + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader + ); + + // + // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER + // structures in the image. The 'NumberOfSections' field of the image + // header indicates how big the table should be. Do not include any + // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. + // + SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections); + if (SectionHeader == NULL) { + Status = FALSE; + goto Done; + } + // + // 12. Using the 'PointerToRawData' in the referenced section headers as + // a key, arrange the elements in the table in ascending order. In other + // words, sort the section headers according to the disk-file offset of + // the section. + // + for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) { + Pos = Index; + while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) { + CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER)); + Pos--; + } + CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER)); + Section += 1; + } + + // + // 13. Walk through the sorted table, bring the corresponding section + // into memory, and hash the entire section (using the 'SizeOfRawData' + // field in the section header to determine the amount of data to hash). + // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED . + // 15. Repeat steps 13 and 14 for all the sections in the sorted table. + // + for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) { + Section = &SectionHeader[Index]; + if (Section->SizeOfRawData == 0) { + continue; + } + HashBase = mImageBase + Section->PointerToRawData; + HashSize = (UINTN) Section->SizeOfRawData; + + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + + SumOfBytesHashed += HashSize; + } + + // + // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra + // data in the file that needs to be added to the hash. This data begins + // at file offset SUM_OF_BYTES_HASHED and its length is: + // FileSize - (CertDirectory->Size) + // + if (mImageSize > SumOfBytesHashed) { + HashBase = mImageBase + SumOfBytesHashed; + + if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { + CertSize = 0; + } else { + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + CertSize = mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; + } else { + // + // Use PE32+ offset. + // + CertSize = mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; + } + } + + if (mImageSize > CertSize + SumOfBytesHashed) { + HashSize = (UINTN) (mImageSize - CertSize - SumOfBytesHashed); + + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + } else if (mImageSize < CertSize + SumOfBytesHashed) { + Status = FALSE; + goto Done; + } + } + + Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest); + +Done: + if (HashCtx != NULL) { + FreePool (HashCtx); + } + if (SectionHeader != NULL) { + FreePool (SectionHeader); + } + return Status; +} + +/** + Recognize the Hash algorithm in PE/COFF Authenticode and calculate hash of + Pe/Coff image based on the authenticode image hashing in PE/COFF Specification + 8.0 Appendix A + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. + + @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed image. + @param[in] AuthDataSize Size of the Authenticode Signature in bytes. + + @retval EFI_UNSUPPORTED Hash algorithm is not supported. + @retval EFI_SUCCESS Hash successfully. + +**/ +EFI_STATUS +HashPeImageByType ( + IN UINT8 *AuthData, + IN UINTN AuthDataSize + ) +{ + UINT8 Index; + + for (Index = 0; Index < HASHALG_MAX; Index++) { + // + // Check the Hash algorithm in PE/COFF Authenticode. + // According to PKCS#7 Definition: + // SignedData ::= SEQUENCE { + // version Version, + // digestAlgorithms DigestAlgorithmIdentifiers, + // contentInfo ContentInfo, + // .... } + // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing + // This field has the fixed offset (+32) in final Authenticode ASN.1 data. + // Fixed offset (+32) is calculated based on two bytes of length encoding. + // + if ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) { + // + // Only support two bytes of Long Form of Length Encoding. + // + continue; + } + + if (AuthDataSize < 32 + mHash[Index].OidLength) { + return EFI_UNSUPPORTED; + } + + if (CompareMem (AuthData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) { + break; + } + } + + if (Index == HASHALG_MAX) { + return EFI_UNSUPPORTED; + } + + // + // HASH PE Image based on Hash algorithm in PE/COFF Authenticode. + // + if (!HashPeImage(Index)) { + return EFI_UNSUPPORTED; + } + + return EFI_SUCCESS; +} + + +/** + Returns the size of a given image execution info table in bytes. + + This function returns the size, in bytes, of the image execution info table specified by + ImageExeInfoTable. If ImageExeInfoTable is NULL, then 0 is returned. + + @param ImageExeInfoTable A pointer to a image execution info table structure. + + @retval 0 If ImageExeInfoTable is NULL. + @retval Others The size of a image execution info table in bytes. + +**/ +UINTN +GetImageExeInfoTableSize ( + EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable + ) +{ + UINTN Index; + EFI_IMAGE_EXECUTION_INFO *ImageExeInfoItem; + UINTN TotalSize; + + if (ImageExeInfoTable == NULL) { + return 0; + } + + ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE)); + TotalSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE); + for (Index = 0; Index < ImageExeInfoTable->NumberOfImages; Index++) { + TotalSize += ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize); + ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoItem + ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize)); + } + + return TotalSize; +} + +/** + Create an Image Execution Information Table entry and add it to system configuration table. + + @param[in] Action Describes the action taken by the firmware regarding this image. + @param[in] Name Input a null-terminated, user-friendly name. + @param[in] DevicePath Input device path pointer. + @param[in] Signature Input signature info in EFI_SIGNATURE_LIST data structure. + @param[in] SignatureSize Size of signature. Must be zero if Signature is NULL. + +**/ +VOID +AddImageExeInfo ( + IN EFI_IMAGE_EXECUTION_ACTION Action, + IN CHAR16 *Name OPTIONAL, + IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath, + IN EFI_SIGNATURE_LIST *Signature OPTIONAL, + IN UINTN SignatureSize + ) +{ + EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable; + EFI_IMAGE_EXECUTION_INFO_TABLE *NewImageExeInfoTable; + EFI_IMAGE_EXECUTION_INFO *ImageExeInfoEntry; + UINTN ImageExeInfoTableSize; + UINTN NewImageExeInfoEntrySize; + UINTN NameStringLen; + UINTN DevicePathSize; + CHAR16 *NameStr; + + ImageExeInfoTable = NULL; + NewImageExeInfoTable = NULL; + ImageExeInfoEntry = NULL; + NameStringLen = 0; + NameStr = NULL; + + if (DevicePath == NULL) { + return ; + } + + if (Name != NULL) { + NameStringLen = StrSize (Name); + } else { + NameStringLen = sizeof (CHAR16); + } + + EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable); + if (ImageExeInfoTable != NULL) { + // + // The table has been found! + // We must enlarge the table to accommodate the new exe info entry. + // + ImageExeInfoTableSize = GetImageExeInfoTableSize (ImageExeInfoTable); + } else { + // + // Not Found! + // We should create a new table to append to the configuration table. + // + ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE); + } + + DevicePathSize = GetDevicePathSize (DevicePath); + + // + // Signature size can be odd. Pad after signature to ensure next EXECUTION_INFO entry align + // + ASSERT (Signature != NULL || SignatureSize == 0); + NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize; + + NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize); + if (NewImageExeInfoTable == NULL) { + return ; + } + + if (ImageExeInfoTable != NULL) { + CopyMem (NewImageExeInfoTable, ImageExeInfoTable, ImageExeInfoTableSize); + } else { + NewImageExeInfoTable->NumberOfImages = 0; + } + NewImageExeInfoTable->NumberOfImages++; + ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) NewImageExeInfoTable + ImageExeInfoTableSize); + // + // Update new item's information. + // + WriteUnaligned32 ((UINT32 *) ImageExeInfoEntry, Action); + WriteUnaligned32 ((UINT32 *) ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32) NewImageExeInfoEntrySize); + + NameStr = (CHAR16 *)(ImageExeInfoEntry + 1); + if (Name != NULL) { + CopyMem ((UINT8 *) NameStr, Name, NameStringLen); + } else { + ZeroMem ((UINT8 *) NameStr, sizeof (CHAR16)); + } + + CopyMem ( + (UINT8 *) NameStr + NameStringLen, + DevicePath, + DevicePathSize + ); + if (Signature != NULL) { + CopyMem ( + (UINT8 *) NameStr + NameStringLen + DevicePathSize, + Signature, + SignatureSize + ); + } + // + // Update/replace the image execution table. + // + gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) NewImageExeInfoTable); + + // + // Free Old table data! + // + if (ImageExeInfoTable != NULL) { + FreePool (ImageExeInfoTable); + } +} + +/** + Check whether the hash of an given X.509 certificate is in forbidden database (DBX). + + @param[in] Certificate Pointer to X.509 Certificate that is searched for. + @param[in] CertSize Size of X.509 Certificate. + @param[in] SignatureList Pointer to the Signature List in forbidden database. + @param[in] SignatureListSize Size of Signature List. + @param[out] RevocationTime Return the time that the certificate was revoked. + @param[out] IsFound Search result. Only valid if EFI_SUCCESS returned. + + @retval EFI_SUCCESS Finished the search without any error. + @retval Others Error occurred in the search of database. + +**/ +EFI_STATUS +IsCertHashFoundInDbx ( + IN UINT8 *Certificate, + IN UINTN CertSize, + IN EFI_SIGNATURE_LIST *SignatureList, + IN UINTN SignatureListSize, + OUT EFI_TIME *RevocationTime, + OUT BOOLEAN *IsFound + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *DbxList; + UINTN DbxSize; + EFI_SIGNATURE_DATA *CertHash; + UINTN CertHashCount; + UINTN Index; + UINT32 HashAlg; + VOID *HashCtx; + UINT8 CertDigest[MAX_DIGEST_SIZE]; + UINT8 *DbxCertHash; + UINTN SiglistHeaderSize; + UINT8 *TBSCert; + UINTN TBSCertSize; + + Status = EFI_ABORTED; + *IsFound = FALSE; + DbxList = SignatureList; + DbxSize = SignatureListSize; + HashCtx = NULL; + HashAlg = HASHALG_MAX; + + if ((RevocationTime == NULL) || (DbxList == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Retrieve the TBSCertificate from the X.509 Certificate. + // + if (!X509GetTBSCert (Certificate, CertSize, &TBSCert, &TBSCertSize)) { + return Status; + } + + while ((DbxSize > 0) && (SignatureListSize >= DbxList->SignatureListSize)) { + // + // Determine Hash Algorithm of Certificate in the forbidden database. + // + if (CompareGuid (&DbxList->SignatureType, &gEfiCertX509Sha256Guid)) { + HashAlg = HASHALG_SHA256; + } else if (CompareGuid (&DbxList->SignatureType, &gEfiCertX509Sha384Guid)) { + HashAlg = HASHALG_SHA384; + } else if (CompareGuid (&DbxList->SignatureType, &gEfiCertX509Sha512Guid)) { + HashAlg = HASHALG_SHA512; + } else { + DbxSize -= DbxList->SignatureListSize; + DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize); + continue; + } + + // + // Calculate the hash value of current TBSCertificate for comparision. + // + if (mHash[HashAlg].GetContextSize == NULL) { + goto Done; + } + ZeroMem (CertDigest, MAX_DIGEST_SIZE); + HashCtx = AllocatePool (mHash[HashAlg].GetContextSize ()); + if (HashCtx == NULL) { + goto Done; + } + if (!mHash[HashAlg].HashInit (HashCtx)) { + goto Done; + } + if (!mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize)) { + goto Done; + } + if (!mHash[HashAlg].HashFinal (HashCtx, CertDigest)) { + goto Done; + } + + FreePool (HashCtx); + HashCtx = NULL; + + SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) + DbxList->SignatureHeaderSize; + CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) DbxList + SiglistHeaderSize); + CertHashCount = (DbxList->SignatureListSize - SiglistHeaderSize) / DbxList->SignatureSize; + for (Index = 0; Index < CertHashCount; Index++) { + // + // Iterate each Signature Data Node within this CertList for verify. + // + DbxCertHash = CertHash->SignatureData; + if (CompareMem (DbxCertHash, CertDigest, mHash[HashAlg].DigestLength) == 0) { + // + // Hash of Certificate is found in forbidden database. + // + Status = EFI_SUCCESS; + *IsFound = TRUE; + + // + // Return the revocation time. + // + CopyMem (RevocationTime, (EFI_TIME *)(DbxCertHash + mHash[HashAlg].DigestLength), sizeof (EFI_TIME)); + goto Done; + } + CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertHash + DbxList->SignatureSize); + } + + DbxSize -= DbxList->SignatureListSize; + DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize); + } + + Status = EFI_SUCCESS; + +Done: + if (HashCtx != NULL) { + FreePool (HashCtx); + } + + return Status; +} + +/** + Check whether signature is in specified database. + + @param[in] VariableName Name of database variable that is searched in. + @param[in] Signature Pointer to signature that is searched for. + @param[in] CertType Pointer to hash algorithm. + @param[in] SignatureSize Size of Signature. + @param[out] IsFound Search result. Only valid if EFI_SUCCESS returned + + @retval EFI_SUCCESS Finished the search without any error. + @retval Others Error occurred in the search of database. + +**/ +EFI_STATUS +IsSignatureFoundInDatabase ( + IN CHAR16 *VariableName, + IN UINT8 *Signature, + IN EFI_GUID *CertType, + IN UINTN SignatureSize, + OUT BOOLEAN *IsFound + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINTN DataSize; + UINT8 *Data; + UINTN Index; + UINTN CertCount; + + // + // Read signature database variable. + // + *IsFound = FALSE; + Data = NULL; + DataSize = 0; + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); + if (Status != EFI_BUFFER_TOO_SMALL) { + if (Status == EFI_NOT_FOUND) { + // + // No database, no need to search. + // + Status = EFI_SUCCESS; + } + + return Status; + } + + Data = (UINT8 *) AllocateZeroPool (DataSize); + if (Data == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, Data); + if (EFI_ERROR (Status)) { + goto Done; + } + // + // Enumerate all signature data in SigDB to check if signature exists for executable. + // + CertList = (EFI_SIGNATURE_LIST *) Data; + while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) { + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, CertType))) { + for (Index = 0; Index < CertCount; Index++) { + if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) { + // + // Find the signature in database. + // + *IsFound = TRUE; + // + // Entries in UEFI_IMAGE_SECURITY_DATABASE that are used to validate image should be measured + // + if (StrCmp(VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) { + SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert); + } + break; + } + + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + } + + if (*IsFound) { + break; + } + } + + DataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + +Done: + if (Data != NULL) { + FreePool (Data); + } + + return Status; +} + +/** + Check whether the timestamp is valid by comparing the signing time and the revocation time. + + @param SigningTime A pointer to the signing time. + @param RevocationTime A pointer to the revocation time. + + @retval TRUE The SigningTime is not later than the RevocationTime. + @retval FALSE The SigningTime is later than the RevocationTime. + +**/ +BOOLEAN +IsValidSignatureByTimestamp ( + IN EFI_TIME *SigningTime, + IN EFI_TIME *RevocationTime + ) +{ + if (SigningTime->Year != RevocationTime->Year) { + return (BOOLEAN) (SigningTime->Year < RevocationTime->Year); + } else if (SigningTime->Month != RevocationTime->Month) { + return (BOOLEAN) (SigningTime->Month < RevocationTime->Month); + } else if (SigningTime->Day != RevocationTime->Day) { + return (BOOLEAN) (SigningTime->Day < RevocationTime->Day); + } else if (SigningTime->Hour != RevocationTime->Hour) { + return (BOOLEAN) (SigningTime->Hour < RevocationTime->Hour); + } else if (SigningTime->Minute != RevocationTime->Minute) { + return (BOOLEAN) (SigningTime->Minute < RevocationTime->Minute); + } + + return (BOOLEAN) (SigningTime->Second <= RevocationTime->Second); +} + +/** + Check if the given time value is zero. + + @param[in] Time Pointer of a time value. + + @retval TRUE The Time is Zero. + @retval FALSE The Time is not Zero. + +**/ +BOOLEAN +IsTimeZero ( + IN EFI_TIME *Time + ) +{ + if ((Time->Year == 0) && (Time->Month == 0) && (Time->Day == 0) && + (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) { + return TRUE; + } + + return FALSE; +} + +/** + Check whether the timestamp signature is valid and the signing time is also earlier than + the revocation time. + + @param[in] AuthData Pointer to the Authenticode signature retrieved from signed image. + @param[in] AuthDataSize Size of the Authenticode signature in bytes. + @param[in] RevocationTime The time that the certificate was revoked. + + @retval TRUE Timestamp signature is valid and signing time is no later than the + revocation time. + @retval FALSE Timestamp signature is not valid or the signing time is later than the + revocation time. + +**/ +BOOLEAN +PassTimestampCheck ( + IN UINT8 *AuthData, + IN UINTN AuthDataSize, + IN EFI_TIME *RevocationTime + ) +{ + EFI_STATUS Status; + BOOLEAN VerifyStatus; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINT8 *DbtData; + UINTN DbtDataSize; + UINT8 *RootCert; + UINTN RootCertSize; + UINTN Index; + UINTN CertCount; + EFI_TIME SigningTime; + + // + // Variable Initialization + // + VerifyStatus = FALSE; + DbtData = NULL; + CertList = NULL; + Cert = NULL; + RootCert = NULL; + RootCertSize = 0; + + // + // If RevocationTime is zero, the certificate shall be considered to always be revoked. + // + if (IsTimeZero (RevocationTime)) { + return FALSE; + } + + // + // RevocationTime is non-zero, the certificate should be considered to be revoked from that time and onwards. + // Using the dbt to get the trusted TSA certificates. + // + DbtDataSize = 0; + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, NULL); + if (Status != EFI_BUFFER_TOO_SMALL) { + goto Done; + } + DbtData = (UINT8 *) AllocateZeroPool (DbtDataSize); + if (DbtData == NULL) { + goto Done; + } + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *) DbtData); + if (EFI_ERROR (Status)) { + goto Done; + } + + CertList = (EFI_SIGNATURE_LIST *) DbtData; + while ((DbtDataSize > 0) && (DbtDataSize >= CertList->SignatureListSize)) { + if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + for (Index = 0; Index < CertCount; Index++) { + // + // Iterate each Signature Data Node within this CertList for verify. + // + RootCert = Cert->SignatureData; + RootCertSize = CertList->SignatureSize - sizeof (EFI_GUID); + // + // Get the signing time if the timestamp signature is valid. + // + if (ImageTimestampVerify (AuthData, AuthDataSize, RootCert, RootCertSize, &SigningTime)) { + // + // The signer signature is valid only when the signing time is earlier than revocation time. + // + if (IsValidSignatureByTimestamp (&SigningTime, RevocationTime)) { + VerifyStatus = TRUE; + goto Done; + } + } + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + } + } + DbtDataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + +Done: + if (DbtData != NULL) { + FreePool (DbtData); + } + + return VerifyStatus; +} + +/** + Check whether the image signature is forbidden by the forbidden database (dbx). + The image is forbidden to load if any certificates for signing are revoked before signing time. + + @param[in] AuthData Pointer to the Authenticode signature retrieved from the signed image. + @param[in] AuthDataSize Size of the Authenticode signature in bytes. + + @retval TRUE Image is forbidden by dbx. + @retval FALSE Image is not forbidden by dbx. + +**/ +BOOLEAN +IsForbiddenByDbx ( + IN UINT8 *AuthData, + IN UINTN AuthDataSize + ) +{ + EFI_STATUS Status; + BOOLEAN IsForbidden; + BOOLEAN IsFound; + UINT8 *Data; + UINTN DataSize; + EFI_SIGNATURE_LIST *CertList; + UINTN CertListSize; + EFI_SIGNATURE_DATA *CertData; + UINT8 *RootCert; + UINTN RootCertSize; + UINTN CertCount; + UINTN Index; + UINT8 *CertBuffer; + UINTN BufferLength; + UINT8 *TrustedCert; + UINTN TrustedCertLength; + UINT8 CertNumber; + UINT8 *CertPtr; + UINT8 *Cert; + UINTN CertSize; + EFI_TIME RevocationTime; + // + // Variable Initialization + // + IsForbidden = TRUE; + Data = NULL; + CertList = NULL; + CertData = NULL; + RootCert = NULL; + RootCertSize = 0; + Cert = NULL; + CertBuffer = NULL; + BufferLength = 0; + TrustedCert = NULL; + TrustedCertLength = 0; + + // + // The image will not be forbidden if dbx can't be got. + // + DataSize = 0; + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); + ASSERT (EFI_ERROR (Status)); + if (Status != EFI_BUFFER_TOO_SMALL) { + if (Status == EFI_NOT_FOUND) { + // + // Evidently not in dbx if the database doesn't exist. + // + IsForbidden = FALSE; + } + return IsForbidden; + } + Data = (UINT8 *) AllocateZeroPool (DataSize); + if (Data == NULL) { + return IsForbidden; + } + + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data); + if (EFI_ERROR (Status)) { + goto Done; + } + + // + // Verify image signature with RAW X509 certificates in DBX database. + // If passed, the image will be forbidden. + // + CertList = (EFI_SIGNATURE_LIST *) Data; + CertListSize = DataSize; + while ((CertListSize > 0) && (CertListSize >= CertList->SignatureListSize)) { + if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { + CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + + for (Index = 0; Index < CertCount; Index++) { + // + // Iterate each Signature Data Node within this CertList for verify. + // + RootCert = CertData->SignatureData; + RootCertSize = CertList->SignatureSize - sizeof (EFI_GUID); + + // + // Call AuthenticodeVerify library to Verify Authenticode struct. + // + IsForbidden = AuthenticodeVerify ( + AuthData, + AuthDataSize, + RootCert, + RootCertSize, + mImageDigest, + mImageDigestSize + ); + if (IsForbidden) { + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but signature is forbidden by DBX.\n")); + goto Done; + } + + CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertData + CertList->SignatureSize); + } + } + + CertListSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + + // + // Check X.509 Certificate Hash & Possible Timestamp. + // + + // + // Retrieve the certificate stack from AuthData + // The output CertStack format will be: + // UINT8 CertNumber; + // UINT32 Cert1Length; + // UINT8 Cert1[]; + // UINT32 Cert2Length; + // UINT8 Cert2[]; + // ... + // UINT32 CertnLength; + // UINT8 Certn[]; + // + Pkcs7GetSigners (AuthData, AuthDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength); + if ((BufferLength == 0) || (CertBuffer == NULL) || (*CertBuffer) == 0) { + IsForbidden = TRUE; + goto Done; + } + + // + // Check if any hash of certificates embedded in AuthData is in the forbidden database. + // + CertNumber = (UINT8) (*CertBuffer); + CertPtr = CertBuffer + 1; + for (Index = 0; Index < CertNumber; Index++) { + CertSize = (UINTN) ReadUnaligned32 ((UINT32 *)CertPtr); + Cert = (UINT8 *)CertPtr + sizeof (UINT32); + // + // Advance CertPtr to the next cert in image signer's cert list + // + CertPtr = CertPtr + sizeof (UINT32) + CertSize; + + Status = IsCertHashFoundInDbx (Cert, CertSize, (EFI_SIGNATURE_LIST *)Data, DataSize, &RevocationTime, &IsFound); + if (EFI_ERROR (Status)) { + // + // Error in searching dbx. Consider it as 'found'. RevocationTime might + // not be valid in such situation. + // + IsForbidden = TRUE; + } else if (IsFound) { + // + // Found Cert in dbx successfully. Check the timestamp signature and + // signing time to determine if the image can be trusted. + // + if (PassTimestampCheck (AuthData, AuthDataSize, &RevocationTime)) { + IsForbidden = FALSE; + // + // Pass DBT check. Continue to check other certs in image signer's cert list against DBX, DBT + // + continue; + } else { + IsForbidden = TRUE; + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but signature failed the timestamp check.\n")); + goto Done; + } + } + + } + + IsForbidden = FALSE; + +Done: + if (Data != NULL) { + FreePool (Data); + } + + Pkcs7FreeSigners (CertBuffer); + Pkcs7FreeSigners (TrustedCert); + + return IsForbidden; +} + + +/** + Check whether the image signature can be verified by the trusted certificates in DB database. + + @param[in] AuthData Pointer to the Authenticode signature retrieved from signed image. + @param[in] AuthDataSize Size of the Authenticode signature in bytes. + + @retval TRUE Image passed verification using certificate in db. + @retval FALSE Image didn't pass verification using certificate in db. + +**/ +BOOLEAN +IsAllowedByDb ( + IN UINT8 *AuthData, + IN UINTN AuthDataSize + ) +{ + EFI_STATUS Status; + BOOLEAN VerifyStatus; + BOOLEAN IsFound; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *CertData; + UINTN DataSize; + UINT8 *Data; + UINT8 *RootCert; + UINTN RootCertSize; + UINTN Index; + UINTN CertCount; + UINTN DbxDataSize; + UINT8 *DbxData; + EFI_TIME RevocationTime; + + Data = NULL; + CertList = NULL; + CertData = NULL; + RootCert = NULL; + DbxData = NULL; + RootCertSize = 0; + VerifyStatus = FALSE; + + // + // Fetch 'db' content. If 'db' doesn't exist or encounters problem to get the + // data, return not-allowed-by-db (FALSE). + // + DataSize = 0; + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); + ASSERT (EFI_ERROR (Status)); + if (Status != EFI_BUFFER_TOO_SMALL) { + return VerifyStatus; + } + + Data = (UINT8 *) AllocateZeroPool (DataSize); + if (Data == NULL) { + return VerifyStatus; + } + + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data); + if (EFI_ERROR (Status)) { + goto Done; + } + + // + // Fetch 'dbx' content. If 'dbx' doesn't exist, continue to check 'db'. + // If any other errors occurred, no need to check 'db' but just return + // not-allowed-by-db (FALSE) to avoid bypass. + // + DbxDataSize = 0; + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, NULL); + ASSERT (EFI_ERROR (Status)); + if (Status != EFI_BUFFER_TOO_SMALL) { + if (Status != EFI_NOT_FOUND) { + goto Done; + } + // + // 'dbx' does not exist. Continue to check 'db'. + // + } else { + // + // 'dbx' exists. Get its content. + // + DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize); + if (DbxData == NULL) { + goto Done; + } + + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, (VOID *) DbxData); + if (EFI_ERROR (Status)) { + goto Done; + } + } + + // + // Find X509 certificate in Signature List to verify the signature in pkcs7 signed data. + // + CertList = (EFI_SIGNATURE_LIST *) Data; + while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) { + if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { + CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + + for (Index = 0; Index < CertCount; Index++) { + // + // Iterate each Signature Data Node within this CertList for verify. + // + RootCert = CertData->SignatureData; + RootCertSize = CertList->SignatureSize - sizeof (EFI_GUID); + + // + // Call AuthenticodeVerify library to Verify Authenticode struct. + // + VerifyStatus = AuthenticodeVerify ( + AuthData, + AuthDataSize, + RootCert, + RootCertSize, + mImageDigest, + mImageDigestSize + ); + if (VerifyStatus) { + // + // The image is signed and its signature is found in 'db'. + // + if (DbxData != NULL) { + // + // Here We still need to check if this RootCert's Hash is revoked + // + Status = IsCertHashFoundInDbx (RootCert, RootCertSize, (EFI_SIGNATURE_LIST *)DbxData, DbxDataSize, &RevocationTime, &IsFound); + if (EFI_ERROR (Status)) { + // + // Error in searching dbx. Consider it as 'found'. RevocationTime might + // not be valid in such situation. + // + VerifyStatus = FALSE; + } else if (IsFound) { + // + // Check the timestamp signature and signing time to determine if the RootCert can be trusted. + // + VerifyStatus = PassTimestampCheck (AuthData, AuthDataSize, &RevocationTime); + if (!VerifyStatus) { + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed and signature is accepted by DB, but its root cert failed the timestamp check.\n")); + } + } + } + + // + // There's no 'dbx' to check revocation time against (must-be pass), + // or, there's revocation time found in 'dbx' and checked againt 'dbt' + // (maybe pass or fail, depending on timestamp compare result). Either + // way the verification job has been completed at this point. + // + goto Done; + } + + CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertData + CertList->SignatureSize); + } + } + + DataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + +Done: + + if (VerifyStatus) { + SecureBootHook (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, CertData); + } + + if (Data != NULL) { + FreePool (Data); + } + if (DbxData != NULL) { + FreePool (DbxData); + } + + return VerifyStatus; +} + +/** + Provide verification service for signed images, which include both signature validation + and platform policy control. For signature types, both UEFI WIN_CERTIFICATE_UEFI_GUID and + MSFT Authenticode type signatures are supported. + + In this implementation, only verify external executables when in USER MODE. + Executables from FV is bypass, so pass in AuthenticationStatus is ignored. + + The image verification policy is: + If the image is signed, + At least one valid signature or at least one hash value of the image must match a record + in the security database "db", and no valid signature nor any hash value of the image may + be reflected in the security database "dbx". + Otherwise, the image is not signed, + The SHA256 hash value of the image must match a record in the security database "db", and + not be reflected in the security data base "dbx". + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. + + @param[in] AuthenticationStatus + This is the authentication status returned from the security + measurement services for the input file. + @param[in] File This is a pointer to the device path of the file that is + being dispatched. This will optionally be used for logging. + @param[in] FileBuffer File buffer matches the input file device path. + @param[in] FileSize Size of File buffer matches the input file device path. + @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service. + + @retval EFI_SUCCESS The file specified by DevicePath and non-NULL + FileBuffer did authenticate, and the platform policy dictates + that the DXE Foundation may use the file. + @retval EFI_SUCCESS The device path specified by NULL device path DevicePath + and non-NULL FileBuffer did authenticate, and the platform + policy dictates that the DXE Foundation may execute the image in + FileBuffer. + @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and + the platform policy dictates that File should be placed + in the untrusted state. The image has been added to the file + execution table. + @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not + authenticate, and the platform policy dictates that the DXE + Foundation may not use File. The image has + been added to the file execution table. + +**/ +EFI_STATUS +EFIAPI +DxeImageVerificationHandler ( + IN UINT32 AuthenticationStatus, + IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL + IN VOID *FileBuffer, + IN UINTN FileSize, + IN BOOLEAN BootPolicy + ) +{ + EFI_IMAGE_DOS_HEADER *DosHdr; + BOOLEAN IsVerified; + EFI_SIGNATURE_LIST *SignatureList; + UINTN SignatureListSize; + EFI_SIGNATURE_DATA *Signature; + EFI_IMAGE_EXECUTION_ACTION Action; + WIN_CERTIFICATE *WinCertificate; + UINT32 Policy; + UINT8 *SecureBoot; + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + UINT32 NumberOfRvaAndSizes; + WIN_CERTIFICATE_EFI_PKCS *PkcsCertData; + WIN_CERTIFICATE_UEFI_GUID *WinCertUefiGuid; + UINT8 *AuthData; + UINTN AuthDataSize; + EFI_IMAGE_DATA_DIRECTORY *SecDataDir; + UINT32 SecDataDirEnd; + UINT32 SecDataDirLeft; + UINT32 OffSet; + CHAR16 *NameStr; + RETURN_STATUS PeCoffStatus; + EFI_STATUS HashStatus; + EFI_STATUS DbStatus; + BOOLEAN IsFound; + + SignatureList = NULL; + SignatureListSize = 0; + WinCertificate = NULL; + SecDataDir = NULL; + PkcsCertData = NULL; + Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED; + IsVerified = FALSE; + IsFound = FALSE; + + // + // Check the image type and get policy setting. + // + switch (GetImageType (File)) { + + case IMAGE_FROM_FV: + Policy = ALWAYS_EXECUTE; + break; + + case IMAGE_FROM_OPTION_ROM: + Policy = PcdGet32 (PcdOptionRomImageVerificationPolicy); + break; + + case IMAGE_FROM_REMOVABLE_MEDIA: + Policy = PcdGet32 (PcdRemovableMediaImageVerificationPolicy); + break; + + case IMAGE_FROM_FIXED_MEDIA: + Policy = PcdGet32 (PcdFixedMediaImageVerificationPolicy); + break; + + default: + Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION; + break; + } + // + // If policy is always/never execute, return directly. + // + if (Policy == ALWAYS_EXECUTE) { + return EFI_SUCCESS; + } + if (Policy == NEVER_EXECUTE) { + return EFI_ACCESS_DENIED; + } + + // + // The policy QUERY_USER_ON_SECURITY_VIOLATION and ALLOW_EXECUTE_ON_SECURITY_VIOLATION + // violates the UEFI spec and has been removed. + // + ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION); + if (Policy == QUERY_USER_ON_SECURITY_VIOLATION || Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION) { + CpuDeadLoop (); + } + + GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL); + // + // Skip verification if SecureBoot variable doesn't exist. + // + if (SecureBoot == NULL) { + return EFI_SUCCESS; + } + + // + // Skip verification if SecureBoot is disabled but not AuditMode + // + if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) { + FreePool (SecureBoot); + return EFI_SUCCESS; + } + FreePool (SecureBoot); + + // + // Read the Dos header. + // + if (FileBuffer == NULL) { + return EFI_ACCESS_DENIED; + } + + mImageBase = (UINT8 *) FileBuffer; + mImageSize = FileSize; + + ZeroMem (&ImageContext, sizeof (ImageContext)); + ImageContext.Handle = (VOID *) FileBuffer; + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeImageVerificationLibImageRead; + + // + // Get information about the image being loaded + // + PeCoffStatus = PeCoffLoaderGetImageInfo (&ImageContext); + if (RETURN_ERROR (PeCoffStatus)) { + // + // The information can't be got from the invalid PeImage + // + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: PeImage invalid. Cannot retrieve image information.\n")); + goto Failed; + } + + DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase; + if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { + // + // DOS image header is present, + // so read the PE header after the DOS image header. + // + mPeCoffHeaderOffset = DosHdr->e_lfanew; + } else { + mPeCoffHeaderOffset = 0; + } + // + // Check PE/COFF image. + // + mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *) (mImageBase + mPeCoffHeaderOffset); + if (mNtHeader.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { + // + // It is not a valid Pe/Coff file. + // + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Not a valid PE/COFF image.\n")); + goto Failed; + } + + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes; + if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { + SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; + } + } else { + // + // Use PE32+ offset. + // + NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; + if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { + SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]; + } + } + + // + // Start Image Validation. + // + if (SecDataDir == NULL || SecDataDir->Size == 0) { + // + // This image is not signed. The SHA256 hash value of the image must match a record in the security database "db", + // and not be reflected in the security data base "dbx". + // + if (!HashPeImage (HASHALG_SHA256)) { + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Failed to hash this image using %s.\n", mHashTypeStr)); + goto Failed; + } + + DbStatus = IsSignatureFoundInDatabase ( + EFI_IMAGE_SECURITY_DATABASE1, + mImageDigest, + &mCertType, + mImageDigestSize, + &IsFound + ); + if (EFI_ERROR (DbStatus) || IsFound) { + // + // Image Hash is in forbidden database (DBX). + // + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is not signed and %s hash of image is forbidden by DBX.\n", mHashTypeStr)); + goto Failed; + } + + DbStatus = IsSignatureFoundInDatabase ( + EFI_IMAGE_SECURITY_DATABASE, + mImageDigest, + &mCertType, + mImageDigestSize, + &IsFound + ); + if (!EFI_ERROR (DbStatus) && IsFound) { + // + // Image Hash is in allowed database (DB). + // + return EFI_SUCCESS; + } + + // + // Image Hash is not found in both forbidden and allowed database. + // + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is not signed and %s hash of image is not found in DB/DBX.\n", mHashTypeStr)); + goto Failed; + } + + // + // Verify the signature of the image, multiple signatures are allowed as per PE/COFF Section 4.7 + // "Attribute Certificate Table". + // The first certificate starts at offset (SecDataDir->VirtualAddress) from the start of the file. + // + SecDataDirEnd = SecDataDir->VirtualAddress + SecDataDir->Size; + for (OffSet = SecDataDir->VirtualAddress; + OffSet < SecDataDirEnd; + OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength))) { + SecDataDirLeft = SecDataDirEnd - OffSet; + if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) { + break; + } + WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet); + if (SecDataDirLeft < WinCertificate->dwLength || + (SecDataDirLeft - WinCertificate->dwLength < + ALIGN_SIZE (WinCertificate->dwLength))) { + break; + } + + // + // Verify the image's Authenticode signature, only DER-encoded PKCS#7 signed data is supported. + // + if (WinCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) { + // + // The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the + // Authenticode specification. + // + PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate; + if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) { + break; + } + AuthData = PkcsCertData->CertData; + AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr); + } else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) { + // + // The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec. + // + WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate; + if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) { + break; + } + if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) { + continue; + } + AuthData = WinCertUefiGuid->CertData; + AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData); + } else { + if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) { + break; + } + continue; + } + + HashStatus = HashPeImageByType (AuthData, AuthDataSize); + if (EFI_ERROR (HashStatus)) { + continue; + } + + // + // Check the digital signature against the revoked certificate in forbidden database (dbx). + // + if (IsForbiddenByDbx (AuthData, AuthDataSize)) { + Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED; + IsVerified = FALSE; + break; + } + + // + // Check the digital signature against the valid certificate in allowed database (db). + // + if (!IsVerified) { + if (IsAllowedByDb (AuthData, AuthDataSize)) { + IsVerified = TRUE; + } + } + + // + // Check the image's hash value. + // + DbStatus = IsSignatureFoundInDatabase ( + EFI_IMAGE_SECURITY_DATABASE1, + mImageDigest, + &mCertType, + mImageDigestSize, + &IsFound + ); + if (EFI_ERROR (DbStatus) || IsFound) { + Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND; + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but %s hash of image is found in DBX.\n", mHashTypeStr)); + IsVerified = FALSE; + break; + } + + if (!IsVerified) { + DbStatus = IsSignatureFoundInDatabase ( + EFI_IMAGE_SECURITY_DATABASE, + mImageDigest, + &mCertType, + mImageDigestSize, + &IsFound + ); + if (!EFI_ERROR (DbStatus) && IsFound) { + IsVerified = TRUE; + } else { + DEBUG ((DEBUG_INFO, "DxeImageVerificationLib: Image is signed but signature is not allowed by DB and %s hash of image is not found in DB/DBX.\n", mHashTypeStr)); + } + } + } + + if (OffSet != SecDataDirEnd) { + // + // The Size in Certificate Table or the attribute certificate table is corrupted. + // + IsVerified = FALSE; + } + + if (IsVerified) { + return EFI_SUCCESS; + } + if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) { + // + // Get image hash value as signature of executable. + // + SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize; + SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize); + if (SignatureList == NULL) { + SignatureListSize = 0; + goto Failed; + } + SignatureList->SignatureHeaderSize = 0; + SignatureList->SignatureListSize = (UINT32) SignatureListSize; + SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize); + CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID)); + Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST)); + CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize); + } + +Failed: + // + // Policy decides to defer or reject the image; add its information in image + // executable information table in either case. + // + NameStr = ConvertDevicePathToText (File, FALSE, TRUE); + AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize); + if (NameStr != NULL) { + DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr)); + FreePool(NameStr); + } + + if (SignatureList != NULL) { + FreePool (SignatureList); + } + + if (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION) { + return EFI_SECURITY_VIOLATION; + } + return EFI_ACCESS_DENIED; +} + +/** + On Ready To Boot Services Event notification handler. + + Add the image execution information table if it is not in system configuration table. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context + +**/ +VOID +EFIAPI +OnReadyToBoot ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable; + UINTN ImageExeInfoTableSize; + + EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable); + if (ImageExeInfoTable != NULL) { + return; + } + + ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE); + ImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize); + if (ImageExeInfoTable == NULL) { + return ; + } + + ImageExeInfoTable->NumberOfImages = 0; + gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) ImageExeInfoTable); + +} + +/** + Register security measurement handler. + + @param ImageHandle ImageHandle of the loaded driver. + @param SystemTable Pointer to the EFI System Table. + + @retval EFI_SUCCESS The handlers were registered successfully. +**/ +EFI_STATUS +EFIAPI +DxeImageVerificationLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_EVENT Event; + + // + // Register the event to publish the image execution table. + // + EfiCreateEventReadyToBootEx ( + TPL_CALLBACK, + OnReadyToBoot, + NULL, + &Event + ); + + return RegisterSecurity2Handler ( + DxeImageVerificationHandler, + EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED + ); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h new file mode 100644 index 00000000..6a879e12 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h @@ -0,0 +1,201 @@ +/** @file + The internal header file includes the common header files, defines + internal structure and functions used by ImageVerificationLib. + +Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __IMAGEVERIFICATIONLIB_H__ +#define __IMAGEVERIFICATIONLIB_H__ + +#include <Library/UefiDriverEntryPoint.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/UefiLib.h> +#include <Library/BaseLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/PcdLib.h> +#include <Library/DevicePathLib.h> +#include <Library/SecurityManagementLib.h> +#include <Library/PeCoffLib.h> +#include <Protocol/FirmwareVolume2.h> +#include <Protocol/DevicePath.h> +#include <Protocol/BlockIo.h> +#include <Protocol/SimpleFileSystem.h> +#include <Protocol/VariableWrite.h> +#include <Guid/ImageAuthentication.h> +#include <Guid/AuthenticatedVariableFormat.h> +#include <IndustryStandard/PeImage.h> + +#define EFI_CERT_TYPE_RSA2048_SHA256_SIZE 256 +#define EFI_CERT_TYPE_RSA2048_SIZE 256 +#define MAX_NOTIFY_STRING_LEN 64 +#define TWO_BYTE_ENCODE 0x82 + +#define ALIGNMENT_SIZE 8 +#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0) + +// +// Image type definitions +// +#define IMAGE_UNKNOWN 0x00000000 +#define IMAGE_FROM_FV 0x00000001 +#define IMAGE_FROM_OPTION_ROM 0x00000002 +#define IMAGE_FROM_REMOVABLE_MEDIA 0x00000003 +#define IMAGE_FROM_FIXED_MEDIA 0x00000004 + +// +// Authorization policy bit definition +// +#define ALWAYS_EXECUTE 0x00000000 +#define NEVER_EXECUTE 0x00000001 +#define ALLOW_EXECUTE_ON_SECURITY_VIOLATION 0x00000002 +#define DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003 +#define DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004 +#define QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 + +// +// Support hash types +// +#define HASHALG_SHA1 0x00000000 +#define HASHALG_SHA224 0x00000001 +#define HASHALG_SHA256 0x00000002 +#define HASHALG_SHA384 0x00000003 +#define HASHALG_SHA512 0x00000004 +#define HASHALG_MAX 0x00000005 + +// +// Set max digest size as SHA512 Output (64 bytes) by far +// +#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE +// +// +// PKCS7 Certificate definition +// +typedef struct { + WIN_CERTIFICATE Hdr; + UINT8 CertData[1]; +} WIN_CERTIFICATE_EFI_PKCS; + + +/** + Retrieves the size, in bytes, of the context buffer required for hash operations. + + @return The size, in bytes, of the context buffer required for hash operations. + +**/ +typedef +UINTN +(EFIAPI *HASH_GET_CONTEXT_SIZE)( + VOID + ); + +/** + Initializes user-supplied memory pointed by HashContext as hash context for + subsequent use. + + If HashContext is NULL, then ASSERT(). + + @param[in, out] HashContext Pointer to Context being initialized. + + @retval TRUE HASH context initialization succeeded. + @retval FALSE HASH context initialization failed. + +**/ +typedef +BOOLEAN +(EFIAPI *HASH_INIT)( + IN OUT VOID *HashContext + ); + + +/** + Performs digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If HashContext is NULL, then ASSERT(). + + @param[in, out] HashContext Pointer to the MD5 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE HASH data digest succeeded. + @retval FALSE Invalid HASH context. After HashFinal function has been called, the + HASH context cannot be reused. + +**/ +typedef +BOOLEAN +(EFIAPI *HASH_UPDATE)( + IN OUT VOID *HashContext, + IN CONST VOID *Data, + IN UINTN DataLength + ); + +/** + Completes hash computation and retrieves the digest value into the specified + memory. After this function has been called, the context cannot be used again. + + If HashContext is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] HashContext Pointer to the MD5 context + @param[out] HashValue Pointer to a buffer that receives the HASH digest + value. + + @retval TRUE HASH digest computation succeeded. + @retval FALSE HASH digest computation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *HASH_FINAL)( + IN OUT VOID *HashContext, + OUT UINT8 *HashValue + ); + + +// +// Hash Algorithm Table +// +typedef struct { + // + // Name for Hash Algorithm + // + CHAR16 *Name; + // + // Digest Length + // + UINTN DigestLength; + // + // Hash Algorithm OID ASN.1 Value + // + UINT8 *OidValue; + // + // Length of Hash OID Value + // + UINTN OidLength; + // + // Pointer to Hash GetContentSize function + // + HASH_GET_CONTEXT_SIZE GetContextSize; + // + // Pointer to Hash Init function + // + HASH_INIT HashInit; + // + // Pointer to Hash Update function + // + HASH_UPDATE HashUpdate; + // + // Pointer to Hash Final function + // + HASH_FINAL HashFinal; +} HASH_TABLE; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf new file mode 100644 index 00000000..e520d7e3 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf @@ -0,0 +1,95 @@ +## @file +# Provides security service of image verification +# +# This library hooks LoadImage() API to verify every image by the verification policy. +# +# Caution: This module requires additional review when modified. +# This library will have external input - PE/COFF image. +# This external input must be validated carefully to avoid security issues such as +# buffer overflow or integer overflow. +# +# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeImageVerificationLib + MODULE_UNI_FILE = DxeImageVerificationLib.uni + FILE_GUID = 0CA970E1-43FA-4402-BC0A-81AF336BFFD6 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = DxeImageVerificationLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DxeImageVerificationLib.c + DxeImageVerificationLib.h + Measurement.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + MemoryAllocationLib + BaseLib + UefiLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + DevicePathLib + BaseCryptLib + SecurityManagementLib + PeCoffLib + TpmMeasurementLib + +[Protocols] + gEfiFirmwareVolume2ProtocolGuid ## SOMETIMES_CONSUMES + gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES + gEfiSimpleFileSystemProtocolGuid ## SOMETIMES_CONSUMES + +[Guids] + ## SOMETIMES_CONSUMES ## Variable:L"DB" + ## SOMETIMES_CONSUMES ## Variable:L"DBX" + ## SOMETIMES_CONSUMES ## Variable:L"DBT" + ## PRODUCES ## SystemTable + ## CONSUMES ## SystemTable + gEfiImageSecurityDatabaseGuid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertSha1Guid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertSha256Guid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertSha384Guid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertSha512Guid + + gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertX509Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertX509Sha384Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertX509Sha512Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertPkcs7Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy ## SOMETIMES_CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.uni new file mode 100644 index 00000000..6739b2ab --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.uni @@ -0,0 +1,21 @@ +// /** @file
+// Provides security service of image verification
+//
+// This library hooks LoadImage() API to verify every image by the verification policy.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - PE/COFF image.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides security service of image verification"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library hooks LoadImage() API to verify every image by the verification policy. Caution: This module requires additional review when modified. This library will have external input - PE/COFF image. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c new file mode 100644 index 00000000..4603e9d4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeImageVerificationLib/Measurement.c @@ -0,0 +1,315 @@ +/** @file + Measure TCG required variable. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> +#include <Guid/ImageAuthentication.h> +#include <IndustryStandard/UefiTcgPlatform.h> + +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseLib.h> +#include <Library/TpmMeasurementLib.h> + +typedef struct { + CHAR16 *VariableName; + EFI_GUID *VendorGuid; +} VARIABLE_TYPE; + +typedef struct { + CHAR16 *VariableName; + EFI_GUID *VendorGuid; + VOID *Data; + UINTN Size; +} VARIABLE_RECORD; + +#define MEASURED_AUTHORITY_COUNT_MAX 0x100 + +UINTN mMeasuredAuthorityCount = 0; +UINTN mMeasuredAuthorityCountMax = 0; +VARIABLE_RECORD *mMeasuredAuthorityList = NULL; + +VARIABLE_TYPE mVariableType[] = { + {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid}, +}; + +/** + This function will check if VarName should be recorded and return the address of VarName if it is needed. + + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + + @return the address of VarName. +**/ +CHAR16 * +AssignVarName ( + IN CHAR16 *VarName + ) +{ + UINTN Index; + + for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { + if (StrCmp (VarName, mVariableType[Index].VariableName) == 0) { + return mVariableType[Index].VariableName; + } + } + + return NULL; +} + +/** + This function will check if VendorGuid should be recorded and return the address of VendorGuid if it is needed. + + @param[in] VendorGuid A unique identifier for the vendor. + + @return the address of VendorGuid. +**/ +EFI_GUID * +AssignVendorGuid ( + IN EFI_GUID *VendorGuid + ) +{ + UINTN Index; + + for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { + if (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid)) { + return mVariableType[Index].VendorGuid; + } + } + + return NULL; +} + +/** + This function will add variable information to MeasuredAuthorityList. + + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. +**/ +EFI_STATUS +AddDataMeasured ( + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN Size + ) +{ + VARIABLE_RECORD *NewMeasuredAuthorityList; + + ASSERT (mMeasuredAuthorityCount <= mMeasuredAuthorityCountMax); + if (mMeasuredAuthorityCount == mMeasuredAuthorityCountMax) { + // + // Need enlarge + // + NewMeasuredAuthorityList = AllocateZeroPool (sizeof(VARIABLE_RECORD) * (mMeasuredAuthorityCountMax + MEASURED_AUTHORITY_COUNT_MAX)); + if (NewMeasuredAuthorityList == NULL) { + return EFI_OUT_OF_RESOURCES; + } + if (mMeasuredAuthorityList != NULL) { + CopyMem (NewMeasuredAuthorityList, mMeasuredAuthorityList, sizeof(VARIABLE_RECORD) * mMeasuredAuthorityCount); + FreePool (mMeasuredAuthorityList); + } + mMeasuredAuthorityList = NewMeasuredAuthorityList; + mMeasuredAuthorityCountMax += MEASURED_AUTHORITY_COUNT_MAX; + } + + // + // Add new entry + // + mMeasuredAuthorityList[mMeasuredAuthorityCount].VariableName = AssignVarName (VarName); + mMeasuredAuthorityList[mMeasuredAuthorityCount].VendorGuid = AssignVendorGuid (VendorGuid); + mMeasuredAuthorityList[mMeasuredAuthorityCount].Size = Size; + mMeasuredAuthorityList[mMeasuredAuthorityCount].Data = AllocatePool (Size); + if (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data == NULL) { + return EFI_OUT_OF_RESOURCES; + } + CopyMem (mMeasuredAuthorityList[mMeasuredAuthorityCount].Data, Data, Size); + mMeasuredAuthorityCount++; + + return EFI_SUCCESS; +} + +/** + This function will return if this variable is already measured. + + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. + + @retval TRUE The data is already measured. + @retval FALSE The data is not measured yet. +**/ +BOOLEAN +IsDataMeasured ( + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *Data, + IN UINTN Size + ) +{ + UINTN Index; + + for (Index = 0; Index < mMeasuredAuthorityCount; Index++) { + if ((StrCmp (VarName, mMeasuredAuthorityList[Index].VariableName) == 0) && + (CompareGuid (VendorGuid, mMeasuredAuthorityList[Index].VendorGuid)) && + (CompareMem (Data, mMeasuredAuthorityList[Index].Data, Size) == 0) && + (Size == mMeasuredAuthorityList[Index].Size)) { + return TRUE; + } + } + + return FALSE; +} + +/** + This function will return if this variable is SecureAuthority Variable. + + @param[in] VariableName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + + @retval TRUE This is SecureAuthority Variable + @retval FALSE This is not SecureAuthority Variable +**/ +BOOLEAN +IsSecureAuthorityVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + UINTN Index; + + for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { + if ((StrCmp (VariableName, mVariableType[Index].VariableName) == 0) && + (CompareGuid (VendorGuid, mVariableType[Index].VendorGuid))) { + return TRUE; + } + } + return FALSE; +} + +/** + Measure and log an EFI variable, and extend the measurement result into a specific PCR. + + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureVariable ( + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *VarData, + IN UINTN VarSize + ) +{ + EFI_STATUS Status; + UINTN VarNameLength; + UEFI_VARIABLE_DATA *VarLog; + UINT32 VarLogSize; + + // + // The UEFI_VARIABLE_DATA.VariableData value shall be the EFI_SIGNATURE_DATA value + // from the EFI_SIGNATURE_LIST that contained the authority that was used to validate the image + // + VarNameLength = StrLen (VarName); + VarLogSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize + - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); + + VarLog = (UEFI_VARIABLE_DATA *) AllocateZeroPool (VarLogSize); + if (VarLog == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + CopyMem (&VarLog->VariableName, VendorGuid, sizeof(VarLog->VariableName)); + VarLog->UnicodeNameLength = VarNameLength; + VarLog->VariableDataLength = VarSize; + CopyMem ( + VarLog->UnicodeName, + VarName, + VarNameLength * sizeof (*VarName) + ); + CopyMem ( + (CHAR16 *)VarLog->UnicodeName + VarNameLength, + VarData, + VarSize + ); + + DEBUG ((EFI_D_INFO, "DxeImageVerification: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)7, (UINTN)EV_EFI_VARIABLE_AUTHORITY)); + DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid)); + + Status = TpmMeasureAndLogData ( + 7, + EV_EFI_VARIABLE_AUTHORITY, + VarLog, + VarLogSize, + VarLog, + VarLogSize + ); + FreePool (VarLog); + + return Status; +} + +/** + SecureBoot Hook for processing image verification. + + @param[in] VariableName Name of Variable to be found. + @param[in] VendorGuid Variable vendor GUID. + @param[in] DataSize Size of Data found. If size is less than the + data, this value contains the required size. + @param[in] Data Data pointer. + +**/ +VOID +EFIAPI +SecureBootHook ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINTN DataSize, + IN VOID *Data + ) +{ + EFI_STATUS Status; + + if (!IsSecureAuthorityVariable (VariableName, VendorGuid)) { + return ; + } + + if (IsDataMeasured (VariableName, VendorGuid, Data, DataSize)) { + DEBUG ((EFI_D_ERROR, "MeasureSecureAuthorityVariable - IsDataMeasured\n")); + return ; + } + + Status = MeasureVariable ( + VariableName, + VendorGuid, + Data, + DataSize + ); + DEBUG ((EFI_D_INFO, "MeasureBootPolicyVariable - %r\n", Status)); + + if (!EFI_ERROR (Status)) { + AddDataMeasured (VariableName, VendorGuid, Data, DataSize); + } + + return ; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c new file mode 100644 index 00000000..801f17d5 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.c @@ -0,0 +1,396 @@ +/** @file + + This library registers RSA 2048 SHA 256 guided section handler + to parse RSA 2048 SHA 256 encapsulation section and extract raw data. + It uses the BaseCryptLib based on OpenSSL to authenticate the signature. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> +#include <Protocol/Hash.h> +#include <Protocol/SecurityPolicy.h> +#include <Library/ExtractGuidedSectionLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/PcdLib.h> +#include <Guid/WinCertificate.h> +#include <Library/BaseCryptLib.h> +#include <Library/PerformanceLib.h> +#include <Guid/SecurityPkgTokenSpace.h> + +/// +/// RSA 2048 SHA 256 Guided Section header +/// +typedef struct { + EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header + EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature +} RSA_2048_SHA_256_SECTION_HEADER; + +typedef struct { + EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header + EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature +} RSA_2048_SHA_256_SECTION2_HEADER; + +/// +/// Public Exponent of RSA Key. +/// +CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; + +/** + + GetInfo gets raw data size and attribute of the input guided section. + It first checks whether the input guid section is supported. + If not, EFI_INVALID_PARAMETER will return. + + @param InputSection Buffer containing the input GUIDed section to be processed. + @param OutputBufferSize The size of OutputBuffer. + @param ScratchBufferSize The size of ScratchBuffer. + @param SectionAttribute The attribute of the input guided section. + + @retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and + the attribute of the input section are successfully retrieved. + @retval EFI_INVALID_PARAMETER The GUID in InputSection does not match this instance guid. + +**/ +EFI_STATUS +EFIAPI +Rsa2048Sha256GuidedSectionGetInfo ( + IN CONST VOID *InputSection, + OUT UINT32 *OutputBufferSize, + OUT UINT32 *ScratchBufferSize, + OUT UINT16 *SectionAttribute + ) +{ + if (IS_SECTION2 (InputSection)) { + // + // Check whether the input guid section is recognized. + // + if (!CompareGuid ( + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) { + return EFI_INVALID_PARAMETER; + } + // + // Retrieve the size and attribute of the input section data. + // + *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes; + *ScratchBufferSize = 0; + *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER); + } else { + // + // Check whether the input guid section is recognized. + // + if (!CompareGuid ( + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) { + return EFI_INVALID_PARAMETER; + } + // + // Retrieve the size and attribute of the input section data. + // + *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes; + *ScratchBufferSize = 0; + *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER); + } + + return EFI_SUCCESS; +} + +/** + + Extraction handler tries to extract raw data from the input guided section. + It also does authentication check for RSA 2048 SHA 256 signature in the input guided section. + It first checks whether the input guid section is supported. + If not, EFI_INVALID_PARAMETER will return. + + @param InputSection Buffer containing the input GUIDed section to be processed. + @param OutputBuffer Buffer to contain the output raw data allocated by the caller. + @param ScratchBuffer A pointer to a caller-allocated buffer for function internal use. + @param AuthenticationStatus A pointer to a caller-allocated UINT32 that indicates the + authentication status of the output buffer. + + @retval EFI_SUCCESS Section Data and Auth Status is extracted successfully. + @retval EFI_INVALID_PARAMETER The GUID in InputSection does not match this instance guid. + +**/ +EFI_STATUS +EFIAPI +Rsa2048Sha256GuidedSectionHandler ( + IN CONST VOID *InputSection, + OUT VOID **OutputBuffer, + IN VOID *ScratchBuffer, OPTIONAL + OUT UINT32 *AuthenticationStatus + ) +{ + EFI_STATUS Status; + UINT32 OutputBufferSize; + VOID *DummyInterface; + EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlockRsa2048Sha256; + BOOLEAN CryptoStatus; + UINT8 Digest[SHA256_DIGEST_SIZE]; + UINT8 *PublicKey; + UINTN PublicKeyBufferSize; + VOID *HashContext; + VOID *Rsa; + + HashContext = NULL; + Rsa = NULL; + + if (IS_SECTION2 (InputSection)) { + // + // Check whether the input guid section is recognized. + // + if (!CompareGuid ( + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) { + return EFI_INVALID_PARAMETER; + } + + // + // Get the RSA 2048 SHA 256 information. + // + CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256; + OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER); + if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) { + PERF_INMODULE_BEGIN ("DxeRsaCopy"); + CopyMem (*OutputBuffer, (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION2_HEADER), OutputBufferSize); + PERF_INMODULE_END ("DxeRsaCopy"); + } else { + *OutputBuffer = (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION2_HEADER); + } + + // + // Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set + // + ASSERT ((((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0); + *AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED; + } else { + // + // Check whether the input guid section is recognized. + // + if (!CompareGuid ( + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) { + return EFI_INVALID_PARAMETER; + } + + // + // Get the RSA 2048 SHA 256 information. + // + CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION_HEADER *)InputSection)->CertBlockRsa2048Sha256; + OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER); + if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) { + PERF_INMODULE_BEGIN ("DxeRsaCopy"); + CopyMem (*OutputBuffer, (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION_HEADER), OutputBufferSize); + PERF_INMODULE_END ("DxeRsaCopy"); + } else { + *OutputBuffer = (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION_HEADER); + } + + // + // Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set + // + ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0); + *AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED; + } + + // + // Check whether there exists EFI_SECURITY_POLICY_PROTOCOL_GUID. + // + Status = gBS->LocateProtocol (&gEfiSecurityPolicyProtocolGuid, NULL, &DummyInterface); + if (!EFI_ERROR (Status)) { + // + // If SecurityPolicy Protocol exist, AUTH platform override bit is set. + // + *AuthenticationStatus |= EFI_AUTH_STATUS_PLATFORM_OVERRIDE; + + return EFI_SUCCESS; + } + + // + // All paths from here return EFI_SUCCESS and result is returned in AuthenticationStatus + // + Status = EFI_SUCCESS; + + // + // Fail if the HashType is not SHA 256 + // + if (!CompareGuid (&gEfiHashAlgorithmSha256Guid, &CertBlockRsa2048Sha256->HashType)) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: HASH type of section is not supported\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Allocate hash context buffer required for SHA 256 + // + HashContext = AllocatePool (Sha256GetContextSize ()); + if (HashContext == NULL) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Can not allocate hash context\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Hash public key from data payload with SHA256. + // + ZeroMem (Digest, SHA256_DIGEST_SIZE); + CryptoStatus = Sha256Init (HashContext); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Init() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Update() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + CryptoStatus = Sha256Final (HashContext, Digest); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Fail if the PublicKey is not one of the public keys in PcdRsa2048Sha256PublicKeyBuffer + // + PublicKey = (UINT8 *)PcdGetPtr (PcdRsa2048Sha256PublicKeyBuffer); + DEBUG ((DEBUG_VERBOSE, "DxePcdRsa2048Sha256: PublicKeyBuffer = %p\n", PublicKey)); + ASSERT (PublicKey != NULL); + DEBUG ((DEBUG_VERBOSE, "DxePcdRsa2048Sha256: PublicKeyBuffer Token = %08x\n", PcdToken (PcdRsa2048Sha256PublicKeyBuffer))); + PublicKeyBufferSize = PcdGetSize (PcdRsa2048Sha256PublicKeyBuffer); + DEBUG ((DEBUG_VERBOSE, "DxePcdRsa2048Sha256: PublicKeyBuffer Size = %08x\n", PublicKeyBufferSize)); + ASSERT ((PublicKeyBufferSize % SHA256_DIGEST_SIZE) == 0); + CryptoStatus = FALSE; + while (PublicKeyBufferSize != 0) { + if (CompareMem (Digest, PublicKey, SHA256_DIGEST_SIZE) == 0) { + CryptoStatus = TRUE; + break; + } + PublicKey = PublicKey + SHA256_DIGEST_SIZE; + PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE; + } + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Public key in section is not supported\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Generate & Initialize RSA Context. + // + Rsa = RsaNew (); + if (Rsa == NULL) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaNew() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Set RSA Key Components. + // NOTE: Only N and E are needed to be set as RSA public key for signature verification. + // + CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Hash data payload with SHA256. + // + ZeroMem (Digest, SHA256_DIGEST_SIZE); + CryptoStatus = Sha256Init (HashContext); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Init() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + PERF_INMODULE_BEGIN ("DxeRsaShaData"); + CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize); + PERF_INMODULE_END ("DxeRsaShaData"); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Update() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + CryptoStatus = Sha256Final (HashContext, Digest); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: Sha256Final() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Verify the RSA 2048 SHA 256 signature. + // + PERF_INMODULE_BEGIN ("DxeRsaVerify"); + CryptoStatus = RsaPkcs1Verify ( + Rsa, + Digest, + SHA256_DIGEST_SIZE, + CertBlockRsa2048Sha256->Signature, + sizeof (CertBlockRsa2048Sha256->Signature) + ); + PERF_INMODULE_END ("DxeRsaVerify"); + if (!CryptoStatus) { + // + // If RSA 2048 SHA 256 signature verification fails, AUTH tested failed bit is set. + // + DEBUG ((DEBUG_ERROR, "DxeRsa2048Sha256: RsaPkcs1Verify() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + } + +Done: + // + // Free allocated resources used to perform RSA 2048 SHA 256 signature verification + // + if (Rsa != NULL) { + RsaFree (Rsa); + } + if (HashContext != NULL) { + FreePool (HashContext); + } + + DEBUG ((DEBUG_VERBOSE, "DxeRsa2048Sha256: Status = %r AuthenticationStatus = %08x\n", Status, *AuthenticationStatus)); + + return Status; +} + +/** + Register the handler to extract RSA 2048 SHA 256 guided section. + + @param ImageHandle ImageHandle of the loaded driver. + @param SystemTable Pointer to the EFI System Table. + + @retval EFI_SUCCESS Register successfully. + @retval EFI_OUT_OF_RESOURCES Not enough memory to register this handler. +**/ +EFI_STATUS +EFIAPI +DxeRsa2048Sha256GuidedSectionExtractLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return ExtractGuidedSectionRegisterHandlers ( + &gEfiCertTypeRsa2048Sha256Guid, + Rsa2048Sha256GuidedSectionGetInfo, + Rsa2048Sha256GuidedSectionHandler + ); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf new file mode 100644 index 00000000..72f254f7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf @@ -0,0 +1,57 @@ +## @file +# This library doesn't produce any library class. The constructor function uses +# ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler +# that parses RSA 2048 SHA 256 encapsulation section and extracts raw data. +# +# It uses the BaseCryptLib based on OpenSSL to authenticate the signature. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeRsa2048Sha256GuidedSectionExtractLib + FILE_GUID = 0AD6C423-4732-4cf3-9CE3-0A5416D634A5 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL|DXE_CORE DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = DxeRsa2048Sha256GuidedSectionExtractLibConstructor + MODULE_UNI_FILE = DxeRsa2048Sha256GuidedSectionExtractLib.uni + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + DxeRsa2048Sha256GuidedSectionExtractLib.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + ExtractGuidedSectionLib + UefiBootServicesTableLib + DebugLib + BaseMemoryLib + MemoryAllocationLib + BaseCryptLib + PcdLib + PerformanceLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer ## SOMETIMES_CONSUMES + +[Protocols] + gEfiSecurityPolicyProtocolGuid ## SOMETIMES_CONSUMES (Set platform override AUTH status if exist) + +[Guids] + gEfiCertTypeRsa2048Sha256Guid ## PRODUCES ## UNDEFINED # Specifies RSA 2048 SHA 256 authentication algorithm. + gEfiHashAlgorithmSha256Guid ## SOMETIMES_CONSUMES ## UNDEFINED + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.uni new file mode 100644 index 00000000..f0294a68 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.uni @@ -0,0 +1,19 @@ +// /** @file
+// This library doesn't produce any library class. The constructor function uses
+//
+// ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler
+// that parses RSA 2048 SHA 256 encapsulation section and extracts raw data.
+//
+// It uses the BaseCryptLib based on OpenSSL to authenticate the signature.
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides security service of RSA 2048 SHA 256 guided section verification"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library doesn't produce any library class. The constructor function uses ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler that parses RSA2048 SHA256 encapsulation section and extracts raw data. It uses the BaseCryptLib based on OpenSSL to authenticate the signature."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c new file mode 100644 index 00000000..59948712 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -0,0 +1,1234 @@ +/** @file + Execute pending TPM2 requests from OS or BIOS. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + + Tpm2ExecutePendingTpmRequest() will receive untrusted input and do validation. + +Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> + +#include <Protocol/Tcg2Protocol.h> +#include <Protocol/VariableLock.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/UefiDriverEntryPoint.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/PrintLib.h> +#include <Library/HiiLib.h> +#include <Library/HobLib.h> +#include <Guid/EventGroup.h> +#include <Guid/Tcg2PhysicalPresenceData.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tcg2PhysicalPresenceLib.h> +#include <Library/Tcg2PpVendorLib.h> + +#define CONFIRM_BUFFER_SIZE 4096 + +EFI_HII_HANDLE mTcg2PpStringPackHandle; + +/** + Get string by string id from HII Interface. + + @param[in] Id String ID. + + @retval CHAR16 * String from ID. + @retval NULL If error occurs. + +**/ +CHAR16 * +Tcg2PhysicalPresenceGetStringById ( + IN EFI_STRING_ID Id + ) +{ + return HiiGetString (mTcg2PpStringPackHandle, Id, NULL); +} + +/** + Send ClearControl and Clear command to TPM. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_TIMEOUT The register can't run into the expected status in time. + @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. + @retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +Tpm2CommandClear ( + IN TPM2B_AUTH *PlatformAuth OPTIONAL + ) +{ + EFI_STATUS Status; + TPMS_AUTH_COMMAND *AuthSession; + TPMS_AUTH_COMMAND LocalAuthSession; + + if (PlatformAuth == NULL) { + AuthSession = NULL; + } else { + AuthSession = &LocalAuthSession; + ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); + LocalAuthSession.sessionHandle = TPM_RS_PW; + LocalAuthSession.hmac.size = PlatformAuth->size; + CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); + } + + DEBUG ((EFI_D_INFO, "Tpm2ClearControl ... \n")); + Status = Tpm2ClearControl (TPM_RH_PLATFORM, AuthSession, NO); + DEBUG ((EFI_D_INFO, "Tpm2ClearControl - %r\n", Status)); + if (EFI_ERROR (Status)) { + goto Done; + } + DEBUG ((EFI_D_INFO, "Tpm2Clear ... \n")); + Status = Tpm2Clear (TPM_RH_PLATFORM, AuthSession); + DEBUG ((EFI_D_INFO, "Tpm2Clear - %r\n", Status)); + +Done: + ZeroMem (&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); + return Status; +} + +/** + Change EPS. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + + @retval EFI_SUCCESS Operation completed successfully. +**/ +EFI_STATUS +Tpm2CommandChangeEps ( + IN TPM2B_AUTH *PlatformAuth OPTIONAL + ) +{ + EFI_STATUS Status; + TPMS_AUTH_COMMAND *AuthSession; + TPMS_AUTH_COMMAND LocalAuthSession; + + if (PlatformAuth == NULL) { + AuthSession = NULL; + } else { + AuthSession = &LocalAuthSession; + ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); + LocalAuthSession.sessionHandle = TPM_RS_PW; + LocalAuthSession.hmac.size = PlatformAuth->size; + CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); + } + + Status = Tpm2ChangeEPS (TPM_RH_PLATFORM, AuthSession); + DEBUG ((EFI_D_INFO, "Tpm2ChangeEPS - %r\n", Status)); + + ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); + return Status; +} + +/** + Execute physical presence operation requested by the OS. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] CommandCode Physical presence operation value. + @param[in] CommandParameter Physical presence operation parameter. + @param[in, out] PpiFlags The physical presence interface flags. + + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation. + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or + receiving response from TPM. + @retval Others Return code from the TPM device after command execution. +**/ +UINT32 +Tcg2ExecutePhysicalPresence ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN UINT32 CommandCode, + IN UINT32 CommandParameter, + IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *PpiFlags + ) +{ + EFI_STATUS Status; + EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; + UINT32 ActivePcrBanks; + + switch (CommandCode) { + case TCG2_PHYSICAL_PRESENCE_CLEAR: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3: + Status = Tpm2CommandClear (PlatformAuth); + if (EFI_ERROR (Status)) { + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } else { + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + } + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE: + PpiFlags->PPFlags |= TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR; + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE: + PpiFlags->PPFlags &= ~TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR; + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + + case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: + Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks); + ASSERT_EFI_ERROR (Status); + + // + // PP spec requirements: + // Firmware should check that all requested (set) hashing algorithms are supported with respective PCR banks. + // Firmware has to ensure that at least one PCR banks is active. + // If not, an error is returned and no action is taken. + // + if (CommandParameter == 0 || (CommandParameter & (~TpmHashAlgorithmBitmap)) != 0) { + DEBUG((DEBUG_ERROR, "PCR banks %x to allocate are not supported by TPM. Skip operation\n", CommandParameter)); + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } + + Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter); + if (EFI_ERROR (Status)) { + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } else { + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + } + + case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: + Status = Tpm2CommandChangeEps (PlatformAuth); + if (EFI_ERROR (Status)) { + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } else { + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + } + + case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: + Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks); + ASSERT_EFI_ERROR (Status); + Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap); + if (EFI_ERROR (Status)) { + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } else { + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + } + + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: + PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID; + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: + PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID; + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: + PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID; + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE: + PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID; + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: + PpiFlags->PPFlags |= TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID; + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE: + PpiFlags->PPFlags &= ~TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID; + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + + default: + if (CommandCode <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { + return TCG_PP_OPERATION_RESPONSE_SUCCESS; + } else { + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } + } +} + + +/** + Read the specified key for user confirmation. + + @param[in] CautionKey If true, F12 is used as confirm key; + If false, F10 is used as confirm key. + + @retval TRUE User confirmed the changes by input. + @retval FALSE User discarded the changes. +**/ +BOOLEAN +Tcg2ReadUserKey ( + IN BOOLEAN CautionKey + ) +{ + EFI_STATUS Status; + EFI_INPUT_KEY Key; + UINT16 InputKey; + + InputKey = 0; + do { + Status = gBS->CheckEvent (gST->ConIn->WaitForKey); + if (!EFI_ERROR (Status)) { + Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); + if (Key.ScanCode == SCAN_ESC) { + InputKey = Key.ScanCode; + } + if ((Key.ScanCode == SCAN_F10) && !CautionKey) { + InputKey = Key.ScanCode; + } + if ((Key.ScanCode == SCAN_F12) && CautionKey) { + InputKey = Key.ScanCode; + } + } + } while (InputKey == 0); + + if (InputKey != SCAN_ESC) { + return TRUE; + } + + return FALSE; +} + +/** + Fill Buffer With BootHashAlg. + + @param[in] Buffer Buffer to be filled. + @param[in] BufferSize Size of buffer. + @param[in] BootHashAlg BootHashAlg. + +**/ +VOID +Tcg2FillBufferWithBootHashAlg ( + IN UINT16 *Buffer, + IN UINTN BufferSize, + IN UINT32 BootHashAlg + ) +{ + Buffer[0] = 0; + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) { + if (Buffer[0] != 0) { + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); + } + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); + } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { + if (Buffer[0] != 0) { + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); + } + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); + } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { + if (Buffer[0] != 0) { + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); + } + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); + } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { + if (Buffer[0] != 0) { + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); + } + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); + } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { + if (Buffer[0] != 0) { + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L", ", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); + } + StrnCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256", (BufferSize / sizeof (CHAR16)) - StrLen (Buffer) - 1); + } +} + +/** + Display the confirm text and get user confirmation. + + @param[in] TpmPpCommand The requested TPM physical presence command. + @param[in] TpmPpCommandParameter The requested TPM physical presence command parameter. + + @retval TRUE The user has confirmed the changes. + @retval FALSE The user doesn't confirm the changes. +**/ +BOOLEAN +Tcg2UserConfirm ( + IN UINT32 TpmPpCommand, + IN UINT32 TpmPpCommandParameter + ) +{ + CHAR16 *ConfirmText; + CHAR16 *TmpStr1; + CHAR16 *TmpStr2; + UINTN BufSize; + BOOLEAN CautionKey; + BOOLEAN NoPpiInfo; + UINT16 Index; + CHAR16 DstStr[81]; + CHAR16 TempBuffer[1024]; + CHAR16 TempBuffer2[1024]; + EFI_TCG2_PROTOCOL *Tcg2Protocol; + EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability; + UINT32 CurrentPCRBanks; + EFI_STATUS Status; + + TmpStr2 = NULL; + CautionKey = FALSE; + NoPpiInfo = FALSE; + BufSize = CONFIRM_BUFFER_SIZE; + ConfirmText = AllocateZeroPool (BufSize); + ASSERT (ConfirmText != NULL); + + mTcg2PpStringPackHandle = HiiAddPackages (&gEfiTcg2PhysicalPresenceGuid, gImageHandle, DxeTcg2PhysicalPresenceLibStrings, NULL); + ASSERT (mTcg2PpStringPackHandle != NULL); + + switch (TpmPpCommand) { + + case TCG2_PHYSICAL_PRESENCE_CLEAR: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3: + CautionKey = TRUE; + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE: + CautionKey = TRUE; + NoPpiInfo = TRUE; + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); + ASSERT_EFI_ERROR (Status); + + ProtocolCapability.Size = sizeof(ProtocolCapability); + Status = Tcg2Protocol->GetCapability ( + Tcg2Protocol, + &ProtocolCapability + ); + ASSERT_EFI_ERROR (Status); + + Status = Tcg2Protocol->GetActivePcrBanks ( + Tcg2Protocol, + &CurrentPCRBanks + ); + ASSERT_EFI_ERROR (Status); + + CautionKey = TRUE; + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_SET_PCR_BANKS)); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_1)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_SET_PCR_BANKS_2)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + Tcg2FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), TpmPpCommandParameter); + Tcg2FillBufferWithBootHashAlg (TempBuffer2, sizeof(TempBuffer2), CurrentPCRBanks); + + TmpStr1 = AllocateZeroPool (BufSize); + ASSERT (TmpStr1 != NULL); + UnicodeSPrint (TmpStr1, BufSize, L"Current PCRBanks is 0x%x. (%s)\nNew PCRBanks is 0x%x. (%s)\n", CurrentPCRBanks, TempBuffer2, TpmPpCommandParameter, TempBuffer); + + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + break; + + case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: + CautionKey = TRUE; + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CHANGE_EPS)); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_1)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CHANGE_EPS_2)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + break; + + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ENABLE_BLOCK_SID)); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + break; + + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_DISABLE_BLOCK_SID)); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE: + NoPpiInfo = TRUE; + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_ENABLE_BLOCK_SID)); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE: + NoPpiInfo = TRUE; + TmpStr2 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PP_DISABLE_BLOCK_SID)); + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_PPI_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + break; + + default: + ; + } + + if (TmpStr2 == NULL) { + FreePool (ConfirmText); + return FALSE; + } + + if (TpmPpCommand < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) { + if (CautionKey) { + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); + } else { + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + } + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + if (NoPpiInfo) { + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + } + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY)); + } else { + if (CautionKey) { + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_CAUTION_KEY)); + } else { + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_ACCEPT_KEY)); + } + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + if (NoPpiInfo) { + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_NO_PPI_INFO)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + } + + TmpStr1 = Tcg2PhysicalPresenceGetStringById (STRING_TOKEN (TCG_STORAGE_REJECT_KEY)); + } + BufSize -= StrSize (ConfirmText); + UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2); + + DstStr[80] = L'\0'; + for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { + StrnCpyS (DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); + Print (DstStr); + } + + FreePool (TmpStr1); + FreePool (TmpStr2); + FreePool (ConfirmText); + HiiRemovePackages (mTcg2PpStringPackHandle); + + if (Tcg2ReadUserKey (CautionKey)) { + return TRUE; + } + + return FALSE; +} + +/** + Check if there is a valid physical presence command request. Also updates parameter value + to whether the requested physical presence command already confirmed by user + + @param[in] TcgPpData EFI Tcg2 Physical Presence request data. + @param[in] Flags The physical presence interface flags. + @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. + True, it indicates the command doesn't require user confirm, or already confirmed + in last boot cycle by user. + False, it indicates the command need user confirm from UI. + + @retval TRUE Physical Presence operation command is valid. + @retval FALSE Physical Presence operation command is invalid. + +**/ +BOOLEAN +Tcg2HaveValidTpmRequest ( + IN EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, + IN EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags, + OUT BOOLEAN *RequestConfirmed + ) +{ + EFI_TCG2_PROTOCOL *Tcg2Protocol; + EFI_STATUS Status; + BOOLEAN IsRequestValid; + + *RequestConfirmed = FALSE; + + if (TcgPpData->PPRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { + // + // Need TCG2 protocol. + // + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); + if (EFI_ERROR (Status)) { + return FALSE; + } + } + + switch (TcgPpData->PPRequest) { + case TCG2_PHYSICAL_PRESENCE_NO_ACTION: + *RequestConfirmed = TRUE; + return TRUE; + + case TCG2_PHYSICAL_PRESENCE_CLEAR: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3: + if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) { + *RequestConfirmed = TRUE; + } + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE: + *RequestConfirmed = TRUE; + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE: + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: + if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) { + *RequestConfirmed = TRUE; + } + break; + + case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: + if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) { + *RequestConfirmed = TRUE; + } + break; + + case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: + *RequestConfirmed = TRUE; + break; + + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: + if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) { + *RequestConfirmed = TRUE; + } + break; + + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: + if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) { + *RequestConfirmed = TRUE; + } + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: + *RequestConfirmed = TRUE; + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE: + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE: + break; + + default: + if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + IsRequestValid = Tcg2PpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed); + if (!IsRequestValid) { + return FALSE; + } else { + break; + } + } else { + // + // Wrong Physical Presence command + // + return FALSE; + } + } + + if ((Flags.PPFlags & TCG2_LIB_PP_FLAG_RESET_TRACK) != 0) { + // + // It had been confirmed in last boot, it doesn't need confirm again. + // + *RequestConfirmed = TRUE; + } + + // + // Physical Presence command is correct + // + return TRUE; +} + + +/** + Check and execute the requested physical presence command. + + Caution: This function may receive untrusted input. + TcgPpData variable is external input, so this function will validate + its data structure to be valid value. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in, out] TcgPpData Pointer to the physical presence NV variable. + @param[in, out] Flags Pointer to the physical presence interface flags. +**/ +VOID +Tcg2ExecutePendingTpmRequest ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN OUT EFI_TCG2_PHYSICAL_PRESENCE *TcgPpData, + IN OUT EFI_TCG2_PHYSICAL_PRESENCE_FLAGS *Flags + ) +{ + EFI_STATUS Status; + UINTN DataSize; + BOOLEAN RequestConfirmed; + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS NewFlags; + BOOLEAN ResetRequired; + UINT32 NewPPFlags; + + if (TcgPpData->PPRequest == TCG2_PHYSICAL_PRESENCE_NO_ACTION) { + // + // No operation request + // + return; + } + + if (!Tcg2HaveValidTpmRequest(TcgPpData, *Flags, &RequestConfirmed)) { + // + // Invalid operation request. + // + if (TcgPpData->PPRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { + TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_SUCCESS; + } else { + TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } + TcgPpData->LastPPRequest = TcgPpData->PPRequest; + TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; + TcgPpData->PPRequestParameter = 0; + + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + TcgPpData + ); + return; + } + + ResetRequired = FALSE; + if (TcgPpData->PPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + NewFlags = *Flags; + NewPPFlags = NewFlags.PPFlags; + TcgPpData->PPResponse = Tcg2PpVendorLibExecutePendingRequest (PlatformAuth, TcgPpData->PPRequest, &NewPPFlags, &ResetRequired); + NewFlags.PPFlags = NewPPFlags; + } else { + if (!RequestConfirmed) { + // + // Print confirm text and wait for approval. + // + RequestConfirmed = Tcg2UserConfirm (TcgPpData->PPRequest, TcgPpData->PPRequestParameter); + } + + // + // Execute requested physical presence command + // + TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT; + NewFlags = *Flags; + if (RequestConfirmed) { + TcgPpData->PPResponse = Tcg2ExecutePhysicalPresence ( + PlatformAuth, + TcgPpData->PPRequest, + TcgPpData->PPRequestParameter, + &NewFlags + ); + } + } + + // + // Save the flags if it is updated. + // + if (CompareMem (Flags, &NewFlags, sizeof(EFI_TCG2_PHYSICAL_PRESENCE_FLAGS)) != 0) { + *Flags = NewFlags; + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS), + &NewFlags + ); + } + + // + // Clear request + // + if ((NewFlags.PPFlags & TCG2_LIB_PP_FLAG_RESET_TRACK) == 0) { + TcgPpData->LastPPRequest = TcgPpData->PPRequest; + TcgPpData->PPRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; + TcgPpData->PPRequestParameter = 0; + } + + // + // Save changes + // + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + TcgPpData + ); + if (EFI_ERROR (Status)) { + return; + } + + if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) { + return; + } + + // + // Reset system to make new TPM settings in effect + // + switch (TcgPpData->LastPPRequest) { + case TCG2_PHYSICAL_PRESENCE_CLEAR: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3: + case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: + case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: + case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: + break; + + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE: + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE: + return; + + default: + if (TcgPpData->LastPPRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + if (ResetRequired) { + break; + } else { + return ; + } + } + if (TcgPpData->PPRequest != TCG2_PHYSICAL_PRESENCE_NO_ACTION) { + break; + } + return; + } + + Print (L"Rebooting system to make TPM2 settings in effect\n"); + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); + ASSERT (FALSE); +} + +/** + Check and execute the pending TPM request. + + The TPM request may come from OS or BIOS. This API will display request information and wait + for user confirmation if TPM request exists. The TPM request will be sent to TPM device after + the TPM request is confirmed, and one or more reset may be required to make TPM request to + take effect. + + This API should be invoked after console in and console out are all ready as they are required + to display request information and get user input to confirm the request. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. +**/ +VOID +EFIAPI +Tcg2PhysicalPresenceLibProcessRequest ( + IN TPM2B_AUTH *PlatformAuth OPTIONAL + ) +{ + EFI_STATUS Status; + UINTN DataSize; + EFI_TCG2_PHYSICAL_PRESENCE TcgPpData; + EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; + + // + // This flags variable controls whether physical presence is required for TPM command. + // It should be protected from malicious software. We set it as read-only variable here. + // + Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol); + if (!EFI_ERROR (Status)) { + Status = VariableLockProtocol->RequestToLock ( + VariableLockProtocol, + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM2] Error when lock variable %s, Status = %r\n", TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status)); + ASSERT_EFI_ERROR (Status); + } + } + + // + // Check S4 resume + // + if (GetBootModeHob () == BOOT_ON_S4_RESUME) { + DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n")); + return ; + } + + // + // Initialize physical presence flags. + // + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); + if (EFI_ERROR (Status)) { + PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS), + &PpiFlags + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence flag failed, Status = %r\n", Status)); + return ; + } + DEBUG((DEBUG_INFO, "[TPM2] Initial physical presence flags value is 0x%x\n", PpiFlags.PPFlags)); + } + + // + // Initialize physical presence variable. + // + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); + if (EFI_ERROR (Status)) { + ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &TcgPpData + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM2] Set physical presence variable failed, Status = %r\n", Status)); + return ; + } + } + + DEBUG ((EFI_D_INFO, "[TPM2] Flags=%x, PPRequest=%x (LastPPRequest=%x)\n", PpiFlags.PPFlags, TcgPpData.PPRequest, TcgPpData.LastPPRequest)); + + // + // Execute pending TPM request. + // + Tcg2ExecutePendingTpmRequest (PlatformAuth, &TcgPpData, &PpiFlags); + DEBUG ((EFI_D_INFO, "[TPM2] PPResponse = %x (LastPPRequest=%x, Flags=%x)\n", TcgPpData.PPResponse, TcgPpData.LastPPRequest, PpiFlags.PPFlags)); + +} + +/** + Check if the pending TPM request needs user input to confirm. + + The TPM request may come from OS. This API will check if TPM request exists and need user + input to confirmation. + + @retval TRUE TPM needs input to confirm user physical presence. + @retval FALSE TPM doesn't need input to confirm user physical presence. + +**/ +BOOLEAN +EFIAPI +Tcg2PhysicalPresenceLibNeedUserConfirm( + VOID + ) +{ + EFI_STATUS Status; + EFI_TCG2_PHYSICAL_PRESENCE TcgPpData; + UINTN DataSize; + BOOLEAN RequestConfirmed; + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; + + // + // Check S4 resume + // + if (GetBootModeHob () == BOOT_ON_S4_RESUME) { + DEBUG ((EFI_D_INFO, "S4 Resume, Skip TPM PP process!\n")); + return FALSE; + } + + // + // Check Tpm requests + // + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); + if (EFI_ERROR (Status)) { + return FALSE; + } + + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); + if (EFI_ERROR (Status)) { + return FALSE; + } + + if (TcgPpData.PPRequest == TCG2_PHYSICAL_PRESENCE_NO_ACTION) { + // + // No operation request + // + return FALSE; + } + + if (!Tcg2HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) { + // + // Invalid operation request. + // + return FALSE; + } + + if (!RequestConfirmed) { + // + // Need UI to confirm + // + return TRUE; + } + + return FALSE; +} + + +/** + The handler for TPM physical presence function: + Return TPM Operation Response to OS Environment. + + @param[out] MostRecentRequest Most recent operation request. + @param[out] Response Response to the most recent operation request. + + @return Return Code for Return TPM Operation Response to OS Environment. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( + OUT UINT32 *MostRecentRequest, + OUT UINT32 *Response + ) +{ + EFI_STATUS Status; + UINTN DataSize; + EFI_TCG2_PHYSICAL_PRESENCE PpData; + + DEBUG ((EFI_D_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n")); + + // + // Get the Physical Presence variable + // + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); + if (EFI_ERROR (Status)) { + *MostRecentRequest = 0; + *Response = 0; + DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status)); + return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE; + } + + *MostRecentRequest = PpData.LastPPRequest; + *Response = PpData.PPResponse; + + return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; +} + +/** + The handler for TPM physical presence function: + Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + + Caution: This function may receive untrusted input. + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] RequestParameter TPM physical presence operation request parameter. + + @return Return Code for Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( + IN UINT32 OperationRequest, + IN UINT32 RequestParameter + ) +{ + EFI_STATUS Status; + UINTN DataSize; + EFI_TCG2_PHYSICAL_PRESENCE PpData; + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; + + DEBUG ((EFI_D_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", OperationRequest, RequestParameter)); + + // + // Get the Physical Presence variable + // + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status)); + return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; + } + + if ((OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && + (OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { + return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; + } + + if ((PpData.PPRequest != OperationRequest) || + (PpData.PPRequestParameter != RequestParameter)) { + PpData.PPRequest = (UINT8)OperationRequest; + PpData.PPRequestParameter = RequestParameter; + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &PpData + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status)); + return TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; + } + } + + if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &Flags + ); + if (EFI_ERROR (Status)) { + Flags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + } + return Tcg2PpVendorLibSubmitRequestToPreOSFunction (OperationRequest, Flags.PPFlags, RequestParameter); + } + + return TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; +} + +/** + Return TPM2 ManagementFlags set by PP interface. + + @retval ManagementFlags TPM2 Management Flags. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibGetManagementFlags ( + VOID + ) +{ + EFI_STATUS Status; + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; + UINTN DataSize; + + DEBUG ((EFI_D_INFO, "[TPM2] GetManagementFlags\n")); + + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); + Status = gRT->GetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); + if (EFI_ERROR (Status)) { + PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + } + return PpiFlags.PPFlags; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf new file mode 100644 index 00000000..7e5b051c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf @@ -0,0 +1,67 @@ +## @file +# Executes TPM 2.0 requests from OS or BIOS +# +# This library will check and execute TPM 2.0 request from OS or BIOS. The request may +# ask for user confirmation before execution. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeTcg2PhysicalPresenceLib + MODULE_UNI_FILE = DxeTcg2PhysicalPresenceLib.uni + FILE_GUID = 7E507A86-DE8B-4AD3-BC4C-0498389098D3 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DxeTcg2PhysicalPresenceLib.c + PhysicalPresenceStrings.uni + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + MemoryAllocationLib + UefiLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + PrintLib + HiiLib + HobLib + Tpm2CommandLib + Tcg2PpVendorLib + +[Protocols] + gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES + gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CONSUMES + +[Guids] + ## SOMETIMES_CONSUMES ## HII + ## SOMETIMES_PRODUCES ## Variable:L"Tcg2PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"Tcg2PhysicalPresence" + ## SOMETIMES_PRODUCES ## Variable:L"Tcg2PhysicalPresenceFlags" + ## SOMETIMES_CONSUMES ## Variable:L"Tcg2PhysicalPresenceFlags" + gEfiTcg2PhysicalPresenceGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.uni new file mode 100644 index 00000000..9f31966a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.uni @@ -0,0 +1,22 @@ +// /** @file
+// Executes TPM 2.0 requests from OS or BIOS
+//
+// This library will check and execute TPM 2.0 request from OS or BIOS. The request may
+// ask for user confirmation before execution.
+//
+// Caution: This module requires additional review when modified.
+// This driver will have external input - variable.
+// This external input must be validated carefully to avoid security issue.
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Executes TPM 2.0 requests from OS or BIOS"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library will check and execute TPM 2.0 request from OS or BIOS. The request may ask for user confirmation before execution.\n"
+ "Caution: This module requires additional review when modified. This driver will have external input - variable. This external input must be validated carefully to avoid security issue."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni new file mode 100644 index 00000000..765a7b3b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/PhysicalPresenceStrings.uni @@ -0,0 +1,55 @@ +/** @file
+ String definitions for TPM 2.0 physical presence confirm text.
+
+Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#langdef en-US "English"
+
+#string TPM_HEAD_STR #language en-US "A configuration change was requested to %s this computer's TPM (Trusted Platform Module)\n\n"
+#string TPM_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n"
+
+#string TPM_ACCEPT_KEY #language en-US "Press F10 "
+#string TPM_CAUTION_KEY #language en-US "Press F12 "
+#string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress ESC to reject this change request and continue\n"
+
+#string TPM_ENABLE #language en-US "enable"
+#string TPM_DISABLE #language en-US "disable"
+#string TPM_CLEAR #language en-US "clear"
+#string TPM_SET_PCR_BANKS #language en-US "change the boot measurements to use PCR bank(s) of"
+#string TPM_CHANGE_EPS #language en-US "clear and change identity of"
+#string TPM_DISABLE_ENDORSEMENT_ENABLE_STORAGE #language en-US "disable access to some secrets stored in"
+
+#string TPM_NO_PPI_MAINTAIN #language en-US "maintain"
+#string TPM_NO_PPI_TURN_ON #language en-US "turn on"
+#string TPM_NO_PPI_TURN_OFF #language en-US "turn off"
+#string TPM_NO_PPI_INFO #language en-US "to approve future Operating System requests "
+
+#string TPM_WARNING_DISABLE #language en-US "WARNING: Doing so might prevent security applications that rely on the TPM from functioning as expected.\n\n"
+#string TPM_WARNING_CLEAR #language en-US "WARNING: Clearing erases information stored on the TPM. You will lose all created keys and access to data encrypted by these keys. "
+#string TPM_NOTE_CLEAR #language en-US "NOTE: This action does not clear the TPM, but by approving this configuration change, future actions to clear the TPM will not require user confirmation.\n\n"
+#string TPM_WARNING_SET_PCR_BANKS_1 #language en-US "WARNING: Changing the PCR bank(s) of the boot measurements may prevent the Operating System from properly processing the measurements. Please check if your Operating System supports the new PCR bank(s).\n\n"
+#string TPM_WARNING_SET_PCR_BANKS_2 #language en-US "WARNING: Secrets in the TPM that are bound to the boot state of your machine may become unusable.\n\n"
+#string TPM_WARNING_CHANGE_EPS_1 #language en-US "WARNING: Clearing erases information stored on the TPM. You will lose all created keys and access to data encrypted with these keys.\n\n"
+#string TPM_WARNING_CHANGE_EPS_2 #language en-US "WARNING: Changing the identity of the TPM may require additional steps to establish trust into the new identity.\n\n"
+#string TPM_WARNING_PP_CHANGE_PCRS_FALSE #language en-US "WARNING: Allowing future changes to format of the boot measurement log may affect the Operating System.\n\n"
+#string TPM_WARNING_PP_CHANGE_EPS_FALSE_1 #language en-US "WARNING: Allowing future changes to the TPM's firmware may affect the operation of the TPM and may erase information stored on the TPM.\n\n"
+#string TPM_WARNING_PP_CHANGE_EPS_FALSE_2 #language en-US "You may lose all created keys and access to data encrypted by these keys.\n\n"
+#string TPM_WARNING_DISABLE_ENDORSEMENT_ENABLE_STORAGE #language en-US "WARNING: Doing so might prevent security applications that rely on the TPM from functioning as expected.\n\n"
+
+#string TCG_STORAGE_HEAD_STR #language en-US "A configuration change was requested to %s on subsequent boots\n\n"
+#string TCG_STORAGE_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s without asking for user confirmation in the future.\n\n"
+
+#string TCG_STORAGE_ACCEPT_KEY #language en-US "Press F10 "
+#string TCG_STORAGE_CAUTION_KEY #language en-US "Press F12 "
+#string TCG_STORAGE_REJECT_KEY #language en-US "to %s\nPress ESC to reject this change request and continue\n"
+
+#string TCG_STORAGE_NO_PPI_INFO #language en-US "to approve future Operating System requests "
+
+#string TCG_STORAGE_ENABLE_BLOCK_SID #language en-US "issue a Block SID authentication command"
+#string TCG_STORAGE_DISABLE_BLOCK_SID #language en-US "disable issuing a Block SID authentication command"
+
+#string TCG_STORAGE_PP_ENABLE_BLOCK_SID #language en-US "enable blocking SID authentication"
+#string TCG_STORAGE_PP_DISABLE_BLOCK_SID #language en-US "disable blocking SID authentication"
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c new file mode 100644 index 00000000..e70b49d9 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.c @@ -0,0 +1,1400 @@ +/** @file + + Execute pending TPM requests from OS or BIOS and Lock TPM. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + + ExecutePendingTpmRequest() will receive untrusted input and do validation. + +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> + +#include <Protocol/TcgService.h> +#include <Protocol/VariableLock.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/UefiDriverEntryPoint.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/PrintLib.h> +#include <Library/HiiLib.h> +#include <Guid/EventGroup.h> +#include <Guid/PhysicalPresenceData.h> +#include <Library/TcgPpVendorLib.h> + +#define CONFIRM_BUFFER_SIZE 4096 + +EFI_HII_HANDLE mPpStringPackHandle; + +/** + Get string by string id from HII Interface. + + @param[in] Id String ID. + + @retval CHAR16 * String from ID. + @retval NULL If error occurs. + +**/ +CHAR16 * +PhysicalPresenceGetStringById ( + IN EFI_STRING_ID Id + ) +{ + return HiiGetString (mPpStringPackHandle, Id, NULL); +} + +/** + Get TPM physical presence permanent flags. + + @param[in] TcgProtocol EFI TCG Protocol instance. + @param[out] LifetimeLock physicalPresenceLifetimeLock permanent flag. + @param[out] CmdEnable physicalPresenceCMDEnable permanent flag. + + @retval EFI_SUCCESS Flags were returns successfully. + @retval other Failed to locate EFI TCG Protocol. + +**/ +EFI_STATUS +GetTpmCapability ( + IN EFI_TCG_PROTOCOL *TcgProtocol, + OUT BOOLEAN *LifetimeLock, + OUT BOOLEAN *CmdEnable + ) +{ + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR *TpmRqu; + TPM_RSP_COMMAND_HDR *TpmRsp; + UINT32 *SendBufPtr; + UINT8 SendBuffer[sizeof (*TpmRqu) + sizeof (UINT32) * 3]; + TPM_PERMANENT_FLAGS *TpmPermanentFlags; + UINT8 RecvBuffer[40]; + + // + // Fill request header + // + TpmRsp = (TPM_RSP_COMMAND_HDR*)RecvBuffer; + TpmRqu = (TPM_RQU_COMMAND_HDR*)SendBuffer; + + TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + TpmRqu->paramSize = SwapBytes32 (sizeof (SendBuffer)); + TpmRqu->ordinal = SwapBytes32 (TPM_ORD_GetCapability); + + // + // Set request parameter + // + SendBufPtr = (UINT32*)(TpmRqu + 1); + WriteUnaligned32 (SendBufPtr++, SwapBytes32 (TPM_CAP_FLAG)); + WriteUnaligned32 (SendBufPtr++, SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT))); + WriteUnaligned32 (SendBufPtr, SwapBytes32 (TPM_CAP_FLAG_PERMANENT)); + + Status = TcgProtocol->PassThroughToTpm ( + TcgProtocol, + sizeof (SendBuffer), + (UINT8*)TpmRqu, + sizeof (RecvBuffer), + (UINT8*)&RecvBuffer + ); + if (EFI_ERROR (Status)) { + return Status; + } + + if ((TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) { + return EFI_DEVICE_ERROR; + } + + TpmPermanentFlags = (TPM_PERMANENT_FLAGS *)&RecvBuffer[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)]; + + if (LifetimeLock != NULL) { + *LifetimeLock = TpmPermanentFlags->physicalPresenceLifetimeLock; + } + + if (CmdEnable != NULL) { + *CmdEnable = TpmPermanentFlags->physicalPresenceCMDEnable; + } + + return Status; +} + +/** + Issue TSC_PhysicalPresence command to TPM. + + @param[in] TcgProtocol EFI TCG Protocol instance. + @param[in] PhysicalPresence The state to set the TPM's Physical Presence flags. + + @retval EFI_SUCCESS TPM executed the command successfully. + @retval EFI_SECURITY_VIOLATION TPM returned error when executing the command. + @retval other Failed to locate EFI TCG Protocol. + +**/ +EFI_STATUS +TpmPhysicalPresence ( + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN TPM_PHYSICAL_PRESENCE PhysicalPresence + ) +{ + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR *TpmRqu; + TPM_PHYSICAL_PRESENCE *TpmPp; + TPM_RSP_COMMAND_HDR TpmRsp; + UINT8 Buffer[sizeof (*TpmRqu) + sizeof (*TpmPp)]; + + TpmRqu = (TPM_RQU_COMMAND_HDR*)Buffer; + TpmPp = (TPM_PHYSICAL_PRESENCE*)(TpmRqu + 1); + + TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + TpmRqu->paramSize = SwapBytes32 (sizeof (Buffer)); + TpmRqu->ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence); + WriteUnaligned16 (TpmPp, (TPM_PHYSICAL_PRESENCE) SwapBytes16 (PhysicalPresence)); + + Status = TcgProtocol->PassThroughToTpm ( + TcgProtocol, + sizeof (Buffer), + (UINT8*)TpmRqu, + sizeof (TpmRsp), + (UINT8*)&TpmRsp + ); + if (EFI_ERROR (Status)) { + return Status; + } + + if (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) { + return EFI_DEVICE_ERROR; + } + + if (TpmRsp.returnCode != 0) { + // + // If it fails, some requirements may be needed for this command. + // + return EFI_SECURITY_VIOLATION; + } + + return Status; +} + +/** + Issue a TPM command for which no additional output data will be returned. + + @param[in] TcgProtocol EFI TCG Protocol instance. + @param[in] Ordinal TPM command code. + @param[in] AdditionalParameterSize Additional parameter size. + @param[in] AdditionalParameters Pointer to the Additional parameters. + + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or + receiving response from TPM. + @retval Others Return code from the TPM device after command execution. + +**/ +UINT32 +TpmCommandNoReturnData ( + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN TPM_COMMAND_CODE Ordinal, + IN UINTN AdditionalParameterSize, + IN VOID *AdditionalParameters + ) +{ + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR *TpmRqu; + TPM_RSP_COMMAND_HDR TpmRsp; + UINT32 Size; + + TpmRqu = (TPM_RQU_COMMAND_HDR*) AllocatePool (sizeof (*TpmRqu) + AdditionalParameterSize); + if (TpmRqu == NULL) { + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } + + TpmRqu->tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Size = (UINT32)(sizeof (*TpmRqu) + AdditionalParameterSize); + TpmRqu->paramSize = SwapBytes32 (Size); + TpmRqu->ordinal = SwapBytes32 (Ordinal); + CopyMem (TpmRqu + 1, AdditionalParameters, AdditionalParameterSize); + + Status = TcgProtocol->PassThroughToTpm ( + TcgProtocol, + Size, + (UINT8*)TpmRqu, + (UINT32)sizeof (TpmRsp), + (UINT8*)&TpmRsp + ); + FreePool (TpmRqu); + if (EFI_ERROR (Status) || (TpmRsp.tag != SwapBytes16 (TPM_TAG_RSP_COMMAND))) { + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + } + return SwapBytes32 (TpmRsp.returnCode); +} + +/** + Execute physical presence operation requested by the OS. + + @param[in] TcgProtocol EFI TCG Protocol instance. + @param[in] CommandCode Physical presence operation value. + @param[in, out] PpiFlags The physical presence interface flags. + + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Unknown physical presence operation. + @retval TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE Error occurred during sending command to TPM or + receiving response from TPM. + @retval Others Return code from the TPM device after command execution. + +**/ +UINT32 +ExecutePhysicalPresence ( + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN UINT32 CommandCode, + IN OUT EFI_PHYSICAL_PRESENCE_FLAGS *PpiFlags + ) +{ + BOOLEAN BoolVal; + UINT32 TpmResponse; + UINT32 InData[5]; + + switch (CommandCode) { + case PHYSICAL_PRESENCE_ENABLE: + return TpmCommandNoReturnData ( + TcgProtocol, + TPM_ORD_PhysicalEnable, + 0, + NULL + ); + + case PHYSICAL_PRESENCE_DISABLE: + return TpmCommandNoReturnData ( + TcgProtocol, + TPM_ORD_PhysicalDisable, + 0, + NULL + ); + + case PHYSICAL_PRESENCE_ACTIVATE: + BoolVal = FALSE; + return TpmCommandNoReturnData ( + TcgProtocol, + TPM_ORD_PhysicalSetDeactivated, + sizeof (BoolVal), + &BoolVal + ); + + case PHYSICAL_PRESENCE_DEACTIVATE: + BoolVal = TRUE; + return TpmCommandNoReturnData ( + TcgProtocol, + TPM_ORD_PhysicalSetDeactivated, + sizeof (BoolVal), + &BoolVal + ); + + case PHYSICAL_PRESENCE_CLEAR: + return TpmCommandNoReturnData ( + TcgProtocol, + TPM_ORD_ForceClear, + 0, + NULL + ); + + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE: + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE, PpiFlags); + if (TpmResponse == 0) { + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ACTIVATE, PpiFlags); + } + return TpmResponse; + + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE, PpiFlags); + if (TpmResponse == 0) { + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DISABLE, PpiFlags); + } + return TpmResponse; + + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE: + BoolVal = TRUE; + return TpmCommandNoReturnData ( + TcgProtocol, + TPM_ORD_SetOwnerInstall, + sizeof (BoolVal), + &BoolVal + ); + + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE: + BoolVal = FALSE; + return TpmCommandNoReturnData ( + TcgProtocol, + TPM_ORD_SetOwnerInstall, + sizeof (BoolVal), + &BoolVal + ); + + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE: + // + // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE + // PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE will be executed after reboot + // + if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) { + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); + PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK; + } else { + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE, PpiFlags); + PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK; + } + return TpmResponse; + + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE, PpiFlags); + if (TpmResponse == 0) { + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, PpiFlags); + } + return TpmResponse; + + case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: + InData[0] = SwapBytes32 (TPM_SET_STCLEAR_DATA); // CapabilityArea + InData[1] = SwapBytes32 (sizeof(UINT32)); // SubCapSize + InData[2] = SwapBytes32 (TPM_SD_DEFERREDPHYSICALPRESENCE); // SubCap + InData[3] = SwapBytes32 (sizeof(UINT32)); // SetValueSize + InData[4] = SwapBytes32 (1); // UnownedFieldUpgrade; bit0 + return TpmCommandNoReturnData ( + TcgProtocol, + TPM_ORD_SetCapability, + sizeof (UINT32) * 5, + InData + ); + + case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH: + // + // TPM_SetOperatorAuth + // This command requires UI to prompt user for Auth data + // Here it is NOT implemented + // + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + + case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE: + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags); + if (TpmResponse == 0) { + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); + } + return TpmResponse; + + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE: + PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION; + return 0; + + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE: + PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION; + return 0; + + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE: + PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR; + return 0; + + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: + PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR; + return 0; + + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE: + PpiFlags->PPFlags &= ~TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE; + return 0; + + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE: + PpiFlags->PPFlags |= TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE; + return 0; + + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: + // + // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR + // PHYSICAL_PRESENCE_CLEAR will be executed after reboot. + // + if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) { + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); + PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK; + } else { + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR, PpiFlags); + PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK; + } + return TpmResponse; + + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: + // + // PHYSICAL_PRESENCE_ENABLE_ACTIVATE + PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE + // PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE will be executed after reboot. + // + if ((PpiFlags->PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) { + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_ENABLE_ACTIVATE, PpiFlags); + PpiFlags->PPFlags |= TCG_VENDOR_LIB_FLAG_RESET_TRACK; + } else { + TpmResponse = ExecutePhysicalPresence (TcgProtocol, PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, PpiFlags); + PpiFlags->PPFlags &= ~TCG_VENDOR_LIB_FLAG_RESET_TRACK; + } + return TpmResponse; + + default: + ; + } + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; +} + + +/** + Read the specified key for user confirmation. + + @param[in] CautionKey If true, F12 is used as confirm key; + If false, F10 is used as confirm key. + + @retval TRUE User confirmed the changes by input. + @retval FALSE User discarded the changes or device error. + +**/ +BOOLEAN +ReadUserKey ( + IN BOOLEAN CautionKey + ) +{ + EFI_STATUS Status; + EFI_INPUT_KEY Key; + UINT16 InputKey; + UINTN Index; + + InputKey = 0; + do { + Status = gST->ConIn->ReadKeyStroke (gST->ConIn, &Key); + if (Status == EFI_NOT_READY) { + gBS->WaitForEvent (1, &gST->ConIn->WaitForKey, &Index); + continue; + } + + if (Status == EFI_DEVICE_ERROR) { + return FALSE; + } + + if (Key.ScanCode == SCAN_ESC) { + InputKey = Key.ScanCode; + } + if ((Key.ScanCode == SCAN_F10) && !CautionKey) { + InputKey = Key.ScanCode; + } + if ((Key.ScanCode == SCAN_F12) && CautionKey) { + InputKey = Key.ScanCode; + } + } while (InputKey == 0); + + if (InputKey != SCAN_ESC) { + return TRUE; + } + + return FALSE; +} + +/** + The constructor function register UNI strings into imageHandle. + + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor successfully added string package. + @retval Other value The constructor can't add string package. + +**/ +EFI_STATUS +EFIAPI +TcgPhysicalPresenceLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + mPpStringPackHandle = HiiAddPackages (&gEfiPhysicalPresenceGuid, ImageHandle, DxeTcgPhysicalPresenceLibStrings, NULL); + ASSERT (mPpStringPackHandle != NULL); + + return EFI_SUCCESS; +} + +/** + Display the confirm text and get user confirmation. + + @param[in] TpmPpCommand The requested TPM physical presence command. + + @retval TRUE The user has confirmed the changes. + @retval FALSE The user doesn't confirm the changes. +**/ +BOOLEAN +UserConfirm ( + IN UINT32 TpmPpCommand + ) +{ + CHAR16 *ConfirmText; + CHAR16 *TmpStr1; + CHAR16 *TmpStr2; + UINTN BufSize; + BOOLEAN CautionKey; + UINT16 Index; + CHAR16 DstStr[81]; + + TmpStr2 = NULL; + CautionKey = FALSE; + BufSize = CONFIRM_BUFFER_SIZE; + ConfirmText = AllocateZeroPool (BufSize); + ASSERT (ConfirmText != NULL); + + switch (TpmPpCommand) { + case PHYSICAL_PRESENCE_ENABLE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_DISABLE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISABLE)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_ACTIVATE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACTIVATE)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_DEACTIVATE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_CLEAR: + CautionKey = TRUE; + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DEACTIVATE_DISABLE)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ALLOW_TAKE_OWNERSHIP)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_DISALLOW_TAKE_OWNERSHIP)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_ON)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_TURN_OFF)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_OFF)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: + CautionKey = TRUE; + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UNOWNED_FIELD_UPGRADE)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_UPGRADE_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH: + // + // TPM_SetOperatorAuth + // This command requires UI to prompt user for Auth data + // Here it is NOT implemented + // + break; + + case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE: + CautionKey = TRUE; + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR_TURN_ON)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE: + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_PROVISION)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ACCEPT_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: + CautionKey = TRUE; + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CLEAR)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE: + CautionKey = TRUE; + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_MAINTAIN)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_PPI_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_MAINTAIN)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NO_PPI_INFO)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: + CautionKey = TRUE; + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), L" \n\n", (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: + CautionKey = TRUE; + TmpStr2 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE)); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_HEAD_STR)); + UnicodeSPrint (ConfirmText, BufSize, TmpStr1, TmpStr2); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_NOTE_ON)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_WARNING_CLEAR_CONT)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_CAUTION_KEY)); + StrnCatS (ConfirmText, BufSize / sizeof (CHAR16), TmpStr1, (BufSize / sizeof (CHAR16)) - StrLen (ConfirmText) - 1); + FreePool (TmpStr1); + break; + + default: + ; + } + + if (TmpStr2 == NULL) { + FreePool (ConfirmText); + return FALSE; + } + + TmpStr1 = PhysicalPresenceGetStringById (STRING_TOKEN (TPM_REJECT_KEY)); + BufSize -= StrSize (ConfirmText); + UnicodeSPrint (ConfirmText + StrLen (ConfirmText), BufSize, TmpStr1, TmpStr2); + + DstStr[80] = L'\0'; + for (Index = 0; Index < StrLen (ConfirmText); Index += 80) { + StrnCpyS(DstStr, sizeof (DstStr) / sizeof (CHAR16), ConfirmText + Index, sizeof (DstStr) / sizeof (CHAR16) - 1); + Print (DstStr); + } + + FreePool (TmpStr1); + FreePool (TmpStr2); + FreePool (ConfirmText); + + if (ReadUserKey (CautionKey)) { + return TRUE; + } + + return FALSE; +} + +/** + Check if there is a valid physical presence command request. Also updates parameter value + to whether the requested physical presence command already confirmed by user + + @param[in] TcgPpData EFI TCG Physical Presence request data. + @param[in] Flags The physical presence interface flags. + @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. + True, it indicates the command doesn't require user confirm, or already confirmed + in last boot cycle by user. + False, it indicates the command need user confirm from UI. + + @retval TRUE Physical Presence operation command is valid. + @retval FALSE Physical Presence operation command is invalid. + +**/ +BOOLEAN +HaveValidTpmRequest ( + IN EFI_PHYSICAL_PRESENCE *TcgPpData, + IN EFI_PHYSICAL_PRESENCE_FLAGS Flags, + OUT BOOLEAN *RequestConfirmed + ) +{ + BOOLEAN IsRequestValid; + + *RequestConfirmed = FALSE; + + switch (TcgPpData->PPRequest) { + case PHYSICAL_PRESENCE_NO_ACTION: + *RequestConfirmed = TRUE; + return TRUE; + case PHYSICAL_PRESENCE_ENABLE: + case PHYSICAL_PRESENCE_DISABLE: + case PHYSICAL_PRESENCE_ACTIVATE: + case PHYSICAL_PRESENCE_DEACTIVATE: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE: + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE: + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE: + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: + case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH: + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { + *RequestConfirmed = TRUE; + } + break; + + case PHYSICAL_PRESENCE_CLEAR: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) { + *RequestConfirmed = TRUE; + } + break; + + case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) { + *RequestConfirmed = TRUE; + } + break; + + case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { + *RequestConfirmed = TRUE; + } + break; + + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE: + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE: + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE: + *RequestConfirmed = TRUE; + break; + + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_TRUE: + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_TRUE: + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_TRUE: + break; + + default: + if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + IsRequestValid = TcgPpVendorLibHasValidRequest (TcgPpData->PPRequest, Flags.PPFlags, RequestConfirmed); + if (!IsRequestValid) { + return FALSE; + } else { + break; + } + } else { + // + // Wrong Physical Presence command + // + return FALSE; + } + } + + if ((Flags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) != 0) { + // + // It had been confirmed in last boot, it doesn't need confirm again. + // + *RequestConfirmed = TRUE; + } + + // + // Physical Presence command is correct + // + return TRUE; +} + + +/** + Check and execute the requested physical presence command. + + Caution: This function may receive untrusted input. + TcgPpData variable is external input, so this function will validate + its data structure to be valid value. + + @param[in] TcgProtocol EFI TCG Protocol instance. + @param[in] TcgPpData Point to the physical presence NV variable. + @param[in] Flags The physical presence interface flags. + +**/ +VOID +ExecutePendingTpmRequest ( + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN EFI_PHYSICAL_PRESENCE *TcgPpData, + IN EFI_PHYSICAL_PRESENCE_FLAGS Flags + ) +{ + EFI_STATUS Status; + UINTN DataSize; + BOOLEAN RequestConfirmed; + EFI_PHYSICAL_PRESENCE_FLAGS NewFlags; + BOOLEAN ResetRequired; + UINT32 NewPPFlags; + + if (!HaveValidTpmRequest(TcgPpData, Flags, &RequestConfirmed)) { + // + // Invalid operation request. + // + TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; + TcgPpData->LastPPRequest = TcgPpData->PPRequest; + TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + TcgPpData + ); + return; + } + + ResetRequired = FALSE; + if (TcgPpData->PPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + NewFlags = Flags; + NewPPFlags = NewFlags.PPFlags; + TcgPpData->PPResponse = TcgPpVendorLibExecutePendingRequest (TcgPpData->PPRequest, &NewPPFlags, &ResetRequired); + NewFlags.PPFlags = (UINT8)NewPPFlags; + } else { + if (!RequestConfirmed) { + // + // Print confirm text and wait for approval. + // + RequestConfirmed = UserConfirm (TcgPpData->PPRequest); + } + + // + // Execute requested physical presence command + // + TcgPpData->PPResponse = TCG_PP_OPERATION_RESPONSE_USER_ABORT; + NewFlags = Flags; + if (RequestConfirmed) { + TcgPpData->PPResponse = ExecutePhysicalPresence (TcgProtocol, TcgPpData->PPRequest, &NewFlags); + } + } + + // + // Save the flags if it is updated. + // + if (CompareMem (&Flags, &NewFlags, sizeof(EFI_PHYSICAL_PRESENCE_FLAGS)) != 0) { + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (EFI_PHYSICAL_PRESENCE_FLAGS), + &NewFlags + ); + if (EFI_ERROR (Status)) { + return; + } + } + + // + // Clear request + // + if ((NewFlags.PPFlags & TCG_VENDOR_LIB_FLAG_RESET_TRACK) == 0) { + TcgPpData->LastPPRequest = TcgPpData->PPRequest; + TcgPpData->PPRequest = PHYSICAL_PRESENCE_NO_ACTION; + } + + // + // Save changes + // + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + TcgPpData + ); + if (EFI_ERROR (Status)) { + return; + } + + if (TcgPpData->PPResponse == TCG_PP_OPERATION_RESPONSE_USER_ABORT) { + return; + } + + // + // Reset system to make new TPM settings in effect + // + switch (TcgPpData->LastPPRequest) { + case PHYSICAL_PRESENCE_ACTIVATE: + case PHYSICAL_PRESENCE_DEACTIVATE: + case PHYSICAL_PRESENCE_CLEAR: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE: + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE: + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: + case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: + case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: + break; + default: + if (TcgPpData->LastPPRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + if (ResetRequired) { + break; + } else { + return ; + } + } + if (TcgPpData->PPRequest != PHYSICAL_PRESENCE_NO_ACTION) { + break; + } + return; + } + + Print (L"Rebooting system to make TPM settings in effect\n"); + gRT->ResetSystem (EfiResetCold, EFI_SUCCESS, 0, NULL); + ASSERT (FALSE); +} + +/** + Check and execute the pending TPM request and Lock TPM. + + The TPM request may come from OS or BIOS. This API will display request information and wait + for user confirmation if TPM request exists. The TPM request will be sent to TPM device after + the TPM request is confirmed, and one or more reset may be required to make TPM request to + take effect. At last, it will lock TPM to prevent TPM state change by malware. + + This API should be invoked after console in and console out are all ready as they are required + to display request information and get user input to confirm the request. This API should also + be invoked as early as possible as TPM is locked in this function. + +**/ +VOID +EFIAPI +TcgPhysicalPresenceLibProcessRequest ( + VOID + ) +{ + EFI_STATUS Status; + BOOLEAN LifetimeLock; + BOOLEAN CmdEnable; + UINTN DataSize; + EFI_PHYSICAL_PRESENCE TcgPpData; + EFI_TCG_PROTOCOL *TcgProtocol; + EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; + EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags; + + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); + if (EFI_ERROR (Status)) { + return ; + } + + // + // Initialize physical presence flags. + // + DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS); + Status = gRT->GetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); + if (EFI_ERROR (Status)) { + PpiFlags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION; + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof (EFI_PHYSICAL_PRESENCE_FLAGS), + &PpiFlags + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence flag failed, Status = %r\n", Status)); + return ; + } + } + DEBUG ((EFI_D_INFO, "[TPM] PpiFlags = %x\n", PpiFlags.PPFlags)); + + // + // This flags variable controls whether physical presence is required for TPM command. + // It should be protected from malicious software. We set it as read-only variable here. + // + Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol); + if (!EFI_ERROR (Status)) { + Status = VariableLockProtocol->RequestToLock ( + VariableLockProtocol, + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM] Error when lock variable %s, Status = %r\n", PHYSICAL_PRESENCE_FLAGS_VARIABLE, Status)); + ASSERT_EFI_ERROR (Status); + } + } + + // + // Initialize physical presence variable. + // + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = gRT->GetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); + if (EFI_ERROR (Status)) { + ZeroMem ((VOID*)&TcgPpData, sizeof (TcgPpData)); + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &TcgPpData + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "[TPM] Set physical presence variable failed, Status = %r\n", Status)); + return; + } + } + + DEBUG ((EFI_D_INFO, "[TPM] Flags=%x, PPRequest=%x\n", PpiFlags.PPFlags, TcgPpData.PPRequest)); + + if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) { + // + // No operation request + // + return; + } + + Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable); + if (EFI_ERROR (Status)) { + return ; + } + + if (!CmdEnable) { + if (LifetimeLock) { + // + // physicalPresenceCMDEnable is locked, can't execute physical presence command. + // + return ; + } + Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_CMD_ENABLE); + if (EFI_ERROR (Status)) { + return ; + } + } + + // + // Set operator physical presence flags + // + Status = TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_PRESENT); + if (EFI_ERROR (Status)) { + return; + } + + // + // Execute pending TPM request. + // + ExecutePendingTpmRequest (TcgProtocol, &TcgPpData, PpiFlags); + DEBUG ((EFI_D_INFO, "[TPM] PPResponse = %x\n", TcgPpData.PPResponse)); + + // + // Lock physical presence. + // + TpmPhysicalPresence (TcgProtocol, TPM_PHYSICAL_PRESENCE_NOTPRESENT | TPM_PHYSICAL_PRESENCE_LOCK); +} + +/** + Check if the pending TPM request needs user input to confirm. + + The TPM request may come from OS. This API will check if TPM request exists and need user + input to confirmation. + + @retval TRUE TPM needs input to confirm user physical presence. + @retval FALSE TPM doesn't need input to confirm user physical presence. + +**/ +BOOLEAN +EFIAPI +TcgPhysicalPresenceLibNeedUserConfirm( + VOID + ) +{ + EFI_STATUS Status; + EFI_PHYSICAL_PRESENCE TcgPpData; + UINTN DataSize; + BOOLEAN RequestConfirmed; + BOOLEAN LifetimeLock; + BOOLEAN CmdEnable; + EFI_TCG_PROTOCOL *TcgProtocol; + EFI_PHYSICAL_PRESENCE_FLAGS PpiFlags; + + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **)&TcgProtocol); + if (EFI_ERROR (Status)) { + return FALSE; + } + + // + // Check Tpm requests + // + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = gRT->GetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); + if (EFI_ERROR (Status)) { + return FALSE; + } + + DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS); + Status = gRT->GetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); + if (EFI_ERROR (Status)) { + return FALSE; + } + + if (TcgPpData.PPRequest == PHYSICAL_PRESENCE_NO_ACTION) { + // + // No operation request + // + return FALSE; + } + + if (!HaveValidTpmRequest(&TcgPpData, PpiFlags, &RequestConfirmed)) { + // + // Invalid operation request. + // + return FALSE; + } + + // + // Check Tpm Capability + // + Status = GetTpmCapability (TcgProtocol, &LifetimeLock, &CmdEnable); + if (EFI_ERROR (Status)) { + return FALSE; + } + + if (!CmdEnable) { + if (LifetimeLock) { + // + // physicalPresenceCMDEnable is locked, can't execute physical presence command. + // + return FALSE; + } + } + + if (!RequestConfirmed) { + // + // Need UI to confirm + // + return TRUE; + } + + return FALSE; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf new file mode 100644 index 00000000..6683bfb2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf @@ -0,0 +1,64 @@ +## @file +# Executes pending TPM 1.2 requests from OS or BIOS and Locks TPM +# +# This library will check and execute TPM 1.2 request from OS or BIOS. The request may +# ask for user confirmation before execution. This Library will also lock TPM physical +# presence at last. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeTcgPhysicalPresenceLib + MODULE_UNI_FILE = DxeTcgPhysicalPresenceLib.uni + FILE_GUID = EBC43A46-34AC-4F07-A7F5-A5394619361C + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = TcgPhysicalPresenceLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = TcgPhysicalPresenceLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DxeTcgPhysicalPresenceLib.c + PhysicalPresenceStrings.uni + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + MemoryAllocationLib + UefiLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + PrintLib + HiiLib + TcgPpVendorLib + +[Protocols] + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES + gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES + +[Guids] + ## SOMETIMES_CONSUMES ## HII + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresenceFlags" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" + gEfiPhysicalPresenceGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.uni new file mode 100644 index 00000000..c7fcca5c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.uni @@ -0,0 +1,22 @@ +// /** @file
+// Executes pending TPM 1.2 requests from OS or BIOS and Locks TPM
+//
+// This library will check and execute TPM 1.2 request from OS or BIOS. The request may
+// ask for user confirmation before execution. This Library will also lock TPM physical
+// presence at last.
+//
+// Caution: This module requires additional review when modified.
+// This driver will have external input - variable.
+// This external input must be validated carefully to avoid security issue.
+//
+// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Executes pending TPM 1.2 requests from OS or BIOS and Locks TPM"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library will ask for user confirmation for the pending TPM physical present requests. Once confirmed, it will execute the request, and locks TPM physical presence at last. Caution: This module requires additional review when modified. This driver will have external input - variable. This external input must be validated carefully to avoid security issue."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni new file mode 100644 index 00000000..9d17432e --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTcgPhysicalPresenceLib/PhysicalPresenceStrings.uni @@ -0,0 +1,46 @@ +/** @file
+ String definitions for TPM 1.2 physical presence confirm text.
+
+Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#langdef en-US "English"
+
+#string TPM_HEAD_STR #language en-US "A configuration change was requested to %s this computer's TPM (Trusted Platform Module)\n\n"
+#string TPM_PPI_HEAD_STR #language en-US "A configuration change was requested to allow the Operating System to %s the computer's TPM (Trusted Platform Module) without asking for user confirmation in the future.\n\n"
+#string TPM_UPGRADE_HEAD_STR #language en-US "A configuration change was requested to %s to the TPM's (Trusted Platform Module) firmware.\n\n"
+
+#string TPM_ACCEPT_KEY #language en-US "Press F10 "
+#string TPM_CAUTION_KEY #language en-US "Press F12 "
+#string TPM_REJECT_KEY #language en-US "to %s the TPM \nPress ESC to reject this change request and continue\n"
+
+#string TPM_ENABLE #language en-US "enable"
+#string TPM_DISABLE #language en-US "disable"
+#string TPM_ACTIVATE #language en-US "activate"
+#string TPM_DEACTIVATE #language en-US "deactivate"
+#string TPM_CLEAR #language en-US "clear"
+#string TPM_ENABLE_ACTIVATE #language en-US "enable and activate"
+#string TPM_DEACTIVATE_DISABLE #language en-US "deactivate and disable"
+#string TPM_ALLOW_TAKE_OWNERSHIP #language en-US "allow a user to take ownership of"
+#string TPM_DISALLOW_TAKE_OWNERSHIP #language en-US "disallow a user to take ownership of"
+#string TPM_TURN_ON #language en-US "enable, activate, and allow a user to take ownership of"
+#string TPM_TURN_OFF #language en-US "deactivate, disable, and disallow a user to take ownership of"
+#string TPM_CLEAR_TURN_ON #language en-US "clear, enable, and activate"
+#string TPM_ENABLE_ACTIVATE_CLEAR #language en-US "enable, activate and clear"
+#string TPM_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE #language en-US "enable, activate, clear, enable, and activate"
+#string TPM_UNOWNED_FIELD_UPGRADE #language en-US "allow field upgrade"
+
+#string TPM_NO_PPI_PROVISION #language en-US "provision"
+#string TPM_NO_PPI_MAINTAIN #language en-US "maintain"
+#string TPM_NO_PPI_INFO #language en-US "to approve future Operating System requests "
+
+#string TPM_WARNING_MAINTAIN #language en-US "WARNING: Allowing changes to the TPM's firmware may affect the operation of the TPM and may erase information stored on the TPM.\nYou may lose all created keys and access to data encrypted by these keys.\n\n"
+#string TPM_WARNING #language en-US "WARNING: Doing so might prevent security applications that rely on the TPM from functioning as expected\n\n"
+#string TPM_WARNING_CLEAR #language en-US "WARNING: Clearing erases information stored on the TPM. You will lose all created keys and access to data encrypted by these keys. "
+#string TPM_WARNING_CLEAR_CONT #language en-US "Take ownership as soon as possible after this step.\n\n"
+#string TPM_NOTE_OFF #language en-US "NOTE: This action will turn off the TPM\n\n"
+#string TPM_NOTE_ON #language en-US "NOTE: This action will turn on the TPM\n\n"
+#string TPM_NOTE_CLEAR #language en-US "NOTE: This action does not clear the TPM, but by approving this configuration change, future actions to clear the TPM will not require user confirmation.\n\n"
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c new file mode 100644 index 00000000..4174bda8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.c @@ -0,0 +1,703 @@ +/** @file + The library instance provides security service of TPM2 measure boot. + + Caution: This file requires additional review when modified. + This library will have external input - PE/COFF image and GPT partition. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + + DxeTpm2MeasureBootLibImageRead() function will make sure the PE/COFF image content + read is within the image buffer. + + Tcg2MeasurePeImage() function will accept untrusted PE/COFF image and validate its + data structure within this image buffer before use. + + Tcg2MeasureGptTable() function will receive untrusted GPT partition table, and parse + partition data carefully. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> + +#include <Protocol/Tcg2Protocol.h> +#include <Protocol/BlockIo.h> +#include <Protocol/DiskIo.h> +#include <Protocol/DevicePathToText.h> +#include <Protocol/FirmwareVolumeBlock.h> + +#include <Guid/MeasuredFvHob.h> + +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/DevicePathLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/PeCoffLib.h> +#include <Library/SecurityManagementLib.h> +#include <Library/HobLib.h> + +// +// Flag to check GPT partition. It only need be measured once. +// +BOOLEAN mTcg2MeasureGptTableFlag = FALSE; +UINTN mTcg2MeasureGptCount = 0; +VOID *mTcg2FileBuffer; +UINTN mTcg2ImageSize; +// +// Measured FV handle cache +// +EFI_HANDLE mTcg2CacheMeasuredHandle = NULL; +MEASURED_HOB_DATA *mTcg2MeasuredHobData = NULL; + +/** + Reads contents of a PE/COFF image in memory buffer. + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will make sure the PE/COFF image content + read is within the image buffer. + + @param FileHandle Pointer to the file handle to read the PE/COFF image. + @param FileOffset Offset into the PE/COFF image to begin the read operation. + @param ReadSize On input, the size in bytes of the requested read operation. + On output, the number of bytes actually read. + @param Buffer Output buffer that contains the data read from the PE/COFF image. + + @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size +**/ +EFI_STATUS +EFIAPI +DxeTpm2MeasureBootLibImageRead ( + IN VOID *FileHandle, + IN UINTN FileOffset, + IN OUT UINTN *ReadSize, + OUT VOID *Buffer + ) +{ + UINTN EndPosition; + + if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (MAX_ADDRESS - FileOffset < *ReadSize) { + return EFI_INVALID_PARAMETER; + } + + EndPosition = FileOffset + *ReadSize; + if (EndPosition > mTcg2ImageSize) { + *ReadSize = (UINT32)(mTcg2ImageSize - FileOffset); + } + + if (FileOffset >= mTcg2ImageSize) { + *ReadSize = 0; + } + + CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); + + return EFI_SUCCESS; +} + +/** + Measure GPT table data into TPM log. + + Caution: This function may receive untrusted input. + The GPT partition table is external input, so this function should parse partition data carefully. + + @param Tcg2Protocol Pointer to the located TCG2 protocol instance. + @param GptHandle Handle that GPT partition was installed. + + @retval EFI_SUCCESS Successfully measure GPT table. + @retval EFI_UNSUPPORTED Not support GPT table on the given handle. + @retval EFI_DEVICE_ERROR Can't get GPT table because device error. + @retval EFI_OUT_OF_RESOURCES No enough resource to measure GPT table. + @retval other error value +**/ +EFI_STATUS +EFIAPI +Tcg2MeasureGptTable ( + IN EFI_TCG2_PROTOCOL *Tcg2Protocol, + IN EFI_HANDLE GptHandle + ) +{ + EFI_STATUS Status; + EFI_BLOCK_IO_PROTOCOL *BlockIo; + EFI_DISK_IO_PROTOCOL *DiskIo; + EFI_PARTITION_TABLE_HEADER *PrimaryHeader; + EFI_PARTITION_ENTRY *PartitionEntry; + UINT8 *EntryPtr; + UINTN NumberOfPartition; + UINT32 Index; + EFI_TCG2_EVENT *Tcg2Event; + EFI_GPT_DATA *GptData; + UINT32 EventSize; + + if (mTcg2MeasureGptCount > 0) { + return EFI_SUCCESS; + } + + Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + // + // Read the EFI Partition Table Header + // + PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize); + if (PrimaryHeader == NULL) { + return EFI_OUT_OF_RESOURCES; + } + Status = DiskIo->ReadDisk ( + DiskIo, + BlockIo->Media->MediaId, + 1 * BlockIo->Media->BlockSize, + BlockIo->Media->BlockSize, + (UINT8 *)PrimaryHeader + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n")); + FreePool (PrimaryHeader); + return EFI_DEVICE_ERROR; + } + // + // Read the partition entry. + // + EntryPtr = (UINT8 *)AllocatePool (PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry); + if (EntryPtr == NULL) { + FreePool (PrimaryHeader); + return EFI_OUT_OF_RESOURCES; + } + Status = DiskIo->ReadDisk ( + DiskIo, + BlockIo->Media->MediaId, + MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize), + PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry, + EntryPtr + ); + if (EFI_ERROR (Status)) { + FreePool (PrimaryHeader); + FreePool (EntryPtr); + return EFI_DEVICE_ERROR; + } + + // + // Count the valid partition + // + PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr; + NumberOfPartition = 0; + for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) { + if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { + NumberOfPartition++; + } + PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); + } + + // + // Prepare Data for Measurement + // + EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) + + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); + Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event)); + if (Tcg2Event == NULL) { + FreePool (PrimaryHeader); + FreePool (EntryPtr); + return EFI_OUT_OF_RESOURCES; + } + + Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event); + Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); + Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION; + Tcg2Event->Header.PCRIndex = 5; + Tcg2Event->Header.EventType = EV_EFI_GPT_EVENT; + GptData = (EFI_GPT_DATA *) Tcg2Event->Event; + + // + // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition + // + CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER)); + GptData->NumberOfPartitions = NumberOfPartition; + // + // Copy the valid partition entry + // + PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr; + NumberOfPartition = 0; + for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) { + if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { + CopyMem ( + (UINT8 *)&GptData->Partitions + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry, + (UINT8 *)PartitionEntry, + PrimaryHeader->SizeOfPartitionEntry + ); + NumberOfPartition++; + } + PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); + } + + // + // Measure the GPT data + // + Status = Tcg2Protocol->HashLogExtendEvent ( + Tcg2Protocol, + 0, + (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, + (UINT64) EventSize, + Tcg2Event + ); + if (!EFI_ERROR (Status)) { + mTcg2MeasureGptCount++; + } + + FreePool (PrimaryHeader); + FreePool (EntryPtr); + FreePool (Tcg2Event); + + return Status; +} + +/** + Measure PE image into TPM log based on the authenticode image hashing in + PE/COFF Specification 8.0 Appendix A. + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. + + @param[in] Tcg2Protocol Pointer to the located TCG2 protocol instance. + @param[in] ImageAddress Start address of image buffer. + @param[in] ImageSize Image size + @param[in] LinkTimeBase Address that the image is loaded into memory. + @param[in] ImageType Image subsystem type. + @param[in] FilePath File path is corresponding to the input image. + + @retval EFI_SUCCESS Successfully measure image. + @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. + @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format. + @retval other error value + +**/ +EFI_STATUS +EFIAPI +Tcg2MeasurePeImage ( + IN EFI_TCG2_PROTOCOL *Tcg2Protocol, + IN EFI_PHYSICAL_ADDRESS ImageAddress, + IN UINTN ImageSize, + IN UINTN LinkTimeBase, + IN UINT16 ImageType, + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ) +{ + EFI_STATUS Status; + EFI_TCG2_EVENT *Tcg2Event; + EFI_IMAGE_LOAD_EVENT *ImageLoad; + UINT32 FilePathSize; + UINT32 EventSize; + + Status = EFI_UNSUPPORTED; + ImageLoad = NULL; + FilePathSize = (UINT32) GetDevicePathSize (FilePath); + + // + // Determine destination PCR by BootPolicy + // + EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize; + Tcg2Event = AllocateZeroPool (EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event)); + if (Tcg2Event == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Tcg2Event->Size = EventSize + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event); + Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); + Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION; + ImageLoad = (EFI_IMAGE_LOAD_EVENT *) Tcg2Event->Event; + + switch (ImageType) { + case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION: + Tcg2Event->Header.EventType = EV_EFI_BOOT_SERVICES_APPLICATION; + Tcg2Event->Header.PCRIndex = 4; + break; + case EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: + Tcg2Event->Header.EventType = EV_EFI_BOOT_SERVICES_DRIVER; + Tcg2Event->Header.PCRIndex = 2; + break; + case EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: + Tcg2Event->Header.EventType = EV_EFI_RUNTIME_SERVICES_DRIVER; + Tcg2Event->Header.PCRIndex = 2; + break; + default: + DEBUG (( + EFI_D_ERROR, + "Tcg2MeasurePeImage: Unknown subsystem type %d", + ImageType + )); + goto Finish; + } + + ImageLoad->ImageLocationInMemory = ImageAddress; + ImageLoad->ImageLengthInMemory = ImageSize; + ImageLoad->ImageLinkTimeAddress = LinkTimeBase; + ImageLoad->LengthOfDevicePath = FilePathSize; + if ((FilePath != NULL) && (FilePathSize != 0)) { + CopyMem (ImageLoad->DevicePath, FilePath, FilePathSize); + } + + // + // Log the PE data + // + Status = Tcg2Protocol->HashLogExtendEvent ( + Tcg2Protocol, + PE_COFF_IMAGE, + ImageAddress, + ImageSize, + Tcg2Event + ); + if (Status == EFI_VOLUME_FULL) { + // + // Volume full here means the image is hashed and its result is extended to PCR. + // But the event log can't be saved since log area is full. + // Just return EFI_SUCCESS in order not to block the image load. + // + Status = EFI_SUCCESS; + } + +Finish: + FreePool (Tcg2Event); + + return Status; +} + +/** + The security handler is used to abstract platform-specific policy + from the DXE core response to an attempt to use a file that returns a + given status for the authentication check from the section extraction protocol. + + The possible responses in a given SAP implementation may include locking + flash upon failure to authenticate, attestation logging for all signed drivers, + and other exception operations. The File parameter allows for possible logging + within the SAP of the driver. + + If the file specified by File with an authentication status specified by + AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned. + + If the file specified by File with an authentication status specified by + AuthenticationStatus is not safe for the DXE Core to use under any circumstances, + then EFI_ACCESS_DENIED is returned. + + If the file specified by File with an authentication status specified by + AuthenticationStatus is not safe for the DXE Core to use right now, but it + might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is + returned. + + If check image specified by FileBuffer and File is NULL meanwhile, return EFI_ACCESS_DENIED. + + @param[in] AuthenticationStatus This is the authentication status returned + from the securitymeasurement services for the + input file. + @param[in] File This is a pointer to the device path of the file that is + being dispatched. This will optionally be used for logging. + @param[in] FileBuffer File buffer matches the input file device path. + @param[in] FileSize Size of File buffer matches the input file device path. + @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service. + + @retval EFI_SUCCESS The file specified by DevicePath and non-NULL + FileBuffer did authenticate, and the platform policy dictates + that the DXE Foundation may use the file. + @retval other error value +**/ +EFI_STATUS +EFIAPI +DxeTpm2MeasureBootHandler ( + IN UINT32 AuthenticationStatus, + IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL + IN VOID *FileBuffer, + IN UINTN FileSize, + IN BOOLEAN BootPolicy + ) +{ + EFI_TCG2_PROTOCOL *Tcg2Protocol; + EFI_STATUS Status; + EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability; + EFI_DEVICE_PATH_PROTOCOL *DevicePathNode; + EFI_DEVICE_PATH_PROTOCOL *OrigDevicePathNode; + EFI_HANDLE Handle; + EFI_HANDLE TempHandle; + BOOLEAN ApplicationRequired; + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol; + EFI_PHYSICAL_ADDRESS FvAddress; + UINT32 Index; + + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); + if (EFI_ERROR (Status)) { + // + // Tcg2 protocol is not installed. So, TPM2 is not present. + // Don't do any measurement, and directly return EFI_SUCCESS. + // + DEBUG ((EFI_D_VERBOSE, "DxeTpm2MeasureBootHandler - Tcg2 - %r\n", Status)); + return EFI_SUCCESS; + } + + ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability); + Status = Tcg2Protocol->GetCapability ( + Tcg2Protocol, + &ProtocolCapability + ); + if (EFI_ERROR (Status) || (!ProtocolCapability.TPMPresentFlag)) { + // + // TPM device doesn't work or activate. + // + DEBUG ((EFI_D_ERROR, "DxeTpm2MeasureBootHandler (%r) - TPMPresentFlag - %x\n", Status, ProtocolCapability.TPMPresentFlag)); + return EFI_SUCCESS; + } + + // + // Copy File Device Path + // + OrigDevicePathNode = DuplicateDevicePath (File); + + // + // 1. Check whether this device path support BlockIo protocol. + // Is so, this device path may be a GPT device path. + // + DevicePathNode = OrigDevicePathNode; + Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle); + if (!EFI_ERROR (Status) && !mTcg2MeasureGptTableFlag) { + // + // Find the gpt partition on the given devicepath + // + DevicePathNode = OrigDevicePathNode; + ASSERT (DevicePathNode != NULL); + while (!IsDevicePathEnd (DevicePathNode)) { + // + // Find the Gpt partition + // + if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH && + DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) { + // + // Check whether it is a gpt partition or not + // + if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && + ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) { + + // + // Change the partition device path to its parent device path (disk) and get the handle. + // + DevicePathNode->Type = END_DEVICE_PATH_TYPE; + DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE; + DevicePathNode = OrigDevicePathNode; + Status = gBS->LocateDevicePath ( + &gEfiDiskIoProtocolGuid, + &DevicePathNode, + &Handle + ); + if (!EFI_ERROR (Status)) { + // + // Measure GPT disk. + // + Status = Tcg2MeasureGptTable (Tcg2Protocol, Handle); + DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - Tcg2MeasureGptTable - %r\n", Status)); + if (!EFI_ERROR (Status)) { + // + // GPT disk check done. + // + mTcg2MeasureGptTableFlag = TRUE; + } + } + FreePool (OrigDevicePathNode); + OrigDevicePathNode = DuplicateDevicePath (File); + ASSERT (OrigDevicePathNode != NULL); + break; + } + } + DevicePathNode = NextDevicePathNode (DevicePathNode); + } + } + + // + // 2. Measure PE image. + // + ApplicationRequired = FALSE; + + // + // Check whether this device path support FVB protocol. + // + DevicePathNode = OrigDevicePathNode; + Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle); + if (!EFI_ERROR (Status)) { + // + // Don't check FV image, and directly return EFI_SUCCESS. + // It can be extended to the specific FV authentication according to the different requirement. + // + if (IsDevicePathEnd (DevicePathNode)) { + return EFI_SUCCESS; + } + // + // The PE image from unmeasured Firmware volume need be measured + // The PE image from measured Firmware volume will be measured according to policy below. + // If it is driver, do not measure + // If it is application, still measure. + // + ApplicationRequired = TRUE; + + if (mTcg2CacheMeasuredHandle != Handle && mTcg2MeasuredHobData != NULL) { + // + // Search for Root FV of this PE image + // + TempHandle = Handle; + do { + Status = gBS->HandleProtocol( + TempHandle, + &gEfiFirmwareVolumeBlockProtocolGuid, + (VOID**)&FvbProtocol + ); + TempHandle = FvbProtocol->ParentHandle; + } while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL); + + // + // Search in measured FV Hob + // + Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress); + if (EFI_ERROR(Status)){ + return Status; + } + + ApplicationRequired = FALSE; + + for (Index = 0; Index < mTcg2MeasuredHobData->Num; Index++) { + if(mTcg2MeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) { + // + // Cache measured FV for next measurement + // + mTcg2CacheMeasuredHandle = Handle; + ApplicationRequired = TRUE; + break; + } + } + } + } + + // + // File is not found. + // + if (FileBuffer == NULL) { + Status = EFI_SECURITY_VIOLATION; + goto Finish; + } + + mTcg2ImageSize = FileSize; + mTcg2FileBuffer = FileBuffer; + + // + // Measure PE Image + // + DevicePathNode = OrigDevicePathNode; + ZeroMem (&ImageContext, sizeof (ImageContext)); + ImageContext.Handle = (VOID *) FileBuffer; + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpm2MeasureBootLibImageRead; + + // + // Get information about the image being loaded + // + Status = PeCoffLoaderGetImageInfo (&ImageContext); + if (EFI_ERROR (Status)) { + // + // Check for invalid parameters. + // + if (File == NULL) { + Status = EFI_ACCESS_DENIED; + } + + // + // The information can't be got from the invalid PeImage + // + goto Finish; + } + + // + // Measure only application if Application flag is set + // Measure drivers and applications if Application flag is not set + // + if ((!ApplicationRequired) || + (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { + // + // Print the image path to be measured. + // + DEBUG_CODE_BEGIN (); + CHAR16 *ToText; + ToText = ConvertDevicePathToText ( + DevicePathNode, + FALSE, + TRUE + ); + if (ToText != NULL) { + DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText)); + FreePool (ToText); + } + DEBUG_CODE_END (); + + // + // Measure PE image into TPM log. + // + Status = Tcg2MeasurePeImage ( + Tcg2Protocol, + (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, + FileSize, + (UINTN) ImageContext.ImageAddress, + ImageContext.ImageType, + DevicePathNode + ); + DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - Tcg2MeasurePeImage - %r\n", Status)); + } + + // + // Done, free the allocated resource. + // +Finish: + if (OrigDevicePathNode != NULL) { + FreePool (OrigDevicePathNode); + } + + DEBUG ((EFI_D_INFO, "DxeTpm2MeasureBootHandler - %r\n", Status)); + + return Status; +} + +/** + Register the security handler to provide TPM measure boot service. + + @param ImageHandle ImageHandle of the loaded driver. + @param SystemTable Pointer to the EFI System Table. + + @retval EFI_SUCCESS Register successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to register this handler. +**/ +EFI_STATUS +EFIAPI +DxeTpm2MeasureBootLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + + GuidHob = NULL; + + GuidHob = GetFirstGuidHob (&gMeasuredFvHobGuid); + + if (GuidHob != NULL) { + mTcg2MeasuredHobData = GET_GUID_HOB_DATA (GuidHob); + } + + return RegisterSecurity2Handler ( + DxeTpm2MeasureBootHandler, + EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED + ); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf new file mode 100644 index 00000000..915bf3d8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf @@ -0,0 +1,67 @@ +## @file +# Provides security service for TPM 2.0 measured boot +# +# Spec Compliance Info: +# "TCG PC Client Platform Firmware Profile Specification for TPM Family 2.0 Level 00 Revision 1.03 v51" +# along with +# "Errata for PC Client Specific Platform Firmware Profile Specification Version 1.0 Revision 1.03" +# +# This library instance hooks LoadImage() API to measure every image that +# is not measured in PEI phase. And, it will also measure GPT partition. +# +# Caution: This module requires additional review when modified. +# This library will have external input - PE/COFF image and GPT partition. +# This external input must be validated carefully to avoid security issues such +# as buffer overflow or integer overflow. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeTpm2MeasureBootLib + MODULE_UNI_FILE = DxeTpm2MeasureBootLib.uni + FILE_GUID = 778CE4F4-36BD-4ae7-B8F0-10B420B0D174 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SAL_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = DxeTpm2MeasureBootLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DxeTpm2MeasureBootLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseMemoryLib + DebugLib + MemoryAllocationLib + DevicePathLib + UefiBootServicesTableLib + BaseCryptLib + PeCoffLib + BaseLib + SecurityManagementLib + HobLib + +[Guids] + gMeasuredFvHobGuid ## SOMETIMES_CONSUMES ## HOB + +[Protocols] + gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES + gEfiFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES + gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES + gEfiDiskIoProtocolGuid ## SOMETIMES_CONSUMES + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.uni new file mode 100644 index 00000000..d887e8d3 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.uni @@ -0,0 +1,22 @@ +// /** @file
+// Provides security service for TPM 2.0 measured boot
+//
+// This library instance hooks LoadImage() API to measure every image that
+// is not measured in PEI phase. And, it will also measure GPT partition.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - PE/COFF image and GPT partition.
+// This external input must be validated carefully to avoid security issues such
+// as buffer overflow or integer overflow.
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides security service for TPM 2.0 measured boot"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library instance hooks LoadImage() API to measure every image that is not measured in PEI phase. And, it will also measure GPT partition. Caution: This module requires additional review when modified. This library will have external input - PE/COFF image and GPT partition. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c new file mode 100644 index 00000000..38f26ef5 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -0,0 +1,997 @@ +/** @file + The library instance provides security service of TPM measure boot. + + Caution: This file requires additional review when modified. + This library will have external input - PE/COFF image and GPT partition. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + + DxeTpmMeasureBootLibImageRead() function will make sure the PE/COFF image content + read is within the image buffer. + + TcgMeasurePeImage() function will accept untrusted PE/COFF image and validate its + data structure within this image buffer before use. + + TcgMeasureGptTable() function will receive untrusted GPT partition table, and parse + partition data carefully. + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> + +#include <Protocol/TcgService.h> +#include <Protocol/BlockIo.h> +#include <Protocol/DiskIo.h> +#include <Protocol/FirmwareVolumeBlock.h> + +#include <Guid/MeasuredFvHob.h> + +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/DevicePathLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/PeCoffLib.h> +#include <Library/SecurityManagementLib.h> +#include <Library/HobLib.h> + +// +// Flag to check GPT partition. It only need be measured once. +// +BOOLEAN mMeasureGptTableFlag = FALSE; +UINTN mMeasureGptCount = 0; +VOID *mFileBuffer; +UINTN mTpmImageSize; +// +// Measured FV handle cache +// +EFI_HANDLE mCacheMeasuredHandle = NULL; +MEASURED_HOB_DATA *mMeasuredHobData = NULL; + +/** + Reads contents of a PE/COFF image in memory buffer. + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will make sure the PE/COFF image content + read is within the image buffer. + + @param FileHandle Pointer to the file handle to read the PE/COFF image. + @param FileOffset Offset into the PE/COFF image to begin the read operation. + @param ReadSize On input, the size in bytes of the requested read operation. + On output, the number of bytes actually read. + @param Buffer Output buffer that contains the data read from the PE/COFF image. + + @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size +**/ +EFI_STATUS +EFIAPI +DxeTpmMeasureBootLibImageRead ( + IN VOID *FileHandle, + IN UINTN FileOffset, + IN OUT UINTN *ReadSize, + OUT VOID *Buffer + ) +{ + UINTN EndPosition; + + if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (MAX_ADDRESS - FileOffset < *ReadSize) { + return EFI_INVALID_PARAMETER; + } + + EndPosition = FileOffset + *ReadSize; + if (EndPosition > mTpmImageSize) { + *ReadSize = (UINT32)(mTpmImageSize - FileOffset); + } + + if (FileOffset >= mTpmImageSize) { + *ReadSize = 0; + } + + CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); + + return EFI_SUCCESS; +} + +/** + Measure GPT table data into TPM log. + + Caution: This function may receive untrusted input. + The GPT partition table is external input, so this function should parse partition data carefully. + + @param TcgProtocol Pointer to the located TCG protocol instance. + @param GptHandle Handle that GPT partition was installed. + + @retval EFI_SUCCESS Successfully measure GPT table. + @retval EFI_UNSUPPORTED Not support GPT table on the given handle. + @retval EFI_DEVICE_ERROR Can't get GPT table because device error. + @retval EFI_OUT_OF_RESOURCES No enough resource to measure GPT table. + @retval other error value +**/ +EFI_STATUS +EFIAPI +TcgMeasureGptTable ( + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN EFI_HANDLE GptHandle + ) +{ + EFI_STATUS Status; + EFI_BLOCK_IO_PROTOCOL *BlockIo; + EFI_DISK_IO_PROTOCOL *DiskIo; + EFI_PARTITION_TABLE_HEADER *PrimaryHeader; + EFI_PARTITION_ENTRY *PartitionEntry; + UINT8 *EntryPtr; + UINTN NumberOfPartition; + UINT32 Index; + TCG_PCR_EVENT *TcgEvent; + EFI_GPT_DATA *GptData; + UINT32 EventSize; + UINT32 EventNumber; + EFI_PHYSICAL_ADDRESS EventLogLastEntry; + + if (mMeasureGptCount > 0) { + return EFI_SUCCESS; + } + + Status = gBS->HandleProtocol (GptHandle, &gEfiBlockIoProtocolGuid, (VOID**)&BlockIo); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + Status = gBS->HandleProtocol (GptHandle, &gEfiDiskIoProtocolGuid, (VOID**)&DiskIo); + if (EFI_ERROR (Status)) { + return EFI_UNSUPPORTED; + } + // + // Read the EFI Partition Table Header + // + PrimaryHeader = (EFI_PARTITION_TABLE_HEADER *) AllocatePool (BlockIo->Media->BlockSize); + if (PrimaryHeader == NULL) { + return EFI_OUT_OF_RESOURCES; + } + Status = DiskIo->ReadDisk ( + DiskIo, + BlockIo->Media->MediaId, + 1 * BlockIo->Media->BlockSize, + BlockIo->Media->BlockSize, + (UINT8 *)PrimaryHeader + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Failed to Read Partition Table Header!\n")); + FreePool (PrimaryHeader); + return EFI_DEVICE_ERROR; + } + // + // Read the partition entry. + // + EntryPtr = (UINT8 *)AllocatePool (PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry); + if (EntryPtr == NULL) { + FreePool (PrimaryHeader); + return EFI_OUT_OF_RESOURCES; + } + Status = DiskIo->ReadDisk ( + DiskIo, + BlockIo->Media->MediaId, + MultU64x32(PrimaryHeader->PartitionEntryLBA, BlockIo->Media->BlockSize), + PrimaryHeader->NumberOfPartitionEntries * PrimaryHeader->SizeOfPartitionEntry, + EntryPtr + ); + if (EFI_ERROR (Status)) { + FreePool (PrimaryHeader); + FreePool (EntryPtr); + return EFI_DEVICE_ERROR; + } + + // + // Count the valid partition + // + PartitionEntry = (EFI_PARTITION_ENTRY *)EntryPtr; + NumberOfPartition = 0; + for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) { + if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { + NumberOfPartition++; + } + PartitionEntry = (EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); + } + + // + // Prepare Data for Measurement + // + EventSize = (UINT32)(sizeof (EFI_GPT_DATA) - sizeof (GptData->Partitions) + + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry); + TcgEvent = (TCG_PCR_EVENT *) AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT_HDR)); + if (TcgEvent == NULL) { + FreePool (PrimaryHeader); + FreePool (EntryPtr); + return EFI_OUT_OF_RESOURCES; + } + + TcgEvent->PCRIndex = 5; + TcgEvent->EventType = EV_EFI_GPT_EVENT; + TcgEvent->EventSize = EventSize; + GptData = (EFI_GPT_DATA *) TcgEvent->Event; + + // + // Copy the EFI_PARTITION_TABLE_HEADER and NumberOfPartition + // + CopyMem ((UINT8 *)GptData, (UINT8*)PrimaryHeader, sizeof (EFI_PARTITION_TABLE_HEADER)); + GptData->NumberOfPartitions = NumberOfPartition; + // + // Copy the valid partition entry + // + PartitionEntry = (EFI_PARTITION_ENTRY*)EntryPtr; + NumberOfPartition = 0; + for (Index = 0; Index < PrimaryHeader->NumberOfPartitionEntries; Index++) { + if (!IsZeroGuid (&PartitionEntry->PartitionTypeGUID)) { + CopyMem ( + (UINT8 *)&GptData->Partitions + NumberOfPartition * PrimaryHeader->SizeOfPartitionEntry, + (UINT8 *)PartitionEntry, + PrimaryHeader->SizeOfPartitionEntry + ); + NumberOfPartition++; + } + PartitionEntry =(EFI_PARTITION_ENTRY *)((UINT8 *)PartitionEntry + PrimaryHeader->SizeOfPartitionEntry); + } + + // + // Measure the GPT data + // + EventNumber = 1; + Status = TcgProtocol->HashLogExtendEvent ( + TcgProtocol, + (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) GptData, + (UINT64) TcgEvent->EventSize, + TPM_ALG_SHA, + TcgEvent, + &EventNumber, + &EventLogLastEntry + ); + if (!EFI_ERROR (Status)) { + mMeasureGptCount++; + } + + FreePool (PrimaryHeader); + FreePool (EntryPtr); + FreePool (TcgEvent); + + return Status; +} + +/** + Measure PE image into TPM log based on the authenticode image hashing in + PE/COFF Specification 8.0 Appendix A. + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. + + Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in + its caller function DxeTpmMeasureBootHandler(). + + @param[in] TcgProtocol Pointer to the located TCG protocol instance. + @param[in] ImageAddress Start address of image buffer. + @param[in] ImageSize Image size + @param[in] LinkTimeBase Address that the image is loaded into memory. + @param[in] ImageType Image subsystem type. + @param[in] FilePath File path is corresponding to the input image. + + @retval EFI_SUCCESS Successfully measure image. + @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. + @retval EFI_UNSUPPORTED ImageType is unsupported or PE image is mal-format. + @retval other error value + +**/ +EFI_STATUS +EFIAPI +TcgMeasurePeImage ( + IN EFI_TCG_PROTOCOL *TcgProtocol, + IN EFI_PHYSICAL_ADDRESS ImageAddress, + IN UINTN ImageSize, + IN UINTN LinkTimeBase, + IN UINT16 ImageType, + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ) +{ + EFI_STATUS Status; + TCG_PCR_EVENT *TcgEvent; + EFI_IMAGE_LOAD_EVENT *ImageLoad; + UINT32 FilePathSize; + VOID *Sha1Ctx; + UINTN CtxSize; + EFI_IMAGE_DOS_HEADER *DosHdr; + UINT32 PeCoffHeaderOffset; + EFI_IMAGE_SECTION_HEADER *Section; + UINT8 *HashBase; + UINTN HashSize; + UINTN SumOfBytesHashed; + EFI_IMAGE_SECTION_HEADER *SectionHeader; + UINTN Index; + UINTN Pos; + UINT32 EventSize; + UINT32 EventNumber; + EFI_PHYSICAL_ADDRESS EventLogLastEntry; + EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; + UINT32 NumberOfRvaAndSizes; + BOOLEAN HashStatus; + UINT32 CertSize; + + Status = EFI_UNSUPPORTED; + ImageLoad = NULL; + SectionHeader = NULL; + Sha1Ctx = NULL; + FilePathSize = (UINT32) GetDevicePathSize (FilePath); + + // + // Determine destination PCR by BootPolicy + // + EventSize = sizeof (*ImageLoad) - sizeof (ImageLoad->DevicePath) + FilePathSize; + TcgEvent = AllocateZeroPool (EventSize + sizeof (TCG_PCR_EVENT)); + if (TcgEvent == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + TcgEvent->EventSize = EventSize; + ImageLoad = (EFI_IMAGE_LOAD_EVENT *) TcgEvent->Event; + + switch (ImageType) { + case EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION: + TcgEvent->EventType = EV_EFI_BOOT_SERVICES_APPLICATION; + TcgEvent->PCRIndex = 4; + break; + case EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER: + TcgEvent->EventType = EV_EFI_BOOT_SERVICES_DRIVER; + TcgEvent->PCRIndex = 2; + break; + case EFI_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER: + TcgEvent->EventType = EV_EFI_RUNTIME_SERVICES_DRIVER; + TcgEvent->PCRIndex = 2; + break; + default: + DEBUG (( + EFI_D_ERROR, + "TcgMeasurePeImage: Unknown subsystem type %d", + ImageType + )); + goto Finish; + } + + ImageLoad->ImageLocationInMemory = ImageAddress; + ImageLoad->ImageLengthInMemory = ImageSize; + ImageLoad->ImageLinkTimeAddress = LinkTimeBase; + ImageLoad->LengthOfDevicePath = FilePathSize; + if ((FilePath != NULL) && (FilePathSize != 0)) { + CopyMem (ImageLoad->DevicePath, FilePath, FilePathSize); + } + + // + // Check PE/COFF image + // + DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress; + PeCoffHeaderOffset = 0; + if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { + PeCoffHeaderOffset = DosHdr->e_lfanew; + } + + Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset); + if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { + goto Finish; + } + + // + // PE/COFF Image Measurement + // + // NOTE: The following codes/steps are based upon the authenticode image hashing in + // PE/COFF Specification 8.0 Appendix A. + // + // + + // 1. Load the image header into memory. + + // 2. Initialize a SHA hash context. + CtxSize = Sha1GetContextSize (); + Sha1Ctx = AllocatePool (CtxSize); + if (Sha1Ctx == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Finish; + } + + HashStatus = Sha1Init (Sha1Ctx); + if (!HashStatus) { + goto Finish; + } + + // + // Measuring PE/COFF Image Header; + // But CheckSum field and SECURITY data directory (certificate) are excluded + // + + // + // 3. Calculate the distance from the base of the image header to the image checksum address. + // 4. Hash the image header from its base to beginning of the image checksum. + // + HashBase = (UINT8 *) (UINTN) ImageAddress; + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset + // + NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; + HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; + } else { + // + // Use PE32+ offset + // + NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; + HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase; + } + + HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); + if (!HashStatus) { + goto Finish; + } + + // + // 5. Skip over the image checksum (it occupies a single ULONG). + // + if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { + // + // 6. Since there is no Cert Directory in optional header, hash everything + // from the end of the checksum to the end of image header. + // + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + } else { + // + // Use PE32+ offset. + // + HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + } + + if (HashSize != 0) { + HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); + if (!HashStatus) { + goto Finish; + } + } + } else { + // + // 7. Hash everything from the end of the checksum to the start of the Cert Directory. + // + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset + // + HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + } else { + // + // Use PE32+ offset + // + HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + } + + if (HashSize != 0) { + HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); + if (!HashStatus) { + goto Finish; + } + } + + // + // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) + // 9. Hash everything from the end of the Cert Directory to the end of image header. + // + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset + // + HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + } else { + // + // Use PE32+ offset + // + HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + } + + if (HashSize != 0) { + HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); + if (!HashStatus) { + goto Finish; + } + } + } + + // + // 10. Set the SUM_OF_BYTES_HASHED to the size of the header + // + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset + // + SumOfBytesHashed = Hdr.Pe32->OptionalHeader.SizeOfHeaders; + } else { + // + // Use PE32+ offset + // + SumOfBytesHashed = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders; + } + + // + // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER + // structures in the image. The 'NumberOfSections' field of the image + // header indicates how big the table should be. Do not include any + // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. + // + SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); + if (SectionHeader == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Finish; + } + + // + // 12. Using the 'PointerToRawData' in the referenced section headers as + // a key, arrange the elements in the table in ascending order. In other + // words, sort the section headers according to the disk-file offset of + // the section. + // + Section = (EFI_IMAGE_SECTION_HEADER *) ( + (UINT8 *) (UINTN) ImageAddress + + PeCoffHeaderOffset + + sizeof(UINT32) + + sizeof(EFI_IMAGE_FILE_HEADER) + + Hdr.Pe32->FileHeader.SizeOfOptionalHeader + ); + for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { + Pos = Index; + while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) { + CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER)); + Pos--; + } + CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER)); + Section += 1; + } + + // + // 13. Walk through the sorted table, bring the corresponding section + // into memory, and hash the entire section (using the 'SizeOfRawData' + // field in the section header to determine the amount of data to hash). + // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED . + // 15. Repeat steps 13 and 14 for all the sections in the sorted table. + // + for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { + Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index]; + if (Section->SizeOfRawData == 0) { + continue; + } + HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData; + HashSize = (UINTN) Section->SizeOfRawData; + + HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); + if (!HashStatus) { + goto Finish; + } + + SumOfBytesHashed += HashSize; + } + + // + // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra + // data in the file that needs to be added to the hash. This data begins + // at file offset SUM_OF_BYTES_HASHED and its length is: + // FileSize - (CertDirectory->Size) + // + if (ImageSize > SumOfBytesHashed) { + HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed; + + if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { + CertSize = 0; + } else { + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + CertSize = Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; + } else { + // + // Use PE32+ offset. + // + CertSize = Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; + } + } + + if (ImageSize > CertSize + SumOfBytesHashed) { + HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed); + + HashStatus = Sha1Update (Sha1Ctx, HashBase, HashSize); + if (!HashStatus) { + goto Finish; + } + } else if (ImageSize < CertSize + SumOfBytesHashed) { + goto Finish; + } + } + + // + // 17. Finalize the SHA hash. + // + HashStatus = Sha1Final (Sha1Ctx, (UINT8 *) &TcgEvent->Digest); + if (!HashStatus) { + goto Finish; + } + + // + // Log the PE data + // + EventNumber = 1; + Status = TcgProtocol->HashLogExtendEvent ( + TcgProtocol, + (EFI_PHYSICAL_ADDRESS) (UINTN) (VOID *) NULL, + 0, + TPM_ALG_SHA, + TcgEvent, + &EventNumber, + &EventLogLastEntry + ); + if (Status == EFI_OUT_OF_RESOURCES) { + // + // Out of resource here means the image is hashed and its result is extended to PCR. + // But the event log can't be saved since log area is full. + // Just return EFI_SUCCESS in order not to block the image load. + // + Status = EFI_SUCCESS; + } + +Finish: + FreePool (TcgEvent); + + if (SectionHeader != NULL) { + FreePool (SectionHeader); + } + + if (Sha1Ctx != NULL ) { + FreePool (Sha1Ctx); + } + return Status; +} + +/** + The security handler is used to abstract platform-specific policy + from the DXE core response to an attempt to use a file that returns a + given status for the authentication check from the section extraction protocol. + + The possible responses in a given SAP implementation may include locking + flash upon failure to authenticate, attestation logging for all signed drivers, + and other exception operations. The File parameter allows for possible logging + within the SAP of the driver. + + If the file specified by File with an authentication status specified by + AuthenticationStatus is safe for the DXE Core to use, then EFI_SUCCESS is returned. + + If the file specified by File with an authentication status specified by + AuthenticationStatus is not safe for the DXE Core to use under any circumstances, + then EFI_ACCESS_DENIED is returned. + + If the file specified by File with an authentication status specified by + AuthenticationStatus is not safe for the DXE Core to use right now, but it + might be possible to use it at a future time, then EFI_SECURITY_VIOLATION is + returned. + + If check image specified by FileBuffer and File is NULL meanwhile, return EFI_ACCESS_DENIED. + + @param[in] AuthenticationStatus This is the authentication status returned + from the securitymeasurement services for the + input file. + @param[in] File This is a pointer to the device path of the file that is + being dispatched. This will optionally be used for logging. + @param[in] FileBuffer File buffer matches the input file device path. + @param[in] FileSize Size of File buffer matches the input file device path. + @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service. + + @retval EFI_SUCCESS The file specified by DevicePath and non-NULL + FileBuffer did authenticate, and the platform policy dictates + that the DXE Foundation may use the file. + @retval other error value +**/ +EFI_STATUS +EFIAPI +DxeTpmMeasureBootHandler ( + IN UINT32 AuthenticationStatus, + IN CONST EFI_DEVICE_PATH_PROTOCOL *File, OPTIONAL + IN VOID *FileBuffer, + IN UINTN FileSize, + IN BOOLEAN BootPolicy + ) +{ + EFI_TCG_PROTOCOL *TcgProtocol; + EFI_STATUS Status; + TCG_EFI_BOOT_SERVICE_CAPABILITY ProtocolCapability; + UINT32 TCGFeatureFlags; + EFI_PHYSICAL_ADDRESS EventLogLocation; + EFI_PHYSICAL_ADDRESS EventLogLastEntry; + EFI_DEVICE_PATH_PROTOCOL *DevicePathNode; + EFI_DEVICE_PATH_PROTOCOL *OrigDevicePathNode; + EFI_HANDLE Handle; + EFI_HANDLE TempHandle; + BOOLEAN ApplicationRequired; + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol; + EFI_PHYSICAL_ADDRESS FvAddress; + UINT32 Index; + + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); + if (EFI_ERROR (Status)) { + // + // TCG protocol is not installed. So, TPM is not present. + // Don't do any measurement, and directly return EFI_SUCCESS. + // + return EFI_SUCCESS; + } + + ProtocolCapability.Size = (UINT8) sizeof (ProtocolCapability); + Status = TcgProtocol->StatusCheck ( + TcgProtocol, + &ProtocolCapability, + &TCGFeatureFlags, + &EventLogLocation, + &EventLogLastEntry + ); + if (EFI_ERROR (Status) || ProtocolCapability.TPMDeactivatedFlag || (!ProtocolCapability.TPMPresentFlag)) { + // + // TPM device doesn't work or activate. + // + return EFI_SUCCESS; + } + + // + // Copy File Device Path + // + OrigDevicePathNode = DuplicateDevicePath (File); + + // + // 1. Check whether this device path support BlockIo protocol. + // Is so, this device path may be a GPT device path. + // + DevicePathNode = OrigDevicePathNode; + Status = gBS->LocateDevicePath (&gEfiBlockIoProtocolGuid, &DevicePathNode, &Handle); + if (!EFI_ERROR (Status) && !mMeasureGptTableFlag) { + // + // Find the gpt partition on the given devicepath + // + DevicePathNode = OrigDevicePathNode; + ASSERT (DevicePathNode != NULL); + while (!IsDevicePathEnd (DevicePathNode)) { + // + // Find the Gpt partition + // + if (DevicePathType (DevicePathNode) == MEDIA_DEVICE_PATH && + DevicePathSubType (DevicePathNode) == MEDIA_HARDDRIVE_DP) { + // + // Check whether it is a gpt partition or not + // + if (((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->MBRType == MBR_TYPE_EFI_PARTITION_TABLE_HEADER && + ((HARDDRIVE_DEVICE_PATH *) DevicePathNode)->SignatureType == SIGNATURE_TYPE_GUID) { + + // + // Change the partition device path to its parent device path (disk) and get the handle. + // + DevicePathNode->Type = END_DEVICE_PATH_TYPE; + DevicePathNode->SubType = END_ENTIRE_DEVICE_PATH_SUBTYPE; + DevicePathNode = OrigDevicePathNode; + Status = gBS->LocateDevicePath ( + &gEfiDiskIoProtocolGuid, + &DevicePathNode, + &Handle + ); + if (!EFI_ERROR (Status)) { + // + // Measure GPT disk. + // + Status = TcgMeasureGptTable (TcgProtocol, Handle); + if (!EFI_ERROR (Status)) { + // + // GPT disk check done. + // + mMeasureGptTableFlag = TRUE; + } + } + FreePool (OrigDevicePathNode); + OrigDevicePathNode = DuplicateDevicePath (File); + ASSERT (OrigDevicePathNode != NULL); + break; + } + } + DevicePathNode = NextDevicePathNode (DevicePathNode); + } + } + + // + // 2. Measure PE image. + // + ApplicationRequired = FALSE; + + // + // Check whether this device path support FVB protocol. + // + DevicePathNode = OrigDevicePathNode; + Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle); + if (!EFI_ERROR (Status)) { + // + // Don't check FV image, and directly return EFI_SUCCESS. + // It can be extended to the specific FV authentication according to the different requirement. + // + if (IsDevicePathEnd (DevicePathNode)) { + return EFI_SUCCESS; + } + // + // The PE image from unmeasured Firmware volume need be measured + // The PE image from measured Firmware volume will be measured according to policy below. + // If it is driver, do not measure + // If it is application, still measure. + // + ApplicationRequired = TRUE; + + if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) { + // + // Search for Root FV of this PE image + // + TempHandle = Handle; + do { + Status = gBS->HandleProtocol( + TempHandle, + &gEfiFirmwareVolumeBlockProtocolGuid, + (VOID**)&FvbProtocol + ); + TempHandle = FvbProtocol->ParentHandle; + } while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL); + + // + // Search in measured FV Hob + // + Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress); + if (EFI_ERROR(Status)){ + return Status; + } + + ApplicationRequired = FALSE; + + for (Index = 0; Index < mMeasuredHobData->Num; Index++) { + if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) { + // + // Cache measured FV for next measurement + // + mCacheMeasuredHandle = Handle; + ApplicationRequired = TRUE; + break; + } + } + } + } + + // + // File is not found. + // + if (FileBuffer == NULL) { + Status = EFI_SECURITY_VIOLATION; + goto Finish; + } + + mTpmImageSize = FileSize; + mFileBuffer = FileBuffer; + + // + // Measure PE Image + // + DevicePathNode = OrigDevicePathNode; + ZeroMem (&ImageContext, sizeof (ImageContext)); + ImageContext.Handle = (VOID *) FileBuffer; + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeTpmMeasureBootLibImageRead; + + // + // Get information about the image being loaded + // + Status = PeCoffLoaderGetImageInfo (&ImageContext); + if (EFI_ERROR (Status)) { + // + // Check for invalid parameters. + // + if (File == NULL) { + return EFI_ACCESS_DENIED; + } + + // + // The information can't be got from the invalid PeImage + // + goto Finish; + } + + // + // Measure only application if Application flag is set + // Measure drivers and applications if Application flag is not set + // + if ((!ApplicationRequired) || + (ApplicationRequired && ImageContext.ImageType == EFI_IMAGE_SUBSYSTEM_EFI_APPLICATION)) { + // + // Print the image path to be measured. + // + DEBUG_CODE_BEGIN (); + CHAR16 *ToText; + ToText = ConvertDevicePathToText ( + DevicePathNode, + FALSE, + TRUE + ); + if (ToText != NULL) { + DEBUG ((DEBUG_INFO, "The measured image path is %s.\n", ToText)); + FreePool (ToText); + } + DEBUG_CODE_END (); + + // + // Measure PE image into TPM log. + // + Status = TcgMeasurePeImage ( + TcgProtocol, + (EFI_PHYSICAL_ADDRESS) (UINTN) FileBuffer, + FileSize, + (UINTN) ImageContext.ImageAddress, + ImageContext.ImageType, + DevicePathNode + ); + } + + // + // Done, free the allocated resource. + // +Finish: + if (OrigDevicePathNode != NULL) { + FreePool (OrigDevicePathNode); + } + + return Status; +} + +/** + Register the security handler to provide TPM measure boot service. + + @param ImageHandle ImageHandle of the loaded driver. + @param SystemTable Pointer to the EFI System Table. + + @retval EFI_SUCCESS Register successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to register this handler. +**/ +EFI_STATUS +EFIAPI +DxeTpmMeasureBootLibConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_HOB_GUID_TYPE *GuidHob; + + GuidHob = NULL; + + GuidHob = GetFirstGuidHob (&gMeasuredFvHobGuid); + + if (GuidHob != NULL) { + mMeasuredHobData = GET_GUID_HOB_DATA (GuidHob); + } + + return RegisterSecurity2Handler ( + DxeTpmMeasureBootHandler, + EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED + ); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf new file mode 100644 index 00000000..46da9b31 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf @@ -0,0 +1,62 @@ +## @file +# Provides security service for TPM 1.2 measured boot +# +# This library instance hooks LoadImage() API to measure every image that +# is not measured in PEI phase. And, it will also measure GPT partition. +# +# Caution: This module requires additional review when modified. +# This library will have external input - PE/COFF image and GPT partition. +# This external input must be validated carefully to avoid security issues such +# as buffer overflow or integer overflow. +# +# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeTpmMeasureBootLib + MODULE_UNI_FILE = DxeTpmMeasureBootLib.uni + FILE_GUID = 6C60C7D0-922A-4b7c-87D7-E503EDD73BBF + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = DxeTpmMeasureBootLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + DxeTpmMeasureBootLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseMemoryLib + DebugLib + MemoryAllocationLib + DevicePathLib + UefiBootServicesTableLib + BaseCryptLib + PeCoffLib + BaseLib + SecurityManagementLib + HobLib + +[Guids] + gMeasuredFvHobGuid ## SOMETIMES_CONSUMES ## HOB + +[Protocols] + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES + gEfiFirmwareVolumeBlockProtocolGuid ## SOMETIMES_CONSUMES + gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES + gEfiDiskIoProtocolGuid ## SOMETIMES_CONSUMES + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.uni new file mode 100644 index 00000000..fc09e19b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.uni @@ -0,0 +1,22 @@ +// /** @file
+// Provides security service for TPM 1.2 measured boot
+//
+// This library instance hooks LoadImage() API to measure every image that
+// is not measured in PEI phase. And, it will also measure GPT partition.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - PE/COFF image and GPT partition.
+// This external input must be validated carefully to avoid security issues such
+// as buffer overflow or integer overflow.
+//
+// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides security service for TPM 1.2 measured boot"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library instance hooks LoadImage() API to measure every image that is not measured in PEI phase. And, it will also measure GPT partition. Caution: This module requires additional review when modified. This library will have external input - PE/COFF image and GPT partition. This external input must be validated carefully to avoid security issues such as buffer overflow or integer overflow."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c new file mode 100644 index 00000000..7573c0f5 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.c @@ -0,0 +1,207 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> + +#include <Protocol/TcgService.h> +#include <Protocol/Tcg2Protocol.h> + +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/DebugLib.h> +#include <Library/TpmMeasurementLib.h> + +#include <Guid/Acpi.h> +#include <IndustryStandard/Acpi.h> + + + +/** + Tpm12 measure and log data, and extend the measurement result into a specific PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, extended. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +Tpm12MeasureAndLogData ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen + ) +{ + EFI_STATUS Status; + EFI_TCG_PROTOCOL *TcgProtocol; + TCG_PCR_EVENT *TcgEvent; + EFI_PHYSICAL_ADDRESS EventLogLastEntry; + UINT32 EventNumber; + + TcgEvent = NULL; + + // + // Tpm activation state is checked in HashLogExtendEvent + // + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); + if (EFI_ERROR(Status)){ + return Status; + } + + TcgEvent = (TCG_PCR_EVENT *)AllocateZeroPool (sizeof (TCG_PCR_EVENT_HDR) + LogLen); + if(TcgEvent == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + TcgEvent->PCRIndex = PcrIndex; + TcgEvent->EventType = EventType; + TcgEvent->EventSize = LogLen; + CopyMem (&TcgEvent->Event[0], EventLog, LogLen); + EventNumber = 1; + Status = TcgProtocol->HashLogExtendEvent ( + TcgProtocol, + (EFI_PHYSICAL_ADDRESS)(UINTN)HashData, + HashDataLen, + TPM_ALG_SHA, + TcgEvent, + &EventNumber, + &EventLogLastEntry + ); + + FreePool (TcgEvent); + + return Status; +} + +/** + Tpm20 measure and log data, and extend the measurement result into a specific PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, extended. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +Tpm20MeasureAndLogData ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen + ) +{ + EFI_STATUS Status; + EFI_TCG2_PROTOCOL *Tcg2Protocol; + EFI_TCG2_EVENT *Tcg2Event; + + // + // TPMPresentFlag is checked in HashLogExtendEvent + // + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol); + if (EFI_ERROR (Status)) { + return Status; + } + + Tcg2Event = (EFI_TCG2_EVENT *) AllocateZeroPool (LogLen + sizeof (EFI_TCG2_EVENT)); + if(Tcg2Event == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Tcg2Event->Size = (UINT32)LogLen + sizeof (EFI_TCG2_EVENT) - sizeof(Tcg2Event->Event); + Tcg2Event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER); + Tcg2Event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION; + Tcg2Event->Header.PCRIndex = PcrIndex; + Tcg2Event->Header.EventType = EventType; + CopyMem (&Tcg2Event->Event[0], EventLog, LogLen); + + Status = Tcg2Protocol->HashLogExtendEvent ( + Tcg2Protocol, + 0, + (EFI_PHYSICAL_ADDRESS)(UINTN)HashData, + HashDataLen, + Tcg2Event + ); + FreePool (Tcg2Event); + + return Status; +} + +/** + Tpm measure and log data, and extend the measurement result into a specific PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, extended. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +TpmMeasureAndLogData ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen + ) +{ + EFI_STATUS Status; + + // + // Try to measure using Tpm20 protocol + // + Status = Tpm20MeasureAndLogData( + PcrIndex, + EventType, + EventLog, + LogLen, + HashData, + HashDataLen + ); + + if (EFI_ERROR (Status)) { + // + // Try to measure using Tpm1.2 protocol + // + Status = Tpm12MeasureAndLogData( + PcrIndex, + EventType, + EventLog, + LogLen, + HashData, + HashDataLen + ); + } + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf new file mode 100644 index 00000000..53b17d76 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf @@ -0,0 +1,44 @@ +## @file +# Provides TPM measurement functions for TPM1.2 and TPM 2.0 +# +# This library provides TpmMeasureAndLogData() to measure and log data, and +# extend the measurement result into a specific PCR. +# +# Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = DxeTpmMeasurementLib + FILE_GUID = 30930D10-AF5B-4abf-80E6-EB4FFC0AE9D1 + MODULE_TYPE = UEFI_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = TpmMeasurementLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + MODULE_UNI_FILE = DxeTpmMeasurementLib.uni + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + DxeTpmMeasurementLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + UefiBootServicesTableLib + +[Protocols] + gEfiTcgProtocolGuid ## SOMETIMES_CONSUMES + gEfiTcg2ProtocolGuid ## SOMETIMES_CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.uni new file mode 100644 index 00000000..a1139810 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.uni @@ -0,0 +1,17 @@ +// /** @file
+// Provides TPM measurement functions for TPM1.2 and TPM 2.0
+//
+// This library provides TpmMeasureAndLogData() to to measure and log data, and
+// extend the measurement result into a specific PCR.
+//
+// Copyright (c) 2012 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides TPM measurement functions for TPM1.2 and TPM 2.0"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library provides TpmMeasureAndLogData() to to measure and log data, and extend the measurement result into a specific PCR."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c new file mode 100644 index 00000000..71775bab --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.c @@ -0,0 +1,216 @@ +/** @file + FMP Authentication PKCS7 handler. + Provide generic FMP authentication functions for DXE/PEI post memory phase. + + Caution: This module requires additional review when modified. + This module will have external input - capsule image. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + + FmpAuthenticatedHandlerPkcs7(), AuthenticateFmpImage() will receive + untrusted input and do basic validation. + + Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Uefi.h> + +#include <Guid/SystemResourceTable.h> +#include <Guid/FirmwareContentsSigned.h> +#include <Guid/WinCertificate.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/FmpAuthenticationLib.h> +#include <Library/PcdLib.h> +#include <Protocol/FirmwareManagement.h> +#include <Guid/SystemResourceTable.h> + +/** + The handler is used to do the authentication for FMP capsule based upon + EFI_FIRMWARE_IMAGE_AUTHENTICATION. + + Caution: This function may receive untrusted input. + + This function assumes the caller AuthenticateFmpImage() + already did basic validation for EFI_FIRMWARE_IMAGE_AUTHENTICATION. + + @param[in] Image Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION. + @param[in] ImageSize Size of the authentication image in bytes. + @param[in] PublicKeyData The public key data used to validate the signature. + @param[in] PublicKeyDataLength The length of the public key data. + + @retval RETURN_SUCCESS Authentication pass. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS. + @retval RETURN_SECURITY_VIOLATION Authentication fail. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR. + @retval RETURN_INVALID_PARAMETER The image is in an invalid format. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. + @retval RETURN_OUT_OF_RESOURCES No Authentication handler associated with CertType. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES. +**/ +RETURN_STATUS +FmpAuthenticatedHandlerPkcs7 ( + IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, + IN UINTN ImageSize, + IN CONST UINT8 *PublicKeyData, + IN UINTN PublicKeyDataLength + ) +{ + RETURN_STATUS Status; + BOOLEAN CryptoStatus; + VOID *P7Data; + UINTN P7Length; + VOID *TempBuffer; + + DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); + + P7Length = Image->AuthInfo.Hdr.dwLength - (OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)); + P7Data = Image->AuthInfo.CertData; + + // It is a signature across the variable data and the Monotonic Count value. + TempBuffer = AllocatePool(ImageSize - Image->AuthInfo.Hdr.dwLength); + if (TempBuffer == NULL) { + DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: TempBuffer == NULL\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + + CopyMem( + TempBuffer, + (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength, + ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength + ); + CopyMem( + (UINT8 *)TempBuffer + ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength, + &Image->MonotonicCount, + sizeof(Image->MonotonicCount) + ); + CryptoStatus = Pkcs7Verify( + P7Data, + P7Length, + PublicKeyData, + PublicKeyDataLength, + (UINT8 *)TempBuffer, + ImageSize - Image->AuthInfo.Hdr.dwLength + ); + FreePool(TempBuffer); + if (!CryptoStatus) { + // + // If PKCS7 signature verification fails, AUTH tested failed bit is set. + // + DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerPkcs7: Pkcs7Verify() failed\n")); + Status = RETURN_SECURITY_VIOLATION; + goto Done; + } + DEBUG((DEBUG_INFO, "FmpAuthenticatedHandlerPkcs7: PASS verification\n")); + + Status = RETURN_SUCCESS; + +Done: + return Status; +} + +/** + The function is used to do the authentication for FMP capsule based upon + EFI_FIRMWARE_IMAGE_AUTHENTICATION. + + The FMP capsule image should start with EFI_FIRMWARE_IMAGE_AUTHENTICATION, + followed by the payload. + + If the return status is RETURN_SUCCESS, the caller may continue the rest + FMP update process. + If the return status is NOT RETURN_SUCCESS, the caller should stop the FMP + update process and convert the return status to LastAttemptStatus + to indicate that FMP update fails. + The LastAttemptStatus can be got from ESRT table or via + EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo(). + + Caution: This function may receive untrusted input. + + @param[in] Image Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION. + @param[in] ImageSize Size of the authentication image in bytes. + @param[in] PublicKeyData The public key data used to validate the signature. + @param[in] PublicKeyDataLength The length of the public key data. + + @retval RETURN_SUCCESS Authentication pass. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS. + @retval RETURN_SECURITY_VIOLATION Authentication fail. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR. + @retval RETURN_INVALID_PARAMETER The image is in an invalid format. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. + @retval RETURN_UNSUPPORTED No Authentication handler associated with CertType. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. + @retval RETURN_UNSUPPORTED Image or ImageSize is invalid. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. + @retval RETURN_OUT_OF_RESOURCES No Authentication handler associated with CertType. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES. +**/ +RETURN_STATUS +EFIAPI +AuthenticateFmpImage ( + IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, + IN UINTN ImageSize, + IN CONST UINT8 *PublicKeyData, + IN UINTN PublicKeyDataLength + ) +{ + GUID *CertType; + EFI_STATUS Status; + + if ((Image == NULL) || (ImageSize == 0)) { + return RETURN_UNSUPPORTED; + } + + if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); + return RETURN_INVALID_PARAMETER; + } + if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n")); + return RETURN_INVALID_PARAMETER; + } + if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n")); + return RETURN_INVALID_PARAMETER; + } + if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); + return RETURN_INVALID_PARAMETER; + } + if (Image->AuthInfo.Hdr.wRevision != 0x0200) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200)); + return RETURN_INVALID_PARAMETER; + } + if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID)); + return RETURN_INVALID_PARAMETER; + } + + CertType = &Image->AuthInfo.CertType; + DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType)); + + if (CompareGuid (&gEfiCertPkcs7Guid, CertType)) { + // + // Call the match handler to extract raw data for the input section data. + // + Status = FmpAuthenticatedHandlerPkcs7 ( + Image, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); + return Status; + } + + // + // Not found, the input guided section is not supported. + // + return RETURN_UNSUPPORTED; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf new file mode 100644 index 00000000..65e5648a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf @@ -0,0 +1,43 @@ +## @file +# FMP Authentication PKCS7 handler. +# +# Instance of FmpAuthentication Library for DXE/PEI post memory phase. +# +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = FmpAuthenticationLibPkcs7 + MODULE_UNI_FILE = FmpAuthenticationLibPkcs7.uni + FILE_GUID = F4EA205B-7345-452C-9D62-53BA6F3B8910 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = FmpAuthenticationLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + FmpAuthenticationLibPkcs7.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib + +[Guids] + gEfiCertPkcs7Guid ## CONSUMES ## GUID diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.uni new file mode 100644 index 00000000..e499b6d4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.uni @@ -0,0 +1,21 @@ +// /** @file
+// FMP Authentication PKCS7 handler.
+//
+// This library provide FMP Authentication PKCS7 handler to verify EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - capsule image.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "FMP Authentication PKCS7 handler."
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library provide FMP Authentication PKCS7 handler to verify EFI_FIRMWARE_IMAGE_AUTHENTICATION."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c new file mode 100644 index 00000000..f32fc486 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.c @@ -0,0 +1,354 @@ +/** @file + FMP Authentication RSA2048SHA256 handler. + Provide generic FMP authentication functions for DXE/PEI post memory phase. + + Caution: This module requires additional review when modified. + This module will have external input - capsule image. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + + FmpAuthenticatedHandlerRsa2048Sha256(), AuthenticateFmpImage() will receive + untrusted input and do basic validation. + + Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Uefi.h> + +#include <Guid/SystemResourceTable.h> +#include <Guid/FirmwareContentsSigned.h> +#include <Guid/WinCertificate.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/FmpAuthenticationLib.h> +#include <Library/PcdLib.h> +#include <Protocol/FirmwareManagement.h> +#include <Guid/SystemResourceTable.h> + +/// +/// Public Exponent of RSA Key. +/// +STATIC CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; + +/** + The handler is used to do the authentication for FMP capsule based upon + EFI_FIRMWARE_IMAGE_AUTHENTICATION. + + Caution: This function may receive untrusted input. + + This function assumes the caller AuthenticateFmpImage() + already did basic validation for EFI_FIRMWARE_IMAGE_AUTHENTICATION. + + @param[in] Image Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION. + @param[in] ImageSize Size of the authentication image in bytes. + @param[in] PublicKeyData The public key data used to validate the signature. + @param[in] PublicKeyDataLength The length of the public key data. + + @retval RETURN_SUCCESS Authentication pass. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS. + @retval RETURN_SECURITY_VIOLATION Authentication fail. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR. + @retval RETURN_INVALID_PARAMETER The image is in an invalid format. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. + @retval RETURN_OUT_OF_RESOURCES No Authentication handler associated with CertType. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES. +**/ +RETURN_STATUS +FmpAuthenticatedHandlerRsa2048Sha256 ( + IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, + IN UINTN ImageSize, + IN CONST UINT8 *PublicKeyData, + IN UINTN PublicKeyDataLength + ) +{ + RETURN_STATUS Status; + EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlockRsa2048Sha256; + BOOLEAN CryptoStatus; + UINT8 Digest[SHA256_DIGEST_SIZE]; + UINT8 *PublicKey; + UINTN PublicKeyBufferSize; + VOID *HashContext; + VOID *Rsa; + + DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256 - Image: 0x%08x - 0x%08x\n", (UINTN)Image, (UINTN)ImageSize)); + + if (Image->AuthInfo.Hdr.dwLength != OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256)) { + DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - dwLength: 0x%04x, dwLength - 0x%04x\n", (UINTN)Image->AuthInfo.Hdr.dwLength, (UINTN)OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData) + sizeof(EFI_CERT_BLOCK_RSA_2048_SHA256))); + return RETURN_INVALID_PARAMETER; + } + + CertBlockRsa2048Sha256 = (EFI_CERT_BLOCK_RSA_2048_SHA256 *)Image->AuthInfo.CertData; + if (!CompareGuid(&CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)) { + DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256 - HashType: %g, expect - %g\n", &CertBlockRsa2048Sha256->HashType, &gEfiHashAlgorithmSha256Guid)); + return RETURN_INVALID_PARAMETER; + } + + HashContext = NULL; + Rsa = NULL; + + // + // Allocate hash context buffer required for SHA 256 + // + HashContext = AllocatePool (Sha256GetContextSize ()); + if (HashContext == NULL) { + CryptoStatus = FALSE; + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Can not allocate hash context\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + + // + // Hash public key from data payload with SHA256. + // + ZeroMem (Digest, SHA256_DIGEST_SIZE); + CryptoStatus = Sha256Init (HashContext); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Init() failed\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + CryptoStatus = Sha256Final (HashContext, Digest); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + + // + // Fail if the PublicKey is not one of the public keys in the input PublicKeyData. + // + PublicKey = (VOID *)PublicKeyData; + PublicKeyBufferSize = PublicKeyDataLength; + CryptoStatus = FALSE; + while (PublicKeyBufferSize != 0) { + if (CompareMem (Digest, PublicKey, SHA256_DIGEST_SIZE) == 0) { + CryptoStatus = TRUE; + break; + } + PublicKey = PublicKey + SHA256_DIGEST_SIZE; + PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE; + } + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Public key in section is not supported\n")); + Status = RETURN_SECURITY_VIOLATION; + goto Done; + } + + // + // Generate & Initialize RSA Context. + // + Rsa = RsaNew (); + if (Rsa == NULL) { + CryptoStatus = FALSE; + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaNew() failed\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + + // + // Set RSA Key Components. + // NOTE: Only N and E are needed to be set as RSA public key for signature verification. + // + CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + + // + // Hash data payload with SHA256. + // + ZeroMem (Digest, SHA256_DIGEST_SIZE); + CryptoStatus = Sha256Init (HashContext); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Init() failed\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + + // It is a signature across the variable data and the Monotonic Count value. + CryptoStatus = Sha256Update ( + HashContext, + (UINT8 *)Image + sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength, + ImageSize - sizeof(Image->MonotonicCount) - Image->AuthInfo.Hdr.dwLength + ); + if (!CryptoStatus) { + DEBUG((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + CryptoStatus = Sha256Update ( + HashContext, + (UINT8 *)&Image->MonotonicCount, + sizeof(Image->MonotonicCount) + ); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Update() failed\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + CryptoStatus = Sha256Final (HashContext, Digest); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: Sha256Final() failed\n")); + Status = RETURN_OUT_OF_RESOURCES; + goto Done; + } + + // + // Verify the RSA 2048 SHA 256 signature. + // + CryptoStatus = RsaPkcs1Verify ( + Rsa, + Digest, + SHA256_DIGEST_SIZE, + CertBlockRsa2048Sha256->Signature, + sizeof (CertBlockRsa2048Sha256->Signature) + ); + if (!CryptoStatus) { + // + // If RSA 2048 SHA 256 signature verification fails, AUTH tested failed bit is set. + // + DEBUG ((DEBUG_ERROR, "FmpAuthenticatedHandlerRsa2048Sha256: RsaPkcs1Verify() failed\n")); + Status = RETURN_SECURITY_VIOLATION; + goto Done; + } + DEBUG ((DEBUG_INFO, "FmpAuthenticatedHandlerRsa2048Sha256: PASS verification\n")); + + Status = RETURN_SUCCESS; + +Done: + // + // Free allocated resources used to perform RSA 2048 SHA 256 signature verification + // + if (Rsa != NULL) { + RsaFree (Rsa); + } + if (HashContext != NULL) { + FreePool (HashContext); + } + + return Status; +} + +/** + The function is used to do the authentication for FMP capsule based upon + EFI_FIRMWARE_IMAGE_AUTHENTICATION. + + The FMP capsule image should start with EFI_FIRMWARE_IMAGE_AUTHENTICATION, + followed by the payload. + + If the return status is RETURN_SUCCESS, the caller may continue the rest + FMP update process. + If the return status is NOT RETURN_SUCCESS, the caller should stop the FMP + update process and convert the return status to LastAttemptStatus + to indicate that FMP update fails. + The LastAttemptStatus can be got from ESRT table or via + EFI_FIRMWARE_MANAGEMENT_PROTOCOL.GetImageInfo(). + + Caution: This function may receive untrusted input. + + @param[in] Image Points to an FMP authentication image, started from EFI_FIRMWARE_IMAGE_AUTHENTICATION. + @param[in] ImageSize Size of the authentication image in bytes. + @param[in] PublicKeyData The public key data used to validate the signature. + @param[in] PublicKeyDataLength The length of the public key data. + + @retval RETURN_SUCCESS Authentication pass. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_SUCCESS. + @retval RETURN_SECURITY_VIOLATION Authentication fail. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR. + @retval RETURN_INVALID_PARAMETER The image is in an invalid format. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. + @retval RETURN_UNSUPPORTED No Authentication handler associated with CertType. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. + @retval RETURN_UNSUPPORTED Image or ImageSize is invalid. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT. + @retval RETURN_OUT_OF_RESOURCES No Authentication handler associated with CertType. + The LastAttemptStatus should be LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES. +**/ +RETURN_STATUS +EFIAPI +AuthenticateFmpImage ( + IN EFI_FIRMWARE_IMAGE_AUTHENTICATION *Image, + IN UINTN ImageSize, + IN CONST UINT8 *PublicKeyData, + IN UINTN PublicKeyDataLength + ) +{ + GUID *CertType; + EFI_STATUS Status; + + if ((Image == NULL) || (ImageSize == 0)) { + return RETURN_UNSUPPORTED; + } + + if ((PublicKeyDataLength % SHA256_DIGEST_SIZE) != 0) { + DEBUG ((DEBUG_ERROR, "PublicKeyDataLength is not multiple SHA256 size\n")); + return RETURN_UNSUPPORTED; + } + + if (ImageSize < sizeof(EFI_FIRMWARE_IMAGE_AUTHENTICATION)) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); + return RETURN_INVALID_PARAMETER; + } + if (Image->AuthInfo.Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too small\n")); + return RETURN_INVALID_PARAMETER; + } + if ((UINTN) Image->AuthInfo.Hdr.dwLength > MAX_UINTN - sizeof(UINT64)) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - dwLength too big\n")); + return RETURN_INVALID_PARAMETER; + } + if (ImageSize <= sizeof(Image->MonotonicCount) + Image->AuthInfo.Hdr.dwLength) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - ImageSize too small\n")); + return RETURN_INVALID_PARAMETER; + } + if (Image->AuthInfo.Hdr.wRevision != 0x0200) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wRevision: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wRevision, (UINTN)0x0200)); + return RETURN_INVALID_PARAMETER; + } + if (Image->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) { + DEBUG((DEBUG_ERROR, "AuthenticateFmpImage - wCertificateType: 0x%02x, expect - 0x%02x\n", (UINTN)Image->AuthInfo.Hdr.wCertificateType, (UINTN)WIN_CERT_TYPE_EFI_GUID)); + return RETURN_INVALID_PARAMETER; + } + + CertType = &Image->AuthInfo.CertType; + DEBUG((DEBUG_INFO, "AuthenticateFmpImage - CertType: %g\n", CertType)); + + if (CompareGuid (&gEfiCertTypeRsa2048Sha256Guid, CertType)) { + // + // Call the match handler to extract raw data for the input section data. + // + Status = FmpAuthenticatedHandlerRsa2048Sha256 ( + Image, + ImageSize, + PublicKeyData, + PublicKeyDataLength + ); + return Status; + } + + // + // Not found, the input guided section is not supported. + // + return RETURN_UNSUPPORTED; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf new file mode 100644 index 00000000..f5fc4a8e --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf @@ -0,0 +1,44 @@ +## @file +# FMP Authentication RSA2048SHA256 handler. +# +# Instance of FmpAuthentication Library for DXE/PEI post memory phase. +# +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = FmpAuthenticationLibRsa2048Sha256 + MODULE_UNI_FILE = FmpAuthenticationLibRsa2048Sha256.uni + FILE_GUID = 105FF0EA-A0C0-48A8-B8F7-E8B4D62A1019 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = FmpAuthenticationLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + FmpAuthenticationLibRsa2048Sha256.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib + +[Guids] + gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. + gEfiHashAlgorithmSha256Guid ## SOMETIMES_CONSUMES ## GUID diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.uni new file mode 100644 index 00000000..c7bb5be9 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.uni @@ -0,0 +1,21 @@ +// /** @file
+// FMP Authentication RSA2048SHA256 handler.
+//
+// This library provide FMP Authentication RSA2048SHA256 handler to verify EFI_FIRMWARE_IMAGE_AUTHENTICATION.
+//
+// Caution: This module requires additional review when modified.
+// This library will have external input - capsule image.
+// This external input must be validated carefully to avoid security issues such as
+// buffer overflow or integer overflow.
+//
+// Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "FMP Authentication RSA2048SHA256 handler."
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library provide FMP Authentication RSA2048SHA256 handler to verify EFI_FIRMWARE_IMAGE_AUTHENTICATION."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c new file mode 100644 index 00000000..9b43b577 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.c @@ -0,0 +1,149 @@ +/** @file + This library is BaseCrypto SHA1 hash instance. + It can be registered to BaseCrypto router, to serve as hash engine. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/HashLib.h> + +/** + The function set SHA1 to digest list. + + @param DigestList digest list + @param Sha1Digest SHA1 digest +**/ +VOID +Tpm2SetSha1ToDigestList ( + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sha1Digest + ) +{ + DigestList->count = 1; + DigestList->digests[0].hashAlg = TPM_ALG_SHA1; + CopyMem ( + DigestList->digests[0].digest.sha1, + Sha1Digest, + SHA1_DIGEST_SIZE + ); +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +Sha1HashInit ( + OUT HASH_HANDLE *HashHandle + ) +{ + VOID *Sha1Ctx; + UINTN CtxSize; + + CtxSize = Sha1GetContextSize (); + Sha1Ctx = AllocatePool (CtxSize); + ASSERT (Sha1Ctx != NULL); + + Sha1Init (Sha1Ctx); + + *HashHandle = (HASH_HANDLE)Sha1Ctx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +Sha1HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + VOID *Sha1Ctx; + + Sha1Ctx = (VOID *)HashHandle; + Sha1Update (Sha1Ctx, DataToHash, DataToHashLen); + + return EFI_SUCCESS; +} + +/** + Complete hash sequence complete. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +Sha1HashFinal ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + UINT8 Digest[SHA1_DIGEST_SIZE]; + VOID *Sha1Ctx; + + Sha1Ctx = (VOID *)HashHandle; + Sha1Final (Sha1Ctx, Digest); + + FreePool (Sha1Ctx); + + Tpm2SetSha1ToDigestList (DigestList, Digest); + + return EFI_SUCCESS; +} + +HASH_INTERFACE mSha1InternalHashInstance = { + HASH_ALGORITHM_SHA1_GUID, + Sha1HashInit, + Sha1HashUpdate, + Sha1HashFinal, +}; + +/** + The function register SHA1 instance. + + @retval EFI_SUCCESS SHA1 instance is registered, or system does not support register SHA1 instance +**/ +EFI_STATUS +EFIAPI +HashInstanceLibSha1Constructor ( + VOID + ) +{ + EFI_STATUS Status; + + Status = RegisterHashInterfaceLib (&mSha1InternalHashInstance); + if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) { + // + // Unsupported means platform policy does not need this instance enabled. + // + return EFI_SUCCESS; + } + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf new file mode 100644 index 00000000..44b9b12b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf @@ -0,0 +1,41 @@ +## @file +# Provides BaseCrypto SHA1 hash service +# +# This library can be registered to BaseCrypto router, to serve as hash engine. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HashInstanceLibSha1 + MODULE_UNI_FILE = HashInstanceLibSha1.uni + FILE_GUID = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL + CONSTRUCTOR = HashInstanceLibSha1Constructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + HashInstanceLibSha1.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + MemoryAllocationLib + BaseCryptLib diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.uni new file mode 100644 index 00000000..663a354c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.uni @@ -0,0 +1,16 @@ +// /** @file
+// Provides BaseCrypto SHA1 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SHA1 hash service"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c new file mode 100644 index 00000000..aab25166 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.c @@ -0,0 +1,149 @@ +/** @file + This library is BaseCrypto SHA256 hash instance. + It can be registered to BaseCrypto router, to serve as hash engine. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/HashLib.h> + +/** + The function set SHA256 to digest list. + + @param DigestList digest list + @param Sha256Digest SHA256 digest +**/ +VOID +Tpm2SetSha256ToDigestList ( + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sha256Digest + ) +{ + DigestList->count = 1; + DigestList->digests[0].hashAlg = TPM_ALG_SHA256; + CopyMem ( + DigestList->digests[0].digest.sha256, + Sha256Digest, + SHA256_DIGEST_SIZE + ); +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +Sha256HashInit ( + OUT HASH_HANDLE *HashHandle + ) +{ + VOID *Sha256Ctx; + UINTN CtxSize; + + CtxSize = Sha256GetContextSize (); + Sha256Ctx = AllocatePool (CtxSize); + ASSERT (Sha256Ctx != NULL); + + Sha256Init (Sha256Ctx); + + *HashHandle = (HASH_HANDLE)Sha256Ctx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +Sha256HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + VOID *Sha256Ctx; + + Sha256Ctx = (VOID *)HashHandle; + Sha256Update (Sha256Ctx, DataToHash, DataToHashLen); + + return EFI_SUCCESS; +} + +/** + Complete hash sequence complete. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +Sha256HashFinal ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + UINT8 Digest[SHA256_DIGEST_SIZE]; + VOID *Sha256Ctx; + + Sha256Ctx = (VOID *)HashHandle; + Sha256Final (Sha256Ctx, Digest); + + FreePool (Sha256Ctx); + + Tpm2SetSha256ToDigestList (DigestList, Digest); + + return EFI_SUCCESS; +} + +HASH_INTERFACE mSha256InternalHashInstance = { + HASH_ALGORITHM_SHA256_GUID, + Sha256HashInit, + Sha256HashUpdate, + Sha256HashFinal, +}; + +/** + The function register SHA256 instance. + + @retval EFI_SUCCESS SHA256 instance is registered, or system does not support register SHA256 instance +**/ +EFI_STATUS +EFIAPI +HashInstanceLibSha256Constructor ( + VOID + ) +{ + EFI_STATUS Status; + + Status = RegisterHashInterfaceLib (&mSha256InternalHashInstance); + if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) { + // + // Unsupported means platform policy does not need this instance enabled. + // + return EFI_SUCCESS; + } + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf new file mode 100644 index 00000000..cecd7841 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf @@ -0,0 +1,41 @@ +## @file +# Provides BaseCrypto SHA256 hash service +# +# This library can be registered to BaseCrypto router, to serve as hash engine. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HashInstanceLibSha256 + MODULE_UNI_FILE = HashInstanceLibSha256.uni + FILE_GUID = 5810798A-ED30-4080-8DD7-B9667A748C02 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL + CONSTRUCTOR = HashInstanceLibSha256Constructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + HashInstanceLibSha256.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + MemoryAllocationLib + BaseCryptLib diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.uni new file mode 100644 index 00000000..601330a0 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.uni @@ -0,0 +1,16 @@ +// /** @file
+// Provides BaseCrypto SHA256 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SHA256 hash service"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c new file mode 100644 index 00000000..502a8e20 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c @@ -0,0 +1,149 @@ +/** @file + This library is BaseCrypto SHA384 hash instance. + It can be registered to BaseCrypto router, to serve as hash engine. + +Copyright (c) 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/HashLib.h> + +/** + The function set SHA384 to digest list. + + @param DigestList digest list + @param Sha384Digest SHA384 digest +**/ +VOID +Tpm2SetSha384ToDigestList ( + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sha384Digest + ) +{ + DigestList->count = 1; + DigestList->digests[0].hashAlg = TPM_ALG_SHA384; + CopyMem ( + DigestList->digests[0].digest.sha384, + Sha384Digest, + SHA384_DIGEST_SIZE + ); +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +Sha384HashInit ( + OUT HASH_HANDLE *HashHandle + ) +{ + VOID *Sha384Ctx; + UINTN CtxSize; + + CtxSize = Sha384GetContextSize (); + Sha384Ctx = AllocatePool (CtxSize); + ASSERT (Sha384Ctx != NULL); + + Sha384Init (Sha384Ctx); + + *HashHandle = (HASH_HANDLE)Sha384Ctx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +Sha384HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + VOID *Sha384Ctx; + + Sha384Ctx = (VOID *)HashHandle; + Sha384Update (Sha384Ctx, DataToHash, DataToHashLen); + + return EFI_SUCCESS; +} + +/** + Complete hash sequence complete. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +Sha384HashFinal ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + UINT8 Digest[SHA384_DIGEST_SIZE]; + VOID *Sha384Ctx; + + Sha384Ctx = (VOID *)HashHandle; + Sha384Final (Sha384Ctx, Digest); + + FreePool (Sha384Ctx); + + Tpm2SetSha384ToDigestList (DigestList, Digest); + + return EFI_SUCCESS; +} + +HASH_INTERFACE mSha384InternalHashInstance = { + HASH_ALGORITHM_SHA384_GUID, + Sha384HashInit, + Sha384HashUpdate, + Sha384HashFinal, +}; + +/** + The function register SHA384 instance. + + @retval EFI_SUCCESS SHA384 instance is registered, or system does not support register SHA384 instance +**/ +EFI_STATUS +EFIAPI +HashInstanceLibSha384Constructor ( + VOID + ) +{ + EFI_STATUS Status; + + Status = RegisterHashInterfaceLib (&mSha384InternalHashInstance); + if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) { + // + // Unsupported means platform policy does not need this instance enabled. + // + return EFI_SUCCESS; + } + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf new file mode 100644 index 00000000..63d178e0 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf @@ -0,0 +1,40 @@ +## @file +# Provides BaseCrypto SHA384 hash service +# +# This library can be registered to BaseCrypto router, to serve as hash engine. +# +# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HashInstanceLibSha384 + MODULE_UNI_FILE = HashInstanceLibSha384.uni + FILE_GUID = 74223710-17A9-478F-9B24-E354496B968B + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL + CONSTRUCTOR = HashInstanceLibSha384Constructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + HashInstanceLibSha384.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni new file mode 100644 index 00000000..9cd02212 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.uni @@ -0,0 +1,16 @@ +// /** @file
+// Provides BaseCrypto SHA384 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SHA384 hash service"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c new file mode 100644 index 00000000..afd7c4bc --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.c @@ -0,0 +1,148 @@ +/** @file + This library is BaseCrypto SHA512 hash instance. + It can be registered to BaseCrypto router, to serve as hash engine. + +Copyright (c) 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/HashLib.h> + +/** + The function set SHA512 to digest list. + + @param DigestList digest list + @param Sha512Digest SHA512 digest +**/ +VOID +Tpm2SetSha512ToDigestList ( + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sha512Digest + ) +{ + DigestList->count = 1; + DigestList->digests[0].hashAlg = TPM_ALG_SHA512; + CopyMem ( + DigestList->digests[0].digest.sha512, + Sha512Digest, + SHA512_DIGEST_SIZE + ); +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +Sha512HashInit ( + OUT HASH_HANDLE *HashHandle + ) +{ + VOID *Sha512Ctx; + UINTN CtxSize; + + CtxSize = Sha512GetContextSize (); + Sha512Ctx = AllocatePool (CtxSize); + ASSERT (Sha512Ctx != NULL); + + Sha512Init (Sha512Ctx); + + *HashHandle = (HASH_HANDLE)Sha512Ctx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +Sha512HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + VOID *Sha512Ctx; + + Sha512Ctx = (VOID *)HashHandle; + Sha512Update (Sha512Ctx, DataToHash, DataToHashLen); + + return EFI_SUCCESS; +} + +/** + Complete hash sequence complete. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +Sha512HashFinal ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + UINT8 Digest[SHA512_DIGEST_SIZE]; + VOID *Sha512Ctx; + + Sha512Ctx = (VOID *)HashHandle; + Sha512Final (Sha512Ctx, Digest); + + FreePool (Sha512Ctx); + + Tpm2SetSha512ToDigestList (DigestList, Digest); + + return EFI_SUCCESS; +} + +HASH_INTERFACE mSha512InternalHashInstance = { + HASH_ALGORITHM_SHA512_GUID, + Sha512HashInit, + Sha512HashUpdate, + Sha512HashFinal, +}; + +/** + The function register SHA512 instance. + + @retval EFI_SUCCESS SHA512 instance is registered, or system does not support register SHA512 instance +**/ +EFI_STATUS +EFIAPI +HashInstanceLibSha512Constructor ( + VOID + ) +{ + EFI_STATUS Status; + + Status = RegisterHashInterfaceLib (&mSha512InternalHashInstance); + if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) { + // + // Unsupported means platform policy does not need this instance enabled. + // + return EFI_SUCCESS; + } + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf new file mode 100644 index 00000000..256152a5 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf @@ -0,0 +1,40 @@ +## @file +# Provides BaseCrypto SHA512 hash service +# +# This library can be registered to BaseCrypto router, to serve as hash engine. +# +# Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HashInstanceLibSha512 + MODULE_UNI_FILE = HashInstanceLibSha512.uni + FILE_GUID = 959C3685-AC3F-4F3E-AC5B-7E2A64BADD36 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL + CONSTRUCTOR = HashInstanceLibSha512Constructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + HashInstanceLibSha512.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + MemoryAllocationLib + BaseCryptLib diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni new file mode 100644 index 00000000..b4c4b4c2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.uni @@ -0,0 +1,16 @@ +// /** @file
+// Provides BaseCrypto SHA512 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SHA512 hash service"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c new file mode 100644 index 00000000..be175bf1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.c @@ -0,0 +1,150 @@ +/** @file + BaseCrypto SM3 hash instance library. + It can be registered to BaseCrypto router, to serve as hash engine. + + Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#include <PiPei.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/HashLib.h> + +/** + The function set SM3 to digest list. + + @param DigestList digest list + @param Sm3Digest SM3 digest +**/ +VOID +Tpm2SetSm3ToDigestList ( + IN TPML_DIGEST_VALUES *DigestList, + IN UINT8 *Sm3Digest + ) +{ + DigestList->count = 1; + DigestList->digests[0].hashAlg = TPM_ALG_SM3_256; + CopyMem ( + DigestList->digests[0].digest.sm3_256, + Sm3Digest, + SM3_256_DIGEST_SIZE + ); +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +Sm3HashInit ( + OUT HASH_HANDLE *HashHandle + ) +{ + VOID *Sm3Ctx; + UINTN CtxSize; + + CtxSize = Sm3GetContextSize (); + Sm3Ctx = AllocatePool (CtxSize); + if (Sm3Ctx == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Sm3Init (Sm3Ctx); + + *HashHandle = (HASH_HANDLE)Sm3Ctx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +Sm3HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + VOID *Sm3Ctx; + + Sm3Ctx = (VOID *)HashHandle; + Sm3Update (Sm3Ctx, DataToHash, DataToHashLen); + + return EFI_SUCCESS; +} + +/** + Complete hash sequence complete. + + @param HashHandle Hash handle. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +Sm3HashFinal ( + IN HASH_HANDLE HashHandle, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + UINT8 Digest[SM3_256_DIGEST_SIZE]; + VOID *Sm3Ctx; + + Sm3Ctx = (VOID *)HashHandle; + Sm3Final (Sm3Ctx, Digest); + + FreePool (Sm3Ctx); + + Tpm2SetSm3ToDigestList (DigestList, Digest); + + return EFI_SUCCESS; +} + +HASH_INTERFACE mSm3InternalHashInstance = { + HASH_ALGORITHM_SM3_256_GUID, + Sm3HashInit, + Sm3HashUpdate, + Sm3HashFinal, +}; + +/** + The function register SM3 instance. + + @retval EFI_SUCCESS SM3 instance is registered, or system dose not support register SM3 instance +**/ +EFI_STATUS +EFIAPI +HashInstanceLibSm3Constructor ( + VOID + ) +{ + EFI_STATUS Status; + + Status = RegisterHashInterfaceLib (&mSm3InternalHashInstance); + if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) { + // + // Unsupported means platform policy does not need this instance enabled. + // + return EFI_SUCCESS; + } + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf new file mode 100644 index 00000000..c82ab49d --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf @@ -0,0 +1,41 @@ +## @file +# Provides BaseCrypto SM3 hash service +# +# This library can be registered to BaseCrypto router, to serve as hash engine. +# +# Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HashInstanceLibSm3 + MODULE_UNI_FILE = HashInstanceLibSm3.uni + FILE_GUID = C5865D5D-9ACE-39FB-DC7C-0511891D40F9 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL + CONSTRUCTOR = HashInstanceLibSm3Constructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + HashInstanceLibSm3.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + MemoryAllocationLib + BaseCryptLib diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni new file mode 100644 index 00000000..07a5c53d --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.uni @@ -0,0 +1,15 @@ +// /** @file
+// Provides BaseCrypto SM3 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.<BR>
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides BaseCrypto SM3 hash service"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to BaseCrypto router, to serve as hash engine."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c new file mode 100644 index 00000000..2e550e64 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.c @@ -0,0 +1,72 @@ +/** @file + This is BaseCrypto router support function. + +Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/HashLib.h> +#include <Protocol/Tcg2Protocol.h> + +typedef struct { + EFI_GUID Guid; + UINT32 Mask; +} TPM2_HASH_MASK; + +TPM2_HASH_MASK mTpm2HashMask[] = { + {HASH_ALGORITHM_SHA1_GUID, HASH_ALG_SHA1}, + {HASH_ALGORITHM_SHA256_GUID, HASH_ALG_SHA256}, + {HASH_ALGORITHM_SHA384_GUID, HASH_ALG_SHA384}, + {HASH_ALGORITHM_SHA512_GUID, HASH_ALG_SHA512}, + {HASH_ALGORITHM_SM3_256_GUID, HASH_ALG_SM3_256}, +}; + +/** + The function get hash mask info from algorithm. + + @param HashGuid Hash Guid + + @return HashMask +**/ +UINT32 +EFIAPI +Tpm2GetHashMaskFromAlgo ( + IN EFI_GUID *HashGuid + ) +{ + UINTN Index; + for (Index = 0; Index < sizeof(mTpm2HashMask)/sizeof(mTpm2HashMask[0]); Index++) { + if (CompareGuid (HashGuid, &mTpm2HashMask[Index].Guid)) { + return mTpm2HashMask[Index].Mask; + } + } + return 0; +} + +/** + The function set digest to digest list. + + @param DigestList digest list + @param Digest digest data +**/ +VOID +EFIAPI +Tpm2SetHashToDigestList ( + IN OUT TPML_DIGEST_VALUES *DigestList, + IN TPML_DIGEST_VALUES *Digest + ) +{ + CopyMem ( + &DigestList->digests[DigestList->count], + &Digest->digests[0], + sizeof(Digest->digests[0]) + ); + DigestList->count ++; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.h new file mode 100644 index 00000000..6af53aa2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterCommon.h @@ -0,0 +1,38 @@ +/** @file + This is BaseCrypto router support function definition. + +Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _HASH_LIB_BASE_CRYPTO_ROUTER_COMMON_H_ +#define _HASH_LIB_BASE_CRYPTO_ROUTER_COMMON_H_ + +/** + The function get hash mask info from algorithm. + + @param HashGuid Hash Guid + + @return HashMask +**/ +UINT32 +EFIAPI +Tpm2GetHashMaskFromAlgo ( + IN EFI_GUID *HashGuid + ); + +/** + The function set digest to digest list. + + @param DigestList digest list + @param Digest digest data +**/ +VOID +EFIAPI +Tpm2SetHashToDigestList ( + IN OUT TPML_DIGEST_VALUES *DigestList, + IN TPML_DIGEST_VALUES *Digest + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c new file mode 100644 index 00000000..f44edffa --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.c @@ -0,0 +1,300 @@ +/** @file + This library is BaseCrypto router. It will redirect hash request to each individual + hash handler registered, such as SHA1, SHA256. + Platform can use PcdTpm2HashMask to mask some hash engines. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/PcdLib.h> +#include <Library/HashLib.h> + +#include "HashLibBaseCryptoRouterCommon.h" + +HASH_INTERFACE mHashInterface[HASH_COUNT] = {{{0}, NULL, NULL, NULL}}; +UINTN mHashInterfaceCount = 0; + +UINT32 mSupportedHashMaskLast = 0; +UINT32 mSupportedHashMaskCurrent = 0; + +/** + Check mismatch of supported HashMask between modules + that may link different HashInstanceLib instances. + +**/ +VOID +CheckSupportedHashMaskMismatch ( + VOID + ) +{ + if (mSupportedHashMaskCurrent != mSupportedHashMaskLast) { + DEBUG (( + DEBUG_WARN, + "WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n", + mSupportedHashMaskCurrent, + mSupportedHashMaskLast + )); + DEBUG ((DEBUG_WARN, "that are linking different HashInstanceLib instances!\n")); + } +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +HashStart ( + OUT HASH_HANDLE *HashHandle + ) +{ + HASH_HANDLE *HashCtx; + UINTN Index; + UINT32 HashMask; + + if (mHashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + CheckSupportedHashMaskMismatch (); + + HashCtx = AllocatePool (sizeof(*HashCtx) * mHashInterfaceCount); + ASSERT (HashCtx != NULL); + + for (Index = 0; Index < mHashInterfaceCount; Index++) { + HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid); + if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) { + mHashInterface[Index].HashInit (&HashCtx[Index]); + } + } + + *HashHandle = (HASH_HANDLE)HashCtx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + HASH_HANDLE *HashCtx; + UINTN Index; + UINT32 HashMask; + + if (mHashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + CheckSupportedHashMaskMismatch (); + + HashCtx = (HASH_HANDLE *)HashHandle; + + for (Index = 0; Index < mHashInterfaceCount; Index++) { + HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid); + if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) { + mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen); + } + } + + return EFI_SUCCESS; +} + +/** + Hash sequence complete and extend to PCR. + + @param HashHandle Hash handle. + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashCompleteAndExtend ( + IN HASH_HANDLE HashHandle, + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + TPML_DIGEST_VALUES Digest; + HASH_HANDLE *HashCtx; + UINTN Index; + EFI_STATUS Status; + UINT32 HashMask; + + if (mHashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + CheckSupportedHashMaskMismatch (); + + HashCtx = (HASH_HANDLE *)HashHandle; + ZeroMem (DigestList, sizeof(*DigestList)); + + for (Index = 0; Index < mHashInterfaceCount; Index++) { + HashMask = Tpm2GetHashMaskFromAlgo (&mHashInterface[Index].HashGuid); + if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) { + mHashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen); + mHashInterface[Index].HashFinal (HashCtx[Index], &Digest); + Tpm2SetHashToDigestList (DigestList, &Digest); + } + } + + FreePool (HashCtx); + + Status = Tpm2PcrExtend ( + PcrIndex, + DigestList + ); + return Status; +} + +/** + Hash data and extend to PCR. + + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash data and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashAndExtend ( + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + HASH_HANDLE HashHandle; + EFI_STATUS Status; + + if (mHashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + CheckSupportedHashMaskMismatch (); + + HashStart (&HashHandle); + HashUpdate (HashHandle, DataToHash, DataToHashLen); + Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList); + + return Status; +} + +/** + This service register Hash. + + @param HashInterface Hash interface + + @retval EFI_SUCCESS This hash interface is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this interface. + @retval EFI_ALREADY_STARTED System already register this interface. +**/ +EFI_STATUS +EFIAPI +RegisterHashInterfaceLib ( + IN HASH_INTERFACE *HashInterface + ) +{ + UINTN Index; + UINT32 HashMask; + EFI_STATUS Status; + + // + // Check allow + // + HashMask = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid); + if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) { + return EFI_UNSUPPORTED; + } + + if (mHashInterfaceCount >= sizeof(mHashInterface)/sizeof(mHashInterface[0])) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Check duplication + // + for (Index = 0; Index < mHashInterfaceCount; Index++) { + if (CompareGuid (&mHashInterface[Index].HashGuid, &HashInterface->HashGuid)) { + DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid)); + return EFI_ALREADY_STARTED; + } + } + + // + // Record hash algorithm bitmap of CURRENT module which consumes HashLib. + // + mSupportedHashMaskCurrent = PcdGet32 (PcdTcg2HashAlgorithmBitmap) | HashMask; + Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, mSupportedHashMaskCurrent); + ASSERT_EFI_ERROR (Status); + + CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, sizeof(*HashInterface)); + mHashInterfaceCount ++; + + return EFI_SUCCESS; +} + +/** + The constructor function of HashLibBaseCryptoRouterDxe. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor executed correctly. + +**/ +EFI_STATUS +EFIAPI +HashLibBaseCryptoRouterDxeConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + // + // Record hash algorithm bitmap of LAST module which also consumes HashLib. + // + mSupportedHashMaskLast = PcdGet32 (PcdTcg2HashAlgorithmBitmap); + + // + // Set PcdTcg2HashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module. + // + Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, 0); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf new file mode 100644 index 00000000..548576f9 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf @@ -0,0 +1,51 @@ +## @file +# Provides hash service by registered hash handler +# +# This library is BaseCrypto router. It will redirect hash request to each individual +# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to +# mask some hash engines. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HashLibBaseCryptoRouterDxe + MODULE_UNI_FILE = HashLibBaseCryptoRouterDxe.uni + FILE_GUID = 158DC712-F15A-44dc-93BB-1675045BE066 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = HashLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = HashLibBaseCryptoRouterDxeConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + HashLibBaseCryptoRouterCommon.h + HashLibBaseCryptoRouterCommon.c + HashLibBaseCryptoRouterDxe.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + MemoryAllocationLib + PcdLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES + ## SOMETIMES_CONSUMES + ## SOMETIMES_PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.uni new file mode 100644 index 00000000..d8b03ea4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.uni @@ -0,0 +1,18 @@ +// /** @file
+// Provides hash service by registered hash handler
+//
+// This library is BaseCrypto router. It will redirect hash request to each individual
+// hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
+// mask some hash engines.
+//
+// Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides hash service by registered hash handler"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library is BaseCrypto router. It will redirect hash request to each individual hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to mask some hash engines."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c new file mode 100644 index 00000000..5e3d0ba5 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.c @@ -0,0 +1,433 @@ +/** @file + This library is BaseCrypto router. It will redirect hash request to each individual + hash handler registered, such as SHA1, SHA256. + Platform can use PcdTpm2HashMask to mask some hash engines. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/PcdLib.h> +#include <Library/HobLib.h> +#include <Library/HashLib.h> +#include <Guid/ZeroGuid.h> + +#include "HashLibBaseCryptoRouterCommon.h" + +#define HASH_LIB_PEI_ROUTER_GUID \ + { 0x84681c08, 0x6873, 0x46f3, { 0x8b, 0xb7, 0xab, 0x66, 0x18, 0x95, 0xa1, 0xb3 } } + +EFI_GUID mHashLibPeiRouterGuid = HASH_LIB_PEI_ROUTER_GUID; + +typedef struct { + // + // If gZeroGuid, SupportedHashMask is 0 for FIRST module which consumes HashLib + // or the hash algorithm bitmap of LAST module which consumes HashLib. + // HashInterfaceCount and HashInterface are all 0. + // If gEfiCallerIdGuid, HashInterfaceCount, HashInterface and SupportedHashMask + // are the hash interface information of CURRENT module which consumes HashLib. + // + EFI_GUID Identifier; + UINTN HashInterfaceCount; + HASH_INTERFACE HashInterface[HASH_COUNT]; + UINT32 SupportedHashMask; +} HASH_INTERFACE_HOB; + +/** + This function gets hash interface hob. + + @param Identifier Identifier to get hash interface hob. + + @retval hash interface hob. +**/ +HASH_INTERFACE_HOB * +InternalGetHashInterfaceHob ( + EFI_GUID *Identifier + ) +{ + EFI_PEI_HOB_POINTERS Hob; + HASH_INTERFACE_HOB *HashInterfaceHob; + + Hob.Raw = GetFirstGuidHob (&mHashLibPeiRouterGuid); + while (Hob.Raw != NULL) { + HashInterfaceHob = GET_GUID_HOB_DATA (Hob); + if (CompareGuid (&HashInterfaceHob->Identifier, Identifier)) { + // + // Found the matched one. + // + return HashInterfaceHob; + } + Hob.Raw = GET_NEXT_HOB (Hob); + Hob.Raw = GetNextGuidHob (&mHashLibPeiRouterGuid, Hob.Raw); + } + return NULL; +} + +/** + This function creates hash interface hob. + + @param Identifier Identifier to create hash interface hob. + + @retval hash interface hob. +**/ +HASH_INTERFACE_HOB * +InternalCreateHashInterfaceHob ( + EFI_GUID *Identifier + ) +{ + HASH_INTERFACE_HOB LocalHashInterfaceHob; + + ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob)); + CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier); + return BuildGuidDataHob (&mHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob)); +} + +/** + Check mismatch of supported HashMask between modules + that may link different HashInstanceLib instances. + + @param HashInterfaceHobCurrent Pointer to hash interface hob for CURRENT module. + +**/ +VOID +CheckSupportedHashMaskMismatch ( + IN HASH_INTERFACE_HOB *HashInterfaceHobCurrent + ) +{ + HASH_INTERFACE_HOB *HashInterfaceHobLast; + + HashInterfaceHobLast = InternalGetHashInterfaceHob (&gZeroGuid); + ASSERT (HashInterfaceHobLast != NULL); + + if ((HashInterfaceHobLast->SupportedHashMask != 0) && + (HashInterfaceHobCurrent->SupportedHashMask != HashInterfaceHobLast->SupportedHashMask)) { + DEBUG (( + DEBUG_WARN, + "WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) between modules\n", + HashInterfaceHobCurrent->SupportedHashMask, + HashInterfaceHobLast->SupportedHashMask + )); + DEBUG ((DEBUG_WARN, "that are linking different HashInstanceLib instances!\n")); + } +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +HashStart ( + OUT HASH_HANDLE *HashHandle + ) +{ + HASH_INTERFACE_HOB *HashInterfaceHob; + HASH_HANDLE *HashCtx; + UINTN Index; + UINT32 HashMask; + + HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid); + if (HashInterfaceHob == NULL) { + return EFI_UNSUPPORTED; + } + + if (HashInterfaceHob->HashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + CheckSupportedHashMaskMismatch (HashInterfaceHob); + + HashCtx = AllocatePool (sizeof(*HashCtx) * HashInterfaceHob->HashInterfaceCount); + ASSERT (HashCtx != NULL); + + for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) { + HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid); + if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) { + HashInterfaceHob->HashInterface[Index].HashInit (&HashCtx[Index]); + } + } + + *HashHandle = (HASH_HANDLE)HashCtx; + + return EFI_SUCCESS; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + HASH_INTERFACE_HOB *HashInterfaceHob; + HASH_HANDLE *HashCtx; + UINTN Index; + UINT32 HashMask; + + HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid); + if (HashInterfaceHob == NULL) { + return EFI_UNSUPPORTED; + } + + if (HashInterfaceHob->HashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + CheckSupportedHashMaskMismatch (HashInterfaceHob); + + HashCtx = (HASH_HANDLE *)HashHandle; + + for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) { + HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid); + if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) { + HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen); + } + } + + return EFI_SUCCESS; +} + +/** + Hash sequence complete and extend to PCR. + + @param HashHandle Hash handle. + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashCompleteAndExtend ( + IN HASH_HANDLE HashHandle, + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + TPML_DIGEST_VALUES Digest; + HASH_INTERFACE_HOB *HashInterfaceHob; + HASH_HANDLE *HashCtx; + UINTN Index; + EFI_STATUS Status; + UINT32 HashMask; + + HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid); + if (HashInterfaceHob == NULL) { + return EFI_UNSUPPORTED; + } + + if (HashInterfaceHob->HashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + CheckSupportedHashMaskMismatch (HashInterfaceHob); + + HashCtx = (HASH_HANDLE *)HashHandle; + ZeroMem (DigestList, sizeof(*DigestList)); + + for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) { + HashMask = Tpm2GetHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid); + if ((HashMask & PcdGet32 (PcdTpm2HashMask)) != 0) { + HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[Index], DataToHash, DataToHashLen); + HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[Index], &Digest); + Tpm2SetHashToDigestList (DigestList, &Digest); + } + } + + FreePool (HashCtx); + + Status = Tpm2PcrExtend ( + PcrIndex, + DigestList + ); + return Status; +} + +/** + Hash data and extend to PCR. + + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash data and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashAndExtend ( + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + HASH_INTERFACE_HOB *HashInterfaceHob; + HASH_HANDLE HashHandle; + EFI_STATUS Status; + + HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid); + if (HashInterfaceHob == NULL) { + return EFI_UNSUPPORTED; + } + + if (HashInterfaceHob->HashInterfaceCount == 0) { + return EFI_UNSUPPORTED; + } + + CheckSupportedHashMaskMismatch (HashInterfaceHob); + + HashStart (&HashHandle); + HashUpdate (HashHandle, DataToHash, DataToHashLen); + Status = HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, DigestList); + + return Status; +} + +/** + This service register Hash. + + @param HashInterface Hash interface + + @retval EFI_SUCCESS This hash interface is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this interface. + @retval EFI_ALREADY_STARTED System already register this interface. +**/ +EFI_STATUS +EFIAPI +RegisterHashInterfaceLib ( + IN HASH_INTERFACE *HashInterface + ) +{ + UINTN Index; + HASH_INTERFACE_HOB *HashInterfaceHob; + UINT32 HashMask; + EFI_STATUS Status; + + // + // Check allow + // + HashMask = Tpm2GetHashMaskFromAlgo (&HashInterface->HashGuid); + if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) { + return EFI_UNSUPPORTED; + } + + HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid); + if (HashInterfaceHob == NULL) { + HashInterfaceHob = InternalCreateHashInterfaceHob (&gEfiCallerIdGuid); + if (HashInterfaceHob == NULL) { + return EFI_OUT_OF_RESOURCES; + } + } + + if (HashInterfaceHob->HashInterfaceCount >= HASH_COUNT) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Check duplication + // + for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) { + if (CompareGuid (&HashInterfaceHob->HashInterface[Index].HashGuid, &HashInterface->HashGuid)) { + DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid)); + return EFI_ALREADY_STARTED; + } + } + + // + // Record hash algorithm bitmap of CURRENT module which consumes HashLib. + // + HashInterfaceHob->SupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap) | HashMask; + Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, HashInterfaceHob->SupportedHashMask); + ASSERT_EFI_ERROR (Status); + + CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface)); + HashInterfaceHob->HashInterfaceCount ++; + + return EFI_SUCCESS; +} + +/** + The constructor function of HashLibBaseCryptoRouterPei. + + @param FileHandle The handle of FFS header the loaded driver. + @param PeiServices The pointer to the PEI services. + + @retval EFI_SUCCESS The constructor executes successfully. + @retval EFI_OUT_OF_RESOURCES There is no enough resource for the constructor. + +**/ +EFI_STATUS +EFIAPI +HashLibBaseCryptoRouterPeiConstructor ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + HASH_INTERFACE_HOB *HashInterfaceHob; + + HashInterfaceHob = InternalGetHashInterfaceHob (&gZeroGuid); + if (HashInterfaceHob == NULL) { + // + // No HOB with gZeroGuid Identifier has been created, + // this is FIRST module which consumes HashLib. + // Create the HOB with gZeroGuid Identifier. + // + HashInterfaceHob = InternalCreateHashInterfaceHob (&gZeroGuid); + if (HashInterfaceHob == NULL) { + return EFI_OUT_OF_RESOURCES; + } + } else { + // + // Record hash algorithm bitmap of LAST module which also consumes HashLib. + // + HashInterfaceHob->SupportedHashMask = PcdGet32 (PcdTcg2HashAlgorithmBitmap); + } + + HashInterfaceHob = InternalGetHashInterfaceHob (&gEfiCallerIdGuid); + if (HashInterfaceHob != NULL) { + // + // In PEI phase, some modules may call RegisterForShadow and will be + // shadowed and executed again after memory is discovered. + // This is the second execution of this module, clear the hash interface + // information registered at its first execution. + // + ZeroMem (&HashInterfaceHob->HashInterface, sizeof (HashInterfaceHob->HashInterface)); + HashInterfaceHob->HashInterfaceCount = 0; + HashInterfaceHob->SupportedHashMask = 0; + } + + // + // Set PcdTcg2HashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module. + // + Status = PcdSet32S (PcdTcg2HashAlgorithmBitmap, 0); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf new file mode 100644 index 00000000..57502427 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf @@ -0,0 +1,57 @@ +## @file +# Provides hash service by registered hash handler +# +# This library is BaseCrypto router. It will redirect hash request to each individual +# hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to +# mask some hash engines. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HashLibBaseCryptoRouterPei + MODULE_UNI_FILE = HashLibBaseCryptoRouterPei.uni + FILE_GUID = DDCBCFBA-8EEB-488a-96D6-097831A6E50B + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + LIBRARY_CLASS = HashLib|PEIM + CONSTRUCTOR = HashLibBaseCryptoRouterPeiConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + HashLibBaseCryptoRouterCommon.h + HashLibBaseCryptoRouterCommon.c + HashLibBaseCryptoRouterPei.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + MemoryAllocationLib + PcdLib + HobLib + +[Guids] + ## SOMETIMES_CONSUMES ## GUID + gZeroGuid + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES + ## SOMETIMES_CONSUMES + ## SOMETIMES_PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.uni new file mode 100644 index 00000000..d8b03ea4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.uni @@ -0,0 +1,18 @@ +// /** @file
+// Provides hash service by registered hash handler
+//
+// This library is BaseCrypto router. It will redirect hash request to each individual
+// hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
+// mask some hash engines.
+//
+// Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides hash service by registered hash handler"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library is BaseCrypto router. It will redirect hash request to each individual hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to mask some hash engines."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c new file mode 100644 index 00000000..cec8d684 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.c @@ -0,0 +1,336 @@ +/** @file + This library uses TPM2 device to calculation hash. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/HashLib.h> +#include <Library/PcdLib.h> + +typedef struct { + TPM_ALG_ID AlgoId; + UINT32 Mask; +} TPM2_HASH_MASK; + +TPM2_HASH_MASK mTpm2HashMask[] = { + {TPM_ALG_SHA1, HASH_ALG_SHA1}, + {TPM_ALG_SHA256, HASH_ALG_SHA256}, + {TPM_ALG_SHA384, HASH_ALG_SHA384}, + {TPM_ALG_SHA512, HASH_ALG_SHA512}, +}; + +/** + The function get algorithm from hash mask info. + + @return Hash algorithm +**/ +TPM_ALG_ID +Tpm2GetAlgoFromHashMask ( + VOID + ) +{ + UINT32 HashMask; + UINTN Index; + + HashMask = PcdGet32 (PcdTpm2HashMask); + for (Index = 0; Index < sizeof(mTpm2HashMask)/sizeof(mTpm2HashMask[0]); Index++) { + if (mTpm2HashMask[Index].Mask == HashMask) { + return mTpm2HashMask[Index].AlgoId; + } + } + + return TPM_ALG_NULL; +} + +/** + Start hash sequence. + + @param HashHandle Hash handle. + + @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. + @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. +**/ +EFI_STATUS +EFIAPI +HashStart ( + OUT HASH_HANDLE *HashHandle + ) +{ + TPMI_DH_OBJECT SequenceHandle; + EFI_STATUS Status; + TPM_ALG_ID AlgoId; + + AlgoId = Tpm2GetAlgoFromHashMask (); + + Status = Tpm2HashSequenceStart (AlgoId, &SequenceHandle); + if (!EFI_ERROR (Status)) { + *HashHandle = (HASH_HANDLE)SequenceHandle; + } + return Status; +} + +/** + Update hash sequence data. + + @param HashHandle Hash handle. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + + @retval EFI_SUCCESS Hash sequence updated. +**/ +EFI_STATUS +EFIAPI +HashUpdate ( + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, + IN UINTN DataToHashLen + ) +{ + UINT8 *Buffer; + UINT64 HashLen; + TPM2B_MAX_BUFFER HashBuffer; + EFI_STATUS Status; + + Buffer = (UINT8 *)(UINTN)DataToHash; + for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) { + + HashBuffer.size = sizeof(HashBuffer.buffer); + CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer)); + Buffer += sizeof(HashBuffer.buffer); + + Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer); + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + } + + // + // Last one + // + HashBuffer.size = (UINT16)HashLen; + CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen); + Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer); + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + + return EFI_SUCCESS; +} + +/** + Hash sequence complete and extend to PCR. + + @param HashHandle Hash handle. + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashCompleteAndExtend ( + IN HASH_HANDLE HashHandle, + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + UINT8 *Buffer; + UINT64 HashLen; + TPM2B_MAX_BUFFER HashBuffer; + EFI_STATUS Status; + TPM_ALG_ID AlgoId; + TPM2B_DIGEST Result; + + AlgoId = Tpm2GetAlgoFromHashMask (); + + Buffer = (UINT8 *)(UINTN)DataToHash; + for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) { + + HashBuffer.size = sizeof(HashBuffer.buffer); + CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer)); + Buffer += sizeof(HashBuffer.buffer); + + Status = Tpm2SequenceUpdate((TPMI_DH_OBJECT)HashHandle, &HashBuffer); + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + } + + // + // Last one + // + HashBuffer.size = (UINT16)HashLen; + CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen); + + ZeroMem(DigestList, sizeof(*DigestList)); + DigestList->count = HASH_COUNT; + + if (AlgoId == TPM_ALG_NULL) { + Status = Tpm2EventSequenceComplete ( + PcrIndex, + (TPMI_DH_OBJECT)HashHandle, + &HashBuffer, + DigestList + ); + } else { + Status = Tpm2SequenceComplete ( + (TPMI_DH_OBJECT)HashHandle, + &HashBuffer, + &Result + ); + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + + DigestList->count = 1; + DigestList->digests[0].hashAlg = AlgoId; + CopyMem (&DigestList->digests[0].digest, Result.buffer, Result.size); + Status = Tpm2PcrExtend ( + PcrIndex, + DigestList + ); + } + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + return EFI_SUCCESS; +} + +/** + Hash data and extend to PCR. + + @param PcrIndex PCR to be extended. + @param DataToHash Data to be hashed. + @param DataToHashLen Data size. + @param DigestList Digest list. + + @retval EFI_SUCCESS Hash data and DigestList is returned. +**/ +EFI_STATUS +EFIAPI +HashAndExtend ( + IN TPMI_DH_PCR PcrIndex, + IN VOID *DataToHash, + IN UINTN DataToHashLen, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + EFI_STATUS Status; + UINT8 *Buffer; + UINT64 HashLen; + TPMI_DH_OBJECT SequenceHandle; + TPM2B_MAX_BUFFER HashBuffer; + TPM_ALG_ID AlgoId; + TPM2B_EVENT EventData; + TPM2B_DIGEST Result; + + DEBUG((EFI_D_VERBOSE, "\n HashAndExtend Entry \n")); + + SequenceHandle = 0xFFFFFFFF; // Know bad value + + AlgoId = Tpm2GetAlgoFromHashMask (); + + if ((AlgoId == TPM_ALG_NULL) && (DataToHashLen <= sizeof(EventData.buffer))) { + EventData.size = (UINT16)DataToHashLen; + CopyMem (EventData.buffer, DataToHash, DataToHashLen); + Status = Tpm2PcrEvent (PcrIndex, &EventData, DigestList); + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + return EFI_SUCCESS; + } + + Status = Tpm2HashSequenceStart(AlgoId, &SequenceHandle); + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + DEBUG((EFI_D_VERBOSE, "\n Tpm2HashSequenceStart Success \n")); + + Buffer = (UINT8 *)(UINTN)DataToHash; + for (HashLen = DataToHashLen; HashLen > sizeof(HashBuffer.buffer); HashLen -= sizeof(HashBuffer.buffer)) { + + HashBuffer.size = sizeof(HashBuffer.buffer); + CopyMem(HashBuffer.buffer, Buffer, sizeof(HashBuffer.buffer)); + Buffer += sizeof(HashBuffer.buffer); + + Status = Tpm2SequenceUpdate(SequenceHandle, &HashBuffer); + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + } + DEBUG((EFI_D_VERBOSE, "\n Tpm2SequenceUpdate Success \n")); + + HashBuffer.size = (UINT16)HashLen; + CopyMem(HashBuffer.buffer, Buffer, (UINTN)HashLen); + + ZeroMem(DigestList, sizeof(*DigestList)); + DigestList->count = HASH_COUNT; + + if (AlgoId == TPM_ALG_NULL) { + Status = Tpm2EventSequenceComplete ( + PcrIndex, + SequenceHandle, + &HashBuffer, + DigestList + ); + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + DEBUG((EFI_D_VERBOSE, "\n Tpm2EventSequenceComplete Success \n")); + } else { + Status = Tpm2SequenceComplete ( + SequenceHandle, + &HashBuffer, + &Result + ); + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + DEBUG((EFI_D_VERBOSE, "\n Tpm2SequenceComplete Success \n")); + + DigestList->count = 1; + DigestList->digests[0].hashAlg = AlgoId; + CopyMem (&DigestList->digests[0].digest, Result.buffer, Result.size); + Status = Tpm2PcrExtend ( + PcrIndex, + DigestList + ); + if (EFI_ERROR(Status)) { + return EFI_DEVICE_ERROR; + } + DEBUG((EFI_D_VERBOSE, "\n Tpm2PcrExtend Success \n")); + } + + return EFI_SUCCESS; +} + +/** + This service register Hash. + + @param HashInterface Hash interface + + @retval EFI_SUCCESS This hash interface is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this interface. + @retval EFI_ALREADY_STARTED System already register this interface. +**/ +EFI_STATUS +EFIAPI +RegisterHashInterfaceLib ( + IN HASH_INTERFACE *HashInterface + ) +{ + return EFI_UNSUPPORTED; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf new file mode 100644 index 00000000..7d34b526 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf @@ -0,0 +1,44 @@ +## @file +# Provides hash service using TPM2 device +# +# This library uses TPM2 device to calculate hash. Platform can use PcdTpm2HashMask to +# mask some hash calculation. +# +# Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = HashLibTpm2 + MODULE_UNI_FILE = HashLibTpm2.uni + FILE_GUID = 1317F0D5-7842-475c-B1CA-6EDC20DCBE7D + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = HashLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + HashLibTpm2.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + MemoryAllocationLib + PcdLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.uni new file mode 100644 index 00000000..5c5484d8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/HashLibTpm2/HashLibTpm2.uni @@ -0,0 +1,17 @@ +// /** @file
+// Provides hash service using TPM2 device
+//
+// This library uses TPM2 device to calculate hash. Platform can use PcdTpm2HashMask to
+// mask some hash calculation.
+//
+// Copyright (c) 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides hash service using TPM2 device"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library uses TPM2 device to calculate hash. Platform can use PcdTpm2HashMask to mask some hash calculation."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c new file mode 100644 index 00000000..85b1c249 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.c @@ -0,0 +1,381 @@ +/** @file + + This library registers RSA 2048 SHA 256 guided section handler + to parse RSA 2048 SHA 256 encapsulation section and extract raw data. + It uses the BaseCryptLib based on OpenSSL to authenticate the signature. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Protocol/Hash.h> +#include <Library/ExtractGuidedSectionLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/PcdLib.h> +#include <Guid/WinCertificate.h> +#include <Library/BaseCryptLib.h> +#include <Library/PerformanceLib.h> +#include <Guid/SecurityPkgTokenSpace.h> + +/// +/// RSA 2048 SHA 256 Guided Section header +/// +typedef struct { + EFI_GUID_DEFINED_SECTION GuidedSectionHeader; ///< EFI guided section header + EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature +} RSA_2048_SHA_256_SECTION_HEADER; + +typedef struct { + EFI_GUID_DEFINED_SECTION2 GuidedSectionHeader; ///< EFI guided section header + EFI_CERT_BLOCK_RSA_2048_SHA256 CertBlockRsa2048Sha256; ///< RSA 2048-bit Signature +} RSA_2048_SHA_256_SECTION2_HEADER; + +/// +/// Public Exponent of RSA Key. +/// +CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 }; + +/** + + GetInfo gets raw data size and attribute of the input guided section. + It first checks whether the input guid section is supported. + If not, EFI_INVALID_PARAMETER will return. + + @param InputSection Buffer containing the input GUIDed section to be processed. + @param OutputBufferSize The size of OutputBuffer. + @param ScratchBufferSize The size of ScratchBuffer. + @param SectionAttribute The attribute of the input guided section. + + @retval EFI_SUCCESS The size of destination buffer, the size of scratch buffer and + the attribute of the input section are successfully retrieved. + @retval EFI_INVALID_PARAMETER The GUID in InputSection does not match this instance guid. + +**/ +EFI_STATUS +EFIAPI +Rsa2048Sha256GuidedSectionGetInfo ( + IN CONST VOID *InputSection, + OUT UINT32 *OutputBufferSize, + OUT UINT32 *ScratchBufferSize, + OUT UINT16 *SectionAttribute + ) +{ + if (IS_SECTION2 (InputSection)) { + // + // Check whether the input guid section is recognized. + // + if (!CompareGuid ( + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION2 *) InputSection)->SectionDefinitionGuid))) { + return EFI_INVALID_PARAMETER; + } + // + // Retrieve the size and attribute of the input section data. + // + *SectionAttribute = ((EFI_GUID_DEFINED_SECTION2 *) InputSection)->Attributes; + *ScratchBufferSize = 0; + *OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION2_HEADER); + } else { + // + // Check whether the input guid section is recognized. + // + if (!CompareGuid ( + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION *) InputSection)->SectionDefinitionGuid))) { + return EFI_INVALID_PARAMETER; + } + // + // Retrieve the size and attribute of the input section data. + // + *SectionAttribute = ((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes; + *ScratchBufferSize = 0; + *OutputBufferSize = SECTION_SIZE (InputSection) - sizeof(RSA_2048_SHA_256_SECTION_HEADER); + } + + return EFI_SUCCESS; +} + +/** + + Extraction handler tries to extract raw data from the input guided section. + It also does authentication check for RSA 2048 SHA 256 signature in the input guided section. + It first checks whether the input guid section is supported. + If not, EFI_INVALID_PARAMETER will return. + + @param InputSection Buffer containing the input GUIDed section to be processed. + @param OutputBuffer Buffer to contain the output raw data allocated by the caller. + @param ScratchBuffer A pointer to a caller-allocated buffer for function internal use. + @param AuthenticationStatus A pointer to a caller-allocated UINT32 that indicates the + authentication status of the output buffer. + + @retval EFI_SUCCESS Section Data and Auth Status is extracted successfully. + @retval EFI_INVALID_PARAMETER The GUID in InputSection does not match this instance guid. + +**/ +EFI_STATUS +EFIAPI +Rsa2048Sha256GuidedSectionHandler ( + IN CONST VOID *InputSection, + OUT VOID **OutputBuffer, + IN VOID *ScratchBuffer, OPTIONAL + OUT UINT32 *AuthenticationStatus + ) +{ + EFI_STATUS Status; + UINT32 OutputBufferSize; + EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlockRsa2048Sha256; + BOOLEAN CryptoStatus; + UINT8 Digest[SHA256_DIGEST_SIZE]; + UINT8 *PublicKey; + UINTN PublicKeyBufferSize; + VOID *HashContext; + VOID *Rsa; + + HashContext = NULL; + Rsa = NULL; + + if (IS_SECTION2 (InputSection)) { + // + // Check whether the input guid section is recognized. + // + if (!CompareGuid ( + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION2 *)InputSection)->SectionDefinitionGuid))) { + return EFI_INVALID_PARAMETER; + } + + // + // Get the RSA 2048 SHA 256 information. + // + CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION2_HEADER *) InputSection)->CertBlockRsa2048Sha256; + OutputBufferSize = SECTION2_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION2_HEADER); + if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) { + PERF_INMODULE_BEGIN ("PeiRsaCopy"); + CopyMem (*OutputBuffer, (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION2_HEADER), OutputBufferSize); + PERF_INMODULE_END ("PeiRsaCopy"); + } else { + *OutputBuffer = (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION2_HEADER); + } + + // + // Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set + // + ASSERT ((((EFI_GUID_DEFINED_SECTION2 *)InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0); + *AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED; + } else { + // + // Check whether the input guid section is recognized. + // + if (!CompareGuid ( + &gEfiCertTypeRsa2048Sha256Guid, + &(((EFI_GUID_DEFINED_SECTION *)InputSection)->SectionDefinitionGuid))) { + return EFI_INVALID_PARAMETER; + } + + // + // Get the RSA 2048 SHA 256 information. + // + CertBlockRsa2048Sha256 = &((RSA_2048_SHA_256_SECTION_HEADER *)InputSection)->CertBlockRsa2048Sha256; + OutputBufferSize = SECTION_SIZE (InputSection) - sizeof (RSA_2048_SHA_256_SECTION_HEADER); + if ((((EFI_GUID_DEFINED_SECTION *)InputSection)->Attributes & EFI_GUIDED_SECTION_PROCESSING_REQUIRED) != 0) { + PERF_INMODULE_BEGIN ("PeiRsaCopy"); + CopyMem (*OutputBuffer, (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION_HEADER), OutputBufferSize); + PERF_INMODULE_END ("PeiRsaCopy"); + } else { + *OutputBuffer = (UINT8 *)InputSection + sizeof (RSA_2048_SHA_256_SECTION_HEADER); + } + + // + // Implicitly RSA 2048 SHA 256 GUIDed section should have STATUS_VALID bit set + // + ASSERT ((((EFI_GUID_DEFINED_SECTION *) InputSection)->Attributes & EFI_GUIDED_SECTION_AUTH_STATUS_VALID) != 0); + *AuthenticationStatus = EFI_AUTH_STATUS_IMAGE_SIGNED; + } + + // + // All paths from here return EFI_SUCCESS and result is returned in AuthenticationStatus + // + Status = EFI_SUCCESS; + + // + // Fail if the HashType is not SHA 256 + // + if (!CompareGuid (&gEfiHashAlgorithmSha256Guid, &CertBlockRsa2048Sha256->HashType)) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: HASH type of section is not supported\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Allocate hash context buffer required for SHA 256 + // + HashContext = AllocatePool (Sha256GetContextSize ()); + if (HashContext == NULL) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Can not allocate hash context\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Hash public key from data payload with SHA256. + // + ZeroMem (Digest, SHA256_DIGEST_SIZE); + CryptoStatus = Sha256Init (HashContext); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Init() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + CryptoStatus = Sha256Update (HashContext, &CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + CryptoStatus = Sha256Final (HashContext, Digest); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Fail if the PublicKey is not one of the public keys in PcdRsa2048Sha256PublicKeyBuffer + // + PublicKey = (UINT8 *)PcdGetPtr (PcdRsa2048Sha256PublicKeyBuffer); + DEBUG ((DEBUG_VERBOSE, "PeiPcdRsa2048Sha256: PublicKeyBuffer = %p\n", PublicKey)); + ASSERT (PublicKey != NULL); + DEBUG ((DEBUG_VERBOSE, "PeiPcdRsa2048Sha256: PublicKeyBuffer Token = %08x\n", PcdToken (PcdRsa2048Sha256PublicKeyBuffer))); + PublicKeyBufferSize = PcdGetSize (PcdRsa2048Sha256PublicKeyBuffer); + DEBUG ((DEBUG_VERBOSE, "PeiPcdRsa2048Sha256: PublicKeyBuffer Size = %08x\n", PublicKeyBufferSize)); + ASSERT ((PublicKeyBufferSize % SHA256_DIGEST_SIZE) == 0); + CryptoStatus = FALSE; + while (PublicKeyBufferSize != 0) { + if (CompareMem (Digest, PublicKey, SHA256_DIGEST_SIZE) == 0) { + CryptoStatus = TRUE; + break; + } + PublicKey = PublicKey + SHA256_DIGEST_SIZE; + PublicKeyBufferSize = PublicKeyBufferSize - SHA256_DIGEST_SIZE; + } + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Public key in section is not supported\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Generate & Initialize RSA Context. + // + Rsa = RsaNew (); + if (Rsa == NULL) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaNew() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Set RSA Key Components. + // NOTE: Only N and E are needed to be set as RSA public key for signature verification. + // + CryptoStatus = RsaSetKey (Rsa, RsaKeyN, CertBlockRsa2048Sha256->PublicKey, sizeof(CertBlockRsa2048Sha256->PublicKey)); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyN) failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + CryptoStatus = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE)); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaSetKey(RsaKeyE) failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Hash data payload with SHA256. + // + ZeroMem (Digest, SHA256_DIGEST_SIZE); + CryptoStatus = Sha256Init (HashContext); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Init() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + PERF_INMODULE_BEGIN ("PeiRsaShaData"); + CryptoStatus = Sha256Update (HashContext, *OutputBuffer, OutputBufferSize); + PERF_INMODULE_END ("PeiRsaShaData"); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Update() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + CryptoStatus = Sha256Final (HashContext, Digest); + if (!CryptoStatus) { + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: Sha256Final() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + goto Done; + } + + // + // Verify the RSA 2048 SHA 256 signature. + // + PERF_INMODULE_BEGIN ("PeiRsaVerify"); + CryptoStatus = RsaPkcs1Verify ( + Rsa, + Digest, + SHA256_DIGEST_SIZE, + CertBlockRsa2048Sha256->Signature, + sizeof (CertBlockRsa2048Sha256->Signature) + ); + PERF_INMODULE_END ("PeiRsaVerify"); + if (!CryptoStatus) { + // + // If RSA 2048 SHA 256 signature verification fails, AUTH tested failed bit is set. + // + DEBUG ((DEBUG_ERROR, "PeiRsa2048Sha256: RsaPkcs1Verify() failed\n")); + *AuthenticationStatus |= EFI_AUTH_STATUS_TEST_FAILED; + } + +Done: + // + // Free allocated resources used to perform RSA 2048 SHA 256 signature verification + // + if (Rsa != NULL) { + RsaFree (Rsa); + } + if (HashContext != NULL) { + FreePool (HashContext); + } + + DEBUG ((DEBUG_VERBOSE, "PeiRsa2048Sha256: Status = %r AuthenticationStatus = %08x\n", Status, *AuthenticationStatus)); + + return Status; +} + +/** + Register the handler to extract RSA 2048 SHA 256 guided section. + + @param FileHandle The handle of FFS header the loaded driver. + @param PeiServices The pointer to the PEI services. + + @retval EFI_SUCCESS Register successfully. + @retval EFI_OUT_OF_RESOURCES Not enough memory to register this handler. + +**/ +EFI_STATUS +EFIAPI +PeiRsa2048Sha256GuidedSectionExtractLibConstructor ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + return ExtractGuidedSectionRegisterHandlers ( + &gEfiCertTypeRsa2048Sha256Guid, + Rsa2048Sha256GuidedSectionGetInfo, + Rsa2048Sha256GuidedSectionHandler + ); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf new file mode 100644 index 00000000..c296bce2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf @@ -0,0 +1,53 @@ +## @file +# This library doesn't produce any library class. The constructor function uses +# ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler +# that parses RSA 2048 SHA 256 encapsulation section and extracts raw data. +# +# It uses the BaseCryptLib based on OpenSSL to authenticate the signature. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PeiRsa2048Sha256GuidedSectionExtractLib + FILE_GUID = FD5F2C91-4878-4007-BBA1-1B91DD325438 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL|PEI_CORE PEIM + CONSTRUCTOR = PeiRsa2048Sha256GuidedSectionExtractLibConstructor + MODULE_UNI_FILE = PeiRsa2048Sha256GuidedSectionExtractLib.uni + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + PeiRsa2048Sha256GuidedSectionExtractLib.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + ExtractGuidedSectionLib + DebugLib + BaseMemoryLib + MemoryAllocationLib + BaseCryptLib + PcdLib + PerformanceLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer ## SOMETIMES_CONSUMES + +[Guids] + gEfiCertTypeRsa2048Sha256Guid ## PRODUCES ## UNDEFINED # Specifies RSA 2048 SHA 256 authentication algorithm. + gEfiHashAlgorithmSha256Guid ## SOMETIMES_CONSUMES ## UNDEFINED + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.uni new file mode 100644 index 00000000..f0294a68 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.uni @@ -0,0 +1,19 @@ +// /** @file
+// This library doesn't produce any library class. The constructor function uses
+//
+// ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler
+// that parses RSA 2048 SHA 256 encapsulation section and extracts raw data.
+//
+// It uses the BaseCryptLib based on OpenSSL to authenticate the signature.
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides security service of RSA 2048 SHA 256 guided section verification"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library doesn't produce any library class. The constructor function uses ExtractGuidedSectionLib service to register an RSA 2048 SHA 256 guided section handler that parses RSA2048 SHA256 encapsulation section and extracts raw data. It uses the BaseCryptLib based on OpenSSL to authenticate the signature."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c new file mode 100644 index 00000000..c5560bd8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.c @@ -0,0 +1,53 @@ +/** @file + Get TPM 2.0 physical presence information. + + This library will get TPM 2.0 physical presence information. + +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> + +#include <Guid/Tcg2PhysicalPresenceData.h> +#include <Ppi/ReadOnlyVariable2.h> + +#include <Library/DebugLib.h> +#include <Library/PeiServicesLib.h> +#include <Library/PeiServicesTablePointerLib.h> +#include <Library/Tcg2PhysicalPresenceLib.h> + +/** + Return TPM2 ManagementFlags set by PP interface. + + @retval ManagementFlags TPM2 Management Flags. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibGetManagementFlags ( + VOID + ) +{ + EFI_STATUS Status; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS PpiFlags; + UINTN DataSize; + + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + ASSERT_EFI_ERROR (Status); + + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); + Status = VariablePpi->GetVariable ( + VariablePpi, + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpiFlags + ); + if (EFI_ERROR (Status)) { + PpiFlags.PPFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + } + return PpiFlags.PPFlags; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf new file mode 100644 index 00000000..40b710bf --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf @@ -0,0 +1,50 @@ +## @file +# Get TPM 2.0 physical presence information. +# +# This library will get TPM 2.0 physical presence information. +# +# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PeiTcg2PhysicalPresenceLib + MODULE_UNI_FILE = PeiTcg2PhysicalPresenceLib.uni + FILE_GUID = AB82E7BE-0970-480b-93EB-3D332B89F99E + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tcg2PhysicalPresenceLib|PEIM + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + PeiTcg2PhysicalPresenceLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + DebugLib + PeiServicesLib + PeiServicesTablePointerLib + +[Guids] + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" + gEfiTcg2PhysicalPresenceGuid + +[Ppis] + gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CONSUMES + +[Depex] + gEfiPeiReadOnlyVariable2PpiGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.uni new file mode 100644 index 00000000..f8db628d --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.uni @@ -0,0 +1,16 @@ +// /** @file
+// Get TPM 2.0 physical presence information.
+//
+// This library will get TPM 2.0 physical presence information.
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Get TPM 2.0 physical presence information."
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library will get TPM 2.0 physical presence information."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c new file mode 100644 index 00000000..9636cbe8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.c @@ -0,0 +1,74 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> + +#include <Library/BaseMemoryLib.h> +#include <Library/PeiServicesLib.h> +#include <Library/PeiServicesTablePointerLib.h> +#include <Library/DebugLib.h> +#include <Library/HobLib.h> +#include <Library/TpmMeasurementLib.h> + +#include <Ppi/Tcg.h> +#include <IndustryStandard/UefiTcgPlatform.h> + +/** + Tpm measure and log data, and extend the measurement result into a specific PCR. + + @param[in] PcrIndex PCR Index. + @param[in] EventType Event type. + @param[in] EventLog Measurement event log. + @param[in] LogLen Event log length in bytes. + @param[in] HashData The start of the data buffer to be hashed, extended. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +TpmMeasureAndLogData ( + IN UINT32 PcrIndex, + IN UINT32 EventType, + IN VOID *EventLog, + IN UINT32 LogLen, + IN VOID *HashData, + IN UINT64 HashDataLen + ) +{ + EFI_STATUS Status; + EDKII_TCG_PPI *TcgPpi; + TCG_PCR_EVENT_HDR TcgEventHdr; + + Status = PeiServicesLocatePpi ( + &gEdkiiTcgPpiGuid, + 0, + NULL, + (VOID**)&TcgPpi + ); + if (EFI_ERROR(Status)) { + return Status; + } + + TcgEventHdr.PCRIndex = PcrIndex; + TcgEventHdr.EventType = EventType; + TcgEventHdr.EventSize = LogLen; + + Status = TcgPpi->HashLogExtendEvent ( + TcgPpi, + 0, + HashData, + (UINTN)HashDataLen, + &TcgEventHdr, + EventLog + ); + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf new file mode 100644 index 00000000..e83c737f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf @@ -0,0 +1,49 @@ +## @file +# Provides TPM measurement functions for TPM1.2 and TPM 2.0 +# +# This library provides TpmMeasureAndLogData() to measure and log data, and +# extend the measurement result into a specific PCR. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PeiTpmMeasurementLib + FILE_GUID = 9A62C49D-C45A-4322-9F3C-45958DF0056B + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + LIBRARY_CLASS = TpmMeasurementLib|PEIM + MODULE_UNI_FILE = PeiTpmMeasurementLib.uni + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + PeiTpmMeasurementLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + HobLib + DebugLib + PcdLib + PrintLib + PeiServicesLib + PeiServicesTablePointerLib + +[Ppis] + gEdkiiTcgPpiGuid ## CONSUMES + +[Depex] + gEfiPeiMasterBootModePpiGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni new file mode 100644 index 00000000..7b4341b4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.uni @@ -0,0 +1,17 @@ +// /** @file
+// Provides TPM measurement functions for TPM1.2 and TPM 2.0
+//
+// This library provides TpmMeasureAndLogData() to to measure and log data, and
+// extend the measurement result into a specific PCR.
+//
+// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides TPM measurement functions for TPM1.2 and TPM 2.0"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library provides TpmMeasureAndLogData() to to measure and log data, and extend the measurement result into a specific PCR."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c new file mode 100644 index 00000000..4d1180d9 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.c @@ -0,0 +1,59 @@ +/** @file + NULL PlatformSecureLib instance does NOT really detect whether a physical present + user exists but return TRUE directly. This instance can be used to verify security + related features during platform enabling and development. It should be replaced + by a platform-specific method(e.g. Button pressed) in a real platform for product. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Uefi/UefiBaseType.h> + +BOOLEAN mUserPhysicalPresence = FALSE; + +/** + + This function provides a platform-specific method to detect whether the platform + is operating by a physically present user. + + Programmatic changing of platform security policy (such as disable Secure Boot, + or switch between Standard/Custom Secure Boot mode) MUST NOT be possible during + Boot Services or after exiting EFI Boot Services. Only a physically present user + is allowed to perform these operations. + + NOTE THAT: This function cannot depend on any EFI Variable Service since they are + not available when this function is called in AuthenticateVariable driver. + + @retval TRUE The platform is operated by a physically present user. + @retval FALSE The platform is NOT operated by a physically present user. + +**/ +BOOLEAN +EFIAPI +UserPhysicalPresent ( + VOID + ) +{ + return mUserPhysicalPresence; +} + + +/** + Save user physical presence state from a PCD to mUserPhysicalPresence. + + @retval EFI_SUCCESS PcdUserPhysicalPresence is got successfully. + +**/ +RETURN_STATUS +EFIAPI +PlatformSecureLibNullConstructor ( + VOID + ) +{ + + mUserPhysicalPresence = PcdGetBool(PcdUserPhysicalPresence); + + return RETURN_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf new file mode 100644 index 00000000..e7640618 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf @@ -0,0 +1,39 @@ +## @file +# NULL platform secure library instance that always returns TRUE for a user physical present +# +# NULL PlatformSecureLib instance does NOT really detect whether a physical present +# user exists but returns TRUE directly. This instance can be used to verify security +# related features during platform enabling and development. It should be replaced +# by a platform-specific method(e.g. Button pressed) in a real platform for product. +# +# Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PlatformSecureLibNull + MODULE_UNI_FILE = PlatformSecureLibNull.uni + FILE_GUID = 7FA68D82-10A4-4e71-9524-D3D9500D3CDF + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = PlatformSecureLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER MM_STANDALONE + CONSTRUCTOR = PlatformSecureLibNullConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + PlatformSecureLibNull.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence ## CONSUMES + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.uni new file mode 100644 index 00000000..860b8cbb --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.uni @@ -0,0 +1,19 @@ +// /** @file
+// NULL platform secure library instance that always returns TRUE for a user physical present
+//
+// NULL PlatformSecureLib instance does NOT really detect whether a physical present
+// user exists but returns TRUE directly. This instance can be used to verify security
+// related features during platform enabling and development. It should be replaced
+// by a platform-specific method(e.g. Button pressed) in a real platform for product.
+//
+// Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "NULL platform secure library instance that always returns TRUE for a user physical present"
+
+#string STR_MODULE_DESCRIPTION #language en-US "NULL PlatformSecureLib instance does NOT really detect whether a physical present user exists but returns TRUE directly. This instance can be used to verify security related features during platform enabling and development. It should be replaced by a platform-specific method(e.g. Button pressed) in a real platform for product."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c new file mode 100644 index 00000000..00a9d6b3 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.c @@ -0,0 +1,47 @@ +/** @file + NULL RpmcLib instance for build purpose. + +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/DebugLib.h> +#include <Library/RpmcLib.h> + +/** + Requests the monotonic counter from the designated RPMC counter. + + @param[out] CounterValue A pointer to a buffer to store the RPMC value. + + @retval EFI_SUCCESS The operation completed successfully. + @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. + @retval EFI_UNSUPPORTED The operation is un-supported. +**/ +EFI_STATUS +EFIAPI +RequestMonotonicCounter ( + OUT UINT32 *CounterValue + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + Increments the monotonic counter in the SPI flash device by 1. + + @retval EFI_SUCCESS The operation completed successfully. + @retval EFI_DEVICE_ERROR A device error occurred while attempting to update the counter. + @retval EFI_UNSUPPORTED The operation is un-supported. +**/ +EFI_STATUS +EFIAPI +IncrementMonotonicCounter ( + VOID + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf new file mode 100644 index 00000000..3a4a982f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf @@ -0,0 +1,33 @@ +## @file +# Provides Null version of RpmcLib for build purpose. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010029 + BASE_NAME = RpmcLibNull + FILE_GUID = FAE0BA22-92E2-4334-8F0F-96AFF9BAE360 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = RpmcLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 +# + +[Sources] + RpmcLibNull.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c new file mode 100644 index 00000000..12334b2c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.c @@ -0,0 +1,398 @@ +/** @file + Handle TPM 2.0 physical presence requests from OS. + + This library will handle TPM 2.0 physical presence request from OS. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + + Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction() + will receive untrusted input and do validation. + +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiMm.h> + +#include <Guid/Tcg2PhysicalPresenceData.h> + +#include <Protocol/SmmVariable.h> + +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tcg2PpVendorLib.h> +#include <Library/MmServicesTableLib.h> + +#define PP_INF_VERSION_1_2 "1.2" + +EFI_SMM_VARIABLE_PROTOCOL *mTcg2PpSmmVariable; +BOOLEAN mIsTcg2PPVerLowerThan_1_3 = FALSE; +UINT32 mTcg2PhysicalPresenceFlags; + +/** + The handler for TPM physical presence function: + Return TPM Operation Response to OS Environment. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + @param[out] MostRecentRequest Most recent operation request. + @param[out] Response Response to the most recent operation request. + + @return Return Code for Return TPM Operation Response to OS Environment. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( + OUT UINT32 *MostRecentRequest, + OUT UINT32 *Response + ) +{ + EFI_STATUS Status; + UINTN DataSize; + EFI_TCG2_PHYSICAL_PRESENCE PpData; + + DEBUG ((DEBUG_INFO, "[TPM2] ReturnOperationResponseToOsFunction\n")); + + // + // Get the Physical Presence variable + // + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); + if (EFI_ERROR (Status)) { + *MostRecentRequest = 0; + *Response = 0; + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status)); + return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE; + } + + *MostRecentRequest = PpData.LastPPRequest; + *Response = PpData.PPResponse; + + return TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; +} + +/** + The handler for TPM physical presence function: + Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + @param[in, out] Pointer to OperationRequest TPM physical presence operation request. + @param[in, out] Pointer to RequestParameter TPM physical presence operation request parameter. + + @return Return Code for Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + **/ +UINT32 +Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( + IN OUT UINT32 *OperationRequest, + IN OUT UINT32 *RequestParameter + ) +{ + EFI_STATUS Status; + UINT32 ReturnCode; + UINTN DataSize; + EFI_TCG2_PHYSICAL_PRESENCE PpData; + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; + + DEBUG ((DEBUG_INFO, "[TPM2] SubmitRequestToPreOSFunction, Request = %x, %x\n", *OperationRequest, *RequestParameter)); + ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; + + // + // Get the Physical Presence variable + // + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status)); + ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; + goto EXIT; + } + + if ((*OperationRequest > TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) && + (*OperationRequest < TCG2_PHYSICAL_PRESENCE_STORAGE_MANAGEMENT_BEGIN) ) { + ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; + goto EXIT; + } + + if ((PpData.PPRequest != *OperationRequest) || + (PpData.PPRequestParameter != *RequestParameter)) { + PpData.PPRequest = (UINT8)*OperationRequest; + PpData.PPRequestParameter = *RequestParameter; + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = mTcg2PpSmmVariable->SmmSetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &PpData + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[TPM2] Set PP variable failure! Status = %r\n", Status)); + ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; + goto EXIT; + } + } + + if (*OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &Flags + ); + if (EFI_ERROR (Status)) { + Flags.PPFlags = mTcg2PhysicalPresenceFlags; + } + ReturnCode = Tcg2PpVendorLibSubmitRequestToPreOSFunction (*OperationRequest, Flags.PPFlags, *RequestParameter); + } + +EXIT: + // + // Sync PPRQ/PPRM from PP Variable if PP submission fails + // + if (ReturnCode != TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { + DEBUG ((DEBUG_ERROR, "[TPM2] Submit PP Request failure! Sync PPRQ/PPRM with PP variable.\n", Status)); + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + ZeroMem(&PpData, DataSize); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); + *OperationRequest = (UINT32)PpData.PPRequest; + *RequestParameter = PpData.PPRequestParameter; + } + + return ReturnCode; +} + +/** + The handler for TPM physical presence function: + Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] RequestParameter TPM physical presence operation request parameter. + + @return Return Code for Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction ( + IN UINT32 OperationRequest, + IN UINT32 RequestParameter + ) +{ + UINT32 TempOperationRequest; + UINT32 TempRequestParameter; + + TempOperationRequest = OperationRequest; + TempRequestParameter = RequestParameter; + + return Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx(&TempOperationRequest, &TempRequestParameter); +} + +/** + The handler for TPM physical presence function: + Get User Confirmation Status for Operation. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + @param[in] OperationRequest TPM physical presence operation request. + + @return Return Code for Get User Confirmation Status for Operation. +**/ +UINT32 +EFIAPI +Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction ( + IN UINT32 OperationRequest + ) +{ + EFI_STATUS Status; + UINTN DataSize; + EFI_TCG2_PHYSICAL_PRESENCE PpData; + EFI_TCG2_PHYSICAL_PRESENCE_FLAGS Flags; + BOOLEAN RequestConfirmed; + + DEBUG ((DEBUG_INFO, "[TPM2] GetUserConfirmationStatusFunction, Request = %x\n", OperationRequest)); + + // + // Get the Physical Presence variable + // + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP variable failure! Status = %r\n", Status)); + return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; + } + // + // Get the Physical Presence flags + // + DataSize = sizeof (EFI_TCG2_PHYSICAL_PRESENCE_FLAGS); + Status = mTcg2PpSmmVariable->SmmGetVariable ( + TCG2_PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiTcg2PhysicalPresenceGuid, + NULL, + &DataSize, + &Flags + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[TPM2] Get PP flags failure! Status = %r\n", Status)); + return TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; + } + + RequestConfirmed = FALSE; + + switch (OperationRequest) { + case TCG2_PHYSICAL_PRESENCE_CLEAR: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_2: + case TCG2_PHYSICAL_PRESENCE_ENABLE_CLEAR_3: + if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR) == 0) { + RequestConfirmed = TRUE; + } + break; + + case TCG2_PHYSICAL_PRESENCE_NO_ACTION: + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_TRUE: + RequestConfirmed = TRUE; + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_CLEAR_FALSE: + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: + if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS) == 0) { + RequestConfirmed = TRUE; + } + break; + + case TCG2_PHYSICAL_PRESENCE_CHANGE_EPS: + if ((Flags.PPFlags & TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS) == 0) { + RequestConfirmed = TRUE; + } + break; + + case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: + RequestConfirmed = TRUE; + break; + + case TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID: + if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) == 0) { + RequestConfirmed = TRUE; + } + break; + + case TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID: + if ((Flags.PPFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) == 0) { + RequestConfirmed = TRUE; + } + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE: + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE: + RequestConfirmed = TRUE; + break; + + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE: + case TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE: + break; + + default: + if (!mIsTcg2PPVerLowerThan_1_3) { + if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + // + // TCG2 PP1.3 spec defined operations that are reserved or un-implemented + // + return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; + } + } else { + // + // TCG PP lower than 1.3. (1.0, 1.1, 1.2) + // + if (OperationRequest <= TCG2_PHYSICAL_PRESENCE_NO_ACTION_MAX) { + RequestConfirmed = TRUE; + } else if (OperationRequest < TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; + } + } + break; + } + + if (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + return Tcg2PpVendorLibGetUserConfirmationStatusFunction (OperationRequest, Flags.PPFlags); + } + + if (RequestConfirmed) { + return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED; + } else { + return TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED; + } +} + +/** + The constructor function locates SmmVariable protocol. + + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + @retval EFI_SUCCESS The constructor successfully added string package. + @retval Other value The constructor can't add string package. +**/ +EFI_STATUS +Tcg2PhysicalPresenceLibCommonConstructor ( + VOID + ) +{ + EFI_STATUS Status; + + if (AsciiStrnCmp(PP_INF_VERSION_1_2, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer), sizeof(PP_INF_VERSION_1_2) - 1) >= 0) { + mIsTcg2PPVerLowerThan_1_3 = TRUE; + } + + // + // Locate SmmVariableProtocol. + // + Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mTcg2PpSmmVariable); + ASSERT_EFI_ERROR (Status); + + mTcg2PhysicalPresenceFlags = PcdGet32(PcdTcg2PhysicalPresenceFlags); + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.h new file mode 100644 index 00000000..5dabb4c2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/MmTcg2PhysicalPresenceLibCommon.h @@ -0,0 +1,34 @@ +/** @file + Handle TPM 2.0 physical presence requests from OS. + + This library will handle TPM 2.0 physical presence request from OS. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + + Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction() + will receive untrusted input and do validation. + +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _MM_TCG2_PHYSICAL_PRESENCE_LIB_COMMON_H_ +#define _MM_TCG2_PHYSICAL_PRESENCE_LIB_COMMON_H_ + +/** + The constructor function locates MmVariable protocol. + + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + @retval EFI_SUCCESS The constructor successfully added string package. + @retval Other value The constructor can't add string package. +**/ +EFI_STATUS +Tcg2PhysicalPresenceLibCommonConstructor ( + VOID + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c new file mode 100644 index 00000000..d43f1611 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.c @@ -0,0 +1,41 @@ +/** @file + Handle TPM 2.0 physical presence requests from OS. + + This library will handle TPM 2.0 physical presence request from OS. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + + Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction() + will receive untrusted input and do validation. + +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiSmm.h> + +#include "MmTcg2PhysicalPresenceLibCommon.h" + +/** + The constructor function locates SmmVariable protocol. + + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor successfully added string package. + @retval Other value The constructor can't add string package. +**/ +EFI_STATUS +EFIAPI +Tcg2PhysicalPresenceLibTraditionalConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return Tcg2PhysicalPresenceLibCommonConstructor (); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf new file mode 100644 index 00000000..b60073cc --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf @@ -0,0 +1,58 @@ +## @file +# Handle TPM 2.0 physical presence requests from OS. +# +# This library will handle TPM 2.0 physical presence request from OS. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SmmTcg2PhysicalPresenceLib + MODULE_UNI_FILE = SmmTcg2PhysicalPresenceLib.uni + FILE_GUID = AAE02741-858B-4964-9887-CA870489D944 + MODULE_TYPE = DXE_SMM_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tcg2PhysicalPresenceLib|DXE_SMM_DRIVER + CONSTRUCTOR = Tcg2PhysicalPresenceLibTraditionalConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + SmmTcg2PhysicalPresenceLib.c + MmTcg2PhysicalPresenceLibCommon.c + MmTcg2PhysicalPresenceLibCommon.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + DebugLib + Tcg2PpVendorLib + MmServicesTableLib + BaseMemoryLib + +[Guids] + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" + gEfiTcg2PhysicalPresenceGuid + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CONSUMES + +[Depex] + gEfiSmmVariableProtocolGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.uni new file mode 100644 index 00000000..2428b773 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.uni @@ -0,0 +1,21 @@ +// /** @file
+// Handle TPM 2.0 physical presence requests from OS.
+//
+// This library will handle TPM 2.0 physical presence request from OS.
+//
+// Caution: This module requires additional review when modified.
+// This driver will have external input - variable.
+// This external input must be validated carefully to avoid security issue.
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Handle TPM 2.0 physical presence requests from OS"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library will handle TPM 2.0 physical presence request from OS.\n"
+ "Caution: This module requires additional review when modified. This driver will have external input - variable. This external input must be validated carefully to avoid security issue."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.c new file mode 100644 index 00000000..87d9e634 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.c @@ -0,0 +1,42 @@ +/** @file + Handle TPM 2.0 physical presence requests from OS. + + This library will handle TPM 2.0 physical presence request from OS. + + Caution: This module requires additional review when modified. + This driver will have external input - variable. + This external input must be validated carefully to avoid security issue. + + Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction() and Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction() + will receive untrusted input and do validation. + +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiMm.h> + +#include "MmTcg2PhysicalPresenceLibCommon.h" + +/** + The constructor function locates SmmVariable protocol. + + It will ASSERT() if that operation fails and it will always return EFI_SUCCESS. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The constructor successfully added string package. + @retval Other value The constructor can't add string package. +**/ +EFI_STATUS +EFIAPI +Tcg2PhysicalPresenceLibStandaloneMmConstructor ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return Tcg2PhysicalPresenceLibCommonConstructor (); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf new file mode 100644 index 00000000..1b69efe8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf @@ -0,0 +1,62 @@ +## @file +# Handle TPM 2.0 physical presence requests from OS. +# +# This library will handle TPM 2.0 physical presence request from OS. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = StandaloneMmTcg2PhysicalPresenceLib + FILE_GUID = 75E3D07B-689C-4F42-A8A0-46AFAE868A6F + MODULE_TYPE = MM_STANDALONE + PI_SPECIFICATION_VERSION = 0x00010032 + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tcg2PhysicalPresenceLib|MM_STANDALONE + CONSTRUCTOR = Tcg2PhysicalPresenceLibStandaloneMmConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + StandaloneMmTcg2PhysicalPresenceLib.c + MmTcg2PhysicalPresenceLibCommon.c + MmTcg2PhysicalPresenceLibCommon.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + DebugLib + Tcg2PpVendorLib + MmServicesTableLib + BaseMemoryLib + +[Guids] + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" + gEfiTcg2PhysicalPresenceGuid + +[Protocols] + gEfiSmmVariableProtocolGuid ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags ## SOMETIMES_CONSUMES + +[Depex] + gEfiSmmVariableProtocolGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c new file mode 100644 index 00000000..de3d8374 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.c @@ -0,0 +1,127 @@ +/** @file + NULL Tcg2 PP Vendor library instance that does not support any vendor specific PPI. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/DebugLib.h> +#include <Library/Tcg2PpVendorLib.h> + +/** + Check and execute the requested physical presence command. + + This API should be invoked in BIOS boot phase to process pending request. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] OperationRequest TPM physical presence operation request. + @param[in, out] ManagementFlags BIOS TPM Management Flags. + @param[out] ResetRequired If reset is required to vendor settings in effect. + True, it indicates the reset is required. + False, it indicates the reset is not required. + + @return TPM Operation Response to OS Environment. +**/ +UINT32 +EFIAPI +Tcg2PpVendorLibExecutePendingRequest ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN UINT32 OperationRequest, + IN OUT UINT32 *ManagementFlags, + OUT BOOLEAN *ResetRequired + ) +{ + ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; +} + +/** + Check if there is a valid physical presence command request. + + This API should be invoked in BIOS boot phase to process pending request. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. + True, it indicates the command doesn't require user confirm. + False, it indicates the command need user confirm from UI. + + @retval TRUE Physical Presence operation command is valid. + @retval FALSE Physical Presence operation command is invalid. +**/ +BOOLEAN +EFIAPI +Tcg2PpVendorLibHasValidRequest ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + OUT BOOLEAN *RequestConfirmed + ) +{ + ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); + return FALSE; +} + +/** + The callback for TPM vendor specific physical presence which is called for + Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + @param[in] RequestParameter Extra parameter from the passed package. + + @return Return Code for Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. +**/ +UINT32 +EFIAPI +Tcg2PpVendorLibSubmitRequestToPreOSFunction ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + IN UINT32 RequestParameter + ) +{ + ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); + return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; +} + +/** + The callback for TPM vendor specific physical presence which is called for + Get User Confirmation Status for Operation. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + + @return Return Code for Get User Confirmation Status for Operation. +**/ +UINT32 +EFIAPI +Tcg2PpVendorLibGetUserConfirmationStatusFunction ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags + ) +{ + ASSERT (OperationRequest >= TCG2_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); + return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf new file mode 100644 index 00000000..71ab0862 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf @@ -0,0 +1,32 @@ +## @file +# NULL Tcg PP Vendor library instance that does not support any vendor specific PPI +# +# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2PpVendorLibNull + MODULE_UNI_FILE = Tcg2PpVendorLibNull.uni + FILE_GUID = 51924AE9-BE81-4820-94BA-7C9546E702D0 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tcg2PpVendorLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER MM_STANDALONE + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + Tcg2PpVendorLibNull.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + DebugLib diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.uni new file mode 100644 index 00000000..f8140ab1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.uni @@ -0,0 +1,13 @@ +// /** @file
+// NULL Tcg PP Vendor library instance that does not support any vendor specific PPI
+//
+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "NULL Tcg PP Vendor library instance that does not support any vendor specific PPI"
+
+#string STR_MODULE_DESCRIPTION #language en-US "NULL Tcg PP Vendor library instance that does not support any vendor specific PPI."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c new file mode 100644 index 00000000..02dbbeb9 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.c @@ -0,0 +1,197 @@ +/** @file + This library is used by other modules to measure data to TPM. + +Copyright (c) 2020, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Uefi/UefiBaseType.h> +#include <Pi/PiFirmwareVolume.h> + +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/ReportStatusCodeLib.h> +#include <Library/PcdLib.h> +#include <Library/PrintLib.h> +#include <Library/TcgEventLogRecordLib.h> +#include <Library/TpmMeasurementLib.h> + +#include <IndustryStandard/UefiTcgPlatform.h> + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +TpmMeasurementGetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >= MAX_ADDRESS) { + return NULL; + } + if (FvLength >= MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->Signature != EFI_FVH_SIGNATURE) { + return NULL; + } + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) { + return NULL; + } + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Measure a FirmwareBlob. + + @param[in] PcrIndex PcrIndex of the measurement. + @param[in] Description Description for this FirmwareBlob. + @param[in] FirmwareBlobBase Base address of this FirmwareBlob. + @param[in] FirmwareBlobLength Size in bytes of this FirmwareBlob. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +MeasureFirmwareBlob ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_PHYSICAL_ADDRESS FirmwareBlobBase, + IN UINT64 FirmwareBlobLength + ) +{ + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + PLATFORM_FIRMWARE_BLOB2_STRUCT FvBlob2; + VOID *FvName; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength); + + if (((Description != NULL) || (FvName != NULL)) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) { + if (Description != NULL) { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "%a", Description); + } else { + AsciiSPrint((CHAR8*)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); + } + + FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription); + FvBlob2.BlobBase = FirmwareBlobBase; + FvBlob2.BlobLength = FirmwareBlobLength; + + EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2; + EventLog = &FvBlob2; + EventLogSize = sizeof(FvBlob2); + } else { + FvBlob.BlobBase = FirmwareBlobBase; + FvBlob.BlobLength = FirmwareBlobLength; + + EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB; + EventLog = &FvBlob; + EventLogSize = sizeof(FvBlob); + } + + Status = TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + (VOID*)(UINTN)FirmwareBlobBase, + FirmwareBlobLength + ); + + return Status; +} + +/** + Measure a HandoffTable. + + @param[in] PcrIndex PcrIndex of the measurement. + @param[in] Description Description for this HandoffTable. + @param[in] TableGuid GUID of this HandoffTable. + @param[in] TableAddress Base address of this HandoffTable. + @param[in] TableLength Size in bytes of this HandoffTable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED TPM device not available. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +EFIAPI +MeasureHandoffTable ( + IN UINT32 PcrIndex, + IN CHAR8 *Description OPTIONAL, + IN EFI_GUID *TableGuid, + IN VOID *TableAddress, + IN UINTN TableLength + ) +{ + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + HANDOFF_TABLE_POINTERS2_STRUCT HandoffTables2; + UINT32 EventType; + VOID *EventLog; + UINT32 EventLogSize; + EFI_STATUS Status; + + if ((Description != NULL) && + (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105)) { + AsciiSPrint((CHAR8*)HandoffTables2.TableDescription, sizeof(HandoffTables2.TableDescription), "%a", Description); + + HandoffTables2.TableDescriptionSize = sizeof(HandoffTables2.TableDescription); + HandoffTables2.NumberOfTables = 1; + CopyGuid (&(HandoffTables2.TableEntry[0].VendorGuid), TableGuid); + HandoffTables2.TableEntry[0].VendorTable = TableAddress; + + EventType = EV_EFI_HANDOFF_TABLES2; + EventLog = &HandoffTables2; + EventLogSize = sizeof(HandoffTables2); + } else { + HandoffTables.NumberOfTables = 1; + CopyGuid (&(HandoffTables.TableEntry[0].VendorGuid), TableGuid); + HandoffTables.TableEntry[0].VendorTable = TableAddress; + + EventType = EV_EFI_HANDOFF_TABLES; + EventLog = &HandoffTables; + EventLogSize = sizeof(HandoffTables); + } + + Status = TpmMeasureAndLogData ( + PcrIndex, + EventType, + EventLog, + EventLogSize, + TableAddress, + TableLength + ); + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf new file mode 100644 index 00000000..567cb436 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf @@ -0,0 +1,40 @@ +## @file +# Provides interface for firmwware TPM measurement +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TcgEventLogRecordLib + MODULE_UNI_FILE = TcgEventLogRecordLib.uni + FILE_GUID = F8125B2A-3922-4A22-A6F8-3B6159A25A3B + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + TcgEventLogRecordLib.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + PcdLib + TpmMeasurementLib + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni new file mode 100644 index 00000000..b1ca4100 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.uni @@ -0,0 +1,17 @@ +// /** @file
+// Provides interface for firmwware TPM measurement
+//
+// This library provides MeasureFirmwareBlob() and MeasureHandoffTable()
+// to measure and log data, and extend the measurement result into a specific PCR.
+//
+// Copyright (c) 2020, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides Firmware TPM measurement functions for TPM1.2 and TPM 2.0"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library provides MeasureFirmwareBlob() and MeasureHandoffTable() to measure and log data, and extend the measurement result into a specific PCR."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c new file mode 100644 index 00000000..2dd8c0c7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.c @@ -0,0 +1,123 @@ +/** @file + NULL TCG PP Vendor library instance that does not support any vendor specific PPI. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/DebugLib.h> +#include <Library/TcgPpVendorLib.h> + +/** + Check and execute the requested physical presence command. + + This API should be invoked in BIOS boot phase to process pending request. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in, out] ManagementFlags BIOS TPM Management Flags. + @param[out] ResetRequired If reset is required to vendor settings in effect. + True, it indicates the reset is required. + False, it indicates the reset is not required. + + @return TPM Operation Response to OS Environment. +**/ +UINT32 +EFIAPI +TcgPpVendorLibExecutePendingRequest ( + IN UINT32 OperationRequest, + IN OUT UINT32 *ManagementFlags, + OUT BOOLEAN *ResetRequired + ) +{ + ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); + return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; +} + +/** + Check if there is a valid physical presence command request. + + This API should be invoked in BIOS boot phase to process pending request. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + @param[out] RequestConfirmed If the physical presence operation command required user confirm from UI. + True, it indicates the command doesn't require user confirm. + False, it indicates the command need user confirm from UI. + + @retval TRUE Physical Presence operation command is valid. + @retval FALSE Physical Presence operation command is invalid. +**/ +BOOLEAN +EFIAPI +TcgPpVendorLibHasValidRequest ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags, + OUT BOOLEAN *RequestConfirmed + ) +{ + ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); + return FALSE; +} + +/** + The callback for TPM vendor specific physical presence which is called for + Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + + @return Return Code for Submit TPM Operation Request to Pre-OS Environment and + Submit TPM Operation Request to Pre-OS Environment 2. +**/ +UINT32 +EFIAPI +TcgPpVendorLibSubmitRequestToPreOSFunction ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags + ) +{ + ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); + return TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; +} + +/** + The callback for TPM vendor specific physical presence which is called for + Get User Confirmation Status for Operation. + + This API should be invoked in OS runtime phase to interface with ACPI method. + + Caution: This function may receive untrusted input. + + If OperationRequest < 128, then ASSERT(). + + @param[in] OperationRequest TPM physical presence operation request. + @param[in] ManagementFlags BIOS TPM Management Flags. + + @return Return Code for Get User Confirmation Status for Operation. +**/ +UINT32 +EFIAPI +TcgPpVendorLibGetUserConfirmationStatusFunction ( + IN UINT32 OperationRequest, + IN UINT32 ManagementFlags + ) +{ + ASSERT (OperationRequest >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION); + return TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf new file mode 100644 index 00000000..1f95596a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf @@ -0,0 +1,32 @@ +## @file +# NULL TCG PP Vendor library instance that does not support any vendor specific PPI +# +# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TcgPpVendorLibNull + MODULE_UNI_FILE = TcgPpVendorLibNull.uni + FILE_GUID = 8489334D-4219-4CA1-9B42-1D46B0B75861 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = TcgPpVendorLib|DXE_RUNTIME_DRIVER DXE_SMM_DRIVER DXE_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + TcgPpVendorLibNull.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + DebugLib diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.uni new file mode 100644 index 00000000..53e6ef4d --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.uni @@ -0,0 +1,13 @@ +// /** @file
+// NULL TCG PP Vendor library instance that does not support any vendor specific PPI
+//
+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_MODULE_ABSTRACT #language en-US "NULL TCG PP Vendor library instance that does not support any vendor specific PPI"
+
+#string STR_MODULE_DESCRIPTION #language en-US "NULL TCG PP Vendor library instance that does not support any vendor specific PPI."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c new file mode 100644 index 00000000..8f759312 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCore.c @@ -0,0 +1,1646 @@ +/** @file + Provide functions to provide tcg storage core spec related functions. + +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/TcgStorageCoreLib.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +//#include <Library/PrintLib.h> + +/** + Required to be called before calling any other Tcg functions with the TCG_CREATE_STRUCT. + Initializes the packet variables to NULL. Additionally, the buffer will be memset. + + @param [in/out] CreateStruct Structure to initialize + @param [in] Buffer Buffer allocated by client of library. It will contain the Tcg encoded packet. This cannot be null. + @param [in] BufferSize Size of buffer provided. It cannot be 0. + + @retval Return the action result. +**/ +TCG_RESULT +EFIAPI +TcgInitTcgCreateStruct( + TCG_CREATE_STRUCT *CreateStruct, + VOID *Buffer, + UINT32 BufferSize + ) +{ + NULL_CHECK(CreateStruct); + NULL_CHECK(Buffer); + + if (BufferSize == 0) { + DEBUG ((DEBUG_INFO, "BufferSize=0\n")); + return (TcgResultFailureZeroSize); + } + + ZeroMem(Buffer, BufferSize); + CreateStruct->BufferSize = BufferSize; + CreateStruct->Buffer = Buffer; + CreateStruct->ComPacket = NULL; + CreateStruct->CurPacket = NULL; + CreateStruct->CurSubPacket = NULL; + + return (TcgResultSuccess); +} + +/** + + Encodes the ComPacket header to the data structure. + + @param[in/out] CreateStruct Structure to initialize + @param[in] ComId ComID of the Tcg ComPacket. + @param[in] ComIdExtension ComID Extension of the Tcg ComPacket. + +**/ +TCG_RESULT +EFIAPI +TcgStartComPacket( + TCG_CREATE_STRUCT *CreateStruct, + UINT16 ComId, + UINT16 ComIdExtension + ) +{ + NULL_CHECK(CreateStruct); + + if (CreateStruct->ComPacket != NULL || + CreateStruct->CurPacket != NULL || + CreateStruct->CurSubPacket != NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, + CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + if (sizeof(TCG_COM_PACKET) > CreateStruct->BufferSize) { + DEBUG ((DEBUG_INFO, "BufferSize=0x%X\n", CreateStruct->BufferSize)); + return (TcgResultFailureBufferTooSmall); + } + + CreateStruct->ComPacket = (TCG_COM_PACKET*)CreateStruct->Buffer; + CreateStruct->ComPacket->ComIDBE = SwapBytes16(ComId); + CreateStruct->ComPacket->ComIDExtensionBE = SwapBytes16(ComIdExtension); + + return (TcgResultSuccess); +} + +/** + + Starts a new ComPacket in the Data structure. + + @param [in/out] CreateStruct Structure used to add Tcg Packet + @param[in] Tsn Packet Tper session number + @param[in] Hsn Packet Host session number + @param[in] SeqNumber Packet Sequence Number + @param[in] AckType Packet Acknowledge Type + @param[in] Ack Packet Acknowledge + +**/ +TCG_RESULT +EFIAPI +TcgStartPacket( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 Tsn, + UINT32 Hsn, + UINT32 SeqNumber, + UINT16 AckType, + UINT32 Ack + ) +{ + UINT32 AddedSize; + NULL_CHECK(CreateStruct); + + AddedSize = 0; + + if (CreateStruct->ComPacket == NULL || + CreateStruct->CurPacket != NULL || + CreateStruct->CurSubPacket != NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + // update TCG_COM_PACKET and packet lengths + AddedSize = sizeof(TCG_PACKET); + + if ((SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize) > CreateStruct->BufferSize) { + DEBUG ((DEBUG_INFO, "BufferSize=0x%X\n", CreateStruct->BufferSize)); + return (TcgResultFailureBufferTooSmall); + } + + CreateStruct->CurPacket = (TCG_PACKET*)(CreateStruct->ComPacket->Payload + SwapBytes32(CreateStruct->ComPacket->LengthBE)); + + CreateStruct->CurPacket->TperSessionNumberBE = SwapBytes32( Tsn ); + CreateStruct->CurPacket->HostSessionNumberBE = SwapBytes32( Hsn ); + CreateStruct->CurPacket->SequenceNumberBE = SwapBytes32( SeqNumber ); + CreateStruct->CurPacket->AckTypeBE = SwapBytes16( AckType ); + CreateStruct->CurPacket->AcknowledgementBE = SwapBytes32( Ack ); + + CreateStruct->CurPacket->LengthBE = 0; + + // update TCG_COM_PACKET Length for next pointer + CreateStruct->ComPacket->LengthBE = SwapBytes32( SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize ); + + return (TcgResultSuccess); +} + +/** + + Starts a new SubPacket in the Data structure. + + @param[in/out] CreateStruct Structure used to start Tcg SubPacket + @param[in] Kind SubPacket kind + +**/ +TCG_RESULT +EFIAPI +TcgStartSubPacket( + TCG_CREATE_STRUCT *CreateStruct, + UINT16 Kind + ) +{ + UINT32 AddedSize; + + NULL_CHECK(CreateStruct); + + AddedSize = 0; + + if (CreateStruct->ComPacket == NULL || + CreateStruct->CurPacket == NULL || + CreateStruct->CurSubPacket != NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + AddedSize = sizeof(TCG_SUB_PACKET); + + if ((SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize) > CreateStruct->BufferSize) { + DEBUG ((DEBUG_INFO, "BufferSize=0x%X\n", CreateStruct->BufferSize)); + return (TcgResultFailureBufferTooSmall); + } + + CreateStruct->CurSubPacket = (TCG_SUB_PACKET*)(CreateStruct->CurPacket->Payload + SwapBytes32(CreateStruct->CurPacket->LengthBE)); + CreateStruct->CurSubPacket->KindBE = SwapBytes16(Kind); + + // update lengths + CreateStruct->CurSubPacket->LengthBE = 0; + + // update TCG_COM_PACKET and packet lengths + CreateStruct->ComPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize); + CreateStruct->CurPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->CurPacket->LengthBE) + AddedSize); + + return (TcgResultSuccess); +} + +/** + + Ends the current SubPacket in the Data structure. This function will also perform the 4-byte padding + required for Subpackets. + + @param[in/out] CreateStruct Structure used to end the current Tcg SubPacket + +**/ +TCG_RESULT +EFIAPI +TcgEndSubPacket( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + UINT32 PadSize; + + NULL_CHECK(CreateStruct); + + PadSize = 0; + + if (CreateStruct->ComPacket == NULL || + CreateStruct->CurPacket == NULL || + CreateStruct->CurSubPacket == NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + // align to 4-byte boundaries, so shift padding + // pad Size does not apply to subpacket Length + PadSize = TCG_SUBPACKET_ALIGNMENT - (SwapBytes32(CreateStruct->CurSubPacket->LengthBE) & (TCG_SUBPACKET_ALIGNMENT - 1)); + + if (PadSize == TCG_SUBPACKET_ALIGNMENT) { + PadSize = 0; + } + + if ((SwapBytes32(CreateStruct->ComPacket->LengthBE) + PadSize) > CreateStruct->BufferSize) { + DEBUG ((DEBUG_INFO, "BufferSize=0x%X\n", CreateStruct->BufferSize)); + return (TcgResultFailureBufferTooSmall); + } + + CreateStruct->CurPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->CurPacket->LengthBE) + PadSize); + CreateStruct->ComPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->ComPacket->LengthBE) + PadSize); + + CreateStruct->CurSubPacket = NULL; + + return (TcgResultSuccess); +} + +/** + + Ends the current Packet in the Data structure. + + @param[in/out] CreateStruct Structure used to end the current Tcg Packet + +**/ +TCG_RESULT +EFIAPI +TcgEndPacket( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + NULL_CHECK(CreateStruct); + + if (CreateStruct->ComPacket == NULL || + CreateStruct->CurPacket == NULL || + CreateStruct->CurSubPacket != NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + CreateStruct->CurPacket = NULL; + + return (TcgResultSuccess); +} + +/** + + Ends the ComPacket in the Data structure and ret + + @param [in/out] CreateStruct Structure used to end the Tcg ComPacket + @param [in/out] Size Describes the Size of the entire ComPacket (Header and payload). Filled out by function. + +**/ +TCG_RESULT +EFIAPI +TcgEndComPacket( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size + ) +{ + NULL_CHECK(CreateStruct); + NULL_CHECK(Size); + + if (CreateStruct->ComPacket == NULL || + CreateStruct->CurPacket != NULL || + CreateStruct->CurSubPacket != NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + *Size = SwapBytes32(CreateStruct->ComPacket->LengthBE) + sizeof(*CreateStruct->ComPacket); + CreateStruct->ComPacket = NULL; + + return (TcgResultSuccess); +} + +/** + Adds raw Data with optional Header + + @param CreateStruct The create structure. + @param Header The header structure. + @param HeaderSize The header size. + @param Data The data need to add. + @param DataSize The data size. + @param ByteSwapData Whether byte or swap data. + +**/ +TCG_RESULT +TcgAddRawTokenData( + TCG_CREATE_STRUCT *CreateStruct, + const VOID *Header, + UINT8 HeaderSize, + const VOID *Data, + UINT32 DataSize, + BOOLEAN ByteSwapData + ) +{ + UINT32 AddedSize; + UINT8* Dest; + const UINT8* DataBytes; + UINT32 Index; + + AddedSize = 0; + Index = 0; + Dest = NULL; + + NULL_CHECK(CreateStruct); + + if ((HeaderSize != 0 && Header == NULL) || + (DataSize != 0 && Data == NULL) + ) { + DEBUG ((DEBUG_INFO, "HeaderSize=0x%X Header=%p DataSize=0x%X Data=%p\n", HeaderSize, Header, DataSize, Data)); + return (TcgResultFailureNullPointer); + } + + if (CreateStruct->ComPacket == NULL || + CreateStruct->CurPacket == NULL || + CreateStruct->CurSubPacket == NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + // verify there is enough Buffer Size + AddedSize = HeaderSize + DataSize; + if ((SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize) > CreateStruct->BufferSize) { + return (TcgResultFailureBufferTooSmall); + } + + // Get a pointer to where the new bytes should go + Dest = CreateStruct->ComPacket->Payload + SwapBytes32(CreateStruct->ComPacket->LengthBE); + + switch (HeaderSize) { + case sizeof(TCG_SIMPLE_TOKEN_SHORT_ATOM): + case sizeof(TCG_SIMPLE_TOKEN_MEDIUM_ATOM): + case sizeof(TCG_SIMPLE_TOKEN_LONG_ATOM): + CopyMem(Dest, Header, HeaderSize); + Dest += HeaderSize; + case 0: // no Header is valid + break; + // invalid Header Size + default: + DEBUG ((DEBUG_INFO, "unsupported HeaderSize=%u\n", HeaderSize)); + return TcgResultFailure; + } + + // copy the Data bytes + if (ByteSwapData) { + DataBytes = (const UINT8*)Data; + for (Index = 0; Index < DataSize; Index++) { + Dest[Index] = DataBytes[DataSize - 1 - Index]; + } + } else { + CopyMem(Dest, Data, DataSize); + } + + // Update all the packet sizes + CreateStruct->ComPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->ComPacket->LengthBE) + AddedSize); + CreateStruct->CurPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->CurPacket->LengthBE) + AddedSize); + CreateStruct->CurSubPacket->LengthBE = SwapBytes32(SwapBytes32(CreateStruct->CurSubPacket->LengthBE) + AddedSize); + + return (TcgResultSuccess); +} + +/** + + Adds a single raw token byte to the Data structure. + + @param[in/out] CreateStruct Structure used to add the byte + @param[in] Byte Byte to add + +**/ +TCG_RESULT +EFIAPI +TcgAddRawByte( + TCG_CREATE_STRUCT *CreateStruct, + UINT8 Byte + ) +{ + return TcgAddRawTokenData(CreateStruct, NULL, 0, &Byte, 1, FALSE); +} + + +/** + simple tokens - atoms: tiny, short, medium, long and empty atoms. + tiny atom can be a signed or unsigned integer. + short, medium, long can be a signed or unsigned integer OR a complete or non-final byte sequence. + + @param CreateStruct The create structure. + @param Data The data need to add. + @param DataSize The data size. + @param ByteOrInt, Data format is byte or int. + @param SignOrCont sign or cont. + + +**/ +TCG_RESULT +TcgAddAtom( + TCG_CREATE_STRUCT *CreateStruct, + const VOID *Data, + UINT32 DataSize, + UINT8 ByteOrInt, + UINT8 SignOrCont + ) +{ + const UINT8* DataBytes; + TCG_SIMPLE_TOKEN_TINY_ATOM TinyAtom; + TCG_SIMPLE_TOKEN_SHORT_ATOM ShortAtom; + TCG_SIMPLE_TOKEN_MEDIUM_ATOM MediumAtom; + TCG_SIMPLE_TOKEN_LONG_ATOM LongAtom; + + NULL_CHECK(CreateStruct); + + if (DataSize == 0) { + if (ByteOrInt == TCG_ATOM_TYPE_INTEGER) { + DEBUG ((DEBUG_INFO, "0-Size integer not allowed\n")); + return TcgResultFailure; + } + } else { + // if DataSize != 0, Data must be valid + NULL_CHECK(Data); + } + + // encode Data using the shortest possible atom + DataBytes = (const UINT8*)Data; + if ((DataSize == 1) && + (ByteOrInt == TCG_ATOM_TYPE_INTEGER) && + ((SignOrCont != 0 && ((TCG_TOKEN_TINYATOM_SIGNED_MIN_VALUE <= *(INT8*)Data) && (*(INT8*)Data <= TCG_TOKEN_TINYATOM_SIGNED_MAX_VALUE))) || + (SignOrCont == 0 && ((*DataBytes <= TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE)))) + ) { + TinyAtom.TinyAtomBits.IsZero = 0; + TinyAtom.TinyAtomBits.Sign = SignOrCont; + TinyAtom.TinyAtomBits.Data = *DataBytes & TCG_TOKEN_TINYATOM_UNSIGNED_MAX_VALUE; + return TcgAddRawTokenData(CreateStruct, NULL, 0, (UINT8*)&TinyAtom, sizeof(TCG_SIMPLE_TOKEN_TINY_ATOM), FALSE); + } + + if (DataSize <= TCG_TOKEN_SHORTATOM_MAX_BYTE_SIZE) { + ShortAtom.ShortAtomBits.IsOne = 1; + ShortAtom.ShortAtomBits.IsZero = 0; + ShortAtom.ShortAtomBits.ByteOrInt = ByteOrInt; + ShortAtom.ShortAtomBits.SignOrCont = SignOrCont; + ShortAtom.ShortAtomBits.Length = DataSize & 0x0F; + return TcgAddRawTokenData(CreateStruct, &ShortAtom, sizeof(TCG_SIMPLE_TOKEN_SHORT_ATOM), Data, DataSize, ByteOrInt == TCG_ATOM_TYPE_INTEGER); + } + + if (DataSize <= TCG_TOKEN_MEDIUMATOM_MAX_BYTE_SIZE) { + MediumAtom.MediumAtomBits.IsOne1 = 1; + MediumAtom.MediumAtomBits.IsOne2 = 1; + MediumAtom.MediumAtomBits.IsZero = 0; + MediumAtom.MediumAtomBits.ByteOrInt = ByteOrInt; + MediumAtom.MediumAtomBits.SignOrCont = SignOrCont; + MediumAtom.MediumAtomBits.LengthLow = DataSize & 0xFF; + MediumAtom.MediumAtomBits.LengthHigh = (DataSize >> TCG_MEDIUM_ATOM_LENGTH_HIGH_SHIFT) & TCG_MEDIUM_ATOM_LENGTH_HIGH_MASK; + return TcgAddRawTokenData(CreateStruct, &MediumAtom, sizeof(TCG_SIMPLE_TOKEN_MEDIUM_ATOM), Data, DataSize, ByteOrInt == TCG_ATOM_TYPE_INTEGER); + } + + LongAtom.LongAtomBits.IsOne1 = 1; + LongAtom.LongAtomBits.IsOne2 = 1; + LongAtom.LongAtomBits.IsOne3 = 1; + LongAtom.LongAtomBits.IsZero = 0; + LongAtom.LongAtomBits.ByteOrInt = ByteOrInt; + LongAtom.LongAtomBits.SignOrCont = SignOrCont; + LongAtom.LongAtomBits.LengthLow = DataSize & 0xFF; + LongAtom.LongAtomBits.LengthMid = (DataSize >> TCG_LONG_ATOM_LENGTH_MID_SHIFT) & 0xFF; + LongAtom.LongAtomBits.LengthHigh = (DataSize >> TCG_LONG_ATOM_LENGTH_HIGH_SHIFT) & 0xFF; + return TcgAddRawTokenData(CreateStruct, &LongAtom, sizeof(TCG_SIMPLE_TOKEN_LONG_ATOM), Data, DataSize, ByteOrInt == TCG_ATOM_TYPE_INTEGER); +} + +/** + + Adds the Data parameter as a byte sequence to the Data structure. + + @param[in/out] CreateStruct Structure used to add the byte sequence + @param[in] Data Byte sequence that will be encoded and copied into Data structure + @param[in] DataSize Length of Data provided + @param[in] Continued TRUE if byte sequence is continued or + FALSE if the Data contains the entire byte sequence to be encoded + +**/ +TCG_RESULT +EFIAPI +TcgAddByteSequence( + TCG_CREATE_STRUCT *CreateStruct, + const VOID *Data, + UINT32 DataSize, + BOOLEAN Continued + ) +{ + return TcgAddAtom(CreateStruct, Data, DataSize, TCG_ATOM_TYPE_BYTE, Continued ? 1 : 0); +} + +/** + + Adds an arbitrary-Length integer to the Data structure. + The integer will be encoded using the shortest possible atom. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Data Integer in host byte order that will be encoded and copied into Data structure + @param[in] DataSize Length in bytes of the Data provided + @param[in] SignedInteger TRUE if the integer is signed or FALSE if the integer is unsigned + +**/ +TCG_RESULT +EFIAPI +TcgAddInteger( + TCG_CREATE_STRUCT *CreateStruct, + const VOID *Data, + UINT32 DataSize, + BOOLEAN SignedInteger + ) +{ + const UINT8* DataBytes; + UINT32 ActualDataSize; + BOOLEAN ValueIsNegative; + + NULL_CHECK(CreateStruct); + NULL_CHECK(Data); + + if (DataSize == 0) { + DEBUG ((DEBUG_INFO, "invalid DataSize=0\n")); + return TcgResultFailure; + } + + DataBytes = (const UINT8*)Data; + + // integer should be represented by smallest atom possible + // so calculate real Data Size + ValueIsNegative = SignedInteger && DataBytes[ DataSize - 1 ] & 0x80; + + // assumes native Data is little endian + // shorten Data to smallest byte representation + for (ActualDataSize = DataSize; ActualDataSize > 1; ActualDataSize--) { + // ignore sign extended FFs + if (ValueIsNegative && (DataBytes[ActualDataSize - 1] != 0xFF)) { + break; + } else if (!ValueIsNegative && (DataBytes[ActualDataSize - 1] != 0)) { + // ignore extended 00s + break; + } + } + + return TcgAddAtom(CreateStruct, Data, ActualDataSize, TCG_ATOM_TYPE_INTEGER, SignedInteger ? 1 : 0); +} + +/** + Adds an 8-bit unsigned integer to the Data structure. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Value Integer Value to add + +**/ +TCG_RESULT +EFIAPI +TcgAddUINT8( + TCG_CREATE_STRUCT *CreateStruct, + UINT8 Value + ) +{ + return TcgAddInteger(CreateStruct, &Value, sizeof(Value), FALSE); +} + +/** + + Adds a 16-bit unsigned integer to the Data structure. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Value Integer Value to add + +**/ +TCG_RESULT +EFIAPI +TcgAddUINT16 ( + TCG_CREATE_STRUCT *CreateStruct, + UINT16 Value + ) +{ + return TcgAddInteger(CreateStruct, &Value, sizeof(Value), FALSE); +} + +/** + + Adds a 32-bit unsigned integer to the Data structure. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Value Integer Value to add + +**/ +TCG_RESULT +EFIAPI +TcgAddUINT32( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 Value + ) +{ + return TcgAddInteger(CreateStruct, &Value, sizeof(Value), FALSE); +} + + +/** + + Adds a 64-bit unsigned integer to the Data structure. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Value Integer Value to add + +**/ +TCG_RESULT +EFIAPI +TcgAddUINT64( + TCG_CREATE_STRUCT *CreateStruct, + UINT64 Value + ) +{ + return TcgAddInteger(CreateStruct, &Value, sizeof(Value), FALSE); +} + +/** + Adds a BOOLEAN to the Data structure. + + @param[in/out] CreateStruct Structure used to add the integer + @param[in] Value BOOLEAN Value to add + +**/ +TCG_RESULT +EFIAPI +TcgAddBOOLEAN( + TCG_CREATE_STRUCT *CreateStruct, + BOOLEAN Value + ) +{ + return TcgAddInteger(CreateStruct, &Value, sizeof(Value), FALSE); +} + +/** + Add tcg uid info. + + @param [in/out] CreateStruct Structure used to add the integer + @param Uid Input uid info. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddTcgUid( + TCG_CREATE_STRUCT *CreateStruct, + TCG_UID Uid + ) +{ + return TcgAddByteSequence(CreateStruct, &Uid, sizeof(TCG_UID), FALSE); +} + +/** + Add start list. + + @param [in/out] CreateStruct Structure used to add the integer + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddStartList( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + return TcgAddRawByte(CreateStruct, TCG_TOKEN_STARTLIST); +} + +/** + Add end list. + + @param [in/out] CreateStruct Structure used to add the integer + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddEndList( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + return TcgAddRawByte(CreateStruct, TCG_TOKEN_ENDLIST); +} + +/** + Add start name. + + @param [in/out] CreateStruct Structure used to add the integer + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddStartName( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + return TcgAddRawByte(CreateStruct, TCG_TOKEN_STARTNAME); +} + +/** + Add end name. + + @param [in/out] CreateStruct Structure used to add the integer + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddEndName( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + return TcgAddRawByte(CreateStruct, TCG_TOKEN_ENDNAME); +} + +/** + Add end call. + + @param [in/out] CreateStruct Structure used to add the integer + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddCall( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + return TcgAddRawByte(CreateStruct, TCG_TOKEN_CALL); +} + +/** + Add end of data. + + @param [in/out] CreateStruct Structure used to add the integer + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddEndOfData( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + return TcgAddRawByte(CreateStruct, TCG_TOKEN_ENDDATA); +} + +/** + Add end of session. + + @param [in/out] CreateStruct Structure used to add the integer + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddEndOfSession( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + return TcgAddRawByte(CreateStruct, TCG_TOKEN_ENDSESSION); +} + +/** + Add start transaction. + + @param [in/out] CreateStruct Structure used to add the integer + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddStartTransaction( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + return TcgAddRawByte(CreateStruct, TCG_TOKEN_STARTTRANSACTION); +} + +/** + Add end transaction. + + @param [in/out] CreateStruct Structure used to add the integer + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgAddEndTransaction( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + return TcgAddRawByte(CreateStruct, TCG_TOKEN_ENDTRANSACTION); +} + +/** + Initial the tcg parse structure. + + @param ParseStruct Input parse structure. + @param Buffer Input buffer data. + @param BufferSize Input buffer size. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgInitTcgParseStruct( + TCG_PARSE_STRUCT *ParseStruct, + const VOID *Buffer, + UINT32 BufferSize + ) +{ + UINT32 ComPacketLength; + UINT32 PacketLength; + + NULL_CHECK(ParseStruct); + NULL_CHECK(Buffer); + + if (BufferSize < sizeof(TCG_COM_PACKET)) { + return (TcgResultFailureBufferTooSmall); + } + + ParseStruct->ComPacket = (TCG_COM_PACKET*)Buffer; + + ComPacketLength = SwapBytes32(ParseStruct->ComPacket->LengthBE); + + if ((BufferSize - sizeof(TCG_COM_PACKET)) < ComPacketLength) { + DEBUG ((DEBUG_INFO, "Buffer %u too small for ComPacket %u\n", BufferSize, ComPacketLength)); + return (TcgResultFailureBufferTooSmall); + } + + ParseStruct->BufferSize = BufferSize; + ParseStruct->Buffer = Buffer; + + ParseStruct->CurPacket = NULL; + ParseStruct->CurSubPacket = NULL; + ParseStruct->CurPtr = NULL; + + // if payload > 0, then must have a packet + if (ComPacketLength != 0) { + if (ComPacketLength < sizeof(TCG_PACKET)) { + DEBUG ((DEBUG_INFO, "ComPacket too small for Packet\n")); + return (TcgResultFailureBufferTooSmall); + } + ParseStruct->CurPacket = (TCG_PACKET*)ParseStruct->ComPacket->Payload; + + PacketLength = SwapBytes32(ParseStruct->CurPacket->LengthBE); + + if (PacketLength > 0) { + if (PacketLength < sizeof(TCG_SUB_PACKET)) { + DEBUG ((DEBUG_INFO, "Packet too small for SubPacket\n")); + return (TcgResultFailureBufferTooSmall); + } + + ParseStruct->CurSubPacket = (TCG_SUB_PACKET*)ParseStruct->CurPacket->Payload; + } + } + + //TODO should check for method status list at this point? + + return (TcgResultSuccess); +} + +/** + Get next token info. + + @param ParseStruct Input parse structure info. + @param TcgToken return the tcg token info. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextToken( + TCG_PARSE_STRUCT *ParseStruct, + TCG_TOKEN *TcgToken + ) +{ + const UINT8* EndOfSubPacket; + UINT8* TokenEnd; + UINT8 Hdr; + TCG_SIMPLE_TOKEN_SHORT_ATOM* TmpShort; + const TCG_SIMPLE_TOKEN_MEDIUM_ATOM* TmpMed; + const TCG_SIMPLE_TOKEN_LONG_ATOM* TmpLong; + + NULL_CHECK(ParseStruct); + NULL_CHECK(TcgToken); + + if (ParseStruct->ComPacket == NULL || + ParseStruct->CurPacket == NULL || + ParseStruct->CurSubPacket == NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket)); + return TcgResultFailureInvalidAction; + } + + // initial call, start at sub packet + if (ParseStruct->CurPtr == NULL) { + ParseStruct->CurPtr = ParseStruct->CurSubPacket->Payload; + } + + EndOfSubPacket = ParseStruct->CurSubPacket->Payload + SwapBytes32(ParseStruct->CurSubPacket->LengthBE); + TokenEnd = NULL; + + // confirmed that subpacket Length falls within end of Buffer and TCG_COM_PACKET, + // so simply need to verify the loop stays within current subpacket + if (ParseStruct->CurPtr >= EndOfSubPacket) { + DEBUG ((DEBUG_INFO, "ParseStruct->CurPtr >= EndOfSubPacket\n")); + return (TcgResultFailureEndBuffer); + } + + Hdr = *ParseStruct->CurPtr; + TcgToken->HdrStart = ParseStruct->CurPtr; + + // Tiny Atom range + if (Hdr <= 0x7F) { + // tiny atom Header is only 1 byte, so don't need to verify Size before cast and access + TcgToken->Type = TcgTokenTypeTinyAtom; + + TokenEnd = TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_TINY_ATOM); + + // verify caller will have enough Size to reference token + if (TokenEnd >= EndOfSubPacket) { + DEBUG ((DEBUG_INFO, "Tiny Atom TokenEnd >= EndOfSubPacket\n")); + return (TcgResultFailureEndBuffer); + } + } + // Short Atom Range + else if (0x80 <= Hdr && Hdr <= 0xBF) { + // short atom Header is only 1 byte, so don't need to verify Size before cast and access + TmpShort = (TCG_SIMPLE_TOKEN_SHORT_ATOM*)(ParseStruct->CurPtr); + TcgToken->Type = TcgTokenTypeShortAtom; + + TokenEnd = (TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_SHORT_ATOM) + TmpShort->ShortAtomBits.Length); + + // verify caller will have enough Size to reference token + if (TokenEnd >= EndOfSubPacket) { + DEBUG ((DEBUG_INFO, "Short Atom TokenEnd >= EndOfSubPacket\n")); + return (TcgResultFailureEndBuffer); + } + } + // Medium Atom Range + else if (0xC0 <= Hdr && Hdr <= 0xDF) { + if (TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_MEDIUM_ATOM) >= EndOfSubPacket) { + return (TcgResultFailureEndBuffer); + } + TmpMed = (const TCG_SIMPLE_TOKEN_MEDIUM_ATOM*)ParseStruct->CurPtr; + TcgToken->Type = TcgTokenTypeMediumAtom; + TokenEnd = TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_MEDIUM_ATOM) + + ((TmpMed->MediumAtomBits.LengthHigh << TCG_MEDIUM_ATOM_LENGTH_HIGH_SHIFT) | + TmpMed->MediumAtomBits.LengthLow); + + // verify caller will have enough Size to reference token + if (TokenEnd >= EndOfSubPacket) { + DEBUG ((DEBUG_INFO, "Medium Atom TokenEnd >= EndOfSubPacket\n")); + return (TcgResultFailureEndBuffer); + } + } + // Long Atom Range + else if (0xE0 <= Hdr && Hdr <= 0xE3) { + if (TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_LONG_ATOM) >= EndOfSubPacket) { + return (TcgResultFailureEndBuffer); + } + TmpLong = (const TCG_SIMPLE_TOKEN_LONG_ATOM*)ParseStruct->CurPtr; + TcgToken->Type = TcgTokenTypeLongAtom; + + TokenEnd = TcgToken->HdrStart + sizeof(TCG_SIMPLE_TOKEN_LONG_ATOM) + + ((TmpLong->LongAtomBits.LengthHigh << TCG_LONG_ATOM_LENGTH_HIGH_SHIFT) | + (TmpLong->LongAtomBits.LengthMid << TCG_LONG_ATOM_LENGTH_MID_SHIFT) | + TmpLong->LongAtomBits.LengthLow); + + // verify caller will have enough Size to reference token + if (TokenEnd >= EndOfSubPacket) { + DEBUG ((DEBUG_INFO, "Long Atom TokenEnd >= EndOfSubPacket\n")); + return (TcgResultFailureEndBuffer); + } + } else { + // single byte tokens + switch (Hdr) { + case TCG_TOKEN_STARTLIST: + TcgToken->Type = TcgTokenTypeStartList; + break; + case TCG_TOKEN_ENDLIST: + TcgToken->Type = TcgTokenTypeEndList; + break; + case TCG_TOKEN_STARTNAME: + TcgToken->Type = TcgTokenTypeStartName; + break; + case TCG_TOKEN_ENDNAME: + TcgToken->Type = TcgTokenTypeEndName; + break; + case TCG_TOKEN_CALL: + TcgToken->Type = TcgTokenTypeCall; + break; + case TCG_TOKEN_ENDDATA: + TcgToken->Type = TcgTokenTypeEndOfData; + break; + case TCG_TOKEN_ENDSESSION: + TcgToken->Type = TcgTokenTypeEndOfSession; + break; + case TCG_TOKEN_STARTTRANSACTION: + TcgToken->Type = TcgTokenTypeStartTransaction; + break; + case TCG_TOKEN_ENDTRANSACTION: + TcgToken->Type = TcgTokenTypeEndTransaction; + break; + case TCG_TOKEN_EMPTY: + TcgToken->Type = TcgTokenTypeEmptyAtom; + break; + default: + DEBUG ((DEBUG_INFO, "WARNING: reserved token Type 0x%02X\n", Hdr)); + TcgToken->Type = TcgTokenTypeReserved; + break; + } + ParseStruct->CurPtr++; + TokenEnd = TcgToken->HdrStart + 1; + } + + // increment curptr for next call + ParseStruct->CurPtr = TokenEnd; + return (TcgResultSuccess); +} + +/** + Get atom info. + + @param TcgToken Input token info. + @param HeaderLength return the header length. + @param DataLength return the data length. + @param ByteOrInt return the atom Type. + @param SignOrCont return the sign or count info. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetAtomInfo( + const TCG_TOKEN *TcgToken, + UINT32 *HeaderLength, + UINT32 *DataLength, + UINT8 *ByteOrInt, + UINT8 *SignOrCont + ) +{ + TCG_SIMPLE_TOKEN_TINY_ATOM* TinyAtom; + TCG_SIMPLE_TOKEN_SHORT_ATOM* ShortAtom; + TCG_SIMPLE_TOKEN_MEDIUM_ATOM* MediumAtom; + TCG_SIMPLE_TOKEN_LONG_ATOM* LongAtom; + + NULL_CHECK(TcgToken); + NULL_CHECK(HeaderLength); + NULL_CHECK(DataLength); + NULL_CHECK(ByteOrInt); + NULL_CHECK(SignOrCont); + + switch (TcgToken->Type) { + case TcgTokenTypeTinyAtom: { + TinyAtom = (TCG_SIMPLE_TOKEN_TINY_ATOM*)TcgToken->HdrStart; + *ByteOrInt = TCG_ATOM_TYPE_INTEGER; + *SignOrCont = TinyAtom->TinyAtomBits.Sign; + *HeaderLength = 0; + *DataLength = 0; // tiny atom must be handled as a special case - Header and Data in the same byte + return TcgResultSuccess; + } + + case TcgTokenTypeShortAtom: { + ShortAtom = (TCG_SIMPLE_TOKEN_SHORT_ATOM*)TcgToken->HdrStart; + *ByteOrInt = ShortAtom->ShortAtomBits.ByteOrInt; + *SignOrCont = ShortAtom->ShortAtomBits.SignOrCont; + *HeaderLength = sizeof(TCG_SIMPLE_TOKEN_SHORT_ATOM); + *DataLength = ShortAtom->ShortAtomBits.Length; + return TcgResultSuccess; + } + + case TcgTokenTypeMediumAtom: { + MediumAtom = (TCG_SIMPLE_TOKEN_MEDIUM_ATOM*)TcgToken->HdrStart; + *ByteOrInt = MediumAtom->MediumAtomBits.ByteOrInt; + *SignOrCont = MediumAtom->MediumAtomBits.SignOrCont; + *HeaderLength = sizeof(TCG_SIMPLE_TOKEN_MEDIUM_ATOM); + *DataLength = (MediumAtom->MediumAtomBits.LengthHigh << TCG_MEDIUM_ATOM_LENGTH_HIGH_SHIFT) | MediumAtom->MediumAtomBits.LengthLow; + return TcgResultSuccess; + } + + case TcgTokenTypeLongAtom: { + LongAtom = (TCG_SIMPLE_TOKEN_LONG_ATOM*)TcgToken->HdrStart; + *ByteOrInt = LongAtom->LongAtomBits.ByteOrInt; + *SignOrCont = LongAtom->LongAtomBits.SignOrCont; + *HeaderLength = sizeof(TCG_SIMPLE_TOKEN_LONG_ATOM); + *DataLength = (LongAtom->LongAtomBits.LengthHigh << TCG_LONG_ATOM_LENGTH_HIGH_SHIFT) | + (LongAtom->LongAtomBits.LengthMid << TCG_LONG_ATOM_LENGTH_MID_SHIFT) | + LongAtom->LongAtomBits.LengthLow; + return TcgResultSuccess; + } + + default: + DEBUG ((DEBUG_INFO, "Token Type is not simple atom (%d)\n", TcgToken->Type)); + return (TcgResultFailureInvalidType); + } +} + +/** + Get token specified value. + + @param TcgToken Input token info. + @param Value return the value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetTokenUINT64( + const TCG_TOKEN *TcgToken, + UINT64 *Value + ) +{ + UINT32 HdrLength; + UINT32 DataLength; + UINT8 ByteOrInt; + UINT8 IsSigned; + TCG_SIMPLE_TOKEN_TINY_ATOM* TmpTiny; + const UINT8* Data; + UINT32 Index; + + NULL_CHECK(TcgToken); + NULL_CHECK(Value); + + Index = 0; + *Value = 0; + ERROR_CHECK(TcgGetAtomInfo(TcgToken, &HdrLength, &DataLength, &ByteOrInt, &IsSigned)); + + if (ByteOrInt != TCG_ATOM_TYPE_INTEGER) { + DEBUG ((DEBUG_INFO, "Invalid Type, expected integer not byte sequence\n")); + return TcgResultFailureInvalidType; + } + + if (IsSigned != 0) { + DEBUG ((DEBUG_INFO, "Integer is signed, expected unsigned\n")); + return TcgResultFailureInvalidType; + } + + // special case for tiny atom + // Header and Data are in one byte, so extract only the Data bitfield + if (TcgToken->Type == TcgTokenTypeTinyAtom) { + TmpTiny = (TCG_SIMPLE_TOKEN_TINY_ATOM*)TcgToken->HdrStart; + *Value = TmpTiny->TinyAtomBits.Data; + return TcgResultSuccess; + } + + if (DataLength > sizeof(UINT64)) { + DEBUG ((DEBUG_INFO, "Length %d is greater than Size of UINT64\n", DataLength)); + return TcgResultFailureBufferTooSmall; + } + + // read big-endian integer + Data = TcgToken->HdrStart + HdrLength; + for (Index = 0; Index < DataLength; Index++) { + *Value = LShiftU64(*Value, 8) | Data[Index]; + } + + return TcgResultSuccess; +} + +/** + Get token byte sequence. + + @param TcgToken Input token info. + @param Length Input the length info. + + @retval Return the value data. + +**/ +UINT8* +EFIAPI +TcgGetTokenByteSequence( + const TCG_TOKEN *TcgToken, + UINT32 *Length + ) +{ + UINT32 HdrLength; + UINT8 ByteOrInt; + UINT8 SignOrCont; + + if (TcgToken == NULL || Length == NULL) { + return NULL; + } + + *Length = 0; + if (TcgGetAtomInfo(TcgToken, &HdrLength, Length, &ByteOrInt, &SignOrCont) != TcgResultSuccess) { + DEBUG ((DEBUG_INFO, "Failed to get simple token info\n")); + return NULL; + } + + if (ByteOrInt != TCG_ATOM_TYPE_BYTE) { + DEBUG ((DEBUG_INFO, "Invalid Type, expected byte sequence not integer\n")); + return NULL; + } + + return (TcgToken->HdrStart + HdrLength); +} + +/** + Get next specify value. + + @param ParseStruct Input parse structure. + @param Value Return value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextUINT8( + TCG_PARSE_STRUCT *ParseStruct, + UINT8 *Value + ) +{ + UINT64 Value64; + TCG_TOKEN Tok; + + NULL_CHECK(Value); + + ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); + ERROR_CHECK(TcgGetTokenUINT64(&Tok, &Value64)); + + if (Value64 > MAX_UINT8) { + return TcgResultFailure; + } + + *Value = (UINT8)Value64; + + return TcgResultSuccess; +} + +/** + Get next specify value. + + @param ParseStruct Input parse structure. + @param Value Return value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextUINT16( + TCG_PARSE_STRUCT *ParseStruct, + UINT16 *Value + ) +{ + UINT64 Value64; + TCG_TOKEN Tok; + + NULL_CHECK(Value); + + ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); + ERROR_CHECK(TcgGetTokenUINT64(&Tok, &Value64)); + + if (Value64 > MAX_UINT16) { + return TcgResultFailure; + } + + *Value = (UINT16)Value64; + + return TcgResultSuccess; +} + +/** + Get next specify value. + + @param ParseStruct Input parse structure. + @param Value Return value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextUINT32( + TCG_PARSE_STRUCT *ParseStruct, + UINT32 *Value + ) +{ + UINT64 Value64; + TCG_TOKEN Tok; + + NULL_CHECK(Value); + + ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); + ERROR_CHECK(TcgGetTokenUINT64(&Tok, &Value64)); + + if (Value64 > MAX_UINT32) { + return TcgResultFailure; + } + + *Value = (UINT32)Value64; + + return TcgResultSuccess; +} + +/** + Get next specify value. + + @param ParseStruct Input parse structure. + @param Value Return value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextUINT64( + TCG_PARSE_STRUCT *ParseStruct, + UINT64 *Value + ) +{ + TCG_TOKEN Tok; + ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); + ERROR_CHECK(TcgGetTokenUINT64(&Tok, Value)); + return TcgResultSuccess; +} + +/** + Get next specify value. + + @param ParseStruct Input parse structure. + @param Value Return value. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextBOOLEAN( + TCG_PARSE_STRUCT *ParseStruct, + BOOLEAN *Value + ) +{ + UINT64 Value64; + TCG_TOKEN Tok; + + NULL_CHECK(Value); + + ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); + ERROR_CHECK(TcgGetTokenUINT64(&Tok, &Value64)); + + if (Value64 > 1) { + return TcgResultFailure; + } + + *Value = (BOOLEAN)Value64; + + return TcgResultSuccess; +} + +/** + Get next tcg uid info. + + @param ParseStruct Input parse structure. + @param Uid Get the uid info. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextTcgUid( + TCG_PARSE_STRUCT *ParseStruct, + TCG_UID *Uid + ) +{ + TCG_TOKEN Tok; + UINT32 Length; + const UINT8* ByteSeq; + + NULL_CHECK(Uid); + + ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); + ByteSeq = TcgGetTokenByteSequence(&Tok, &Length); + + if (Length != sizeof(TCG_UID)) { + DEBUG ((DEBUG_INFO, "Token Length %u != TCG_UID Size %u\n", Length, (UINT32)sizeof(TCG_UID))); + return TcgResultFailure; + } + + ASSERT (ByteSeq != NULL); + + CopyMem(Uid, ByteSeq, sizeof(TCG_UID)); + + return TcgResultSuccess; +} + +/** + Get next byte sequence. + + @param ParseStruct Input parse structure. + @param Data return the data. + @param Length return the length. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextByteSequence( + TCG_PARSE_STRUCT *ParseStruct, + const VOID **Data, + UINT32 *Length + ) +{ + TCG_TOKEN Tok; + const UINT8* Bs; + + ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); + Bs = TcgGetTokenByteSequence(&Tok, Length); + + if (Bs == NULL) { + return TcgResultFailure; + } + *Data = Bs; + return TcgResultSuccess; +} + +/** + Get next token Type. + + @param ParseStruct Input parse structure. + @param Type Input the type need to check. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextTokenType( + TCG_PARSE_STRUCT *ParseStruct, + TCG_TOKEN_TYPE Type + ) +{ + TCG_TOKEN Tok; + ERROR_CHECK(TcgGetNextToken(ParseStruct, &Tok)); + if (Tok.Type != Type) { + DEBUG ((DEBUG_INFO, "expected Type %u, got Type %u\n", Type, Tok.Type)); + return TcgResultFailure; + } + return TcgResultSuccess; +} + +/** + Get next start list. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextStartList( + TCG_PARSE_STRUCT *ParseStruct + ) +{ + return TcgGetNextTokenType(ParseStruct, TcgTokenTypeStartList); +} + +/** + Get next end list. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextEndList( + TCG_PARSE_STRUCT *ParseStruct + ) +{ + return TcgGetNextTokenType(ParseStruct, TcgTokenTypeEndList); +} + +/** + Get next start name. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextStartName( + TCG_PARSE_STRUCT *ParseStruct + ) +{ + return TcgGetNextTokenType(ParseStruct, TcgTokenTypeStartName); +} + +/** + Get next end name. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextEndName( + TCG_PARSE_STRUCT *ParseStruct + ) +{ + return TcgGetNextTokenType(ParseStruct, TcgTokenTypeEndName); +} + +/** + Get next call. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextCall( + TCG_PARSE_STRUCT *ParseStruct + ) +{ + return TcgGetNextTokenType(ParseStruct, TcgTokenTypeCall); +} + +/** + Get next end data. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextEndOfData( + TCG_PARSE_STRUCT *ParseStruct + ) +{ + return TcgGetNextTokenType(ParseStruct, TcgTokenTypeEndOfData); +} + +/** + Get next end of session. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextEndOfSession( + TCG_PARSE_STRUCT *ParseStruct + ) +{ + return TcgGetNextTokenType(ParseStruct, TcgTokenTypeEndOfSession); +} + +/** + Get next start transaction. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextStartTransaction( + TCG_PARSE_STRUCT *ParseStruct + ) +{ + return TcgGetNextTokenType(ParseStruct, TcgTokenTypeStartTransaction); +} + +/** + Get next end transaction. + + @param ParseStruct Input parse structure. + + @retval return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgGetNextEndTransaction( + TCG_PARSE_STRUCT *ParseStruct + ) +{ + return TcgGetNextTokenType(ParseStruct, TcgTokenTypeEndTransaction); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf new file mode 100644 index 00000000..3fa57149 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf @@ -0,0 +1,33 @@ +## @file +# This is a Tcg Storage core library. +# +# This module is used to provide API used by Opal password solution. +# +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## +[Defines] + INF_VERSION = 0x00010017 + BASE_NAME = TcgStorageCoreLib + FILE_GUID = ad63b09b-1fc9-4789-af0c-5af8a3fb1f9c + VERSION_STRING = 1.0 + MODULE_TYPE = BASE + LIBRARY_CLASS = TcgStorageCoreLib +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[LibraryClasses] + BaseLib + BaseMemoryLib + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[Sources] + TcgStorageCore.c + TcgStorageUtil.c diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c new file mode 100644 index 00000000..5a975057 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageCoreLib/TcgStorageUtil.c @@ -0,0 +1,901 @@ +/** @file + Provide functions to provide tcg storage core spec related functions. + +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/TcgStorageCoreLib.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> + +typedef struct { + UINT16 FeatureCode; + TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature; + UINTN FeatureSize; +} TCG_FIND_FEATURE_CTX; + +/** + Returns a human-readable string representing a method status return code. + + @param[in] MethodStatus Method status to translate to a string + + + @retval return the string info. +**/ +CHAR8* +EFIAPI +TcgMethodStatusString( + UINT8 MethodStatus + ) +{ + switch (MethodStatus) { + #define C(status) case TCG_METHOD_STATUS_CODE_ ## status: return #status + C(SUCCESS); + C(NOT_AUTHORIZED); + C(OBSOLETE); + C(SP_BUSY); + C(SP_FAILED); + C(SP_DISABLED); + C(SP_FROZEN); + C(NO_SESSIONS_AVAILABLE); + C(UNIQUENESS_CONFLICT); + C(INSUFFICIENT_SPACE); + C(INSUFFICIENT_ROWS); + C(INVALID_PARAMETER); + C(OBSOLETE2); + C(OBSOLETE3); + C(TPER_MALFUNCTION); + C(TRANSACTION_FAILURE); + C(RESPONSE_OVERFLOW); + C(AUTHORITY_LOCKED_OUT); + C(FAIL); + #undef C + } + return "unknown"; +} + + +/** + adds call token and method Header (invoking id, and method id). + + @param CreateStruct The input create structure. + @param InvokingId Invoking id. + @param MethodId Method id. + +**/ +TCG_RESULT +EFIAPI +TcgStartMethodCall( + TCG_CREATE_STRUCT *CreateStruct, + TCG_UID InvokingId, + TCG_UID MethodId + ) +{ + NULL_CHECK(CreateStruct); + + if (CreateStruct->ComPacket == NULL || + CreateStruct->CurPacket == NULL || + CreateStruct->CurSubPacket == NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + ERROR_CHECK(TcgAddCall(CreateStruct)); + ERROR_CHECK(TcgAddTcgUid(CreateStruct, InvokingId)); + ERROR_CHECK(TcgAddTcgUid(CreateStruct, MethodId)); + + return TcgResultSuccess; +} + +/** + Adds START LIST token. + + @param CreateStruct The input create structure. + +**/ +TCG_RESULT +EFIAPI +TcgStartParameters( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + NULL_CHECK(CreateStruct); + + if (CreateStruct->ComPacket == NULL || + CreateStruct->CurPacket == NULL || + CreateStruct->CurSubPacket == NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + return TcgAddStartList(CreateStruct); +} + +/** + Adds END LIST token. + + @param CreateStruct The input create structure. + +**/ +TCG_RESULT +EFIAPI +TcgEndParameters( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + NULL_CHECK(CreateStruct); + + if (CreateStruct->ComPacket == NULL || + CreateStruct->CurPacket == NULL || + CreateStruct->CurSubPacket == NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + return TcgAddEndList(CreateStruct); +} + +/** + Adds END Data token and method list. + + @param CreateStruct The input create structure. + +**/ +TCG_RESULT +EFIAPI +TcgEndMethodCall( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + NULL_CHECK(CreateStruct); + + if (CreateStruct->ComPacket == NULL || + CreateStruct->CurPacket == NULL || + CreateStruct->CurSubPacket == NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", CreateStruct->ComPacket, CreateStruct->CurPacket, CreateStruct->CurSubPacket)); + return (TcgResultFailureInvalidAction); + } + + ERROR_CHECK(TcgAddEndOfData(CreateStruct)); + + ERROR_CHECK(TcgAddStartList(CreateStruct)); + ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // expected to complete properly + ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // reserved + ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); // reserved + ERROR_CHECK(TcgAddEndList(CreateStruct)); + + return TcgResultSuccess; +} + +/** + Retrieves the comID and Extended comID of the ComPacket in the Tcg response. + It is intended to be used to confirm the received Tcg response is intended for user that received it. + + @param [in] ParseStruct Structure used to parse received TCG response. + @param [in/out] ComId comID retrieved from received ComPacket. + @param [in/out] ComIdExtension Extended comID retrieved from received ComPacket + +**/ +TCG_RESULT +EFIAPI +TcgGetComIds( + const TCG_PARSE_STRUCT *ParseStruct, + UINT16 *ComId, + UINT16 *ComIdExtension + ) +{ + NULL_CHECK(ParseStruct); + NULL_CHECK(ComId); + NULL_CHECK(ComIdExtension); + + if (ParseStruct->ComPacket == NULL) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p\n", ParseStruct->ComPacket)); + return TcgResultFailureInvalidAction; + } + + *ComId = SwapBytes16(ParseStruct->ComPacket->ComIDBE); + *ComIdExtension = SwapBytes16(ParseStruct->ComPacket->ComIDExtensionBE); + + return TcgResultSuccess; +} + +/** + Checks if the ComIDs of the response match the expected values. + + @param[in] ParseStruct Structure used to parse received TCG response + @param[in] ExpectedComId Expected comID + @param[in] ExpectedComIdExtension Expected extended comID + +**/ +TCG_RESULT +EFIAPI +TcgCheckComIds( + const TCG_PARSE_STRUCT *ParseStruct, + UINT16 ExpectedComId, + UINT16 ExpectedComIdExtension + ) +{ + UINT16 ParseComId; + UINT16 ParseComIdExtension; + + ERROR_CHECK(TcgGetComIds(ParseStruct, &ParseComId, &ParseComIdExtension)); + if (ParseComId != ExpectedComId || ParseComIdExtension != ExpectedComIdExtension) { + DEBUG ((DEBUG_INFO, "Com ID: Actual 0x%02X Expected 0x%02X\n", ParseComId, ExpectedComId)); + DEBUG ((DEBUG_INFO, "Extended Com ID: 0x%02X Expected 0x%02X\n", ParseComIdExtension, ExpectedComIdExtension)); + return TcgResultFailure; + } + return TcgResultSuccess; +} + +/** + Returns the method status of the current subpacket. Does not affect the current position + in the ComPacket. In other words, it can be called whenever you have a valid SubPacket. + + @param [in/out] ParseStruct Structure used to parse received TCG response + @param [in/out] MethodStatus Method status retrieved of the current SubPacket + +**/ +TCG_RESULT +EFIAPI +TcgGetMethodStatus( + const TCG_PARSE_STRUCT *ParseStruct, + UINT8 *MethodStatus + ) +{ + TCG_PARSE_STRUCT TmpParseStruct; + TCG_TOKEN TcgToken; + UINT8 Reserved1, Reserved2; + + NULL_CHECK(ParseStruct); + NULL_CHECK(MethodStatus); + + if (ParseStruct->ComPacket == NULL || + ParseStruct->CurPacket == NULL || + ParseStruct->CurSubPacket == NULL + ) { + DEBUG ((DEBUG_INFO, "unexpected state: ComPacket=%p CurPacket=%p CurSubPacket=%p\n", ParseStruct->ComPacket, ParseStruct->CurPacket, ParseStruct->CurSubPacket)); + return TcgResultFailureInvalidAction; + } + + // duplicate ParseStruct, then don't need to "reset" location cur ptr + CopyMem (&TmpParseStruct, ParseStruct, sizeof(TCG_PARSE_STRUCT)); + + // method status list exists after the end method call in the subpacket + // skip tokens until ENDDATA is found + do { + ERROR_CHECK(TcgGetNextToken(&TmpParseStruct, &TcgToken)); + } while (TcgToken.Type != TcgTokenTypeEndOfData); + + // only reach here if enddata is found + // at this point, the curptr is pointing at method status list beginning + ERROR_CHECK(TcgGetNextStartList(&TmpParseStruct)); + ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, MethodStatus)); + ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, &Reserved1)); + ERROR_CHECK(TcgGetNextUINT8(&TmpParseStruct, &Reserved2)); + ERROR_CHECK(TcgGetNextEndList(&TmpParseStruct)); + + if (Reserved1 != 0) { + DEBUG ((DEBUG_INFO, "Method status reserved1 = 0x%02X (expected 0)\n", Reserved1)); + return TcgResultFailure; + } + + if (Reserved2 != 0) { + DEBUG ((DEBUG_INFO, "Method status reserved2 = 0x%02X (expected 0)\n", Reserved1)); + return TcgResultFailure; + } + + return TcgResultSuccess; +} + +/** + Return the toke type string info. + + @param Type Input the type info. + + @retval Return the string for this type. + +**/ +CHAR8* +EFIAPI +TcgTokenTypeString( + TCG_TOKEN_TYPE Type + ) +{ + switch (Type) { + case TcgTokenTypeReserved: return "Reserved"; + case TcgTokenTypeTinyAtom: return "Tiny Atom"; + case TcgTokenTypeShortAtom: return "Short Atom"; + case TcgTokenTypeMediumAtom: return "Medium Atom"; + case TcgTokenTypeLongAtom: return "Long Atom"; + case TcgTokenTypeStartList: return "Start List"; + case TcgTokenTypeEndList: return "End List"; + case TcgTokenTypeStartName: return "Start Name"; + case TcgTokenTypeEndName: return "End Name"; + case TcgTokenTypeCall: return "Call"; + case TcgTokenTypeEndOfData: return "End of Data"; + case TcgTokenTypeEndOfSession: return "End of Session"; + case TcgTokenTypeStartTransaction: return "Start Transaction"; + case TcgTokenTypeEndTransaction: return "End Transaction"; + case TcgTokenTypeEmptyAtom: return "Empty atom"; + } + return "Unknown"; +} + + +/** + + Adds Start Session call to the data structure. This creates the entire ComPacket structure and + returns the size of the entire compacket in the size parameter. + + @param [in/out] CreateStruct Structure used to add the start session call + @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function. + @param [in] ComId ComID for the ComPacket + @param [in] ComIdExtension Extended ComID for the ComPacket + @param [in] HostSessionId Host Session ID + @param [in] SpId Security Provider to start session with + @param [in] Write Write option for start session. TRUE = start session requests write access + @param [in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL + @param [in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge shall be sent. + @param [in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority shall be sent. + +**/ +TCG_RESULT +EFIAPI +TcgCreateStartSession( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 HostSessionId, + TCG_UID SpId, + BOOLEAN Write, + UINT32 HostChallengeLength, + const VOID *HostChallenge, + TCG_UID HostSigningAuthority + ) +{ + ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); + ERROR_CHECK(TcgStartPacket(CreateStruct, 0x0, 0x0, 0x0, 0x0, 0x0)) ; + ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(CreateStruct, TCG_UID_SMUID, TCG_UID_SM_START_SESSION)); + ERROR_CHECK(TcgStartParameters(CreateStruct)); + ERROR_CHECK(TcgAddUINT32(CreateStruct, HostSessionId)); + ERROR_CHECK(TcgAddTcgUid(CreateStruct, SpId)); + ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, Write)); + + // optional parameters + if (HostChallenge != NULL && HostChallengeLength != 0) { + ERROR_CHECK(TcgAddStartName(CreateStruct)); + ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x00)); //TODO Create Enum for Method Optional Parameters? + ERROR_CHECK(TcgAddByteSequence(CreateStruct, HostChallenge, HostChallengeLength, FALSE)); + ERROR_CHECK(TcgAddEndName(CreateStruct)); + } + // optional parameters + if (HostSigningAuthority != 0) { + ERROR_CHECK(TcgAddStartName(CreateStruct)); + ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x03)); //TODO Create Enum for Method Optional Parameters? + ERROR_CHECK(TcgAddTcgUid(CreateStruct, HostSigningAuthority)); + ERROR_CHECK(TcgAddEndName(CreateStruct)); + } + + ERROR_CHECK(TcgEndParameters(CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(CreateStruct)); + ERROR_CHECK(TcgEndPacket(CreateStruct)); + ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + + return TcgResultSuccess; +} + +/** + Parses the Sync Session response contained in the parseStruct to retrieve Tper session ID. If the Sync Session response + parameters do not match the comID, extended ComID and host session ID then a failure is returned. + + @param[in/out] ParseStruct Structure used to parse received TCG response, contains Sync Session response. + @param[in] ComId Expected ComID that is compared to actual ComID of response + @param[in] ComIdExtension Expected Extended ComID that is compared to actual Extended ComID of response + @param[in] HostSessionId Expected Host Session ID that is compared to actual Host Session ID of response + @param[in/out] TperSessionId Tper Session ID retrieved from the Sync Session response. + +**/ +TCG_RESULT +EFIAPI +TcgParseSyncSession( + const TCG_PARSE_STRUCT *ParseStruct, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 HostSessionId, + UINT32 *TperSessionId + ) +{ + UINT8 MethodStatus; + TCG_PARSE_STRUCT TmpParseStruct; + UINT16 ParseComId; + UINT16 ParseExtComId; + TCG_UID InvokingUID; + TCG_UID MethodUID; + UINT32 RecvHostSessionId; + + NULL_CHECK(ParseStruct); + NULL_CHECK(TperSessionId); + + CopyMem (&TmpParseStruct, ParseStruct, sizeof(TCG_PARSE_STRUCT)); + + // verify method status is good + ERROR_CHECK(TcgGetMethodStatus(&TmpParseStruct, &MethodStatus)); + METHOD_STATUS_ERROR_CHECK (MethodStatus, TcgResultFailure); + + // verify comids + ERROR_CHECK(TcgGetComIds(&TmpParseStruct, &ParseComId, &ParseExtComId)); + + if ((ComId != ParseComId) || (ComIdExtension != ParseExtComId)) { + DEBUG ((DEBUG_INFO, "unmatched comid (exp: 0x%X recv: 0x%X) or comid extension (exp: 0x%X recv: 0x%X)\n", ComId, ParseComId, ComIdExtension, ParseExtComId)); + return TcgResultFailure; + } + ERROR_CHECK(TcgGetNextCall(&TmpParseStruct)); + ERROR_CHECK(TcgGetNextTcgUid(&TmpParseStruct, &InvokingUID)); + ERROR_CHECK(TcgGetNextTcgUid(&TmpParseStruct, &MethodUID)); + ERROR_CHECK(TcgGetNextStartList(&TmpParseStruct)); + ERROR_CHECK(TcgGetNextUINT32(&TmpParseStruct, &RecvHostSessionId)); + ERROR_CHECK(TcgGetNextUINT32(&TmpParseStruct, TperSessionId)); + ERROR_CHECK(TcgGetNextEndList(&TmpParseStruct)); + ERROR_CHECK(TcgGetNextEndOfData(&TmpParseStruct)); + + if (InvokingUID != TCG_UID_SMUID) { + DEBUG ((DEBUG_INFO, "Invoking UID did not match UID_SMUID\n")); + return TcgResultFailure; + } + + if (MethodUID != TCG_UID_SM_SYNC_SESSION) { + DEBUG ((DEBUG_INFO, "Method UID did not match UID_SM_SYNC_SESSION\n")); + return TcgResultFailure; + } + + if (HostSessionId != RecvHostSessionId) { + DEBUG ((DEBUG_INFO, "unmatched HostSessionId (exp: 0x%X recv: 0x%X)\n", HostSessionId, RecvHostSessionId)); + return TcgResultFailure; + } + + return TcgResultSuccess; +} + +/** + + Creates ComPacket with EndSession. + This assumes a start session has already been opened. + + @param [in/out] CreateStruct Structure used to add Endsession + @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function. + @param [in] ComId ComID for the ComPacket + @param [in] ComIdExtension Extended ComID for the ComPacket + @param [in] HostSessionId Host Session ID for the Packet + @param [in] TpSessionId Tper Session ID for the Packet + +**/ +TCG_RESULT +EFIAPI +TcgCreateEndSession( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 HostSessionId, + UINT32 TpSessionId + ) +{ + ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); + ERROR_CHECK(TcgStartPacket(CreateStruct, TpSessionId, HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); + ERROR_CHECK(TcgAddEndOfSession(CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(CreateStruct)); + ERROR_CHECK(TcgEndPacket(CreateStruct)); + ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + + return TcgResultSuccess; +} + +/** + Set start method. + + @param CreateStruct Input create structure. + @param Row Input the row info. + @param ColumnNumber the column info. + +**/ +TCG_RESULT +EFIAPI +TcgStartMethodSet( + TCG_CREATE_STRUCT *CreateStruct, + TCG_UID Row, + UINT32 ColumnNumber + ) +{ + ERROR_CHECK(TcgStartMethodCall(CreateStruct, Row, TCG_UID_METHOD_SET)); + ERROR_CHECK(TcgStartParameters(CreateStruct)); + ERROR_CHECK(TcgAddStartName(CreateStruct)); + ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x01)); // "Values" + ERROR_CHECK(TcgAddStartList(CreateStruct)); + ERROR_CHECK(TcgAddStartName(CreateStruct)); + ERROR_CHECK(TcgAddUINT32(CreateStruct, ColumnNumber)); + return TcgResultSuccess; +} + +/** + Set end method. + + @param CreateStruct Input create structure. + +**/ +TCG_RESULT +EFIAPI +TcgEndMethodSet( + TCG_CREATE_STRUCT *CreateStruct + ) +{ + ERROR_CHECK(TcgAddEndName(CreateStruct)); + ERROR_CHECK(TcgAddEndList(CreateStruct)); + ERROR_CHECK(TcgAddEndName(CreateStruct)); + ERROR_CHECK(TcgEndParameters(CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(CreateStruct)); + return TcgResultSuccess; +} + +/** + Creates ComPacket with a Method call that sets the PIN column for the row specified. + This assumes a start session has already been opened with the desired SP. + + @param [in/out] CreateStruct Structure used to add method call. + @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function. + @param [in] ComId ComID for the ComPacket + @param [in] ComIdExtension Extended ComID for the ComPacket + @param [in] TperSession Tper Session ID for the Packet + @param [in] HostSession Host Session ID for the Packet + @param [in] SidRow UID of row of current SP to set PIN column + @param [in] Password value of PIN to set + @param [in] PasswordSize Size of PIN + +**/ +TCG_RESULT +EFIAPI +TcgCreateSetCPin( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID SidRow, + const VOID *Password, + UINT32 PasswordSize + ) +{ + // set new SID Password + ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); + ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodSet(CreateStruct, SidRow, 0x03)); // "PIN" + ERROR_CHECK(TcgAddByteSequence(CreateStruct, Password, PasswordSize, FALSE)); + ERROR_CHECK(TcgEndMethodSet(CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(CreateStruct)); + ERROR_CHECK(TcgEndPacket(CreateStruct)); + ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + return TcgResultSuccess; +} + +/** + Creates ComPacket with a Method call that sets the "Enabled" column for the row specified using the value specified. + This assumes a start session has already been opened with the desired SP. + + @param [in/out] CreateStruct Structure used to add method call + @param [in/out] Size Describes the size of the entire ComPacket (header and payload). Filled out by function. + @param [in] ComId ComID for the ComPacket + @param [in] ComIdExtension Extended ComID for the ComPacket + @param [in] TperSession Tper Session ID for the Packet + @param [in] HostSession Host Session ID for the Packet + @param [in] AuthorityUid Authority UID to modify the "Enabled" column for + @param [in] Enabled Value to set the "Enabled" column to + +**/ +TCG_RESULT +EFIAPI +TcgSetAuthorityEnabled( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID AuthorityUid, + BOOLEAN Enabled + ) +{ + ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); + ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodSet(CreateStruct, AuthorityUid, 0x05)); // "Enabled" + ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, Enabled)); + ERROR_CHECK(TcgEndMethodSet(CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(CreateStruct)); + ERROR_CHECK(TcgEndPacket(CreateStruct)); + ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + return TcgResultSuccess; +} + +/** + Create set ace. + + @param CreateStruct Input create structure. + @param Size size info. + @param ComId ComId info. + @param ComIdExtension ComId extension info. + @param TperSession Tper session data. + @param HostSession Host session data. + @param AceRow Ace row info. + @param Authority1 Authority 1 info. + @param LogicalOperator Logical operator info. + @param Authority2 Authority 2 info. + + @retval Return the action result. + +**/ +TCG_RESULT +EFIAPI +TcgCreateSetAce( + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size, + UINT16 ComId, + UINT16 ComIdExtension, + UINT32 TperSession, + UINT32 HostSession, + TCG_UID AceRow, + TCG_UID Authority1, + BOOLEAN LogicalOperator, + TCG_UID Authority2 + ) +{ + UINT8 HalfUidAuthorityObjectRef[4]; + UINT8 HalfUidBooleanAce[4]; + + HalfUidAuthorityObjectRef[0] = 0x0; + HalfUidAuthorityObjectRef[1] = 0x0; + HalfUidAuthorityObjectRef[2] = 0xC; + HalfUidAuthorityObjectRef[3] = 0x5; + + HalfUidBooleanAce[0] = 0x0; + HalfUidBooleanAce[1] = 0x0; + HalfUidBooleanAce[2] = 0x4; + HalfUidBooleanAce[3] = 0xE; + + ERROR_CHECK(TcgStartComPacket(CreateStruct, ComId, ComIdExtension)); + ERROR_CHECK(TcgStartPacket(CreateStruct, TperSession, HostSession, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodSet(CreateStruct, AceRow, 0x03)); // "BooleanExpr" + ERROR_CHECK(TcgAddStartList(CreateStruct)); + ERROR_CHECK(TcgAddStartName(CreateStruct)); + ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidAuthorityObjectRef, sizeof(HalfUidAuthorityObjectRef), FALSE)); + ERROR_CHECK(TcgAddTcgUid(CreateStruct, Authority1)); + ERROR_CHECK(TcgAddEndName(CreateStruct)); + ERROR_CHECK(TcgAddStartName(CreateStruct)); + ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidAuthorityObjectRef, sizeof(HalfUidAuthorityObjectRef), FALSE)); + ERROR_CHECK(TcgAddTcgUid(CreateStruct, Authority2)); + ERROR_CHECK(TcgAddEndName(CreateStruct)); + + ERROR_CHECK(TcgAddStartName(CreateStruct)); + ERROR_CHECK(TcgAddByteSequence(CreateStruct, HalfUidBooleanAce, sizeof(HalfUidBooleanAce), FALSE)); + ERROR_CHECK(TcgAddBOOLEAN(CreateStruct, LogicalOperator)); + ERROR_CHECK(TcgAddEndName(CreateStruct)); + ERROR_CHECK(TcgAddEndList(CreateStruct)); + ERROR_CHECK(TcgEndMethodSet(CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(CreateStruct)); + ERROR_CHECK(TcgEndPacket(CreateStruct)); + ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + return TcgResultSuccess; +} + +/** + Enum level 0 discovery. + + @param DiscoveryHeader Discovery header. + @param Callback Callback function. + @param Context The context for the function. + + @retval return true if the callback return TRUE, else return FALSE. + +**/ +BOOLEAN +EFIAPI +TcgEnumLevel0Discovery( + const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, + TCG_LEVEL0_ENUM_CALLBACK Callback, + VOID *Context + ) +{ + UINT32 BytesLeft; + const UINT8 *DiscoveryBufferPtr; + UINT32 FeatLength; + TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feat; + + // + // Total bytes including descriptors but not including the Length field + // + BytesLeft = SwapBytes32(DiscoveryHeader->LengthBE); + + // + // If discovery Header is not valid, exit + // + if (BytesLeft == 0) { + return FALSE; + } + + // + // Subtract the Length of the Header, except the Length field, which is not included + // + BytesLeft -= (sizeof(TCG_LEVEL0_DISCOVERY_HEADER) - sizeof(DiscoveryHeader->LengthBE)); + + // + // Move ptr to first descriptor + // + DiscoveryBufferPtr = (const UINT8*)DiscoveryHeader + sizeof(TCG_LEVEL0_DISCOVERY_HEADER); + + while (BytesLeft > sizeof(TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER)) { + // + // Pointer to beginning of descriptor (including common Header) + // + Feat = (TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER*)DiscoveryBufferPtr; + + FeatLength = Feat->Length + sizeof(TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER); + + // + // Not enough bytes left for Feature descriptor + // + if (BytesLeft < FeatLength) { + break; + } + + // + // Report the Feature to the callback + // + if (Callback(DiscoveryHeader, Feat, FeatLength, Context)) { + return TRUE; + } + + // + // Descriptor Length only describes Data after common Header + // + BytesLeft -= FeatLength; + DiscoveryBufferPtr += FeatLength; + } + + return FALSE; +} + +/** + The callback function for Get Feature function. + + @param DiscoveryHeader Input discovery header. + @param Feature Input Feature. + @param FeatureSize Input Feature size. + @param Context The context. + +**/ +BOOLEAN +EFIAPI +TcgFindFeatureCallback( + const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, + TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER *Feature, + UINTN FeatureSize, + VOID *Context + ) +{ + TCG_FIND_FEATURE_CTX* FindCtx; + + FindCtx = (TCG_FIND_FEATURE_CTX*)Context; + if ( SwapBytes16( Feature->FeatureCode_BE ) == FindCtx->FeatureCode ) { + FindCtx->Feature = Feature; + FindCtx->FeatureSize = FeatureSize; + return TRUE; // done enumerating features + } + return FALSE; // continue enumerating +} + +/** + Get Feature code from the header. + + @param DiscoveryHeader The discovery header. + @param FeatureCode return the Feature code. + @param FeatureSize return the Feature size. + + @retval return the Feature code data. +**/ +TCG_LEVEL0_FEATURE_DESCRIPTOR_HEADER* +EFIAPI +TcgGetFeature( + const TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader, + UINT16 FeatureCode, + UINTN *FeatureSize + ) +{ + TCG_FIND_FEATURE_CTX FindCtx; + + FindCtx.FeatureCode = FeatureCode; + FindCtx.Feature = NULL; + FindCtx.FeatureSize = 0; + + TcgEnumLevel0Discovery(DiscoveryHeader, TcgFindFeatureCallback, &FindCtx); + if (FeatureSize != NULL) { + *FeatureSize = FindCtx.FeatureSize; + } + return FindCtx.Feature; +} + +/** + Determines if the protocol provided is part of the provided supported protocol list. + + @param[in] ProtocolList Supported protocol list to investigate + @param[in] Protocol Protocol value to determine if supported + + @return TRUE = protocol is supported, FALSE = protocol is not supported +**/ +BOOLEAN +EFIAPI +TcgIsProtocolSupported( + const TCG_SUPPORTED_SECURITY_PROTOCOLS *ProtocolList, + UINT16 Protocol + ) +{ + UINT16 Index; + UINT16 ListLength; + + ListLength = SwapBytes16(ProtocolList->ListLength_BE); + + if (ListLength > sizeof(ProtocolList->List)) { + DEBUG ((DEBUG_INFO, "WARNING: list Length is larger than max allowed Value; truncating\n")); + ListLength = sizeof(ProtocolList->List); + } + + for (Index = 0; Index < ListLength; Index++) { + if (ProtocolList->List[Index] == Protocol) { + return TRUE; + } + } + + return FALSE; +} + +/** + Check whether lock or not. + + @param Discovery + + @retval TRUE if lock, FALSE if not lock. +**/ +BOOLEAN +EFIAPI +TcgIsLocked( + const TCG_LEVEL0_DISCOVERY_HEADER *Discovery + ) +{ + UINTN Size; + TCG_LOCKING_FEATURE_DESCRIPTOR *LockDescriptor; + + Size = 0; + LockDescriptor =(TCG_LOCKING_FEATURE_DESCRIPTOR*) TcgGetFeature (Discovery, TCG_FEATURE_LOCKING, &Size); + + if (LockDescriptor != NULL && Size >= sizeof(*LockDescriptor)) { + DEBUG ((DEBUG_INFO, "locked: %d\n", LockDescriptor->Locked)); + return LockDescriptor->Locked; + } + + // + // Descriptor was not found + // + return FALSE; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c new file mode 100644 index 00000000..d21e8630 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalCore.c @@ -0,0 +1,1989 @@ +/** @file + Public API for Opal Core library. + +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Uefi.h> +#include <Library/BaseLib.h> +#include <Library/TimerLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/TcgStorageOpalLib.h> + +#include "TcgStorageOpalLibInternal.h" + +#pragma pack(1) +typedef struct { + UINT8 HardwareReset : 1; + UINT8 Reserved : 7; +} TCG_BLOCK_SID_CLEAR_EVENTS; +#pragma pack() + +#define TRUSTED_COMMAND_TIMEOUT_NS ((UINT64) 5 * ((UINT64)(1000000)) * 1000) // 5 seconds +#define BUFFER_SIZE 512 + +/** + The function performs a Trusted Send of a Buffer containing a TCG_COM_PACKET. + + @param[in] Sscp The input Ssc Protocol. + @param[in] MediaId The input Media id info used by Ssc Protocol. + @param[in] SecurityProtocol Security Protocol + @param[in] SpSpecific Security Protocol Specific + @param[in] TransferLength Transfer Length of Buffer (in bytes) - always a multiple of 512 + @param[in] Buffer Address of Data to transfer + @param[in] BufferSize Full Size of Buffer, including space that may be used for padding. + +**/ +TCG_RESULT +OpalTrustedSend( + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp, + UINT32 MediaId, + UINT8 SecurityProtocol, + UINT16 SpSpecific, + UINTN TransferLength, + VOID *Buffer, + UINTN BufferSize + ) +{ + UINTN TransferLength512; + EFI_STATUS Status; + + // + // Round transferLength up to a 512-byte multiple + // + TransferLength512 = (TransferLength + 511) & ~(UINTN)511; + + if (TransferLength512 > BufferSize) { + return TcgResultFailureBufferTooSmall; + } + + ZeroMem((UINT8*)Buffer + TransferLength, TransferLength512 - TransferLength); + + Status = Sscp->SendData( + Sscp, + MediaId, + TRUSTED_COMMAND_TIMEOUT_NS, + SecurityProtocol, + SwapBytes16(SpSpecific), + TransferLength512, + Buffer + ); + + return Status == EFI_SUCCESS ? TcgResultSuccess : TcgResultFailure; +} + +/** + + The function performs a Trusted Receive of a Buffer containing a TCG_COM_PACKET. + + @param[in] Sscp The input Ssc Protocol. + @param[in] MediaId The input Media id info used by Ssc Protocol. + @param[in] SecurityProtocol Security Protocol + @param[in] SpSpecific Security Protocol Specific + @param[in] Buffer Address of Data to transfer + @param[in] BufferSize Full Size of Buffer, including space that may be used for padding. + @param[in] EstimateTimeCost Estimate the time needed. + +**/ +TCG_RESULT +OpalTrustedRecv( + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp, + UINT32 MediaId, + UINT8 SecurityProtocol, + UINT16 SpSpecific, + VOID *Buffer, + UINTN BufferSize, + UINT32 EstimateTimeCost + ) +{ + UINTN TransferLength512; + UINT32 Tries; + TCG_COM_PACKET *ComPacket; + UINT32 Length; + UINT32 OutstandingData; + EFI_STATUS Status; + UINTN TransferSize; + + // + // Round Buffer Size down to a 512-byte multiple + // + TransferLength512 = BufferSize & ~(UINTN)511; + Tries = 0; + ComPacket = NULL; + Length = 0; + OutstandingData = 0; + + if (TransferLength512 < sizeof(TCG_COM_PACKET)) { + DEBUG ((DEBUG_INFO, "transferLength %u too small for ComPacket\n", TransferLength512)); + return TcgResultFailureBufferTooSmall; + } + + // + // Some devices respond with Length = 0 and OutstandingData = 1 to indicate that processing is not yet completed, + // so we need to retry the IF-RECV to get the actual Data. + // See TCG Core Spec v2 Table 45 IF-RECV ComPacket Field Values Summary + // This is an arbitrary number of retries, not from the spec. + // + // if user input estimate time cost(second level) value bigger than 10s, base on user input value to wait. + // Else, Use a max timeout of 10 seconds to wait, 5000 tries * 2ms = 10s + // + if (EstimateTimeCost > 10) { + Tries = EstimateTimeCost * 500; // 500 = 1000 * 1000 / 2000; + } else { + Tries = 5000; + } + while ((Tries--) > 0) { + ZeroMem( Buffer, BufferSize ); + TransferSize = 0; + + Status = Sscp->ReceiveData( + Sscp, + MediaId, + TRUSTED_COMMAND_TIMEOUT_NS, + SecurityProtocol, + SwapBytes16(SpSpecific), + TransferLength512, + Buffer, + &TransferSize + ); + if (EFI_ERROR (Status)) { + return TcgResultFailure; + } + + if (SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_1 && SecurityProtocol != TCG_OPAL_SECURITY_PROTOCOL_2) { + return TcgResultSuccess; + } + + if (SpSpecific == TCG_SP_SPECIFIC_PROTOCOL_LEVEL0_DISCOVERY) { + return TcgResultSuccess; + } + + ComPacket = (TCG_COM_PACKET*) Buffer; + Length = SwapBytes32(ComPacket->LengthBE); + OutstandingData = SwapBytes32( ComPacket->OutstandingDataBE ); + + if (Length != 0 && OutstandingData == 0) { + return TcgResultSuccess; + } + + // + // Delay for 2 ms + // + MicroSecondDelay (2000); + } + + return TcgResultFailure; +} + +/** + The function performs send, recv, check comIDs, check method status action. + + @param[in] Session OPAL_SESSION related to this method.. + @param[in] SendSize Transfer Length of Buffer (in bytes) - always a multiple of 512 + @param[in] Buffer Address of Data to transfer + @param[in] BufferSize Full Size of Buffer, including space that may be used for padding. + @param[in] ParseStruct Structure used to parse received TCG response. + @param[in] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + @param[in] EstimateTimeCost Estimate the time need to for the method. +**/ +TCG_RESULT +EFIAPI +OpalPerformMethod ( + OPAL_SESSION *Session, + UINT32 SendSize, + VOID *Buffer, + UINT32 BufferSize, + TCG_PARSE_STRUCT *ParseStruct, + UINT8 *MethodStatus, + UINT32 EstimateTimeCost + ) +{ + NULL_CHECK(Session); + NULL_CHECK(MethodStatus); + + ERROR_CHECK(OpalTrustedSend( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_1, + Session->OpalBaseComId, + SendSize, + Buffer, + BufferSize + )); + + ERROR_CHECK(OpalTrustedRecv( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_1, + Session->OpalBaseComId, + Buffer, + BufferSize, + EstimateTimeCost + )); + + ERROR_CHECK(TcgInitTcgParseStruct(ParseStruct, Buffer, BufferSize)); + ERROR_CHECK(TcgCheckComIds(ParseStruct, Session->OpalBaseComId, Session->ComIdExtension)); + ERROR_CHECK(TcgGetMethodStatus(ParseStruct, MethodStatus)); + + return TcgResultSuccess; +} + +/** + Trig the block sid action. + + @param[in] Session OPAL_SESSION related to this method.. + @param[in] HardwareReset Whether need to do hardware reset. + +**/ +TCG_RESULT +EFIAPI +OpalBlockSid( + OPAL_SESSION *Session, + BOOLEAN HardwareReset + ) +{ + UINT8 Buffer[BUFFER_SIZE]; + TCG_BLOCK_SID_CLEAR_EVENTS *ClearEvents; + + NULL_CHECK(Session); + + // + // Set Hardware Reset bit + // + ClearEvents = (TCG_BLOCK_SID_CLEAR_EVENTS *) &Buffer[0]; + + ClearEvents->Reserved = 0; + ClearEvents->HardwareReset = HardwareReset; + + return(OpalTrustedSend( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_2, + TCG_BLOCKSID_COMID, // hardcode ComID 0x0005 + 1, + Buffer, + BUFFER_SIZE + )); +} + +/** + + Reverts device using Admin SP Revert method. + + @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert. + +**/ +TCG_RESULT +EFIAPI +OpalPsidRevert( + OPAL_SESSION *AdminSpSession + ) +{ + // + // Now that base comid is known, start Session + // we'll attempt to start Session as PSID authority + // verify PSID Authority is defined in ADMIN SP authority table... is this possible? + // + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + UINT8 Buffer[BUFFER_SIZE]; + UINT8 MethodStatus; + + NULL_CHECK(AdminSpSession); + + // + // Send Revert action on Admin SP + // + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buffer, BUFFER_SIZE)); + ERROR_CHECK(TcgStartComPacket(&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_UID_ADMIN_SP, OPAL_ADMIN_SP_REVERT_METHOD)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + // + // Send Revert Method Call + // + ERROR_CHECK(OpalPerformMethod(AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK(MethodStatus, TcgResultFailure); + + return TcgResultSuccess; +} + +/** + + Reverts device using Admin SP Revert method. + + @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert. + @param[in] EstimateTimeCost Estimate the time needed. + +**/ +TCG_RESULT +OpalPyrite2PsidRevert( + OPAL_SESSION *AdminSpSession, + UINT32 EstimateTimeCost + ) +{ + // + // Now that base comid is known, start Session + // we'll attempt to start Session as PSID authority + // verify PSID Authority is defined in ADMIN SP authority table... is this possible? + // + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + UINT8 Buffer[BUFFER_SIZE]; + UINT8 MethodStatus; + + + NULL_CHECK(AdminSpSession); + + // + // Send Revert action on Admin SP + // + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buffer, BUFFER_SIZE)); + ERROR_CHECK(TcgStartComPacket(&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_UID_ADMIN_SP, OPAL_ADMIN_SP_REVERT_METHOD)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + // + // Send Revert Method Call + // + ERROR_CHECK(OpalPerformMethod(AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, EstimateTimeCost)); + METHOD_STATUS_ERROR_CHECK(MethodStatus, TcgResultFailure); + + return TcgResultSuccess; +} + +/** + + The function fills in the provided Buffer with the level 0 discovery Header + of the device specified. + + @param[in] Session OPAL_SESSION data. + @param[in] BufferSize Size of Buffer provided (in bytes) + @param[in] BuffAddress Buffer address to fill with Level 0 Discovery response + +**/ +TCG_RESULT +EFIAPI +OpalRetrieveLevel0DiscoveryHeader( + OPAL_SESSION *Session, + UINTN BufferSize, + VOID *BuffAddress + ) +{ + return (OpalTrustedRecv( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_1, // SP + TCG_SP_SPECIFIC_PROTOCOL_LEVEL0_DISCOVERY, // SP_Specific + BuffAddress, + BufferSize, + 0 + )); +} + +/** + + The function fills in the provided Buffer with the supported protocol list + of the device specified. + + @param[in] Session OPAL_SESSION data. + @param[in] BufferSize Size of Buffer provided (in bytes) + @param[in] BuffAddress Buffer address to fill with security protocol list + +**/ +TCG_RESULT +EFIAPI +OpalRetrieveSupportedProtocolList( + OPAL_SESSION *Session, + UINTN BufferSize, + VOID *BuffAddress + ) +{ + return (OpalTrustedRecv( + Session->Sscp, + Session->MediaId, + TCG_SECURITY_PROTOCOL_INFO, // SP + TCG_SP_SPECIFIC_PROTOCOL_LIST, // SP_Specific + BuffAddress, + BufferSize, + 0 + )); +} + +/** + Starts a session with a security provider (SP). + + If a session is started successfully, the caller must end the session with OpalEndSession when finished + performing Opal actions. + + @param[in/out] Session OPAL_SESSION to initialize. + @param[in] SpId Security provider ID to start the session with. + @param[in] Write Whether the session should be read-only (FALSE) or read/write (TRUE). + @param[in] HostChallengeLength Length of the host challenge. Length should be 0 if hostChallenge is NULL + @param[in] HostChallenge Host challenge for Host Signing Authority. If NULL, then no Host Challenge will be sent. + @param[in] HostSigningAuthority Host Signing Authority used for start session. If NULL, then no Host Signing Authority will be sent. + @param[in/out] MethodStatus Status of the StartSession method; only valid if TcgResultSuccess is returned. + + @return TcgResultSuccess indicates that the function completed without any internal errors. + The caller must inspect the MethodStatus field to determine whether the method completed successfully. + +**/ +TCG_RESULT +EFIAPI +OpalStartSession( + OPAL_SESSION *Session, + TCG_UID SpId, + BOOLEAN Write, + UINT32 HostChallengeLength, + const VOID *HostChallenge, + TCG_UID HostSigningAuthority, + UINT8 *MethodStatus + ) +{ + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + UINT8 Buf[BUFFER_SIZE]; + UINT16 ComIdExtension; + UINT32 HostSessionId; + + ComIdExtension = 0; + HostSessionId = 1; + + NULL_CHECK(Session); + NULL_CHECK(MethodStatus); + + Session->ComIdExtension = ComIdExtension; + Session->HostSessionId = HostSessionId; + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgCreateStartSession( + &CreateStruct, + &Size, + Session->OpalBaseComId, + ComIdExtension, + HostSessionId, + SpId, + Write, + HostChallengeLength, + HostChallenge, + HostSigningAuthority + )); + ERROR_CHECK(OpalPerformMethod(Session, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + return TcgResultSuccess; // return early if method failed - user must check MethodStatus + } + + if (TcgParseSyncSession(&ParseStruct, Session->OpalBaseComId, ComIdExtension, HostSessionId, &Session->TperSessionId) != TcgResultSuccess) { + OpalEndSession(Session); + return TcgResultFailure; + } + + return TcgResultSuccess; +} + +/** + Close a session opened with OpalStartSession. + + @param[in/out] Session OPAL_SESSION to end. + +**/ +TCG_RESULT +EFIAPI +OpalEndSession( + OPAL_SESSION *Session + ) +{ + UINT8 Buffer[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + UINT32 Size; + TCG_PARSE_STRUCT ParseStruct; + + NULL_CHECK(Session); + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buffer, sizeof(Buffer))); + ERROR_CHECK(TcgCreateEndSession( + &CreateStruct, + &Size, + Session->OpalBaseComId, + Session->ComIdExtension, + Session->HostSessionId, + Session->TperSessionId + )); + + ERROR_CHECK(OpalTrustedSend( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_1, + Session->OpalBaseComId, + Size, + Buffer, + sizeof(Buffer) + )); + + ERROR_CHECK(OpalTrustedRecv( + Session->Sscp, + Session->MediaId, + TCG_OPAL_SECURITY_PROTOCOL_1, + Session->OpalBaseComId, + Buffer, + sizeof(Buffer), + 0 + )); + + ERROR_CHECK(TcgInitTcgParseStruct(&ParseStruct, Buffer, sizeof(Buffer))); + ERROR_CHECK(TcgCheckComIds(&ParseStruct, Session->OpalBaseComId, Session->ComIdExtension)); + + ERROR_CHECK(TcgGetNextEndOfSession(&ParseStruct)); + return TcgResultSuccess; +} + +/** + + The function retrieves the MSID from the device specified + + @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert. + @param[in] MsidBufferSize Allocated Buffer Size (in bytes) for MSID allocated by caller + @param[in] Msid Variable Length byte sequence representing MSID of device + @param[in] MsidLength Actual Length of MSID retrieved from device + +**/ +TCG_RESULT +EFIAPI +OpalGetMsid( + OPAL_SESSION *AdminSpSession, + UINT32 MsidBufferSize, + UINT8 *Msid, + UINT32 *MsidLength + ) +{ + // + // now that base comid is known, start Session + // we'll attempt to start Session as PSID authority + // verify PSID Authority is defined in ADMIN SP authority table... is this possible? + // + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + UINT8 MethodStatus; + UINT32 Col; + const VOID *RecvMsid; + UINT8 Buffer[BUFFER_SIZE]; + + NULL_CHECK(AdminSpSession); + NULL_CHECK(Msid); + NULL_CHECK(MsidLength); + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buffer, BUFFER_SIZE)); + ERROR_CHECK(TcgStartComPacket(&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_UID_ADMIN_SP_C_PIN_MSID, TCG_UID_METHOD_GET)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK(TcgAddStartList(&CreateStruct)); + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_ADMIN_SP_PIN_COL)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_ADMIN_SP_PIN_COL)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK(TcgAddEndList(&CreateStruct)); + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + // + // Send MSID Method Call + // + ERROR_CHECK(OpalPerformMethod(AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK(MethodStatus, TcgResultFailure); + + ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); + ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); + ERROR_CHECK(TcgGetNextStartName(&ParseStruct)); + ERROR_CHECK(TcgGetNextUINT32(&ParseStruct, &Col)); + ERROR_CHECK(TcgGetNextByteSequence(&ParseStruct, &RecvMsid, MsidLength)); + ERROR_CHECK(TcgGetNextEndName(&ParseStruct)); + ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); + ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); + ERROR_CHECK(TcgGetNextEndOfData(&ParseStruct)); + + if (Col != OPAL_ADMIN_SP_PIN_COL) { + DEBUG ((DEBUG_INFO, "ERROR: got col %u, expected %u\n", Col, OPAL_ADMIN_SP_PIN_COL)); + return TcgResultFailure; + } + + if (RecvMsid == NULL) { + return TcgResultFailure; + } + + if (MsidBufferSize < *MsidLength) { + DEBUG ((DEBUG_INFO, "Buffer too small MsidBufferSize: %d MsidLength: %d\n", MsidBufferSize, *MsidLength)); + return TcgResultFailureBufferTooSmall; + } + + // + // copy msid into Buffer + // + CopyMem(Msid, RecvMsid, *MsidLength); + return TcgResultSuccess; +} + +/** + + The function retrieves the MSID from the device specified + + @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_ANYBODY_AUTHORITY + @param[out] ActiveDataRemovalMechanism Active Data Removal Mechanism that the device will use for Revert/RevertSP calls. + +**/ +TCG_RESULT +OpalPyrite2GetActiveDataRemovalMechanism ( + IN OPAL_SESSION *AdminSpSession, + OUT UINT8 *ActiveDataRemovalMechanism + ) +{ + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + UINT8 MethodStatus; + UINT32 Col; + UINT8 RecvActiveDataRemovalMechanism; + UINT8 Buffer[BUFFER_SIZE]; + + NULL_CHECK(AdminSpSession); + NULL_CHECK(ActiveDataRemovalMechanism); + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buffer, BUFFER_SIZE)); + ERROR_CHECK(TcgStartComPacket(&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_UID_ADMIN_SP_DATA_REMOVAL_MECHANISM, TCG_UID_METHOD_GET)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK(TcgAddStartList(&CreateStruct)); + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_ADMIN_SP_ACTIVE_DATA_REMOVAL_MECHANISM_COL)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_ADMIN_SP_ACTIVE_DATA_REMOVAL_MECHANISM_COL)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK(TcgAddEndList(&CreateStruct)); + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + // + // Send Get Active Data Removal Mechanism Method Call + // + ERROR_CHECK(OpalPerformMethod(AdminSpSession, Size, Buffer, BUFFER_SIZE, &ParseStruct, &MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK(MethodStatus, TcgResultFailure); + + ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); + ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); + ERROR_CHECK(TcgGetNextStartName(&ParseStruct)); + ERROR_CHECK(TcgGetNextUINT32(&ParseStruct, &Col)); + ERROR_CHECK(TcgGetNextUINT8(&ParseStruct, &RecvActiveDataRemovalMechanism)); + ERROR_CHECK(TcgGetNextEndName(&ParseStruct)); + ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); + ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); + ERROR_CHECK(TcgGetNextEndOfData(&ParseStruct)); + + if (Col != OPAL_ADMIN_SP_ACTIVE_DATA_REMOVAL_MECHANISM_COL) { + DEBUG ((DEBUG_INFO, "ERROR: got col %u, expected %u\n", Col, OPAL_ADMIN_SP_ACTIVE_DATA_REMOVAL_MECHANISM_COL)); + return TcgResultFailure; + } + + if (RecvActiveDataRemovalMechanism >= ResearvedMechanism) { + return TcgResultFailure; + } + + // + // Copy active data removal mechanism into Buffer + // + CopyMem(ActiveDataRemovalMechanism, &RecvActiveDataRemovalMechanism, sizeof(RecvActiveDataRemovalMechanism)); + return TcgResultSuccess; +} + +/** + + The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter + to keep the user Data is set to True, otherwise the optional parameter is not provided. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP + @param[in] KeepUserData Specifies whether or not to keep user Data when performing RevertSP action. True = keeps user Data. + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalAdminRevert( + OPAL_SESSION *LockingSpSession, + BOOLEAN KeepUserData, + UINT8 *MethodStatus + ) +{ + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + UINT32 Size; + TCG_PARSE_STRUCT ParseStruct; + TCG_RESULT Ret; + + NULL_CHECK(LockingSpSession); + NULL_CHECK(MethodStatus); + + // + // ReadLocked or WriteLocked must be False (per Opal spec) to guarantee revertSP can keep user Data + // + if (KeepUserData) { + // + // set readlocked and writelocked to false + // + Ret = OpalUpdateGlobalLockingRange( + LockingSpSession, + FALSE, + FALSE, + MethodStatus); + + if (Ret != TcgResultSuccess || *MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + // + // bail out + // + return Ret; + } + } + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, TCG_UID_THIS_SP, OPAL_LOCKING_SP_REVERTSP_METHOD)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + + if (KeepUserData) { + // + // optional parameter to keep Data after revert + // + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT32(&CreateStruct, 0x060000)); // weird Value but that's what spec says + ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, KeepUserData)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + } + + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + // + // Send RevertSP method call + // + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + // + // Session is immediately ended by device after successful revertsp, so no need to end Session + // + if (*MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + // + // Caller should take ownership again + // + return TcgResultSuccess; + } else { + // + // End Session + // + METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); // exit with success on method failure - user must inspect MethodStatus + } + + return TcgResultSuccess; +} + + +/** + + The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter + to keep the user Data is set to True, otherwise the optional parameter is not provided. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP + @param[in] KeepUserData Specifies whether or not to keep user Data when performing RevertSP action. True = keeps user Data. + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + @param[in] EstimateTimeCost Estimate the time needed. + +**/ +TCG_RESULT +OpalPyrite2AdminRevert( + OPAL_SESSION *LockingSpSession, + BOOLEAN KeepUserData, + UINT8 *MethodStatus, + UINT32 EstimateTimeCost + ) +{ + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + UINT32 Size; + TCG_PARSE_STRUCT ParseStruct; + TCG_RESULT Ret; + + NULL_CHECK(LockingSpSession); + NULL_CHECK(MethodStatus); + + // + // ReadLocked or WriteLocked must be False (per Opal spec) to guarantee revertSP can keep user Data + // + if (KeepUserData) { + // + // set readlocked and writelocked to false + // + Ret = OpalUpdateGlobalLockingRange( + LockingSpSession, + FALSE, + FALSE, + MethodStatus); + + if (Ret != TcgResultSuccess || *MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + // + // bail out + // + return Ret; + } + } + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, TCG_UID_THIS_SP, OPAL_LOCKING_SP_REVERTSP_METHOD)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + + if (KeepUserData) { + // + // optional parameter to keep Data after revert + // + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT32(&CreateStruct, 0x060000)); // weird Value but that's what spec says + ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, KeepUserData)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + } + + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + // + // Send RevertSP method call + // + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, EstimateTimeCost)); + + // + // Session is immediately ended by device after successful revertsp, so no need to end Session + // + if (*MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + // + // Caller should take ownership again + // + return TcgResultSuccess; + } else { + // + // End Session + // + METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); // exit with success on method failure - user must inspect MethodStatus + } + + return TcgResultSuccess; +} + +/** + + The function activates the Locking SP. + Once activated, per Opal spec, the ADMIN SP SID PIN is copied over to the ADMIN1 LOCKING SP PIN. + If the Locking SP is already enabled, then TcgResultSuccess is returned and no action occurs. + + @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY to activate Locking SP + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalActivateLockingSp( + OPAL_SESSION *AdminSpSession, + UINT8 *MethodStatus + ) +{ + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + UINT32 Size; + TCG_PARSE_STRUCT ParseStruct; + + NULL_CHECK(AdminSpSession); + NULL_CHECK(MethodStatus); + + // + // Call Activate method on Locking SP + // + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgStartComPacket(&CreateStruct, AdminSpSession->OpalBaseComId, AdminSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, AdminSpSession->TperSessionId, AdminSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_UID_LOCKING_SP, OPAL_ADMIN_SP_ACTIVATE_METHOD)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + // + // Send Activate method call + // + ERROR_CHECK(OpalPerformMethod(AdminSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); // exit with success on method failure - user must inspect MethodStatus + + return TcgResultSuccess; +} + +/** + + The function sets the PIN column of the specified cpinRowUid (authority) with the newPin Value. + + @param[in/out] Session OPAL_SESSION to set password + @param[in] CpinRowUid UID of row (authority) to update PIN column + @param[in] NewPin New Pin to set for cpinRowUid specified + @param[in] NewPinLength Length in bytes of newPin + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalSetPassword( + OPAL_SESSION *Session, + TCG_UID CpinRowUid, + const VOID *NewPin, + UINT32 NewPinLength, + UINT8 *MethodStatus + ) +{ + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + + NULL_CHECK(Session); + NULL_CHECK(NewPin); + NULL_CHECK(MethodStatus); + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgCreateSetCPin( + &CreateStruct, + &Size, + Session->OpalBaseComId, + Session->ComIdExtension, + Session->TperSessionId, + Session->HostSessionId, + CpinRowUid, + NewPin, + NewPinLength + )); + + ERROR_CHECK(OpalPerformMethod(Session, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + // exit with success on method failure - user must inspect MethodStatus + METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); + + return TcgResultSuccess; +} + +/** + + The function sets the Enabled column to TRUE for the authorityUid provided and updates the PIN column for the cpinRowUid provided + using the newPin provided. AuthorityUid and cpinRowUid should describe the same authority. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to update + @param[in] CpinRowUid Row UID of C_PIN table of Locking SP to update PIN + @param[in] AuthorityUid UID of Locking SP authority to update Pin column with + @param[in] NewPin New Password used to set Pin column + @param[in] NewPinLength Length in bytes of new password + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalSetLockingSpAuthorityEnabledAndPin( + OPAL_SESSION *LockingSpSession, + TCG_UID CpinRowUid, + TCG_UID AuthorityUid, + const VOID *NewPin, + UINT32 NewPinLength, + UINT8 *MethodStatus + ) +{ + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + TCG_UID ActiveKey; + TCG_RESULT Ret; + + NULL_CHECK(LockingSpSession); + NULL_CHECK(NewPin); + NULL_CHECK(MethodStatus); + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgSetAuthorityEnabled( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + AuthorityUid, + TRUE)); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "Send Set Authority error\n")); + return TcgResultFailure; + } + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + + ERROR_CHECK(TcgCreateSetCPin( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + CpinRowUid, + NewPin, + NewPinLength)); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + // + // allow user1 to set global range to unlocked/locked by modifying ACE_Locking_GlobalRange_SetRdLocked/SetWrLocked + // + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgCreateSetAce( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_SET_RDLOCKED, + OPAL_LOCKING_SP_USER1_AUTHORITY, + TCG_ACE_EXPRESSION_OR, + OPAL_LOCKING_SP_ADMINS_AUTHORITY + )); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "Update ACE for RDLOCKED failed\n")); + return TcgResultFailure; + } + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgCreateSetAce( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_SET_WRLOCKED, + OPAL_LOCKING_SP_USER1_AUTHORITY, + TCG_ACE_EXPRESSION_OR, + OPAL_LOCKING_SP_ADMINS_AUTHORITY + )); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "Update ACE for WRLOCKED failed\n")); + return TcgResultFailure; + } + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size)); + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + // + // For Pyrite type SSC, it not supports Active Key. + // So here add check logic before enable it. + // + Ret = OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey); + if (Ret == TcgResultSuccess) { + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgCreateSetAce( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + (ActiveKey == OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY) ? OPAL_LOCKING_SP_ACE_K_AES_256_GLOBALRANGE_GENKEY : OPAL_LOCKING_SP_ACE_K_AES_128_GLOBALRANGE_GENKEY, + OPAL_LOCKING_SP_USER1_AUTHORITY, + TCG_ACE_EXPRESSION_OR, + OPAL_LOCKING_SP_ADMINS_AUTHORITY + )); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "Update ACE for GLOBALRANGE_GENKEY failed\n")); + // + // Disable user1 if all permissions are not granted. + // + return TcgResultFailure; + } + } + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgCreateSetAce( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_GET_ALL, + OPAL_LOCKING_SP_USER1_AUTHORITY, + TCG_ACE_EXPRESSION_OR, + OPAL_LOCKING_SP_ADMINS_AUTHORITY + )); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + if (*MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "Update ACE for OPAL_LOCKING_SP_ACE_LOCKING_GLOBALRANGE_GET_ALL failed\n")); + return TcgResultFailure; + } + + return TcgResultSuccess; +} + +/** + + The function sets the Enabled column to FALSE for the USER1 authority. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to disable User1 + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalDisableUser( + OPAL_SESSION *LockingSpSession, + UINT8 *MethodStatus + ) +{ + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + + NULL_CHECK(LockingSpSession); + NULL_CHECK(MethodStatus); + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgSetAuthorityEnabled( + &CreateStruct, + &Size, + LockingSpSession->OpalBaseComId, + LockingSpSession->ComIdExtension, + LockingSpSession->TperSessionId, + LockingSpSession->HostSessionId, + OPAL_LOCKING_SP_USER1_AUTHORITY, + FALSE)); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + return TcgResultSuccess; +} + +/** + + The function retrieves the active key of the global locking range + and calls the GenKey method on the active key retrieved. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalGlobalLockingRangeGenKey( + OPAL_SESSION *LockingSpSession, + UINT8 *MethodStatus + ) +{ + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + TCG_UID ActiveKey; + + NULL_CHECK(LockingSpSession); + NULL_CHECK(MethodStatus); + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + // + // retrieve the activekey in order to know which globalrange key to generate + // + ERROR_CHECK(OpalCreateRetrieveGlobalLockingRangeActiveKey(LockingSpSession, &CreateStruct, &Size)); + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); + + ERROR_CHECK(OpalParseRetrieveGlobalLockingRangeActiveKey(&ParseStruct, &ActiveKey)); + + // + // call genkey on ActiveKey UID + // + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, ActiveKey, TCG_UID_METHOD_GEN_KEY)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + + return TcgResultSuccess; +} + +/** + + The function updates the ReadLocked and WriteLocked columns of the Global Locking Range. + This function is required for a user1 authority, since a user1 authority shall only have access to ReadLocked and WriteLocked columns + (not ReadLockEnabled and WriteLockEnabled columns). + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key + @param[in] ReadLocked Value to set ReadLocked column for Global Locking Range + @param[in] WriteLocked Value to set WriteLocked column for Global Locking Range + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalUpdateGlobalLockingRange( + OPAL_SESSION *LockingSpSession, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked, + UINT8 *MethodStatus + ) +{ + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + + NULL_CHECK(LockingSpSession); + NULL_CHECK(MethodStatus); + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + + // + // set global locking range values + // + ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, OPAL_LOCKING_SP_LOCKING_GLOBALRANGE, TCG_UID_METHOD_SET)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x01)); // "Values" + ERROR_CHECK(TcgAddStartList(&CreateStruct)); + + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x07)); // "ReadLocked" + ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, ReadLocked)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x08)); // "WriteLocked" + ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, WriteLocked)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + + ERROR_CHECK(TcgAddEndList(&CreateStruct)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); + + return TcgResultSuccess; +} + +/** + + The function updates the RangeStart, RangeLength, ReadLockedEnabled, WriteLockedEnabled, ReadLocked and WriteLocked columns + of the specified Locking Range. This function requires admin authority of a locking SP session. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to generate key + @param[in] LockingRangeUid Locking range UID to set values + @param[in] RangeStart Value to set RangeStart column for Locking Range + @param[in] RangeLength Value to set RangeLength column for Locking Range + @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range + @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range + @param[in] ReadLocked Value to set ReadLocked column for Locking Range + @param[in] WriteLocked Value to set WriteLocked column for Locking Range + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + +**/ +TCG_RESULT +EFIAPI +OpalSetLockingRange( + OPAL_SESSION *LockingSpSession, + TCG_UID LockingRangeUid, + UINT64 RangeStart, + UINT64 RangeLength, + BOOLEAN ReadLockEnabled, + BOOLEAN WriteLockEnabled, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked, + UINT8 *MethodStatus + ) +{ + UINT8 Buf[BUFFER_SIZE]; + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + + NULL_CHECK(LockingSpSession); + NULL_CHECK(MethodStatus); + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + + // + // set locking range values + // + ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, LockingRangeUid, TCG_UID_METHOD_SET)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x01)); // "Values" + ERROR_CHECK(TcgAddStartList(&CreateStruct)); + + // + // range start and range Length only apply to non-global locking ranges + // + if (LockingRangeUid != OPAL_LOCKING_SP_LOCKING_GLOBALRANGE) { + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x03)); // "RangeStart" + ERROR_CHECK(TcgAddUINT64(&CreateStruct, RangeStart)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x04)); // "RangeLength" + ERROR_CHECK(TcgAddUINT64(&CreateStruct, RangeLength)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + } + + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x05)); // "ReadLockEnabled" + ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, ReadLockEnabled)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x06)); // "WriteLockEnabled" + ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, WriteLockEnabled)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x07)); // "ReadLocked" + ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, ReadLocked)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, 0x08)); // "WriteLocked" + ERROR_CHECK(TcgAddBOOLEAN(&CreateStruct, WriteLocked)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + + ERROR_CHECK(TcgAddEndList(&CreateStruct)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, MethodStatus, 0)); + // Exit with success on method failure - user must inspect MethodStatus + METHOD_STATUS_ERROR_CHECK(*MethodStatus, TcgResultSuccess); + + return TcgResultSuccess; +} + +/** + + The function populates the CreateStruct with a payload that will retrieve the global locking range active key. + It is intended to be called with a session that is already started with a valid credential. + The function does not send the payload. + + @param[in] Session OPAL_SESSION to populate command for, needs ComId + @param[in/out] CreateStruct Structure to populate with encoded TCG command + @param[in/out] Size Size in bytes of the command created. + +**/ +TCG_RESULT +EFIAPI +OpalCreateRetrieveGlobalLockingRangeActiveKey( + const OPAL_SESSION *Session, + TCG_CREATE_STRUCT *CreateStruct, + UINT32 *Size + ) +{ + NULL_CHECK(Session); + NULL_CHECK(CreateStruct); + NULL_CHECK(Size); + + // Retrieve the activekey in order to know which globalrange key to generate + ERROR_CHECK(TcgStartComPacket(CreateStruct, Session->OpalBaseComId, Session->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(CreateStruct, Session->TperSessionId, Session->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(CreateStruct, OPAL_LOCKING_SP_LOCKING_GLOBALRANGE, TCG_UID_METHOD_GET)); + ERROR_CHECK(TcgStartParameters(CreateStruct)); + ERROR_CHECK(TcgAddStartList(CreateStruct)); + ERROR_CHECK(TcgAddStartName(CreateStruct)); + ERROR_CHECK(TcgAddUINT8(CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); + ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x0A)); // ActiveKey + ERROR_CHECK(TcgAddEndName(CreateStruct)); + ERROR_CHECK(TcgAddStartName(CreateStruct)); + ERROR_CHECK(TcgAddUINT8(CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); + ERROR_CHECK(TcgAddUINT8(CreateStruct, 0x0A)); + ERROR_CHECK(TcgAddEndName(CreateStruct)); + ERROR_CHECK(TcgAddEndList(CreateStruct)); + ERROR_CHECK(TcgEndParameters(CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(CreateStruct)); + ERROR_CHECK(TcgEndPacket(CreateStruct)); + ERROR_CHECK(TcgEndComPacket(CreateStruct, Size)); + + return TcgResultSuccess; +} + +/** + + The function acquires the activeKey specified for the Global Locking Range from the ParseStruct. + + @param[in] ParseStruct Structure that contains the device's response with the activekey + @param[in/out] ActiveKey The UID of the active key retrieved + +**/ +TCG_RESULT +EFIAPI +OpalParseRetrieveGlobalLockingRangeActiveKey( + TCG_PARSE_STRUCT *ParseStruct, + TCG_UID *ActiveKey + ) +{ + UINT32 ColumnName; + + NULL_CHECK(ParseStruct); + NULL_CHECK(ActiveKey); + + // parse response + ERROR_CHECK(TcgGetNextStartList(ParseStruct)); + ERROR_CHECK(TcgGetNextStartList(ParseStruct)); + ERROR_CHECK(TcgGetNextStartName(ParseStruct)); + ERROR_CHECK(TcgGetNextUINT32(ParseStruct, &ColumnName)); + ERROR_CHECK(TcgGetNextTcgUid(ParseStruct, ActiveKey)); + ERROR_CHECK(TcgGetNextEndName(ParseStruct)); + ERROR_CHECK(TcgGetNextEndList(ParseStruct)); + ERROR_CHECK(TcgGetNextEndList(ParseStruct)); + ERROR_CHECK(TcgGetNextEndOfData(ParseStruct)); + + if (ColumnName != 0x0A) { + DEBUG ((DEBUG_INFO, "Unexpected column name %u (exp 0x0A)\n", ColumnName)); + return TcgResultFailure; + } + + if (*ActiveKey != OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY && *ActiveKey != OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY) { + DEBUG ((DEBUG_INFO, "Unexpected gen key %u (exp %u or %u)\n", *ActiveKey, OPAL_LOCKING_SP_K_AES_256_GLOBALRANGE_KEY, OPAL_LOCKING_SP_K_AES_128_GLOBALRANGE_KEY)); + return TcgResultFailure; + } + + return TcgResultSuccess; +} + +/** + + The function retrieves the TryLimit column for the specified rowUid (authority). + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve try limit + @param[in] RowUid Row UID of the Locking SP C_PIN table to retrieve TryLimit column + @param[in/out] TryLimit Value from TryLimit column + +**/ +TCG_RESULT +EFIAPI +OpalGetTryLimit( + OPAL_SESSION *LockingSpSession, + TCG_UID RowUid, + UINT32 *TryLimit + ) +{ + TCG_CREATE_STRUCT CreateStruct; + TCG_PARSE_STRUCT ParseStruct; + UINT32 Size; + UINT8 MethodStatus; + UINT8 Buf[BUFFER_SIZE]; + UINT32 Col; + + NULL_CHECK(LockingSpSession); + NULL_CHECK(TryLimit); + + ERROR_CHECK(TcgInitTcgCreateStruct(&CreateStruct, Buf, sizeof(Buf))); + ERROR_CHECK(TcgStartComPacket(&CreateStruct, LockingSpSession->OpalBaseComId, LockingSpSession->ComIdExtension)); + ERROR_CHECK(TcgStartPacket(&CreateStruct, LockingSpSession->TperSessionId, LockingSpSession->HostSessionId, 0x0, 0x0, 0x0)); + ERROR_CHECK(TcgStartSubPacket(&CreateStruct, 0x0)); + ERROR_CHECK(TcgStartMethodCall(&CreateStruct, RowUid, TCG_UID_METHOD_GET)); + ERROR_CHECK(TcgStartParameters(&CreateStruct)); + ERROR_CHECK(TcgAddStartList(&CreateStruct)); + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_START_COLUMN_NAME)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_LOCKING_SP_C_PIN_TRYLIMIT_COL)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK(TcgAddStartName(&CreateStruct)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, TCG_CELL_BLOCK_END_COLUMN_NAME)); + ERROR_CHECK(TcgAddUINT8(&CreateStruct, OPAL_LOCKING_SP_C_PIN_TRYLIMIT_COL)); + ERROR_CHECK(TcgAddEndName(&CreateStruct)); + ERROR_CHECK(TcgAddEndList(&CreateStruct)); + ERROR_CHECK(TcgEndParameters(&CreateStruct)); + ERROR_CHECK(TcgEndMethodCall(&CreateStruct)); + ERROR_CHECK(TcgEndSubPacket(&CreateStruct)); + ERROR_CHECK(TcgEndPacket(&CreateStruct)); + ERROR_CHECK(TcgEndComPacket(&CreateStruct, &Size)); + + ERROR_CHECK(OpalPerformMethod(LockingSpSession, Size, Buf, sizeof(Buf), &ParseStruct, &MethodStatus, 0)); + METHOD_STATUS_ERROR_CHECK(MethodStatus, TcgResultFailure); + + ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); + ERROR_CHECK(TcgGetNextStartList(&ParseStruct)); + ERROR_CHECK(TcgGetNextStartName(&ParseStruct)); + ERROR_CHECK(TcgGetNextUINT32(&ParseStruct, &Col)); + ERROR_CHECK(TcgGetNextUINT32(&ParseStruct, TryLimit)); + ERROR_CHECK(TcgGetNextEndName(&ParseStruct)); + ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); + ERROR_CHECK(TcgGetNextEndList(&ParseStruct)); + ERROR_CHECK(TcgGetNextEndOfData(&ParseStruct)); + + if (Col != OPAL_LOCKING_SP_C_PIN_TRYLIMIT_COL) { + DEBUG ((DEBUG_INFO, "ERROR: got col %u, expected %u\n", Col, OPAL_LOCKING_SP_C_PIN_TRYLIMIT_COL)); + return TcgResultFailure; + } + + return TcgResultSuccess; +} + +/** + + Get the support attribute info. + + @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info. + @param[out] SupportedAttributes Return the support attribute info. + @param[out] OpalBaseComId Return the base com id info. + +**/ +TCG_RESULT +EFIAPI +OpalGetSupportedAttributesInfo( + IN OPAL_SESSION *Session, + OUT OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + OUT UINT16 *OpalBaseComId + ) +{ + UINT8 Buffer[BUFFER_SIZE]; + TCG_SUPPORTED_SECURITY_PROTOCOLS *SupportedProtocols; + TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader; + OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat; + OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat2; + UINTN Size; + UINTN Size2; + + NULL_CHECK(Session); + NULL_CHECK(SupportedAttributes); + NULL_CHECK(OpalBaseComId); + + ZeroMem(Buffer, BUFFER_SIZE); + ASSERT(sizeof(Buffer) >= sizeof(TCG_SUPPORTED_SECURITY_PROTOCOLS)); + + // + // Retrieve supported protocols verify security protocol 1 is supported + // + SupportedProtocols = (TCG_SUPPORTED_SECURITY_PROTOCOLS*) Buffer; + + // + // Get list of supported protocols + // + if (OpalRetrieveSupportedProtocolList (Session, sizeof(TCG_SUPPORTED_SECURITY_PROTOCOLS), SupportedProtocols) == TcgResultFailure) { + DEBUG ((DEBUG_INFO, "OpalRetrieveSupportedProtocolList failed\n")); + return TcgResultFailure; + } + + SupportedAttributes->Sp1 = TcgIsProtocolSupported (SupportedProtocols, TCG_OPAL_SECURITY_PROTOCOL_1); + SupportedAttributes->Sp2 = TcgIsProtocolSupported (SupportedProtocols, TCG_OPAL_SECURITY_PROTOCOL_2); + SupportedAttributes->SpIeee1667 = TcgIsProtocolSupported (SupportedProtocols, TCG_SECURITY_PROTOCOL_IEEE_1667); + + DEBUG ((DEBUG_INFO, "Supported Protocols: Sp1 %d Sp2: %d SpIeee1667 %d \n", + SupportedAttributes->Sp1, + SupportedAttributes->Sp2, + SupportedAttributes->SpIeee1667 + )); + + // + // Perform level 0 discovery and assign desired feature info to Opal Disk structure + // + ZeroMem (Buffer, BUFFER_SIZE); + if (OpalRetrieveLevel0DiscoveryHeader (Session, BUFFER_SIZE, Buffer) == TcgResultFailure) { + DEBUG ((DEBUG_INFO, "OpalRetrieveLevel0DiscoveryHeader failed\n")); + return TcgResultFailure; + } + + // + // Check for required feature descriptors + // + DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER*) Buffer; + + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_V2_0_0, &Size); + SupportedAttributes->OpalSsc2 = (Feat != NULL); + + *OpalBaseComId = TCG_RESERVED_COMID; + + // + // Check Opal SCC V2 has valid settings for SID C_PIN on revert + // + if (SupportedAttributes->OpalSsc2 && Size >= sizeof (OPAL_SSCV2_FEATURE_DESCRIPTOR)) { + // + // Want opposite polarity b/c Value is greater than a bit, but we only care about non-zero vs zero + // + SupportedAttributes->InitCpinIndicator = (Feat->OpalSscV2.InitialCPINSIDPIN == 0); + SupportedAttributes->CpinUponRevert = (Feat->OpalSscV2.CPINSIDPINRevertBehavior == 0); + DEBUG ((DEBUG_INFO, "Opal SSC V2 InitCpinIndicator %d CpinUponRevert %d \n", + SupportedAttributes->InitCpinIndicator, + SupportedAttributes->CpinUponRevert + )); + *OpalBaseComId = SwapBytes16 (Feat->OpalSscV2.BaseComdIdBE); + } + + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_LITE, &Size); + SupportedAttributes->OpalSscLite = (Feat != NULL); + + if (Feat != NULL && Size >= sizeof (OPAL_SSCLITE_FEATURE_DESCRIPTOR)) { + if (*OpalBaseComId == TCG_RESERVED_COMID) { + // + // Pin values used always match up with ComId used + // + *OpalBaseComId = SwapBytes16 (Feat->OpalSscLite.BaseComdIdBE); + SupportedAttributes->InitCpinIndicator = (Feat->OpalSscV2.InitialCPINSIDPIN == 0); + SupportedAttributes->CpinUponRevert = (Feat->OpalSscV2.CPINSIDPINRevertBehavior == 0); + DEBUG ((DEBUG_INFO, "Opal SSC Lite InitCpinIndicator %d CpinUponRevert %d \n", + SupportedAttributes->InitCpinIndicator, + SupportedAttributes->CpinUponRevert + )); + } + } + + // + // For some pyrite 2.0 device, it contains both pyrite 1.0 and 2.0 feature data. + // so here try to get data from pyrite 2.0 feature data first. + // + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_PYRITE_SSC, &Size); + Size2 = 0; + Feat2 = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_PYRITE_SSC_V2_0_0, &Size2); + if (Feat2 != NULL && Size2 >= sizeof (PYRITE_SSCV2_FEATURE_DESCRIPTOR)) { + SupportedAttributes->PyriteSscV2 = TRUE; + if (*OpalBaseComId == TCG_RESERVED_COMID) { + *OpalBaseComId = SwapBytes16 (Feat2->PyriteSscV2.BaseComdIdBE); + SupportedAttributes->InitCpinIndicator = (Feat2->PyriteSscV2.InitialCPINSIDPIN == 0); + SupportedAttributes->CpinUponRevert = (Feat2->PyriteSscV2.CPINSIDPINRevertBehavior == 0); + DEBUG ((DEBUG_INFO, "Pyrite SSC V2 InitCpinIndicator %d CpinUponRevert %d \n", + SupportedAttributes->InitCpinIndicator, + SupportedAttributes->CpinUponRevert + )); + } + } else { + SupportedAttributes->PyriteSsc = (Feat != NULL); + if (Feat != NULL && Size >= sizeof (PYRITE_SSC_FEATURE_DESCRIPTOR)) { + if (*OpalBaseComId == TCG_RESERVED_COMID) { + *OpalBaseComId = SwapBytes16 (Feat->PyriteSsc.BaseComdIdBE); + SupportedAttributes->InitCpinIndicator = (Feat->PyriteSsc.InitialCPINSIDPIN == 0); + SupportedAttributes->CpinUponRevert = (Feat->PyriteSsc.CPINSIDPINRevertBehavior == 0); + DEBUG ((DEBUG_INFO, "Pyrite SSC InitCpinIndicator %d CpinUponRevert %d \n", + SupportedAttributes->InitCpinIndicator, + SupportedAttributes->CpinUponRevert + )); + } + } + } + + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_OPAL_SSC_V1_0_0, &Size); + SupportedAttributes->OpalSsc1 = (Feat != NULL); + if (Feat != NULL && Size >= sizeof (OPAL_SSCV1_FEATURE_DESCRIPTOR)) { + if (*OpalBaseComId == TCG_RESERVED_COMID) { + *OpalBaseComId = SwapBytes16 (Feat->OpalSscV1.BaseComdIdBE); + } + } + + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_LOCKING, &Size); + if (Feat != NULL && Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR)) { + SupportedAttributes->MediaEncryption = Feat->Locking.MediaEncryption; + DEBUG ((DEBUG_INFO, "SupportedAttributes->MediaEncryption 0x%X \n", SupportedAttributes->MediaEncryption)); + } + + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_BLOCK_SID, &Size); + if (Feat != NULL && Size >= sizeof (TCG_BLOCK_SID_FEATURE_DESCRIPTOR)) { + SupportedAttributes->BlockSid = TRUE; + DEBUG ((DEBUG_INFO, "BlockSid Supported!!! Current Status is 0x%X \n", Feat->BlockSid.SIDBlockedState)); + } else { + DEBUG ((DEBUG_INFO, "BlockSid Unsupported!!!")); + } + + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_DATA_REMOVAL, &Size); + if (Feat != NULL && Size >= sizeof (DATA_REMOVAL_FEATURE_DESCRIPTOR)) { + SupportedAttributes->DataRemoval = TRUE; + DEBUG ((DEBUG_INFO, "DataRemoval Feature Supported!\n")); + DEBUG ((DEBUG_INFO, "Operation Processing = 0x%x\n", Feat->DataRemoval.OperationProcessing)); + DEBUG ((DEBUG_INFO, "RemovalMechanism = 0x%x\n", Feat->DataRemoval.RemovalMechanism)); + DEBUG ((DEBUG_INFO, "BIT0 :: Format = 0x%x, Time = 0x%x\n", Feat->DataRemoval.FormatBit0, SwapBytes16 (Feat->DataRemoval.TimeBit0))); + DEBUG ((DEBUG_INFO, "BIT1 :: Format = 0x%x, Time = 0x%x\n", Feat->DataRemoval.FormatBit1, SwapBytes16 (Feat->DataRemoval.TimeBit1))); + DEBUG ((DEBUG_INFO, "BIT2 :: Format = 0x%x, Time = 0x%x\n", Feat->DataRemoval.FormatBit2, SwapBytes16 (Feat->DataRemoval.TimeBit2))); + DEBUG ((DEBUG_INFO, "BIT3 :: Format = 0x%x, Time = 0x%x\n", Feat->DataRemoval.FormatBit3, SwapBytes16 (Feat->DataRemoval.TimeBit3))); + DEBUG ((DEBUG_INFO, "BIT4 :: Format = 0x%x, Time = 0x%x\n", Feat->DataRemoval.FormatBit4, SwapBytes16 (Feat->DataRemoval.TimeBit4))); + } + + DEBUG ((DEBUG_INFO, "Base COMID 0x%04X \n", *OpalBaseComId)); + + return TcgResultSuccess; +} + +/** + + Get the support attribute info. + + @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info. + @param[in/out] LockingFeature Return the Locking info. + +**/ +TCG_RESULT +EFIAPI +OpalGetLockingInfo( + OPAL_SESSION *Session, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature + ) +{ + UINT8 Buffer[BUFFER_SIZE]; + TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader; + OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat; + UINTN Size; + + NULL_CHECK(Session); + NULL_CHECK(LockingFeature); + + ZeroMem(Buffer, BUFFER_SIZE); + ASSERT(sizeof(Buffer) >= sizeof(TCG_SUPPORTED_SECURITY_PROTOCOLS)); + + if (OpalRetrieveLevel0DiscoveryHeader (Session, BUFFER_SIZE, Buffer) == TcgResultFailure) { + DEBUG ((DEBUG_INFO, "OpalRetrieveLevel0DiscoveryHeader failed\n")); + return TcgResultFailure; + } + DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER*) Buffer; + + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, TCG_FEATURE_LOCKING, &Size); + if (Feat != NULL && Size >= sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR)) { + CopyMem (LockingFeature, &Feat->Locking, sizeof (TCG_LOCKING_FEATURE_DESCRIPTOR)); + } + + return TcgResultSuccess; +} + +/** + + Get the descriptor for the specific feature code. + + @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info. + @param[in] FeatureCode The feature code user request. + @param[in, out] DataSize The data size. + @param[out] Data The data buffer used to save the feature descriptor. + +**/ +TCG_RESULT +OpalGetFeatureDescriptor ( + IN OPAL_SESSION *Session, + IN UINT16 FeatureCode, + IN OUT UINTN *DataSize, + OUT VOID *Data + ) +{ + UINT8 Buffer[BUFFER_SIZE]; + TCG_LEVEL0_DISCOVERY_HEADER *DiscoveryHeader; + OPAL_LEVEL0_FEATURE_DESCRIPTOR *Feat; + UINTN Size; + + NULL_CHECK(Session); + NULL_CHECK(DataSize); + NULL_CHECK(Data); + + ZeroMem(Buffer, BUFFER_SIZE); + ASSERT(sizeof(Buffer) >= sizeof(TCG_SUPPORTED_SECURITY_PROTOCOLS)); + + if (OpalRetrieveLevel0DiscoveryHeader (Session, BUFFER_SIZE, Buffer) == TcgResultFailure) { + DEBUG ((DEBUG_INFO, "OpalRetrieveLevel0DiscoveryHeader failed\n")); + return TcgResultFailure; + } + DiscoveryHeader = (TCG_LEVEL0_DISCOVERY_HEADER*) Buffer; + + Size = 0; + Feat = (OPAL_LEVEL0_FEATURE_DESCRIPTOR*) TcgGetFeature (DiscoveryHeader, FeatureCode, &Size); + if (Feat != NULL) { + if (Size > *DataSize) { + *DataSize = Size; + return TcgResultFailureBufferTooSmall; + } + + *DataSize = Size; + CopyMem (Data, Feat, Size); + } + + return TcgResultSuccess; +} + +/** + + The function determines whether or not all of the requirements for the Opal Feature (not full specification) + are met by the specified device. + + @param[in] SupportedAttributes Opal device attribute. + +**/ +BOOLEAN +EFIAPI +OpalFeatureSupported( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes + ) +{ + NULL_CHECK(SupportedAttributes); + + if (SupportedAttributes->Sp1 == 0) { + return FALSE; + } + + if (SupportedAttributes->OpalSscLite == 0 && + SupportedAttributes->OpalSsc1 == 0 && + SupportedAttributes->OpalSsc2 == 0 && + SupportedAttributes->PyriteSsc == 0 && + SupportedAttributes->PyriteSscV2 == 0 + ) { + return FALSE; + } + + return TRUE; +} + +/** + + The function returns whether or not the device is Opal Enabled. + TRUE means that the device is partially or fully locked. + This will perform a Level 0 Discovery and parse the locking feature descriptor + + @param[in] SupportedAttributes Opal device attribute. + @param[in] LockingFeature Opal device locking status. + + +**/ +BOOLEAN +EFIAPI +OpalFeatureEnabled( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature + ) +{ + NULL_CHECK(SupportedAttributes); + NULL_CHECK(LockingFeature); + + if (!OpalFeatureSupported (SupportedAttributes)) { + return FALSE; + } + + if (LockingFeature->LockingSupported && LockingFeature->LockingEnabled) { + return TRUE; + } + + return FALSE; +} + +/** + + The function returns whether or not the device is Opal Locked. + TRUE means that the device is partially or fully locked. + This will perform a Level 0 Discovery and parse the locking feature descriptor + + @param[in] SupportedAttributes Opal device attribute. + @param[in] LockingFeature Opal device locking status. + +**/ +BOOLEAN +OpalDeviceLocked( + OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature + ) +{ + NULL_CHECK(SupportedAttributes); + NULL_CHECK(LockingFeature); + + if (!OpalFeatureEnabled (SupportedAttributes, LockingFeature)) { + return FALSE; + } + + return LockingFeature->Locked; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf new file mode 100644 index 00000000..9936ba8e --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf @@ -0,0 +1,39 @@ +## @file +# This is a Tcg storage Opal library. +# +# This module is used to provide API used by Opal password solution. +# +# Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## +[Defines] + INF_VERSION = 0x00010017 + BASE_NAME = TcgStorageOpalLib + FILE_GUID = F8B56221-FD5D-4215-B578-C3574AD1E253 + VERSION_STRING = 1.0 + MODULE_TYPE = BASE + LIBRARY_CLASS = TcgStorageOpalLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + TcgStorageOpalCore.c + TcgStorageOpalUtil.c + TcgStorageOpalLibInternal.h + +[LibraryClasses] + BaseLib + BaseMemoryLib + PrintLib + DebugLib + TimerLib + TcgStorageCoreLib + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h new file mode 100644 index 00000000..6b7ab98a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLibInternal.h @@ -0,0 +1,91 @@ +/** @file + Internal functions for Opal Core library. + +Copyright (c) 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _OPAL_INTERNAL_H_ +#define _OPAL_INTERNAL_H_ + +#include <Library/TcgStorageOpalLib.h> + + +/** + + The function retrieves the MSID from the device specified + + @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_ANYBODY_AUTHORITY + @param[out] ActiveDataRemovalMechanism Active Data Removal Mechanism that the device will use for Revert/RevertSP calls. + +**/ +TCG_RESULT +OpalPyrite2GetActiveDataRemovalMechanism ( + OPAL_SESSION *AdminSpSession, + UINT8 *ActiveDataRemovalMechanism + ); + +/** + + Get the support attribute info. + + @param[in] Session OPAL_SESSION with OPAL_UID_LOCKING_SP to retrieve info. + @param[in] FeatureCode The feature code user request. + @param[in, out] DataSize The data size. + @param[out] Data The data buffer used to save the feature descriptor. + +**/ +TCG_RESULT +OpalGetFeatureDescriptor ( + IN OPAL_SESSION *Session, + IN UINT16 FeatureCode, + IN OUT UINTN *DataSize, + OUT VOID *Data + ); + +/** + Get revert timeout value. + + @param[in] Session The session info for one opal device. + +**/ +UINT32 +GetRevertTimeOut ( + IN OPAL_SESSION *Session + ); + +/** + + Reverts device using Admin SP Revert method. + + @param[in] AdminSpSession OPAL_SESSION with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY to perform PSID revert. + @param[in] EstimateTimeCost Input the timeout value. + +**/ +TCG_RESULT +OpalPyrite2PsidRevert( + OPAL_SESSION *AdminSpSession, + UINT32 EstimateTimeCost + ); + +/** + + The function calls the Admin SP RevertSP method on the Locking SP. If KeepUserData is True, then the optional parameter + to keep the user Data is set to True, otherwise the optional parameter is not provided. + + @param[in] LockingSpSession OPAL_SESSION with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY to revertSP + @param[in] KeepUserData Specifies whether or not to keep user Data when performing RevertSP action. True = keeps user Data. + @param[in/out] MethodStatus Method status of last action performed. If action succeeded, it should be TCG_METHOD_STATUS_CODE_SUCCESS. + @param[in] EstimateTimeCost Input the timeout value. + +**/ +TCG_RESULT +OpalPyrite2AdminRevert( + OPAL_SESSION *LockingSpSession, + BOOLEAN KeepUserData, + UINT8 *MethodStatus, + UINT32 EstimateTimeCost + ); + +#endif // _OPAL_CORE_H_ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c new file mode 100644 index 00000000..a3444441 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalUtil.c @@ -0,0 +1,1123 @@ +/** @file + Public API for Opal Core library. + +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include <Uefi.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/TcgStorageOpalLib.h> +#include "TcgStorageOpalLibInternal.h" + +#define OPAL_MSID_LENGTH 128 + +/** + Creates a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts device using Admin SP Revert method. + + @param[in] Session, The session info for one opal device. + @param[in] Psid PSID of device to revert. + @param[in] PsidLength Length of PSID in bytes. + +**/ +TCG_RESULT +EFIAPI +OpalUtilPsidRevert( + OPAL_SESSION *Session, + const VOID *Psid, + UINT32 PsidLength + ) +{ + UINT8 MethodStatus; + TCG_RESULT Ret; + UINT32 RemovalTimeOut; + + NULL_CHECK(Session); + NULL_CHECK(Psid); + + RemovalTimeOut = GetRevertTimeOut (Session); + DEBUG ((DEBUG_INFO, "OpalUtilPsidRevert: Timeout value = %d\n", RemovalTimeOut)); + + Ret = OpalStartSession( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + PsidLength, + Psid, + OPAL_ADMIN_SP_PSID_AUTHORITY, + &MethodStatus); + if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalPyrite2PsidRevert(Session, RemovalTimeOut); + if (Ret != TcgResultSuccess) { + // + // If revert was successful, session was already ended by TPer, so only end session on failure + // + OpalEndSession(Session); + } + } + + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + + return Ret; +} + +/** + Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY, + sets the OPAL_UID_ADMIN_SP_C_PIN_SID column with the new password, + and activates the locking SP to copy SID PIN to Admin1 Locking SP PIN + + @param[in] Session, The session info for one opal device. + @param[in] GeneratedSid Generated SID of disk + @param[in] SidLength Length of generatedSid in bytes + @param[in] Password New admin password to set + @param[in] PassLength Length of password in bytes + +**/ +TCG_RESULT +EFIAPI +OpalUtilSetAdminPasswordAsSid( + OPAL_SESSION *Session, + const VOID *GeneratedSid, + UINT32 SidLength, + const VOID *Password, + UINT32 PassLength + ) +{ + UINT8 MethodStatus; + TCG_RESULT Ret; + + NULL_CHECK(Session); + NULL_CHECK(GeneratedSid); + NULL_CHECK(Password); + + Ret = OpalStartSession( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + SidLength, + GeneratedSid, + OPAL_ADMIN_SP_SID_AUTHORITY, + &MethodStatus + ); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); + goto done; + } + + // + // 1. Update SID = new Password + // + Ret = OpalSetPassword( + Session, + OPAL_UID_ADMIN_SP_C_PIN_SID, + Password, + PassLength, + &MethodStatus + ); + + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + OpalEndSession(Session); + DEBUG ((DEBUG_INFO, "set Password failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); + goto done; + } + + // + // 2. Activate locking SP + // + Ret = OpalActivateLockingSp(Session, &MethodStatus); + OpalEndSession(Session); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "activate locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); + goto done; + } + +done: + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + return Ret; +} + +/** + + Opens a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + and updates the specified locking range with the provided column values + + @param[in] Session, The session info for one opal device. + @param[in] Password New admin password to set + @param[in] PassLength Length of password in bytes + @param[in] LockingRangeUid Locking range UID to set values + @param[in] RangeStart Value to set RangeStart column for Locking Range + @param[in] RangeLength Value to set RangeLength column for Locking Range + @param[in] ReadLockEnabled Value to set readLockEnabled column for Locking Range + @param[in] WriteLockEnabled Value to set writeLockEnabled column for Locking Range + @param[in] ReadLocked Value to set ReadLocked column for Locking Range + @param[in] WriteLocked Value to set WriteLocked column for Locking Range + +**/ +TCG_RESULT +EFIAPI +OpalUtilSetOpalLockingRange( + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PassLength, + TCG_UID LockingRangeUid, + UINT64 RangeStart, + UINT64 RangeLength, + BOOLEAN ReadLockEnabled, + BOOLEAN WriteLockEnabled, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked + ) +{ + UINT8 MethodStatus; + TCG_RESULT Ret; + + NULL_CHECK(Session); + NULL_CHECK(Password); + + // + // Start session with Locking SP using current admin Password + // + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PassLength, + Password, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus); + if ((Ret != TcgResultSuccess) || (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS)) { + DEBUG ((DEBUG_INFO, "start session with locking SP failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); + goto done; + } + + // + // Enable locking range + // + Ret = OpalSetLockingRange( + Session, + LockingRangeUid, + RangeStart, + RangeLength, + ReadLockEnabled, + WriteLockEnabled, + ReadLocked, + WriteLocked, + &MethodStatus); + + OpalEndSession(Session); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "set locking range failed: Ret=%d MethodStatus=0x%x\n", Ret, MethodStatus)); + } + +done: + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + return Ret; +} + +/** + Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_SID_AUTHORITY, + sets OPAL_UID_ADMIN_SP_C_PIN_SID with the new password, + and sets OPAL_LOCKING_SP_C_PIN_ADMIN1 with the new password. + + @param[in] Session, The session info for one opal device. + @param[in] OldPassword Current admin password + @param[in] OldPasswordLength Length of current admin password in bytes + @param[in] NewPassword New admin password to set + @param[in] NewPasswordLength Length of new password in bytes + +**/ +TCG_RESULT +EFIAPI +OpalUtilSetAdminPassword( + OPAL_SESSION *Session, + const VOID *OldPassword, + UINT32 OldPasswordLength, + const VOID *NewPassword, + UINT32 NewPasswordLength + ) +{ + TCG_RESULT Ret; + UINT8 MethodStatus; + + NULL_CHECK(Session); + NULL_CHECK(OldPassword); + NULL_CHECK(NewPassword); + + // + // Unknown ownership + // + Ret = OpalStartSession( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + OldPasswordLength, + OldPassword, + OPAL_ADMIN_SP_SID_AUTHORITY, + &MethodStatus + ); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "start session with admin SP using old Password failed\n")); + goto done; + } + + // + // Update SID = new pw + // + Ret = OpalSetPassword(Session, OPAL_UID_ADMIN_SP_C_PIN_SID, NewPassword, NewPasswordLength, &MethodStatus); + OpalEndSession(Session); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "set new admin SP Password failed\n")); + goto done; + } + + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + OldPasswordLength, + OldPassword, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "start session with locking SP using old Password failed\n")); + goto done; + } + + // + // Update admin locking SP to new pw + // + Ret = OpalSetPassword(Session, OPAL_LOCKING_SP_C_PIN_ADMIN1, NewPassword, NewPasswordLength, &MethodStatus); + OpalEndSession(Session); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "set new locking SP Password failed\n")); + goto done; + } + +done: + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + return Ret; +} + +/** + Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY + and sets the User1 SP authority to enabled and sets the User1 password. + + @param[in] Session, The session info for one opal device. + @param[in] OldPassword Current admin password + @param[in] OldPasswordLength Length of current admin password in bytes + @param[in] NewPassword New admin password to set + @param[in] NewPasswordLength Length of new password in bytes + +**/ +TCG_RESULT +EFIAPI +OpalUtilSetUserPassword( + OPAL_SESSION *Session, + const VOID *OldPassword, + UINT32 OldPasswordLength, + const VOID *NewPassword, + UINT32 NewPasswordLength + ) +{ + UINT8 MethodStatus; + TCG_RESULT Ret; + + NULL_CHECK(Session); + NULL_CHECK(OldPassword); + NULL_CHECK(NewPassword); + + // + // See if updating user1 authority + // + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + OldPasswordLength, + OldPassword, + OPAL_LOCKING_SP_USER1_AUTHORITY, + &MethodStatus + ); + if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalSetPassword( + Session, + OPAL_LOCKING_SP_C_PIN_USER1, + NewPassword, + NewPasswordLength, + &MethodStatus + ); + OpalEndSession(Session); + if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + return Ret; + } + } + + // + // Setting Password for first time or setting Password as admin + // + + // + // Start session with Locking SP using current admin Password + // + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + OldPasswordLength, + OldPassword, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "StartSession with locking SP as admin1 authority failed\n")); + goto done; + } + + // + // Enable User1 and set its PIN + // + Ret = OpalSetLockingSpAuthorityEnabledAndPin( + Session, + OPAL_LOCKING_SP_C_PIN_USER1, + OPAL_LOCKING_SP_USER1_AUTHORITY, + NewPassword, + NewPasswordLength, + &MethodStatus + ); + OpalEndSession(Session); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "OpalSetLockingSpAuthorityEnabledAndPin failed\n")); + goto done; + } + +done: + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + return Ret; +} + +/** + Verify whether user input the correct password. + + @param[in] Session, The session info for one opal device. + @param[in] Password Admin password + @param[in] PasswordLength Length of password in bytes + @param[in/out] HostSigningAuthority Use the Host signing authority type. + +**/ +TCG_RESULT +EFIAPI +OpalUtilVerifyPassword ( + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PasswordLength, + TCG_UID HostSigningAuthority + ) +{ + TCG_RESULT Ret; + UINT8 MethodStatus; + + NULL_CHECK(Session); + NULL_CHECK(Password); + + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + HostSigningAuthority, + &MethodStatus); + if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + OpalEndSession(Session); + return TcgResultSuccess; + } + + return TcgResultFailure; +} + +/** + Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_USER1_AUTHORITY or OPAL_LOCKING_SP_ADMIN1_AUTHORITY + and generates a new global locking range key to erase the Data. + + @param[in] Session, The session info for one opal device. + @param[in] Password Admin or user password + @param[in] PasswordLength Length of password in bytes + @param[in/out] PasswordFailed indicates if password failed (start session didn't work) + +**/ +TCG_RESULT +EFIAPI +OpalUtilSecureErase( + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed + ) +{ + UINT8 MethodStatus; + TCG_RESULT Ret; + + NULL_CHECK(Session); + NULL_CHECK(Password); + NULL_CHECK(PasswordFailed); + + // + // Try to generate a new key with admin1 + // + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + + if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalGlobalLockingRangeGenKey(Session, &MethodStatus); + *PasswordFailed = FALSE; + OpalEndSession(Session); + } else { + // + // Try to generate a new key with user1 + // + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_USER1_AUTHORITY, + &MethodStatus + ); + + if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalGlobalLockingRangeGenKey(Session, &MethodStatus); + *PasswordFailed = FALSE; + OpalEndSession(Session); + } else { + *PasswordFailed = TRUE; + } + } + + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + return Ret; +} + +/** + Starts a session with OPAL_UID_LOCKING_SP as OPAL_LOCKING_SP_ADMIN1_AUTHORITY and disables the User1 authority. + + @param[in] Session, The session info for one opal device. + @param[in] Password Admin password + @param[in] PasswordLength Length of password in bytes + @param[in/out] PasswordFailed indicates if password failed (start session didn't work) + +**/ +TCG_RESULT +EFIAPI +OpalUtilDisableUser( + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed + ) +{ + UINT8 MethodStatus; + TCG_RESULT Ret; + + NULL_CHECK(Session); + NULL_CHECK(Password); + NULL_CHECK(PasswordFailed); + + // + // Start session with Locking SP using current admin Password + // + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "StartSession with Locking SP as Admin1 failed\n")); + *PasswordFailed = TRUE; + goto done; + } + + *PasswordFailed = FALSE; + Ret = OpalDisableUser(Session, &MethodStatus); + OpalEndSession(Session); + +done: + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + return Ret; +} + +/** + Opens a session with OPAL_UID_ADMIN_SP as OPAL_ADMIN_SP_PSID_AUTHORITY, then reverts the device using the RevertSP method. + + @param[in] Session, The session info for one opal device. + @param[in] KeepUserData TRUE to keep existing Data on the disk, or FALSE to erase it + @param[in] Password Admin password + @param[in] PasswordLength Length of password in bytes + @param[in/out] PasswordFailed indicates if password failed (start session didn't work) + @param[in] Msid Msid info. + @param[in] MsidLength Msid data length. + +**/ +TCG_RESULT +EFIAPI +OpalUtilRevert( + OPAL_SESSION *Session, + BOOLEAN KeepUserData, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN *PasswordFailed, + UINT8 *Msid, + UINT32 MsidLength + ) +{ + UINT8 MethodStatus; + TCG_RESULT Ret; + UINT32 RemovalTimeOut; + + NULL_CHECK(Session); + NULL_CHECK(Msid); + NULL_CHECK(Password); + NULL_CHECK(PasswordFailed); + + RemovalTimeOut = GetRevertTimeOut (Session); + DEBUG ((DEBUG_INFO, "OpalUtilRevert: Timeout value = %d\n", RemovalTimeOut)); + + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "error starting session: Ret=%d, MethodStatus=%u\n", Ret, MethodStatus)); + *PasswordFailed = TRUE; + goto done; + } + + *PasswordFailed = FALSE; + // + // Try to revert with admin1 + // + Ret = OpalPyrite2AdminRevert(Session, KeepUserData, &MethodStatus, RemovalTimeOut); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + // + // Device ends the session on successful revert, so only call OpalEndSession when fail. + // + DEBUG ((DEBUG_INFO, "OpalAdminRevert as admin failed\n")); + OpalEndSession(Session); + } + + Ret = OpalUtilSetSIDtoMSID (Session, Password, PasswordLength, Msid, MsidLength); + +done: + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + return Ret; +} + +/** + After revert success, set SID to MSID. + + @param Session, The session info for one opal device. + @param Password, Input password info. + @param PasswordLength, Input password length. + @param Msid Msid info. + @param MsidLength Msid data length. + +**/ +TCG_RESULT +EFIAPI +OpalUtilSetSIDtoMSID ( + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PasswordLength, + UINT8 *Msid, + UINT32 MsidLength + ) +{ + TCG_RESULT Ret; + UINT8 MethodStatus; + + NULL_CHECK(Session); + NULL_CHECK(Msid); + NULL_CHECK(Password); + + // + // Start session with admin sp to update SID to MSID + // + Ret = OpalStartSession( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + PasswordLength, + Password, + OPAL_ADMIN_SP_SID_AUTHORITY, + &MethodStatus + ); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + goto done; + } + + // + // Update SID pin + // + Ret = OpalSetPassword(Session, OPAL_UID_ADMIN_SP_C_PIN_SID, Msid, MsidLength, &MethodStatus); + OpalEndSession(Session); + +done: + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + + return Ret; +} + +/** + Update global locking range. + + @param Session, The session info for one opal device. + @param Password, Input password info. + @param PasswordLength, Input password length. + @param ReadLocked, Read lock info. + @param WriteLocked write lock info. + +**/ +TCG_RESULT +EFIAPI +OpalUtilUpdateGlobalLockingRange( + OPAL_SESSION *Session, + const VOID *Password, + UINT32 PasswordLength, + BOOLEAN ReadLocked, + BOOLEAN WriteLocked + ) +{ + UINT8 MethodStatus; + TCG_RESULT Ret; + + NULL_CHECK(Session); + NULL_CHECK(Password); + + // + // Try to start session with Locking SP as admin1 authority + // + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_ADMIN1_AUTHORITY, + &MethodStatus + ); + if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = OpalUpdateGlobalLockingRange( + Session, + ReadLocked, + WriteLocked, + &MethodStatus + ); + OpalEndSession(Session); + if (Ret == TcgResultSuccess && MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS) { + goto done; + } + } + + if (MethodStatus == TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT) { + DEBUG ((DEBUG_INFO, "unlock as admin failed with AUTHORITY_LOCKED_OUT\n")); + } + + // + // Try user1 authority + // + Ret = OpalStartSession( + Session, + OPAL_UID_LOCKING_SP, + TRUE, + PasswordLength, + Password, + OPAL_LOCKING_SP_USER1_AUTHORITY, + &MethodStatus + ); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "StartSession with Locking SP as User1 failed\n")); + goto done; + } + + Ret = OpalUpdateGlobalLockingRange(Session, ReadLocked, WriteLocked, &MethodStatus); + OpalEndSession(Session); + +done: + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + if (MethodStatus == TCG_METHOD_STATUS_CODE_AUTHORITY_LOCKED_OUT) { + // + // Caller need to know this special error, but return status not has type for it. + // so here use TcgResultFailureInvalidType as an replacement. + // + Ret = TcgResultFailureInvalidType; + } else { + Ret = TcgResultFailure; + } + } + return Ret; +} + +/** + Update global locking range. + + @param Session, The session info for one opal device. + @param Msid, The data buffer to save Msid info. + @param MsidBufferLength, The data buffer length for Msid. + @param MsidLength, The actual data length for Msid. + +**/ +TCG_RESULT +EFIAPI +OpalUtilGetMsid( + OPAL_SESSION *Session, + UINT8 *Msid, + UINT32 MsidBufferLength, + UINT32 *MsidLength + ) +{ + UINT8 MethodStatus; + TCG_RESULT Ret; + + NULL_CHECK(Session); + NULL_CHECK(Msid); + NULL_CHECK(MsidLength); + + Ret = OpalStartSession( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + 0, + NULL, + TCG_UID_NULL, + &MethodStatus + ); + if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { + Ret = OpalGetMsid (Session, MsidBufferLength, Msid, MsidLength); + OpalEndSession (Session); + } + + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + + return Ret; +} + +/** + + The function determines who owns the device by attempting to start a session with different credentials. + If the SID PIN matches the MSID PIN, the no one owns the device. + If the SID PIN matches the ourSidPin, then "Us" owns the device. Otherwise it is unknown. + + + @param[in] Session The session info for one opal device. + @param Msid, The Msid info. + @param MsidLength, The data length for Msid. + +**/ +OPAL_OWNER_SHIP +EFIAPI +OpalUtilDetermineOwnership( + OPAL_SESSION *Session, + UINT8 *Msid, + UINT32 MsidLength + ) +{ + UINT8 MethodStatus; + TCG_RESULT Ret; + OPAL_OWNER_SHIP Owner; + + if ((Session == NULL) || (Msid == NULL)) { + return OpalOwnershipUnknown; + } + + Owner = OpalOwnershipUnknown; + // + // Start Session as SID_UID with ADMIN_SP using MSID PIN + // + Ret = OpalStartSession( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + MsidLength, + Msid, + OPAL_ADMIN_SP_SID_AUTHORITY, + &MethodStatus); + if ((Ret == TcgResultSuccess) && (MethodStatus == TCG_METHOD_STATUS_CODE_SUCCESS)) { + // + // now we know that SID PIN == MSID PIN + // + Owner = OpalOwnershipNobody; + + OpalEndSession(Session); + } + + return Owner; +} + +/** + + The function returns if admin password exists. + + @param[in] OwnerShip The owner ship of the opal device. + @param[in] LockingFeature The locking info of the opal device. + + @retval TRUE Admin password existed. + @retval FALSE Admin password not existed. + +**/ +BOOLEAN +EFIAPI +OpalUtilAdminPasswordExists( + IN UINT16 OwnerShip, + IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature + ) +{ + NULL_CHECK(LockingFeature); + + // if it is Unknown who owns the device + // then someone has set password previously through our UI + // because the SID would no longer match the generated SID (ownership us) + // or someone has set password using 3rd party software + + // + // Locking sp enabled is checked b/c it must be enabled to change the PIN of the Admin1. + // + return (OwnerShip == OpalOwnershipUnknown && LockingFeature->LockingEnabled); +} + +/** + Get Active Data Removal Mechanism Value. + + @param[in] Session The session info for one opal device. + @param[in] GeneratedSid Generated SID of disk + @param[in] SidLength Length of generatedSid in bytes + @param[out] ActiveDataRemovalMechanism Return the active data removal mechanism. + +**/ +TCG_RESULT +EFIAPI +OpalUtilGetActiveDataRemovalMechanism ( + OPAL_SESSION *Session, + const VOID *GeneratedSid, + UINT32 SidLength, + UINT8 *ActiveDataRemovalMechanism + ) +{ + TCG_RESULT Ret; + UINT8 MethodStatus; + + NULL_CHECK(Session); + NULL_CHECK(GeneratedSid); + NULL_CHECK(ActiveDataRemovalMechanism); + + Ret = OpalStartSession( + Session, + OPAL_UID_ADMIN_SP, + TRUE, + SidLength, + GeneratedSid, + OPAL_ADMIN_SP_ANYBODY_AUTHORITY, + &MethodStatus + ); + if (Ret != TcgResultSuccess || MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + DEBUG ((DEBUG_INFO, "Start session with admin SP as SID authority failed: Ret=%d MethodStatus=%u\n", Ret, MethodStatus)); + if (MethodStatus != TCG_METHOD_STATUS_CODE_SUCCESS) { + Ret = TcgResultFailure; + } + return Ret; + } + + Ret = OpalPyrite2GetActiveDataRemovalMechanism ( + Session, + ActiveDataRemovalMechanism + ); + + if (Ret != TcgResultSuccess) { + DEBUG ((DEBUG_INFO, "Pyrite2 Get Active Data Removal Mechanism failed: Ret=%d\n", Ret)); + } + + OpalEndSession(Session); + + return Ret; +} + +/** + Calculate the estimated time. + + @param[in] IsMinute Whether the input time value is minute type or second type. + @param[in] Time The input time value. + +**/ +UINT32 +CalculateDataRemovalTime ( + IN BOOLEAN IsMinute, + IN UINT16 Time + ) +{ + if (IsMinute) { + return Time * 2 * 60; + } else { + return Time * 2; + } +} + +/** + Return the estimated time for specific type. + + @param[in] Index The input data removal type. + @param[in] Descriptor DATA_REMOVAL_FEATURE_DESCRIPTOR + +**/ +UINT32 +GetDataRemovalTime ( + IN UINT8 Index, + IN DATA_REMOVAL_FEATURE_DESCRIPTOR *Descriptor + ) +{ + switch (Index) { + case OverwriteDataErase: + return CalculateDataRemovalTime (Descriptor->FormatBit0, SwapBytes16 (Descriptor->TimeBit0)); + + case BlockErase: + return CalculateDataRemovalTime (Descriptor->FormatBit1, SwapBytes16 (Descriptor->TimeBit1)); + + case CryptoErase: + return CalculateDataRemovalTime (Descriptor->FormatBit2, SwapBytes16 (Descriptor->TimeBit2)); + + case Unmap: + return CalculateDataRemovalTime (Descriptor->FormatBit3, SwapBytes16 (Descriptor->TimeBit3)); + + case ResetWritePointers: + return CalculateDataRemovalTime (Descriptor->FormatBit4, SwapBytes16 (Descriptor->TimeBit4)); + + case VendorSpecificErase: + return CalculateDataRemovalTime (Descriptor->FormatBit5, SwapBytes16 (Descriptor->TimeBit5)); + + default: + return 0; + } +} + +/** + Get the supported Data Removal Mechanism list. + + @param[in] Session The session info for one opal device. + @param[out] RemovalMechanismLists Return the supported data removal mechanism lists. + +**/ +TCG_RESULT +EFIAPI +OpalUtilGetDataRemovalMechanismLists ( + IN OPAL_SESSION *Session, + OUT UINT32 *RemovalMechanismLists + ) +{ + TCG_RESULT Ret; + UINTN DataSize; + DATA_REMOVAL_FEATURE_DESCRIPTOR Descriptor; + UINT8 Index; + UINT8 BitValue; + + NULL_CHECK(Session); + NULL_CHECK(RemovalMechanismLists); + + DataSize = sizeof (Descriptor); + Ret = OpalGetFeatureDescriptor (Session, TCG_FEATURE_DATA_REMOVAL, &DataSize, &Descriptor); + if (Ret != TcgResultSuccess) { + return TcgResultFailure; + } + + ASSERT (Descriptor.RemovalMechanism != 0); + + for (Index = 0; Index < ResearvedMechanism; Index ++) { + BitValue = (BOOLEAN) BitFieldRead8 (Descriptor.RemovalMechanism, Index, Index); + + if (BitValue == 0) { + RemovalMechanismLists[Index] = 0; + } else { + RemovalMechanismLists[Index] = GetDataRemovalTime (Index, &Descriptor); + } + } + + return TcgResultSuccess; +} + +/** + Get revert timeout value. + + @param[in] Session The session info for one opal device. + +**/ +UINT32 +GetRevertTimeOut ( + IN OPAL_SESSION *Session + ) +{ + TCG_RESULT TcgResult; + OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes; + UINT16 BaseComId; + UINT32 MsidLength; + UINT8 Msid[OPAL_MSID_LENGTH]; + UINT32 RemovalMechanishLists[ResearvedMechanism]; + UINT8 ActiveDataRemovalMechanism; + + TcgResult = OpalGetSupportedAttributesInfo (Session, &SupportedAttributes, &BaseComId); + if (TcgResult != TcgResultSuccess || SupportedAttributes.DataRemoval == 0) { + return 0; + } + + TcgResult = OpalUtilGetMsid (Session, Msid, OPAL_MSID_LENGTH, &MsidLength); + if (TcgResult != TcgResultSuccess) { + return 0; + } + + TcgResult = OpalUtilGetDataRemovalMechanismLists (Session, RemovalMechanishLists); + if (TcgResult != TcgResultSuccess) { + return 0; + } + + TcgResult = OpalUtilGetActiveDataRemovalMechanism (Session, Msid, MsidLength, &ActiveDataRemovalMechanism); + if (TcgResult != TcgResultSuccess) { + return 0; + } + + return RemovalMechanishLists[ActiveDataRemovalMechanism]; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf new file mode 100644 index 00000000..09678c15 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf @@ -0,0 +1,45 @@ +## @file +# Provides some TPM 1.2 commands +# +# This library is used by other modules to send TPM 1.2 command. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm12CommandLib + MODULE_UNI_FILE = Tpm12CommandLib.uni + FILE_GUID = C595047C-70B3-4731-99CC-A014E956D7A7 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm12CommandLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm12Startup.c + Tpm12Ownership.c + Tpm12NvStorage.c + Tpm12GetCapability.c + Tpm12Pcr.c + Tpm12PhysicalPresence.c + Tpm12SelfTest.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + IoLib + TimerLib + DebugLib + Tpm12DeviceLib diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.uni new file mode 100644 index 00000000..3f02db62 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.uni @@ -0,0 +1,16 @@ +// /** @file
+// Provides some TPM 1.2 commands
+//
+// This library is used by other modules to send TPM 1.2 command.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides some TPM 1.2 command functions"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library is used by other modules to send TPM 1.2 command."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c new file mode 100644 index 00000000..69203654 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12GetCapability.c @@ -0,0 +1,131 @@ +/** @file + Implement TPM1.2 Get Capabilities related commands. + +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/Tpm12CommandLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tpm12DeviceLib.h> + +#pragma pack(1) + +typedef struct { + TPM_RQU_COMMAND_HDR Hdr; + UINT32 Capability; + UINT32 CapabilityFlagSize; + UINT32 CapabilityFlag; +} TPM_CMD_GET_CAPABILITY; + +typedef struct { + TPM_RSP_COMMAND_HDR Hdr; + UINT32 ResponseSize; + TPM_PERMANENT_FLAGS Flags; +} TPM_RSP_GET_CAPABILITY_PERMANENT_FLAGS; + +typedef struct { + TPM_RSP_COMMAND_HDR Hdr; + UINT32 ResponseSize; + TPM_STCLEAR_FLAGS Flags; +} TPM_RSP_GET_CAPABILITY_STCLEAR_FLAGS; + +#pragma pack() + +/** +Get TPM capability permanent flags. + +@param[out] TpmPermanentFlags Pointer to the buffer for returned flag structure. + +@retval EFI_SUCCESS Operation completed successfully. +@retval EFI_TIMEOUT The register can't run into the expected status in time. +@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. +@retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +Tpm12GetCapabilityFlagPermanent ( + OUT TPM_PERMANENT_FLAGS *TpmPermanentFlags + ) +{ + EFI_STATUS Status; + TPM_CMD_GET_CAPABILITY Command; + TPM_RSP_GET_CAPABILITY_PERMANENT_FLAGS Response; + UINT32 Length; + + // + // send Tpm command TPM_ORD_GetCapability + // + Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); + Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_GetCapability); + Command.Capability = SwapBytes32 (TPM_CAP_FLAG); + Command.CapabilityFlagSize = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)); + Command.CapabilityFlag = SwapBytes32 (TPM_CAP_FLAG_PERMANENT); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + + if (SwapBytes32 (Response.Hdr.returnCode) != TPM_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm12GetCapabilityFlagPermanent: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.Hdr.returnCode))); + return EFI_DEVICE_ERROR; + } + + ZeroMem (TpmPermanentFlags, sizeof (*TpmPermanentFlags)); + CopyMem (TpmPermanentFlags, &Response.Flags, MIN (sizeof (*TpmPermanentFlags), SwapBytes32(Response.ResponseSize))); + + return Status; +} + +/** +Get TPM capability volatile flags. + +@param[out] VolatileFlags Pointer to the buffer for returned flag structure. + +@retval EFI_SUCCESS Operation completed successfully. +@retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +Tpm12GetCapabilityFlagVolatile ( + OUT TPM_STCLEAR_FLAGS *VolatileFlags + ) +{ + EFI_STATUS Status; + TPM_CMD_GET_CAPABILITY Command; + TPM_RSP_GET_CAPABILITY_STCLEAR_FLAGS Response; + UINT32 Length; + + // + // send Tpm command TPM_ORD_GetCapability + // + Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); + Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_GetCapability); + Command.Capability = SwapBytes32 (TPM_CAP_FLAG); + Command.CapabilityFlagSize = SwapBytes32 (sizeof (TPM_CAP_FLAG_VOLATILE)); + Command.CapabilityFlag = SwapBytes32 (TPM_CAP_FLAG_VOLATILE); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + + if (SwapBytes32 (Response.Hdr.returnCode) != TPM_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm12GetCapabilityFlagVolatile: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.Hdr.returnCode))); + return EFI_DEVICE_ERROR; + } + + ZeroMem (VolatileFlags, sizeof (*VolatileFlags)); + CopyMem (VolatileFlags, &Response.Flags, MIN (sizeof (*VolatileFlags), SwapBytes32(Response.ResponseSize))); + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c new file mode 100644 index 00000000..5a4ebefd --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12NvStorage.c @@ -0,0 +1,228 @@ +/** @file + Implement TPM1.2 NV storage related command. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved. <BR> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/Tpm12CommandLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tpm12DeviceLib.h> + +// +// Max TPM NV value length +// +#define TPMNVVALUELENGTH 1024 + +#pragma pack(1) + +typedef struct { + TPM_RQU_COMMAND_HDR Hdr; + TPM12_NV_DATA_PUBLIC PubInfo; + TPM_ENCAUTH EncAuth; +} TPM_CMD_NV_DEFINE_SPACE; + +typedef struct { + TPM_RQU_COMMAND_HDR Hdr; + TPM_NV_INDEX NvIndex; + UINT32 Offset; + UINT32 DataSize; +} TPM_CMD_NV_READ_VALUE; + +typedef struct { + TPM_RSP_COMMAND_HDR Hdr; + UINT32 DataSize; + UINT8 Data[TPMNVVALUELENGTH]; +} TPM_RSP_NV_READ_VALUE; + +typedef struct { + TPM_RQU_COMMAND_HDR Hdr; + TPM_NV_INDEX NvIndex; + UINT32 Offset; + UINT32 DataSize; + UINT8 Data[TPMNVVALUELENGTH]; +} TPM_CMD_NV_WRITE_VALUE; + +#pragma pack() + +/** + Send NV DefineSpace command to TPM1.2. + + @param PubInfo The public parameters of the NV area. + @param EncAuth The encrypted AuthData, only valid if the attributes require subsequent authorization. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12NvDefineSpace ( + IN TPM12_NV_DATA_PUBLIC *PubInfo, + IN TPM_ENCAUTH *EncAuth + ) +{ + EFI_STATUS Status; + TPM_CMD_NV_DEFINE_SPACE Command; + TPM_RSP_COMMAND_HDR Response; + UINT32 Length; + + // + // send Tpm command TPM_ORD_NV_DefineSpace + // + Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); + Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_DefineSpace); + Command.PubInfo.tag = SwapBytes16 (PubInfo->tag); + Command.PubInfo.nvIndex = SwapBytes32 (PubInfo->nvIndex); + Command.PubInfo.pcrInfoRead.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoRead.pcrSelection.sizeOfSelect); + Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[0]; + Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[1]; + Command.PubInfo.pcrInfoRead.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoRead.pcrSelection.pcrSelect[2]; + Command.PubInfo.pcrInfoRead.localityAtRelease = PubInfo->pcrInfoRead.localityAtRelease; + CopyMem (&Command.PubInfo.pcrInfoRead.digestAtRelease, &PubInfo->pcrInfoRead.digestAtRelease, sizeof(PubInfo->pcrInfoRead.digestAtRelease)); + Command.PubInfo.pcrInfoWrite.pcrSelection.sizeOfSelect = SwapBytes16 (PubInfo->pcrInfoWrite.pcrSelection.sizeOfSelect); + Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[0] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[0]; + Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[1] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[1]; + Command.PubInfo.pcrInfoWrite.pcrSelection.pcrSelect[2] = PubInfo->pcrInfoWrite.pcrSelection.pcrSelect[2]; + Command.PubInfo.pcrInfoWrite.localityAtRelease = PubInfo->pcrInfoWrite.localityAtRelease; + CopyMem (&Command.PubInfo.pcrInfoWrite.digestAtRelease, &PubInfo->pcrInfoWrite.digestAtRelease, sizeof(PubInfo->pcrInfoWrite.digestAtRelease)); + Command.PubInfo.permission.tag = SwapBytes16 (PubInfo->permission.tag); + Command.PubInfo.permission.attributes = SwapBytes32 (PubInfo->permission.attributes); + Command.PubInfo.bReadSTClear = PubInfo->bReadSTClear; + Command.PubInfo.bWriteSTClear = PubInfo->bWriteSTClear; + Command.PubInfo.bWriteDefine = PubInfo->bWriteDefine; + Command.PubInfo.dataSize = SwapBytes32 (PubInfo->dataSize); + CopyMem (&Command.EncAuth, EncAuth, sizeof(*EncAuth)); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + DEBUG ((DEBUG_INFO, "Tpm12NvDefineSpace - ReturnCode = %x\n", SwapBytes32 (Response.returnCode))); + switch (SwapBytes32 (Response.returnCode)) { + case TPM_SUCCESS: + return EFI_SUCCESS; + default: + return EFI_DEVICE_ERROR; + } +} + +/** + Send NV ReadValue command to TPM1.2. + + @param NvIndex The index of the area to set. + @param Offset The offset into the area. + @param DataSize The size of the data area. + @param Data The data to set the area to. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12NvReadValue ( + IN TPM_NV_INDEX NvIndex, + IN UINT32 Offset, + IN OUT UINT32 *DataSize, + OUT UINT8 *Data + ) +{ + EFI_STATUS Status; + TPM_CMD_NV_READ_VALUE Command; + TPM_RSP_NV_READ_VALUE Response; + UINT32 Length; + + // + // send Tpm command TPM_ORD_NV_ReadValue + // + Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); + Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_ReadValue); + Command.NvIndex = SwapBytes32 (NvIndex); + Command.Offset = SwapBytes32 (Offset); + Command.DataSize = SwapBytes32 (*DataSize); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + DEBUG ((DEBUG_INFO, "Tpm12NvReadValue - ReturnCode = %x\n", SwapBytes32 (Response.Hdr.returnCode))); + switch (SwapBytes32 (Response.Hdr.returnCode)) { + case TPM_SUCCESS: + break; + default: + return EFI_DEVICE_ERROR; + } + + // + // Return the response + // + if (SwapBytes32 (Response.DataSize) > *DataSize) { + return EFI_BUFFER_TOO_SMALL; + } + *DataSize = SwapBytes32 (Response.DataSize); + ZeroMem (Data, *DataSize); + CopyMem (Data, &Response.Data, *DataSize); + + return EFI_SUCCESS; +} + +/** + Send NV WriteValue command to TPM1.2. + + @param NvIndex The index of the area to set. + @param Offset The offset into the NV Area. + @param DataSize The size of the data parameter. + @param Data The data to set the area to. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12NvWriteValue ( + IN TPM_NV_INDEX NvIndex, + IN UINT32 Offset, + IN UINT32 DataSize, + IN UINT8 *Data + ) +{ + EFI_STATUS Status; + TPM_CMD_NV_WRITE_VALUE Command; + UINT32 CommandLength; + TPM_RSP_COMMAND_HDR Response; + UINT32 ResponseLength; + + if (DataSize > sizeof (Command.Data)) { + return EFI_UNSUPPORTED; + } + + // + // send Tpm command TPM_ORD_NV_WriteValue + // + Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + CommandLength = sizeof (Command) - sizeof(Command.Data) + DataSize; + Command.Hdr.paramSize = SwapBytes32 (CommandLength); + Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_NV_WriteValue); + Command.NvIndex = SwapBytes32 (NvIndex); + Command.Offset = SwapBytes32 (Offset); + Command.DataSize = SwapBytes32 (DataSize); + CopyMem (Command.Data, Data, DataSize); + ResponseLength = sizeof (Response); + Status = Tpm12SubmitCommand (CommandLength, (UINT8 *)&Command, &ResponseLength, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + DEBUG ((DEBUG_INFO, "Tpm12NvWriteValue - ReturnCode = %x\n", SwapBytes32 (Response.returnCode))); + switch (SwapBytes32 (Response.returnCode)) { + case TPM_SUCCESS: + return EFI_SUCCESS; + default: + return EFI_DEVICE_ERROR; + } +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c new file mode 100644 index 00000000..9959a9c0 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12Ownership.c @@ -0,0 +1,49 @@ +/** @file + Implement TPM1.2 Ownership related command. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/Tpm12DeviceLib.h> + +/** + Send ForceClear command to TPM1.2. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12ForceClear ( + VOID + ) +{ + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR Command; + TPM_RSP_COMMAND_HDR Response; + UINT32 Length; + + // + // send Tpm command TPM_ORD_ForceClear + // + Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.paramSize = SwapBytes32 (sizeof (Command)); + Command.ordinal = SwapBytes32 (TPM_ORD_ForceClear); + Length = sizeof (Response); + + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + switch (SwapBytes32 (Response.returnCode)) { + case TPM_SUCCESS: + return EFI_SUCCESS; + default: + return EFI_DEVICE_ERROR; + } +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12Pcr.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12Pcr.c new file mode 100644 index 00000000..3b52a347 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12Pcr.c @@ -0,0 +1,81 @@ +/** @file + Implement TPM1.2 PCR related commands. + +Copyright (c) 2016, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/Tpm12CommandLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/Tpm12DeviceLib.h> + +#pragma pack(1) + +typedef struct { + TPM_RQU_COMMAND_HDR Hdr; + TPM_PCRINDEX PcrIndex; + TPM_DIGEST TpmDigest; +} TPM_CMD_EXTEND; + +typedef struct { + TPM_RSP_COMMAND_HDR Hdr; + TPM_DIGEST TpmDigest; +} TPM_RSP_EXTEND; + +#pragma pack() + +/** +Extend a TPM PCR. + +@param[in] DigestToExtend The 160 bit value representing the event to be recorded. +@param[in] PcrIndex The PCR to be updated. +@param[out] NewPcrValue New PCR value after extend. + +@retval EFI_SUCCESS Operation completed successfully. +@retval EFI_TIMEOUT The register can't run into the expected status in time. +@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. +@retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +Tpm12Extend ( + IN TPM_DIGEST *DigestToExtend, + IN TPM_PCRINDEX PcrIndex, + OUT TPM_DIGEST *NewPcrValue + ) +{ + EFI_STATUS Status; + TPM_CMD_EXTEND Command; + TPM_RSP_EXTEND Response; + UINT32 Length; + + // + // send Tpm command TPM_ORD_Extend + // + Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); + Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_Extend); + Command.PcrIndex = SwapBytes32 (PcrIndex); + CopyMem (&Command.TpmDigest, DigestToExtend, sizeof (Command.TpmDigest)); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + + if (SwapBytes32(Response.Hdr.returnCode) != TPM_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm12Extend: Response Code error! 0x%08x\r\n", SwapBytes32(Response.Hdr.returnCode))); + return EFI_DEVICE_ERROR; + } + + if (NewPcrValue != NULL) { + CopyMem (NewPcrValue, &Response.TpmDigest, sizeof (*NewPcrValue)); + } + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12PhysicalPresence.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12PhysicalPresence.c new file mode 100644 index 00000000..25942dea --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12PhysicalPresence.c @@ -0,0 +1,66 @@ +/** @file + Implement TPM1.2 Physical Presence related command. + +Copyright (c) 2016, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/Tpm12CommandLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/Tpm12DeviceLib.h> + +#pragma pack(1) + +typedef struct { + TPM_RQU_COMMAND_HDR Hdr; + TPM_PHYSICAL_PRESENCE PhysicalPresence; +} TPM_CMD_PHYSICAL_PRESENCE; + +#pragma pack() + +/** +Send TSC_PhysicalPresence command to TPM. + +@param[in] PhysicalPresence The state to set the TPMs Physical Presence flags. + +@retval EFI_SUCCESS Operation completed successfully. +@retval EFI_TIMEOUT The register can't run into the expected status in time. +@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. +@retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +Tpm12PhysicalPresence ( + IN TPM_PHYSICAL_PRESENCE PhysicalPresence + ) +{ + EFI_STATUS Status; + TPM_CMD_PHYSICAL_PRESENCE Command; + TPM_RSP_COMMAND_HDR Response; + UINT32 Length; + + // + // send Tpm command TSC_ORD_PhysicalPresence + // + Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); + Command.Hdr.ordinal = SwapBytes32 (TSC_ORD_PhysicalPresence); + Command.PhysicalPresence = SwapBytes16 (PhysicalPresence); + Length = sizeof (Response); + + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + + if (SwapBytes32(Response.returnCode) != TPM_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm12PhysicalPresence: Response Code error! 0x%08x\r\n", SwapBytes32(Response.returnCode))); + return EFI_DEVICE_ERROR; + } + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12SelfTest.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12SelfTest.c new file mode 100644 index 00000000..b1c80b6a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12SelfTest.c @@ -0,0 +1,54 @@ +/** @file + Implement TPM1.2 NV Self Test related commands. + +Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved. <BR> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/Tpm12CommandLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/Tpm12DeviceLib.h> + +/** +Send TPM_ContinueSelfTest command to TPM. + +@retval EFI_SUCCESS Operation completed successfully. +@retval EFI_TIMEOUT The register can't run into the expected status in time. +@retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. +@retval EFI_DEVICE_ERROR Unexpected device behavior. + +**/ +EFI_STATUS +EFIAPI +Tpm12ContinueSelfTest ( + VOID + ) +{ + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR Command; + TPM_RSP_COMMAND_HDR Response; + UINT32 Length; + + // + // send Tpm command TPM_ORD_ContinueSelfTest + // + Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.paramSize = SwapBytes32 (sizeof (Command)); + Command.ordinal = SwapBytes32 (TPM_ORD_ContinueSelfTest); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + + if (SwapBytes32 (Response.returnCode) != TPM_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm12ContinueSelfTest: Response Code error! 0x%08x\r\n", SwapBytes32 (Response.returnCode))); + return EFI_DEVICE_ERROR; + } + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c new file mode 100644 index 00000000..4cf8a028 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12CommandLib/Tpm12Startup.c @@ -0,0 +1,103 @@ +/** @file + Implement TPM1.2 Startup related command. + +Copyright (c) 2013, Intel Corporation. All rights reserved. <BR> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/Tpm12DeviceLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM_RQU_COMMAND_HDR Hdr; + TPM_STARTUP_TYPE TpmSt; +} TPM_CMD_START_UP; + +#pragma pack() + +/** + Send Startup command to TPM1.2. + + @param TpmSt Startup Type. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12Startup ( + IN TPM_STARTUP_TYPE TpmSt + ) +{ + EFI_STATUS Status; + TPM_CMD_START_UP Command; + TPM_RSP_COMMAND_HDR Response; + UINT32 Length; + + // + // send Tpm command TPM_ORD_Startup + // + Command.Hdr.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.Hdr.paramSize = SwapBytes32 (sizeof (Command)); + Command.Hdr.ordinal = SwapBytes32 (TPM_ORD_Startup); + Command.TpmSt = SwapBytes16 (TpmSt); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + switch (SwapBytes32(Response.returnCode)) { + case TPM_SUCCESS: + DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_SUCCESS\n")); + return EFI_SUCCESS; + case TPM_INVALID_POSTINIT: + // In warm reset, TPM may response TPM_INVALID_POSTINIT + DEBUG ((DEBUG_INFO, "TPM12Startup: TPM_INVALID_POSTINIT\n")); + return EFI_SUCCESS; + default: + return EFI_DEVICE_ERROR; + } +} + +/** + Send SaveState command to TPM1.2. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12SaveState ( + VOID + ) +{ + EFI_STATUS Status; + TPM_RQU_COMMAND_HDR Command; + TPM_RSP_COMMAND_HDR Response; + UINT32 Length; + + // + // send Tpm command TPM_ORD_SaveState + // + Command.tag = SwapBytes16 (TPM_TAG_RQU_COMMAND); + Command.paramSize = SwapBytes32 (sizeof (Command)); + Command.ordinal = SwapBytes32 (TPM_ORD_SaveState); + Length = sizeof (Response); + Status = Tpm12SubmitCommand (sizeof (Command), (UINT8 *)&Command, &Length, (UINT8 *)&Response); + if (EFI_ERROR (Status)) { + return Status; + } + switch (SwapBytes32 (Response.returnCode)) { + case TPM_SUCCESS: + return EFI_SUCCESS; + default: + return EFI_DEVICE_ERROR; + } +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf new file mode 100644 index 00000000..5eee5340 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf @@ -0,0 +1,43 @@ +## @file +# Provides TPM 1.2 TIS functions +# +# This library implements TIS (TPM Interface Specification) functions which is +# used for every TPM 1.2 command. Choosing this library means platform uses and +# only uses TPM 1.2 device. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm12DeviceLibDTpm + MODULE_UNI_FILE = Tpm12DeviceLibDTpm.uni + FILE_GUID = BC2B7672-A48B-4d58-B39E-AEE3707B5A23 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm12DeviceLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm12Tis.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + IoLib + TimerLib + DebugLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.uni new file mode 100644 index 00000000..4594f60b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.uni @@ -0,0 +1,18 @@ +// /** @file
+// Provides TPM 1.2 TIS functions
+//
+// This library implements TIS (TPM Interface Specification) functions which is
+// used for every TPM 1.2 command. Choosing this library means platform uses and
+// only uses TPM 1.2 device.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides TPM 1.2 TIS functions"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library implements TIS (TPM Interface Specification) functions which is used for every TPM 1.2 command. Choosing this library means platform uses and only uses TPM 1.2 device."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c new file mode 100644 index 00000000..5cab57e5 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12Tis.c @@ -0,0 +1,544 @@ +/** @file + TIS (TPM Interface Specification) functions used by TPM1.2. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Uefi.h> +#include <IndustryStandard/Tpm12.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/IoLib.h> +#include <Library/TimerLib.h> +#include <Library/DebugLib.h> +#include <Library/Tpm12CommandLib.h> +#include <Library/PcdLib.h> + +#include <IndustryStandard/TpmPtp.h> +#include <IndustryStandard/TpmTis.h> + +typedef enum { + PtpInterfaceTis, + PtpInterfaceFifo, + PtpInterfaceCrb, + PtpInterfaceMax, +} PTP_INTERFACE_TYPE; + +// +// Max TPM command/response length +// +#define TPMCMDBUFLENGTH 1024 + +/** + Check whether TPM chip exist. + + @param[in] TisReg Pointer to TIS register. + + @retval TRUE TPM chip exists. + @retval FALSE TPM chip is not found. +**/ +BOOLEAN +Tpm12TisPcPresenceCheck ( + IN TIS_PC_REGISTERS_PTR TisReg + ) +{ + UINT8 RegRead; + + RegRead = MmioRead8 ((UINTN)&TisReg->Access); + return (BOOLEAN)(RegRead != (UINT8)-1); +} + +/** + Return PTP interface type. + + @param[in] Register Pointer to PTP register. + + @return PTP interface type. +**/ +PTP_INTERFACE_TYPE +Tpm12GetPtpInterface ( + IN VOID *Register + ) +{ + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability; + + if (!Tpm12TisPcPresenceCheck (Register)) { + return PtpInterfaceMax; + } + // + // Check interface id + // + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->InterfaceCapability); + + if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) && + (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) && + (InterfaceId.Bits.CapCRB != 0)) { + return PtpInterfaceCrb; + } + if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) && + (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) && + (InterfaceId.Bits.CapFIFO != 0) && + (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) { + return PtpInterfaceFifo; + } + return PtpInterfaceTis; +} + +/** + Check whether the value of a TPM chip register satisfies the input BIT setting. + + @param[in] Register Address port of register to be checked. + @param[in] BitSet Check these data bits are set. + @param[in] BitClear Check these data bits are clear. + @param[in] TimeOut The max wait time (unit MicroSecond) when checking register. + + @retval EFI_SUCCESS The register satisfies the check bit. + @retval EFI_TIMEOUT The register can't run into the expected status in time. +**/ +EFI_STATUS +Tpm12TisPcWaitRegisterBits ( + IN UINT8 *Register, + IN UINT8 BitSet, + IN UINT8 BitClear, + IN UINT32 TimeOut + ) +{ + UINT8 RegRead; + UINT32 WaitTime; + + for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ + RegRead = MmioRead8 ((UINTN)Register); + if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) + return EFI_SUCCESS; + MicroSecondDelay (30); + } + return EFI_TIMEOUT; +} + +/** + Get BurstCount by reading the burstCount field of a TIS register + in the time of default TIS_TIMEOUT_D. + + @param[in] TisReg Pointer to TIS register. + @param[out] BurstCount Pointer to a buffer to store the got BurstCount. + + @retval EFI_SUCCESS Get BurstCount. + @retval EFI_INVALID_PARAMETER TisReg is NULL or BurstCount is NULL. + @retval EFI_TIMEOUT BurstCount can't be got in time. +**/ +EFI_STATUS +Tpm12TisPcReadBurstCount ( + IN TIS_PC_REGISTERS_PTR TisReg, + OUT UINT16 *BurstCount + ) +{ + UINT32 WaitTime; + UINT8 DataByte0; + UINT8 DataByte1; + + if (BurstCount == NULL || TisReg == NULL) { + return EFI_INVALID_PARAMETER; + } + + WaitTime = 0; + do { + // + // TIS_PC_REGISTERS_PTR->burstCount is UINT16, but it is not 2bytes aligned, + // so it needs to use MmioRead8 to read two times + // + DataByte0 = MmioRead8 ((UINTN)&TisReg->BurstCount); + DataByte1 = MmioRead8 ((UINTN)&TisReg->BurstCount + 1); + *BurstCount = (UINT16)((DataByte1 << 8) + DataByte0); + if (*BurstCount != 0) { + return EFI_SUCCESS; + } + MicroSecondDelay (30); + WaitTime += 30; + } while (WaitTime < TIS_TIMEOUT_D); + + return EFI_TIMEOUT; +} + +/** + Set TPM chip to ready state by sending ready command TIS_PC_STS_READY + to Status Register in time. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS TPM chip enters into ready state. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_TIMEOUT TPM chip can't be set to ready state in time. +**/ +EFI_STATUS +Tpm12TisPcPrepareCommand ( + IN TIS_PC_REGISTERS_PTR TisReg + ) +{ + EFI_STATUS Status; + + if (TisReg == NULL) { + return EFI_INVALID_PARAMETER; + } + + MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); + Status = Tpm12TisPcWaitRegisterBits ( + &TisReg->Status, + TIS_PC_STS_READY, + 0, + TIS_TIMEOUT_B + ); + return Status; +} + +/** + Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE + to ACCESS Register in the time of default TIS_TIMEOUT_A. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS Get the control of TPM chip. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_NOT_FOUND TPM chip doesn't exit. + @retval EFI_TIMEOUT Can't get the TPM control in time. +**/ +EFI_STATUS +Tpm12TisPcRequestUseTpm ( + IN TIS_PC_REGISTERS_PTR TisReg + ) +{ + EFI_STATUS Status; + + if (TisReg == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (!Tpm12TisPcPresenceCheck (TisReg)) { + return EFI_NOT_FOUND; + } + + MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); + Status = Tpm12TisPcWaitRegisterBits ( + &TisReg->Access, + (UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID), + 0, + TIS_TIMEOUT_A + ); + return Status; +} + +/** + Send a command to TPM for execution and return response data. + + @param[in] TisReg TPM register space base address. + @param[in] BufferIn Buffer for command data. + @param[in] SizeIn Size of command data. + @param[in, out] BufferOut Buffer for response data. + @param[in, out] SizeOut Size of response data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. + @retval EFI_DEVICE_ERROR Unexpected device behavior. + @retval EFI_UNSUPPORTED Unsupported TPM version + +**/ +EFI_STATUS +Tpm12TisTpmCommand ( + IN TIS_PC_REGISTERS_PTR TisReg, + IN UINT8 *BufferIn, + IN UINT32 SizeIn, + IN OUT UINT8 *BufferOut, + IN OUT UINT32 *SizeOut + ) +{ + EFI_STATUS Status; + UINT16 BurstCount; + UINT32 Index; + UINT32 TpmOutSize; + UINT16 Data16; + UINT32 Data32; + UINT16 RspTag; + + DEBUG_CODE ( + UINTN DebugSize; + + DEBUG ((EFI_D_VERBOSE, "Tpm12TisTpmCommand Send - ")); + if (SizeIn > 0x100) { + DebugSize = 0x40; + } else { + DebugSize = SizeIn; + } + for (Index = 0; Index < DebugSize; Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferIn[Index])); + } + if (DebugSize != SizeIn) { + DEBUG ((EFI_D_VERBOSE, "...... ")); + for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferIn[Index])); + } + } + DEBUG ((EFI_D_VERBOSE, "\n")); + ); + TpmOutSize = 0; + + Status = Tpm12TisPcPrepareCommand (TisReg); + if (EFI_ERROR (Status)){ + DEBUG ((DEBUG_ERROR, "Tpm12 is not ready for command!\n")); + return EFI_DEVICE_ERROR; + } + // + // Send the command data to Tpm + // + Index = 0; + while (Index < SizeIn) { + Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount); + if (EFI_ERROR (Status)) { + Status = EFI_DEVICE_ERROR; + goto Exit; + } + for (; BurstCount > 0 && Index < SizeIn; BurstCount--) { + MmioWrite8((UINTN)&TisReg->DataFifo, *(BufferIn + Index)); + Index++; + } + } + // + // Check the Tpm status STS_EXPECT change from 1 to 0 + // + Status = Tpm12TisPcWaitRegisterBits ( + &TisReg->Status, + (UINT8) TIS_PC_VALID, + TIS_PC_STS_EXPECT, + TIS_TIMEOUT_C + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tpm12 The send buffer too small!\n")); + Status = EFI_BUFFER_TOO_SMALL; + goto Exit; + } + // + // Executed the TPM command and waiting for the response data ready + // + MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_GO); + Status = Tpm12TisPcWaitRegisterBits ( + &TisReg->Status, + (UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA), + 0, + TIS_TIMEOUT_B + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Wait for Tpm12 response data time out!!\n")); + Status = EFI_DEVICE_ERROR; + goto Exit; + } + // + // Get response data header + // + Index = 0; + BurstCount = 0; + while (Index < sizeof (TPM_RSP_COMMAND_HDR)) { + Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount); + if (EFI_ERROR (Status)) { + Status = EFI_DEVICE_ERROR; + goto Exit; + } + for (; BurstCount > 0; BurstCount--) { + *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); + Index++; + if (Index == sizeof (TPM_RSP_COMMAND_HDR)) break; + } + } + DEBUG_CODE ( + DEBUG ((EFI_D_VERBOSE, "Tpm12TisTpmCommand ReceiveHeader - ")); + for (Index = 0; Index < sizeof (TPM_RSP_COMMAND_HDR); Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferOut[Index])); + } + DEBUG ((EFI_D_VERBOSE, "\n")); + ); + // + // Check the response data header (tag, parasize and returncode) + // + CopyMem (&Data16, BufferOut, sizeof (UINT16)); + RspTag = SwapBytes16 (Data16); + if (RspTag != TPM_TAG_RSP_COMMAND && RspTag != TPM_TAG_RSP_AUTH1_COMMAND && RspTag != TPM_TAG_RSP_AUTH2_COMMAND) { + DEBUG ((EFI_D_ERROR, "TPM12: Response tag error - current tag value is %x\n", RspTag)); + Status = EFI_UNSUPPORTED; + goto Exit; + } + + CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32)); + TpmOutSize = SwapBytes32 (Data32); + if (*SizeOut < TpmOutSize) { + Status = EFI_BUFFER_TOO_SMALL; + goto Exit; + } + *SizeOut = TpmOutSize; + // + // Continue reading the remaining data + // + while ( Index < TpmOutSize ) { + for (; BurstCount > 0; BurstCount--) { + *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); + Index++; + if (Index == TpmOutSize) { + Status = EFI_SUCCESS; + goto Exit; + } + } + Status = Tpm12TisPcReadBurstCount (TisReg, &BurstCount); + if (EFI_ERROR (Status)) { + Status = EFI_DEVICE_ERROR; + goto Exit; + } + } +Exit: + DEBUG_CODE ( + DEBUG ((EFI_D_VERBOSE, "Tpm12TisTpmCommand Receive - ")); + for (Index = 0; Index < TpmOutSize; Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferOut[Index])); + } + DEBUG ((EFI_D_VERBOSE, "\n")); + ); + MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); + return Status; +} + +/** + This service enables the sending of commands to the TPM12. + + @param[in] InputParameterBlockSize Size of the TPM12 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM12 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM12 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM12 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm12SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + PTP_INTERFACE_TYPE PtpInterface; + + // + // Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address. + // + PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + switch (PtpInterface) { + case PtpInterfaceFifo: + case PtpInterfaceTis: + return Tpm12TisTpmCommand ( + (TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), + InputParameterBlock, + InputParameterBlockSize, + OutputParameterBlock, + OutputParameterBlockSize + ); + case PtpInterfaceCrb: + // + // No need to support CRB because it is only accept TPM2 command. + // + default: + return EFI_DEVICE_ERROR; + } + +} + +/** + Check whether the value of a TPM chip register satisfies the input BIT setting. + + @param[in] Register Address port of register to be checked. + @param[in] BitSet Check these data bits are set. + @param[in] BitClear Check these data bits are clear. + @param[in] TimeOut The max wait time (unit MicroSecond) when checking register. + + @retval EFI_SUCCESS The register satisfies the check bit. + @retval EFI_TIMEOUT The register can't run into the expected status in time. +**/ +EFI_STATUS +Tpm12PtpCrbWaitRegisterBits ( + IN UINT32 *Register, + IN UINT32 BitSet, + IN UINT32 BitClear, + IN UINT32 TimeOut + ) +{ + UINT32 RegRead; + UINT32 WaitTime; + + for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ + RegRead = MmioRead32 ((UINTN)Register); + if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) { + return EFI_SUCCESS; + } + MicroSecondDelay (30); + } + return EFI_TIMEOUT; +} + +/** + Get the control of TPM chip. + + @param[in] CrbReg Pointer to CRB register. + + @retval EFI_SUCCESS Get the control of TPM chip. + @retval EFI_INVALID_PARAMETER CrbReg is NULL. + @retval EFI_NOT_FOUND TPM chip doesn't exit. + @retval EFI_TIMEOUT Can't get the TPM control in time. +**/ +EFI_STATUS +Tpm12PtpCrbRequestUseTpm ( + IN PTP_CRB_REGISTERS_PTR CrbReg + ) +{ + EFI_STATUS Status; + + MmioWrite32((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS); + Status = Tpm12PtpCrbWaitRegisterBits ( + &CrbReg->LocalityStatus, + PTP_CRB_LOCALITY_STATUS_GRANTED, + 0, + PTP_TIMEOUT_A + ); + return Status; +} + +/** + This service requests use TPM12. + + @retval EFI_SUCCESS Get the control of TPM12 chip. + @retval EFI_NOT_FOUND TPM12 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12RequestUseTpm ( + VOID + ) +{ + PTP_INTERFACE_TYPE PtpInterface; + + // + // Special handle for TPM1.2 to check PTP too, because PTP/TIS share same register address. + // Some other program might leverage this function to check the existence of TPM chip. + // + PtpInterface = Tpm12GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + switch (PtpInterface) { + case PtpInterfaceCrb: + return Tpm12PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + case PtpInterfaceFifo: + case PtpInterfaceTis: + return Tpm12TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + default: + return EFI_NOT_FOUND; + } +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c new file mode 100644 index 00000000..cecd7234 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.c @@ -0,0 +1,102 @@ +/** @file + This library is TPM12 TCG protocol lib. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Uefi.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/Tpm12DeviceLib.h> +#include <Protocol/TcgService.h> +#include <IndustryStandard/Tpm12.h> + +EFI_TCG_PROTOCOL *mTcgProtocol = NULL; + +/** + This service enables the sending of commands to the TPM12. + + @param[in] InputParameterBlockSize Size of the TPM12 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM12 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM12 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM12 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm12SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + EFI_STATUS Status; + TPM_RSP_COMMAND_HDR *Header; + + if (mTcgProtocol == NULL) { + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &mTcgProtocol); + if (EFI_ERROR (Status)) { + // + // TCG protocol is not installed. So, TPM12 is not present. + // + DEBUG ((EFI_D_ERROR, "Tpm12SubmitCommand - TCG - %r\n", Status)); + return EFI_NOT_FOUND; + } + } + // + // Assume when TCG Protocol is ready, RequestUseTpm already done. + // + Status = mTcgProtocol->PassThroughToTpm ( + mTcgProtocol, + InputParameterBlockSize, + InputParameterBlock, + *OutputParameterBlockSize, + OutputParameterBlock + ); + if (EFI_ERROR (Status)) { + return Status; + } + Header = (TPM_RSP_COMMAND_HDR *)OutputParameterBlock; + *OutputParameterBlockSize = SwapBytes32 (Header->paramSize); + + return EFI_SUCCESS; +} + +/** + This service requests use TPM12. + + @retval EFI_SUCCESS Get the control of TPM12 chip. + @retval EFI_NOT_FOUND TPM12 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm12RequestUseTpm ( + VOID + ) +{ + EFI_STATUS Status; + + if (mTcgProtocol == NULL) { + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &mTcgProtocol); + if (EFI_ERROR (Status)) { + // + // TCG protocol is not installed. So, TPM12 is not present. + // + DEBUG ((EFI_D_ERROR, "Tpm12RequestUseTpm - TCG - %r\n", Status)); + return EFI_NOT_FOUND; + } + } + // + // Assume when TCG Protocol is ready, RequestUseTpm already done. + // + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf new file mode 100644 index 00000000..d00a92cd --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf @@ -0,0 +1,41 @@ +## @file +# Provides function interfaces to communicate with TPM 1.2 device +# +# This library helps to use TPM 1.2 device in library function API +# based on TCG protocol. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm12DeviceLibTcg + MODULE_UNI_FILE = Tpm12DeviceLibTcg.uni + FILE_GUID = 4D8B77D9-E923-48f8-B070-4053D78B7E56 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm12DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm12DeviceLibTcg.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + UefiBootServicesTableLib + +[Protocols] + gEfiTcgProtocolGuid ## CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.uni new file mode 100644 index 00000000..cc5fdfe1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.uni @@ -0,0 +1,17 @@ +// /** @file
+// Provides function interfaces to communicate with TPM 1.2 device
+//
+// This library helps to use TPM 1.2 device in library function API
+// based on TCG protocol.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides function interfaces to communicate with TPM 1.2 device"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library helps to use TPM 1.2 device in library function API based on TCG protocol."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c new file mode 100644 index 00000000..d33540fb --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c @@ -0,0 +1,889 @@ +/** @file + Implement TPM2 Capability related command. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPM_CAP Capability; + UINT32 Property; + UINT32 PropertyCount; +} TPM2_GET_CAPABILITY_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + TPMI_YES_NO MoreData; + TPMS_CAPABILITY_DATA CapabilityData; +} TPM2_GET_CAPABILITY_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMT_PUBLIC_PARMS Parameters; +} TPM2_TEST_PARMS_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; +} TPM2_TEST_PARMS_RESPONSE; + +#pragma pack() + +#define TPMA_CC_COMMANDINDEX_MASK 0x2000FFFF + +/** + This command returns various information regarding the TPM and its current state. + + The capability parameter determines the category of data returned. The property parameter + selects the first value of the selected category to be returned. If there is no property + that corresponds to the value of property, the next higher value is returned, if it exists. + The moreData parameter will have a value of YES if there are more values of the requested + type that were not returned. + If no next capability exists, the TPM will return a zero-length list and moreData will have + a value of NO. + + NOTE: + To simplify this function, leave returned CapabilityData for caller to unpack since there are + many capability categories and only few categories will be used in firmware. It means the caller + need swap the byte order for the fields in CapabilityData. + + @param[in] Capability Group selection; determines the format of the response. + @param[in] Property Further definition of information. + @param[in] PropertyCount Number of properties of the indicated type to return. + @param[out] MoreData Flag to indicate if there are more values of this type. + @param[out] CapabilityData The capability data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapability ( + IN TPM_CAP Capability, + IN UINT32 Property, + IN UINT32 PropertyCount, + OUT TPMI_YES_NO *MoreData, + OUT TPMS_CAPABILITY_DATA *CapabilityData + ) +{ + EFI_STATUS Status; + TPM2_GET_CAPABILITY_COMMAND SendBuffer; + TPM2_GET_CAPABILITY_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_GetCapability); + + SendBuffer.Capability = SwapBytes32 (Capability); + SendBuffer.Property = SwapBytes32 (Property); + SendBuffer.PropertyCount = SwapBytes32 (PropertyCount); + + SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer ); + if (EFI_ERROR (Status)) { + return Status; + } + + if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT8)) { + return EFI_DEVICE_ERROR; + } + + // + // Fail if command failed + // + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r\n", SwapBytes32(RecvBuffer.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + // + // Return the response + // + *MoreData = RecvBuffer.MoreData; + // + // Does not unpack all possible property here, the caller should unpack it and note the byte order. + // + CopyMem (CapabilityData, &RecvBuffer.CapabilityData, RecvBufferSize - sizeof (TPM2_RESPONSE_HEADER) - sizeof (UINT8)); + + return EFI_SUCCESS; +} + +/** + This command returns the information of TPM Family. + + This function parse the value got from TPM2_GetCapability and return the Family. + + @param[out] Family The Family of TPM. (a 4-octet character string) + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityFamily ( + OUT CHAR8 *Family + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + + Status = Tpm2GetCapability ( + TPM_CAP_TPM_PROPERTIES, + TPM_PT_FAMILY_INDICATOR, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Family, &TpmCap.data.tpmProperties.tpmProperty->value, 4); + + return EFI_SUCCESS; +} + +/** + This command returns the information of TPM manufacture ID. + + This function parse the value got from TPM2_GetCapability and return the TPM manufacture ID. + + @param[out] ManufactureId The manufacture ID of TPM. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityManufactureID ( + OUT UINT32 *ManufactureId + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + + Status = Tpm2GetCapability ( + TPM_CAP_TPM_PROPERTIES, + TPM_PT_MANUFACTURER, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + *ManufactureId = TpmCap.data.tpmProperties.tpmProperty->value; + + return EFI_SUCCESS; +} + +/** + This command returns the information of TPM FirmwareVersion. + + This function parse the value got from TPM2_GetCapability and return the TPM FirmwareVersion. + + @param[out] FirmwareVersion1 The FirmwareVersion1. + @param[out] FirmwareVersion2 The FirmwareVersion2. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityFirmwareVersion ( + OUT UINT32 *FirmwareVersion1, + OUT UINT32 *FirmwareVersion2 + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + + Status = Tpm2GetCapability ( + TPM_CAP_TPM_PROPERTIES, + TPM_PT_FIRMWARE_VERSION_1, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + *FirmwareVersion1 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); + + Status = Tpm2GetCapability ( + TPM_CAP_TPM_PROPERTIES, + TPM_PT_FIRMWARE_VERSION_2, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + *FirmwareVersion2 = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); + + return EFI_SUCCESS; +} + +/** + This command returns the information of the maximum value for commandSize and responseSize in a command. + + This function parse the value got from TPM2_GetCapability and return the max command size and response size + + @param[out] MaxCommandSize The maximum value for commandSize in a command. + @param[out] MaxResponseSize The maximum value for responseSize in a command. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityMaxCommandResponseSize ( + OUT UINT32 *MaxCommandSize, + OUT UINT32 *MaxResponseSize + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + + Status = Tpm2GetCapability ( + TPM_CAP_TPM_PROPERTIES, + TPM_PT_MAX_COMMAND_SIZE, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + + *MaxCommandSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); + + Status = Tpm2GetCapability ( + TPM_CAP_TPM_PROPERTIES, + TPM_PT_MAX_RESPONSE_SIZE, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + + *MaxResponseSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); + return EFI_SUCCESS; +} + +/** + This command returns Returns a list of TPMS_ALG_PROPERTIES. Each entry is an + algorithm ID and a set of properties of the algorithm. + + This function parse the value got from TPM2_GetCapability and return the list. + + @param[out] AlgList List of algorithm. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilitySupportedAlg ( + OUT TPML_ALG_PROPERTY *AlgList + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + UINTN Index; + EFI_STATUS Status; + + Status = Tpm2GetCapability ( + TPM_CAP_ALGS, + 1, + MAX_CAP_ALGS, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + + CopyMem (AlgList, &TpmCap.data.algorithms, sizeof (TPML_ALG_PROPERTY)); + + AlgList->count = SwapBytes32 (AlgList->count); + if (AlgList->count > MAX_CAP_ALGS) { + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilitySupportedAlg - AlgList->count error %x\n", AlgList->count)); + return EFI_DEVICE_ERROR; + } + + for (Index = 0; Index < AlgList->count; Index++) { + AlgList->algProperties[Index].alg = SwapBytes16 (AlgList->algProperties[Index].alg); + WriteUnaligned32 ((UINT32 *)&AlgList->algProperties[Index].algProperties, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&AlgList->algProperties[Index].algProperties))); + } + + return EFI_SUCCESS; +} + +/** + This command returns the information of TPM LockoutCounter. + + This function parse the value got from TPM2_GetCapability and return the LockoutCounter. + + @param[out] LockoutCounter The LockoutCounter of TPM. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityLockoutCounter ( + OUT UINT32 *LockoutCounter + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + + Status = Tpm2GetCapability ( + TPM_CAP_TPM_PROPERTIES, + TPM_PT_LOCKOUT_COUNTER, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + *LockoutCounter = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); + + return EFI_SUCCESS; +} + +/** + This command returns the information of TPM LockoutInterval. + + This function parse the value got from TPM2_GetCapability and return the LockoutInterval. + + @param[out] LockoutInterval The LockoutInterval of TPM. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityLockoutInterval ( + OUT UINT32 *LockoutInterval + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + + Status = Tpm2GetCapability ( + TPM_CAP_TPM_PROPERTIES, + TPM_PT_LOCKOUT_INTERVAL, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + *LockoutInterval = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); + + return EFI_SUCCESS; +} + +/** + This command returns the information of TPM InputBufferSize. + + This function parse the value got from TPM2_GetCapability and return the InputBufferSize. + + @param[out] InputBufferSize The InputBufferSize of TPM. + the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER) + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityInputBufferSize ( + OUT UINT32 *InputBufferSize + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + + Status = Tpm2GetCapability ( + TPM_CAP_TPM_PROPERTIES, + TPM_PT_INPUT_BUFFER, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + *InputBufferSize = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); + + return EFI_SUCCESS; +} + +/** + This command returns the information of TPM PCRs. + + This function parse the value got from TPM2_GetCapability and return the PcrSelection. + + @param[out] Pcrs The Pcr Selection + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityPcrs ( + OUT TPML_PCR_SELECTION *Pcrs + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + UINTN Index; + + Status = Tpm2GetCapability ( + TPM_CAP_PCRS, + 0, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + + Pcrs->count = SwapBytes32 (TpmCap.data.assignedPCR.count); + if (Pcrs->count > HASH_COUNT) { + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - Pcrs->count error %x\n", Pcrs->count)); + return EFI_DEVICE_ERROR; + } + + for (Index = 0; Index < Pcrs->count; Index++) { + Pcrs->pcrSelections[Index].hash = SwapBytes16 (TpmCap.data.assignedPCR.pcrSelections[Index].hash); + Pcrs->pcrSelections[Index].sizeofSelect = TpmCap.data.assignedPCR.pcrSelections[Index].sizeofSelect; + if (Pcrs->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) { + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - sizeofSelect error %x\n", Pcrs->pcrSelections[Index].sizeofSelect)); + return EFI_DEVICE_ERROR; + } + CopyMem (Pcrs->pcrSelections[Index].pcrSelect, TpmCap.data.assignedPCR.pcrSelections[Index].pcrSelect, Pcrs->pcrSelections[Index].sizeofSelect); + } + + return EFI_SUCCESS; +} + +/** + This function will query the TPM to determine which hashing algorithms + are supported and which PCR banks are currently active. + + @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM. + @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated. + + @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted. + @retval Others An error occurred, likely in communication with the TPM. + +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilitySupportedAndActivePcrs ( + OUT UINT32 *TpmHashAlgorithmBitmap, + OUT UINT32 *ActivePcrBanks + ) +{ + EFI_STATUS Status; + TPML_PCR_SELECTION Pcrs; + UINTN Index; + + // + // Get supported PCR and current Active PCRs. + // + Status = Tpm2GetCapabilityPcrs (&Pcrs); + + // + // If error, assume that we have at least SHA-1 (and return the error.) + // + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n")); + *TpmHashAlgorithmBitmap = HASH_ALG_SHA1; + *ActivePcrBanks = HASH_ALG_SHA1; + } + // + // Otherwise, process the return data to determine what algorithms are supported + // and currently allocated. + // + else { + DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count = %08x\n", Pcrs.count)); + *TpmHashAlgorithmBitmap = 0; + *ActivePcrBanks = 0; + for (Index = 0; Index < Pcrs.count; Index++) { + switch (Pcrs.pcrSelections[Index].hash) { + case TPM_ALG_SHA1: + DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n")); + *TpmHashAlgorithmBitmap |= HASH_ALG_SHA1; + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n")); + *ActivePcrBanks |= HASH_ALG_SHA1; + } + break; + case TPM_ALG_SHA256: + DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n")); + *TpmHashAlgorithmBitmap |= HASH_ALG_SHA256; + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n")); + *ActivePcrBanks |= HASH_ALG_SHA256; + } + break; + case TPM_ALG_SHA384: + DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n")); + *TpmHashAlgorithmBitmap |= HASH_ALG_SHA384; + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n")); + *ActivePcrBanks |= HASH_ALG_SHA384; + } + break; + case TPM_ALG_SHA512: + DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n")); + *TpmHashAlgorithmBitmap |= HASH_ALG_SHA512; + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n")); + *ActivePcrBanks |= HASH_ALG_SHA512; + } + break; + case TPM_ALG_SM3_256: + DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n")); + *TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256; + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n")); + *ActivePcrBanks |= HASH_ALG_SM3_256; + } + break; + } + } + } + + return Status; +} + +/** + This command returns the information of TPM AlgorithmSet. + + This function parse the value got from TPM2_GetCapability and return the AlgorithmSet. + + @param[out] AlgorithmSet The AlgorithmSet of TPM. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityAlgorithmSet ( + OUT UINT32 *AlgorithmSet + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + + Status = Tpm2GetCapability ( + TPM_CAP_TPM_PROPERTIES, + TPM_PT_ALGORITHM_SET, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + *AlgorithmSet = SwapBytes32 (TpmCap.data.tpmProperties.tpmProperty->value); + + return EFI_SUCCESS; +} + +/** + This function will query if the command is supported. + + @param[In] Command TPM_CC command starts from TPM_CC_FIRST. + @param[out] IsCmdImpl The command is supported or not. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2GetCapabilityIsCommandImplemented ( + IN TPM_CC Command, + OUT BOOLEAN *IsCmdImpl + ) +{ + TPMS_CAPABILITY_DATA TpmCap; + TPMI_YES_NO MoreData; + EFI_STATUS Status; + UINT32 Attribute; + + Status = Tpm2GetCapability ( + TPM_CAP_COMMANDS, + Command, + 1, + &MoreData, + &TpmCap + ); + if (EFI_ERROR (Status)) { + return Status; + } + + CopyMem (&Attribute, &TpmCap.data.command.commandAttributes[0], sizeof (UINT32)); + *IsCmdImpl = (Command == (SwapBytes32(Attribute) & TPMA_CC_COMMANDINDEX_MASK)); + + return EFI_SUCCESS; +} + +/** + This command is used to check to see if specific combinations of algorithm parameters are supported. + + @param[in] Parameters Algorithm parameters to be validated + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2TestParms ( + IN TPMT_PUBLIC_PARMS *Parameters + ) +{ + EFI_STATUS Status; + TPM2_TEST_PARMS_COMMAND SendBuffer; + TPM2_TEST_PARMS_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_TestParms); + + Buffer = (UINT8 *)&SendBuffer.Parameters; + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->type)); + Buffer += sizeof(UINT16); + switch (Parameters->type) { + case TPM_ALG_KEYEDHASH: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.scheme)); + Buffer += sizeof(UINT16); + switch (Parameters->parameters.keyedHashDetail.scheme.scheme) { + case TPM_ALG_HMAC: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.hmac.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_XOR: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.hashAlg)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.keyedHashDetail.scheme.details.xor.kdf)); + Buffer += sizeof(UINT16); + break; + default: + return EFI_INVALID_PARAMETER; + } + case TPM_ALG_SYMCIPHER: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.algorithm)); + Buffer += sizeof(UINT16); + switch (Parameters->parameters.symDetail.algorithm) { + case TPM_ALG_AES: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.aes)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.aes)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_SM4: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.SM4)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.mode.SM4)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_XOR: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.symDetail.keyBits.xor)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + break; + case TPM_ALG_RSA: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.algorithm)); + Buffer += sizeof(UINT16); + switch (Parameters->parameters.rsaDetail.symmetric.algorithm) { + case TPM_ALG_AES: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.aes)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.aes)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_SM4: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.keyBits.SM4)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.symmetric.mode.SM4)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.scheme)); + Buffer += sizeof(UINT16); + switch (Parameters->parameters.rsaDetail.scheme.scheme) { + case TPM_ALG_RSASSA: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsassa.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_RSAPSS: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.rsapss.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_RSAES: + break; + case TPM_ALG_OAEP: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.scheme.details.oaep.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.rsaDetail.keyBits)); + Buffer += sizeof(UINT16); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (Parameters->parameters.rsaDetail.exponent)); + Buffer += sizeof(UINT32); + break; + case TPM_ALG_ECC: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.algorithm)); + Buffer += sizeof(UINT16); + switch (Parameters->parameters.eccDetail.symmetric.algorithm) { + case TPM_ALG_AES: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.aes)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.aes)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_SM4: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.keyBits.SM4)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.symmetric.mode.SM4)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.scheme)); + Buffer += sizeof(UINT16); + switch (Parameters->parameters.eccDetail.scheme.scheme) { + case TPM_ALG_ECDSA: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdsa.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_ECDAA: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecdaa.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_ECSCHNORR: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.scheme.details.ecSchnorr.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_ECDH: + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.curveID)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.scheme)); + Buffer += sizeof(UINT16); + switch (Parameters->parameters.eccDetail.kdf.scheme) { + case TPM_ALG_MGF1: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.mgf1.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_KDF1_SP800_108: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_KDF1_SP800_56a: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_KDF2: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Parameters->parameters.eccDetail.kdf.details.kdf2.hashAlg)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_INVALID_PARAMETER; + } + break; + default: + return EFI_INVALID_PARAMETER; + } + + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + return Status; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + return EFI_UNSUPPORTED; + } + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf new file mode 100644 index 00000000..5c957676 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf @@ -0,0 +1,50 @@ +## @file +# Provides some TPM 2.0 commands +# +# This library is used by other modules to send TPM 2.0 command. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2CommandLib + MODULE_UNI_FILE = Tpm2CommandLib.uni + FILE_GUID = 2F572F32-8BE5-4868-BD1D-7438AD97DC27 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2CommandLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm2Capability.c + Tpm2Sequences.c + Tpm2Integrity.c + Tpm2Hierarchy.c + Tpm2NVStorage.c + Tpm2Startup.c + Tpm2Session.c + Tpm2Context.c + Tpm2EnhancedAuthorization.c + Tpm2Test.c + Tpm2DictionaryAttack.c + Tpm2Object.c + Tpm2Miscellaneous.c + Tpm2Help.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + Tpm2DeviceLib diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.uni new file mode 100644 index 00000000..2bcd50e7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.uni @@ -0,0 +1,16 @@ +// /** @file
+// Provides some TPM 2.0 commands
+//
+// This library is used by other modules to send TPM 2.0 command.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides some TPM 2.0 command functions"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library is used by other modules to send TPM 2.0 command."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c new file mode 100644 index 00000000..101f51eb --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Context.c @@ -0,0 +1,80 @@ +/** @file + Implement TPM2 Context related command. + +Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_DH_CONTEXT FlushHandle; +} TPM2_FLUSH_CONTEXT_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; +} TPM2_FLUSH_CONTEXT_RESPONSE; + +#pragma pack() + +/** + This command causes all context associated with a loaded object or session to be removed from TPM memory. + + @param[in] FlushHandle The handle of the item to flush. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2FlushContext ( + IN TPMI_DH_CONTEXT FlushHandle + ) +{ + EFI_STATUS Status; + TPM2_FLUSH_CONTEXT_COMMAND SendBuffer; + TPM2_FLUSH_CONTEXT_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_FlushContext); + + SendBuffer.FlushHandle = SwapBytes32 (FlushHandle); + + SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + return Status; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2FlushContext - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2FlushContext - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + return EFI_SUCCESS; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c new file mode 100644 index 00000000..442aaf25 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2DictionaryAttack.c @@ -0,0 +1,213 @@ +/** @file + Implement TPM2 DictionaryAttack related command. + +Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_LOCKOUT LockHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; +} TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_LOCKOUT LockHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + UINT32 NewMaxTries; + UINT32 NewRecoveryTime; + UINT32 LockoutRecovery; +} TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE; + +#pragma pack() + +/** + This command cancels the effect of a TPM lockout due to a number of successive authorization failures. + If this command is properly authorized, the lockout counter is set to zero. + + @param[in] LockHandle TPM_RH_LOCKOUT + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2DictionaryAttackLockReset ( + IN TPMI_RH_LOCKOUT LockHandle, + IN TPMS_AUTH_COMMAND *AuthSession + ) +{ + EFI_STATUS Status; + TPM2_DICTIONARY_ATTACK_LOCK_RESET_COMMAND SendBuffer; + TPM2_DICTIONARY_ATTACK_LOCK_RESET_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackLockReset); + + SendBuffer.LockHandle = SwapBytes32 (LockHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackLockReset - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} + +/** + This command cancels the effect of a TPM lockout due to a number of successive authorization failures. + If this command is properly authorized, the lockout counter is set to zero. + + @param[in] LockHandle TPM_RH_LOCKOUT + @param[in] AuthSession Auth Session context + @param[in] NewMaxTries Count of authorization failures before the lockout is imposed + @param[in] NewRecoveryTime Time in seconds before the authorization failure count is automatically decremented + @param[in] LockoutRecovery Time in seconds after a lockoutAuth failure before use of lockoutAuth is allowed + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2DictionaryAttackParameters ( + IN TPMI_RH_LOCKOUT LockHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN UINT32 NewMaxTries, + IN UINT32 NewRecoveryTime, + IN UINT32 LockoutRecovery + ) +{ + EFI_STATUS Status; + TPM2_DICTIONARY_ATTACK_PARAMETERS_COMMAND SendBuffer; + TPM2_DICTIONARY_ATTACK_PARAMETERS_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_DictionaryAttackParameters); + + SendBuffer.LockHandle = SwapBytes32 (LockHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + // + // Real data + // + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewMaxTries)); + Buffer += sizeof(UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(NewRecoveryTime)); + Buffer += sizeof(UINT32); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(LockoutRecovery)); + Buffer += sizeof(UINT32); + + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2DictionaryAttackParameters - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBufferSize, sizeof(SendBufferSize)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c new file mode 100644 index 00000000..f28bd0b6 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2EnhancedAuthorization.c @@ -0,0 +1,396 @@ +/** @file + Implement TPM2 EnhancedAuthorization related command. + +Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_DH_ENTITY AuthHandle; + TPMI_SH_POLICY PolicySession; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + TPM2B_NONCE NonceTPM; + TPM2B_DIGEST CpHashA; + TPM2B_NONCE PolicyRef; + INT32 Expiration; +} TPM2_POLICY_SECRET_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPM2B_TIMEOUT Timeout; + TPMT_TK_AUTH PolicyTicket; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_POLICY_SECRET_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_SH_POLICY PolicySession; + TPML_DIGEST HashList; +} TPM2_POLICY_OR_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; +} TPM2_POLICY_OR_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_SH_POLICY PolicySession; + TPM_CC Code; +} TPM2_POLICY_COMMAND_CODE_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; +} TPM2_POLICY_COMMAND_CODE_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_SH_POLICY PolicySession; +} TPM2_POLICY_GET_DIGEST_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + TPM2B_DIGEST PolicyHash; +} TPM2_POLICY_GET_DIGEST_RESPONSE; + +#pragma pack() + +/** + This command includes a secret-based authorization to a policy. + The caller proves knowledge of the secret value using an authorization + session using the authValue associated with authHandle. + + @param[in] AuthHandle Handle for an entity providing the authorization + @param[in] PolicySession Handle for the policy session being extended. + @param[in] AuthSession Auth Session context + @param[in] NonceTPM The policy nonce for the session. + @param[in] CpHashA Digest of the command parameters to which this authorization is limited. + @param[in] PolicyRef A reference to a policy relating to the authorization. + @param[in] Expiration Time when authorization will expire, measured in seconds from the time that nonceTPM was generated. + @param[out] Timeout Time value used to indicate to the TPM when the ticket expires. + @param[out] PolicyTicket A ticket that includes a value indicating when the authorization expires. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PolicySecret ( + IN TPMI_DH_ENTITY AuthHandle, + IN TPMI_SH_POLICY PolicySession, + IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL + IN TPM2B_NONCE *NonceTPM, + IN TPM2B_DIGEST *CpHashA, + IN TPM2B_NONCE *PolicyRef, + IN INT32 Expiration, + OUT TPM2B_TIMEOUT *Timeout, + OUT TPMT_TK_AUTH *PolicyTicket + ) +{ + EFI_STATUS Status; + TPM2_POLICY_SECRET_COMMAND SendBuffer; + TPM2_POLICY_SECRET_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicySecret); + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + SendBuffer.PolicySession = SwapBytes32 (PolicySession); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + // + // Real data + // + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NonceTPM->size)); + Buffer += sizeof(UINT16); + CopyMem (Buffer, NonceTPM->buffer, NonceTPM->size); + Buffer += NonceTPM->size; + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(CpHashA->size)); + Buffer += sizeof(UINT16); + CopyMem (Buffer, CpHashA->buffer, CpHashA->size); + Buffer += CpHashA->size; + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PolicyRef->size)); + Buffer += sizeof(UINT16); + CopyMem (Buffer, PolicyRef->buffer, PolicyRef->size); + Buffer += PolicyRef->size; + + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32((UINT32)Expiration)); + Buffer += sizeof(UINT32); + + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2PolicySecret - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + // + // Return the response + // + Buffer = (UINT8 *)&RecvBuffer.Timeout; + Timeout->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer)); + if (Timeout->size > sizeof(UINT64)) { + DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - Timeout->size error %x\n", Timeout->size)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + Buffer += sizeof(UINT16); + CopyMem (Timeout->buffer, Buffer, Timeout->size); + + PolicyTicket->tag = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + PolicyTicket->hierarchy = SwapBytes32(ReadUnaligned32 ((UINT32 *)Buffer)); + Buffer += sizeof(UINT32); + PolicyTicket->digest.size = SwapBytes16(ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + if (PolicyTicket->digest.size > sizeof(TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "Tpm2PolicySecret - digest.size error %x\n", PolicyTicket->digest.size)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + CopyMem (PolicyTicket->digest.buffer, Buffer, PolicyTicket->digest.size); + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} + +/** + This command allows options in authorizations without requiring that the TPM evaluate all of the options. + If a policy may be satisfied by different sets of conditions, the TPM need only evaluate one set that + satisfies the policy. This command will indicate that one of the required sets of conditions has been + satisfied. + + @param[in] PolicySession Handle for the policy session being extended. + @param[in] HashList the list of hashes to check for a match. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PolicyOR ( + IN TPMI_SH_POLICY PolicySession, + IN TPML_DIGEST *HashList + ) +{ + EFI_STATUS Status; + TPM2_POLICY_OR_COMMAND SendBuffer; + TPM2_POLICY_OR_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINTN Index; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyOR); + + SendBuffer.PolicySession = SwapBytes32 (PolicySession); + Buffer = (UINT8 *)&SendBuffer.HashList; + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (HashList->count)); + Buffer += sizeof(UINT32); + for (Index = 0; Index < HashList->count; Index++) { + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (HashList->digests[Index].size)); + Buffer += sizeof(UINT16); + CopyMem (Buffer, HashList->digests[Index].buffer, HashList->digests[Index].size); + Buffer += HashList->digests[Index].size; + } + + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + return Status; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2PolicyOR - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + return EFI_SUCCESS; +} + +/** + This command indicates that the authorization will be limited to a specific command code. + + @param[in] PolicySession Handle for the policy session being extended. + @param[in] Code The allowed commandCode. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PolicyCommandCode ( + IN TPMI_SH_POLICY PolicySession, + IN TPM_CC Code + ) +{ + EFI_STATUS Status; + TPM2_POLICY_COMMAND_CODE_COMMAND SendBuffer; + TPM2_POLICY_COMMAND_CODE_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyCommandCode); + + SendBuffer.PolicySession = SwapBytes32 (PolicySession); + SendBuffer.Code = SwapBytes32 (Code); + + SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + return Status; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2PolicyCommandCode - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + return EFI_SUCCESS; +} + +/** + This command returns the current policyDigest of the session. This command allows the TPM + to be used to perform the actions required to precompute the authPolicy for an object. + + @param[in] PolicySession Handle for the policy session. + @param[out] PolicyHash the current value of the policyHash of policySession. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PolicyGetDigest ( + IN TPMI_SH_POLICY PolicySession, + OUT TPM2B_DIGEST *PolicyHash + ) +{ + EFI_STATUS Status; + TPM2_POLICY_GET_DIGEST_COMMAND SendBuffer; + TPM2_POLICY_GET_DIGEST_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PolicyGetDigest); + + SendBuffer.PolicySession = SwapBytes32 (PolicySession); + + SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + return Status; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2PolicyGetDigest - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + // + // Return the response + // + PolicyHash->size = SwapBytes16 (RecvBuffer.PolicyHash.size); + if (PolicyHash->size > sizeof(TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "Tpm2PolicyGetDigest - PolicyHash->size error %x\n", PolicyHash->size)); + return EFI_DEVICE_ERROR; + } + + CopyMem (PolicyHash->buffer, &RecvBuffer.PolicyHash.buffer, PolicyHash->size); + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c new file mode 100644 index 00000000..510ad426 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c @@ -0,0 +1,344 @@ +/** @file + Implement TPM2 help. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +typedef struct { + TPMI_ALG_HASH HashAlgo; + UINT16 HashSize; + UINT32 HashMask; +} INTERNAL_HASH_INFO; + +STATIC INTERNAL_HASH_INFO mHashInfo[] = { + {TPM_ALG_SHA1, SHA1_DIGEST_SIZE, HASH_ALG_SHA1}, + {TPM_ALG_SHA256, SHA256_DIGEST_SIZE, HASH_ALG_SHA256}, + {TPM_ALG_SM3_256, SM3_256_DIGEST_SIZE, HASH_ALG_SM3_256}, + {TPM_ALG_SHA384, SHA384_DIGEST_SIZE, HASH_ALG_SHA384}, + {TPM_ALG_SHA512, SHA512_DIGEST_SIZE, HASH_ALG_SHA512}, +}; + +/** + Return size of digest. + + @param[in] HashAlgo Hash algorithm + + @return size of digest +**/ +UINT16 +EFIAPI +GetHashSizeFromAlgo ( + IN TPMI_ALG_HASH HashAlgo + ) +{ + UINTN Index; + + for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) { + if (mHashInfo[Index].HashAlgo == HashAlgo) { + return mHashInfo[Index].HashSize; + } + } + return 0; +} + +/** + Get hash mask from algorithm. + + @param[in] HashAlgo Hash algorithm + + @return Hash mask +**/ +UINT32 +EFIAPI +GetHashMaskFromAlgo ( + IN TPMI_ALG_HASH HashAlgo + ) +{ + UINTN Index; + + for (Index = 0; Index < sizeof(mHashInfo)/sizeof(mHashInfo[0]); Index++) { + if (mHashInfo[Index].HashAlgo == HashAlgo) { + return mHashInfo[Index].HashMask; + } + } + return 0; +} + +/** + Copy AuthSessionIn to TPM2 command buffer. + + @param [in] AuthSessionIn Input AuthSession data + @param [out] AuthSessionOut Output AuthSession data in TPM2 command buffer + + @return AuthSession size +**/ +UINT32 +EFIAPI +CopyAuthSessionCommand ( + IN TPMS_AUTH_COMMAND *AuthSessionIn, OPTIONAL + OUT UINT8 *AuthSessionOut + ) +{ + UINT8 *Buffer; + + Buffer = (UINT8 *)AuthSessionOut; + + // + // Add in Auth session + // + if (AuthSessionIn != NULL) { + // sessionHandle + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(AuthSessionIn->sessionHandle)); + Buffer += sizeof(UINT32); + + // nonce + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->nonce.size)); + Buffer += sizeof(UINT16); + + CopyMem (Buffer, AuthSessionIn->nonce.buffer, AuthSessionIn->nonce.size); + Buffer += AuthSessionIn->nonce.size; + + // sessionAttributes + *(UINT8 *)Buffer = *(UINT8 *)&AuthSessionIn->sessionAttributes; + Buffer++; + + // hmac + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthSessionIn->hmac.size)); + Buffer += sizeof(UINT16); + + CopyMem (Buffer, AuthSessionIn->hmac.buffer, AuthSessionIn->hmac.size); + Buffer += AuthSessionIn->hmac.size; + } else { + // sessionHandle + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(TPM_RS_PW)); + Buffer += sizeof(UINT32); + + // nonce = nullNonce + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0)); + Buffer += sizeof(UINT16); + + // sessionAttributes = 0 + *(UINT8 *)Buffer = 0x00; + Buffer++; + + // hmac = nullAuth + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0)); + Buffer += sizeof(UINT16); + } + + return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionOut); +} + +/** + Copy AuthSessionIn from TPM2 response buffer. + + @param [in] AuthSessionIn Input AuthSession data in TPM2 response buffer + @param [out] AuthSessionOut Output AuthSession data + + @return 0 copy failed + else AuthSession size +**/ +UINT32 +EFIAPI +CopyAuthSessionResponse ( + IN UINT8 *AuthSessionIn, + OUT TPMS_AUTH_RESPONSE *AuthSessionOut OPTIONAL + ) +{ + UINT8 *Buffer; + TPMS_AUTH_RESPONSE LocalAuthSessionOut; + + if (AuthSessionOut == NULL) { + AuthSessionOut = &LocalAuthSessionOut; + } + + Buffer = (UINT8 *)AuthSessionIn; + + // nonce + AuthSessionOut->nonce.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + if (AuthSessionOut->nonce.size > sizeof(TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - nonce.size error %x\n", AuthSessionOut->nonce.size)); + return 0; + } + + CopyMem (AuthSessionOut->nonce.buffer, Buffer, AuthSessionOut->nonce.size); + Buffer += AuthSessionOut->nonce.size; + + // sessionAttributes + *(UINT8 *)&AuthSessionOut->sessionAttributes = *(UINT8 *)Buffer; + Buffer++; + + // hmac + AuthSessionOut->hmac.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + if (AuthSessionOut->hmac.size > sizeof(TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "CopyAuthSessionResponse - hmac.size error %x\n", AuthSessionOut->hmac.size)); + return 0; + } + + CopyMem (AuthSessionOut->hmac.buffer, Buffer, AuthSessionOut->hmac.size); + Buffer += AuthSessionOut->hmac.size; + + return (UINT32)((UINTN)Buffer - (UINTN)AuthSessionIn); +} + +/** + Return if hash alg is supported in HashAlgorithmMask. + + @param HashAlg Hash algorithm to be checked. + @param HashAlgorithmMask Bitfield of allowed hash algorithms. + + @retval TRUE Hash algorithm is supported. + @retval FALSE Hash algorithm is not supported. +**/ +BOOLEAN +EFIAPI +IsHashAlgSupportedInHashAlgorithmMask( + IN TPMI_ALG_HASH HashAlg, + IN UINT32 HashAlgorithmMask + ) +{ + switch (HashAlg) { + case TPM_ALG_SHA1: + if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) { + return TRUE; + } + break; + case TPM_ALG_SHA256: + if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) { + return TRUE; + } + break; + case TPM_ALG_SHA384: + if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) { + return TRUE; + } + break; + case TPM_ALG_SHA512: + if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) { + return TRUE; + } + break; + case TPM_ALG_SM3_256: + if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) { + return TRUE; + } + break; + } + + return FALSE; +} + +/** + Copy TPML_DIGEST_VALUES into a buffer + + @param[in,out] Buffer Buffer to hold copied TPML_DIGEST_VALUES compact binary. + @param[in] DigestList TPML_DIGEST_VALUES to be copied. + @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy. + + @return The end of buffer to hold TPML_DIGEST_VALUES. +**/ +VOID * +EFIAPI +CopyDigestListToBuffer ( + IN OUT VOID *Buffer, + IN TPML_DIGEST_VALUES *DigestList, + IN UINT32 HashAlgorithmMask + ) +{ + UINTN Index; + UINT16 DigestSize; + UINT32 DigestListCount; + UINT32 *DigestListCountPtr; + + DigestListCountPtr = (UINT32 *) Buffer; + DigestListCount = 0; + Buffer = (UINT8 *)Buffer + sizeof(DigestList->count); + for (Index = 0; Index < DigestList->count; Index++) { + if (!IsHashAlgSupportedInHashAlgorithmMask(DigestList->digests[Index].hashAlg, HashAlgorithmMask)) { + DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg)); + continue; + } + CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg)); + Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg); + DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); + CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize); + Buffer = (UINT8 *)Buffer + DigestSize; + DigestListCount++; + } + WriteUnaligned32 (DigestListCountPtr, DigestListCount); + + return Buffer; +} + +/** + Get TPML_DIGEST_VALUES data size. + + @param[in] DigestList TPML_DIGEST_VALUES data. + + @return TPML_DIGEST_VALUES data size. +**/ +UINT32 +EFIAPI +GetDigestListSize ( + IN TPML_DIGEST_VALUES *DigestList + ) +{ + UINTN Index; + UINT16 DigestSize; + UINT32 TotalSize; + + TotalSize = sizeof(DigestList->count); + for (Index = 0; Index < DigestList->count; Index++) { + DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg); + TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize; + } + + return TotalSize; +} + +/** + This function get digest from digest list. + + @param[in] HashAlg Digest algorithm + @param[in] DigestList Digest list + @param[out] Digest Digest + + @retval EFI_SUCCESS Digest is found and returned. + @retval EFI_NOT_FOUND Digest is not found. +**/ +EFI_STATUS +EFIAPI +GetDigestFromDigestList ( + IN TPMI_ALG_HASH HashAlg, + IN TPML_DIGEST_VALUES *DigestList, + OUT VOID *Digest + ) +{ + UINTN Index; + UINT16 DigestSize; + + DigestSize = GetHashSizeFromAlgo (HashAlg); + for (Index = 0; Index < DigestList->count; Index++) { + if (DigestList->digests[Index].hashAlg == HashAlg) { + CopyMem ( + Digest, + &DigestList->digests[Index].digest, + DigestSize + ); + return EFI_SUCCESS; + } + } + + return EFI_NOT_FOUND; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c new file mode 100644 index 00000000..039bc503 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Hierarchy.c @@ -0,0 +1,797 @@ +/** @file + Implement TPM2 Hierarchy related command. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_HIERARCHY_AUTH AuthHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + TPM2B_DIGEST AuthPolicy; + TPMI_ALG_HASH HashAlg; +} TPM2_SET_PRIMARY_POLICY_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_SET_PRIMARY_POLICY_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_CLEAR AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; +} TPM2_CLEAR_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_CLEAR_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_CLEAR AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; + TPMI_YES_NO Disable; +} TPM2_CLEAR_CONTROL_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_CLEAR_CONTROL_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_HIERARCHY_AUTH AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; + TPM2B_AUTH NewAuth; +} TPM2_HIERARCHY_CHANGE_AUTH_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_PLATFORM AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; +} TPM2_CHANGE_EPS_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_CHANGE_EPS_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_PLATFORM AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; +} TPM2_CHANGE_PPS_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_CHANGE_PPS_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_HIERARCHY AuthHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSession; + TPMI_RH_HIERARCHY Hierarchy; + TPMI_YES_NO State; +} TPM2_HIERARCHY_CONTROL_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_HIERARCHY_CONTROL_RESPONSE; + +#pragma pack() + +/** + This command allows setting of the authorization policy for the platform hierarchy (platformPolicy), the + storage hierarchy (ownerPolicy), and and the endorsement hierarchy (endorsementPolicy). + + @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} parameters to be validated + @param[in] AuthSession Auth Session context + @param[in] AuthPolicy An authorization policy hash + @param[in] HashAlg The hash algorithm to use for the policy + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2SetPrimaryPolicy ( + IN TPMI_RH_HIERARCHY_AUTH AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPM2B_DIGEST *AuthPolicy, + IN TPMI_ALG_HASH HashAlg + ) +{ + EFI_STATUS Status; + TPM2_SET_PRIMARY_POLICY_COMMAND SendBuffer; + TPM2_SET_PRIMARY_POLICY_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetPrimaryPolicy); + + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + // + // Real data + // + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(AuthPolicy->size)); + Buffer += sizeof(UINT16); + CopyMem (Buffer, AuthPolicy->buffer, AuthPolicy->size); + Buffer += AuthPolicy->size; + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg)); + Buffer += sizeof(UINT16); + + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2SetPrimaryPolicy - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} + +/** + This command removes all TPM context associated with a specific Owner. + + @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2Clear ( + IN TPMI_RH_CLEAR AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + ) +{ + EFI_STATUS Status; + TPM2_CLEAR_COMMAND Cmd; + TPM2_CLEAR_RESPONSE Res; + UINT32 ResultBufSize; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_Clear); + Cmd.AuthHandle = SwapBytes32(AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&Cmd.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR(Status)) { + goto Done; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "Clear: Failed ExecuteCommand: Buffer Too Small\r\n")); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "Clear: Response size too large! %d\r\n", RespSize)); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Clear: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + // + // Unmarshal the response + // + + // None +Done: + // + // Clear AuthSession Content + // + ZeroMem (&Cmd, sizeof(Cmd)); + ZeroMem (&Res, sizeof(Res)); + return Status; +} + +/** + Disables and enables the execution of TPM2_Clear(). + + @param[in] AuthHandle TPM_RH_LOCKOUT or TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + @param[in] Disable YES if the disableOwnerClear flag is to be SET, + NO if the flag is to be CLEAR. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2ClearControl ( + IN TPMI_RH_CLEAR AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL + IN TPMI_YES_NO Disable + ) +{ + EFI_STATUS Status; + TPM2_CLEAR_CONTROL_COMMAND Cmd; + TPM2_CLEAR_CONTROL_RESPONSE Res; + UINT32 ResultBufSize; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_ClearControl); + Cmd.AuthHandle = SwapBytes32(AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&Cmd.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + + // disable + *(UINT8 *)Buffer = Disable; + Buffer++; + + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR(Status)) { + goto Done; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "ClearControl: Failed ExecuteCommand: Buffer Too Small\r\n")); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "ClearControl: Response size too large! %d\r\n", RespSize)); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "ClearControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + // + // Unmarshal the response + // + + // None +Done: + // + // Clear AuthSession Content + // + ZeroMem (&Cmd, sizeof(Cmd)); + ZeroMem (&Res, sizeof(Res)); + return Status; +} + +/** + This command allows the authorization secret for a hierarchy or lockout to be changed using the current + authorization value as the command authorization. + + @param[in] AuthHandle TPM_RH_LOCKOUT, TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + @param[in] NewAuth New authorization secret + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2HierarchyChangeAuth ( + IN TPMI_RH_HIERARCHY_AUTH AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPM2B_AUTH *NewAuth + ) +{ + EFI_STATUS Status; + TPM2_HIERARCHY_CHANGE_AUTH_COMMAND Cmd; + TPM2_HIERARCHY_CHANGE_AUTH_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + UINT8 *ResultBuf; + UINT32 ResultBufSize; + + // + // Construct command + // + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyChangeAuth); + Cmd.AuthHandle = SwapBytes32(AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&Cmd.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + + // New Authorization size + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(NewAuth->size)); + Buffer += sizeof(UINT16); + + // New Authorization + CopyMem(Buffer, NewAuth->buffer, NewAuth->size); + Buffer += NewAuth->size; + + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + ResultBuf = (UINT8 *) &Res; + ResultBufSize = sizeof(Res); + + // + // Call the TPM + // + Status = Tpm2SubmitCommand ( + CmdSize, + (UINT8 *)&Cmd, + &ResultBufSize, + ResultBuf + ); + if (EFI_ERROR(Status)) { + goto Done; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Failed ExecuteCommand: Buffer Too Small\r\n")); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "HierarchyChangeAuth: Response size too large! %d\r\n", RespSize)); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG((EFI_D_ERROR,"HierarchyChangeAuth: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&Cmd, sizeof(Cmd)); + ZeroMem (&Res, sizeof(Res)); + return Status; +} + +/** + This replaces the current EPS with a value from the RNG and sets the Endorsement hierarchy controls to + their default initialization values. + + @param[in] AuthHandle TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2ChangeEPS ( + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession + ) +{ + EFI_STATUS Status; + TPM2_CHANGE_EPS_COMMAND Cmd; + TPM2_CHANGE_EPS_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + UINT8 *ResultBuf; + UINT32 ResultBufSize; + + // + // Construct command + // + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangeEPS); + Cmd.AuthHandle = SwapBytes32(AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&Cmd.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + ResultBuf = (UINT8 *) &Res; + ResultBufSize = sizeof(Res); + + // + // Call the TPM + // + Status = Tpm2SubmitCommand ( + CmdSize, + (UINT8 *)&Cmd, + &ResultBufSize, + ResultBuf + ); + if (EFI_ERROR(Status)) { + goto Done; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "ChangeEPS: Failed ExecuteCommand: Buffer Too Small\r\n")); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "ChangeEPS: Response size too large! %d\r\n", RespSize)); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG((EFI_D_ERROR,"ChangeEPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&Cmd, sizeof(Cmd)); + ZeroMem (&Res, sizeof(Res)); + return Status; +} + +/** + This replaces the current PPS with a value from the RNG and sets platformPolicy to the default + initialization value (the Empty Buffer). + + @param[in] AuthHandle TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2ChangePPS ( + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession + ) +{ + EFI_STATUS Status; + TPM2_CHANGE_PPS_COMMAND Cmd; + TPM2_CHANGE_PPS_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + UINT8 *ResultBuf; + UINT32 ResultBufSize; + + // + // Construct command + // + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_ChangePPS); + Cmd.AuthHandle = SwapBytes32(AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&Cmd.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + ResultBuf = (UINT8 *) &Res; + ResultBufSize = sizeof(Res); + + // + // Call the TPM + // + Status = Tpm2SubmitCommand ( + CmdSize, + (UINT8 *)&Cmd, + &ResultBufSize, + ResultBuf + ); + if (EFI_ERROR(Status)) { + goto Done; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "ChangePPS: Failed ExecuteCommand: Buffer Too Small\r\n")); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "ChangePPS: Response size too large! %d\r\n", RespSize)); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG((EFI_D_ERROR,"ChangePPS: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&Cmd, sizeof(Cmd)); + ZeroMem (&Res, sizeof(Res)); + return Status; +} + +/** + This command enables and disables use of a hierarchy. + + @param[in] AuthHandle TPM_RH_ENDORSEMENT, TPM_RH_OWNER or TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + @param[in] Hierarchy Hierarchy of the enable being modified + @param[in] State YES if the enable should be SET, + NO if the enable should be CLEAR + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2HierarchyControl ( + IN TPMI_RH_HIERARCHY AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPMI_RH_HIERARCHY Hierarchy, + IN TPMI_YES_NO State + ) +{ + EFI_STATUS Status; + TPM2_HIERARCHY_CONTROL_COMMAND Cmd; + TPM2_HIERARCHY_CONTROL_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + UINT8 *ResultBuf; + UINT32 ResultBufSize; + + // + // Construct command + // + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_HierarchyControl); + Cmd.AuthHandle = SwapBytes32(AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&Cmd.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Hierarchy)); + Buffer += sizeof(UINT32); + + *(UINT8 *)Buffer = State; + Buffer++; + + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + ResultBuf = (UINT8 *) &Res; + ResultBufSize = sizeof(Res); + + // + // Call the TPM + // + Status = Tpm2SubmitCommand ( + CmdSize, + (UINT8 *)&Cmd, + &ResultBufSize, + ResultBuf + ); + if (EFI_ERROR(Status)) { + goto Done; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "HierarchyControl: Failed ExecuteCommand: Buffer Too Small\r\n")); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "HierarchyControl: Response size too large! %d\r\n", RespSize)); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG((EFI_D_ERROR,"HierarchyControl: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&Cmd, sizeof(Cmd)); + ZeroMem (&Res, sizeof(Res)); + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c new file mode 100644 index 00000000..4b51fb98 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c @@ -0,0 +1,689 @@ +/** @file + Implement TPM2 Integrity related command. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_DH_PCR PcrHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSessionPcr; + TPML_DIGEST_VALUES DigestValues; +} TPM2_PCR_EXTEND_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSessionPcr; +} TPM2_PCR_EXTEND_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_DH_PCR PcrHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSessionPcr; + TPM2B_EVENT EventData; +} TPM2_PCR_EVENT_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPML_DIGEST_VALUES Digests; + TPMS_AUTH_RESPONSE AuthSessionPcr; +} TPM2_PCR_EVENT_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPML_PCR_SELECTION PcrSelectionIn; +} TPM2_PCR_READ_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 PcrUpdateCounter; + TPML_PCR_SELECTION PcrSelectionOut; + TPML_DIGEST PcrValues; +} TPM2_PCR_READ_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_PLATFORM AuthHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + TPML_PCR_SELECTION PcrAllocation; +} TPM2_PCR_ALLOCATE_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMI_YES_NO AllocationSuccess; + UINT32 MaxPCR; + UINT32 SizeNeeded; + UINT32 SizeAvailable; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_PCR_ALLOCATE_RESPONSE; + +#pragma pack() + +/** + This command is used to cause an update to the indicated PCR. + The digests parameter contains one or more tagged digest value identified by an algorithm ID. + For each digest, the PCR associated with pcrHandle is Extended into the bank identified by the tag (hashAlg). + + @param[in] PcrHandle Handle of the PCR + @param[in] Digests List of tagged digest values to be extended + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrExtend ( + IN TPMI_DH_PCR PcrHandle, + IN TPML_DIGEST_VALUES *Digests + ) +{ + EFI_STATUS Status; + TPM2_PCR_EXTEND_COMMAND Cmd; + TPM2_PCR_EXTEND_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT32 ResultBufSize; + UINT8 *Buffer; + UINTN Index; + UINT32 SessionInfoSize; + UINT16 DigestSize; + + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Extend); + Cmd.PcrHandle = SwapBytes32(PcrHandle); + + + // + // Add in Auth session + // + Buffer = (UINT8 *)&Cmd.AuthSessionPcr; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + + //Digest Count + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(Digests->count)); + Buffer += sizeof(UINT32); + + //Digest + for (Index = 0; Index < Digests->count; Index++) { + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Digests->digests[Index].hashAlg)); + Buffer += sizeof(UINT16); + DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); + if (DigestSize == 0) { + DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg)); + return EFI_DEVICE_ERROR; + } + CopyMem( + Buffer, + &Digests->digests[Index].digest, + DigestSize + ); + Buffer += DigestSize; + } + + CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR(Status)) { + return Status; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Failed ExecuteCommand: Buffer Too Small\r\n")); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response size too large! %d\r\n", RespSize)); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrExtend: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + // + // Unmarshal the response + // + + // None + + return EFI_SUCCESS; +} + +/** + This command is used to cause an update to the indicated PCR. + The data in eventData is hashed using the hash algorithm associated with each bank in which the + indicated PCR has been allocated. After the data is hashed, the digests list is returned. If the pcrHandle + references an implemented PCR and not TPM_ALG_NULL, digests list is processed as in + TPM2_PCR_Extend(). + A TPM shall support an Event.size of zero through 1,024 inclusive. + + @param[in] PcrHandle Handle of the PCR + @param[in] EventData Event data in sized buffer + @param[out] Digests List of digest + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrEvent ( + IN TPMI_DH_PCR PcrHandle, + IN TPM2B_EVENT *EventData, + OUT TPML_DIGEST_VALUES *Digests + ) +{ + EFI_STATUS Status; + TPM2_PCR_EVENT_COMMAND Cmd; + TPM2_PCR_EVENT_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT32 ResultBufSize; + UINT8 *Buffer; + UINTN Index; + UINT32 SessionInfoSize; + UINT16 DigestSize; + + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Event); + Cmd.PcrHandle = SwapBytes32(PcrHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&Cmd.AuthSessionPcr; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (NULL, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + + // Event + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(EventData->size)); + Buffer += sizeof(UINT16); + + CopyMem (Buffer, EventData->buffer, EventData->size); + Buffer += EventData->size; + + CmdSize = (UINT32)((UINTN)Buffer - (UINTN)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR(Status)) { + return Status; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Failed ExecuteCommand: Buffer Too Small\r\n")); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response size too large! %d\r\n", RespSize)); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrEvent: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + // + // Unmarshal the response + // + Buffer = (UINT8 *)&Res.Digests; + + Digests->count = SwapBytes32 (ReadUnaligned32 ((UINT32 *)Buffer)); + if (Digests->count > HASH_COUNT) { + DEBUG ((DEBUG_ERROR, "Tpm2PcrEvent - Digests->count error %x\n", Digests->count)); + return EFI_DEVICE_ERROR; + } + + Buffer += sizeof(UINT32); + for (Index = 0; Index < Digests->count; Index++) { + Digests->digests[Index].hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + DigestSize = GetHashSizeFromAlgo (Digests->digests[Index].hashAlg); + if (DigestSize == 0) { + DEBUG ((EFI_D_ERROR, "Unknown hash algorithm %d\r\n", Digests->digests[Index].hashAlg)); + return EFI_DEVICE_ERROR; + } + CopyMem( + &Digests->digests[Index].digest, + Buffer, + DigestSize + ); + Buffer += DigestSize; + } + + return EFI_SUCCESS; +} + +/** + This command returns the values of all PCR specified in pcrSelect. + + @param[in] PcrSelectionIn The selection of PCR to read. + @param[out] PcrUpdateCounter The current value of the PCR update counter. + @param[out] PcrSelectionOut The PCR in the returned list. + @param[out] PcrValues The contents of the PCR indicated in pcrSelect. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrRead ( + IN TPML_PCR_SELECTION *PcrSelectionIn, + OUT UINT32 *PcrUpdateCounter, + OUT TPML_PCR_SELECTION *PcrSelectionOut, + OUT TPML_DIGEST *PcrValues + ) +{ + EFI_STATUS Status; + TPM2_PCR_READ_COMMAND SendBuffer; + TPM2_PCR_READ_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINTN Index; + TPML_DIGEST *PcrValuesOut; + TPM2B_DIGEST *Digests; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_PCR_Read); + + SendBuffer.PcrSelectionIn.count = SwapBytes32(PcrSelectionIn->count); + for (Index = 0; Index < PcrSelectionIn->count; Index++) { + SendBuffer.PcrSelectionIn.pcrSelections[Index].hash = SwapBytes16(PcrSelectionIn->pcrSelections[Index].hash); + SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect = PcrSelectionIn->pcrSelections[Index].sizeofSelect; + CopyMem (&SendBuffer.PcrSelectionIn.pcrSelections[Index].pcrSelect, &PcrSelectionIn->pcrSelections[Index].pcrSelect, SendBuffer.PcrSelectionIn.pcrSelections[Index].sizeofSelect); + } + + SendBufferSize = sizeof(SendBuffer.Header) + sizeof(SendBuffer.PcrSelectionIn.count) + sizeof(SendBuffer.PcrSelectionIn.pcrSelections[0]) * PcrSelectionIn->count; + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + return Status; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + return EFI_NOT_FOUND; + } + + // + // Return the response + // + + // + // PcrUpdateCounter + // + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter)) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + *PcrUpdateCounter = SwapBytes32(RecvBuffer.PcrUpdateCounter); + + // + // PcrSelectionOut + // + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count)) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + PcrSelectionOut->count = SwapBytes32(RecvBuffer.PcrSelectionOut.count); + if (PcrSelectionOut->count > HASH_COUNT) { + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrSelectionOut->count error %x\n", PcrSelectionOut->count)); + return EFI_DEVICE_ERROR; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrRead - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + for (Index = 0; Index < PcrSelectionOut->count; Index++) { + PcrSelectionOut->pcrSelections[Index].hash = SwapBytes16(RecvBuffer.PcrSelectionOut.pcrSelections[Index].hash); + PcrSelectionOut->pcrSelections[Index].sizeofSelect = RecvBuffer.PcrSelectionOut.pcrSelections[Index].sizeofSelect; + if (PcrSelectionOut->pcrSelections[Index].sizeofSelect > PCR_SELECT_MAX) { + return EFI_DEVICE_ERROR; + } + CopyMem (&PcrSelectionOut->pcrSelections[Index].pcrSelect, &RecvBuffer.PcrSelectionOut.pcrSelections[Index].pcrSelect, PcrSelectionOut->pcrSelections[Index].sizeofSelect); + } + + // + // PcrValues + // + PcrValuesOut = (TPML_DIGEST *)((UINT8 *)&RecvBuffer + sizeof (TPM2_RESPONSE_HEADER) + sizeof(RecvBuffer.PcrUpdateCounter) + sizeof(RecvBuffer.PcrSelectionOut.count) + sizeof(RecvBuffer.PcrSelectionOut.pcrSelections[0]) * PcrSelectionOut->count); + PcrValues->count = SwapBytes32(PcrValuesOut->count); + // + // The number of digests in list is not greater than 8 per TPML_DIGEST definition + // + if (PcrValues->count > 8) { + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - PcrValues->count error %x\n", PcrValues->count)); + return EFI_DEVICE_ERROR; + } + Digests = PcrValuesOut->digests; + for (Index = 0; Index < PcrValues->count; Index++) { + PcrValues->digests[Index].size = SwapBytes16(Digests->size); + if (PcrValues->digests[Index].size > sizeof(TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "Tpm2PcrRead - Digest.size error %x\n", PcrValues->digests[Index].size)); + return EFI_DEVICE_ERROR; + } + CopyMem (&PcrValues->digests[Index].buffer, &Digests->buffer, PcrValues->digests[Index].size); + Digests = (TPM2B_DIGEST *)((UINT8 *)Digests + sizeof(Digests->size) + PcrValues->digests[Index].size); + } + + return EFI_SUCCESS; +} + +/** + This command is used to set the desired PCR allocation of PCR and algorithms. + + @param[in] AuthHandle TPM_RH_PLATFORM+{PP} + @param[in] AuthSession Auth Session context + @param[in] PcrAllocation The requested allocation + @param[out] AllocationSuccess YES if the allocation succeeded + @param[out] MaxPCR maximum number of PCR that may be in a bank + @param[out] SizeNeeded number of octets required to satisfy the request + @param[out] SizeAvailable Number of octets available. Computed before the allocation + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrAllocate ( + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN TPML_PCR_SELECTION *PcrAllocation, + OUT TPMI_YES_NO *AllocationSuccess, + OUT UINT32 *MaxPCR, + OUT UINT32 *SizeNeeded, + OUT UINT32 *SizeAvailable + ) +{ + EFI_STATUS Status; + TPM2_PCR_ALLOCATE_COMMAND Cmd; + TPM2_PCR_ALLOCATE_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + UINT8 *ResultBuf; + UINT32 ResultBufSize; + UINTN Index; + + // + // Construct command + // + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_PCR_Allocate); + Cmd.AuthHandle = SwapBytes32(AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&Cmd.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + Cmd.AuthSessionSize = SwapBytes32(SessionInfoSize); + + // Count + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(PcrAllocation->count)); + Buffer += sizeof(UINT32); + for (Index = 0; Index < PcrAllocation->count; Index++) { + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(PcrAllocation->pcrSelections[Index].hash)); + Buffer += sizeof(UINT16); + *(UINT8 *)Buffer = PcrAllocation->pcrSelections[Index].sizeofSelect; + Buffer++; + CopyMem (Buffer, PcrAllocation->pcrSelections[Index].pcrSelect, PcrAllocation->pcrSelections[Index].sizeofSelect); + Buffer += PcrAllocation->pcrSelections[Index].sizeofSelect; + } + + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + ResultBuf = (UINT8 *) &Res; + ResultBufSize = sizeof(Res); + + // + // Call the TPM + // + Status = Tpm2SubmitCommand ( + CmdSize, + (UINT8 *)&Cmd, + &ResultBufSize, + ResultBuf + ); + if (EFI_ERROR(Status)) { + goto Done; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Failed ExecuteCommand: Buffer Too Small\r\n")); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "Tpm2PcrAllocate: Response size too large! %d\r\n", RespSize)); + Status = EFI_BUFFER_TOO_SMALL; + goto Done; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG((EFI_D_ERROR,"Tpm2PcrAllocate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + // + // Return the response + // + *AllocationSuccess = Res.AllocationSuccess; + *MaxPCR = SwapBytes32(Res.MaxPCR); + *SizeNeeded = SwapBytes32(Res.SizeNeeded); + *SizeAvailable = SwapBytes32(Res.SizeAvailable); + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&Cmd, sizeof(Cmd)); + ZeroMem (&Res, sizeof(Res)); + return Status; +} + +/** + Alloc PCR data. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] SupportedPCRBanks Supported PCR banks + @param[in] PCRBanks PCR banks + + @retval EFI_SUCCESS Operation completed successfully. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrAllocateBanks ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN UINT32 SupportedPCRBanks, + IN UINT32 PCRBanks + ) +{ + EFI_STATUS Status; + TPMS_AUTH_COMMAND *AuthSession; + TPMS_AUTH_COMMAND LocalAuthSession; + TPML_PCR_SELECTION PcrAllocation; + TPMI_YES_NO AllocationSuccess; + UINT32 MaxPCR; + UINT32 SizeNeeded; + UINT32 SizeAvailable; + + if (PlatformAuth == NULL) { + AuthSession = NULL; + } else { + AuthSession = &LocalAuthSession; + ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); + LocalAuthSession.sessionHandle = TPM_RS_PW; + LocalAuthSession.hmac.size = PlatformAuth->size; + CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); + } + + // + // Fill input + // + ZeroMem (&PcrAllocation, sizeof(PcrAllocation)); + if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1; + PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; + if ((HASH_ALG_SHA1 & PCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; + } else { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; + } + PcrAllocation.count++; + } + if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256; + PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; + if ((HASH_ALG_SHA256 & PCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; + } else { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; + } + PcrAllocation.count++; + } + if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384; + PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; + if ((HASH_ALG_SHA384 & PCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; + } else { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; + } + PcrAllocation.count++; + } + if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512; + PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; + if ((HASH_ALG_SHA512 & PCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; + } else { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; + } + PcrAllocation.count++; + } + if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256; + PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; + if ((HASH_ALG_SM3_256 & PCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; + } else { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; + } + PcrAllocation.count++; + } + Status = Tpm2PcrAllocate ( + TPM_RH_PLATFORM, + AuthSession, + &PcrAllocation, + &AllocationSuccess, + &MaxPCR, + &SizeNeeded, + &SizeAvailable + ); + DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status)); + if (EFI_ERROR (Status)) { + goto Done; + } + + DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); + DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR)); + DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded)); + DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable)); + +Done: + ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c new file mode 100644 index 00000000..cc5a7040 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Miscellaneous.c @@ -0,0 +1,116 @@ +/** @file + Implement TPM2 Miscellaneous related command. + +Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_HIERARCHY_AUTH AuthHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + UINT32 AlgorithmSet; +} TPM2_SET_ALGORITHM_SET_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_SET_ALGORITHM_SET_RESPONSE; + +#pragma pack() + +/** + This command allows the platform to change the set of algorithms that are used by the TPM. + The algorithmSet setting is a vendor-dependent value. + + @param[in] AuthHandle TPM_RH_PLATFORM + @param[in] AuthSession Auth Session context + @param[in] AlgorithmSet A TPM vendor-dependent value indicating the + algorithm set selection + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2SetAlgorithmSet ( + IN TPMI_RH_PLATFORM AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, + IN UINT32 AlgorithmSet + ) +{ + EFI_STATUS Status; + TPM2_SET_ALGORITHM_SET_COMMAND SendBuffer; + TPM2_SET_ALGORITHM_SET_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_SetAlgorithmSet); + + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + // + // Real data + // + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32(AlgorithmSet)); + Buffer += sizeof(UINT32); + + SendBufferSize = (UINT32)((UINTN)Buffer - (UINTN)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2SetAlgorithmSet - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2SetAlgorithmSet - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + Status = EFI_DEVICE_ERROR; + goto Done; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c new file mode 100644 index 00000000..9d171e6c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c @@ -0,0 +1,1042 @@ +/** @file + Implement TPM2 NVStorage related command. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +#define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1) + +#define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) +#define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) + +#define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) + +#define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) +#define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) + +#define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) +#define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) +#define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) +#define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_NV_INDEX NvIndex; +} TPM2_NV_READPUBLIC_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + TPM2B_NV_PUBLIC NvPublic; + TPM2B_NAME NvName; +} TPM2_NV_READPUBLIC_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_PROVISION AuthHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + TPM2B_AUTH Auth; + TPM2B_NV_PUBLIC NvPublic; +} TPM2_NV_DEFINESPACE_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_NV_DEFINESPACE_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_PROVISION AuthHandle; + TPMI_RH_NV_INDEX NvIndex; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; +} TPM2_NV_UNDEFINESPACE_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_NV_UNDEFINESPACE_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_NV_AUTH AuthHandle; + TPMI_RH_NV_INDEX NvIndex; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + UINT16 Size; + UINT16 Offset; +} TPM2_NV_READ_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPM2B_MAX_BUFFER Data; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_NV_READ_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_NV_AUTH AuthHandle; + TPMI_RH_NV_INDEX NvIndex; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; + TPM2B_MAX_BUFFER Data; + UINT16 Offset; +} TPM2_NV_WRITE_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_NV_WRITE_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_NV_AUTH AuthHandle; + TPMI_RH_NV_INDEX NvIndex; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; +} TPM2_NV_READLOCK_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_NV_READLOCK_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_NV_AUTH AuthHandle; + TPMI_RH_NV_INDEX NvIndex; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; +} TPM2_NV_WRITELOCK_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_NV_WRITELOCK_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_RH_PROVISION AuthHandle; + UINT32 AuthSessionSize; + TPMS_AUTH_COMMAND AuthSession; +} TPM2_NV_GLOBALWRITELOCK_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 AuthSessionSize; + TPMS_AUTH_RESPONSE AuthSession; +} TPM2_NV_GLOBALWRITELOCK_RESPONSE; + +#pragma pack() + +/** + This command is used to read the public area and Name of an NV Index. + + @param[in] NvIndex The NV Index. + @param[out] NvPublic The public area of the index. + @param[out] NvName The Name of the nvIndex. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvReadPublic ( + IN TPMI_RH_NV_INDEX NvIndex, + OUT TPM2B_NV_PUBLIC *NvPublic, + OUT TPM2B_NAME *NvName + ) +{ + EFI_STATUS Status; + TPM2_NV_READPUBLIC_COMMAND SendBuffer; + TPM2_NV_READPUBLIC_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT16 NvPublicSize; + UINT16 NvNameSize; + UINT8 *Buffer; + TPM_RC ResponseCode; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadPublic); + + SendBuffer.NvIndex = SwapBytes32 (NvIndex); + + SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + return Status; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + if (ResponseCode != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + } + switch (ResponseCode) { + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_HANDLE + RC_NV_ReadPublic_nvIndex: // TPM_RC_NV_DEFINED: + return EFI_NOT_FOUND; + case TPM_RC_VALUE + RC_NV_ReadPublic_nvIndex: + return EFI_INVALID_PARAMETER; + default: + return EFI_DEVICE_ERROR; + } + + if (RecvBufferSize <= sizeof (TPM2_RESPONSE_HEADER) + sizeof (UINT16) + sizeof(UINT16)) { + DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_NOT_FOUND; + } + + // + // Basic check + // + NvPublicSize = SwapBytes16 (RecvBuffer.NvPublic.size); + if (NvPublicSize > sizeof(TPMS_NV_PUBLIC)) { + DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvPublic.size error %x\n", NvPublicSize)); + return EFI_DEVICE_ERROR; + } + + NvNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize))); + if (NvNameSize > sizeof(TPMU_NAME)){ + DEBUG ((DEBUG_ERROR, "Tpm2NvReadPublic - NvNameSize error %x\n", NvNameSize)); + return EFI_DEVICE_ERROR; + } + + if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16) + NvNameSize) { + DEBUG ((EFI_D_ERROR, "Tpm2NvReadPublic - RecvBufferSize Error - NvPublicSize %x\n", RecvBufferSize)); + return EFI_NOT_FOUND; + } + + // + // Return the response + // + CopyMem (NvPublic, &RecvBuffer.NvPublic, sizeof(UINT16) + NvPublicSize); + NvPublic->size = NvPublicSize; + NvPublic->nvPublic.nvIndex = SwapBytes32 (NvPublic->nvPublic.nvIndex); + NvPublic->nvPublic.nameAlg = SwapBytes16 (NvPublic->nvPublic.nameAlg); + WriteUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes))); + NvPublic->nvPublic.authPolicy.size = SwapBytes16 (NvPublic->nvPublic.authPolicy.size); + Buffer = (UINT8 *)&RecvBuffer.NvPublic.nvPublic.authPolicy; + Buffer += sizeof(UINT16) + NvPublic->nvPublic.authPolicy.size; + NvPublic->nvPublic.dataSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + + CopyMem (NvName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + NvPublicSize + sizeof(UINT16), NvNameSize); + NvName->size = NvNameSize; + + return EFI_SUCCESS; +} + +/** + This command defines the attributes of an NV Index and causes the TPM to + reserve space to hold the data associated with the index. + If a definition already exists at the index, the TPM will return TPM_RC_NV_DEFINED. + + @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. + @param[in] AuthSession Auth Session context + @param[in] Auth The authorization data. + @param[in] NvPublic The public area of the index. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_ALREADY_STARTED The command was returned successfully, but NvIndex is already defined. +**/ +EFI_STATUS +EFIAPI +Tpm2NvDefineSpace ( + IN TPMI_RH_PROVISION AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL + IN TPM2B_AUTH *Auth, + IN TPM2B_NV_PUBLIC *NvPublic + ) +{ + EFI_STATUS Status; + TPM2_NV_DEFINESPACE_COMMAND SendBuffer; + TPM2_NV_DEFINESPACE_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT16 NvPublicSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_DefineSpace); + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + // + // IndexAuth + // + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(Auth->size)); + Buffer += sizeof(UINT16); + CopyMem(Buffer, Auth->buffer, Auth->size); + Buffer += Auth->size; + + // + // NvPublic + // + NvPublicSize = NvPublic->size; + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublicSize)); + Buffer += sizeof(UINT16); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (NvPublic->nvPublic.nvIndex)); + Buffer += sizeof(UINT32); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.nameAlg)); + Buffer += sizeof(UINT16); + WriteUnaligned32 ((UINT32 *)Buffer, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&NvPublic->nvPublic.attributes))); + Buffer += sizeof(UINT32); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.authPolicy.size)); + Buffer += sizeof(UINT16); + CopyMem (Buffer, NvPublic->nvPublic.authPolicy.buffer, NvPublic->nvPublic.authPolicy.size); + Buffer += NvPublic->nvPublic.authPolicy.size; + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NvPublic->nvPublic.dataSize)); + Buffer += sizeof(UINT16); + + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2NvDefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + if (ResponseCode != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2NvDefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + } + switch (ResponseCode) { + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_SIZE + RC_NV_DefineSpace_publicInfo: + case TPM_RC_SIZE + RC_NV_DefineSpace_auth: + Status = EFI_BAD_BUFFER_SIZE; + break; + case TPM_RC_ATTRIBUTES: + case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_publicInfo: + Status = EFI_UNSUPPORTED; + break; + case TPM_RC_ATTRIBUTES + RC_NV_DefineSpace_authHandle: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_NV_DEFINED: + Status = EFI_ALREADY_STARTED; + break; + case TPM_RC_VALUE + RC_NV_DefineSpace_publicInfo: + case TPM_RC_VALUE + RC_NV_DefineSpace_authHandle: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_NV_SPACE: + Status = EFI_OUT_OF_RESOURCES; + break; + default: + Status = EFI_DEVICE_ERROR; + break; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} + +/** + This command removes an index from the TPM. + + @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. + @param[in] NvIndex The NV Index. + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvUndefineSpace ( + IN TPMI_RH_PROVISION AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + ) +{ + EFI_STATUS Status; + TPM2_NV_UNDEFINESPACE_COMMAND SendBuffer; + TPM2_NV_UNDEFINESPACE_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpace); + + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + SendBuffer.NvIndex = SwapBytes32 (NvIndex); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpace - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + if (ResponseCode != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpace - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + } + switch (ResponseCode) { + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_ATTRIBUTES: + case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex: + Status = EFI_UNSUPPORTED; + break; + case TPM_RC_NV_AUTHORIZATION: + Status = EFI_SECURITY_VIOLATION; + break; + case TPM_RC_HANDLE + RC_NV_UndefineSpace_nvIndex: // TPM_RC_NV_DEFINED: + Status = EFI_NOT_FOUND; + break; + case TPM_RC_HANDLE + RC_NV_UndefineSpace_authHandle: // TPM_RC_NV_DEFINED: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_VALUE + RC_NV_UndefineSpace_authHandle: + case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex: + Status = EFI_INVALID_PARAMETER; + break; + default: + Status = EFI_DEVICE_ERROR; + break; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} + +/** + This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace(). + + @param[in] AuthHandle the handle indicating the source of the authorization value. + @param[in] NvIndex The index to be read. + @param[in] AuthSession Auth Session context + @param[in] Size Number of bytes to read. + @param[in] Offset Byte offset into the area. + @param[in,out] OutData The data read. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvRead ( + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL + IN UINT16 Size, + IN UINT16 Offset, + IN OUT TPM2B_MAX_BUFFER *OutData + ) +{ + EFI_STATUS Status; + TPM2_NV_READ_COMMAND SendBuffer; + TPM2_NV_READ_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Read); + + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + SendBuffer.NvIndex = SwapBytes32 (NvIndex); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Size)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset)); + Buffer += sizeof(UINT16); + + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2NvRead - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + if (ResponseCode != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2NvRead - responseCode - %x\n", ResponseCode)); + } + switch (ResponseCode) { + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_NV_AUTHORIZATION: + Status = EFI_SECURITY_VIOLATION; + break; + case TPM_RC_NV_LOCKED: + Status = EFI_ACCESS_DENIED; + break; + case TPM_RC_NV_RANGE: + Status = EFI_BAD_BUFFER_SIZE; + break; + case TPM_RC_NV_UNINITIALIZED: + Status = EFI_NOT_READY; + break; + case TPM_RC_HANDLE + RC_NV_Read_nvIndex: // TPM_RC_NV_DEFINED: + Status = EFI_NOT_FOUND; + break; + case TPM_RC_HANDLE + RC_NV_Read_authHandle: // TPM_RC_NV_DEFINED: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_VALUE + RC_NV_Read_nvIndex: + case TPM_RC_VALUE + RC_NV_Read_authHandle: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_BAD_AUTH + RC_NV_Read_authHandle + TPM_RC_S: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_AUTH_UNAVAILABLE: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_AUTH_FAIL + RC_NV_Read_authHandle + TPM_RC_S: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_ATTRIBUTES + RC_NV_Read_authHandle + TPM_RC_S: + Status = EFI_UNSUPPORTED; + break; + default: + Status = EFI_DEVICE_ERROR; + break; + } + if (Status != EFI_SUCCESS) { + goto Done; + } + + // + // Return the response + // + OutData->size = SwapBytes16 (RecvBuffer.Data.size); + if (OutData->size > MAX_DIGEST_BUFFER) { + DEBUG ((DEBUG_ERROR, "Tpm2NvRead - OutData->size error %x\n", OutData->size)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + CopyMem (OutData->buffer, &RecvBuffer.Data.buffer, OutData->size); + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} + +/** + This command writes a value to an area in NV memory that was previously defined by TPM2_NV_DefineSpace(). + + @param[in] AuthHandle the handle indicating the source of the authorization value. + @param[in] NvIndex The NV Index of the area to write. + @param[in] AuthSession Auth Session context + @param[in] InData The data to write. + @param[in] Offset The offset into the NV Area. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvWrite ( + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession, OPTIONAL + IN TPM2B_MAX_BUFFER *InData, + IN UINT16 Offset + ) +{ + EFI_STATUS Status; + TPM2_NV_WRITE_COMMAND SendBuffer; + TPM2_NV_WRITE_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_Write); + + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + SendBuffer.NvIndex = SwapBytes32 (NvIndex); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (InData->size)); + Buffer += sizeof(UINT16); + CopyMem (Buffer, InData->buffer, InData->size); + Buffer += InData->size; + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Offset)); + Buffer += sizeof(UINT16); + + SendBufferSize = (UINT32) (Buffer - (UINT8 *)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2NvWrite - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + if (ResponseCode != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2NvWrite - responseCode - %x\n", ResponseCode)); + } + switch (ResponseCode) { + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_ATTRIBUTES: + Status = EFI_UNSUPPORTED; + break; + case TPM_RC_NV_AUTHORIZATION: + Status = EFI_SECURITY_VIOLATION; + break; + case TPM_RC_NV_LOCKED: + Status = EFI_ACCESS_DENIED; + break; + case TPM_RC_NV_RANGE: + Status = EFI_BAD_BUFFER_SIZE; + break; + case TPM_RC_HANDLE + RC_NV_Write_nvIndex: // TPM_RC_NV_DEFINED: + Status = EFI_NOT_FOUND; + break; + case TPM_RC_HANDLE + RC_NV_Write_authHandle: // TPM_RC_NV_DEFINED: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_VALUE + RC_NV_Write_nvIndex: + case TPM_RC_VALUE + RC_NV_Write_authHandle: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_BAD_AUTH + RC_NV_Write_authHandle + TPM_RC_S: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_AUTH_UNAVAILABLE: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_AUTH_FAIL + RC_NV_Write_authHandle + TPM_RC_S: + Status = EFI_INVALID_PARAMETER; + break; + case TPM_RC_ATTRIBUTES + RC_NV_Write_authHandle + TPM_RC_S: + Status = EFI_UNSUPPORTED; + break; + default: + Status = EFI_DEVICE_ERROR; + break; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} + +/** + This command may be used to prevent further reads of the Index until the next TPM2_Startup (TPM_SU_CLEAR). + + @param[in] AuthHandle the handle indicating the source of the authorization value. + @param[in] NvIndex The NV Index of the area to lock. + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvReadLock ( + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + ) +{ + EFI_STATUS Status; + TPM2_NV_READLOCK_COMMAND SendBuffer; + TPM2_NV_READLOCK_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_ReadLock); + + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + SendBuffer.NvIndex = SwapBytes32 (NvIndex); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2NvReadLock - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + if (ResponseCode != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2NvReadLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + } + switch (ResponseCode) { + case TPM_RC_SUCCESS: + // return data + break; + default: + Status = EFI_DEVICE_ERROR; + break; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} + +/** + This command may be used to inhibit further writes of the Index. + + @param[in] AuthHandle the handle indicating the source of the authorization value. + @param[in] NvIndex The NV Index of the area to lock. + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvWriteLock ( + IN TPMI_RH_NV_AUTH AuthHandle, + IN TPMI_RH_NV_INDEX NvIndex, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + ) +{ + EFI_STATUS Status; + TPM2_NV_WRITELOCK_COMMAND SendBuffer; + TPM2_NV_WRITELOCK_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_WriteLock); + + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + SendBuffer.NvIndex = SwapBytes32 (NvIndex); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2NvWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + if (ResponseCode != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2NvWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + } + switch (ResponseCode) { + case TPM_RC_SUCCESS: + // return data + break; + default: + Status = EFI_DEVICE_ERROR; + break; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} + +/** + The command will SET TPMA_NV_WRITELOCKED for all indexes that have their TPMA_NV_GLOBALLOCK attribute SET. + + @param[in] AuthHandle TPM_RH_OWNER or TPM_RH_PLATFORM+{PP}. + @param[in] AuthSession Auth Session context + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_NOT_FOUND The command was returned successfully, but NvIndex is not found. +**/ +EFI_STATUS +EFIAPI +Tpm2NvGlobalWriteLock ( + IN TPMI_RH_PROVISION AuthHandle, + IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL + ) +{ + EFI_STATUS Status; + TPM2_NV_GLOBALWRITELOCK_COMMAND SendBuffer; + TPM2_NV_GLOBALWRITELOCK_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + UINT32 SessionInfoSize; + TPM_RC ResponseCode; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_GlobalWriteLock); + + SendBuffer.AuthHandle = SwapBytes32 (AuthHandle); + + // + // Add in Auth session + // + Buffer = (UINT8 *)&SendBuffer.AuthSession; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (AuthSession, Buffer); + Buffer += SessionInfoSize; + SendBuffer.AuthSessionSize = SwapBytes32(SessionInfoSize); + + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + goto Done; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2NvGlobalWriteLock - RecvBufferSize Error - %x\n", RecvBufferSize)); + Status = EFI_DEVICE_ERROR; + goto Done; + } + + ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + if (ResponseCode != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2NvGlobalWriteLock - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + } + switch (ResponseCode) { + case TPM_RC_SUCCESS: + // return data + break; + default: + Status = EFI_DEVICE_ERROR; + break; + } + +Done: + // + // Clear AuthSession Content + // + ZeroMem (&SendBuffer, sizeof(SendBuffer)); + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c new file mode 100644 index 00000000..084473d1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Object.c @@ -0,0 +1,379 @@ +/** @file + Implement TPM2 Object related command. + +Copyright (c) 2017 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_DH_OBJECT ObjectHandle; +} TPM2_READ_PUBLIC_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + TPM2B_PUBLIC OutPublic; + TPM2B_NAME Name; + TPM2B_NAME QualifiedName; +} TPM2_READ_PUBLIC_RESPONSE; + +#pragma pack() + +/** + This command allows access to the public area of a loaded object. + + @param[in] ObjectHandle TPM handle of an object + @param[out] OutPublic Structure containing the public area of an object + @param[out] Name Name of the object + @param[out] QualifiedName The Qualified Name of the object + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2ReadPublic ( + IN TPMI_DH_OBJECT ObjectHandle, + OUT TPM2B_PUBLIC *OutPublic, + OUT TPM2B_NAME *Name, + OUT TPM2B_NAME *QualifiedName + ) +{ + EFI_STATUS Status; + TPM2_READ_PUBLIC_COMMAND SendBuffer; + TPM2_READ_PUBLIC_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + TPM_RC ResponseCode; + UINT8 *Buffer; + UINT16 OutPublicSize; + UINT16 NameSize; + UINT16 QualifiedNameSize; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_ReadPublic); + + SendBuffer.ObjectHandle = SwapBytes32 (ObjectHandle); + + SendBufferSize = (UINT32) sizeof (SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + return Status; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode); + if (ResponseCode != TPM_RC_SUCCESS) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + } + switch (ResponseCode) { + case TPM_RC_SUCCESS: + // return data + break; + case TPM_RC_SEQUENCE: + // objectHandle references a sequence object + return EFI_INVALID_PARAMETER; + default: + return EFI_DEVICE_ERROR; + } + + // + // Basic check + // + OutPublicSize = SwapBytes16 (RecvBuffer.OutPublic.size); + if (OutPublicSize > sizeof(TPMT_PUBLIC)) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - OutPublicSize error %x\n", OutPublicSize)); + return EFI_DEVICE_ERROR; + } + + NameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + + sizeof(UINT16) + OutPublicSize))); + if (NameSize > sizeof(TPMU_NAME)) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - NameSize error %x\n", NameSize)); + return EFI_DEVICE_ERROR; + } + + QualifiedNameSize = SwapBytes16 (ReadUnaligned16 ((UINT16 *)((UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + + sizeof(UINT16) + OutPublicSize + + sizeof(UINT16) + NameSize))); + if (QualifiedNameSize > sizeof(TPMU_NAME)) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - QualifiedNameSize error %x\n", QualifiedNameSize)); + return EFI_DEVICE_ERROR; + } + + if (RecvBufferSize != sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16) + NameSize + sizeof(UINT16) + QualifiedNameSize) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - RecvBufferSize %x Error - OutPublicSize %x, NameSize %x, QualifiedNameSize %x\n", RecvBufferSize, OutPublicSize, NameSize, QualifiedNameSize)); + return EFI_DEVICE_ERROR; + } + + // + // Return the response + // + Buffer = (UINT8 *)&RecvBuffer.OutPublic; + CopyMem (OutPublic, &RecvBuffer.OutPublic, sizeof(UINT16) + OutPublicSize); + OutPublic->size = OutPublicSize; + OutPublic->publicArea.type = SwapBytes16 (OutPublic->publicArea.type); + OutPublic->publicArea.nameAlg = SwapBytes16 (OutPublic->publicArea.nameAlg); + WriteUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes, SwapBytes32 (ReadUnaligned32 ((UINT32 *)&OutPublic->publicArea.objectAttributes))); + Buffer = (UINT8 *)&RecvBuffer.OutPublic.publicArea.authPolicy; + OutPublic->publicArea.authPolicy.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + if (OutPublic->publicArea.authPolicy.size > sizeof(TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - authPolicy.size error %x\n", OutPublic->publicArea.authPolicy.size)); + return EFI_DEVICE_ERROR; + } + + CopyMem (OutPublic->publicArea.authPolicy.buffer, Buffer, OutPublic->publicArea.authPolicy.size); + Buffer += OutPublic->publicArea.authPolicy.size; + + // TPMU_PUBLIC_PARMS + switch (OutPublic->publicArea.type) { + case TPM_ALG_KEYEDHASH: + OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + switch (OutPublic->publicArea.parameters.keyedHashDetail.scheme.scheme) { + case TPM_ALG_HMAC: + OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_XOR: + OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + OutPublic->publicArea.parameters.keyedHashDetail.scheme.details.xor.kdf = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + default: + return EFI_UNSUPPORTED; + } + case TPM_ALG_SYMCIPHER: + OutPublic->publicArea.parameters.symDetail.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + switch (OutPublic->publicArea.parameters.symDetail.algorithm) { + case TPM_ALG_AES: + OutPublic->publicArea.parameters.symDetail.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + OutPublic->publicArea.parameters.symDetail.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_SM4: + OutPublic->publicArea.parameters.symDetail.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + OutPublic->publicArea.parameters.symDetail.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_XOR: + OutPublic->publicArea.parameters.symDetail.keyBits.xor = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + break; + case TPM_ALG_RSA: + OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + switch (OutPublic->publicArea.parameters.rsaDetail.symmetric.algorithm) { + case TPM_ALG_AES: + OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_SM4: + OutPublic->publicArea.parameters.rsaDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + OutPublic->publicArea.parameters.rsaDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + OutPublic->publicArea.parameters.rsaDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + switch (OutPublic->publicArea.parameters.rsaDetail.scheme.scheme) { + case TPM_ALG_RSASSA: + OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_RSAPSS: + OutPublic->publicArea.parameters.rsaDetail.scheme.details.rsapss.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_RSAES: + break; + case TPM_ALG_OAEP: + OutPublic->publicArea.parameters.rsaDetail.scheme.details.oaep.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + OutPublic->publicArea.parameters.rsaDetail.keyBits = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + OutPublic->publicArea.parameters.rsaDetail.exponent = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT32); + break; + case TPM_ALG_ECC: + OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + switch (OutPublic->publicArea.parameters.eccDetail.symmetric.algorithm) { + case TPM_ALG_AES: + OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + OutPublic->publicArea.parameters.eccDetail.symmetric.mode.aes = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_SM4: + OutPublic->publicArea.parameters.eccDetail.symmetric.keyBits.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + OutPublic->publicArea.parameters.eccDetail.symmetric.mode.SM4 = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + OutPublic->publicArea.parameters.eccDetail.scheme.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + switch (OutPublic->publicArea.parameters.eccDetail.scheme.scheme) { + case TPM_ALG_ECDSA: + OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_ECDAA: + OutPublic->publicArea.parameters.eccDetail.scheme.details.ecdaa.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_ECSCHNORR: + OutPublic->publicArea.parameters.eccDetail.scheme.details.ecSchnorr.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_ECDH: + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + OutPublic->publicArea.parameters.eccDetail.curveID = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + OutPublic->publicArea.parameters.eccDetail.kdf.scheme = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + switch (OutPublic->publicArea.parameters.eccDetail.kdf.scheme) { + case TPM_ALG_MGF1: + OutPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_KDF1_SP800_108: + OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_sp800_108.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_KDF1_SP800_56a: + OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf1_SP800_56a.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_KDF2: + OutPublic->publicArea.parameters.eccDetail.kdf.details.kdf2.hashAlg = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_NULL: + break; + default: + return EFI_UNSUPPORTED; + } + break; + default: + return EFI_UNSUPPORTED; + } + + // TPMU_PUBLIC_ID + switch (OutPublic->publicArea.type) { + case TPM_ALG_KEYEDHASH: + OutPublic->publicArea.unique.keyedHash.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + if(OutPublic->publicArea.unique.keyedHash.size > sizeof(TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - keyedHash.size error %x\n", OutPublic->publicArea.unique.keyedHash.size)); + return EFI_DEVICE_ERROR; + } + CopyMem (OutPublic->publicArea.unique.keyedHash.buffer, Buffer, OutPublic->publicArea.unique.keyedHash.size); + Buffer += OutPublic->publicArea.unique.keyedHash.size; + break; + case TPM_ALG_SYMCIPHER: + OutPublic->publicArea.unique.sym.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + if(OutPublic->publicArea.unique.sym.size > sizeof(TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - sym.size error %x\n", OutPublic->publicArea.unique.sym.size)); + return EFI_DEVICE_ERROR; + } + CopyMem (OutPublic->publicArea.unique.sym.buffer, Buffer, OutPublic->publicArea.unique.sym.size); + Buffer += OutPublic->publicArea.unique.sym.size; + break; + case TPM_ALG_RSA: + OutPublic->publicArea.unique.rsa.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + if(OutPublic->publicArea.unique.rsa.size > MAX_RSA_KEY_BYTES) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - rsa.size error %x\n", OutPublic->publicArea.unique.rsa.size)); + return EFI_DEVICE_ERROR; + } + CopyMem (OutPublic->publicArea.unique.rsa.buffer, Buffer, OutPublic->publicArea.unique.rsa.size); + Buffer += OutPublic->publicArea.unique.rsa.size; + break; + case TPM_ALG_ECC: + OutPublic->publicArea.unique.ecc.x.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + if (OutPublic->publicArea.unique.ecc.x.size > MAX_ECC_KEY_BYTES) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.x.size error %x\n", OutPublic->publicArea.unique.ecc.x.size)); + return EFI_DEVICE_ERROR; + } + CopyMem (OutPublic->publicArea.unique.ecc.x.buffer, Buffer, OutPublic->publicArea.unique.ecc.x.size); + Buffer += OutPublic->publicArea.unique.ecc.x.size; + OutPublic->publicArea.unique.ecc.y.size = SwapBytes16 (ReadUnaligned16 ((UINT16 *)Buffer)); + Buffer += sizeof(UINT16); + if (OutPublic->publicArea.unique.ecc.y.size > MAX_ECC_KEY_BYTES) { + DEBUG ((DEBUG_ERROR, "Tpm2ReadPublic - ecc.y.size error %x\n", OutPublic->publicArea.unique.ecc.y.size)); + return EFI_DEVICE_ERROR; + } + CopyMem (OutPublic->publicArea.unique.ecc.y.buffer, Buffer, OutPublic->publicArea.unique.ecc.y.size); + Buffer += OutPublic->publicArea.unique.ecc.y.size; + break; + default: + return EFI_UNSUPPORTED; + } + + CopyMem (Name->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16), NameSize); + Name->size = NameSize; + + CopyMem (QualifiedName->name, (UINT8 *)&RecvBuffer + sizeof(TPM2_RESPONSE_HEADER) + sizeof(UINT16) + OutPublicSize + sizeof(UINT16) + NameSize + sizeof(UINT16), QualifiedNameSize); + QualifiedName->size = QualifiedNameSize; + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c new file mode 100644 index 00000000..b9815723 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Sequences.c @@ -0,0 +1,512 @@ +/** @file + Implement TPM2 Sequences related command. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPM2B_AUTH Auth; + TPMI_ALG_HASH HashAlg; +} TPM2_HASH_SEQUENCE_START_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + TPMI_DH_OBJECT SequenceHandle; +} TPM2_HASH_SEQUENCE_START_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_DH_OBJECT SequenceHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSessionSeq; + TPM2B_MAX_BUFFER Buffer; +} TPM2_SEQUENCE_UPDATE_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPMS_AUTH_RESPONSE AuthSessionSeq; +} TPM2_SEQUENCE_UPDATE_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_DH_PCR PcrHandle; + TPMI_DH_OBJECT SequenceHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSessionPcr; + TPMS_AUTH_COMMAND AuthSessionSeq; + TPM2B_MAX_BUFFER Buffer; +} TPM2_EVENT_SEQUENCE_COMPLETE_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPML_DIGEST_VALUES Results; + TPMS_AUTH_RESPONSE AuthSessionPcr; + TPMS_AUTH_RESPONSE AuthSessionSeq; +} TPM2_EVENT_SEQUENCE_COMPLETE_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_DH_OBJECT SequenceHandle; + UINT32 AuthorizationSize; + TPMS_AUTH_COMMAND AuthSessionSeq; + TPM2B_MAX_BUFFER Buffer; + TPMI_RH_HIERARCHY Hierarchy; +} TPM2_SEQUENCE_COMPLETE_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + UINT32 ParameterSize; + TPM2B_DIGEST Digest; + TPMS_AUTH_RESPONSE AuthSessionSeq; +} TPM2_SEQUENCE_COMPLETE_RESPONSE; + +#pragma pack() + +/** + This command starts a hash or an Event sequence. + If hashAlg is an implemented hash, then a hash sequence is started. + If hashAlg is TPM_ALG_NULL, then an Event sequence is started. + + @param[in] HashAlg The hash algorithm to use for the hash sequence + An Event sequence starts if this is TPM_ALG_NULL. + @param[out] SequenceHandle A handle to reference the sequence + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2HashSequenceStart ( + IN TPMI_ALG_HASH HashAlg, + OUT TPMI_DH_OBJECT *SequenceHandle + ) +{ + EFI_STATUS Status; + TPM2_HASH_SEQUENCE_START_COMMAND Cmd; + TPM2_HASH_SEQUENCE_START_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *Buffer; + UINT32 ResultBufSize; + + ZeroMem(&Cmd, sizeof(Cmd)); + + // + // Construct command + // + Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_HashSequenceStart); + + Buffer = (UINT8 *)&Cmd.Auth; + + // auth = nullAuth + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(0)); + Buffer += sizeof(UINT16); + + // hashAlg + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16(HashAlg)); + Buffer += sizeof(UINT16); + + CmdSize = (UINT32)(Buffer - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + // + // Call the TPM + // + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR(Status)) { + return Status; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "HashSequenceStart: Failed ExecuteCommand: Buffer Too Small\r\n")); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "HashSequenceStart: Response size too large! %d\r\n", RespSize)); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "HashSequenceStart: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + // + // Unmarshal the response + // + + // sequenceHandle + *SequenceHandle = SwapBytes32(Res.SequenceHandle); + + return EFI_SUCCESS; +} + +/** + This command is used to add data to a hash or HMAC sequence. + The amount of data in buffer may be any size up to the limits of the TPM. + NOTE: In all TPM, a buffer size of 1,024 octets is allowed. + + @param[in] SequenceHandle Handle for the sequence object + @param[in] Buffer Data to be added to hash + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2SequenceUpdate ( + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer + ) +{ + EFI_STATUS Status; + TPM2_SEQUENCE_UPDATE_COMMAND Cmd; + TPM2_SEQUENCE_UPDATE_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *BufferPtr; + UINT32 SessionInfoSize; + UINT32 ResultBufSize; + + ZeroMem(&Cmd, sizeof(Cmd)); + + // + // Construct command + // + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_SequenceUpdate); + Cmd.SequenceHandle = SwapBytes32(SequenceHandle); + + // + // Add in Auth session + // + BufferPtr = (UINT8 *)&Cmd.AuthSessionSeq; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr); + BufferPtr += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + + // buffer.size + WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size)); + BufferPtr += sizeof(UINT16); + + CopyMem(BufferPtr, &Buffer->buffer, Buffer->size); + BufferPtr += Buffer->size; + + CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + // + // Call the TPM + // + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd,&ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR(Status)) { + return Status; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "SequenceUpdate: Failed ExecuteCommand: Buffer Too Small\r\n")); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "SequenceUpdate: Response size too large! %d\r\n", RespSize)); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "SequenceUpdate: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + // + // Unmarshal the response + // + + // None + + return EFI_SUCCESS; +} + +/** + This command adds the last part of data, if any, to an Event sequence and returns the result in a digest list. + If pcrHandle references a PCR and not TPM_RH_NULL, then the returned digest list is processed in + the same manner as the digest list input parameter to TPM2_PCR_Extend() with the pcrHandle in each + bank extended with the associated digest value. + + @param[in] PcrHandle PCR to be extended with the Event data + @param[in] SequenceHandle Authorization for the sequence + @param[in] Buffer Data to be added to the Event + @param[out] Results List of digests computed for the PCR + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2EventSequenceComplete ( + IN TPMI_DH_PCR PcrHandle, + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer, + OUT TPML_DIGEST_VALUES *Results + ) +{ + EFI_STATUS Status; + TPM2_EVENT_SEQUENCE_COMPLETE_COMMAND Cmd; + TPM2_EVENT_SEQUENCE_COMPLETE_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *BufferPtr; + UINT32 SessionInfoSize; + UINT32 SessionInfoSize2; + UINT32 Index; + UINT32 ResultBufSize; + UINT16 DigestSize; + + ZeroMem(&Cmd, sizeof(Cmd)); + + // + // Construct command + // + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_EventSequenceComplete); + Cmd.PcrHandle = SwapBytes32(PcrHandle); + Cmd.SequenceHandle = SwapBytes32(SequenceHandle); + + // + // Add in pcrHandle Auth session + // + BufferPtr = (UINT8 *)&Cmd.AuthSessionPcr; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr); + BufferPtr += SessionInfoSize; + + // sessionInfoSize + SessionInfoSize2 = CopyAuthSessionCommand (NULL, BufferPtr); + BufferPtr += SessionInfoSize2; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize + SessionInfoSize2); + + // buffer.size + WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size)); + BufferPtr += sizeof(UINT16); + + CopyMem(BufferPtr, &Buffer->buffer[0], Buffer->size); + BufferPtr += Buffer->size; + + CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + // + // Call the TPM + // + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR(Status)) { + return Status; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "EventSequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n")); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "EventSequenceComplete: Response size too large! %d\r\n", RespSize)); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "EventSequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + // + // Unmarshal the response + // + + BufferPtr = (UINT8 *)&Res.Results; + + // count + Results->count = SwapBytes32(ReadUnaligned32 ((UINT32 *)BufferPtr)); + if (Results->count > HASH_COUNT) { + DEBUG ((DEBUG_ERROR, "Tpm2EventSequenceComplete - Results->count error %x\n", Results->count)); + return EFI_DEVICE_ERROR; + } + + BufferPtr += sizeof(UINT32); + + for (Index = 0; Index < Results->count; Index++) { + Results->digests[Index].hashAlg = SwapBytes16(ReadUnaligned16 ((UINT16 *)BufferPtr)); + BufferPtr += sizeof(UINT16); + + DigestSize = GetHashSizeFromAlgo (Results->digests[Index].hashAlg); + if (DigestSize == 0) { + DEBUG ((EFI_D_ERROR, "EventSequenceComplete: Unknown hash algorithm %d\r\n", Results->digests[Index].hashAlg)); + return EFI_DEVICE_ERROR; + } + CopyMem( + &Results->digests[Index].digest, + BufferPtr, + DigestSize + ); + BufferPtr += DigestSize; + } + + return EFI_SUCCESS; +} + +/** + This command adds the last part of data, if any, to a hash/HMAC sequence and returns the result. + + @param[in] SequenceHandle Authorization for the sequence + @param[in] Buffer Data to be added to the hash/HMAC + @param[out] Result The returned HMAC or digest in a sized buffer + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2SequenceComplete ( + IN TPMI_DH_OBJECT SequenceHandle, + IN TPM2B_MAX_BUFFER *Buffer, + OUT TPM2B_DIGEST *Result + ) +{ + EFI_STATUS Status; + TPM2_SEQUENCE_COMPLETE_COMMAND Cmd; + TPM2_SEQUENCE_COMPLETE_RESPONSE Res; + UINT32 CmdSize; + UINT32 RespSize; + UINT8 *BufferPtr; + UINT32 SessionInfoSize; + UINT32 ResultBufSize; + + ZeroMem(&Cmd, sizeof(Cmd)); + + // + // Construct command + // + Cmd.Header.tag = SwapBytes16(TPM_ST_SESSIONS); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_SequenceComplete); + Cmd.SequenceHandle = SwapBytes32(SequenceHandle); + + // + // Add in Auth session + // + BufferPtr = (UINT8 *)&Cmd.AuthSessionSeq; + + // sessionInfoSize + SessionInfoSize = CopyAuthSessionCommand (NULL, BufferPtr); + BufferPtr += SessionInfoSize; + Cmd.AuthorizationSize = SwapBytes32(SessionInfoSize); + + // buffer.size + WriteUnaligned16 ((UINT16 *)BufferPtr, SwapBytes16(Buffer->size)); + BufferPtr += sizeof(UINT16); + + CopyMem(BufferPtr, &Buffer->buffer[0], Buffer->size); + BufferPtr += Buffer->size; + + // Hierarchy + WriteUnaligned32 ((UINT32 *)BufferPtr, SwapBytes32 (TPM_RH_NULL)); + BufferPtr += sizeof (UINT32); + + CmdSize = (UINT32)(BufferPtr - (UINT8 *)&Cmd); + Cmd.Header.paramSize = SwapBytes32(CmdSize); + + // + // Call the TPM + // + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (CmdSize, (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR(Status)) { + return Status; + } + + if (ResultBufSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "SequenceComplete: Failed ExecuteCommand: Buffer Too Small\r\n")); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Validate response headers + // + RespSize = SwapBytes32(Res.Header.paramSize); + if (RespSize > sizeof(Res)) { + DEBUG ((EFI_D_ERROR, "SequenceComplete: Response size too large! %d\r\n", RespSize)); + return EFI_BUFFER_TOO_SMALL; + } + + // + // Fail if command failed + // + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "SequenceComplete: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + // + // Unmarshal the response + // + + BufferPtr = (UINT8 *)&Res.Digest; + + // digestSize + Result->size = SwapBytes16(ReadUnaligned16 ((UINT16 *)BufferPtr)); + if (Result->size > sizeof(TPMU_HA)){ + DEBUG ((DEBUG_ERROR, "Tpm2SequenceComplete - Result->size error %x\n", Result->size)); + return EFI_DEVICE_ERROR; + } + + BufferPtr += sizeof(UINT16); + + CopyMem( + Result->buffer, + BufferPtr, + Result->size + ); + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c new file mode 100644 index 00000000..f25efe28 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Session.c @@ -0,0 +1,168 @@ +/** @file + Implement TPM2 Session related command. + +Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_DH_OBJECT TpmKey; + TPMI_DH_ENTITY Bind; + TPM2B_NONCE NonceCaller; + TPM2B_ENCRYPTED_SECRET Salt; + TPM_SE SessionType; + TPMT_SYM_DEF Symmetric; + TPMI_ALG_HASH AuthHash; +} TPM2_START_AUTH_SESSION_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; + TPMI_SH_AUTH_SESSION SessionHandle; + TPM2B_NONCE NonceTPM; +} TPM2_START_AUTH_SESSION_RESPONSE; + +#pragma pack() + +/** + This command is used to start an authorization session using alternative methods of + establishing the session key (sessionKey) that is used for authorization and encrypting value. + + @param[in] TpmKey Handle of a loaded decrypt key used to encrypt salt. + @param[in] Bind Entity providing the authValue. + @param[in] NonceCaller Initial nonceCaller, sets nonce size for the session. + @param[in] Salt Value encrypted according to the type of tpmKey. + @param[in] SessionType Indicates the type of the session. + @param[in] Symmetric The algorithm and key size for parameter encryption. + @param[in] AuthHash Hash algorithm to use for the session. + @param[out] SessionHandle Handle for the newly created session. + @param[out] NonceTPM The initial nonce from the TPM, used in the computation of the sessionKey. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. +**/ +EFI_STATUS +EFIAPI +Tpm2StartAuthSession ( + IN TPMI_DH_OBJECT TpmKey, + IN TPMI_DH_ENTITY Bind, + IN TPM2B_NONCE *NonceCaller, + IN TPM2B_ENCRYPTED_SECRET *Salt, + IN TPM_SE SessionType, + IN TPMT_SYM_DEF *Symmetric, + IN TPMI_ALG_HASH AuthHash, + OUT TPMI_SH_AUTH_SESSION *SessionHandle, + OUT TPM2B_NONCE *NonceTPM + ) +{ + EFI_STATUS Status; + TPM2_START_AUTH_SESSION_COMMAND SendBuffer; + TPM2_START_AUTH_SESSION_RESPONSE RecvBuffer; + UINT32 SendBufferSize; + UINT32 RecvBufferSize; + UINT8 *Buffer; + + // + // Construct command + // + SendBuffer.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_StartAuthSession); + + SendBuffer.TpmKey = SwapBytes32 (TpmKey); + SendBuffer.Bind = SwapBytes32 (Bind); + Buffer = (UINT8 *)&SendBuffer.NonceCaller; + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (NonceCaller->size)); + Buffer += sizeof(UINT16); + CopyMem (Buffer, NonceCaller->buffer, NonceCaller->size); + Buffer += NonceCaller->size; + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Salt->size)); + Buffer += sizeof(UINT16); + CopyMem (Buffer, Salt->secret, Salt->size); + Buffer += Salt->size; + + *(TPM_SE *)Buffer = SessionType; + Buffer++; + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->algorithm)); + Buffer += sizeof(UINT16); + switch (Symmetric->algorithm) { + case TPM_ALG_NULL: + break; + case TPM_ALG_AES: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.aes)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.aes)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_SM4: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.SM4)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.SM4)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_SYMCIPHER: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.sym)); + Buffer += sizeof(UINT16); + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->mode.sym)); + Buffer += sizeof(UINT16); + break; + case TPM_ALG_XOR: + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (Symmetric->keyBits.xor)); + Buffer += sizeof(UINT16); + break; + default: + ASSERT (FALSE); + DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - Symmetric->algorithm - %x\n", Symmetric->algorithm)); + return EFI_UNSUPPORTED; + } + + WriteUnaligned16 ((UINT16 *)Buffer, SwapBytes16 (AuthHash)); + Buffer += sizeof(UINT16); + + SendBufferSize = (UINT32) ((UINTN)Buffer - (UINTN)&SendBuffer); + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize); + + // + // send Tpm command + // + RecvBufferSize = sizeof (RecvBuffer); + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer); + if (EFI_ERROR (Status)) { + return Status; + } + + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { + DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - RecvBufferSize Error - %x\n", RecvBufferSize)); + return EFI_DEVICE_ERROR; + } + if (SwapBytes32(RecvBuffer.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2StartAuthSession - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + // + // Return the response + // + *SessionHandle = SwapBytes32 (RecvBuffer.SessionHandle); + NonceTPM->size = SwapBytes16 (RecvBuffer.NonceTPM.size); + if (NonceTPM->size > sizeof(TPMU_HA)) { + DEBUG ((DEBUG_ERROR, "Tpm2StartAuthSession - NonceTPM->size error %x\n", NonceTPM->size)); + return EFI_DEVICE_ERROR; + } + + CopyMem (NonceTPM->buffer, &RecvBuffer.NonceTPM.buffer, NonceTPM->size); + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c new file mode 100644 index 00000000..d49647d8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Startup.c @@ -0,0 +1,121 @@ +/** @file + Implement TPM2 Startup related command. + +Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPM_SU StartupType; +} TPM2_STARTUP_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; +} TPM2_STARTUP_RESPONSE; + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPM_SU ShutdownType; +} TPM2_SHUTDOWN_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; +} TPM2_SHUTDOWN_RESPONSE; + +#pragma pack() + +/** + Send Startup command to TPM2. + + @param[in] StartupType TPM_SU_CLEAR or TPM_SU_STATE + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2Startup ( + IN TPM_SU StartupType + ) +{ + EFI_STATUS Status; + TPM2_STARTUP_COMMAND Cmd; + TPM2_STARTUP_RESPONSE Res; + UINT32 ResultBufSize; + TPM_RC ResponseCode; + + Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_Startup); + Cmd.StartupType = SwapBytes16(StartupType); + + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR(Status)) { + return Status; + } + + ResponseCode = SwapBytes32(Res.Header.responseCode); + switch (ResponseCode) { + case TPM_RC_SUCCESS: + DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_SUCCESS\n")); + return EFI_SUCCESS; + case TPM_RC_INITIALIZE: + // TPM_RC_INITIALIZE can be returned if Tpm2Startup is not required. + DEBUG ((DEBUG_INFO, "TPM2Startup: TPM_RC_INITIALIZE\n")); + return EFI_SUCCESS; + default: + DEBUG ((EFI_D_ERROR, "Tpm2Startup: Response Code error! 0x%08x\r\n", ResponseCode)); + return EFI_DEVICE_ERROR; + } +} + +/** + Send Shutdown command to TPM2. + + @param[in] ShutdownType TPM_SU_CLEAR or TPM_SU_STATE. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2Shutdown ( + IN TPM_SU ShutdownType + ) +{ + EFI_STATUS Status; + TPM2_SHUTDOWN_COMMAND Cmd; + TPM2_SHUTDOWN_RESPONSE Res; + UINT32 ResultBufSize; + + Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_Shutdown); + Cmd.ShutdownType = SwapBytes16(ShutdownType); + + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + if (EFI_ERROR(Status)) { + return Status; + } + + if (SwapBytes32(Res.Header.responseCode) != TPM_RC_SUCCESS) { + DEBUG ((EFI_D_ERROR, "Tpm2Shutdown: Response Code error! 0x%08x\r\n", SwapBytes32(Res.Header.responseCode))); + return EFI_DEVICE_ERROR; + } + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c new file mode 100644 index 00000000..c663f2e7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2CommandLib/Tpm2Test.c @@ -0,0 +1,60 @@ +/** @file + Implement TPM2 Test related command. + +Copyright (c) 2013, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> + +#pragma pack(1) + +typedef struct { + TPM2_COMMAND_HEADER Header; + TPMI_YES_NO FullTest; +} TPM2_SELF_TEST_COMMAND; + +typedef struct { + TPM2_RESPONSE_HEADER Header; +} TPM2_SELF_TEST_RESPONSE; + +#pragma pack() + +/** + This command causes the TPM to perform a test of its capabilities. + If the fullTest is YES, the TPM will test all functions. + If fullTest = NO, the TPM will only test those functions that have not previously been tested. + + @param[in] FullTest YES if full test to be performed + NO if only test of untested functions required + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2SelfTest ( + IN TPMI_YES_NO FullTest + ) +{ + EFI_STATUS Status; + TPM2_SELF_TEST_COMMAND Cmd; + TPM2_SELF_TEST_RESPONSE Res; + UINT32 ResultBufSize; + + Cmd.Header.tag = SwapBytes16(TPM_ST_NO_SESSIONS); + Cmd.Header.paramSize = SwapBytes32(sizeof(Cmd)); + Cmd.Header.commandCode = SwapBytes32(TPM_CC_SelfTest); + Cmd.FullTest = FullTest; + + ResultBufSize = sizeof(Res); + Status = Tpm2SubmitCommand (sizeof(Cmd), (UINT8 *)&Cmd, &ResultBufSize, (UINT8 *)&Res); + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c new file mode 100644 index 00000000..e15cbd72 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.c @@ -0,0 +1,127 @@ +/** @file + This library is TPM2 DTPM device lib. + Choosing this library means platform uses and only uses DTPM device as TPM2 engine. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/PcdLib.h> + +#include "Tpm2DeviceLibDTpm.h" + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +DTpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ); + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +DTpm2RequestUseTpm ( + VOID + ); + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + return DTpm2SubmitCommand ( + InputParameterBlockSize, + InputParameterBlock, + OutputParameterBlockSize, + OutputParameterBlock + ); +} + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2RequestUseTpm ( + VOID + ) +{ + return DTpm2RequestUseTpm (); +} + +/** + This service register TPM2 device. + + @param Tpm2Device TPM2 device + + @retval EFI_SUCCESS This TPM2 device is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this TPM2 device. + @retval EFI_ALREADY_STARTED System already register this TPM2 device. +**/ +EFI_STATUS +EFIAPI +Tpm2RegisterTpm2DeviceLib ( + IN TPM2_DEVICE_INTERFACE *Tpm2Device + ) +{ + return EFI_UNSUPPORTED; +} + +/** + The function caches current active TPM interface type. + + @retval EFI_SUCCESS DTPM2.0 instance is registered, or system does not support register DTPM2.0 instance +**/ +EFI_STATUS +EFIAPI +Tpm2DeviceLibConstructor ( + VOID + ) +{ + return InternalTpm2DeviceLibDTpmCommonConstructor (); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.h new file mode 100644 index 00000000..bf62f339 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.h @@ -0,0 +1,67 @@ +/** @file + This header file includes common internal fuction prototypes. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TPM2_DEVICE_LIB_DTPM_H_ +#define _TPM2_DEVICE_LIB_DTPM_H_ + +/** + Return PTP interface type. + + @param[in] Register Pointer to PTP register. + + @return PTP interface type. +**/ +TPM2_PTP_INTERFACE_TYPE +Tpm2GetPtpInterface ( + IN VOID *Register + ); + +/** + Return PTP CRB interface IdleByPass state. + + @param[in] Register Pointer to PTP register. + + @return PTP CRB interface IdleByPass state. +**/ +UINT8 +Tpm2GetIdleByPass ( + IN VOID *Register + ); + +/** + Return cached PTP interface type. + + @return Cached PTP interface type. +**/ +TPM2_PTP_INTERFACE_TYPE +GetCachedPtpInterface ( + VOID + ); + +/** + Return cached PTP CRB interface IdleByPass state. + + @return Cached PTP CRB interface IdleByPass state. +**/ +UINT8 +GetCachedIdleByPass ( + VOID + ); + +/** + The common function cache current active TpmInterfaceType when needed. + + @retval EFI_SUCCESS DTPM2.0 instance is registered, or system does not support register DTPM2.0 instance +**/ +EFI_STATUS +InternalTpm2DeviceLibDTpmCommonConstructor ( + VOID + ); + +#endif // _TPM2_DEVICE_LIB_DTPM_H_ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf new file mode 100644 index 00000000..e10d842f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf @@ -0,0 +1,56 @@ +## @file +# Provides TPM 2.0 TIS/PTP functions for DTPM +# +# Spec Compliance Info: +# "TCG PC Client Platform TPM Profile(PTP) Specification Family 2.0 Level 00 Revision 00.43" +# "TCG PC Client Specific TPM Interface Specification(TIS) Version 1.3" +# +# This library implements TIS (TPM Interface Specification) and +# PTP (Platform TPM Profile) functions which is +# used for every TPM 2.0 command. Choosing this library means platform uses and +# only uses TPM 2.0 DTPM device. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2DeviceLibDTpm + MODULE_UNI_FILE = Tpm2DeviceLibDTpm.uni + FILE_GUID = E54A3327-A345-4068-8842-70AC0D519855 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2DeviceLib|PEIM DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + CONSTRUCTOR = Tpm2DeviceLibConstructor +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm2Tis.c + Tpm2Ptp.c + Tpm2DeviceLibDTpm.c + Tpm2DeviceLibDTpmBase.c + Tpm2DeviceLibDTpm.h + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + IoLib + TimerLib + DebugLib + PcdLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.uni new file mode 100644 index 00000000..a92e2be9 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.uni @@ -0,0 +1,19 @@ +// /** @file
+// Provides TPM 2.0 TIS/PTP functions for DTPM
+//
+// This library implements TIS (TPM Interface Specification) and
+// PTP (Platform TPM Profile) functions which is
+// used for every TPM 2.0 command. Choosing this library means platform uses and
+// only uses TPM 2.0 DTPM device.
+//
+// Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides TPM 2.0 TIS/PTP functions for DTPM"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library implements TIS (TPM Interface Specification) and PTP (Platform TPM Profile) functions which is used for every TPM 2.0 command. Choosing this library means platform uses and only uses TPM 2.0 DTPM device."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c new file mode 100644 index 00000000..43ac13ed --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmBase.c @@ -0,0 +1,68 @@ +/** @file + This file abstract internal interfaces of which implementation differs per library instance. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/Tpm2DeviceLib.h> +#include <Library/PcdLib.h> + +#include "Tpm2DeviceLibDTpm.h" + +/** + Return cached PTP CRB interface IdleByPass state. + + @return Cached PTP CRB interface IdleByPass state. +**/ +UINT8 +GetCachedIdleByPass ( + VOID + ) +{ + return PcdGet8(PcdCRBIdleByPass); +} + +/** + Return cached PTP interface type. + + @return Cached PTP interface type. +**/ +TPM2_PTP_INTERFACE_TYPE +GetCachedPtpInterface ( + VOID + ) +{ + return PcdGet8(PcdActiveTpmInterfaceType); +} + +/** + The common function cache current active TpmInterfaceType when needed. + + @retval EFI_SUCCESS DTPM2.0 instance is registered, or system does not support register DTPM2.0 instance +**/ +EFI_STATUS +InternalTpm2DeviceLibDTpmCommonConstructor ( + VOID + ) +{ + TPM2_PTP_INTERFACE_TYPE PtpInterface; + UINT8 IdleByPass; + + // + // Cache current active TpmInterfaceType only when needed + // + if (PcdGet8(PcdActiveTpmInterfaceType) == 0xFF) { + PtpInterface = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + PcdSet8S(PcdActiveTpmInterfaceType, PtpInterface); + } + + if (PcdGet8(PcdActiveTpmInterfaceType) == Tpm2PtpInterfaceCrb && PcdGet8(PcdCRBIdleByPass) == 0xFF) { + IdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + PcdSet8S(PcdCRBIdleByPass, IdleByPass); + } + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.c new file mode 100644 index 00000000..4f1079b7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.c @@ -0,0 +1,66 @@ +/** @file + This file abstract internal interfaces of which implementation differs per library instance. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/Tpm2DeviceLib.h> + +#include "Tpm2DeviceLibDTpm.h" + +TPM2_PTP_INTERFACE_TYPE mActiveTpmInterfaceType; +UINT8 mCRBIdleByPass; + +/** + Return cached PTP CRB interface IdleByPass state. + + @return Cached PTP CRB interface IdleByPass state. +**/ +UINT8 +GetCachedIdleByPass ( + VOID + ) +{ + return mCRBIdleByPass; +} + +/** + Return cached PTP interface type. + + @return Cached PTP interface type. +**/ +TPM2_PTP_INTERFACE_TYPE +GetCachedPtpInterface ( + VOID + ) +{ + return mActiveTpmInterfaceType; +} + +/** + The common function cache current active TpmInterfaceType when needed. + + @retval EFI_SUCCESS DTPM2.0 instance is registered, or system does not support register DTPM2.0 instance +**/ +EFI_STATUS +InternalTpm2DeviceLibDTpmCommonConstructor ( + VOID + ) +{ + mActiveTpmInterfaceType = 0xFF; + mCRBIdleByPass = 0xFF; + + // + // Always cache current active TpmInterfaceType for StandaloneMm implementation + // + mActiveTpmInterfaceType = Tpm2GetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + + if (mActiveTpmInterfaceType == Tpm2PtpInterfaceCrb) { + mCRBIdleByPass = Tpm2GetIdleByPass((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + } + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.inf new file mode 100644 index 00000000..6f4ae035 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.inf @@ -0,0 +1,54 @@ +## @file +# Provides TPM 2.0 TIS/PTP functions for DTPM +# +# Spec Compliance Info: +# "TCG PC Client Platform TPM Profile(PTP) Specification Family 2.0 Level 00 Revision 00.43" +# "TCG PC Client Specific TPM Interface Specification(TIS) Version 1.3" +# +# This library implements TIS (TPM Interface Specification) and +# PTP (Platform TPM Profile) functions which is +# used for every TPM 2.0 command. Choosing this library means platform uses and +# only uses TPM 2.0 DTPM device. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2DeviceLibDTpmStandaloneMm + FILE_GUID = 9A5DB21A-FF0B-46D0-8672-B4F83FEF1F0E + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2DeviceLib|MM_STANDALONE + CONSTRUCTOR = Tpm2DeviceLibConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm2Tis.c + Tpm2Ptp.c + Tpm2DeviceLibDTpm.c + Tpm2DeviceLibDTpmStandaloneMm.c + Tpm2DeviceLibDTpm.h + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + IoLib + TimerLib + DebugLib + PcdLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c new file mode 100644 index 00000000..028f823f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.c @@ -0,0 +1,96 @@ +/** @file + This library is TPM2 DTPM instance. + It can be registered to Tpm2 Device router, to be active TPM2 engine, + based on platform setting. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/PcdLib.h> + +#include <Guid/TpmInstance.h> + +#include "Tpm2DeviceLibDTpm.h" + +/** + Dump PTP register information. + + @param[in] Register Pointer to PTP register. +**/ +VOID +DumpPtpInfo ( + IN VOID *Register + ); + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +DTpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ); + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +DTpm2RequestUseTpm ( + VOID + ); + +TPM2_DEVICE_INTERFACE mDTpm2InternalTpm2Device = { + TPM_DEVICE_INTERFACE_TPM20_DTPM, + DTpm2SubmitCommand, + DTpm2RequestUseTpm, +}; + +/** + The function register DTPM2.0 instance and caches current active TPM interface type. + + @retval EFI_SUCCESS DTPM2.0 instance is registered, or system does not support register DTPM2.0 instance +**/ +EFI_STATUS +EFIAPI +Tpm2InstanceLibDTpmConstructor ( + VOID + ) +{ + EFI_STATUS Status; + + Status = Tpm2RegisterTpm2DeviceLib (&mDTpm2InternalTpm2Device); + if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) { + // + // Unsupported means platform policy does not need this instance enabled. + // + if (Status == EFI_SUCCESS) { + Status = InternalTpm2DeviceLibDTpmCommonConstructor (); + DumpPtpInfo ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + } + return EFI_SUCCESS; + } + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf new file mode 100644 index 00000000..a0dc5b35 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf @@ -0,0 +1,52 @@ +## @file +# Provides a DTPM instance for TPM 2.0 TIS/PTP. +# +# This library can be registered to Tpm 2.0 device router, to be active TPM 2.0 +# engine, based on platform setting. It supports both TIS (TPM Interface Specification) +# and PTP (Platform TPM Profile) functions. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2InstanceLibDTpm + MODULE_UNI_FILE = Tpm2InstanceLibDTpm.uni + FILE_GUID = 286BF25A-C2C3-408c-B3B4-25E6758B7317 + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = NULL + CONSTRUCTOR = Tpm2InstanceLibDTpmConstructor + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm2Tis.c + Tpm2Ptp.c + Tpm2InstanceLibDTpm.c + Tpm2DeviceLibDTpmBase.c + Tpm2DeviceLibDTpm.h + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + IoLib + TimerLib + DebugLib + PcdLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass ## PRODUCES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.uni new file mode 100644 index 00000000..795b4431 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.uni @@ -0,0 +1,18 @@ +// /** @file
+// Provides a DTPM instance for TPM 2.0 TIS/PTP
+//
+// This library can be registered to Tpm 2.0 device router, to be active TPM 2.0
+// engine, based on platform setting. It supports both TIS (TPM Interface Specification)
+// and PTP (Platform TPM Profile) functions.
+//
+// Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides a DTPM instance for TPM 2.0 TIS/PTP"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library can be registered to Tpm 2.0 device router, to be active TPM 2.0 engine, based on platform setting. It supports both TIS (TPM Interface Specification) and PTP (Platform TPM Profile) functions."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c new file mode 100644 index 00000000..8fbc9a87 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Ptp.c @@ -0,0 +1,619 @@ +/** @file + PTP (Platform TPM Profile) CRB (Command Response Buffer) interface used by dTPM2.0 library. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c), Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/Tpm20.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/IoLib.h> +#include <Library/TimerLib.h> +#include <Library/DebugLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/PcdLib.h> + +#include <IndustryStandard/TpmPtp.h> +#include <IndustryStandard/TpmTis.h> + +#include "Tpm2DeviceLibDTpm.h" + +// +// Execution of the command may take from several seconds to minutes for certain +// commands, such as key generation. +// +#define PTP_TIMEOUT_MAX (90000 * 1000) // 90s + +// +// Max TPM command/response length +// +#define TPMCMDBUFLENGTH 0x500 + +/** + Check whether TPM PTP register exist. + + @param[in] Reg Pointer to PTP register. + + @retval TRUE TPM PTP exists. + @retval FALSE TPM PTP is not found. +**/ +BOOLEAN +Tpm2IsPtpPresence ( + IN VOID *Reg + ) +{ + UINT8 RegRead; + + RegRead = MmioRead8 ((UINTN)Reg); + if (RegRead == 0xFF) { + // + // No TPM chip + // + return FALSE; + } + return TRUE; +} + +/** + Check whether the value of a TPM chip register satisfies the input BIT setting. + + @param[in] Register Address port of register to be checked. + @param[in] BitSet Check these data bits are set. + @param[in] BitClear Check these data bits are clear. + @param[in] TimeOut The max wait time (unit MicroSecond) when checking register. + + @retval EFI_SUCCESS The register satisfies the check bit. + @retval EFI_TIMEOUT The register can't run into the expected status in time. +**/ +EFI_STATUS +PtpCrbWaitRegisterBits ( + IN UINT32 *Register, + IN UINT32 BitSet, + IN UINT32 BitClear, + IN UINT32 TimeOut + ) +{ + UINT32 RegRead; + UINT32 WaitTime; + + for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ + RegRead = MmioRead32 ((UINTN)Register); + if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) { + return EFI_SUCCESS; + } + MicroSecondDelay (30); + } + return EFI_TIMEOUT; +} + +/** + Get the control of TPM chip. + + @param[in] CrbReg Pointer to CRB register. + + @retval EFI_SUCCESS Get the control of TPM chip. + @retval EFI_INVALID_PARAMETER CrbReg is NULL. + @retval EFI_NOT_FOUND TPM chip doesn't exit. + @retval EFI_TIMEOUT Can't get the TPM control in time. +**/ +EFI_STATUS +PtpCrbRequestUseTpm ( + IN PTP_CRB_REGISTERS_PTR CrbReg + ) +{ + EFI_STATUS Status; + + if (!Tpm2IsPtpPresence (CrbReg)) { + return EFI_NOT_FOUND; + } + + MmioWrite32((UINTN)&CrbReg->LocalityControl, PTP_CRB_LOCALITY_CONTROL_REQUEST_ACCESS); + Status = PtpCrbWaitRegisterBits ( + &CrbReg->LocalityStatus, + PTP_CRB_LOCALITY_STATUS_GRANTED, + 0, + PTP_TIMEOUT_A + ); + return Status; +} + +/** + Send a command to TPM for execution and return response data. + + @param[in] CrbReg TPM register space base address. + @param[in] BufferIn Buffer for command data. + @param[in] SizeIn Size of command data. + @param[in, out] BufferOut Buffer for response data. + @param[in, out] SizeOut Size of response data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. + @retval EFI_DEVICE_ERROR Unexpected device behavior. + @retval EFI_UNSUPPORTED Unsupported TPM version + +**/ +EFI_STATUS +PtpCrbTpmCommand ( + IN PTP_CRB_REGISTERS_PTR CrbReg, + IN UINT8 *BufferIn, + IN UINT32 SizeIn, + IN OUT UINT8 *BufferOut, + IN OUT UINT32 *SizeOut + ) +{ + EFI_STATUS Status; + UINT32 Index; + UINT32 TpmOutSize; + UINT16 Data16; + UINT32 Data32; + + DEBUG_CODE ( + UINTN DebugSize; + + DEBUG ((EFI_D_VERBOSE, "PtpCrbTpmCommand Send - ")); + if (SizeIn > 0x100) { + DebugSize = 0x40; + } else { + DebugSize = SizeIn; + } + for (Index = 0; Index < DebugSize; Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferIn[Index])); + } + if (DebugSize != SizeIn) { + DEBUG ((EFI_D_VERBOSE, "...... ")); + for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferIn[Index])); + } + } + DEBUG ((EFI_D_VERBOSE, "\n")); + ); + TpmOutSize = 0; + + // + // STEP 0: + // if CapCRbIdelByPass == 0, enforce Idle state before sending command + // + if (GetCachedIdleByPass () == 0 && (MmioRead32((UINTN)&CrbReg->CrbControlStatus) & PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE) == 0){ + Status = PtpCrbWaitRegisterBits ( + &CrbReg->CrbControlStatus, + PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, + 0, + PTP_TIMEOUT_C + ); + if (EFI_ERROR (Status)) { + // + // Try to goIdle to recover TPM + // + Status = EFI_DEVICE_ERROR; + goto GoIdle_Exit; + } + } + + // + // STEP 1: + // Ready is any time the TPM is ready to receive a command, following a write + // of 1 by software to Request.cmdReady, as indicated by the Status field + // being cleared to 0. + // + MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); + Status = PtpCrbWaitRegisterBits ( + &CrbReg->CrbControlRequest, + 0, + PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY, + PTP_TIMEOUT_C + ); + if (EFI_ERROR (Status)) { + Status = EFI_DEVICE_ERROR; + goto GoIdle_Exit; + } + Status = PtpCrbWaitRegisterBits ( + &CrbReg->CrbControlStatus, + 0, + PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, + PTP_TIMEOUT_C + ); + if (EFI_ERROR (Status)) { + Status = EFI_DEVICE_ERROR; + goto GoIdle_Exit; + } + + // + // STEP 2: + // Command Reception occurs following a Ready state between the write of the + // first byte of a command to the Command Buffer and the receipt of a write + // of 1 to Start. + // + for (Index = 0; Index < SizeIn; Index++) { + MmioWrite8 ((UINTN)&CrbReg->CrbDataBuffer[Index], BufferIn[Index]); + } + MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressHigh, (UINT32)RShiftU64 ((UINTN)CrbReg->CrbDataBuffer, 32)); + MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandAddressLow, (UINT32)(UINTN)CrbReg->CrbDataBuffer); + MmioWrite32 ((UINTN)&CrbReg->CrbControlCommandSize, sizeof(CrbReg->CrbDataBuffer)); + + MmioWrite64 ((UINTN)&CrbReg->CrbControlResponseAddrss, (UINT32)(UINTN)CrbReg->CrbDataBuffer); + MmioWrite32 ((UINTN)&CrbReg->CrbControlResponseSize, sizeof(CrbReg->CrbDataBuffer)); + + // + // STEP 3: + // Command Execution occurs after receipt of a 1 to Start and the TPM + // clearing Start to 0. + // + MmioWrite32((UINTN)&CrbReg->CrbControlStart, PTP_CRB_CONTROL_START); + Status = PtpCrbWaitRegisterBits ( + &CrbReg->CrbControlStart, + 0, + PTP_CRB_CONTROL_START, + PTP_TIMEOUT_MAX + ); + if (EFI_ERROR (Status)) { + // + // Command Completion check timeout. Cancel the currently executing command by writing TPM_CRB_CTRL_CANCEL, + // Expect TPM_RC_CANCELLED or successfully completed response. + // + MmioWrite32((UINTN)&CrbReg->CrbControlCancel, PTP_CRB_CONTROL_CANCEL); + Status = PtpCrbWaitRegisterBits ( + &CrbReg->CrbControlStart, + 0, + PTP_CRB_CONTROL_START, + PTP_TIMEOUT_B + ); + MmioWrite32((UINTN)&CrbReg->CrbControlCancel, 0); + + if (EFI_ERROR(Status)) { + // + // Still in Command Execution state. Try to goIdle, the behavior is agnostic. + // + Status = EFI_DEVICE_ERROR; + goto GoIdle_Exit; + } + } + + // + // STEP 4: + // Command Completion occurs after completion of a command (indicated by the + // TPM clearing TPM_CRB_CTRL_Start_x to 0) and before a write of a 1 by the + // software to Request.goIdle. + // + + // + // Get response data header + // + for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { + BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]); + } + DEBUG_CODE ( + DEBUG ((EFI_D_VERBOSE, "PtpCrbTpmCommand ReceiveHeader - ")); + for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferOut[Index])); + } + DEBUG ((EFI_D_VERBOSE, "\n")); + ); + // + // Check the response data header (tag, parasize and returncode) + // + CopyMem (&Data16, BufferOut, sizeof (UINT16)); + // TPM2 should not use this RSP_COMMAND + if (SwapBytes16 (Data16) == TPM_ST_RSP_COMMAND) { + DEBUG ((EFI_D_ERROR, "TPM2: TPM_ST_RSP error - %x\n", TPM_ST_RSP_COMMAND)); + Status = EFI_UNSUPPORTED; + goto GoIdle_Exit; + } + + CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32)); + TpmOutSize = SwapBytes32 (Data32); + if (*SizeOut < TpmOutSize) { + // + // Command completed, but buffer is not enough + // + Status = EFI_BUFFER_TOO_SMALL; + goto GoReady_Exit; + } + *SizeOut = TpmOutSize; + // + // Continue reading the remaining data + // + for (Index = sizeof (TPM2_RESPONSE_HEADER); Index < TpmOutSize; Index++) { + BufferOut[Index] = MmioRead8 ((UINTN)&CrbReg->CrbDataBuffer[Index]); + } + + DEBUG_CODE ( + DEBUG ((EFI_D_VERBOSE, "PtpCrbTpmCommand Receive - ")); + for (Index = 0; Index < TpmOutSize; Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferOut[Index])); + } + DEBUG ((EFI_D_VERBOSE, "\n")); + ); + +GoReady_Exit: + // + // Goto Ready State if command is completed successfully and TPM support IdleBypass + // If not supported. flow down to GoIdle + // + if (GetCachedIdleByPass () == 1) { + MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_COMMAND_READY); + return Status; + } + + // + // Do not wait for state transition for TIMEOUT_C + // This function will try to wait 2 TIMEOUT_C at the beginning in next call. + // +GoIdle_Exit: + + // + // Return to Idle state by setting TPM_CRB_CTRL_STS_x.Status.goIdle to 1. + // + MmioWrite32((UINTN)&CrbReg->CrbControlRequest, PTP_CRB_CONTROL_AREA_REQUEST_GO_IDLE); + + // + // Only enforce Idle state transition if execution fails when CRBIdleBypass==1 + // Leave regular Idle delay at the beginning of next command execution + // + if (GetCachedIdleByPass () == 1){ + Status = PtpCrbWaitRegisterBits ( + &CrbReg->CrbControlStatus, + PTP_CRB_CONTROL_AREA_STATUS_TPM_IDLE, + 0, + PTP_TIMEOUT_C + ); + } + + return Status; +} + +/** + Send a command to TPM for execution and return response data. + + @param[in] TisReg TPM register space base address. + @param[in] BufferIn Buffer for command data. + @param[in] SizeIn Size of command data. + @param[in, out] BufferOut Buffer for response data. + @param[in, out] SizeOut Size of response data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. + @retval EFI_DEVICE_ERROR Unexpected device behavior. + @retval EFI_UNSUPPORTED Unsupported TPM version + +**/ +EFI_STATUS +Tpm2TisTpmCommand ( + IN TIS_PC_REGISTERS_PTR TisReg, + IN UINT8 *BufferIn, + IN UINT32 SizeIn, + IN OUT UINT8 *BufferOut, + IN OUT UINT32 *SizeOut + ); + +/** + Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE + to ACCESS Register in the time of default TIS_TIMEOUT_A. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS Get the control of TPM chip. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_NOT_FOUND TPM chip doesn't exit. + @retval EFI_TIMEOUT Can't get the TPM control in time. +**/ +EFI_STATUS +TisPcRequestUseTpm ( + IN TIS_PC_REGISTERS_PTR TisReg + ); + +/** + Return PTP interface type. + + @param[in] Register Pointer to PTP register. + + @return PTP interface type. +**/ +TPM2_PTP_INTERFACE_TYPE +Tpm2GetPtpInterface ( + IN VOID *Register + ) +{ + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability; + + if (!Tpm2IsPtpPresence (Register)) { + return Tpm2PtpInterfaceMax; + } + // + // Check interface id + // + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->InterfaceCapability); + + if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) && + (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) && + (InterfaceId.Bits.CapCRB != 0)) { + return Tpm2PtpInterfaceCrb; + } + if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) && + (InterfaceId.Bits.InterfaceVersion == PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) && + (InterfaceId.Bits.CapFIFO != 0) && + (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) { + return Tpm2PtpInterfaceFifo; + } + return Tpm2PtpInterfaceTis; +} + +/** + Return PTP CRB interface IdleByPass state. + + @param[in] Register Pointer to PTP register. + + @return PTP CRB interface IdleByPass state. +**/ +UINT8 +Tpm2GetIdleByPass ( + IN VOID *Register + ) +{ + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + + // + // Check interface id + // + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + + return (UINT8)(InterfaceId.Bits.CapCRBIdleBypass); +} + +/** + Dump PTP register information. + + @param[in] Register Pointer to PTP register. +**/ +VOID +DumpPtpInfo ( + IN VOID *Register + ) +{ + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + PTP_FIFO_INTERFACE_CAPABILITY InterfaceCapability; + UINT8 StatusEx; + UINT16 Vid; + UINT16 Did; + UINT8 Rid; + TPM2_PTP_INTERFACE_TYPE PtpInterface; + + if (!Tpm2IsPtpPresence (Register)) { + return ; + } + + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + InterfaceCapability.Uint32 = MmioRead32 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->InterfaceCapability); + StatusEx = MmioRead8 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->StatusEx); + + // + // Dump InterfaceId Register for PTP + // + DEBUG ((EFI_D_INFO, "InterfaceId - 0x%08x\n", InterfaceId.Uint32)); + DEBUG ((EFI_D_INFO, " InterfaceType - 0x%02x\n", InterfaceId.Bits.InterfaceType)); + if (InterfaceId.Bits.InterfaceType != PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) { + DEBUG ((EFI_D_INFO, " InterfaceVersion - 0x%02x\n", InterfaceId.Bits.InterfaceVersion)); + DEBUG ((EFI_D_INFO, " CapFIFO - 0x%x\n", InterfaceId.Bits.CapFIFO)); + DEBUG ((EFI_D_INFO, " CapCRB - 0x%x\n", InterfaceId.Bits.CapCRB)); + } + + // + // Dump Capability Register for TIS and FIFO + // + DEBUG ((EFI_D_INFO, "InterfaceCapability - 0x%08x\n", InterfaceCapability.Uint32)); + if ((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) || + (InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) { + DEBUG ((EFI_D_INFO, " InterfaceVersion - 0x%x\n", InterfaceCapability.Bits.InterfaceVersion)); + } + + // + // Dump StatusEx Register for PTP FIFO + // + DEBUG ((EFI_D_INFO, "StatusEx - 0x%02x\n", StatusEx)); + if (InterfaceCapability.Bits.InterfaceVersion == INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP) { + DEBUG ((EFI_D_INFO, " TpmFamily - 0x%x\n", (StatusEx & PTP_FIFO_STS_EX_TPM_FAMILY) >> PTP_FIFO_STS_EX_TPM_FAMILY_OFFSET)); + } + + Vid = 0xFFFF; + Did = 0xFFFF; + Rid = 0xFF; + PtpInterface = GetCachedPtpInterface (); + DEBUG ((EFI_D_INFO, "PtpInterface - %x\n", PtpInterface)); + switch (PtpInterface) { + case Tpm2PtpInterfaceCrb: + Vid = MmioRead16 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->Vid); + Did = MmioRead16 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->Did); + Rid = (UINT8)InterfaceId.Bits.Rid; + break; + case Tpm2PtpInterfaceFifo: + case Tpm2PtpInterfaceTis: + Vid = MmioRead16 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Vid); + Did = MmioRead16 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Did); + Rid = MmioRead8 ((UINTN)&((PTP_FIFO_REGISTERS *)Register)->Rid); + break; + default: + break; + } + DEBUG ((EFI_D_INFO, "VID - 0x%04x\n", Vid)); + DEBUG ((EFI_D_INFO, "DID - 0x%04x\n", Did)); + DEBUG ((EFI_D_INFO, "RID - 0x%02x\n", Rid)); +} + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +DTpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + TPM2_PTP_INTERFACE_TYPE PtpInterface; + + PtpInterface = GetCachedPtpInterface (); + switch (PtpInterface) { + case Tpm2PtpInterfaceCrb: + return PtpCrbTpmCommand ( + (PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), + InputParameterBlock, + InputParameterBlockSize, + OutputParameterBlock, + OutputParameterBlockSize + ); + case Tpm2PtpInterfaceFifo: + case Tpm2PtpInterfaceTis: + return Tpm2TisTpmCommand ( + (TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), + InputParameterBlock, + InputParameterBlockSize, + OutputParameterBlock, + OutputParameterBlockSize + ); + default: + return EFI_NOT_FOUND; + } +} + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +DTpm2RequestUseTpm ( + VOID + ) +{ + TPM2_PTP_INTERFACE_TYPE PtpInterface; + + PtpInterface = GetCachedPtpInterface (); + switch (PtpInterface) { + case Tpm2PtpInterfaceCrb: + return PtpCrbRequestUseTpm ((PTP_CRB_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + case Tpm2PtpInterfaceFifo: + case Tpm2PtpInterfaceTis: + return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + default: + return EFI_NOT_FOUND; + } +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c new file mode 100644 index 00000000..bca50633 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2Tis.c @@ -0,0 +1,434 @@ +/** @file + TIS (TPM Interface Specification) functions used by dTPM2.0 library. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <IndustryStandard/Tpm20.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/IoLib.h> +#include <Library/TimerLib.h> +#include <Library/DebugLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/PcdLib.h> + +#include <IndustryStandard/TpmTis.h> + +#define TIS_TIMEOUT_MAX (90000 * 1000) // 90s + +// +// Max TPM command/response length +// +#define TPMCMDBUFLENGTH 0x500 + +/** + Check whether TPM chip exist. + + @param[in] TisReg Pointer to TIS register. + + @retval TRUE TPM chip exists. + @retval FALSE TPM chip is not found. +**/ +BOOLEAN +TisPcPresenceCheck ( + IN TIS_PC_REGISTERS_PTR TisReg + ) +{ + UINT8 RegRead; + + RegRead = MmioRead8 ((UINTN)&TisReg->Access); + return (BOOLEAN)(RegRead != (UINT8)-1); +} + +/** + Check whether the value of a TPM chip register satisfies the input BIT setting. + + @param[in] Register Address port of register to be checked. + @param[in] BitSet Check these data bits are set. + @param[in] BitClear Check these data bits are clear. + @param[in] TimeOut The max wait time (unit MicroSecond) when checking register. + + @retval EFI_SUCCESS The register satisfies the check bit. + @retval EFI_TIMEOUT The register can't run into the expected status in time. +**/ +EFI_STATUS +TisPcWaitRegisterBits ( + IN UINT8 *Register, + IN UINT8 BitSet, + IN UINT8 BitClear, + IN UINT32 TimeOut + ) +{ + UINT8 RegRead; + UINT32 WaitTime; + + for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ + RegRead = MmioRead8 ((UINTN)Register); + if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) + return EFI_SUCCESS; + MicroSecondDelay (30); + } + return EFI_TIMEOUT; +} + +/** + Get BurstCount by reading the burstCount field of a TIS register + in the time of default TIS_TIMEOUT_D. + + @param[in] TisReg Pointer to TIS register. + @param[out] BurstCount Pointer to a buffer to store the got BurstCount. + + @retval EFI_SUCCESS Get BurstCount. + @retval EFI_INVALID_PARAMETER TisReg is NULL or BurstCount is NULL. + @retval EFI_TIMEOUT BurstCount can't be got in time. +**/ +EFI_STATUS +TisPcReadBurstCount ( + IN TIS_PC_REGISTERS_PTR TisReg, + OUT UINT16 *BurstCount + ) +{ + UINT32 WaitTime; + UINT8 DataByte0; + UINT8 DataByte1; + + if (BurstCount == NULL || TisReg == NULL) { + return EFI_INVALID_PARAMETER; + } + + WaitTime = 0; + do { + // + // TIS_PC_REGISTERS_PTR->burstCount is UINT16, but it is not 2bytes aligned, + // so it needs to use MmioRead8 to read two times + // + DataByte0 = MmioRead8 ((UINTN)&TisReg->BurstCount); + DataByte1 = MmioRead8 ((UINTN)&TisReg->BurstCount + 1); + *BurstCount = (UINT16)((DataByte1 << 8) + DataByte0); + if (*BurstCount != 0) { + return EFI_SUCCESS; + } + MicroSecondDelay (30); + WaitTime += 30; + } while (WaitTime < TIS_TIMEOUT_D); + + return EFI_TIMEOUT; +} + +/** + Set TPM chip to ready state by sending ready command TIS_PC_STS_READY + to Status Register in time. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS TPM chip enters into ready state. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_TIMEOUT TPM chip can't be set to ready state in time. +**/ +EFI_STATUS +TisPcPrepareCommand ( + IN TIS_PC_REGISTERS_PTR TisReg + ) +{ + EFI_STATUS Status; + + if (TisReg == NULL) { + return EFI_INVALID_PARAMETER; + } + + MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); + Status = TisPcWaitRegisterBits ( + &TisReg->Status, + TIS_PC_STS_READY, + 0, + TIS_TIMEOUT_B + ); + return Status; +} + +/** + Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE + to ACCESS Register in the time of default TIS_TIMEOUT_A. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS Get the control of TPM chip. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_NOT_FOUND TPM chip doesn't exit. + @retval EFI_TIMEOUT Can't get the TPM control in time. +**/ +EFI_STATUS +TisPcRequestUseTpm ( + IN TIS_PC_REGISTERS_PTR TisReg + ) +{ + EFI_STATUS Status; + + if (TisReg == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (!TisPcPresenceCheck (TisReg)) { + return EFI_NOT_FOUND; + } + + MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); + Status = TisPcWaitRegisterBits ( + &TisReg->Access, + (UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID), + 0, + TIS_TIMEOUT_A + ); + return Status; +} + +/** + Send a command to TPM for execution and return response data. + + @param[in] TisReg TPM register space base address. + @param[in] BufferIn Buffer for command data. + @param[in] SizeIn Size of command data. + @param[in, out] BufferOut Buffer for response data. + @param[in, out] SizeOut Size of response data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_BUFFER_TOO_SMALL Response data buffer is too small. + @retval EFI_DEVICE_ERROR Unexpected device behavior. + @retval EFI_UNSUPPORTED Unsupported TPM version + +**/ +EFI_STATUS +Tpm2TisTpmCommand ( + IN TIS_PC_REGISTERS_PTR TisReg, + IN UINT8 *BufferIn, + IN UINT32 SizeIn, + IN OUT UINT8 *BufferOut, + IN OUT UINT32 *SizeOut + ) +{ + EFI_STATUS Status; + UINT16 BurstCount; + UINT32 Index; + UINT32 TpmOutSize; + UINT16 Data16; + UINT32 Data32; + + DEBUG_CODE ( + UINTN DebugSize; + + DEBUG ((EFI_D_VERBOSE, "Tpm2TisTpmCommand Send - ")); + if (SizeIn > 0x100) { + DebugSize = 0x40; + } else { + DebugSize = SizeIn; + } + for (Index = 0; Index < DebugSize; Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferIn[Index])); + } + if (DebugSize != SizeIn) { + DEBUG ((EFI_D_VERBOSE, "...... ")); + for (Index = SizeIn - 0x20; Index < SizeIn; Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferIn[Index])); + } + } + DEBUG ((EFI_D_VERBOSE, "\n")); + ); + TpmOutSize = 0; + + Status = TisPcPrepareCommand (TisReg); + if (EFI_ERROR (Status)){ + DEBUG ((DEBUG_ERROR, "Tpm2 is not ready for command!\n")); + return EFI_DEVICE_ERROR; + } + // + // Send the command data to Tpm + // + Index = 0; + while (Index < SizeIn) { + Status = TisPcReadBurstCount (TisReg, &BurstCount); + if (EFI_ERROR (Status)) { + Status = EFI_DEVICE_ERROR; + goto Exit; + } + for (; BurstCount > 0 && Index < SizeIn; BurstCount--) { + MmioWrite8((UINTN)&TisReg->DataFifo, *(BufferIn + Index)); + Index++; + } + } + // + // Check the Tpm status STS_EXPECT change from 1 to 0 + // + Status = TisPcWaitRegisterBits ( + &TisReg->Status, + (UINT8) TIS_PC_VALID, + TIS_PC_STS_EXPECT, + TIS_TIMEOUT_C + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tpm2 The send buffer too small!\n")); + Status = EFI_BUFFER_TOO_SMALL; + goto Exit; + } + // + // Executed the TPM command and waiting for the response data ready + // + MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_GO); + + // + // NOTE: That may take many seconds to minutes for certain commands, such as key generation. + // + Status = TisPcWaitRegisterBits ( + &TisReg->Status, + (UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA), + 0, + TIS_TIMEOUT_MAX + ); + if (EFI_ERROR (Status)) { + // + // dataAvail check timeout. Cancel the currently executing command by writing commandCancel, + // Expect TPM_RC_CANCELLED or successfully completed response. + // + DEBUG ((DEBUG_ERROR, "Wait for Tpm2 response data time out. Trying to cancel the command!!\n")); + + MmioWrite32((UINTN)&TisReg->Status, TIS_PC_STS_CANCEL); + Status = TisPcWaitRegisterBits ( + &TisReg->Status, + (UINT8) (TIS_PC_VALID | TIS_PC_STS_DATA), + 0, + TIS_TIMEOUT_B + ); + // + // Do not clear CANCEL bit here because Writes of 0 to this bit are ignored + // + if (EFI_ERROR (Status)) { + // + // Cancel executing command fail to get any response + // Try to abort the command with write of a 1 to commandReady in Command Execution state + // + Status = EFI_DEVICE_ERROR; + goto Exit; + } + } + + // + // Get response data header + // + Index = 0; + BurstCount = 0; + while (Index < sizeof (TPM2_RESPONSE_HEADER)) { + Status = TisPcReadBurstCount (TisReg, &BurstCount); + if (EFI_ERROR (Status)) { + Status = EFI_DEVICE_ERROR; + goto Exit; + } + for (; BurstCount > 0; BurstCount--) { + *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); + Index++; + if (Index == sizeof (TPM2_RESPONSE_HEADER)) break; + } + } + DEBUG_CODE ( + DEBUG ((EFI_D_VERBOSE, "Tpm2TisTpmCommand ReceiveHeader - ")); + for (Index = 0; Index < sizeof (TPM2_RESPONSE_HEADER); Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferOut[Index])); + } + DEBUG ((EFI_D_VERBOSE, "\n")); + ); + // + // Check the response data header (tag,parasize and returncode ) + // + CopyMem (&Data16, BufferOut, sizeof (UINT16)); + // TPM2 should not use this RSP_COMMAND + if (SwapBytes16 (Data16) == TPM_ST_RSP_COMMAND) { + DEBUG ((EFI_D_ERROR, "TPM2: TPM_ST_RSP error - %x\n", TPM_ST_RSP_COMMAND)); + Status = EFI_UNSUPPORTED; + goto Exit; + } + + CopyMem (&Data32, (BufferOut + 2), sizeof (UINT32)); + TpmOutSize = SwapBytes32 (Data32); + if (*SizeOut < TpmOutSize) { + Status = EFI_BUFFER_TOO_SMALL; + goto Exit; + } + *SizeOut = TpmOutSize; + // + // Continue reading the remaining data + // + while ( Index < TpmOutSize ) { + for (; BurstCount > 0; BurstCount--) { + *(BufferOut + Index) = MmioRead8 ((UINTN)&TisReg->DataFifo); + Index++; + if (Index == TpmOutSize) { + Status = EFI_SUCCESS; + goto Exit; + } + } + Status = TisPcReadBurstCount (TisReg, &BurstCount); + if (EFI_ERROR (Status)) { + Status = EFI_DEVICE_ERROR; + goto Exit; + } + } +Exit: + DEBUG_CODE ( + DEBUG ((EFI_D_VERBOSE, "Tpm2TisTpmCommand Receive - ")); + for (Index = 0; Index < TpmOutSize; Index++) { + DEBUG ((EFI_D_VERBOSE, "%02x ", BufferOut[Index])); + } + DEBUG ((EFI_D_VERBOSE, "\n")); + ); + MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); + return Status; +} + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +DTpm2TisSubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + return Tpm2TisTpmCommand ( + (TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress), + InputParameterBlock, + InputParameterBlockSize, + OutputParameterBlock, + OutputParameterBlockSize + ); +} + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +DTpm2TisRequestUseTpm ( + VOID + ) +{ + return TisPcRequestUseTpm ((TIS_PC_REGISTERS_PTR) (UINTN) PcdGet64 (PcdTpmBaseAddress)); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c new file mode 100644 index 00000000..4af3a6bc --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.c @@ -0,0 +1,92 @@ +/** @file + This library is TPM2 device router. Platform can register multi TPM2 instance to it + via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. + At most one TPM2 instance can be finally registered, and other will return unsupported. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/PcdLib.h> +#include <Library/Tpm2DeviceLib.h> + +TPM2_DEVICE_INTERFACE mInternalTpm2DeviceInterface; + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + if (mInternalTpm2DeviceInterface.Tpm2SubmitCommand == NULL) { + return EFI_UNSUPPORTED; + } + return mInternalTpm2DeviceInterface.Tpm2SubmitCommand ( + InputParameterBlockSize, + InputParameterBlock, + OutputParameterBlockSize, + OutputParameterBlock + ); +} + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2RequestUseTpm ( + VOID + ) +{ + if (mInternalTpm2DeviceInterface.Tpm2RequestUseTpm == NULL) { + return EFI_UNSUPPORTED; + } + return mInternalTpm2DeviceInterface.Tpm2RequestUseTpm (); +} + +/** + This service register TPM2 device. + + @param Tpm2Device TPM2 device + + @retval EFI_SUCCESS This TPM2 device is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this TPM2 device. + @retval EFI_ALREADY_STARTED System already register this TPM2 device. +**/ +EFI_STATUS +EFIAPI +Tpm2RegisterTpm2DeviceLib ( + IN TPM2_DEVICE_INTERFACE *Tpm2Device + ) +{ + if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)){ + DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid)); + return EFI_UNSUPPORTED; + } + + CopyMem (&mInternalTpm2DeviceInterface, Tpm2Device, sizeof(mInternalTpm2DeviceInterface)); + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf new file mode 100644 index 00000000..20cafa18 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf @@ -0,0 +1,42 @@ +## @file +# Provides TPM 2.0 TIS functions +# +# This library is TPM 2.0 device router. Platform can register multi TPM 2.0 instance to +# it via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. +# At most one TPM 2.0 instance can be finally registered, and other will return unsupported. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2DeviceLibRouterDxe + MODULE_UNI_FILE = Tpm2DeviceLibRouterDxe.uni + FILE_GUID = C3D69D87-5200-4aab-A6DB-2569BA1A92FC + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm2DeviceLibRouterDxe.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + PcdLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.uni new file mode 100644 index 00000000..c1c287c7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.uni @@ -0,0 +1,18 @@ +// /** @file
+// Provides TPM 2.0 TIS functions
+//
+// This library is TPM 2.0 device router. Platform can register multi TPM 2.0 instance to
+// it via PcdTpmInstanceGuid. Platform need make choice that which one will be final one.
+// At most one TPM 2.0 instance can be finally registered, and other will return unsupported.
+//
+// Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides TPM 2.0 TIS functions"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library is TPM 2.0 device router. Platform can register multi TPM 2.0 instance to it via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. At most one TPM 2.0 instance can be finally registered, and other will return unsupported."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c new file mode 100644 index 00000000..1ca9f8c1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.c @@ -0,0 +1,137 @@ +/** @file + This library is TPM2 device router. Platform can register multi TPM2 instance to it + via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. + At most one TPM2 instance can be finally registered, and other will return unsupported. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/HobLib.h> +#include <Library/DebugLib.h> +#include <Library/PcdLib.h> +#include <Library/Tpm2DeviceLib.h> + +EFI_GUID mInternalTpm2DeviceInterfaceGuid = { + 0x349cf818, 0xc0ba, 0x4c43, { 0x92, 0x9a, 0xc8, 0xa1, 0xb1, 0xb3, 0xd2, 0x55 } +}; + +/** + This function get TPM2.0 interface. + + @retval TPM2.0 interface. +**/ +TPM2_DEVICE_INTERFACE * +InternalGetTpm2DeviceInterface ( + VOID + ) +{ + EFI_HOB_GUID_TYPE *Hob; + + Hob = GetFirstGuidHob (&mInternalTpm2DeviceInterfaceGuid); + if (Hob == NULL) { + return NULL; + } + return (TPM2_DEVICE_INTERFACE *)(Hob + 1); +} + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface; + + Tpm2DeviceInterface = InternalGetTpm2DeviceInterface (); + if (Tpm2DeviceInterface == NULL) { + return EFI_UNSUPPORTED; + } + + return Tpm2DeviceInterface->Tpm2SubmitCommand ( + InputParameterBlockSize, + InputParameterBlock, + OutputParameterBlockSize, + OutputParameterBlock + ); +} + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2RequestUseTpm ( + VOID + ) +{ + TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface; + + Tpm2DeviceInterface = InternalGetTpm2DeviceInterface (); + if (Tpm2DeviceInterface == NULL) { + return EFI_UNSUPPORTED; + } + return Tpm2DeviceInterface->Tpm2RequestUseTpm (); +} + +/** + This service register TPM2 device. + + @param Tpm2Device TPM2 device + + @retval EFI_SUCCESS This TPM2 device is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this TPM2 device. + @retval EFI_ALREADY_STARTED System already register this TPM2 device. +**/ +EFI_STATUS +EFIAPI +Tpm2RegisterTpm2DeviceLib ( + IN TPM2_DEVICE_INTERFACE *Tpm2Device + ) +{ + TPM2_DEVICE_INTERFACE *Tpm2DeviceInterface; + + if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &Tpm2Device->ProviderGuid)){ + DEBUG ((DEBUG_WARN, "WARNING: Tpm2RegisterTpm2DeviceLib - does not support %g registration\n", &Tpm2Device->ProviderGuid)); + return EFI_UNSUPPORTED; + } + + Tpm2DeviceInterface = InternalGetTpm2DeviceInterface (); + if (Tpm2DeviceInterface != NULL) { + // + // In PEI phase, there will be shadow driver dispatched again. + // + DEBUG ((EFI_D_INFO, "Tpm2RegisterTpm2DeviceLib - Override\n")); + CopyMem (Tpm2DeviceInterface, Tpm2Device, sizeof(*Tpm2Device)); + return EFI_SUCCESS; + } else { + Tpm2Device = BuildGuidDataHob (&mInternalTpm2DeviceInterfaceGuid, Tpm2Device, sizeof(*Tpm2Device)); + if (Tpm2Device != NULL) { + return EFI_SUCCESS; + } else { + return EFI_OUT_OF_RESOURCES; + } + } +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf new file mode 100644 index 00000000..fdd66def --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf @@ -0,0 +1,44 @@ +## @file +# Provides TPM 2.0 TIS functions +# +# This library is TPM 2.0 device router. Platform can register multi TPM 2.0 instance to +# it via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. +# At most one TPM 2.0 instance can be finally registered, and other will return unsupported. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2DeviceLibRouterPei + MODULE_UNI_FILE = Tpm2DeviceLibRouterPei.uni + FILE_GUID = 97CDCF04-4C8E-42fe-8015-11CC8A6E9D81 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2DeviceLib|PEIM + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm2DeviceLibRouterPei.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + HobLib + PcdLib + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.uni new file mode 100644 index 00000000..c1c287c7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.uni @@ -0,0 +1,18 @@ +// /** @file
+// Provides TPM 2.0 TIS functions
+//
+// This library is TPM 2.0 device router. Platform can register multi TPM 2.0 instance to
+// it via PcdTpmInstanceGuid. Platform need make choice that which one will be final one.
+// At most one TPM 2.0 instance can be finally registered, and other will return unsupported.
+//
+// Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides TPM 2.0 TIS functions"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library is TPM 2.0 device router. Platform can register multi TPM 2.0 instance to it via PcdTpmInstanceGuid. Platform need make choice that which one will be final one. At most one TPM 2.0 instance can be finally registered, and other will return unsupported."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c new file mode 100644 index 00000000..dc7ce816 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.c @@ -0,0 +1,119 @@ +/** @file + This library is TPM2 TCG2 protocol lib. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Protocol/Tcg2Protocol.h> +#include <IndustryStandard/Tpm20.h> + +EFI_TCG2_PROTOCOL *mTcg2Protocol = NULL; + +/** + This service enables the sending of commands to the TPM2. + + @param[in] InputParameterBlockSize Size of the TPM2 input parameter block. + @param[in] InputParameterBlock Pointer to the TPM2 input parameter block. + @param[in,out] OutputParameterBlockSize Size of the TPM2 output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM2 output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tpm2SubmitCommand ( + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN OUT UINT32 *OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + EFI_STATUS Status; + TPM2_RESPONSE_HEADER *Header; + + if (mTcg2Protocol == NULL) { + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &mTcg2Protocol); + if (EFI_ERROR (Status)) { + // + // Tcg2 protocol is not installed. So, TPM2 is not present. + // + DEBUG ((EFI_D_ERROR, "Tpm2SubmitCommand - Tcg2 - %r\n", Status)); + return EFI_NOT_FOUND; + } + } + // + // Assume when Tcg2 Protocol is ready, RequestUseTpm already done. + // + Status = mTcg2Protocol->SubmitCommand ( + mTcg2Protocol, + InputParameterBlockSize, + InputParameterBlock, + *OutputParameterBlockSize, + OutputParameterBlock + ); + if (EFI_ERROR (Status)) { + return Status; + } + Header = (TPM2_RESPONSE_HEADER *)OutputParameterBlock; + *OutputParameterBlockSize = SwapBytes32 (Header->paramSize); + + return EFI_SUCCESS; +} + +/** + This service requests use TPM2. + + @retval EFI_SUCCESS Get the control of TPM2 chip. + @retval EFI_NOT_FOUND TPM2 not found. + @retval EFI_DEVICE_ERROR Unexpected device behavior. +**/ +EFI_STATUS +EFIAPI +Tpm2RequestUseTpm ( + VOID + ) +{ + EFI_STATUS Status; + + if (mTcg2Protocol == NULL) { + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &mTcg2Protocol); + if (EFI_ERROR (Status)) { + // + // Tcg2 protocol is not installed. So, TPM2 is not present. + // + DEBUG ((EFI_D_ERROR, "Tpm2RequestUseTpm - Tcg2 - %r\n", Status)); + return EFI_NOT_FOUND; + } + } + // + // Assume when Tcg2 Protocol is ready, RequestUseTpm already done. + // + return EFI_SUCCESS; +} + +/** + This service register TPM2 device. + + @param Tpm2Device TPM2 device + + @retval EFI_SUCCESS This TPM2 device is registered successfully. + @retval EFI_UNSUPPORTED System does not support register this TPM2 device. + @retval EFI_ALREADY_STARTED System already register this TPM2 device. +**/ +EFI_STATUS +EFIAPI +Tpm2RegisterTpm2DeviceLib ( + IN TPM2_DEVICE_INTERFACE *Tpm2Device + ) +{ + return EFI_UNSUPPORTED; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf new file mode 100644 index 00000000..43895b45 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf @@ -0,0 +1,41 @@ +## @file +# Provides function interfaces to communicate with TPM 2.0 device +# +# This library helps to use TPM 2.0 device in library function API +# based on TPM2 protocol. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tpm2DeviceLibTcg2 + MODULE_UNI_FILE = Tpm2DeviceLibTcg2.uni + FILE_GUID = A1B0B230-67DC-431E-A94A-A96AF1EBE637 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + LIBRARY_CLASS = Tpm2DeviceLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tpm2DeviceLibTcg2.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + DebugLib + UefiBootServicesTableLib + +[Protocols] + gEfiTcg2ProtocolGuid ## CONSUMES diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.uni new file mode 100644 index 00000000..b6609f2f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.uni @@ -0,0 +1,17 @@ +// /** @file
+// Provides function interfaces to communicate with TPM 2.0 device
+//
+// This library helps to use TPM 2.0 device in library function API
+// based on TCG2 protocol.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides function interfaces to communicate with TPM 2.0 device"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This library helps to use TPM 2.0 device in library function API based on TCG2 protocol."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/CommonHeader.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/CommonHeader.h new file mode 100644 index 00000000..8a84ed7a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/CommonHeader.h @@ -0,0 +1,23 @@ +/** @file + The internal header file for TpmCommLib. + +Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _TPMCOMMLIB_COMMON_HEADER_H_ +#define _TPMCOMMLIB_COMMON_HEADER_H_ + +#include <PiPei.h> +#include <IndustryStandard/Tpm12.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/IoLib.h> +#include <Library/TimerLib.h> +#include <Library/TpmCommLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/DebugLib.h> + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TisPc.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TisPc.c new file mode 100644 index 00000000..5794bb54 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TisPc.c @@ -0,0 +1,177 @@ +/** @file + Basic TIS (TPM Interface Specification) functions. + +Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "CommonHeader.h" + +/** + Check whether TPM chip exist. + + @param[in] TisReg Pointer to TIS register. + + @retval TRUE TPM chip exists. + @retval FALSE TPM chip is not found. +**/ +BOOLEAN +TisPcPresenceCheck ( + IN TIS_PC_REGISTERS_PTR TisReg + ) +{ + UINT8 RegRead; + + RegRead = MmioRead8 ((UINTN)&TisReg->Access); + return (BOOLEAN)(RegRead != (UINT8)-1); +} + +/** + Check whether the value of a TPM chip register satisfies the input BIT setting. + + @param[in] Register Address port of register to be checked. + @param[in] BitSet Check these data bits are set. + @param[in] BitClear Check these data bits are clear. + @param[in] TimeOut The max wait time (unit MicroSecond) when checking register. + + @retval EFI_SUCCESS The register satisfies the check bit. + @retval EFI_TIMEOUT The register can't run into the expected status in time. +**/ +EFI_STATUS +EFIAPI +TisPcWaitRegisterBits ( + IN UINT8 *Register, + IN UINT8 BitSet, + IN UINT8 BitClear, + IN UINT32 TimeOut + ) +{ + UINT8 RegRead; + UINT32 WaitTime; + + for (WaitTime = 0; WaitTime < TimeOut; WaitTime += 30){ + RegRead = MmioRead8 ((UINTN)Register); + if ((RegRead & BitSet) == BitSet && (RegRead & BitClear) == 0) + return EFI_SUCCESS; + MicroSecondDelay (30); + } + return EFI_TIMEOUT; +} + +/** + Get BurstCount by reading the burstCount field of a TIS register + in the time of default TIS_TIMEOUT_D. + + @param[in] TisReg Pointer to TIS register. + @param[out] BurstCount Pointer to a buffer to store the got BurstCount. + + @retval EFI_SUCCESS Get BurstCount. + @retval EFI_INVALID_PARAMETER TisReg is NULL or BurstCount is NULL. + @retval EFI_TIMEOUT BurstCount can't be got in time. +**/ +EFI_STATUS +EFIAPI +TisPcReadBurstCount ( + IN TIS_PC_REGISTERS_PTR TisReg, + OUT UINT16 *BurstCount + ) +{ + UINT32 WaitTime; + UINT8 DataByte0; + UINT8 DataByte1; + + if (BurstCount == NULL || TisReg == NULL) { + return EFI_INVALID_PARAMETER; + } + + WaitTime = 0; + do { + // + // TIS_PC_REGISTERS_PTR->burstCount is UINT16, but it is not 2bytes aligned, + // so it needs to use MmioRead8 to read two times + // + DataByte0 = MmioRead8 ((UINTN)&TisReg->BurstCount); + DataByte1 = MmioRead8 ((UINTN)&TisReg->BurstCount + 1); + *BurstCount = (UINT16)((DataByte1 << 8) + DataByte0); + if (*BurstCount != 0) { + return EFI_SUCCESS; + } + MicroSecondDelay (30); + WaitTime += 30; + } while (WaitTime < TIS_TIMEOUT_D); + + return EFI_TIMEOUT; +} + +/** + Set TPM chip to ready state by sending ready command TIS_PC_STS_READY + to Status Register in time. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS TPM chip enters into ready state. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_TIMEOUT TPM chip can't be set to ready state in time. +**/ +EFI_STATUS +EFIAPI +TisPcPrepareCommand ( + IN TIS_PC_REGISTERS_PTR TisReg + ) +{ + EFI_STATUS Status; + + if (TisReg == NULL) { + return EFI_INVALID_PARAMETER; + } + + MmioWrite8((UINTN)&TisReg->Status, TIS_PC_STS_READY); + Status = TisPcWaitRegisterBits ( + &TisReg->Status, + TIS_PC_STS_READY, + 0, + TIS_TIMEOUT_B + ); + return Status; +} + +/** + Get the control of TPM chip by sending requestUse command TIS_PC_ACC_RQUUSE + to ACCESS Register in the time of default TIS_TIMEOUT_A. + + @param[in] TisReg Pointer to TIS register. + + @retval EFI_SUCCESS Get the control of TPM chip. + @retval EFI_INVALID_PARAMETER TisReg is NULL. + @retval EFI_NOT_FOUND TPM chip doesn't exit. + @retval EFI_TIMEOUT Can't get the TPM control in time. +**/ +EFI_STATUS +EFIAPI +TisPcRequestUseTpm ( + IN TIS_PC_REGISTERS_PTR TisReg + ) +{ + EFI_STATUS Status; + + if (TisReg == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (!TisPcPresenceCheck (TisReg)) { + return EFI_NOT_FOUND; + } + + MmioWrite8((UINTN)&TisReg->Access, TIS_PC_ACC_RQUUSE); + // + // No locality set before, ACCESS_X.activeLocality MUST be valid within TIMEOUT_A + // + Status = TisPcWaitRegisterBits ( + &TisReg->Access, + (UINT8)(TIS_PC_ACC_ACTIVE |TIS_PC_VALID), + 0, + TIS_TIMEOUT_A + ); + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmComm.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmComm.c new file mode 100644 index 00000000..2a077af7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmComm.c @@ -0,0 +1,44 @@ +/** @file + Basic TPM command functions. + +Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "CommonHeader.h" + +/** + Single function calculates SHA1 digest value for all raw data. It + combines Sha1Init(), Sha1Update() and Sha1Final(). + + @param[in] Data Raw data to be digested. + @param[in] DataLen Size of the raw data. + @param[out] Digest Pointer to a buffer that stores the final digest. + + @retval EFI_SUCCESS Always successfully calculate the final digest. +**/ +EFI_STATUS +EFIAPI +TpmCommHashAll ( + IN CONST UINT8 *Data, + IN UINTN DataLen, + OUT TPM_DIGEST *Digest + ) +{ + VOID *Sha1Ctx; + UINTN CtxSize; + + CtxSize = Sha1GetContextSize (); + Sha1Ctx = AllocatePool (CtxSize); + ASSERT (Sha1Ctx != NULL); + + Sha1Init (Sha1Ctx); + Sha1Update (Sha1Ctx, Data, DataLen); + Sha1Final (Sha1Ctx, (UINT8 *)Digest); + + FreePool (Sha1Ctx); + + return EFI_SUCCESS; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf new file mode 100644 index 00000000..a17b55c2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmCommLib.inf @@ -0,0 +1,45 @@ +## @file +# Provides some common functions for the TCG feature +# +# This instance provides basic TPM Interface Specification (TIS) functions +# and TPM hashall function. +# +# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TpmCommLib + MODULE_UNI_FILE = TpmCommLib.uni + FILE_GUID = 7d9fe32e-a6a9-4cdf-abff-10cc7f22e1c9 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + LIBRARY_CLASS = TpmCommLib|DXE_DRIVER UEFI_DRIVER PEIM DXE_SMM_DRIVER + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + TisPc.c + TpmComm.c + CommonHeader.h + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + IoLib + TimerLib + BaseCryptLib + MemoryAllocationLib + DebugLib + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmCommLib.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmCommLib.uni new file mode 100644 index 00000000..96194551 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/TpmCommLib/TpmCommLib.uni @@ -0,0 +1,17 @@ +// /** @file
+// Provides some common functions for the TCG feature
+//
+// This instance provides basic TPM Interface Specification (TIS) functions
+// and TPM hashall function.
+//
+// Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides some common functions for the TCG feature"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This instance provides basic TPM Interface Specification (TIS) functions and TPM hashall function."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c new file mode 100644 index 00000000..a96b92a4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.c @@ -0,0 +1,67 @@ +/** @file + Null version of VariableKeyLib for build purpose. Don't use it in real product. + +Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include <Library/DebugLib.h> +#include <Library/VariableKeyLib.h> + +/** + Retrieves the key for integrity and/or confidentiality of variables. + + @param[out] VariableKey A pointer to pointer for the variable key buffer. + @param[in,out] VariableKeySize The size in bytes of the variable key. + + @retval EFI_SUCCESS The variable key was returned. + @retval EFI_DEVICE_ERROR An error occurred while attempting to get the variable key. + @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. + @retval EFI_UNSUPPORTED The variable key is not supported in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +GetVariableKey ( + OUT VOID **VariableKey, + IN OUT UINTN *VariableKeySize + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + Regenerates the variable key. + + @retval EFI_SUCCESS The variable key was regenerated successfully. + @retval EFI_DEVICE_ERROR An error occurred while attempting to regenerate the key. + @retval EFI_ACCESS_DENIED The function was invoked after locking the key interface. + @retval EFI_UNSUPPORTED Key regeneration is not supported in the current boot configuration. +**/ +EFI_STATUS +EFIAPI +RegenerateVariableKey ( + VOID + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + +/** + Locks the regenerate key interface. + + @retval EFI_SUCCESS The key interface was locked successfully. + @retval EFI_UNSUPPORTED Locking the key interface is not supported in the current boot configuration. + @retval Others An error occurred while attempting to lock the key interface. +**/ +EFI_STATUS +EFIAPI +LockVariableKeyInterface ( + VOID + ) +{ + ASSERT (FALSE); + return EFI_UNSUPPORTED; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf new file mode 100644 index 00000000..a7953576 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf @@ -0,0 +1,33 @@ +## @file +# Provides Null version of VariableKeyLib for build only. +# +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010029 + BASE_NAME = VariableKeyLibNull + FILE_GUID = 2B640ED8-1E6A-4516-9F1D-25910E59BC4A + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = VariableKeyLib + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 Arm AArch64 +# + +[Sources] + VariableKeyLibNull.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + DebugLib + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c new file mode 100644 index 00000000..233df654 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.c @@ -0,0 +1,1486 @@ +/** @file + Pkcs7Verify Driver to produce the UEFI PKCS7 Verification Protocol. + + The driver will produce the UEFI PKCS7 Verification Protocol which is used to + verify data signed using PKCS7 structure. The PKCS7 data to be verified must + be ASN.1 (DER) encoded. + +Copyright (c) 2015 - 2017, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/BaseCryptLib.h> +#include <Protocol/Pkcs7Verify.h> + +#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE + +/** + Calculates the hash of the given data based on the specified hash GUID. + + @param[in] Data Pointer to the data buffer to be hashed. + @param[in] DataSize The size of data buffer in bytes. + @param[in] CertGuid The GUID to identify the hash algorithm to be used. + @param[out] HashValue Pointer to a buffer that receives the hash result. + + @retval TRUE Data hash calculation succeeded. + @retval FALSE Data hash calculation failed. + +**/ +BOOLEAN +CalculateDataHash ( + IN VOID *Data, + IN UINTN DataSize, + IN EFI_GUID *CertGuid, + OUT UINT8 *HashValue + ) +{ + BOOLEAN Status; + VOID *HashCtx; + UINTN CtxSize; + + Status = FALSE; + HashCtx = NULL; + + if (CompareGuid (CertGuid, &gEfiCertSha1Guid)) { + // + // SHA-1 Hash + // + CtxSize = Sha1GetContextSize (); + HashCtx = AllocatePool (CtxSize); + if (HashCtx == NULL) { + goto _Exit; + } + Status = Sha1Init (HashCtx); + Status = Sha1Update (HashCtx, Data, DataSize); + Status = Sha1Final (HashCtx, HashValue); + + } else if (CompareGuid (CertGuid, &gEfiCertSha256Guid)) { + // + // SHA256 Hash + // + CtxSize = Sha256GetContextSize (); + HashCtx = AllocatePool (CtxSize); + if (HashCtx == NULL) { + goto _Exit; + } + Status = Sha256Init (HashCtx); + Status = Sha256Update (HashCtx, Data, DataSize); + Status = Sha256Final (HashCtx, HashValue); + + } else if (CompareGuid (CertGuid, &gEfiCertSha384Guid)) { + // + // SHA384 Hash + // + CtxSize = Sha384GetContextSize (); + HashCtx = AllocatePool (CtxSize); + if (HashCtx == NULL) { + goto _Exit; + } + Status = Sha384Init (HashCtx); + Status = Sha384Update (HashCtx, Data, DataSize); + Status = Sha384Final (HashCtx, HashValue); + + } else if (CompareGuid (CertGuid, &gEfiCertSha512Guid)) { + // + // SHA512 Hash + // + CtxSize = Sha512GetContextSize (); + HashCtx = AllocatePool (CtxSize); + if (HashCtx == NULL) { + goto _Exit; + } + Status = Sha512Init (HashCtx); + Status = Sha512Update (HashCtx, Data, DataSize); + Status = Sha512Final (HashCtx, HashValue); + } + +_Exit: + if (HashCtx != NULL) { + FreePool (HashCtx); + } + + return Status; +} + +/** + Check whether the hash of data content is revoked by the revocation database. + + @param[in] Hash Pointer to the hash that is searched for. + @param[in] HashSize The size of the hash in bytes. + @param[in] RevokedDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structure which contains list of X.509 certificates + of revoked signers and revoked content hashes. + + @return TRUE The matched content hash is found in the revocation database. + @return FALSE The matched content hash is not found in the revocation database. + +**/ +BOOLEAN +IsContentHashRevokedByHash ( + IN UINT8 *Hash, + IN UINTN HashSize, + IN EFI_SIGNATURE_LIST **RevokedDb + ) +{ + EFI_SIGNATURE_LIST *SigList; + EFI_SIGNATURE_DATA *SigData; + UINTN Index; + UINTN EntryIndex; + UINTN EntryCount; + BOOLEAN Status; + + if (RevokedDb == NULL) { + return FALSE; + } + + Status = FALSE; + // + // Check if any hash matching content hash can be found in RevokedDB + // + for (Index = 0; ; Index++) { + SigList = (EFI_SIGNATURE_LIST *)(RevokedDb[Index]); + + // + // The list is terminated by a NULL pointer. + // + if (SigList == NULL) { + break; + } + + // + // Search the signature database to search the revoked content hash + // + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); + EntryCount = (SigList->SignatureListSize - SigList->SignatureHeaderSize - + sizeof (EFI_SIGNATURE_LIST)) / SigList->SignatureSize; + for (EntryIndex = 0; EntryIndex < EntryCount; EntryIndex++) { + // + // The problem case. There's a revocation hash but the sizes + // don't match, meaning it's a different hash algorithm and we + // can't tell if it's revoking our binary or not. Assume not. + // + if (SigList->SignatureSize - sizeof(EFI_GUID) == HashSize) { + // + // Compare Data Hash with Signature Data + // + if (CompareMem (SigData->SignatureData, Hash, HashSize) == 0) { + Status = TRUE; + goto _Exit; + } + } + + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigData + SigList->SignatureSize); + } + } + +_Exit: + return Status; +} + +/** + Check whether the hash of data content is revoked by the revocation database. + + @param[in] Content Pointer to the content buffer that is searched for. + @param[in] ContentSize The size of data content in bytes. + @param[in] RevokedDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structure which contains list of X.509 certificates + of revoked signers and revoked content hashes. + + @return TRUE The matched content hash is found in the revocation database. + @return FALSE The matched content hash is not found in the revocation database. + +**/ +BOOLEAN +IsContentHashRevoked ( + IN UINT8 *Content, + IN UINTN ContentSize, + IN EFI_SIGNATURE_LIST **RevokedDb + ) +{ + EFI_SIGNATURE_LIST *SigList; + EFI_SIGNATURE_DATA *SigData; + UINTN Index; + UINT8 HashVal[MAX_DIGEST_SIZE]; + UINTN EntryIndex; + UINTN EntryCount; + BOOLEAN Status; + + if (RevokedDb == NULL) { + return FALSE; + } + + Status = FALSE; + // + // Check if any hash matching content hash can be found in RevokedDB + // + for (Index = 0; ; Index++) { + SigList = (EFI_SIGNATURE_LIST *)(RevokedDb[Index]); + + // + // The list is terminated by a NULL pointer. + // + if (SigList == NULL) { + break; + } + + // + // Calculate the digest of supplied data based on the signature hash type. + // + if (!CalculateDataHash (Content, ContentSize, &SigList->SignatureType, HashVal)) { + // + // Un-matched Hash GUID or other failure. + // + continue; + } + + // + // Search the signature database to search the revoked content hash + // + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); + EntryCount = (SigList->SignatureListSize - SigList->SignatureHeaderSize - + sizeof (EFI_SIGNATURE_LIST)) / SigList->SignatureSize; + for (EntryIndex = 0; EntryIndex < EntryCount; EntryIndex++) { + // + // Compare Data Hash with Signature Data + // + if (CompareMem (SigData->SignatureData, HashVal, (SigList->SignatureSize - sizeof (EFI_GUID))) == 0) { + Status = TRUE; + goto _Exit; + } + + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigData + SigList->SignatureSize); + } + } + +_Exit: + return Status; +} + +/** + Check whether the hash of an given certificate is revoked by the revocation database. + + @param[in] Certificate Pointer to the certificate that is searched for. + @param[in] CertSize Size of certificate in bytes. + @param[in] RevokedDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structures which contains list of X.509 certificate + of revoked signers and revoked content hashes. + @param[out] RevocationTime Return the time that the certificate was revoked. + + @return TRUE The certificate hash is found in the revocation database. + @return FALSE The certificate hash is not found in the revocation database. + +**/ +BOOLEAN +IsCertHashRevoked ( + IN UINT8 *Certificate, + IN UINTN CertSize, + IN EFI_SIGNATURE_LIST **RevokedDb, + OUT EFI_TIME *RevocationTime + ) +{ + BOOLEAN Status; + EFI_SIGNATURE_LIST *SigList; + EFI_SIGNATURE_DATA *SigData; + UINT8 *TBSCert; + UINTN TBSCertSize; + UINTN Index; + UINTN EntryIndex; + UINTN EntryCount; + UINT8 CertHashVal[MAX_DIGEST_SIZE]; + + if ((RevocationTime == NULL) || (RevokedDb == NULL)) { + return FALSE; + } + + // + // Retrieve the TBSCertificate from the X.509 Certificate for hash calculation + // + if (!X509GetTBSCert (Certificate, CertSize, &TBSCert, &TBSCertSize)) { + return FALSE; + } + + Status = FALSE; + for (Index = 0; ; Index++) { + + SigList = (EFI_SIGNATURE_LIST *)(RevokedDb[Index]); + // + // The list is terminated by a NULL pointer. + // + if (SigList == NULL) { + break; + } + + // + // Determine Hash Algorithm based on the entry type in revocation database, and + // calculate the certificate hash. + // + if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha256Guid)) { + Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha256Guid, CertHashVal); + + } else if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha384Guid)) { + Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha384Guid, CertHashVal); + + } else if (CompareGuid (&SigList->SignatureType, &gEfiCertX509Sha512Guid)) { + Status = CalculateDataHash (TBSCert, TBSCertSize, &gEfiCertSha512Guid, CertHashVal); + + } else { + // + // Un-matched Cert Hash GUID + // + continue; + } + + if (!Status) { + continue; + } + + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); + EntryCount = (SigList->SignatureListSize - SigList->SignatureHeaderSize - + sizeof (EFI_SIGNATURE_LIST)) / SigList->SignatureSize; + for (EntryIndex = 0; EntryIndex < EntryCount; Index++) { + // + // Check if the Certificate Hash is revoked. + // + if (CompareMem (SigData->SignatureData, CertHashVal, + SigList->SignatureSize - sizeof (EFI_GUID) - sizeof (EFI_TIME)) == 0) { + Status = TRUE; + // + // Return the revocation time of this revoked certificate. + // + CopyMem ( + RevocationTime, + (EFI_TIME *)((UINT8 *)SigData + SigList->SignatureSize - sizeof (EFI_TIME)), + sizeof (EFI_TIME) + ); + goto _Exit; + } + + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigData + SigList->SignatureSize); + } + } + +_Exit: + return Status; +} + +/** + Check if the given time value is zero. + + @param[in] Time Pointer of a time value. + + @retval TRUE The Time is Zero. + @retval FALSE The Time is not Zero. + +**/ +BOOLEAN +IsTimeZero ( + IN EFI_TIME *Time + ) +{ + if ((Time->Year == 0) && (Time->Month == 0) && (Time->Day == 0) && + (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) { + return TRUE; + } + + return FALSE; +} + +/** + Check whether the timestamp is valid by comparing the signing time and the revocation time. + + @param SigningTime Pointer to the signing time. + @param RevocationTime Pointer to the revocation time. + + @retval TRUE The SigningTime is not later than the RevocationTime. + @retval FALSE The SigningTime is later than the RevocationTime. + +**/ +BOOLEAN +CompareTimestamp ( + IN EFI_TIME *SigningTime, + IN EFI_TIME *RevocationTime + ) +{ + if (SigningTime->Year != RevocationTime->Year) { + return (BOOLEAN) (SigningTime->Year < RevocationTime->Year); + } else if (SigningTime->Month != RevocationTime->Month) { + return (BOOLEAN) (SigningTime->Month < RevocationTime->Month); + } else if (SigningTime->Day != RevocationTime->Day) { + return (BOOLEAN) (SigningTime->Day < RevocationTime->Day); + } else if (SigningTime->Hour != RevocationTime->Hour) { + return (BOOLEAN) (SigningTime->Hour < RevocationTime->Hour); + } else if (SigningTime->Minute != RevocationTime->Minute) { + return (BOOLEAN) (SigningTime->Minute < RevocationTime->Minute); + } + + return (BOOLEAN) (SigningTime->Second <= RevocationTime->Second); +} + +/** + Check whether the timestamp signature embedded in PKCS7 signedData is valid and + the signing time is also earlier than the revocation time. + + @param[in] SignedData Pointer to the PKCS#7 signedData. + @param[in] SignedDataSize Size of SignedData in bytes. + @param[in] TimeStampDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structures which is used to pass a list of X.509 + certificates of trusted timestamp signers. + @param[in] RevocationTime The time that the certificate was revoked. + + @retval TRUE Timestamp signature is valid and the signing time is no later + than the revocation time. + @retval FALSE Timestamp signature is not valid or the signing time is later + than the revocation time. + +**/ +BOOLEAN +IsValidTimestamp ( + IN UINT8 *SignedData, + IN UINTN SignedDataSize, + IN EFI_SIGNATURE_LIST **TimeStampDb, + IN EFI_TIME *RevocationTime + ) +{ + BOOLEAN Status; + EFI_SIGNATURE_LIST *SigList; + EFI_SIGNATURE_DATA *SigData; + UINT8 *TsaCert; + UINTN TsaCertSize; + UINTN Index; + EFI_TIME SigningTime; + + // + // If no supplied database for verification or RevocationTime is zero, + // the certificate shall be considered to always be revoked. + // + if ((TimeStampDb == NULL) || (IsTimeZero (RevocationTime))) { + return FALSE; + } + + Status = FALSE; + // + // RevocationTime is non-zero, the certificate should be considered to be revoked + // from that time and onwards. + // + for (Index = 0; ; Index++) { + SigList = (EFI_SIGNATURE_LIST *) (TimeStampDb[Index]); + + // + // The list is terminated by a NULL pointer. + // + if (SigList == NULL) { + break; + } + + // + // Ignore any non-X509-format entry in the list + // + if (!CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)) { + continue; + } + + + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); + TsaCert = SigData->SignatureData; + TsaCertSize = SigList->SignatureSize - sizeof (EFI_GUID); + + // + // Each TSA Certificate will normally be in a separate EFI_SIGNATURE_LIST + // Leverage ImageTimestampVerify interface for Timestamp counterSignature Verification + // + if (ImageTimestampVerify (SignedData, SignedDataSize, TsaCert, TsaCertSize, &SigningTime)) { + // + // The signer signature is valid only when the signing time is earlier than revocation time. + // + if (CompareTimestamp (&SigningTime, RevocationTime)) { + Status = TRUE; + break; + } + } + } + + return Status; +} + +/** + Check whether the PKCS7 signedData is revoked by verifying with the revoked + certificates database, and if the signedData is timestamped, the embedded timestamp + counterSignature will be checked with the supplied timestamp database. + + @param[in] SignedData Pointer to buffer containing ASN.1 DER-encoded PKCS7 + signature. + @param[in] SignedDataSize The size of SignedData buffer in bytes. + @param[in] InHash Pointer to the buffer containing the hash of the message data + previously signed and to be verified. + @param[in] InHashSize The size of InHash buffer in bytes. + @param[in] RevokedDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structure which contains list of X.509 certificates + of revoked signers and revoked content hashes. + @param[in] TimeStampDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structures which is used to pass a list of X.509 + certificates of trusted timestamp signers. + + @retval EFI_SUCCESS The PKCS7 signedData is revoked. + @retval EFI_SECURITY_VIOLATION Fail to verify the signature in PKCS7 signedData. + @retval EFI_INVALID_PARAMETER SignedData is NULL or SignedDataSize is zero. + AllowedDb is NULL. + Content is not NULL and ContentSize is NULL. + @retval EFI_NOT_FOUND Content not found because InData is NULL and no + content embedded in PKCS7 signedData. + @retval EFI_UNSUPPORTED The PKCS7 signedData was not correctly formatted. + +**/ +EFI_STATUS +P7CheckRevocationByHash ( + IN UINT8 *SignedData, + IN UINTN SignedDataSize, + IN UINT8 *InHash, + IN UINTN InHashSize, + IN EFI_SIGNATURE_LIST **RevokedDb, + IN EFI_SIGNATURE_LIST **TimeStampDb + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *SigList; + EFI_SIGNATURE_DATA *SigData; + UINT8 *RevokedCert; + UINTN RevokedCertSize; + UINTN Index; + UINT8 *CertBuffer; + UINTN BufferLength; + UINT8 *TrustedCert; + UINTN TrustedCertLength; + UINT8 CertNumber; + UINT8 *CertPtr; + UINT8 *Cert; + UINTN CertSize; + EFI_TIME RevocationTime; + + Status = EFI_SECURITY_VIOLATION; + SigData = NULL; + RevokedCert = NULL; + RevokedCertSize = 0; + CertBuffer = NULL; + TrustedCert = NULL; + + // + // The signedData is revoked if the hash of content existed in RevokedDb + // + if (IsContentHashRevokedByHash (InHash, InHashSize, RevokedDb)) { + Status = EFI_SUCCESS; + goto _Exit; + } + + // + // Check if the signer's certificate can be found in Revoked database + // + for (Index = 0; ; Index++) { + SigList = (EFI_SIGNATURE_LIST *)(RevokedDb[Index]); + + // + // The list is terminated by a NULL pointer. + // + if (SigList == NULL) { + break; + } + + // + // Ignore any non-X509-format entry in the list. + // + if (!CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)) { + continue; + } + + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); + + RevokedCert = SigData->SignatureData; + RevokedCertSize = SigList->SignatureSize - sizeof (EFI_GUID); + + // + // Verifying the PKCS#7 SignedData with the revoked certificate in RevokedDb + // + if (AuthenticodeVerify (SignedData, SignedDataSize, RevokedCert, RevokedCertSize, InHash, InHashSize)) { + // + // The signedData was verified by one entry in Revoked Database + // + Status = EFI_SUCCESS; + break; + } + } + + if (!EFI_ERROR (Status)) { + // + // The signedData was revoked, since it was hit by RevokedDb + // + goto _Exit; + } + + // + // Now we will continue to check the X.509 Certificate Hash & Possible Timestamp + // + if ((TimeStampDb == NULL) || (*TimeStampDb == NULL)) { + goto _Exit; + } + + Pkcs7GetSigners (SignedData, SignedDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength); + if ((BufferLength == 0) || (CertBuffer == NULL)) { + Status = EFI_SUCCESS; + goto _Exit; + } + + // + // Check if any hash of certificates embedded in P7 data is in the revoked database. + // + CertNumber = (UINT8) (*CertBuffer); + CertPtr = CertBuffer + 1; + for (Index = 0; Index < CertNumber; Index++) { + // + // Retrieve the Certificate data + // + CertSize = (UINTN) ReadUnaligned32 ((UINT32 *) CertPtr); + Cert = (UINT8 *)CertPtr + sizeof (UINT32); + + if (IsCertHashRevoked (Cert, CertSize, RevokedDb, &RevocationTime)) { + // + // Check the timestamp signature and signing time to determine if p7 data can be trusted. + // + Status = EFI_SUCCESS; + if (IsValidTimestamp (SignedData, SignedDataSize, TimeStampDb, &RevocationTime)) { + // + // Use EFI_NOT_READY to identify the P7Data is not revoked, because the timestamping + // occurred prior to the time of certificate revocation. + // + Status = EFI_NOT_READY; + } + + goto _Exit; + } + + CertPtr = CertPtr + sizeof (UINT32) + CertSize; + } + +_Exit: + Pkcs7FreeSigners (CertBuffer); + Pkcs7FreeSigners (TrustedCert); + + return Status; +} + +/** + Check whether the PKCS7 signedData is revoked by verifying with the revoked + certificates database, and if the signedData is timestamped, the embedded timestamp + counterSignature will be checked with the supplied timestamp database. + + @param[in] SignedData Pointer to buffer containing ASN.1 DER-encoded PKCS7 + signature. + @param[in] SignedDataSize The size of SignedData buffer in bytes. + @param[in] InData Pointer to the buffer containing the raw message data + previously signed and to be verified. + @param[in] InDataSize The size of InData buffer in bytes. + @param[in] RevokedDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structure which contains list of X.509 certificates + of revoked signers and revoked content hashes. + @param[in] TimeStampDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structures which is used to pass a list of X.509 + certificates of trusted timestamp signers. + + @retval EFI_SUCCESS The PKCS7 signedData is revoked. + @retval EFI_SECURITY_VIOLATION Fail to verify the signature in PKCS7 signedData. + @retval EFI_INVALID_PARAMETER SignedData is NULL or SignedDataSize is zero. + AllowedDb is NULL. + Content is not NULL and ContentSize is NULL. + @retval EFI_NOT_FOUND Content not found because InData is NULL and no + content embedded in PKCS7 signedData. + @retval EFI_UNSUPPORTED The PKCS7 signedData was not correctly formatted. + +**/ +EFI_STATUS +P7CheckRevocation ( + IN UINT8 *SignedData, + IN UINTN SignedDataSize, + IN UINT8 *InData, + IN UINTN InDataSize, + IN EFI_SIGNATURE_LIST **RevokedDb, + IN EFI_SIGNATURE_LIST **TimeStampDb + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *SigList; + EFI_SIGNATURE_DATA *SigData; + UINT8 *RevokedCert; + UINTN RevokedCertSize; + UINTN Index; + UINT8 *CertBuffer; + UINTN BufferLength; + UINT8 *TrustedCert; + UINTN TrustedCertLength; + UINT8 CertNumber; + UINT8 *CertPtr; + UINT8 *Cert; + UINTN CertSize; + EFI_TIME RevocationTime; + + Status = EFI_UNSUPPORTED; + SigData = NULL; + RevokedCert = NULL; + RevokedCertSize = 0; + CertBuffer = NULL; + TrustedCert = NULL; + + // + // The signedData is revoked if the hash of content existed in RevokedDb + // + if (IsContentHashRevoked (InData, InDataSize, RevokedDb)) { + Status = EFI_SUCCESS; + goto _Exit; + } + + // + // Check if the signer's certificate can be found in Revoked database + // + for (Index = 0; ; Index++) { + SigList = (EFI_SIGNATURE_LIST *)(RevokedDb[Index]); + + // + // The list is terminated by a NULL pointer. + // + if (SigList == NULL) { + break; + } + + // + // Ignore any non-X509-format entry in the list. + // + if (!CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)) { + continue; + } + + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); + + RevokedCert = SigData->SignatureData; + RevokedCertSize = SigList->SignatureSize - sizeof (EFI_GUID); + + // + // Verifying the PKCS#7 SignedData with the revoked certificate in RevokedDb + // + if (Pkcs7Verify (SignedData, SignedDataSize, RevokedCert, RevokedCertSize, InData, InDataSize)) { + // + // The signedData was verified by one entry in Revoked Database + // + Status = EFI_SUCCESS; + break; + } + } + + if (!EFI_ERROR (Status)) { + // + // The signedData was revoked, since it was hit by RevokedDb + // + goto _Exit; + } + + // + // Now we will continue to check the X.509 Certificate Hash & Possible Timestamp + // + if ((TimeStampDb == NULL) || (*TimeStampDb == NULL)) { + goto _Exit; + } + + Pkcs7GetSigners (SignedData, SignedDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength); + if ((BufferLength == 0) || (CertBuffer == NULL)) { + Status = EFI_SUCCESS; + goto _Exit; + } + + // + // Check if any hash of certificates embedded in P7 data is in the revoked database. + // + CertNumber = (UINT8) (*CertBuffer); + CertPtr = CertBuffer + 1; + for (Index = 0; Index < CertNumber; Index++) { + // + // Retrieve the Certificate data + // + CertSize = (UINTN) ReadUnaligned32 ((UINT32 *) CertPtr); + Cert = (UINT8 *)CertPtr + sizeof (UINT32); + + if (IsCertHashRevoked (Cert, CertSize, RevokedDb, &RevocationTime)) { + // + // Check the timestamp signature and signing time to determine if p7 data can be trusted. + // + Status = EFI_SUCCESS; + if (IsValidTimestamp (SignedData, SignedDataSize, TimeStampDb, &RevocationTime)) { + // + // Use EFI_NOT_READY to identify the P7Data is not revoked, because the timestamping + // occurred prior to the time of certificate revocation. + // + Status = EFI_NOT_READY; + } + + goto _Exit; + } + + CertPtr = CertPtr + sizeof (UINT32) + CertSize; + } + +_Exit: + Pkcs7FreeSigners (CertBuffer); + Pkcs7FreeSigners (TrustedCert); + + return Status; +} + +/** + Check whether the PKCS7 signedData can be verified by the trusted certificates + database, and return the content of the signedData if requested. + + @param[in] SignedData Pointer to buffer containing ASN.1 DER-encoded PKCS7 + signature. + @param[in] SignedDataSize The size of SignedData buffer in bytes. + @param[in] InHash Pointer to the buffer containing the hash of the message data + previously signed and to be verified. + @param[in] InHashSize The size of InHash buffer in bytes. + @param[in] AllowedDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structures which contains lists of X.509 certificates + of approved signers. + + @retval EFI_SUCCESS The PKCS7 signedData is trusted. + @retval EFI_SECURITY_VIOLATION Fail to verify the signature in PKCS7 signedData. + @retval EFI_INVALID_PARAMETER SignedData is NULL or SignedDataSize is zero. + AllowedDb is NULL. + Content is not NULL and ContentSize is NULL. + @retval EFI_NOT_FOUND Content not found because InData is NULL and no + content embedded in PKCS7 signedData. + @retval EFI_UNSUPPORTED The PKCS7 signedData was not correctly formatted. + @retval EFI_BUFFER_TOO_SMALL The size of buffer indicated by ContentSize is too + small to hold the content. ContentSize updated to + the required size. + +**/ +EFI_STATUS +P7CheckTrustByHash ( + IN UINT8 *SignedData, + IN UINTN SignedDataSize, + IN UINT8 *InHash, + IN UINTN InHashSize, + IN EFI_SIGNATURE_LIST **AllowedDb + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *SigList; + EFI_SIGNATURE_DATA *SigData; + UINT8 *TrustCert; + UINTN TrustCertSize; + UINTN Index; + + Status = EFI_SECURITY_VIOLATION; + SigData = NULL; + TrustCert = NULL; + TrustCertSize = 0; + + if (AllowedDb == NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // Build Certificate Stack with all valid X509 certificates in the supplied + // Signature List for PKCS7 Verification. + // + for (Index = 0; ; Index++) { + SigList = (EFI_SIGNATURE_LIST *)(AllowedDb[Index]); + + // + // The list is terminated by a NULL pointer. + // + if (SigList == NULL) { + break; + } + + // + // Ignore any non-X509-format entry in the list. + // + if (!CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)) { + continue; + } + + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); + + TrustCert = SigData->SignatureData; + TrustCertSize = SigList->SignatureSize - sizeof (EFI_GUID); + + // + // Verifying the PKCS#7 SignedData with the trusted certificate from AllowedDb + // + if (AuthenticodeVerify (SignedData, SignedDataSize, TrustCert, TrustCertSize, InHash, InHashSize)) { + // + // The SignedData was verified successfully by one entry in Trusted Database + // + Status = EFI_SUCCESS; + break; + } + } + + return Status; +} + +/** + Check whether the PKCS7 signedData can be verified by the trusted certificates + database, and return the content of the signedData if requested. + + @param[in] SignedData Pointer to buffer containing ASN.1 DER-encoded PKCS7 + signature. + @param[in] SignedDataSize The size of SignedData buffer in bytes. + @param[in] InData Pointer to the buffer containing the raw message data + previously signed and to be verified. + @param[in] InDataSize The size of InData buffer in bytes. + @param[in] AllowedDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structures which contains lists of X.509 certificates + of approved signers. + + @retval EFI_SUCCESS The PKCS7 signedData is trusted. + @retval EFI_SECURITY_VIOLATION Fail to verify the signature in PKCS7 signedData. + @retval EFI_INVALID_PARAMETER SignedData is NULL or SignedDataSize is zero. + AllowedDb is NULL. + Content is not NULL and ContentSize is NULL. + @retval EFI_NOT_FOUND Content not found because InData is NULL and no + content embedded in PKCS7 signedData. + @retval EFI_UNSUPPORTED The PKCS7 signedData was not correctly formatted. + @retval EFI_BUFFER_TOO_SMALL The size of buffer indicated by ContentSize is too + small to hold the content. ContentSize updated to + the required size. + +**/ +EFI_STATUS +P7CheckTrust ( + IN UINT8 *SignedData, + IN UINTN SignedDataSize, + IN UINT8 *InData, + IN UINTN InDataSize, + IN EFI_SIGNATURE_LIST **AllowedDb + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *SigList; + EFI_SIGNATURE_DATA *SigData; + UINT8 *TrustCert; + UINTN TrustCertSize; + UINTN Index; + + Status = EFI_SECURITY_VIOLATION; + SigData = NULL; + TrustCert = NULL; + TrustCertSize = 0; + + if (AllowedDb == NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // Build Certificate Stack with all valid X509 certificates in the supplied + // Signature List for PKCS7 Verification. + // + for (Index = 0; ; Index++) { + SigList = (EFI_SIGNATURE_LIST *)(AllowedDb[Index]); + + // + // The list is terminated by a NULL pointer. + // + if (SigList == NULL) { + break; + } + + // + // Ignore any non-X509-format entry in the list. + // + if (!CompareGuid (&SigList->SignatureType, &gEfiCertX509Guid)) { + continue; + } + + SigData = (EFI_SIGNATURE_DATA *) ((UINT8 *) SigList + sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize); + + TrustCert = SigData->SignatureData; + TrustCertSize = SigList->SignatureSize - sizeof (EFI_GUID); + + // + // Verifying the PKCS#7 SignedData with the trusted certificate from AllowedDb + // + if (Pkcs7Verify (SignedData, SignedDataSize, TrustCert, TrustCertSize, InData, InDataSize)) { + // + // The SignedData was verified successfully by one entry in Trusted Database + // + Status = EFI_SUCCESS; + break; + } + } + + return Status; +} + +/** + Processes a buffer containing binary DER-encoded PKCS7 signature. + The signed data content may be embedded within the buffer or separated. Function + verifies the signature of the content is valid and signing certificate was not + revoked and is contained within a list of trusted signers. + + @param[in] This Pointer to EFI_PKCS7_VERIFY_PROTOCOL instance. + @param[in] SignedData Points to buffer containing ASN.1 DER-encoded PKCS7 + signature. + @param[in] SignedDataSize The size of SignedData buffer in bytes. + @param[in] InData In case of detached signature, InData points to + buffer containing the raw message data previously + signed and to be verified by function. In case of + SignedData containing embedded data, InData must be + NULL. + @param[in] InDataSize When InData is used, the size of InData buffer in + bytes. When InData is NULL. This parameter must be + 0. + @param[in] AllowedDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structures. The list is terminated by a null + pointer. The EFI_SIGNATURE_LIST structures contain + lists of X.509 certificates of approved signers. + Function recognizes signer certificates of type + EFI_CERT_X509_GUID. Any hash certificate in AllowedDb + list is ignored by this function. Function returns + success if signer of the buffer is within this list + (and not within RevokedDb). This parameter is + required. + @param[in] RevokedDb Optional pointer to a list of pointers to + EFI_SIGNATURE_LIST structures. The list is terminated + by a null pointer. List of X.509 certificates of + revoked signers and revoked file hashes. Except as + noted in description of TimeStampDb signature + verification will always fail if the signer of the + file or the hash of the data component of the buffer + is in RevokedDb list. This list is optional and + caller may pass Null or pointer to NULL if not + required. + @param[in] TimeStampDb Optional pointer to a list of pointers to + EFI_SIGNATURE_LIST structures. The list is terminated + by a null pointer. This parameter can be used to pass + a list of X.509 certificates of trusted time stamp + signers. This list is optional and caller must pass + Null or pointer to NULL if not required. + @param[out] Content On input, points to an optional caller-allocated + buffer into which the function will copy the content + portion of the file after verification succeeds. + This parameter is optional and if NULL, no copy of + content from file is performed. + @param[in,out] ContentSize On input, points to the size in bytes of the optional + buffer Content previously allocated by caller. On + output, if the verification succeeds, the value + referenced by ContentSize will contain the actual + size of the content from signed file. If ContentSize + indicates the caller-allocated buffer is too small + to contain content, an error is returned, and + ContentSize will be updated with the required size. + This parameter must be 0 if Content is Null. + + @retval EFI_SUCCESS Content signature was verified against hash of + content, the signer's certificate was not found in + RevokedDb, and was found in AllowedDb or if in signer + is found in both AllowedDb and RevokedDb, the + signing was allowed by reference to TimeStampDb as + described above, and no hash matching content hash + was found in RevokedDb. + @retval EFI_SECURITY_VIOLATION The SignedData buffer was correctly formatted but + signer was in RevokedDb or not in AllowedDb. Also + returned if matching content hash found in RevokedDb. + @retval EFI_COMPROMISED_DATA Calculated hash differs from signed hash. + @retval EFI_INVALID_PARAMETER SignedData is NULL or SignedDataSize is zero. + AllowedDb is NULL. + @retval EFI_INVALID_PARAMETER Content is not NULL and ContentSize is NULL. + @retval EFI_ABORTED Unsupported or invalid format in TimeStampDb, + RevokedDb or AllowedDb list contents was detected. + @retval EFI_NOT_FOUND Content not found because InData is NULL and no + content embedded in SignedData. + @retval EFI_UNSUPPORTED The SignedData buffer was not correctly formatted + for processing by the function. + @retval EFI_UNSUPPORTED Signed data embedded in SignedData but InData is not + NULL. + @retval EFI_BUFFER_TOO_SMALL The size of buffer indicated by ContentSize is too + small to hold the content. ContentSize updated to + required size. + +**/ +EFI_STATUS +EFIAPI +VerifyBuffer ( + IN EFI_PKCS7_VERIFY_PROTOCOL *This, + IN VOID *SignedData, + IN UINTN SignedDataSize, + IN VOID *InData OPTIONAL, + IN UINTN InDataSize, + IN EFI_SIGNATURE_LIST **AllowedDb, + IN EFI_SIGNATURE_LIST **RevokedDb OPTIONAL, + IN EFI_SIGNATURE_LIST **TimeStampDb OPTIONAL, + OUT VOID *Content OPTIONAL, + IN OUT UINTN *ContentSize + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *SigList; + UINTN Index; + UINT8 *AttachedData; + UINTN AttachedDataSize; + UINT8 *DataPtr; + UINTN DataSize; + + // + // Parameters Checking + // + if ((SignedData == NULL) || (SignedDataSize == 0) || (AllowedDb == NULL)) { + return EFI_INVALID_PARAMETER; + } + if ((Content != NULL) && (ContentSize == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Check if any invalid entry format in AllowedDb list contents + // + for (Index = 0; ; Index++) { + SigList = (EFI_SIGNATURE_LIST *)(AllowedDb[Index]); + + if (SigList == NULL) { + break; + } + if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize + + SigList->SignatureSize) { + return EFI_ABORTED; + } + } + + // + // Check if any invalid entry format in RevokedDb list contents + // + if (RevokedDb != NULL) { + for (Index = 0; ; Index++) { + SigList = (EFI_SIGNATURE_LIST *)(RevokedDb[Index]); + + if (SigList == NULL) { + break; + } + if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize + + SigList->SignatureSize) { + return EFI_ABORTED; + } + } + } + + // + // Check if any invalid entry format in TimeStampDb list contents + // + if (TimeStampDb != NULL) { + for (Index = 0; ; Index++) { + SigList = (EFI_SIGNATURE_LIST *)(TimeStampDb[Index]); + + if (SigList == NULL) { + break; + } + if (SigList->SignatureListSize < sizeof (EFI_SIGNATURE_LIST) + + SigList->SignatureHeaderSize + + SigList->SignatureSize) { + return EFI_ABORTED; + } + } + } + + // + // Try to retrieve the attached content from PKCS7 signedData + // + AttachedData = NULL; + AttachedDataSize = 0; + if (!Pkcs7GetAttachedContent ( + SignedData, + SignedDataSize, + (VOID **)&AttachedData, + &AttachedDataSize)) { + // + // The SignedData buffer was not correctly formatted for processing + // + return EFI_UNSUPPORTED; + } + if (AttachedData != NULL) { + if (InData != NULL) { + // + // The embedded content is found in SignedData but InData is not NULL + // + Status = EFI_UNSUPPORTED; + goto _Exit; + } + // + // PKCS7-formatted signedData with attached content; Use the embedded + // content for verification + // + DataPtr = AttachedData; + DataSize = AttachedDataSize; + + } else if (InData != NULL) { + // + // PKCS7-formatted signedData with detached content; Use the user-supplied + // input data for verification + // + DataPtr = (UINT8 *)InData; + DataSize = InDataSize; + } else { + // + // Content not found because InData is NULL and no content attached in SignedData + // + Status = EFI_NOT_FOUND; + goto _Exit; + } + + Status = EFI_UNSUPPORTED; + + // + // Verify PKCS7 SignedData with Revoked database + // + if (RevokedDb != NULL) { + Status = P7CheckRevocation ( + SignedData, + SignedDataSize, + DataPtr, + DataSize, + RevokedDb, + TimeStampDb + ); + if (!EFI_ERROR (Status)) { + // + // The PKCS7 SignedData is revoked + // + Status = EFI_SECURITY_VIOLATION; + goto _Exit; + } + } + + // + // Verify PKCS7 SignedData with AllowedDB + // + Status = P7CheckTrust ( + SignedData, + SignedDataSize, + DataPtr, + DataSize, + AllowedDb + ); + if (EFI_ERROR (Status)) { + // + // Verification failed with AllowedDb + // + goto _Exit; + } + + // + // Copy the content portion after verification succeeds + // + if (Content != NULL) { + if (*ContentSize < DataSize) { + // + // Caller-allocated buffer is too small to contain content + // + *ContentSize = DataSize; + Status = EFI_BUFFER_TOO_SMALL; + } else { + *ContentSize = DataSize; + CopyMem (Content, DataPtr, DataSize); + } + } + +_Exit: + if (AttachedData != NULL) { + FreePool (AttachedData); + } + + return Status; +} + +/** + Processes a buffer containing binary DER-encoded detached PKCS7 signature. + The hash of the signed data content is calculated and passed by the caller. Function + verifies the signature of the content is valid and signing certificate was not revoked + and is contained within a list of trusted signers. + + Note: because this function uses hashes and the specification contains a variety of + hash choices, you should be aware that the check against the RevokedDb list + will improperly succeed if the signature is revoked using a different hash + algorithm. For this reason, you should either cycle through all UEFI supported + hashes to see if one is forbidden, or rely on a single hash choice only if the + UEFI signature authority only signs and revokes with a single hash (at time + of writing, this hash choice is SHA256). + + @param[in] This Pointer to EFI_PKCS7_VERIFY_PROTOCOL instance. + @param[in] Signature Points to buffer containing ASN.1 DER-encoded PKCS + detached signature. + @param[in] SignatureSize The size of Signature buffer in bytes. + @param[in] InHash InHash points to buffer containing the caller + calculated hash of the data. The parameter may not + be NULL. + @param[in] InHashSize The size in bytes of InHash buffer. + @param[in] AllowedDb Pointer to a list of pointers to EFI_SIGNATURE_LIST + structures. The list is terminated by a null + pointer. The EFI_SIGNATURE_LIST structures contain + lists of X.509 certificates of approved signers. + Function recognizes signer certificates of type + EFI_CERT_X509_GUID. Any hash certificate in AllowedDb + list is ignored by this function. Function returns + success if signer of the buffer is within this list + (and not within RevokedDb). This parameter is + required. + @param[in] RevokedDb Optional pointer to a list of pointers to + EFI_SIGNATURE_LIST structures. The list is terminated + by a null pointer. List of X.509 certificates of + revoked signers and revoked file hashes. Signature + verification will always fail if the signer of the + file or the hash of the data component of the buffer + is in RevokedDb list. This parameter is optional + and caller may pass Null if not required. + @param[in] TimeStampDb Optional pointer to a list of pointers to + EFI_SIGNATURE_LIST structures. The list is terminated + by a null pointer. This parameter can be used to pass + a list of X.509 certificates of trusted time stamp + counter-signers. + + @retval EFI_SUCCESS Signed hash was verified against caller-provided + hash of content, the signer's certificate was not + found in RevokedDb, and was found in AllowedDb or + if in signer is found in both AllowedDb and + RevokedDb, the signing was allowed by reference to + TimeStampDb as described above, and no hash matching + content hash was found in RevokedDb. + @retval EFI_SECURITY_VIOLATION The SignedData buffer was correctly formatted but + signer was in RevokedDb or not in AllowedDb. Also + returned if matching content hash found in RevokedDb. + @retval EFI_COMPROMISED_DATA Caller provided hash differs from signed hash. Or, + caller and encrypted hash are different sizes. + @retval EFI_INVALID_PARAMETER Signature is NULL or SignatureSize is zero. InHash + is NULL or InHashSize is zero. AllowedDb is NULL. + @retval EFI_ABORTED Unsupported or invalid format in TimeStampDb, + RevokedDb or AllowedDb list contents was detected. + @retval EFI_UNSUPPORTED The Signature buffer was not correctly formatted + for processing by the function. + +**/ +EFI_STATUS +EFIAPI +VerifySignature ( + IN EFI_PKCS7_VERIFY_PROTOCOL *This, + IN VOID *Signature, + IN UINTN SignatureSize, + IN VOID *InHash, + IN UINTN InHashSize, + IN EFI_SIGNATURE_LIST **AllowedDb, + IN EFI_SIGNATURE_LIST **RevokedDb OPTIONAL, + IN EFI_SIGNATURE_LIST **TimeStampDb OPTIONAL + ) +{ + EFI_STATUS Status; + + // + // Parameters Checking + // + if ((Signature == NULL) || (SignatureSize == 0) || (AllowedDb == NULL) + || (InHash == NULL) || (InHashSize == 0)) { + return EFI_INVALID_PARAMETER; + } + + // + // Verify PKCS7 SignedData with Revoked database + // + if (RevokedDb != NULL) { + Status = P7CheckRevocationByHash ( + Signature, + SignatureSize, + InHash, + InHashSize, + RevokedDb, + TimeStampDb + ); + + if (!EFI_ERROR (Status)) { + // + // The PKCS7 SignedData is revoked + // + return EFI_SECURITY_VIOLATION; + } + } + + // + // Verify PKCS7 SignedData with AllowedDB + // + Status = P7CheckTrustByHash ( + Signature, + SignatureSize, + InHash, + InHashSize, + AllowedDb + ); + + return Status; +} + +// +// The PKCS7 Verification Protocol +// +EFI_PKCS7_VERIFY_PROTOCOL mPkcs7Verify = { + VerifyBuffer, + VerifySignature +}; + +/** + The user Entry Point for the PKCS7 Verification driver. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval EFI_NOT_SUPPORTED Platform does not support PKCS7 Verification. + @retval Other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +Pkcs7VerifyDriverEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + EFI_PKCS7_VERIFY_PROTOCOL Useless; + + // + // Avoid loading a second copy if this is built as an external module + // + Status = gBS->LocateProtocol (&gEfiPkcs7VerifyProtocolGuid, NULL, (VOID **)&Useless); + if (!EFI_ERROR (Status)) { + return EFI_ABORTED; + } + + // + // Install UEFI Pkcs7 Verification Protocol + // + Handle = NULL; + Status = gBS->InstallMultipleProtocolInterfaces ( + &Handle, + &gEfiPkcs7VerifyProtocolGuid, + &mPkcs7Verify, + NULL + ); + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf new file mode 100644 index 00000000..7ffbbdd6 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf @@ -0,0 +1,64 @@ +## @file +# Produces the UEFI PKCS7 Verification protocol. +# +# PKCS7 is a general-purpose Cryptographic Message Syntax Standard (defined by +# RFC2315, http://tools.ietf.org/html/rfc2315). This module will produce the +# UEFI PKCS7 Verification Protocol which is used to verify data signed using PKCS7 +# structure. +# +# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Pkcs7VerifyDxe + FILE_GUID = DC952D08-C62B-41c6-BAC7-70ED054F91E5 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = Pkcs7VerifyDriverEntry + MODULE_UNI_FILE = Pkcs7VerifyDxe.uni + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources.common] + Pkcs7VerifyDxe.c + +[Packages] + MdePkg/MdePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + UefiLib + UefiBootServicesTableLib + BaseLib + BaseMemoryLib + MemoryAllocationLib + DebugLib + UefiDriverEntryPoint + BaseCryptLib + +[Protocols] + gEfiPkcs7VerifyProtocolGuid ## PRODUCES + +[Guids] + gEfiCertX509Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertSha1Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertSha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertSha384Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertSha512Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertX509Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertX509Sha384Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + gEfiCertX509Sha512Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + +[Depex] + TRUE + +[UserExtensions.TianoCore."ExtraFiles"] + Pkcs7VerifyDxeExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.uni new file mode 100644 index 00000000..46239fcc --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.uni @@ -0,0 +1,19 @@ +// /** @file
+// Produces the UEFI PKCS7 Verification Protocol.
+//
+// PKCS7 is a general-purpose Cryptographic Message Syntax Standard (RFC2315,
+// http://tools.ietf.org/html/rfc2315). This module will produce the UEFI PKCS7
+// Verification Protocol which is used to verify data signed using PKCS#7
+// structure. The PKCS#7 data to be verified must be ASN.1 (DER) encoded.
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Produces UEFI PKCS7 Verification Protocol"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module will produce UEFI PKCS7 Verification Protocol."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxeExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxeExtra.uni new file mode 100644 index 00000000..bb14715b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxeExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// Pkcs7VerifyDxe Localized Strings and Content
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"UEFI PKCS7 Verification DXE"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c new file mode 100644 index 00000000..fa77db7b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/RngDxe.c @@ -0,0 +1,126 @@ +/** @file + RNG Driver to produce the UEFI Random Number Generator protocol. + + The driver will use the RNDR instruction to produce random numbers. + + RNG Algorithms defined in UEFI 2.4: + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID + - EFI_RNG_ALGORITHM_RAW - Unsupported + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported + + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR> + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/TimerLib.h> +#include <Protocol/Rng.h> + +#include "RngDxeInternals.h" + +/** + Produces and returns an RNG value using either the default or specified RNG algorithm. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG + algorithm to use. May be NULL in which case the function will + use its default RNG algorithm. + @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by + RNGValue. The driver shall return exactly this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the + resulting RNG value. + + @retval EFI_SUCCESS The RNG value was returned successfully. + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by + this driver. + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or + firmware error. + @retval EFI_NOT_READY There is not enough random data available to satisfy the length + requested by RNGValueLength. + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero. + +**/ +EFI_STATUS +EFIAPI +RngGetRNG ( + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ) +{ + EFI_STATUS Status; + + if ((RNGValueLength == 0) || (RNGValue == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (RNGAlgorithm == NULL) { + // + // Use the default RNG algorithm if RNGAlgorithm is NULL. + // + RNGAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm); + } + + if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) { + Status = RngGetBytes (RNGValueLength, RNGValue); + return Status; + } + + // + // Other algorithms are unsupported by this driver. + // + return EFI_UNSUPPORTED; +} + +/** + Returns information about the random number generation implementation. + + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. + On output with a return code of EFI_SUCCESS, the size + in bytes of the data returned in RNGAlgorithmList. On output + with a return code of EFI_BUFFER_TOO_SMALL, + the size of RNGAlgorithmList required to obtain the list. + @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver + with one EFI_RNG_ALGORITHM element for each supported + RNG algorithm. The list must not change across multiple + calls to the same driver. The first algorithm in the list + is the default algorithm for the driver. + + @retval EFI_SUCCESS The RNG algorithm list was returned successfully. + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. + +**/ +UINTN +EFIAPI +ArchGetSupportedRngAlgorithms ( + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + ) +{ + UINTN RequiredSize; + EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; + + RequiredSize = sizeof (EFI_RNG_ALGORITHM); + + if (*RNGAlgorithmListSize < RequiredSize) { + *RNGAlgorithmListSize = RequiredSize; + return EFI_BUFFER_TOO_SMALL; + } + + CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm); + + CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM)); + + *RNGAlgorithmListSize = RequiredSize; + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c new file mode 100644 index 00000000..7587ed0a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.c @@ -0,0 +1,298 @@ +/** @file + Core Primitive Implementation of the Advanced Encryption Standard (AES) algorithm. + Refer to FIPS PUB 197 ("Advanced Encryption Standard (AES)") for detailed algorithm + description of AES. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "AesCore.h" + +// +// Number of columns (32-bit words) comprising the State. +// AES_NB is a constant (value = 4) for NIST FIPS-197. +// +#define AES_NB 4 + +// +// Pre-computed AES Forward Table: AesForwardTable[t] = AES_SBOX[t].[02, 01, 01, 03] +// AES_SBOX (AES S-box) is defined in sec 5.1.1 of FIPS PUB 197. +// This is to speed up execution of the cipher by combining SubBytes and +// ShiftRows with MixColumns steps and transforming them into table lookups. +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 AesForwardTable[] = { + 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, 0xfff2f20d, 0xd66b6bbd, + 0xde6f6fb1, 0x91c5c554, 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, + 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, 0x8fcaca45, 0x1f82829d, + 0x89c9c940, 0xfa7d7d87, 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, + 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, 0x239c9cbf, 0x53a4a4f7, + 0xe4727296, 0x9bc0c05b, 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, + 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, 0x6834345c, 0x51a5a5f4, + 0xd1e5e534, 0xf9f1f108, 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, + 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, 0x30181828, 0x379696a1, + 0x0a05050f, 0x2f9a9ab5, 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, + 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, 0x1209091b, 0x1d83839e, + 0x582c2c74, 0x341a1a2e, 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, + 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, 0x5229297b, 0xdde3e33e, + 0x5e2f2f71, 0x13848497, 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, + 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, 0xd46a6abe, 0x8dcbcb46, + 0x67bebed9, 0x7239394b, 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, + 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, 0x864343c5, 0x9a4d4dd7, + 0x66333355, 0x11858594, 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, + 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, 0xa25151f3, 0x5da3a3fe, + 0x804040c0, 0x058f8f8a, 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, + 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, 0x20101030, 0xe5ffff1a, + 0xfdf3f30e, 0xbfd2d26d, 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, + 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, 0x93c4c457, 0x55a7a7f2, + 0xfc7e7e82, 0x7a3d3d47, 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, + 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, 0x44222266, 0x542a2a7e, + 0x3b9090ab, 0x0b888883, 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, + 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, 0xdbe0e03b, 0x64323256, + 0x743a3a4e, 0x140a0a1e, 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, + 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, 0x399191a8, 0x319595a4, + 0xd3e4e437, 0xf279798b, 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, + 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, 0xd86c6cb4, 0xac5656fa, + 0xf3f4f407, 0xcfeaea25, 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, + 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, 0x381c1c24, 0x57a6a6f1, + 0x73b4b4c7, 0x97c6c651, 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, + 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, 0xe0707090, 0x7c3e3e42, + 0x71b5b5c4, 0xcc6666aa, 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, + 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, 0x17868691, 0x99c1c158, + 0x3a1d1d27, 0x279e9eb9, 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, + 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, 0x2d9b9bb6, 0x3c1e1e22, + 0x15878792, 0xc9e9e920, 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, + 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, 0x65bfbfda, 0xd7e6e631, + 0x844242c6, 0xd06868b8, 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, + 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a +}; + +// +// Round constant word array used in AES key expansion. +// +GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT32 Rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, + 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000 +}; + +// +// Rotates x right n bits (circular right shift operation) +// +#define ROTATE_RIGHT32(x, n) (((x) >> (n)) | ((x) << (32-(n)))) + +// +// Loading & Storing 32-bit words in big-endian format: y[3..0] --> x; x --> y[3..0]; +// +#define LOAD32H(x, y) { x = ((UINT32)((y)[0] & 0xFF) << 24) | ((UINT32)((y)[1] & 0xFF) << 16) | \ + ((UINT32)((y)[2] & 0xFF) << 8) | ((UINT32)((y)[3] & 0xFF)); } +#define STORE32H(x, y) { (y)[0] = (UINT8)(((x) >> 24) & 0xFF); (y)[1] = (UINT8)(((x) >> 16) & 0xFF); \ + (y)[2] = (UINT8)(((x) >> 8) & 0xFF); (y)[3] = (UINT8)((x) & 0xFF); } + +// +// Wrap macros for AES forward tables lookups +// +#define AES_FT0(x) AesForwardTable[x] +#define AES_FT1(x) ROTATE_RIGHT32(AesForwardTable[x], 8) +#define AES_FT2(x) ROTATE_RIGHT32(AesForwardTable[x], 16) +#define AES_FT3(x) ROTATE_RIGHT32(AesForwardTable[x], 24) + +/// +/// AES Key Schedule which is expanded from symmetric key [Size 60 = 4 * ((Max AES Round, 14) + 1)]. +/// +typedef struct { + UINTN Nk; // Number of Cipher Key (in 32-bit words); + UINT32 EncKey[60]; // Expanded AES encryption key + UINT32 DecKey[60]; // Expanded AES decryption key (Not used here) +} AES_KEY; + +/** + AES Key Expansion. + This function expands the cipher key into encryption schedule. + + @param[in] Key AES symmetric key buffer. + @param[in] KeyLenInBits Key length in bits (128, 192, or 256). + @param[out] AesKey Expanded AES Key schedule for encryption. + + @retval EFI_SUCCESS AES key expansion succeeded. + @retval EFI_INVALID_PARAMETER Unsupported key length. + +**/ +EFI_STATUS +EFIAPI +AesExpandKey ( + IN UINT8 *Key, + IN UINTN KeyLenInBits, + OUT AES_KEY *AesKey + ) +{ + UINTN Nk; + UINTN Nr; + UINTN Nw; + UINTN Index1; + UINTN Index2; + UINTN Index3; + UINT32 *Ek; + UINT32 Temp; + + // + // Nk - Number of 32-bit words comprising the cipher key. (Nk = 4, 6 or 8) + // Nr - Number of rounds. (Nr = 10, 12, or 14), which is dependent on the key size. + // + Nk = KeyLenInBits >> 5; + if (Nk != 4 && Nk != 6 && Nk != 8) { + return EFI_INVALID_PARAMETER; + } + Nr = Nk + 6; + Nw = AES_NB * (Nr + 1); // Key Expansion generates a total of Nb * (Nr + 1) words + AesKey->Nk = Nk; + + // + // Load initial symmetric AES key; + // Note that AES was designed on big-endian systems. + // + Ek = AesKey->EncKey; + for (Index1 = Index2 = 0; Index1 < Nk; Index1++, Index2 += 4) { + LOAD32H (Ek[Index1], Key + Index2); + } + + // + // Initialize the encryption key scheduler + // + for (Index2 = Nk, Index3 = 0; Index2 < Nw; Index2 += Nk, Index3++) { + Temp = Ek[Index2 - 1]; + Ek[Index2] = Ek[Index2 - Nk] ^ (AES_FT2((Temp >> 16) & 0xFF) & 0xFF000000) ^ + (AES_FT3((Temp >> 8) & 0xFF) & 0x00FF0000) ^ + (AES_FT0((Temp) & 0xFF) & 0x0000FF00) ^ + (AES_FT1((Temp >> 24) & 0xFF) & 0x000000FF) ^ + Rcon[Index3]; + if (Nk <= 6) { + // + // If AES Cipher Key is 128 or 192 bits + // + for (Index1 = 1; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) { + Ek [Index1 + Index2] = Ek [Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; + } + } else { + // + // Different routine for key expansion If Cipher Key is 256 bits, + // + for (Index1 = 1; Index1 < 4 && (Index1 + Index2) < Nw; Index1++) { + Ek [Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; + } + if (Index2 + 4 < Nw) { + Temp = Ek[Index2 + 3]; + Ek[Index2 + 4] = Ek[Index2 + 4 - Nk] ^ (AES_FT2((Temp >> 24) & 0xFF) & 0xFF000000) ^ + (AES_FT3((Temp >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0((Temp >> 8) & 0xFF) & 0x0000FF00) ^ + (AES_FT1((Temp) & 0xFF) & 0x000000FF); + } + + for (Index1 = 5; Index1 < Nk && (Index1 + Index2) < Nw; Index1++) { + Ek[Index1 + Index2] = Ek[Index1 + Index2 - Nk] ^ Ek[Index1 + Index2 - 1]; + } + } + } + + return EFI_SUCCESS; +} + +/** + Encrypts one single block data (128 bits) with AES algorithm. + + @param[in] Key AES symmetric key buffer. + @param[in] InData One block of input plaintext to be encrypted. + @param[out] OutData Encrypted output ciphertext. + + @retval EFI_SUCCESS AES Block Encryption succeeded. + @retval EFI_INVALID_PARAMETER One or more parameters are invalid. + +**/ +EFI_STATUS +EFIAPI +AesEncrypt ( + IN UINT8 *Key, + IN UINT8 *InData, + OUT UINT8 *OutData + ) +{ + AES_KEY AesKey; + UINTN Nr; + UINT32 *Ek; + UINT32 State[4]; + UINT32 TempState[4]; + UINT32 *StateX; + UINT32 *StateY; + UINT32 *Temp; + UINTN Index; + UINTN NbIndex; + UINTN Round; + + if ((Key == NULL) || (InData == NULL) || (OutData == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Expands AES Key for encryption. + // + AesExpandKey (Key, 128, &AesKey); + + Nr = AesKey.Nk + 6; + Ek = AesKey.EncKey; + + // + // Initialize the cipher State array with the initial round key + // + for (Index = 0; Index < AES_NB; Index++) { + LOAD32H (State[Index], InData + 4 * Index); + State[Index] ^= Ek[Index]; + } + + NbIndex = AES_NB; + StateX = State; + StateY = TempState; + + // + // AES Cipher transformation rounds (Nr - 1 rounds), in which SubBytes(), + // ShiftRows() and MixColumns() operations were combined by a sequence of + // table lookups to speed up the execution. + // + for (Round = 1; Round < Nr; Round++) { + StateY[0] = AES_FT0 ((StateX[0] >> 24) ) ^ AES_FT1 ((StateX[1] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[2] >> 8) & 0xFF) ^ AES_FT3 ((StateX[3] ) & 0xFF) ^ Ek[NbIndex]; + StateY[1] = AES_FT0 ((StateX[1] >> 24) ) ^ AES_FT1 ((StateX[2] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[3] >> 8) & 0xFF) ^ AES_FT3 ((StateX[0] ) & 0xFF) ^ Ek[NbIndex + 1]; + StateY[2] = AES_FT0 ((StateX[2] >> 24) ) ^ AES_FT1 ((StateX[3] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[0] >> 8) & 0xFF) ^ AES_FT3 ((StateX[1] ) & 0xFF) ^ Ek[NbIndex + 2]; + StateY[3] = AES_FT0 ((StateX[3] >> 24) ) ^ AES_FT1 ((StateX[0] >> 16) & 0xFF) ^ + AES_FT2 ((StateX[1] >> 8) & 0xFF) ^ AES_FT3 ((StateX[2] ) & 0xFF) ^ Ek[NbIndex + 3]; + + NbIndex += 4; + Temp = StateX; StateX = StateY; StateY = Temp; + } + + // + // Apply the final round, which does not include MixColumns() transformation + // + StateY[0] = (AES_FT2 ((StateX[0] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[1] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[2] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[3] ) & 0xFF) & 0x000000FF) ^ + Ek[NbIndex]; + StateY[1] = (AES_FT2 ((StateX[1] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[2] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[3] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[0] ) & 0xFF) & 0x000000FF) ^ + Ek[NbIndex + 1]; + StateY[2] = (AES_FT2 ((StateX[2] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[3] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[0] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[1] ) & 0xFF) & 0x000000FF) ^ + Ek[NbIndex + 2]; + StateY[3] = (AES_FT2 ((StateX[3] >> 24) ) & 0xFF000000) ^ (AES_FT3 ((StateX[0] >> 16) & 0xFF) & 0x00FF0000) ^ + (AES_FT0 ((StateX[1] >> 8) & 0xFF) & 0x0000FF00) ^ (AES_FT1 ((StateX[2] ) & 0xFF) & 0x000000FF) ^ + Ek[NbIndex + 3]; + + // + // Output the transformed result; + // + for (Index = 0; Index < AES_NB; Index++) { + STORE32H (StateY[Index], OutData + 4 * Index); + } + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h new file mode 100644 index 00000000..11a4d8d4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/AesCore.h @@ -0,0 +1,31 @@ +/** @file + Function prototype for AES Block Cipher support. + +Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __AES_CORE_H__ +#define __AES_CORE_H__ + +/** + Encrypts one single block data (128 bits) with AES algorithm. + + @param[in] Key AES symmetric key buffer. + @param[in] InData One block of input plaintext to be encrypted. + @param[out] OutData Encrypted output ciphertext. + + @retval EFI_SUCCESS AES Block Encryption succeeded. + @retval EFI_INVALID_PARAMETER One or more parameters are invalid. + +**/ +EFI_STATUS +EFIAPI +AesEncrypt ( + IN UINT8 *Key, + IN UINT8 *InData, + OUT UINT8 *OutData + ); + +#endif // __AES_CORE_H__ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c new file mode 100644 index 00000000..0f7b8295 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.c @@ -0,0 +1,128 @@ +/** @file + Support routines for RDRAND instruction access. + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include <Library/RngLib.h> + +#include "AesCore.h" +#include "RdRand.h" +#include "RngDxeInternals.h" + +/** + Creates a 128bit random value that is fully forward and backward prediction resistant, + suitable for seeding a NIST SP800-90 Compliant, FIPS 1402-2 certifiable SW DRBG. + This function takes multiple random numbers through RDRAND without intervening + delays to ensure reseeding and performs AES-CBC-MAC over the data to compute the + seed value. + + @param[out] SeedBuffer Pointer to a 128bit buffer to store the random seed. + + @retval EFI_SUCCESS Random seed generation succeeded. + @retval EFI_NOT_READY Failed to request random bytes. + +**/ +EFI_STATUS +EFIAPI +RdRandGetSeed128 ( + OUT UINT8 *SeedBuffer + ) +{ + EFI_STATUS Status; + UINT8 RandByte[16]; + UINT8 Key[16]; + UINT8 Ffv[16]; + UINT8 Xored[16]; + UINT32 Index; + UINT32 Index2; + + // + // Chose an arbitrary key and zero the feed_forward_value (FFV) + // + for (Index = 0; Index < 16; Index++) { + Key[Index] = (UINT8) Index; + Ffv[Index] = 0; + } + + // + // Perform CBC_MAC over 32 * 128 bit values, with 10us gaps between 128 bit value + // The 10us gaps will ensure multiple reseeds within the HW RNG with a large design margin. + // + for (Index = 0; Index < 32; Index++) { + MicroSecondDelay (10); + Status = RngGetBytes (16, RandByte); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Perform XOR operations on two 128-bit value. + // + for (Index2 = 0; Index2 < 16; Index2++) { + Xored[Index2] = RandByte[Index2] ^ Ffv[Index2]; + } + + AesEncrypt (Key, Xored, Ffv); + } + + for (Index = 0; Index < 16; Index++) { + SeedBuffer[Index] = Ffv[Index]; + } + + return EFI_SUCCESS; +} + +/** + Generate high-quality entropy source through RDRAND. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] Entropy Pointer to the buffer to store the entropy data. + + @retval EFI_SUCCESS Entropy generation succeeded. + @retval EFI_NOT_READY Failed to request random data. + +**/ +EFI_STATUS +EFIAPI +RdRandGenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy + ) +{ + EFI_STATUS Status; + UINTN BlockCount; + UINT8 Seed[16]; + UINT8 *Ptr; + + Status = EFI_NOT_READY; + BlockCount = Length / 16; + Ptr = (UINT8 *)Entropy; + + // + // Generate high-quality seed for DRBG Entropy + // + while (BlockCount > 0) { + Status = RdRandGetSeed128 (Seed); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Ptr, Seed, 16); + + BlockCount--; + Ptr = Ptr + 16; + } + + // + // Populate the remained data as request. + // + Status = RdRandGetSeed128 (Seed); + if (EFI_ERROR (Status)) { + return Status; + } + CopyMem (Ptr, Seed, (Length % 16)); + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h new file mode 100644 index 00000000..0639ffd2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RdRand.h @@ -0,0 +1,43 @@ +/** @file + Header for the RDRAND APIs used by RNG DXE driver. + + Support API definitions for RDRAND instruction access, which will leverage + Intel Secure Key technology to provide high-quality random numbers for use + in applications, or entropy for seeding other random number generators. + Refer to http://software.intel.com/en-us/articles/intel-digital-random-number + -generator-drng-software-implementation-guide/ for more information about Intel + Secure Key technology. + +Copyright (c) 2013, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __RD_RAND_H__ +#define __RD_RAND_H__ + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/TimerLib.h> +#include <Protocol/Rng.h> + +/** + Generate high-quality entropy source through RDRAND. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] Entropy Pointer to the buffer to store the entropy data. + + @retval EFI_SUCCESS Entropy generation succeeded. + @retval EFI_NOT_READY Failed to request random data. + +**/ +EFI_STATUS +EFIAPI +RdRandGenerateEntropy ( + IN UINTN Length, + OUT UINT8 *Entropy + ); + +#endif // __RD_RAND_H__ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c new file mode 100644 index 00000000..800462a1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/Rand/RngDxe.c @@ -0,0 +1,145 @@ +/** @file + RNG Driver to produce the UEFI Random Number Generator protocol. + + The driver will use the new RDRAND instruction to produce high-quality, high-performance + entropy and random number. + + RNG Algorithms defined in UEFI 2.4: + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported + (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG) + - EFI_RNG_ALGORITHM_RAW - Supported + (Structuring RDRAND invocation can be guaranteed as high-quality entropy source) + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID - Unsupported + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID - Unsupported + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID - Unsupported + - EFI_RNG_ALGORITHM_X9_31_AES_GUID - Unsupported + + Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> + (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "RdRand.h" +#include "RngDxeInternals.h" + +/** + Produces and returns an RNG value using either the default or specified RNG algorithm. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG + algorithm to use. May be NULL in which case the function will + use its default RNG algorithm. + @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by + RNGValue. The driver shall return exactly this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the + resulting RNG value. + + @retval EFI_SUCCESS The RNG value was returned successfully. + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by + this driver. + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or + firmware error. + @retval EFI_NOT_READY There is not enough random data available to satisfy the length + requested by RNGValueLength. + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero. + +**/ +EFI_STATUS +EFIAPI +RngGetRNG ( + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ) +{ + EFI_STATUS Status; + + if ((RNGValueLength == 0) || (RNGValue == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Status = EFI_UNSUPPORTED; + if (RNGAlgorithm == NULL) { + // + // Use the default RNG algorithm if RNGAlgorithm is NULL. + // + RNGAlgorithm = &gEfiRngAlgorithmSp80090Ctr256Guid; + } + + // + // NIST SP800-90-AES-CTR-256 supported by RDRAND + // + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmSp80090Ctr256Guid)) { + Status = RngGetBytes (RNGValueLength, RNGValue); + return Status; + } + + // + // The "raw" algorithm is intended to provide entropy directly + // + if (CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw)) { + // + // When a DRBG is used on the output of a entropy source, + // its security level must be at least 256 bits according to UEFI Spec. + // + if (RNGValueLength < 32) { + return EFI_INVALID_PARAMETER; + } + + Status = RdRandGenerateEntropy (RNGValueLength, RNGValue); + return Status; + } + + // + // Other algorithms were unsupported by this driver. + // + return Status; +} + +/** + Returns information about the random number generation implementation. + + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. + On output with a return code of EFI_SUCCESS, the size + in bytes of the data returned in RNGAlgorithmList. On output + with a return code of EFI_BUFFER_TOO_SMALL, + the size of RNGAlgorithmList required to obtain the list. + @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver + with one EFI_RNG_ALGORITHM element for each supported + RNG algorithm. The list must not change across multiple + calls to the same driver. The first algorithm in the list + is the default algorithm for the driver. + + @retval EFI_SUCCESS The RNG algorithm list was returned successfully. + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. + +**/ +UINTN +EFIAPI +ArchGetSupportedRngAlgorithms ( + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + ) +{ + UINTN RequiredSize; + EFI_RNG_ALGORITHM *CpuRngSupportedAlgorithm; + + RequiredSize = 2 * sizeof (EFI_RNG_ALGORITHM); + + if (*RNGAlgorithmListSize < RequiredSize) { + *RNGAlgorithmListSize = RequiredSize; + return EFI_BUFFER_TOO_SMALL; + } + + CpuRngSupportedAlgorithm = PcdGetPtr (PcdCpuRngSupportedAlgorithm); + + CopyMem(&RNGAlgorithmList[0], CpuRngSupportedAlgorithm, sizeof (EFI_RNG_ALGORITHM)); + + // x86 platforms also support EFI_RNG_ALGORITHM_RAW via RDSEED + CopyMem(&RNGAlgorithmList[1], &gEfiRngAlgorithmRaw, sizeof (EFI_RNG_ALGORITHM)); + + *RNGAlgorithmListSize = RequiredSize; + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c new file mode 100644 index 00000000..a7c7a101 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.c @@ -0,0 +1,162 @@ +/** @file + RNG Driver to produce the UEFI Random Number Generator protocol. + + The driver uses CPU RNG instructions to produce high-quality, + high-performance entropy and random number. + + RNG Algorithms defined in UEFI 2.4: + - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID + - EFI_RNG_ALGORITHM_RAW + - EFI_RNG_ALGORITHM_SP800_90_HMAC_256_GUID + - EFI_RNG_ALGORITHM_SP800_90_HASH_256_GUID + - EFI_RNG_ALGORITHM_X9_31_3DES_GUID + - EFI_RNG_ALGORITHM_X9_31_AES_GUID + +Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/RngLib.h> +#include <Library/TimerLib.h> +#include <Protocol/Rng.h> + +#include "RngDxeInternals.h" + +/** + Returns information about the random number generation implementation. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. + On output with a return code of EFI_SUCCESS, the size + in bytes of the data returned in RNGAlgorithmList. On output + with a return code of EFI_BUFFER_TOO_SMALL, + the size of RNGAlgorithmList required to obtain the list. + @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver + with one EFI_RNG_ALGORITHM element for each supported + RNG algorithm. The list must not change across multiple + calls to the same driver. The first algorithm in the list + is the default algorithm for the driver. + + @retval EFI_SUCCESS The RNG algorithm list was returned successfully. + @retval EFI_UNSUPPORTED The services is not supported by this driver. + @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a + hardware or firmware error. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. + +**/ +EFI_STATUS +EFIAPI +RngGetInfo ( + IN EFI_RNG_PROTOCOL *This, + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + ) +{ + EFI_STATUS Status; + + if ((This == NULL) || (RNGAlgorithmListSize == NULL)) { + return EFI_INVALID_PARAMETER; + } + + // + // Return algorithm list supported by driver. + // + if (RNGAlgorithmList != NULL) { + Status = ArchGetSupportedRngAlgorithms (RNGAlgorithmListSize, RNGAlgorithmList); + } else { + Status = EFI_INVALID_PARAMETER; + } + + return Status; +} + +// +// The Random Number Generator (RNG) protocol +// +EFI_RNG_PROTOCOL mRngRdRand = { + RngGetInfo, + RngGetRNG +}; + +/** + The user Entry Point for the Random Number Generator (RNG) driver. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval EFI_NOT_SUPPORTED Platform does not support RNG. + @retval Other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +RngDriverEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + + // + // Install UEFI RNG (Random Number Generator) Protocol + // + Handle = NULL; + Status = gBS->InstallMultipleProtocolInterfaces ( + &Handle, + &gEfiRngProtocolGuid, + &mRngRdRand, + NULL + ); + + return Status; +} + + +/** + Calls RDRAND to fill a buffer of arbitrary size with random bytes. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] RandBuffer Pointer to the buffer to store the random result. + + @retval EFI_SUCCESS Random bytes generation succeeded. + @retval EFI_NOT_READY Failed to request random bytes. + +**/ +EFI_STATUS +EFIAPI +RngGetBytes ( + IN UINTN Length, + OUT UINT8 *RandBuffer + ) +{ + BOOLEAN IsRandom; + UINT64 TempRand[2]; + + while (Length > 0) { + IsRandom = GetRandomNumber128 (TempRand); + if (!IsRandom) { + return EFI_NOT_READY; + } + if (Length >= sizeof (TempRand)) { + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[0]); + RandBuffer += sizeof (UINT64); + WriteUnaligned64 ((UINT64*)RandBuffer, TempRand[1]); + RandBuffer += sizeof (UINT64); + Length -= sizeof (TempRand); + } else { + CopyMem (RandBuffer, TempRand, Length); + Length = 0; + } + } + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf new file mode 100644 index 00000000..f0c39646 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf @@ -0,0 +1,80 @@ +## @file +# Produces the UEFI Random Number Generator protocol +# +# This module will leverage Intel Secure Key technology to produce the Random +# Number Generator protocol, which is used to provide high-quality random numbers +# for use in applications, or entropy for seeding other random number generators. +# Refer to http://software.intel.com/en-us/articles/intel-digital-random-number +# -generator-drng-software-implementation-guide/ for more information about Intel +# Secure Key technology. +# +# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR> +# (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = RngDxe + FILE_GUID = B981A835-6EE8-4f4c-AE0B-210AA0BFBF01 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = RngDriverEntry + MODULE_UNI_FILE = RngDxe.uni + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 AARCH64 +# + +[Sources.common] + RngDxe.c + RngDxeInternals.h + +[Sources.IA32, Sources.X64] + Rand/RngDxe.c + Rand/RdRand.c + Rand/RdRand.h + Rand/AesCore.c + Rand/AesCore.h + +[Sources.AARCH64] + AArch64/RngDxe.c + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + UefiLib + UefiBootServicesTableLib + BaseLib + DebugLib + UefiDriverEntryPoint + TimerLib + RngLib + +[Guids] + gEfiRngAlgorithmSp80090Hash256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmSp80090Hmac256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmSp80090Ctr256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmX9313DesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmX931AesGuid ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG + gEfiRngAlgorithmRaw ## SOMETIMES_PRODUCES ## GUID # Unique ID of the algorithm for RNG + +[Protocols] + gEfiRngProtocolGuid ## PRODUCES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm ## CONSUMES + +[Depex] + TRUE + +[BuildOptions] + XCODE:*_*_*_CC_FLAGS = -mmmx -msse + +[UserExtensions.TianoCore."ExtraFiles"] + RngDxeExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.uni new file mode 100644 index 00000000..975c4663 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.uni @@ -0,0 +1,21 @@ +// /** @file
+// Produces the UEFI Random Number Generator protocol
+//
+// This module will leverage Intel Secure Key technology to produce the Random
+// Number Generator protocol, which is used to provide high-quality random numbers
+// for use in applications, or entropy for seeding other random number generators.
+// Refer to http://software.intel.com/en-us/articles/intel-digital-random-number
+// -generator-drng-software-implementation-guide/ for more information about Intel
+// Secure Key technology.
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Produces UEFI Random Number Generator protocol"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module will produce UEFI Random Number Generator protocol. In current implementation, Only SP800_90_CTR_256 and "RAW" RNG algorithms are supported."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeExtra.uni new file mode 100644 index 00000000..0c7731e4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// RngDxe Localized Strings and Content
+//
+// Copyright (c) 2014 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"UEFI Random Number Generator DXE"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h new file mode 100644 index 00000000..61e2d90c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxeInternals.h @@ -0,0 +1,117 @@ +/** @file + Function prototypes for UEFI Random Number Generator protocol support. + + Copyright (c) 2021, NUVIA Inc. All rights reserved.<BR> + + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef RNGDXE_INTERNALS_H_ +#define RNGDXE_INTERNALS_H_ + +/** + Returns information about the random number generation implementation. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. + On output with a return code of EFI_SUCCESS, the size + in bytes of the data returned in RNGAlgorithmList. On output + with a return code of EFI_BUFFER_TOO_SMALL, + the size of RNGAlgorithmList required to obtain the list. + @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver + with one EFI_RNG_ALGORITHM element for each supported + RNG algorithm. The list must not change across multiple + calls to the same driver. The first algorithm in the list + is the default algorithm for the driver. + + @retval EFI_SUCCESS The RNG algorithm list was returned successfully. + @retval EFI_UNSUPPORTED The services is not supported by this driver. + @retval EFI_DEVICE_ERROR The list of algorithms could not be retrieved due to a + hardware or firmware error. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. + +**/ +EFI_STATUS +EFIAPI +RngGetInfo ( + IN EFI_RNG_PROTOCOL *This, + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + ); + +/** + Produces and returns an RNG value using either the default or specified RNG algorithm. + + @param[in] This A pointer to the EFI_RNG_PROTOCOL instance. + @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that identifies the RNG + algorithm to use. May be NULL in which case the function will + use its default RNG algorithm. + @param[in] RNGValueLength The length in bytes of the memory buffer pointed to by + RNGValue. The driver shall return exactly this numbers of bytes. + @param[out] RNGValue A caller-allocated memory buffer filled by the driver with the + resulting RNG value. + + @retval EFI_SUCCESS The RNG value was returned successfully. + @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm is not supported by + this driver. + @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due to a hardware or + firmware error. + @retval EFI_NOT_READY There is not enough random data available to satisfy the length + requested by RNGValueLength. + @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is zero. + +**/ +EFI_STATUS +EFIAPI +RngGetRNG ( + IN EFI_RNG_PROTOCOL *This, + IN EFI_RNG_ALGORITHM *RNGAlgorithm, OPTIONAL + IN UINTN RNGValueLength, + OUT UINT8 *RNGValue + ); + +/** + Returns information about the random number generation implementation. + + @param[in,out] RNGAlgorithmListSize On input, the size in bytes of RNGAlgorithmList. + On output with a return code of EFI_SUCCESS, the size + in bytes of the data returned in RNGAlgorithmList. On output + with a return code of EFI_BUFFER_TOO_SMALL, + the size of RNGAlgorithmList required to obtain the list. + @param[out] RNGAlgorithmList A caller-allocated memory buffer filled by the driver + with one EFI_RNG_ALGORITHM element for each supported + RNG algorithm. The list must not change across multiple + calls to the same driver. The first algorithm in the list + is the default algorithm for the driver. + + @retval EFI_SUCCESS The RNG algorithm list was returned successfully. + @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small to hold the result. + +**/ +UINTN +EFIAPI +ArchGetSupportedRngAlgorithms ( + IN OUT UINTN *RNGAlgorithmListSize, + OUT EFI_RNG_ALGORITHM *RNGAlgorithmList + ); + +/** + Runs CPU RNG instruction to fill a buffer of arbitrary size with random bytes. + + @param[in] Length Size of the buffer, in bytes, to fill with. + @param[out] RandBuffer Pointer to the buffer to store the random result. + + @retval EFI_SUCCESS Random bytes generation succeeded. + @retval EFI_NOT_READY Failed to request random bytes. + +**/ +EFI_STATUS +EFIAPI +RngGetBytes ( + IN UINTN Length, + OUT UINT8 *RandBuffer + ); + +#endif // RNGDXE_INTERNALS_H_ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.ci.yaml b/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.ci.yaml new file mode 100644 index 00000000..2b819e4c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.ci.yaml @@ -0,0 +1,96 @@ +## @file +# CI configuration for SecurityPkg +# +# Copyright (c) Microsoft Corporation +# Copyright (c) 2020, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +## +{ + "LicenseCheck": { + "IgnoreFiles": [] + }, + "EccCheck": { + ## Exception sample looks like below: + ## "ExceptionList": [ + ## "<ErrorID>", "<KeyWord>" + ## ] + "ExceptionList": [ + ], + ## Both file path and directory path are accepted. + "IgnoreFiles": [ + ] + }, + "CompilerPlugin": { + "DscPath": "SecurityPkg.dsc" + }, + "CharEncodingCheck": { + "IgnoreFiles": [] + }, + "DependencyCheck": { + "AcceptableDependencies": [ + "MdePkg/MdePkg.dec", + "MdeModulePkg/MdeModulePkg.dec", + "SecurityPkg/SecurityPkg.dec", + "StandaloneMmPkg/StandaloneMmPkg.dec", + "CryptoPkg/CryptoPkg.dec" + ], + # For host based unit tests + "AcceptableDependencies-HOST_APPLICATION":[], + # For UEFI shell based apps + "AcceptableDependencies-UEFI_APPLICATION":[], + "IgnoreInf": [] + }, + "DscCompleteCheck": { + "DscPath": "SecurityPkg.dsc", + "IgnoreInf": [] + }, + "GuidCheck": { + "IgnoreGuidName": [], + "IgnoreGuidValue": ["00000000-0000-0000-0000-000000000000"], + "IgnoreFoldersAndFiles": [], + "IgnoreDuplicates": [ + "Tpm2InstanceLibDTpm=gEfiTpmDeviceInstanceTpm20DtpmGuid", # by design + ] + }, + "LibraryClassCheck": { + "IgnoreHeaderFile": [] + }, + + ## options defined ci/Plugin/SpellCheck + "SpellCheck": { + "AuditOnly": True, # Fails test but run in AuditOnly mode to collect log + "ExtendWords": [ # words to extend to the dictionary for this package + "shortformed", # tpm acpi + "autodetect", + "blocksid", + "comid", + "cpinsidpin", #OpalSScV2 + "ecdsa", # TPM + "ecschnorr", # TPM + "eisaid", # ACPI + "harddisk", + "hashall", + "hashto", + "kek's", + "lfanew", # PE/COFF + "pcrindex", + "pkglength", + "ppuser", + "preos", + "stclear", + "toctou", + "tpm's", + "tpmcmdbuflength", + "tpmcommlib", + "tpmnvvaluelength", + "wrlocked", + "xored" + ], + "IgnoreStandardPaths": [], # Standard Plugin defined paths that should be ignore + "AdditionalIncludePaths": [] # Additional paths to spell check (wildcards supported) + }, + + "Defines": { + "BLD_*_CONTINUOUS_INTEGRATION": "TRUE", + } +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.dec b/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.dec new file mode 100644 index 00000000..e8993fba --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.dec @@ -0,0 +1,545 @@ +## @file SecurityPkg.dec +# Provides security features that conform to TCG/UEFI industry standards +# +# The security features include secure boot, measured boot and user identification. +# It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) +# and libraries instances, which are used for those features. +# +# Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR> +# (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR> +# Copyright (c) Microsoft Corporation.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + DEC_SPECIFICATION = 0x00010005 + PACKAGE_NAME = SecurityPkg + PACKAGE_UNI_FILE = SecurityPkg.uni + PACKAGE_GUID = 4EFC4F66-6219-4427-B780-FB99F470767F + PACKAGE_VERSION = 0.98 + +[Includes] + Include + +[LibraryClasses] + ## @libraryclass Provides hash interfaces from different implementations. + # + HashLib|Include/Library/HashLib.h + + ## @libraryclass Provides a platform specific interface to detect physically present user. + # + PlatformSecureLib|Include/Library/PlatformSecureLib.h + + ## @libraryclass Provides interfaces to handle TPM 1.2 request. + # + TcgPhysicalPresenceLib|Include/Library/TcgPhysicalPresenceLib.h + + ## @libraryclass Provides support for TCG PP >= 128 Vendor Specific PPI Operation. + # + TcgPpVendorLib|Include/Library/TcgPpVendorLib.h + + ## @libraryclass Provides interfaces for other modules to send TPM 2.0 command. + # + Tpm2CommandLib|Include/Library/Tpm2CommandLib.h + + ## @libraryclass Provides interfaces on how to access TPM 2.0 hardware device. + # + Tpm2DeviceLib|Include/Library/Tpm2DeviceLib.h + + ## @libraryclass Provides interfaces for other modules to send TPM 1.2 command. + # + Tpm12CommandLib|Include/Library/Tpm12CommandLib.h + + ## @libraryclass Provides interfaces on how to access TPM 1.2 hardware device. + # + Tpm12DeviceLib|Include/Library/Tpm12DeviceLib.h + + ## @libraryclass Provides TPM Interface Specification (TIS) interfaces for TPM command. + # + TpmCommLib|Include/Library/TpmCommLib.h + + ## @libraryclass Provides support for TCG Physical Presence Interface (PPI) specification + # >= 128 Vendor Specific PPI Operation. + # + Tcg2PpVendorLib|Include/Library/Tcg2PpVendorLib.h + + ## @libraryclass Handle TPM 2.0 physical presence request from OS. + # + Tcg2PhysicalPresenceLib|Include/Library/Tcg2PhysicalPresenceLib.h + + ## @libraryclass Provides interfaces about TCG storage generic command. + # + TcgStorageCoreLib|Include/Library/TcgStorageCoreLib.h + + ## @libraryclass Provides interfaces about TCG storage Opal generic command. + # + TcgStorageOpalLib|Include/Library/TcgStorageOpalLib.h + + ## @libraryclass Provides interfaces to access RPMC device. + # + RpmcLib|Include/Library/RpmcLib.h + + ## @libraryclass Provides interfaces to access variable root key. + # + VariableKeyLib|Include/Library/VariableKeyLib.h + + ## @libraryclass Provides interfaces about firmware TPM measurement. + # + TcgEventLogRecordLib|Include/Library/TcgEventLogRecordLib.h +[Guids] + ## Security package token space guid. + # Include/Guid/SecurityPkgTokenSpace.h + gEfiSecurityPkgTokenSpaceGuid = { 0xd3fb176, 0x9569, 0x4d51, { 0xa3, 0xef, 0x7d, 0x61, 0xc6, 0x4f, 0xea, 0xba }} + + ## GUID used to "SecureBootEnable" variable for the Secure Boot feature enable/disable. + # This variable is used for allowing a physically present user to disable Secure Boot via firmware setup without the possession of PKpriv. + # Include/Guid/AuthenticatedVariableFormat.h + gEfiSecureBootEnableDisableGuid = { 0xf0a30bc7, 0xaf08, 0x4556, { 0x99, 0xc4, 0x0, 0x10, 0x9, 0xc9, 0x3a, 0x44 } } + + ## GUID used to "CustomMode" variable for two Secure Boot modes feature: "Custom" and "Standard". + # Standard Secure Boot mode is the default mode as UEFI Spec's description. + # Custom Secure Boot mode allows for more flexibility as specified in the following: + # Can enroll or delete PK without existing PK's private key. + # Can enroll or delete KEK without existing PK's private key. + # Can enroll or delete signature from DB/DBX without KEK's private key. + # Include/Guid/AuthenticatedVariableFormat.h + gEfiCustomModeEnableGuid = { 0xc076ec0c, 0x7028, 0x4399, { 0xa0, 0x72, 0x71, 0xee, 0x5c, 0x44, 0x8b, 0x9f } } + + ## GUID used to "VendorKeysNv" variable to record the out of band secure boot keys modification. + # This variable is a read-only NV variable that indicates whether someone other than the platform vendor has used a + # mechanism not defined by the UEFI Specification to transition the system to setup mode or to update secure boot keys. + # Include/Guid/AuthenticatedVariableFormat.h + gEfiVendorKeysNvGuid = { 0x9073e4e0, 0x60ec, 0x4b6e, { 0x99, 0x3, 0x4c, 0x22, 0x3c, 0x26, 0xf, 0x3c } } + + ## GUID used to "certdb"/"certdbv" variable to store the signer's certificates for common variables with EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS attribute. + # Include/Guid/AuthenticatedVariableFormat.h + gEfiCertDbGuid = { 0xd9bee56e, 0x75dc, 0x49d9, { 0xb4, 0xd7, 0xb5, 0x34, 0x21, 0xf, 0x63, 0x7a } } + + ## Hob GUID used to pass a TCG_PCR_EVENT from a TPM PEIM to a TPM DXE Driver. + # Include/Guid/TcgEventHob.h + gTcgEventEntryHobGuid = { 0x2b9ffb52, 0x1b13, 0x416f, { 0xa8, 0x7b, 0xbc, 0x93, 0xd, 0xef, 0x92, 0xa8 }} + + ## Hob GUID used to pass a TCG_PCR_EVENT_2 from a TPM2 PEIM to a TPM2 DXE Driver. + ## Include/Guid/TcgEventHob.h + gTcgEvent2EntryHobGuid = { 0xd26c221e, 0x2430, 0x4c8a, { 0x91, 0x70, 0x3f, 0xcb, 0x45, 0x0, 0x41, 0x3f }} + + ## HOB GUID used to record TPM device error. + # Include/Guid/TcgEventHob.h + gTpmErrorHobGuid = { 0xef598499, 0xb25e, 0x473a, { 0xbf, 0xaf, 0xe7, 0xe5, 0x7d, 0xce, 0x82, 0xc4 }} + + ## HOB GUID used to record TPM2 startup locality + ## Include/Guid/TcgEventHob.h + gTpm2StartupLocalityHobGuid = { 0x397b0c9, 0x22e8, 0x459e, { 0xa4, 0xff, 0x99, 0xbc, 0x65, 0x27, 0x9, 0x29 }} + + ## HOB GUID used to record TCG 800-155 PlatformId Event + ## Include/Guid/TcgEventHob.h + gTcg800155PlatformIdEventHobGuid = { 0xe2c3bc69, 0x615c, 0x4b5b, { 0x8e, 0x5c, 0xa0, 0x33, 0xa9, 0xc2, 0x5e, 0xd6 }} + + ## HOB GUID used to pass all PEI measured FV info to DXE Driver. + # Include/Guid/MeasuredFvHob.h + gMeasuredFvHobGuid = { 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }} + + ## GUID used to "PhysicalPresence" variable and "PhysicalPresenceFlags" variable for TPM request and response. + # Include/Guid/PhysicalPresenceData.h + gEfiPhysicalPresenceGuid = { 0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }} + + ## GUID used to "Tcg2PhysicalPresence" variable and "Tcg2PhysicalPresenceFlags" variable for TPM2 request and response. + # Include/Guid/Tcg2PhysicalPresenceData.h + gEfiTcg2PhysicalPresenceGuid = { 0xaeb9c5c1, 0x94f1, 0x4d02, { 0xbf, 0xd9, 0x46, 0x2, 0xdb, 0x2d, 0x3c, 0x54 }} + + ## GUID used for FormSet guid and user profile variable. + # Include/Guid/UserIdentifyManagerHii.h + gUserIdentifyManagerGuid = { 0x3ccd3dd8, 0x8d45, 0x4fed, { 0x96, 0x2d, 0x2b, 0x38, 0xcd, 0x82, 0xb3, 0xc4 }} + + ## GUID used for FormSet. + # Include/Guid/TcgConfigHii.h + gTcgConfigFormSetGuid = { 0xb0f901e4, 0xc424, 0x45de, { 0x90, 0x81, 0x95, 0xe2, 0xb, 0xde, 0x6f, 0xb5 }} + + ## GUID used for FormSet and config variable. + # Include/Guid/Tcg2ConfigHii.h + gTcg2ConfigFormSetGuid = {0x6339d487, 0x26ba, 0x424b, { 0x9a, 0x5d, 0x68, 0x7e, 0x25, 0xd7, 0x40, 0xbc }} + + ## GUID used for FormSet. + # Include/Guid/SecureBootConfigHii.h + gSecureBootConfigFormSetGuid = { 0x5daf50a5, 0xea81, 0x4de2, {0x8f, 0x9b, 0xca, 0xbd, 0xa9, 0xcf, 0x5c, 0x14}} + + ## GUID value used for PcdTpmInstanceGuid to indicate TPM is disabled. + # Include/Guid/TpmInstance.h + gEfiTpmDeviceInstanceNoneGuid = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } } + + ## GUID value used for PcdTpmInstanceGuid to indicate TPM 1.2 device is selected to support. + # Include/Guid/TpmInstance.h + gEfiTpmDeviceInstanceTpm12Guid = { 0x8b01e5b6, 0x4f19, 0x46e8, { 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc } } + + ## GUID value used for PcdTpmInstanceGuid to indicate discrete TPM 2.0 device is selected to support. + # Include/Guid/TpmInstance.h + gEfiTpmDeviceInstanceTpm20DtpmGuid = { 0x286bf25a, 0xc2c3, 0x408c, { 0xb3, 0xb4, 0x25, 0xe6, 0x75, 0x8b, 0x73, 0x17 } } + + ## GUID used to select supported TPM instance from UI. + # Include/Guid/TpmInstance.h + gEfiTpmDeviceSelectedGuid = { 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } } + + ## Include/OpalPasswordExtraInfoVariable.h + gOpalExtraInfoVariableGuid = {0x44a2ad5d, 0x612c, 0x47b3, {0xb0, 0x6e, 0xc8, 0xf5, 0x0b, 0xfb, 0xf0, 0x7d}} + + ## GUID used to exchange registered SWI value and NVS region between Tcg2Acpi and Tcg2Smm. + ## Include/Guid/TpmNvsMm.h + gTpmNvsMmGuid = { 0xc96c76eb, 0xbc78, 0x429c, { 0x9f, 0x4b, 0xda, 0x51, 0x78, 0xc2, 0x84, 0x57 }} + + ## GUID used to enforce loading order between Tcg2Acpi and Tcg2Smm + gTcg2MmSwSmiRegisteredGuid = { 0x9d4548b9, 0xa48d, 0x4db4, { 0x9a, 0x68, 0x32, 0xc5, 0x13, 0x9e, 0x20, 0x18 } } + + +[Ppis] + ## The PPI GUID for that TPM physical presence should be locked. + # Include/Ppi/LockPhysicalPresence.h + gPeiLockPhysicalPresencePpiGuid = { 0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } } + + ## The PPI GUID for that TPM is initialized. + # Include/Ppi/TpmInitialized.h + gPeiTpmInitializedPpiGuid = { 0xe9db0d58, 0xd48d, 0x47f6, { 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 }} + + ## The PPI GUID for that TPM initialization is done. TPM initialization may be success or fail. + # Include/Ppi/TpmInitialized.h + gPeiTpmInitializationDonePpiGuid = { 0xa030d115, 0x54dd, 0x447b, { 0x90, 0x64, 0xf2, 0x6, 0x88, 0x3d, 0x7c, 0xcc }} + + ## Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid = { 0x6e056ff9, 0xc695, 0x4364, { 0x9e, 0x2c, 0x61, 0x26, 0xf5, 0xce, 0xea, 0xae } } + + ## Include/Ppi/FirmwareVolumeInfoPrehashedFV.h + gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid = { 0x3ce1e631, 0x7008, 0x477c, { 0xad, 0xa7, 0x5d, 0xcf, 0xc7, 0xc1, 0x49, 0x4b } } + + ## Include/Ppi/FirmwareVolumeInfoStoredHashFv.h + gEdkiiPeiFirmwareVolumeInfoStoredHashFvPpiGuid = {0x7f5e4e31, 0x81b1, 0x47e5, { 0x9e, 0x21, 0x1e, 0x4b, 0x5b, 0xc2, 0xf6, 0x1d } } + + ## Include/Ppi/Tcg.h + gEdkiiTcgPpiGuid = {0x57a13b87, 0x133d, 0x4bf3, { 0xbf, 0xf1, 0x1b, 0xca, 0xc7, 0x17, 0x6c, 0xf1 } } + +# +# [Error.gEfiSecurityPkgTokenSpaceGuid] +# 0x80000001 | Invalid value provided. +# 0x80000002 | Reserved bits must be set to zero. +# 0x80000003 | Incorrect progress or error code provided. +# + +[PcdsFixedAtBuild, PcdsPatchableInModule] + ## Image verification policy for removable media which includes CD-ROM, Floppy, USB and network. + # Only following values are valid:<BR><BR> + # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR> + # 0x00000000 Always trust the image.<BR> + # 0x00000001 Never trust the image.<BR> + # 0x00000002 Allow execution when there is security violation.<BR> + # 0x00000003 Defer execution when there is security violation.<BR> + # 0x00000004 Deny execution when there is security violation.<BR> + # 0x00000005 Query user when there is security violation.<BR> + # @Prompt Set policy for the image from removable media. + # @ValidRange 0x80000001 | 0x00000000 - 0x00000005 + gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04|UINT32|0x00000002 + + ## Image verification policy for fixed media which includes hard disk. + # Only following values are valid:<BR><BR> + # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR> + # 0x00000000 Always trust the image.<BR> + # 0x00000001 Never trust the image.<BR> + # 0x00000002 Allow execution when there is security violation.<BR> + # 0x00000003 Defer execution when there is security violation.<BR> + # 0x00000004 Deny execution when there is security violation.<BR> + # 0x00000005 Query user when there is security violation.<BR> + # @Prompt Set policy for the image from fixed media. + # @ValidRange 0x80000001 | 0x00000000 - 0x00000005 + gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04|UINT32|0x00000003 + + ## Defer Image Load policy settings. The policy is bitwise. + # If a bit is set, the image from corresponding device will be trusted when loading. Or + # the image will be deferred. The deferred image will be checked after user is identified.<BR><BR> + # BIT0 - Image from unknown device. <BR> + # BIT1 - Image from firmware volume.<BR> + # BIT2 - Image from OptionRom.<BR> + # BIT3 - Image from removable media which includes CD-ROM, Floppy, USB and network.<BR> + # BIT4 - Image from fixed media device which includes hard disk.<BR> + # @Prompt Set policy whether trust image before user identification. + # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F + gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy|0x0000001F|UINT32|0x0000004 + + ## Null-terminated Unicode string of the file name that is the default name to save USB credential. + # The specified file should be saved at the root directory of USB storage disk. + # @Prompt File name to save credential. + gEfiSecurityPkgTokenSpaceGuid.PcdFixedUsbCredentialProviderTokenFileName|L"Token.bin"|VOID*|0x00000005 + + ## The size of Append variable buffer. This buffer is reserved for runtime use, OS can append data into one existing variable. + # Note: This PCD is not been used. + # @Prompt Max variable size for append operation. + gEfiSecurityPkgTokenSpaceGuid.PcdMaxAppendVariableSize|0x2000|UINT32|0x30000005 + + ## Specifies the type of TCG platform that contains TPM chip.<BR><BR> + # If 0, TCG platform type is PC client.<BR> + # If 1, TCG platform type is PC server.<BR> + # @Prompt Select platform type. + # @ValidRange 0x80000001 | 0x00 - 0x1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass|0|UINT8|0x00000006 + + ## Progress Code for TPM device subclass definitions.<BR><BR> + # EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000D0000) = 0x010D0000<BR> + # @Prompt Status Code for TPM device definitions + # @ValidList 0x80000003 | 0x010D0000 + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007 + + ## Defines the IO port used to trigger a software System Management Interrupt (SMI).<BR><BR> + # Used as the SMI Command IO port by security functionality that triggers a software SMI such + # as Physical Presence Interface (PPI).<BR> + # @Prompt SMI Command IO port. + gEfiSecurityPkgTokenSpaceGuid.PcdSmiCommandIoPort|0xB2|UINT16|0x00000009 + + ## Progress Code for FV verification result.<BR><BR> + # (EFI_SOFTWARE_PEI_MODULE | EFI_SUBCLASS_SPECIFIC | XXX) + # @Prompt Status Code for FV verification result + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationPass|0x0303100A|UINT32|0x00010030 + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeFvVerificationFail|0x0303100B|UINT32|0x00010031 + + gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}|VOID*|0x00010032 + +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] + ## Image verification policy for OptionRom. Only following values are valid:<BR><BR> + # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR> + # 0x00000000 Always trust the image.<BR> + # 0x00000001 Never trust the image.<BR> + # 0x00000002 Allow execution when there is security violation.<BR> + # 0x00000003 Defer execution when there is security violation.<BR> + # 0x00000004 Deny execution when there is security violation.<BR> + # 0x00000005 Query user when there is security violation.<BR> + # @Prompt Set policy for the image from OptionRom. + # @ValidRange 0x80000001 | 0x00000000 - 0x00000005 + gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001 + + ## Indicates the presence or absence of the platform operator during firmware booting. + # If platform operator is not physical presence during boot. TPM will be locked and the TPM commands + # that required operator physical presence can not run.<BR><BR> + # TRUE - The platform operator is physically present.<BR> + # FALSE - The platform operator is not physically present.<BR> + # @Prompt Physical presence of the platform operator. + gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence|TRUE|BOOLEAN|0x00010001 + +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] + ## Indicates whether TPM physical presence is locked during platform initialization. + # Once it is locked, it can not be unlocked for TPM life time.<BR><BR> + # TRUE - Lock TPM physical presence asserting method.<BR> + # FALSE - Not lock TPM physical presence asserting method.<BR> + # @Prompt Lock TPM physical presence asserting method. + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock|FALSE|BOOLEAN|0x00010003 + +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] + ## Indicates whether the platform supports the software method of asserting physical presence.<BR><BR> + # TRUE - Supports the software method of asserting physical presence.<BR> + # FALSE - Does not support the software method of asserting physical presence.<BR> + # @Prompt Enable software method of asserting physical presence. + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable|TRUE|BOOLEAN|0x00010004 + +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] + ## Indicates whether the platform supports the hardware method of asserting physical presence.<BR><BR> + # TRUE - Supports the hardware method of asserting physical presence.<BR> + # FALSE - Does not support the hardware method of asserting physical presence.<BR> + # @Prompt Enable hardware method of asserting physical presence. + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable|TRUE|BOOLEAN|0x00010005 + +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx] + ## This PCD indicates if debugger exists. <BR><BR> + # TRUE - Firmware debugger exists.<BR> + # FALSE - Firmware debugger doesn't exist.<BR> + # @Prompt Firmware debugger status. + gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized|FALSE|BOOLEAN|0x00010009 + + ## This PCD indicates the initialization policy for TPM 2.0.<BR><BR> + # If 0, no initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.<BR> + # If 1, initialization needed.<BR> + # @Prompt TPM 2.0 device initialization policy.<BR> + # @ValidRange 0x80000001 | 0x00 - 0x1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1|UINT8|0x0001000A + + ## This PCD indicates the initialization policy for TPM 1.2.<BR><BR> + # If 0, no initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.<BR> + # If 1, initialization needed.<BR> + # @Prompt TPM 1.2 device initialization policy. + # @ValidRange 0x80000001 | 0x00 - 0x1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1|UINT8|0x0001000B + + ## This PCD indicates the TPM 2.0 SelfTest policy.<BR><BR> + # if 0, no SelfTest needed - most likely used for fTPM, because it might already be tested.<BR> + # if 1, SelfTest needed.<BR> + # @Prompt TPM 2.0 device selftest. + # @ValidRange 0x80000001 | 0x00 - 0x1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy|1|UINT8|0x0001000C + + ## This PCD indicates Static Core Root of Trust for Measurement (SCRTM) policy using TPM 2.0.<BR><BR> + # if 0, no SCRTM measurement needed - In this case, it is already done.<BR> + # if 1, SCRTM measurement done by BIOS.<BR> + # @Prompt SCRTM policy setting for TPM 2.0 device. + # @ValidRange 0x80000001 | 0x00 - 0x1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy|1|UINT8|0x0001000D + + ## This PCD indicates Static Core Root of Trust for Measurement (SCRTM) policy using TPM 1.2.<BR><BR> + # if 0, no SCRTM measurement needed - In this case, it is already done.<BR> + # if 1, SCRTM measurement done by BIOS.<BR> + # @Prompt SCRTM policy setting for TPM 1.2 device + # @ValidRange 0x80000001 | 0x00 - 0x1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E + + ## Guid name to identify TPM instance.<BR><BR> + # NOTE: This Pcd must be FixedAtBuild if Standalone MM is used + # TPM_DEVICE_INTERFACE_NONE means disable.<BR> + # TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.<BR> + # TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.<BR> + # Other GUID value means other TPM 2.0 device.<BR> + # @Prompt TPM device type identifier + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid |{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }|VOID*|0x0001000F + + ## This PCD indicates if BIOS auto detect TPM1.2 or dTPM2.0.<BR><BR> + # FALSE - No auto detection.<BR> + # TRUE - Auto detection.<BR> + # @Prompt TPM type detection. + gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection|TRUE|BOOLEAN|0x00010011 + + ## This PCD indicates TPM base address.<BR><BR> + # @Prompt TPM device address. + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0xFED40000|UINT64|0x00010012 + + ## This PCR means the OEM configured number of PCR banks. + # 0 means dynamic get from supported HASH algorithm + # @Prompt OEM configured number of PCR banks. + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks|0x0|UINT32|0x00010015 + + ## Provides one or more SHA 256 Hashes of the RSA 2048 public keys used to verify Recovery and Capsule Update images + # WARNING: The default value is treated as test key. Please do not use default value in the production. + # @Prompt One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images + # + gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, 0x96, 0xa2, 0xd4, 0xa6, 0x4d}|VOID*|0x00010013 + + ## Provides one PKCS7 cert used to verify Recovery and Capsule Update images + # WARNING: The default value is treated as test key. Please do not use default value in the production. + # @Prompt One PKCS7 cert used to verify Recovery and Capsule Update images + # + gEfiSecurityPkgTokenSpaceGuid.PcdPkcs7CertBuffer|{0x30, 0x82, 0x03, 0xec, 0x30, 0x82, 0x02, 0xd4, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xc0, 0x91, 0xc5, 0xe2, 0xb7, 0x66, 0xc0, 0xf8, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x82, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x54, 0x69, 0x61, 0x6e, 0x6f, 0x43, 0x6f, 0x72, 0x65, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x05, 0x45, 0x44, 0x4b, 0x49, 0x49, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x65, 0x64, 0x6b, 0x69, 0x69, 0x40, 0x74, 0x69, 0x61, 0x6e, 0x6f, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x34, 0x31, 0x30, 0x30, 0x38, 0x32, 0x37, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x31, 0x37, 0x30, 0x35, 0x31, 0x30, 0x30, 0x38, 0x32, 0x37, 0x34, 0x30, 0x5a, 0x30, 0x81, 0x82, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x02, 0x53, 0x48, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x09, 0x54, 0x69, 0x61, 0x6e, 0x6f, 0x43, 0x6f, 0x72, 0x65, 0x31, 0x0e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x05, 0x45, 0x44, 0x4b, 0x49, 0x49, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x08, 0x54, 0x65, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x31, 0x22, 0x30, 0x20, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x13, 0x65, 0x64, 0x6b, 0x69, 0x69, 0x40, 0x74, 0x69, 0x61, 0x6e, 0x6f, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb9, 0x29, 0x29, 0x6c, 0x60, 0x0c, 0xd7, 0x23, 0xf6, 0x7d, 0xee, 0xf0, 0x62, 0xff, 0xd9, 0xc9, 0xaa, 0x55, 0x8c, 0x81, 0x95, 0x56, 0x3f, 0xb7, 0x56, 0x53, 0xb0, 0xc2, 0x82, 0x12, 0xc5, 0x3b, 0x75, 0x23, 0xb9, 0x4d, 0xd6, 0xc4, 0x55, 0x73, 0xf3, 0xaa, 0x95, 0xa8, 0x1b, 0xf3, 0x93, 0x7e, 0x9e, 0x40, 0xe4, 0x1d, 0x22, 0x9c, 0x93, 0x07, 0x0b, 0xd7, 0xaa, 0x5b, 0xd7, 0xe4, 0x1a, 0x21, 0x84, 0xd7, 0x63, 0x59, 0x03, 0x50, 0x1f, 0xf5, 0x14, 0x55, 0x93, 0x91, 0x9b, 0xf5, 0x52, 0xb0, 0xbf, 0x0e, 0x5c, 0x68, 0x3b, 0x59, 0x52, 0x98, 0x96, 0x56, 0xe1, 0xab, 0xc4, 0x43, 0xbb, 0x05, 0x57, 0x78, 0x45, 0x01, 0x9f, 0x58, 0x15, 0x53, 0x0e, 0x11, 0x94, 0x2f, 0x0e, 0xf1, 0xa6, 0x19, 0xa2, 0x6e, 0x86, 0x39, 0x2b, 0x33, 0x8d, 0xc7, 0xc5, 0xeb, 0xee, 0x1e, 0x33, 0xd3, 0x32, 0x94, 0xc1, 0x59, 0xc4, 0x0c, 0x97, 0x0b, 0x12, 0x48, 0x5f, 0x33, 0xf6, 0x60, 0x74, 0x7d, 0x57, 0xc2, 0x13, 0x2d, 0x7d, 0xa9, 0x87, 0xa3, 0x35, 0xea, 0x91, 0x83, 0x3f, 0x67, 0x7a, 0x92, 0x1f, 0x01, 0x53, 0x9f, 0x62, 0x5f, 0x99, 0x12, 0xfd, 0x73, 0x1b, 0x2d, 0x9e, 0x2b, 0x6c, 0x34, 0x49, 0xaf, 0x4f, 0x07, 0x8f, 0xc0, 0xe9, 0x6b, 0x9e, 0x5f, 0x79, 0x35, 0xda, 0x2a, 0x5c, 0x88, 0xee, 0xf6, 0x48, 0x61, 0xda, 0x96, 0xe3, 0x48, 0x46, 0xa0, 0x94, 0x1c, 0x9d, 0xf6, 0x5c, 0x87, 0x0e, 0xef, 0x74, 0x09, 0x91, 0x0d, 0x3d, 0x5a, 0xe7, 0xc5, 0x4c, 0x8a, 0x7a, 0xac, 0xa1, 0x85, 0xb6, 0x67, 0x44, 0x17, 0x55, 0x52, 0x3a, 0xe8, 0x11, 0x4d, 0x58, 0xa2, 0x93, 0x00, 0x62, 0xea, 0x7b, 0x80, 0xed, 0xcf, 0xbd, 0xdf, 0x75, 0x80, 0x4b, 0xb9, 0x65, 0x63, 0xad, 0x0b, 0x4d, 0x74, 0xfa, 0x59, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x16, 0xaa, 0xd6, 0x8e, 0x1b, 0x2d, 0x43, 0xf3, 0x2d, 0xb0, 0x24, 0xad, 0x36, 0x65, 0x3f, 0xb2, 0xfa, 0xb1, 0x2c, 0xed, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x16, 0xaa, 0xd6, 0x8e, 0x1b, 0x2d, 0x43, 0xf3, 0x2d, 0xb0, 0x24, 0xad, 0x36, 0x65, 0x3f, 0xb2, 0xfa, 0xb1, 0x2c, 0xed, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x95, 0xde, 0xdf, 0xa4, 0x14, 0xdb, 0x92, 0x22, 0x78, 0x1a, 0xbd, 0x31, 0x9d, 0x1e, 0xd7, 0x2f, 0x0a, 0x10, 0x11, 0x5d, 0x74, 0x61, 0xe8, 0x30, 0xc4, 0xf3, 0x15, 0xe9, 0x30, 0x54, 0xf4, 0xbb, 0x0c, 0x04, 0x78, 0x13, 0x5d, 0x2c, 0xdd, 0x8c, 0x92, 0x90, 0xd1, 0x9c, 0xd0, 0xd0, 0x18, 0xa3, 0xa3, 0xfc, 0x8c, 0x28, 0x5a, 0xd4, 0x91, 0x4d, 0x08, 0xc3, 0xf6, 0x1a, 0xc8, 0xdd, 0xa6, 0x08, 0x58, 0xe2, 0x15, 0x95, 0xfb, 0x2d, 0x2d, 0x8a, 0xb1, 0x30, 0x80, 0xbd, 0x9a, 0xb6, 0xe1, 0x2c, 0x20, 0x3e, 0xdd, 0xc4, 0xc7, 0x55, 0x65, 0xcf, 0x28, 0x17, 0xf4, 0xee, 0xda, 0xbe, 0x77, 0x70, 0xd5, 0x52, 0xd6, 0x15, 0x7a, 0xfb, 0xad, 0xaf, 0xfd, 0xd5, 0x45, 0x90, 0x5a, 0xe6, 0x31, 0x42, 0xd7, 0x84, 0xb3, 0x49, 0x56, 0x6a, 0xd3, 0x47, 0xf3, 0xbf, 0x68, 0x60, 0x8b, 0x0f, 0xe2, 0xaf, 0xf4, 0xe3, 0xec, 0x12, 0xb9, 0xe2, 0x3a, 0x16, 0x11, 0x4e, 0x4d, 0x73, 0x79, 0xaf, 0x47, 0x85, 0x4c, 0x76, 0x26, 0x9e, 0x8b, 0x32, 0xc0, 0x8e, 0xc2, 0xdc, 0x27, 0xa6, 0xef, 0xac, 0x93, 0x9e, 0xa1, 0x5e, 0xcf, 0x34, 0x45, 0xe0, 0x2a, 0xc7, 0x9d, 0x4d, 0xd7, 0xd7, 0x37, 0x72, 0x97, 0xf8, 0x58, 0xf9, 0xb6, 0x35, 0x48, 0xf1, 0xd1, 0x0a, 0x72, 0x7f, 0xfd, 0x4d, 0x7c, 0xe9, 0xcc, 0xd8, 0x48, 0x1b, 0x49, 0x52, 0x53, 0xde, 0x51, 0x01, 0x53, 0x35, 0xbc, 0x90, 0xcd, 0x8c, 0x8a, 0xcc, 0x43, 0x20, 0xa7, 0x45, 0xff, 0x2b, 0x55, 0xb0, 0x8b, 0x2d, 0xff, 0x55, 0x15, 0x4b, 0x84, 0xd0, 0xc3, 0xd3, 0x90, 0x9c, 0x94, 0x4b, 0x55, 0xd5, 0x62, 0xea, 0x22, 0xab, 0x62, 0x68, 0xdd, 0x53, 0xc6, 0xdc, 0xa5, 0xdd, 0x9a, 0x2d, 0x8e, 0x79, 0x7c, 0x2e, 0x9c, 0xe4, 0x66, 0x80, 0x8c, 0x1d}|VOID*|0x00010014 + + ## This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML). + # For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB. + # @Prompt Minimum length(in bytes) of the system preboot TCG event log area(LAML). + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen|0x10000|UINT32|0x00010017 + + ## This PCD defines length(in bytes) of the TCG2 Final event log area. + # @Prompt Length(in bytes) of the TCG2 Final event log area. + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen|0x8000|UINT32|0x00010018 + + ## Null-terminated string of the Version of Physical Presence interface supported by platform.<BR><BR> + # To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR> + # For example, map to TCG2_VERSION.PpiVersion to be configured by Tcg2ConfigDxe driver.<BR> + # gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS<BR> + # @Prompt Version of Physical Presence interface supported by platform. + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|"1.3"|VOID*|0x00000008 + + ## Indicate whether a physical presence user exist. + # When it is configured to Dynamic or DynamicEx, it can be set through detection using + # a platform-specific method (e.g. Button pressed) in a actual platform in early boot phase.<BR><BR> + # @Prompt A physical presence user status + gEfiSecurityPkgTokenSpaceGuid.PcdUserPhysicalPresence|FALSE|BOOLEAN|0x00010019 + + ## Indicate the TPM2 ACPI table revision. Rev 4 has been defined since TCG ACPI Specification Rev 00.37.<BR><BR> + # To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR> + # For example, map to TCG2_VERSION.Tpm2AcpiTableRev to be configured by Tcg2ConfigDxe driver.<BR> + # gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS<BR> + # @Prompt Revision of TPM2 ACPI table. + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|3|UINT8|0x0001001A + + ## This PCD defines initial setting of TCG2 Persistent Firmware Management Flags + # PCD can be configured for different settings in different scenarios + # This PCD follows UEFI TCG2 library definition bit of the BIOS TPM/Storage Management Flags<BR> + # BIT0 - Reserved <BR> + # BIT1 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CLEAR <BR> + # BIT2 - Reserved <BR> + # BIT3 - TCG2_LIB_PP_FLAG_RESET_TRACK <BR> + # BIT4 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_ON <BR> + # BIT5 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_TURN_OFF <BR> + # BIT6 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_EPS <BR> + # BIT7 - TCG2_BIOS_TPM_MANAGEMENT_FLAG_PP_REQUIRED_FOR_CHANGE_PCRS <BR> + # BIT16 - TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID <BR> + # BIT17 - TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID <BR> + # BIT18 - TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID <BR> + # @Prompt Initial setting of TCG2 Persistent Firmware Management Flags + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2PhysicalPresenceFlags|0x700E2|UINT32|0x0001001B + + ## Indicate current TPM2 Interrupt Number reported by _CRS control method.<BR><BR> + # TPM2 Interrupt feature is disabled If the pcd is set to 0.<BR> + # @Prompt Current TPM2 Interrupt Number + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2CurrentIrqNum|0x00|UINT32|0x0001001C + + ## Indicate platform possible TPM2 Interrupt Number reported by _PRS control method.<BR><BR> + # Possible TPM2 Interrupt Number Buffer will not be reported if TPM2 Interrupt feature is disabled.<BR> + # @Prompt Possible TPM2 Interrupt Number buffer + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf|{0x00, 0x00, 0x00, 0x00}|VOID*|0x0001001D + + ## Indicates if Opal DXE driver skip password prompt.<BR><BR> + # TRUE - Skip password prompt.<BR> + # FALSE - Does not skip password prompt.<BR> + # @Prompt Skip Opal DXE driver password prompt. + gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt|FALSE|BOOLEAN|0x00010020 + + ## Indicates if Hdd Password driver skip password prompt.<BR><BR> + # TRUE - Skip password prompt.<BR> + # FALSE - Does not skip password prompt.<BR> + # @Prompt Skip Hdd Password prompt. + gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt|FALSE|BOOLEAN|0x00010021 + +[PcdsDynamic, PcdsDynamicEx] + + ## This PCD indicates Hash mask for TPM 2.0. Bit definition strictly follows TCG Algorithm Registry.<BR><BR> + # If this bit is set, that means this algorithm is needed to extend to PCR.<BR> + # If this bit is clear, that means this algorithm is NOT needed to extend to PCR.<BR> + # If all the bits are clear, that means hash algorithm is determined by current Active PCR Banks.<BR> + # BIT0 - SHA1.<BR> + # BIT1 - SHA256.<BR> + # BIT2 - SHA384.<BR> + # BIT3 - SHA512.<BR> + # BIT4 - SM3_256.<BR> + # @Prompt Hash mask for TPM 2.0 + # @ValidRange 0x80000001 | 0x00000000 - 0x0000001F + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0x0000001F|UINT32|0x00010010 + + ## This PCD indicated final BIOS supported Hash mask. + # Bios may choose to register a subset of PcdTpm2HashMask. + # So this PCD is final value of how many hash algo is extended to PCR. + # If software HashLib(HashLibBaseCryptoRouter) solution is chosen, this PCD + # has no need to be configured in platform dsc and will be set to correct + # value by the HashLib instance according to the HashInstanceLib instances + # linked, and the value of this PCD should be got in module entrypoint. + # @Prompt Hash Algorithm bitmap. + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|0xFFFFFFFF|UINT32|0x00010016 + + ## This PCD indicates current active TPM interface type. + # According to TCG PTP spec 1.3, there are 3 types defined in TPM2_PTP_INTERFACE_TYPE.<BR> + # 0x00 - FIFO interface as defined in TIS 1.3 is active.<BR> + # 0x01 - FIFO interface as defined in PTP for TPM 2.0 is active.<BR> + # 0x02 - CRB interface is active.<BR> + # 0xFF - Contains no current active TPM interface type.<BR> + # + # @Prompt current active TPM interface type. + gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType|0xFF|UINT8|0x0001001E + + ## This PCD records IdleBypass status supported by current active TPM interface. + # According to TCG PTP spec 1.3, TPM with CRB interface can skip idle state and + # directly move to CmdReady state. <BR> + # 0x00 - Do not support IdleByPass.<BR> + # 0x01 - Support IdleByPass.<BR> + # 0xFF - IdleByPass State is not synced with TPM hardware.<BR> + # + # @Prompt IdleBypass status supported by current active TPM interface. + gEfiSecurityPkgTokenSpaceGuid.PcdCRBIdleByPass|0xFF|UINT8|0x0001001F + + ## This PCD records LAML field in TPM2 ACPI table. + # @Prompt Tpm2AcpiTableLaml LAML field in TPM2 ACPI table. + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLaml|0|UINT32|0x00010022 + + ## This PCD records LASA field in TPM2 ACPI table. + # @Prompt Tpm2AcpiTableLasa LASA field in TPM2 ACPI table. + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLasa|0|UINT64|0x00010023 + +[UserExtensions.TianoCore."ExtraFiles"] + SecurityPkgExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.dsc b/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.dsc new file mode 100644 index 00000000..8fd30e4c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.dsc @@ -0,0 +1,364 @@ +## @file +# Security Module Package for All Architectures. +# +# Copyright (c) 2009 - 2021, Intel Corporation. All rights reserved.<BR> +# (C) Copyright 2015-2020 Hewlett Packard Enterprise Development LP<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + PLATFORM_NAME = SecurityPkg + PLATFORM_GUID = B2C4614D-AE76-47ba-B876-5988BFED064F + PLATFORM_VERSION = 0.98 + DSC_SPECIFICATION = 0x00010005 + OUTPUT_DIRECTORY = Build/SecurityPkg + SUPPORTED_ARCHITECTURES = IA32|X64|EBC|ARM|AARCH64|RISCV64 + BUILD_TARGETS = DEBUG|RELEASE|NOOPT + SKUID_IDENTIFIER = DEFAULT + +!include MdePkg/MdeLibs.dsc.inc + +[LibraryClasses] + DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf + DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf + BaseLib|MdePkg/Library/BaseLib/BaseLib.inf + SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf + TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf + BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf + MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf + PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf + UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf + PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf + + DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf + UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf + UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf + DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf + UefiLib|MdePkg/Library/UefiLib/UefiLib.inf + DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf + UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf + UefiRuntimeLib|MdePkg/Library/UefiRuntimeLib/UefiRuntimeLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf + OemHookStatusCodeLib|MdeModulePkg/Library/OemHookStatusCodeLibNull/OemHookStatusCodeLibNull.inf + HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf + UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf + PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf + IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf + TpmCommLib|SecurityPkg/Library/TpmCommLib/TpmCommLib.inf + PlatformSecureLib|SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf + TcgPhysicalPresenceLib|SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf + TcgPpVendorLib|SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf + PciLib|MdePkg/Library/BasePciLibPciExpress/BasePciLibPciExpress.inf + PciSegmentLib|MdePkg/Library/BasePciSegmentLibPci/BasePciSegmentLibPci.inf + S3BootScriptLib|MdeModulePkg/Library/PiDxeS3BootScriptLib/DxeS3BootScriptLib.inf + SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf + LockBoxLib|MdeModulePkg/Library/LockBoxNullLib/LockBoxNullLib.inf + PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf + TcgStorageCoreLib|SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf + TcgStorageOpalLib|SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf + ResetSystemLib|MdeModulePkg/Library/BaseResetSystemLibNull/BaseResetSystemLibNull.inf + VariableKeyLib|SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf + RpmcLib|SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf + TcgEventLogRecordLib|SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf + MmUnblockMemoryLib|MdePkg/Library/MmUnblockMemoryLib/MmUnblockMemoryLibNull.inf + +[LibraryClasses.ARM] + # + # It is not possible to prevent the ARM compiler for generic intrinsic functions. + # This library provides the intrinsic functions generate by a given compiler. + # And NULL mean link this library into all ARM images. + # + NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf + + # Add support for GCC stack protector + NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf + +[LibraryClasses.common.PEIM] + PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf + PeiServicesLib|MdePkg/Library/PeiServicesLib/PeiServicesLib.inf + PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLib/PeiServicesTablePointerLib.inf + HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf + MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf +!ifdef CONTINUOUS_INTEGRATION + BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +!else + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +!endif + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf + ReportStatusCodeLib|MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf + TpmMeasurementLib|SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf + +[LibraryClasses.common.DXE_DRIVER] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf +!ifdef CONTINUOUS_INTEGRATION + BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +!else + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!endif + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf + +[LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SAL_DRIVER,] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + +[LibraryClasses.common.DXE_RUNTIME_DRIVER] + ReportStatusCodeLib|MdeModulePkg/Library/RuntimeDxeReportStatusCodeLib/RuntimeDxeReportStatusCodeLib.inf +!ifdef CONTINUOUS_INTEGRATION + BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +!else + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/RuntimeCryptLib.inf +!endif + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + +[LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] +!ifdef CONTINUOUS_INTEGRATION + BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +!else + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf +!endif + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + +[LibraryClasses.common.DXE_SMM_DRIVER] + HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf + MmServicesTableLib|MdePkg/Library/MmServicesTableLib/MmServicesTableLib.inf + MemoryAllocationLib|MdePkg/Library/SmmMemoryAllocationLib/SmmMemoryAllocationLib.inf + ReportStatusCodeLib|MdeModulePkg/Library/SmmReportStatusCodeLib/SmmReportStatusCodeLib.inf + SmmMemLib|MdePkg/Library/SmmMemLib/SmmMemLib.inf +!ifdef CONTINUOUS_INTEGRATION + BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf +!else + IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SmmCryptLib.inf +!endif + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf + SmmIoLib|MdePkg/Library/SmmIoLib/SmmIoLib.inf + +[LibraryClasses.common.MM_STANDALONE] + StandaloneMmDriverEntryPoint|MdePkg/Library/StandaloneMmDriverEntryPoint/StandaloneMmDriverEntryPoint.inf + MmServicesTableLib|MdePkg/Library/StandaloneMmServicesTableLib/StandaloneMmServicesTableLib.inf + Tcg2PhysicalPresenceLib|SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf + MemLib|StandaloneMmPkg/Library/StandaloneMmMemLib/StandaloneMmMemLib.inf + HobLib|StandaloneMmPkg/Library/StandaloneMmHobLib/StandaloneMmHobLib.inf + MemoryAllocationLib|StandaloneMmPkg/Library/StandaloneMmMemoryAllocationLib/StandaloneMmMemoryAllocationLib.inf + +[PcdsDynamicDefault.common.DEFAULT] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0xb6, 0xe5, 0x01, 0x8b, 0x19, 0x4f, 0xe8, 0x46, 0xab, 0x93, 0x1c, 0x53, 0x67, 0x1b, 0x90, 0xcc} + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1 + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|3 + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|3 + +[PcdsDynamicHii.common.DEFAULT] + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS + +[Components] + SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.inf + SecurityPkg/Library/DxeImageAuthenticationStatusLib/DxeImageAuthenticationStatusLib.inf + + # + # TPM + # + SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf + SecurityPkg/Library/TpmCommLib/TpmCommLib.inf + SecurityPkg/Library/DxeTcgPhysicalPresenceLib/DxeTcgPhysicalPresenceLib.inf + SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.inf + + SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf + SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf + + # + # TPM2 + # + SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib.inf + SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.inf + SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf + + SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.inf + SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.inf + + SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf + SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpmStandaloneMm.inf + SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf + + SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf + + # + # TCG Storage. + # + SecurityPkg/Library/TcgStorageCoreLib/TcgStorageCoreLib.inf + SecurityPkg/Library/TcgStorageOpalLib/TcgStorageOpalLib.inf + + # + # Variable Confidentiality & Integrity + # + SecurityPkg/Library/VariableKeyLibNull/VariableKeyLibNull.inf + SecurityPkg/Library/RpmcLibNull/RpmcLibNull.inf + + # + # Other + # + SecurityPkg/Library/DxeRsa2048Sha256GuidedSectionExtractLib/DxeRsa2048Sha256GuidedSectionExtractLib.inf + SecurityPkg/Library/PeiRsa2048Sha256GuidedSectionExtractLib/PeiRsa2048Sha256GuidedSectionExtractLib.inf + + SecurityPkg/Library/FmpAuthenticationLibPkcs7/FmpAuthenticationLibPkcs7.inf + SecurityPkg/Library/FmpAuthenticationLibRsa2048Sha256/FmpAuthenticationLibRsa2048Sha256.inf + + SecurityPkg/Library/PeiTpmMeasurementLib/PeiTpmMeasurementLib.inf + SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasurementLib.inf + SecurityPkg/Library/PlatformSecureLibNull/PlatformSecureLibNull.inf + SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibNull.inf + SecurityPkg/Library/TcgPpVendorLibNull/TcgPpVendorLibNull.inf + SecurityPkg/Library/TcgEventLogRecordLib/TcgEventLogRecordLib.inf + +[Components.IA32, Components.X64, Components.ARM, Components.AARCH64] + SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf + +[Components.IA32, Components.X64, Components.AARCH64] + # + # Random Number Generator + # + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf + +[Components.IA32, Components.X64] + SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf + + # + # TPM + # + SecurityPkg/Tcg/TcgPei/TcgPei.inf + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf + SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf { + <LibraryClasses> + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } + + # + # TPM2 + # + SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf { + <LibraryClasses> + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm.inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf + } + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + <LibraryClasses> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterPei.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } + + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + <LibraryClasses> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibRouterDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256.inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512.inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf + } + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf { + <LibraryClasses> + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf + } + + # + # Hash2 + # + SecurityPkg/Hash2DxeCrypto/Hash2DxeCrypto.inf + + # + # PKCS7 Verification + # + SecurityPkg/Pkcs7Verify/Pkcs7VerifyDxe/Pkcs7VerifyDxe.inf + +[Components.IA32, Components.X64] + + SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf + SecurityPkg/Tcg/TcgSmm/TcgSmm.inf + SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf + SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf + SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf + SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf + SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/SmmTcg2PhysicalPresenceLib.inf + SecurityPkg/Library/SmmTcg2PhysicalPresenceLib/StandaloneMmTcg2PhysicalPresenceLib.inf + + # + # Opal Password solution + # + SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf + SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf + + # + # HDD Password solution + # + SecurityPkg/HddPassword/HddPasswordDxe.inf + SecurityPkg/HddPassword/HddPasswordPei.inf + + # + # Common FV checker/verifier/reporter + # + SecurityPkg/FvReportPei/FvReportPei.inf + +[BuildOptions] + MSFT:*_*_IA32_DLINK_FLAGS = /ALIGN:256 + INTEL:*_*_IA32_DLINK_FLAGS = /ALIGN:256 + *_*_*_CC_FLAGS = -D DISABLE_NEW_DEPRECATED_INTERFACES + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.uni new file mode 100644 index 00000000..68587304 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkg.uni @@ -0,0 +1,297 @@ +// /** @file
+// Provides security features that conform to TCG/UEFI industry standards
+//
+// The security features include secure boot, measured boot and user identification.
+// It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes)
+// and libraries instances, which are used for those features.
+//
+// Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_PACKAGE_ABSTRACT #language en-US "Provides security features that conform to TCG/UEFI industry standards"
+
+#string STR_PACKAGE_DESCRIPTION #language en-US "The security features include secure boot, measured boot and user identification. It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) and libraries instances, which are used for those features."
+
+
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdOptionRomImageVerificationPolicy_PROMPT #language en-US "Set policy for the image from OptionRom."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdOptionRomImageVerificationPolicy_HELP #language en-US "Image verification policy for OptionRom. Only following values are valid:<BR><BR>\n"
+ "NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\n"
+ "0x00000000 Always trust the image.<BR>\n"
+ "0x00000001 Never trust the image.<BR>\n"
+ "0x00000002 Allow execution when there is security violation.<BR>\n"
+ "0x00000003 Defer execution when there is security violation.<BR>\n"
+ "0x00000004 Deny execution when there is security violation.<BR>\n"
+ "0x00000005 Query user when there is security violation.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_ERR_80000001 #language en-US "Invalid value provided."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRemovableMediaImageVerificationPolicy_PROMPT #language en-US "Set policy for the image from removable media."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRemovableMediaImageVerificationPolicy_HELP #language en-US "Image verification policy for removable media which includes CD-ROM, Floppy, USB and network. Only following values are valid:<BR><BR>\n"
+ "NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\n"
+ "0x00000000 Always trust the image.<BR>\n"
+ "0x00000001 Never trust the image.<BR>\n"
+ "0x00000002 Allow execution when there is security violation.<BR>\n"
+ "0x00000003 Defer execution when there is security violation.<BR>\n"
+ "0x00000004 Deny execution when there is security violation.<BR>\n"
+ "0x00000005 Query user when there is security violation.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedMediaImageVerificationPolicy_PROMPT #language en-US "Set policy for the image from fixed media."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedMediaImageVerificationPolicy_HELP #language en-US "Image verification policy for fixed media which includes hard disk. Only following values are valid:<BR><BR>\n"
+ "NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\n"
+ "0x00000000 Always trust the image.<BR>\n"
+ "0x00000001 Never trust the image.<BR>\n"
+ "0x00000002 Allow execution when there is security violation.<BR>\n"
+ "0x00000003 Defer execution when there is security violation.<BR>\n"
+ "0x00000004 Deny execution when there is security violation.<BR>\n"
+ "0x00000005 Query user when there is security violation.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdDeferImageLoadPolicy_PROMPT #language en-US "Set policy whether trust image before user identification."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdDeferImageLoadPolicy_HELP #language en-US "Defer Image Load policy settings. The policy is bitwise. If a bit is set, the image from corresponding device will be trusted when loading. Or the image will be deferred. The deferred image will be checked after user is identified.<BR><BR>\n"
+ "BIT0 - Image from unknown device. <BR>\n"
+ "BIT1 - Image from firmware volume.<BR>\n"
+ "BIT2 - Image from OptionRom.<BR>\n"
+ "BIT3 - Image from removable media which includes CD-ROM, Floppy, USB and network.<BR>\n"
+ "BIT4 - Image from fixed media device which includes hard disk.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_ERR_80000002 #language en-US "Reserved bits must be set to zero."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedUsbCredentialProviderTokenFileName_PROMPT #language en-US "File name to save credential."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFixedUsbCredentialProviderTokenFileName_HELP #language en-US "Null-terminated Unicode string of the file name that is the default name to save USB credential. The specified file should be saved at the root directory of USB storage disk."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdMaxAppendVariableSize_PROMPT #language en-US "Max variable size for append operation."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdMaxAppendVariableSize_HELP #language en-US "The size of Append variable buffer. This buffer is reserved for runtime use, OS can append data into one existing variable. Note: This PCD is not been used."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPlatformClass_PROMPT #language en-US "Select platform type."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPlatformClass_HELP #language en-US "Specifies the type of TCG platform that contains TPM chip.<BR><BR>\n"
+ "If 0, TCG platform type is PC client.<BR>\n"
+ "If 1, TCG platform type is PC server.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPhysicalPresence_PROMPT #language en-US "Physical presence of the platform operator."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmPhysicalPresence_HELP #language en-US "Indicates the presence or absence of the platform operator during firmware booting. If platform operator is not physical presence during boot. TPM will be locked and the TPM commands that required operator physical presence can not run.<BR><BR>\n"
+ "TRUE - The platform operator is physically present.<BR>\n"
+ "FALSE - The platform operator is not physically present.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceLifetimeLock_PROMPT #language en-US "Lock TPM physical presence asserting method."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceLifetimeLock_HELP #language en-US "Indicates whether TPM physical presence is locked during platform initialization. Once it is locked, it can not be unlocked for TPM life time.<BR><BR>\n"
+ "TRUE - Lock TPM physical presence asserting method.<BR>\n"
+ "FALSE - Not lock TPM physical presence asserting method.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceCmdEnable_PROMPT #language en-US "Enable software method of asserting physical presence."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceCmdEnable_HELP #language en-US "Indicates whether the platform supports the software method of asserting physical presence.<BR><BR>\n"
+ "TRUE - Supports the software method of asserting physical presence.<BR>\n"
+ "FALSE - Does not support the software method of asserting physical presence.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceHwEnable_PROMPT #language en-US "Enable hardware method of asserting physical presence."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPhysicalPresenceHwEnable_HELP #language en-US "Indicates whether the platform supports the hardware method of asserting physical presence.<BR><BR>\n"
+ "TRUE - Supports the hardware method of asserting physical presence.<BR>\n"
+ "FALSE - Does not support the hardware method of asserting physical presence.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFirmwareDebuggerInitialized_PROMPT #language en-US "Firmware debugger status."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdFirmwareDebuggerInitialized_HELP #language en-US "This PCD indicates if debugger exists. <BR><BR>\n"
+ "TRUE - Firmware debugger exists.<BR>\n"
+ "FALSE - Firmware debugger doesn't exist.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2InitializationPolicy_PROMPT #language en-US "TPM 2.0 device initialization policy.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2InitializationPolicy_HELP #language en-US "This PCD indicates the initialization policy for TPM 2.0.<BR><BR>\n"
+ "If 0, no initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.<BR>\n"
+ "If 1, initialization needed.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInitializationPolicy_PROMPT #language en-US "TPM 1.2 device initialization policy."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInitializationPolicy_HELP #language en-US "This PCD indicates the initialization policy for TPM 1.2.<BR><BR>\n"
+ "If 0, no initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.<BR>\n"
+ "If 1, initialization needed.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2SelfTestPolicy_PROMPT #language en-US "TPM 2.0 device selftest."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2SelfTestPolicy_HELP #language en-US "This PCD indicates the TPM 2.0 SelfTest policy.<BR><BR>\n"
+ "if 0, no SelfTest needed - most likely used for fTPM, because it might already be tested.<BR>\n"
+ "if 1, SelfTest needed.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2ScrtmPolicy_PROMPT #language en-US "SCRTM policy setting for TPM 2.0 device."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2ScrtmPolicy_HELP #language en-US "This PCD indicates Static Core Root of Trust for Measurement (SCRTM) policy using TPM 2.0.<BR><BR>\n"
+ "if 0, no SCRTM measurement needed - In this case, it is already done.<BR>\n"
+ "if 1, SCRTM measurement done by BIOS.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmScrtmPolicy_PROMPT #language en-US "SCRTM policy setting for TPM 1.2 device"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmScrtmPolicy_HELP #language en-US "This PCD indicates Static Core Root of Trust for Measurement (SCRTM) policy using TPM 1.2.<BR><BR>\n"
+ "if 0, no SCRTM measurement needed - In this case, it is already done.<BR>\n"
+ "if 1, SCRTM measurement done by BIOS.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInstanceGuid_PROMPT #language en-US "TPM device type identifier"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmInstanceGuid_HELP #language en-US "Guid name to identify TPM instance.<BR><BR>\n"
+ "TPM_DEVICE_INTERFACE_NONE means disable.<BR>\n"
+ "TPM_DEVICE_INTERFACE_TPM12 means TPM 1.2 DTPM.<BR>\n"
+ "TPM_DEVICE_INTERFACE_DTPM2 means TPM 2.0 DTPM.<BR>\n"
+ "Other GUID value means other TPM 2.0 device.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2HashMask_PROMPT #language en-US "Hash mask for TPM 2.0"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2HashMask_HELP #language en-US "This PCD indicates Hash mask for TPM 2.0.<BR><BR>\n"
+ "If this bit is set, that means this algorithm is needed to extend to PCR.<BR>\n"
+ "If this bit is clear, that means this algorithm is NOT needed to extend to PCR.<BR>\n"
+ "BIT0 - SHA1.<BR>\n"
+ "BIT1 - SHA256.<BR>\n"
+ "BIT2 - SHA384.<BR>\n"
+ "BIT3 - SHA512.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmAutoDetection_PROMPT #language en-US "TPM type detection."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmAutoDetection_HELP #language en-US "This PCD indicates if BIOS auto detect TPM1.2 or dTPM2.0.<BR><BR>\n"
+ "FALSE - No auto detection.<BR>\n"
+ "TRUE - Auto detection.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmBaseAddress_PROMPT #language en-US "TPM device address."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpmBaseAddress_HELP #language en-US "This PCD indicates TPM base address.<BR><BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeSubClassTpmDevice_PROMPT #language en-US "Status Code for TPM device definitions"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeSubClassTpmDevice_HELP #language en-US "Progress Code for TPM device subclass definitions.<BR><BR>\n"
+ "EFI_PERIPHERAL_TPM = (EFI_PERIPHERAL | 0x000D0000) = 0x010D0000<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRsa2048Sha256PublicKeyBuffer_PROMPT #language en-US "One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdRsa2048Sha256PublicKeyBuffer_HELP #language en-US "Provides one or more SHA 256 Hashes of the RSA 2048 public keys used to verify Recovery and Capsule Update images\n"
+ "WARNING: The default value is treated as test key. Please do not use default value in the production."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2NumberOfPCRBanks_PROMPT #language en-US "OEM configured number of PCR banks."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2NumberOfPCRBanks_HELP #language en-US "This PCR means the OEM configured number of PCR banks.\n"
+ "0 means dynamic get from supported HASH algorithm"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2HashAlgorithmBitmap_PROMPT #language en-US "Hash Algorithm bitmap."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2HashAlgorithmBitmap_HELP #language en-US "This PCD indicated final BIOS supported Hash mask.\n"
+ "Bios may choose to register a subset of PcdTpm2HashMask.\n"
+ "So this PCD is final value of how many hash algo is extended to PCR.\n"
+ "If software HashLib(HashLibBaseCryptoRouter) solution is chosen, this PCD\n"
+ "has no need to be configured in platform dsc and will be set to correct\n"
+ "value by the HashLib instance according to the HashInstanceLib instances\n"
+ "linked, and the value of this PCD should be got in module entrypoint."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_PROMPT #language en-US "Minimum length(in bytes) of the system preboot TCG event log area(LAML)."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_HELP #language en-US "This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML).\n"
+ "For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_PROMPT #language en-US "Length(in bytes) of the TCG2 Final event log area."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_HELP #language en-US "This PCD defines length(in bytes) of the TCG2 Final event log area."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_PROMPT #language en-US "Version of Physical Presence interface supported by platform."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgPhysicalPresenceInterfaceVer_HELP #language en-US "Null-terminated string of the Version of Physical Presence interface supported by platform.<BR><BR>\n"
+ "To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>\n"
+ "For example, map to TCG2_VERSION.PpiVersion to be configured by Tcg2ConfigDxe driver.<BR>\n"
+ "gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L\"TCG2_VERSION\"|gTcg2ConfigFormSetGuid|0x0|\"1.3\"|NV,BS<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdUserPhysicalPresence_PROMPT
+#language en-US
+"A physical presence user status"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdUserPhysicalPresence_HELP
+#language en-US
+"Indicate whether a physical presence user exist. "
+"When it is configured to Dynamic or DynamicEx, it can be set through detection using "
+"a platform-specific method (e.g. Button pressed) in a actual platform in early boot phase.<BR><BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBuffer_PROMPT #language en-US "One PKCS7 cert used to verify Recovery and Capsule Update images"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdPkcs7CertBuffer_HELP #language en-US "Provides one PKCS7 cert used to verify Recovery and Capsule Update images\n"
+ "WARNING: The default value is treated as test key. Please do not use default value in the production."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_PROMPT #language en-US " Initial setting of TCG2 Persistent Firmware Management Flags"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2PhysicalPresenceFlags_HELP #language en-US "This PCD defines initial setting of TCG2 Persistent Firmware Management Flags\n"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_PROMPT #language en-US "The revision of TPM2 ACPI table"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_HELP #language en-US "This PCD defines initial revision of TPM2 ACPI table\n"
+ "To support configuring from setup page, this PCD can be DynamicHii type and map to a setup option.<BR>\n"
+ "For example, map to TCG2_VERSION.Tpm2AcpiTableRev to be configured by Tcg2ConfigDxe driver.<BR>\n"
+ "gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L\"TCG2_VERSION\"|gTcg2ConfigFormSetGuid|0x8|3|NV,BS<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2CurrentIrqNum_PROMPT #language en-US "Current TPM2 device interrupt number"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2CurrentIrqNum_HELP #language en-US "This PCD defines current TPM2 device interrupt number reported by _CRS. If set to 0, interrupt is disabled."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2PossibleIrqNumBuf_PROMPT #language en-US "Possible TPM2 device interrupt number buffer"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2PossibleIrqNumBuf_HELP #language en-US "This PCD defines possible TPM2 interrupt number in a platform reported by _PRS control method.\n"
+ "If PcdTpm2CurrentIrqNum set to 0, _PRS will not report any possible TPM2 interrupt numbers."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipOpalDxeUnlock_PROMPT #language en-US "Skip Opal DXE driver unlock device flow."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipOpalDxeUnlock_HELP #language en-US "Indicates if Opal DXE driver skip unlock device flow.<BR><BR>\n"
+ "TRUE - Skip unlock device flow.<BR>\n"
+ "FALSE - Does not skip unlock device flow.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdActiveTpmInterfaceType_PROMPT #language en-US "Current active TPM interface type"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdActiveTpmInterfaceType_HELP #language en-US "This PCD indicates current active TPM interface type.\n"
+ "0x00 - FIFO interface as defined in TIS 1.3 is active.<BR>\n"
+ "0x01 - FIFO interface as defined in PTP for TPM 2.0 is active.<BR>\n"
+ "0x02 - CRB interface is active.<BR>\n"
+ "0xFF - Contains no current active TPM interface type<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdCRBIdleByPass_PROMPT #language en-US "IdleBypass status supported by current active TPM interface."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdCRBIdleByPass_HELP #language en-US "This PCD records IdleBypass status supported by current active TPM interface.\n"
+ "According to TCG PTP spec 1.3, TPM with CRB interface can skip idle state and directly move to CmdReady state. <BR>"
+ "0x01 - Do not support IdleByPass.<BR>\n"
+ "0x02 - Support IdleByPass.<BR>\n"
+ "0xFF - IdleByPass State is not synced with TPM hardware.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeFvVerificationPass_PROMPT #language en-US "Status Code for FV verification pass."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeFvVerificationPass_HELP #language en-US "Progress Code for FV verification result.\n"
+ " (EFI_SOFTWARE_PEI_MODULE | EFI_SUBCLASS_SPECIFIC | 00A).\n"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeFvVerificationFail_PROMPT #language en-US "Status Code for FV verification failure."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdStatusCodeFvVerificationFail_HELP #language en-US "Progress Code for FV verification result.\n"
+ " (EFI_SOFTWARE_PEI_MODULE | EFI_SUBCLASS_SPECIFIC | 00B).\n"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipOpalPasswordPrompt_PROMPT #language en-US "Skip Opal DXE driver password prompt."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipOpalPasswordPrompt_HELP #language en-US "Indicates if Opal DXE driver skip password prompt.\n\n"
+ " TRUE - Skip password prompt.\n"
+ " FALSE - Does not skip password prompt.\n"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipHddPasswordPrompt_PROMPT #language en-US "Skip Hdd Password prompt."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSkipHddPasswordPrompt_HELP #language en-US "Indicates if Hdd Password driver skip password prompt.\n\n"
+ " TRUE - Skip password prompt.\n"
+ " FALSE - Does not skip password prompt.\n"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableLaml_PROMPT #language en-US "The LAML of TPM2 ACPI table"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableLaml_HELP #language en-US "This PCD defines LAML of TPM2 ACPI table\n\n"
+ "0 means this field is unsupported\n"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableLasa_PROMPT #language en-US "The LASA of TPM2 ACPI table"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableLasa_HELP #language en-US "This PCD defines LASA of TPM2 ACPI table\n\n"
+ "0 means this field is unsupported\n"
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkgExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkgExtra.uni new file mode 100644 index 00000000..7af4d6f2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/SecurityPkgExtra.uni @@ -0,0 +1,13 @@ +// /** @file
+// Security Package Localized Strings and Content.
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_PACKAGE_NAME
+#language en-US
+"Security package"
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c new file mode 100644 index 00000000..602790b8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.c @@ -0,0 +1,375 @@ +/** @file + TCG MOR (Memory Overwrite Request) Control Driver. + + This driver initialize MemoryOverwriteRequestControl variable. It + will clear MOR_CLEAR_MEMORY_BIT bit if it is set. It will also do TPer Reset for + those encrypted drives through EFI_STORAGE_SECURITY_COMMAND_PROTOCOL at EndOfDxe. + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TcgMor.h" + +UINT8 mMorControl; + +/** + Ready to Boot Event notification handler. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context + +**/ +VOID +EFIAPI +OnReadyToBoot ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + UINTN DataSize; + + if (MOR_CLEAR_MEMORY_VALUE (mMorControl) == 0x0) { + // + // MorControl is expected, directly return to avoid unnecessary variable operation + // + return ; + } + // + // Clear MOR_CLEAR_MEMORY_BIT + // + DEBUG ((EFI_D_INFO, "TcgMor: Clear MorClearMemory bit\n")); + mMorControl &= 0xFE; + + DataSize = sizeof (mMorControl); + Status = gRT->SetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &mMorControl + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "TcgMor: Clear MOR_CLEAR_MEMORY_BIT failure, Status = %r\n")); + } +} + +/** + Send TPer Reset command to reset eDrive to lock all protected bands. + Typically, there are 2 mechanism for resetting eDrive. They are: + 1. TPer Reset through IEEE 1667 protocol. + 2. TPer Reset through native TCG protocol. + This routine will detect what protocol the attached eDrive conform to, TCG or + IEEE 1667 protocol. Then send out TPer Reset command separately. + + @param[in] Ssp The pointer to EFI_STORAGE_SECURITY_COMMAND_PROTOCOL instance. + @param[in] MediaId ID of the medium to receive data from or send data to. + +**/ +VOID +InitiateTPerReset ( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp, + IN UINT32 MediaId + ) +{ + + EFI_STATUS Status; + UINT8 *Buffer; + UINTN XferSize; + UINTN Len; + UINTN Index; + BOOLEAN TcgFlag; + BOOLEAN IeeeFlag; + SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA *Data; + + Buffer = NULL; + TcgFlag = FALSE; + IeeeFlag = FALSE; + + // + // ATA8-ACS 7.57.6.1 indicates the Transfer Length field requirements a multiple of 512. + // If the length of the TRUSTED RECEIVE parameter data is greater than the Transfer Length, + // then the device shall return the TRUSTED RECEIVE parameter data truncated to the requested Transfer Length. + // + Len = ROUNDUP512(sizeof(SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA)); + Buffer = AllocateZeroPool(Len); + + if (Buffer == NULL) { + return; + } + + // + // When the Security Protocol field is set to 00h, and SP Specific is set to 0000h in a TRUSTED RECEIVE + // command, the device basic information data shall be returned. + // + Status = Ssp->ReceiveData ( + Ssp, + MediaId, + 100000000, // Timeout 10-sec + 0, // SecurityProtocol + 0, // SecurityProtocolSpecificData + Len, // PayloadBufferSize, + Buffer, // PayloadBuffer + &XferSize + ); + if (EFI_ERROR (Status)) { + goto Exit; + } + + // + // In returned data, the ListLength field indicates the total length, in bytes, + // of the supported security protocol list. + // + Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA*)Buffer; + Len = ROUNDUP512(sizeof (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA) + + (Data->SupportedSecurityListLength[0] << 8) + + (Data->SupportedSecurityListLength[1]) + ); + + // + // Free original buffer and allocate new buffer. + // + FreePool(Buffer); + Buffer = AllocateZeroPool(Len); + if (Buffer == NULL) { + return; + } + + // + // Read full supported security protocol list from device. + // + Status = Ssp->ReceiveData ( + Ssp, + MediaId, + 100000000, // Timeout 10-sec + 0, // SecurityProtocol + 0, // SecurityProtocolSpecificData + Len, // PayloadBufferSize, + Buffer, // PayloadBuffer + &XferSize + ); + + if (EFI_ERROR (Status)) { + goto Exit; + } + + Data = (SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA*)Buffer; + Len = (Data->SupportedSecurityListLength[0] << 8) + Data->SupportedSecurityListLength[1]; + + // + // Iterate full supported security protocol list to check if TCG or IEEE 1667 protocol + // is supported. + // + for (Index = 0; Index < Len; Index++) { + if (Data->SupportedSecurityProtocol[Index] == SECURITY_PROTOCOL_TCG) { + // + // Found a TCG device. + // + TcgFlag = TRUE; + DEBUG ((EFI_D_INFO, "This device is a TCG protocol device\n")); + break; + } + + if (Data->SupportedSecurityProtocol[Index] == SECURITY_PROTOCOL_IEEE1667) { + // + // Found a IEEE 1667 device. + // + IeeeFlag = TRUE; + DEBUG ((EFI_D_INFO, "This device is a IEEE 1667 protocol device\n")); + break; + } + } + + if (!TcgFlag && !IeeeFlag) { + DEBUG ((EFI_D_INFO, "Neither a TCG nor IEEE 1667 protocol device is found\n")); + goto Exit; + } + + if (TcgFlag) { + // + // As long as TCG protocol is supported, send out a TPer Reset + // TCG command to the device via the TrustedSend command with a non-zero Transfer Length. + // + Status = Ssp->SendData ( + Ssp, + MediaId, + 100000000, // Timeout 10-sec + SECURITY_PROTOCOL_TCG, // SecurityProtocol + 0x0400, // SecurityProtocolSpecificData + 512, // PayloadBufferSize, + Buffer // PayloadBuffer + ); + + if (!EFI_ERROR (Status)) { + DEBUG ((EFI_D_INFO, "Send TPer Reset Command Successfully !\n")); + } else { + DEBUG ((EFI_D_INFO, "Send TPer Reset Command Fail !\n")); + } + } + + if (IeeeFlag) { + // + // TBD : Perform a TPer Reset via IEEE 1667 Protocol + // + DEBUG ((EFI_D_INFO, "IEEE 1667 Protocol didn't support yet!\n")); + } + +Exit: + + if (Buffer != NULL) { + FreePool(Buffer); + } +} + +/** + Notification function of END_OF_DXE. + + @param[in] Event Event whose notification function is being invoked. + @param[in] Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +TPerResetAtEndOfDxe ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Ssp; + EFI_BLOCK_IO_PROTOCOL *BlockIo; + EFI_STATUS Status; + UINTN HandleCount; + EFI_HANDLE *HandleBuffer; + UINTN Index; + + // + // Locate all SSP protocol instances. + // + HandleCount = 0; + HandleBuffer = NULL; + + Status = gBS->LocateHandleBuffer ( + ByProtocol, + &gEfiStorageSecurityCommandProtocolGuid, + NULL, + &HandleCount, + &HandleBuffer + ); + + if (EFI_ERROR (Status) || (HandleCount == 0) || (HandleBuffer == NULL)) { + return; + } + + for (Index = 0; Index < HandleCount; Index ++) { + // + // Get the SSP interface. + // + Status = gBS->HandleProtocol( + HandleBuffer[Index], + &gEfiStorageSecurityCommandProtocolGuid, + (VOID **) &Ssp + ); + + if (EFI_ERROR (Status)) { + continue; + } + + Status = gBS->HandleProtocol( + HandleBuffer[Index], + &gEfiBlockIoProtocolGuid, + (VOID **) &BlockIo + ); + + if (EFI_ERROR (Status)) { + continue; + } + + InitiateTPerReset (Ssp, BlockIo->Media->MediaId); + } + + FreePool (HandleBuffer); +} + +/** + Entry Point for TCG MOR Control driver. + + @param[in] ImageHandle Image handle of this driver. + @param[in] SystemTable A Pointer to the EFI System Table. + + @retval EFI_SUCCESS + @return Others Some error occurs. +**/ +EFI_STATUS +EFIAPI +MorDriverEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + UINTN DataSize; + EFI_EVENT Event; + + /// + /// The firmware is required to create the MemoryOverwriteRequestControl UEFI variable. + /// + + DataSize = sizeof (mMorControl); + Status = gRT->GetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + NULL, + &DataSize, + &mMorControl + ); + if (EFI_ERROR (Status)) { + // + // Set default value to 0 + // + mMorControl = 0; + Status = gRT->SetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &mMorControl + ); + DEBUG ((EFI_D_INFO, "TcgMor: Create MOR variable! Status = %r\n", Status)); + } else { + // + // Create a Ready To Boot Event and Clear the MorControl bit in the call back function. + // + DEBUG ((DEBUG_INFO, "TcgMor: Create ReadyToBoot Event for MorControl Bit cleaning!\n")); + Status = EfiCreateEventReadyToBootEx ( + TPL_CALLBACK, + OnReadyToBoot, + NULL, + &Event + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Register EFI_END_OF_DXE_EVENT_GROUP_GUID event. + // + DEBUG ((EFI_D_INFO, "TcgMor: Create EndofDxe Event for Mor TPer Reset!\n")); + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + TPerResetAtEndOfDxe, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &Event + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + return Status; +} + + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h new file mode 100644 index 00000000..63ff7784 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.h @@ -0,0 +1,42 @@ +/** @file + The header file for TcgMor. + +Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG_MOR_H__ +#define __TCG_MOR_H__ + +#include <PiDxe.h> + +#include <Guid/MemoryOverwriteControl.h> + +#include <Library/UefiDriverEntryPoint.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/DebugLib.h> +#include <Library/UefiLib.h> +#include <Library/MemoryAllocationLib.h> + +#include <Protocol/StorageSecurityCommand.h> +#include <Protocol/BlockIo.h> + +// +// Supported Security Protocols List Description. +// Refer to ATA8-ACS Spec 7.57.6.2 Table 69 or SPC4 7.7.1.3 Table 511. +// +typedef struct { + UINT8 Reserved1[6]; + UINT8 SupportedSecurityListLength[2]; + UINT8 SupportedSecurityProtocol[1]; +} SUPPORTED_SECURITY_PROTOCOLS_PARAMETER_DATA; + +#define SECURITY_PROTOCOL_TCG 0x02 +#define SECURITY_PROTOCOL_IEEE1667 0xEE + +#define ROUNDUP512(x) (((x) % 512 == 0) ? (x) : ((x) / 512 + 1) * 512) + +#endif + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf new file mode 100644 index 00000000..6aa727af --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.inf @@ -0,0 +1,61 @@ +## @file +# initializes MemoryOverwriteRequestControl variable +# +# This module will clear MOR_CLEAR_MEMORY_BIT bit if it is set. It will also do +# TPer Reset for those encrypted drives through EFI_STORAGE_SECURITY_COMMAND_PROTOCOL +# at EndOfDxe. +# +# Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TcgMor + MODULE_UNI_FILE = TcgMor.uni + FILE_GUID = AD416CE3-A483-45b1-94C2-4B4E4D575562 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + + ENTRY_POINT = MorDriverEntryPoint + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + TcgMor.c + TcgMor.h + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + DebugLib + UefiLib + MemoryAllocationLib + +[Guids] + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + ## PRODUCES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteControlDataGuid + gEfiEndOfDxeEventGroupGuid ## SOMETIMES_CONSUMES ## Event + +[Protocols] + gEfiStorageSecurityCommandProtocolGuid ## SOMETIMES_CONSUMES + gEfiBlockIoProtocolGuid ## SOMETIMES_CONSUMES + +[Depex] + gEfiVariableArchProtocolGuid AND + gEfiVariableWriteArchProtocolGuid AND + ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid ) + +[UserExtensions.TianoCore."ExtraFiles"] + TcgMorExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.uni new file mode 100644 index 00000000..6a1df103 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMor.uni @@ -0,0 +1,16 @@ +// /** @file
+// initializes MemoryOverwriteRequestControl variable
+//
+// This module will clear MOR_CLEAR_MEMORY_BIT bit if it is set.
+//
+// Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Initializes the MemoryOverwriteRequestControl variable"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module will clear MOR_CLEAR_MEMORY_BIT bit if it is set."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMorExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMorExtra.uni new file mode 100644 index 00000000..49170c76 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteControl/TcgMorExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// TcgMor Localized Strings and Content
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG (Trusted Computing Group) MOR"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c new file mode 100644 index 00000000..d3be20e7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.c @@ -0,0 +1,191 @@ +/** @file + TCG MOR (Memory Overwrite Request) Lock Control Driver. + + This driver initializes MemoryOverwriteRequestControlLock variable. + This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> +#include <Guid/MemoryOverwriteControl.h> +#include <IndustryStandard/MemoryOverwriteRequestControlLock.h> +#include <Library/DebugLib.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include "TcgMorLock.h" + +typedef struct { + CHAR16 *VariableName; + EFI_GUID *VendorGuid; +} VARIABLE_TYPE; + +VARIABLE_TYPE mMorVariableType[] = { + {MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, &gEfiMemoryOverwriteControlDataGuid}, + {MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, &gEfiMemoryOverwriteRequestControlLockGuid}, +}; + +/** + Returns if this is MOR related variable. + + @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String + @param VendorGuid Unify identifier for vendor. + + @retval TRUE The variable is MOR related. + @retval FALSE The variable is NOT MOR related. +**/ +BOOLEAN +IsAnyMorVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + UINTN Index; + + for (Index = 0; Index < sizeof(mMorVariableType)/sizeof(mMorVariableType[0]); Index++) { + if ((StrCmp (VariableName, mMorVariableType[Index].VariableName) == 0) && + (CompareGuid (VendorGuid, mMorVariableType[Index].VendorGuid))) { + return TRUE; + } + } + return FALSE; +} + +/** + Returns if this is MOR lock variable. + + @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String + @param VendorGuid Unify identifier for vendor. + + @retval TRUE The variable is MOR lock variable. + @retval FALSE The variable is NOT MOR lock variable. +**/ +BOOLEAN +IsMorLockVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + if ((StrCmp (VariableName, MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME) == 0) && + (CompareGuid (VendorGuid, &gEfiMemoryOverwriteRequestControlLockGuid))) { + return TRUE; + } + return FALSE; +} + +/** + This service is a checker handler for the UEFI Runtime Service SetVariable() + + @param VariableName the name of the vendor's variable, as a + Null-Terminated Unicode String + @param VendorGuid Unify identifier for vendor. + @param Attributes Point to memory location to return the attributes of variable. If the point + is NULL, the parameter would be ignored. + @param DataSize The size in bytes of Data-Buffer. + @param Data Point to the content of the variable. + + @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as + defined by the Attributes. + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the + DataSize exceeds the maximum allowed. + @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure. + @retval EFI_WRITE_PROTECTED The variable in question is read-only. + @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + set but the AuthInfo does NOT pass the validation check carried + out by the firmware. + @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found. + +**/ +EFI_STATUS +EFIAPI +SetVariableCheckHandlerMor ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + UINTN MorLockDataSize; + BOOLEAN MorLock; + EFI_STATUS Status; + + // + // do not handle non-MOR variable + // + if (!IsAnyMorVariable (VariableName, VendorGuid)) { + return EFI_SUCCESS; + } + + MorLockDataSize = sizeof(MorLock); + Status = InternalGetVariable ( + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + &gEfiMemoryOverwriteRequestControlLockGuid, + NULL, + &MorLockDataSize, + &MorLock + ); + if (!EFI_ERROR (Status) && MorLock) { + // + // If lock, deny access + // + return EFI_INVALID_PARAMETER; + } + + // + // Delete not OK + // + if ((DataSize != sizeof(UINT8)) || (Data == NULL) || (Attributes == 0)) { + return EFI_INVALID_PARAMETER; + } + + // + // check format + // + if (IsMorLockVariable(VariableName, VendorGuid)) { + // + // set to any other value not OK + // + if ((*(UINT8 *)Data != 1) && (*(UINT8 *)Data != 0)) { + return EFI_INVALID_PARAMETER; + } + } + // + // Or grant access + // + return EFI_SUCCESS; +} + +/** + Entry Point for MOR Lock Control driver. + + @param[in] ImageHandle Image handle of this driver. + @param[in] SystemTable A Pointer to the EFI System Table. + + @retval EFI_SUCCESS + @return Others Some error occurs. +**/ +EFI_STATUS +EFIAPI +MorLockDriverInit ( + VOID + ) +{ + EFI_STATUS Status; + UINT8 Data; + + Data = 0; + Status = InternalSetVariable ( + MEMORY_OVERWRITE_REQUEST_CONTROL_LOCK_NAME, + &gEfiMemoryOverwriteRequestControlLockGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + 1, + &Data + ); + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h new file mode 100644 index 00000000..bb477695 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.h @@ -0,0 +1,131 @@ +/** @file + TCG MOR (Memory Overwrite Request) Lock Control Driver header file. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _EFI_TCG_MOR_LOCK_H_ +#define _EFI_TCG_MOR_LOCK_H_ + +/** + This service is a wrapper for the UEFI Runtime Service GetVariable(). + + @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String + @param VendorGuid Unify identifier for vendor. + @param Attributes Point to memory location to return the attributes of variable. If the point + is NULL, the parameter would be ignored. + @param DataSize As input, point to the maximum size of return Data-Buffer. + As output, point to the actual size of the returned Data-Buffer. + @param Data Point to return Data-Buffer. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_NOT_FOUND The variable was not found. + @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has + been updated with the size needed to complete the request. + @retval EFI_INVALID_PARAMETER VariableName is NULL. + @retval EFI_INVALID_PARAMETER VendorGuid is NULL. + @retval EFI_INVALID_PARAMETER DataSize is NULL. + @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error. + @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure. +**/ +EFI_STATUS +EFIAPI +InternalGetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data + ); + +/** + This service is a wrapper for the UEFI Runtime Service SetVariable() + + @param VariableName the name of the vendor's variable, as a + Null-Terminated Unicode String + @param VendorGuid Unify identifier for vendor. + @param Attributes Point to memory location to return the attributes of variable. If the point + is NULL, the parameter would be ignored. + @param DataSize The size in bytes of Data-Buffer. + @param Data Point to the content of the variable. + + @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as + defined by the Attributes. + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the + DataSize exceeds the maximum allowed. + @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure. + @retval EFI_WRITE_PROTECTED The variable in question is read-only. + @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + set but the AuthInfo does NOT pass the validation check carried + out by the firmware. + @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found. + +**/ +EFI_STATUS +EFIAPI +InternalSetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ); + +/** + This service is a checker handler for the UEFI Runtime Service SetVariable() + + @param VariableName the name of the vendor's variable, as a + Null-Terminated Unicode String + @param VendorGuid Unify identifier for vendor. + @param Attributes Point to memory location to return the attributes of variable. If the point + is NULL, the parameter would be ignored. + @param DataSize The size in bytes of Data-Buffer. + @param Data Point to the content of the variable. + + @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as + defined by the Attributes. + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the + DataSize exceeds the maximum allowed. + @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure. + @retval EFI_WRITE_PROTECTED The variable in question is read-only. + @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + set but the AuthInfo does NOT pass the validation check carried + out by the firmware. + @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found. + +**/ +EFI_STATUS +EFIAPI +SetVariableCheckHandlerMor ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ); + +/** + Entry Point for MOR Lock Control driver. + + @param[in] ImageHandle Image handle of this driver. + @param[in] SystemTable A Pointer to the EFI System Table. + + @retval EFI_SUCCESS + @return Others Some error occurs. +**/ +EFI_STATUS +EFIAPI +MorLockDriverInit ( + VOID + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni new file mode 100644 index 00000000..711b37d8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLock.uni @@ -0,0 +1,16 @@ +// /** @file
+// Initializes MemoryOverwriteRequestControlLock variable
+//
+// This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once.
+//
+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Initializes MemoryOverwriteRequestControlLock variable"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni new file mode 100644 index 00000000..2679c08c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// TcgMorLock Localized Strings and Content
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG (Trusted Computing Group) MOR Lock"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c new file mode 100644 index 00000000..69ef5ad6 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.c @@ -0,0 +1,152 @@ +/** @file + TCG MOR (Memory Overwrite Request) Lock Control Driver SMM wrapper. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiSmm.h> +#include <Library/SmmServicesTableLib.h> +#include <Library/DebugLib.h> +#include <Protocol/SmmVarCheck.h> +#include <Protocol/SmmVariable.h> +#include "TcgMorLock.h" + +EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; + +/** + This service is a wrapper for the UEFI Runtime Service GetVariable(). + + @param VariableName the name of the vendor's variable, it's a Null-Terminated Unicode String + @param VendorGuid Unify identifier for vendor. + @param Attributes Point to memory location to return the attributes of variable. If the point + is NULL, the parameter would be ignored. + @param DataSize As input, point to the maximum size of return Data-Buffer. + As output, point to the actual size of the returned Data-Buffer. + @param Data Point to return Data-Buffer. + + @retval EFI_SUCCESS The function completed successfully. + @retval EFI_NOT_FOUND The variable was not found. + @retval EFI_BUFFER_TOO_SMALL The DataSize is too small for the result. DataSize has + been updated with the size needed to complete the request. + @retval EFI_INVALID_PARAMETER VariableName is NULL. + @retval EFI_INVALID_PARAMETER VendorGuid is NULL. + @retval EFI_INVALID_PARAMETER DataSize is NULL. + @retval EFI_INVALID_PARAMETER The DataSize is not too small and Data is NULL. + @retval EFI_DEVICE_ERROR The variable could not be retrieved due to a hardware error. + @retval EFI_SECURITY_VIOLATION The variable could not be retrieved due to an authentication failure. +**/ +EFI_STATUS +EFIAPI +InternalGetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + OUT UINT32 *Attributes OPTIONAL, + IN OUT UINTN *DataSize, + OUT VOID *Data + ) +{ + return mSmmVariable->SmmGetVariable ( + VariableName, + VendorGuid, + Attributes, + DataSize, + Data + ); +} + +/** + This service is a wrapper for the UEFI Runtime Service SetVariable() + + @param VariableName the name of the vendor's variable, as a + Null-Terminated Unicode String + @param VendorGuid Unify identifier for vendor. + @param Attributes Point to memory location to return the attributes of variable. If the point + is NULL, the parameter would be ignored. + @param DataSize The size in bytes of Data-Buffer. + @param Data Point to the content of the variable. + + @retval EFI_SUCCESS The firmware has successfully stored the variable and its data as + defined by the Attributes. + @retval EFI_INVALID_PARAMETER An invalid combination of attribute bits was supplied, or the + DataSize exceeds the maximum allowed. + @retval EFI_INVALID_PARAMETER VariableName is an empty Unicode string. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved due to a hardware failure. + @retval EFI_WRITE_PROTECTED The variable in question is read-only. + @retval EFI_WRITE_PROTECTED The variable in question cannot be deleted. + @retval EFI_SECURITY_VIOLATION The variable could not be written due to EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS + set but the AuthInfo does NOT pass the validation check carried + out by the firmware. + @retval EFI_NOT_FOUND The variable trying to be updated or deleted was not found. + +**/ +EFI_STATUS +EFIAPI +InternalSetVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT32 Attributes, + IN UINTN DataSize, + IN VOID *Data + ) +{ + return mSmmVariable->SmmSetVariable ( + VariableName, + VendorGuid, + Attributes, + DataSize, + Data + ); +} + +/** + Entry Point for MOR Lock Control driver. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS EntryPoint runs successfully. + +**/ +EFI_STATUS +EFIAPI +MorLockDriverEntryPointSmm ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EDKII_SMM_VAR_CHECK_PROTOCOL *SmmVarCheck; + + // + // This driver link to Smm Variable driver + // + DEBUG ((EFI_D_INFO, "MorLockDriverEntryPointSmm\n")); + + Status = gSmst->SmmLocateProtocol ( + &gEfiSmmVariableProtocolGuid, + NULL, + (VOID **) &mSmmVariable + ); + ASSERT_EFI_ERROR (Status); + + Status = gSmst->SmmLocateProtocol ( + &gEdkiiSmmVarCheckProtocolGuid, + NULL, + (VOID **) &SmmVarCheck + ); + ASSERT_EFI_ERROR (Status); + + Status = MorLockDriverInit (); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = SmmVarCheck->SmmRegisterSetVariableCheckHandler (SetVariableCheckHandlerMor); + ASSERT_EFI_ERROR (Status); + + return Status; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf new file mode 100644 index 00000000..4efbd6a6 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/MemoryOverwriteRequestControlLock/TcgMorLockSmm.inf @@ -0,0 +1,65 @@ +## @file +# Initializes MemoryOverwriteRequestControlLock variable +# +# This module will add Variable Hook and allow MemoryOverwriteRequestControlLock variable set only once. +# +# NOTE: This module only handles secure MOR V1 and is deprecated. +# The secure MOR V2 is handled inside of variable driver. +# +# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TcgMorLockSmm + MODULE_UNI_FILE = TcgMorLock.uni + FILE_GUID = E2EA6F47-E678-47FA-8C1B-02A03E825C6E + MODULE_TYPE = DXE_SMM_DRIVER + VERSION_STRING = 1.0 + PI_SPECIFICATION_VERSION = 0x0001000A + ENTRY_POINT = MorLockDriverEntryPointSmm + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + TcgMorLock.h + TcgMorLock.c + TcgMorLockSmm.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + UefiDriverEntryPoint + SmmServicesTableLib + DebugLib + BaseLib + BaseMemoryLib + +[Guids] + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteControlDataGuid + + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControlLock" + ## PRODUCES ## Variable:L"MemoryOverwriteRequestControlLock" + gEfiMemoryOverwriteRequestControlLockGuid + +[Protocols] + gEdkiiSmmVarCheckProtocolGuid ## CONSUMES + gEfiSmmVariableProtocolGuid ## CONSUMES + +[Depex] + gEfiSmmVariableProtocolGuid AND + gSmmVariableWriteGuid AND + ( gEfiTcgProtocolGuid OR gEfiTcg2ProtocolGuid ) + +[UserExtensions.TianoCore."ExtraFiles"] + TcgMorLockExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c new file mode 100644 index 00000000..8d78650a --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/ComponentName.c @@ -0,0 +1,392 @@ +/** @file + UEFI Component Name(2) protocol implementation for Opal driver. + +Copyright (c) 2016, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "OpalDriver.h" + +// +// EFI Component Name Protocol +// +GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME_PROTOCOL gOpalComponentName = { + OpalEfiDriverComponentNameGetDriverName, + OpalEfiDriverComponentNameGetControllerName, + "eng" +}; + +// +// EFI Component Name 2 Protocol +// +GLOBAL_REMOVE_IF_UNREFERENCED EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2 = { + OpalEfiDriverComponentName2GetDriverName, + OpalEfiDriverComponentName2GetControllerName, + "en" +}; + + +/// The name of the driver in all the languages we support. +GLOBAL_REMOVE_IF_UNREFERENCED EFI_UNICODE_STRING_TABLE mOpalDriverNameTable[] = { + { LANGUAGE_RFC_3066_ENGLISH, (CHAR16*)EFI_DRIVER_NAME_UNICODE }, + { LANGUAGE_ISO_639_2_ENGLISH, (CHAR16*)EFI_DRIVER_NAME_UNICODE }, + { 0, 0 } +}; + +/** + Retrieves a Unicode string that is the user readable name of the driver. + + This function retrieves the user readable name of a driver in the form of a + Unicode string. If the driver specified by This has a user readable name in + the language specified by Language, then a pointer to the driver name is + returned in DriverName, and EFI_SUCCESS is returned. If the driver specified + by This does not support the language specified by Language, + then EFI_UNSUPPORTED is returned. + + @param This[in] A pointer to the EFI_COMPONENT_NAME2_PROTOCOL or + EFI_COMPONENT_NAME_PROTOCOL instance. + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified + in RFC 4646 or ISO 639-2 language code format. + + @param DriverName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + driver specified by This in the language + specified by Language. + + @retval EFI_SUCCESS The Unicode string for the Driver specified by + This and the language specified by Language was + returned in DriverName. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER DriverName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverComponentNameGetDriverName( + EFI_COMPONENT_NAME_PROTOCOL* This, + CHAR8* Language, + CHAR16** DriverName + ) +{ + return LookupUnicodeString2( + Language, + This->SupportedLanguages, + mOpalDriverNameTable, + DriverName, + TRUE + ); +} + +/** + Retrieves a Unicode string that is the user readable name of the driver. + + This function retrieves the user readable name of a driver in the form of a + Unicode string. If the driver specified by This has a user readable name in + the language specified by Language, then a pointer to the driver name is + returned in DriverName, and EFI_SUCCESS is returned. If the driver specified + by This does not support the language specified by Language, + then EFI_UNSUPPORTED is returned. + + @param This[in] A pointer to the EFI_COMPONENT_NAME2_PROTOCOL or + EFI_COMPONENT_NAME_PROTOCOL instance. + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified + in RFC 4646 or ISO 639-2 language code format. + + @param DriverName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + driver specified by This in the language + specified by Language. + + @retval EFI_SUCCESS The Unicode string for the Driver specified by + This and the language specified by Language was + returned in DriverName. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER DriverName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverComponentName2GetDriverName( + EFI_COMPONENT_NAME2_PROTOCOL* This, + CHAR8* Language, + CHAR16** DriverName + ) +{ + return LookupUnicodeString2( + Language, + This->SupportedLanguages, + mOpalDriverNameTable, + DriverName, + FALSE + ); +} + +/** + Retrieves a Unicode string that is the user readable name of the controller + that is being managed by a driver. + + This function retrieves the user readable name of the controller specified by + ControllerHandle and ChildHandle in the form of a Unicode string. If the + driver specified by This has a user readable name in the language specified by + Language, then a pointer to the controller name is returned in ControllerName, + and EFI_SUCCESS is returned. If the driver specified by This is not currently + managing the controller specified by ControllerHandle and ChildHandle, + then EFI_UNSUPPORTED is returned. If the driver specified by This does not + support the language specified by Language, then EFI_UNSUPPORTED is returned. + + @param ControllerHandle[in] The handle of a controller that the driver + specified by This is managing. This handle + specifies the controller whose name is to be + returned. + + @param ChildHandle[in] The handle of the child controller to retrieve + the name of. This is an optional parameter that + may be NULL. It will be NULL for device + drivers. It will also be NULL for a bus drivers + that wish to retrieve the name of the bus + controller. It will not be NULL for a bus + driver that wishes to retrieve the name of a + child controller. + + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified in + RFC 4646 or ISO 639-2 language code format. + + @param ControllerName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + controller specified by ControllerHandle and + ChildHandle in the language specified by + Language from the point of view of the driver + specified by This. + + @retval EFI_SUCCESS The Unicode string for the user readable name in + the language specified by Language for the + driver specified by This was returned in + DriverName. + + @retval EFI_INVALID_PARAMETER ControllerHandle is NULL. + + @retval EFI_INVALID_PARAMETER ChildHandle is not NULL and it is not a valid + EFI_HANDLE. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER ControllerName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This is not currently + managing the controller specified by + ControllerHandle and ChildHandle. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +GetControllerName( + EFI_HANDLE ControllerHandle, + EFI_HANDLE ChildHandle, + CHAR8* Language, + CHAR16** ControllerName + ) +{ + if (Language == NULL || ControllerName == NULL || ControllerHandle == NULL) { + return EFI_INVALID_PARAMETER; + } + + // don't support any controller or children names + return EFI_UNSUPPORTED; +} + +/** + Retrieves a Unicode string that is the user readable name of the controller + that is being managed by a driver. + + This function retrieves the user readable name of the controller specified by + ControllerHandle and ChildHandle in the form of a Unicode string. If the + driver specified by This has a user readable name in the language specified by + Language, then a pointer to the controller name is returned in ControllerName, + and EFI_SUCCESS is returned. If the driver specified by This is not currently + managing the controller specified by ControllerHandle and ChildHandle, + then EFI_UNSUPPORTED is returned. If the driver specified by This does not + support the language specified by Language, then EFI_UNSUPPORTED is returned. + + @param This[in] A pointer to the EFI_COMPONENT_NAME2_PROTOCOL or + EFI_COMPONENT_NAME_PROTOCOL instance. + + @param ControllerHandle[in] The handle of a controller that the driver + specified by This is managing. This handle + specifies the controller whose name is to be + returned. + + @param ChildHandle[in] The handle of the child controller to retrieve + the name of. This is an optional parameter that + may be NULL. It will be NULL for device + drivers. It will also be NULL for a bus drivers + that wish to retrieve the name of the bus + controller. It will not be NULL for a bus + driver that wishes to retrieve the name of a + child controller. + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified in + RFC 4646 or ISO 639-2 language code format. + + @param ControllerName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + controller specified by ControllerHandle and + ChildHandle in the language specified by + Language from the point of view of the driver + specified by This. + + @retval EFI_SUCCESS The Unicode string for the user readable name in + the language specified by Language for the + driver specified by This was returned in + DriverName. + + @retval EFI_INVALID_PARAMETER ControllerHandle is NULL. + + @retval EFI_INVALID_PARAMETER ChildHandle is not NULL and it is not a valid + EFI_HANDLE. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER ControllerName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This is not currently + managing the controller specified by + ControllerHandle and ChildHandle. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverComponentNameGetControllerName( + EFI_COMPONENT_NAME_PROTOCOL* This, + EFI_HANDLE ControllerHandle, + EFI_HANDLE ChildHandle, + CHAR8* Language, + CHAR16** ControllerName + ) +{ + return (GetControllerName( ControllerHandle, ChildHandle, Language, ControllerName)); +} + +/** + Retrieves a Unicode string that is the user readable name of the controller + that is being managed by a driver. + + This function retrieves the user readable name of the controller specified by + ControllerHandle and ChildHandle in the form of a Unicode string. If the + driver specified by This has a user readable name in the language specified by + Language, then a pointer to the controller name is returned in ControllerName, + and EFI_SUCCESS is returned. If the driver specified by This is not currently + managing the controller specified by ControllerHandle and ChildHandle, + then EFI_UNSUPPORTED is returned. If the driver specified by This does not + support the language specified by Language, then EFI_UNSUPPORTED is returned. + + @param This[in] A pointer to the EFI_COMPONENT_NAME2_PROTOCOL or + EFI_COMPONENT_NAME_PROTOCOL instance. + + @param ControllerHandle[in] The handle of a controller that the driver + specified by This is managing. This handle + specifies the controller whose name is to be + returned. + + @param ChildHandle[in] The handle of the child controller to retrieve + the name of. This is an optional parameter that + may be NULL. It will be NULL for device + drivers. It will also be NULL for a bus drivers + that wish to retrieve the name of the bus + controller. It will not be NULL for a bus + driver that wishes to retrieve the name of a + child controller. + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified in + RFC 4646 or ISO 639-2 language code format. + + @param ControllerName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + controller specified by ControllerHandle and + ChildHandle in the language specified by + Language from the point of view of the driver + specified by This. + + @retval EFI_SUCCESS The Unicode string for the user readable name in + the language specified by Language for the + driver specified by This was returned in + DriverName. + + @retval EFI_INVALID_PARAMETER ControllerHandle is NULL. + + @retval EFI_INVALID_PARAMETER ChildHandle is not NULL and it is not a valid + EFI_HANDLE. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER ControllerName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This is not currently + managing the controller specified by + ControllerHandle and ChildHandle. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverComponentName2GetControllerName( + EFI_COMPONENT_NAME2_PROTOCOL* This, + EFI_HANDLE ControllerHandle, + EFI_HANDLE ChildHandle, + CHAR8* Language, + CHAR16** ControllerName + ) +{ + return (GetControllerName(ControllerHandle, ChildHandle, Language, ControllerName)); +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c new file mode 100644 index 00000000..e4987ba2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.c @@ -0,0 +1,2966 @@ +/** @file + Entrypoint of Opal UEFI Driver and contains all the logic to + register for new Opal device instances. + +Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +// This UEFI driver consumes EFI_STORAGE_SECURITY_PROTOCOL instances and installs an +// HII GUI to manage Opal features if the device is Opal capable +// If the Opal device is being managed by the UEFI Driver, it shall provide a popup +// window during boot requesting a user password + +#include "OpalDriver.h" +#include "OpalHii.h" + +EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID; + +BOOLEAN mOpalEndOfDxe = FALSE; +OPAL_REQUEST_VARIABLE *mOpalRequestVariable = NULL; +UINTN mOpalRequestVariableSize = 0; +CHAR16 mPopUpString[100]; + +OPAL_DRIVER mOpalDriver; + +// +// Globals +// +EFI_DRIVER_BINDING_PROTOCOL gOpalDriverBinding = { + OpalEfiDriverBindingSupported, + OpalEfiDriverBindingStart, + OpalEfiDriverBindingStop, + 0x1b, + NULL, + NULL +}; + +/** + + The function determines the available actions for the OPAL_DISK provided. + + @param[in] SupportedAttributes The supported attributes for the device. + @param[in] LockingFeature The locking status for the device. + @param[in] OwnerShip The ownership for the device. + @param[out] AvalDiskActions Pointer to fill-out with appropriate disk actions. + +**/ +TCG_RESULT +EFIAPI +OpalSupportGetAvailableActions( + IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature, + IN UINT16 OwnerShip, + OUT OPAL_DISK_ACTIONS *AvalDiskActions + ) +{ + BOOLEAN ExistingPassword; + + NULL_CHECK(AvalDiskActions); + + AvalDiskActions->AdminPass = 1; + AvalDiskActions->UserPass = 0; + AvalDiskActions->DisableUser = 0; + AvalDiskActions->Unlock = 0; + + // + // Revert is performed on locking sp, so only allow if locking sp is enabled + // + if (LockingFeature->LockingEnabled) { + AvalDiskActions->Revert = 1; + } + + // + // Psid revert is available for any device with media encryption support or pyrite 2.0 type support. + // + if (SupportedAttributes->PyriteSscV2 || SupportedAttributes->MediaEncryption) { + + // + // Only allow psid revert if media encryption is enabled or pyrite 2.0 type support.. + // Otherwise, someone who steals a disk can psid revert the disk and the user Data is still + // intact and accessible + // + AvalDiskActions->PsidRevert = 1; + AvalDiskActions->RevertKeepDataForced = 0; + + // + // Secure erase is performed by generating a new encryption key + // this is only available if encryption is supported + // + AvalDiskActions->SecureErase = 1; + } else { + AvalDiskActions->PsidRevert = 0; + AvalDiskActions->SecureErase = 0; + + // + // If no media encryption is supported, then a revert (using password) will not + // erase the Data (since you can't generate a new encryption key) + // + AvalDiskActions->RevertKeepDataForced = 1; + } + + if (LockingFeature->Locked) { + AvalDiskActions->Unlock = 1; + } else { + AvalDiskActions->Unlock = 0; + } + + // + // Only allow user to set password if an admin password exists + // + ExistingPassword = OpalUtilAdminPasswordExists(OwnerShip, LockingFeature); + AvalDiskActions->UserPass = ExistingPassword; + + // + // This will still show up even if there isn't a user, which is fine + // + AvalDiskActions->DisableUser = ExistingPassword; + + return TcgResultSuccess; +} + +/** + Enable Opal Feature for the input device. + + @param[in] Session The opal session for the opal device. + @param[in] Msid Msid + @param[in] MsidLength Msid Length + @param[in] Password Admin password + @param[in] PassLength Length of password in bytes + +**/ +TCG_RESULT +EFIAPI +OpalSupportEnableOpalFeature ( + IN OPAL_SESSION *Session, + IN VOID *Msid, + IN UINT32 MsidLength, + IN VOID *Password, + IN UINT32 PassLength + ) +{ + TCG_RESULT Ret; + + NULL_CHECK(Session); + NULL_CHECK(Msid); + NULL_CHECK(Password); + + Ret = OpalUtilSetAdminPasswordAsSid( + Session, + Msid, + MsidLength, + Password, + PassLength + ); + if (Ret == TcgResultSuccess) { + // + // Enable global locking range + // + Ret = OpalUtilSetOpalLockingRange( + Session, + Password, + PassLength, + OPAL_LOCKING_SP_LOCKING_GLOBALRANGE, + 0, + 0, + TRUE, + TRUE, + FALSE, + FALSE + ); + } + + return Ret; +} + +/** + Update password for the Opal disk. + + @param[in, out] OpalDisk The disk to update password. + @param[in] Password The input password. + @param[in] PasswordLength The input password length. + +**/ +VOID +OpalSupportUpdatePassword ( + IN OUT OPAL_DISK *OpalDisk, + IN VOID *Password, + IN UINT32 PasswordLength + ) +{ + CopyMem (OpalDisk->Password, Password, PasswordLength); + OpalDisk->PasswordLength = (UINT8) PasswordLength; +} + +/** + Extract device info from the device path. + + @param[in] DevicePath Device path info for the device. + @param[out] DevInfoLength Device information length needed. + @param[out] DevInfo Device information extracted. + +**/ +VOID +ExtractDeviceInfoFromDevicePath ( + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, + OUT UINT32 *DevInfoLength, + OUT OPAL_DEVICE_LOCKBOX_DATA *DevInfo OPTIONAL + ) +{ + EFI_DEVICE_PATH_PROTOCOL *TmpDevPath; + EFI_DEVICE_PATH_PROTOCOL *TmpDevPath2; + PCI_DEVICE_PATH *PciDevPath; + UINT8 DeviceType; + UINT8 BusNum; + OPAL_PCI_DEVICE *PciDevice; + + ASSERT (DevicePath != NULL); + ASSERT (DevInfoLength != NULL); + + DeviceType = OPAL_DEVICE_TYPE_UNKNOWN; + *DevInfoLength = 0; + + TmpDevPath = DevicePath; + + // + // Get device type. + // + while (!IsDevicePathEnd (TmpDevPath)) { + if ((TmpDevPath->Type == MESSAGING_DEVICE_PATH) && + (TmpDevPath->SubType == MSG_SATA_DP || TmpDevPath->SubType == MSG_NVME_NAMESPACE_DP)) { + if (DevInfo != NULL) { + DevInfo->DevicePathLength = (UINT32) GetDevicePathSize (DevicePath); + CopyMem (DevInfo->DevicePath, DevicePath, DevInfo->DevicePathLength); + } + + DeviceType = (TmpDevPath->SubType == MSG_SATA_DP) ? OPAL_DEVICE_TYPE_ATA : OPAL_DEVICE_TYPE_NVME; + *DevInfoLength = sizeof (OPAL_DEVICE_LOCKBOX_DATA) + (UINT32) GetDevicePathSize (DevicePath); + break; + } + TmpDevPath = NextDevicePathNode (TmpDevPath); + } + + // + // Get device info. + // + BusNum = 0; + TmpDevPath = DevicePath; + TmpDevPath2 = NextDevicePathNode (DevicePath); + while (!IsDevicePathEnd (TmpDevPath2)) { + if (TmpDevPath->Type == HARDWARE_DEVICE_PATH && TmpDevPath->SubType == HW_PCI_DP) { + PciDevPath = (PCI_DEVICE_PATH *) TmpDevPath; + if ((TmpDevPath2->Type == MESSAGING_DEVICE_PATH) && + (TmpDevPath2->SubType == MSG_SATA_DP || TmpDevPath2->SubType == MSG_NVME_NAMESPACE_DP)) { + if (DevInfo != NULL) { + PciDevice = &DevInfo->Device; + PciDevice->Segment = 0; + PciDevice->Bus = BusNum; + PciDevice->Device = PciDevPath->Device; + PciDevice->Function = PciDevPath->Function; + } + } else { + if (TmpDevPath2->Type == HARDWARE_DEVICE_PATH && TmpDevPath2->SubType == HW_PCI_DP) { + BusNum = PciRead8 (PCI_LIB_ADDRESS (BusNum, PciDevPath->Device, PciDevPath->Function, PCI_BRIDGE_SECONDARY_BUS_REGISTER_OFFSET)); + } + } + } + + TmpDevPath = NextDevicePathNode (TmpDevPath); + TmpDevPath2 = NextDevicePathNode (TmpDevPath2); + } + + ASSERT (DeviceType != OPAL_DEVICE_TYPE_UNKNOWN); + return; +} + +/** + Build OPAL device info and save them to LockBox. + + **/ +VOID +BuildOpalDeviceInfo ( + VOID + ) +{ + EFI_STATUS Status; + OPAL_DEVICE_LOCKBOX_DATA *DevInfo; + OPAL_DEVICE_LOCKBOX_DATA *TempDevInfo; + UINTN TotalDevInfoLength; + UINT32 DevInfoLength; + OPAL_DRIVER_DEVICE *TmpDev; + UINT8 DummyData; + BOOLEAN S3InitDevicesExist; + UINTN S3InitDevicesLength; + EFI_DEVICE_PATH_PROTOCOL *S3InitDevices; + EFI_DEVICE_PATH_PROTOCOL *S3InitDevicesBak; + + // + // Build OPAL device info and save them to LockBox. + // + TotalDevInfoLength = 0; + TmpDev = mOpalDriver.DeviceList; + while (TmpDev != NULL) { + ExtractDeviceInfoFromDevicePath ( + TmpDev->OpalDisk.OpalDevicePath, + &DevInfoLength, + NULL + ); + TotalDevInfoLength += DevInfoLength; + TmpDev = TmpDev->Next; + } + + if (TotalDevInfoLength == 0) { + return; + } + + S3InitDevicesLength = sizeof (DummyData); + Status = RestoreLockBox ( + &gS3StorageDeviceInitListGuid, + &DummyData, + &S3InitDevicesLength + ); + ASSERT ((Status == EFI_NOT_FOUND) || (Status == EFI_BUFFER_TOO_SMALL)); + if (Status == EFI_NOT_FOUND) { + S3InitDevices = NULL; + S3InitDevicesExist = FALSE; + } else if (Status == EFI_BUFFER_TOO_SMALL) { + S3InitDevices = AllocatePool (S3InitDevicesLength); + ASSERT (S3InitDevices != NULL); + if (S3InitDevices == NULL) { + return; + } + + Status = RestoreLockBox ( + &gS3StorageDeviceInitListGuid, + S3InitDevices, + &S3InitDevicesLength + ); + ASSERT_EFI_ERROR (Status); + S3InitDevicesExist = TRUE; + } else { + return; + } + + DevInfo = AllocateZeroPool (TotalDevInfoLength); + ASSERT (DevInfo != NULL); + if (DevInfo == NULL) { + return; + } + + TempDevInfo = DevInfo; + TmpDev = mOpalDriver.DeviceList; + while (TmpDev != NULL) { + ExtractDeviceInfoFromDevicePath ( + TmpDev->OpalDisk.OpalDevicePath, + &DevInfoLength, + TempDevInfo + ); + TempDevInfo->Length = DevInfoLength; + TempDevInfo->OpalBaseComId = TmpDev->OpalDisk.OpalBaseComId; + CopyMem ( + TempDevInfo->Password, + TmpDev->OpalDisk.Password, + TmpDev->OpalDisk.PasswordLength + ); + TempDevInfo->PasswordLength = TmpDev->OpalDisk.PasswordLength; + + S3InitDevicesBak = S3InitDevices; + S3InitDevices = AppendDevicePathInstance ( + S3InitDevicesBak, + TmpDev->OpalDisk.OpalDevicePath + ); + if (S3InitDevicesBak != NULL) { + FreePool (S3InitDevicesBak); + } + ASSERT (S3InitDevices != NULL); + if (S3InitDevices == NULL) { + return; + } + + TempDevInfo = (OPAL_DEVICE_LOCKBOX_DATA *) ((UINTN) TempDevInfo + DevInfoLength); + TmpDev = TmpDev->Next; + } + + Status = SaveLockBox ( + &mOpalDeviceLockBoxGuid, + DevInfo, + TotalDevInfoLength + ); + ASSERT_EFI_ERROR (Status); + + Status = SetLockBoxAttributes ( + &mOpalDeviceLockBoxGuid, + LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY + ); + ASSERT_EFI_ERROR (Status); + + S3InitDevicesLength = GetDevicePathSize (S3InitDevices); + if (S3InitDevicesExist) { + Status = UpdateLockBox ( + &gS3StorageDeviceInitListGuid, + 0, + S3InitDevices, + S3InitDevicesLength + ); + ASSERT_EFI_ERROR (Status); + } else { + Status = SaveLockBox ( + &gS3StorageDeviceInitListGuid, + S3InitDevices, + S3InitDevicesLength + ); + ASSERT_EFI_ERROR (Status); + + Status = SetLockBoxAttributes ( + &gS3StorageDeviceInitListGuid, + LOCK_BOX_ATTRIBUTE_RESTORE_IN_S3_ONLY + ); + ASSERT_EFI_ERROR (Status); + } + + ZeroMem (DevInfo, TotalDevInfoLength); + FreePool (DevInfo); + FreePool (S3InitDevices); +} + +/** + + Send BlockSid command if needed. + +**/ +VOID +SendBlockSidCommand ( + VOID + ) +{ + OPAL_DRIVER_DEVICE *Itr; + TCG_RESULT Result; + OPAL_SESSION Session; + UINT32 PpStorageFlag; + + PpStorageFlag = Tcg2PhysicalPresenceLibGetManagementFlags (); + if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) { + // + // Send BlockSID command to each Opal disk + // + Itr = mOpalDriver.DeviceList; + while (Itr != NULL) { + if (Itr->OpalDisk.SupportedAttributes.BlockSid) { + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Itr->OpalDisk.Sscp; + Session.MediaId = Itr->OpalDisk.MediaId; + Session.OpalBaseComId = Itr->OpalDisk.OpalBaseComId; + + DEBUG ((DEBUG_INFO, "OpalPassword: EndOfDxe point, send BlockSid command to device!\n")); + Result = OpalBlockSid (&Session, TRUE); // HardwareReset must always be TRUE + if (Result != TcgResultSuccess) { + DEBUG ((DEBUG_ERROR, "OpalBlockSid fail\n")); + break; + } + + // + // Record BlockSID command has been sent. + // + Itr->OpalDisk.SentBlockSID = TRUE; + } + + Itr = Itr->Next; + } + } +} + +/** + Notification function of EFI_END_OF_DXE_EVENT_GROUP_GUID event group. + + This is a notification function registered on EFI_END_OF_DXE_EVENT_GROUP_GUID event group. + + @param Event Event whose notification function is being invoked. + @param Context Pointer to the notification function's context. + +**/ +VOID +EFIAPI +OpalEndOfDxeEventNotify ( + EFI_EVENT Event, + VOID *Context + ) +{ + OPAL_DRIVER_DEVICE *TmpDev; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + mOpalEndOfDxe = TRUE; + + if (mOpalRequestVariable != NULL) { + // + // Free the OPAL request variable buffer here + // as the OPAL requests should have been processed. + // + FreePool (mOpalRequestVariable); + mOpalRequestVariable = NULL; + mOpalRequestVariableSize = 0; + } + + // + // If no any device, return directly. + // + if (mOpalDriver.DeviceList == NULL) { + gBS->CloseEvent (Event); + return; + } + + BuildOpalDeviceInfo (); + + // + // Zero passsword. + // + TmpDev = mOpalDriver.DeviceList; + while (TmpDev != NULL) { + ZeroMem (TmpDev->OpalDisk.Password, TmpDev->OpalDisk.PasswordLength); + TmpDev = TmpDev->Next; + } + + // + // Send BlockSid command if needed. + // + SendBlockSidCommand (); + + DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); + + gBS->CloseEvent (Event); +} + +/** + Get Psid input from the popup window. + + @param[in] Dev The device which need Psid to process Psid Revert + OPAL request. + @param[in] PopUpString Pop up string. + @param[in] PopUpString2 Pop up string in line 2. + @param[in] PopUpString3 Pop up string in line 3. + + @param[out] PressEsc Whether user escape function through Press ESC. + + @retval Psid string if success. NULL if failed. + +**/ +CHAR8 * +OpalDriverPopUpPsidInput ( + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *PopUpString, + IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, + OUT BOOLEAN *PressEsc + ) +{ + EFI_INPUT_KEY InputKey; + UINTN InputLength; + CHAR16 Mask[PSID_CHARACTER_LENGTH + 1]; + CHAR16 Unicode[PSID_CHARACTER_LENGTH + 1]; + CHAR8 *Ascii; + + ZeroMem(Unicode, sizeof(Unicode)); + ZeroMem(Mask, sizeof(Mask)); + + *PressEsc = FALSE; + + gST->ConOut->ClearScreen(gST->ConOut); + + InputLength = 0; + while (TRUE) { + Mask[InputLength] = L'_'; + if (PopUpString2 == NULL) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + L"---------------------", + Mask, + NULL + ); + } else { + if (PopUpString3 == NULL) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + L"---------------------", + Mask, + NULL + ); + } else { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString, + PopUpString2, + PopUpString3, + L"---------------------", + Mask, + NULL + ); + } + } + + // + // Check key. + // + if (InputKey.ScanCode == SCAN_NULL) { + // + // password finished + // + if (InputKey.UnicodeChar == CHAR_CARRIAGE_RETURN) { + // + // Add the null terminator. + // + Unicode[InputLength] = 0; + Mask[InputLength] = 0; + break; + } else if ((InputKey.UnicodeChar == CHAR_NULL) || + (InputKey.UnicodeChar == CHAR_TAB) || + (InputKey.UnicodeChar == CHAR_LINEFEED) + ) { + continue; + } else { + // + // delete last key entered + // + if (InputKey.UnicodeChar == CHAR_BACKSPACE) { + if (InputLength > 0) { + Unicode[InputLength] = 0; + Mask[InputLength] = 0; + InputLength--; + } + } else { + // + // add Next key entry + // + Unicode[InputLength] = InputKey.UnicodeChar; + Mask[InputLength] = InputKey.UnicodeChar; + InputLength++; + if (InputLength == PSID_CHARACTER_LENGTH) { + // + // Add the null terminator. + // + Unicode[InputLength] = 0; + Mask[InputLength] = 0; + break; + } + } + } + } + + // + // exit on ESC + // + if (InputKey.ScanCode == SCAN_ESC) { + *PressEsc = TRUE; + break; + } + } + + gST->ConOut->ClearScreen(gST->ConOut); + + if (InputLength == 0 || InputKey.ScanCode == SCAN_ESC) { + ZeroMem (Unicode, sizeof (Unicode)); + ZeroMem (Mask, sizeof (Mask)); + return NULL; + } + + Ascii = AllocateZeroPool (PSID_CHARACTER_LENGTH + 1); + if (Ascii == NULL) { + ZeroMem (Unicode, sizeof (Unicode)); + ZeroMem (Mask, sizeof (Mask)); + return NULL; + } + + UnicodeStrToAsciiStrS (Unicode, Ascii, PSID_CHARACTER_LENGTH + 1); + ZeroMem (Unicode, sizeof (Unicode)); + ZeroMem (Mask, sizeof (Mask)); + + return Ascii; +} + + +/** + Get password input from the popup window. + + @param[in] Dev The device which need password to unlock or + process OPAL request. + @param[in] PopUpString1 Pop up string 1. + @param[in] PopUpString2 Pop up string 2. + @param[in] PopUpString3 Pop up string 3. + @param[out] PressEsc Whether user escape function through Press ESC. + + @retval Password string if success. NULL if failed. + +**/ +CHAR8 * +OpalDriverPopUpPasswordInput ( + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *PopUpString1, + IN CHAR16 *PopUpString2, + IN CHAR16 *PopUpString3, + OUT BOOLEAN *PressEsc + ) +{ + EFI_INPUT_KEY InputKey; + UINTN InputLength; + CHAR16 Mask[OPAL_MAX_PASSWORD_SIZE + 1]; + CHAR16 Unicode[OPAL_MAX_PASSWORD_SIZE + 1]; + CHAR8 *Ascii; + + ZeroMem(Unicode, sizeof(Unicode)); + ZeroMem(Mask, sizeof(Mask)); + + *PressEsc = FALSE; + + gST->ConOut->ClearScreen(gST->ConOut); + + InputLength = 0; + while (TRUE) { + Mask[InputLength] = L'_'; + if (PopUpString2 == NULL) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + L"---------------------", + Mask, + NULL + ); + } else { + if (PopUpString3 == NULL) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + PopUpString2, + L"---------------------", + Mask, + NULL + ); + } else { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &InputKey, + PopUpString1, + PopUpString2, + PopUpString3, + L"---------------------", + Mask, + NULL + ); + } + } + + // + // Check key. + // + if (InputKey.ScanCode == SCAN_NULL) { + // + // password finished + // + if (InputKey.UnicodeChar == CHAR_CARRIAGE_RETURN) { + // + // Add the null terminator. + // + Unicode[InputLength] = 0; + Mask[InputLength] = 0; + break; + } else if ((InputKey.UnicodeChar == CHAR_NULL) || + (InputKey.UnicodeChar == CHAR_TAB) || + (InputKey.UnicodeChar == CHAR_LINEFEED) + ) { + continue; + } else { + // + // delete last key entered + // + if (InputKey.UnicodeChar == CHAR_BACKSPACE) { + if (InputLength > 0) { + Unicode[InputLength] = 0; + Mask[InputLength] = 0; + InputLength--; + } + } else { + // + // add Next key entry + // + Unicode[InputLength] = InputKey.UnicodeChar; + Mask[InputLength] = L'*'; + InputLength++; + if (InputLength == OPAL_MAX_PASSWORD_SIZE) { + // + // Add the null terminator. + // + Unicode[InputLength] = 0; + Mask[InputLength] = 0; + break; + } + } + } + } + + // + // exit on ESC + // + if (InputKey.ScanCode == SCAN_ESC) { + *PressEsc = TRUE; + break; + } + } + + gST->ConOut->ClearScreen(gST->ConOut); + + if (InputLength == 0 || InputKey.ScanCode == SCAN_ESC) { + ZeroMem (Unicode, sizeof (Unicode)); + return NULL; + } + + Ascii = AllocateZeroPool (OPAL_MAX_PASSWORD_SIZE + 1); + if (Ascii == NULL) { + ZeroMem (Unicode, sizeof (Unicode)); + return NULL; + } + + UnicodeStrToAsciiStrS (Unicode, Ascii, OPAL_MAX_PASSWORD_SIZE + 1); + ZeroMem (Unicode, sizeof (Unicode)); + + return Ascii; +} + +/** + Get pop up string. + + @param[in] Dev The OPAL device. + @param[in] RequestString Request string. + + @return Pop up string. + +**/ +CHAR16 * +OpalGetPopUpString ( + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString + ) +{ + if (Dev->Name16 == NULL) { + UnicodeSPrint (mPopUpString, sizeof (mPopUpString), L"%s Disk", RequestString); + } else { + UnicodeSPrint (mPopUpString, sizeof (mPopUpString), L"%s %s", RequestString, Dev->Name16); + } + + return mPopUpString; +} + +/** + Check if disk is locked, show popup window and ask for password if it is. + + @param[in] Dev The device which need to be unlocked. + @param[in] RequestString Request string. + +**/ +VOID +OpalDriverRequestPassword ( + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString + ) +{ + UINT8 Count; + BOOLEAN IsEnabled; + BOOLEAN IsLocked; + CHAR8 *Password; + UINT32 PasswordLen; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + CHAR16 *PopUpString; + + if (Dev == NULL) { + return; + } + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + PopUpString = OpalGetPopUpString (Dev, RequestString); + + Count = 0; + + IsEnabled = OpalFeatureEnabled (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature); + if (IsEnabled) { + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + + IsLocked = OpalDeviceLocked (&Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.LockingFeature); + + // + // Add PcdSkipOpalPasswordPrompt to determin whether to skip password prompt. + // Due to board design, device may not power off during system warm boot, which result in + // security status remain unlocked status, hence we add device security status check here. + // + // If device is in the locked status, device keeps locked and system continues booting. + // If device is in the unlocked status, system is forced shutdown to support security requirement. + // + if (PcdGetBool (PcdSkipOpalPasswordPrompt)) { + if (IsLocked) { + return; + } else { + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } + } + + while (Count < MAX_PASSWORD_TRY_COUNT) { + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL, &PressEsc); + if (PressEsc) { + if (IsLocked) { + // + // Current device in the lock status and + // User not input password and press ESC, + // keep device in lock status and continue boot. + // + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + // + // Keep lock and continue boot. + // + return; + } else { + // + // Let user input password again. + // + continue; + } + } else { + // + // Current device in the unlock status and + // User not input password and press ESC, + // Shutdown the device. + // + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to shutdown, Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } else { + // + // Let user input password again. + // + continue; + } + } + } + + if (Password == NULL) { + Count ++; + continue; + } + PasswordLen = (UINT32) AsciiStrLen(Password); + + if (IsLocked) { + Ret = OpalUtilUpdateGlobalLockingRange(&Session, Password, PasswordLen, FALSE, FALSE); + } else { + Ret = OpalUtilUpdateGlobalLockingRange(&Session, Password, PasswordLen, TRUE, TRUE); + if (Ret == TcgResultSuccess) { + Ret = OpalUtilUpdateGlobalLockingRange(&Session, Password, PasswordLen, FALSE, FALSE); + } + } + + if (Ret == TcgResultSuccess) { + OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); + DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); + } else { + DEBUG ((DEBUG_INFO, "%s Failure\n", RequestString)); + } + + if (Password != NULL) { + ZeroMem (Password, PasswordLen); + FreePool (Password); + } + + if (Ret == TcgResultSuccess) { + break; + } + + // + // Check whether opal device's Tries value has reach the TryLimit value, if yes, force a shutdown + // before accept new password. + // + if (Ret == TcgResultFailureInvalidType) { + Count = MAX_PASSWORD_TRY_COUNT; + break; + } + + Count++; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Invalid password.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } + + if (Count >= MAX_PASSWORD_TRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Opal password retry count exceeds the limit. Must shutdown!", + L"Press ENTER to shutdown", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + + gRT->ResetSystem (EfiResetShutdown, EFI_SUCCESS, 0, NULL); + } + } +} + +/** + Process Enable Feature OPAL request. + + @param[in] Dev The device which has Enable Feature OPAL request. + @param[in] RequestString Request string. + +**/ +VOID +ProcessOpalRequestEnableFeature ( + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString + ) +{ + UINT8 Count; + CHAR8 *Password; + UINT32 PasswordLen; + CHAR8 *PasswordConfirm; + UINT32 PasswordLenConfirm; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + CHAR16 *PopUpString; + + if (Dev == NULL) { + return; + } + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + PopUpString = OpalGetPopUpString (Dev, RequestString); + + Count = 0; + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + + while (Count < MAX_PASSWORD_TRY_COUNT) { + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", NULL, &PressEsc); + if (PressEsc) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + return; + } else { + // + // Let user input password again. + // + continue; + } + } + + if (Password == NULL) { + Count ++; + continue; + } + PasswordLen = (UINT32) AsciiStrLen(Password); + + PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc); + if (PasswordConfirm == NULL) { + ZeroMem (Password, PasswordLen); + FreePool (Password); + Count ++; + continue; + } + PasswordLenConfirm = (UINT32) AsciiStrLen(PasswordConfirm); + if ((PasswordLen != PasswordLenConfirm) || + (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) { + ZeroMem (Password, PasswordLen); + FreePool (Password); + ZeroMem (PasswordConfirm, PasswordLenConfirm); + FreePool (PasswordConfirm); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Passwords are not the same.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + Count ++; + continue; + } + + if (PasswordConfirm != NULL) { + ZeroMem (PasswordConfirm, PasswordLenConfirm); + FreePool (PasswordConfirm); + } + + Ret = OpalSupportEnableOpalFeature (&Session, Dev->OpalDisk.Msid, Dev->OpalDisk.MsidLength, Password, PasswordLen); + if (Ret == TcgResultSuccess) { + OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); + DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); + } else { + DEBUG ((DEBUG_INFO, "%s Failure\n", RequestString)); + } + + if (Password != NULL) { + ZeroMem (Password, PasswordLen); + FreePool (Password); + } + + if (Ret == TcgResultSuccess) { + break; + } + + Count++; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Request failed.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } + + if (Count >= MAX_PASSWORD_TRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Opal password retry count exceeds the limit.", + L"Press ENTER to skip the request and continue boot", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gST->ConOut->ClearScreen(gST->ConOut); + } +} + +/** + Process Disable User OPAL request. + + @param[in] Dev The device which has Disable User OPAL request. + @param[in] RequestString Request string. + +**/ +VOID +ProcessOpalRequestDisableUser ( + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString + ) +{ + UINT8 Count; + CHAR8 *Password; + UINT32 PasswordLen; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + BOOLEAN PasswordFailed; + CHAR16 *PopUpString; + + if (Dev == NULL) { + return; + } + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + PopUpString = OpalGetPopUpString (Dev, RequestString); + + Count = 0; + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + + while (Count < MAX_PASSWORD_TRY_COUNT) { + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, NULL, NULL, &PressEsc); + if (PressEsc) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + return; + } else { + // + // Let user input password again. + // + continue; + } + } + + if (Password == NULL) { + Count ++; + continue; + } + PasswordLen = (UINT32) AsciiStrLen(Password); + + Ret = OpalUtilDisableUser(&Session, Password, PasswordLen, &PasswordFailed); + if (Ret == TcgResultSuccess) { + OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); + DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); + } else { + DEBUG ((DEBUG_INFO, "%s Failure\n", RequestString)); + } + + if (Password != NULL) { + ZeroMem (Password, PasswordLen); + FreePool (Password); + } + + if (Ret == TcgResultSuccess) { + break; + } + + Count++; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Invalid password, request failed.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } + + if (Count >= MAX_PASSWORD_TRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Opal password retry count exceeds the limit.", + L"Press ENTER to skip the request and continue boot", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gST->ConOut->ClearScreen(gST->ConOut); + } +} + +/** + Process Psid Revert OPAL request. + + @param[in] Dev The device which has Psid Revert OPAL request. + @param[in] RequestString Request string. + +**/ +VOID +ProcessOpalRequestPsidRevert ( + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString + ) +{ + UINT8 Count; + CHAR8 *Psid; + UINT32 PsidLen; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + CHAR16 *PopUpString; + CHAR16 *PopUpString2; + CHAR16 *PopUpString3; + UINTN BufferSize; + + if (Dev == NULL) { + return; + } + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + PopUpString = OpalGetPopUpString (Dev, RequestString); + + if (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME) { + BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds"); + PopUpString2 = AllocateZeroPool (BufferSize); + ASSERT (PopUpString2 != NULL); + UnicodeSPrint ( + PopUpString2, + BufferSize, + L"WARNING: Revert action will take about %d seconds", + Dev->OpalDisk.EstimateTimeCost + ); + PopUpString3 = L"DO NOT power off system during the revert action!"; + } else { + PopUpString2 = NULL; + PopUpString3 = NULL; + } + + Count = 0; + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + + while (Count < MAX_PSID_TRY_COUNT) { + Psid = OpalDriverPopUpPsidInput (Dev, PopUpString, PopUpString2, PopUpString3, &PressEsc); + if (PressEsc) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input Psid again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + goto Done; + } else { + // + // Let user input Psid again. + // + continue; + } + } + + if (Psid == NULL) { + Count ++; + continue; + } + PsidLen = (UINT32) AsciiStrLen(Psid); + + Ret = OpalUtilPsidRevert(&Session, Psid, PsidLen); + if (Ret == TcgResultSuccess) { + DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); + } else { + DEBUG ((DEBUG_INFO, "%s Failure\n", RequestString)); + } + + if (Psid != NULL) { + ZeroMem (Psid, PsidLen); + FreePool (Psid); + } + + if (Ret == TcgResultSuccess) { + break; + } + + Count++; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Invalid Psid, request failed.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } + + if (Count >= MAX_PSID_TRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Opal Psid retry count exceeds the limit.", + L"Press ENTER to skip the request and continue boot", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gST->ConOut->ClearScreen(gST->ConOut); + } + +Done: + if (PopUpString2 != NULL) { + FreePool (PopUpString2); + } +} + +/** + Process Admin Revert OPAL request. + + @param[in] Dev The device which has Revert OPAL request. + @param[in] KeepUserData Whether to keep user data or not. + @param[in] RequestString Request string. + +**/ +VOID +ProcessOpalRequestRevert ( + IN OPAL_DRIVER_DEVICE *Dev, + IN BOOLEAN KeepUserData, + IN CHAR16 *RequestString + ) +{ + UINT8 Count; + CHAR8 *Password; + UINT32 PasswordLen; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + BOOLEAN PasswordFailed; + CHAR16 *PopUpString; + CHAR16 *PopUpString2; + CHAR16 *PopUpString3; + UINTN BufferSize; + + if (Dev == NULL) { + return; + } + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + PopUpString = OpalGetPopUpString (Dev, RequestString); + + if ((!KeepUserData) && + (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME)) { + BufferSize = StrSize (L"Warning: Revert action will take about ####### seconds"); + PopUpString2 = AllocateZeroPool (BufferSize); + ASSERT (PopUpString2 != NULL); + UnicodeSPrint ( + PopUpString2, + BufferSize, + L"WARNING: Revert action will take about %d seconds", + Dev->OpalDisk.EstimateTimeCost + ); + PopUpString3 = L"DO NOT power off system during the revert action!"; + } else { + PopUpString2 = NULL; + PopUpString3 = NULL; + } + + Count = 0; + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + + while (Count < MAX_PASSWORD_TRY_COUNT) { + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, PopUpString2, PopUpString3, &PressEsc); + if (PressEsc) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + goto Done; + } else { + // + // Let user input password again. + // + continue; + } + } + + if (Password == NULL) { + Count ++; + continue; + } + PasswordLen = (UINT32) AsciiStrLen(Password); + + if ((Dev->OpalDisk.SupportedAttributes.PyriteSsc == 1) && + (Dev->OpalDisk.LockingFeature.MediaEncryption == 0)) { + // + // For pyrite type device which does not support media encryption, + // it does not accept "Keep User Data" parameter. + // So here hardcode a FALSE for this case. + // + Ret = OpalUtilRevert( + &Session, + FALSE, + Password, + PasswordLen, + &PasswordFailed, + Dev->OpalDisk.Msid, + Dev->OpalDisk.MsidLength + ); + } else { + Ret = OpalUtilRevert( + &Session, + KeepUserData, + Password, + PasswordLen, + &PasswordFailed, + Dev->OpalDisk.Msid, + Dev->OpalDisk.MsidLength + ); + } + if (Ret == TcgResultSuccess) { + OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); + DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); + } else { + DEBUG ((DEBUG_INFO, "%s Failure\n", RequestString)); + } + + if (Password != NULL) { + ZeroMem (Password, PasswordLen); + FreePool (Password); + } + + if (Ret == TcgResultSuccess) { + break; + } + + Count++; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Invalid password, request failed.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } + + if (Count >= MAX_PASSWORD_TRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Opal password retry count exceeds the limit.", + L"Press ENTER to skip the request and continue boot", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gST->ConOut->ClearScreen(gST->ConOut); + } + +Done: + if (PopUpString2 != NULL) { + FreePool (PopUpString2); + } +} + +/** + Process Secure Erase OPAL request. + + @param[in] Dev The device which has Secure Erase OPAL request. + @param[in] RequestString Request string. + +**/ +VOID +ProcessOpalRequestSecureErase ( + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString + ) +{ + UINT8 Count; + CHAR8 *Password; + UINT32 PasswordLen; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + BOOLEAN PasswordFailed; + CHAR16 *PopUpString; + CHAR16 *PopUpString2; + CHAR16 *PopUpString3; + UINTN BufferSize; + + if (Dev == NULL) { + return; + } + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + PopUpString = OpalGetPopUpString (Dev, RequestString); + + if (Dev->OpalDisk.EstimateTimeCost > MAX_ACCEPTABLE_REVERTING_TIME) { + BufferSize = StrSize (L"Warning: Secure erase action will take about ####### seconds"); + PopUpString2 = AllocateZeroPool (BufferSize); + ASSERT (PopUpString2 != NULL); + UnicodeSPrint ( + PopUpString2, + BufferSize, + L"WARNING: Secure erase action will take about %d seconds", + Dev->OpalDisk.EstimateTimeCost + ); + PopUpString3 = L"DO NOT power off system during the action!"; + } else { + PopUpString2 = NULL; + PopUpString3 = NULL; + } + Count = 0; + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + + while (Count < MAX_PASSWORD_TRY_COUNT) { + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, PopUpString2, PopUpString3, &PressEsc); + if (PressEsc) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + goto Done; + } else { + // + // Let user input password again. + // + continue; + } + } + + if (Password == NULL) { + Count ++; + continue; + } + PasswordLen = (UINT32) AsciiStrLen(Password); + + Ret = OpalUtilSecureErase(&Session, Password, PasswordLen, &PasswordFailed); + if (Ret == TcgResultSuccess) { + OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); + DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); + } else { + DEBUG ((DEBUG_INFO, "%s Failure\n", RequestString)); + } + + if (Password != NULL) { + ZeroMem (Password, PasswordLen); + FreePool (Password); + } + + if (Ret == TcgResultSuccess) { + break; + } + + Count++; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Invalid password, request failed.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } + + if (Count >= MAX_PASSWORD_TRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Opal password retry count exceeds the limit.", + L"Press ENTER to skip the request and continue boot", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gST->ConOut->ClearScreen(gST->ConOut); + } + +Done: + if (PopUpString2 != NULL) { + FreePool (PopUpString2); + } +} + +/** + Process Set Admin Pwd OPAL request. + + @param[in] Dev The device which has Set Admin Pwd Feature OPAL request. + @param[in] RequestString Request string. + +**/ +VOID +ProcessOpalRequestSetUserPwd ( + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString + ) +{ + UINT8 Count; + CHAR8 *OldPassword; + UINT32 OldPasswordLen; + CHAR8 *Password; + UINT32 PasswordLen; + CHAR8 *PasswordConfirm; + UINT32 PasswordLenConfirm; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + CHAR16 *PopUpString; + + if (Dev == NULL) { + return; + } + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + PopUpString = OpalGetPopUpString (Dev, RequestString); + + Count = 0; + + while (Count < MAX_PASSWORD_TRY_COUNT) { + OldPassword = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your password", NULL, &PressEsc); + if (PressEsc) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + return; + } else { + // + // Let user input password again. + // + continue; + } + } + + if (OldPassword == NULL) { + Count ++; + continue; + } + OldPasswordLen = (UINT32) AsciiStrLen(OldPassword); + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + Ret = OpalUtilVerifyPassword (&Session, OldPassword, OldPasswordLen, OPAL_LOCKING_SP_USER1_AUTHORITY); + if (Ret == TcgResultSuccess) { + DEBUG ((DEBUG_INFO, "Verify with USER1 authority : Success\n")); + } else { + Ret = OpalUtilVerifyPassword (&Session, OldPassword, OldPasswordLen, OPAL_LOCKING_SP_ADMIN1_AUTHORITY); + if (Ret == TcgResultSuccess) { + DEBUG ((DEBUG_INFO, "Verify with ADMIN1 authority: Success\n")); + } else { + ZeroMem (OldPassword, OldPasswordLen); + FreePool (OldPassword); + DEBUG ((DEBUG_INFO, "Verify: Failure\n")); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Incorrect password.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + Count ++; + continue; + } + } + + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", NULL, &PressEsc); + if (Password == NULL) { + ZeroMem (OldPassword, OldPasswordLen); + FreePool (OldPassword); + Count ++; + continue; + } + PasswordLen = (UINT32) AsciiStrLen(Password); + + PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc); + if (PasswordConfirm == NULL) { + ZeroMem (OldPassword, OldPasswordLen); + FreePool (OldPassword); + ZeroMem (Password, PasswordLen); + FreePool (Password); + Count ++; + continue; + } + PasswordLenConfirm = (UINT32) AsciiStrLen(PasswordConfirm); + if ((PasswordLen != PasswordLenConfirm) || + (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) { + ZeroMem (OldPassword, OldPasswordLen); + FreePool (OldPassword); + ZeroMem (Password, PasswordLen); + FreePool (Password); + ZeroMem (PasswordConfirm, PasswordLenConfirm); + FreePool (PasswordConfirm); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Passwords are not the same.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + Count ++; + continue; + } + + if (PasswordConfirm != NULL) { + ZeroMem (PasswordConfirm, PasswordLenConfirm); + FreePool (PasswordConfirm); + } + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + Ret = OpalUtilSetUserPassword( + &Session, + OldPassword, + OldPasswordLen, + Password, + PasswordLen + ); + if (Ret == TcgResultSuccess) { + OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); + DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); + } else { + DEBUG ((DEBUG_INFO, "%s Failure\n", RequestString)); + } + + if (OldPassword != NULL) { + ZeroMem (OldPassword, OldPasswordLen); + FreePool (OldPassword); + } + + if (Password != NULL) { + ZeroMem (Password, PasswordLen); + FreePool (Password); + } + + if (Ret == TcgResultSuccess) { + break; + } + + Count++; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Request failed.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } + + if (Count >= MAX_PASSWORD_TRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Opal password retry count exceeds the limit.", + L"Press ENTER to skip the request and continue boot", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gST->ConOut->ClearScreen(gST->ConOut); + } +} + +/** + Process Set Admin Pwd OPAL request. + + @param[in] Dev The device which has Set Admin Pwd Feature OPAL request. + @param[in] RequestString Request string. + +**/ +VOID +ProcessOpalRequestSetAdminPwd ( + IN OPAL_DRIVER_DEVICE *Dev, + IN CHAR16 *RequestString + ) +{ + UINT8 Count; + CHAR8 *OldPassword; + UINT32 OldPasswordLen; + CHAR8 *Password; + UINT32 PasswordLen; + CHAR8 *PasswordConfirm; + UINT32 PasswordLenConfirm; + OPAL_SESSION Session; + BOOLEAN PressEsc; + EFI_INPUT_KEY Key; + TCG_RESULT Ret; + CHAR16 *PopUpString; + + if (Dev == NULL) { + return; + } + + DEBUG ((DEBUG_INFO, "%a()\n", __FUNCTION__)); + + PopUpString = OpalGetPopUpString (Dev, RequestString); + + Count = 0; + + while (Count < MAX_PASSWORD_TRY_COUNT) { + OldPassword = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your password", NULL, &PressEsc); + if (PressEsc) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press ENTER to skip the request and continue boot,", + L"Press ESC to input password again", + NULL + ); + } while ((Key.ScanCode != SCAN_ESC) && (Key.UnicodeChar != CHAR_CARRIAGE_RETURN)); + + if (Key.UnicodeChar == CHAR_CARRIAGE_RETURN) { + gST->ConOut->ClearScreen(gST->ConOut); + return; + } else { + // + // Let user input password again. + // + continue; + } + } + + if (OldPassword == NULL) { + Count ++; + continue; + } + OldPasswordLen = (UINT32) AsciiStrLen(OldPassword); + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + Ret = OpalUtilVerifyPassword (&Session, OldPassword, OldPasswordLen, OPAL_LOCKING_SP_ADMIN1_AUTHORITY); + if (Ret == TcgResultSuccess) { + DEBUG ((DEBUG_INFO, "Verify: Success\n")); + } else { + ZeroMem (OldPassword, OldPasswordLen); + FreePool (OldPassword); + DEBUG ((DEBUG_INFO, "Verify: Failure\n")); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Incorrect password.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + Count ++; + continue; + } + + Password = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please type in your new password", NULL, &PressEsc); + if (Password == NULL) { + ZeroMem (OldPassword, OldPasswordLen); + FreePool (OldPassword); + Count ++; + continue; + } + PasswordLen = (UINT32) AsciiStrLen(Password); + + PasswordConfirm = OpalDriverPopUpPasswordInput (Dev, PopUpString, L"Please confirm your new password", NULL, &PressEsc); + if (PasswordConfirm == NULL) { + ZeroMem (OldPassword, OldPasswordLen); + FreePool (OldPassword); + ZeroMem (Password, PasswordLen); + FreePool (Password); + Count ++; + continue; + } + PasswordLenConfirm = (UINT32) AsciiStrLen(PasswordConfirm); + if ((PasswordLen != PasswordLenConfirm) || + (CompareMem (Password, PasswordConfirm, PasswordLen) != 0)) { + ZeroMem (OldPassword, OldPasswordLen); + FreePool (OldPassword); + ZeroMem (Password, PasswordLen); + FreePool (Password); + ZeroMem (PasswordConfirm, PasswordLenConfirm); + FreePool (PasswordConfirm); + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Passwords are not the same.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + Count ++; + continue; + } + + if (PasswordConfirm != NULL) { + ZeroMem (PasswordConfirm, PasswordLenConfirm); + FreePool (PasswordConfirm); + } + + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->OpalDisk.Sscp; + Session.MediaId = Dev->OpalDisk.MediaId; + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + Ret = OpalUtilSetAdminPassword( + &Session, + OldPassword, + OldPasswordLen, + Password, + PasswordLen + ); + if (Ret == TcgResultSuccess) { + OpalSupportUpdatePassword (&Dev->OpalDisk, Password, PasswordLen); + DEBUG ((DEBUG_INFO, "%s Success\n", RequestString)); + } else { + DEBUG ((DEBUG_INFO, "%s Failure\n", RequestString)); + } + + if (OldPassword != NULL) { + ZeroMem (OldPassword, OldPasswordLen); + FreePool (OldPassword); + } + + if (Password != NULL) { + ZeroMem (Password, PasswordLen); + FreePool (Password); + } + + if (Ret == TcgResultSuccess) { + break; + } + + Count++; + + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Request failed.", + L"Press ENTER to retry", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + } + + if (Count >= MAX_PASSWORD_TRY_COUNT) { + do { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Opal password retry count exceeds the limit.", + L"Press ENTER to skip the request and continue boot", + NULL + ); + } while (Key.UnicodeChar != CHAR_CARRIAGE_RETURN); + gST->ConOut->ClearScreen(gST->ConOut); + } +} + +/** + Process OPAL request. + + @param[in] Dev The device which has OPAL request. + +**/ +VOID +ProcessOpalRequest ( + IN OPAL_DRIVER_DEVICE *Dev + ) +{ + EFI_STATUS Status; + OPAL_REQUEST_VARIABLE *TempVariable; + OPAL_REQUEST_VARIABLE *Variable; + UINTN VariableSize; + EFI_DEVICE_PATH_PROTOCOL *DevicePathInVariable; + UINTN DevicePathSizeInVariable; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + UINTN DevicePathSize; + BOOLEAN KeepUserData; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + if (mOpalRequestVariable == NULL) { + Status = GetVariable2 ( + OPAL_REQUEST_VARIABLE_NAME, + &gHiiSetupVariableGuid, + (VOID **) &Variable, + &VariableSize + ); + if (EFI_ERROR (Status) || (Variable == NULL)) { + return; + } + mOpalRequestVariable = Variable; + mOpalRequestVariableSize = VariableSize; + + // + // Delete the OPAL request variable. + // + Status = gRT->SetVariable ( + OPAL_REQUEST_VARIABLE_NAME, + (EFI_GUID *) &gHiiSetupVariableGuid, + 0, + 0, + NULL + ); + ASSERT_EFI_ERROR (Status); + } else { + Variable = mOpalRequestVariable; + VariableSize = mOpalRequestVariableSize; + } + + // + // Process the OPAL requests. + // + TempVariable = Variable; + while ((VariableSize > sizeof (OPAL_REQUEST_VARIABLE)) && + (VariableSize >= TempVariable->Length) && + (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) { + DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *) ((UINTN) TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); + DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable); + DevicePath = Dev->OpalDisk.OpalDevicePath; + DevicePathSize = GetDevicePathSize (DevicePath); + if ((DevicePathSize == DevicePathSizeInVariable) && + (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) { + // + // Found the node for the OPAL device. + // + if (TempVariable->OpalRequest.SetAdminPwd != 0) { + ProcessOpalRequestSetAdminPwd (Dev, L"Update Admin Pwd:"); + } + if (TempVariable->OpalRequest.SetUserPwd != 0) { + ProcessOpalRequestSetUserPwd (Dev, L"Set User Pwd:"); + } + if (TempVariable->OpalRequest.SecureErase!= 0) { + ProcessOpalRequestSecureErase (Dev, L"Secure Erase:"); + } + if (TempVariable->OpalRequest.Revert != 0) { + KeepUserData = (BOOLEAN) TempVariable->OpalRequest.KeepUserData; + ProcessOpalRequestRevert ( + Dev, + KeepUserData, + KeepUserData ? L"Admin Revert(keep):" : L"Admin Revert:" + ); + } + if (TempVariable->OpalRequest.PsidRevert != 0) { + ProcessOpalRequestPsidRevert (Dev, L"Psid Revert:"); + } + if (TempVariable->OpalRequest.DisableUser != 0) { + ProcessOpalRequestDisableUser (Dev, L"Disable User:"); + } + if (TempVariable->OpalRequest.EnableFeature != 0) { + ProcessOpalRequestEnableFeature (Dev, L"Enable Feature:"); + } + + // + // Update Device ownership. + // Later BlockSID command may block the update. + // + OpalDiskUpdateOwnerShip (&Dev->OpalDisk); + + break; + } + + VariableSize -= TempVariable->Length; + TempVariable = (OPAL_REQUEST_VARIABLE *) ((UINTN) TempVariable + TempVariable->Length); + } + + DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); +} + +/** + Add new device to the global device list. + + @param Dev New create device. + +**/ +VOID +AddDeviceToTail( + IN OPAL_DRIVER_DEVICE *Dev + ) +{ + OPAL_DRIVER_DEVICE *TmpDev; + + if (mOpalDriver.DeviceList == NULL) { + mOpalDriver.DeviceList = Dev; + } else { + TmpDev = mOpalDriver.DeviceList; + while (TmpDev->Next != NULL) { + TmpDev = TmpDev->Next; + } + + TmpDev->Next = Dev; + } +} + +/** + Remove one device in the global device list. + + @param Dev The device need to be removed. + +**/ +VOID +RemoveDevice ( + IN OPAL_DRIVER_DEVICE *Dev + ) +{ + OPAL_DRIVER_DEVICE *TmpDev; + + if (mOpalDriver.DeviceList == NULL) { + return; + } + + if (mOpalDriver.DeviceList == Dev) { + mOpalDriver.DeviceList = NULL; + return; + } + + TmpDev = mOpalDriver.DeviceList; + while (TmpDev->Next != NULL) { + if (TmpDev->Next == Dev) { + TmpDev->Next = Dev->Next; + break; + } + } +} + +/** + Get current device count. + + @retval return the current created device count. + +**/ +UINT8 +GetDeviceCount ( + VOID + ) +{ + UINT8 Count; + OPAL_DRIVER_DEVICE *TmpDev; + + Count = 0; + TmpDev = mOpalDriver.DeviceList; + + while (TmpDev != NULL) { + Count++; + TmpDev = TmpDev->Next; + } + + return Count; +} + +/** + Get devcie list info. + + @retval return the device list pointer. +**/ +OPAL_DRIVER_DEVICE* +OpalDriverGetDeviceList( + VOID + ) +{ + return mOpalDriver.DeviceList; +} + +/** + Stop this Controller. + + @param Dev The device need to be stopped. + +**/ +VOID +OpalDriverStopDevice ( + OPAL_DRIVER_DEVICE *Dev + ) +{ + // + // free each name + // + FreePool(Dev->Name16); + + // + // remove OPAL_DRIVER_DEVICE from the list + // it updates the controllerList pointer + // + RemoveDevice(Dev); + + // + // close protocols that were opened + // + gBS->CloseProtocol( + Dev->Handle, + &gEfiStorageSecurityCommandProtocolGuid, + gOpalDriverBinding.DriverBindingHandle, + Dev->Handle + ); + + gBS->CloseProtocol( + Dev->Handle, + &gEfiBlockIoProtocolGuid, + gOpalDriverBinding.DriverBindingHandle, + Dev->Handle + ); + + FreePool(Dev); +} + +/** + Get devcie name through the component name protocol. + + @param[in] AllHandlesBuffer The handle buffer for current system. + @param[in] NumAllHandles The number of handles for the handle buffer. + @param[in] Dev The device which need to get name. + @param[in] UseComp1 Whether use component name or name2 protocol. + + @retval TRUE Find the name for this device. + @retval FALSE Not found the name for this device. +**/ +BOOLEAN +OpalDriverGetDeviceNameByProtocol( + EFI_HANDLE *AllHandlesBuffer, + UINTN NumAllHandles, + OPAL_DRIVER_DEVICE *Dev, + BOOLEAN UseComp1 + ) +{ + EFI_HANDLE* ProtocolHandlesBuffer; + UINTN NumProtocolHandles; + EFI_STATUS Status; + EFI_COMPONENT_NAME2_PROTOCOL* Cnp1_2; // efi component name and componentName2 have same layout + EFI_GUID Protocol; + UINTN StrLength; + EFI_DEVICE_PATH_PROTOCOL* TmpDevPath; + UINTN Index1; + UINTN Index2; + EFI_HANDLE TmpHandle; + CHAR16 *DevName; + + if (Dev == NULL || AllHandlesBuffer == NULL || NumAllHandles == 0) { + return FALSE; + } + + Protocol = UseComp1 ? gEfiComponentNameProtocolGuid : gEfiComponentName2ProtocolGuid; + + // + // Find all EFI_HANDLES with protocol + // + Status = gBS->LocateHandleBuffer( + ByProtocol, + &Protocol, + NULL, + &NumProtocolHandles, + &ProtocolHandlesBuffer + ); + if (EFI_ERROR(Status)) { + return FALSE; + } + + + // + // Exit early if no supported devices + // + if (NumProtocolHandles == 0) { + return FALSE; + } + + // + // Get printable name by iterating through all protocols + // using the handle as the child, and iterate through all handles for the controller + // exit loop early once found, if not found, then delete device + // storage security protocol instances already exist, add them to internal list + // + Status = EFI_DEVICE_ERROR; + for (Index1 = 0; Index1 < NumProtocolHandles; Index1++) { + DevName = NULL; + + if (Dev->Name16 != NULL) { + return TRUE; + } + + TmpHandle = ProtocolHandlesBuffer[Index1]; + + Status = gBS->OpenProtocol( + TmpHandle, + &Protocol, + (VOID**)&Cnp1_2, + gImageHandle, + NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL + ); + if (EFI_ERROR(Status) || Cnp1_2 == NULL) { + continue; + } + + // + // Use all handles array as controller handle + // + for (Index2 = 0; Index2 < NumAllHandles; Index2++) { + Status = Cnp1_2->GetControllerName( + Cnp1_2, + AllHandlesBuffer[Index2], + Dev->Handle, + LANGUAGE_ISO_639_2_ENGLISH, + &DevName + ); + if (EFI_ERROR(Status)) { + Status = Cnp1_2->GetControllerName( + Cnp1_2, + AllHandlesBuffer[Index2], + Dev->Handle, + LANGUAGE_RFC_3066_ENGLISH, + &DevName + ); + } + if (!EFI_ERROR(Status) && DevName != NULL) { + StrLength = StrLen(DevName) + 1; // Add one for NULL terminator + Dev->Name16 = AllocateZeroPool(StrLength * sizeof (CHAR16)); + ASSERT (Dev->Name16 != NULL); + StrCpyS (Dev->Name16, StrLength, DevName); + Dev->NameZ = (CHAR8*)AllocateZeroPool(StrLength); + UnicodeStrToAsciiStrS (DevName, Dev->NameZ, StrLength); + + // + // Retrieve bridge BDF info and port number or namespace depending on type + // + TmpDevPath = NULL; + Status = gBS->OpenProtocol( + Dev->Handle, + &gEfiDevicePathProtocolGuid, + (VOID**)&TmpDevPath, + gImageHandle, + NULL, + EFI_OPEN_PROTOCOL_GET_PROTOCOL + ); + if (!EFI_ERROR(Status)) { + Dev->OpalDevicePath = DuplicateDevicePath (TmpDevPath); + return TRUE; + } + + if (Dev->Name16 != NULL) { + FreePool(Dev->Name16); + Dev->Name16 = NULL; + } + if (Dev->NameZ != NULL) { + FreePool(Dev->NameZ); + Dev->NameZ = NULL; + } + } + } + } + + return FALSE; +} + +/** + Get devcie name through the component name protocol. + + @param[in] Dev The device which need to get name. + + @retval TRUE Find the name for this device. + @retval FALSE Not found the name for this device. +**/ +BOOLEAN +OpalDriverGetDriverDeviceName( + OPAL_DRIVER_DEVICE *Dev + ) +{ + EFI_HANDLE* AllHandlesBuffer; + UINTN NumAllHandles; + EFI_STATUS Status; + + if (Dev == NULL) { + DEBUG((DEBUG_ERROR | DEBUG_INIT, "OpalDriverGetDriverDeviceName Exiting, Dev=NULL\n")); + return FALSE; + } + + // + // Iterate through ComponentName2 handles to get name, if fails, try ComponentName + // + if (Dev->Name16 == NULL) { + DEBUG((DEBUG_ERROR | DEBUG_INIT, "Name is null, update it\n")); + // + // Find all EFI_HANDLES + // + Status = gBS->LocateHandleBuffer( + AllHandles, + NULL, + NULL, + &NumAllHandles, + &AllHandlesBuffer + ); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_INFO, "LocateHandleBuffer for AllHandles failed %r\n", Status )); + return FALSE; + } + + // + // Try component Name2 + // + if (!OpalDriverGetDeviceNameByProtocol(AllHandlesBuffer, NumAllHandles, Dev, FALSE)) { + DEBUG((DEBUG_ERROR | DEBUG_INIT, "ComponentName2 failed to get device name, try ComponentName\n")); + if (!OpalDriverGetDeviceNameByProtocol(AllHandlesBuffer, NumAllHandles, Dev, TRUE)) { + DEBUG((DEBUG_ERROR | DEBUG_INIT, "ComponentName failed to get device name, skip device\n")); + return FALSE; + } + } + } + + return TRUE; +} + +/** + Main entry for this driver. + + @param ImageHandle Image Handle this driver. + @param SystemTable Pointer to SystemTable. + + @retval EFI_SUCCESS This function always complete successfully. +**/ +EFI_STATUS +EFIAPI +EfiDriverEntryPoint( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE* SystemTable + ) +{ + EFI_STATUS Status; + EFI_EVENT EndOfDxeEvent; + + Status = EfiLibInstallDriverBindingComponentName2 ( + ImageHandle, + SystemTable, + &gOpalDriverBinding, + ImageHandle, + &gOpalComponentName, + &gOpalComponentName2 + ); + + if (EFI_ERROR(Status)) { + DEBUG((DEBUG_ERROR, "Install protocols to Opal driver Handle failed\n")); + return Status ; + } + + // + // Initialize Driver object + // + ZeroMem(&mOpalDriver, sizeof(mOpalDriver)); + mOpalDriver.Handle = ImageHandle; + + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_CALLBACK, + OpalEndOfDxeEventNotify, + NULL, + &gEfiEndOfDxeEventGroupGuid, + &EndOfDxeEvent + ); + ASSERT_EFI_ERROR (Status); + + // + // Install Hii packages. + // + HiiInstall(); + + return Status; +} + +/** + Tests to see if this driver supports a given controller. + + This function checks to see if the controller contains an instance of the + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL and the EFI_BLOCK_IO_PROTOCOL + and returns EFI_SUCCESS if it does. + + @param[in] This A pointer to the EFI_DRIVER_BINDING_PROTOCOL instance. + @param[in] ControllerHandle The Handle of the controller to test. This Handle + must support a protocol interface that supplies + an I/O abstraction to the driver. + @param[in] RemainingDevicePath This parameter is ignored. + + @retval EFI_SUCCESS The device contains required protocols + @retval EFI_ALREADY_STARTED The device specified by ControllerHandle and + RemainingDevicePath is already being managed by the driver + specified by This. + @retval EFI_ACCESS_DENIED The device specified by ControllerHandle and + RemainingDevicePath is already being managed by a different + driver or an application that requires exclusive access. + Currently not implemented. + @retval EFI_UNSUPPORTED The device does not contain requires protocols + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverBindingSupported( + IN EFI_DRIVER_BINDING_PROTOCOL* This, + IN EFI_HANDLE Controller, + IN EFI_DEVICE_PATH_PROTOCOL* RemainingDevicePath + ) +{ + EFI_STATUS Status; + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL* SecurityCommand; + + if (mOpalEndOfDxe) { + return EFI_UNSUPPORTED; + } + + // + // Test EFI_STORAGE_SECURITY_COMMAND_PROTOCOL on controller Handle. + // + Status = gBS->OpenProtocol( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + ( VOID ** )&SecurityCommand, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); + + if (Status == EFI_ALREADY_STARTED) { + return EFI_SUCCESS; + } + + if (EFI_ERROR(Status)) { + return Status; + } + + // + // Close protocol and reopen in Start call + // + gBS->CloseProtocol( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + This->DriverBindingHandle, + Controller + ); + + + return EFI_SUCCESS; +} + +/** + Enables Opal Management on a supported device if available. + + The start function is designed to be called after the Opal UEFI Driver has confirmed the + "controller", which is a child Handle, contains the EF_STORAGE_SECURITY_COMMAND protocols. + This function will complete the other necessary checks, such as verifying the device supports + the correct version of Opal. Upon verification, it will add the device to the + Opal HII list in order to expose Opal management options. + + @param[in] This A pointer to the EFI_DRIVER_BINDING_PROTOCOL instance. + @param[in] ControllerHandle The Handle of the controller to start. This Handle + must support a protocol interface that supplies + an I/O abstraction to the driver. + @param[in] RemainingDevicePath A pointer to the remaining portion of a device path. This + parameter is ignored by device drivers, and is optional for bus + drivers. For a bus driver, if this parameter is NULL, then handles + for all the children of Controller are created by this driver. + If this parameter is not NULL and the first Device Path Node is + not the End of Device Path Node, then only the Handle for the + child device specified by the first Device Path Node of + RemainingDevicePath is created by this driver. + If the first Device Path Node of RemainingDevicePath is + the End of Device Path Node, no child Handle is created by this + driver. + + @retval EFI_SUCCESS Opal management was enabled. + @retval EFI_DEVICE_ERROR The device could not be started due to a device error.Currently not implemented. + @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of resources. + @retval Others The driver failed to start the device. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverBindingStart( + IN EFI_DRIVER_BINDING_PROTOCOL* This, + IN EFI_HANDLE Controller, + IN EFI_DEVICE_PATH_PROTOCOL* RemainingDevicePath + ) +{ + EFI_STATUS Status; + EFI_BLOCK_IO_PROTOCOL *BlkIo; + OPAL_DRIVER_DEVICE *Dev; + OPAL_DRIVER_DEVICE *Itr; + BOOLEAN Result; + + Itr = mOpalDriver.DeviceList; + while (Itr != NULL) { + if (Controller == Itr->Handle) { + return EFI_SUCCESS; + } + Itr = Itr->Next; + } + + // + // Create internal device for tracking. This allows all disks to be tracked + // by same HII form + // + Dev = (OPAL_DRIVER_DEVICE*)AllocateZeroPool(sizeof(OPAL_DRIVER_DEVICE)); + if (Dev == NULL) { + return EFI_OUT_OF_RESOURCES; + } + Dev->Handle = Controller; + + // + // Open EFI_STORAGE_SECURITY_COMMAND_PROTOCOL to perform Opal supported checks + // + Status = gBS->OpenProtocol( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + (VOID **)&Dev->Sscp, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); + if (EFI_ERROR(Status)) { + FreePool(Dev); + return Status; + } + + // + // Open EFI_BLOCK_IO_PROTOCOL on controller Handle, required by EFI_STORAGE_SECURITY_COMMAND_PROTOCOL + // function APIs + // + Status = gBS->OpenProtocol( + Controller, + &gEfiBlockIoProtocolGuid, + (VOID **)&BlkIo, + This->DriverBindingHandle, + Controller, + EFI_OPEN_PROTOCOL_BY_DRIVER + ); + if (EFI_ERROR(Status)) { + // + // Block_IO not supported on handle + // + if(Status == EFI_UNSUPPORTED) { + BlkIo = NULL; + } else { + // + // Close storage security that was opened + // + gBS->CloseProtocol( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + This->DriverBindingHandle, + Controller + ); + + FreePool(Dev); + return Status; + } + } + + // + // Save mediaId + // + if(BlkIo == NULL) { + // If no Block IO present, use defined MediaId value. + Dev->MediaId = 0x0; + } else { + Dev->MediaId = BlkIo->Media->MediaId; + + gBS->CloseProtocol( + Controller, + &gEfiBlockIoProtocolGuid, + This->DriverBindingHandle, + Controller + ); + } + + // + // Acquire Ascii printable name of child, if not found, then ignore device + // + Result = OpalDriverGetDriverDeviceName (Dev); + if (!Result) { + goto Done; + } + + Status = OpalDiskInitialize (Dev); + if (EFI_ERROR (Status)) { + goto Done; + } + + AddDeviceToTail(Dev); + + // + // Check if device is locked and prompt for password. + // + OpalDriverRequestPassword (Dev, L"Unlock:"); + + // + // Process OPAL request from last boot. + // + ProcessOpalRequest (Dev); + + return EFI_SUCCESS; + +Done: + // + // free device, close protocols and exit + // + gBS->CloseProtocol( + Controller, + &gEfiStorageSecurityCommandProtocolGuid, + This->DriverBindingHandle, + Controller + ); + + FreePool(Dev); + + return EFI_DEVICE_ERROR; +} + +/** + Stop this driver on Controller. + + @param This Protocol instance pointer. + @param Controller Handle of device to stop driver on + @param NumberOfChildren Number of Handles in ChildHandleBuffer. If number of + children is zero stop the entire bus driver. + @param ChildHandleBuffer List of Child Handles to Stop. + + @retval EFI_SUCCESS This driver is removed Controller. + @retval other This driver could not be removed from this device. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverBindingStop( + EFI_DRIVER_BINDING_PROTOCOL* This, + EFI_HANDLE Controller, + UINTN NumberOfChildren, + EFI_HANDLE* ChildHandleBuffer + ) +{ + OPAL_DRIVER_DEVICE* Itr; + + Itr = mOpalDriver.DeviceList; + + // + // does Controller match any of the devices we are managing for Opal + // + while (Itr != NULL) { + if (Itr->Handle == Controller) { + OpalDriverStopDevice (Itr); + return EFI_SUCCESS; + } + + Itr = Itr->Next; + } + + return EFI_NOT_FOUND; +} + + +/** + Unloads UEFI Driver. Very useful for debugging and testing. + + @param ImageHandle Image Handle this driver. + + @retval EFI_SUCCESS This function always complete successfully. + @retval EFI_INVALID_PARAMETER The input ImageHandle is not valid. +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverUnload ( + IN EFI_HANDLE ImageHandle + ) +{ + EFI_STATUS Status; + OPAL_DRIVER_DEVICE *Itr; + + Status = EFI_SUCCESS; + + if (ImageHandle != gImageHandle) { + return (EFI_INVALID_PARAMETER); + } + + // + // Uninstall any interface added to each device by us + // + while (mOpalDriver.DeviceList) { + Itr = mOpalDriver.DeviceList; + // + // Remove OPAL_DRIVER_DEVICE from the list + // it updates the controllerList pointer + // + OpalDriverStopDevice(Itr); + } + + // + // Uninstall the HII capability + // + Status = HiiUninstall(); + + return Status; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h new file mode 100644 index 00000000..a44d720d --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalDriver.h @@ -0,0 +1,616 @@ +/** @file + Values defined and used by the Opal UEFI Driver. + +Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _OPAL_DRIVER_H_ +#define _OPAL_DRIVER_H_ + +#include <PiDxe.h> + +#include <IndustryStandard/Pci.h> + +#include <Protocol/PciIo.h> +#include <Protocol/SmmCommunication.h> +#include <Protocol/BlockIo.h> +#include <Protocol/LoadedImage.h> +#include <Protocol/DevicePath.h> +#include <Protocol/DevicePathToText.h> +#include <Protocol/StorageSecurityCommand.h> + +#include <Guid/EventGroup.h> +#include <Guid/S3StorageDeviceInitList.h> + +#include <Library/UefiLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/DxeServicesTableLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/BaseLib.h> +#include <Library/PrintLib.h> +#include <Library/DebugLib.h> +#include <Library/DevicePathLib.h> +#include <Library/HiiLib.h> +#include <Library/UefiHiiServicesLib.h> +#include <Library/PciLib.h> +#include <Library/LockBoxLib.h> +#include <Library/TcgStorageOpalLib.h> +#include <Library/Tcg2PhysicalPresenceLib.h> + +#include "OpalPasswordCommon.h" +#include "OpalHiiFormValues.h" + +#define EFI_DRIVER_NAME_UNICODE L"1.0 UEFI Opal Driver" + +// UEFI 2.1 +#define LANGUAGE_RFC_3066_ENGLISH ((CHAR8*)"en") + +// UEFI/EFI < 2.1 +#define LANGUAGE_ISO_639_2_ENGLISH ((CHAR8*)"eng") + +#define CONCAT_(x, y) x ## y +#define CONCAT(x, y) CONCAT_(x, y) + +#define UNICODE_STR(x) CONCAT( L, x ) + +extern EFI_DRIVER_BINDING_PROTOCOL gOpalDriverBinding; +extern EFI_COMPONENT_NAME_PROTOCOL gOpalComponentName; +extern EFI_COMPONENT_NAME2_PROTOCOL gOpalComponentName2; + +#define OPAL_MSID_LENGTH 128 + +#define MAX_PASSWORD_TRY_COUNT 5 + +// PSID Length +#define PSID_CHARACTER_LENGTH 0x20 +#define MAX_PSID_TRY_COUNT 5 + +// +// The max timeout value assume the user can wait for the revert action. The unit of this macro is second. +// If the revert time value bigger than this one, driver needs to popup a dialog to let user confirm the +// revert action. +// +#define MAX_ACCEPTABLE_REVERTING_TIME 10 + +#pragma pack(1) + +// +// Structure that is used to represent the available actions for an OpalDisk. +// The data can then be utilized to expose/hide certain actions available to an end user +// by the consumer of this library. +// +typedef struct { + // + // Indicates if the disk can support PSID Revert action. should verify disk supports PSID authority + // + UINT16 PsidRevert : 1; + + // + // Indicates if the disk can support Revert action + // + UINT16 Revert : 1; + + // + // Indicates if the user must keep data for revert action. It is true if no media encryption is supported. + // + UINT16 RevertKeepDataForced : 1; + + // + // Indicates if the disk can support set Admin password + // + UINT16 AdminPass : 1; + + // + // Indicates if the disk can support set User password. This action requires that a user + // password is first enabled. + // + UINT16 UserPass : 1; + + // + // Indicates if unlock action is available. Requires disk to be currently locked. + // + UINT16 Unlock : 1; + + // + // Indicates if Secure Erase action is available. Action requires admin credentials and media encryption support. + // + UINT16 SecureErase : 1; + + // + // Indicates if Disable User action is available. Action requires admin credentials. + // + UINT16 DisableUser : 1; +} OPAL_DISK_ACTIONS; + +// +// Structure that is used to represent an OPAL_DISK. +// +typedef struct { + UINT32 MsidLength; // Byte length of MSID Pin for device + UINT8 Msid[OPAL_MSID_LENGTH]; // MSID Pin for device + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; + UINT32 MediaId; // MediaId is used by Ssc Protocol. + EFI_DEVICE_PATH_PROTOCOL *OpalDevicePath; + UINT16 OpalBaseComId; // Opal SSC 1 base com id. + OPAL_OWNER_SHIP Owner; + OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes; + TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature; // Locking Feature Descriptor retrieved from performing a Level 0 Discovery + UINT8 PasswordLength; + UINT8 Password[OPAL_MAX_PASSWORD_SIZE]; + + UINT32 EstimateTimeCost; + BOOLEAN SentBlockSID; // Check whether BlockSid command has been sent. +} OPAL_DISK; + +// +// Device with block IO protocol +// +typedef struct _OPAL_DRIVER_DEVICE OPAL_DRIVER_DEVICE; + +struct _OPAL_DRIVER_DEVICE { + OPAL_DRIVER_DEVICE *Next; ///< Linked list pointer + EFI_HANDLE Handle; ///< Device handle + OPAL_DISK OpalDisk; ///< User context + CHAR16 *Name16; ///< Allocated/freed by UEFI Filter Driver at device creation/removal + CHAR8 *NameZ; ///< Allocated/freed by UEFI Filter Driver at device creation/removal + UINT32 MediaId; ///< Required parameter for EFI_STORAGE_SECURITY_COMMAND_PROTOCOL, from BLOCK_IO_MEDIA + + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *Sscp; /// Device protocols consumed + EFI_DEVICE_PATH_PROTOCOL *OpalDevicePath; +}; + +// +// Opal Driver UEFI Driver Model +// +typedef struct { + EFI_HANDLE Handle; ///< Driver image handle + OPAL_DRIVER_DEVICE *DeviceList; ///< Linked list of controllers owned by this Driver +} OPAL_DRIVER; + +#pragma pack() + +// +// Retrieves a OPAL_DRIVER_DEVICE based on the pointer to its StorageSecurity protocol. +// +#define DRIVER_DEVICE_FROM_OPALDISK(OpalDiskPointer) (OPAL_DRIVER_DEVICE*)(BASE_CR(OpalDiskPointer, OPAL_DRIVER_DEVICE, OpalDisk)) + +/** + Get devcie list info. + + @retval return the device list pointer. +**/ +OPAL_DRIVER_DEVICE* +OpalDriverGetDeviceList( + VOID + ); + +/** + Get devcie name through the component name protocol. + + @param[in] Dev The device which need to get name. + + @retval TRUE Find the name for this device. + @retval FALSE Not found the name for this device. +**/ +BOOLEAN +OpalDriverGetDriverDeviceName( + OPAL_DRIVER_DEVICE *Dev + ); + +/** + Get current device count. + + @retval return the current created device count. + +**/ +UINT8 +GetDeviceCount ( + VOID + ); + +/** + Update password for the Opal disk. + + @param[in, out] OpalDisk The disk to update password. + @param[in] Password The input password. + @param[in] PasswordLength The input password length. + +**/ +VOID +OpalSupportUpdatePassword ( + IN OUT OPAL_DISK *OpalDisk, + IN VOID *Password, + IN UINT32 PasswordLength + ); + +/** + + The function performs determines the available actions for the OPAL_DISK provided. + + @param[in] SupportedAttributes The support attribute for the device. + @param[in] LockingFeature The locking status for the device. + @param[in] OwnerShip The ownership for the device. + @param[out] AvalDiskActions Pointer to fill-out with appropriate disk actions. + +**/ +TCG_RESULT +EFIAPI +OpalSupportGetAvailableActions( + IN OPAL_DISK_SUPPORT_ATTRIBUTE *SupportedAttributes, + IN TCG_LOCKING_FEATURE_DESCRIPTOR *LockingFeature, + IN UINT16 OwnerShip, + OUT OPAL_DISK_ACTIONS *AvalDiskActions + ); + +/** + Enable Opal Feature for the input device. + + @param[in] Session The opal session for the opal device. + @param[in] Msid Msid + @param[in] MsidLength Msid Length + @param[in] Password Admin password + @param[in] PassLength Length of password in bytes + +**/ +TCG_RESULT +EFIAPI +OpalSupportEnableOpalFeature ( + IN OPAL_SESSION *Session, + IN VOID *Msid, + IN UINT32 MsidLength, + IN VOID *Password, + IN UINT32 PassLength + ); + +/** + Unloads UEFI Driver. Very useful for debugging and testing. + + @param ImageHandle Image handle this driver. + + @retval EFI_SUCCESS This function always complete successfully. + @retval EFI_INVALID_PARAMETER The input ImageHandle is not valid. +**/ +EFI_STATUS +EFIAPI +EfiDriverUnload( + EFI_HANDLE ImageHandle + ); + + +/** + Test to see if this driver supports Controller. + + @param This Protocol instance pointer. + @param ControllerHandle Handle of device to test + @param RemainingDevicePath Optional parameter use to pick a specific child + device to start. + + @retval EFI_SUCCESS This driver supports this device. + @retval EFI_ALREADY_STARTED This driver is already running on this device. + @retval other This driver does not support this device. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverBindingSupported( + EFI_DRIVER_BINDING_PROTOCOL* This, + EFI_HANDLE Controller, + EFI_DEVICE_PATH_PROTOCOL* RemainingDevicePath + ); + +/** + Enables Opal Management on a supported device if available. + + The start function is designed to be called after the Opal UEFI Driver has confirmed the + "controller", which is a child handle, contains the EF_STORAGE_SECURITY_COMMAND protocols. + This function will complete the other necessary checks, such as verifying the device supports + the correct version of Opal. Upon verification, it will add the device to the + Opal HII list in order to expose Opal management options. + + @param[in] This A pointer to the EFI_DRIVER_BINDING_PROTOCOL instance. + @param[in] ControllerHandle The handle of the controller to start. This handle + must support a protocol interface that supplies + an I/O abstraction to the driver. + @param[in] RemainingDevicePath A pointer to the remaining portion of a device path. This + parameter is ignored by device drivers, and is optional for bus + drivers. For a bus driver, if this parameter is NULL, then handles + for all the children of Controller are created by this driver. + If this parameter is not NULL and the first Device Path Node is + not the End of Device Path Node, then only the handle for the + child device specified by the first Device Path Node of + RemainingDevicePath is created by this driver. + If the first Device Path Node of RemainingDevicePath is + the End of Device Path Node, no child handle is created by this + driver. + + @retval EFI_SUCCESS Opal management was enabled. + @retval EFI_DEVICE_ERROR The device could not be started due to a device error.Currently not implemented. + @retval EFI_OUT_OF_RESOURCES The request could not be completed due to a lack of resources. + @retval Others The driver failed to start the device. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverBindingStart( + EFI_DRIVER_BINDING_PROTOCOL* This, + EFI_HANDLE Controller, + EFI_DEVICE_PATH_PROTOCOL* RemainingDevicePath + ); + +/** + Stop this driver on Controller. + + @param This Protocol instance pointer. + @param Controller Handle of device to stop driver on + @param NumberOfChildren Number of Handles in ChildHandleBuffer. If number of + children is zero stop the entire bus driver. + @param ChildHandleBuffer List of Child Handles to Stop. + + @retval EFI_SUCCESS This driver is removed Controller. + @retval other This driver could not be removed from this device. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverBindingStop( + EFI_DRIVER_BINDING_PROTOCOL* This, + EFI_HANDLE Controller, + UINTN NumberOfChildren, + EFI_HANDLE* ChildHandleBuffer + ); + +/** + Retrieves a Unicode string that is the user readable name of the driver. + + This function retrieves the user readable name of a driver in the form of a + Unicode string. If the driver specified by This has a user readable name in + the language specified by Language, then a pointer to the driver name is + returned in DriverName, and EFI_SUCCESS is returned. If the driver specified + by This does not support the language specified by Language, + then EFI_UNSUPPORTED is returned. + + @param This[in] A pointer to the EFI_COMPONENT_NAME2_PROTOCOL or + EFI_COMPONENT_NAME_PROTOCOL instance. + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified + in RFC 4646 or ISO 639-2 language code format. + + @param DriverName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + driver specified by This in the language + specified by Language. + + @retval EFI_SUCCESS The Unicode string for the Driver specified by + This and the language specified by Language was + returned in DriverName. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER DriverName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverComponentNameGetDriverName( + EFI_COMPONENT_NAME_PROTOCOL* This, + CHAR8* Language, + CHAR16** DriverName + ); + +/** + Retrieves a Unicode string that is the user readable name of the controller + that is being managed by a driver. + + This function retrieves the user readable name of the controller specified by + ControllerHandle and ChildHandle in the form of a Unicode string. If the + driver specified by This has a user readable name in the language specified by + Language, then a pointer to the controller name is returned in ControllerName, + and EFI_SUCCESS is returned. If the driver specified by This is not currently + managing the controller specified by ControllerHandle and ChildHandle, + then EFI_UNSUPPORTED is returned. If the driver specified by This does not + support the language specified by Language, then EFI_UNSUPPORTED is returned. + + @param This[in] A pointer to the EFI_COMPONENT_NAME2_PROTOCOL or + EFI_COMPONENT_NAME_PROTOCOL instance. + + @param ControllerHandle[in] The handle of a controller that the driver + specified by This is managing. This handle + specifies the controller whose name is to be + returned. + + @param ChildHandle[in] The handle of the child controller to retrieve + the name of. This is an optional parameter that + may be NULL. It will be NULL for device + drivers. It will also be NULL for a bus drivers + that wish to retrieve the name of the bus + controller. It will not be NULL for a bus + driver that wishes to retrieve the name of a + child controller. + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified in + RFC 4646 or ISO 639-2 language code format. + + @param ControllerName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + controller specified by ControllerHandle and + ChildHandle in the language specified by + Language from the point of view of the driver + specified by This. + + @retval EFI_SUCCESS The Unicode string for the user readable name in + the language specified by Language for the + driver specified by This was returned in + DriverName. + + @retval EFI_INVALID_PARAMETER ControllerHandle is NULL. + + @retval EFI_INVALID_PARAMETER ChildHandle is not NULL and it is not a valid + EFI_HANDLE. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER ControllerName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This is not currently + managing the controller specified by + ControllerHandle and ChildHandle. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverComponentNameGetControllerName( + EFI_COMPONENT_NAME_PROTOCOL* This, + EFI_HANDLE ControllerHandle, + EFI_HANDLE ChildHandle, + CHAR8* Language, + CHAR16** ControllerName + ); + +/** + Retrieves a Unicode string that is the user readable name of the driver. + + This function retrieves the user readable name of a driver in the form of a + Unicode string. If the driver specified by This has a user readable name in + the language specified by Language, then a pointer to the driver name is + returned in DriverName, and EFI_SUCCESS is returned. If the driver specified + by This does not support the language specified by Language, + then EFI_UNSUPPORTED is returned. + + @param This[in] A pointer to the EFI_COMPONENT_NAME2_PROTOCOL or + EFI_COMPONENT_NAME_PROTOCOL instance. + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified + in RFC 4646 or ISO 639-2 language code format. + + @param DriverName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + driver specified by This in the language + specified by Language. + + @retval EFI_SUCCESS The Unicode string for the Driver specified by + This and the language specified by Language was + returned in DriverName. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER DriverName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverComponentName2GetDriverName( + EFI_COMPONENT_NAME2_PROTOCOL* This, + CHAR8* Language, + CHAR16** DriverName + ); + +/** + Retrieves a Unicode string that is the user readable name of the controller + that is being managed by a driver. + + This function retrieves the user readable name of the controller specified by + ControllerHandle and ChildHandle in the form of a Unicode string. If the + driver specified by This has a user readable name in the language specified by + Language, then a pointer to the controller name is returned in ControllerName, + and EFI_SUCCESS is returned. If the driver specified by This is not currently + managing the controller specified by ControllerHandle and ChildHandle, + then EFI_UNSUPPORTED is returned. If the driver specified by This does not + support the language specified by Language, then EFI_UNSUPPORTED is returned. + + @param This[in] A pointer to the EFI_COMPONENT_NAME2_PROTOCOL or + EFI_COMPONENT_NAME_PROTOCOL instance. + + @param ControllerHandle[in] The handle of a controller that the driver + specified by This is managing. This handle + specifies the controller whose name is to be + returned. + + @param ChildHandle[in] The handle of the child controller to retrieve + the name of. This is an optional parameter that + may be NULL. It will be NULL for device + drivers. It will also be NULL for a bus drivers + that wish to retrieve the name of the bus + controller. It will not be NULL for a bus + driver that wishes to retrieve the name of a + child controller. + + @param Language[in] A pointer to a Null-terminated ASCII string + array indicating the language. This is the + language of the driver name that the caller is + requesting, and it must match one of the + languages specified in SupportedLanguages. The + number of languages supported by a driver is up + to the driver writer. Language is specified in + RFC 4646 or ISO 639-2 language code format. + + @param ControllerName[out] A pointer to the Unicode string to return. + This Unicode string is the name of the + controller specified by ControllerHandle and + ChildHandle in the language specified by + Language from the point of view of the driver + specified by This. + + @retval EFI_SUCCESS The Unicode string for the user readable name in + the language specified by Language for the + driver specified by This was returned in + DriverName. + + @retval EFI_INVALID_PARAMETER ControllerHandle is NULL. + + @retval EFI_INVALID_PARAMETER ChildHandle is not NULL and it is not a valid + EFI_HANDLE. + + @retval EFI_INVALID_PARAMETER Language is NULL. + + @retval EFI_INVALID_PARAMETER ControllerName is NULL. + + @retval EFI_UNSUPPORTED The driver specified by This is not currently + managing the controller specified by + ControllerHandle and ChildHandle. + + @retval EFI_UNSUPPORTED The driver specified by This does not support + the language specified by Language. + +**/ +EFI_STATUS +EFIAPI +OpalEfiDriverComponentName2GetControllerName( + EFI_COMPONENT_NAME2_PROTOCOL* This, + EFI_HANDLE ControllerHandle, + EFI_HANDLE ChildHandle, + CHAR8* Language, + CHAR16** ControllerName + ); + +#endif //_OPAL_DRIVER_H_ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c new file mode 100644 index 00000000..50406a25 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.c @@ -0,0 +1,1283 @@ +/** @file + Implementation of the HII for the Opal UEFI Driver. + +Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "OpalHii.h" +// +// Character definitions +// +#define UPPER_LOWER_CASE_OFFSET 0x20 + +// +// This is the generated IFR binary Data for each formset defined in VFR. +// This Data array is ready to be used as input of HiiAddPackages() to +// create a packagelist (which contains Form packages, String packages, etc). +// +extern UINT8 OpalPasswordFormBin[]; + +// +// This is the generated String package Data for all .UNI files. +// This Data array is ready to be used as input of HiiAddPackages() to +// create a packagelist (which contains Form packages, String packages, etc). +// +extern UINT8 OpalPasswordDxeStrings[]; + +CHAR16 OpalPasswordStorageName[] = L"OpalHiiConfig"; + +EFI_HII_CONFIG_ACCESS_PROTOCOL gHiiConfigAccessProtocol; + +// +// Handle to the list of HII packages (forms and strings) for this driver +// +EFI_HII_HANDLE gHiiPackageListHandle = NULL; + +// +// Package List GUID containing all form and string packages +// +const EFI_GUID gHiiPackageListGuid = PACKAGE_LIST_GUID; +const EFI_GUID gHiiSetupVariableGuid = SETUP_VARIABLE_GUID; + +// +// Structure that contains state of the HII +// This structure is updated by Hii.cpp and its contents +// is rendered in the HII. +// +OPAL_HII_CONFIGURATION gHiiConfiguration; + +// +// The device path containing the VENDOR_DEVICE_PATH and EFI_DEVICE_PATH_PROTOCOL +// +HII_VENDOR_DEVICE_PATH gHiiVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8)(sizeof(VENDOR_DEVICE_PATH)), + (UINT8)((sizeof(VENDOR_DEVICE_PATH)) >> 8) + } + }, + OPAL_PASSWORD_CONFIG_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8)(END_DEVICE_PATH_LENGTH), + (UINT8)((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + +/** + Get saved OPAL request. + + @param[in] OpalDisk The disk needs to get the saved OPAL request. + @param[out] OpalRequest OPAL request got. + +**/ +VOID +GetSavedOpalRequest ( + IN OPAL_DISK *OpalDisk, + OUT OPAL_REQUEST *OpalRequest + ) +{ + EFI_STATUS Status; + OPAL_REQUEST_VARIABLE *TempVariable; + OPAL_REQUEST_VARIABLE *Variable; + UINTN VariableSize; + EFI_DEVICE_PATH_PROTOCOL *DevicePathInVariable; + UINTN DevicePathSizeInVariable; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + UINTN DevicePathSize; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + Variable = NULL; + VariableSize = 0; + + Status = GetVariable2 ( + OPAL_REQUEST_VARIABLE_NAME, + &gHiiSetupVariableGuid, + (VOID **) &Variable, + &VariableSize + ); + if (EFI_ERROR (Status) || (Variable == NULL)) { + return; + } + + TempVariable = Variable; + while ((VariableSize > sizeof (OPAL_REQUEST_VARIABLE)) && + (VariableSize >= TempVariable->Length) && + (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) { + DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *) ((UINTN) TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); + DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable); + DevicePath = OpalDisk->OpalDevicePath; + DevicePathSize = GetDevicePathSize (DevicePath); + if ((DevicePathSize == DevicePathSizeInVariable) && + (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) { + // + // Found the node for the OPAL device. + // Get the OPAL request. + // + CopyMem (OpalRequest, &TempVariable->OpalRequest, sizeof (OPAL_REQUEST)); + DEBUG (( + DEBUG_INFO, + "OpalRequest got: 0x%x\n", + *OpalRequest + )); + break; + } + VariableSize -= TempVariable->Length; + TempVariable = (OPAL_REQUEST_VARIABLE *) ((UINTN) TempVariable + TempVariable->Length); + } + + FreePool (Variable); + + DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); +} + +/** + Save OPAL request. + + @param[in] OpalDisk The disk has OPAL request to save. + @param[in] OpalRequest OPAL request to save. + +**/ +VOID +SaveOpalRequest ( + IN OPAL_DISK *OpalDisk, + IN OPAL_REQUEST OpalRequest + ) +{ + EFI_STATUS Status; + OPAL_REQUEST_VARIABLE *TempVariable; + UINTN TempVariableSize; + OPAL_REQUEST_VARIABLE *Variable; + UINTN VariableSize; + OPAL_REQUEST_VARIABLE *NewVariable; + UINTN NewVariableSize; + EFI_DEVICE_PATH_PROTOCOL *DevicePathInVariable; + UINTN DevicePathSizeInVariable; + EFI_DEVICE_PATH_PROTOCOL *DevicePath; + UINTN DevicePathSize; + + DEBUG ((DEBUG_INFO, "%a() - enter\n", __FUNCTION__)); + + DEBUG (( + DEBUG_INFO, + "OpalRequest to save: 0x%x\n", + OpalRequest + )); + + Variable = NULL; + VariableSize = 0; + NewVariable = NULL; + NewVariableSize = 0; + + Status = GetVariable2 ( + OPAL_REQUEST_VARIABLE_NAME, + &gHiiSetupVariableGuid, + (VOID **) &Variable, + &VariableSize + ); + if (!EFI_ERROR (Status) && (Variable != NULL)) { + TempVariable = Variable; + TempVariableSize = VariableSize; + while ((TempVariableSize > sizeof (OPAL_REQUEST_VARIABLE)) && + (TempVariableSize >= TempVariable->Length) && + (TempVariable->Length > sizeof (OPAL_REQUEST_VARIABLE))) { + DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *) ((UINTN) TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); + DevicePathSizeInVariable = GetDevicePathSize (DevicePathInVariable); + DevicePath = OpalDisk->OpalDevicePath; + DevicePathSize = GetDevicePathSize (DevicePath); + if ((DevicePathSize == DevicePathSizeInVariable) && + (CompareMem (DevicePath, DevicePathInVariable, DevicePathSize) == 0)) { + // + // Found the node for the OPAL device. + // Update the OPAL request. + // + CopyMem (&TempVariable->OpalRequest, &OpalRequest, sizeof (OPAL_REQUEST)); + NewVariable = Variable; + NewVariableSize = VariableSize; + break; + } + TempVariableSize -= TempVariable->Length; + TempVariable = (OPAL_REQUEST_VARIABLE *) ((UINTN) TempVariable + TempVariable->Length); + } + if (NewVariable == NULL) { + // + // The node for the OPAL device is not found. + // Create node for the OPAL device. + // + DevicePath = OpalDisk->OpalDevicePath; + DevicePathSize = GetDevicePathSize (DevicePath); + NewVariableSize = VariableSize + sizeof (OPAL_REQUEST_VARIABLE) + DevicePathSize; + NewVariable = AllocatePool (NewVariableSize); + ASSERT (NewVariable != NULL); + CopyMem (NewVariable, Variable, VariableSize); + TempVariable = (OPAL_REQUEST_VARIABLE *) ((UINTN) NewVariable + VariableSize); + TempVariable->Length = (UINT32) (sizeof (OPAL_REQUEST_VARIABLE) + DevicePathSize); + CopyMem (&TempVariable->OpalRequest, &OpalRequest, sizeof (OPAL_REQUEST)); + DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *) ((UINTN) TempVariable + sizeof (OPAL_REQUEST_VARIABLE)); + CopyMem (DevicePathInVariable, DevicePath, DevicePathSize); + } + } else { + DevicePath = OpalDisk->OpalDevicePath; + DevicePathSize = GetDevicePathSize (DevicePath); + NewVariableSize = sizeof (OPAL_REQUEST_VARIABLE) + DevicePathSize; + NewVariable = AllocatePool (NewVariableSize); + ASSERT (NewVariable != NULL); + NewVariable->Length = (UINT32) (sizeof (OPAL_REQUEST_VARIABLE) + DevicePathSize); + CopyMem (&NewVariable->OpalRequest, &OpalRequest, sizeof (OPAL_REQUEST)); + DevicePathInVariable = (EFI_DEVICE_PATH_PROTOCOL *) ((UINTN) NewVariable + sizeof (OPAL_REQUEST_VARIABLE)); + CopyMem (DevicePathInVariable, DevicePath, DevicePathSize); + } + Status = gRT->SetVariable ( + OPAL_REQUEST_VARIABLE_NAME, + (EFI_GUID *) &gHiiSetupVariableGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + NewVariableSize, + NewVariable + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "OpalRequest variable set failed (%r)\n", Status)); + } + if (NewVariable != Variable) { + FreePool (NewVariable); + } + if (Variable != NULL) { + FreePool (Variable); + } + + DEBUG ((DEBUG_INFO, "%a() - exit\n", __FUNCTION__)); +} + +/** + Sets the current system state of global config variables. + +**/ +VOID +HiiSetCurrentConfiguration( + VOID + ) +{ + UINT32 PpStorageFlag; + EFI_STRING NewString; + + gHiiConfiguration.NumDisks = GetDeviceCount(); + + // + // Update the BlockSID status string. + // + PpStorageFlag = Tcg2PhysicalPresenceLibGetManagementFlags (); + + if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) { + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_ENABLED), NULL); + if (NewString == NULL) { + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + return; + } + } else { + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISABLED), NULL); + if (NewString == NULL) { + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + return; + } + } + HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS1), NewString, NULL); + FreePool (NewString); + + if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_ENABLE_BLOCK_SID) != 0) { + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), NULL); + if (NewString == NULL) { + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + return; + } + } else { + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), NULL); + if (NewString == NULL) { + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + return; + } + } + HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS2), NewString, NULL); + FreePool (NewString); + + if ((PpStorageFlag & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_PP_REQUIRED_FOR_DISABLE_BLOCK_SID) != 0) { + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), NULL); + if (NewString == NULL) { + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + return; + } + } else { + NewString = HiiGetString (gHiiPackageListHandle, STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), NULL); + if (NewString == NULL) { + DEBUG ((DEBUG_INFO, "HiiSetCurrentConfiguration: HiiGetString( ) failed\n")); + return; + } + } + HiiSetString(gHiiPackageListHandle, STRING_TOKEN(STR_BLOCKSID_STATUS3), NewString, NULL); + FreePool (NewString); +} + +/** + Install the HII related resources. + + @retval EFI_SUCCESS Install all the resources success. + @retval other Error occur when install the resources. +**/ +EFI_STATUS +HiiInstall( + VOID + ) +{ + EFI_STATUS Status; + EFI_HANDLE DriverHandle; + + // + // Clear the global configuration. + // + ZeroMem(&gHiiConfiguration, sizeof(gHiiConfiguration)); + + // + // Obtain the driver handle that the BIOS assigned us + // + DriverHandle = HiiGetDriverImageHandleCB(); + + // + // Populate the config access protocol with the three functions we are publishing + // + gHiiConfigAccessProtocol.ExtractConfig = ExtractConfig; + gHiiConfigAccessProtocol.RouteConfig = RouteConfig; + gHiiConfigAccessProtocol.Callback = DriverCallback; + + // + // Associate the required protocols with our driver handle + // + Status = gBS->InstallMultipleProtocolInterfaces( + &DriverHandle, + &gEfiHiiConfigAccessProtocolGuid, + &gHiiConfigAccessProtocol, // HII callback + &gEfiDevicePathProtocolGuid, + &gHiiVendorDevicePath, // required for HII callback allow all disks to be shown in same hii + NULL + ); + + if (EFI_ERROR(Status)) { + return Status; + } + + return OpalHiiAddPackages(); +} + +/** + Install the HII form and string packages. + + @retval EFI_SUCCESS Install all the resources success. + @retval EFI_OUT_OF_RESOURCES Out of resource error. +**/ +EFI_STATUS +OpalHiiAddPackages( + VOID + ) +{ + EFI_HANDLE DriverHandle; + + DriverHandle = HiiGetDriverImageHandleCB(); + + // + // Publish the HII form and HII string packages + // + gHiiPackageListHandle = HiiAddPackages( + &gHiiPackageListGuid, + DriverHandle, + OpalPasswordDxeStrings, + OpalPasswordFormBin, + (VOID*)NULL + ); + + // + // Make sure the packages installed successfully + // + if (gHiiPackageListHandle == NULL) { + DEBUG ((DEBUG_INFO, "OpalHiiAddPackages failed\n")); + return EFI_OUT_OF_RESOURCES; + } + + return EFI_SUCCESS; +} + +/** + Uninstall the HII capability. + + @retval EFI_SUCCESS Uninstall all the resources success. + @retval others Other errors occur when unistall the hii resource. +**/ +EFI_STATUS +HiiUninstall( + VOID + ) +{ + EFI_STATUS Status; + + // + // Remove the packages we've provided to the BIOS + // + HiiRemovePackages(gHiiPackageListHandle); + + // + // Remove the protocols from our driver handle + // + Status = gBS->UninstallMultipleProtocolInterfaces( + HiiGetDriverImageHandleCB(), + &gEfiHiiConfigAccessProtocolGuid, + &gHiiConfigAccessProtocol, // HII callback + &gEfiDevicePathProtocolGuid, + &gHiiVendorDevicePath, // required for HII callback + NULL + ); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_INFO, "Cannot uninstall Hii Protocols: %r\n", Status)); + } + + return Status; +} + +/** + Updates the main menu form. + + @retval EFI_SUCCESS update the main form success. +**/ +EFI_STATUS +HiiPopulateMainMenuForm ( + VOID + ) +{ + UINT8 Index; + CHAR8 *DiskName; + EFI_STRING_ID DiskNameId; + OPAL_DISK *OpalDisk; + + HiiSetCurrentConfiguration(); + + gHiiConfiguration.SupportedDisks = 0; + + for (Index = 0; Index < gHiiConfiguration.NumDisks; Index++) { + OpalDisk = HiiGetOpalDiskCB (Index); + if ((OpalDisk != NULL) && OpalFeatureSupported (&OpalDisk->SupportedAttributes)) { + gHiiConfiguration.SupportedDisks |= (1 << Index); + DiskNameId = GetDiskNameStringId (Index); + DiskName = HiiDiskGetNameCB (Index); + if ((DiskName == NULL) || (DiskNameId == 0)) { + return EFI_UNSUPPORTED; + } + HiiSetFormString(DiskNameId, DiskName); + } + } + + OpalHiiSetBrowserData (); + return EFI_SUCCESS; +} + +/** + Get disk name string id. + + @param DiskIndex The input disk index info. + + @retval The disk name string id. + +**/ +EFI_STRING_ID +GetDiskNameStringId( + UINT8 DiskIndex + ) +{ + switch (DiskIndex) { + case 0: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_0); + case 1: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_1); + case 2: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_2); + case 3: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_3); + case 4: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_4); + case 5: return STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_5); + } + return 0; +} + +/** + Confirm whether user truly want to do the revert action. + + @param OpalDisk The device which need to perform data removal action. + @param ActionString Specifies the action name shown on pop up menu. + + @retval EFI_SUCCESS Confirmed user want to do the revert action. +**/ +EFI_STATUS +HiiConfirmDataRemovalAction ( + IN OPAL_DISK *OpalDisk, + IN CHAR16 *ActionString + + ) +{ + CHAR16 Unicode[512]; + EFI_INPUT_KEY Key; + CHAR16 ApproveResponse; + CHAR16 RejectResponse; + + // + // When the estimate cost time bigger than MAX_ACCEPTABLE_REVERTING_TIME, pop up dialog to let user confirm + // the revert action. + // + if (OpalDisk->EstimateTimeCost < MAX_ACCEPTABLE_REVERTING_TIME) { + return EFI_SUCCESS; + } + + ApproveResponse = L'Y'; + RejectResponse = L'N'; + + UnicodeSPrint(Unicode, StrSize(L"WARNING: ############# action needs about ####### seconds"), L"WARNING: %s action needs about %d seconds", ActionString, OpalDisk->EstimateTimeCost); + + do { + CreatePopUp( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + Unicode, + L" System should not be powered off until action completion ", + L" ", + L" Press 'Y/y' to continue, press 'N/n' to cancel ", + NULL + ); + } while ( + ((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) != (ApproveResponse | UPPER_LOWER_CASE_OFFSET)) && + ((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) != (RejectResponse | UPPER_LOWER_CASE_OFFSET)) + ); + + if ((Key.UnicodeChar | UPPER_LOWER_CASE_OFFSET) == (RejectResponse | UPPER_LOWER_CASE_OFFSET)) { + return EFI_ABORTED; + } + + return EFI_SUCCESS; +} + +/** + This function processes the results of changes in configuration. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Action Specifies the type of action taken by the browser. + @param QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param Type The type of value for the question. + @param Value A pointer to the data being sent to the original + exporting driver. + @param ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +DriverCallback( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + EFI_BROWSER_ACTION Action, + EFI_QUESTION_ID QuestionId, + UINT8 Type, + EFI_IFR_TYPE_VALUE *Value, + EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + HII_KEY HiiKey; + UINT8 HiiKeyId; + UINT32 PpRequest; + OPAL_DISK *OpalDisk; + + if (ActionRequest != NULL) { + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_NONE; + } else { + return EFI_INVALID_PARAMETER; + } + + // + // If QuestionId is an auto-generated key (label, empty line, etc.), ignore it. + // + if ((QuestionId & HII_KEY_FLAG) == 0) { + return EFI_SUCCESS; + } + + HiiKey.Raw = QuestionId; + HiiKeyId = (UINT8) HiiKey.KeyBits.Id; + + if (Action == EFI_BROWSER_ACTION_FORM_OPEN) { + switch (HiiKeyId) { + case HII_KEY_ID_VAR_SUPPORTED_DISKS: + DEBUG ((DEBUG_INFO, "HII_KEY_ID_VAR_SUPPORTED_DISKS\n")); + return HiiPopulateMainMenuForm (); + + case HII_KEY_ID_VAR_SELECTED_DISK_AVAILABLE_ACTIONS: + DEBUG ((DEBUG_INFO, "HII_KEY_ID_VAR_SELECTED_DISK_AVAILABLE_ACTIONS\n")); + return HiiPopulateDiskInfoForm(); + } + } else if (Action == EFI_BROWSER_ACTION_CHANGING) { + switch (HiiKeyId) { + case HII_KEY_ID_GOTO_DISK_INFO: + return HiiSelectDisk((UINT8)HiiKey.KeyBits.Index); + + case HII_KEY_ID_REVERT: + case HII_KEY_ID_PSID_REVERT: + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + return HiiConfirmDataRemovalAction (OpalDisk, L"Revert"); + } else { + ASSERT (FALSE); + return EFI_SUCCESS; + } + + case HII_KEY_ID_SECURE_ERASE: + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + return HiiConfirmDataRemovalAction (OpalDisk, L"Secure erase"); + } else { + ASSERT (FALSE); + return EFI_SUCCESS; + } + + } + } else if (Action == EFI_BROWSER_ACTION_CHANGED) { + switch (HiiKeyId) { + case HII_KEY_ID_BLOCKSID: + switch (Value->u8) { + case 0: + PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; + break; + + case 1: + PpRequest = TCG2_PHYSICAL_PRESENCE_ENABLE_BLOCK_SID; + break; + + case 2: + PpRequest = TCG2_PHYSICAL_PRESENCE_DISABLE_BLOCK_SID; + break; + + case 3: + PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_TRUE; + break; + + case 4: + PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_ENABLE_BLOCK_SID_FUNC_FALSE; + break; + + case 5: + PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_TRUE; + break; + + case 6: + PpRequest = TCG2_PHYSICAL_PRESENCE_SET_PP_REQUIRED_FOR_DISABLE_BLOCK_SID_FUNC_FALSE; + break; + + default: + PpRequest = TCG2_PHYSICAL_PRESENCE_NO_ACTION; + DEBUG ((DEBUG_ERROR, "Invalid value input!\n")); + break; + } + HiiSetBlockSidAction(PpRequest); + + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + return EFI_SUCCESS; + + case HII_KEY_ID_SET_ADMIN_PWD: + DEBUG ((DEBUG_INFO, "HII_KEY_ID_SET_ADMIN_PWD\n")); + gHiiConfiguration.OpalRequest.SetAdminPwd = Value->b; + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); + } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + return EFI_SUCCESS; + + case HII_KEY_ID_SET_USER_PWD: + DEBUG ((DEBUG_INFO, "HII_KEY_ID_SET_USER_PWD\n")); + gHiiConfiguration.OpalRequest.SetUserPwd = Value->b; + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); + } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + return EFI_SUCCESS; + + case HII_KEY_ID_SECURE_ERASE: + DEBUG ((DEBUG_INFO, "HII_KEY_ID_SECURE_ERASE\n")); + gHiiConfiguration.OpalRequest.SecureErase = Value->b; + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); + } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + return EFI_SUCCESS; + + case HII_KEY_ID_REVERT: + DEBUG ((DEBUG_INFO, "HII_KEY_ID_REVERT\n")); + gHiiConfiguration.OpalRequest.Revert = Value->b; + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); + } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + return EFI_SUCCESS; + case HII_KEY_ID_KEEP_USER_DATA: + DEBUG ((DEBUG_INFO, "HII_KEY_ID_KEEP_USER_DATA\n")); + gHiiConfiguration.OpalRequest.KeepUserData = Value->b; + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); + } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + return EFI_SUCCESS; + + case HII_KEY_ID_PSID_REVERT: + DEBUG ((DEBUG_INFO, "HII_KEY_ID_PSID_REVERT\n")); + gHiiConfiguration.OpalRequest.PsidRevert = Value->b; + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); + } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + return EFI_SUCCESS; + + case HII_KEY_ID_DISABLE_USER: + DEBUG ((DEBUG_INFO, "HII_KEY_ID_DISABLE_USER\n")); + gHiiConfiguration.OpalRequest.DisableUser = Value->b; + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); + } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + return EFI_SUCCESS; + + case HII_KEY_ID_ENABLE_FEATURE: + DEBUG ((DEBUG_INFO, "HII_KEY_ID_ENABLE_FEATURE\n")); + gHiiConfiguration.OpalRequest.EnableFeature = Value->b; + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + if (OpalDisk != NULL) { + SaveOpalRequest (OpalDisk, gHiiConfiguration.OpalRequest); + } + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + return EFI_SUCCESS; + + default: + break; + } + } + + return EFI_UNSUPPORTED; +} + +/** + Update the global Disk index info. + + @param Index The input disk index info. + + @retval EFI_SUCCESS Update the disk index info success. + +**/ +EFI_STATUS +HiiSelectDisk( + UINT8 Index + ) +{ + OpalHiiGetBrowserData(); + gHiiConfiguration.SelectedDiskIndex = Index; + OpalHiiSetBrowserData (); + + return EFI_SUCCESS; +} + +/** + Draws the disk info form. + + @retval EFI_SUCCESS Draw the disk info success. + +**/ +EFI_STATUS +HiiPopulateDiskInfoForm( + VOID + ) +{ + OPAL_DISK* OpalDisk; + OPAL_DISK_ACTIONS AvailActions; + TCG_RESULT Ret; + CHAR8 *DiskName; + + OpalHiiGetBrowserData(); + + DiskName = HiiDiskGetNameCB (gHiiConfiguration.SelectedDiskIndex); + if (DiskName == NULL) { + return EFI_UNSUPPORTED; + } + HiiSetFormString(STRING_TOKEN(STR_DISK_INFO_SELECTED_DISK_NAME), DiskName); + + gHiiConfiguration.SelectedDiskAvailableActions = HII_ACTION_NONE; + ZeroMem (&gHiiConfiguration.OpalRequest, sizeof (OPAL_REQUEST)); + gHiiConfiguration.KeepUserDataForced = FALSE; + + OpalDisk = HiiGetOpalDiskCB(gHiiConfiguration.SelectedDiskIndex); + + if (OpalDisk != NULL) { + OpalDiskUpdateStatus (OpalDisk); + Ret = OpalSupportGetAvailableActions(&OpalDisk->SupportedAttributes, &OpalDisk->LockingFeature, OpalDisk->Owner, &AvailActions); + if (Ret == TcgResultSuccess) { + // + // Update actions, always allow PSID Revert + // + gHiiConfiguration.SelectedDiskAvailableActions |= (AvailActions.PsidRevert == 1) ? HII_ACTION_PSID_REVERT : HII_ACTION_NONE; + + // + // Always allow unlock to handle device migration + // + gHiiConfiguration.SelectedDiskAvailableActions |= (AvailActions.Unlock == 1) ? HII_ACTION_UNLOCK : HII_ACTION_NONE; + + if (!OpalFeatureEnabled (&OpalDisk->SupportedAttributes, &OpalDisk->LockingFeature)) { + if (OpalDisk->Owner == OpalOwnershipNobody) { + gHiiConfiguration.SelectedDiskAvailableActions |= HII_ACTION_ENABLE_FEATURE; + + // + // Update strings + // + HiiSetFormString( STRING_TOKEN(STR_DISK_INFO_PSID_REVERT), "PSID Revert to factory default"); + } else { + DEBUG ((DEBUG_INFO, "Feature disabled but ownership != nobody\n")); + } + } else { + gHiiConfiguration.SelectedDiskAvailableActions |= (AvailActions.Revert == 1) ? HII_ACTION_REVERT : HII_ACTION_NONE; + gHiiConfiguration.SelectedDiskAvailableActions |= (AvailActions.AdminPass == 1) ? HII_ACTION_SET_ADMIN_PWD : HII_ACTION_NONE; + gHiiConfiguration.SelectedDiskAvailableActions |= (AvailActions.UserPass == 1) ? HII_ACTION_SET_USER_PWD : HII_ACTION_NONE; + gHiiConfiguration.SelectedDiskAvailableActions |= (AvailActions.SecureErase == 1) ? HII_ACTION_SECURE_ERASE : HII_ACTION_NONE; + gHiiConfiguration.SelectedDiskAvailableActions |= (AvailActions.DisableUser == 1) ? HII_ACTION_DISABLE_USER : HII_ACTION_NONE; + + HiiSetFormString (STRING_TOKEN(STR_DISK_INFO_PSID_REVERT), "PSID Revert to factory default and Disable"); + + // + // Determine revert options for disk + // Default initialize keep user Data to be true + // + gHiiConfiguration.OpalRequest.KeepUserData = 1; + if (AvailActions.RevertKeepDataForced) { + gHiiConfiguration.KeepUserDataForced = TRUE; + } + } + } + + GetSavedOpalRequest (OpalDisk, &gHiiConfiguration.OpalRequest); + } + + // + // Pass the current configuration to the BIOS + // + OpalHiiSetBrowserData (); + + return EFI_SUCCESS; +} + +/** + Send BlockSid request through TPM physical presence module. + + @param PpRequest TPM physical presence operation request. + + @retval EFI_SUCCESS Do the required action success. + @retval Others Other error occur. + +**/ +EFI_STATUS +HiiSetBlockSidAction ( + IN UINT32 PpRequest + ) +{ + UINT32 ReturnCode; + EFI_STATUS Status; + + ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (PpRequest, 0); + if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { + Status = EFI_SUCCESS; + } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) { + Status = EFI_OUT_OF_RESOURCES; + } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) { + Status = EFI_UNSUPPORTED; + } else { + Status = EFI_DEVICE_ERROR; + } + + return Status; +} + +/** + This function processes the results of changes in configuration. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Configuration A null-terminated Unicode string in <ConfigResp> + format. + @param Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +RouteConfig( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + CONST EFI_STRING Configuration, + EFI_STRING *Progress + ) +{ + if (Configuration == NULL || Progress == NULL) { + return (EFI_INVALID_PARAMETER); + } + + *Progress = Configuration; + if (!HiiIsConfigHdrMatch (Configuration, &gHiiSetupVariableGuid, OpalPasswordStorageName)) { + return EFI_NOT_FOUND; + } + + *Progress = Configuration + StrLen (Configuration); + + return EFI_SUCCESS; +} + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Request A null-terminated Unicode string in + <ConfigRequest> format. + @param Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param Results A null-terminated Unicode string in + <ConfigAltResp> format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +ExtractConfig( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + CONST EFI_STRING Request, + EFI_STRING *Progress, + EFI_STRING *Results + ) +{ + EFI_STATUS Status; + EFI_STRING ConfigRequest; + EFI_STRING ConfigRequestHdr; + UINTN BufferSize; + UINTN Size; + BOOLEAN AllocatedRequest; + EFI_HANDLE DriverHandle; + + // + // Check for valid parameters + // + if (Progress == NULL || Results == NULL) { + return (EFI_INVALID_PARAMETER); + } + + *Progress = Request; + if ((Request != NULL) && + !HiiIsConfigHdrMatch (Request, &gHiiSetupVariableGuid, OpalPasswordStorageName)) { + return EFI_NOT_FOUND; + } + + AllocatedRequest = FALSE; + BufferSize = sizeof (OPAL_HII_CONFIGURATION); + ConfigRequest = Request; + if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) { + // + // Request has no request element, construct full request string. + // Allocate and fill a buffer large enough to hold the <ConfigHdr> template + // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator + // + DriverHandle = HiiGetDriverImageHandleCB(); + ConfigRequestHdr = HiiConstructConfigHdr (&gHiiSetupVariableGuid, OpalPasswordStorageName, DriverHandle); + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); + if (ConfigRequest == NULL) { + return EFI_OUT_OF_RESOURCES; + } + AllocatedRequest = TRUE; + UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize); + FreePool (ConfigRequestHdr); + } + + // + // Convert Buffer Data to <ConfigResp> by helper function BlockToConfig( ) + // + Status = gHiiConfigRouting->BlockToConfig( + gHiiConfigRouting, + ConfigRequest, + (UINT8*)&gHiiConfiguration, + sizeof(OPAL_HII_CONFIGURATION), + Results, + Progress + ); + + // + // Free the allocated config request string. + // + if (AllocatedRequest) { + FreePool (ConfigRequest); + ConfigRequest = NULL; + } + + // + // Set Progress string to the original request string. + // + if (Request == NULL) { + *Progress = NULL; + } else if (StrStr (Request, L"OFFSET") == NULL) { + *Progress = Request + StrLen (Request); + } + + return (Status); +} + + +/** + + Pass the current system state to the bios via the hii_G_Configuration. + +**/ +VOID +OpalHiiSetBrowserData ( + VOID + ) +{ + HiiSetBrowserData( + &gHiiSetupVariableGuid, + (CHAR16*)L"OpalHiiConfig", + sizeof(gHiiConfiguration), + (UINT8*)&gHiiConfiguration, + NULL + ); +} + + +/** + + Populate the hii_g_Configuration with the browser Data. + +**/ +VOID +OpalHiiGetBrowserData ( + VOID + ) +{ + HiiGetBrowserData( + &gHiiSetupVariableGuid, + (CHAR16*)L"OpalHiiConfig", + sizeof(gHiiConfiguration), + (UINT8*)&gHiiConfiguration + ); +} + +/** + Set a string Value in a form. + + @param DestStringId The stringid which need to update. + @param SrcAsciiStr The string need to update. + + @retval EFI_SUCCESS Do the required action success. + @retval Others Other error occur. + +**/ +EFI_STATUS +HiiSetFormString( + EFI_STRING_ID DestStringId, + CHAR8 *SrcAsciiStr + ) +{ + UINT32 Len; + UINT32 UniSize; + CHAR16* UniStr; + + // + // Determine the Length of the sting + // + Len = ( UINT32 )AsciiStrLen( SrcAsciiStr ); + + // + // Allocate space for the unicode string, including terminator + // + UniSize = (Len + 1) * sizeof(CHAR16); + UniStr = (CHAR16*)AllocateZeroPool(UniSize); + + // + // Copy into unicode string, then copy into string id + // + AsciiStrToUnicodeStrS ( SrcAsciiStr, UniStr, Len + 1); + + // + // Update the string in the form + // + if (HiiSetString(gHiiPackageListHandle, DestStringId, UniStr, NULL) == 0) { + DEBUG ((DEBUG_INFO, "HiiSetFormString( ) failed\n")); + FreePool(UniStr); + return (EFI_OUT_OF_RESOURCES); + } + + // + // Free the memory + // + FreePool(UniStr); + + return (EFI_SUCCESS); +} + +/** + Initialize the Opal disk base on the hardware info get from device. + + @param Dev The Opal device. + + @retval EFI_SUCCESS Initialize the device success. + @retval EFI_DEVICE_ERROR Get info from device failed. + +**/ +EFI_STATUS +OpalDiskInitialize ( + IN OPAL_DRIVER_DEVICE *Dev + ) +{ + TCG_RESULT TcgResult; + OPAL_SESSION Session; + UINT8 ActiveDataRemovalMechanism; + UINT32 RemovalMechanishLists[ResearvedMechanism]; + + ZeroMem(&Dev->OpalDisk, sizeof(OPAL_DISK)); + Dev->OpalDisk.Sscp = Dev->Sscp; + Dev->OpalDisk.MediaId = Dev->MediaId; + Dev->OpalDisk.OpalDevicePath = Dev->OpalDevicePath; + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = Dev->Sscp; + Session.MediaId = Dev->MediaId; + + TcgResult = OpalGetSupportedAttributesInfo (&Session, &Dev->OpalDisk.SupportedAttributes, &Dev->OpalDisk.OpalBaseComId); + if (TcgResult != TcgResultSuccess) { + return EFI_DEVICE_ERROR; + } + Session.OpalBaseComId = Dev->OpalDisk.OpalBaseComId; + + TcgResult = OpalUtilGetMsid (&Session, Dev->OpalDisk.Msid, OPAL_MSID_LENGTH, &Dev->OpalDisk.MsidLength); + if (TcgResult != TcgResultSuccess) { + return EFI_DEVICE_ERROR; + } + + if (Dev->OpalDisk.SupportedAttributes.DataRemoval) { + TcgResult = OpalUtilGetDataRemovalMechanismLists (&Session, RemovalMechanishLists); + if (TcgResult != TcgResultSuccess) { + return EFI_DEVICE_ERROR; + } + + TcgResult = OpalUtilGetActiveDataRemovalMechanism (&Session, Dev->OpalDisk.Msid, Dev->OpalDisk.MsidLength, &ActiveDataRemovalMechanism); + if (TcgResult != TcgResultSuccess) { + return EFI_DEVICE_ERROR; + } + + Dev->OpalDisk.EstimateTimeCost = RemovalMechanishLists[ActiveDataRemovalMechanism]; + } + + return OpalDiskUpdateStatus (&Dev->OpalDisk); +} + +/** + Update the device ownship + + @param OpalDisk The Opal device. + + @retval EFI_SUCCESS Get ownership success. + @retval EFI_ACCESS_DENIED Has send BlockSID command, can't change ownership. + @retval EFI_INVALID_PARAMETER Not get Msid info before get ownership info. + +**/ +EFI_STATUS +OpalDiskUpdateOwnerShip ( + OPAL_DISK *OpalDisk + ) +{ + OPAL_SESSION Session; + + if (OpalDisk->MsidLength == 0) { + return EFI_INVALID_PARAMETER; + } + + if (OpalDisk->SentBlockSID) { + return EFI_ACCESS_DENIED; + } + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = OpalDisk->Sscp; + Session.MediaId = OpalDisk->MediaId; + Session.OpalBaseComId = OpalDisk->OpalBaseComId; + + OpalDisk->Owner = OpalUtilDetermineOwnership(&Session, OpalDisk->Msid, OpalDisk->MsidLength); + return EFI_SUCCESS; +} + +/** + Update the device info. + + @param OpalDisk The Opal device. + + @retval EFI_SUCCESS Initialize the device success. + @retval EFI_DEVICE_ERROR Get info from device failed. + @retval EFI_INVALID_PARAMETER Not get Msid info before get ownership info. + @retval EFI_ACCESS_DENIED Has send BlockSID command, can't change ownership. + +**/ +EFI_STATUS +OpalDiskUpdateStatus ( + OPAL_DISK *OpalDisk + ) +{ + TCG_RESULT TcgResult; + OPAL_SESSION Session; + + ZeroMem(&Session, sizeof(Session)); + Session.Sscp = OpalDisk->Sscp; + Session.MediaId = OpalDisk->MediaId; + Session.OpalBaseComId = OpalDisk->OpalBaseComId; + + TcgResult = OpalGetLockingInfo(&Session, &OpalDisk->LockingFeature); + if (TcgResult != TcgResultSuccess) { + return EFI_DEVICE_ERROR; + } + + return OpalDiskUpdateOwnerShip (OpalDisk); +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.h new file mode 100644 index 00000000..3d84cafc --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHii.h @@ -0,0 +1,375 @@ +/** @file + Public Header file of HII library used by Opal UEFI Driver. + Defines required callbacks of Opal HII library. + +Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _OPAL_HII_H_ +#define _OPAL_HII_H_ + +#include <Protocol/HiiConfigAccess.h> + +#include "OpalDriver.h" +#include "OpalHiiFormValues.h" + +#define OPAL_PASSWORD_CONFIG_GUID \ + { \ + 0x0d510a4f, 0xa81b, 0x473f, { 0x87, 0x07, 0xb7, 0xfd, 0xfb, 0xc0, 0x45, 0xba } \ + } + +#define OPAL_REQUEST_VARIABLE_NAME L"OpalRequest" + +#pragma pack(1) + +typedef struct { + UINT32 Length; + OPAL_REQUEST OpalRequest; + //EFI_DEVICE_PATH_PROTOCOL OpalDevicePath; +} OPAL_REQUEST_VARIABLE; + +typedef struct { + UINT16 Id: HII_KEY_ID_BITS; + UINT16 Index: HII_KEY_INDEX_BITS; + UINT16 Flag: HII_KEY_FLAG_BITS; +} KEY_BITS; + +typedef union { + UINT16 Raw; + KEY_BITS KeyBits; +} HII_KEY; + +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; + +#pragma pack() + +extern const EFI_GUID gHiiSetupVariableGuid; + +/** + This function processes the results of changes in configuration. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Configuration A null-terminated Unicode string in <ConfigResp> + format. + @param Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +RouteConfig( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + CONST EFI_STRING Configuration, + EFI_STRING *Progress + ); + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Request A null-terminated Unicode string in + <ConfigRequest> format. + @param Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param Results A null-terminated Unicode string in + <ConfigAltResp> format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +ExtractConfig( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + CONST EFI_STRING Request, + EFI_STRING *Progress, + EFI_STRING *Results + ); + +/** + This function processes the results of changes in configuration. + + @param This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param Action Specifies the type of action taken by the browser. + @param QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param Type The type of value for the question. + @param Value A pointer to the data being sent to the original + exporting driver. + @param ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +DriverCallback( + CONST EFI_HII_CONFIG_ACCESS_PROTOCOL* This, + EFI_BROWSER_ACTION Action, + EFI_QUESTION_ID QuestionId, + UINT8 Type, + EFI_IFR_TYPE_VALUE* Value, + EFI_BROWSER_ACTION_REQUEST* ActionRequest + ); + +/** + + Pass the current system state to the bios via the hii_G_Configuration. + +**/ +VOID +OpalHiiSetBrowserData ( + VOID + ); + +/** + + Populate the hii_g_Configuration with the browser Data. + +**/ +VOID +OpalHiiGetBrowserData ( + VOID + ); + +/** + Draws the disk info form. + + @retval EFI_SUCCESS Draw the disk info success. + +**/ +EFI_STATUS +HiiPopulateDiskInfoForm( + VOID + ); + +/** + Update the global Disk index info. + + @param Index The input disk index info. + + @retval EFI_SUCCESS Update the disk index info success. + +**/ +EFI_STATUS +HiiSelectDisk( + UINT8 Index + ); + +/** + Use the input password to do the specified action. + + @param Str The input password saved in. + + @retval EFI_SUCCESS Do the required action success. + @retval Others Other error occur. + +**/ +EFI_STATUS +HiiPasswordEntered( + EFI_STRING_ID Str + ); + +/** + Update block sid info. + + @param PpRequest Input the Pp Request. + + @retval EFI_SUCCESS Do the required action success. + @retval Others Other error occur. + +**/ +EFI_STATUS +HiiSetBlockSidAction ( + UINT32 PpRequest + ); + +/** + Reverts the Opal disk to factory default. + + @param PsidStringId The string id for the PSID info. + + @retval EFI_SUCCESS Do the required action success. + +**/ +EFI_STATUS +HiiPsidRevert( + EFI_STRING_ID PsidStringId + ); + +/** + Get disk name string id. + + @param DiskIndex The input disk index info. + + @retval The disk name string id. + +**/ +EFI_STRING_ID +GetDiskNameStringId( + UINT8 DiskIndex + ); + +/** + Update the device info. + + @param OpalDisk The Opal device. + + @retval EFI_SUCCESS Initialize the device success. + @retval EFI_DEVICE_ERROR Get info from device failed. + @retval EFI_INVALID_PARAMETER Not get Msid info before get ownership info. + +**/ +EFI_STATUS +OpalDiskUpdateStatus ( + OPAL_DISK *OpalDisk + ); + +/** + Get the driver image handle. + + @retval the driver image handle. + +**/ +EFI_HANDLE +HiiGetDriverImageHandleCB( + VOID + ); + +/** + Install the HII form and string packages. + + @retval EFI_SUCCESS Install all the resources success. + @retval EFI_OUT_OF_RESOURCES Out of resource error. +**/ +EFI_STATUS +OpalHiiAddPackages( + VOID + ); + +/** + Returns the opaque pointer to a physical disk context. + + @param DiskIndex Input the disk index. + + @retval The device pointer. + +**/ +OPAL_DISK* +HiiGetOpalDiskCB( + UINT8 DiskIndex + ); + +/** + Returns the disk name. + + @param DiskIndex Input the disk index. + + @retval Returns the disk name. + +**/ +CHAR8* +HiiDiskGetNameCB( + UINT8 DiskIndex + ); + +/** + Set a string Value in a form. + + @param DestStringId The stringid which need to update. + @param SrcAsciiStr The string nned to update. + + @retval EFI_SUCCESS Do the required action success. + @retval Others Other error occur. + +**/ +EFI_STATUS +HiiSetFormString( + EFI_STRING_ID DestStringId, + CHAR8 *SrcAsciiStr + ); + +/** + Install the HII related resources. + + @retval EFI_SUCCESS Install all the resources success. + @retval other Error occur when install the resources. +**/ +EFI_STATUS +HiiInstall( + VOID + ); + +/** + Uninstall the HII capability. + + @retval EFI_SUCCESS Uninstall all the resources success. + @retval others Other errors occur when unistall the hii resource. +**/ +EFI_STATUS +HiiUninstall( + VOID + ); + +/** + Initialize the Opal disk base on the hardware info get from device. + + @param Dev The Opal device. + + @retval EFI_SUCCESS Initialize the device success. + @retval EFI_DEVICE_ERROR Get info from device failed. + +**/ +EFI_STATUS +OpalDiskInitialize ( + IN OPAL_DRIVER_DEVICE *Dev + ); + +/** + Update the device ownership + + @param OpalDisk The Opal device. + + @retval EFI_SUCCESS Get ownership success. + @retval EFI_ACCESS_DENIED Has send BlockSID command, can't change ownership. + @retval EFI_INVALID_PARAMETER Not get Msid info before get ownership info. + +**/ +EFI_STATUS +OpalDiskUpdateOwnerShip ( + OPAL_DISK *OpalDisk + ); + +#endif // _HII_H_ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c new file mode 100644 index 00000000..a9b08669 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiCallbacks.c @@ -0,0 +1,112 @@ +/** @file + Callbacks required by the HII of the Opal UEFI Driver to help display + Opal device information. + +Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "OpalHii.h" + +/** + Get the driver image handle. + + @retval the driver image handle. + +**/ +EFI_HANDLE +HiiGetDriverImageHandleCB( + VOID + ) +{ + return gImageHandle; +} + +/** + Returns the opaque pointer to a physical disk context. + + @param DiskIndex Input the disk index. + + @retval The device pointer. + +**/ +VOID * +HiiGetDiskContextCB( + UINT8 DiskIndex + ) +{ + OPAL_DRIVER_DEVICE* Dev; + UINT8 CurrentDisk; + + Dev = OpalDriverGetDeviceList(); + CurrentDisk = 0; + + if (DiskIndex >= GetDeviceCount()) { + return NULL; + } + + while (Dev != NULL) { + if (CurrentDisk == DiskIndex) { + return Dev; + } else { + Dev = Dev->Next; + CurrentDisk++; + } + } + + return NULL; +} + +/** + Returns the opaque pointer to a physical disk context. + + @param DiskIndex Input the disk index. + + @retval The device pointer. + +**/ +OPAL_DISK* +HiiGetOpalDiskCB( + UINT8 DiskIndex + ) +{ + VOID *Ctx; + OPAL_DRIVER_DEVICE *Tmp; + + Ctx = HiiGetDiskContextCB (DiskIndex); + + if (Ctx == NULL) { + return NULL; + } + + Tmp = (OPAL_DRIVER_DEVICE*) Ctx; + + return &Tmp->OpalDisk; +} + +/** + Returns the disk name. + + @param DiskIndex Input the disk index. + + @retval Returns the disk name. + +**/ +CHAR8* +HiiDiskGetNameCB( + UINT8 DiskIndex + ) +{ + OPAL_DRIVER_DEVICE* Ctx; + + Ctx = (OPAL_DRIVER_DEVICE*) HiiGetDiskContextCB (DiskIndex); + + if (Ctx != NULL) { + if (Ctx->NameZ == NULL) { + OpalDriverGetDriverDeviceName (Ctx); + } + return Ctx->NameZ; + } + return NULL; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormStrings.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormStrings.uni new file mode 100644 index 00000000..6db6b9c6 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormStrings.uni @@ -0,0 +1,80 @@ +// /** @file
+//
+// String definitions for Setup formset.
+//
+// Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+/=#
+///////////////////////////////// GENERIC DEFINITIONS /////////////////////////////////
+#langdef en-US "English"
+#string STR_NULL #language en-US " "
+
+///////////////////////////////// FORM SET /////////////////////////////////
+#string STR_FORM_SET_HELP #language en-US "Select to manage"
+
+///////////////////////////////// MULTIPLE FORMS /////////////////////////////////
+#string STR_OPAL #language en-US "TCG Drive Management"
+
+///////////////////////////////// MAIN MENU FORM /////////////////////////////////
+#string STR_MAIN_PHY_DISKS_LBL #language en-US "Physical Disks:"
+#string STR_MAIN_OPAL_TITLE_LBL #language en-US "Allows user to choose drive to configure drive security. User can also set storage action policy for use of the TCG Block SID authentication feature."
+
+#string STR_MAIN_GOTO_DISK_INFO_0 #language en-US " "
+#string STR_MAIN_GOTO_DISK_INFO_1 #language en-US " "
+#string STR_MAIN_GOTO_DISK_INFO_2 #language en-US " "
+#string STR_MAIN_GOTO_DISK_INFO_3 #language en-US " "
+#string STR_MAIN_GOTO_DISK_INFO_4 #language en-US " "
+#string STR_MAIN_GOTO_DISK_INFO_5 #language en-US " "
+
+#string STR_MAIN_GOTO_DISK_INFO_HELP #language en-US "Select disk to see actions"
+
+#string STR_MAIN_NO_DISKS_PRESENT_LBL #language en-US "No disks connected to system"
+#string STR_MAIN_NO_DISKS_PRESENT_LBL_HELP #language en-US "The storage needs to be connected before EndOfDxe"
+
+///////////////////////////////// DISK INFO MENU FORM /////////////////////////////////
+#string STR_DISK_INFO_SELECTED_DISK_NAME #language en-US " "
+#string STR_DISK_INFO_TITLE_LBL #language en-US "Allows user to set and modify password; perform secure erase; and perform revert functions on drive."
+
+#string STR_DISK_INFO_LOCK #language en-US "Lock"
+#string STR_DISK_INFO_UNLOCK #language en-US "Unlock"
+#string STR_DISK_INFO_SET_ADMIN_PSWD #language en-US "Update Drive Admin Password"
+#string STR_DISK_INFO_SET_USER_PSWD #language en-US "Set Drive User Password"
+#string STR_DISK_INFO_SECURE_ERASE #language en-US "Secure Erase User Data"
+#string STR_DISK_INFO_PSID_REVERT #language en-US "PSID Revert to factory default"
+#string STR_DISK_INFO_REVERT #language en-US "Admin Revert to factory default and Disable"
+#string STR_DISK_INFO_DISABLE_USER #language en-US "Disable User"
+#string STR_DISK_INFO_ENABLE_FEATURE #language en-US "Enable Feature"
+#string STR_DISK_INFO_ENABLE_BLOCKSID #language en-US "TCG Storage Action"
+#string STR_ENABLED #language en-US "Enable BlockSID"
+#string STR_DISABLED #language en-US "Disable BlockSID"
+
+#string STR_NONE #language en-US "None"
+#string STR_DISK_INFO_ENABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote enable BlockSID"
+#string STR_DISK_INFO_ENABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote enable BlockSID"
+#string STR_DISK_INFO_DISABLE_BLOCKSID_TRUE #language en-US "Require physical presence when remote disable BlockSID"
+#string STR_DISK_INFO_DISABLE_BLOCKSID_FALSE #language en-US "Not require physical presence when remote disable BlockSID"
+
+#string STR_BLOCKSID_STATUS_HELP #language en-US "BlockSID action change status"
+#string STR_BLOCKSID_STATUS #language en-US "Current BlockSID Status:"
+#string STR_BLOCKSID_STATUS1 #language en-US ""
+#string STR_BLOCKSID_STATUS2 #language en-US ""
+#string STR_BLOCKSID_STATUS3 #language en-US ""
+
+#string STR_OPAL_REQUESTS_LBL #language en-US "Options:"
+#string STR_DISK_INFO_LOCK_HELP #language en-US "Lock the disk"
+#string STR_DISK_INFO_UNLOCK_HELP #language en-US "Unlock the disk"
+#string STR_DISK_INFO_SET_ADMIN_PSWD_HELP #language en-US "Set password for the administrator, reset is required for the request to be processed in next boot"
+#string STR_DISK_INFO_SET_USER_PSWD_HELP #language en-US "Set password for User 1, reset is required for the request to be processed in next boot"
+#string STR_DISK_INFO_SECURE_ERASE_HELP #language en-US "Securely erase the disk, reset is required for the request to be processed in next boot"
+#string STR_DISK_INFO_REVERT_HELP #language en-US "Revert the disk to factory defaults, reset is required for the request to be processed in next boot"
+#string STR_DISK_INFO_PSID_REVERT_HELP #language en-US "Revert the disk to factory defaults, PSID is a 32 character case sensitive value, reset is required for the request to be processed in next boot"
+#string STR_DISK_INFO_DISABLE_USER_HELP #language en-US "Disable User, reset is required for the request to be processed in next boot"
+#string STR_DISK_INFO_ENABLE_FEATURE_HELP #language en-US "Enable Feature, reset is required for the request to be processed in next boot"
+#string STR_KEEP_USER_DATA_PROMPT #language en-US " Keep User Data"
+#string STR_KEEP_USER_DATA_HELP #language en-US "Check to keep user data, otherwise data will be lost"
+
+#string STR_DISK_INFO_ENABLE_BLOCKSID_HELP #language en-US "Change BlockSID actions, includes enable or disable BlockSID, Require or not require physical presence when remote enable or disable BlockSID"
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormValues.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormValues.h new file mode 100644 index 00000000..fa0a679e --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalHiiFormValues.h @@ -0,0 +1,109 @@ +/** @file + Defines Opal HII form ids, structures and values. + +Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#ifndef _OPAL_HII_FORM_VALUES_H_ +#define _OPAL_HII_FORM_VALUES_H_ + +// ID's for various forms that will be used by HII +#define FORMID_VALUE_MAIN_MENU 0x01 +#define FORMID_VALUE_DISK_INFO_FORM_MAIN 0x02 + +#pragma pack(1) +typedef struct { + UINT16 Lock:1; + UINT16 Unlock:1; + UINT16 SetAdminPwd:1; + UINT16 SetUserPwd:1; + UINT16 SecureErase:1; + UINT16 Revert:1; + UINT16 PsidRevert:1; + UINT16 DisableUser:1; + UINT16 DisableFeature:1; + UINT16 EnableFeature:1; + UINT16 Reserved:5; + UINT16 KeepUserData:1; +} OPAL_REQUEST; + +typedef struct { + UINT8 NumDisks; + UINT8 SelectedDiskIndex; + UINT16 SelectedDiskAvailableActions; + UINT16 SupportedDisks; + BOOLEAN KeepUserDataForced; + OPAL_REQUEST OpalRequest; + UINT8 EnableBlockSid; +} OPAL_HII_CONFIGURATION; + +#pragma pack() + +/* Action Flags */ +#define HII_ACTION_NONE 0x0000 +#define HII_ACTION_LOCK 0x0001 +#define HII_ACTION_UNLOCK 0x0002 +#define HII_ACTION_SET_ADMIN_PWD 0x0004 +#define HII_ACTION_SET_USER_PWD 0x0008 +#define HII_ACTION_SECURE_ERASE 0x0010 +#define HII_ACTION_REVERT 0x0020 +#define HII_ACTION_PSID_REVERT 0x0040 +#define HII_ACTION_DISABLE_USER 0x0080 +#define HII_ACTION_DISABLE_FEATURE 0x0100 +#define HII_ACTION_ENABLE_FEATURE 0x0200 + +/* Number of bits allocated for each part of a unique key for an HII_ITEM + * all bits together must be <= 16 (EFI_QUESTION_ID is UINT16) + * 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 + * | |-----------------------| |---------------------------| + * FLG INDEX ID + */ +#define HII_KEY_ID_BITS 8 +#define HII_KEY_INDEX_BITS 7 +#define HII_KEY_FLAG_BITS 1 + +#define HII_KEY_FLAG 0x8000 // bit 15 (zero based) + +/***********/ +/* Key IDs */ +/***********/ + +#define HII_KEY_ID_GOTO_DISK_INFO 1 + +#define HII_KEY_ID_VAR_SUPPORTED_DISKS 2 +#define HII_KEY_ID_VAR_SELECTED_DISK_AVAILABLE_ACTIONS 3 + +#define HII_KEY_ID_BLOCKSID 4 +#define HII_KEY_ID_SET_ADMIN_PWD 5 +#define HII_KEY_ID_SET_USER_PWD 6 +#define HII_KEY_ID_SECURE_ERASE 7 +#define HII_KEY_ID_REVERT 8 +#define HII_KEY_ID_KEEP_USER_DATA 9 +#define HII_KEY_ID_PSID_REVERT 0xA +#define HII_KEY_ID_DISABLE_USER 0xB +#define HII_KEY_ID_ENABLE_FEATURE 0xC + +#define HII_KEY_ID_MAX 0xC // !!Update each time a new ID is added!! + +#define HII_KEY_WITH_INDEX(id, index) \ + ( \ + HII_KEY_FLAG | \ + (id) | \ + ((index) << HII_KEY_ID_BITS) \ + ) + +#define HII_KEY(id) HII_KEY_WITH_INDEX(id, 0) + +#define PACKAGE_LIST_GUID { 0xf0308176, 0x9058, 0x4153, { 0x93, 0x3d, 0xda, 0x2f, 0xdc, 0xc8, 0x3e, 0x44 } } + +/* {410483CF-F4F9-4ece-848A-1958FD31CEB7} */ +#define SETUP_FORMSET_GUID { 0x410483cf, 0xf4f9, 0x4ece, { 0x84, 0x8a, 0x19, 0x58, 0xfd, 0x31, 0xce, 0xb7 } } + +// {BBF1ACD2-28D8-44ea-A291-58A237FEDF1A} +#define SETUP_VARIABLE_GUID { 0xbbf1acd2, 0x28d8, 0x44ea, { 0xa2, 0x91, 0x58, 0xa2, 0x37, 0xfe, 0xdf, 0x1a } } + +#endif //_HII_FORM_VALUES_H_ + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordCommon.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordCommon.h new file mode 100644 index 00000000..8563e32f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordCommon.h @@ -0,0 +1,38 @@ +/** @file + Opal Password common header file. + +Copyright (c) 2018 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _OPAL_PASSWORD_COMMON_H_ +#define _OPAL_PASSWORD_COMMON_H_ + +#define OPAL_MAX_PASSWORD_SIZE 32 + +#define OPAL_DEVICE_TYPE_UNKNOWN 0x0 +#define OPAL_DEVICE_TYPE_ATA 0x1 +#define OPAL_DEVICE_TYPE_NVME 0x2 + +typedef struct { + UINT16 Segment; + UINT8 Bus; + UINT8 Device; + UINT8 Function; + UINT8 Reserved; +} OPAL_PCI_DEVICE; + +typedef struct { + UINT32 Length; + OPAL_PCI_DEVICE Device; + UINT8 PasswordLength; + UINT8 Password[OPAL_MAX_PASSWORD_SIZE]; + UINT16 OpalBaseComId; + UINT32 DevicePathLength; + EFI_DEVICE_PATH_PROTOCOL DevicePath[]; +} OPAL_DEVICE_LOCKBOX_DATA; + +#define OPAL_DEVICE_LOCKBOX_GUID { 0x56a77f0d, 0x6f05, 0x4d47, { 0xb9, 0x11, 0x4f, 0xd, 0xec, 0x5c, 0x58, 0x61 } } + +#endif // _OPAL_PASSWORD_COMMON_H_ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf new file mode 100644 index 00000000..40472595 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordDxe.inf @@ -0,0 +1,77 @@ +## @file +# This is a OpalPasswordDxe driver. +# +# This module is used to Management the Opal feature +# for Opal supported devices. +# +# Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## +[Defines] + INF_VERSION = 0x00010007 + BASE_NAME = OpalPasswordDxe + FILE_GUID = E3E4048D-6C0C-43E4-AE1C-FFB579D8EF41 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = EfiDriverEntryPoint + UNLOAD_IMAGE = OpalEfiDriverUnload + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + OpalDriver.c + OpalDriver.h + OpalPasswordCommon.h + OpalHii.c + OpalHii.h + OpalHiiCallbacks.c + OpalHiiFormValues.h + OpalHiiFormStrings.uni + OpalPasswordForm.vfr + ComponentName.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + MemoryAllocationLib + UefiBootServicesTableLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + DxeServicesTableLib + UefiHiiServicesLib + BaseMemoryLib + DebugLib + HiiLib + PrintLib + DevicePathLib + UefiLib + TcgStorageOpalLib + Tcg2PhysicalPresenceLib + PciLib + LockBoxLib + +[Protocols] + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiStorageSecurityCommandProtocolGuid ## CONSUMES + gEfiComponentNameProtocolGuid ## PRODUCES + gEfiComponentName2ProtocolGuid ## PRODUCES + gEfiBlockIoProtocolGuid ## CONSUMES + +[Guids] + gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event + gS3StorageDeviceInitListGuid ## SOMETIMES_PRODUCES ## UNDEFINED + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdSkipOpalPasswordPrompt ## CONSUMES + +[Depex] + gEfiHiiStringProtocolGuid AND gEfiHiiDatabaseProtocolGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordForm.vfr b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordForm.vfr new file mode 100644 index 00000000..6f3290b1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordForm.vfr @@ -0,0 +1,303 @@ +/** @file + +Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ +#include "OpalHiiFormValues.h" + + +#define EFI_HII_PLATFORM_SETUP_FORMSET_GUID \ + { 0x93039971, 0x8545, 0x4b04, { 0xb4, 0x5e, 0x32, 0xeb, 0x83, 0x26, 0x4, 0xe } } + +formset + guid = SETUP_FORMSET_GUID, + title = STRING_TOKEN(STR_OPAL), + help = STRING_TOKEN(STR_FORM_SET_HELP), + classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, + + // Define a Buffer Storage (EFI_IFR_VARSTORE) that will be filled + // out initially through extractConfig call + varstore OPAL_HII_CONFIGURATION, // This is the Data structure type + name = OpalHiiConfig, // Define referenced name in vfr + guid = SETUP_VARIABLE_GUID; // GUID of this Buffer storage + +form formid = FORMID_VALUE_MAIN_MENU, + title = STRING_TOKEN(STR_OPAL); + + //CONFIG_VARIABLE(HII_KEY(HII_KEY_ID_VAR_SUPPORTED_DISKS), SupportedDisks, 0x0, 0xFFFF); + suppressif TRUE; + numeric + name = SupportedDisks, + varid = OpalHiiConfig.SupportedDisks, + prompt = STRING_TOKEN(STR_NULL), + help = STRING_TOKEN(STR_NULL), + flags = INTERACTIVE, + key = 0x8002, + minimum = 0x0, + maximum = 0xFFFF, + endnumeric; + endif; + + subtitle text = STRING_TOKEN(STR_MAIN_OPAL_TITLE_LBL); + + subtitle text = STRING_TOKEN(STR_NULL); + + subtitle text = STRING_TOKEN(STR_MAIN_PHY_DISKS_LBL); + + //DISK( 0 ); + suppressif ( questionref(SupportedDisks) & ( 0x1 ) ) == 0; + goto FORMID_VALUE_DISK_INFO_FORM_MAIN, + prompt = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_0 ), + help = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_HELP), + flags = INTERACTIVE, + key = 0x8001; + endif; + + //DISK( 1 ); + suppressif ( questionref(SupportedDisks) & ( 0x2 ) ) == 0; + goto FORMID_VALUE_DISK_INFO_FORM_MAIN, + prompt = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_1 ), + help = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_HELP), + flags = INTERACTIVE, + key = 0x8101; + endif; + + //DISK( 2 ); + suppressif ( questionref(SupportedDisks) & ( 0x4 ) ) == 0; + goto FORMID_VALUE_DISK_INFO_FORM_MAIN, + prompt = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_2 ), + help = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_HELP), + flags = INTERACTIVE, + key = 0x8201; + endif; + + //DISK( 3 ); + suppressif ( questionref(SupportedDisks) & ( 0x8 ) ) == 0; + goto FORMID_VALUE_DISK_INFO_FORM_MAIN, + prompt = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_3 ), + help = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_HELP), + flags = INTERACTIVE, + key = 0x8301; + endif; + + //DISK( 4 ); + suppressif ( questionref(SupportedDisks) & ( 0x10 ) ) == 0; + goto FORMID_VALUE_DISK_INFO_FORM_MAIN, + prompt = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_4 ), + help = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_HELP), + flags = INTERACTIVE, + key = 0x8401; + endif; + + //DISK( 5 ); + suppressif ( questionref(SupportedDisks) & ( 0x20 ) ) == 0; + goto FORMID_VALUE_DISK_INFO_FORM_MAIN, + prompt = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_5 ), + help = STRING_TOKEN(STR_MAIN_GOTO_DISK_INFO_HELP), + flags = INTERACTIVE, + key = 0x8501; + endif; + + //No disks on system + suppressif ideqval OpalHiiConfig.NumDisks > 0; + text + help = STRING_TOKEN(STR_MAIN_NO_DISKS_PRESENT_LBL_HELP), + text = STRING_TOKEN(STR_MAIN_NO_DISKS_PRESENT_LBL); + endif; + + subtitle text = STRING_TOKEN(STR_NULL); + + grayoutif TRUE; + text + help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), + text = STRING_TOKEN(STR_BLOCKSID_STATUS); + text + help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), + text = STRING_TOKEN(STR_BLOCKSID_STATUS1); + text + help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), + text = STRING_TOKEN(STR_BLOCKSID_STATUS2); + text + help = STRING_TOKEN(STR_BLOCKSID_STATUS_HELP), + text = STRING_TOKEN(STR_BLOCKSID_STATUS3); + subtitle text = STRING_TOKEN(STR_NULL); + endif; + + oneof varid = OpalHiiConfig.EnableBlockSid, + questionid = 0x8004, + prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID), + help = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_HELP), + flags = INTERACTIVE, + option text = STRING_TOKEN(STR_NONE), value = 0, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + option text = STRING_TOKEN(STR_ENABLED), value = 1, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_DISABLED), value = 2, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_TRUE), value = 3, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_DISK_INFO_ENABLE_BLOCKSID_FALSE), value = 4, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_TRUE), value = 5, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_DISK_INFO_DISABLE_BLOCKSID_FALSE), value = 6, flags = RESET_REQUIRED; + endoneof; + + + +endform; // MAIN MENU FORM + +// +///////////////// DISK INFO FORM ///////////////// +// +form formid = FORMID_VALUE_DISK_INFO_FORM_MAIN, + title = STRING_TOKEN(STR_OPAL); + + suppressif TRUE; + numeric + name = SelectedDiskAvailableActions, + varid = OpalHiiConfig.SelectedDiskAvailableActions, + prompt = STRING_TOKEN(STR_NULL), + help = STRING_TOKEN(STR_NULL), + flags = INTERACTIVE, + key = 0x8003, + minimum = 0x0, + maximum = 0xFFFF, + endnumeric; + endif; + + suppressif TRUE; + checkbox varid = OpalHiiConfig.KeepUserDataForced, + prompt = STRING_TOKEN(STR_NULL), + help = STRING_TOKEN(STR_NULL), + endcheckbox; + endif; + + subtitle text = STRING_TOKEN(STR_DISK_INFO_TITLE_LBL); + + subtitle text = STRING_TOKEN(STR_NULL); + + text + help = STRING_TOKEN(STR_NULL), + text = STRING_TOKEN(STR_DISK_INFO_SELECTED_DISK_NAME); + + subtitle text = STRING_TOKEN(STR_NULL); + + subtitle text = STRING_TOKEN(STR_OPAL_REQUESTS_LBL); + + suppressif ( questionref(SelectedDiskAvailableActions) & HII_ACTION_SET_ADMIN_PWD ) == 0; + grayoutif ideqval OpalHiiConfig.OpalRequest.Revert == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.PsidRevert == 1; + checkbox varid = OpalHiiConfig.OpalRequest.SetAdminPwd, + prompt = STRING_TOKEN(STR_DISK_INFO_SET_ADMIN_PSWD), + help = STRING_TOKEN(STR_DISK_INFO_SET_ADMIN_PSWD_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + key = 0x8005, + endcheckbox; + endif; + endif; + endif; + + suppressif ( questionref(SelectedDiskAvailableActions) & HII_ACTION_SET_USER_PWD ) == 0; + grayoutif ideqval OpalHiiConfig.OpalRequest.DisableUser == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.Revert == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.PsidRevert == 1; + checkbox varid = OpalHiiConfig.OpalRequest.SetUserPwd, + prompt = STRING_TOKEN(STR_DISK_INFO_SET_USER_PSWD), + help = STRING_TOKEN(STR_DISK_INFO_SET_USER_PSWD_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + key = 0x8006, + endcheckbox; + endif; + endif; + endif; + endif; + + suppressif ( questionref(SelectedDiskAvailableActions) & HII_ACTION_SECURE_ERASE ) == 0; + grayoutif ideqval OpalHiiConfig.OpalRequest.Revert == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.PsidRevert == 1; + checkbox varid = OpalHiiConfig.OpalRequest.SecureErase, + prompt = STRING_TOKEN(STR_DISK_INFO_SECURE_ERASE), + help = STRING_TOKEN(STR_DISK_INFO_SECURE_ERASE_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + key = 0x8007, + endcheckbox; + endif; + endif; + endif; + + suppressif ( questionref(SelectedDiskAvailableActions) & HII_ACTION_REVERT ) == 0; + grayoutif ideqval OpalHiiConfig.OpalRequest.SetAdminPwd == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.SetUserPwd == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.SecureErase == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.DisableUser == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.PsidRevert == 1; + checkbox varid = OpalHiiConfig.OpalRequest.Revert, + prompt = STRING_TOKEN(STR_DISK_INFO_REVERT), + help = STRING_TOKEN(STR_DISK_INFO_REVERT_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + key = 0x8008, + endcheckbox; + endif; + endif; + endif; + endif; + endif; + endif; + + suppressif ideqval OpalHiiConfig.OpalRequest.Revert == 0; + grayoutif ideqval OpalHiiConfig.KeepUserDataForced == 1; + checkbox varid = OpalHiiConfig.OpalRequest.KeepUserData, + prompt = STRING_TOKEN(STR_KEEP_USER_DATA_PROMPT), + help = STRING_TOKEN(STR_KEEP_USER_DATA_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + key = 0x8009, + endcheckbox; + endif; + endif; + + suppressif ( questionref(SelectedDiskAvailableActions) & HII_ACTION_PSID_REVERT ) == 0; + grayoutif ideqval OpalHiiConfig.OpalRequest.SetAdminPwd == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.SetUserPwd == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.SecureErase == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.DisableUser == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.EnableFeature == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.Revert == 1; + checkbox varid = OpalHiiConfig.OpalRequest.PsidRevert, + prompt = STRING_TOKEN(STR_DISK_INFO_PSID_REVERT), + help = STRING_TOKEN(STR_DISK_INFO_PSID_REVERT_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + key = 0x800A, + endcheckbox; + endif; + endif; + endif; + endif; + endif; + endif; + endif; + + suppressif ( questionref(SelectedDiskAvailableActions) & HII_ACTION_DISABLE_USER ) == 0; + grayoutif ideqval OpalHiiConfig.OpalRequest.SetUserPwd == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.Revert == 1; + grayoutif ideqval OpalHiiConfig.OpalRequest.PsidRevert == 1; + checkbox varid = OpalHiiConfig.OpalRequest.DisableUser, + prompt = STRING_TOKEN(STR_DISK_INFO_DISABLE_USER), + help = STRING_TOKEN(STR_DISK_INFO_DISABLE_USER_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + key = 0x800B, + endcheckbox; + endif; + endif; + endif; + endif; + + suppressif ( questionref(SelectedDiskAvailableActions) & HII_ACTION_ENABLE_FEATURE ) == 0; + grayoutif ideqval OpalHiiConfig.OpalRequest.PsidRevert == 1; + checkbox varid = OpalHiiConfig.OpalRequest.EnableFeature, + prompt = STRING_TOKEN(STR_DISK_INFO_ENABLE_FEATURE), + help = STRING_TOKEN(STR_DISK_INFO_ENABLE_FEATURE_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + key = 0x800C, + endcheckbox; + endif; + endif; + +endform; // DISK INFO FORM + +endformset; diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c new file mode 100644 index 00000000..73540306 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.c @@ -0,0 +1,472 @@ +/** @file + Opal Password PEI driver which is used to unlock Opal Password for S3. + +Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "OpalPasswordPei.h" + +EFI_GUID mOpalDeviceLockBoxGuid = OPAL_DEVICE_LOCKBOX_GUID; + + +/** + Send a security protocol command to a device that receives data and/or the result + of one or more commands sent by SendData. + + The ReceiveData function sends a security protocol command to the given MediaId. + The security protocol command sent is defined by SecurityProtocolId and contains + the security protocol specific data SecurityProtocolSpecificData. The function + returns the data from the security protocol command in PayloadBuffer. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL IN command defined in SPC-4. + + For devices supporting the ATA command set, the security protocol command is sent + using one of the TRUSTED RECEIVE commands defined in ATA8-ACS if PayloadBufferSize + is non-zero. + + If the PayloadBufferSize is zero, the security protocol command is sent using the + Trusted Non-Data command defined in ATA8-ACS. + + If PayloadBufferSize is too small to store the available data from the security + protocol command, the function shall copy PayloadBufferSize bytes into the + PayloadBuffer and return EFI_WARN_BUFFER_TOO_SMALL. + + If PayloadBuffer or PayloadTransferSize is NULL and PayloadBufferSize is non-zero, + the function shall return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function shall + return EFI_UNSUPPORTED. If there is no media in the device, the function returns + EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the device, + the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall + return EFI_SUCCESS. If the security protocol command completes with an error, the + function shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling context. + @param MediaId ID of the medium to receive data from. + @param Timeout The timeout, in 100ns units, to use for the execution + of the security protocol command. A Timeout value of 0 + means that this function will wait indefinitely for the + security protocol command to execute. If Timeout is greater + than zero, then this function will return EFI_TIMEOUT + if the time required to execute the receive data command + is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol" parameter of + the security protocol command to be sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter + of the security protocol command to be sent. + @param PayloadBufferSize Size in bytes of the payload data buffer. + @param PayloadBuffer A pointer to a destination buffer to store the security + protocol command specific payload data for the security + protocol command. The caller is responsible for having + either implicit or explicit ownership of the buffer. + @param PayloadTransferSize A pointer to a buffer to store the size in bytes of the + data written to the payload data buffer. + + @retval EFI_SUCCESS The security protocol command completed successfully. + @retval EFI_WARN_BUFFER_TOO_SMALL The PayloadBufferSize was too small to store the available + data from the device. The PayloadBuffer contains the truncated data. + @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command completed with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer or PayloadTransferSize is NULL and + PayloadBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting for the security + protocol command to execute. + +**/ +EFI_STATUS +EFIAPI +SecurityReceiveData ( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + OUT VOID *PayloadBuffer, + OUT UINTN *PayloadTransferSize + ) +{ + OPAL_PEI_DEVICE *PeiDev; + + PeiDev = OPAL_PEI_DEVICE_FROM_THIS (This); + if (PeiDev == NULL) { + return EFI_DEVICE_ERROR; + } + + return PeiDev->SscPpi->ReceiveData ( + PeiDev->SscPpi, + PeiDev->DeviceIndex, + SSC_PPI_GENERIC_TIMEOUT, + SecurityProtocolId, + SecurityProtocolSpecificData, + PayloadBufferSize, + PayloadBuffer, + PayloadTransferSize + ); +} + +/** + Send a security protocol command to a device. + + The SendData function sends a security protocol command containing the payload + PayloadBuffer to the given MediaId. The security protocol command sent is + defined by SecurityProtocolId and contains the security protocol specific data + SecurityProtocolSpecificData. If the underlying protocol command requires a + specific padding for the command payload, the SendData function shall add padding + bytes to the command payload to satisfy the padding requirements. + + For devices supporting the SCSI command set, the security protocol command is sent + using the SECURITY PROTOCOL OUT command defined in SPC-4. + + For devices supporting the ATA command set, the security protocol command is sent + using one of the TRUSTED SEND commands defined in ATA8-ACS if PayloadBufferSize + is non-zero. If the PayloadBufferSize is zero, the security protocol command is + sent using the Trusted Non-Data command defined in ATA8-ACS. + + If PayloadBuffer is NULL and PayloadBufferSize is non-zero, the function shall + return EFI_INVALID_PARAMETER. + + If the given MediaId does not support security protocol commands, the function + shall return EFI_UNSUPPORTED. If there is no media in the device, the function + returns EFI_NO_MEDIA. If the MediaId is not the ID for the current media in the + device, the function returns EFI_MEDIA_CHANGED. + + If the security protocol fails to complete within the Timeout period, the function + shall return EFI_TIMEOUT. + + If the security protocol command completes without an error, the function shall return + EFI_SUCCESS. If the security protocol command completes with an error, the function + shall return EFI_DEVICE_ERROR. + + @param This Indicates a pointer to the calling context. + @param MediaId ID of the medium to receive data from. + @param Timeout The timeout, in 100ns units, to use for the execution + of the security protocol command. A Timeout value of 0 + means that this function will wait indefinitely for the + security protocol command to execute. If Timeout is greater + than zero, then this function will return EFI_TIMEOUT + if the time required to execute the send data command + is greater than Timeout. + @param SecurityProtocolId The value of the "Security Protocol" parameter of + the security protocol command to be sent. + @param SecurityProtocolSpecificData The value of the "Security Protocol Specific" parameter + of the security protocol command to be sent. + @param PayloadBufferSize Size in bytes of the payload data buffer. + @param PayloadBuffer A pointer to a destination buffer to store the security + protocol command specific payload data for the security + protocol command. + + @retval EFI_SUCCESS The security protocol command completed successfully. + @retval EFI_UNSUPPORTED The given MediaId does not support security protocol commands. + @retval EFI_DEVICE_ERROR The security protocol command completed with an error. + @retval EFI_NO_MEDIA There is no media in the device. + @retval EFI_MEDIA_CHANGED The MediaId is not for the current media. + @retval EFI_INVALID_PARAMETER The PayloadBuffer is NULL and PayloadBufferSize is non-zero. + @retval EFI_TIMEOUT A timeout occurred while waiting for the security + protocol command to execute. + +**/ +EFI_STATUS +EFIAPI +SecuritySendData ( + IN EFI_STORAGE_SECURITY_COMMAND_PROTOCOL *This, + IN UINT32 MediaId, + IN UINT64 Timeout, + IN UINT8 SecurityProtocolId, + IN UINT16 SecurityProtocolSpecificData, + IN UINTN PayloadBufferSize, + IN VOID *PayloadBuffer + ) +{ + OPAL_PEI_DEVICE *PeiDev; + + PeiDev = OPAL_PEI_DEVICE_FROM_THIS (This); + if (PeiDev == NULL) { + return EFI_DEVICE_ERROR; + } + + return PeiDev->SscPpi->SendData ( + PeiDev->SscPpi, + PeiDev->DeviceIndex, + SSC_PPI_GENERIC_TIMEOUT, + SecurityProtocolId, + SecurityProtocolSpecificData, + PayloadBufferSize, + PayloadBuffer + ); +} + +/** + + The function returns whether or not the device is Opal Locked. + TRUE means that the device is partially or fully locked. + This will perform a Level 0 Discovery and parse the locking feature descriptor + + @param[in] OpalDev Opal object to determine if locked. + @param[out] BlockSidSupported Whether device support BlockSid feature. + +**/ +BOOLEAN +IsOpalDeviceLocked( + OPAL_PEI_DEVICE *OpalDev, + BOOLEAN *BlockSidSupported + ) +{ + OPAL_SESSION Session; + OPAL_DISK_SUPPORT_ATTRIBUTE SupportedAttributes; + TCG_LOCKING_FEATURE_DESCRIPTOR LockingFeature; + UINT16 OpalBaseComId; + TCG_RESULT Ret; + + Session.Sscp = &OpalDev->Sscp; + Session.MediaId = 0; + + Ret = OpalGetSupportedAttributesInfo (&Session, &SupportedAttributes, &OpalBaseComId); + if (Ret != TcgResultSuccess) { + return FALSE; + } + + Session.OpalBaseComId = OpalBaseComId; + *BlockSidSupported = SupportedAttributes.BlockSid == 1 ? TRUE : FALSE; + + Ret = OpalGetLockingInfo(&Session, &LockingFeature); + if (Ret != TcgResultSuccess) { + return FALSE; + } + + return OpalDeviceLocked (&SupportedAttributes, &LockingFeature); +} + +/** + Unlock OPAL password for S3. + + @param[in] OpalDev Opal object to unlock. + +**/ +VOID +UnlockOpalPassword ( + IN OPAL_PEI_DEVICE *OpalDev + ) +{ + TCG_RESULT Result; + OPAL_SESSION Session; + BOOLEAN BlockSidSupport; + UINT32 PpStorageFlags; + BOOLEAN BlockSIDEnabled; + + BlockSidSupport = FALSE; + if (IsOpalDeviceLocked (OpalDev, &BlockSidSupport)) { + ZeroMem(&Session, sizeof (Session)); + Session.Sscp = &OpalDev->Sscp; + Session.MediaId = 0; + Session.OpalBaseComId = OpalDev->Device->OpalBaseComId; + + Result = OpalUtilUpdateGlobalLockingRange ( + &Session, + OpalDev->Device->Password, + OpalDev->Device->PasswordLength, + FALSE, + FALSE + ); + DEBUG (( + DEBUG_INFO, + "%a() OpalUtilUpdateGlobalLockingRange() Result = 0x%x\n", + __FUNCTION__, + Result + )); + } + + PpStorageFlags = Tcg2PhysicalPresenceLibGetManagementFlags (); + if ((PpStorageFlags & TCG2_BIOS_STORAGE_MANAGEMENT_FLAG_ENABLE_BLOCK_SID) != 0) { + BlockSIDEnabled = TRUE; + } else { + BlockSIDEnabled = FALSE; + } + if (BlockSIDEnabled && BlockSidSupport) { + DEBUG ((DEBUG_INFO, "OpalPassword: S3 phase send BlockSid command to device!\n")); + ZeroMem(&Session, sizeof (Session)); + Session.Sscp = &OpalDev->Sscp; + Session.MediaId = 0; + Session.OpalBaseComId = OpalDev->Device->OpalBaseComId; + Result = OpalBlockSid (&Session, TRUE); + DEBUG (( + DEBUG_INFO, + "%a() OpalBlockSid() Result = 0x%x\n", + __FUNCTION__, + Result + )); + } +} + +/** + Unlock the OPAL NVM Express and ATA devices for S3. + + @param[in] SscPpi Pointer to the EDKII_PEI_STORAGE_SECURITY_CMD_PPI instance. + +**/ +VOID +UnlockOpalPasswordDevices ( + IN EDKII_PEI_STORAGE_SECURITY_CMD_PPI *SscPpi + ) +{ + EFI_STATUS Status; + UINT8 *DevInfoBuffer; + UINT8 DummyData; + OPAL_DEVICE_LOCKBOX_DATA *DevInfo; + UINTN DevInfoLength; + EFI_DEVICE_PATH_PROTOCOL *SscDevicePath; + UINTN SscDevicePathLength; + UINTN SscDeviceNum; + UINTN SscDeviceIndex; + OPAL_PEI_DEVICE OpalDev; + + // + // Get OPAL devices info from LockBox. + // + DevInfoBuffer = &DummyData; + DevInfoLength = sizeof (DummyData); + Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength); + if (Status == EFI_BUFFER_TOO_SMALL) { + DevInfoBuffer = AllocatePages (EFI_SIZE_TO_PAGES (DevInfoLength)); + if (DevInfoBuffer != NULL) { + Status = RestoreLockBox (&mOpalDeviceLockBoxGuid, DevInfoBuffer, &DevInfoLength); + } + } + if (DevInfoBuffer == NULL || DevInfoBuffer == &DummyData) { + return; + } else if (EFI_ERROR (Status)) { + FreePages (DevInfoBuffer, EFI_SIZE_TO_PAGES (DevInfoLength)); + return; + } + + // + // Go through all the devices managed by the SSC PPI instance. + // + Status = SscPpi->GetNumberofDevices (SscPpi, &SscDeviceNum); + if (EFI_ERROR (Status)) { + goto Exit; + } + for (SscDeviceIndex = 1; SscDeviceIndex <= SscDeviceNum; SscDeviceIndex++) { + Status = SscPpi->GetDevicePath ( + SscPpi, + SscDeviceIndex, + &SscDevicePathLength, + &SscDevicePath + ); + if (SscDevicePathLength <= sizeof (EFI_DEVICE_PATH_PROTOCOL)) { + // + // Device path validity check. + // + continue; + } + + // + // Search the device in the restored LockBox. + // + for (DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *) DevInfoBuffer; + (UINTN) DevInfo < ((UINTN) DevInfoBuffer + DevInfoLength); + DevInfo = (OPAL_DEVICE_LOCKBOX_DATA *) ((UINTN) DevInfo + DevInfo->Length)) { + // + // Find the matching device. + // + if ((DevInfo->DevicePathLength >= SscDevicePathLength) && + (CompareMem ( + DevInfo->DevicePath, + SscDevicePath, + SscDevicePathLength - sizeof (EFI_DEVICE_PATH_PROTOCOL)) == 0)) { + OpalDev.Signature = OPAL_PEI_DEVICE_SIGNATURE; + OpalDev.Sscp.ReceiveData = SecurityReceiveData; + OpalDev.Sscp.SendData = SecuritySendData; + OpalDev.Device = DevInfo; + OpalDev.Context = NULL; + OpalDev.SscPpi = SscPpi; + OpalDev.DeviceIndex = SscDeviceIndex; + UnlockOpalPassword (&OpalDev); + break; + } + } + } + +Exit: + ZeroMem (DevInfoBuffer, DevInfoLength); + FreePages (DevInfoBuffer, EFI_SIZE_TO_PAGES (DevInfoLength)); + +} + +/** + One notified function at the installation of EDKII_PEI_STORAGE_SECURITY_CMD_PPI. + It is to unlock OPAL password for S3. + + @param[in] PeiServices Indirect reference to the PEI Services Table. + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @return Status of the notification. + The status code returned from this function is ignored. + +**/ +EFI_STATUS +EFIAPI +OpalPasswordStorageSecurityPpiNotify ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDesc, + IN VOID *Ppi + ) +{ + DEBUG ((DEBUG_INFO, "%a entered at S3 resume!\n", __FUNCTION__)); + + UnlockOpalPasswordDevices ((EDKII_PEI_STORAGE_SECURITY_CMD_PPI *) Ppi); + + DEBUG ((DEBUG_INFO, "%a exit at S3 resume!\n", __FUNCTION__)); + + return EFI_SUCCESS; +} + + +EFI_PEI_NOTIFY_DESCRIPTOR mOpalPasswordStorageSecurityPpiNotifyDesc = { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEdkiiPeiStorageSecurityCommandPpiGuid, + OpalPasswordStorageSecurityPpiNotify +}; + + +/** + Main entry for this module. + + @param FileHandle Handle of the file being invoked. + @param PeiServices Pointer to PEI Services table. + + @return Status from PeiServicesNotifyPpi. + +**/ +EFI_STATUS +EFIAPI +OpalPasswordPeiInit ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; + + Status = PeiServicesGetBootMode (&BootMode); + if ((EFI_ERROR (Status)) || (BootMode != BOOT_ON_S3_RESUME)) { + return EFI_UNSUPPORTED; + } + + DEBUG ((DEBUG_INFO, "%a: Enters in S3 path.\n", __FUNCTION__)); + + Status = PeiServicesNotifyPpi (&mOpalPasswordStorageSecurityPpiNotifyDesc); + ASSERT_EFI_ERROR (Status); + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.h new file mode 100644 index 00000000..7d8a5e1e --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.h @@ -0,0 +1,60 @@ +/** @file + Opal Password PEI driver which is used to unlock Opal Password for S3. + +Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef _OPAL_PASSWORD_PEI_H_ +#define _OPAL_PASSWORD_PEI_H_ + +#include <PiPei.h> + +#include <Library/DebugLib.h> +#include <Library/IoLib.h> +#include <Library/PciLib.h> +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/PeimEntryPoint.h> +#include <Library/PeiServicesLib.h> +#include <Library/LockBoxLib.h> +#include <Library/TcgStorageOpalLib.h> +#include <Library/Tcg2PhysicalPresenceLib.h> +#include <Library/PeiServicesTablePointerLib.h> + +#include <Protocol/StorageSecurityCommand.h> + +#include <Ppi/IoMmu.h> +#include <Ppi/StorageSecurityCommand.h> + +#include "OpalPasswordCommon.h" + + +// +// The generic command timeout value (unit in us) for Storage Security Command +// PPI ReceiveData/SendData services +// +#define SSC_PPI_GENERIC_TIMEOUT 30000000 + +#pragma pack(1) + +#define OPAL_PEI_DEVICE_SIGNATURE SIGNATURE_32 ('o', 'p', 'd', 's') + +typedef struct { + UINTN Signature; + EFI_STORAGE_SECURITY_COMMAND_PROTOCOL Sscp; + OPAL_DEVICE_LOCKBOX_DATA *Device; + VOID *Context; + EDKII_PEI_STORAGE_SECURITY_CMD_PPI *SscPpi; + UINTN DeviceIndex; +} OPAL_PEI_DEVICE; + +#define OPAL_PEI_DEVICE_FROM_THIS(a) \ + CR (a, OPAL_PEI_DEVICE, Sscp, OPAL_PEI_DEVICE_SIGNATURE) + +#pragma pack() + +#endif // _OPAL_PASSWORD_PEI_H_ + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf new file mode 100644 index 00000000..c9599740 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Opal/OpalPassword/OpalPasswordPei.inf @@ -0,0 +1,51 @@ +## @file +# This is a Opal Password PEI driver. +# +# Copyright (c) 2016 - 2019, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = OpalPasswordPei + FILE_GUID = DED60489-979C-4B5A-8EE4-4068B0CC38DC + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = OpalPasswordPeiInit + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + OpalPasswordPei.c + OpalPasswordPei.h + OpalPasswordCommon.h + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + MdeModulePkg/MdeModulePkg.dec + +[LibraryClasses] + PeimEntryPoint + PeiServicesLib + DebugLib + IoLib + PciLib + BaseLib + BaseMemoryLib + MemoryAllocationLib + LockBoxLib + TcgStorageOpalLib + Tcg2PhysicalPresenceLib + PeiServicesTablePointerLib + +[Ppis] + gEdkiiPeiStorageSecurityCommandPpiGuid ## NOTIFY + +[Depex] + gEfiPeiMasterBootModePpiGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c new file mode 100644 index 00000000..4b226c75 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.c @@ -0,0 +1,128 @@ +/** @file + This driver produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate + whether TPM need be locked or not. It can be replaced by a platform + specific driver. + +Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> +#include <Ppi/LockPhysicalPresence.h> +#include <Ppi/ReadOnlyVariable2.h> +#include <Guid/PhysicalPresenceData.h> +#include <Library/PcdLib.h> +#include <Library/PeiServicesLib.h> + +/** + This interface returns whether TPM physical presence needs be locked or not. + + @param[in] PeiServices The pointer to the PEI Services Table. + + @retval TRUE The TPM physical presence should be locked. + @retval FALSE The TPM physical presence cannot be locked. + +**/ +BOOLEAN +EFIAPI +LockTpmPhysicalPresence ( + IN CONST EFI_PEI_SERVICES **PeiServices + ); + +// +// Global definitions for lock physical presence PPI and its descriptor. +// +PEI_LOCK_PHYSICAL_PRESENCE_PPI mLockPhysicalPresencePpi = { + LockTpmPhysicalPresence +}; + +EFI_PEI_PPI_DESCRIPTOR mLockPhysicalPresencePpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiLockPhysicalPresencePpiGuid, + &mLockPhysicalPresencePpi +}; + +/** + This interface returns whether TPM physical presence needs be locked or not. + + @param[in] PeiServices The pointer to the PEI Services Table. + + @retval TRUE The TPM physical presence should be locked. + @retval FALSE The TPM physical presence cannot be locked. + +**/ +BOOLEAN +EFIAPI +LockTpmPhysicalPresence ( + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *Variable; + UINTN DataSize; + EFI_PHYSICAL_PRESENCE TcgPpData; + + // + // The CRTM has sensed the physical presence assertion of the user. For example, + // the user has pressed the startup button or inserted a USB dongle. The details + // of the implementation are vendor-specific. Here we read a PCD value to indicate + // whether operator physical presence. + // + if (!PcdGetBool (PcdTpmPhysicalPresence)) { + return TRUE; + } + + // + // Check the pending TPM requests. Lock TPM physical presence if there is no TPM + // request. + // + Status = PeiServicesLocatePpi ( + &gEfiPeiReadOnlyVariable2PpiGuid, + 0, + NULL, + (VOID **)&Variable + ); + if (!EFI_ERROR (Status)) { + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = Variable->GetVariable ( + Variable, + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &TcgPpData + ); + if (!EFI_ERROR (Status)) { + if (TcgPpData.PPRequest != 0) { + return FALSE; + } + } + } + + // + // Lock TPM physical presence by default. + // + return TRUE; +} + +/** + Entry point of this module. + + It installs lock physical presence PPI. + + @param[in] FileHandle Handle of the file being invoked. + @param[in] PeiServices Describes the list of possible PEI Services. + + @return Status of install lock physical presence PPI. + +**/ +EFI_STATUS +EFIAPI +PeimEntry ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + return PeiServicesInstallPpi (&mLockPhysicalPresencePpiList); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf new file mode 100644 index 00000000..5d8f3635 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.inf @@ -0,0 +1,59 @@ +## @file +# Produces a PPI to indicate whether to lock TPM in PEI phase +# +# This module produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate whether +# TPM physical presence needs to be locked. It can be replaced by a +# platform specific module. +# +# Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = PhysicalPresencePei + MODULE_UNI_FILE = PhysicalPresencePei.uni + FILE_GUID = 4FE772E8-FE3E-4086-B638-8C493C490488 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + + ENTRY_POINT = PeimEntry + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + PhysicalPresencePei.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + PeimEntryPoint + PeiServicesLib + +[Ppis] + gPeiLockPhysicalPresencePpiGuid ## PRODUCES + gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES + +[Guids] + gEfiPhysicalPresenceGuid ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmPhysicalPresence ## SOMETIMES_CONSUMES + +[Depex] + gEfiPeiMemoryDiscoveredPpiGuid AND + gEfiPeiReadOnlyVariable2PpiGuid AND + gPeiTpmInitializedPpiGuid + +[UserExtensions.TianoCore."ExtraFiles"] + PhysicalPresencePeiExtra.uni + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.uni new file mode 100644 index 00000000..1e7e864c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePei.uni @@ -0,0 +1,18 @@ +// /** @file
+// Produces a PPI to indicate whether to lock TPM in PEI phase
+//
+// This module produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate whether
+// TPM physical presence needs to be locked. It can be replaced by a
+// platform specific module.
+//
+// Copyright (c) 2005 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Produces a PPI to indicate whether to lock TPM in PEI phase"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module produces PEI_LOCK_PHYSICAL_PRESENCE_PPI to indicate whether TPM physical presence needs to be locked. It can be replaced by a platform-specific module."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePeiExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePeiExtra.uni new file mode 100644 index 00000000..eed7519b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/PhysicalPresencePei/PhysicalPresencePeiExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// PhysicalPresencePei Localized Strings and Content
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"Physical Presence PEI"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c new file mode 100644 index 00000000..a0964aef --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c @@ -0,0 +1,902 @@ +/** @file + This driver implements TPM 2.0 definition block in ACPI table and + populates registered SMI callback functions for Tcg2 physical presence + and MemoryClear to handle the requests for ACPI method. It needs to be + used together with Tcg2 MM drivers to exchange information on registered + SwSmiValue and allocated NVS region address. + + Caution: This module requires additional review when modified. + This driver will have external input - variable and ACPINvs data in SMM mode. + This external input must be validated carefully to avoid security issue. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> + +#include <IndustryStandard/Tpm2Acpi.h> + +#include <Guid/TpmInstance.h> +#include <Guid/TpmNvsMm.h> +#include <Guid/PiSmmCommunicationRegionTable.h> + +#include <Protocol/AcpiTable.h> +#include <Protocol/Tcg2Protocol.h> +#include <Protocol/MmCommunication.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DxeServicesLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/DebugLib.h> +#include <Library/PcdLib.h> +#include <Library/PrintLib.h> +#include <Library/TpmMeasurementLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/UefiLib.h> +#include <Library/MmUnblockMemoryLib.h> + +// +// Physical Presence Interface Version supported by Platform +// +#define PHYSICAL_PRESENCE_VERSION_TAG "$PV" +#define PHYSICAL_PRESENCE_VERSION_SIZE 4 + +// +// PNP _HID for TPM2 device +// +#define TPM_HID_TAG "NNNN0000" +#define TPM_HID_PNP_SIZE 8 +#define TPM_HID_ACPI_SIZE 9 + +#define TPM_PRS_RESL "RESL" +#define TPM_PRS_RESS "RESS" +#define TPM_PRS_RES_NAME_SIZE 4 +// +// Minimum PRS resource template size +// 1 byte for BufferOp +// 1 byte for PkgLength +// 2 bytes for BufferSize +// 12 bytes for Memory32Fixed descriptor +// 5 bytes for Interrupt descriptor +// 2 bytes for END Tag +// +#define TPM_POS_RES_TEMPLATE_MIN_SIZE (1 + 1 + 2 + 12 + 5 + 2) + +// +// Max Interrupt buffer size for PRS interrupt resource +// Now support 15 interrupts in maxmum +// +#define MAX_PRS_INT_BUF_SIZE (15*4) + +#pragma pack(1) + +typedef struct { + EFI_ACPI_DESCRIPTION_HEADER Header; + // Flags field is replaced in version 4 and above + // BIT0~15: PlatformClass This field is only valid for version 4 and above + // BIT16~31: Reserved + UINT32 Flags; + UINT64 AddressOfControlArea; + UINT32 StartMethod; + UINT8 PlatformSpecificParameters[12]; // size up to 12 + UINT32 Laml; // Optional + UINT64 Lasa; // Optional +} EFI_TPM2_ACPI_TABLE_V4; + +#pragma pack() + +EFI_TPM2_ACPI_TABLE_V4 mTpm2AcpiTemplate = { + { + EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE, + sizeof (mTpm2AcpiTemplate), + EFI_TPM2_ACPI_TABLE_REVISION, + // + // Compiler initializes the remaining bytes to 0 + // These fields should be filled in in production + // + }, + 0, // BIT0~15: PlatformClass + // BIT16~31: Reserved + 0, // Control Area + EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod +}; + +TCG_NVS *mTcgNvs; + +/** + Find the operation region in TCG ACPI table by given Name and Size, + and initialize it if the region is found. + + @param[in, out] Table The TPM item in ACPI table. + @param[in] Name The name string to find in TPM table. + @param[in] Size The size of the region to find. + + @return The allocated address for the found region. + +**/ +VOID * +AssignOpRegion ( + EFI_ACPI_DESCRIPTION_HEADER *Table, + UINT32 Name, + UINT16 Size + ) +{ + EFI_STATUS Status; + AML_OP_REGION_32_8 *OpRegion; + EFI_PHYSICAL_ADDRESS MemoryAddress; + + MemoryAddress = SIZE_4GB - 1; + + // + // Patch some pointers for the ASL code before loading the SSDT. + // + for (OpRegion = (AML_OP_REGION_32_8 *) (Table + 1); + OpRegion <= (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Length); + OpRegion = (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) { + if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) && + (OpRegion->NameString == Name) && + (OpRegion->DWordPrefix == AML_DWORD_PREFIX) && + (OpRegion->BytePrefix == AML_BYTE_PREFIX)) { + + Status = gBS->AllocatePages(AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress); + ASSERT_EFI_ERROR (Status); + ZeroMem ((VOID *)(UINTN)MemoryAddress, Size); + OpRegion->RegionOffset = (UINT32) (UINTN) MemoryAddress; + OpRegion->RegionLen = (UINT8) Size; + // Request to unblock this region from MM core + Status = MmUnblockMemoryRequest (MemoryAddress, EFI_SIZE_TO_PAGES (Size)); + if (Status != EFI_UNSUPPORTED && EFI_ERROR (Status)) { + ASSERT_EFI_ERROR (Status); + } + break; + } + } + + return (VOID *) (UINTN) MemoryAddress; +} + +/** + Locate the MM communication buffer and protocol, then use it to exchange information with + Tcg2StandaloneMmm on NVS address and SMI value. + + @param[in, out] TcgNvs The NVS subject to send to MM environment. + + @return The status for locating MM common buffer, communicate to MM, etc. + +**/ +EFI_STATUS +EFIAPI +ExchangeCommonBuffer ( + IN OUT TCG_NVS *TcgNvs +) +{ + EFI_STATUS Status; + EFI_MM_COMMUNICATION_PROTOCOL *MmCommunication; + EDKII_PI_SMM_COMMUNICATION_REGION_TABLE *PiSmmCommunicationRegionTable; + EFI_MEMORY_DESCRIPTOR *MmCommMemRegion; + EFI_MM_COMMUNICATE_HEADER *CommHeader; + TPM_NVS_MM_COMM_BUFFER *CommBuffer; + UINTN CommBufferSize; + UINTN Index; + + // Step 0: Sanity check for input argument + if (TcgNvs == NULL) { + DEBUG ((DEBUG_ERROR, "%a - Input argument is NULL!\n", __FUNCTION__)); + return EFI_INVALID_PARAMETER; + } + + // Step 1: Grab the common buffer header + Status = EfiGetSystemConfigurationTable (&gEdkiiPiSmmCommunicationRegionTableGuid, (VOID**) &PiSmmCommunicationRegionTable); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "%a - Failed to locate SMM communciation common buffer - %r!\n", __FUNCTION__, Status)); + return Status; + } + + // Step 2: Grab one that is large enough to hold TPM_NVS_MM_COMM_BUFFER, the IPL one should be sufficient + CommBufferSize = 0; + MmCommMemRegion = (EFI_MEMORY_DESCRIPTOR*) (PiSmmCommunicationRegionTable + 1); + for (Index = 0; Index < PiSmmCommunicationRegionTable->NumberOfEntries; Index++) { + if (MmCommMemRegion->Type == EfiConventionalMemory) { + CommBufferSize = EFI_PAGES_TO_SIZE ((UINTN)MmCommMemRegion->NumberOfPages); + if (CommBufferSize >= (sizeof (TPM_NVS_MM_COMM_BUFFER) + OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data))) { + break; + } + } + MmCommMemRegion = (EFI_MEMORY_DESCRIPTOR*)((UINT8*)MmCommMemRegion + PiSmmCommunicationRegionTable->DescriptorSize); + } + + if (Index >= PiSmmCommunicationRegionTable->NumberOfEntries) { + // Could not find one that meets our goal... + DEBUG ((DEBUG_ERROR, "%a - Could not find a common buffer that is big enough for NVS!\n", __FUNCTION__)); + return EFI_OUT_OF_RESOURCES; + } + + // Step 3: Start to populate contents + // Step 3.1: MM Communication common header + CommHeader = (EFI_MM_COMMUNICATE_HEADER *) (UINTN) MmCommMemRegion->PhysicalStart; + CommBufferSize = sizeof (TPM_NVS_MM_COMM_BUFFER) + OFFSET_OF (EFI_MM_COMMUNICATE_HEADER, Data); + ZeroMem (CommHeader, CommBufferSize); + CopyGuid (&CommHeader->HeaderGuid, &gTpmNvsMmGuid); + CommHeader->MessageLength = sizeof (TPM_NVS_MM_COMM_BUFFER); + + // Step 3.2: TPM_NVS_MM_COMM_BUFFER content per our needs + CommBuffer = (TPM_NVS_MM_COMM_BUFFER *) (CommHeader->Data); + CommBuffer->Function = TpmNvsMmExchangeInfo; + CommBuffer->TargetAddress = (EFI_PHYSICAL_ADDRESS) (UINTN) TcgNvs; + + // Step 4: Locate the protocol and signal Mmi. + Status = gBS->LocateProtocol (&gEfiMmCommunicationProtocolGuid, NULL, (VOID**) &MmCommunication); + if (!EFI_ERROR (Status)) { + Status = MmCommunication->Communicate (MmCommunication, CommHeader, &CommBufferSize); + DEBUG ((DEBUG_INFO, "%a - Communicate() = %r\n", __FUNCTION__, Status)); + } + else { + DEBUG ((DEBUG_ERROR, "%a - Failed to locate MmCommunication protocol - %r\n", __FUNCTION__, Status)); + return Status; + } + + // Step 5: If everything goes well, populate the channel number + if (!EFI_ERROR (CommBuffer->ReturnStatus)) { + // Need to demote to UINT8 according to SMI value definition + TcgNvs->PhysicalPresence.SoftwareSmi = (UINT8) CommBuffer->RegisteredPpSwiValue; + TcgNvs->MemoryClear.SoftwareSmi = (UINT8) CommBuffer->RegisteredMcSwiValue; + DEBUG (( + DEBUG_INFO, + "%a Communication returned software SMI value. PP: 0x%x; MC: 0x%x.\n", + __FUNCTION__, + TcgNvs->PhysicalPresence.SoftwareSmi, + TcgNvs->MemoryClear.SoftwareSmi + )); + } + + return (EFI_STATUS) CommBuffer->ReturnStatus; +} + +/** + Patch version string of Physical Presence interface supported by platform. The initial string tag in TPM +ACPI table is "$PV". + + @param[in, out] Table The TPM item in ACPI table. + @param[in] PPVer Version string of Physical Presence interface supported by platform. + + @return The allocated address for the found region. + +**/ +EFI_STATUS +UpdatePPVersion ( + EFI_ACPI_DESCRIPTION_HEADER *Table, + CHAR8 *PPVer + ) +{ + EFI_STATUS Status; + UINT8 *DataPtr; + + // + // Patch some pointers for the ASL code before loading the SSDT. + // + for (DataPtr = (UINT8 *)(Table + 1); + DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - PHYSICAL_PRESENCE_VERSION_SIZE); + DataPtr += 1) { + if (AsciiStrCmp((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_TAG) == 0) { + Status = AsciiStrCpyS((CHAR8 *)DataPtr, PHYSICAL_PRESENCE_VERSION_SIZE, PPVer); + DEBUG((DEBUG_INFO, "TPM2 Physical Presence Interface Version update status 0x%x\n", Status)); + return Status; + } + } + + return EFI_NOT_FOUND; +} + +/** + Patch interrupt resources returned by TPM _PRS. ResourceTemplate to patch is determined by input + interrupt buffer size. BufferSize, PkgLength and interrupt descriptor in ByteList need to be patched + + @param[in, out] Table The TPM item in ACPI table. + @param[in] IrqBuffer Input new IRQ buffer. + @param[in] IrqBuffserSize Input new IRQ buffer size. + @param[out] IsShortFormPkgLength If _PRS returns Short length Package(ACPI spec 20.2.4). + + @return patch status. + +**/ +EFI_STATUS +UpdatePossibleResource ( + IN OUT EFI_ACPI_DESCRIPTION_HEADER *Table, + IN UINT32 *IrqBuffer, + IN UINT32 IrqBuffserSize, + OUT BOOLEAN *IsShortFormPkgLength + ) +{ + UINT8 *DataPtr; + UINT8 *DataEndPtr; + UINT32 NewPkgLength; + UINT32 OrignalPkgLength; + + NewPkgLength = 0; + OrignalPkgLength = 0; + DataEndPtr = NULL; + + // + // Follow ACPI spec + // 6.4.3 Extend Interrupt Descriptor. + // 19.3.3 ASL Resource Template + // 20 AML specification + // to patch TPM ACPI object _PRS returned ResourceTemplate() containing 2 resource descriptors and an auto appended End Tag + // + // AML data is organized by following rule. + // Code need to patch BufferSize and PkgLength and interrupt descriptor in ByteList + // + // ============= Buffer ==================== + // DefBuffer := BufferOp PkgLength BufferSize ByteList + // BufferOp := 0x11 + // + // ==============PkgLength================== + // PkgLength := PkgLeadByte | + // <PkgLeadByte ByteData> | + // <PkgLeadByte ByteData ByteData> | + // <PkgLeadByte ByteData ByteData ByteData> + // + // PkgLeadByte := <bit 7-6: ByteData count that follows (0-3)> + // <bit 5-4: Only used if PkgLength <= 63 > + // <bit 3-0: Least significant package length nybble> + // + //==============BufferSize================== + // BufferSize := Integer + // Integer := ByteConst|WordConst|DwordConst.... + // + // ByteConst := BytePrefix ByteData + // + //==============ByteList=================== + // ByteList := ByteData ByteList + // + //========================================= + + // + // 1. Check TPM_PRS_RESS with PkgLength <=63 can hold the input interrupt number buffer for patching + // + for (DataPtr = (UINT8 *)(Table + 1); + DataPtr < (UINT8 *) ((UINT8 *) Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE)); + DataPtr += 1) { + if (CompareMem(DataPtr, TPM_PRS_RESS, TPM_PRS_RES_NAME_SIZE) == 0) { + // + // Jump over object name & BufferOp + // + DataPtr += TPM_PRS_RES_NAME_SIZE + 1; + + if ((*DataPtr & (BIT7|BIT6)) == 0) { + OrignalPkgLength = (UINT32)*DataPtr; + DataEndPtr = DataPtr + OrignalPkgLength; + + // + // Jump over PkgLength = PkgLeadByte only + // + NewPkgLength++; + + // + // Jump over BufferSize + // + if (*(DataPtr + 1) == AML_BYTE_PREFIX) { + NewPkgLength += 2; + } else if (*(DataPtr + 1) == AML_WORD_PREFIX) { + NewPkgLength += 3; + } else if (*(DataPtr + 1) == AML_DWORD_PREFIX) { + NewPkgLength += 5; + } else { + ASSERT(FALSE); + return EFI_UNSUPPORTED; + } + } else { + ASSERT(FALSE); + return EFI_UNSUPPORTED; + } + + // + // Include Memory32Fixed Descriptor (12 Bytes) + Interrupt Descriptor header(5 Bytes) + End Tag(2 Bytes) + // + NewPkgLength += 19 + IrqBuffserSize; + if (NewPkgLength > 63) { + break; + } + + if (NewPkgLength > OrignalPkgLength) { + ASSERT(FALSE); + return EFI_INVALID_PARAMETER; + } + + // + // 1.1 Patch PkgLength + // + *DataPtr = (UINT8)NewPkgLength; + + // + // 1.2 Patch BufferSize = sizeof(Memory32Fixed Descriptor + Interrupt Descriptor + End Tag). + // It is Little endian. So only patch lowest byte of BufferSize due to current interrupt number limit. + // + *(DataPtr + 2) = (UINT8)(IrqBuffserSize + 19); + + // + // Notify _PRS to report short formed ResourceTemplate + // + *IsShortFormPkgLength = TRUE; + + break; + } + } + + // + // 2. Use TPM_PRS_RESL with PkgLength > 63 to hold longer input interrupt number buffer for patching + // + if (NewPkgLength > 63) { + NewPkgLength = 0; + OrignalPkgLength = 0; + for (DataPtr = (UINT8 *)(Table + 1); + DataPtr < (UINT8 *) ((UINT8 *) Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE)); + DataPtr += 1) { + if (CompareMem(DataPtr, TPM_PRS_RESL, TPM_PRS_RES_NAME_SIZE) == 0) { + // + // Jump over object name & BufferOp + // + DataPtr += TPM_PRS_RES_NAME_SIZE + 1; + + if ((*DataPtr & (BIT7|BIT6)) != 0) { + OrignalPkgLength = (UINT32)(*(DataPtr + 1) << 4) + (*DataPtr & 0x0F); + DataEndPtr = DataPtr + OrignalPkgLength; + // + // Jump over PkgLength = PkgLeadByte + ByteData length + // + NewPkgLength += 1 + ((*DataPtr & (BIT7|BIT6)) >> 6); + + // + // Jump over BufferSize + // + if (*(DataPtr + NewPkgLength) == AML_BYTE_PREFIX) { + NewPkgLength += 2; + } else if (*(DataPtr + NewPkgLength) == AML_WORD_PREFIX) { + NewPkgLength += 3; + } else if (*(DataPtr + NewPkgLength) == AML_DWORD_PREFIX) { + NewPkgLength += 5; + } else { + ASSERT(FALSE); + return EFI_UNSUPPORTED; + } + } else { + ASSERT(FALSE); + return EFI_UNSUPPORTED; + } + + // + // Include Memory32Fixed Descriptor (12 Bytes) + Interrupt Descriptor header(5 Bytes) + End Tag(2 Bytes) + // + NewPkgLength += 19 + IrqBuffserSize; + + if (NewPkgLength > OrignalPkgLength) { + ASSERT(FALSE); + return EFI_INVALID_PARAMETER; + } + + // + // 2.1 Patch PkgLength. Only patch PkgLeadByte and first ByteData + // + *DataPtr = (UINT8)((*DataPtr) & 0xF0) | (NewPkgLength & 0x0F); + *(DataPtr + 1) = (UINT8)((NewPkgLength & 0xFF0) >> 4); + + // + // 2.2 Patch BufferSize = sizeof(Memory32Fixed Descriptor + Interrupt Descriptor + End Tag). + // It is Little endian. Only patch lowest byte of BufferSize due to current interrupt number limit. + // + *(DataPtr + 2 + ((*DataPtr & (BIT7|BIT6)) >> 6)) = (UINT8)(IrqBuffserSize + 19); + + // + // Notify _PRS to report long formed ResourceTemplate + // + *IsShortFormPkgLength = FALSE; + break; + } + } + } + + if (DataPtr >= (UINT8 *) ((UINT8 *) Table + Table->Length - (TPM_PRS_RES_NAME_SIZE + TPM_POS_RES_TEMPLATE_MIN_SIZE))) { + return EFI_NOT_FOUND; + } + + // + // 3. Move DataPtr to Interrupt descriptor header and patch interrupt descriptor. + // 5 bytes for interrupt descriptor header, 2 bytes for End Tag + // + DataPtr += NewPkgLength - (5 + IrqBuffserSize + 2); + // + // 3.1 Patch Length bit[7:0] of Interrupt descriptor patch interrupt descriptor + // + *(DataPtr + 1) = (UINT8)(2 + IrqBuffserSize); + // + // 3.2 Patch Interrupt Table Length + // + *(DataPtr + 4) = (UINT8)(IrqBuffserSize / sizeof(UINT32)); + // + // 3.3 Copy patched InterruptNumBuffer + // + CopyMem(DataPtr + 5, IrqBuffer, IrqBuffserSize); + + // + // 4. Jump over Interrupt descriptor and Patch END Tag, set Checksum field to 0 + // + DataPtr += 5 + IrqBuffserSize; + *DataPtr = ACPI_END_TAG_DESCRIPTOR; + *(DataPtr + 1) = 0; + + // + // 5. Jump over new ResourceTemplate. Stuff rest bytes to NOOP + // + DataPtr += 2; + if (DataPtr < DataEndPtr) { + SetMem(DataPtr, (UINTN)DataEndPtr - (UINTN)DataPtr, AML_NOOP_OP); + } + + return EFI_SUCCESS; +} + +/** + Patch TPM2 device HID string. The initial string tag in TPM2 ACPI table is "NNN0000". + + @param[in, out] Table The TPM2 SSDT ACPI table. + + @return HID Update status. + +**/ +EFI_STATUS +UpdateHID ( + EFI_ACPI_DESCRIPTION_HEADER *Table + ) +{ + EFI_STATUS Status; + UINT8 *DataPtr; + CHAR8 Hid[TPM_HID_ACPI_SIZE]; + UINT32 ManufacturerID; + UINT32 FirmwareVersion1; + UINT32 FirmwareVersion2; + BOOLEAN PnpHID; + + PnpHID = TRUE; + + // + // Initialize HID with Default PNP string + // + ZeroMem(Hid, TPM_HID_ACPI_SIZE); + + // + // Get Manufacturer ID + // + Status = Tpm2GetCapabilityManufactureID(&ManufacturerID); + if (!EFI_ERROR(Status)) { + DEBUG((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID)); + // + // ManufacturerID defined in TCG Vendor ID Registry + // may tailed with 0x00 or 0x20 + // + if ((ManufacturerID >> 24) == 0x00 || ((ManufacturerID >> 24) == 0x20)) { + // + // HID containing PNP ID "NNN####" + // NNN is uppercase letter for Vendor ID specified by manufacturer + // + CopyMem(Hid, &ManufacturerID, 3); + } else { + // + // HID containing ACP ID "NNNN####" + // NNNN is uppercase letter for Vendor ID specified by manufacturer + // + CopyMem(Hid, &ManufacturerID, 4); + PnpHID = FALSE; + } + } else { + DEBUG ((DEBUG_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", Status)); + ASSERT(FALSE); + return Status; + } + + Status = Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1, &FirmwareVersion2); + if (!EFI_ERROR(Status)) { + DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1)); + DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2)); + // + // #### is Firmware Version 1 + // + if (PnpHID) { + AsciiSPrint(Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); + } else { + AsciiSPrint(Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); + } + + } else { + DEBUG ((DEBUG_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", Status)); + ASSERT(FALSE); + return Status; + } + + // + // Patch HID in ASL code before loading the SSDT. + // + for (DataPtr = (UINT8 *)(Table + 1); + DataPtr <= (UINT8 *) ((UINT8 *) Table + Table->Length - TPM_HID_PNP_SIZE); + DataPtr += 1) { + if (AsciiStrCmp((CHAR8 *)DataPtr, TPM_HID_TAG) == 0) { + if (PnpHID) { + CopyMem(DataPtr, Hid, TPM_HID_PNP_SIZE); + // + // if HID is PNP ID, patch the last byte in HID TAG to Noop + // + *(DataPtr + TPM_HID_PNP_SIZE) = AML_NOOP_OP; + } else { + + CopyMem(DataPtr, Hid, TPM_HID_ACPI_SIZE); + } + DEBUG((DEBUG_INFO, "TPM2 ACPI _HID is patched to %a\n", DataPtr)); + + return Status; + } + } + + DEBUG((DEBUG_ERROR, "TPM2 ACPI HID TAG for patch not found!\n")); + return EFI_NOT_FOUND; +} + +/** + Initialize and publish TPM items in ACPI table. + + @retval EFI_SUCCESS The TCG ACPI table is published successfully. + @retval Others The TCG ACPI table is not published. + +**/ +EFI_STATUS +PublishAcpiTable ( + VOID + ) +{ + EFI_STATUS Status; + EFI_ACPI_TABLE_PROTOCOL *AcpiTable; + UINTN TableKey; + EFI_ACPI_DESCRIPTION_HEADER *Table; + UINTN TableSize; + UINT32 *PossibleIrqNumBuf; + UINT32 PossibleIrqNumBufSize; + BOOLEAN IsShortFormPkgLength; + + IsShortFormPkgLength = FALSE; + + Status = GetSectionFromFv ( + &gEfiCallerIdGuid, + EFI_SECTION_RAW, + 0, + (VOID **) &Table, + &TableSize + ); + ASSERT_EFI_ERROR (Status); + + // + // Measure to PCR[0] with event EV_POST_CODE ACPI DATA. + // The measurement has to be done before any update. + // Otherwise, the PCR record would be different after TPM FW update + // or the PCD configuration change. + // + TpmMeasureAndLogData( + 0, + EV_POST_CODE, + EV_POSTCODE_INFO_ACPI_DATA, + ACPI_DATA_LEN, + Table, + TableSize + ); + + // + // Update Table version before measuring it to PCR + // + Status = UpdatePPVersion(Table, (CHAR8 *)PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer)); + ASSERT_EFI_ERROR (Status); + + DEBUG (( + DEBUG_INFO, + "Current physical presence interface version - %a\n", + (CHAR8 *) PcdGetPtr(PcdTcgPhysicalPresenceInterfaceVer) + )); + + // + // Update TPM2 HID after measuring it to PCR + // + Status = UpdateHID(Table); + if (EFI_ERROR(Status)) { + return Status; + } + + if (PcdGet32(PcdTpm2CurrentIrqNum) != 0) { + // + // Patch _PRS interrupt resource only when TPM interrupt is supported + // + PossibleIrqNumBuf = (UINT32 *)PcdGetPtr(PcdTpm2PossibleIrqNumBuf); + PossibleIrqNumBufSize = (UINT32)PcdGetSize(PcdTpm2PossibleIrqNumBuf); + + if (PossibleIrqNumBufSize <= MAX_PRS_INT_BUF_SIZE && (PossibleIrqNumBufSize % sizeof(UINT32)) == 0) { + Status = UpdatePossibleResource(Table, PossibleIrqNumBuf, PossibleIrqNumBufSize, &IsShortFormPkgLength); + DEBUG (( + DEBUG_INFO, + "UpdatePossibleResource status - %x. TPM2 service may not ready in OS.\n", + Status + )); + } else { + DEBUG (( + DEBUG_INFO, + "PcdTpm2PossibleIrqNumBuf size %x is not correct. TPM2 service may not ready in OS.\n", + PossibleIrqNumBufSize + )); + } + } + + ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'p', 'm', '2', 'T', 'a', 'b', 'l')); + CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId) ); + mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS)); + ASSERT (mTcgNvs != NULL); + mTcgNvs->TpmIrqNum = PcdGet32(PcdTpm2CurrentIrqNum); + mTcgNvs->IsShortFormPkgLength = IsShortFormPkgLength; + + Status = ExchangeCommonBuffer (mTcgNvs); + + // + // Publish the TPM ACPI table. Table is re-checksummed. + // + Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable); + ASSERT_EFI_ERROR (Status); + + TableKey = 0; + Status = AcpiTable->InstallAcpiTable ( + AcpiTable, + Table, + TableSize, + &TableKey + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} + +/** + Publish TPM2 ACPI table + + @retval EFI_SUCCESS The TPM2 ACPI table is published successfully. + @retval Others The TPM2 ACPI table is not published. + +**/ +EFI_STATUS +PublishTpm2 ( + VOID + ) +{ + EFI_STATUS Status; + EFI_ACPI_TABLE_PROTOCOL *AcpiTable; + UINTN TableKey; + UINT64 OemTableId; + EFI_TPM2_ACPI_CONTROL_AREA *ControlArea; + TPM2_PTP_INTERFACE_TYPE InterfaceType; + + // + // Measure to PCR[0] with event EV_POST_CODE ACPI DATA. + // The measurement has to be done before any update. + // Otherwise, the PCR record would be different after event log update + // or the PCD configuration change. + // + TpmMeasureAndLogData( + 0, + EV_POST_CODE, + EV_POSTCODE_INFO_ACPI_DATA, + ACPI_DATA_LEN, + &mTpm2AcpiTemplate, + mTpm2AcpiTemplate.Header.Length + ); + + mTpm2AcpiTemplate.Header.Revision = PcdGet8(PcdTpm2AcpiTableRev); + DEBUG((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision)); + + // + // PlatformClass is only valid for version 4 and above + // BIT0~15: PlatformClass + // BIT16~31: Reserved + // + if (mTpm2AcpiTemplate.Header.Revision >= EFI_TPM2_ACPI_TABLE_REVISION_4) { + mTpm2AcpiTemplate.Flags = (mTpm2AcpiTemplate.Flags & 0xFFFF0000) | PcdGet8(PcdTpmPlatformClass); + DEBUG((DEBUG_INFO, "Tpm2 ACPI table PlatformClass is %d\n", (mTpm2AcpiTemplate.Flags & 0x0000FFFF))); + } + + mTpm2AcpiTemplate.Laml = PcdGet32(PcdTpm2AcpiTableLaml); + mTpm2AcpiTemplate.Lasa = PcdGet64(PcdTpm2AcpiTableLasa); + if ((mTpm2AcpiTemplate.Header.Revision < EFI_TPM2_ACPI_TABLE_REVISION_4) || + (mTpm2AcpiTemplate.Laml == 0) || (mTpm2AcpiTemplate.Lasa == 0)) { + // + // If version is smaller than 4 or Laml/Lasa is not valid, rollback to original Length. + // + mTpm2AcpiTemplate.Header.Length = sizeof(EFI_TPM2_ACPI_TABLE); + } + + InterfaceType = PcdGet8(PcdActiveTpmInterfaceType); + switch (InterfaceType) { + case Tpm2PtpInterfaceCrb: + mTpm2AcpiTemplate.StartMethod = EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INTERFACE; + mTpm2AcpiTemplate.AddressOfControlArea = PcdGet64 (PcdTpmBaseAddress) + 0x40; + ControlArea = (EFI_TPM2_ACPI_CONTROL_AREA *)(UINTN)mTpm2AcpiTemplate.AddressOfControlArea; + ControlArea->CommandSize = 0xF80; + ControlArea->ResponseSize = 0xF80; + ControlArea->Command = PcdGet64 (PcdTpmBaseAddress) + 0x80; + ControlArea->Response = PcdGet64 (PcdTpmBaseAddress) + 0x80; + break; + case Tpm2PtpInterfaceFifo: + case Tpm2PtpInterfaceTis: + break; + default: + DEBUG((DEBUG_ERROR, "TPM2 InterfaceType get error! %d\n", InterfaceType)); + break; + } + + CopyMem (mTpm2AcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTpm2AcpiTemplate.Header.OemId)); + OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId); + CopyMem (&mTpm2AcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64)); + mTpm2AcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision); + mTpm2AcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); + mTpm2AcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); + + // + // Construct ACPI table + // + Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable); + ASSERT_EFI_ERROR (Status); + + Status = AcpiTable->InstallAcpiTable ( + AcpiTable, + &mTpm2AcpiTemplate, + mTpm2AcpiTemplate.Header.Length, + &TableKey + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} + +/** + The driver's entry point. + + It patches and installs ACPI tables used for handling TPM physical presence + and Memory Clear requests through ACPI method. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval Others Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +InitializeTcgAcpi ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + + if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)){ + DEBUG ((DEBUG_ERROR, "No TPM2 DTPM instance required!\n")); + return EFI_UNSUPPORTED; + } + + Status = PublishAcpiTable (); + ASSERT_EFI_ERROR (Status); + + // + // Set TPM2 ACPI table + // + Status = PublishTpm2 (); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf new file mode 100644 index 00000000..7f7fe098 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.inf @@ -0,0 +1,94 @@ +## @file +# Provides ACPI methods for TPM 2.0 support +# +# Spec Compliance Info: +# "TCG ACPI Specification Version 1.2 Revision 8" +# "Physical Presence Interface Specification Version 1.30 Revision 00.52" +# along with +# "Errata Version 0.4 for TCG PC Client Platform Physical Presence Interface Specification" +# "Platform Reset Attack Mitigation Specification Version 1.00" +# TPM2.0 ACPI device object +# "TCG PC Client Platform Firmware Profile Specification for TPM Family 2.0 Level 00 Revision 1.03 v51" +# along with +# "Errata for PC Client Specific Platform Firmware Profile Specification Version 1.0 Revision 1.03" +# +# This driver implements TPM 2.0 definition block in ACPI table and +# populates registered SMI callback functions for Tcg2 physical presence +# and MemoryClear to handle the requests for ACPI method. It needs to be +# used together with Tcg2 MM drivers to exchange information on registered +# SwSmiValue and allocated NVS region address. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable and ACPINvs data in SMM mode. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2Acpi + FILE_GUID = 0D4BBF18-C2CC-4C23-BD63-BFDAD4C710D0 + MODULE_TYPE = DXE_DRIVER + PI_SPECIFICATION_VERSION = 0x0001000A + VERSION_STRING = 1.0 + ENTRY_POINT = InitializeTcgAcpi + +[Sources] + Tcg2Acpi.c + Tpm.asl + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + UefiDriverEntryPoint + UefiBootServicesTableLib + DebugLib + DxeServicesLib + TpmMeasurementLib + Tpm2CommandLib + Tcg2PhysicalPresenceLib + PcdLib + MmUnblockMemoryLib + +[Guids] + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCES ## GUID # TPM device identifier + gTpmNvsMmGuid ## CONSUMES + gEdkiiPiSmmCommunicationRegionTableGuid ## CONSUMES + +[Protocols] + gEfiAcpiTableProtocolGuid ## CONSUMES + gEfiMmCommunicationProtocolGuid ## CONSUMES + +[FixedPcd] + gEfiSecurityPkgTokenSpaceGuid.PcdSmiCommandIoPort ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2CurrentIrqNum ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2PossibleIrqNumBuf ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLaml ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLasa ## CONSUMES + +[Depex] + gEfiAcpiTableProtocolGuid AND + gTcg2MmSwSmiRegisteredGuid AND + gEfiTcg2ProtocolGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Acpi/Tpm.asl b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Acpi/Tpm.asl new file mode 100644 index 00000000..7b24ae65 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Acpi/Tpm.asl @@ -0,0 +1,517 @@ +/** @file + The TPM2 definition block in ACPI table for TCG2 physical presence + and MemoryClear. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +(c)Copyright 2016 HP Development Company, L.P.<BR> +Copyright (c) Microsoft Corporation.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +DefinitionBlock ( + "Tpm.aml", + "SSDT", + 2, + "INTEL ", + "Tpm2Tabl", + 0x1000 + ) +{ + Scope (\_SB) + { + Device (TPM) + { + // + // TCG2 + // + + // + // TAG for patching TPM2.0 _HID + // + Name (_HID, "NNNN0000") + + Name (_CID, "MSFT0101") + + // + // Readable name of this device, don't know if this way is correct yet + // + Name (_STR, Unicode ("TPM 2.0 Device")) + + // + // Operational region for Smi port access + // + OperationRegion (SMIP, SystemIO, FixedPcdGet16 (PcdSmiCommandIoPort), 1) + Field (SMIP, ByteAcc, NoLock, Preserve) + { + IOPN, 8 + } + + // + // Operational region for TPM access + // + OperationRegion (TPMR, SystemMemory, 0xfed40000, 0x5000) + Field (TPMR, AnyAcc, NoLock, Preserve) + { + ACC0, 8, // TPM_ACCESS_0 + Offset(0x8), + INTE, 32, // TPM_INT_ENABLE_0 + INTV, 8, // TPM_INT_VECTOR_0 + Offset(0x10), + INTS, 32, // TPM_INT_STATUS_0 + INTF, 32, // TPM_INTF_CAPABILITY_0 + STS0, 32, // TPM_STS_0 + Offset(0x24), + FIFO, 32, // TPM_DATA_FIFO_0 + Offset(0x30), + TID0, 32, // TPM_INTERFACE_ID_0 + // ignore the rest + } + + // + // Operational region for TPM support, TPM Physical Presence and TPM Memory Clear + // Region Offset 0xFFFF0000 and Length 0xF0 will be fixed in C code. + // + OperationRegion (TNVS, SystemMemory, 0xFFFF0000, 0xF0) + Field (TNVS, AnyAcc, NoLock, Preserve) + { + PPIN, 8, // Software SMI for Physical Presence Interface + PPIP, 32, // Used for save physical presence parameter + PPRP, 32, // Physical Presence request operation response + PPRQ, 32, // Physical Presence request operation + PPRM, 32, // Physical Presence request operation parameter + LPPR, 32, // Last Physical Presence request operation + FRET, 32, // Physical Presence function return code + MCIN, 8, // Software SMI for Memory Clear Interface + MCIP, 32, // Used for save the Mor parameter + MORD, 32, // Memory Overwrite Request Data + MRET, 32, // Memory Overwrite function return code + UCRQ, 32, // Physical Presence request operation to Get User Confirmation Status + IRQN, 32, // IRQ Number for _CRS + SFRB, 8 // Is shortformed Pkglength for resource buffer + } + + // + // Possible resource settings returned by _PRS method + // RESS : ResourceTemplate with PkgLength <=63 + // RESL : ResourceTemplate with PkgLength > 63 + // + // The format of the data has to follow the same format as + // _CRS (according to ACPI spec). + // + Name (RESS, ResourceTemplate() { + Memory32Fixed (ReadWrite, 0xfed40000, 0x5000) + Interrupt(ResourceConsumer, Level, ActiveLow, Shared, , , ) {1,2,3,4,5,6,7,8,9,10} + }) + + Name (RESL, ResourceTemplate() { + Memory32Fixed (ReadWrite, 0xfed40000, 0x5000) + Interrupt(ResourceConsumer, Level, ActiveLow, Shared, , , ) {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15} + }) + + // + // Current resource settings for _CRS method + // + Name(RES0, ResourceTemplate () { + Memory32Fixed (ReadWrite, 0xfed40000, 0x5000, REG0) + Interrupt(ResourceConsumer, Level, ActiveLow, Shared, , , INTR) {12} + }) + + Name(RES1, ResourceTemplate () { + Memory32Fixed (ReadWrite, 0xfed40000, 0x5000, REG1) + }) + + + // + // Return the resource consumed by TPM device. + // + Method(_CRS,0,Serialized) + { + // + // IRQNum = 0 means disable IRQ support + // + If (LEqual(IRQN, 0)) { + Return (RES1) + } + Else + { + CreateDWordField(RES0, ^INTR._INT, LIRQ) + Store(IRQN, LIRQ) + Return (RES0) + } + } + + // + // Set resources consumed by the TPM device. This is used to + // assign an interrupt number to the device. The input byte stream + // has to be the same as returned by _CRS (according to ACPI spec). + // + // Platform may choose to override this function with specific interrupt + // programing logic to replace FIFO/TIS SIRQ registers programing + // + Method(_SRS,1,Serialized) + { + // + // Do not configure Interrupt if IRQ Num is configured 0 by default + // + If (LNotEqual(IRQN, 0)) { + // + // Update resource descriptor + // Use the field name to identify the offsets in the argument + // buffer and RES0 buffer. + // + CreateDWordField(Arg0, ^INTR._INT, IRQ0) + CreateDWordField(RES0, ^INTR._INT, LIRQ) + Store(IRQ0, LIRQ) + Store(IRQ0, IRQN) + + CreateBitField(Arg0, ^INTR._HE, ITRG) + CreateBitField(RES0, ^INTR._HE, LTRG) + Store(ITRG, LTRG) + + CreateBitField(Arg0, ^INTR._LL, ILVL) + CreateBitField(RES0, ^INTR._LL, LLVL) + Store(ILVL, LLVL) + + // + // Update TPM FIFO PTP/TIS interface only, identified by TPM_INTERFACE_ID_x lowest + // nibble. + // 0000 - FIFO interface as defined in PTP for TPM 2.0 is active + // 1111 - FIFO interface as defined in TIS1.3 is active + // + If (LOr(LEqual (And (TID0, 0x0F), 0x00), LEqual (And (TID0, 0x0F), 0x0F))) { + // + // If FIFO interface, interrupt vector register is + // available. TCG PTP specification allows only + // values 1..15 in this field. For other interrupts + // the field should stay 0. + // + If (LLess (IRQ0, 16)) { + Store (And(IRQ0, 0xF), INTV) + } + // + // Interrupt enable register (TPM_INT_ENABLE_x) bits 3:4 + // contains settings for interrupt polarity. + // The other bits of the byte enable individual interrupts. + // They should be all be zero, but to avoid changing the + // configuration, the other bits are be preserved. + // 00 - high level + // 01 - low level + // 10 - rising edge + // 11 - falling edge + // + // ACPI spec definitions: + // _HE: '1' is Edge, '0' is Level + // _LL: '1' is ActiveHigh, '0' is ActiveLow (inverted from TCG spec) + // + If (LEqual (ITRG, 1)) { + Or(INTE, 0x00000010, INTE) + } Else { + And(INTE, 0xFFFFFFEF, INTE) + } + if (LEqual (ILVL, 0)) { + Or(INTE, 0x00000008, INTE) + } Else { + And(INTE, 0xFFFFFFF7, INTE) + } + } + } + } + + Method(_PRS,0,Serialized) + { + // + // IRQNum = 0 means disable IRQ support + // + If (LEqual(IRQN, 0)) { + Return (RES1) + } ElseIf(LEqual(SFRB, 0)) { + // + // Long format. Possible resources PkgLength > 63 + // + Return (RESL) + } Else { + // + // Short format. Possible resources PkgLength <=63 + // + Return (RESS) + } + } + + Method (PTS, 1, Serialized) + { + // + // Detect Sx state for MOR, only S4, S5 need to handle + // + If (LAnd (LLess (Arg0, 6), LGreater (Arg0, 3))) + { + // + // Bit4 -- DisableAutoDetect. 0 -- Firmware MAY autodetect. + // + If (LNot (And (MORD, 0x10))) + { + // + // Trigger the SMI through ACPI _PTS method. + // + Store (0x02, MCIP) + + // + // Trigger the SMI interrupt + // + Store (MCIN, IOPN) + } + } + Return (0) + } + + Method (_STA, 0) + { + if (LEqual (ACC0, 0xff)) + { + Return (0) + } + Return (0x0f) + } + + // + // TCG Hardware Information + // + Method (HINF, 1, Serialized, 0, {BuffObj, PkgObj}, {UnknownObj}) // IntObj + { + // + // Switch by function index + // + Switch (ToInteger(Arg0)) + { + Case (0) + { + // + // Standard query + // + Return (Buffer () {0x03}) + } + Case (1) + { + // + // Return failure if no TPM present + // + Name(TPMV, Package () {0x01, Package () {0x2, 0x0}}) + if (LEqual (_STA (), 0x00)) + { + Return (Package () {0x00}) + } + + // + // Return TPM version + // + Return (TPMV) + } + Default {BreakPoint} + } + Return (Buffer () {0}) + } + + Name(TPM2, Package (0x02){ + Zero, + Zero + }) + + Name(TPM3, Package (0x03){ + Zero, + Zero, + Zero + }) + + // + // TCG Physical Presence Interface + // + Method (TPPI, 2, Serialized, 0, {BuffObj, PkgObj, IntObj, StrObj}, {UnknownObj, UnknownObj}) // IntObj, PkgObj + { + // + // Switch by function index + // + Switch (ToInteger(Arg0)) + { + Case (0) + { + // + // Standard query, supports function 1-8 + // + Return (Buffer () {0xFF, 0x01}) + } + Case (1) + { + // + // a) Get Physical Presence Interface Version + // + Return ("$PV") + } + Case (2) + { + // + // b) Submit TPM Operation Request to Pre-OS Environment + // + + Store (DerefOf (Index (Arg1, 0x00)), PPRQ) + Store (0, PPRM) + Store (0x02, PPIP) + + // + // Trigger the SMI interrupt + // + Store (PPIN, IOPN) + Return (FRET) + + + } + Case (3) + { + // + // c) Get Pending TPM Operation Requested By the OS + // + + Store (PPRQ, Index (TPM2, 0x01)) + Return (TPM2) + } + Case (4) + { + // + // d) Get Platform-Specific Action to Transition to Pre-OS Environment + // + Return (2) + } + Case (5) + { + // + // e) Return TPM Operation Response to OS Environment + // + Store (0x05, PPIP) + + // + // Trigger the SMI interrupt + // + Store (PPIN, IOPN) + + Store (LPPR, Index (TPM3, 0x01)) + Store (PPRP, Index (TPM3, 0x02)) + + Return (TPM3) + } + Case (6) + { + + // + // f) Submit preferred user language (Not implemented) + // + + Return (3) + + } + Case (7) + { + // + // g) Submit TPM Operation Request to Pre-OS Environment 2 + // + Store (7, PPIP) + Store (DerefOf (Index (Arg1, 0x00)), PPRQ) + Store (0, PPRM) + If (LEqual (PPRQ, 23)) { + Store (DerefOf (Index (Arg1, 0x01)), PPRM) + } + + // + // Trigger the SMI interrupt + // + Store (PPIN, IOPN) + Return (FRET) + } + Case (8) + { + // + // e) Get User Confirmation Status for Operation + // + Store (8, PPIP) + Store (DerefOf (Index (Arg1, 0x00)), UCRQ) + + // + // Trigger the SMI interrupt + // + Store (PPIN, IOPN) + + Return (FRET) + } + + Default {BreakPoint} + } + Return (1) + } + + Method (TMCI, 2, Serialized, 0, IntObj, {UnknownObj, UnknownObj}) // IntObj, PkgObj + { + // + // Switch by function index + // + Switch (ToInteger (Arg0)) + { + Case (0) + { + // + // Standard query, supports function 1-1 + // + Return (Buffer () {0x03}) + } + Case (1) + { + // + // Save the Operation Value of the Request to MORD (reserved memory) + // + Store (DerefOf (Index (Arg1, 0x00)), MORD) + + // + // Trigger the SMI through ACPI _DSM method. + // + Store (0x01, MCIP) + + // + // Trigger the SMI interrupt + // + Store (MCIN, IOPN) + Return (MRET) + } + Default {BreakPoint} + } + Return (1) + } + + Method (_DSM, 4, Serialized, 0, UnknownObj, {BuffObj, IntObj, IntObj, PkgObj}) + { + + // + // TCG Hardware Information + // + If(LEqual(Arg0, ToUUID ("cf8e16a5-c1e8-4e25-b712-4f54a96702c8"))) + { + Return (HINF (Arg2)) + } + + // + // TCG Physical Presence Interface + // + If(LEqual(Arg0, ToUUID ("3dddfaa6-361b-4eb4-a424-8d10089d1653"))) + { + Return (TPPI (Arg2, Arg3)) + } + + // + // TCG Memory Clear Interface + // + If(LEqual(Arg0, ToUUID ("376054ed-cc13-4675-901c-4756d7f2d45d"))) + { + Return (TMCI (Arg2, Arg3)) + } + + Return (Buffer () {0}) + } + } + } +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr new file mode 100644 index 00000000..8ea8e9ce --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr @@ -0,0 +1,246 @@ +/** @file + VFR file used by the TCG2 configuration component. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Tcg2ConfigNvData.h" + +formset + guid = TCG2_CONFIG_FORM_SET_GUID, + title = STRING_TOKEN(STR_TCG2_TITLE), + help = STRING_TOKEN(STR_TCG2_HELP), + classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, + + efivarstore TCG2_CONFIGURATION_INFO, + varid = TCG2_CONFIGURATION_INFO_VARSTORE_ID, + attribute = 0x02, // EFI variable attributes EFI_VARIABLE_BOOTSERVICE_ACCESS + name = TCG2_CONFIGURATION_INFO, + guid = TCG2_CONFIG_FORM_SET_GUID; + + efivarstore TCG2_CONFIGURATION, + varid = TCG2_CONFIGURATION_VARSTORE_ID, + attribute = 0x03, // EFI variable attributes EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE + name = TCG2_CONFIGURATION, + guid = TCG2_CONFIG_FORM_SET_GUID; + + efivarstore TCG2_VERSION, + varid = TCG2_VERSION_VARSTORE_ID, + attribute = 0x03, // EFI variable attributes EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_NON_VOLATILE + name = TCG2_VERSION, + guid = TCG2_CONFIG_FORM_SET_GUID; + + form formid = TCG2_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_TCG2_TITLE); + + subtitle text = STRING_TOKEN(STR_NULL); + + text + help = STRING_TOKEN(STR_TCG2_DEVICE_STATE_HELP), + text = STRING_TOKEN(STR_TCG2_DEVICE_STATE_PROMPT), + text = STRING_TOKEN(STR_TCG2_DEVICE_STATE_CONTENT); + + oneof varid = TCG2_CONFIGURATION.TpmDevice, + questionid = KEY_TPM_DEVICE, + prompt = STRING_TOKEN(STR_TCG2_DEVICE_PROMPT), + help = STRING_TOKEN(STR_TCG2_DEVICE_HELP), + flags = INTERACTIVE, + option text = STRING_TOKEN(STR_TCG2_TPM_1_2), value = TPM_DEVICE_1_2, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_TPM_2_0_DTPM), value = TPM_DEVICE_2_0_DTPM, flags = RESET_REQUIRED; + endoneof; + + suppressif ideqvallist TCG2_CONFIGURATION.TpmDevice == TPM_DEVICE_NULL TPM_DEVICE_1_2; + + subtitle text = STRING_TOKEN(STR_NULL); + + text + help = STRING_TOKEN(STR_TPM2_ACPI_HID_HELP), + text = STRING_TOKEN(STR_TPM2_ACPI_HID_PROMPT), + text = STRING_TOKEN(STR_TPM2_ACPI_HID_CONTENT); + + text + help = STRING_TOKEN(STR_TPM2_ACPI_REVISION_STATE_HELP), + text = STRING_TOKEN(STR_TPM2_ACPI_REVISION_STATE_PROMPT), + text = STRING_TOKEN(STR_TPM2_ACPI_REVISION_STATE_CONTENT); + + oneof varid = TCG2_VERSION.Tpm2AcpiTableRev, + questionid = KEY_TPM2_ACPI_REVISION, + prompt = STRING_TOKEN(STR_TPM2_ACPI_REVISION_PROMPT), + help = STRING_TOKEN(STR_TPM2_ACPI_REVISION_HELP), + flags = INTERACTIVE, + option text = STRING_TOKEN(STR_TPM2_ACPI_REVISION_3), value = TPM2_ACPI_REVISION_3, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_TPM2_ACPI_REVISION_4), value = TPM2_ACPI_REVISION_4, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + endoneof; + + subtitle text = STRING_TOKEN(STR_NULL); + + text + help = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_HELP), + text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT), + text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT); + + text + help = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_CAPABILITY_HELP), + text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_CAPABILITY_PROMPT), + text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT); + + suppressif ideqval TCG2_CONFIGURATION_INFO.TpmDeviceInterfacePtpFifoSupported == 0 + OR ideqval TCG2_CONFIGURATION_INFO.TpmDeviceInterfacePtpCrbSupported == 0; + oneof varid = TCG2_CONFIGURATION_INFO.TpmDeviceInterfaceAttempt, + questionid = KEY_TPM_DEVICE_INTERFACE, + prompt = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_PROMPT), + help = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_HELP), + flags = INTERACTIVE, + option text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_TIS), value = TPM_DEVICE_INTERFACE_TIS, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_PTP_FIFO), value = TPM_DEVICE_INTERFACE_PTP_FIFO, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_DEVICE_INTERFACE_PTP_CRB), value = TPM_DEVICE_INTERFACE_PTP_CRB, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + endoneof; + endif; + + endif; + + subtitle text = STRING_TOKEN(STR_NULL); + + suppressif ideqvallist TCG2_CONFIGURATION.TpmDevice == TPM_DEVICE_NULL TPM_DEVICE_1_2; + text + help = STRING_TOKEN(STR_TPM2_ACTIVE_HASH_ALGO_HELP), + text = STRING_TOKEN(STR_TPM2_ACTIVE_HASH_ALGO), + text = STRING_TOKEN(STR_TPM2_ACTIVE_HASH_ALGO_CONTENT); + text + help = STRING_TOKEN(STR_TPM2_SUPPORTED_HASH_ALGO_HELP), + text = STRING_TOKEN(STR_TPM2_SUPPORTED_HASH_ALGO), + text = STRING_TOKEN(STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT); + text + help = STRING_TOKEN(STR_BIOS_HASH_ALGO_HELP), + text = STRING_TOKEN(STR_BIOS_HASH_ALGO), + text = STRING_TOKEN(STR_BIOS_HASH_ALGO_CONTENT); + + subtitle text = STRING_TOKEN(STR_NULL); + subtitle text = STRING_TOKEN(STR_TCG2_PP_OPERATION); + + text + help = STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_HELP), + text = STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_PROMPT), + text = STRING_TOKEN(STR_TCG2_PPI_VERSION_STATE_CONTENT); + + oneof varid = TCG2_VERSION.PpiVersion, + questionid = KEY_TCG2_PPI_VERSION, + prompt = STRING_TOKEN(STR_TCG2_PPI_VERSION_PROMPT), + help = STRING_TOKEN(STR_TCG2_PPI_VERSION_HELP), + flags = INTERACTIVE, + option text = STRING_TOKEN(STR_TCG2_PPI_VERSION_1_2), value = TCG2_PPI_VERSION_1_2, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_PPI_VERSION_1_3), value = TCG2_PPI_VERSION_1_3, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + endoneof; + + oneof name = Tpm2Operation, + questionid = KEY_TPM2_OPERATION, + prompt = STRING_TOKEN(STR_TCG2_OPERATION), + help = STRING_TOKEN(STR_TCG2_OPERATION_HELP), + flags = INTERACTIVE | NUMERIC_SIZE_1, + option text = STRING_TOKEN(STR_TCG2_NO_ACTION), value = TCG2_PHYSICAL_PRESENCE_NO_ACTION, flags = DEFAULT | MANUFACTURING | RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_ENABLE), value = TCG2_PHYSICAL_PRESENCE_ENABLE, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_DISABLE), value = TCG2_PHYSICAL_PRESENCE_DISABLE, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_CLEAR), value = TCG2_PHYSICAL_PRESENCE_CLEAR, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_SET_PCD_BANKS), value = TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS, flags = RESET_REQUIRED; + suppressif ideqval TCG2_CONFIGURATION_INFO.ChangeEPSSupported == 0; + option text = STRING_TOKEN(STR_TCG2_CHANGE_EPS), value = TCG2_PHYSICAL_PRESENCE_CHANGE_EPS, flags = RESET_REQUIRED; + endif + option text = STRING_TOKEN(STR_TCG2_LOG_ALL_DIGESTS), value = TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS, flags = RESET_REQUIRED; + option text = STRING_TOKEN(STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY), value = TCG2_PHYSICAL_PRESENCE_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY, flags = RESET_REQUIRED; + endoneof; + + suppressif NOT questionref(Tpm2Operation) == TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS; + numeric name = Tpm2OperationParameter, + questionid = KEY_TPM2_OPERATION_PARAMETER, + prompt = STRING_TOKEN(STR_TCG2_OPERATION_PARAMETER), + help = STRING_TOKEN(STR_TCG2_OPERATION_PARAMETER_HELP), + flags = DISPLAY_UINT_HEX | INTERACTIVE | NUMERIC_SIZE_4, + minimum = 0, + maximum = 0xFFFFFFFF, + step = 0, + default = 0, + endnumeric; + endif; + + subtitle text = STRING_TOKEN(STR_NULL); + subtitle text = STRING_TOKEN(STR_TCG2_CONFIGURATION); + + text + help = STRING_TOKEN(STR_TCG2_SUPPORTED_EVENT_LOG_FORMAT_HELP), + text = STRING_TOKEN(STR_TCG2_SUPPORTED_EVENT_LOG_FORMAT), + text = STRING_TOKEN(STR_TCG2_SUPPORTED_EVENT_LOG_FORMAT_CONTENT); + + text + help = STRING_TOKEN(STR_TCG2_HASH_ALGO_BITMAP_HELP), + text = STRING_TOKEN(STR_TCG2_HASH_ALGO_BITMAP), + text = STRING_TOKEN(STR_TCG2_HASH_ALGO_BITMAP_CONTENT); + + text + help = STRING_TOKEN(STR_TCG2_NUMBER_OF_PCR_BANKS_HELP), + text = STRING_TOKEN(STR_TCG2_NUMBER_OF_PCR_BANKS), + text = STRING_TOKEN(STR_TCG2_NUMBER_OF_PCR_BANKS_CONTENT); + + text + help = STRING_TOKEN(STR_TCG2_ACTIVE_PCR_BANKS_HELP), + text = STRING_TOKEN(STR_TCG2_ACTIVE_PCR_BANKS), + text = STRING_TOKEN(STR_TCG2_ACTIVE_PCR_BANKS_CONTENT); + + subtitle text = STRING_TOKEN(STR_NULL); + + suppressif ideqval TCG2_CONFIGURATION_INFO.Sha1Supported == 0; + checkbox name = TCG2ActivatePCRBank0, + questionid = KEY_TPM2_PCR_BANKS_REQUEST_0, + prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA1), + help = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA1_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + default = 1, + endcheckbox; + endif; + + suppressif ideqval TCG2_CONFIGURATION_INFO.Sha256Supported == 0; + checkbox name = TCG2ActivatePCRBank1, + questionid = KEY_TPM2_PCR_BANKS_REQUEST_1, + prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA256), + help = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA256_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + default = 0, + endcheckbox; + endif; + + suppressif ideqval TCG2_CONFIGURATION_INFO.Sha384Supported == 0; + checkbox name = TCG2ActivatePCRBank2, + questionid = KEY_TPM2_PCR_BANKS_REQUEST_2, + prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA384), + help = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA384_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + default = 0, + endcheckbox; + endif; + + suppressif ideqval TCG2_CONFIGURATION_INFO.Sha512Supported == 0; + checkbox name = TCG2ActivatePCRBank3, + questionid = KEY_TPM2_PCR_BANKS_REQUEST_3, + prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA512), + help = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA512_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + default = 0, + endcheckbox; + endif; + + suppressif ideqval TCG2_CONFIGURATION_INFO.Sm3Supported == 0; + checkbox name = TCG2ActivatePCRBank4, + questionid = KEY_TPM2_PCR_BANKS_REQUEST_4, + prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SM3_256), + help = STRING_TOKEN(STR_TCG2_PCR_BANK_SM3_256_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + default = 0, + endcheckbox; + endif; + + endif; + + endform; + +endformset; diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c new file mode 100644 index 00000000..f2a4b00b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDriver.c @@ -0,0 +1,455 @@ +/** @file + The module entry point for Tcg2 configuration module. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Tcg2ConfigImpl.h" + +extern TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1]; + +/** + Update default PCR banks data. + + @param[in] HiiPackage HII Package. + @param[in] HiiPackageSize HII Package size. + @param[in] PCRBanks PCR Banks data. + +**/ +VOID +UpdateDefaultPCRBanks ( + IN VOID *HiiPackage, + IN UINTN HiiPackageSize, + IN UINT32 PCRBanks + ) +{ + EFI_HII_PACKAGE_HEADER *HiiPackageHeader; + EFI_IFR_OP_HEADER *IfrOpCodeHeader; + EFI_IFR_CHECKBOX *IfrCheckBox; + EFI_IFR_DEFAULT *IfrDefault; + + HiiPackageHeader = (EFI_HII_PACKAGE_HEADER *)HiiPackage; + + switch (HiiPackageHeader->Type) { + case EFI_HII_PACKAGE_FORMS: + IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)(HiiPackageHeader + 1); + while ((UINTN)IfrOpCodeHeader < (UINTN)HiiPackageHeader + HiiPackageHeader->Length) { + switch (IfrOpCodeHeader->OpCode) { + case EFI_IFR_CHECKBOX_OP: + IfrCheckBox = (EFI_IFR_CHECKBOX *)IfrOpCodeHeader; + if ((IfrCheckBox->Question.QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (IfrCheckBox->Question.QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) { + IfrDefault = (EFI_IFR_DEFAULT *)(IfrCheckBox + 1); + ASSERT (IfrDefault->Header.OpCode == EFI_IFR_DEFAULT_OP); + ASSERT (IfrDefault->Type == EFI_IFR_TYPE_BOOLEAN); + IfrDefault->Value.b = (BOOLEAN)((PCRBanks >> (IfrCheckBox->Question.QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0)) & 0x1); + } + break; + } + IfrOpCodeHeader = (EFI_IFR_OP_HEADER *)((UINTN)IfrOpCodeHeader + IfrOpCodeHeader->Length); + } + break; + } + return ; +} + +/** + Initialize TCG2 version information. + + This function will initialize efi varstore configuration data for + TCG2_VERSION_NAME variable, check the value of related PCD with + the variable value and set string for the version state content + according to the PCD value. + + @param[in] PrivateData Points to TCG2 configuration private data. + +**/ +VOID +InitializeTcg2VersionInfo ( + IN TCG2_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + EFI_STATUS Status; + EFI_STRING ConfigRequestHdr; + BOOLEAN ActionFlag; + TCG2_VERSION Tcg2Version; + UINTN DataSize; + UINT64 PcdTcg2PpiVersion; + UINT8 PcdTpm2AcpiTableRev; + + // + // Get the PCD value before initializing efi varstore configuration data. + // + PcdTcg2PpiVersion = 0; + CopyMem ( + &PcdTcg2PpiVersion, + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), + AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) + ); + + PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev); + + // + // Initialize efi varstore configuration data. + // + ZeroMem (&Tcg2Version, sizeof (Tcg2Version)); + ConfigRequestHdr = HiiConstructConfigHdr ( + &gTcg2ConfigFormSetGuid, + TCG2_VERSION_NAME, + PrivateData->DriverHandle + ); + ASSERT (ConfigRequestHdr != NULL); + DataSize = sizeof (Tcg2Version); + Status = gRT->GetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Version + ); + if (!EFI_ERROR (Status)) { + // + // EFI variable does exist and validate current setting. + // + ActionFlag = HiiValidateSettings (ConfigRequestHdr); + if (!ActionFlag) { + // + // Current configuration is invalid, reset to defaults. + // + ActionFlag = HiiSetToDefaults (ConfigRequestHdr, EFI_HII_DEFAULT_CLASS_STANDARD); + ASSERT (ActionFlag); + // + // Get the default values from variable. + // + DataSize = sizeof (Tcg2Version); + Status = gRT->GetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Version + ); + ASSERT_EFI_ERROR (Status); + } + } else { + // + // EFI variable doesn't exist or variable size is not expected. + // + + // + // Store zero data Buffer Storage to EFI variable. + // + Status = gRT->SetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof (Tcg2Version), + &Tcg2Version + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_VERSION_NAME\n")); + return; + } else { + // + // Build this variable based on default values stored in IFR. + // + ActionFlag = HiiSetToDefaults (ConfigRequestHdr, EFI_HII_DEFAULT_CLASS_STANDARD); + ASSERT (ActionFlag); + // + // Get the default values from variable. + // + DataSize = sizeof (Tcg2Version); + Status = gRT->GetVariable ( + TCG2_VERSION_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Version + ); + ASSERT_EFI_ERROR (Status); + if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) { + DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer default value is not same with the default value in VFR\n")); + DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n")); + } + if (PcdTpm2AcpiTableRev != Tcg2Version.Tpm2AcpiTableRev) { + DEBUG ((DEBUG_WARN, "WARNING: PcdTpm2AcpiTableRev default value is not same with the default value in VFR\n")); + DEBUG ((DEBUG_WARN, "WARNING: The default value in VFR has be chosen\n")); + } + } + } + FreePool (ConfigRequestHdr); + + // + // Get the PCD value again. + // If the PCD value is not equal to the value in variable, + // the PCD is not DynamicHii type and does not map to the setup option. + // + PcdTcg2PpiVersion = 0; + CopyMem ( + &PcdTcg2PpiVersion, + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), + AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) + ); + if (PcdTcg2PpiVersion != Tcg2Version.PpiVersion) { + DEBUG ((DEBUG_WARN, "WARNING: PcdTcgPhysicalPresenceInterfaceVer is not DynamicHii type and does not map to TCG2_VERSION.PpiVersion\n")); + DEBUG ((DEBUG_WARN, "WARNING: The TCG2 PPI version configuring from setup page will not work\n")); + } + + switch (PcdTcg2PpiVersion) { + case TCG2_PPI_VERSION_1_2: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_PPI_VERSION_STATE_CONTENT), L"1.2", NULL); + break; + case TCG2_PPI_VERSION_1_3: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_PPI_VERSION_STATE_CONTENT), L"1.3", NULL); + break; + default: + ASSERT (FALSE); + break; + } + + // + // Get the PcdTpm2AcpiTableRev value again. + // If the PCD value is not equal to the value in variable, + // the PCD is not DynamicHii type and does not map to TCG2_VERSION Variable. + // + PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev); + if (PcdTpm2AcpiTableRev != Tcg2Version.Tpm2AcpiTableRev) { + DEBUG ((DEBUG_WARN, "WARNING: PcdTpm2AcpiTableRev is not DynamicHii type and does not map to TCG2_VERSION.Tpm2AcpiTableRev\n")); + DEBUG ((DEBUG_WARN, "WARNING: The Tpm2 ACPI Revision configuring from setup page will not work\n")); + } + + switch (PcdTpm2AcpiTableRev) { + case EFI_TPM2_ACPI_TABLE_REVISION_3: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_REVISION_STATE_CONTENT), L"Rev 3", NULL); + break; + case EFI_TPM2_ACPI_TABLE_REVISION_4: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_REVISION_STATE_CONTENT), L"Rev 4", NULL); + break; + default: + ASSERT (FALSE); + break; + } +} + +/** + The entry point for Tcg2 configuration driver. + + @param[in] ImageHandle The image handle of the driver. + @param[in] SystemTable The system table. + + @retval EFI_ALREADY_STARTED The driver already exists in system. + @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack of resources. + @retval EFI_SUCCESS All the related protocols are installed on the driver. + @retval Others Fail to install protocols as indicated. + +**/ +EFI_STATUS +EFIAPI +Tcg2ConfigDriverEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + TCG2_CONFIG_PRIVATE_DATA *PrivateData; + TCG2_CONFIGURATION Tcg2Configuration; + TCG2_DEVICE_DETECTION Tcg2DeviceDetection; + UINTN Index; + UINTN DataSize; + EDKII_VARIABLE_LOCK_PROTOCOL *VariableLockProtocol; + UINT32 CurrentActivePCRBanks; + + Status = gBS->OpenProtocol ( + ImageHandle, + &gEfiCallerIdGuid, + NULL, + ImageHandle, + ImageHandle, + EFI_OPEN_PROTOCOL_TEST_PROTOCOL + ); + if (!EFI_ERROR (Status)) { + return EFI_ALREADY_STARTED; + } + + // + // Create a private data structure. + // + PrivateData = AllocateCopyPool (sizeof (TCG2_CONFIG_PRIVATE_DATA), &mTcg2ConfigPrivateDateTemplate); + ASSERT (PrivateData != NULL); + mTcg2ConfigPrivateDate = PrivateData; + // + // Install private GUID. + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gEfiCallerIdGuid, + PrivateData, + NULL + ); + ASSERT_EFI_ERROR (Status); + + Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &PrivateData->Tcg2Protocol); + ASSERT_EFI_ERROR (Status); + + PrivateData->ProtocolCapability.Size = sizeof(PrivateData->ProtocolCapability); + Status = PrivateData->Tcg2Protocol->GetCapability ( + PrivateData->Tcg2Protocol, + &PrivateData->ProtocolCapability + ); + ASSERT_EFI_ERROR (Status); + + DataSize = sizeof(Tcg2Configuration); + Status = gRT->GetVariable ( + TCG2_STORAGE_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &DataSize, + &Tcg2Configuration + ); + if (EFI_ERROR (Status)) { + // + // Variable not ready, set default value + // + Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT; + } + + // + // Validation + // + if ((Tcg2Configuration.TpmDevice > TPM_DEVICE_MAX) || (Tcg2Configuration.TpmDevice < TPM_DEVICE_MIN)) { + Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT; + } + + // + // Set value for Tcg2CurrentActivePCRBanks + // Search Tcg2ConfigBin[] and update default value there + // + Status = PrivateData->Tcg2Protocol->GetActivePcrBanks (PrivateData->Tcg2Protocol, &CurrentActivePCRBanks); + ASSERT_EFI_ERROR (Status); + PrivateData->PCRBanksDesired = CurrentActivePCRBanks; + UpdateDefaultPCRBanks (Tcg2ConfigBin + sizeof(UINT32), ReadUnaligned32((UINT32 *)Tcg2ConfigBin) - sizeof(UINT32), CurrentActivePCRBanks); + + // + // Sync data from PCD to variable, so that we do not need detect again in S3 phase. + // + Tcg2DeviceDetection.TpmDeviceDetected = TPM_DEVICE_NULL; + for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) { + if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &mTpmInstanceId[Index].TpmInstanceGuid)) { + Tcg2DeviceDetection.TpmDeviceDetected = mTpmInstanceId[Index].TpmDevice; + break; + } + } + + PrivateData->TpmDeviceDetected = Tcg2DeviceDetection.TpmDeviceDetected; + Tcg2Configuration.TpmDevice = Tcg2DeviceDetection.TpmDeviceDetected; + + // + // Save to variable so platform driver can get it. + // + Status = gRT->SetVariable ( + TCG2_DEVICE_DETECTION_NAME, + &gTcg2ConfigFormSetGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof(Tcg2DeviceDetection), + &Tcg2DeviceDetection + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_DEVICE_DETECTION_NAME\n")); + Status = gRT->SetVariable ( + TCG2_DEVICE_DETECTION_NAME, + &gTcg2ConfigFormSetGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + 0, + NULL + ); + ASSERT_EFI_ERROR (Status); + } + + // + // Save to variable so platform driver can get it. + // + Status = gRT->SetVariable ( + TCG2_STORAGE_NAME, + &gTcg2ConfigFormSetGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof(Tcg2Configuration), + &Tcg2Configuration + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_NAME\n")); + } + + // + // We should lock Tcg2DeviceDetection, because it contains information needed at S3. + // + Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLockProtocol); + if (!EFI_ERROR (Status)) { + Status = VariableLockProtocol->RequestToLock ( + VariableLockProtocol, + TCG2_DEVICE_DETECTION_NAME, + &gTcg2ConfigFormSetGuid + ); + ASSERT_EFI_ERROR (Status); + } + + // + // Install Tcg2 configuration form + // + Status = InstallTcg2ConfigForm (PrivateData); + if (EFI_ERROR (Status)) { + goto ErrorExit; + } + + InitializeTcg2VersionInfo (PrivateData); + + return EFI_SUCCESS; + +ErrorExit: + if (PrivateData != NULL) { + UninstallTcg2ConfigForm (PrivateData); + } + + return Status; +} + +/** + Unload the Tcg2 configuration form. + + @param[in] ImageHandle The driver's image handle. + + @retval EFI_SUCCESS The Tcg2 configuration form is unloaded. + @retval Others Failed to unload the form. + +**/ +EFI_STATUS +EFIAPI +Tcg2ConfigDriverUnload ( + IN EFI_HANDLE ImageHandle + ) +{ + EFI_STATUS Status; + TCG2_CONFIG_PRIVATE_DATA *PrivateData; + + Status = gBS->HandleProtocol ( + ImageHandle, + &gEfiCallerIdGuid, + (VOID **) &PrivateData + ); + if (EFI_ERROR (Status)) { + return Status; + } + + ASSERT (PrivateData->Signature == TCG2_CONFIG_PRIVATE_DATA_SIGNATURE); + + gBS->UninstallMultipleProtocolInterfaces ( + ImageHandle, + &gEfiCallerIdGuid, + PrivateData, + NULL + ); + + UninstallTcg2ConfigForm (PrivateData); + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf new file mode 100644 index 00000000..10664565 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf @@ -0,0 +1,88 @@ +## @file +# TPM device configuration for TPM 2.0 +# +# By this module, user may select TPM device, clear TPM state, etc. +# NOTE: This module is only for reference only, each platform should have its own setup page. +# +# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2ConfigDxe + MODULE_UNI_FILE = Tcg2ConfigDxe.uni + FILE_GUID = 4D9CBEF0-15A0-4D0C-83DB-5213E710C23F + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = Tcg2ConfigDriverEntryPoint + UNLOAD_IMAGE = Tcg2ConfigDriverUnload + +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + Tcg2ConfigDriver.c + Tcg2ConfigImpl.c + Tcg2ConfigImpl.h + Tcg2Config.vfr + Tcg2ConfigStrings.uni + Tcg2ConfigNvData.h + Tcg2Internal.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + UefiLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + UefiDriverEntryPoint + UefiHiiServicesLib + DebugLib + HiiLib + PcdLib + PrintLib + Tpm2DeviceLib + Tpm2CommandLib + Tcg2PhysicalPresenceLib + IoLib + +[Guids] + ## PRODUCES ## HII + ## SOMETIMES_PRODUCES ## Variable:L"TCG2_CONFIGURATION" + ## SOMETIMES_CONSUMES ## Variable:L"TCG2_CONFIGURATION" + ## PRODUCES ## Variable:L"TCG2_DEVICE_DETECTION" + ## SOMETIMES_CONSUMES ## Variable:L"TCG2_DEVICE_DETECTION" + gTcg2ConfigFormSetGuid + +[Protocols] + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiDevicePathProtocolGuid ## PRODUCES + gEdkiiVariableLockProtocolGuid ## SOMETIMES_CONSUMES + gEfiTcg2ProtocolGuid ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdActiveTpmInterfaceType ## CONSUMES + +[Depex] + gEfiTcg2ProtocolGuid AND + gEfiHiiConfigRoutingProtocolGuid AND + gEfiHiiDatabaseProtocolGuid AND + gEfiVariableArchProtocolGuid AND + gEfiVariableWriteArchProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + Tcg2ConfigDxeExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.uni new file mode 100644 index 00000000..80bb3fdf --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.uni @@ -0,0 +1,17 @@ +// /** @file
+// TPM device configuration for TPM 2.0
+//
+// By this module, user may select TPM device, clear TPM state, etc.
+// NOTE: This module is only for reference only, each platform should have its own setup page.
+//
+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "TPM device configuration for TPM 2.0"
+
+#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may select TPM device, clear TPM state, etc. NOTE: This module is only for reference only, each platform should have its own setup page."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxeExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxeExtra.uni new file mode 100644 index 00000000..f263afc8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxeExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// Tcg2ConfigDxe Localized Strings and Content
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG2 (Trusted Computing Group) Configuration DXE"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c new file mode 100644 index 00000000..e7b51213 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -0,0 +1,1004 @@ +/** @file + HII Config Access protocol implementation of TCG2 configuration module. + NOTE: This module is only for reference only, each platform should have its own setup page. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Tcg2ConfigImpl.h" +#include <Library/PcdLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/IoLib.h> + +#include <Guid/TpmInstance.h> + +#include <IndustryStandard/TpmPtp.h> + +#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) + +TPM_INSTANCE_ID mTpmInstanceId[TPM_DEVICE_MAX + 1] = TPM_INSTANCE_ID_LIST; + +TCG2_CONFIG_PRIVATE_DATA *mTcg2ConfigPrivateDate; +TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate = { + TCG2_CONFIG_PRIVATE_DATA_SIGNATURE, + { + Tcg2ExtractConfig, + Tcg2RouteConfig, + Tcg2Callback + } +}; + +HII_VENDOR_DEVICE_PATH mTcg2HiiVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + TCG2_CONFIG_FORM_SET_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + +UINT8 mCurrentPpRequest; + +/** + Return if PTP CRB is supported. + + @param[in] Register Pointer to PTP register. + + @retval TRUE PTP CRB is supported. + @retval FALSE PTP CRB is unsupported. +**/ +BOOLEAN +IsPtpCrbSupported ( + IN VOID *Register + ) +{ + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + + // + // Check interface id + // + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + + if (((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) || + (InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) && + (InterfaceId.Bits.CapCRB != 0)) { + return TRUE; + } + return FALSE; +} + +/** + Return if PTP FIFO is supported. + + @param[in] Register Pointer to PTP register. + + @retval TRUE PTP FIFO is supported. + @retval FALSE PTP FIFO is unsupported. +**/ +BOOLEAN +IsPtpFifoSupported ( + IN VOID *Register + ) +{ + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + + // + // Check interface id + // + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + + if (((InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) || + (InterfaceId.Bits.InterfaceType == PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO)) && + (InterfaceId.Bits.CapFIFO != 0)) { + return TRUE; + } + return FALSE; +} + +/** + Set PTP interface type. + Do not update PcdActiveTpmInterfaceType here because interface change only happens on next _TPM_INIT + + @param[in] Register Pointer to PTP register. + @param[in] PtpInterface PTP interface type. + + @retval EFI_SUCCESS PTP interface type is set. + @retval EFI_INVALID_PARAMETER PTP interface type is invalid. + @retval EFI_UNSUPPORTED PTP interface type is unsupported. + @retval EFI_WRITE_PROTECTED PTP interface is locked. +**/ +EFI_STATUS +SetPtpInterface ( + IN VOID *Register, + IN UINT8 PtpInterface + ) +{ + TPM2_PTP_INTERFACE_TYPE PtpInterfaceCurrent; + PTP_CRB_INTERFACE_IDENTIFIER InterfaceId; + + PtpInterfaceCurrent = PcdGet8(PcdActiveTpmInterfaceType); + if ((PtpInterfaceCurrent != Tpm2PtpInterfaceFifo) && + (PtpInterfaceCurrent != Tpm2PtpInterfaceCrb)) { + return EFI_UNSUPPORTED; + } + InterfaceId.Uint32 = MmioRead32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId); + if (InterfaceId.Bits.IntfSelLock != 0) { + return EFI_WRITE_PROTECTED; + } + + switch (PtpInterface) { + case Tpm2PtpInterfaceFifo: + if (InterfaceId.Bits.CapFIFO == 0) { + return EFI_UNSUPPORTED; + } + InterfaceId.Bits.InterfaceSelector = PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_FIFO; + MmioWrite32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId, InterfaceId.Uint32); + return EFI_SUCCESS; + case Tpm2PtpInterfaceCrb: + if (InterfaceId.Bits.CapCRB == 0) { + return EFI_UNSUPPORTED; + } + InterfaceId.Bits.InterfaceSelector = PTP_INTERFACE_IDENTIFIER_INTERFACE_SELECTOR_CRB; + MmioWrite32 ((UINTN)&((PTP_CRB_REGISTERS *)Register)->InterfaceId, InterfaceId.Uint32); + return EFI_SUCCESS; + default: + return EFI_INVALID_PARAMETER; + } +} + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Request A null-terminated Unicode string in + <ConfigRequest> format. + @param[out] Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param[out] Results A null-terminated Unicode string in + <ConfigAltResp> format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +Tcg2ExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ) +{ + if (Progress == NULL || Results == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Request; + return EFI_NOT_FOUND; +} + +/** + Save TPM request to variable space. + + @param[in] PpRequest Physical Presence request command. + + @retval EFI_SUCCESS The operation is finished successfully. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +SaveTcg2PpRequest ( + IN UINT8 PpRequest + ) +{ + UINT32 ReturnCode; + EFI_STATUS Status; + + ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (PpRequest, 0); + if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { + mCurrentPpRequest = PpRequest; + Status = EFI_SUCCESS; + } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) { + Status = EFI_OUT_OF_RESOURCES; + } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) { + Status = EFI_UNSUPPORTED; + } else { + Status = EFI_DEVICE_ERROR; + } + + return Status; +} + +/** + Save TPM request to variable space. + + @param[in] PpRequestParameter Physical Presence request parameter. + + @retval EFI_SUCCESS The operation is finished successfully. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +SaveTcg2PpRequestParameter ( + IN UINT32 PpRequestParameter + ) +{ + UINT32 ReturnCode; + EFI_STATUS Status; + + ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (mCurrentPpRequest, PpRequestParameter); + if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { + Status = EFI_SUCCESS; + } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) { + Status = EFI_OUT_OF_RESOURCES; + } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) { + Status = EFI_UNSUPPORTED; + } else { + Status = EFI_DEVICE_ERROR; + } + + return Status; +} + +/** + Save Tcg2 PCR Banks request request to variable space. + + @param[in] PCRBankIndex PCR Bank Index. + @param[in] Enable Enable or disable this PCR Bank. + + @retval EFI_SUCCESS The operation is finished successfully. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +SaveTcg2PCRBanksRequest ( + IN UINTN PCRBankIndex, + IN BOOLEAN Enable + ) +{ + UINT32 ReturnCode; + EFI_STATUS Status; + + if (Enable) { + mTcg2ConfigPrivateDate->PCRBanksDesired |= (0x1 << PCRBankIndex); + } else { + mTcg2ConfigPrivateDate->PCRBanksDesired &= ~(0x1 << PCRBankIndex); + } + + ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS, mTcg2ConfigPrivateDate->PCRBanksDesired); + if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { + Status = EFI_SUCCESS; + } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) { + Status = EFI_OUT_OF_RESOURCES; + } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) { + Status = EFI_UNSUPPORTED; + } else { + Status = EFI_DEVICE_ERROR; + } + + return Status; +} + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Configuration A null-terminated Unicode string in <ConfigResp> + format. + @param[out] Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +Tcg2RouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ) +{ + if (Configuration == NULL || Progress == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Configuration; + + return EFI_NOT_FOUND; +} + +/** + Get HID string of TPM2 ACPI device object + + @param[in] Hid Points to HID String Buffer. + @param[in] Size HID String size in bytes. Must >= TPM_HID_ACPI_SIZE + + @return HID String get status. + +**/ +EFI_STATUS +GetTpm2HID( + CHAR8 *Hid, + UINTN Size + ) +{ + EFI_STATUS Status; + UINT32 ManufacturerID; + UINT32 FirmwareVersion1; + UINT32 FirmwareVersion2; + BOOLEAN PnpHID; + + PnpHID = TRUE; + + ZeroMem(Hid, Size); + + // + // Get Manufacturer ID + // + Status = Tpm2GetCapabilityManufactureID(&ManufacturerID); + if (!EFI_ERROR(Status)) { + DEBUG((DEBUG_INFO, "TPM_PT_MANUFACTURER 0x%08x\n", ManufacturerID)); + // + // ManufacturerID defined in TCG Vendor ID Registry + // may tailed with 0x00 or 0x20 + // + if ((ManufacturerID >> 24) == 0x00 || ((ManufacturerID >> 24) == 0x20)) { + // + // HID containing PNP ID "NNN####" + // NNN is uppercase letter for Vendor ID specified by manufacturer + // + CopyMem(Hid, &ManufacturerID, 3); + } else { + // + // HID containing ACP ID "NNNN####" + // NNNN is uppercase letter for Vendor ID specified by manufacturer + // + CopyMem(Hid, &ManufacturerID, 4); + PnpHID = FALSE; + } + } else { + DEBUG ((DEBUG_ERROR, "Get TPM_PT_MANUFACTURER failed %x!\n", Status)); + ASSERT(FALSE); + return Status; + } + + Status = Tpm2GetCapabilityFirmwareVersion(&FirmwareVersion1, &FirmwareVersion2); + if (!EFI_ERROR(Status)) { + DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_1 0x%x\n", FirmwareVersion1)); + DEBUG((DEBUG_INFO, "TPM_PT_FIRMWARE_VERSION_2 0x%x\n", FirmwareVersion2)); + // + // #### is Firmware Version 1 + // + if (PnpHID) { + AsciiSPrint(Hid + 3, TPM_HID_PNP_SIZE - 3, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); + } else { + AsciiSPrint(Hid + 4, TPM_HID_ACPI_SIZE - 4, "%02d%02d", ((FirmwareVersion1 & 0xFFFF0000) >> 16), (FirmwareVersion1 & 0x0000FFFF)); + } + + } else { + DEBUG ((DEBUG_ERROR, "Get TPM_PT_FIRMWARE_VERSION_X failed %x!\n", Status)); + ASSERT(FALSE); + return Status; + } + + return EFI_SUCCESS; +} + +/** + This function processes the results of changes in configuration + for TCG2 version information. + + @param[in] Action Specifies the type of action taken by the browser. + ASSERT if the Action is not EFI_BROWSER_ACTION_SUBMITTED. + @param[in] QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the original + exporting driver. + + @retval EFI_SUCCESS The callback successfully handled the action. + +**/ +EFI_STATUS +Tcg2VersionInfoCallback ( + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value + ) +{ + EFI_INPUT_KEY Key; + UINT64 PcdTcg2PpiVersion; + UINT8 PcdTpm2AcpiTableRev; + + ASSERT (Action == EFI_BROWSER_ACTION_SUBMITTED); + + if (QuestionId == KEY_TCG2_PPI_VERSION) { + // + // Get the PCD value after EFI_BROWSER_ACTION_SUBMITTED, + // the SetVariable to TCG2_VERSION_NAME should have been done. + // If the PCD value is not equal to the value set to variable, + // the PCD is not DynamicHii type and does not map to the setup option. + // + PcdTcg2PpiVersion = 0; + CopyMem ( + &PcdTcg2PpiVersion, + PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer), + AsciiStrSize ((CHAR8 *) PcdGetPtr (PcdTcgPhysicalPresenceInterfaceVer)) + ); + if (PcdTcg2PpiVersion != Value->u64) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"WARNING: PcdTcgPhysicalPresenceInterfaceVer is not DynamicHii type and does not map to this option!", + L"The version configuring by this setup option will not work!", + NULL + ); + } + } else if (QuestionId == KEY_TPM2_ACPI_REVISION){ + // + // Get the PCD value after EFI_BROWSER_ACTION_SUBMITTED, + // the SetVariable to TCG2_VERSION_NAME should have been done. + // If the PCD value is not equal to the value set to variable, + // the PCD is not DynamicHii type and does not map to the setup option. + // + PcdTpm2AcpiTableRev = PcdGet8 (PcdTpm2AcpiTableRev); + + if (PcdTpm2AcpiTableRev != Value->u8) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"WARNING: PcdTpm2AcpiTableRev is not DynamicHii type and does not map to this option!", + L"The Revision configuring by this setup option will not work!", + NULL + ); + } + } + + return EFI_SUCCESS; +} + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Action Specifies the type of action taken by the browser. + @param[in] QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the original + exporting driver. + @param[out] ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +Tcg2Callback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + EFI_STATUS Status; + EFI_INPUT_KEY Key; + CHAR8 HidStr[16]; + CHAR16 UnHidStr[16]; + TCG2_CONFIG_PRIVATE_DATA *Private; + + if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Private = TCG2_CONFIG_PRIVATE_DATA_FROM_THIS (This); + + if (Action == EFI_BROWSER_ACTION_FORM_OPEN) { + // + // Update TPM2 HID info + // + if (QuestionId == KEY_TPM_DEVICE) { + Status = GetTpm2HID(HidStr, 16); + + if (EFI_ERROR(Status)) { + // + // Fail to get TPM2 HID + // + HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_HID_CONTENT), L"Unknown", NULL); + } else { + AsciiStrToUnicodeStrS(HidStr, UnHidStr, 16); + HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_TPM2_ACPI_HID_CONTENT), UnHidStr, NULL); + } + } + return EFI_SUCCESS; + } + + if (Action == EFI_BROWSER_ACTION_CHANGING) { + if (QuestionId == KEY_TPM_DEVICE_INTERFACE) { + Status = SetPtpInterface ((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress), Value->u8); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Error: Fail to set PTP interface!", + NULL + ); + return EFI_DEVICE_ERROR; + } + } + } + + if (Action == EFI_BROWSER_ACTION_CHANGED) { + if (QuestionId == KEY_TPM_DEVICE) { + return EFI_SUCCESS; + } + if (QuestionId == KEY_TPM2_OPERATION) { + return SaveTcg2PpRequest (Value->u8); + } + if (QuestionId == KEY_TPM2_OPERATION_PARAMETER) { + return SaveTcg2PpRequestParameter (Value->u32); + } + if ((QuestionId >= KEY_TPM2_PCR_BANKS_REQUEST_0) && (QuestionId <= KEY_TPM2_PCR_BANKS_REQUEST_4)) { + return SaveTcg2PCRBanksRequest (QuestionId - KEY_TPM2_PCR_BANKS_REQUEST_0, Value->b); + } + } + + if (Action == EFI_BROWSER_ACTION_SUBMITTED) { + if (QuestionId == KEY_TCG2_PPI_VERSION || QuestionId == KEY_TPM2_ACPI_REVISION) { + return Tcg2VersionInfoCallback (Action, QuestionId, Type, Value); + } + } + + return EFI_UNSUPPORTED; +} + +/** + Append Buffer With TpmAlgHash. + + @param[in] Buffer Buffer to be appended. + @param[in] BufferSize Size of buffer. + @param[in] TpmAlgHash TpmAlgHash. + +**/ +VOID +AppendBufferWithTpmAlgHash ( + IN UINT16 *Buffer, + IN UINTN BufferSize, + IN UINT32 TpmAlgHash + ) +{ + switch (TpmAlgHash) { + case TPM_ALG_SHA1: + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1"); + break; + case TPM_ALG_SHA256: + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256"); + break; + case TPM_ALG_SHA384: + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384"); + break; + case TPM_ALG_SHA512: + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512"); + break; + case TPM_ALG_SM3_256: + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256"); + break; + } +} + +/** + Fill Buffer With BootHashAlg. + + @param[in] Buffer Buffer to be filled. + @param[in] BufferSize Size of buffer. + @param[in] BootHashAlg BootHashAlg. + +**/ +VOID +FillBufferWithBootHashAlg ( + IN UINT16 *Buffer, + IN UINTN BufferSize, + IN UINT32 BootHashAlg + ) +{ + Buffer[0] = 0; + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) { + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA1"); + } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA256"); + } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA384"); + } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SHA512"); + } + if ((BootHashAlg & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"SM3_256"); + } +} + +/** + Set ConfigInfo according to TpmAlgHash. + + @param[in,out] Tcg2ConfigInfo TCG2 config info. + @param[in] TpmAlgHash TpmAlgHash. + +**/ +VOID +SetConfigInfo ( + IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo, + IN UINT32 TpmAlgHash + ) +{ + switch (TpmAlgHash) { + case TPM_ALG_SHA1: + Tcg2ConfigInfo->Sha1Supported = TRUE; + break; + case TPM_ALG_SHA256: + Tcg2ConfigInfo->Sha256Supported = TRUE; + break; + case TPM_ALG_SHA384: + Tcg2ConfigInfo->Sha384Supported = TRUE; + break; + case TPM_ALG_SHA512: + Tcg2ConfigInfo->Sha512Supported = TRUE; + break; + case TPM_ALG_SM3_256: + Tcg2ConfigInfo->Sm3Supported = TRUE; + break; + } +} + +/** + Fill Buffer With TCG2EventLogFormat. + + @param[in] Buffer Buffer to be filled. + @param[in] BufferSize Size of buffer. + @param[in] TCG2EventLogFormat TCG2EventLogFormat. + +**/ +VOID +FillBufferWithTCG2EventLogFormat ( + IN UINT16 *Buffer, + IN UINTN BufferSize, + IN UINT32 TCG2EventLogFormat + ) +{ + Buffer[0] = 0; + if ((TCG2EventLogFormat & EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2) != 0) { + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"TCG_1_2"); + } + if ((TCG2EventLogFormat & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) != 0) { + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"TCG_2"); + } + if ((TCG2EventLogFormat & (~EFI_TCG2_EVENT_LOG_FORMAT_ALL)) != 0) { + if (Buffer[0] != 0) { + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L", "); + } + StrCatS (Buffer, BufferSize / sizeof (CHAR16), L"UNKNOWN"); + } +} + +/** + This function publish the TCG2 configuration Form for TPM device. + + @param[in, out] PrivateData Points to TCG2 configuration private data. + + @retval EFI_SUCCESS HII Form is installed for this network device. + @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +InstallTcg2ConfigForm ( + IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + EFI_STATUS Status; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; + UINTN Index; + TPML_PCR_SELECTION Pcrs; + CHAR16 TempBuffer[1024]; + TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; + TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; + BOOLEAN IsCmdImp = FALSE; + + DriverHandle = NULL; + ConfigAccess = &PrivateData->ConfigAccess; + Status = gBS->InstallMultipleProtocolInterfaces ( + &DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTcg2HiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); + if (EFI_ERROR (Status)) { + return Status; + } + + PrivateData->DriverHandle = DriverHandle; + + // + // Publish the HII package list + // + HiiHandle = HiiAddPackages ( + &gTcg2ConfigFormSetGuid, + DriverHandle, + Tcg2ConfigDxeStrings, + Tcg2ConfigBin, + NULL + ); + if (HiiHandle == NULL) { + gBS->UninstallMultipleProtocolInterfaces ( + DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTcg2HiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); + + return EFI_OUT_OF_RESOURCES; + } + + PrivateData->HiiHandle = HiiHandle; + + // + // Update static data + // + switch (PrivateData->TpmDeviceDetected) { + case TPM_DEVICE_NULL: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"Not Found", NULL); + break; + case TPM_DEVICE_1_2: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"TPM 1.2", NULL); + break; + case TPM_DEVICE_2_0_DTPM: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"TPM 2.0", NULL); + break; + default: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_STATE_CONTENT), L"Unknown", NULL); + break; + } + + ZeroMem (&Tcg2ConfigInfo, sizeof(Tcg2ConfigInfo)); + Status = Tpm2GetCapabilityPcrs (&Pcrs); + if (EFI_ERROR (Status)) { + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), L"[Unknown]", NULL); + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), L"[Unknown]", NULL); + } else { + TempBuffer[0] = 0; + for (Index = 0; Index < Pcrs.count; Index++) { + if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) { + AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer), Pcrs.pcrSelections[Index].hash); + } + } + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), TempBuffer, NULL); + + TempBuffer[0] = 0; + for (Index = 0; Index < Pcrs.count; Index++) { + AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer), Pcrs.pcrSelections[Index].hash); + SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash); + } + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL); + } + + Status = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, &IsCmdImp); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status)); + } + Tcg2ConfigInfo.ChangeEPSSupported = IsCmdImp; + + FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PcdGet32 (PcdTcg2HashAlgorithmBitmap)); + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_BIOS_HASH_ALGO_CONTENT), TempBuffer, NULL); + + // + // Tcg2 Capability + // + FillBufferWithTCG2EventLogFormat (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.SupportedEventLogs); + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_SUPPORTED_EVENT_LOG_FORMAT_CONTENT), TempBuffer, NULL); + + FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.HashAlgorithmBitmap); + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_HASH_ALGO_BITMAP_CONTENT), TempBuffer, NULL); + + UnicodeSPrint (TempBuffer, sizeof (TempBuffer), L"%d", PrivateData->ProtocolCapability.NumberOfPCRBanks); + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_NUMBER_OF_PCR_BANKS_CONTENT), TempBuffer, NULL); + + FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.ActivePcrBanks); + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_ACTIVE_PCR_BANKS_CONTENT), TempBuffer, NULL); + + // + // Update TPM device interface type + // + if (PrivateData->TpmDeviceDetected == TPM_DEVICE_2_0_DTPM) { + TpmDeviceInterfaceDetected = PcdGet8(PcdActiveTpmInterfaceType); + switch (TpmDeviceInterfaceDetected) { + case Tpm2PtpInterfaceTis: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"TIS", NULL); + break; + case Tpm2PtpInterfaceFifo: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"PTP FIFO", NULL); + break; + case Tpm2PtpInterfaceCrb: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"PTP CRB", NULL); + break; + default: + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT), L"Unknown", NULL); + break; + } + + Tcg2ConfigInfo.TpmDeviceInterfaceAttempt = TpmDeviceInterfaceDetected; + switch (TpmDeviceInterfaceDetected) { + case Tpm2PtpInterfaceTis: + Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = FALSE; + Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = FALSE; + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), L"TIS", NULL); + break; + case Tpm2PtpInterfaceFifo: + case Tpm2PtpInterfaceCrb: + Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = IsPtpFifoSupported((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = IsPtpCrbSupported((VOID *) (UINTN) PcdGet64 (PcdTpmBaseAddress)); + TempBuffer[0] = 0; + if (Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported) { + if (TempBuffer[0] != 0) { + StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L", "); + } + StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L"PTP FIFO"); + } + if (Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported) { + if (TempBuffer[0] != 0) { + StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L", "); + } + StrCatS (TempBuffer, sizeof(TempBuffer) / sizeof (CHAR16), L"PTP CRB"); + } + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), TempBuffer, NULL); + break; + default: + Tcg2ConfigInfo.TpmDeviceInterfacePtpFifoSupported = FALSE; + Tcg2ConfigInfo.TpmDeviceInterfacePtpCrbSupported = FALSE; + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT), L"Unknown", NULL); + break; + } + } + + // + // Set ConfigInfo, to control the check box. + // + Status = gRT->SetVariable ( + TCG2_STORAGE_INFO_NAME, + &gTcg2ConfigFormSetGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof(Tcg2ConfigInfo), + &Tcg2ConfigInfo + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_INFO_NAME\n")); + } + + return EFI_SUCCESS; +} + +/** + This function removes TCG2 configuration Form. + + @param[in, out] PrivateData Points to TCG2 configuration private data. + +**/ +VOID +UninstallTcg2ConfigForm ( + IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + // + // Uninstall HII package list + // + if (PrivateData->HiiHandle != NULL) { + HiiRemovePackages (PrivateData->HiiHandle); + PrivateData->HiiHandle = NULL; + } + + // + // Uninstall HII Config Access Protocol + // + if (PrivateData->DriverHandle != NULL) { + gBS->UninstallMultipleProtocolInterfaces ( + PrivateData->DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTcg2HiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &PrivateData->ConfigAccess, + NULL + ); + PrivateData->DriverHandle = NULL; + } + + FreePool (PrivateData); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h new file mode 100644 index 00000000..3dc80f0b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.h @@ -0,0 +1,198 @@ +/** @file + The header file of HII Config Access protocol implementation of TCG2 + configuration module. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG2_CONFIG_IMPL_H__ +#define __TCG2_CONFIG_IMPL_H__ + +#include <Uefi.h> + +#include <IndustryStandard/Tpm2Acpi.h> + +#include <Protocol/HiiConfigAccess.h> +#include <Protocol/HiiConfigRouting.h> +#include <Protocol/Tcg2Protocol.h> +#include <Protocol/VariableLock.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/UefiHiiServicesLib.h> +#include <Library/UefiLib.h> +#include <Library/HiiLib.h> +#include <Library/DevicePathLib.h> +#include <Library/PcdLib.h> +#include <Library/PrintLib.h> +#include <Library/Tcg2PhysicalPresenceLib.h> + +#include <Guid/MdeModuleHii.h> + +#include "Tcg2ConfigNvData.h" +#include "Tcg2Internal.h" + +#define TCG2_PROTOCOL_VERSION_DEFAULT 0x0001 + +// +// Tool generated IFR binary data and String package data +// +extern UINT8 Tcg2ConfigBin[]; +extern UINT8 Tcg2ConfigDxeStrings[]; + +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; + +typedef struct { + UINTN Signature; + + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + + UINT8 TpmDeviceDetected; + EFI_TCG2_PROTOCOL *Tcg2Protocol; + EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability; + UINT32 PCRBanksDesired; +} TCG2_CONFIG_PRIVATE_DATA; + +extern TCG2_CONFIG_PRIVATE_DATA mTcg2ConfigPrivateDateTemplate; +extern TCG2_CONFIG_PRIVATE_DATA *mTcg2ConfigPrivateDate; +#define TCG2_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'r', 'E', 'D') +#define TCG2_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, TCG2_CONFIG_PRIVATE_DATA, ConfigAccess, TCG2_CONFIG_PRIVATE_DATA_SIGNATURE) + +#define TPM_HID_PNP_SIZE 8 +#define TPM_HID_ACPI_SIZE 9 + +/** + This function publish the TCG2 configuration Form for TPM device. + + @param[in, out] PrivateData Points to TCG2 configuration private data. + + @retval EFI_SUCCESS HII Form is installed for this network device. + @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +InstallTcg2ConfigForm ( + IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData + ); + +/** + This function removes TCG2 configuration Form. + + @param[in, out] PrivateData Points to TCG2 configuration private data. + +**/ +VOID +UninstallTcg2ConfigForm ( + IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData + ); + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Request A null-terminated Unicode string in + <ConfigRequest> format. + @param[out] Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param[out] Results A null-terminated Unicode string in + <ConfigAltResp> format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +Tcg2ExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ); + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Configuration A null-terminated Unicode string in <ConfigResp> + format. + @param[out] Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +Tcg2RouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ); + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Action Specifies the type of action taken by the browser. + @param[in] QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the original + exporting driver. + @param[out] ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +Tcg2Callback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h new file mode 100644 index 00000000..5460a767 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h @@ -0,0 +1,89 @@ +/** @file + Header file for NV data structure definition. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG2_CONFIG_NV_DATA_H__ +#define __TCG2_CONFIG_NV_DATA_H__ + +#include <Guid/HiiPlatformSetupFormset.h> +#include <Guid/Tcg2ConfigHii.h> +#include <IndustryStandard/TcgPhysicalPresence.h> + +#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001 +#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002 +#define TCG2_VERSION_VARSTORE_ID 0x0003 +#define TCG2_CONFIGURATION_FORM_ID 0x0001 + +#define KEY_TPM_DEVICE 0x2000 +#define KEY_TPM2_OPERATION 0x2001 +#define KEY_TPM2_OPERATION_PARAMETER 0x2002 +#define KEY_TPM2_PCR_BANKS_REQUEST_0 0x2003 +#define KEY_TPM2_PCR_BANKS_REQUEST_1 0x2004 +#define KEY_TPM2_PCR_BANKS_REQUEST_2 0x2005 +#define KEY_TPM2_PCR_BANKS_REQUEST_3 0x2006 +#define KEY_TPM2_PCR_BANKS_REQUEST_4 0x2007 +#define KEY_TPM_DEVICE_INTERFACE 0x2008 +#define KEY_TCG2_PPI_VERSION 0x2009 +#define KEY_TPM2_ACPI_REVISION 0x200A + +#define TPM_DEVICE_NULL 0 +#define TPM_DEVICE_1_2 1 +#define TPM_DEVICE_2_0_DTPM 2 +#define TPM_DEVICE_MIN TPM_DEVICE_1_2 +#define TPM_DEVICE_MAX TPM_DEVICE_2_0_DTPM +#define TPM_DEVICE_DEFAULT TPM_DEVICE_1_2 + +#define TPM2_ACPI_REVISION_3 3 +#define TPM2_ACPI_REVISION_4 4 + +#define TPM_DEVICE_INTERFACE_TIS 0 +#define TPM_DEVICE_INTERFACE_PTP_FIFO 1 +#define TPM_DEVICE_INTERFACE_PTP_CRB 2 +#define TPM_DEVICE_INTERFACE_MAX TPM_DEVICE_INTERFACE_PTP_FIFO +#define TPM_DEVICE_INTERFACE_DEFAULT TPM_DEVICE_INTERFACE_PTP_CRB + +#define TCG2_PPI_VERSION_1_2 0x322E31 // "1.2" +#define TCG2_PPI_VERSION_1_3 0x332E31 // "1.3" + +// +// Nv Data structure referenced by IFR, TPM device user desired +// +typedef struct { + UINT8 TpmDevice; +} TCG2_CONFIGURATION; + +typedef struct { + UINT64 PpiVersion; + UINT8 Tpm2AcpiTableRev; +} TCG2_VERSION; + +typedef struct { + BOOLEAN Sha1Supported; + BOOLEAN Sha256Supported; + BOOLEAN Sha384Supported; + BOOLEAN Sha512Supported; + BOOLEAN Sm3Supported; + UINT8 TpmDeviceInterfaceAttempt; + BOOLEAN TpmDeviceInterfacePtpFifoSupported; + BOOLEAN TpmDeviceInterfacePtpCrbSupported; + BOOLEAN ChangeEPSSupported; +} TCG2_CONFIGURATION_INFO; + +// +// Variable saved for S3, TPM detected, only valid in S3 path. +// This variable is ReadOnly. +// +typedef struct { + UINT8 TpmDeviceDetected; +} TCG2_DEVICE_DETECTION; + +#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION" +#define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO" +#define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION" +#define TCG2_VERSION_NAME L"TCG2_VERSION" + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf new file mode 100644 index 00000000..861ffa52 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -0,0 +1,71 @@ +## @file +# Set TPM device type +# +# This module initializes TPM device type based on variable and detection. +# NOTE: This module is only for reference only, each platform should have its own setup page. +# +# Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2ConfigPei + MODULE_UNI_FILE = Tcg2ConfigPei.uni + FILE_GUID = EADD5061-93EF-4CCC-8450-F78A7F0820F0 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = Tcg2ConfigPeimEntryPoint + +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# +# [BootMode] +# S3_RESUME ## SOMETIMES_CONSUMES +# + +[Sources] + Tcg2ConfigPeim.c + Tcg2ConfigNvData.h + Tcg2Internal.h + TpmDetection.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + PeiServicesLib + PeimEntryPoint + DebugLib + PcdLib + TimerLib + Tpm12CommandLib + Tpm12DeviceLib + +[Guids] + ## SOMETIMES_CONSUMES ## Variable:L"TCG2_CONFIGURATION" + ## SOMETIMES_CONSUMES ## Variable:L"TCG2_DEVICE_DETECTION" + gTcg2ConfigFormSetGuid + gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI GUID + gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_CONSUMES ## GUID # TPM device identifier + +[Ppis] + gEfiPeiReadOnlyVariable2PpiGuid ## CONSUMES + gPeiTpmInitializationDonePpiGuid ## SOMETIMES_PRODUCES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy ## PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection ## CONSUMES + +[Depex] + gEfiPeiMasterBootModePpiGuid AND + gEfiPeiReadOnlyVariable2PpiGuid + +[UserExtensions.TianoCore."ExtraFiles"] + Tcg2ConfigPeiExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.uni new file mode 100644 index 00000000..17b05e89 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPei.uni @@ -0,0 +1,18 @@ +// /** @file
+// Set TPM device type
+//
+// This module initializes TPM device type based on variable and detection.
+// NOTE: This module is only for reference only, each platform should have its own setup page.
+//
+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Set TPM device type"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module initializes TPM device type based on variable and detection.\n"
+ "NOTE: This module is only for reference only, each platform should have its own setup page."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeiExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeiExtra.uni new file mode 100644 index 00000000..f263afc8 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeiExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// Tcg2ConfigDxe Localized Strings and Content
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG2 (Trusted Computing Group) Configuration DXE"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c new file mode 100644 index 00000000..823b9c20 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigPeim.c @@ -0,0 +1,154 @@ +/** @file + The module entry point for Tcg2 configuration module. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include <PiPei.h> + +#include <Guid/TpmInstance.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/PeiServicesLib.h> +#include <Library/PcdLib.h> + +#include <Ppi/ReadOnlyVariable2.h> +#include <Ppi/TpmInitialized.h> +#include <Protocol/Tcg2Protocol.h> + +#include "Tcg2ConfigNvData.h" +#include "Tcg2Internal.h" + +TPM_INSTANCE_ID mTpmInstanceId[] = TPM_INSTANCE_ID_LIST; + +CONST EFI_PEI_PPI_DESCRIPTOR gTpmSelectedPpi = { + (EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEfiTpmDeviceSelectedGuid, + NULL +}; + +EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiTpmInitializationDonePpiGuid, + NULL +}; + +/** + This routine check both SetupVariable and real TPM device, and return final TpmDevice configuration. + + @param SetupTpmDevice TpmDevice configuration in setup driver + + @return TpmDevice configuration +**/ +UINT8 +DetectTpmDevice ( + IN UINT8 SetupTpmDevice + ); + +/** + The entry point for Tcg2 configuration driver. + + @param FileHandle Handle of the file being invoked. + @param PeiServices Describes the list of possible PEI Services. + + @retval EFI_SUCCESS Convert variable to PCD successfully. + @retval Others Fail to convert variable to PCD. +**/ +EFI_STATUS +EFIAPI +Tcg2ConfigPeimEntryPoint ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + UINTN Size; + EFI_STATUS Status; + EFI_STATUS Status2; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; + TCG2_CONFIGURATION Tcg2Configuration; + UINTN Index; + UINT8 TpmDevice; + + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + ASSERT_EFI_ERROR (Status); + + Size = sizeof(Tcg2Configuration); + Status = VariablePpi->GetVariable ( + VariablePpi, + TCG2_STORAGE_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &Size, + &Tcg2Configuration + ); + if (EFI_ERROR (Status)) { + // + // Variable not ready, set default value + // + Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT; + } + + // + // Validation + // + if ((Tcg2Configuration.TpmDevice > TPM_DEVICE_MAX) || (Tcg2Configuration.TpmDevice < TPM_DEVICE_MIN)) { + Tcg2Configuration.TpmDevice = TPM_DEVICE_DEFAULT; + } + + // + // Although we have SetupVariable info, we still need detect TPM device manually. + // + DEBUG ((EFI_D_INFO, "Tcg2Configuration.TpmDevice from Setup: %x\n", Tcg2Configuration.TpmDevice)); + + if (PcdGetBool (PcdTpmAutoDetection)) { + TpmDevice = DetectTpmDevice (Tcg2Configuration.TpmDevice); + DEBUG ((EFI_D_INFO, "TpmDevice final: %x\n", TpmDevice)); + if (TpmDevice != TPM_DEVICE_NULL) { + Tcg2Configuration.TpmDevice = TpmDevice; + } + } else { + TpmDevice = Tcg2Configuration.TpmDevice; + } + + // + // Convert variable to PCD. + // This is work-around because there is no guarantee DynamicHiiPcd can return correct value in DXE phase. + // Using DynamicPcd instead. + // + // NOTE: Tcg2Configuration variable contains the desired TpmDevice type, + // while PcdTpmInstanceGuid PCD contains the real detected TpmDevice type + // + for (Index = 0; Index < sizeof(mTpmInstanceId)/sizeof(mTpmInstanceId[0]); Index++) { + if (TpmDevice == mTpmInstanceId[Index].TpmDevice) { + Size = sizeof(mTpmInstanceId[Index].TpmInstanceGuid); + Status = PcdSetPtrS (PcdTpmInstanceGuid, &Size, &mTpmInstanceId[Index].TpmInstanceGuid); + ASSERT_EFI_ERROR (Status); + DEBUG ((EFI_D_INFO, "TpmDevice PCD: %g\n", &mTpmInstanceId[Index].TpmInstanceGuid)); + break; + } + } + + // + // Selection done + // + Status = PeiServicesInstallPpi (&gTpmSelectedPpi); + ASSERT_EFI_ERROR (Status); + + // + // Even if no TPM is selected or detected, we still need install TpmInitializationDonePpi. + // Because TcgPei or Tcg2Pei will not run, but we still need a way to notify other driver. + // Other driver can know TPM initialization state by TpmInitializedPpi. + // + if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid)) { + Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList); + ASSERT_EFI_ERROR (Status2); + } + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni new file mode 100644 index 00000000..ee7fa081 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigStrings.uni @@ -0,0 +1,132 @@ +/** @file
+ String definitions for TCG2 configuration form.
+
+Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#langdef en-US "English"
+
+#string STR_TCG2_TITLE #language en-US "TCG2 Configuration"
+#string STR_TCG2_HELP #language en-US "Press <Enter> to select TCG2 Setup options."
+
+#string STR_TCG2_DEVICE_STATE_PROMPT #language en-US "Current TPM Device"
+#string STR_TCG2_DEVICE_STATE_HELP #language en-US "Current TPM Device: Disable, TPM1.2, or TPM2.0"
+#string STR_TCG2_DEVICE_STATE_CONTENT #language en-US ""
+
+#string STR_TCG2_DEVICE_PROMPT #language en-US "Attempt TPM Device"
+#string STR_TCG2_DEVICE_HELP #language en-US "Attempt TPM Device: TPM1.2, or TPM2.0"
+#string STR_TCG2_DEVICE_CONTENT #language en-US ""
+
+#string STR_TCG2_PPI_VERSION_STATE_PROMPT #language en-US "Current PPI Version"
+#string STR_TCG2_PPI_VERSION_STATE_HELP #language en-US "Current PPI Version: 1.2 or 1.3"
+#string STR_TCG2_PPI_VERSION_STATE_CONTENT #language en-US ""
+
+#string STR_TCG2_PPI_VERSION_PROMPT #language en-US "Attempt PPI Version"
+#string STR_TCG2_PPI_VERSION_HELP #language en-US "Attempt PPI Version: 1.2 or 1.3\n"
+ "PcdTcgPhysicalPresenceInterfaceVer needs to be DynamicHii type and map to this option\n"
+ "Otherwise the version configuring by this setup option will not work"
+
+#string STR_TPM2_ACPI_HID_PROMPT #language en-US "HID from TPM2 ACPI Table"
+#string STR_TPM2_ACPI_HID_HELP #language en-US "HID from TPM2 ACPI Table: ManufacturerID + FirmwareVersion_1"
+#string STR_TPM2_ACPI_HID_CONTENT #language en-US ""
+
+#string STR_TPM2_ACPI_REVISION_STATE_PROMPT #language en-US "Current Rev of TPM2 ACPI Table"
+#string STR_TPM2_ACPI_REVISION_STATE_HELP #language en-US "Current Rev of TPM2 ACPI Table: Rev 3 or Rev 4"
+#string STR_TPM2_ACPI_REVISION_STATE_CONTENT #language en-US ""
+
+#string STR_TPM2_ACPI_REVISION_PROMPT #language en-US "Attempt Rev of TPM2 ACPI Table"
+#string STR_TPM2_ACPI_REVISION_HELP #language en-US "Rev 3 or Rev 4 (Rev 4 is defined in TCG ACPI Spec 00.37)"
+ "PcdTpm2AcpiTableRev needs to be DynamicHii type and map to this option\n"
+ "Otherwise the version configuring by this setup option will not work"
+
+#string STR_TCG2_DEVICE_INTERFACE_STATE_PROMPT #language en-US "Current TPM Device Interface"
+#string STR_TCG2_DEVICE_INTERFACE_STATE_HELP #language en-US "Current TPM Device Interface: TIS, PTP FIFO, PTP CRB"
+#string STR_TCG2_DEVICE_INTERFACE_STATE_CONTENT #language en-US ""
+
+#string STR_TCG2_DEVICE_INTERFACE_CAPABILITY_PROMPT #language en-US "PTP TPM Device Interface Capability"
+#string STR_TCG2_DEVICE_INTERFACE_CAPABILITY_HELP #language en-US "PTP TPM Device Interface Capability: PTP FIFO, PTP CRB"
+#string STR_TCG2_DEVICE_INTERFACE_CAPABILITY_CONTENT #language en-US ""
+
+#string STR_TCG2_DEVICE_INTERFACE_PROMPT #language en-US "Attempt PTP TPM Device Interface"
+#string STR_TCG2_DEVICE_INTERFACE_HELP #language en-US "Attempt PTP TPM Device Interface: PTP FIFO, PTP CRB"
+#string STR_TCG2_DEVICE_INTERFACE_CONTENT #language en-US ""
+
+#string STR_TCG2_DEVICE_INTERFACE_TIS #language en-US "TIS"
+#string STR_TCG2_DEVICE_INTERFACE_PTP_FIFO #language en-US "PTP FIFO"
+#string STR_TCG2_DEVICE_INTERFACE_PTP_CRB #language en-US "PTP CRB"
+
+#string STR_TCG2_PP_OPERATION #language en-US "TPM2 Physical Presence Operation"
+
+#string STR_TCG2_OPERATION #language en-US "TPM2 Operation"
+#string STR_TCG2_OPERATION_HELP #language en-US "Select one of the supported operation to change TPM2 state."
+
+#string STR_TCG2_NO_ACTION #language en-US "No Action"
+#string STR_TCG2_ENABLE #language en-US "TPM2 HierarchyControl (TPM_RH_OWNER YES, TPM_RH_ENDORSEMENT YES)"
+#string STR_TCG2_DISABLE #language en-US "TPM2 HierarchyControl (TPM_RH_OWNER NO, TPM_RH_ENDORSEMENT NO)"
+#string STR_TCG2_CLEAR #language en-US "TPM2 ClearControl(NO) + Clear"
+#string STR_TCG2_SET_PCD_BANKS #language en-US "TPM2 PCR_Allocate(Algorithm IDs)"
+#string STR_TCG2_CHANGE_EPS #language en-US "TPM2 ChangeEPS"
+#string STR_TCG2_LOG_ALL_DIGESTS #language en-US "TCG2 LogAllDigests"
+#string STR_TCG2_DISABLE_ENDORSEMENT_ENABLE_STORAGE_HIERARCHY #language en-US "TPM2 HierarchyControl (TPM_RH_OWNER NO, TPM_RH_ENDORSEMENT YES)"
+
+#string STR_TCG2_OPERATION_PARAMETER #language en-US "TPM2 Operation Parameter"
+#string STR_TCG2_OPERATION_PARAMETER_HELP #language en-US "Additional TPM2 Operation Parameter need be sent with Operation Code (required for SetPCRBanks)"
+
+#string STR_TCG2_TPM_1_2 #language en-US "TPM 1.2"
+#string STR_TCG2_TPM_2_0_DTPM #language en-US "TPM 2.0"
+
+#string STR_TPM2_ACPI_REVISION_3 #language en-US "Rev 3"
+#string STR_TPM2_ACPI_REVISION_4 #language en-US "Rev 4"
+
+#string STR_TCG2_PPI_VERSION_1_2 #language en-US "1.2"
+#string STR_TCG2_PPI_VERSION_1_3 #language en-US "1.3"
+
+#string STR_TPM2_ACTIVE_HASH_ALGO #language en-US "TPM2 Active PCR Hash Algorithm"
+#string STR_TPM2_ACTIVE_HASH_ALGO_HELP #language en-US "TPM2 Active PCR Hash Algorithm: SHA1, SHA256, SHA384, SHA512, SM3_256"
+#string STR_TPM2_ACTIVE_HASH_ALGO_CONTENT #language en-US ""
+
+#string STR_TPM2_SUPPORTED_HASH_ALGO #language en-US "TPM2 Hardware Supported Hash Algorithm"
+#string STR_TPM2_SUPPORTED_HASH_ALGO_HELP #language en-US "TPM2 Hardware Supported Hash Algorithm: SHA1, SHA256, SHA384, SHA512, SM3_256"
+#string STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT #language en-US ""
+
+#string STR_BIOS_HASH_ALGO #language en-US "BIOS Supported Hash Algorithm"
+#string STR_BIOS_HASH_ALGO_HELP #language en-US "BIOS Supported Hash Algorithm: SHA1, SHA256, SHA384, SHA512, SM3_256"
+#string STR_BIOS_HASH_ALGO_CONTENT #language en-US ""
+
+#string STR_TCG2_CONFIGURATION #language en-US "TCG2 Protocol Configuration"
+
+#string STR_TCG2_PROTOCOL_VERSION #language en-US "TCG2 Protocol Version"
+#string STR_TCG2_PROTOCOL_VERSION_HELP #language en-US "TCG2 Protocol Version: 1.0 or 1.1"
+#string STR_TCG2_PROTOCOL_VERSION_1_0 #language en-US "1.0"
+#string STR_TCG2_PROTOCOL_VERSION_1_1 #language en-US "1.1"
+
+#string STR_TCG2_SUPPORTED_EVENT_LOG_FORMAT #language en-US "Supported Event Log Format"
+#string STR_TCG2_SUPPORTED_EVENT_LOG_FORMAT_HELP #language en-US "TCG2 Supported Event Log Format: TCG_1_2, TCG_2"
+#string STR_TCG2_SUPPORTED_EVENT_LOG_FORMAT_CONTENT #language en-US ""
+
+#string STR_TCG2_HASH_ALGO_BITMAP #language en-US "Hash Algorithm Bitmap"
+#string STR_TCG2_HASH_ALGO_BITMAP_HELP #language en-US "TCG2 Supported Hash Algorithm Bitmap: SHA1, SHA256, SHA384, SHA512"
+#string STR_TCG2_HASH_ALGO_BITMAP_CONTENT #language en-US ""
+
+#string STR_TCG2_NUMBER_OF_PCR_BANKS #language en-US "Number of PCR Banks"
+#string STR_TCG2_NUMBER_OF_PCR_BANKS_HELP #language en-US "TCG2 Number of PCR Banks"
+#string STR_TCG2_NUMBER_OF_PCR_BANKS_CONTENT #language en-US ""
+
+#string STR_TCG2_ACTIVE_PCR_BANKS #language en-US "Active PCR Banks"
+#string STR_TCG2_ACTIVE_PCR_BANKS_HELP #language en-US "TCG2 Active PCR Banks: SHA1, SHA256, SHA384, SHA512"
+#string STR_TCG2_ACTIVE_PCR_BANKS_CONTENT #language en-US ""
+
+#string STR_TCG2_PCR_BANK_SHA1 #language en-US " PCR Bank: SHA1"
+#string STR_TCG2_PCR_BANK_SHA1_HELP #language en-US "TCG2 Request PCR Bank: SHA1"
+#string STR_TCG2_PCR_BANK_SHA256 #language en-US " PCR Bank: SHA256"
+#string STR_TCG2_PCR_BANK_SHA256_HELP #language en-US "TCG2 Request PCR Bank: SHA256"
+#string STR_TCG2_PCR_BANK_SHA384 #language en-US " PCR Bank: SHA384"
+#string STR_TCG2_PCR_BANK_SHA384_HELP #language en-US "TCG2 Request PCR Bank: SHA384"
+#string STR_TCG2_PCR_BANK_SHA512 #language en-US " PCR Bank: SHA512"
+#string STR_TCG2_PCR_BANK_SHA512_HELP #language en-US "TCG2 Request PCR Bank: SHA512"
+#string STR_TCG2_PCR_BANK_SM3_256 #language en-US " PCR Bank: SM3_256"
+#string STR_TCG2_PCR_BANK_SM3_256_HELP #language en-US "TCG2 Request PCR Bank: SM3_256"
+
+#string STR_NULL #language en-US ""
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2Internal.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2Internal.h new file mode 100644 index 00000000..70d54ec4 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/Tcg2Internal.h @@ -0,0 +1,26 @@ +/** @file + The internal header file defines the common structures for PEI and DXE modules. + +Copyright (c) 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG2_INTERNAL_H__ +#define __TCG2_INTERNAL_H__ + +#define EFI_TCG2_EVENT_LOG_FORMAT_DEFAULT EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 +#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) + +#define TPM_INSTANCE_ID_LIST { \ + {TPM_DEVICE_INTERFACE_NONE, TPM_DEVICE_NULL}, \ + {TPM_DEVICE_INTERFACE_TPM12, TPM_DEVICE_1_2}, \ + {TPM_DEVICE_INTERFACE_TPM20_DTPM, TPM_DEVICE_2_0_DTPM}, \ +} + +typedef struct { + GUID TpmInstanceGuid; + UINT8 TpmDevice; +} TPM_INSTANCE_ID; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c new file mode 100644 index 00000000..c4fe7f38 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Config/TpmDetection.c @@ -0,0 +1,100 @@ +/** @file + TPM1.2/dTPM2.0 auto detection. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + + +#include <PiPei.h> +#include <Ppi/ReadOnlyVariable2.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/PeiServicesLib.h> +#include <Library/PcdLib.h> +#include <Library/Tpm12DeviceLib.h> +#include <Library/Tpm12CommandLib.h> +#include <IndustryStandard/Tpm12.h> + +#include "Tcg2ConfigNvData.h" +#include "Tcg2Internal.h" + +/** + This routine check both SetupVariable and real TPM device, and return final TpmDevice configuration. + + @param SetupTpmDevice TpmDevice configuration in setup driver + + @return TpmDevice configuration +**/ +UINT8 +DetectTpmDevice ( + IN UINT8 SetupTpmDevice + ) +{ + EFI_STATUS Status; + EFI_BOOT_MODE BootMode; + TCG2_DEVICE_DETECTION Tcg2DeviceDetection; + EFI_PEI_READ_ONLY_VARIABLE2_PPI *VariablePpi; + UINTN Size; + + Status = PeiServicesGetBootMode (&BootMode); + ASSERT_EFI_ERROR (Status); + + // + // In S3, we rely on normal boot Detection, because we save to ReadOnly Variable in normal boot. + // + if (BootMode == BOOT_ON_S3_RESUME) { + DEBUG ((EFI_D_INFO, "DetectTpmDevice: S3 mode\n")); + + Status = PeiServicesLocatePpi (&gEfiPeiReadOnlyVariable2PpiGuid, 0, NULL, (VOID **) &VariablePpi); + ASSERT_EFI_ERROR (Status); + + Size = sizeof(TCG2_DEVICE_DETECTION); + ZeroMem (&Tcg2DeviceDetection, sizeof(Tcg2DeviceDetection)); + Status = VariablePpi->GetVariable ( + VariablePpi, + TCG2_DEVICE_DETECTION_NAME, + &gTcg2ConfigFormSetGuid, + NULL, + &Size, + &Tcg2DeviceDetection + ); + if (!EFI_ERROR (Status) && + (Tcg2DeviceDetection.TpmDeviceDetected >= TPM_DEVICE_MIN) && + (Tcg2DeviceDetection.TpmDeviceDetected <= TPM_DEVICE_MAX)) { + DEBUG ((EFI_D_ERROR, "TpmDevice from DeviceDetection: %x\n", Tcg2DeviceDetection.TpmDeviceDetected)); + return Tcg2DeviceDetection.TpmDeviceDetected; + } + } + + DEBUG ((EFI_D_INFO, "DetectTpmDevice:\n")); + + // dTPM available and not disabled by setup + // We need check if it is TPM1.2 or TPM2.0 + // So try TPM1.2 command at first + + Status = Tpm12RequestUseTpm (); + if (EFI_ERROR (Status)) { + // + // dTPM not available + // + return TPM_DEVICE_NULL; + } + + if (BootMode == BOOT_ON_S3_RESUME) { + Status = Tpm12Startup (TPM_ST_STATE); + } else { + Status = Tpm12Startup (TPM_ST_CLEAR); + } + if (EFI_ERROR (Status)) { + return TPM_DEVICE_2_0_DTPM; + } + + // NO initialization needed again. + Status = PcdSet8S (PcdTpmInitializationPolicy, 0); + ASSERT_EFI_ERROR (Status); + return TPM_DEVICE_1_2; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c new file mode 100644 index 00000000..2b062069 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c @@ -0,0 +1,406 @@ +/** @file + This module implements measuring PeCoff image for Tcg2 Protocol. + + Caution: This file requires additional review when modified. + This driver will have external input - PE/COFF image. + This external input must be validated carefully to avoid security issue like + buffer overflow, integer overflow. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> + +#include <Library/BaseLib.h> +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/DevicePathLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/PeCoffLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/HashLib.h> + +UINTN mTcg2DxeImageSize = 0; + +/** + Reads contents of a PE/COFF image in memory buffer. + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will make sure the PE/COFF image content + read is within the image buffer. + + @param FileHandle Pointer to the file handle to read the PE/COFF image. + @param FileOffset Offset into the PE/COFF image to begin the read operation. + @param ReadSize On input, the size in bytes of the requested read operation. + On output, the number of bytes actually read. + @param Buffer Output buffer that contains the data read from the PE/COFF image. + + @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size +**/ +EFI_STATUS +EFIAPI +Tcg2DxeImageRead ( + IN VOID *FileHandle, + IN UINTN FileOffset, + IN OUT UINTN *ReadSize, + OUT VOID *Buffer + ) +{ + UINTN EndPosition; + + if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (MAX_ADDRESS - FileOffset < *ReadSize) { + return EFI_INVALID_PARAMETER; + } + + EndPosition = FileOffset + *ReadSize; + if (EndPosition > mTcg2DxeImageSize) { + *ReadSize = (UINT32)(mTcg2DxeImageSize - FileOffset); + } + + if (FileOffset >= mTcg2DxeImageSize) { + *ReadSize = 0; + } + + CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); + + return EFI_SUCCESS; +} + +/** + Measure PE image into TPM log based on the authenticode image hashing in + PE/COFF Specification 8.0 Appendix A. + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. + + Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInfo(). + + @param[in] PCRIndex TPM PCR index + @param[in] ImageAddress Start address of image buffer. + @param[in] ImageSize Image size + @param[out] DigestList Digest list of this image. + + @retval EFI_SUCCESS Successfully measure image. + @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. + @retval other error value +**/ +EFI_STATUS +MeasurePeImageAndExtend ( + IN UINT32 PCRIndex, + IN EFI_PHYSICAL_ADDRESS ImageAddress, + IN UINTN ImageSize, + OUT TPML_DIGEST_VALUES *DigestList + ) +{ + EFI_STATUS Status; + EFI_IMAGE_DOS_HEADER *DosHdr; + UINT32 PeCoffHeaderOffset; + EFI_IMAGE_SECTION_HEADER *Section; + UINT8 *HashBase; + UINTN HashSize; + UINTN SumOfBytesHashed; + EFI_IMAGE_SECTION_HEADER *SectionHeader; + UINTN Index; + UINTN Pos; + EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; + UINT32 NumberOfRvaAndSizes; + UINT32 CertSize; + HASH_HANDLE HashHandle; + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + + HashHandle = 0xFFFFFFFF; // Know bad value + + Status = EFI_UNSUPPORTED; + SectionHeader = NULL; + + // + // Check PE/COFF image + // + ZeroMem (&ImageContext, sizeof (ImageContext)); + ImageContext.Handle = (VOID *) (UINTN) ImageAddress; + mTcg2DxeImageSize = ImageSize; + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) Tcg2DxeImageRead; + + // + // Get information about the image being loaded + // + Status = PeCoffLoaderGetImageInfo (&ImageContext); + if (EFI_ERROR (Status)) { + // + // The information can't be got from the invalid PeImage + // + DEBUG ((DEBUG_INFO, "Tcg2Dxe: PeImage invalid. Cannot retrieve image information.\n")); + goto Finish; + } + + DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress; + PeCoffHeaderOffset = 0; + if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { + PeCoffHeaderOffset = DosHdr->e_lfanew; + } + + Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset); + if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { + Status = EFI_UNSUPPORTED; + goto Finish; + } + + // + // PE/COFF Image Measurement + // + // NOTE: The following codes/steps are based upon the authenticode image hashing in + // PE/COFF Specification 8.0 Appendix A. + // + // + + // 1. Load the image header into memory. + + // 2. Initialize a SHA hash context. + + Status = HashStart (&HashHandle); + if (EFI_ERROR (Status)) { + goto Finish; + } + + // + // Measuring PE/COFF Image Header; + // But CheckSum field and SECURITY data directory (certificate) are excluded + // + + // + // 3. Calculate the distance from the base of the image header to the image checksum address. + // 4. Hash the image header from its base to beginning of the image checksum. + // + HashBase = (UINT8 *) (UINTN) ImageAddress; + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset + // + NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; + HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; + } else { + // + // Use PE32+ offset + // + NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; + HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase; + } + + Status = HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + goto Finish; + } + + // + // 5. Skip over the image checksum (it occupies a single ULONG). + // + if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { + // + // 6. Since there is no Cert Directory in optional header, hash everything + // from the end of the checksum to the end of image header. + // + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + } else { + // + // Use PE32+ offset. + // + HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + } + + if (HashSize != 0) { + Status = HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + goto Finish; + } + } + } else { + // + // 7. Hash everything from the end of the checksum to the start of the Cert Directory. + // + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset + // + HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN) (&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + } else { + // + // Use PE32+ offset + // + HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN) (&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + } + + if (HashSize != 0) { + Status = HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + goto Finish; + } + } + + // + // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) + // 9. Hash everything from the end of the Cert Directory to the end of image header. + // + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset + // + HashBase = (UINT8 *) &Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + } else { + // + // Use PE32+ offset + // + HashBase = (UINT8 *) &Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - ImageAddress); + } + + if (HashSize != 0) { + Status = HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + goto Finish; + } + } + } + + // + // 10. Set the SUM_OF_BYTES_HASHED to the size of the header + // + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset + // + SumOfBytesHashed = Hdr.Pe32->OptionalHeader.SizeOfHeaders; + } else { + // + // Use PE32+ offset + // + SumOfBytesHashed = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders; + } + + // + // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER + // structures in the image. The 'NumberOfSections' field of the image + // header indicates how big the table should be. Do not include any + // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. + // + SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); + if (SectionHeader == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Finish; + } + + // + // 12. Using the 'PointerToRawData' in the referenced section headers as + // a key, arrange the elements in the table in ascending order. In other + // words, sort the section headers according to the disk-file offset of + // the section. + // + Section = (EFI_IMAGE_SECTION_HEADER *) ( + (UINT8 *) (UINTN) ImageAddress + + PeCoffHeaderOffset + + sizeof(UINT32) + + sizeof(EFI_IMAGE_FILE_HEADER) + + Hdr.Pe32->FileHeader.SizeOfOptionalHeader + ); + for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { + Pos = Index; + while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) { + CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof(EFI_IMAGE_SECTION_HEADER)); + Pos--; + } + CopyMem (&SectionHeader[Pos], Section, sizeof(EFI_IMAGE_SECTION_HEADER)); + Section += 1; + } + + // + // 13. Walk through the sorted table, bring the corresponding section + // into memory, and hash the entire section (using the 'SizeOfRawData' + // field in the section header to determine the amount of data to hash). + // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED . + // 15. Repeat steps 13 and 14 for all the sections in the sorted table. + // + for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { + Section = (EFI_IMAGE_SECTION_HEADER *) &SectionHeader[Index]; + if (Section->SizeOfRawData == 0) { + continue; + } + HashBase = (UINT8 *) (UINTN) ImageAddress + Section->PointerToRawData; + HashSize = (UINTN) Section->SizeOfRawData; + + Status = HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + goto Finish; + } + + SumOfBytesHashed += HashSize; + } + + // + // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra + // data in the file that needs to be added to the hash. This data begins + // at file offset SUM_OF_BYTES_HASHED and its length is: + // FileSize - (CertDirectory->Size) + // + if (ImageSize > SumOfBytesHashed) { + HashBase = (UINT8 *) (UINTN) ImageAddress + SumOfBytesHashed; + + if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { + CertSize = 0; + } else { + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + CertSize = Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; + } else { + // + // Use PE32+ offset. + // + CertSize = Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; + } + } + + if (ImageSize > CertSize + SumOfBytesHashed) { + HashSize = (UINTN) (ImageSize - CertSize - SumOfBytesHashed); + + Status = HashUpdate (HashHandle, HashBase, HashSize); + if (EFI_ERROR (Status)) { + goto Finish; + } + } else if (ImageSize < CertSize + SumOfBytesHashed) { + Status = EFI_UNSUPPORTED; + goto Finish; + } + } + + // + // 17. Finalize the SHA hash. + // + Status = HashCompleteAndExtend (HashHandle, PCRIndex, NULL, 0, DigestList); + if (EFI_ERROR (Status)) { + goto Finish; + } + +Finish: + if (SectionHeader != NULL) { + FreePool (SectionHeader); + } + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c new file mode 100644 index 00000000..9d4142ba --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -0,0 +1,2801 @@ +/** @file + This module implements Tcg2 Protocol. + +Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> +#include <IndustryStandard/Acpi.h> +#include <IndustryStandard/PeImage.h> +#include <IndustryStandard/TcpaAcpi.h> + +#include <Guid/GlobalVariable.h> +#include <Guid/HobList.h> +#include <Guid/TcgEventHob.h> +#include <Guid/EventGroup.h> +#include <Guid/EventExitBootServiceFailed.h> +#include <Guid/ImageAuthentication.h> +#include <Guid/TpmInstance.h> + +#include <Protocol/DevicePath.h> +#include <Protocol/MpService.h> +#include <Protocol/VariableWrite.h> +#include <Protocol/Tcg2Protocol.h> +#include <Protocol/TrEEProtocol.h> +#include <Protocol/ResetNotification.h> + +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/UefiDriverEntryPoint.h> +#include <Library/HobLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/BaseLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/PrintLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/PcdLib.h> +#include <Library/UefiLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/HashLib.h> +#include <Library/PerformanceLib.h> +#include <Library/ReportStatusCodeLib.h> +#include <Library/Tcg2PhysicalPresenceLib.h> + +#define PERF_ID_TCG2_DXE 0x3120 + +typedef struct { + CHAR16 *VariableName; + EFI_GUID *VendorGuid; +} VARIABLE_TYPE; + +#define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000 +#define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000 + +typedef struct { + EFI_GUID *EventGuid; + EFI_TCG2_EVENT_LOG_FORMAT LogFormat; +} TCG2_EVENT_INFO_STRUCT; + +TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = { + {&gTcgEventEntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2}, + {&gTcgEvent2EntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2}, +}; + +#define TCG_EVENT_LOG_AREA_COUNT_MAX 2 + +typedef struct { + EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat; + EFI_PHYSICAL_ADDRESS Lasa; + UINT64 Laml; + UINTN EventLogSize; + UINT8 *LastEvent; + BOOLEAN EventLogStarted; + BOOLEAN EventLogTruncated; + UINTN Next800155EventOffset; +} TCG_EVENT_LOG_AREA_STRUCT; + +typedef struct _TCG_DXE_DATA { + EFI_TCG2_BOOT_SERVICE_CAPABILITY BsCap; + TCG_EVENT_LOG_AREA_STRUCT EventLogAreaStruct[TCG_EVENT_LOG_AREA_COUNT_MAX]; + BOOLEAN GetEventLogCalled[TCG_EVENT_LOG_AREA_COUNT_MAX]; + TCG_EVENT_LOG_AREA_STRUCT FinalEventLogAreaStruct[TCG_EVENT_LOG_AREA_COUNT_MAX]; + EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable[TCG_EVENT_LOG_AREA_COUNT_MAX]; +} TCG_DXE_DATA; + +TCG_DXE_DATA mTcgDxeData = { + { + sizeof (EFI_TCG2_BOOT_SERVICE_CAPABILITY), // Size + { 1, 1 }, // StructureVersion + { 1, 1 }, // ProtocolVersion + EFI_TCG2_BOOT_HASH_ALG_SHA1, // HashAlgorithmBitmap + EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2, // SupportedEventLogs + TRUE, // TPMPresentFlag + TCG2_DEFAULT_MAX_COMMAND_SIZE, // MaxCommandSize + TCG2_DEFAULT_MAX_RESPONSE_SIZE, // MaxResponseSize + 0, // ManufacturerID + 0, // NumberOfPCRBanks + 0, // ActivePcrBanks + }, +}; + +UINTN mBootAttempts = 0; +CHAR16 mBootVarName[] = L"BootOrder"; + +VARIABLE_TYPE mVariableType[] = { + {EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid}, + {EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid}, + {EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid}, + {EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid}, + {EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid}, +}; + +EFI_HANDLE mImageHandle; + +/** + Measure PE image into TPM log based on the authenticode image hashing in + PE/COFF Specification 8.0 Appendix A. + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will validate its data structure + within this image buffer before use. + + Notes: PE/COFF image is checked by BasePeCoffLib PeCoffLoaderGetImageInfo(). + + @param[in] PCRIndex TPM PCR index + @param[in] ImageAddress Start address of image buffer. + @param[in] ImageSize Image size + @param[out] DigestList Digest list of this image. + + @retval EFI_SUCCESS Successfully measure image. + @retval EFI_OUT_OF_RESOURCES No enough resource to measure image. + @retval other error value +**/ +EFI_STATUS +MeasurePeImageAndExtend ( + IN UINT32 PCRIndex, + IN EFI_PHYSICAL_ADDRESS ImageAddress, + IN UINTN ImageSize, + OUT TPML_DIGEST_VALUES *DigestList + ); + +/** + + This function dump raw data. + + @param Data raw data + @param Size raw data size + +**/ +VOID +InternalDumpData ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + for (Index = 0; Index < Size; Index++) { + DEBUG ((EFI_D_INFO, "%02x", (UINTN)Data[Index])); + } +} + +/** + + This function initialize TCG_PCR_EVENT2_HDR for EV_NO_ACTION Event Type other than EFI Specification ID event + The behavior is defined by TCG PC Client PFP Spec. Section 9.3.4 EV_NO_ACTION Event Types + + @param[in, out] NoActionEvent Event Header of EV_NO_ACTION Event + @param[in] EventSize Event Size of the EV_NO_ACTION Event + +**/ +VOID +InitNoActionEvent ( + IN OUT TCG_PCR_EVENT2_HDR *NoActionEvent, + IN UINT32 EventSize + ) +{ + UINT32 DigestListCount; + TPMI_ALG_HASH HashAlgId; + UINT8 *DigestBuffer; + + DigestBuffer = (UINT8 *)NoActionEvent->Digests.digests; + DigestListCount = 0; + + NoActionEvent->PCRIndex = 0; + NoActionEvent->EventType = EV_NO_ACTION; + + // + // Set Hash count & hashAlg accordingly, while Digest.digests[n].digest to all 0 + // + ZeroMem (&NoActionEvent->Digests, sizeof(NoActionEvent->Digests)); + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) { + HashAlgId = TPM_ALG_SHA1; + CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH)); + DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { + HashAlgId = TPM_ALG_SHA256; + CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH)); + DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { + HashAlgId = TPM_ALG_SHA384; + CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH)); + DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { + HashAlgId = TPM_ALG_SHA512; + CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH)); + DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; + } + + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { + HashAlgId = TPM_ALG_SM3_256; + CopyMem (DigestBuffer, &HashAlgId, sizeof(TPMI_ALG_HASH)); + DigestBuffer += sizeof(TPMI_ALG_HASH) + GetHashSizeFromAlgo (HashAlgId); + DigestListCount++; + } + + // + // Set Digests Count + // + WriteUnaligned32 ((UINT32 *)&NoActionEvent->Digests.count, DigestListCount); + + // + // Set Event Size + // + WriteUnaligned32((UINT32 *)DigestBuffer, EventSize); +} + +/** + + This function dump raw data with colume format. + + @param Data raw data + @param Size raw data size + +**/ +VOID +InternalDumpHex ( + IN UINT8 *Data, + IN UINTN Size + ) +{ + UINTN Index; + UINTN Count; + UINTN Left; + +#define COLUME_SIZE (16 * 2) + + Count = Size / COLUME_SIZE; + Left = Size % COLUME_SIZE; + for (Index = 0; Index < Count; Index++) { + DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); + InternalDumpData (Data + Index * COLUME_SIZE, COLUME_SIZE); + DEBUG ((EFI_D_INFO, "\n")); + } + + if (Left != 0) { + DEBUG ((EFI_D_INFO, "%04x: ", Index * COLUME_SIZE)); + InternalDumpData (Data + Index * COLUME_SIZE, Left); + DEBUG ((EFI_D_INFO, "\n")); + } +} + +/** + Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function + Caller is responsible to free LocationBuf. + + @param[out] LocationBuf Returns Processor Location Buffer. + @param[out] Num Returns processor number. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED MpService protocol not found. + +**/ +EFI_STATUS +GetProcessorsCpuLocation ( + OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, + OUT UINTN *Num + ) +{ + EFI_STATUS Status; + EFI_MP_SERVICES_PROTOCOL *MpProtocol; + UINTN ProcessorNum; + UINTN EnabledProcessorNum; + EFI_PROCESSOR_INFORMATION ProcessorInfo; + EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; + UINTN Index; + + Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **) &MpProtocol); + if (EFI_ERROR (Status)) { + // + // MP protocol is not installed + // + return EFI_UNSUPPORTED; + } + + Status = MpProtocol->GetNumberOfProcessors( + MpProtocol, + &ProcessorNum, + &EnabledProcessorNum + ); + if (EFI_ERROR(Status)){ + return Status; + } + + Status = gBS->AllocatePool( + EfiBootServicesData, + sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, + (VOID **) &ProcessorLocBuf + ); + if (EFI_ERROR(Status)){ + return Status; + } + + // + // Get each processor Location info + // + for (Index = 0; Index < ProcessorNum; Index++) { + Status = MpProtocol->GetProcessorInfo( + MpProtocol, + Index, + &ProcessorInfo + ); + if (EFI_ERROR(Status)){ + FreePool(ProcessorLocBuf); + return Status; + } + + // + // Get all Processor Location info & measure + // + CopyMem( + &ProcessorLocBuf[Index], + &ProcessorInfo.Location, + sizeof(EFI_CPU_PHYSICAL_LOCATION) + ); + } + + *LocationBuf = ProcessorLocBuf; + *Num = ProcessorNum; + + return Status; +} + +/** + The EFI_TCG2_PROTOCOL GetCapability function call provides protocol + capability information and state information. + + @param[in] This Indicates the calling context + @param[in, out] ProtocolCapability The caller allocates memory for a EFI_TCG2_BOOT_SERVICE_CAPABILITY + structure and sets the size field to the size of the structure allocated. + The callee fills in the fields with the EFI protocol capability information + and the current EFI TCG2 state information up to the number of fields which + fit within the size of the structure passed in. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + The ProtocolCapability variable will not be populated. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + The ProtocolCapability variable will not be populated. + @retval EFI_BUFFER_TOO_SMALL The ProtocolCapability variable is too small to hold the full response. + It will be partially populated (required Size field will be set). +**/ +EFI_STATUS +EFIAPI +Tcg2GetCapability ( + IN EFI_TCG2_PROTOCOL *This, + IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY *ProtocolCapability + ) +{ + DEBUG ((DEBUG_VERBOSE, "Tcg2GetCapability ...\n")); + + if ((This == NULL) || (ProtocolCapability == NULL)) { + return EFI_INVALID_PARAMETER; + } + + DEBUG ((DEBUG_VERBOSE, "Size - 0x%x\n", ProtocolCapability->Size)); + DEBUG ((DEBUG_VERBOSE, " 1.1 - 0x%x, 1.0 - 0x%x\n", sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY), sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0))); + + if (ProtocolCapability->Size < mTcgDxeData.BsCap.Size) { + // + // Handle the case that firmware support 1.1 but OS only support 1.0. + // + if ((mTcgDxeData.BsCap.ProtocolVersion.Major > 0x01) || + ((mTcgDxeData.BsCap.ProtocolVersion.Major == 0x01) && ((mTcgDxeData.BsCap.ProtocolVersion.Minor > 0x00)))) { + if (ProtocolCapability->Size >= sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0)) { + CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0)); + ProtocolCapability->Size = sizeof(TREE_BOOT_SERVICE_CAPABILITY_1_0); + ProtocolCapability->StructureVersion.Major = 1; + ProtocolCapability->StructureVersion.Minor = 0; + ProtocolCapability->ProtocolVersion.Major = 1; + ProtocolCapability->ProtocolVersion.Minor = 0; + DEBUG ((EFI_D_ERROR, "TreeGetCapability (Compatible) - %r\n", EFI_SUCCESS)); + return EFI_SUCCESS; + } + } + ProtocolCapability->Size = mTcgDxeData.BsCap.Size; + return EFI_BUFFER_TOO_SMALL; + } + + CopyMem (ProtocolCapability, &mTcgDxeData.BsCap, mTcgDxeData.BsCap.Size); + DEBUG ((DEBUG_VERBOSE, "Tcg2GetCapability - %r\n", EFI_SUCCESS)); + return EFI_SUCCESS; +} + +/** + This function dump PCR event. + + @param[in] EventHdr TCG PCR event structure. +**/ +VOID +DumpEvent ( + IN TCG_PCR_EVENT_HDR *EventHdr + ) +{ + UINTN Index; + + DEBUG ((EFI_D_INFO, " Event:\n")); + DEBUG ((EFI_D_INFO, " PCRIndex - %d\n", EventHdr->PCRIndex)); + DEBUG ((EFI_D_INFO, " EventType - 0x%08x\n", EventHdr->EventType)); + DEBUG ((EFI_D_INFO, " Digest - ")); + for (Index = 0; Index < sizeof(TCG_DIGEST); Index++) { + DEBUG ((EFI_D_INFO, "%02x ", EventHdr->Digest.digest[Index])); + } + DEBUG ((EFI_D_INFO, "\n")); + DEBUG ((EFI_D_INFO, " EventSize - 0x%08x\n", EventHdr->EventSize)); + InternalDumpHex ((UINT8 *)(EventHdr + 1), EventHdr->EventSize); +} + +/** + This function dump TCG_EfiSpecIDEventStruct. + + @param[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct. +**/ +VOID +DumpTcgEfiSpecIdEventStruct ( + IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct + ) +{ + TCG_EfiSpecIdEventAlgorithmSize *DigestSize; + UINTN Index; + UINT8 *VendorInfoSize; + UINT8 *VendorInfo; + UINT32 NumberOfAlgorithms; + + DEBUG ((EFI_D_INFO, " TCG_EfiSpecIDEventStruct:\n")); + DEBUG ((EFI_D_INFO, " signature - '")); + for (Index = 0; Index < sizeof(TcgEfiSpecIdEventStruct->signature); Index++) { + DEBUG ((EFI_D_INFO, "%c", TcgEfiSpecIdEventStruct->signature[Index])); + } + DEBUG ((EFI_D_INFO, "'\n")); + DEBUG ((EFI_D_INFO, " platformClass - 0x%08x\n", TcgEfiSpecIdEventStruct->platformClass)); + DEBUG ((EFI_D_INFO, " specVersion - %d.%d%d\n", TcgEfiSpecIdEventStruct->specVersionMajor, TcgEfiSpecIdEventStruct->specVersionMinor, TcgEfiSpecIdEventStruct->specErrata)); + DEBUG ((EFI_D_INFO, " uintnSize - 0x%02x\n", TcgEfiSpecIdEventStruct->uintnSize)); + + CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof(NumberOfAlgorithms)); + DEBUG ((EFI_D_INFO, " NumberOfAlgorithms - 0x%08x\n", NumberOfAlgorithms)); + + DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms)); + for (Index = 0; Index < NumberOfAlgorithms; Index++) { + DEBUG ((EFI_D_INFO, " digest(%d)\n", Index)); + DEBUG ((EFI_D_INFO, " algorithmId - 0x%04x\n", DigestSize[Index].algorithmId)); + DEBUG ((EFI_D_INFO, " digestSize - 0x%04x\n", DigestSize[Index].digestSize)); + } + VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms]; + DEBUG ((EFI_D_INFO, " VendorInfoSize - 0x%02x\n", *VendorInfoSize)); + VendorInfo = VendorInfoSize + 1; + DEBUG ((EFI_D_INFO, " VendorInfo - ")); + for (Index = 0; Index < *VendorInfoSize; Index++) { + DEBUG ((EFI_D_INFO, "%02x ", VendorInfo[Index])); + } + DEBUG ((EFI_D_INFO, "\n")); +} + +/** + This function get size of TCG_EfiSpecIDEventStruct. + + @param[in] TcgEfiSpecIdEventStruct A pointer to TCG_EfiSpecIDEventStruct. +**/ +UINTN +GetTcgEfiSpecIdEventStructSize ( + IN TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct + ) +{ + TCG_EfiSpecIdEventAlgorithmSize *DigestSize; + UINT8 *VendorInfoSize; + UINT32 NumberOfAlgorithms; + + CopyMem (&NumberOfAlgorithms, TcgEfiSpecIdEventStruct + 1, sizeof(NumberOfAlgorithms)); + + DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms)); + VendorInfoSize = (UINT8 *)&DigestSize[NumberOfAlgorithms]; + return sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (NumberOfAlgorithms * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8) + (*VendorInfoSize); +} + +/** + This function dump PCR event 2. + + @param[in] TcgPcrEvent2 TCG PCR event 2 structure. +**/ +VOID +DumpEvent2 ( + IN TCG_PCR_EVENT2 *TcgPcrEvent2 + ) +{ + UINTN Index; + UINT32 DigestIndex; + UINT32 DigestCount; + TPMI_ALG_HASH HashAlgo; + UINT32 DigestSize; + UINT8 *DigestBuffer; + UINT32 EventSize; + UINT8 *EventBuffer; + + DEBUG ((EFI_D_INFO, " Event:\n")); + DEBUG ((EFI_D_INFO, " PCRIndex - %d\n", TcgPcrEvent2->PCRIndex)); + DEBUG ((EFI_D_INFO, " EventType - 0x%08x\n", TcgPcrEvent2->EventType)); + + DEBUG ((EFI_D_INFO, " DigestCount: 0x%08x\n", TcgPcrEvent2->Digest.count)); + + DigestCount = TcgPcrEvent2->Digest.count; + HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; + DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest; + for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) { + DEBUG ((EFI_D_INFO, " HashAlgo : 0x%04x\n", HashAlgo)); + DEBUG ((EFI_D_INFO, " Digest(%d): ", DigestIndex)); + DigestSize = GetHashSizeFromAlgo (HashAlgo); + for (Index = 0; Index < DigestSize; Index++) { + DEBUG ((EFI_D_INFO, "%02x ", DigestBuffer[Index])); + } + DEBUG ((EFI_D_INFO, "\n")); + // + // Prepare next + // + CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof(TPMI_ALG_HASH)); + DigestBuffer = DigestBuffer + DigestSize + sizeof(TPMI_ALG_HASH); + } + DEBUG ((EFI_D_INFO, "\n")); + DigestBuffer = DigestBuffer - sizeof(TPMI_ALG_HASH); + + CopyMem (&EventSize, DigestBuffer, sizeof(TcgPcrEvent2->EventSize)); + DEBUG ((EFI_D_INFO, " EventSize - 0x%08x\n", EventSize)); + EventBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize); + InternalDumpHex (EventBuffer, EventSize); +} + +/** + This function returns size of TCG PCR event 2. + + @param[in] TcgPcrEvent2 TCG PCR event 2 structure. + + @return size of TCG PCR event 2. +**/ +UINTN +GetPcrEvent2Size ( + IN TCG_PCR_EVENT2 *TcgPcrEvent2 + ) +{ + UINT32 DigestIndex; + UINT32 DigestCount; + TPMI_ALG_HASH HashAlgo; + UINT32 DigestSize; + UINT8 *DigestBuffer; + UINT32 EventSize; + UINT8 *EventBuffer; + + DigestCount = TcgPcrEvent2->Digest.count; + HashAlgo = TcgPcrEvent2->Digest.digests[0].hashAlg; + DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest.digests[0].digest; + for (DigestIndex = 0; DigestIndex < DigestCount; DigestIndex++) { + DigestSize = GetHashSizeFromAlgo (HashAlgo); + // + // Prepare next + // + CopyMem (&HashAlgo, DigestBuffer + DigestSize, sizeof(TPMI_ALG_HASH)); + DigestBuffer = DigestBuffer + DigestSize + sizeof(TPMI_ALG_HASH); + } + DigestBuffer = DigestBuffer - sizeof(TPMI_ALG_HASH); + + CopyMem (&EventSize, DigestBuffer, sizeof(TcgPcrEvent2->EventSize)); + EventBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize); + + return (UINTN)EventBuffer + EventSize - (UINTN)TcgPcrEvent2; +} + +/** + This function dump event log. + + @param[in] EventLogFormat The type of the event log for which the information is requested. + @param[in] EventLogLocation A pointer to the memory address of the event log. + @param[in] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the + address of the start of the last entry in the event log in memory. + @param[in] FinalEventsTable A pointer to the memory address of the final event table. +**/ +VOID +DumpEventLog ( + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + IN EFI_PHYSICAL_ADDRESS EventLogLocation, + IN EFI_PHYSICAL_ADDRESS EventLogLastEntry, + IN EFI_TCG2_FINAL_EVENTS_TABLE *FinalEventsTable + ) +{ + TCG_PCR_EVENT_HDR *EventHdr; + TCG_PCR_EVENT2 *TcgPcrEvent2; + TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct; + UINTN NumberOfEvents; + + DEBUG ((EFI_D_INFO, "EventLogFormat: (0x%x)\n", EventLogFormat)); + + switch (EventLogFormat) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; + while ((UINTN)EventHdr <= EventLogLastEntry) { + DumpEvent (EventHdr); + EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof(TCG_PCR_EVENT_HDR) + EventHdr->EventSize); + } + if (FinalEventsTable == NULL) { + DEBUG ((EFI_D_INFO, "FinalEventsTable: NOT FOUND\n")); + } else { + DEBUG ((EFI_D_INFO, "FinalEventsTable: (0x%x)\n", FinalEventsTable)); + DEBUG ((EFI_D_INFO, " Version: (0x%x)\n", FinalEventsTable->Version)); + DEBUG ((EFI_D_INFO, " NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents)); + + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)(FinalEventsTable + 1); + for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) { + DumpEvent (EventHdr); + EventHdr = (TCG_PCR_EVENT_HDR *)((UINTN)EventHdr + sizeof(TCG_PCR_EVENT_HDR) + EventHdr->EventSize); + } + } + break; + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + // + // Dump first event + // + EventHdr = (TCG_PCR_EVENT_HDR *)(UINTN)EventLogLocation; + DumpEvent (EventHdr); + + TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)(EventHdr + 1); + DumpTcgEfiSpecIdEventStruct (TcgEfiSpecIdEventStruct); + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgEfiSpecIdEventStruct + GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct)); + while ((UINTN)TcgPcrEvent2 <= EventLogLastEntry) { + DumpEvent2 (TcgPcrEvent2); + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2)); + } + + if (FinalEventsTable == NULL) { + DEBUG ((EFI_D_INFO, "FinalEventsTable: NOT FOUND\n")); + } else { + DEBUG ((EFI_D_INFO, "FinalEventsTable: (0x%x)\n", FinalEventsTable)); + DEBUG ((EFI_D_INFO, " Version: (0x%x)\n", FinalEventsTable->Version)); + DEBUG ((EFI_D_INFO, " NumberOfEvents: (0x%x)\n", FinalEventsTable->NumberOfEvents)); + + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)(UINTN)(FinalEventsTable + 1); + for (NumberOfEvents = 0; NumberOfEvents < FinalEventsTable->NumberOfEvents; NumberOfEvents++) { + DumpEvent2 (TcgPcrEvent2); + TcgPcrEvent2 = (TCG_PCR_EVENT2 *)((UINTN)TcgPcrEvent2 + GetPcrEvent2Size (TcgPcrEvent2)); + } + } + break; + } + + return ; +} + +/** + The EFI_TCG2_PROTOCOL Get Event Log function call allows a caller to + retrieve the address of a given event log and its last entry. + + @param[in] This Indicates the calling context + @param[in] EventLogFormat The type of the event log for which the information is requested. + @param[out] EventLogLocation A pointer to the memory address of the event log. + @param[out] EventLogLastEntry If the Event Log contains more than one entry, this is a pointer to the + address of the start of the last entry in the event log in memory. + @param[out] EventLogTruncated If the Event Log is missing at least one entry because an event would + have exceeded the area allocated for events, this value is set to TRUE. + Otherwise, the value will be FALSE and the Event Log will be complete. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect + (e.g. asking for an event log whose format is not supported). +**/ +EFI_STATUS +EFIAPI +Tcg2GetEventLog ( + IN EFI_TCG2_PROTOCOL *This, + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry, + OUT BOOLEAN *EventLogTruncated + ) +{ + UINTN Index; + + DEBUG ((EFI_D_INFO, "Tcg2GetEventLog ... (0x%x)\n", EventLogFormat)); + + if (This == NULL) { + return EFI_INVALID_PARAMETER; + } + + for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + if (EventLogFormat == mTcg2EventInfo[Index].LogFormat) { + break; + } + } + + if (Index == sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])) { + return EFI_INVALID_PARAMETER; + } + + if ((mTcg2EventInfo[Index].LogFormat & mTcgDxeData.BsCap.SupportedEventLogs) == 0) { + return EFI_INVALID_PARAMETER; + } + + if (!mTcgDxeData.BsCap.TPMPresentFlag) { + if (EventLogLocation != NULL) { + *EventLogLocation = 0; + } + if (EventLogLastEntry != NULL) { + *EventLogLastEntry = 0; + } + if (EventLogTruncated != NULL) { + *EventLogTruncated = FALSE; + } + return EFI_SUCCESS; + } + + if (EventLogLocation != NULL) { + *EventLogLocation = mTcgDxeData.EventLogAreaStruct[Index].Lasa; + DEBUG ((EFI_D_INFO, "Tcg2GetEventLog (EventLogLocation - %x)\n", *EventLogLocation)); + } + + if (EventLogLastEntry != NULL) { + if (!mTcgDxeData.EventLogAreaStruct[Index].EventLogStarted) { + *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)0; + } else { + *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)mTcgDxeData.EventLogAreaStruct[Index].LastEvent; + } + DEBUG ((EFI_D_INFO, "Tcg2GetEventLog (EventLogLastEntry - %x)\n", *EventLogLastEntry)); + } + + if (EventLogTruncated != NULL) { + *EventLogTruncated = mTcgDxeData.EventLogAreaStruct[Index].EventLogTruncated; + DEBUG ((EFI_D_INFO, "Tcg2GetEventLog (EventLogTruncated - %x)\n", *EventLogTruncated)); + } + + DEBUG ((EFI_D_INFO, "Tcg2GetEventLog - %r\n", EFI_SUCCESS)); + + // Dump Event Log for debug purpose + if ((EventLogLocation != NULL) && (EventLogLastEntry != NULL)) { + DumpEventLog (EventLogFormat, *EventLogLocation, *EventLogLastEntry, mTcgDxeData.FinalEventsTable[Index]); + } + + // + // All events generated after the invocation of EFI_TCG2_GET_EVENT_LOG SHALL be stored + // in an instance of an EFI_CONFIGURATION_TABLE named by the VendorGuid of EFI_TCG2_FINAL_EVENTS_TABLE_GUID. + // + mTcgDxeData.GetEventLogCalled[Index] = TRUE; + + return EFI_SUCCESS; +} + +/** + Return if this is a Tcg800155PlatformIdEvent. + + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. + @param[in] NewEventHdrSize New event header size. + @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventSize New event data size. + + @retval TRUE This is a Tcg800155PlatformIdEvent. + @retval FALSE This is NOT a Tcg800155PlatformIdEvent. + +**/ +BOOLEAN +Is800155Event ( + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize + ) +{ + if ((((TCG_PCR_EVENT2_HDR *)NewEventHdr)->EventType == EV_NO_ACTION) && + (NewEventSize >= sizeof(TCG_Sp800_155_PlatformId_Event2)) && + (CompareMem (NewEventData, TCG_Sp800_155_PlatformId_Event2_SIGNATURE, + sizeof(TCG_Sp800_155_PlatformId_Event2_SIGNATURE) - 1) == 0)) { + return TRUE; + } + return FALSE; +} + +/** + Add a new entry to the Event Log. + + @param[in, out] EventLogAreaStruct The event log area data structure + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. + @param[in] NewEventHdrSize New event header size. + @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventSize New event data size. + + @retval EFI_SUCCESS The new event log entry was added. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + +**/ +EFI_STATUS +TcgCommLogEvent ( + IN OUT TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct, + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize + ) +{ + UINTN NewLogSize; + BOOLEAN Record800155Event; + + if (NewEventSize > MAX_ADDRESS - NewEventHdrSize) { + return EFI_OUT_OF_RESOURCES; + } + + NewLogSize = NewEventHdrSize + NewEventSize; + + if (NewLogSize > MAX_ADDRESS - EventLogAreaStruct->EventLogSize) { + return EFI_OUT_OF_RESOURCES; + } + + if (NewLogSize + EventLogAreaStruct->EventLogSize > EventLogAreaStruct->Laml) { + DEBUG ((DEBUG_INFO, " Laml - 0x%x\n", EventLogAreaStruct->Laml)); + DEBUG ((DEBUG_INFO, " NewLogSize - 0x%x\n", NewLogSize)); + DEBUG ((DEBUG_INFO, " LogSize - 0x%x\n", EventLogAreaStruct->EventLogSize)); + DEBUG ((DEBUG_INFO, "TcgCommLogEvent - %r\n", EFI_OUT_OF_RESOURCES)); + return EFI_OUT_OF_RESOURCES; + } + + // + // Check 800-155 event + // Record to 800-155 event offset only. + // If the offset is 0, no need to record. + // + Record800155Event = Is800155Event (NewEventHdr, NewEventHdrSize, NewEventData, NewEventSize); + if (Record800155Event) { + if (EventLogAreaStruct->Next800155EventOffset != 0) { + CopyMem ( + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset + NewLogSize, + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset, + EventLogAreaStruct->EventLogSize - EventLogAreaStruct->Next800155EventOffset + ); + + CopyMem ( + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset, + NewEventHdr, + NewEventHdrSize + ); + CopyMem ( + (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->Next800155EventOffset + NewEventHdrSize, + NewEventData, + NewEventSize + ); + + EventLogAreaStruct->Next800155EventOffset += NewLogSize; + EventLogAreaStruct->LastEvent += NewLogSize; + EventLogAreaStruct->EventLogSize += NewLogSize; + } + return EFI_SUCCESS; + } + + EventLogAreaStruct->LastEvent = (UINT8 *)(UINTN)EventLogAreaStruct->Lasa + EventLogAreaStruct->EventLogSize; + EventLogAreaStruct->EventLogSize += NewLogSize; + CopyMem (EventLogAreaStruct->LastEvent, NewEventHdr, NewEventHdrSize); + CopyMem ( + EventLogAreaStruct->LastEvent + NewEventHdrSize, + NewEventData, + NewEventSize + ); + return EFI_SUCCESS; +} + +/** + Add a new entry to the Event Log. + + @param[in] EventLogFormat The type of the event log for which the information is requested. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR/TCG_PCR_EVENT_EX data structure. + @param[in] NewEventHdrSize New event header size. + @param[in] NewEventData Pointer to the new event data. + @param[in] NewEventSize New event data size. + + @retval EFI_SUCCESS The new event log entry was added. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + +**/ +EFI_STATUS +TcgDxeLogEvent ( + IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat, + IN VOID *NewEventHdr, + IN UINT32 NewEventHdrSize, + IN UINT8 *NewEventData, + IN UINT32 NewEventSize + ) +{ + EFI_STATUS Status; + UINTN Index; + TCG_EVENT_LOG_AREA_STRUCT *EventLogAreaStruct; + + for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + if (EventLogFormat == mTcg2EventInfo[Index].LogFormat) { + break; + } + } + + if (Index == sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])) { + return EFI_INVALID_PARAMETER; + } + + // + // Record to normal event log + // + EventLogAreaStruct = &mTcgDxeData.EventLogAreaStruct[Index]; + + if (EventLogAreaStruct->EventLogTruncated) { + return EFI_VOLUME_FULL; + } + + Status = TcgCommLogEvent ( + EventLogAreaStruct, + NewEventHdr, + NewEventHdrSize, + NewEventData, + NewEventSize + ); + + if (Status == EFI_OUT_OF_RESOURCES) { + EventLogAreaStruct->EventLogTruncated = TRUE; + return EFI_VOLUME_FULL; + } else if (Status == EFI_SUCCESS) { + EventLogAreaStruct->EventLogStarted = TRUE; + } + + // + // If GetEventLog is called, record to FinalEventsTable, too. + // + if (mTcgDxeData.GetEventLogCalled[Index]) { + if (mTcgDxeData.FinalEventsTable[Index] == NULL) { + // + // no need for FinalEventsTable + // + return EFI_SUCCESS; + } + EventLogAreaStruct = &mTcgDxeData.FinalEventLogAreaStruct[Index]; + + if (EventLogAreaStruct->EventLogTruncated) { + return EFI_VOLUME_FULL; + } + + Status = TcgCommLogEvent ( + EventLogAreaStruct, + NewEventHdr, + NewEventHdrSize, + NewEventData, + NewEventSize + ); + if (Status == EFI_OUT_OF_RESOURCES) { + EventLogAreaStruct->EventLogTruncated = TRUE; + return EFI_VOLUME_FULL; + } else if (Status == EFI_SUCCESS) { + EventLogAreaStruct->EventLogStarted = TRUE; + // + // Increase the NumberOfEvents in FinalEventsTable + // + (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents ++; + DEBUG ((EFI_D_INFO, "FinalEventsTable->NumberOfEvents - 0x%x\n", (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents)); + DEBUG ((EFI_D_INFO, " Size - 0x%x\n", (UINTN)EventLogAreaStruct->EventLogSize)); + } + } + + return Status; +} + +/** + Get TPML_DIGEST_VALUES compact binary buffer size. + + @param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer. + + @return TPML_DIGEST_VALUES compact binary buffer size. +**/ +UINT32 +GetDigestListBinSize ( + IN VOID *DigestListBin + ) +{ + UINTN Index; + UINT16 DigestSize; + UINT32 TotalSize; + UINT32 Count; + TPMI_ALG_HASH HashAlg; + + Count = ReadUnaligned32 (DigestListBin); + TotalSize = sizeof(Count); + DigestListBin = (UINT8 *)DigestListBin + sizeof(Count); + for (Index = 0; Index < Count; Index++) { + HashAlg = ReadUnaligned16 (DigestListBin); + TotalSize += sizeof(HashAlg); + DigestListBin = (UINT8 *)DigestListBin + sizeof(HashAlg); + + DigestSize = GetHashSizeFromAlgo (HashAlg); + TotalSize += DigestSize; + DigestListBin = (UINT8 *)DigestListBin + DigestSize; + } + + return TotalSize; +} + +/** + Copy TPML_DIGEST_VALUES compact binary into a buffer + + @param[in,out] Buffer Buffer to hold copied TPML_DIGEST_VALUES compact binary. + @param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer. + @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy. + @param[out] HashAlgorithmMaskCopied Pointer to HASH bits corresponding to the digests copied. + + @return The end of buffer to hold TPML_DIGEST_VALUES compact binary. +**/ +VOID * +CopyDigestListBinToBuffer ( + IN OUT VOID *Buffer, + IN VOID *DigestListBin, + IN UINT32 HashAlgorithmMask, + OUT UINT32 *HashAlgorithmMaskCopied + ) +{ + UINTN Index; + UINT16 DigestSize; + UINT32 Count; + TPMI_ALG_HASH HashAlg; + UINT32 DigestListCount; + UINT32 *DigestListCountPtr; + + DigestListCountPtr = (UINT32 *) Buffer; + DigestListCount = 0; + (*HashAlgorithmMaskCopied) = 0; + + Count = ReadUnaligned32 (DigestListBin); + Buffer = (UINT8 *)Buffer + sizeof(Count); + DigestListBin = (UINT8 *)DigestListBin + sizeof(Count); + for (Index = 0; Index < Count; Index++) { + HashAlg = ReadUnaligned16 (DigestListBin); + DigestListBin = (UINT8 *)DigestListBin + sizeof(HashAlg); + DigestSize = GetHashSizeFromAlgo (HashAlg); + + if (IsHashAlgSupportedInHashAlgorithmMask(HashAlg, HashAlgorithmMask)) { + CopyMem (Buffer, &HashAlg, sizeof(HashAlg)); + Buffer = (UINT8 *)Buffer + sizeof(HashAlg); + CopyMem (Buffer, DigestListBin, DigestSize); + Buffer = (UINT8 *)Buffer + DigestSize; + DigestListCount++; + (*HashAlgorithmMaskCopied) |= GetHashMaskFromAlgo (HashAlg); + } else { + DEBUG ((DEBUG_ERROR, "WARNING: CopyDigestListBinToBuffer Event log has HashAlg unsupported by PCR bank (0x%x)\n", HashAlg)); + } + DigestListBin = (UINT8 *)DigestListBin + DigestSize; + } + WriteUnaligned32 (DigestListCountPtr, DigestListCount); + + return Buffer; +} + +/** + Add a new entry to the Event Log. + + @param[in] DigestList A list of digest. + @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS The new event log entry was added. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. +**/ +EFI_STATUS +TcgDxeLogHashEvent ( + IN TPML_DIGEST_VALUES *DigestList, + IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ) +{ + EFI_STATUS Status; + EFI_TPL OldTpl; + UINTN Index; + EFI_STATUS RetStatus; + TCG_PCR_EVENT2 TcgPcrEvent2; + UINT8 *DigestBuffer; + UINT32 *EventSizePtr; + + DEBUG ((EFI_D_INFO, "SupportedEventLogs - 0x%08x\n", mTcgDxeData.BsCap.SupportedEventLogs)); + + RetStatus = EFI_SUCCESS; + for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { + DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat)); + switch (mTcg2EventInfo[Index].LogFormat) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest); + if (!EFI_ERROR (Status)) { + // + // Enter critical region + // + OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL); + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + NewEventHdr, + sizeof(TCG_PCR_EVENT_HDR), + NewEventData, + NewEventHdr->EventSize + ); + if (Status != EFI_SUCCESS) { + RetStatus = Status; + } + gBS->RestoreTPL (OldTpl); + // + // Exit critical region + // + } + break; + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + ZeroMem (&TcgPcrEvent2, sizeof(TcgPcrEvent2)); + TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex; + TcgPcrEvent2.EventType = NewEventHdr->EventType; + DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest; + EventSizePtr = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks); + CopyMem (EventSizePtr, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize)); + + // + // Enter critical region + // + OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL); + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + &TcgPcrEvent2, + sizeof(TcgPcrEvent2.PCRIndex) + sizeof(TcgPcrEvent2.EventType) + GetDigestListBinSize (DigestBuffer) + sizeof(TcgPcrEvent2.EventSize), + NewEventData, + NewEventHdr->EventSize + ); + if (Status != EFI_SUCCESS) { + RetStatus = Status; + } + gBS->RestoreTPL (OldTpl); + // + // Exit critical region + // + break; + } + } + } + + return RetStatus; +} + +/** + Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, + and add an entry to the Event Log. + + @param[in] Flags Bitmap providing additional information. + @param[in] HashData Physical address of the start of the data buffer + to be hashed, extended, and logged. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData + @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +TcgDxeHashLogExtendEvent ( + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINT64 HashDataLen, + IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ) +{ + EFI_STATUS Status; + TPML_DIGEST_VALUES DigestList; + TCG_PCR_EVENT2_HDR NoActionEvent; + + if (!mTcgDxeData.BsCap.TPMPresentFlag) { + return EFI_DEVICE_ERROR; + } + + if (NewEventHdr->EventType == EV_NO_ACTION) { + // + // Do not do TPM extend for EV_NO_ACTION + // + Status = EFI_SUCCESS; + InitNoActionEvent (&NoActionEvent, NewEventHdr->EventSize); + if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) { + Status = TcgDxeLogHashEvent (&(NoActionEvent.Digests), NewEventHdr, NewEventData); + } + + return Status; + } + + Status = HashAndExtend ( + NewEventHdr->PCRIndex, + HashData, + (UINTN)HashDataLen, + &DigestList + ); + if (!EFI_ERROR (Status)) { + if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) { + Status = TcgDxeLogHashEvent (&DigestList, NewEventHdr, NewEventData); + } + } + + if (Status == EFI_DEVICE_ERROR) { + DEBUG ((EFI_D_ERROR, "TcgDxeHashLogExtendEvent - %r. Disable TPM.\n", Status)); + mTcgDxeData.BsCap.TPMPresentFlag = FALSE; + REPORT_STATUS_CODE ( + EFI_ERROR_CODE | EFI_ERROR_MINOR, + (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + ); + } + + return Status; +} + +/** + The EFI_TCG2_PROTOCOL HashLogExtendEvent function call provides callers with + an opportunity to extend and optionally log events without requiring + knowledge of actual TPM commands. + The extend operation will occur even if this function cannot create an event + log entry (e.g. due to the event log being full). + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information. + @param[in] DataToHash Physical address of the start of the data buffer to be hashed. + @param[in] DataToHashLen The length in bytes of the buffer referenced by DataToHash. + @param[in] Event Pointer to data buffer containing information about the event. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + @retval EFI_VOLUME_FULL The extend operation occurred, but the event could not be written to one or more event logs. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_UNSUPPORTED The PE/COFF image type is not supported. +**/ +EFI_STATUS +EFIAPI +Tcg2HashLogExtendEvent ( + IN EFI_TCG2_PROTOCOL *This, + IN UINT64 Flags, + IN EFI_PHYSICAL_ADDRESS DataToHash, + IN UINT64 DataToHashLen, + IN EFI_TCG2_EVENT *Event + ) +{ + EFI_STATUS Status; + TCG_PCR_EVENT_HDR NewEventHdr; + TPML_DIGEST_VALUES DigestList; + + DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent ...\n")); + + if ((This == NULL) || (Event == NULL)) { + return EFI_INVALID_PARAMETER; + } + // + // Do not check hash data size for EV_NO_ACTION event. + // + if ((Event->Header.EventType != EV_NO_ACTION) && (DataToHash == 0)) { + return EFI_INVALID_PARAMETER; + } + + if (!mTcgDxeData.BsCap.TPMPresentFlag) { + return EFI_DEVICE_ERROR; + } + + if (Event->Size < Event->Header.HeaderSize + sizeof(UINT32)) { + return EFI_INVALID_PARAMETER; + } + + if (Event->Header.PCRIndex > MAX_PCR_INDEX) { + return EFI_INVALID_PARAMETER; + } + + NewEventHdr.PCRIndex = Event->Header.PCRIndex; + NewEventHdr.EventType = Event->Header.EventType; + NewEventHdr.EventSize = Event->Size - sizeof(UINT32) - Event->Header.HeaderSize; + if ((Flags & PE_COFF_IMAGE) != 0) { + Status = MeasurePeImageAndExtend ( + NewEventHdr.PCRIndex, + DataToHash, + (UINTN)DataToHashLen, + &DigestList + ); + if (!EFI_ERROR (Status)) { + if ((Flags & EFI_TCG2_EXTEND_ONLY) == 0) { + Status = TcgDxeLogHashEvent (&DigestList, &NewEventHdr, Event->Event); + } + } + if (Status == EFI_DEVICE_ERROR) { + DEBUG ((EFI_D_ERROR, "MeasurePeImageAndExtend - %r. Disable TPM.\n", Status)); + mTcgDxeData.BsCap.TPMPresentFlag = FALSE; + REPORT_STATUS_CODE ( + EFI_ERROR_CODE | EFI_ERROR_MINOR, + (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + ); + } + } else { + Status = TcgDxeHashLogExtendEvent ( + Flags, + (UINT8 *) (UINTN) DataToHash, + DataToHashLen, + &NewEventHdr, + Event->Event + ); + } + DEBUG ((DEBUG_VERBOSE, "Tcg2HashLogExtendEvent - %r\n", Status)); + return Status; +} + +/** + This service enables the sending of commands to the TPM. + + @param[in] This Indicates the calling context + @param[in] InputParameterBlockSize Size of the TPM input parameter block. + @param[in] InputParameterBlock Pointer to the TPM input parameter block. + @param[in] OutputParameterBlockSize Size of the TPM output parameter block. + @param[in] OutputParameterBlock Pointer to the TPM output parameter block. + + @retval EFI_SUCCESS The command byte stream was successfully sent to the device and a response was successfully received. + @retval EFI_DEVICE_ERROR The command was not successfully sent to the device or a response was not successfully received from the device. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. + @retval EFI_BUFFER_TOO_SMALL The output parameter block is too small. +**/ +EFI_STATUS +EFIAPI +Tcg2SubmitCommand ( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 InputParameterBlockSize, + IN UINT8 *InputParameterBlock, + IN UINT32 OutputParameterBlockSize, + IN UINT8 *OutputParameterBlock + ) +{ + EFI_STATUS Status; + + DEBUG ((EFI_D_INFO, "Tcg2SubmitCommand ...\n")); + + if ((This == NULL) || + (InputParameterBlockSize == 0) || (InputParameterBlock == NULL) || + (OutputParameterBlockSize == 0) || (OutputParameterBlock == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (!mTcgDxeData.BsCap.TPMPresentFlag) { + return EFI_DEVICE_ERROR; + } + + if (InputParameterBlockSize > mTcgDxeData.BsCap.MaxCommandSize) { + return EFI_INVALID_PARAMETER; + } + if (OutputParameterBlockSize > mTcgDxeData.BsCap.MaxResponseSize) { + return EFI_INVALID_PARAMETER; + } + + Status = Tpm2SubmitCommand ( + InputParameterBlockSize, + InputParameterBlock, + &OutputParameterBlockSize, + OutputParameterBlock + ); + DEBUG ((EFI_D_INFO, "Tcg2SubmitCommand - %r\n", Status)); + return Status; +} + +/** + This service returns the currently active PCR banks. + + @param[in] This Indicates the calling context + @param[out] ActivePcrBanks Pointer to the variable receiving the bitmap of currently active PCR banks. + + @retval EFI_SUCCESS The bitmap of active PCR banks was stored in the ActivePcrBanks parameter. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +EFI_STATUS +EFIAPI +Tcg2GetActivePCRBanks ( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *ActivePcrBanks + ) +{ + if (ActivePcrBanks == NULL) { + return EFI_INVALID_PARAMETER; + } + *ActivePcrBanks = mTcgDxeData.BsCap.ActivePcrBanks; + return EFI_SUCCESS; +} + +/** + This service sets the currently active PCR banks. + + @param[in] This Indicates the calling context + @param[in] ActivePcrBanks Bitmap of the requested active PCR banks. At least one bit SHALL be set. + + @retval EFI_SUCCESS The bitmap in ActivePcrBank parameter is already active. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +EFI_STATUS +EFIAPI +Tcg2SetActivePCRBanks ( + IN EFI_TCG2_PROTOCOL *This, + IN UINT32 ActivePcrBanks + ) +{ + EFI_STATUS Status; + UINT32 ReturnCode; + + DEBUG ((EFI_D_INFO, "Tcg2SetActivePCRBanks ... (0x%x)\n", ActivePcrBanks)); + + if (ActivePcrBanks == 0) { + return EFI_INVALID_PARAMETER; + } + if ((ActivePcrBanks & (~mTcgDxeData.BsCap.HashAlgorithmBitmap)) != 0) { + return EFI_INVALID_PARAMETER; + } + if (ActivePcrBanks == mTcgDxeData.BsCap.ActivePcrBanks) { + // + // Need clear previous SET_PCR_BANKS setting + // + ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (TCG2_PHYSICAL_PRESENCE_NO_ACTION, 0); + } else { + ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunction (TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS, ActivePcrBanks); + } + + if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS) { + Status = EFI_SUCCESS; + } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE) { + Status = EFI_OUT_OF_RESOURCES; + } else if (ReturnCode == TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED) { + Status = EFI_UNSUPPORTED; + } else { + Status = EFI_DEVICE_ERROR; + } + + DEBUG ((EFI_D_INFO, "Tcg2SetActivePCRBanks - %r\n", Status)); + + return Status; +} + +/** + This service retrieves the result of a previous invocation of SetActivePcrBanks. + + @param[in] This Indicates the calling context + @param[out] OperationPresent Non-zero value to indicate a SetActivePcrBank operation was invoked during the last boot. + @param[out] Response The response from the SetActivePcrBank request. + + @retval EFI_SUCCESS The result value could be returned. + @retval EFI_INVALID_PARAMETER One or more of the parameters are incorrect. +**/ +EFI_STATUS +EFIAPI +Tcg2GetResultOfSetActivePcrBanks ( + IN EFI_TCG2_PROTOCOL *This, + OUT UINT32 *OperationPresent, + OUT UINT32 *Response + ) +{ + UINT32 ReturnCode; + + if ((OperationPresent == NULL) || (Response == NULL)) { + return EFI_INVALID_PARAMETER; + } + + ReturnCode = Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction (OperationPresent, Response); + if (ReturnCode == TCG_PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS) { + return EFI_SUCCESS; + } else { + return EFI_UNSUPPORTED; + } +} + +EFI_TCG2_PROTOCOL mTcg2Protocol = { + Tcg2GetCapability, + Tcg2GetEventLog, + Tcg2HashLogExtendEvent, + Tcg2SubmitCommand, + Tcg2GetActivePCRBanks, + Tcg2SetActivePCRBanks, + Tcg2GetResultOfSetActivePcrBanks, +}; + +/** + Initialize the Event Log and log events passed from the PEI phase. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + +**/ +EFI_STATUS +SetupEventLog ( + VOID + ) +{ + EFI_STATUS Status; + VOID *TcgEvent; + EFI_PEI_HOB_POINTERS GuidHob; + EFI_PHYSICAL_ADDRESS Lasa; + UINTN Index; + VOID *DigestListBin; + TPML_DIGEST_VALUES TempDigestListBin; + UINT32 DigestListBinSize; + UINT8 *Event; + UINT32 EventSize; + UINT32 *EventSizePtr; + UINT32 HashAlgorithmMaskCopied; + TCG_EfiSpecIDEventStruct *TcgEfiSpecIdEventStruct; + UINT8 TempBuf[sizeof(TCG_EfiSpecIDEventStruct) + sizeof(UINT32) + (HASH_COUNT * sizeof(TCG_EfiSpecIdEventAlgorithmSize)) + sizeof(UINT8)]; + TCG_PCR_EVENT_HDR SpecIdEvent; + TCG_PCR_EVENT2_HDR NoActionEvent; + TCG_EfiSpecIdEventAlgorithmSize *DigestSize; + TCG_EfiSpecIdEventAlgorithmSize *TempDigestSize; + UINT8 *VendorInfoSize; + UINT32 NumberOfAlgorithms; + TCG_EfiStartupLocalityEvent StartupLocalityEvent; + + DEBUG ((EFI_D_INFO, "SetupEventLog\n")); + + // + // 1. Create Log Area + // + for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { + mTcgDxeData.EventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; + if (PcdGet8(PcdTpm2AcpiTableRev) >= 4) { + Status = gBS->AllocatePages ( + AllocateAnyPages, + EfiACPIMemoryNVS, + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), + &Lasa + ); + } else { + Status = gBS->AllocatePages ( + AllocateAnyPages, + EfiBootServicesData, + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), + &Lasa + ); + } + if (EFI_ERROR (Status)) { + return Status; + } + mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen); + mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset = 0; + + if ((PcdGet8(PcdTpm2AcpiTableRev) >= 4) || + (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)) { + // + // Report TCG2 event log address and length, so that they can be reported in TPM2 ACPI table. + // Ignore the return status, because those fields are optional. + // + PcdSet32S(PcdTpm2AcpiTableLaml, (UINT32)mTcgDxeData.EventLogAreaStruct[Index].Laml); + PcdSet64S(PcdTpm2AcpiTableLasa, mTcgDxeData.EventLogAreaStruct[Index].Lasa); + } + + // + // To initialize them as 0xFF is recommended + // because the OS can know the last entry for that. + // + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); + // + // Create first entry for Log Header Entry Data + // + if (mTcg2EventInfo[Index].LogFormat != EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2) { + // + // TcgEfiSpecIdEventStruct + // + TcgEfiSpecIdEventStruct = (TCG_EfiSpecIDEventStruct *)TempBuf; + CopyMem (TcgEfiSpecIdEventStruct->signature, TCG_EfiSpecIDEventStruct_SIGNATURE_03, sizeof(TcgEfiSpecIdEventStruct->signature)); + TcgEfiSpecIdEventStruct->platformClass = PcdGet8 (PcdTpmPlatformClass); + TcgEfiSpecIdEventStruct->specVersionMajor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MAJOR_TPM2; + TcgEfiSpecIdEventStruct->specVersionMinor = TCG_EfiSpecIDEventStruct_SPEC_VERSION_MINOR_TPM2; + TcgEfiSpecIdEventStruct->specErrata = (UINT8)PcdGet32(PcdTcgPfpMeasurementRevision); + TcgEfiSpecIdEventStruct->uintnSize = sizeof(UINTN)/sizeof(UINT32); + NumberOfAlgorithms = 0; + DigestSize = (TCG_EfiSpecIdEventAlgorithmSize *)((UINT8 *)TcgEfiSpecIdEventStruct + sizeof(*TcgEfiSpecIdEventStruct) + sizeof(NumberOfAlgorithms)); + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) { + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + TempDigestSize->algorithmId = TPM_ALG_SHA1; + TempDigestSize->digestSize = SHA1_DIGEST_SIZE; + NumberOfAlgorithms++; + } + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) { + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + TempDigestSize->algorithmId = TPM_ALG_SHA256; + TempDigestSize->digestSize = SHA256_DIGEST_SIZE; + NumberOfAlgorithms++; + } + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) { + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + TempDigestSize->algorithmId = TPM_ALG_SHA384; + TempDigestSize->digestSize = SHA384_DIGEST_SIZE; + NumberOfAlgorithms++; + } + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) { + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + TempDigestSize->algorithmId = TPM_ALG_SHA512; + TempDigestSize->digestSize = SHA512_DIGEST_SIZE; + NumberOfAlgorithms++; + } + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) { + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + TempDigestSize->algorithmId = TPM_ALG_SM3_256; + TempDigestSize->digestSize = SM3_256_DIGEST_SIZE; + NumberOfAlgorithms++; + } + CopyMem (TcgEfiSpecIdEventStruct + 1, &NumberOfAlgorithms, sizeof(NumberOfAlgorithms)); + TempDigestSize = DigestSize; + TempDigestSize += NumberOfAlgorithms; + VendorInfoSize = (UINT8 *)TempDigestSize; + *VendorInfoSize = 0; + + SpecIdEvent.PCRIndex = 0; + SpecIdEvent.EventType = EV_NO_ACTION; + ZeroMem (&SpecIdEvent.Digest, sizeof(SpecIdEvent.Digest)); + SpecIdEvent.EventSize = (UINT32)GetTcgEfiSpecIdEventStructSize (TcgEfiSpecIdEventStruct); + + // + // Log TcgEfiSpecIdEventStruct as the first Event. Event format is TCG_PCR_EVENT. + // TCG EFI Protocol Spec. Section 5.3 Event Log Header + // TCG PC Client PFP spec. Section 9.2 Measurement Event Entries and Log + // + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + &SpecIdEvent, + sizeof(SpecIdEvent), + (UINT8 *)TcgEfiSpecIdEventStruct, + SpecIdEvent.EventSize + ); + // + // record the offset at the end of 800-155 event. + // the future 800-155 event can be inserted here. + // + mTcgDxeData.EventLogAreaStruct[Index].Next800155EventOffset = \ + mTcgDxeData.EventLogAreaStruct[Index].EventLogSize; + + // + // Tcg800155PlatformIdEvent. Event format is TCG_PCR_EVENT2 + // + GuidHob.Guid = GetFirstGuidHob (&gTcg800155PlatformIdEventHobGuid); + while (GuidHob.Guid != NULL) { + InitNoActionEvent(&NoActionEvent, GET_GUID_HOB_DATA_SIZE (GuidHob.Guid)); + + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + &NoActionEvent, + sizeof(NoActionEvent.PCRIndex) + sizeof(NoActionEvent.EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof(NoActionEvent.EventSize), + GET_GUID_HOB_DATA (GuidHob.Guid), + GET_GUID_HOB_DATA_SIZE (GuidHob.Guid) + ); + + GuidHob.Guid = GET_NEXT_HOB (GuidHob); + GuidHob.Guid = GetNextGuidHob (&gTcg800155PlatformIdEventHobGuid, GuidHob.Guid); + } + + // + // EfiStartupLocalityEvent. Event format is TCG_PCR_EVENT2 + // + GuidHob.Guid = GetFirstGuidHob (&gTpm2StartupLocalityHobGuid); + if (GuidHob.Guid != NULL) { + // + // Get Locality Indicator from StartupLocality HOB + // + StartupLocalityEvent.StartupLocality = *(UINT8 *)(GET_GUID_HOB_DATA (GuidHob.Guid)); + CopyMem (StartupLocalityEvent.Signature, TCG_EfiStartupLocalityEvent_SIGNATURE, sizeof(StartupLocalityEvent.Signature)); + DEBUG ((DEBUG_INFO, "SetupEventLog: Set Locality from HOB into StartupLocalityEvent 0x%02x\n", StartupLocalityEvent.StartupLocality)); + + // + // Initialize StartupLocalityEvent + // + InitNoActionEvent(&NoActionEvent, sizeof(StartupLocalityEvent)); + + // + // Log EfiStartupLocalityEvent as the second Event + // TCG PC Client PFP spec. Section 9.3.4.3 Startup Locality Event + // + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + &NoActionEvent, + sizeof(NoActionEvent.PCRIndex) + sizeof(NoActionEvent.EventType) + GetDigestListBinSize (&NoActionEvent.Digests) + sizeof(NoActionEvent.EventSize), + (UINT8 *)&StartupLocalityEvent, + sizeof(StartupLocalityEvent) + ); + + } + } + } + } + + // + // 2. Create Final Log Area + // + for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { + if (mTcg2EventInfo[Index].LogFormat == EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) { + Status = gBS->AllocatePages ( + AllocateAnyPages, + EfiACPIMemoryNVS, + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcg2FinalLogAreaLen)), + &Lasa + ); + if (EFI_ERROR (Status)) { + return Status; + } + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), 0xFF); + + // + // Initialize + // + mTcgDxeData.FinalEventsTable[Index] = (VOID *)(UINTN)Lasa; + (mTcgDxeData.FinalEventsTable[Index])->Version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION; + (mTcgDxeData.FinalEventsTable[Index])->NumberOfEvents = 0; + + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; + mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); + mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcg2FinalLogAreaLen) - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0; + mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = 0; + + // + // Install to configuration table for EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 + // + Status = gBS->InstallConfigurationTable (&gEfiTcg2FinalEventsTableGuid, (VOID *)mTcgDxeData.FinalEventsTable[Index]); + if (EFI_ERROR (Status)) { + return Status; + } + } else { + // + // No need to handle EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 + // + mTcgDxeData.FinalEventsTable[Index] = NULL; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; + mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = 0; + mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = 0; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0; + mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = 0; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogTruncated = FALSE; + mTcgDxeData.FinalEventLogAreaStruct[Index].Next800155EventOffset = 0; + } + } + } + + // + // 3. Sync data from PEI to DXE + // + Status = EFI_SUCCESS; + for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + if ((mTcgDxeData.BsCap.SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { + GuidHob.Raw = GetHobList (); + Status = EFI_SUCCESS; + while (!EFI_ERROR (Status) && + (GuidHob.Raw = GetNextGuidHob (mTcg2EventInfo[Index].EventGuid, GuidHob.Raw)) != NULL) { + TcgEvent = AllocateCopyPool (GET_GUID_HOB_DATA_SIZE (GuidHob.Guid), GET_GUID_HOB_DATA (GuidHob.Guid)); + ASSERT (TcgEvent != NULL); + GuidHob.Raw = GET_NEXT_HOB (GuidHob); + switch (mTcg2EventInfo[Index].LogFormat) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + TcgEvent, + sizeof(TCG_PCR_EVENT_HDR), + ((TCG_PCR_EVENT*)TcgEvent)->Event, + ((TCG_PCR_EVENT_HDR*)TcgEvent)->EventSize + ); + break; + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + DigestListBin = (UINT8 *)TcgEvent + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE); + DigestListBinSize = GetDigestListBinSize (DigestListBin); + // + // Save event size. + // + CopyMem (&EventSize, (UINT8 *)DigestListBin + DigestListBinSize, sizeof(UINT32)); + Event = (UINT8 *)DigestListBin + DigestListBinSize + sizeof(UINT32); + // + // Filter inactive digest in the event2 log from PEI HOB. + // + CopyMem (&TempDigestListBin, DigestListBin, GetDigestListBinSize (DigestListBin)); + EventSizePtr = CopyDigestListBinToBuffer ( + DigestListBin, + &TempDigestListBin, + mTcgDxeData.BsCap.ActivePcrBanks, + &HashAlgorithmMaskCopied + ); + if (HashAlgorithmMaskCopied != mTcgDxeData.BsCap.ActivePcrBanks) { + DEBUG (( + DEBUG_ERROR, + "ERROR: The event2 log includes digest hash mask 0x%x, but required digest hash mask is 0x%x\n", + HashAlgorithmMaskCopied, + mTcgDxeData.BsCap.ActivePcrBanks + )); + } + // + // Restore event size. + // + CopyMem (EventSizePtr, &EventSize, sizeof(UINT32)); + DigestListBinSize = GetDigestListBinSize (DigestListBin); + + Status = TcgDxeLogEvent ( + mTcg2EventInfo[Index].LogFormat, + TcgEvent, + sizeof(TCG_PCRINDEX) + sizeof(TCG_EVENTTYPE) + DigestListBinSize + sizeof(UINT32), + Event, + EventSize + ); + break; + } + FreePool (TcgEvent); + } + } + } + + return Status; +} + +/** + Measure and log an action string, and extend the measurement result into PCR[PCRIndex]. + + @param[in] PCRIndex PCRIndex to extend + @param[in] String A specific string that indicates an Action event. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +TcgMeasureAction ( + IN TPM_PCRINDEX PCRIndex, + IN CHAR8 *String + ) +{ + TCG_PCR_EVENT_HDR TcgEvent; + + TcgEvent.PCRIndex = PCRIndex; + TcgEvent.EventType = EV_EFI_ACTION; + TcgEvent.EventSize = (UINT32)AsciiStrLen (String); + return TcgDxeHashLogExtendEvent ( + 0, + (UINT8*)String, + TcgEvent.EventSize, + &TcgEvent, + (UINT8 *) String + ); +} + +/** + Measure and log EFI handoff tables, and extend the measurement result into PCR[1]. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +MeasureHandoffTables ( + VOID + ) +{ + EFI_STATUS Status; + TCG_PCR_EVENT_HDR TcgEvent; + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + UINTN ProcessorNum; + EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; + + ProcessorLocBuf = NULL; + Status = EFI_SUCCESS; + + if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) { + // + // Tcg Server spec. + // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1] + // + Status = GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum); + + if (!EFI_ERROR(Status)){ + TcgEvent.PCRIndex = 1; + TcgEvent.EventType = EV_TABLE_OF_DEVICES; + TcgEvent.EventSize = sizeof (HandoffTables); + + HandoffTables.NumberOfTables = 1; + HandoffTables.TableEntry[0].VendorGuid = gEfiMpServiceProtocolGuid; + HandoffTables.TableEntry[0].VendorTable = ProcessorLocBuf; + + Status = TcgDxeHashLogExtendEvent ( + 0, + (UINT8*)(UINTN)ProcessorLocBuf, + sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, + &TcgEvent, + (UINT8*)&HandoffTables + ); + + FreePool(ProcessorLocBuf); + } + } + + return Status; +} + +/** + Measure and log Separator event, and extend the measurement result into a specific PCR. + + @param[in] PCRIndex PCR index. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +MeasureSeparatorEvent ( + IN TPM_PCRINDEX PCRIndex + ) +{ + TCG_PCR_EVENT_HDR TcgEvent; + UINT32 EventData; + + DEBUG ((EFI_D_INFO, "MeasureSeparatorEvent Pcr - %x\n", PCRIndex)); + + EventData = 0; + TcgEvent.PCRIndex = PCRIndex; + TcgEvent.EventType = EV_SEPARATOR; + TcgEvent.EventSize = (UINT32)sizeof (EventData); + return TcgDxeHashLogExtendEvent ( + 0, + (UINT8 *)&EventData, + sizeof (EventData), + &TcgEvent, + (UINT8 *)&EventData + ); +} + +/** + Measure and log an EFI variable, and extend the measurement result into a specific PCR. + + @param[in] PCRIndex PCR Index. + @param[in] EventType Event type. + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +MeasureVariable ( + IN TPM_PCRINDEX PCRIndex, + IN TCG_EVENTTYPE EventType, + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *VarData, + IN UINTN VarSize + ) +{ + EFI_STATUS Status; + TCG_PCR_EVENT_HDR TcgEvent; + UINTN VarNameLength; + UEFI_VARIABLE_DATA *VarLog; + + DEBUG ((EFI_D_INFO, "Tcg2Dxe: MeasureVariable (Pcr - %x, EventType - %x, ", (UINTN)PCRIndex, (UINTN)EventType)); + DEBUG ((EFI_D_INFO, "VariableName - %s, VendorGuid - %g)\n", VarName, VendorGuid)); + + VarNameLength = StrLen (VarName); + TcgEvent.PCRIndex = PCRIndex; + TcgEvent.EventType = EventType; + + TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize + - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); + + VarLog = (UEFI_VARIABLE_DATA *)AllocatePool (TcgEvent.EventSize); + if (VarLog == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + VarLog->VariableName = *VendorGuid; + VarLog->UnicodeNameLength = VarNameLength; + VarLog->VariableDataLength = VarSize; + CopyMem ( + VarLog->UnicodeName, + VarName, + VarNameLength * sizeof (*VarName) + ); + if (VarSize != 0 && VarData != NULL) { + CopyMem ( + (CHAR16 *)VarLog->UnicodeName + VarNameLength, + VarData, + VarSize + ); + } + + if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) { + // + // Digest is the event data (UEFI_VARIABLE_DATA) + // + Status = TcgDxeHashLogExtendEvent ( + 0, + (UINT8*)VarLog, + TcgEvent.EventSize, + &TcgEvent, + (UINT8*)VarLog + ); + } else { + ASSERT (VarData != NULL); + Status = TcgDxeHashLogExtendEvent ( + 0, + (UINT8*)VarData, + VarSize, + &TcgEvent, + (UINT8*)VarLog + ); + } + FreePool (VarLog); + return Status; +} + +/** + Read then Measure and log an EFI variable, and extend the measurement result into a specific PCR. + + @param[in] PCRIndex PCR Index. + @param[in] EventType Event type. + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[out] VarSize The size of the variable data. + @param[out] VarData Pointer to the content of the variable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +ReadAndMeasureVariable ( + IN TPM_PCRINDEX PCRIndex, + IN TCG_EVENTTYPE EventType, + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + OUT UINTN *VarSize, + OUT VOID **VarData + ) +{ + EFI_STATUS Status; + + Status = GetVariable2 (VarName, VendorGuid, VarData, VarSize); + if (EventType == EV_EFI_VARIABLE_DRIVER_CONFIG) { + if (EFI_ERROR (Status)) { + // + // It is valid case, so we need handle it. + // + *VarData = NULL; + *VarSize = 0; + } + } else { + // + // if status error, VarData is freed and set NULL by GetVariable2 + // + if (EFI_ERROR (Status)) { + return EFI_NOT_FOUND; + } + } + + Status = MeasureVariable ( + PCRIndex, + EventType, + VarName, + VendorGuid, + *VarData, + *VarSize + ); + return Status; +} + +/** + Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[1]. +according to TCG PC Client PFP spec 0021 Section 2.4.4.2 + + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[out] VarSize The size of the variable data. + @param[out] VarData Pointer to the content of the variable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +ReadAndMeasureBootVariable ( + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + OUT UINTN *VarSize, + OUT VOID **VarData + ) +{ + return ReadAndMeasureVariable ( + 1, + EV_EFI_VARIABLE_BOOT, + VarName, + VendorGuid, + VarSize, + VarData + ); +} + +/** + Read then Measure and log an EFI Secure variable, and extend the measurement result into PCR[7]. + + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[out] VarSize The size of the variable data. + @param[out] VarData Pointer to the content of the variable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +ReadAndMeasureSecureVariable ( + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + OUT UINTN *VarSize, + OUT VOID **VarData + ) +{ + return ReadAndMeasureVariable ( + 7, + EV_EFI_VARIABLE_DRIVER_CONFIG, + VarName, + VendorGuid, + VarSize, + VarData + ); +} + +/** + Measure and log all EFI boot variables, and extend the measurement result into a specific PCR. + + The EFI boot variables are BootOrder and Boot#### variables. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +MeasureAllBootVariables ( + VOID + ) +{ + EFI_STATUS Status; + UINT16 *BootOrder; + UINTN BootCount; + UINTN Index; + VOID *BootVarData; + UINTN Size; + + Status = ReadAndMeasureBootVariable ( + mBootVarName, + &gEfiGlobalVariableGuid, + &BootCount, + (VOID **) &BootOrder + ); + if (Status == EFI_NOT_FOUND || BootOrder == NULL) { + return EFI_SUCCESS; + } + + if (EFI_ERROR (Status)) { + // + // BootOrder can't be NULL if status is not EFI_NOT_FOUND + // + FreePool (BootOrder); + return Status; + } + + BootCount /= sizeof (*BootOrder); + for (Index = 0; Index < BootCount; Index++) { + UnicodeSPrint (mBootVarName, sizeof (mBootVarName), L"Boot%04x", BootOrder[Index]); + Status = ReadAndMeasureBootVariable ( + mBootVarName, + &gEfiGlobalVariableGuid, + &Size, + &BootVarData + ); + if (!EFI_ERROR (Status)) { + FreePool (BootVarData); + } + } + + FreePool (BootOrder); + return EFI_SUCCESS; +} + +/** + Measure and log all EFI Secure variables, and extend the measurement result into a specific PCR. + + The EFI boot variables are BootOrder and Boot#### variables. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +MeasureAllSecureVariables ( + VOID + ) +{ + EFI_STATUS Status; + VOID *Data; + UINTN DataSize; + UINTN Index; + + Status = EFI_NOT_FOUND; + for (Index = 0; Index < sizeof(mVariableType)/sizeof(mVariableType[0]); Index++) { + Status = ReadAndMeasureSecureVariable ( + mVariableType[Index].VariableName, + mVariableType[Index].VendorGuid, + &DataSize, + &Data + ); + if (!EFI_ERROR (Status)) { + if (Data != NULL) { + FreePool (Data); + } + } + } + + // + // Measure DBT if present and not empty + // + Status = GetVariable2 (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, &Data, &DataSize); + if (!EFI_ERROR(Status)) { + Status = MeasureVariable ( + 7, + EV_EFI_VARIABLE_DRIVER_CONFIG, + EFI_IMAGE_SECURITY_DATABASE2, + &gEfiImageSecurityDatabaseGuid, + Data, + DataSize + ); + FreePool(Data); + } else { + DEBUG((DEBUG_INFO, "Skip measuring variable %s since it's deleted\n", EFI_IMAGE_SECURITY_DATABASE2)); + } + + return EFI_SUCCESS; +} + +/** + Measure and log launch of FirmwareDebugger, and extend the measurement result into a specific PCR. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +MeasureLaunchOfFirmwareDebugger ( + VOID + ) +{ + TCG_PCR_EVENT_HDR TcgEvent; + + TcgEvent.PCRIndex = 7; + TcgEvent.EventType = EV_EFI_ACTION; + TcgEvent.EventSize = sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1; + return TcgDxeHashLogExtendEvent ( + 0, + (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING, + sizeof(FIRMWARE_DEBUGGER_EVENT_STRING) - 1, + &TcgEvent, + (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING + ); +} + +/** + Measure and log all Secure Boot Policy, and extend the measurement result into a specific PCR. + + Platform firmware adhering to the policy must therefore measure the following values into PCR[7]: (in order listed) + - The contents of the SecureBoot variable + - The contents of the PK variable + - The contents of the KEK variable + - The contents of the EFI_IMAGE_SECURITY_DATABASE variable + - The contents of the EFI_IMAGE_SECURITY_DATABASE1 variable + - Separator + - Entries in the EFI_IMAGE_SECURITY_DATABASE that are used to validate EFI Drivers or EFI Boot Applications in the boot path + + NOTE: Because of the above, UEFI variables PK, KEK, EFI_IMAGE_SECURITY_DATABASE, + EFI_IMAGE_SECURITY_DATABASE1 and SecureBoot SHALL NOT be measured into PCR[3]. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context +**/ +VOID +EFIAPI +MeasureSecureBootPolicy ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + VOID *Protocol; + + Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, (VOID **)&Protocol); + if (EFI_ERROR (Status)) { + return; + } + + if (PcdGetBool (PcdFirmwareDebuggerInitialized)) { + Status = MeasureLaunchOfFirmwareDebugger (); + DEBUG ((EFI_D_INFO, "MeasureLaunchOfFirmwareDebugger - %r\n", Status)); + } + + Status = MeasureAllSecureVariables (); + DEBUG ((EFI_D_INFO, "MeasureAllSecureVariables - %r\n", Status)); + + // + // We need measure Separator(7) here, because this event must be between SecureBootPolicy (Configure) + // and ImageVerification (Authority) + // There might be a case that we need measure UEFI image from DriverOrder, besides BootOrder. So + // the Authority measurement happen before ReadToBoot event. + // + Status = MeasureSeparatorEvent (7); + DEBUG ((EFI_D_INFO, "MeasureSeparatorEvent - %r\n", Status)); + return ; +} + +/** + Ready to Boot Event notification handler. + + Sequence of OS boot events is measured in this event notification handler. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context + +**/ +VOID +EFIAPI +OnReadyToBoot ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + TPM_PCRINDEX PcrIndex; + + PERF_START_EX (mImageHandle, "EventRec", "Tcg2Dxe", 0, PERF_ID_TCG2_DXE); + if (mBootAttempts == 0) { + + // + // Measure handoff tables. + // + Status = MeasureHandoffTables (); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "HOBs not Measured. Error!\n")); + } + + // + // Measure BootOrder & Boot#### variables. + // + Status = MeasureAllBootVariables (); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Boot Variables not Measured. Error!\n")); + } + + // + // 1. This is the first boot attempt. + // + Status = TcgMeasureAction ( + 4, + EFI_CALLING_EFI_APPLICATION + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION)); + } + + // + // 2. Draw a line between pre-boot env and entering post-boot env. + // PCR[7] is already done. + // + for (PcrIndex = 0; PcrIndex < 7; PcrIndex++) { + Status = MeasureSeparatorEvent (PcrIndex); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Separator Event not Measured. Error!\n")); + } + } + + // + // 3. Measure GPT. It would be done in SAP driver. + // + + // + // 4. Measure PE/COFF OS loader. It would be done in SAP driver. + // + + // + // 5. Read & Measure variable. BootOrder already measured. + // + } else { + // + // 6. Not first attempt, meaning a return from last attempt + // + Status = TcgMeasureAction ( + 4, + EFI_RETURNING_FROM_EFI_APPLICATION + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATION)); + } + + // + // 7. Next boot attempt, measure "Calling EFI Application from Boot Option" again + // TCG PC Client PFP spec Section 2.4.4.5 Step 4 + // + Status = TcgMeasureAction ( + 4, + EFI_CALLING_EFI_APPLICATION + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION)); + } + } + + DEBUG ((EFI_D_INFO, "TPM2 Tcg2Dxe Measure Data when ReadyToBoot\n")); + // + // Increase boot attempt counter. + // + mBootAttempts++; + PERF_END_EX (mImageHandle, "EventRec", "Tcg2Dxe", 0, PERF_ID_TCG2_DXE + 1); +} + +/** + Exit Boot Services Event notification handler. + + Measure invocation and success of ExitBootServices. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context + +**/ +VOID +EFIAPI +OnExitBootServices ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + + // + // Measure invocation of ExitBootServices, + // + Status = TcgMeasureAction ( + 5, + EFI_EXIT_BOOT_SERVICES_INVOCATION + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION)); + } + + // + // Measure success of ExitBootServices + // + Status = TcgMeasureAction ( + 5, + EFI_EXIT_BOOT_SERVICES_SUCCEEDED + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED)); + } +} + +/** + Exit Boot Services Failed Event notification handler. + + Measure Failure of ExitBootServices. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context + +**/ +VOID +EFIAPI +OnExitBootServicesFailed ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + + // + // Measure Failure of ExitBootServices, + // + Status = TcgMeasureAction ( + 5, + EFI_EXIT_BOOT_SERVICES_FAILED + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED)); + } + +} + +/** + This routine is called to properly shutdown the TPM before system reset. + It follow chapter "12.2.3 Startup State" in Trusted Platform Module Library + Part 1: Architecture, Revision 01.16. + + @param[in] ResetType The type of reset to perform. + @param[in] ResetStatus The status code for the reset. + @param[in] DataSize The size, in bytes, of ResetData. + @param[in] ResetData For a ResetType of EfiResetCold, EfiResetWarm, or + EfiResetShutdown the data buffer starts with a Null-terminated + string, optionally followed by additional binary data. + The string is a description that the caller may use to further + indicate the reason for the system reset. + For a ResetType of EfiResetPlatformSpecific the data buffer + also starts with a Null-terminated string that is followed + by an EFI_GUID that describes the specific type of reset to perform. +**/ +VOID +EFIAPI +ShutdownTpmOnReset ( + IN EFI_RESET_TYPE ResetType, + IN EFI_STATUS ResetStatus, + IN UINTN DataSize, + IN VOID *ResetData OPTIONAL + ) +{ + EFI_STATUS Status; + Status = Tpm2Shutdown (TPM_SU_CLEAR); + DEBUG ((DEBUG_VERBOSE, "Tpm2Shutdown (SU_CLEAR) - %r\n", Status)); +} + +/** + Hook the system reset to properly shutdown TPM. + It follow chapter "12.2.3 Startup State" in Trusted Platform Module Library + Part 1: Architecture, Revision 01.16. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context +**/ +VOID +EFIAPI +OnResetNotificationInstall ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + EFI_RESET_NOTIFICATION_PROTOCOL *ResetNotify; + + Status = gBS->LocateProtocol (&gEfiResetNotificationProtocolGuid, NULL, (VOID **) &ResetNotify); + if (!EFI_ERROR (Status)) { + Status = ResetNotify->RegisterResetNotify (ResetNotify, ShutdownTpmOnReset); + ASSERT_EFI_ERROR (Status); + DEBUG ((DEBUG_VERBOSE, "TCG2: Hook system reset to properly shutdown TPM.\n")); + + gBS->CloseEvent (Event); + } +} + +/** + The function install Tcg2 protocol. + + @retval EFI_SUCCESS Tcg2 protocol is installed. + @retval other Some error occurs. +**/ +EFI_STATUS +InstallTcg2 ( + VOID + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + + Handle = NULL; + Status = gBS->InstallMultipleProtocolInterfaces ( + &Handle, + &gEfiTcg2ProtocolGuid, + &mTcg2Protocol, + NULL + ); + return Status; +} + +/** + The driver's entry point. It publishes EFI Tcg2 Protocol. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. +**/ +EFI_STATUS +EFIAPI +DriverEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_EVENT Event; + VOID *Registration; + UINT32 MaxCommandSize; + UINT32 MaxResponseSize; + UINTN Index; + EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; + UINT32 ActivePCRBanks; + UINT32 NumberOfPCRBanks; + + mImageHandle = ImageHandle; + + if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) || + CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); + return EFI_UNSUPPORTED; + } + + if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { + DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); + return EFI_DEVICE_ERROR; + } + + Status = Tpm2RequestUseTpm (); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "TPM2 not detected!\n")); + return Status; + } + + // + // Fill information + // + ASSERT (TCG_EVENT_LOG_AREA_COUNT_MAX == sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0])); + + mTcgDxeData.BsCap.Size = sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY); + mTcgDxeData.BsCap.ProtocolVersion.Major = 1; + mTcgDxeData.BsCap.ProtocolVersion.Minor = 1; + mTcgDxeData.BsCap.StructureVersion.Major = 1; + mTcgDxeData.BsCap.StructureVersion.Minor = 1; + + DEBUG ((EFI_D_INFO, "Tcg2.ProtocolVersion - %02x.%02x\n", mTcgDxeData.BsCap.ProtocolVersion.Major, mTcgDxeData.BsCap.ProtocolVersion.Minor)); + DEBUG ((EFI_D_INFO, "Tcg2.StructureVersion - %02x.%02x\n", mTcgDxeData.BsCap.StructureVersion.Major, mTcgDxeData.BsCap.StructureVersion.Minor)); + + Status = Tpm2GetCapabilityManufactureID (&mTcgDxeData.BsCap.ManufacturerID); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityManufactureID fail!\n")); + } else { + DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityManufactureID - %08x\n", mTcgDxeData.BsCap.ManufacturerID)); + } + + DEBUG_CODE ( + UINT32 FirmwareVersion1; + UINT32 FirmwareVersion2; + + Status = Tpm2GetCapabilityFirmwareVersion (&FirmwareVersion1, &FirmwareVersion2); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityFirmwareVersion fail!\n")); + } else { + DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityFirmwareVersion - %08x %08x\n", FirmwareVersion1, FirmwareVersion2)); + } + ); + + Status = Tpm2GetCapabilityMaxCommandResponseSize (&MaxCommandSize, &MaxResponseSize); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityMaxCommandResponseSize fail!\n")); + } else { + mTcgDxeData.BsCap.MaxCommandSize = (UINT16)MaxCommandSize; + mTcgDxeData.BsCap.MaxResponseSize = (UINT16)MaxResponseSize; + DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityMaxCommandResponseSize - %08x, %08x\n", MaxCommandSize, MaxResponseSize)); + } + + // + // Get supported PCR and current Active PCRs + // + Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePCRBanks); + ASSERT_EFI_ERROR (Status); + + mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap); + mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap); + + // + // Need calculate NumberOfPCRBanks here, because HashAlgorithmBitmap might be removed by PCD. + // + NumberOfPCRBanks = 0; + for (Index = 0; Index < 32; Index++) { + if ((mTcgDxeData.BsCap.HashAlgorithmBitmap & (1u << Index)) != 0) { + NumberOfPCRBanks++; + } + } + + if (PcdGet32 (PcdTcg2NumberOfPCRBanks) == 0) { + mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks; + } else { + mTcgDxeData.BsCap.NumberOfPCRBanks = PcdGet32 (PcdTcg2NumberOfPCRBanks); + if (PcdGet32 (PcdTcg2NumberOfPCRBanks) > NumberOfPCRBanks) { + DEBUG ((EFI_D_ERROR, "ERROR: PcdTcg2NumberOfPCRBanks(0x%x) > NumberOfPCRBanks(0x%x)\n", PcdGet32 (PcdTcg2NumberOfPCRBanks), NumberOfPCRBanks)); + mTcgDxeData.BsCap.NumberOfPCRBanks = NumberOfPCRBanks; + } + } + + mTcgDxeData.BsCap.SupportedEventLogs = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2; + if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) == 0) { + // + // No need to expose TCG1.2 event log if SHA1 bank does not exist. + // + mTcgDxeData.BsCap.SupportedEventLogs &= ~EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2; + } + + DEBUG ((EFI_D_INFO, "Tcg2.SupportedEventLogs - 0x%08x\n", mTcgDxeData.BsCap.SupportedEventLogs)); + DEBUG ((EFI_D_INFO, "Tcg2.HashAlgorithmBitmap - 0x%08x\n", mTcgDxeData.BsCap.HashAlgorithmBitmap)); + DEBUG ((EFI_D_INFO, "Tcg2.NumberOfPCRBanks - 0x%08x\n", mTcgDxeData.BsCap.NumberOfPCRBanks)); + DEBUG ((EFI_D_INFO, "Tcg2.ActivePcrBanks - 0x%08x\n", mTcgDxeData.BsCap.ActivePcrBanks)); + + if (mTcgDxeData.BsCap.TPMPresentFlag) { + // + // Setup the log area and copy event log from hob list to it + // + Status = SetupEventLog (); + ASSERT_EFI_ERROR (Status); + + // + // Measure handoff tables, Boot#### variables etc. + // + Status = EfiCreateEventReadyToBootEx ( + TPL_CALLBACK, + OnReadyToBoot, + NULL, + &Event + ); + + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + OnExitBootServices, + NULL, + &gEfiEventExitBootServicesGuid, + &Event + ); + + // + // Measure Exit Boot Service failed + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + OnExitBootServicesFailed, + NULL, + &gEventExitBootServicesFailedGuid, + &Event + ); + + // + // Create event callback, because we need access variable on SecureBootPolicyVariable + // We should use VariableWriteArch instead of VariableArch, because Variable driver + // may update SecureBoot value based on last setting. + // + EfiCreateProtocolNotifyEvent (&gEfiVariableWriteArchProtocolGuid, TPL_CALLBACK, MeasureSecureBootPolicy, NULL, &Registration); + + // + // Hook the system reset to properly shutdown TPM. + // + EfiCreateProtocolNotifyEvent (&gEfiResetNotificationProtocolGuid, TPL_CALLBACK, OnResetNotificationInstall, NULL, &Registration); + } + + // + // Install Tcg2Protocol + // + Status = InstallTcg2 (); + DEBUG ((EFI_D_INFO, "InstallTcg2 - %r\n", Status)); + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf new file mode 100644 index 00000000..0b839ad2 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -0,0 +1,119 @@ +## @file +# Produces Tcg2 protocol and measure boot environment +# +# Spec Compliance Info: +# "TCG PC Client Platform Firmware Profile Specification for TPM Family 2.0 Level 00 Revision 1.03 v51" +# along with +# "Errata for PC Client Specific Platform Firmware Profile Specification Version 1.0 Revision 1.03" +# "TCG EFI Protocol Specification" "Family 2.0" "Level 00 Revision 00.13" +# along with +# "Errata Version 0.5 for TCG EFI Protocol Specification" +# +# This module will produce Tcg2 protocol and measure boot environment. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - PE/COFF image. +# This external input must be validated carefully to avoid security issue like +# buffer overflow, integer overflow. +# +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2Dxe + MODULE_UNI_FILE = Tcg2Dxe.uni + FILE_GUID = FDFF263D-5F68-4591-87BA-B768F445A9AF + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = DriverEntry + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + Tcg2Dxe.c + MeasureBootPeCoff.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + MemoryAllocationLib + BaseLib + UefiBootServicesTableLib + HobLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + PrintLib + UefiLib + Tpm2DeviceLib + HashLib + PerformanceLib + ReportStatusCodeLib + Tcg2PhysicalPresenceLib + PeCoffLib + +[Guids] + ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" + ## SOMETIMES_CONSUMES ## Variable:L"PK" + ## SOMETIMES_CONSUMES ## Variable:L"KEK" + ## SOMETIMES_CONSUMES ## Variable:L"BootXXXX" + gEfiGlobalVariableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"db" + ## SOMETIMES_CONSUMES ## Variable:L"dbx" + gEfiImageSecurityDatabaseGuid + + gTcgEventEntryHobGuid ## SOMETIMES_CONSUMES ## HOB + gTpmErrorHobGuid ## SOMETIMES_CONSUMES ## HOB + gEfiEventExitBootServicesGuid ## CONSUMES ## Event + gEventExitBootServicesFailedGuid ## SOMETIMES_CONSUMES ## Event + gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_CONSUMES ## GUID # TPM device identifier + gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_CONSUMES ## GUID # TPM device identifier + + gTcgEvent2EntryHobGuid ## SOMETIMES_CONSUMES ## HOB + gTpm2StartupLocalityHobGuid ## SOMETIMES_CONSUMES ## HOB + gTcg800155PlatformIdEventHobGuid ## SOMETIMES_CONSUMES ## HOB + +[Protocols] + gEfiTcg2ProtocolGuid ## PRODUCES + gEfiTcg2FinalEventsTableGuid ## PRODUCES + gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES + gEfiVariableWriteArchProtocolGuid ## NOTIFY + gEfiResetNotificationProtocolGuid ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLaml ## PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLasa ## PRODUCES + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES + +[Depex] + # According to PcdTpm2AcpiTableRev definition in SecurityPkg.dec + # This PCD should be configured at DynamicHii or DynamicHiiEx. + # So, this PCD read operation depends on GetVariable service. + # Add VariableArch protocol dependency to make sure PCD read works. + gEfiVariableArchProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + Tcg2DxeExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.uni new file mode 100644 index 00000000..b07c5243 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.uni @@ -0,0 +1,21 @@ +// /** @file
+// Produces TCG2 protocol and measure boot environment
+//
+// This module will produce TCG2 protocol and measure boot environment.
+//
+// Caution: This module requires additional review when modified.
+// This driver will have external input - PE/COFF image.
+// This external input must be validated carefully to avoid security issue like
+// buffer overflow, integer overflow.
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Produces TCG2 protocol and measure boot environment"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module will produce TCG2 protocol and measure boot environment."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2DxeExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2DxeExtra.uni new file mode 100644 index 00000000..99b0ff0f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Dxe/Tcg2DxeExtra.uni @@ -0,0 +1,12 @@ +// /** @file
+// Tcg2Dxe Localized Strings and Content
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG2 (Trusted Computing Group) DXE"
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c new file mode 100644 index 00000000..a54a0b2f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -0,0 +1,1124 @@ +/** @file + Initialize TPM2 device and measure FVs before handing off control to DXE. + +Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> + +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Ppi/FirmwareVolumeInfo.h> +#include <Ppi/FirmwareVolumeInfo2.h> +#include <Ppi/TpmInitialized.h> +#include <Ppi/FirmwareVolume.h> +#include <Ppi/EndOfPeiPhase.h> +#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h> +#include <Ppi/FirmwareVolumeInfoPrehashedFV.h> +#include <Ppi/Tcg.h> + +#include <Guid/TcgEventHob.h> +#include <Guid/MeasuredFvHob.h> +#include <Guid/TpmInstance.h> +#include <Guid/MigratedFvInfo.h> + +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/PeiServicesLib.h> +#include <Library/PeimEntryPoint.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tpm2DeviceLib.h> +#include <Library/HashLib.h> +#include <Library/HobLib.h> +#include <Library/PcdLib.h> +#include <Library/PeiServicesTablePointerLib.h> +#include <Protocol/Tcg2Protocol.h> +#include <Library/PerformanceLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/ReportStatusCodeLib.h> +#include <Library/ResetSystemLib.h> +#include <Library/PrintLib.h> + +#define PERF_ID_TCG2_PEI 0x3080 + +typedef struct { + EFI_GUID *EventGuid; + EFI_TCG2_EVENT_LOG_FORMAT LogFormat; +} TCG2_EVENT_INFO_STRUCT; + +TCG2_EVENT_INFO_STRUCT mTcg2EventInfo[] = { + {&gTcgEventEntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2}, + {&gTcgEvent2EntryHobGuid, EFI_TCG2_EVENT_LOG_FORMAT_TCG_2}, +}; + +BOOLEAN mImageInMemory = FALSE; +EFI_PEI_FILE_HANDLE mFileHandle; + +EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiTpmInitializedPpiGuid, + NULL +}; + +EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiTpmInitializationDonePpiGuid, + NULL +}; + +/** + Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, + and build a GUIDed HOB recording the event which will be passed to the DXE phase and + added into the Event Log. + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information. + @param[in] HashData If BIT0 of Flags is 0, it is physical address of the + start of the data buffer to be hashed, extended, and logged. + If BIT0 of Flags is 1, it is physical address of the + start of the pre-hash data buffter to be extended, and logged. + The pre-hash data format is TPML_DIGEST_VALUES. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +HashLogExtendEvent ( + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ); + +EDKII_TCG_PPI mEdkiiTcgPpi = { + HashLogExtendEvent +}; + +EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gEdkiiTcgPpiGuid, + &mEdkiiTcgPpi +}; + +// +// Number of firmware blobs to grow by each time we run out of room +// +#define FIRMWARE_BLOB_GROWTH_STEP 4 + +EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; +UINT32 mMeasuredMaxBaseFvIndex = 0; +UINT32 mMeasuredBaseFvIndex = 0; + +EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; +UINT32 mMeasuredMaxChildFvIndex = 0; +UINT32 mMeasuredChildFvIndex = 0; + +#pragma pack (1) + +#define FV_HANDOFF_TABLE_DESC "Fv(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)" +typedef struct { + UINT8 BlobDescriptionSize; + UINT8 BlobDescription[sizeof(FV_HANDOFF_TABLE_DESC)]; + EFI_PHYSICAL_ADDRESS BlobBase; + UINT64 BlobLength; +} FV_HANDOFF_TABLE_POINTERS2; + +#pragma pack () + +/** + Measure and record the Firmware Volume Information once FvInfoPPI install. + + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. + @return Others Fail to measure FV. + +**/ +EFI_STATUS +EFIAPI +FirmwareVolumeInfoPpiNotifyCallback ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ); + +/** + Record all measured Firmware Volume Information into a Guid Hob + + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. + @return Others Fail to measure FV. + +**/ +EFI_STATUS +EFIAPI +EndofPeiSignalNotifyCallBack ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { + { + EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, + &gEfiPeiFirmwareVolumeInfoPpiGuid, + FirmwareVolumeInfoPpiNotifyCallback + }, + { + EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, + &gEfiPeiFirmwareVolumeInfo2PpiGuid, + FirmwareVolumeInfoPpiNotifyCallback + }, + { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEfiEndOfPeiSignalPpiGuid, + EndofPeiSignalNotifyCallBack + } +}; + + +/** + Record all measured Firmware Volume Information into a Guid Hob + Guid Hob payload layout is + + UINT32 *************************** FIRMWARE_BLOB number + EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array + + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. + @return Others Fail to measure FV. + +**/ +EFI_STATUS +EFIAPI +EndofPeiSignalNotifyCallBack ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ) +{ + MEASURED_HOB_DATA *MeasuredHobData; + + MeasuredHobData = NULL; + + PERF_CALLBACK_BEGIN (&gEfiEndOfPeiSignalPpiGuid); + + // + // Create a Guid hob to save all measured Fv + // + MeasuredHobData = BuildGuidHob( + &gMeasuredFvHobGuid, + sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) + ); + + if (MeasuredHobData != NULL){ + // + // Save measured FV info enty number + // + MeasuredHobData->Num = mMeasuredBaseFvIndex + mMeasuredChildFvIndex; + + // + // Save measured base Fv info + // + CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); + + // + // Save measured child Fv info + // + CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex)); + } + + PERF_CALLBACK_END (&gEfiEndOfPeiSignalPpiGuid); + + return EFI_SUCCESS; +} + +/** + Make sure that the current PCR allocations, the TPM supported PCRs, + and the PcdTpm2HashMask are all in agreement. +**/ +VOID +SyncPcrAllocationsAndPcrMask ( + VOID + ) +{ + EFI_STATUS Status; + EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap; + UINT32 TpmActivePcrBanks; + UINT32 NewTpmActivePcrBanks; + UINT32 Tpm2PcrMask; + UINT32 NewTpm2PcrMask; + + DEBUG ((EFI_D_ERROR, "SyncPcrAllocationsAndPcrMask!\n")); + + // + // Determine the current TPM support and the Platform PCR mask. + // + Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &TpmActivePcrBanks); + ASSERT_EFI_ERROR (Status); + + Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask); + if (Tpm2PcrMask == 0) { + // + // if PcdTPm2HashMask is zero, use ActivePcr setting + // + PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks); + Tpm2PcrMask = TpmActivePcrBanks; + } + + // + // Find the intersection of Pcd support and TPM support. + // If banks are missing from the TPM support that are in the PCD, update the PCD. + // If banks are missing from the PCD that are active in the TPM, reallocate the banks and reboot. + // + + // + // If there are active PCR banks that are not supported by the Platform mask, + // update the TPM allocations and reboot the machine. + // + if ((TpmActivePcrBanks & Tpm2PcrMask) != TpmActivePcrBanks) { + NewTpmActivePcrBanks = TpmActivePcrBanks & Tpm2PcrMask; + + DEBUG ((EFI_D_INFO, "%a - Reallocating PCR banks from 0x%X to 0x%X.\n", __FUNCTION__, TpmActivePcrBanks, NewTpmActivePcrBanks)); + if (NewTpmActivePcrBanks == 0) { + DEBUG ((EFI_D_ERROR, "%a - No viable PCRs active! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); + ASSERT (FALSE); + } else { + Status = Tpm2PcrAllocateBanks (NULL, (UINT32)TpmHashAlgorithmBitmap, NewTpmActivePcrBanks); + if (EFI_ERROR (Status)) { + // + // We can't do much here, but we hope that this doesn't happen. + // + DEBUG ((EFI_D_ERROR, "%a - Failed to reallocate PCRs!\n", __FUNCTION__)); + ASSERT_EFI_ERROR (Status); + } + // + // Need reset system, since we just called Tpm2PcrAllocateBanks(). + // + ResetCold(); + } + } + + // + // If there are any PCRs that claim support in the Platform mask that are + // not supported by the TPM, update the mask. + // + if ((Tpm2PcrMask & TpmHashAlgorithmBitmap) != Tpm2PcrMask) { + NewTpm2PcrMask = Tpm2PcrMask & TpmHashAlgorithmBitmap; + + DEBUG ((EFI_D_INFO, "%a - Updating PcdTpm2HashMask from 0x%X to 0x%X.\n", __FUNCTION__, Tpm2PcrMask, NewTpm2PcrMask)); + if (NewTpm2PcrMask == 0) { + DEBUG ((EFI_D_ERROR, "%a - No viable PCRs supported! Please set a less restrictive value for PcdTpm2HashMask!\n", __FUNCTION__)); + ASSERT (FALSE); + } + + Status = PcdSet32S (PcdTpm2HashMask, NewTpm2PcrMask); + ASSERT_EFI_ERROR (Status); + } +} + +/** + Add a new entry to the Event Log. + + @param[in] DigestList A list of digest. + @param[in,out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS The new event log entry was added. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. +**/ +EFI_STATUS +LogHashEvent ( + IN TPML_DIGEST_VALUES *DigestList, + IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ) +{ + VOID *HobData; + EFI_STATUS Status; + UINTN Index; + EFI_STATUS RetStatus; + UINT32 SupportedEventLogs; + TCG_PCR_EVENT2 *TcgPcrEvent2; + UINT8 *DigestBuffer; + + SupportedEventLogs = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2; + + RetStatus = EFI_SUCCESS; + for (Index = 0; Index < sizeof(mTcg2EventInfo)/sizeof(mTcg2EventInfo[0]); Index++) { + if ((SupportedEventLogs & mTcg2EventInfo[Index].LogFormat) != 0) { + DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat)); + switch (mTcg2EventInfo[Index].LogFormat) { + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2: + Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest); + if (!EFI_ERROR (Status)) { + HobData = BuildGuidHob ( + &gTcgEventEntryHobGuid, + sizeof (*NewEventHdr) + NewEventHdr->EventSize + ); + if (HobData == NULL) { + RetStatus = EFI_OUT_OF_RESOURCES; + break; + } + + CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr)); + HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr)); + CopyMem (HobData, NewEventData, NewEventHdr->EventSize); + } + break; + case EFI_TCG2_EVENT_LOG_FORMAT_TCG_2: + // + // Use GetDigestListSize (DigestList) in the GUID HOB DataLength calculation + // to reserve enough buffer to hold TPML_DIGEST_VALUES compact binary. + // + HobData = BuildGuidHob ( + &gTcgEvent2EntryHobGuid, + sizeof(TcgPcrEvent2->PCRIndex) + sizeof(TcgPcrEvent2->EventType) + GetDigestListSize (DigestList) + sizeof(TcgPcrEvent2->EventSize) + NewEventHdr->EventSize + ); + if (HobData == NULL) { + RetStatus = EFI_OUT_OF_RESOURCES; + break; + } + + TcgPcrEvent2 = HobData; + TcgPcrEvent2->PCRIndex = NewEventHdr->PCRIndex; + TcgPcrEvent2->EventType = NewEventHdr->EventType; + DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest; + DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, PcdGet32 (PcdTpm2HashMask)); + CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(TcgPcrEvent2->EventSize)); + DigestBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize); + CopyMem (DigestBuffer, NewEventData, NewEventHdr->EventSize); + break; + } + } + } + + return RetStatus; +} + +/** + Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, + and build a GUIDed HOB recording the event which will be passed to the DXE phase and + added into the Event Log. + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information. + @param[in] HashData If BIT0 of Flags is 0, it is physical address of the + start of the data buffer to be hashed, extended, and logged. + If BIT0 of Flags is 1, it is physical address of the + start of the pre-hash data buffter to be extended, and logged. + The pre-hash data format is TPML_DIGEST_VALUES. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +HashLogExtendEvent ( + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ) +{ + EFI_STATUS Status; + TPML_DIGEST_VALUES DigestList; + + if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { + return EFI_DEVICE_ERROR; + } + + if ((Flags & EDKII_TCG_PRE_HASH) != 0 || (Flags & EDKII_TCG_PRE_HASH_LOG_ONLY) != 0) { + ZeroMem (&DigestList, sizeof(DigestList)); + CopyMem (&DigestList, HashData, sizeof(DigestList)); + Status = EFI_SUCCESS; + if ((Flags & EDKII_TCG_PRE_HASH) !=0 ) { + Status = Tpm2PcrExtend ( + NewEventHdr->PCRIndex, + &DigestList + ); + } + } else { + Status = HashAndExtend ( + NewEventHdr->PCRIndex, + HashData, + HashDataLen, + &DigestList + ); + } + if (!EFI_ERROR (Status)) { + Status = LogHashEvent (&DigestList, NewEventHdr, NewEventData); + } + + if (Status == EFI_DEVICE_ERROR) { + DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status)); + BuildGuidHob (&gTpmErrorHobGuid,0); + REPORT_STATUS_CODE ( + EFI_ERROR_CODE | EFI_ERROR_MINOR, + (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + ); + } + + return Status; +} + +/** + Measure CRTM version. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +MeasureCRTMVersion ( + VOID + ) +{ + TCG_PCR_EVENT_HDR TcgEventHdr; + + // + // Use FirmwareVersion string to represent CRTM version. + // OEMs should get real CRTM version string and measure it. + // + + TcgEventHdr.PCRIndex = 0; + TcgEventHdr.EventType = EV_S_CRTM_VERSION; + TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString)); + + return HashLogExtendEvent ( + &mEdkiiTcgPpi, + 0, + (UINT8*)PcdGetPtr (PcdFirmwareVersionString), + TcgEventHdr.EventSize, + &TcgEventHdr, + (UINT8*)PcdGetPtr (PcdFirmwareVersionString) + ); +} + +/** + Get the FvName from the FV header. + + Causion: The FV is untrusted input. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @return FvName pointer + @retval NULL FvName is NOT found +**/ +VOID * +GetFvName ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + EFI_FIRMWARE_VOLUME_HEADER *FvHeader; + EFI_FIRMWARE_VOLUME_EXT_HEADER *FvExtHeader; + + if (FvBase >= MAX_ADDRESS) { + return NULL; + } + if (FvLength >= MAX_ADDRESS - FvBase) { + return NULL; + } + if (FvLength < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + + FvHeader = (EFI_FIRMWARE_VOLUME_HEADER *)(UINTN)FvBase; + if (FvHeader->ExtHeaderOffset < sizeof(EFI_FIRMWARE_VOLUME_HEADER)) { + return NULL; + } + if (FvHeader->ExtHeaderOffset + sizeof(EFI_FIRMWARE_VOLUME_EXT_HEADER) > FvLength) { + return NULL; + } + FvExtHeader = (EFI_FIRMWARE_VOLUME_EXT_HEADER *)(UINTN)(FvBase + FvHeader->ExtHeaderOffset); + + return &FvExtHeader->FvName; +} + +/** + Measure FV image. + Add it into the measured FV list after the FV is measured successfully. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @retval EFI_SUCCESS Fv image is measured successfully + or it has been already measured. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +MeasureFvImage ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + UINT32 Index; + EFI_STATUS Status; + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + FV_HANDOFF_TABLE_POINTERS2 FvBlob2; + VOID *EventData; + VOID *FvName; + TCG_PCR_EVENT_HDR TcgEventHdr; + UINT32 Instance; + UINT32 Tpm2HashMask; + TPML_DIGEST_VALUES DigestList; + UINT32 DigestCount; + EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *MeasurementExcludedFvPpi; + EDKII_PEI_FIRMWARE_VOLUME_INFO_PREHASHED_FV_PPI *PrehashedFvPpi; + HASH_INFO *PreHashInfo; + UINT32 HashAlgoMask; + EFI_PHYSICAL_ADDRESS FvOrgBase; + EFI_PHYSICAL_ADDRESS FvDataBase; + EFI_PEI_HOB_POINTERS Hob; + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; + + // + // Check Excluded FV list + // + Instance = 0; + do { + Status = PeiServicesLocatePpi( + &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, + Instance, + NULL, + (VOID**)&MeasurementExcludedFvPpi + ); + if (!EFI_ERROR(Status)) { + for (Index = 0; Index < MeasurementExcludedFvPpi->Count; Index ++) { + if (MeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase + && MeasurementExcludedFvPpi->Fv[Index].FvLength == FvLength) { + DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei starts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The FV which is excluded by Tcg2Pei has the size: 0x%x\n", FvLength)); + return EFI_SUCCESS; + } + } + + Instance++; + } + } while (!EFI_ERROR(Status)); + + // + // Check measured FV list + // + for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) { + if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase && mMeasuredBaseFvInfo[Index].BlobLength == FvLength) { + DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei starts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The FV which is already measured by Tcg2Pei has the size: 0x%x\n", FvLength)); + return EFI_SUCCESS; + } + } + + // + // Check pre-hashed FV list + // + Instance = 0; + Tpm2HashMask = PcdGet32 (PcdTpm2HashMask); + do { + Status = PeiServicesLocatePpi ( + &gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid, + Instance, + NULL, + (VOID**)&PrehashedFvPpi + ); + if (!EFI_ERROR(Status) && PrehashedFvPpi->FvBase == FvBase && PrehashedFvPpi->FvLength == FvLength) { + ZeroMem (&DigestList, sizeof(TPML_DIGEST_VALUES)); + + // + // The FV is prehashed, check against TPM hash mask + // + PreHashInfo = (HASH_INFO *)(PrehashedFvPpi + 1); + for (Index = 0, DigestCount = 0; Index < PrehashedFvPpi->Count; Index++) { + DEBUG((DEBUG_INFO, "Hash Algo ID in PrehashedFvPpi=0x%x\n", PreHashInfo->HashAlgoId)); + HashAlgoMask = GetHashMaskFromAlgo(PreHashInfo->HashAlgoId); + if ((Tpm2HashMask & HashAlgoMask) != 0 ) { + // + // Hash is required, copy it to DigestList + // + WriteUnaligned16(&(DigestList.digests[DigestCount].hashAlg), PreHashInfo->HashAlgoId); + CopyMem ( + &DigestList.digests[DigestCount].digest, + PreHashInfo + 1, + PreHashInfo->HashSize + ); + DigestCount++; + // + // Clean the corresponding Hash Algo mask bit + // + Tpm2HashMask &= ~HashAlgoMask; + } + PreHashInfo = (HASH_INFO *)((UINT8 *)(PreHashInfo + 1) + PreHashInfo->HashSize); + } + + WriteUnaligned32(&DigestList.count, DigestCount); + + break; + } + Instance++; + } while (!EFI_ERROR(Status)); + + // + // Search the matched migration FV info + // + FvOrgBase = FvBase; + FvDataBase = FvBase; + Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); + while (Hob.Raw != NULL) { + MigratedFvInfo = GET_GUID_HOB_DATA (Hob); + if ((MigratedFvInfo->FvNewBase == (UINT32) FvBase) && (MigratedFvInfo->FvLength == (UINT32) FvLength)) { + // + // Found the migrated FV info + // + FvOrgBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvOrgBase; + FvDataBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvDataBase; + break; + } + Hob.Raw = GET_NEXT_HOB (Hob); + Hob.Raw = GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); + } + + // + // Init the log event for FV measurement + // + if (PcdGet32(PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105) { + FvBlob2.BlobDescriptionSize = sizeof(FvBlob2.BlobDescription); + CopyMem (FvBlob2.BlobDescription, FV_HANDOFF_TABLE_DESC, sizeof(FvBlob2.BlobDescription)); + FvName = GetFvName (FvBase, FvLength); + if (FvName != NULL) { + AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof(FvBlob2.BlobDescription), "Fv(%g)", FvName); + } + FvBlob2.BlobBase = FvOrgBase; + FvBlob2.BlobLength = FvLength; + TcgEventHdr.PCRIndex = 0; + TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB2; + TcgEventHdr.EventSize = sizeof (FvBlob2); + EventData = &FvBlob2; + } else { + FvBlob.BlobBase = FvOrgBase; + FvBlob.BlobLength = FvLength; + TcgEventHdr.PCRIndex = 0; + TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB; + TcgEventHdr.EventSize = sizeof (FvBlob); + EventData = &FvBlob; + } + + if (Tpm2HashMask == 0) { + // + // FV pre-hash algos comply with current TPM hash requirement + // Skip hashing step in measure, only extend DigestList to PCR and log event + // + Status = HashLogExtendEvent ( + &mEdkiiTcgPpi, + EDKII_TCG_PRE_HASH, + (UINT8*) &DigestList, // HashData + (UINTN) sizeof(DigestList), // HashDataLen + &TcgEventHdr, // EventHdr + EventData // EventData + ); + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei starts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The pre-hashed FV which is extended & logged by Tcg2Pei has the size: 0x%x\n", FvLength)); + } else { + // + // Hash the FV, extend digest to the TPM and log TCG event + // + Status = HashLogExtendEvent ( + &mEdkiiTcgPpi, + 0, + (UINT8*) (UINTN) FvDataBase, // HashData + (UINTN) FvLength, // HashDataLen + &TcgEventHdr, // EventHdr + EventData // EventData + ); + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei starts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The FV which is measured by Tcg2Pei has the size: 0x%x\n", FvLength)); + } + + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "The FV which failed to be measured starts at: 0x%x\n", FvBase)); + return Status; + } + + // + // Add new FV into the measured FV list. + // + if (mMeasuredBaseFvIndex >= mMeasuredMaxBaseFvIndex) { + mMeasuredBaseFvInfo = ReallocatePool ( + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasuredMaxBaseFvIndex, + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredMaxBaseFvIndex + FIRMWARE_BLOB_GROWTH_STEP), + mMeasuredBaseFvInfo + ); + ASSERT (mMeasuredBaseFvInfo != NULL); + mMeasuredMaxBaseFvIndex = mMeasuredMaxBaseFvIndex + FIRMWARE_BLOB_GROWTH_STEP; + } + + mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase; + mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength; + mMeasuredBaseFvIndex++; + + return Status; +} + +/** + Measure main BIOS. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +MeasureMainBios ( + VOID + ) +{ + EFI_STATUS Status; + EFI_PEI_FV_HANDLE VolumeHandle; + EFI_FV_INFO VolumeInfo; + EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; + + PERF_START_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI); + + // + // Only measure BFV at the very beginning. Other parts of Static Core Root of + // Trust for Measurement(S-CRTM) will be measured later on FvInfoNotify. + // BFV is processed without installing FV Info Ppi. Other FVs either inside BFV or + // reported by platform will be installed with Fv Info Ppi + // This firmware volume measure policy can be modified/enhanced by special + // platform for special CRTM TPM measuring. + // + Status = PeiServicesFfsFindNextVolume (0, &VolumeHandle); + ASSERT_EFI_ERROR (Status); + + // + // Measure and record the firmware volume that is dispatched by PeiCore + // + Status = PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo); + ASSERT_EFI_ERROR (Status); + // + // Locate the corresponding FV_PPI according to founded FV's format guid + // + Status = PeiServicesLocatePpi ( + &VolumeInfo.FvFormat, + 0, + NULL, + (VOID**)&FvPpi + ); + ASSERT_EFI_ERROR (Status); + + Status = MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize); + + PERF_END_EX (mFileHandle, "EventRec", "Tcg2Pei", 0, PERF_ID_TCG2_PEI + 1); + + return Status; +} + +/** + Measure and record the Firmware Volume Information once FvInfoPPI install. + + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. + @return Others Fail to measure FV. + +**/ +EFI_STATUS +EFIAPI +FirmwareVolumeInfoPpiNotifyCallback ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ) +{ + EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv; + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; + UINTN Index; + + Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi; + + // + // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi. + // + Status = PeiServicesLocatePpi ( + &Fv->FvFormat, + 0, + NULL, + (VOID**)&FvPpi + ); + if (EFI_ERROR (Status)) { + return EFI_SUCCESS; + } + + // + // This is an FV from an FFS file, and the parent FV must have already been measured, + // No need to measure twice, so just record the FV and return + // + if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) { + + if (mMeasuredChildFvIndex >= mMeasuredMaxChildFvIndex) { + mMeasuredChildFvInfo = ReallocatePool ( + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasuredMaxChildFvIndex, + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP), + mMeasuredChildFvInfo + ); + ASSERT (mMeasuredChildFvInfo != NULL); + mMeasuredMaxChildFvIndex = mMeasuredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP; + } + // + // Check whether FV is in the measured child FV list. + // + for (Index = 0; Index < mMeasuredChildFvIndex; Index++) { + if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) { + return EFI_SUCCESS; + } + } + mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo; + mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize; + mMeasuredChildFvIndex++; + return EFI_SUCCESS; + } + + return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize); +} + +/** + Do measurement after memory is ready. + + @param[in] PeiServices Describes the list of possible PEI Services. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +PeimEntryMP ( + IN EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + + // + // install Tcg Services + // + Status = PeiServicesInstallPpi (&mTcgPpiList); + ASSERT_EFI_ERROR (Status); + + if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) { + Status = MeasureCRTMVersion (); + } + + Status = MeasureMainBios (); + if (EFI_ERROR(Status)) { + return Status; + } + + // + // Post callbacks: + // for the FvInfoPpi services to measure and record + // the additional Fvs to TPM + // + Status = PeiServicesNotifyPpi (&mNotifyList[0]); + ASSERT_EFI_ERROR (Status); + + return Status; +} + +/** + Measure and log Separator event with error, and extend the measurement result into a specific PCR. + + @param[in] PCRIndex PCR index. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +MeasureSeparatorEventWithError ( + IN TPM_PCRINDEX PCRIndex + ) +{ + TCG_PCR_EVENT_HDR TcgEvent; + UINT32 EventData; + + // + // Use EventData 0x1 to indicate there is error. + // + EventData = 0x1; + TcgEvent.PCRIndex = PCRIndex; + TcgEvent.EventType = EV_SEPARATOR; + TcgEvent.EventSize = (UINT32)sizeof (EventData); + return HashLogExtendEvent(&mEdkiiTcgPpi, 0, (UINT8 *)&EventData, TcgEvent.EventSize, &TcgEvent,(UINT8 *)&EventData); +} + +/** + Entry point of this module. + + @param[in] FileHandle Handle of the file being invoked. + @param[in] PeiServices Describes the list of possible PEI Services. + + @return Status. + +**/ +EFI_STATUS +EFIAPI +PeimEntryMA ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + EFI_STATUS Status2; + EFI_BOOT_MODE BootMode; + TPM_PCRINDEX PcrIndex; + BOOLEAN S3ErrorReport; + + if (CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceNoneGuid) || + CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + DEBUG ((DEBUG_INFO, "No TPM2 instance required!\n")); + return EFI_UNSUPPORTED; + } + + if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { + DEBUG ((EFI_D_ERROR, "TPM2 error!\n")); + return EFI_DEVICE_ERROR; + } + + Status = PeiServicesGetBootMode (&BootMode); + ASSERT_EFI_ERROR (Status); + + // + // In S3 path, skip shadow logic. no measurement is required + // + if (BootMode != BOOT_ON_S3_RESUME) { + Status = (**PeiServices).RegisterForShadow(FileHandle); + if (Status == EFI_ALREADY_STARTED) { + mImageInMemory = TRUE; + mFileHandle = FileHandle; + } else if (Status == EFI_NOT_FOUND) { + ASSERT_EFI_ERROR (Status); + } + } + + if (!mImageInMemory) { + // + // Initialize TPM device + // + Status = Tpm2RequestUseTpm (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "TPM2 not detected!\n")); + goto Done; + } + + S3ErrorReport = FALSE; + if (PcdGet8 (PcdTpm2InitializationPolicy) == 1) { + if (BootMode == BOOT_ON_S3_RESUME) { + Status = Tpm2Startup (TPM_SU_STATE); + if (EFI_ERROR (Status) ) { + Status = Tpm2Startup (TPM_SU_CLEAR); + if (!EFI_ERROR(Status)) { + S3ErrorReport = TRUE; + } + } + } else { + Status = Tpm2Startup (TPM_SU_CLEAR); + } + if (EFI_ERROR (Status) ) { + goto Done; + } + } + + // + // Update Tpm2HashMask according to PCR bank. + // + SyncPcrAllocationsAndPcrMask (); + + if (S3ErrorReport) { + // + // The system firmware that resumes from S3 MUST deal with a + // TPM2_Startup error appropriately. + // For example, issue a TPM2_Startup(TPM_SU_CLEAR) command and + // configuring the device securely by taking actions like extending a + // separator with an error digest (0x01) into PCRs 0 through 7. + // + for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) { + Status = MeasureSeparatorEventWithError (PcrIndex); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Separator Event with Error not Measured. Error!\n")); + } + } + } + + // + // TpmSelfTest is optional on S3 path, skip it to save S3 time + // + if (BootMode != BOOT_ON_S3_RESUME) { + if (PcdGet8 (PcdTpm2SelfTestPolicy) == 1) { + Status = Tpm2SelfTest (NO); + if (EFI_ERROR (Status)) { + goto Done; + } + } + } + + // + // Only install TpmInitializedPpi on success + // + Status = PeiServicesInstallPpi (&mTpmInitializedPpiList); + ASSERT_EFI_ERROR (Status); + } + + if (mImageInMemory) { + Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices); + return Status; + } + +Done: + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "TPM2 error! Build Hob\n")); + BuildGuidHob (&gTpmErrorHobGuid,0); + REPORT_STATUS_CODE ( + EFI_ERROR_CODE | EFI_ERROR_MINOR, + (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + ); + } + // + // Always install TpmInitializationDonePpi no matter success or fail. + // Other driver can know TPM initialization state by TpmInitializedPpi. + // + Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList); + ASSERT_EFI_ERROR (Status2); + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf new file mode 100644 index 00000000..dc2ce364 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -0,0 +1,95 @@ +## @file +# Initializes TPM 2.0 device and measure FVs in PEI phase +# +# Spec Compliance Info: +# "TCG PC Client Platform Firmware Profile Specification for TPM Family 2.0 Level 00 Revision 1.03 v51" +# along with +# "Errata for PC Client Specific Platform Firmware Profile Specification Version 1.0 Revision 1.03" +# +# This module will initialize TPM device, measure reported FVs and BIOS version. +# +# Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2017, Microsoft Corporation. All rights reserved. <BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2Pei + MODULE_UNI_FILE = Tcg2Pei.uni + FILE_GUID = A0C98B77-CBA5-4BB8-993B-4AF6CE33ECE4 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = PeimEntryMA + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# +# [BootMode] +# S3_RESUME ## SOMETIMES_CONSUMES +# + +[Sources] + Tcg2Pei.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + HobLib + PeimEntryPoint + PeiServicesLib + BaseMemoryLib + DebugLib + Tpm2CommandLib + PeiServicesTablePointerLib + Tpm2DeviceLib + HashLib + PerformanceLib + MemoryAllocationLib + ReportStatusCodeLib + ResetSystemLib + PrintLib + +[Guids] + gTcgEventEntryHobGuid ## PRODUCES ## HOB + gTpmErrorHobGuid ## SOMETIMES_PRODUCES ## HOB + gMeasuredFvHobGuid ## PRODUCES ## HOB + gTcgEvent2EntryHobGuid ## PRODUCES ## HOB + gEfiTpmDeviceInstanceNoneGuid ## SOMETIMES_PRODUCES ## GUID # TPM device identifier + gEfiTpmDeviceInstanceTpm12Guid ## SOMETIMES_PRODUCES ## GUID # TPM device identifier + gEdkiiMigratedFvInfoGuid ## SOMETIMES_CONSUMES ## HOB + +[Ppis] + gEfiPeiFirmwareVolumeInfoPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEfiPeiFirmwareVolumeInfo2PpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## SOMETIMES_CONSUMES + gPeiTpmInitializedPpiGuid ## SOMETIMES_PRODUCES + gPeiTpmInitializationDonePpiGuid ## PRODUCES + gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEdkiiPeiFirmwareVolumeInfoPrehashedFvPpiGuid ## SOMETIMES_CONSUMES + gEdkiiTcgPpiGuid ## PRODUCES + +[Pcd] + gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdTcgPfpMeasurementRevision ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES + ## SOMETIMES_CONSUMES + ## SOMETIMES_PRODUCES + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask + +[Depex] + gEfiPeiMasterBootModePpiGuid AND + gEfiTpmDeviceSelectedGuid + +[UserExtensions.TianoCore."ExtraFiles"] + Tcg2PeiExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.uni new file mode 100644 index 00000000..bdc7beb0 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.uni @@ -0,0 +1,16 @@ +// /** @file
+// Initializes TPM 2.0 device and measure FVs in PEI phase
+//
+// This module will initialize TPM device, measure reported FVs and BIOS version.
+//
+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Initializes TPM 2.0 device and measure FVs in PEI phase"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module will initialize TPM device, measure reported FVs and BIOS version."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2PeiExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2PeiExtra.uni new file mode 100644 index 00000000..984850ee --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Pei/Tcg2PeiExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// Tcg2Pei Localized Strings and Content
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG2 (Trusted Computing Group) PEI"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c new file mode 100644 index 00000000..27143698 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.c @@ -0,0 +1,48 @@ +/** @file + Runtime DXE part corresponding to StandaloneMM Tcg2 module. + +This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of +StandaloneMM Tcg2 module. + +Copyright (c) 2019 - 2021, Arm Ltd. All rights reserved. +Copyright (c) Microsoft Corporation. + +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> + +#include <Library/DebugLib.h> +#include <Library/UefiBootServicesTableLib.h> + +/** + The constructor function installs gTcg2MmSwSmiRegisteredGuid to notify + readiness of StandaloneMM Tcg2 module. + + @param ImageHandle The firmware allocated handle for the EFI image. + @param SystemTable A pointer to the Management mode System Table. + + @retval EFI_SUCCESS The constructor always returns EFI_SUCCESS. + +**/ +EFI_STATUS +EFIAPI +Tcg2MmDependencyDxeEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + + Handle = NULL; + Status = gBS->InstallProtocolInterface ( + &Handle, + &gTcg2MmSwSmiRegisteredGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf new file mode 100644 index 00000000..e99b900f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2MmDependencyDxe.inf @@ -0,0 +1,43 @@ +## @file +# Runtime DXE part corresponding to StandaloneMM Tcg2 module. +# +# This module installs gTcg2MmSwSmiRegisteredGuid to notify readiness of +# StandaloneMM Tcg2 module. +# +# Copyright (c) Microsoft Corporation. +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x0001001A + BASE_NAME = Tcg2MmDependencyDxe + FILE_GUID = 94C210EA-3113-4563-ADEB-76FE759C2F46 + MODULE_TYPE = DXE_DRIVER + ENTRY_POINT = Tcg2MmDependencyDxeEntryPoint + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# +# + +[Sources] + Tcg2MmDependencyDxe.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + DebugLib + UefiBootServicesTableLib + UefiDriverEntryPoint + +[Guids] + gTcg2MmSwSmiRegisteredGuid ## PRODUCES ## GUID # Install protocol + +[Depex] + gEfiMmCommunication2ProtocolGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c new file mode 100644 index 00000000..5d14d3a1 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c @@ -0,0 +1,375 @@ +/** @file + It updates TPM2 items in ACPI table and registers SMI2 callback + functions for Tcg2 physical presence, ClearMemory, and sample + for dTPM StartMethod. + + Caution: This module requires additional review when modified. + This driver will have external input - variable and ACPINvs data in SMM mode. + This external input must be validated carefully to avoid security issue. + + PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Tcg2Smm.h" + +EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable = NULL; +TCG_NVS *mTcgNvs = NULL; +UINTN mPpSoftwareSmi; +UINTN mMcSoftwareSmi; +EFI_HANDLE mReadyToLockHandle; + +/** + Communication service SMI Handler entry. + + This handler takes requests to exchange Mmi channel and Nvs address between MM and DXE. + + Caution: This function may receive untrusted input. + Communicate buffer and buffer size are external input, so this function will do basic validation. + + @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister(). + @param[in] RegisterContext Points to an optional handler context which was specified when the + handler was registered. + @param[in, out] CommBuffer A pointer to a collection of data in memory that will + be conveyed from a non-SMM environment into an SMM environment. + @param[in, out] CommBufferSize The size of the CommBuffer. + + @retval EFI_SUCCESS The interrupt was handled and quiesced. No other handlers + should still be called. + @retval EFI_UNSUPPORTED An unknown test function was requested. + @retval EFI_ACCESS_DENIED Part of the communication buffer lies in an invalid region. + +**/ +EFI_STATUS +EFIAPI +TpmNvsCommunciate ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *RegisterContext, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize + ) +{ + EFI_STATUS Status; + UINTN TempCommBufferSize; + TPM_NVS_MM_COMM_BUFFER *CommParams; + + DEBUG ((DEBUG_VERBOSE, "%a()\n", __FUNCTION__)); + + // + // If input is invalid, stop processing this SMI + // + if (CommBuffer == NULL || CommBufferSize == NULL) { + return EFI_SUCCESS; + } + + TempCommBufferSize = *CommBufferSize; + + if(TempCommBufferSize != sizeof (TPM_NVS_MM_COMM_BUFFER)) { + DEBUG ((DEBUG_ERROR, "[%a] MM Communication buffer size is invalid for this handler!\n", __FUNCTION__)); + return EFI_ACCESS_DENIED; + } + if (!IsBufferOutsideMmValid ((UINTN) CommBuffer, TempCommBufferSize)) { + DEBUG ((DEBUG_ERROR, "[%a] - MM Communication buffer in invalid location!\n", __FUNCTION__)); + return EFI_ACCESS_DENIED; + } + + // + // Farm out the job to individual functions based on what was requested. + // + CommParams = (TPM_NVS_MM_COMM_BUFFER*) CommBuffer; + Status = EFI_SUCCESS; + switch (CommParams->Function) { + case TpmNvsMmExchangeInfo: + DEBUG ((DEBUG_VERBOSE, "[%a] - Function requested: MM_EXCHANGE_NVS_INFO\n", __FUNCTION__)); + CommParams->RegisteredPpSwiValue = mPpSoftwareSmi; + CommParams->RegisteredMcSwiValue = mMcSoftwareSmi; + mTcgNvs = (TCG_NVS*) (UINTN) CommParams->TargetAddress; + break; + + default: + DEBUG ((DEBUG_INFO, "[%a] - Unknown function %d!\n", __FUNCTION__, CommParams->Function)); + Status = EFI_UNSUPPORTED; + break; + } + + CommParams->ReturnStatus = (UINT64) Status; + return EFI_SUCCESS; +} + +/** + Software SMI callback for TPM physical presence which is called from ACPI method. + + Caution: This function may receive untrusted input. + Variable and ACPINvs are external input, so this function will validate + its data structure to be valid value. + + @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister(). + @param[in] Context Points to an optional handler context which was specified when the + handler was registered. + @param[in, out] CommBuffer A pointer to a collection of data in memory that will + be conveyed from a non-SMM environment into an SMM environment. + @param[in, out] CommBufferSize The size of the CommBuffer. + + @retval EFI_SUCCESS The interrupt was handled successfully. + +**/ +EFI_STATUS +EFIAPI +PhysicalPresenceCallback ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize + ) +{ + UINT32 MostRecentRequest; + UINT32 Response; + UINT32 OperationRequest; + UINT32 RequestParameter; + + + if (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) { + mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibReturnOperationResponseToOsFunction ( + &MostRecentRequest, + &Response + ); + mTcgNvs->PhysicalPresence.LastRequest = MostRecentRequest; + mTcgNvs->PhysicalPresence.Response = Response; + return EFI_SUCCESS; + } else if ((mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) + || (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) { + + OperationRequest = mTcgNvs->PhysicalPresence.Request; + RequestParameter = mTcgNvs->PhysicalPresence.RequestParameter; + mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibSubmitRequestToPreOSFunctionEx ( + &OperationRequest, + &RequestParameter + ); + mTcgNvs->PhysicalPresence.Request = OperationRequest; + mTcgNvs->PhysicalPresence.RequestParameter = RequestParameter; + } else if (mTcgNvs->PhysicalPresence.Parameter == TCG_ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST) { + mTcgNvs->PhysicalPresence.ReturnCode = Tcg2PhysicalPresenceLibGetUserConfirmationStatusFunction (mTcgNvs->PPRequestUserConfirm); + } + + return EFI_SUCCESS; +} + + +/** + Software SMI callback for MemoryClear which is called from ACPI method. + + Caution: This function may receive untrusted input. + Variable and ACPINvs are external input, so this function will validate + its data structure to be valid value. + + @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister(). + @param[in] Context Points to an optional handler context which was specified when the + handler was registered. + @param[in, out] CommBuffer A pointer to a collection of data in memory that will + be conveyed from a non-SMM environment into an SMM environment. + @param[in, out] CommBufferSize The size of the CommBuffer. + + @retval EFI_SUCCESS The interrupt was handled successfully. + +**/ +EFI_STATUS +EFIAPI +MemoryClearCallback ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize + ) +{ + EFI_STATUS Status; + UINTN DataSize; + UINT8 MorControl; + + mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_SUCCESS; + if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE) { + MorControl = (UINT8) mTcgNvs->MemoryClear.Request; + } else if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_PTS_CLEAR_MOR_BIT) { + DataSize = sizeof (UINT8); + Status = mSmmVariable->SmmGetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + NULL, + &DataSize, + &MorControl + ); + if (EFI_ERROR (Status)) { + mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; + DEBUG ((EFI_D_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status)); + return EFI_SUCCESS; + } + + if (MOR_CLEAR_MEMORY_VALUE (MorControl) == 0x0) { + return EFI_SUCCESS; + } + MorControl &= ~MOR_CLEAR_MEMORY_BIT_MASK; + } else { + mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; + DEBUG ((EFI_D_ERROR, "[TPM] MOR Parameter error! Parameter = %x\n", mTcgNvs->MemoryClear.Parameter)); + return EFI_SUCCESS; + } + + DataSize = sizeof (UINT8); + Status = mSmmVariable->SmmSetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &MorControl + ); + if (EFI_ERROR (Status)) { + mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; + DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status)); + } + + return EFI_SUCCESS; +} + +/** + Notification for SMM ReadyToLock protocol. + + @param[in] Protocol Points to the protocol's unique identifier. + @param[in] Interface Points to the interface instance. + @param[in] Handle The handle on which the interface was installed. + + @retval EFI_SUCCESS Notification runs successfully. + +**/ +EFI_STATUS +EFIAPI +TcgMmReadyToLock ( + IN CONST EFI_GUID *Protocol, + IN VOID *Interface, + IN EFI_HANDLE Handle +) +{ + EFI_STATUS Status; + + Status = EFI_SUCCESS; + + if (mReadyToLockHandle != NULL) { + Status = gMmst->MmiHandlerUnRegister (mReadyToLockHandle); + mReadyToLockHandle = NULL; + } + return Status; +} + +/** + The driver's common initialization routine. + + It install callbacks for TPM physical presence and MemoryClear, and locate + SMM variable to be used in the callback function. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval Others Some error occurs when executing this entry point. + +**/ +EFI_STATUS +InitializeTcgCommon ( + VOID + ) +{ + EFI_STATUS Status; + EFI_SMM_SW_DISPATCH2_PROTOCOL *SwDispatch; + EFI_SMM_SW_REGISTER_CONTEXT SwContext; + EFI_HANDLE PpSwHandle; + EFI_HANDLE McSwHandle; + EFI_HANDLE NotifyHandle; + + if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm20DtpmGuid)){ + DEBUG ((EFI_D_ERROR, "No TPM2 DTPM instance required!\n")); + return EFI_UNSUPPORTED; + } + + // Initialize variables first + mReadyToLockHandle = NULL; + SwDispatch = NULL; + PpSwHandle = NULL; + McSwHandle = NULL; + NotifyHandle = NULL; + + // Register a root handler to communicate the NVS region and SMI channel between MM and DXE + Status = gMmst->MmiHandlerRegister (TpmNvsCommunciate, &gTpmNvsMmGuid, &mReadyToLockHandle); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] Failed to register NVS communicate as root MM handler - %r!\n", __FUNCTION__, Status)); + goto Cleanup; + } + + // + // Get the Sw dispatch protocol and register SMI callback functions. + // + Status = gMmst->MmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID**)&SwDispatch); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] Failed to locate Sw dispatch protocol - %r!\n", __FUNCTION__, Status)); + goto Cleanup; + } + + SwContext.SwSmiInputValue = (UINTN) -1; + Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &PpSwHandle); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] Failed to register PP callback as SW MM handler - %r!\n", __FUNCTION__, Status)); + goto Cleanup; + } + mPpSoftwareSmi = SwContext.SwSmiInputValue; + + SwContext.SwSmiInputValue = (UINTN) -1; + Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &McSwHandle); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] Failed to register MC callback as SW MM handler - %r!\n", __FUNCTION__, Status)); + goto Cleanup; + } + mMcSoftwareSmi = SwContext.SwSmiInputValue; + + // + // Locate SmmVariableProtocol. + // + Status = gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mSmmVariable); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + // Should not happen + DEBUG ((DEBUG_ERROR, "[%a] Failed to locate SMM variable protocol - %r!\n", __FUNCTION__, Status)); + goto Cleanup; + } + + // Turn off the light before leaving the room... at least, take a remote... + Status = gMmst->MmRegisterProtocolNotify (&gEfiMmReadyToLockProtocolGuid, TcgMmReadyToLock, &NotifyHandle); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "[%a] Failed to register ready to lock notification - %r!\n", __FUNCTION__, Status)); + goto Cleanup; + } + + Tcg2NotifyMmReady (); + +Cleanup: + if (EFI_ERROR (Status)) { + // Something is whacked, clean up the mess... + if (NotifyHandle != NULL) { + gMmst->MmRegisterProtocolNotify (&gEfiMmReadyToLockProtocolGuid, NULL, &NotifyHandle); + } + if (McSwHandle != NULL && SwDispatch != NULL) { + SwDispatch->UnRegister (SwDispatch, McSwHandle); + } + if (PpSwHandle != NULL && SwDispatch != NULL) { + SwDispatch->UnRegister (SwDispatch, PpSwHandle); + } + if (mReadyToLockHandle != NULL) { + gMmst->MmiHandlerUnRegister (mReadyToLockHandle); + } + } + + return Status; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h new file mode 100644 index 00000000..8293bb49 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.h @@ -0,0 +1,87 @@ +/** @file + The header file for Tcg2 SMM driver. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG2_SMM_H__ +#define __TCG2_SMM_H__ + +#include <PiMm.h> + +#include <Guid/MemoryOverwriteControl.h> +#include <Guid/TpmInstance.h> +#include <Guid/TpmNvsMm.h> + +#include <Protocol/MmReadyToLock.h> +#include <Protocol/SmmSwDispatch2.h> +#include <Protocol/AcpiTable.h> +#include <Protocol/SmmVariable.h> +#include <Protocol/Tcg2Protocol.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/MmServicesTableLib.h> +#include <Library/Tpm2CommandLib.h> +#include <Library/Tcg2PhysicalPresenceLib.h> +#include <Library/IoLib.h> +#include <Library/PcdLib.h> +#include <Library/Tpm2DeviceLib.h> + +#include <IndustryStandard/TpmPtp.h> + +// +// The definition for TCG MOR +// +#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1 +#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2 + +// +// The return code for Memory Clear Interface Functions +// +#define MOR_REQUEST_SUCCESS 0 +#define MOR_REQUEST_GENERAL_FAILURE 1 + +/** + Notify the system that the SMM variable driver is ready. +**/ +VOID +Tcg2NotifyMmReady ( + VOID + ); + +/** + This function is an abstraction layer for implementation specific Mm buffer validation routine. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM. +**/ +BOOLEAN +IsBufferOutsideMmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ); + +/** + The driver's common initialization routine. + + It install callbacks for TPM physical presence and MemoryClear, and locate + SMM variable to be used in the callback function. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval Others Some error occurs when executing this entry point. + +**/ +EFI_STATUS +InitializeTcgCommon ( + VOID + ); + +#endif // __TCG_SMM_H__ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf new file mode 100644 index 00000000..e2870130 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.inf @@ -0,0 +1,86 @@ +## @file +# Provides ACPI methods for TPM 2.0 support +# +# Spec Compliance Info: +# "TCG ACPI Specification Version 1.2 Revision 8" +# "Physical Presence Interface Specification Version 1.30 Revision 00.52" +# along with +# "Errata Version 0.4 for TCG PC Client Platform Physical Presence Interface Specification" +# "Platform Reset Attack Mitigation Specification Version 1.00" +# TPM2.0 ACPI device object +# "TCG PC Client Platform Firmware Profile Specification for TPM Family 2.0 Level 00 Revision 1.03 v51" +# along with +# "Errata for PC Client Specific Platform Firmware Profile Specification Version 1.0 Revision 1.03" +# +# This driver implements TPM 2.0 definition block in ACPI table and +# registers SMI callback functions for Tcg2 physical presence and +# MemoryClear to handle the requests from ACPI method. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable and ACPINvs data in SMM mode. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2Smm + MODULE_UNI_FILE = Tcg2Smm.uni + FILE_GUID = 44A20657-10B8-4049-A148-ACD8812AF257 + MODULE_TYPE = DXE_SMM_DRIVER + PI_SPECIFICATION_VERSION = 0x0001000A + VERSION_STRING = 1.0 + ENTRY_POINT = InitializeTcgSmm + +[Sources] + Tcg2Smm.h + Tcg2Smm.c + Tcg2TraditionalMm.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + UefiDriverEntryPoint + MmServicesTableLib + UefiBootServicesTableLib + DebugLib + DxeServicesLib + TpmMeasurementLib + Tpm2CommandLib + Tcg2PhysicalPresenceLib + PcdLib + SmmMemLib + +[Guids] + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteControlDataGuid + + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCES ## GUID # TPM device identifier + gTcg2MmSwSmiRegisteredGuid ## PRODUCES + gTpmNvsMmGuid ## CONSUMES + +[Protocols] + gEfiSmmSwDispatch2ProtocolGuid ## CONSUMES + gEfiSmmVariableProtocolGuid ## CONSUMES + gEfiMmReadyToLockProtocolGuid ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + +[Depex] + gEfiSmmSwDispatch2ProtocolGuid AND + gEfiSmmVariableProtocolGuid AND + gEfiTcg2ProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + Tcg2SmmExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.uni new file mode 100644 index 00000000..d6e047d7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.uni @@ -0,0 +1,23 @@ +// /** @file
+// Provides ACPI methods for TPM 2.0 support
+//
+// This driver implements TPM 2.0 definition block in ACPI table and
+// registers SMI callback functions for TCG2 physical presence and
+// MemoryClear to handle the requests from ACPI method.
+//
+// Caution: This module requires additional review when modified.
+// This driver will have external input - variable and ACPINvs data in SMM mode.
+// This external input must be validated carefully to avoid security issue.
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides ACPI metholds for TPM 2.0 support"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This driver implements TPM 2.0 definition block in ACPI table and registers SMI callback functions for TCG2 physical presence and MemoryClear to handle the requests from ACPI method.\n"
+ "Caution: This module requires additional review when modified. This driver will have external input - variable and ACPINvs data in SMM mode. This external input must be validated carefully to avoid security issues."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2SmmExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2SmmExtra.uni new file mode 100644 index 00000000..37363763 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2SmmExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// Tcg2Smm Localized Strings and Content
+//
+// Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG2 (Trusted Computing Group) SMM"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c new file mode 100644 index 00000000..c194a132 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.c @@ -0,0 +1,71 @@ +/** @file + TCG2 Standalone MM driver that updates TPM2 items in ACPI table and registers + SMI2 callback functions for Tcg2 physical presence, ClearMemory, and + sample for dTPM StartMethod. + + Caution: This module requires additional review when modified. + This driver will have external input - variable and ACPINvs data in SMM mode. + This external input must be validated carefully to avoid security issue. + + PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Tcg2Smm.h" +#include <Library/StandaloneMmMemLib.h> + +/** + Notify the system that the SMM variable driver is ready. +**/ +VOID +Tcg2NotifyMmReady ( + VOID + ) +{ + // Do nothing +} + +/** + This function is an abstraction layer for implementation specific Mm buffer validation routine. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM. +**/ +BOOLEAN +IsBufferOutsideMmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return MmIsBufferOutsideMmValid (Buffer, Length); +} + +/** + The driver's entry point. + + It install callbacks for TPM physical presence and MemoryClear, and locate + SMM variable to be used in the callback function. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval Others Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +InitializeTcgStandaloneMm ( + IN EFI_HANDLE ImageHandle, + IN EFI_MM_SYSTEM_TABLE *SystemTable + ) +{ + return InitializeTcgCommon (); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf new file mode 100644 index 00000000..7dcfa88c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2StandaloneMm.inf @@ -0,0 +1,77 @@ +## @file +# Provides ACPI methods for TPM 2.0 support +# +# Spec Compliance Info: +# "TCG ACPI Specification Version 1.2 Revision 8" +# "Physical Presence Interface Specification Version 1.30 Revision 00.52" +# along with +# "Errata Version 0.4 for TCG PC Client Platform Physical Presence Interface Specification" +# "Platform Reset Attack Mitigation Specification Version 1.00" +# TPM2.0 ACPI device object +# "TCG PC Client Platform Firmware Profile Specification for TPM Family 2.0 Level 00 Revision 1.03 v51" +# along with +# "Errata for PC Client Specific Platform Firmware Profile Specification Version 1.0 Revision 1.03" +# +# This driver implements TPM 2.0 definition block in ACPI table and +# registers SMI callback functions for Tcg2 physical presence and +# MemoryClear to handle the requests from ACPI method. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable and ACPINvs data in SMM mode. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (c) 2015 - 2019, Intel Corporation. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = Tcg2StandaloneMm + FILE_GUID = D40F321F-5349-4724-B667-131670587861 + MODULE_TYPE = MM_STANDALONE + PI_SPECIFICATION_VERSION = 0x00010032 + VERSION_STRING = 1.0 + ENTRY_POINT = InitializeTcgStandaloneMm + +[Sources] + Tcg2Smm.h + Tcg2Smm.c + Tcg2StandaloneMm.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + StandaloneMmPkg/StandaloneMmPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + StandaloneMmDriverEntryPoint + MmServicesTableLib + DebugLib + Tcg2PhysicalPresenceLib + PcdLib + MemLib + +[Guids] + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteControlDataGuid + + gEfiTpmDeviceInstanceTpm20DtpmGuid ## PRODUCES ## GUID # TPM device identifier + gTpmNvsMmGuid ## CONSUMES + +[Protocols] + gEfiSmmSwDispatch2ProtocolGuid ## CONSUMES + gEfiSmmVariableProtocolGuid ## CONSUMES + gEfiMmReadyToLockProtocolGuid ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + +[Depex] + gEfiSmmSwDispatch2ProtocolGuid AND + gEfiSmmVariableProtocolGuid diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c new file mode 100644 index 00000000..f72f9c71 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/Tcg2Smm/Tcg2TraditionalMm.c @@ -0,0 +1,82 @@ +/** @file + TCG2 SMM driver that updates TPM2 items in ACPI table and registers + SMI2 callback functions for Tcg2 physical presence, ClearMemory, and + sample for dTPM StartMethod. + + Caution: This module requires additional review when modified. + This driver will have external input - variable and ACPINvs data in SMM mode. + This external input must be validated carefully to avoid security issue. + + PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation. +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "Tcg2Smm.h" +#include <Library/UefiBootServicesTableLib.h> +#include <Library/SmmMemLib.h> + +/** + Notify the system that the SMM variable driver is ready. +**/ +VOID +Tcg2NotifyMmReady ( + VOID + ) +{ + EFI_STATUS Status; + EFI_HANDLE Handle; + + Handle = NULL; + Status = gBS->InstallProtocolInterface ( + &Handle, + &gTcg2MmSwSmiRegisteredGuid, + EFI_NATIVE_INTERFACE, + NULL + ); + ASSERT_EFI_ERROR (Status); +} + +/** + This function is an abstraction layer for implementation specific Mm buffer validation routine. + + @param Buffer The buffer start address to be checked. + @param Length The buffer length to be checked. + + @retval TRUE This buffer is valid per processor architecture and not overlap with SMRAM. + @retval FALSE This buffer is not valid per processor architecture or overlap with SMRAM. +**/ +BOOLEAN +IsBufferOutsideMmValid ( + IN EFI_PHYSICAL_ADDRESS Buffer, + IN UINT64 Length + ) +{ + return SmmIsBufferOutsideSmmValid (Buffer, Length); +} + +/** + The driver's entry point. + + It install callbacks for TPM physical presence and MemoryClear, and locate + SMM variable to be used in the callback function. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval Others Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +InitializeTcgSmm ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + return InitializeTcgCommon (); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr new file mode 100644 index 00000000..d42b4c8b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfig.vfr @@ -0,0 +1,72 @@ +/** @file + VFR file used by the TCG configuration component. + +Copyright (c) 2011 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TcgConfigNvData.h" + +formset + guid = TCG_CONFIG_FORM_SET_GUID, + title = STRING_TOKEN(STR_TPM_TITLE), + help = STRING_TOKEN(STR_TPM_HELP), + classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, + + varstore TCG_CONFIGURATION, + varid = TCG_CONFIGURATION_VARSTORE_ID, + name = TCG_CONFIGURATION, + guid = TCG_CONFIG_FORM_SET_GUID; + + form formid = TCG_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_TPM_TITLE); + + subtitle text = STRING_TOKEN(STR_NULL); + + text + help = STRING_TOKEN(STR_TPM_STATE_HELP), + text = STRING_TOKEN(STR_TPM_STATE_PROMPT), + text = STRING_TOKEN(STR_TPM_STATE_CONTENT); + + subtitle text = STRING_TOKEN(STR_NULL); + + oneof varid = TCG_CONFIGURATION.TpmOperation, + questionid = KEY_TPM_ACTION, + prompt = STRING_TOKEN(STR_TPM_OPERATION), + help = STRING_TOKEN(STR_TPM_OPERATION_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + // + // Default the form to NO ACTION to allow toggling other options + // + option text = STRING_TOKEN(STR_NO_ACTION), value = PHYSICAL_PRESENCE_NO_ACTION, flags = DEFAULT; + // + // Disable (TPM_ORD_PhysicalDisable) command is not available when disabled. + // Activate/deactivate (TPM_ORD_physicalSetDeactivated) command is not available when disabled. + // + suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0; + option text = STRING_TOKEN(STR_DISABLE), value = PHYSICAL_PRESENCE_DISABLE, flags = 0; + option text = STRING_TOKEN(STR_TPM_ACTIVATE), value = PHYSICAL_PRESENCE_ACTIVATE, flags = 0; + option text = STRING_TOKEN(STR_TPM_DEACTIVATE), value = PHYSICAL_PRESENCE_DEACTIVATE, flags = 0; + option text = STRING_TOKEN(STR_TPM_DEACTIVATE_DISABLE), value = PHYSICAL_PRESENCE_DEACTIVATE_DISABLE, flags = 0; + endif + // + // Clear (TPM_ORD_ForceClear) command is not available when disabled or deactivated. + // + suppressif ideqval TCG_CONFIGURATION.TpmEnable == 0 OR + ideqval TCG_CONFIGURATION.TpmActivate == 0; + option text = STRING_TOKEN(STR_TPM_CLEAR), value = PHYSICAL_PRESENCE_CLEAR, flags = 0; + option text = STRING_TOKEN(STR_TPM_CLEAR_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE, flags = 0; + endif + + option text = STRING_TOKEN(STR_ENABLE), value = PHYSICAL_PRESENCE_ENABLE, flags = 0; + option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE, flags = 0; + option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR, flags = 0; + option text = STRING_TOKEN(STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A), value = PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE, flags = 0; + endoneof; + + subtitle text = STRING_TOKEN(STR_NULL); + + endform; + +endformset; diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c new file mode 100644 index 00000000..3733cb01 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDriver.c @@ -0,0 +1,150 @@ +/** @file + The module entry point for Tcg configuration module. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TcgConfigImpl.h" +#include <Guid/TpmInstance.h> + +/** + The entry point for Tcg configuration driver. + + @param[in] ImageHandle The image handle of the driver. + @param[in] SystemTable The system table. + + @retval EFI_ALREADY_STARTED The driver already exists in system. + @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack of resources. + @retval EFI_SUCCESS All the related protocols are installed on the driver. + @retval Others Fail to install protocols as indicated. + +**/ +EFI_STATUS +EFIAPI +TcgConfigDriverEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + TCG_CONFIG_PRIVATE_DATA *PrivateData; + EFI_TCG_PROTOCOL *TcgProtocol; + + if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + DEBUG ((EFI_D_ERROR, "No TPM12 instance required!\n")); + return EFI_UNSUPPORTED; + } + + Status = Tpm12RequestUseTpm (); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "TPM not detected!\n")); + return Status; + } + + Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol); + if (EFI_ERROR (Status)) { + TcgProtocol = NULL; + } + + Status = gBS->OpenProtocol ( + ImageHandle, + &gEfiCallerIdGuid, + NULL, + ImageHandle, + ImageHandle, + EFI_OPEN_PROTOCOL_TEST_PROTOCOL + ); + if (!EFI_ERROR (Status)) { + return EFI_ALREADY_STARTED; + } + + // + // Create a private data structure. + // + PrivateData = AllocateCopyPool (sizeof (TCG_CONFIG_PRIVATE_DATA), &mTcgConfigPrivateDateTemplate); + if (PrivateData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + PrivateData->Configuration = AllocatePool (sizeof (TCG_CONFIGURATION)); + if (PrivateData->Configuration == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ErrorExit; + } + + PrivateData->TcgProtocol = TcgProtocol; + + // + // Install TCG configuration form + // + Status = InstallTcgConfigForm (PrivateData); + if (EFI_ERROR (Status)) { + goto ErrorExit; + } + + // + // Install private GUID. + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gEfiCallerIdGuid, + PrivateData, + NULL + ); + + if (EFI_ERROR (Status)) { + goto ErrorExit; + } + + return EFI_SUCCESS; + +ErrorExit: + if (PrivateData != NULL) { + UninstallTcgConfigForm (PrivateData); + } + + return Status; +} + +/** + Unload the Tcg configuration form. + + @param[in] ImageHandle The driver's image handle. + + @retval EFI_SUCCESS The Tcg configuration form is unloaded. + @retval Others Failed to unload the form. + +**/ +EFI_STATUS +EFIAPI +TcgConfigDriverUnload ( + IN EFI_HANDLE ImageHandle + ) +{ + EFI_STATUS Status; + TCG_CONFIG_PRIVATE_DATA *PrivateData; + + Status = gBS->HandleProtocol ( + ImageHandle, + &gEfiCallerIdGuid, + (VOID **) &PrivateData + ); + if (EFI_ERROR (Status)) { + return Status; + } + + ASSERT (PrivateData->Signature == TCG_CONFIG_PRIVATE_DATA_SIGNATURE); + + gBS->UninstallMultipleProtocolInterfaces ( + ImageHandle, + &gEfiCallerIdGuid, + PrivateData, + NULL + ); + + UninstallTcgConfigForm (PrivateData); + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf new file mode 100644 index 00000000..b4dbca62 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.inf @@ -0,0 +1,77 @@ +## @file +# Provides the capability to update TPM state setup browser +# By this module, user may enable/disable/activate/deactivate/clear TPM, etc. +# +# Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TcgConfigDxe + MODULE_UNI_FILE = TcgConfigDxe.uni + FILE_GUID = 1FA4DAFE-FA5D-4d75-BEA6-5863862C520A + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = TcgConfigDriverEntryPoint + UNLOAD_IMAGE = TcgConfigDriverUnload + +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + TcgConfigDriver.c + TcgConfigImpl.c + TcgConfigImpl.h + TcgConfig.vfr + TcgConfigStrings.uni + TcgConfigNvData.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + MemoryAllocationLib + UefiLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + UefiDriverEntryPoint + UefiHiiServicesLib + DebugLib + HiiLib + PcdLib + PrintLib + Tpm12DeviceLib + +[Guids] + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + gEfiPhysicalPresenceGuid + + ## PRODUCES ## HII + ## CONSUMES ## HII + gTcgConfigFormSetGuid + gEfiTpmDeviceInstanceTpm12Guid ## CONSUMES ## GUID # TPM device identifier + +[Protocols] + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiDevicePathProtocolGuid ## PRODUCES + gEfiTcgProtocolGuid ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + +[Depex] + gEfiHiiConfigRoutingProtocolGuid AND + gEfiHiiDatabaseProtocolGuid AND + gEfiVariableArchProtocolGuid AND + gEfiVariableWriteArchProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + TcgConfigDxeExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.uni new file mode 100644 index 00000000..027b9591 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxe.uni @@ -0,0 +1,16 @@ +// /** @file
+// Provides the capability to update TPM state setup browser
+//
+// By this module, user may enable/disable/activate/deactivate/clear TPM, etc.
+//
+// Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides the capability to update TPM state setup browser"
+
+#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may enable/disable/activate/deactivate/clear TPM, etc."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxeExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxeExtra.uni new file mode 100644 index 00000000..3b26169e --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigDxeExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// TcgConfigDxe Localized Strings and Content
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG (Trusted Computing Group) Config DXE"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c new file mode 100644 index 00000000..5b1f4136 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.c @@ -0,0 +1,503 @@ +/** @file + HII Config Access protocol implementation of TCG configuration module. + +Copyright (c) 2011 - 2019, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TcgConfigImpl.h" + +CHAR16 mTcgStorageName[] = L"TCG_CONFIGURATION"; + +TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate = { + TCG_CONFIG_PRIVATE_DATA_SIGNATURE, + { + TcgExtractConfig, + TcgRouteConfig, + TcgCallback + } +}; + +HII_VENDOR_DEVICE_PATH mTcgHiiVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + TCG_CONFIG_FORM_SET_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + +/** + Get current state of TPM device. + + @param[in] TcgProtocol Point to EFI_TCG_PROTOCOL instance. + @param[out] TpmEnable Flag to indicate TPM is enabled or not. + @param[out] TpmActivate Flag to indicate TPM is activated or not. + + @retval EFI_SUCCESS State is successfully returned. + @retval EFI_DEVICE_ERROR Failed to get TPM response. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +GetTpmState ( + IN EFI_TCG_PROTOCOL *TcgProtocol, + OUT BOOLEAN *TpmEnable, OPTIONAL + OUT BOOLEAN *TpmActivate OPTIONAL + ) +{ + EFI_STATUS Status; + TPM_RSP_COMMAND_HDR *TpmRsp; + UINT32 TpmSendSize; + TPM_PERMANENT_FLAGS *TpmPermanentFlags; + UINT8 CmdBuf[64]; + + ASSERT (TcgProtocol != NULL); + + // + // Get TPM Permanent flags (TpmEnable, TpmActivate) + // + if ((TpmEnable != NULL) || (TpmActivate != NULL)) { + TpmSendSize = sizeof (TPM_RQU_COMMAND_HDR) + sizeof (UINT32) * 3; + *(UINT16*)&CmdBuf[0] = SwapBytes16 (TPM_TAG_RQU_COMMAND); + *(UINT32*)&CmdBuf[2] = SwapBytes32 (TpmSendSize); + *(UINT32*)&CmdBuf[6] = SwapBytes32 (TPM_ORD_GetCapability); + + *(UINT32*)&CmdBuf[10] = SwapBytes32 (TPM_CAP_FLAG); + *(UINT32*)&CmdBuf[14] = SwapBytes32 (sizeof (TPM_CAP_FLAG_PERMANENT)); + *(UINT32*)&CmdBuf[18] = SwapBytes32 (TPM_CAP_FLAG_PERMANENT); + + Status = TcgProtocol->PassThroughToTpm ( + TcgProtocol, + TpmSendSize, + CmdBuf, + sizeof (CmdBuf), + CmdBuf + ); + TpmRsp = (TPM_RSP_COMMAND_HDR *) &CmdBuf[0]; + if (EFI_ERROR (Status) || (TpmRsp->tag != SwapBytes16 (TPM_TAG_RSP_COMMAND)) || (TpmRsp->returnCode != 0)) { + return EFI_DEVICE_ERROR; + } + + TpmPermanentFlags = (TPM_PERMANENT_FLAGS *) &CmdBuf[sizeof (TPM_RSP_COMMAND_HDR) + sizeof (UINT32)]; + + if (TpmEnable != NULL) { + *TpmEnable = (BOOLEAN) !TpmPermanentFlags->disable; + } + + if (TpmActivate != NULL) { + *TpmActivate = (BOOLEAN) !TpmPermanentFlags->deactivated; + } + } + + return EFI_SUCCESS; +} + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Request A null-terminated Unicode string in + <ConfigRequest> format. + @param[out] Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param[out] Results A null-terminated Unicode string in + <ConfigAltResp> format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +TcgExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ) +{ + EFI_STATUS Status; + TCG_CONFIG_PRIVATE_DATA *PrivateData; + EFI_STRING ConfigRequestHdr; + EFI_STRING ConfigRequest; + BOOLEAN AllocatedRequest; + UINTN Size; + BOOLEAN TpmEnable; + BOOLEAN TpmActivate; + + if (Progress == NULL || Results == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Request; + if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gTcgConfigFormSetGuid, mTcgStorageName)) { + return EFI_NOT_FOUND; + } + + ConfigRequestHdr = NULL; + ConfigRequest = NULL; + AllocatedRequest = FALSE; + Size = 0; + + PrivateData = TCG_CONFIG_PRIVATE_DATA_FROM_THIS (This); + + // + // Convert buffer data to <ConfigResp> by helper function BlockToConfig() + // + PrivateData->Configuration->TpmOperation = PHYSICAL_PRESENCE_NO_ACTION; + + // + // Get current TPM state. + // + if (PrivateData->TcgProtocol != NULL) { + Status = GetTpmState (PrivateData->TcgProtocol, &TpmEnable, &TpmActivate); + if (EFI_ERROR (Status)) { + return Status; + } + + PrivateData->Configuration->TpmEnable = TpmEnable; + PrivateData->Configuration->TpmActivate = TpmActivate; + } + + ConfigRequest = Request; + if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) { + // + // Request has no request element, construct full request string. + // Allocate and fill a buffer large enough to hold the <ConfigHdr> template + // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator + // + ConfigRequestHdr = HiiConstructConfigHdr (&gTcgConfigFormSetGuid, mTcgStorageName, PrivateData->DriverHandle); + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); + ASSERT (ConfigRequest != NULL); + AllocatedRequest = TRUE; + UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, sizeof (TCG_CONFIGURATION)); + FreePool (ConfigRequestHdr); + } + + Status = gHiiConfigRouting->BlockToConfig ( + gHiiConfigRouting, + ConfigRequest, + (UINT8 *) PrivateData->Configuration, + sizeof (TCG_CONFIGURATION), + Results, + Progress + ); + // + // Free the allocated config request string. + // + if (AllocatedRequest) { + FreePool (ConfigRequest); + } + // + // Set Progress string to the original request string. + // + if (Request == NULL) { + *Progress = NULL; + } else if (StrStr (Request, L"OFFSET") == NULL) { + *Progress = Request + StrLen (Request); + } + + return Status; +} + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Configuration A null-terminated Unicode string in <ConfigResp> + format. + @param[out] Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +TcgRouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + TCG_CONFIGURATION TcgConfiguration; + + if (Configuration == NULL || Progress == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Configuration; + if (!HiiIsConfigHdrMatch (Configuration, &gTcgConfigFormSetGuid, mTcgStorageName)) { + return EFI_NOT_FOUND; + } + + // + // Convert <ConfigResp> to buffer data by helper function ConfigToBlock() + // + BufferSize = sizeof (TCG_CONFIGURATION); + Status = gHiiConfigRouting->ConfigToBlock ( + gHiiConfigRouting, + Configuration, + (UINT8 *) &TcgConfiguration, + &BufferSize, + Progress + ); + if (EFI_ERROR (Status)) { + return Status; + } + + return EFI_SUCCESS; +} + +/** + Save TPM request to variable space. + + @param[in] PpRequest Physical Presence request command. + + @retval EFI_SUCCESS The operation is finished successfully. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +SavePpRequest ( + IN UINT8 PpRequest + ) +{ + EFI_STATUS Status; + UINTN DataSize; + EFI_PHYSICAL_PRESENCE PpData; + + // + // Save TPM command to variable. + // + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = gRT->GetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); + if (EFI_ERROR (Status)) { + return Status; + } + + PpData.PPRequest = PpRequest; + Status = gRT->SetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &PpData + ); + if (EFI_ERROR(Status)) { + return Status; + } + + return EFI_SUCCESS; +} + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Action Specifies the type of action taken by the browser. + @param[in] QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the original + exporting driver. + @param[out] ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +TcgCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + TCG_CONFIG_PRIVATE_DATA *PrivateData; + CHAR16 State[32]; + + if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) { + return EFI_INVALID_PARAMETER; + } + + if (Action == EFI_BROWSER_ACTION_FORM_OPEN) { + if (QuestionId == KEY_TPM_ACTION) { + + PrivateData = TCG_CONFIG_PRIVATE_DATA_FROM_THIS (This); + UnicodeSPrint ( + State, + sizeof (State), + L"%s, and %s", + PrivateData->Configuration->TpmEnable ? L"Enabled" : L"Disabled", + PrivateData->Configuration->TpmActivate ? L"Activated" : L"Deactivated" + ); + HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM_STATE_CONTENT), State, NULL); + } + return EFI_SUCCESS; + } + + if ((Action != EFI_BROWSER_ACTION_CHANGED) || (QuestionId != KEY_TPM_ACTION)) { + return EFI_UNSUPPORTED; + } + + SavePpRequest (Value->u8); + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT; + + return EFI_SUCCESS; +} + +/** + This function publish the TCG configuration Form for TPM device. + + @param[in, out] PrivateData Points to TCG configuration private data. + + @retval EFI_SUCCESS HII Form is installed for this network device. + @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +InstallTcgConfigForm ( + IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + EFI_STATUS Status; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; + + DriverHandle = NULL; + ConfigAccess = &PrivateData->ConfigAccess; + Status = gBS->InstallMultipleProtocolInterfaces ( + &DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTcgHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); + if (EFI_ERROR (Status)) { + return Status; + } + + PrivateData->DriverHandle = DriverHandle; + + // + // Publish the HII package list + // + HiiHandle = HiiAddPackages ( + &gTcgConfigFormSetGuid, + DriverHandle, + TcgConfigDxeStrings, + TcgConfigBin, + NULL + ); + if (HiiHandle == NULL) { + gBS->UninstallMultipleProtocolInterfaces ( + DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTcgHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); + + return EFI_OUT_OF_RESOURCES; + } + + PrivateData->HiiHandle = HiiHandle; + + return EFI_SUCCESS; +} + +/** + This function removes TCG configuration Form. + + @param[in, out] PrivateData Points to TCG configuration private data. + +**/ +VOID +UninstallTcgConfigForm ( + IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + // + // Uninstall HII package list + // + if (PrivateData->HiiHandle != NULL) { + HiiRemovePackages (PrivateData->HiiHandle); + PrivateData->HiiHandle = NULL; + } + + // + // Uninstall HII Config Access Protocol + // + if (PrivateData->DriverHandle != NULL) { + gBS->UninstallMultipleProtocolInterfaces ( + PrivateData->DriverHandle, + &gEfiDevicePathProtocolGuid, + &mTcgHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &PrivateData->ConfigAccess, + NULL + ); + PrivateData->DriverHandle = NULL; + } + + if (PrivateData->Configuration != NULL) { + FreePool(PrivateData->Configuration); + } + FreePool (PrivateData); +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h new file mode 100644 index 00000000..d82e1821 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigImpl.h @@ -0,0 +1,188 @@ +/** @file + The header file of HII Config Access protocol implementation of TCG + configuration module. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG_CONFIG_IMPL_H__ +#define __TCG_CONFIG_IMPL_H__ + +#include <Uefi.h> + +#include <Protocol/HiiConfigAccess.h> +#include <Protocol/HiiConfigRouting.h> +#include <Protocol/TcgService.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/UefiHiiServicesLib.h> +#include <Library/UefiLib.h> +#include <Library/HiiLib.h> +#include <Library/DevicePathLib.h> +#include <Library/PcdLib.h> +#include <Library/PrintLib.h> +#include <Library/Tpm12DeviceLib.h> + +#include <Guid/MdeModuleHii.h> + +#include "TcgConfigNvData.h" + +// +// Tool generated IFR binary data and String package data +// +extern UINT8 TcgConfigBin[]; +extern UINT8 TcgConfigDxeStrings[]; + +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; + +typedef struct { + UINTN Signature; + + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + + TCG_CONFIGURATION *Configuration; + EFI_TCG_PROTOCOL *TcgProtocol; +} TCG_CONFIG_PRIVATE_DATA; + +extern TCG_CONFIG_PRIVATE_DATA mTcgConfigPrivateDateTemplate; + +#define TCG_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('T', 'C', 'G', 'D') +#define TCG_CONFIG_PRIVATE_DATA_FROM_THIS(a) CR (a, TCG_CONFIG_PRIVATE_DATA, ConfigAccess, TCG_CONFIG_PRIVATE_DATA_SIGNATURE) + + +/** + This function publish the TCG configuration Form for TPM device. + + @param[in, out] PrivateData Points to TCG configuration private data. + + @retval EFI_SUCCESS HII Form is installed for this network device. + @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +InstallTcgConfigForm ( + IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData + ); + +/** + This function removes TCG configuration Form. + + @param[in, out] PrivateData Points to TCG configuration private data. + +**/ +VOID +UninstallTcgConfigForm ( + IN OUT TCG_CONFIG_PRIVATE_DATA *PrivateData + ); + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Request A null-terminated Unicode string in + <ConfigRequest> format. + @param[out] Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param[out] Results A null-terminated Unicode string in + <ConfigAltResp> format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +TcgExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ); + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Configuration A null-terminated Unicode string in <ConfigResp> + format. + @param[out] Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +TcgRouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ); + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Action Specifies the type of action taken by the browser. + @param[in] QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the original + exporting driver. + @param[out] ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +TcgCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h new file mode 100644 index 00000000..188621fe --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigNvData.h @@ -0,0 +1,33 @@ +/** @file + Header file for NV data structure definition. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG_CONFIG_NV_DATA_H__ +#define __TCG_CONFIG_NV_DATA_H__ + +#include <Guid/HiiPlatformSetupFormset.h> +#include <Guid/PhysicalPresenceData.h> +#include <Guid/TcgConfigHii.h> + +#define TCG_CONFIGURATION_VARSTORE_ID 0x0001 +#define TCG_CONFIGURATION_FORM_ID 0x0001 + +#define KEY_TPM_ACTION 0x3000 + +#define LABEL_TCG_CONFIGURATION_TPM_OPERATION 0x0001 +#define LABEL_END 0xffff + +// +// Nv Data structure referenced by IFR +// +typedef struct { + UINT8 TpmOperation; + BOOLEAN TpmEnable; + BOOLEAN TpmActivate; +} TCG_CONFIGURATION; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigStrings.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigStrings.uni new file mode 100644 index 00000000..b5bb8998 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgConfigDxe/TcgConfigStrings.uni @@ -0,0 +1,35 @@ +/** @file
+ String definitions for TCG configuration form.
+
+Copyright (c) 2011 - 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#langdef en-US "English"
+
+#string STR_TPM_TITLE #language en-US "TCG Configuration"
+#string STR_TPM_HELP #language en-US "Press <Enter> to select TCG Setup options."
+#string STR_TPM_STATE_PROMPT #language en-US "Current TPM State"
+#string STR_TPM_STATE_HELP #language en-US "Current TPM device state: enabled or disabled; activated or deactivated."
+#string STR_TPM_STATE_CONTENT #language en-US ""
+
+#string STR_TPM_OPERATION #language en-US "TPM Operation"
+#string STR_TPM_OPERATION_HELP #language en-US "Select one of the supported operation to change TPM state."
+
+#string STR_NO_ACTION #language en-US "No Action"
+#string STR_ENABLE #language en-US "Enable"
+#string STR_DISABLE #language en-US "Disable"
+#string STR_TPM_ACTIVATE #language en-US "Activate"
+#string STR_TPM_DEACTIVATE #language en-US "Deactivate"
+#string STR_TPM_CLEAR #language en-US "Force TPM Clear"
+#string STR_TPM_ENABLE_ACTIVATE #language en-US "Enable and Activate"
+#string STR_TPM_DEACTIVATE_DISABLE #language en-US "Deactivate and Disable"
+#string STR_TPM_ENABLE_ACTIVATE_CLEAR #language en-US "Enable, Activate, and Force TPM Clear"
+#string STR_TPM_CLEAR_ENABLE_ACTIVATE #language en-US "Force TPM Clear, Enable, and Activate"
+#string STR_TPM_ENABLE_ACTIVATE_CLEAR_E_A #language en-US "Enable, Activate, Force TPM Clear, Enable, and Activate"
+
+#string STR_NULL #language en-US ""
+
+#string STR_HIDE_TPM_PROMPT #language en-US "Hide TPM"
+#string STR_HIDE_TPM_HELP #language en-US "Check to hide TPM in OS"
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxe.c new file mode 100644 index 00000000..e4341b86 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -0,0 +1,1459 @@ +/** @file + This module implements TCG EFI Protocol. + +Caution: This module requires additional review when modified. +This driver will have external input - TcgDxePassThroughToTpm +This external input must be validated carefully to avoid security issue like +buffer overflow, integer overflow. + +TcgDxePassThroughToTpm() will receive untrusted input and do basic validation. + +Copyright (c) 2005 - 2018, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiDxe.h> +#include <IndustryStandard/Tpm12.h> +#include <IndustryStandard/Acpi.h> +#include <IndustryStandard/PeImage.h> +#include <IndustryStandard/TcpaAcpi.h> + +#include <Guid/GlobalVariable.h> +#include <Guid/HobList.h> +#include <Guid/TcgEventHob.h> +#include <Guid/EventGroup.h> +#include <Guid/EventExitBootServiceFailed.h> +#include <Guid/TpmInstance.h> + +#include <Protocol/DevicePath.h> +#include <Protocol/TcgService.h> +#include <Protocol/AcpiTable.h> +#include <Protocol/MpService.h> + +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/UefiDriverEntryPoint.h> +#include <Library/HobLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/BaseLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/PrintLib.h> +#include <Library/Tpm12DeviceLib.h> +#include <Library/PcdLib.h> +#include <Library/UefiLib.h> +#include <Library/ReportStatusCodeLib.h> +#include <Library/Tpm12CommandLib.h> +#include <Library/BaseCryptLib.h> + +#define TCG_DXE_DATA_FROM_THIS(this) \ + BASE_CR (this, TCG_DXE_DATA, TcgProtocol) + +typedef struct _TCG_DXE_DATA { + EFI_TCG_PROTOCOL TcgProtocol; + TCG_EFI_BOOT_SERVICE_CAPABILITY BsCap; + EFI_TCG_CLIENT_ACPI_TABLE *TcgClientAcpiTable; + EFI_TCG_SERVER_ACPI_TABLE *TcgServerAcpiTable; + UINTN EventLogSize; + UINT8 *LastEvent; +} TCG_DXE_DATA; + + + +EFI_TCG_CLIENT_ACPI_TABLE mTcgClientAcpiTemplate = { + { + EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE, + sizeof (mTcgClientAcpiTemplate), + 0x02 //Revision + // + // Compiler initializes the remaining bytes to 0 + // These fields should be filled in in production + // + }, + 0, // 0 for PC Client Platform Class + 0, // Log Area Max Length + (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1) // Log Area Start Address +}; + +// +// The following EFI_TCG_SERVER_ACPI_TABLE default setting is just one example, +// the TPM device connects to LPC, and also defined the ACPI _UID as 0xFF, +// this _UID can be changed and should match with the _UID setting of the TPM +// ACPI device object +// +EFI_TCG_SERVER_ACPI_TABLE mTcgServerAcpiTemplate = { + { + EFI_ACPI_3_0_TRUSTED_COMPUTING_PLATFORM_ALLIANCE_CAPABILITIES_TABLE_SIGNATURE, + sizeof (mTcgServerAcpiTemplate), + 0x02 //Revision + // + // Compiler initializes the remaining bytes to 0 + // These fields should be filled in in production + // + }, + 1, // 1 for Server Platform Class + 0, // Reserved + 0, // Log Area Max Length + (EFI_PHYSICAL_ADDRESS) (SIZE_4GB - 1), // Log Area Start Address + 0x0120, // TCG Specification revision 1.2 + 0, // Device Flags + 0, // Interrupt Flags + 0, // GPE + {0}, // Reserved 3 bytes + 0, // Global System Interrupt + { + EFI_ACPI_3_0_SYSTEM_MEMORY, + 0, + 0, + EFI_ACPI_3_0_BYTE, + 0 // Base Address + }, + 0, // Reserved + {0}, // Configuration Address + 0xFF, // ACPI _UID value of the device, can be changed for different platforms + 0, // ACPI _UID value of the device, can be changed for different platforms + 0, // ACPI _UID value of the device, can be changed for different platforms + 0 // ACPI _UID value of the device, can be changed for different platforms +}; + +UINTN mBootAttempts = 0; +CHAR16 mBootVarName[] = L"BootOrder"; + +/** + Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function + Caller is responsible to free LocationBuf. + + @param[out] LocationBuf Returns Processor Location Buffer. + @param[out] Num Returns processor number. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED MpService protocol not found. + +**/ +EFI_STATUS +GetProcessorsCpuLocation ( + OUT EFI_CPU_PHYSICAL_LOCATION **LocationBuf, + OUT UINTN *Num + ) +{ + EFI_STATUS Status; + EFI_MP_SERVICES_PROTOCOL *MpProtocol; + UINTN ProcessorNum; + UINTN EnabledProcessorNum; + EFI_PROCESSOR_INFORMATION ProcessorInfo; + EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; + UINTN Index; + + Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **) &MpProtocol); + if (EFI_ERROR (Status)) { + // + // MP protocol is not installed + // + return EFI_UNSUPPORTED; + } + + Status = MpProtocol->GetNumberOfProcessors( + MpProtocol, + &ProcessorNum, + &EnabledProcessorNum + ); + if (EFI_ERROR(Status)){ + return Status; + } + + Status = gBS->AllocatePool( + EfiBootServicesData, + sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, + (VOID **) &ProcessorLocBuf + ); + if (EFI_ERROR(Status)){ + return Status; + } + + // + // Get each processor Location info + // + for (Index = 0; Index < ProcessorNum; Index++) { + Status = MpProtocol->GetProcessorInfo( + MpProtocol, + Index, + &ProcessorInfo + ); + if (EFI_ERROR(Status)){ + FreePool(ProcessorLocBuf); + return Status; + } + + // + // Get all Processor Location info & measure + // + CopyMem( + &ProcessorLocBuf[Index], + &ProcessorInfo.Location, + sizeof(EFI_CPU_PHYSICAL_LOCATION) + ); + } + + *LocationBuf = ProcessorLocBuf; + *Num = ProcessorNum; + + return Status; +} + +/** + This service provides EFI protocol capability information, state information + about the TPM, and Event Log state information. + + @param[in] This Indicates the calling context + @param[out] ProtocolCapability The callee allocates memory for a TCG_BOOT_SERVICE_CAPABILITY + structure and fills in the fields with the EFI protocol + capability information and the current TPM state information. + @param[out] TCGFeatureFlags This is a pointer to the feature flags. No feature + flags are currently defined so this parameter + MUST be set to 0. However, in the future, + feature flags may be defined that, for example, + enable hash algorithm agility. + @param[out] EventLogLocation This is a pointer to the address of the event log in memory. + @param[out] EventLogLastEntry If the Event Log contains more than one entry, + this is a pointer to the address of the start of + the last entry in the event log in memory. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_INVALID_PARAMETER ProtocolCapability does not match TCG capability. + +**/ +EFI_STATUS +EFIAPI +TcgDxeStatusCheck ( + IN EFI_TCG_PROTOCOL *This, + OUT TCG_EFI_BOOT_SERVICE_CAPABILITY *ProtocolCapability, + OUT UINT32 *TCGFeatureFlags, + OUT EFI_PHYSICAL_ADDRESS *EventLogLocation, + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry + ) +{ + TCG_DXE_DATA *TcgData; + + TcgData = TCG_DXE_DATA_FROM_THIS (This); + + if (ProtocolCapability != NULL) { + *ProtocolCapability = TcgData->BsCap; + } + + if (TCGFeatureFlags != NULL) { + *TCGFeatureFlags = 0; + } + + if (EventLogLocation != NULL) { + if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) { + *EventLogLocation = TcgData->TcgClientAcpiTable->Lasa; + } else { + *EventLogLocation = TcgData->TcgServerAcpiTable->Lasa; + } + } + + if (EventLogLastEntry != NULL) { + if (TcgData->BsCap.TPMDeactivatedFlag || (!TcgData->BsCap.TPMPresentFlag)) { + *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)0; + } else { + *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN)TcgData->LastEvent; + } + } + + return EFI_SUCCESS; +} + +/** +Single function calculates SHA1 digest value for all raw data. It +combines Sha1Init(), Sha1Update() and Sha1Final(). + +@param[in] Data Raw data to be digested. +@param[in] DataLen Size of the raw data. +@param[out] Digest Pointer to a buffer that stores the final digest. + +@retval EFI_SUCCESS Always successfully calculate the final digest. +**/ +EFI_STATUS +EFIAPI +TpmCommHashAll ( + IN CONST UINT8 *Data, + IN UINTN DataLen, + OUT TPM_DIGEST *Digest + ) +{ + VOID *Sha1Ctx; + UINTN CtxSize; + + CtxSize = Sha1GetContextSize (); + Sha1Ctx = AllocatePool (CtxSize); + ASSERT (Sha1Ctx != NULL); + + Sha1Init (Sha1Ctx); + Sha1Update (Sha1Ctx, Data, DataLen); + Sha1Final (Sha1Ctx, (UINT8 *)Digest); + + FreePool (Sha1Ctx); + + return EFI_SUCCESS; +} + +/** + This service abstracts the capability to do a hash operation on a data buffer. + + @param[in] This Indicates the calling context + @param[in] HashData Pointer to the data buffer to be hashed + @param[in] HashDataLen Length of the data buffer to be hashed + @param[in] AlgorithmId Identification of the Algorithm to use for the hashing operation + @param[in, out] HashedDataLen Resultant length of the hashed data + @param[in, out] HashedDataResult Resultant buffer of the hashed data + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_INVALID_PARAMETER HashDataLen is NULL. + @retval EFI_INVALID_PARAMETER HashDataLenResult is NULL. + @retval EFI_OUT_OF_RESOURCES Cannot allocate buffer of size *HashedDataLen. + @retval EFI_UNSUPPORTED AlgorithmId not supported. + @retval EFI_BUFFER_TOO_SMALL *HashedDataLen < sizeof (TCG_DIGEST). + +**/ +EFI_STATUS +EFIAPI +TcgDxeHashAll ( + IN EFI_TCG_PROTOCOL *This, + IN UINT8 *HashData, + IN UINT64 HashDataLen, + IN TCG_ALGORITHM_ID AlgorithmId, + IN OUT UINT64 *HashedDataLen, + IN OUT UINT8 **HashedDataResult + ) +{ + if (HashedDataLen == NULL || HashedDataResult == NULL) { + return EFI_INVALID_PARAMETER; + } + + switch (AlgorithmId) { + case TPM_ALG_SHA: + if (*HashedDataLen == 0) { + *HashedDataLen = sizeof (TPM_DIGEST); + *HashedDataResult = AllocatePool ((UINTN) *HashedDataLen); + if (*HashedDataResult == NULL) { + return EFI_OUT_OF_RESOURCES; + } + } + + if (*HashedDataLen < sizeof (TPM_DIGEST)) { + *HashedDataLen = sizeof (TPM_DIGEST); + return EFI_BUFFER_TOO_SMALL; + } + *HashedDataLen = sizeof (TPM_DIGEST); + + if (*HashedDataResult == NULL) { + *HashedDataResult = AllocatePool ((UINTN) *HashedDataLen); + } + + return TpmCommHashAll ( + HashData, + (UINTN) HashDataLen, + (TPM_DIGEST*)*HashedDataResult + ); + default: + return EFI_UNSUPPORTED; + } +} + +/** +Add a new entry to the Event Log. + +@param[in, out] EventLogPtr Pointer to the Event Log data. +@param[in, out] LogSize Size of the Event Log. +@param[in] MaxSize Maximum size of the Event Log. +@param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. +@param[in] NewEventData Pointer to the new event data. + +@retval EFI_SUCCESS The new event log entry was added. +@retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + +**/ +EFI_STATUS +TpmCommLogEvent ( + IN OUT UINT8 **EventLogPtr, + IN OUT UINTN *LogSize, + IN UINTN MaxSize, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ) +{ + UINTN NewLogSize; + + // + // Prevent Event Overflow + // + if ((UINTN) NewEventHdr->EventSize > MAX_UINTN - sizeof (*NewEventHdr)) { + return EFI_OUT_OF_RESOURCES; + } + + NewLogSize = sizeof (*NewEventHdr) + NewEventHdr->EventSize; + if (NewLogSize > MaxSize - *LogSize) { + return EFI_OUT_OF_RESOURCES; + } + + *EventLogPtr += *LogSize; + *LogSize += NewLogSize; + CopyMem (*EventLogPtr, NewEventHdr, sizeof (*NewEventHdr)); + CopyMem ( + *EventLogPtr + sizeof (*NewEventHdr), + NewEventData, + NewEventHdr->EventSize + ); + return EFI_SUCCESS; +} + +/** + Add a new entry to the Event Log. + + @param[in] TcgData TCG_DXE_DATA structure. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS The new event log entry was added. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + +**/ +EFI_STATUS +EFIAPI +TcgDxeLogEventI ( + IN TCG_DXE_DATA *TcgData, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ) +{ + if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) { + TcgData->LastEvent = (UINT8*)(UINTN)TcgData->TcgClientAcpiTable->Lasa; + return TpmCommLogEvent ( + &TcgData->LastEvent, + &TcgData->EventLogSize, + (UINTN)TcgData->TcgClientAcpiTable->Laml, + NewEventHdr, + NewEventData + ); + } else { + TcgData->LastEvent = (UINT8*)(UINTN)TcgData->TcgServerAcpiTable->Lasa; + return TpmCommLogEvent ( + &TcgData->LastEvent, + &TcgData->EventLogSize, + (UINTN)TcgData->TcgServerAcpiTable->Laml, + NewEventHdr, + NewEventData + ); + } +} + +/** + This service abstracts the capability to add an entry to the Event Log. + + @param[in] This Indicates the calling context + @param[in] TCGLogData Pointer to the start of the data buffer containing + the TCG_PCR_EVENT data structure. All fields in + this structure are properly filled by the caller. + @param[in, out] EventNumber The event number of the event just logged + @param[in] Flags Indicate additional flags. Only one flag has been + defined at this time, which is 0x01 and means the + extend operation should not be performed. All + other bits are reserved. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Insufficient memory in the event log to complete this action. + +**/ +EFI_STATUS +EFIAPI +TcgDxeLogEvent ( + IN EFI_TCG_PROTOCOL *This, + IN TCG_PCR_EVENT *TCGLogData, + IN OUT UINT32 *EventNumber, + IN UINT32 Flags + ) +{ + TCG_DXE_DATA *TcgData; + + if (TCGLogData == NULL){ + return EFI_INVALID_PARAMETER; + } + + TcgData = TCG_DXE_DATA_FROM_THIS (This); + + if (TcgData->BsCap.TPMDeactivatedFlag || (!TcgData->BsCap.TPMPresentFlag)) { + return EFI_DEVICE_ERROR; + } + return TcgDxeLogEventI ( + TcgData, + (TCG_PCR_EVENT_HDR*)TCGLogData, + TCGLogData->Event + ); +} + +/** + This service is a proxy for commands to the TPM. + + @param[in] This Indicates the calling context + @param[in] TpmInputParameterBlockSize Size of the TPM input parameter block + @param[in] TpmInputParameterBlock Pointer to the TPM input parameter block + @param[in] TpmOutputParameterBlockSize Size of the TPM output parameter block + @param[in] TpmOutputParameterBlock Pointer to the TPM output parameter block + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_INVALID_PARAMETER Invalid ordinal. + @retval EFI_UNSUPPORTED Current Task Priority Level >= EFI_TPL_CALLBACK. + @retval EFI_TIMEOUT The TIS timed-out. + +**/ +EFI_STATUS +EFIAPI +TcgDxePassThroughToTpm ( + IN EFI_TCG_PROTOCOL *This, + IN UINT32 TpmInputParameterBlockSize, + IN UINT8 *TpmInputParameterBlock, + IN UINT32 TpmOutputParameterBlockSize, + IN UINT8 *TpmOutputParameterBlock + ) +{ + if (TpmInputParameterBlock == NULL || + TpmOutputParameterBlock == NULL || + TpmInputParameterBlockSize == 0 || + TpmOutputParameterBlockSize == 0) { + return EFI_INVALID_PARAMETER; + } + + return Tpm12SubmitCommand ( + TpmInputParameterBlockSize, + TpmInputParameterBlock, + &TpmOutputParameterBlockSize, + TpmOutputParameterBlock + ); +} + +/** + Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, + and add an entry to the Event Log. + + @param[in] TcgData TCG_DXE_DATA structure. + @param[in] HashData Physical address of the start of the data buffer + to be hashed, extended, and logged. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData + @param[in, out] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +TcgDxeHashLogExtendEventI ( + IN TCG_DXE_DATA *TcgData, + IN UINT8 *HashData, + IN UINT64 HashDataLen, + IN OUT TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ) +{ + EFI_STATUS Status; + + if (!TcgData->BsCap.TPMPresentFlag) { + return EFI_DEVICE_ERROR; + } + + if (HashDataLen > 0 || HashData != NULL) { + Status = TpmCommHashAll ( + HashData, + (UINTN) HashDataLen, + &NewEventHdr->Digest + ); + if (EFI_ERROR(Status)) { + DEBUG ((DEBUG_ERROR, "TpmCommHashAll Failed. %x\n", Status)); + goto Done; + } + } + + Status = Tpm12Extend ( + &NewEventHdr->Digest, + NewEventHdr->PCRIndex, + NULL + ); + if (!EFI_ERROR (Status)) { + Status = TcgDxeLogEventI (TcgData, NewEventHdr, NewEventData); + } + +Done: + if ((Status == EFI_DEVICE_ERROR) || (Status == EFI_TIMEOUT)) { + DEBUG ((EFI_D_ERROR, "TcgDxeHashLogExtendEventI - %r. Disable TPM.\n", Status)); + TcgData->BsCap.TPMPresentFlag = FALSE; + REPORT_STATUS_CODE ( + EFI_ERROR_CODE | EFI_ERROR_MINOR, + (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + ); + Status = EFI_DEVICE_ERROR; + } + + return Status; +} + +/** + This service abstracts the capability to do a hash operation on a data buffer, + extend a specific TPM PCR with the hash result, and add an entry to the Event Log + + @param[in] This Indicates the calling context + @param[in] HashData Physical address of the start of the data buffer + to be hashed, extended, and logged. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData + @param[in] AlgorithmId Identification of the Algorithm to use for the hashing operation + @param[in, out] TCGLogData The physical address of the start of the data + buffer containing the TCG_PCR_EVENT data structure. + @param[in, out] EventNumber The event number of the event just logged. + @param[out] EventLogLastEntry Physical address of the first byte of the entry + just placed in the Event Log. If the Event Log was + empty when this function was called then this physical + address will be the same as the physical address of + the start of the Event Log. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_UNSUPPORTED AlgorithmId != TPM_ALG_SHA. + @retval EFI_UNSUPPORTED Current TPL >= EFI_TPL_CALLBACK. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +TcgDxeHashLogExtendEvent ( + IN EFI_TCG_PROTOCOL *This, + IN EFI_PHYSICAL_ADDRESS HashData, + IN UINT64 HashDataLen, + IN TPM_ALGORITHM_ID AlgorithmId, + IN OUT TCG_PCR_EVENT *TCGLogData, + IN OUT UINT32 *EventNumber, + OUT EFI_PHYSICAL_ADDRESS *EventLogLastEntry + ) +{ + TCG_DXE_DATA *TcgData; + EFI_STATUS Status; + + if (TCGLogData == NULL || EventLogLastEntry == NULL){ + return EFI_INVALID_PARAMETER; + } + + TcgData = TCG_DXE_DATA_FROM_THIS (This); + + if (TcgData->BsCap.TPMDeactivatedFlag || (!TcgData->BsCap.TPMPresentFlag)) { + return EFI_DEVICE_ERROR; + } + + if (AlgorithmId != TPM_ALG_SHA) { + return EFI_UNSUPPORTED; + } + + if (HashData == 0 && HashDataLen > 0) { + return EFI_INVALID_PARAMETER; + } + + Status = TcgDxeHashLogExtendEventI ( + TcgData, + (UINT8 *) (UINTN) HashData, + HashDataLen, + (TCG_PCR_EVENT_HDR*)TCGLogData, + TCGLogData->Event + ); + + if (!EFI_ERROR(Status)){ + *EventLogLastEntry = (EFI_PHYSICAL_ADDRESS)(UINTN) TcgData->LastEvent; + } + + return Status; +} + +TCG_DXE_DATA mTcgDxeData = { + { + TcgDxeStatusCheck, + TcgDxeHashAll, + TcgDxeLogEvent, + TcgDxePassThroughToTpm, + TcgDxeHashLogExtendEvent + }, + { + sizeof (mTcgDxeData.BsCap), + { 1, 2, 0, 0 }, + { 1, 2, 0, 0 }, + 1, + TRUE, + FALSE + }, + &mTcgClientAcpiTemplate, + &mTcgServerAcpiTemplate, + 0, + NULL +}; + +/** + Initialize the Event Log and log events passed from the PEI phase. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + +**/ +EFI_STATUS +EFIAPI +SetupEventLog ( + VOID + ) +{ + EFI_STATUS Status; + TCG_PCR_EVENT *TcgEvent; + EFI_PEI_HOB_POINTERS GuidHob; + EFI_PHYSICAL_ADDRESS Lasa; + + if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) { + Lasa = mTcgClientAcpiTemplate.Lasa; + + Status = gBS->AllocatePages ( + AllocateMaxAddress, + EfiACPIMemoryNVS, + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), + &Lasa + ); + if (EFI_ERROR (Status)) { + return Status; + } + mTcgClientAcpiTemplate.Lasa = Lasa; + // + // To initialize them as 0xFF is recommended + // because the OS can know the last entry for that. + // + SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); + mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); + + } else { + Lasa = mTcgServerAcpiTemplate.Lasa; + + Status = gBS->AllocatePages ( + AllocateMaxAddress, + EfiACPIMemoryNVS, + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), + &Lasa + ); + if (EFI_ERROR (Status)) { + return Status; + } + mTcgServerAcpiTemplate.Lasa = Lasa; + // + // To initialize them as 0xFF is recommended + // because the OS can know the last entry for that. + // + SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); + mTcgServerAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); + } + + GuidHob.Raw = GetHobList (); + while (!EFI_ERROR (Status) && + (GuidHob.Raw = GetNextGuidHob (&gTcgEventEntryHobGuid, GuidHob.Raw)) != NULL) { + TcgEvent = GET_GUID_HOB_DATA (GuidHob.Guid); + GuidHob.Raw = GET_NEXT_HOB (GuidHob); + Status = TcgDxeLogEventI ( + &mTcgDxeData, + (TCG_PCR_EVENT_HDR*)TcgEvent, + TcgEvent->Event + ); + } + + return Status; +} + +/** + Measure and log an action string, and extend the measurement result into PCR[5]. + + @param[in] String A specific string that indicates an Action event. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +TcgMeasureAction ( + IN CHAR8 *String + ) +{ + TCG_PCR_EVENT_HDR TcgEvent; + + TcgEvent.PCRIndex = 5; + TcgEvent.EventType = EV_EFI_ACTION; + TcgEvent.EventSize = (UINT32)AsciiStrLen (String); + return TcgDxeHashLogExtendEventI ( + &mTcgDxeData, + (UINT8*)String, + TcgEvent.EventSize, + &TcgEvent, + (UINT8 *) String + ); +} + +/** + Measure and log EFI handoff tables, and extend the measurement result into PCR[1]. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureHandoffTables ( + VOID + ) +{ + EFI_STATUS Status; + TCG_PCR_EVENT_HDR TcgEvent; + EFI_HANDOFF_TABLE_POINTERS HandoffTables; + UINTN ProcessorNum; + EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; + + ProcessorLocBuf = NULL; + Status = EFI_SUCCESS; + + if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) { + // + // Tcg Server spec. + // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1] + // + Status = GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum); + + if (!EFI_ERROR(Status)){ + TcgEvent.PCRIndex = 1; + TcgEvent.EventType = EV_TABLE_OF_DEVICES; + TcgEvent.EventSize = sizeof (HandoffTables); + + HandoffTables.NumberOfTables = 1; + HandoffTables.TableEntry[0].VendorGuid = gEfiMpServiceProtocolGuid; + HandoffTables.TableEntry[0].VendorTable = ProcessorLocBuf; + + Status = TcgDxeHashLogExtendEventI ( + &mTcgDxeData, + (UINT8*)(UINTN)ProcessorLocBuf, + sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum, + &TcgEvent, + (UINT8*)&HandoffTables + ); + + FreePool(ProcessorLocBuf); + } + } + + return Status; +} + +/** + Measure and log Separator event, and extend the measurement result into a specific PCR. + + @param[in] PCRIndex PCR index. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureSeparatorEvent ( + IN TPM_PCRINDEX PCRIndex + ) +{ + TCG_PCR_EVENT_HDR TcgEvent; + UINT32 EventData; + + EventData = 0; + TcgEvent.PCRIndex = PCRIndex; + TcgEvent.EventType = EV_SEPARATOR; + TcgEvent.EventSize = (UINT32)sizeof (EventData); + return TcgDxeHashLogExtendEventI ( + &mTcgDxeData, + (UINT8 *)&EventData, + sizeof (EventData), + &TcgEvent, + (UINT8 *)&EventData + ); +} + +/** + Read an EFI Variable. + + This function allocates a buffer to return the contents of the variable. The caller is + responsible for freeing the buffer. + + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[out] VarSize The size of the variable data. + + @return A pointer to the buffer to return the contents of the variable.Otherwise NULL. + +**/ +VOID * +EFIAPI +ReadVariable ( + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + OUT UINTN *VarSize + ) +{ + EFI_STATUS Status; + VOID *VarData; + + *VarSize = 0; + Status = gRT->GetVariable ( + VarName, + VendorGuid, + NULL, + VarSize, + NULL + ); + if (Status != EFI_BUFFER_TOO_SMALL) { + return NULL; + } + + VarData = AllocatePool (*VarSize); + if (VarData != NULL) { + Status = gRT->GetVariable ( + VarName, + VendorGuid, + NULL, + VarSize, + VarData + ); + if (EFI_ERROR (Status)) { + FreePool (VarData); + VarData = NULL; + *VarSize = 0; + } + } + return VarData; +} + +/** + Measure and log an EFI variable, and extend the measurement result into a specific PCR. + + @param[in] PCRIndex PCR Index. + @param[in] EventType Event type. + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] VarData The content of the variable data. + @param[in] VarSize The size of the variable data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureVariable ( + IN TPM_PCRINDEX PCRIndex, + IN TCG_EVENTTYPE EventType, + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + IN VOID *VarData, + IN UINTN VarSize + ) +{ + EFI_STATUS Status; + TCG_PCR_EVENT_HDR TcgEvent; + UINTN VarNameLength; + EFI_VARIABLE_DATA *VarLog; + + VarNameLength = StrLen (VarName); + TcgEvent.PCRIndex = PCRIndex; + TcgEvent.EventType = EventType; + TcgEvent.EventSize = (UINT32)(sizeof (*VarLog) + VarNameLength * sizeof (*VarName) + VarSize + - sizeof (VarLog->UnicodeName) - sizeof (VarLog->VariableData)); + + VarLog = (EFI_VARIABLE_DATA*)AllocatePool (TcgEvent.EventSize); + if (VarLog == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + VarLog->VariableName = *VendorGuid; + VarLog->UnicodeNameLength = VarNameLength; + VarLog->VariableDataLength = VarSize; + CopyMem ( + VarLog->UnicodeName, + VarName, + VarNameLength * sizeof (*VarName) + ); + CopyMem ( + (CHAR16 *)VarLog->UnicodeName + VarNameLength, + VarData, + VarSize + ); + + Status = TcgDxeHashLogExtendEventI ( + &mTcgDxeData, + (UINT8*)VarLog, + TcgEvent.EventSize, + &TcgEvent, + (UINT8*)VarLog + ); + FreePool (VarLog); + return Status; +} + +/** + Read then Measure and log an EFI boot variable, and extend the measurement result into PCR[5]. + + @param[in] VarName A Null-terminated string that is the name of the vendor's variable. + @param[in] VendorGuid A unique identifier for the vendor. + @param[out] VarSize The size of the variable data. + @param[out] VarData Pointer to the content of the variable. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +ReadAndMeasureBootVariable ( + IN CHAR16 *VarName, + IN EFI_GUID *VendorGuid, + OUT UINTN *VarSize, + OUT VOID **VarData + ) +{ + EFI_STATUS Status; + + *VarData = ReadVariable (VarName, VendorGuid, VarSize); + if (*VarData == NULL) { + return EFI_NOT_FOUND; + } + + Status = MeasureVariable ( + 5, + EV_EFI_VARIABLE_BOOT, + VarName, + VendorGuid, + *VarData, + *VarSize + ); + return Status; +} + +/** + Measure and log all EFI boot variables, and extend the measurement result into a specific PCR. + + The EFI boot variables are BootOrder and Boot#### variables. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureAllBootVariables ( + VOID + ) +{ + EFI_STATUS Status; + UINT16 *BootOrder; + UINTN BootCount; + UINTN Index; + VOID *BootVarData; + UINTN Size; + + Status = ReadAndMeasureBootVariable ( + mBootVarName, + &gEfiGlobalVariableGuid, + &BootCount, + (VOID **) &BootOrder + ); + if (Status == EFI_NOT_FOUND || BootOrder == NULL) { + return EFI_SUCCESS; + } + + if (EFI_ERROR (Status)) { + // + // BootOrder can't be NULL if status is not EFI_NOT_FOUND + // + FreePool (BootOrder); + return Status; + } + + BootCount /= sizeof (*BootOrder); + for (Index = 0; Index < BootCount; Index++) { + UnicodeSPrint (mBootVarName, sizeof (mBootVarName), L"Boot%04x", BootOrder[Index]); + Status = ReadAndMeasureBootVariable ( + mBootVarName, + &gEfiGlobalVariableGuid, + &Size, + &BootVarData + ); + if (!EFI_ERROR (Status)) { + FreePool (BootVarData); + } + } + + FreePool (BootOrder); + return EFI_SUCCESS; +} + +/** + Ready to Boot Event notification handler. + + Sequence of OS boot events is measured in this event notification handler. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context + +**/ +VOID +EFIAPI +OnReadyToBoot ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + TPM_PCRINDEX PcrIndex; + + if (mBootAttempts == 0) { + + // + // Measure handoff tables. + // + Status = MeasureHandoffTables (); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "HOBs not Measured. Error!\n")); + } + + // + // Measure BootOrder & Boot#### variables. + // + Status = MeasureAllBootVariables (); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Boot Variables not Measured. Error!\n")); + } + + // + // 1. This is the first boot attempt. + // + Status = TcgMeasureAction ( + EFI_CALLING_EFI_APPLICATION + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_CALLING_EFI_APPLICATION)); + } + + // + // 2. Draw a line between pre-boot env and entering post-boot env. + // + for (PcrIndex = 0; PcrIndex < 8; PcrIndex++) { + Status = MeasureSeparatorEvent (PcrIndex); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Separator Event not Measured. Error!\n")); + } + } + + // + // 3. Measure GPT. It would be done in SAP driver. + // + + // + // 4. Measure PE/COFF OS loader. It would be done in SAP driver. + // + + // + // 5. Read & Measure variable. BootOrder already measured. + // + } else { + // + // 6. Not first attempt, meaning a return from last attempt + // + Status = TcgMeasureAction ( + EFI_RETURNING_FROM_EFI_APPLICATION + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_RETURNING_FROM_EFI_APPLICATION)); + } + } + + DEBUG ((EFI_D_INFO, "TPM TcgDxe Measure Data when ReadyToBoot\n")); + // + // Increase boot attempt counter. + // + mBootAttempts++; +} + +/** + Install TCG ACPI Table when ACPI Table Protocol is available. + + A system's firmware uses an ACPI table to identify the system's TCG capabilities + to the Post-Boot environment. The information in this ACPI table is not guaranteed + to be valid until the Host Platform transitions from pre-boot state to post-boot state. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context +**/ +VOID +EFIAPI +InstallAcpiTable ( + IN EFI_EVENT Event, + IN VOID* Context + ) +{ + UINTN TableKey; + EFI_STATUS Status; + EFI_ACPI_TABLE_PROTOCOL *AcpiTable; + UINT8 Checksum; + UINT64 OemTableId; + + Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **)&AcpiTable); + if (EFI_ERROR (Status)) { + return; + } + + if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) { + CopyMem (mTcgClientAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTcgClientAcpiTemplate.Header.OemId)); + OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId); + CopyMem (&mTcgClientAcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64)); + mTcgClientAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision); + mTcgClientAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); + mTcgClientAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); + // + // The ACPI table must be checksummed before calling the InstallAcpiTable() + // service of the ACPI table protocol to install it. + // + Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgClientAcpiTemplate, sizeof (mTcgClientAcpiTemplate)); + mTcgClientAcpiTemplate.Header.Checksum = Checksum; + + Status = AcpiTable->InstallAcpiTable ( + AcpiTable, + &mTcgClientAcpiTemplate, + sizeof (mTcgClientAcpiTemplate), + &TableKey + ); + } else { + CopyMem (mTcgServerAcpiTemplate.Header.OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (mTcgServerAcpiTemplate.Header.OemId)); + OemTableId = PcdGet64 (PcdAcpiDefaultOemTableId); + CopyMem (&mTcgServerAcpiTemplate.Header.OemTableId, &OemTableId, sizeof (UINT64)); + mTcgServerAcpiTemplate.Header.OemRevision = PcdGet32 (PcdAcpiDefaultOemRevision); + mTcgServerAcpiTemplate.Header.CreatorId = PcdGet32 (PcdAcpiDefaultCreatorId); + mTcgServerAcpiTemplate.Header.CreatorRevision = PcdGet32 (PcdAcpiDefaultCreatorRevision); + // + // The ACPI table must be checksummed before calling the InstallAcpiTable() + // service of the ACPI table protocol to install it. + // + Checksum = CalculateCheckSum8 ((UINT8 *)&mTcgServerAcpiTemplate, sizeof (mTcgServerAcpiTemplate)); + mTcgServerAcpiTemplate.Header.Checksum = Checksum; + + mTcgServerAcpiTemplate.BaseAddress.Address = PcdGet64 (PcdTpmBaseAddress); + Status = AcpiTable->InstallAcpiTable ( + AcpiTable, + &mTcgServerAcpiTemplate, + sizeof (mTcgServerAcpiTemplate), + &TableKey + ); + } + + if (EFI_ERROR (Status)) { + DEBUG((EFI_D_ERROR, "Tcg Acpi Table installation failure")); + } +} + +/** + Exit Boot Services Event notification handler. + + Measure invocation and success of ExitBootServices. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context + +**/ +VOID +EFIAPI +OnExitBootServices ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + + // + // Measure invocation of ExitBootServices, + // + Status = TcgMeasureAction ( + EFI_EXIT_BOOT_SERVICES_INVOCATION + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_INVOCATION)); + } + + // + // Measure success of ExitBootServices + // + Status = TcgMeasureAction ( + EFI_EXIT_BOOT_SERVICES_SUCCEEDED + ); + if (EFI_ERROR (Status)){ + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_SUCCEEDED)); + } +} + +/** + Exit Boot Services Failed Event notification handler. + + Measure Failure of ExitBootServices. + + @param[in] Event Event whose notification function is being invoked + @param[in] Context Pointer to the notification function's context + +**/ +VOID +EFIAPI +OnExitBootServicesFailed ( + IN EFI_EVENT Event, + IN VOID *Context + ) +{ + EFI_STATUS Status; + + // + // Measure Failure of ExitBootServices, + // + Status = TcgMeasureAction ( + EFI_EXIT_BOOT_SERVICES_FAILED + ); + if (EFI_ERROR (Status)){ + DEBUG ((EFI_D_ERROR, "%a not Measured. Error!\n", EFI_EXIT_BOOT_SERVICES_FAILED)); + } +} + +/** + Get TPM Deactivated state. + + @param[out] TPMDeactivatedFlag Returns TPM Deactivated state. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. + +**/ +EFI_STATUS +GetTpmStatus ( + OUT BOOLEAN *TPMDeactivatedFlag + ) +{ + EFI_STATUS Status; + TPM_STCLEAR_FLAGS VolatileFlags; + + Status = Tpm12GetCapabilityFlagVolatile (&VolatileFlags); + if (!EFI_ERROR (Status)) { + *TPMDeactivatedFlag = VolatileFlags.deactivated; + } + + return Status; +} + +/** + The driver's entry point. + + It publishes EFI TCG Protocol. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval other Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +DriverEntry ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_EVENT Event; + VOID *Registration; + + if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + DEBUG ((EFI_D_ERROR, "No TPM12 instance required!\n")); + return EFI_UNSUPPORTED; + } + + if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { + DEBUG ((EFI_D_ERROR, "TPM error!\n")); + return EFI_DEVICE_ERROR; + } + + Status = Tpm12RequestUseTpm (); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "TPM not detected!\n")); + return Status; + } + + Status = GetTpmStatus (&mTcgDxeData.BsCap.TPMDeactivatedFlag); + if (EFI_ERROR (Status)) { + DEBUG (( + EFI_D_ERROR, + "DriverEntry: TPM not working properly\n" + )); + return Status; + } + + Status = gBS->InstallProtocolInterface ( + &ImageHandle, + &gEfiTcgProtocolGuid, + EFI_NATIVE_INTERFACE, + &mTcgDxeData.TcgProtocol + ); + if (!EFI_ERROR (Status) && (!mTcgDxeData.BsCap.TPMDeactivatedFlag) && mTcgDxeData.BsCap.TPMPresentFlag) { + // + // Setup the log area and copy event log from hob list to it + // + Status = SetupEventLog (); + ASSERT_EFI_ERROR (Status); + + // + // Measure handoff tables, Boot#### variables etc. + // + Status = EfiCreateEventReadyToBootEx ( + TPL_CALLBACK, + OnReadyToBoot, + NULL, + &Event + ); + + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + OnExitBootServices, + NULL, + &gEfiEventExitBootServicesGuid, + &Event + ); + + // + // Measure Exit Boot Service failed + // + Status = gBS->CreateEventEx ( + EVT_NOTIFY_SIGNAL, + TPL_NOTIFY, + OnExitBootServicesFailed, + NULL, + &gEventExitBootServicesFailedGuid, + &Event + ); + } + + // + // Install ACPI Table + // + EfiCreateProtocolNotifyEvent (&gEfiAcpiTableProtocolGuid, TPL_CALLBACK, InstallAcpiTable, NULL, &Registration); + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf new file mode 100644 index 00000000..63a9b548 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf @@ -0,0 +1,81 @@ +## @file +# Produces TCG protocol and measures boot environment +# This module will produce TCG protocol and measure boot environment. +# +# Copyright (c) 2006 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TcgDxe + MODULE_UNI_FILE = TcgDxe.uni + FILE_GUID = A5683620-7998-4bb2-A377-1C1E31E1E215 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = DriverEntry + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 +# + +[Sources] + TcgDxe.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + MemoryAllocationLib + BaseLib + UefiBootServicesTableLib + HobLib + UefiDriverEntryPoint + UefiRuntimeServicesTableLib + BaseMemoryLib + DebugLib + Tpm12DeviceLib + BaseCryptLib + PrintLib + UefiLib + PcdLib + ReportStatusCodeLib + Tpm12CommandLib + +[Guids] + gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"BootXXXX" + gTcgEventEntryHobGuid ## SOMETIMES_CONSUMES ## HOB + gTpmErrorHobGuid ## SOMETIMES_CONSUMES ## HOB + gEfiEventExitBootServicesGuid ## CONSUMES ## Event + gEventExitBootServicesFailedGuid ## SOMETIMES_CONSUMES ## Event + gEfiTpmDeviceInstanceTpm12Guid ## PRODUCES ## GUID # TPM device identifier + +[Protocols] + gEfiTcgProtocolGuid ## PRODUCES + gEfiAcpiTableProtocolGuid ## NOTIFY + gEfiMpServiceProtocolGuid ## SOMETIMES_CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemTableId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemRevision ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES + +[Depex] + TRUE + +[UserExtensions.TianoCore."ExtraFiles"] + TcgDxeExtra.uni + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxe.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxe.uni new file mode 100644 index 00000000..2262d2fb --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxe.uni @@ -0,0 +1,16 @@ +// /** @file
+// Produces TCG protocol and measures boot environment
+//
+// This module will produce TCG protocol and measure boot environment.
+//
+// Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Produces TCG protocol and measures boot environment"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module will produce TCG protocol and measure boot environment."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxeExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxeExtra.uni new file mode 100644 index 00000000..68767537 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgDxe/TcgDxeExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// TcgDxe Localized Strings and Content
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG (Trusted Computing Group) DXE"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPei.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPei.c new file mode 100644 index 00000000..ad29affa --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -0,0 +1,931 @@ +/** @file + Initialize TPM device and measure FVs before handing off control to DXE. + +Copyright (c) 2005 - 2020, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include <PiPei.h> + +#include <IndustryStandard/Tpm12.h> +#include <IndustryStandard/UefiTcgPlatform.h> +#include <Ppi/FirmwareVolumeInfo.h> +#include <Ppi/FirmwareVolumeInfo2.h> +#include <Ppi/LockPhysicalPresence.h> +#include <Ppi/TpmInitialized.h> +#include <Ppi/FirmwareVolume.h> +#include <Ppi/EndOfPeiPhase.h> +#include <Ppi/FirmwareVolumeInfoMeasurementExcluded.h> +#include <Ppi/Tcg.h> + +#include <Guid/TcgEventHob.h> +#include <Guid/MeasuredFvHob.h> +#include <Guid/TpmInstance.h> +#include <Guid/MigratedFvInfo.h> + +#include <Library/DebugLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/PeiServicesLib.h> +#include <Library/PeimEntryPoint.h> +#include <Library/HobLib.h> +#include <Library/PcdLib.h> +#include <Library/PeiServicesTablePointerLib.h> +#include <Library/BaseLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/ReportStatusCodeLib.h> +#include <Library/Tpm12DeviceLib.h> +#include <Library/Tpm12CommandLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/PerformanceLib.h> + +BOOLEAN mImageInMemory = FALSE; + +EFI_PEI_PPI_DESCRIPTOR mTpmInitializedPpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiTpmInitializedPpiGuid, + NULL +}; + +EFI_PEI_PPI_DESCRIPTOR mTpmInitializationDonePpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gPeiTpmInitializationDonePpiGuid, + NULL +}; + +/** + Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, + and build a GUIDed HOB recording the event which will be passed to the DXE phase and + added into the Event Log. + + @param[in] This Indicates the calling context + @param[in] Flags Bitmap providing additional information. + @param[in] HashData Physical address of the start of the data buffer + to be hashed, extended, and logged. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +HashLogExtendEvent ( + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ); + +EDKII_TCG_PPI mEdkiiTcgPpi = { + HashLogExtendEvent +}; + +EFI_PEI_PPI_DESCRIPTOR mTcgPpiList = { + EFI_PEI_PPI_DESCRIPTOR_PPI | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST, + &gEdkiiTcgPpiGuid, + &mEdkiiTcgPpi +}; + +// +// Number of firmware blobs to grow by each time we run out of room +// +#define FIRMWARE_BLOB_GROWTH_STEP 4 + +EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredBaseFvInfo; +UINT32 mMeasuredMaxBaseFvIndex = 0; +UINT32 mMeasuredBaseFvIndex = 0; + +EFI_PLATFORM_FIRMWARE_BLOB *mMeasuredChildFvInfo; +UINT32 mMeasuredMaxChildFvIndex = 0; +UINT32 mMeasuredChildFvIndex = 0; + +EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi; + +/** + Lock physical presence if needed. + + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @retval EFI_SUCCESS Operation completed successfully. + +**/ +EFI_STATUS +EFIAPI +PhysicalPresencePpiNotifyCallback ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ); + +/** + Measure and record the Firmware Volume Information once FvInfoPPI install. + + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. + @return Others Fail to measure FV. + +**/ +EFI_STATUS +EFIAPI +FirmwareVolumeInfoPpiNotifyCallback ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ); + +/** + Record all measured Firmware Volume Information into a Guid Hob + + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. + @return Others Fail to measure FV. + +**/ +EFI_STATUS +EFIAPI +EndofPeiSignalNotifyCallBack ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ); + +EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = { + { + EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, + &gPeiLockPhysicalPresencePpiGuid, + PhysicalPresencePpiNotifyCallback + }, + { + EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, + &gEfiPeiFirmwareVolumeInfoPpiGuid, + FirmwareVolumeInfoPpiNotifyCallback + }, + { + EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK, + &gEfiPeiFirmwareVolumeInfo2PpiGuid, + FirmwareVolumeInfoPpiNotifyCallback + }, + { + (EFI_PEI_PPI_DESCRIPTOR_NOTIFY_CALLBACK | EFI_PEI_PPI_DESCRIPTOR_TERMINATE_LIST), + &gEfiEndOfPeiSignalPpiGuid, + EndofPeiSignalNotifyCallBack + } +}; + +/** + Record all measured Firmware Volume Information into a Guid Hob + Guid Hob payload layout is + + UINT32 *************************** FIRMWARE_BLOB number + EFI_PLATFORM_FIRMWARE_BLOB******** BLOB Array + + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. + @return Others Fail to measure FV. + +**/ +EFI_STATUS +EFIAPI +EndofPeiSignalNotifyCallBack ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ) +{ + MEASURED_HOB_DATA *MeasuredHobData; + + MeasuredHobData = NULL; + + PERF_CALLBACK_BEGIN (&gEfiEndOfPeiSignalPpiGuid); + + // + // Create a Guid hob to save all measured Fv + // + MeasuredHobData = BuildGuidHob( + &gMeasuredFvHobGuid, + sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex) + ); + + if (MeasuredHobData != NULL){ + // + // Save measured FV info enty number + // + MeasuredHobData->Num = mMeasuredBaseFvIndex + mMeasuredChildFvIndex; + + // + // Save measured base Fv info + // + CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex)); + + // + // Save measured child Fv info + // + CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex)); + } + + PERF_CALLBACK_END (&gEfiEndOfPeiSignalPpiGuid); + + return EFI_SUCCESS; +} + +/** +Single function calculates SHA1 digest value for all raw data. It +combines Sha1Init(), Sha1Update() and Sha1Final(). + +@param[in] Data Raw data to be digested. +@param[in] DataLen Size of the raw data. +@param[out] Digest Pointer to a buffer that stores the final digest. + +@retval EFI_SUCCESS Always successfully calculate the final digest. +**/ +EFI_STATUS +EFIAPI +TpmCommHashAll ( + IN CONST UINT8 *Data, + IN UINTN DataLen, + OUT TPM_DIGEST *Digest + ) +{ + VOID *Sha1Ctx; + UINTN CtxSize; + + CtxSize = Sha1GetContextSize (); + Sha1Ctx = AllocatePool (CtxSize); + ASSERT (Sha1Ctx != NULL); + + Sha1Init (Sha1Ctx); + Sha1Update (Sha1Ctx, Data, DataLen); + Sha1Final (Sha1Ctx, (UINT8 *)Digest); + + FreePool (Sha1Ctx); + + return EFI_SUCCESS; +} + +/** + Do a hash operation on a data buffer, extend a specific TPM PCR with the hash result, + and build a GUIDed HOB recording the event which will be passed to the DXE phase and + added into the Event Log. + + @param[in] This Indicates the calling context. + @param[in] Flags Bitmap providing additional information. + @param[in] HashData Physical address of the start of the data buffer + to be hashed, extended, and logged. + @param[in] HashDataLen The length, in bytes, of the buffer referenced by HashData. + @param[in] NewEventHdr Pointer to a TCG_PCR_EVENT_HDR data structure. + @param[in] NewEventData Pointer to the new event data. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +HashLogExtendEvent ( + IN EDKII_TCG_PPI *This, + IN UINT64 Flags, + IN UINT8 *HashData, + IN UINTN HashDataLen, + IN TCG_PCR_EVENT_HDR *NewEventHdr, + IN UINT8 *NewEventData + ) +{ + EFI_STATUS Status; + VOID *HobData; + + if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { + return EFI_DEVICE_ERROR; + } + + HobData = NULL; + if (HashDataLen != 0) { + Status = TpmCommHashAll ( + HashData, + HashDataLen, + &NewEventHdr->Digest + ); + if (EFI_ERROR (Status)) { + goto Done; + } + } + + Status = Tpm12Extend ( + &NewEventHdr->Digest, + NewEventHdr->PCRIndex, + NULL + ); + if (EFI_ERROR (Status)) { + goto Done; + } + + HobData = BuildGuidHob ( + &gTcgEventEntryHobGuid, + sizeof (*NewEventHdr) + NewEventHdr->EventSize + ); + if (HobData == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto Done; + } + + CopyMem (HobData, NewEventHdr, sizeof (*NewEventHdr)); + HobData = (VOID *) ((UINT8*)HobData + sizeof (*NewEventHdr)); + CopyMem (HobData, NewEventData, NewEventHdr->EventSize); + +Done: + if ((Status == EFI_DEVICE_ERROR) || (Status == EFI_TIMEOUT)) { + DEBUG ((EFI_D_ERROR, "HashLogExtendEvent - %r. Disable TPM.\n", Status)); + BuildGuidHob (&gTpmErrorHobGuid,0); + REPORT_STATUS_CODE ( + EFI_ERROR_CODE | EFI_ERROR_MINOR, + (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + ); + Status = EFI_DEVICE_ERROR; + } + return Status; +} + +/** + Measure CRTM version. + + @param[in] PeiServices Describes the list of possible PEI Services. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureCRTMVersion ( + IN EFI_PEI_SERVICES **PeiServices + ) +{ + TCG_PCR_EVENT_HDR TcgEventHdr; + + // + // Use FirmwareVersion string to represent CRTM version. + // OEMs should get real CRTM version string and measure it. + // + + TcgEventHdr.PCRIndex = 0; + TcgEventHdr.EventType = EV_S_CRTM_VERSION; + TcgEventHdr.EventSize = (UINT32) StrSize((CHAR16*)PcdGetPtr (PcdFirmwareVersionString)); + + return HashLogExtendEvent ( + &mEdkiiTcgPpi, + 0, + (UINT8*)PcdGetPtr (PcdFirmwareVersionString), + TcgEventHdr.EventSize, + &TcgEventHdr, + (UINT8*)PcdGetPtr (PcdFirmwareVersionString) + ); +} + +/** + Measure FV image. + Add it into the measured FV list after the FV is measured successfully. + + @param[in] FvBase Base address of FV image. + @param[in] FvLength Length of FV image. + + @retval EFI_SUCCESS Fv image is measured successfully + or it has been already measured. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureFvImage ( + IN EFI_PHYSICAL_ADDRESS FvBase, + IN UINT64 FvLength + ) +{ + UINT32 Index; + EFI_STATUS Status; + EFI_PLATFORM_FIRMWARE_BLOB FvBlob; + TCG_PCR_EVENT_HDR TcgEventHdr; + EFI_PHYSICAL_ADDRESS FvOrgBase; + EFI_PHYSICAL_ADDRESS FvDataBase; + EFI_PEI_HOB_POINTERS Hob; + EDKII_MIGRATED_FV_INFO *MigratedFvInfo; + + // + // Check if it is in Excluded FV list + // + if (mMeasurementExcludedFvPpi != NULL) { + for (Index = 0; Index < mMeasurementExcludedFvPpi->Count; Index ++) { + if (mMeasurementExcludedFvPpi->Fv[Index].FvBase == FvBase) { + DEBUG ((DEBUG_INFO, "The FV which is excluded by TcgPei starts at: 0x%x\n", FvBase)); + DEBUG ((DEBUG_INFO, "The FV which is excluded by TcgPei has the size: 0x%x\n", FvLength)); + return EFI_SUCCESS; + } + } + } + + // + // Check whether FV is in the measured FV list. + // + for (Index = 0; Index < mMeasuredBaseFvIndex; Index ++) { + if (mMeasuredBaseFvInfo[Index].BlobBase == FvBase) { + return EFI_SUCCESS; + } + } + + // + // Search the matched migration FV info + // + FvOrgBase = FvBase; + FvDataBase = FvBase; + Hob.Raw = GetFirstGuidHob (&gEdkiiMigratedFvInfoGuid); + while (Hob.Raw != NULL) { + MigratedFvInfo = GET_GUID_HOB_DATA (Hob); + if ((MigratedFvInfo->FvNewBase == (UINT32) FvBase) && (MigratedFvInfo->FvLength == (UINT32) FvLength)) { + // + // Found the migrated FV info + // + FvOrgBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvOrgBase; + FvDataBase = (EFI_PHYSICAL_ADDRESS) (UINTN) MigratedFvInfo->FvDataBase; + break; + } + Hob.Raw = GET_NEXT_HOB (Hob); + Hob.Raw = GetNextGuidHob (&gEdkiiMigratedFvInfoGuid, Hob.Raw); + } + + // + // Measure and record the FV to the TPM + // + FvBlob.BlobBase = FvOrgBase; + FvBlob.BlobLength = FvLength; + + DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei starts at: 0x%x\n", FvBlob.BlobBase)); + DEBUG ((DEBUG_INFO, "The FV which is measured by TcgPei has the size: 0x%x\n", FvBlob.BlobLength)); + + TcgEventHdr.PCRIndex = 0; + TcgEventHdr.EventType = EV_EFI_PLATFORM_FIRMWARE_BLOB; + TcgEventHdr.EventSize = sizeof (FvBlob); + + Status = HashLogExtendEvent ( + &mEdkiiTcgPpi, + 0, + (UINT8*) (UINTN) FvDataBase, + (UINTN) FvBlob.BlobLength, + &TcgEventHdr, + (UINT8*) &FvBlob + ); + + // + // Add new FV into the measured FV list. + // + if (mMeasuredBaseFvIndex >= mMeasuredMaxBaseFvIndex) { + mMeasuredBaseFvInfo = ReallocatePool ( + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasuredMaxBaseFvIndex, + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredMaxBaseFvIndex + FIRMWARE_BLOB_GROWTH_STEP), + mMeasuredBaseFvInfo + ); + ASSERT (mMeasuredBaseFvInfo != NULL); + mMeasuredMaxBaseFvIndex = mMeasuredMaxBaseFvIndex + FIRMWARE_BLOB_GROWTH_STEP; + } + + mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobBase = FvBase; + mMeasuredBaseFvInfo[mMeasuredBaseFvIndex].BlobLength = FvLength; + mMeasuredBaseFvIndex++; + + return Status; +} + +/** + Measure main BIOS. + + @param[in] PeiServices Describes the list of possible PEI Services. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +MeasureMainBios ( + IN EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + UINT32 FvInstances; + EFI_PEI_FV_HANDLE VolumeHandle; + EFI_FV_INFO VolumeInfo; + EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; + + FvInstances = 0; + while (TRUE) { + // + // Traverse all firmware volume instances of Static Core Root of Trust for Measurement + // (S-CRTM), this firmware volume measure policy can be modified/enhanced by special + // platform for special CRTM TPM measuring. + // + Status = PeiServicesFfsFindNextVolume (FvInstances, &VolumeHandle); + if (EFI_ERROR (Status)) { + break; + } + + // + // Measure and record the firmware volume that is dispatched by PeiCore + // + Status = PeiServicesFfsGetVolumeInfo (VolumeHandle, &VolumeInfo); + ASSERT_EFI_ERROR (Status); + // + // Locate the corresponding FV_PPI according to founded FV's format guid + // + Status = PeiServicesLocatePpi ( + &VolumeInfo.FvFormat, + 0, + NULL, + (VOID**)&FvPpi + ); + if (!EFI_ERROR (Status)) { + MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) VolumeInfo.FvStart, VolumeInfo.FvSize); + } + + FvInstances++; + } + + return EFI_SUCCESS; +} + +/** + Measure and record the Firmware Volume Information once FvInfoPPI install. + + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation. + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @retval EFI_SUCCESS The FV Info is measured and recorded to TPM. + @return Others Fail to measure FV. + +**/ +EFI_STATUS +EFIAPI +FirmwareVolumeInfoPpiNotifyCallback ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ) +{ + EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *Fv; + EFI_STATUS Status; + EFI_PEI_FIRMWARE_VOLUME_PPI *FvPpi; + UINTN Index; + + Fv = (EFI_PEI_FIRMWARE_VOLUME_INFO_PPI *) Ppi; + + // + // The PEI Core can not dispatch or load files from memory mapped FVs that do not support FvPpi. + // + Status = PeiServicesLocatePpi ( + &Fv->FvFormat, + 0, + NULL, + (VOID**)&FvPpi + ); + if (EFI_ERROR (Status)) { + return EFI_SUCCESS; + } + + // + // This is an FV from an FFS file, and the parent FV must have already been measured, + // No need to measure twice, so just record the FV and return + // + if (Fv->ParentFvName != NULL || Fv->ParentFileName != NULL ) { + + if (mMeasuredChildFvIndex >= mMeasuredMaxChildFvIndex) { + mMeasuredChildFvInfo = ReallocatePool ( + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * mMeasuredMaxChildFvIndex, + sizeof (EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP), + mMeasuredChildFvInfo + ); + ASSERT (mMeasuredChildFvInfo != NULL); + mMeasuredMaxChildFvIndex = mMeasuredMaxChildFvIndex + FIRMWARE_BLOB_GROWTH_STEP; + } + // + // Check whether FV is in the measured child FV list. + // + for (Index = 0; Index < mMeasuredChildFvIndex; Index++) { + if (mMeasuredChildFvInfo[Index].BlobBase == (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo) { + return EFI_SUCCESS; + } + } + mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobBase = (EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo; + mMeasuredChildFvInfo[mMeasuredChildFvIndex].BlobLength = Fv->FvInfoSize; + mMeasuredChildFvIndex++; + return EFI_SUCCESS; + } + + return MeasureFvImage ((EFI_PHYSICAL_ADDRESS) (UINTN) Fv->FvInfo, Fv->FvInfoSize); +} + +/** + Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by corresponding PCDs. + And lock physical presence if needed. + + @param[in] PeiServices An indirect pointer to the EFI_PEI_SERVICES table published by the PEI Foundation + @param[in] NotifyDescriptor Address of the notification descriptor data structure. + @param[in] Ppi Address of the PPI that was installed. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_ABORTED physicalPresenceCMDEnable is locked. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +PhysicalPresencePpiNotifyCallback ( + IN EFI_PEI_SERVICES **PeiServices, + IN EFI_PEI_NOTIFY_DESCRIPTOR *NotifyDescriptor, + IN VOID *Ppi + ) +{ + EFI_STATUS Status; + TPM_PERMANENT_FLAGS TpmPermanentFlags; + PEI_LOCK_PHYSICAL_PRESENCE_PPI *LockPhysicalPresencePpi; + TPM_PHYSICAL_PRESENCE PhysicalPresenceValue; + + Status = Tpm12GetCapabilityFlagPermanent (&TpmPermanentFlags); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // 1. Set physicalPresenceLifetimeLock, physicalPresenceHWEnable and physicalPresenceCMDEnable bit by PCDs. + // + if (PcdGetBool (PcdPhysicalPresenceLifetimeLock) && !TpmPermanentFlags.physicalPresenceLifetimeLock) { + // + // Lock TPM LifetimeLock is required, and LifetimeLock is not locked yet. + // + PhysicalPresenceValue = TPM_PHYSICAL_PRESENCE_LIFETIME_LOCK; + TpmPermanentFlags.physicalPresenceLifetimeLock = TRUE; + + if (PcdGetBool (PcdPhysicalPresenceCmdEnable)) { + PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_ENABLE; + TpmPermanentFlags.physicalPresenceCMDEnable = TRUE; + } else { + PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_CMD_DISABLE; + TpmPermanentFlags.physicalPresenceCMDEnable = FALSE; + } + + if (PcdGetBool (PcdPhysicalPresenceHwEnable)) { + PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_ENABLE; + } else { + PhysicalPresenceValue |= TPM_PHYSICAL_PRESENCE_HW_DISABLE; + } + + Status = Tpm12PhysicalPresence ( + PhysicalPresenceValue + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + // + // 2. Lock physical presence if it is required. + // + LockPhysicalPresencePpi = (PEI_LOCK_PHYSICAL_PRESENCE_PPI *) Ppi; + if (!LockPhysicalPresencePpi->LockPhysicalPresence ((CONST EFI_PEI_SERVICES**) PeiServices)) { + return EFI_SUCCESS; + } + + if (!TpmPermanentFlags.physicalPresenceCMDEnable) { + if (TpmPermanentFlags.physicalPresenceLifetimeLock) { + // + // physicalPresenceCMDEnable is locked, can't change. + // + return EFI_ABORTED; + } + + // + // Enable physical presence command + // It is necessary in order to lock physical presence + // + Status = Tpm12PhysicalPresence ( + TPM_PHYSICAL_PRESENCE_CMD_ENABLE + ); + if (EFI_ERROR (Status)) { + return Status; + } + } + + // + // Lock physical presence + // + Status = Tpm12PhysicalPresence ( + TPM_PHYSICAL_PRESENCE_LOCK + ); + return Status; +} + +/** + Check if TPM chip is activated or not. + + @param[in] PeiServices Describes the list of possible PEI Services. + + @retval TRUE TPM is activated. + @retval FALSE TPM is deactivated. + +**/ +BOOLEAN +IsTpmUsable ( + VOID + ) +{ + EFI_STATUS Status; + TPM_PERMANENT_FLAGS TpmPermanentFlags; + + Status = Tpm12GetCapabilityFlagPermanent (&TpmPermanentFlags); + if (EFI_ERROR (Status)) { + return FALSE; + } + return (BOOLEAN)(!TpmPermanentFlags.deactivated); +} + +/** + Do measurement after memory is ready. + + @param[in] PeiServices Describes the list of possible PEI Services. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES No enough memory to log the new event. + @retval EFI_DEVICE_ERROR The command was unsuccessful. + +**/ +EFI_STATUS +EFIAPI +PeimEntryMP ( + IN EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + + Status = PeiServicesLocatePpi ( + &gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid, + 0, + NULL, + (VOID**)&mMeasurementExcludedFvPpi + ); + // Do not check status, because it is optional + + Status = Tpm12RequestUseTpm (); + if (EFI_ERROR (Status)) { + return Status; + } + + if (IsTpmUsable ()) { + if (PcdGet8 (PcdTpmScrtmPolicy) == 1) { + Status = MeasureCRTMVersion (PeiServices); + } + + Status = MeasureMainBios (PeiServices); + } + + // + // Post callbacks: + // 1). for the FvInfoPpi services to measure and record + // the additional Fvs to TPM + // 2). for the OperatorPresencePpi service to determine whether to + // lock the TPM + // + Status = PeiServicesNotifyPpi (&mNotifyList[0]); + ASSERT_EFI_ERROR (Status); + + // + // install Tcg Services + // + Status = PeiServicesInstallPpi (&mTcgPpiList); + ASSERT_EFI_ERROR (Status); + + return Status; +} + +/** + Entry point of this module. + + @param[in] FileHandle Handle of the file being invoked. + @param[in] PeiServices Describes the list of possible PEI Services. + + @return Status. + +**/ +EFI_STATUS +EFIAPI +PeimEntryMA ( + IN EFI_PEI_FILE_HANDLE FileHandle, + IN CONST EFI_PEI_SERVICES **PeiServices + ) +{ + EFI_STATUS Status; + EFI_STATUS Status2; + EFI_BOOT_MODE BootMode; + + if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + DEBUG ((EFI_D_ERROR, "No TPM12 instance required!\n")); + return EFI_UNSUPPORTED; + } + + if (GetFirstGuidHob (&gTpmErrorHobGuid) != NULL) { + DEBUG ((EFI_D_ERROR, "TPM error!\n")); + return EFI_DEVICE_ERROR; + } + + // + // Initialize TPM device + // + Status = PeiServicesGetBootMode (&BootMode); + ASSERT_EFI_ERROR (Status); + + // + // In S3 path, skip shadow logic. no measurement is required + // + if (BootMode != BOOT_ON_S3_RESUME) { + Status = (**PeiServices).RegisterForShadow(FileHandle); + if (Status == EFI_ALREADY_STARTED) { + mImageInMemory = TRUE; + } else if (Status == EFI_NOT_FOUND) { + ASSERT_EFI_ERROR (Status); + } + } + + if (!mImageInMemory) { + Status = Tpm12RequestUseTpm (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "TPM not detected!\n")); + goto Done; + } + + if (PcdGet8 (PcdTpmInitializationPolicy) == 1) { + if (BootMode == BOOT_ON_S3_RESUME) { + Status = Tpm12Startup (TPM_ST_STATE); + } else { + Status = Tpm12Startup (TPM_ST_CLEAR); + } + if (EFI_ERROR (Status) ) { + goto Done; + } + } + + // + // TpmSelfTest is optional on S3 path, skip it to save S3 time + // + if (BootMode != BOOT_ON_S3_RESUME) { + Status = Tpm12ContinueSelfTest (); + if (EFI_ERROR (Status)) { + goto Done; + } + } + + // + // Only install TpmInitializedPpi on success + // + Status = PeiServicesInstallPpi (&mTpmInitializedPpiList); + ASSERT_EFI_ERROR (Status); + } + + if (mImageInMemory) { + Status = PeimEntryMP ((EFI_PEI_SERVICES**)PeiServices); + return Status; + } + +Done: + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "TPM error! Build Hob\n")); + BuildGuidHob (&gTpmErrorHobGuid,0); + REPORT_STATUS_CODE ( + EFI_ERROR_CODE | EFI_ERROR_MINOR, + (PcdGet32 (PcdStatusCodeSubClassTpmDevice) | EFI_P_EC_INTERFACE_ERROR) + ); + } + // + // Always install TpmInitializationDonePpi no matter success or fail. + // Other driver can know TPM initialization state by TpmInitializedPpi. + // + Status2 = PeiServicesInstallPpi (&mTpmInitializationDonePpiList); + ASSERT_EFI_ERROR (Status2); + + return Status; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPei.inf new file mode 100644 index 00000000..32c2c08c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -0,0 +1,89 @@ +## @file +# Initializes TPM device and measures FVs in PEI phase +# +# This module will initialize TPM device, measure reported FVs and BIOS version. +# This module may also lock TPM physical presence and physicalPresenceLifetimeLock. +# +# Copyright (c) 2006 - 2020, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TcgPei + MODULE_UNI_FILE = TcgPei.uni + FILE_GUID = 2BE1E4A6-6505-43b3-9FFC-A3C8330E0432 + MODULE_TYPE = PEIM + VERSION_STRING = 1.0 + ENTRY_POINT = PeimEntryMA + +# +# The following information is for reference only and not required by the build tools. +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# +# [BootMode] +# S3_RESUME ## SOMETIMES_CONSUMES +# + +[Sources] + TcgPei.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + CryptoPkg/CryptoPkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + HobLib + PeimEntryPoint + PeiServicesLib + BaseMemoryLib + DebugLib + BaseCryptLib + Tpm12DeviceLib + TimerLib + PeiServicesTablePointerLib + BaseLib + PcdLib + MemoryAllocationLib + ReportStatusCodeLib + Tpm12CommandLib + PerformanceLib + +[Guids] + gTcgEventEntryHobGuid ## PRODUCES ## HOB + gTpmErrorHobGuid ## SOMETIMES_PRODUCES ## HOB + gMeasuredFvHobGuid ## PRODUCES ## HOB + gEfiTpmDeviceInstanceTpm12Guid ## PRODUCES ## GUID # TPM device identifier + gEdkiiMigratedFvInfoGuid ## SOMETIMES_CONSUMES ## HOB + +[Ppis] + gPeiLockPhysicalPresencePpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEfiPeiFirmwareVolumeInfoPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEfiPeiFirmwareVolumeInfo2PpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid ## SOMETIMES_CONSUMES + gPeiTpmInitializedPpiGuid ## SOMETIMES_PRODUCES + gPeiTpmInitializationDonePpiGuid ## PRODUCES + gEfiEndOfPeiSignalPpiGuid ## SOMETIMES_CONSUMES ## NOTIFY + gEdkiiTcgPpiGuid ## PRODUCES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable ## SOMETIMES_CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES + +[Depex] + gEfiPeiMasterBootModePpiGuid AND + gEfiTpmDeviceSelectedGuid + +[UserExtensions.TianoCore."ExtraFiles"] + TcgPeiExtra.uni + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPei.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPei.uni new file mode 100644 index 00000000..c7a9dbc9 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPei.uni @@ -0,0 +1,17 @@ +// /** @file
+// Initializes TPM device and measures FVs in PEI phase
+//
+// This module will initialize TPM device, measure reported FVs and BIOS version.
+// This module may also lock TPM physical presence and physicalPresenceLifetimeLock.
+//
+// Copyright (c) 2006 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Initializes TPM device and measures FVs in PEI phase"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This module will initialize TPM device, measure reported FVs and BIOS version. This module may also lock TPM physical presence and physicalPresenceLifetimeLock."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPeiExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPeiExtra.uni new file mode 100644 index 00000000..c602e1d6 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgPei/TcgPeiExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// TcgPei Localized Strings and Content
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG (Trusted Computing Group) PEI"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.c new file mode 100644 index 00000000..48f6058b --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.c @@ -0,0 +1,463 @@ +/** @file + It updates TPM items in ACPI table and registers SMI callback + functions for physical presence and ClearMemory. + + Caution: This module requires additional review when modified. + This driver will have external input - variable and ACPINvs data in SMM mode. + This external input must be validated carefully to avoid security issue. + + PhysicalPresenceCallback() and MemoryClearCallback() will receive untrusted input and do some check. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "TcgSmm.h" + +EFI_SMM_VARIABLE_PROTOCOL *mSmmVariable; +TCG_NVS *mTcgNvs; + +/** + Software SMI callback for TPM physical presence which is called from ACPI method. + + Caution: This function may receive untrusted input. + Variable and ACPINvs are external input, so this function will validate + its data structure to be valid value. + + @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister(). + @param[in] Context Points to an optional handler context which was specified when the + handler was registered. + @param[in, out] CommBuffer A pointer to a collection of data in memory that will + be conveyed from a non-SMM environment into an SMM environment. + @param[in, out] CommBufferSize The size of the CommBuffer. + + @retval EFI_SUCCESS The interrupt was handled successfully. + +**/ +EFI_STATUS +EFIAPI +PhysicalPresenceCallback ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize + ) +{ + EFI_STATUS Status; + UINTN DataSize; + EFI_PHYSICAL_PRESENCE PpData; + EFI_PHYSICAL_PRESENCE_FLAGS Flags; + BOOLEAN RequestConfirmed; + + // + // Get the Physical Presence variable + // + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = mSmmVariable->SmmGetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &PpData + ); + + DEBUG ((EFI_D_INFO, "[TPM] PP callback, Parameter = %x\n", mTcgNvs->PhysicalPresence.Parameter)); + if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS) { + if (EFI_ERROR (Status)) { + mTcgNvs->PhysicalPresence.ReturnCode = PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE; + mTcgNvs->PhysicalPresence.LastRequest = 0; + mTcgNvs->PhysicalPresence.Response = 0; + DEBUG ((EFI_D_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status)); + return EFI_SUCCESS; + } + mTcgNvs->PhysicalPresence.ReturnCode = PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS; + mTcgNvs->PhysicalPresence.LastRequest = PpData.LastPPRequest; + mTcgNvs->PhysicalPresence.Response = PpData.PPResponse; + } else if ((mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS) + || (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2)) { + if (EFI_ERROR (Status)) { + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; + DEBUG ((EFI_D_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status)); + return EFI_SUCCESS; + } + if (mTcgNvs->PhysicalPresence.Request == PHYSICAL_PRESENCE_SET_OPERATOR_AUTH) { + // + // This command requires UI to prompt user for Auth data. + // + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_NOT_IMPLEMENTED; + return EFI_SUCCESS; + } + + if (PpData.PPRequest != mTcgNvs->PhysicalPresence.Request) { + PpData.PPRequest = (UINT8) mTcgNvs->PhysicalPresence.Request; + DataSize = sizeof (EFI_PHYSICAL_PRESENCE); + Status = mSmmVariable->SmmSetVariable ( + PHYSICAL_PRESENCE_VARIABLE, + &gEfiPhysicalPresenceGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &PpData + ); + } + + if (EFI_ERROR (Status)) { + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_GENERAL_FAILURE; + return EFI_SUCCESS; + } + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_SUBMIT_REQUEST_TO_PREOS_SUCCESS; + + if (mTcgNvs->PhysicalPresence.Request >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS); + Status = mSmmVariable->SmmGetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &Flags + ); + if (EFI_ERROR (Status)) { + Flags.PPFlags = TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION; + } + mTcgNvs->PhysicalPresence.ReturnCode = TcgPpVendorLibSubmitRequestToPreOSFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags); + } + } else if (mTcgNvs->PhysicalPresence.Parameter == ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST) { + if (EFI_ERROR (Status)) { + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; + DEBUG ((EFI_D_ERROR, "[TPM] Get PP variable failure! Status = %r\n", Status)); + return EFI_SUCCESS; + } + // + // Get the Physical Presence flags + // + DataSize = sizeof (EFI_PHYSICAL_PRESENCE_FLAGS); + Status = mSmmVariable->SmmGetVariable ( + PHYSICAL_PRESENCE_FLAGS_VARIABLE, + &gEfiPhysicalPresenceGuid, + NULL, + &DataSize, + &Flags + ); + if (EFI_ERROR (Status)) { + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_BLOCKED_BY_BIOS_CONFIGURATION; + DEBUG ((EFI_D_ERROR, "[TPM] Get PP flags failure! Status = %r\n", Status)); + return EFI_SUCCESS; + } + + RequestConfirmed = FALSE; + + switch (mTcgNvs->PPRequestUserConfirm) { + case PHYSICAL_PRESENCE_ENABLE: + case PHYSICAL_PRESENCE_DISABLE: + case PHYSICAL_PRESENCE_ACTIVATE: + case PHYSICAL_PRESENCE_DEACTIVATE: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE: + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE: + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_TRUE: + case PHYSICAL_PRESENCE_SET_OWNER_INSTALL_FALSE: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_OWNER_TRUE: + case PHYSICAL_PRESENCE_DEACTIVATE_DISABLE_OWNER_FALSE: + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { + RequestConfirmed = TRUE; + } + break; + + case PHYSICAL_PRESENCE_CLEAR: + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR: + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0) { + RequestConfirmed = TRUE; + } + break; + + case PHYSICAL_PRESENCE_DEFERRED_PP_UNOWNERED_FIELD_UPGRADE: + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_MAINTENANCE) != 0) { + RequestConfirmed = TRUE; + } + break; + + case PHYSICAL_PRESENCE_ENABLE_ACTIVATE_CLEAR_ENABLE_ACTIVATE: + case PHYSICAL_PRESENCE_CLEAR_ENABLE_ACTIVATE: + if ((Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_CLEAR) != 0 && (Flags.PPFlags & TCG_BIOS_TPM_MANAGEMENT_FLAG_NO_PPI_PROVISION) != 0) { + RequestConfirmed = TRUE; + } + break; + + case PHYSICAL_PRESENCE_SET_NO_PPI_PROVISION_FALSE: + case PHYSICAL_PRESENCE_SET_NO_PPI_CLEAR_FALSE: + case PHYSICAL_PRESENCE_SET_NO_PPI_MAINTENANCE_FALSE: + case PHYSICAL_PRESENCE_NO_ACTION: + RequestConfirmed = TRUE; + break; + + case PHYSICAL_PRESENCE_SET_OPERATOR_AUTH: + // + // This command requires UI to prompt user for Auth data + // + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_NOT_IMPLEMENTED; + return EFI_SUCCESS; + default: + break; + } + + if (RequestConfirmed) { + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_NOT_REQUIRED; + } else { + mTcgNvs->PhysicalPresence.ReturnCode = TCG_PP_GET_USER_CONFIRMATION_ALLOWED_AND_PPUSER_REQUIRED; + } + if (mTcgNvs->PhysicalPresence.Request >= TCG_PHYSICAL_PRESENCE_VENDOR_SPECIFIC_OPERATION) { + mTcgNvs->PhysicalPresence.ReturnCode = TcgPpVendorLibGetUserConfirmationStatusFunction (mTcgNvs->PhysicalPresence.Request, Flags.PPFlags); + } + } + + return EFI_SUCCESS; +} + + +/** + Software SMI callback for MemoryClear which is called from ACPI method. + + Caution: This function may receive untrusted input. + Variable and ACPINvs are external input, so this function will validate + its data structure to be valid value. + + @param[in] DispatchHandle The unique handle assigned to this handler by SmiHandlerRegister(). + @param[in] Context Points to an optional handler context which was specified when the + handler was registered. + @param[in, out] CommBuffer A pointer to a collection of data in memory that will + be conveyed from a non-SMM environment into an SMM environment. + @param[in, out] CommBufferSize The size of the CommBuffer. + + @retval EFI_SUCCESS The interrupt was handled successfully. + +**/ +EFI_STATUS +EFIAPI +MemoryClearCallback ( + IN EFI_HANDLE DispatchHandle, + IN CONST VOID *Context, + IN OUT VOID *CommBuffer, + IN OUT UINTN *CommBufferSize + ) +{ + EFI_STATUS Status; + UINTN DataSize; + UINT8 MorControl; + + mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_SUCCESS; + if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE) { + MorControl = (UINT8) mTcgNvs->MemoryClear.Request; + } else if (mTcgNvs->MemoryClear.Parameter == ACPI_FUNCTION_PTS_CLEAR_MOR_BIT) { + DataSize = sizeof (UINT8); + Status = mSmmVariable->SmmGetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + NULL, + &DataSize, + &MorControl + ); + if (EFI_ERROR (Status)) { + mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; + DEBUG ((EFI_D_ERROR, "[TPM] Get MOR variable failure! Status = %r\n", Status)); + return EFI_SUCCESS; + } + + if (MOR_CLEAR_MEMORY_VALUE (MorControl) == 0x0) { + return EFI_SUCCESS; + } + MorControl &= ~MOR_CLEAR_MEMORY_BIT_MASK; + } else { + mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; + DEBUG ((EFI_D_ERROR, "[TPM] MOR Parameter error! Parameter = %x\n", mTcgNvs->MemoryClear.Parameter)); + return EFI_SUCCESS; + } + + DataSize = sizeof (UINT8); + Status = mSmmVariable->SmmSetVariable ( + MEMORY_OVERWRITE_REQUEST_VARIABLE_NAME, + &gEfiMemoryOverwriteControlDataGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS, + DataSize, + &MorControl + ); + if (EFI_ERROR (Status)) { + mTcgNvs->MemoryClear.ReturnCode = MOR_REQUEST_GENERAL_FAILURE; + DEBUG ((EFI_D_ERROR, "[TPM] Set MOR variable failure! Status = %r\n", Status)); + } + + return EFI_SUCCESS; +} + +/** + Find the operation region in TCG ACPI table by given Name and Size, + and initialize it if the region is found. + + @param[in, out] Table The TPM item in ACPI table. + @param[in] Name The name string to find in TPM table. + @param[in] Size The size of the region to find. + + @return The allocated address for the found region. + +**/ +VOID * +AssignOpRegion ( + EFI_ACPI_DESCRIPTION_HEADER *Table, + UINT32 Name, + UINT16 Size + ) +{ + EFI_STATUS Status; + AML_OP_REGION_32_8 *OpRegion; + EFI_PHYSICAL_ADDRESS MemoryAddress; + + MemoryAddress = SIZE_4GB - 1; + + // + // Patch some pointers for the ASL code before loading the SSDT. + // + for (OpRegion = (AML_OP_REGION_32_8 *) (Table + 1); + OpRegion <= (AML_OP_REGION_32_8 *) ((UINT8 *) Table + Table->Length); + OpRegion = (AML_OP_REGION_32_8 *) ((UINT8 *) OpRegion + 1)) { + if ((OpRegion->OpRegionOp == AML_EXT_REGION_OP) && + (OpRegion->NameString == Name) && + (OpRegion->DWordPrefix == AML_DWORD_PREFIX) && + (OpRegion->BytePrefix == AML_BYTE_PREFIX)) { + + Status = gBS->AllocatePages(AllocateMaxAddress, EfiACPIMemoryNVS, EFI_SIZE_TO_PAGES (Size), &MemoryAddress); + ASSERT_EFI_ERROR (Status); + ZeroMem ((VOID *)(UINTN)MemoryAddress, Size); + OpRegion->RegionOffset = (UINT32) (UINTN) MemoryAddress; + OpRegion->RegionLen = (UINT8) Size; + break; + } + } + + return (VOID *) (UINTN) MemoryAddress; +} + +/** + Initialize and publish TPM items in ACPI table. + + @retval EFI_SUCCESS The TCG ACPI table is published successfully. + @retval Others The TCG ACPI table is not published. + +**/ +EFI_STATUS +PublishAcpiTable ( + VOID + ) +{ + EFI_STATUS Status; + EFI_ACPI_TABLE_PROTOCOL *AcpiTable; + UINTN TableKey; + EFI_ACPI_DESCRIPTION_HEADER *Table; + UINTN TableSize; + + Status = GetSectionFromFv ( + &gEfiCallerIdGuid, + EFI_SECTION_RAW, + 0, + (VOID **) &Table, + &TableSize + ); + ASSERT_EFI_ERROR (Status); + + + // + // Measure to PCR[0] with event EV_POST_CODE ACPI DATA + // + TpmMeasureAndLogData( + 0, + EV_POST_CODE, + EV_POSTCODE_INFO_ACPI_DATA, + ACPI_DATA_LEN, + Table, + TableSize + ); + + + ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'c', 'g', 'T', 'a', 'b', 'l', 'e')); + CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId) ); + mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS)); + ASSERT (mTcgNvs != NULL); + + // + // Publish the TPM ACPI table + // + Status = gBS->LocateProtocol (&gEfiAcpiTableProtocolGuid, NULL, (VOID **) &AcpiTable); + ASSERT_EFI_ERROR (Status); + + TableKey = 0; + Status = AcpiTable->InstallAcpiTable ( + AcpiTable, + Table, + TableSize, + &TableKey + ); + ASSERT_EFI_ERROR (Status); + + return Status; +} + +/** + The driver's entry point. + + It install callbacks for TPM physical presence and MemoryClear, and locate + SMM variable to be used in the callback function. + + @param[in] ImageHandle The firmware allocated handle for the EFI image. + @param[in] SystemTable A pointer to the EFI System Table. + + @retval EFI_SUCCESS The entry point is executed successfully. + @retval Others Some error occurs when executing this entry point. + +**/ +EFI_STATUS +EFIAPI +InitializeTcgSmm ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + EFI_SMM_SW_DISPATCH2_PROTOCOL *SwDispatch; + EFI_SMM_SW_REGISTER_CONTEXT SwContext; + EFI_HANDLE SwHandle; + + if (!CompareGuid (PcdGetPtr(PcdTpmInstanceGuid), &gEfiTpmDeviceInstanceTpm12Guid)){ + DEBUG ((EFI_D_ERROR, "No TPM12 instance required!\n")); + return EFI_UNSUPPORTED; + } + + Status = PublishAcpiTable (); + ASSERT_EFI_ERROR (Status); + + // + // Get the Sw dispatch protocol and register SMI callback functions. + // + Status = gSmst->SmmLocateProtocol (&gEfiSmmSwDispatch2ProtocolGuid, NULL, (VOID**)&SwDispatch); + ASSERT_EFI_ERROR (Status); + SwContext.SwSmiInputValue = (UINTN) -1; + Status = SwDispatch->Register (SwDispatch, PhysicalPresenceCallback, &SwContext, &SwHandle); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + return Status; + } + mTcgNvs->PhysicalPresence.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue; + + SwContext.SwSmiInputValue = (UINTN) -1; + Status = SwDispatch->Register (SwDispatch, MemoryClearCallback, &SwContext, &SwHandle); + ASSERT_EFI_ERROR (Status); + if (EFI_ERROR (Status)) { + return Status; + } + mTcgNvs->MemoryClear.SoftwareSmi = (UINT8) SwContext.SwSmiInputValue; + + // + // Locate SmmVariableProtocol. + // + Status = gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL, (VOID**)&mSmmVariable); + ASSERT_EFI_ERROR (Status); + + return EFI_SUCCESS; +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.h new file mode 100644 index 00000000..c40f4317 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.h @@ -0,0 +1,99 @@ +/** @file + The header file for TCG SMM driver. + +Copyright (c) 2012 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __TCG_SMM_H__ +#define __TCG_SMM_H__ + +#include <PiDxe.h> +#include <IndustryStandard/Acpi.h> +#include <IndustryStandard/UefiTcgPlatform.h> + +#include <Guid/PhysicalPresenceData.h> +#include <Guid/MemoryOverwriteControl.h> +#include <Guid/TpmInstance.h> + +#include <Protocol/SmmSwDispatch2.h> +#include <Protocol/AcpiTable.h> +#include <Protocol/SmmVariable.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/SmmServicesTableLib.h> +#include <Library/UefiDriverEntryPoint.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/DxeServicesLib.h> +#include <Library/TpmMeasurementLib.h> +#include <Library/PcdLib.h> +#include <Library/TcgPpVendorLib.h> + +#pragma pack(1) +typedef struct { + UINT8 SoftwareSmi; + UINT32 Parameter; + UINT32 Response; + UINT32 Request; + UINT32 LastRequest; + UINT32 ReturnCode; +} PHYSICAL_PRESENCE_NVS; + +typedef struct { + UINT8 SoftwareSmi; + UINT32 Parameter; + UINT32 Request; + UINT32 ReturnCode; +} MEMORY_CLEAR_NVS; + +typedef struct { + PHYSICAL_PRESENCE_NVS PhysicalPresence; + MEMORY_CLEAR_NVS MemoryClear; + UINT32 PPRequestUserConfirm; +} TCG_NVS; + +typedef struct { + UINT8 OpRegionOp; + UINT32 NameString; + UINT8 RegionSpace; + UINT8 DWordPrefix; + UINT32 RegionOffset; + UINT8 BytePrefix; + UINT8 RegionLen; +} AML_OP_REGION_32_8; +#pragma pack() + +// +// The definition for TCG physical presence ACPI function +// +#define ACPI_FUNCTION_GET_PHYSICAL_PRESENCE_INTERFACE_VERSION 1 +#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS 2 +#define ACPI_FUNCTION_GET_PENDING_REQUEST_BY_OS 3 +#define ACPI_FUNCTION_GET_PLATFORM_ACTION_TO_TRANSITION_TO_BIOS 4 +#define ACPI_FUNCTION_RETURN_REQUEST_RESPONSE_TO_OS 5 +#define ACPI_FUNCTION_SUBMIT_PREFERRED_USER_LANGUAGE 6 +#define ACPI_FUNCTION_SUBMIT_REQUEST_TO_BIOS_2 7 +#define ACPI_FUNCTION_GET_USER_CONFIRMATION_STATUS_FOR_REQUEST 8 + +// +// The return code for Return TPM Operation Response to OS Environment +// +#define PP_RETURN_TPM_OPERATION_RESPONSE_SUCCESS 0 +#define PP_RETURN_TPM_OPERATION_RESPONSE_FAILURE 1 + +// +// The definition for TCG MOR +// +#define ACPI_FUNCTION_DSM_MEMORY_CLEAR_INTERFACE 1 +#define ACPI_FUNCTION_PTS_CLEAR_MOR_BIT 2 + +// +// The return code for Memory Clear Interface Functions +// +#define MOR_REQUEST_SUCCESS 0 +#define MOR_REQUEST_GENERAL_FAILURE 1 + +#endif // __TCG_SMM_H__ diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf new file mode 100644 index 00000000..1a48c18f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf @@ -0,0 +1,82 @@ +## @file +# Implements ACPI methods for the TCG feature +# +# This driver implements TPM definition block in ACPI table and registers SMI +# callback functions for physical presence and MemoryClear to handle the requests +# from ACPI method. +# +# Caution: This module requires additional review when modified. +# This driver will have external input - variable and ACPINvs data in SMM mode. +# This external input must be validated carefully to avoid security issue. +# +# Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +# Copyright (c) Microsoft Corporation.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = TcgSmm + MODULE_UNI_FILE = TcgSmm.uni + FILE_GUID = 42293093-76B9-4482-8C02-3BEFDEA9B35D + MODULE_TYPE = DXE_SMM_DRIVER + PI_SPECIFICATION_VERSION = 0x0001000A + VERSION_STRING = 1.0 + ENTRY_POINT = InitializeTcgSmm + +[Sources] + TcgSmm.c + TcgSmm.h + Tpm.asl + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + UefiDriverEntryPoint + SmmServicesTableLib + UefiBootServicesTableLib + DebugLib + DxeServicesLib + TpmMeasurementLib + PcdLib + TcgPpVendorLib + +[Guids] + ## SOMETIMES_PRODUCES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresence" + ## SOMETIMES_CONSUMES ## Variable:L"PhysicalPresenceFlags" + gEfiPhysicalPresenceGuid + + ## SOMETIMES_PRODUCES ## Variable:L"MemoryOverwriteRequestControl" + ## SOMETIMES_CONSUMES ## Variable:L"MemoryOverwriteRequestControl" + gEfiMemoryOverwriteControlDataGuid + + gEfiTpmDeviceInstanceTpm12Guid ## PRODUCES ## GUID # TPM device identifier + +[Protocols] + gEfiSmmSwDispatch2ProtocolGuid ## CONSUMES + gEfiSmmVariableProtocolGuid ## CONSUMES + gEfiAcpiTableProtocolGuid ## CONSUMES + +[FixedPcd] + gEfiSecurityPkgTokenSpaceGuid.PcdSmiCommandIoPort ## CONSUMES + +[Pcd] + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid ## CONSUMES + gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultOemId ## SOMETIMES_CONSUMES + +[Depex] + gEfiAcpiTableProtocolGuid AND + gEfiSmmSwDispatch2ProtocolGuid AND + gEfiSmmVariableProtocolGuid AND + gEfiTcgProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + TcgSmmExtra.uni + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.uni new file mode 100644 index 00000000..a3abb3ad --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmm.uni @@ -0,0 +1,22 @@ +// /** @file
+// Implements ACPI methods for the TCG feature
+//
+// This driver implements TPM definition block in ACPI table and registers SMI
+// callback functions for physical presence and MemoryClear to handle the requests
+// from ACPI method.
+//
+// Caution: This module requires additional review when modified.
+// This driver will have external input - variable and ACPINvs data in SMM mode.
+// This external input must be validated carefully to avoid security issue.
+//
+// Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Implements ACPI methods for the TCG feature"
+
+#string STR_MODULE_DESCRIPTION #language en-US "This driver implements TPM definition block in ACPI table and registers SMI callback functions for physical presence and MemoryClear to handle the requests from ACPI method. Caution: This module requires additional review when modified. This driver will have external input - variable and ACPINvs data in SMM mode. This external input must be validated carefully to avoid security issues."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmmExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmmExtra.uni new file mode 100644 index 00000000..03808d66 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/TcgSmmExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// TcgSmm Localized Strings and Content
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"TCG (Trusted Computing Group) SMM"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/Tpm.asl b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/Tpm.asl new file mode 100644 index 00000000..d79fcc97 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/Tcg/TcgSmm/Tpm.asl @@ -0,0 +1,351 @@ +/** @file + The TPM definition block in ACPI table for physical presence + and MemoryClear. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +Copyright (c) Microsoft Corporation.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +DefinitionBlock ( + "Tpm.aml", + "SSDT", + 2, + "INTEL ", + "TcgTable", + 0x1000 + ) +{ + Scope (\_SB) + { + Device (TPM) + { + // + // Define _HID, "PNP0C31" is defined in + // "Secure Startup-FVE and TPM Admin BIOS and Platform Requirements" + // + Name (_HID, EISAID ("PNP0C31")) + + // + // Readable name of this device, don't know if this way is correct yet + // + Name (_STR, Unicode ("TPM 1.2 Device")) + + // + // Return the resource consumed by TPM device + // + Name (_CRS, ResourceTemplate () { + Memory32Fixed (ReadWrite, 0xfed40000, 0x5000) + }) + + // + // Operational region for Smi port access + // + OperationRegion (SMIP, SystemIO, FixedPcdGet16 (PcdSmiCommandIoPort), 1) + Field (SMIP, ByteAcc, NoLock, Preserve) + { + IOPN, 8 + } + + // + // Operational region for TPM access + // + OperationRegion (TPMR, SystemMemory, 0xfed40000, 0x5000) + Field (TPMR, AnyAcc, NoLock, Preserve) + { + ACC0, 8, + } + + // + // Operational region for TPM support, TPM Physical Presence and TPM Memory Clear + // Region Offset 0xFFFF0000 and Length 0xF0 will be fixed in C code. + // + OperationRegion (TNVS, SystemMemory, 0xFFFF0000, 0xF0) + Field (TNVS, AnyAcc, NoLock, Preserve) + { + PPIN, 8, // Software SMI for Physical Presence Interface + PPIP, 32, // Used for save physical presence parameter + PPRP, 32, // Physical Presence request operation response + PPRQ, 32, // Physical Presence request operation + LPPR, 32, // Last Physical Presence request operation + FRET, 32, // Physical Presence function return code + MCIN, 8, // Software SMI for Memory Clear Interface + MCIP, 32, // Used for save the Mor parameter + MORD, 32, // Memory Overwrite Request Data + MRET, 32, // Memory Overwrite function return code + UCRQ, 32 // Physical Presence request operation to Get User Confirmation Status + } + + Method (PTS, 1, Serialized) + { + // + // Detect Sx state for MOR, only S4, S5 need to handle + // + If (LAnd (LLess (Arg0, 6), LGreater (Arg0, 3))) + { + // + // Bit4 -- DisableAutoDetect. 0 -- Firmware MAY autodetect. + // + If (LNot (And (MORD, 0x10))) + { + // + // Trigger the SMI through ACPI _PTS method. + // + Store (0x02, MCIP) + + // + // Trigger the SMI interrupt + // + Store (MCIN, IOPN) + } + } + Return (0) + } + + Method (_STA, 0) + { + if (LEqual (ACC0, 0xff)) + { + Return (0) + } + Return (0x0f) + } + + // + // TCG Hardware Information + // + Method (HINF, 1, Serialized, 0, {BuffObj, PkgObj}, {UnknownObj}) // IntObj + { + // + // Switch by function index + // + Switch (ToInteger(Arg0)) + { + Case (0) + { + // + // Standard query + // + Return (Buffer () {0x03}) + } + Case (1) + { + // + // Return failure if no TPM present + // + Name(TPMV, Package () {0x01, Package () {0x1, 0x20}}) + if (LEqual (_STA (), 0x00)) + { + Return (Package () {0x00}) + } + + // + // Return TPM version + // + Return (TPMV) + } + Default {BreakPoint} + } + Return (Buffer () {0}) + } + + Name(TPM2, Package (0x02){ + Zero, + Zero + }) + + Name(TPM3, Package (0x03){ + Zero, + Zero, + Zero + }) + + // + // TCG Physical Presence Interface + // + Method (TPPI, 2, Serialized, 0, {BuffObj, PkgObj, IntObj, StrObj}, {UnknownObj, UnknownObj}) // IntObj, PkgObj + { + // + // Switch by function index + // + Switch (ToInteger(Arg0)) + { + Case (0) + { + // + // Standard query, supports function 1-8 + // + Return (Buffer () {0xFF, 0x01}) + } + Case (1) + { + // + // a) Get Physical Presence Interface Version + // + Return ("1.2") + } + Case (2) + { + // + // b) Submit TPM Operation Request to Pre-OS Environment + // + + Store (DerefOf (Index (Arg1, 0x00)), PPRQ) + Store (0x02, PPIP) + + // + // Trigger the SMI interrupt + // + Store (PPIN, IOPN) + Return (FRET) + + + } + Case (3) + { + // + // c) Get Pending TPM Operation Requested By the OS + // + + Store (PPRQ, Index (TPM2, 0x01)) + Return (TPM2) + } + Case (4) + { + // + // d) Get Platform-Specific Action to Transition to Pre-OS Environment + // + Return (2) + } + Case (5) + { + // + // e) Return TPM Operation Response to OS Environment + // + Store (0x05, PPIP) + + // + // Trigger the SMI interrupt + // + Store (PPIN, IOPN) + + Store (LPPR, Index (TPM3, 0x01)) + Store (PPRP, Index (TPM3, 0x02)) + + Return (TPM3) + } + Case (6) + { + + // + // f) Submit preferred user language (Not implemented) + // + + Return (3) + + } + Case (7) + { + // + // g) Submit TPM Operation Request to Pre-OS Environment 2 + // + Store (7, PPIP) + Store (DerefOf (Index (Arg1, 0x00)), PPRQ) + + // + // Trigger the SMI interrupt + // + Store (PPIN, IOPN) + Return (FRET) + } + Case (8) + { + // + // e) Get User Confirmation Status for Operation + // + Store (8, PPIP) + Store (DerefOf (Index (Arg1, 0x00)), UCRQ) + + // + // Trigger the SMI interrupt + // + Store (PPIN, IOPN) + + Return (FRET) + } + + Default {BreakPoint} + } + Return (1) + } + + Method (TMCI, 2, Serialized, 0, IntObj, {UnknownObj, UnknownObj}) // IntObj, PkgObj + { + // + // Switch by function index + // + Switch (ToInteger (Arg0)) + { + Case (0) + { + // + // Standard query, supports function 1-1 + // + Return (Buffer () {0x03}) + } + Case (1) + { + // + // Save the Operation Value of the Request to MORD (reserved memory) + // + Store (DerefOf (Index (Arg1, 0x00)), MORD) + + // + // Trigger the SMI through ACPI _DSM method. + // + Store (0x01, MCIP) + + // + // Trigger the SMI interrupt + // + Store (MCIN, IOPN) + Return (MRET) + } + Default {BreakPoint} + } + Return (1) + } + + Method (_DSM, 4, Serialized, 0, UnknownObj, {BuffObj, IntObj, IntObj, PkgObj}) + { + + // + // TCG Hardware Information + // + If(LEqual(Arg0, ToUUID ("cf8e16a5-c1e8-4e25-b712-4f54a96702c8"))) + { + Return (HINF (Arg2)) + } + + // + // TCG Physical Presence Interface + // + If(LEqual(Arg0, ToUUID ("3dddfaa6-361b-4eb4-a424-8d10089d1653"))) + { + Return (TPPI (Arg2, Arg3)) + } + + // + // TCG Memory Clear Interface + // + If(LEqual(Arg0, ToUUID ("376054ed-cc13-4675-901c-4756d7f2d45d"))) + { + Return (TMCI (Arg2, Arg3)) + } + + Return (Buffer () {0}) + } + } + } +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr new file mode 100644 index 00000000..07e011be --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfig.vfr @@ -0,0 +1,605 @@ +/** @file + VFR file used by the SecureBoot configuration component. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SecureBootConfigNvData.h" + +formset + guid = SECUREBOOT_CONFIG_FORM_SET_GUID, + title = STRING_TOKEN(STR_SECUREBOOT_TITLE), + help = STRING_TOKEN(STR_SECUREBOOT_HELP), + classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, + + varstore SECUREBOOT_CONFIGURATION, + varid = SECUREBOOT_CONFIGURATION_VARSTORE_ID, + name = SECUREBOOT_CONFIGURATION, + guid = SECUREBOOT_CONFIG_FORM_SET_GUID; + + // + // ##1 Form "Secure Boot Configuration" + // + form formid = SECUREBOOT_CONFIGURATION_FORM_ID, + title = STRING_TOKEN(STR_SECUREBOOT_TITLE); + + subtitle text = STRING_TOKEN(STR_NULL); + + text + help = STRING_TOKEN(STR_SECURE_BOOT_STATE_HELP), + text = STRING_TOKEN(STR_SECURE_BOOT_STATE_PROMPT), + text = STRING_TOKEN(STR_SECURE_BOOT_STATE_CONTENT); + + // + // Display of Check Box: Attempt Secure Boot + // + grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1 OR NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; + checkbox varid = SECUREBOOT_CONFIGURATION.AttemptSecureBoot, + questionid = KEY_SECURE_BOOT_ENABLE, + prompt = STRING_TOKEN(STR_SECURE_BOOT_PROMPT), + help = STRING_TOKEN(STR_SECURE_BOOT_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + endcheckbox; + endif; + + // + // Display of Oneof: 'Secure Boot Mode' + // + oneof name = SecureBootMode, + questionid = KEY_SECURE_BOOT_MODE, + prompt = STRING_TOKEN(STR_SECURE_BOOT_MODE_PROMPT), + help = STRING_TOKEN(STR_SECURE_BOOT_MODE_HELP), + flags = INTERACTIVE | NUMERIC_SIZE_1, + option text = STRING_TOKEN(STR_STANDARD_MODE), value = SECURE_BOOT_MODE_STANDARD, flags = DEFAULT; + option text = STRING_TOKEN(STR_CUSTOM_MODE), value = SECURE_BOOT_MODE_CUSTOM, flags = 0; + endoneof; + + // + // Display of 'Current Secure Boot Mode' + // + suppressif questionref(SecureBootMode) == SECURE_BOOT_MODE_STANDARD; + grayoutif NOT ideqval SECUREBOOT_CONFIGURATION.PhysicalPresent == 1; + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SECURE_BOOT_OPTION), + help = STRING_TOKEN(STR_SECURE_BOOT_OPTION_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_OPTION; + endif; + endif; + + endform; + + // + // ##2 Form: 'Custom Secure Boot Options' + // + form formid = FORMID_SECURE_BOOT_OPTION_FORM, + title = STRING_TOKEN(STR_SECURE_BOOT_OPTION_TITLE); + + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_PK_OPTION_FORM, + prompt = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION), + help = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_PK_OPTION; + + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_KEK_OPTION_FORM, + prompt = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION), + help = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_KEK_OPTION; + + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_DB_OPTION_FORM, + prompt = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION), + help = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_DB_OPTION; + + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_DBX_OPTION_FORM, + prompt = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION), + help = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_DBX_OPTION; + + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_DBT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION), + help = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_DBT_OPTION; + + endform; + + // + // ##3 Form: 'PK Options' + // + form formid = FORMID_SECURE_BOOT_PK_OPTION_FORM, + title = STRING_TOKEN(STR_SECURE_BOOT_PK_OPTION); + + subtitle text = STRING_TOKEN(STR_NULL); + + // + // Display of 'Enroll PK' + // + grayoutif ideqval SECUREBOOT_CONFIGURATION.HasPk == 1; + goto FORMID_ENROLL_PK_FORM, + prompt = STRING_TOKEN(STR_ENROLL_PK), + help = STRING_TOKEN(STR_ENROLL_PK_HELP), + flags = INTERACTIVE, + key = KEY_ENROLL_PK; + endif; + + subtitle text = STRING_TOKEN(STR_NULL); + + // + // Display of Check Box: 'Delete Pk' + // + grayoutif ideqval SECUREBOOT_CONFIGURATION.HideSecureBoot == 1; + checkbox varid = SECUREBOOT_CONFIGURATION.DeletePk, + questionid = KEY_SECURE_BOOT_DELETE_PK, + prompt = STRING_TOKEN(STR_DELETE_PK), + help = STRING_TOKEN(STR_DELETE_PK_HELP), + flags = INTERACTIVE | RESET_REQUIRED, + endcheckbox; + endif; + endform; + + // + // ##4 Form: 'Enroll PK' + // + form formid = FORMID_ENROLL_PK_FORM, + title = STRING_TOKEN(STR_ENROLL_PK); + + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_ENROLL_PK_FORM, + prompt = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), + help = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_PK_FILE), + flags = INTERACTIVE, + key = FORMID_ENROLL_PK_FORM; + + subtitle text = STRING_TOKEN(STR_NULL); + label FORMID_ENROLL_PK_FORM; + label LABEL_END; + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_SAVE_AND_EXIT), + flags = INTERACTIVE| RESET_REQUIRED, + key = KEY_VALUE_SAVE_AND_EXIT_PK; + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + flags = INTERACTIVE, + key = KEY_VALUE_NO_SAVE_AND_EXIT_PK; + + endform; + + // + // ##5 Form: 'KEK Options' + // + form formid = FORMID_SECURE_BOOT_KEK_OPTION_FORM, + title = STRING_TOKEN(STR_SECURE_BOOT_KEK_OPTION); + + // + // Display of 'Enroll KEK' + // + goto FORMID_ENROLL_KEK_FORM, + prompt = STRING_TOKEN(STR_ENROLL_KEK), + help = STRING_TOKEN(STR_ENROLL_KEK_HELP), + flags = INTERACTIVE; + + subtitle text = STRING_TOKEN(STR_NULL); + + // + // Display of 'Delete KEK' + // + goto FORMID_DELETE_KEK_FORM, + prompt = STRING_TOKEN(STR_DELETE_KEK), + help = STRING_TOKEN(STR_DELETE_KEK_HELP), + flags = INTERACTIVE, + key = KEY_DELETE_KEK; + + subtitle text = STRING_TOKEN(STR_NULL); + endform; + + // + // ##6 Form: 'Enroll KEK' + // + form formid = FORMID_ENROLL_KEK_FORM, + title = STRING_TOKEN(STR_ENROLL_KEK_TITLE); + + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_ENROLL_KEK_FORM, + prompt = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE), + help = STRING_TOKEN(STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP), + flags = INTERACTIVE, + key = FORMID_ENROLL_KEK_FORM; + + subtitle text = STRING_TOKEN(STR_NULL); + label FORMID_ENROLL_KEK_FORM; + label LABEL_END; + subtitle text = STRING_TOKEN(STR_NULL); + + string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, + prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), + help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_KEK_GUID, + minsize = SECURE_BOOT_GUID_SIZE, + maxsize = SECURE_BOOT_GUID_SIZE, + endstring; + + subtitle text = STRING_TOKEN(STR_NULL); + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_SAVE_AND_EXIT), + flags = INTERACTIVE, + key = KEY_VALUE_SAVE_AND_EXIT_KEK; + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + flags = INTERACTIVE, + key = KEY_VALUE_NO_SAVE_AND_EXIT_KEK; + + endform; + + // + // ##7 Form: 'Delete KEK' + // + form formid = FORMID_DELETE_KEK_FORM, + title = STRING_TOKEN(STR_DELETE_KEK_TITLE); + + label LABEL_KEK_DELETE; + label LABEL_END; + + subtitle text = STRING_TOKEN(STR_NULL); + + endform; + + // + // ##8 Form: 'DB Options' + // + form formid = FORMID_SECURE_BOOT_DB_OPTION_FORM, + title = STRING_TOKEN(STR_SECURE_BOOT_DB_OPTION); + + subtitle text = STRING_TOKEN(STR_NULL); + + goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, + prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), + help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), + flags = 0; + + subtitle text = STRING_TOKEN(STR_NULL); + + goto SECUREBOOT_DELETE_SIGNATURE_FROM_DB, + prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), + help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), + flags = INTERACTIVE, + key = SECUREBOOT_DELETE_SIGNATURE_FROM_DB; + + endform; + + // + // ##9 Form: 'DBX Options' + // + form formid = FORMID_SECURE_BOOT_DBX_OPTION_FORM, + title = STRING_TOKEN(STR_SECURE_BOOT_DBX_OPTION); + + subtitle text = STRING_TOKEN(STR_NULL); + + goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, + prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), + help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), + flags = 0; + + subtitle text = STRING_TOKEN(STR_NULL); + + goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), + help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), + flags = INTERACTIVE, + key = KEY_VALUE_FROM_DBX_TO_LIST_FORM; + + endform; + + // + // ##9 Form: 'DBT Options' + // + form formid = FORMID_SECURE_BOOT_DBT_OPTION_FORM, + title = STRING_TOKEN(STR_SECURE_BOOT_DBT_OPTION); + + subtitle text = STRING_TOKEN(STR_NULL); + + goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, + prompt = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), + help = STRING_TOKEN (STR_SECURE_BOOT_ENROLL_SIGNATURE), + flags = 0; + + subtitle text = STRING_TOKEN(STR_NULL); + + goto SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, + prompt = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), + help = STRING_TOKEN (STR_SECURE_BOOT_DELETE_SIGNATURE), + flags = INTERACTIVE, + key = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT; + + endform; + + // + // Form: 'Delete Signature' for DB Options. + // + form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DB, + title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE); + + label LABEL_DB_DELETE; + label LABEL_END; + subtitle text = STRING_TOKEN(STR_NULL); + + endform; + + // + // Form: Display Signature List. + // + form formid = SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_LIST_FORM); + + subtitle text = STRING_TOKEN(STR_NULL); + + grayoutif ideqval SECUREBOOT_CONFIGURATION.ListCount == 0; + label LABEL_DELETE_ALL_LIST_BUTTON; + // + // Will create a goto button dynamically here. + // + label LABEL_END; + endif; + + subtitle text = STRING_TOKEN(STR_NULL); + label LABEL_SIGNATURE_LIST_START; + label LABEL_END; + subtitle text = STRING_TOKEN(STR_NULL); + + endform; + + // + // Form: Display Signature Data. + // + form formid = SECUREBOOT_DELETE_SIGNATURE_DATA_FORM, + title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_DATA_FORM); + + subtitle text = STRING_TOKEN(STR_NULL); + + goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA), + help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_ALL_DATA_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_DELETE_ALL_DATA; + + grayoutif ideqval SECUREBOOT_CONFIGURATION.CheckedDataCount == 0; + goto SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + prompt = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA), + help = STRING_TOKEN(STR_SECURE_BOOT_DELETE_CHECK_DATA_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_DELETE_CHECK_DATA; + endif; + + subtitle text = STRING_TOKEN(STR_NULL); + label LABEL_SIGNATURE_DATA_START; + label LABEL_END; + subtitle text = STRING_TOKEN(STR_NULL); + + endform; + + + // + // Form: 'Delete Signature' for DBT Options. + // + form formid = SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, + title = STRING_TOKEN(STR_SECURE_BOOT_DELETE_SIGNATURE); + + label LABEL_DBT_DELETE; + label LABEL_END; + subtitle text = STRING_TOKEN(STR_NULL); + + endform; + + // + // Form: 'Enroll Signature' for DB options. + // + form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DB, + title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); + + subtitle text = STRING_TOKEN(STR_NULL); + + goto SECUREBOOT_ENROLL_SIGNATURE_TO_DB, + prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), + help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), + flags = INTERACTIVE, + key = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; + + subtitle text = STRING_TOKEN(STR_NULL); + label SECUREBOOT_ENROLL_SIGNATURE_TO_DB; + label LABEL_END; + subtitle text = STRING_TOKEN(STR_NULL); + + string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, + prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), + help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_SIGNATURE_GUID_DB, + minsize = SECURE_BOOT_GUID_SIZE, + maxsize = SECURE_BOOT_GUID_SIZE, + endstring; + + subtitle text = STRING_TOKEN(STR_NULL); + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_SAVE_AND_EXIT), + flags = INTERACTIVE, + key = KEY_VALUE_SAVE_AND_EXIT_DB; + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + flags = INTERACTIVE, + key = KEY_VALUE_NO_SAVE_AND_EXIT_DB; + + endform; + + // + // Form: 'Enroll Signature' for DBX options. + // + form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, + title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); + + subtitle text = STRING_TOKEN(STR_NULL); + + goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBX, + prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), + help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), + flags = INTERACTIVE, + key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; + + label SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; + label LABEL_END; + subtitle text = STRING_TOKEN(STR_NULL); + + grayoutif ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3; + string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, + prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), + help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBX, + minsize = SECURE_BOOT_GUID_SIZE, + maxsize = SECURE_BOOT_GUID_SIZE, + endstring; + endif; + + disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 1; + oneof name = X509SignatureFormatInDbx, + varid = SECUREBOOT_CONFIGURATION.CertificateFormat, + prompt = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), + help = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_HELP), + option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA256), value = 0x1, flags = DEFAULT; + option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA384), value = 0x2, flags = 0; + option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_SHA512), value = 0x3, flags = 0; + option text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_RAW), value = 0x4, flags = 0; + endoneof; + endif; + + disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 2; + text + help = STRING_TOKEN(STR_DBX_PE_IMAGE_FORMAT_HELP), // Help string + text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string + text = STRING_TOKEN(STR_DBX_PE_FORMAT_SHA256); // PE image type + endif; + + disableif NOT ideqval SECUREBOOT_CONFIGURATION.FileEnrollType == 3; + text + help = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT_HELP), // Help string + text = STRING_TOKEN(STR_DBX_CERTIFICATE_FORMAT_PROMPT), // Prompt string + text = STRING_TOKEN(STR_DBX_AUTH_2_FORMAT); // AUTH_2 image type + endif; + + suppressif ideqval SECUREBOOT_CONFIGURATION.CertificateFormat == 4; + checkbox varid = SECUREBOOT_CONFIGURATION.AlwaysRevocation, + prompt = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT), + help = STRING_TOKEN(STR_ALWAYS_CERTIFICATE_REVOCATION_HELP), + flags = INTERACTIVE, + endcheckbox; + + suppressif ideqval SECUREBOOT_CONFIGURATION.AlwaysRevocation == 1; + date varid = SECUREBOOT_CONFIGURATION.RevocationDate, + prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_PROMPT), + help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_DATE_HELP), + flags = STORAGE_NORMAL, + enddate; + + time varid = SECUREBOOT_CONFIGURATION.RevocationTime, + prompt = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_PROMPT), + help = STRING_TOKEN(STR_CERTIFICATE_REVOCATION_TIME_HELP), + flags = STORAGE_NORMAL, + endtime; + endif; + endif; + + subtitle text = STRING_TOKEN(STR_NULL); + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_SAVE_AND_EXIT), + flags = INTERACTIVE, + key = KEY_VALUE_SAVE_AND_EXIT_DBX; + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + flags = INTERACTIVE, + key = KEY_VALUE_NO_SAVE_AND_EXIT_DBX; + + endform; + + // + // Form: 'Enroll Signature' for DBT options. + // + form formid = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, + title = STRING_TOKEN(STR_SECURE_BOOT_ENROLL_SIGNATURE); + + subtitle text = STRING_TOKEN(STR_NULL); + + goto SECUREBOOT_ENROLL_SIGNATURE_TO_DBT, + prompt = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), + help = STRING_TOKEN(STR_SECURE_BOOT_ADD_SIGNATURE_FILE), + flags = INTERACTIVE, + key = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; + + subtitle text = STRING_TOKEN(STR_NULL); + label SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; + label LABEL_END; + subtitle text = STRING_TOKEN(STR_NULL); + + string varid = SECUREBOOT_CONFIGURATION.SignatureGuid, + prompt = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID), + help = STRING_TOKEN(STR_SECURE_BOOT_SIGNATURE_GUID_HELP), + flags = INTERACTIVE, + key = KEY_SECURE_BOOT_SIGNATURE_GUID_DBT, + minsize = SECURE_BOOT_GUID_SIZE, + maxsize = SECURE_BOOT_GUID_SIZE, + endstring; + + subtitle text = STRING_TOKEN(STR_NULL); + subtitle text = STRING_TOKEN(STR_NULL); + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_SAVE_AND_EXIT), + flags = INTERACTIVE, + key = KEY_VALUE_SAVE_AND_EXIT_DBT; + + goto FORMID_SECURE_BOOT_OPTION_FORM, + prompt = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + help = STRING_TOKEN(STR_NO_SAVE_AND_EXIT), + flags = INTERACTIVE, + key = KEY_VALUE_NO_SAVE_AND_EXIT_DBT; + + endform; + +endformset; diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c new file mode 100644 index 00000000..79f55ec7 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDevicePath.c @@ -0,0 +1,32 @@ +/** @file + Internal function defines the default device path string for SecureBoot configuration module. + +Copyright (c) 2012 - 2013, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SecureBootConfigImpl.h" + + +/** + This function converts an input device structure to a Unicode string. + + @param[in] DevPath A pointer to the device path structure. + + @return A new allocated Unicode string that represents the device path. + +**/ +CHAR16 * +EFIAPI +DevicePathToStr ( + IN EFI_DEVICE_PATH_PROTOCOL *DevPath + ) +{ + return ConvertDevicePathToText ( + DevPath, + FALSE, + TRUE + ); +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c new file mode 100644 index 00000000..85b4b8dc --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDriver.c @@ -0,0 +1,127 @@ +/** @file + The module entry point for SecureBoot configuration module. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SecureBootConfigImpl.h" + +/** + The entry point for SecureBoot configuration driver. + + @param[in] ImageHandle The image handle of the driver. + @param[in] SystemTable The system table. + + @retval EFI_ALREADY_STARTED The driver already exists in system. + @retval EFI_OUT_OF_RESOURCES Fail to execute entry point due to lack of resources. + @retval EFI_SUCCESS All the related protocols are installed on the driver. + @retval Others Fail to get the SecureBootEnable variable. + +**/ +EFI_STATUS +EFIAPI +SecureBootConfigDriverEntryPoint ( + IN EFI_HANDLE ImageHandle, + IN EFI_SYSTEM_TABLE *SystemTable + ) +{ + EFI_STATUS Status; + SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + + // + // If already started, return. + // + Status = gBS->OpenProtocol ( + ImageHandle, + &gEfiCallerIdGuid, + NULL, + ImageHandle, + ImageHandle, + EFI_OPEN_PROTOCOL_TEST_PROTOCOL + ); + if (!EFI_ERROR (Status)) { + return EFI_ALREADY_STARTED; + } + + // + // Create a private data structure. + // + PrivateData = AllocateCopyPool (sizeof (SECUREBOOT_CONFIG_PRIVATE_DATA), &mSecureBootConfigPrivateDateTemplate); + if (PrivateData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + // + // Install SecureBoot configuration form + // + Status = InstallSecureBootConfigForm (PrivateData); + if (EFI_ERROR (Status)) { + goto ErrorExit; + } + + // + // Install private GUID. + // + Status = gBS->InstallMultipleProtocolInterfaces ( + &ImageHandle, + &gEfiCallerIdGuid, + PrivateData, + NULL + ); + + if (EFI_ERROR (Status)) { + goto ErrorExit; + } + + return EFI_SUCCESS; + +ErrorExit: + if (PrivateData != NULL) { + UninstallSecureBootConfigForm (PrivateData); + } + + return Status; +} + +/** + Unload the SecureBoot configuration form. + + @param[in] ImageHandle The driver's image handle. + + @retval EFI_SUCCESS The SecureBoot configuration form is unloaded. + @retval Others Failed to unload the form. + +**/ +EFI_STATUS +EFIAPI +SecureBootConfigDriverUnload ( + IN EFI_HANDLE ImageHandle + ) +{ + EFI_STATUS Status; + SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + + Status = gBS->HandleProtocol ( + ImageHandle, + &gEfiCallerIdGuid, + (VOID **) &PrivateData + ); + if (EFI_ERROR (Status)) { + return Status; + } + + ASSERT (PrivateData->Signature == SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE); + + gBS->UninstallMultipleProtocolInterfaces ( + ImageHandle, + &gEfiCallerIdGuid, + PrivateData, + NULL + ); + + UninstallSecureBootConfigForm (PrivateData); + + return EFI_SUCCESS; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf new file mode 100644 index 00000000..38c2487f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf @@ -0,0 +1,119 @@ +## @file +# Provides the capability to configure secure boot in a setup browser +# By this module, user may change the content of DB, DBX, PK and KEK. +# +# Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = SecureBootConfigDxe + MODULE_UNI_FILE = SecureBootConfigDxe.uni + FILE_GUID = F0E6A44F-7195-41c3-AC64-54F202CD0A21 + MODULE_TYPE = DXE_DRIVER + VERSION_STRING = 1.0 + ENTRY_POINT = SecureBootConfigDriverEntryPoint + UNLOAD_IMAGE = SecureBootConfigDriverUnload + +# +# VALID_ARCHITECTURES = IA32 X64 EBC +# + +[Sources] + SecureBootConfigDriver.c + SecureBootConfigImpl.c + SecureBootConfigFileExplorer.c + SecureBootConfigDevicePath.c + SecureBootConfigMisc.c + SecureBootConfigImpl.h + SecureBootConfig.vfr + SecureBootConfigStrings.uni + SecureBootConfigNvData.h + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + SecurityPkg/SecurityPkg.dec + CryptoPkg/CryptoPkg.dec + +[LibraryClasses] + BaseLib + BaseMemoryLib + BaseCryptLib + MemoryAllocationLib + UefiLib + UefiBootServicesTableLib + UefiRuntimeServicesTableLib + UefiDriverEntryPoint + UefiHiiServicesLib + DebugLib + HiiLib + PlatformSecureLib + DevicePathLib + FileExplorerLib + PeCoffLib + +[Guids] + ## SOMETIMES_CONSUMES ## Variable:L"CustomMode" + ## SOMETIMES_PRODUCES ## Variable:L"CustomMode" + gEfiCustomModeEnableGuid + + ## SOMETIMES_CONSUMES ## Variable:L"SecureBootEnable" + ## SOMETIMES_PRODUCES ## Variable:L"SecureBootEnable" + gEfiSecureBootEnableDisableGuid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertRsa2048Guid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertX509Guid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertSha1Guid + + ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the signature. + ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the signature. + gEfiCertSha256Guid + + ## SOMETIMES_CONSUMES ## Variable:L"db" + ## SOMETIMES_PRODUCES ## Variable:L"db" + ## SOMETIMES_CONSUMES ## Variable:L"dbx" + ## SOMETIMES_PRODUCES ## Variable:L"dbx" + gEfiImageSecurityDatabaseGuid + + ## SOMETIMES_CONSUMES ## Variable:L"SetupMode" + ## SOMETIMES_PRODUCES ## Variable:L"PK" + ## SOMETIMES_CONSUMES ## Variable:L"KEK" + ## SOMETIMES_PRODUCES ## Variable:L"KEK" + ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" + gEfiGlobalVariableGuid + + gEfiIfrTianoGuid ## PRODUCES ## GUID # HII opcode + ## PRODUCES ## HII + ## CONSUMES ## HII + gSecureBootConfigFormSetGuid + gEfiCertPkcs7Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the certificate. + gEfiCertTypeRsa2048Sha256Guid ## SOMETIMES_CONSUMES ## GUID # Unique ID for the type of the certificate. + gEfiFileSystemVolumeLabelInfoIdGuid ## SOMETIMES_CONSUMES ## GUID # Indicate the information type + + gEfiCertX509Sha256Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the certificate. + gEfiCertX509Sha384Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the certificate. + gEfiCertX509Sha512Guid ## SOMETIMES_PRODUCES ## GUID # Unique ID for the type of the certificate. + +[Protocols] + gEfiHiiConfigAccessProtocolGuid ## PRODUCES + gEfiDevicePathProtocolGuid ## PRODUCES + +[Depex] + gEfiHiiConfigRoutingProtocolGuid AND + gEfiHiiDatabaseProtocolGuid AND + gEfiVariableArchProtocolGuid AND + gEfiVariableWriteArchProtocolGuid + +[UserExtensions.TianoCore."ExtraFiles"] + SecureBootConfigDxeExtra.uni diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.uni new file mode 100644 index 00000000..4e9c6f3f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.uni @@ -0,0 +1,16 @@ +// /** @file
+// Provides the capability to configure secure boot in a setup browser
+//
+// By this module, user may change the content of DB, DBX, PK and KEK.
+//
+// Copyright (c) 2011 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT #language en-US "Provides the capability to configure secure boot in a setup browser"
+
+#string STR_MODULE_DESCRIPTION #language en-US "By this module, user may change the content of DB, DBX, PK and KEK."
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxeExtra.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxeExtra.uni new file mode 100644 index 00000000..ee5a69c6 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxeExtra.uni @@ -0,0 +1,14 @@ +// /** @file
+// SecureBootConfigDxe Localized Strings and Content
+//
+// Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+#string STR_PROPERTIES_MODULE_NAME
+#language en-US
+"Secure Boot Config DXE"
+
+
diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c new file mode 100644 index 00000000..ae3bee80 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigFileExplorer.c @@ -0,0 +1,276 @@ +/** @file + Internal file explorer functions for SecureBoot configuration module. + +Copyright (c) 2012 - 2016, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SecureBootConfigImpl.h" + +VOID *mStartOpCodeHandle = NULL; +VOID *mEndOpCodeHandle = NULL; +EFI_IFR_GUID_LABEL *mStartLabel = NULL; +EFI_IFR_GUID_LABEL *mEndLabel = NULL; + +/** + Refresh the global UpdateData structure. + +**/ +VOID +RefreshUpdateData ( + VOID + ) +{ + // + // Free current updated date + // + if (mStartOpCodeHandle != NULL) { + HiiFreeOpCodeHandle (mStartOpCodeHandle); + } + + // + // Create new OpCode Handle + // + mStartOpCodeHandle = HiiAllocateOpCodeHandle (); + + // + // Create Hii Extend Label OpCode as the start opcode + // + mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + mStartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; +} + +/** + Clean up the dynamic opcode at label and form specified by both LabelId. + + @param[in] LabelId It is both the Form ID and Label ID for opcode deletion. + @param[in] PrivateData Module private data. + +**/ +VOID +CleanUpPage ( + IN UINT16 LabelId, + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + RefreshUpdateData (); + + // + // Remove all op-codes from dynamic page + // + mStartLabel->Number = LabelId; + HiiUpdateForm ( + PrivateData->HiiHandle, + &gSecureBootConfigFormSetGuid, + LabelId, + mStartOpCodeHandle, // Label LabelId + mEndOpCodeHandle // LABEL_END + ); +} + +/** + Extract filename from device path. The returned buffer is allocated using AllocateCopyPool. + The caller is responsible for freeing the allocated buffer using FreePool(). If return NULL + means not enough memory resource. + + @param DevicePath Device path. + + @retval NULL Not enough memory resource for AllocateCopyPool. + @retval Other A new allocated string that represents the file name. + +**/ +CHAR16 * +ExtractFileNameFromDevicePath ( + IN EFI_DEVICE_PATH_PROTOCOL *DevicePath + ) +{ + CHAR16 *String; + CHAR16 *MatchString; + CHAR16 *LastMatch; + CHAR16 *FileName; + UINTN Length; + + ASSERT(DevicePath != NULL); + + String = DevicePathToStr(DevicePath); + MatchString = String; + LastMatch = String; + FileName = NULL; + + while(MatchString != NULL){ + LastMatch = MatchString + 1; + MatchString = StrStr(LastMatch,L"\\"); + } + + Length = StrLen(LastMatch); + FileName = AllocateCopyPool ((Length + 1) * sizeof(CHAR16), LastMatch); + if (FileName != NULL) { + *(FileName + Length) = 0; + } + + FreePool(String); + + return FileName; +} + + +/** + Update the form base on the selected file. + + @param FilePath Point to the file path. + @param FormId The form need to display. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. + +**/ +BOOLEAN +UpdatePage( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath, + IN EFI_FORM_ID FormId + ) +{ + CHAR16 *FileName; + EFI_STRING_ID StringToken; + + FileName = NULL; + + if (FilePath != NULL) { + FileName = ExtractFileNameFromDevicePath(FilePath); + } + if (FileName == NULL) { + // + // FileName = NULL has two case: + // 1. FilePath == NULL, not select file. + // 2. FilePath != NULL, but ExtractFileNameFromDevicePath return NULL not enough memory resource. + // In these two case, no need to update the form, and exit the caller function. + // + return TRUE; + } + StringToken = HiiSetString (gSecureBootPrivateData->HiiHandle, 0, FileName, NULL); + + gSecureBootPrivateData->FileContext->FileName = FileName; + + EfiOpenFileByDevicePath ( + &FilePath, + &gSecureBootPrivateData->FileContext->FHandle, + EFI_FILE_MODE_READ, + 0 + ); + // + // Create Subtitle op-code for the display string of the option. + // + RefreshUpdateData (); + mStartLabel->Number = FormId; + + HiiCreateSubTitleOpCode ( + mStartOpCodeHandle, + StringToken, + 0, + 0, + 0 + ); + + HiiUpdateForm ( + gSecureBootPrivateData->HiiHandle, + &gSecureBootConfigFormSetGuid, + FormId, + mStartOpCodeHandle, // Label FormId + mEndOpCodeHandle // LABEL_END + ); + + return TRUE; +} + +/** + Update the PK form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +EFIAPI +UpdatePKFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ) +{ + return UpdatePage(FilePath, FORMID_ENROLL_PK_FORM); + +} + +/** + Update the KEK form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +EFIAPI +UpdateKEKFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ) +{ + return UpdatePage(FilePath, FORMID_ENROLL_KEK_FORM); +} + +/** + Update the DB form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +EFIAPI +UpdateDBFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ) +{ + return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DB); +} + +/** + Update the DBX form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +EFIAPI +UpdateDBXFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ) +{ + return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBX); +} + +/** + Update the DBT form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +EFIAPI +UpdateDBTFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ) +{ + return UpdatePage(FilePath, SECUREBOOT_ENROLL_SIGNATURE_TO_DBT); +} + diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c new file mode 100644 index 00000000..ded5f3e9 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -0,0 +1,5157 @@ +/** @file + HII Config Access protocol implementation of SecureBoot configuration module. + +Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR> +(C) Copyright 2018 Hewlett Packard Enterprise Development LP<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SecureBootConfigImpl.h" +#include <Library/BaseCryptLib.h> + +CHAR16 mSecureBootStorageName[] = L"SECUREBOOT_CONFIGURATION"; + +SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate = { + SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE, + { + SecureBootExtractConfig, + SecureBootRouteConfig, + SecureBootCallback + } +}; + +HII_VENDOR_DEVICE_PATH mSecureBootHiiVendorDevicePath = { + { + { + HARDWARE_DEVICE_PATH, + HW_VENDOR_DP, + { + (UINT8) (sizeof (VENDOR_DEVICE_PATH)), + (UINT8) ((sizeof (VENDOR_DEVICE_PATH)) >> 8) + } + }, + SECUREBOOT_CONFIG_FORM_SET_GUID + }, + { + END_DEVICE_PATH_TYPE, + END_ENTIRE_DEVICE_PATH_SUBTYPE, + { + (UINT8) (END_DEVICE_PATH_LENGTH), + (UINT8) ((END_DEVICE_PATH_LENGTH) >> 8) + } + } +}; + + +BOOLEAN mIsEnterSecureBootForm = FALSE; + +// +// OID ASN.1 Value for Hash Algorithms +// +UINT8 mHashOidValue[] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5 + 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384 + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512 + }; + +HASH_TABLE mHash[] = { + { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, NULL, NULL }, + { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final}, + { L"SHA384", 48, &mHashOidValue[31], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final}, + { L"SHA512", 64, &mHashOidValue[40], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final} +}; + +// +// Variable Definitions +// +UINT32 mPeCoffHeaderOffset = 0; +WIN_CERTIFICATE *mCertificate = NULL; +IMAGE_TYPE mImageType; +UINT8 *mImageBase = NULL; +UINTN mImageSize = 0; +UINT8 mImageDigest[MAX_DIGEST_SIZE]; +UINTN mImageDigestSize; +EFI_GUID mCertType; +EFI_IMAGE_SECURITY_DATA_DIRECTORY *mSecDataDir = NULL; +EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader; + +// +// Possible DER-encoded certificate file suffixes, end with NULL pointer. +// +CHAR16* mDerEncodedSuffix[] = { + L".cer", + L".der", + L".crt", + NULL +}; +CHAR16* mSupportX509Suffix = L"*.cer/der/crt"; + +// +// Prompt strings during certificate enrollment. +// +CHAR16* mX509EnrollPromptTitle[] = { + L"", + L"ERROR: Unsupported file type!", + L"ERROR: Unsupported certificate!", + NULL +}; +CHAR16* mX509EnrollPromptString[] = { + L"", + L"Only DER encoded certificate file (*.cer/der/crt) is supported.", + L"Public key length should be equal to or greater than 2048 bits.", + NULL +}; + +SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData = NULL; + +/** + This code cleans up enrolled file by closing file & free related resources attached to + enrolled file. + + @param[in] FileContext FileContext cached in SecureBootConfig driver + +**/ +VOID +CloseEnrolledFile( + IN SECUREBOOT_FILE_CONTEXT *FileContext +) +{ + if (FileContext->FHandle != NULL) { + CloseFile (FileContext->FHandle); + FileContext->FHandle = NULL; + } + + if (FileContext->FileName != NULL){ + FreePool(FileContext->FileName); + FileContext->FileName = NULL; + } + FileContext->FileType = UNKNOWN_FILE_TYPE; + +} + +/** + This code checks if the FileSuffix is one of the possible DER-encoded certificate suffix. + + @param[in] FileSuffix The suffix of the input certificate file + + @retval TRUE It's a DER-encoded certificate. + @retval FALSE It's NOT a DER-encoded certificate. + +**/ +BOOLEAN +IsDerEncodeCertificate ( + IN CONST CHAR16 *FileSuffix +) +{ + UINTN Index; + for (Index = 0; mDerEncodedSuffix[Index] != NULL; Index++) { + if (StrCmp (FileSuffix, mDerEncodedSuffix[Index]) == 0) { + return TRUE; + } + } + return FALSE; +} + +/** + This code checks if the file content complies with EFI_VARIABLE_AUTHENTICATION_2 format +The function reads file content but won't open/close given FileHandle. + + @param[in] FileHandle The FileHandle to be checked + + @retval TRUE The content is EFI_VARIABLE_AUTHENTICATION_2 format. + @retval FALSE The content is NOT a EFI_VARIABLE_AUTHENTICATION_2 format. + +**/ +BOOLEAN +IsAuthentication2Format ( + IN EFI_FILE_HANDLE FileHandle +) +{ + EFI_STATUS Status; + EFI_VARIABLE_AUTHENTICATION_2 *Auth2; + BOOLEAN IsAuth2Format; + + IsAuth2Format = FALSE; + + // + // Read the whole file content + // + Status = ReadFileContent( + FileHandle, + (VOID **) &mImageBase, + &mImageSize, + 0 + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + Auth2 = (EFI_VARIABLE_AUTHENTICATION_2 *)mImageBase; + if (Auth2->AuthInfo.Hdr.wCertificateType != WIN_CERT_TYPE_EFI_GUID) { + goto ON_EXIT; + } + + if (CompareGuid(&gEfiCertPkcs7Guid, &Auth2->AuthInfo.CertType)) { + IsAuth2Format = TRUE; + } + +ON_EXIT: + // + // Do not close File. simply check file content + // + if (mImageBase != NULL) { + FreePool (mImageBase); + mImageBase = NULL; + } + + return IsAuth2Format; +} + +/** + Set Secure Boot option into variable space. + + @param[in] VarValue The option of Secure Boot. + + @retval EFI_SUCCESS The operation is finished successfully. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +SaveSecureBootVariable ( + IN UINT8 VarValue + ) +{ + EFI_STATUS Status; + + Status = gRT->SetVariable ( + EFI_SECURE_BOOT_ENABLE_NAME, + &gEfiSecureBootEnableDisableGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof (UINT8), + &VarValue + ); + return Status; +} + +/** + Create a time based data payload by concatenating the EFI_VARIABLE_AUTHENTICATION_2 + descriptor with the input data. NO authentication is required in this function. + + @param[in, out] DataSize On input, the size of Data buffer in bytes. + On output, the size of data returned in Data + buffer in bytes. + @param[in, out] Data On input, Pointer to data buffer to be wrapped or + pointer to NULL to wrap an empty payload. + On output, Pointer to the new payload date buffer allocated from pool, + it's caller's responsibility to free the memory when finish using it. + + @retval EFI_SUCCESS Create time based payload successfully. + @retval EFI_OUT_OF_RESOURCES There are not enough memory resources to create time based payload. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval Others Unexpected error happens. + +**/ +EFI_STATUS +CreateTimeBasedPayload ( + IN OUT UINTN *DataSize, + IN OUT UINT8 **Data + ) +{ + EFI_STATUS Status; + UINT8 *NewData; + UINT8 *Payload; + UINTN PayloadSize; + EFI_VARIABLE_AUTHENTICATION_2 *DescriptorData; + UINTN DescriptorSize; + EFI_TIME Time; + + if (Data == NULL || DataSize == NULL) { + return EFI_INVALID_PARAMETER; + } + + // + // In Setup mode or Custom mode, the variable does not need to be signed but the + // parameters to the SetVariable() call still need to be prepared as authenticated + // variable. So we create EFI_VARIABLE_AUTHENTICATED_2 descriptor without certificate + // data in it. + // + Payload = *Data; + PayloadSize = *DataSize; + + DescriptorSize = OFFSET_OF (EFI_VARIABLE_AUTHENTICATION_2, AuthInfo) + OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); + NewData = (UINT8*) AllocateZeroPool (DescriptorSize + PayloadSize); + if (NewData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + if ((Payload != NULL) && (PayloadSize != 0)) { + CopyMem (NewData + DescriptorSize, Payload, PayloadSize); + } + + DescriptorData = (EFI_VARIABLE_AUTHENTICATION_2 *) (NewData); + + ZeroMem (&Time, sizeof (EFI_TIME)); + Status = gRT->GetTime (&Time, NULL); + if (EFI_ERROR (Status)) { + FreePool(NewData); + return Status; + } + Time.Pad1 = 0; + Time.Nanosecond = 0; + Time.TimeZone = 0; + Time.Daylight = 0; + Time.Pad2 = 0; + CopyMem (&DescriptorData->TimeStamp, &Time, sizeof (EFI_TIME)); + + DescriptorData->AuthInfo.Hdr.dwLength = OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData); + DescriptorData->AuthInfo.Hdr.wRevision = 0x0200; + DescriptorData->AuthInfo.Hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID; + CopyGuid (&DescriptorData->AuthInfo.CertType, &gEfiCertPkcs7Guid); + + if (Payload != NULL) { + FreePool(Payload); + } + + *DataSize = DescriptorSize + PayloadSize; + *Data = NewData; + return EFI_SUCCESS; +} + +/** + Internal helper function to delete a Variable given its name and GUID, NO authentication + required. + + @param[in] VariableName Name of the Variable. + @param[in] VendorGuid GUID of the Variable. + + @retval EFI_SUCCESS Variable deleted successfully. + @retval Others The driver failed to start the device. + +**/ +EFI_STATUS +DeleteVariable ( + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid + ) +{ + EFI_STATUS Status; + VOID* Variable; + UINT8 *Data; + UINTN DataSize; + UINT32 Attr; + + GetVariable2 (VariableName, VendorGuid, &Variable, NULL); + if (Variable == NULL) { + return EFI_SUCCESS; + } + FreePool (Variable); + + Data = NULL; + DataSize = 0; + Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS + | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + + Status = CreateTimeBasedPayload (&DataSize, &Data); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status)); + return Status; + } + + Status = gRT->SetVariable ( + VariableName, + VendorGuid, + Attr, + DataSize, + Data + ); + if (Data != NULL) { + FreePool (Data); + } + return Status; +} + +/** + + Set the platform secure boot mode into "Custom" or "Standard" mode. + + @param[in] SecureBootMode New secure boot mode: STANDARD_SECURE_BOOT_MODE or + CUSTOM_SECURE_BOOT_MODE. + + @return EFI_SUCCESS The platform has switched to the special mode successfully. + @return other Fail to operate the secure boot mode. + +**/ +EFI_STATUS +SetSecureBootMode ( + IN UINT8 SecureBootMode + ) +{ + return gRT->SetVariable ( + EFI_CUSTOM_MODE_NAME, + &gEfiCustomModeEnableGuid, + EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof (UINT8), + &SecureBootMode + ); +} + +/** + This code checks if the encode type and key strength of X.509 + certificate is qualified. + + @param[in] X509FileContext FileContext of X.509 certificate storing + file. + @param[out] Error Error type checked in the certificate. + + @return EFI_SUCCESS The certificate checked successfully. + @return EFI_INVALID_PARAMETER The parameter is invalid. + @return EFI_OUT_OF_RESOURCES Memory allocation failed. + +**/ +EFI_STATUS +CheckX509Certificate ( + IN SECUREBOOT_FILE_CONTEXT* X509FileContext, + OUT ENROLL_KEY_ERROR* Error +) +{ + EFI_STATUS Status; + UINT16* FilePostFix; + UINTN NameLength; + UINT8* X509Data; + UINTN X509DataSize; + void* X509PubKey; + UINTN PubKeyModSize; + + if (X509FileContext->FileName == NULL) { + *Error = Unsupported_Type; + return EFI_INVALID_PARAMETER; + } + + X509Data = NULL; + X509DataSize = 0; + X509PubKey = NULL; + PubKeyModSize = 0; + + // + // Parse the file's postfix. Only support DER encoded X.509 certificate files. + // + NameLength = StrLen (X509FileContext->FileName); + if (NameLength <= 4) { + DEBUG ((DEBUG_ERROR, "Wrong X509 NameLength\n")); + *Error = Unsupported_Type; + return EFI_INVALID_PARAMETER; + } + FilePostFix = X509FileContext->FileName + NameLength - 4; + if (!IsDerEncodeCertificate (FilePostFix)) { + DEBUG ((DEBUG_ERROR, "Unsupported file type, only DER encoded certificate (%s) is supported.\n", mSupportX509Suffix)); + *Error = Unsupported_Type; + return EFI_INVALID_PARAMETER; + } + DEBUG ((DEBUG_INFO, "FileName= %s\n", X509FileContext->FileName)); + DEBUG ((DEBUG_INFO, "FilePostFix = %s\n", FilePostFix)); + + // + // Read the certificate file content + // + Status = ReadFileContent (X509FileContext->FHandle, (VOID**) &X509Data, &X509DataSize, 0); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Error occured while reading the file.\n")); + goto ON_EXIT; + } + + // + // Parse the public key context. + // + if (RsaGetPublicKeyFromX509 (X509Data, X509DataSize, &X509PubKey) == FALSE) { + DEBUG ((DEBUG_ERROR, "Error occured while parsing the pubkey from certificate.\n")); + Status = EFI_INVALID_PARAMETER; + *Error = Unsupported_Type; + goto ON_EXIT; + } + + // + // Parse Module size of public key using interface provided by CryptoPkg, which is + // actually the size of public key. + // + if (X509PubKey != NULL) { + RsaGetKey (X509PubKey, RsaKeyN, NULL, &PubKeyModSize); + if (PubKeyModSize < CER_PUBKEY_MIN_SIZE) { + DEBUG ((DEBUG_ERROR, "Unqualified PK size, key size should be equal to or greater than 2048 bits.\n")); + Status = EFI_INVALID_PARAMETER; + *Error = Unqualified_Key; + } + RsaFree (X509PubKey); + } + + ON_EXIT: + if (X509Data != NULL) { + FreePool (X509Data); + } + + return Status; +} + +/** + Generate the PK signature list from the X509 Certificate storing file (.cer) + + @param[in] X509File FileHandle of X509 Certificate storing file. + @param[out] PkCert Point to the data buffer to store the signature list. + + @return EFI_UNSUPPORTED Unsupported Key Length. + @return EFI_OUT_OF_RESOURCES There are not enough memory resources to form the signature list. + +**/ +EFI_STATUS +CreatePkX509SignatureList ( + IN EFI_FILE_HANDLE X509File, + OUT EFI_SIGNATURE_LIST **PkCert + ) +{ + EFI_STATUS Status; + UINT8 *X509Data; + UINTN X509DataSize; + EFI_SIGNATURE_DATA *PkCertData; + + X509Data = NULL; + PkCertData = NULL; + X509DataSize = 0; + + Status = ReadFileContent (X509File, (VOID**) &X509Data, &X509DataSize, 0); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + ASSERT (X509Data != NULL); + + // + // Allocate space for PK certificate list and initialize it. + // Create PK database entry with SignatureHeaderSize equals 0. + // + *PkCert = (EFI_SIGNATURE_LIST*) AllocateZeroPool ( + sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + + X509DataSize + ); + if (*PkCert == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + (*PkCert)->SignatureListSize = (UINT32) (sizeof(EFI_SIGNATURE_LIST) + + sizeof(EFI_SIGNATURE_DATA) - 1 + + X509DataSize); + (*PkCert)->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize); + (*PkCert)->SignatureHeaderSize = 0; + CopyGuid (&(*PkCert)->SignatureType, &gEfiCertX509Guid); + PkCertData = (EFI_SIGNATURE_DATA*) ((UINTN)(*PkCert) + + sizeof(EFI_SIGNATURE_LIST) + + (*PkCert)->SignatureHeaderSize); + CopyGuid (&PkCertData->SignatureOwner, &gEfiGlobalVariableGuid); + // + // Fill the PK database with PKpub data from X509 certificate file. + // + CopyMem (&(PkCertData->SignatureData[0]), X509Data, X509DataSize); + +ON_EXIT: + + if (X509Data != NULL) { + FreePool (X509Data); + } + + if (EFI_ERROR(Status) && *PkCert != NULL) { + FreePool (*PkCert); + *PkCert = NULL; + } + + return Status; +} + +/** + Enroll new PK into the System without original PK's authentication. + + The SignatureOwner GUID will be the same with PK's vendorguid. + + @param[in] PrivateData The module's private data. + + @retval EFI_SUCCESS New PK enrolled successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. + +**/ +EFI_STATUS +EnrollPlatformKey ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA* Private + ) +{ + EFI_STATUS Status; + UINT32 Attr; + UINTN DataSize; + EFI_SIGNATURE_LIST *PkCert; + + PkCert = NULL; + + Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Prase the selected PK file and generate PK certificate list. + // + Status = CreatePkX509SignatureList ( + Private->FileContext->FHandle, + &PkCert + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + ASSERT (PkCert != NULL); + + // + // Set Platform Key variable. + // + Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + DataSize = PkCert->SignatureListSize; + Status = CreateTimeBasedPayload (&DataSize, (UINT8**) &PkCert); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status)); + goto ON_EXIT; + } + + Status = gRT->SetVariable( + EFI_PLATFORM_KEY_NAME, + &gEfiGlobalVariableGuid, + Attr, + DataSize, + PkCert + ); + if (EFI_ERROR (Status)) { + if (Status == EFI_OUT_OF_RESOURCES) { + DEBUG ((EFI_D_ERROR, "Enroll PK failed with out of resource.\n")); + } + goto ON_EXIT; + } + +ON_EXIT: + + if (PkCert != NULL) { + FreePool(PkCert); + } + + CloseEnrolledFile(Private->FileContext); + + return Status; +} + +/** + Remove the PK variable. + + @retval EFI_SUCCESS Delete PK successfully. + @retval Others Could not allow to delete PK. + +**/ +EFI_STATUS +DeletePlatformKey ( + VOID +) +{ + EFI_STATUS Status; + + Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + return Status; + } + + Status = DeleteVariable ( + EFI_PLATFORM_KEY_NAME, + &gEfiGlobalVariableGuid + ); + return Status; +} + +/** + Enroll a new KEK item from public key storing file (*.pbk). + + @param[in] PrivateData The module's private data. + + @retval EFI_SUCCESS New KEK enrolled successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED Unsupported command. + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. + +**/ +EFI_STATUS +EnrollRsa2048ToKek ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private + ) +{ + EFI_STATUS Status; + UINT32 Attr; + UINTN DataSize; + EFI_SIGNATURE_LIST *KekSigList; + UINTN KeyBlobSize; + UINT8 *KeyBlob; + CPL_KEY_INFO *KeyInfo; + EFI_SIGNATURE_DATA *KEKSigData; + UINTN KekSigListSize; + UINT8 *KeyBuffer; + UINTN KeyLenInBytes; + + Attr = 0; + DataSize = 0; + KeyBuffer = NULL; + KeyBlobSize = 0; + KeyBlob = NULL; + KeyInfo = NULL; + KEKSigData = NULL; + KekSigList = NULL; + KekSigListSize = 0; + + // + // Form the KeKpub certificate list into EFI_SIGNATURE_LIST type. + // First, We have to parse out public key data from the pbk key file. + // + Status = ReadFileContent ( + Private->FileContext->FHandle, + (VOID**) &KeyBlob, + &KeyBlobSize, + 0 + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + ASSERT (KeyBlob != NULL); + KeyInfo = (CPL_KEY_INFO *) KeyBlob; + if (KeyInfo->KeyLengthInBits / 8 != WIN_CERT_UEFI_RSA2048_SIZE) { + DEBUG ((DEBUG_ERROR, "Unsupported key length, Only RSA2048 is supported.\n")); + Status = EFI_UNSUPPORTED; + goto ON_EXIT; + } + + // + // Convert the Public key to fix octet string format represented in RSA PKCS#1. + // + KeyLenInBytes = KeyInfo->KeyLengthInBits / 8; + KeyBuffer = AllocateZeroPool (KeyLenInBytes); + if (KeyBuffer == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + Int2OctStr ( + (UINTN*) (KeyBlob + sizeof (CPL_KEY_INFO)), + KeyLenInBytes / sizeof (UINTN), + KeyBuffer, + KeyLenInBytes + ); + CopyMem(KeyBlob + sizeof(CPL_KEY_INFO), KeyBuffer, KeyLenInBytes); + + // + // Form an new EFI_SIGNATURE_LIST. + // + KekSigListSize = sizeof(EFI_SIGNATURE_LIST) + + sizeof(EFI_SIGNATURE_DATA) - 1 + + WIN_CERT_UEFI_RSA2048_SIZE; + + KekSigList = (EFI_SIGNATURE_LIST*) AllocateZeroPool (KekSigListSize); + if (KekSigList == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + KekSigList->SignatureListSize = sizeof(EFI_SIGNATURE_LIST) + + sizeof(EFI_SIGNATURE_DATA) - 1 + + WIN_CERT_UEFI_RSA2048_SIZE; + KekSigList->SignatureHeaderSize = 0; + KekSigList->SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + WIN_CERT_UEFI_RSA2048_SIZE; + CopyGuid (&KekSigList->SignatureType, &gEfiCertRsa2048Guid); + + KEKSigData = (EFI_SIGNATURE_DATA*)((UINT8*)KekSigList + sizeof(EFI_SIGNATURE_LIST)); + CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID); + CopyMem ( + KEKSigData->SignatureData, + KeyBlob + sizeof(CPL_KEY_INFO), + WIN_CERT_UEFI_RSA2048_SIZE + ); + + // + // Check if KEK entry has been already existed. + // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the + // new KEK to original variable. + // + Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status)); + goto ON_EXIT; + } + + Status = gRT->GetVariable( + EFI_KEY_EXCHANGE_KEY_NAME, + &gEfiGlobalVariableGuid, + NULL, + &DataSize, + NULL + ); + if (Status == EFI_BUFFER_TOO_SMALL) { + Attr |= EFI_VARIABLE_APPEND_WRITE; + } else if (Status != EFI_NOT_FOUND) { + goto ON_EXIT; + } + + // + // Done. Now we have formed the correct KEKpub database item, just set it into variable storage, + // + Status = gRT->SetVariable( + EFI_KEY_EXCHANGE_KEY_NAME, + &gEfiGlobalVariableGuid, + Attr, + KekSigListSize, + KekSigList + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + +ON_EXIT: + + CloseEnrolledFile(Private->FileContext); + + if (Private->SignatureGUID != NULL) { + FreePool (Private->SignatureGUID); + Private->SignatureGUID = NULL; + } + + if (KeyBlob != NULL) { + FreePool (KeyBlob); + } + if (KeyBuffer != NULL) { + FreePool (KeyBuffer); + } + if (KekSigList != NULL) { + FreePool (KekSigList); + } + + return Status; +} + +/** + Enroll a new KEK item from X509 certificate file. + + @param[in] PrivateData The module's private data. + + @retval EFI_SUCCESS New X509 is enrolled successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED Unsupported command. + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. + +**/ +EFI_STATUS +EnrollX509ToKek ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private + ) +{ + EFI_STATUS Status; + UINTN X509DataSize; + VOID *X509Data; + EFI_SIGNATURE_DATA *KEKSigData; + EFI_SIGNATURE_LIST *KekSigList; + UINTN DataSize; + UINTN KekSigListSize; + UINT32 Attr; + + X509Data = NULL; + X509DataSize = 0; + KekSigList = NULL; + KekSigListSize = 0; + DataSize = 0; + KEKSigData = NULL; + + Status = ReadFileContent ( + Private->FileContext->FHandle, + &X509Data, + &X509DataSize, + 0 + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + ASSERT (X509Data != NULL); + + KekSigListSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize; + KekSigList = (EFI_SIGNATURE_LIST*) AllocateZeroPool (KekSigListSize); + if (KekSigList == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Fill Certificate Database parameters. + // + KekSigList->SignatureListSize = (UINT32) KekSigListSize; + KekSigList->SignatureHeaderSize = 0; + KekSigList->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize); + CopyGuid (&KekSigList->SignatureType, &gEfiCertX509Guid); + + KEKSigData = (EFI_SIGNATURE_DATA*) ((UINT8*) KekSigList + sizeof (EFI_SIGNATURE_LIST)); + CopyGuid (&KEKSigData->SignatureOwner, Private->SignatureGUID); + CopyMem (KEKSigData->SignatureData, X509Data, X509DataSize); + + // + // Check if KEK been already existed. + // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the + // new kek to original variable + // + Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + Status = CreateTimeBasedPayload (&KekSigListSize, (UINT8**) &KekSigList); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status)); + goto ON_EXIT; + } + + Status = gRT->GetVariable( + EFI_KEY_EXCHANGE_KEY_NAME, + &gEfiGlobalVariableGuid, + NULL, + &DataSize, + NULL + ); + if (Status == EFI_BUFFER_TOO_SMALL) { + Attr |= EFI_VARIABLE_APPEND_WRITE; + } else if (Status != EFI_NOT_FOUND) { + goto ON_EXIT; + } + + Status = gRT->SetVariable( + EFI_KEY_EXCHANGE_KEY_NAME, + &gEfiGlobalVariableGuid, + Attr, + KekSigListSize, + KekSigList + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + +ON_EXIT: + + CloseEnrolledFile(Private->FileContext); + + if (Private->SignatureGUID != NULL) { + FreePool (Private->SignatureGUID); + Private->SignatureGUID = NULL; + } + + if (KekSigList != NULL) { + FreePool (KekSigList); + } + + return Status; +} + +/** + Enroll new KEK into the System without PK's authentication. + The SignatureOwner GUID will be Private->SignatureGUID. + + @param[in] PrivateData The module's private data. + + @retval EFI_SUCCESS New KEK enrolled successful. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval others Fail to enroll KEK data. + +**/ +EFI_STATUS +EnrollKeyExchangeKey ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private + ) +{ + UINT16* FilePostFix; + EFI_STATUS Status; + UINTN NameLength; + + if ((Private->FileContext->FHandle == NULL) || (Private->FileContext->FileName == NULL) || (Private->SignatureGUID == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Parse the file's postfix. Supports DER-encoded X509 certificate, + // and .pbk as RSA public key file. + // + NameLength = StrLen (Private->FileContext->FileName); + if (NameLength <= 4) { + return EFI_INVALID_PARAMETER; + } + FilePostFix = Private->FileContext->FileName + NameLength - 4; + if (IsDerEncodeCertificate(FilePostFix)) { + return EnrollX509ToKek (Private); + } else if (CompareMem (FilePostFix, L".pbk",4) == 0) { + return EnrollRsa2048ToKek (Private); + } else { + // + // File type is wrong, simply close it + // + CloseEnrolledFile(Private->FileContext); + + return EFI_INVALID_PARAMETER; + } +} + +/** + Enroll a new X509 certificate into Signature Database (DB or DBX or DBT) without + KEK's authentication. + + @param[in] PrivateData The module's private data. + @param[in] VariableName Variable name of signature database, must be + EFI_IMAGE_SECURITY_DATABASE or EFI_IMAGE_SECURITY_DATABASE1. + + @retval EFI_SUCCESS New X509 is enrolled successfully. + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. + +**/ +EFI_STATUS +EnrollX509toSigDB ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName + ) +{ + EFI_STATUS Status; + UINTN X509DataSize; + VOID *X509Data; + EFI_SIGNATURE_LIST *SigDBCert; + EFI_SIGNATURE_DATA *SigDBCertData; + VOID *Data; + UINTN DataSize; + UINTN SigDBSize; + UINT32 Attr; + + X509DataSize = 0; + SigDBSize = 0; + DataSize = 0; + X509Data = NULL; + SigDBCert = NULL; + SigDBCertData = NULL; + Data = NULL; + + Status = ReadFileContent ( + Private->FileContext->FHandle, + &X509Data, + &X509DataSize, + 0 + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + ASSERT (X509Data != NULL); + + SigDBSize = sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize; + + Data = AllocateZeroPool (SigDBSize); + if (Data == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Fill Certificate Database parameters. + // + SigDBCert = (EFI_SIGNATURE_LIST*) Data; + SigDBCert->SignatureListSize = (UINT32) SigDBSize; + SigDBCert->SignatureHeaderSize = 0; + SigDBCert->SignatureSize = (UINT32) (sizeof(EFI_SIGNATURE_DATA) - 1 + X509DataSize); + CopyGuid (&SigDBCert->SignatureType, &gEfiCertX509Guid); + + SigDBCertData = (EFI_SIGNATURE_DATA*) ((UINT8* ) SigDBCert + sizeof (EFI_SIGNATURE_LIST)); + CopyGuid (&SigDBCertData->SignatureOwner, Private->SignatureGUID); + CopyMem ((UINT8* ) (SigDBCertData->SignatureData), X509Data, X509DataSize); + + // + // Check if signature database entry has been already existed. + // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the + // new signature data to original variable + // + Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status)); + goto ON_EXIT; + } + + Status = gRT->GetVariable( + VariableName, + &gEfiImageSecurityDatabaseGuid, + NULL, + &DataSize, + NULL + ); + if (Status == EFI_BUFFER_TOO_SMALL) { + Attr |= EFI_VARIABLE_APPEND_WRITE; + } else if (Status != EFI_NOT_FOUND) { + goto ON_EXIT; + } + + Status = gRT->SetVariable( + VariableName, + &gEfiImageSecurityDatabaseGuid, + Attr, + SigDBSize, + Data + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + +ON_EXIT: + + CloseEnrolledFile(Private->FileContext); + + if (Private->SignatureGUID != NULL) { + FreePool (Private->SignatureGUID); + Private->SignatureGUID = NULL; + } + + if (Data != NULL) { + FreePool (Data); + } + + if (X509Data != NULL) { + FreePool (X509Data); + } + + return Status; +} + +/** + Check whether signature is in specified database. + + @param[in] VariableName Name of database variable that is searched in. + @param[in] Signature Pointer to signature that is searched for. + @param[in] SignatureSize Size of Signature. + + @return TRUE Found the signature in the variable database. + @return FALSE Not found the signature in the variable database. + +**/ +BOOLEAN +IsSignatureFoundInDatabase ( + IN CHAR16 *VariableName, + IN UINT8 *Signature, + IN UINTN SignatureSize + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINTN DataSize; + UINT8 *Data; + UINTN Index; + UINTN CertCount; + BOOLEAN IsFound; + + // + // Read signature database variable. + // + IsFound = FALSE; + Data = NULL; + DataSize = 0; + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); + if (Status != EFI_BUFFER_TOO_SMALL) { + return FALSE; + } + + Data = (UINT8 *) AllocateZeroPool (DataSize); + if (Data == NULL) { + return FALSE; + } + + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, Data); + if (EFI_ERROR (Status)) { + goto Done; + } + + // + // Enumerate all signature data in SigDB to check if signature exists for executable. + // + CertList = (EFI_SIGNATURE_LIST *) Data; + while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) { + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, &gEfiCertX509Guid))) { + for (Index = 0; Index < CertCount; Index++) { + if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) { + // + // Find the signature in database. + // + IsFound = TRUE; + break; + } + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + } + + if (IsFound) { + break; + } + } + + DataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + +Done: + if (Data != NULL) { + FreePool (Data); + } + + return IsFound; +} + +/** + Calculate the hash of a certificate data with the specified hash algorithm. + + @param[in] CertData The certificate data to be hashed. + @param[in] CertSize The certificate size in bytes. + @param[in] HashAlg The specified hash algorithm. + @param[out] CertHash The output digest of the certificate + + @retval TRUE Successfully got the hash of the CertData. + @retval FALSE Failed to get the hash of CertData. + +**/ +BOOLEAN +CalculateCertHash ( + IN UINT8 *CertData, + IN UINTN CertSize, + IN UINT32 HashAlg, + OUT UINT8 *CertHash + ) +{ + BOOLEAN Status; + VOID *HashCtx; + UINTN CtxSize; + UINT8 *TBSCert; + UINTN TBSCertSize; + + HashCtx = NULL; + Status = FALSE; + + if (HashAlg >= HASHALG_MAX) { + return FALSE; + } + + // + // Retrieve the TBSCertificate for Hash Calculation. + // + if (!X509GetTBSCert (CertData, CertSize, &TBSCert, &TBSCertSize)) { + return FALSE; + } + + // + // 1. Initialize context of hash. + // + CtxSize = mHash[HashAlg].GetContextSize (); + HashCtx = AllocatePool (CtxSize); + ASSERT (HashCtx != NULL); + + // + // 2. Initialize a hash context. + // + Status = mHash[HashAlg].HashInit (HashCtx); + if (!Status) { + goto Done; + } + + // + // 3. Calculate the hash. + // + Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize); + if (!Status) { + goto Done; + } + + // + // 4. Get the hash result. + // + ZeroMem (CertHash, mHash[HashAlg].DigestLength); + Status = mHash[HashAlg].HashFinal (HashCtx, CertHash); + +Done: + if (HashCtx != NULL) { + FreePool (HashCtx); + } + + return Status; +} + +/** + Check whether the hash of an X.509 certificate is in forbidden database (DBX). + + @param[in] Certificate Pointer to X.509 Certificate that is searched for. + @param[in] CertSize Size of X.509 Certificate. + + @return TRUE Found the certificate hash in the forbidden database. + @return FALSE Certificate hash is Not found in the forbidden database. + +**/ +BOOLEAN +IsCertHashFoundInDbx ( + IN UINT8 *Certificate, + IN UINTN CertSize + ) +{ + BOOLEAN IsFound; + EFI_STATUS Status; + EFI_SIGNATURE_LIST *DbxList; + EFI_SIGNATURE_DATA *CertHash; + UINTN CertHashCount; + UINTN Index; + UINT32 HashAlg; + UINT8 CertDigest[MAX_DIGEST_SIZE]; + UINT8 *DbxCertHash; + UINTN SiglistHeaderSize; + UINT8 *Data; + UINTN DataSize; + + IsFound = FALSE; + HashAlg = HASHALG_MAX; + Data = NULL; + + // + // Read signature database variable. + // + DataSize = 0; + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); + if (Status != EFI_BUFFER_TOO_SMALL) { + return FALSE; + } + + Data = (UINT8 *) AllocateZeroPool (DataSize); + if (Data == NULL) { + return FALSE; + } + + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, Data); + if (EFI_ERROR (Status)) { + goto Done; + } + + // + // Check whether the certificate hash exists in the forbidden database. + // + DbxList = (EFI_SIGNATURE_LIST *) Data; + while ((DataSize > 0) && (DataSize >= DbxList->SignatureListSize)) { + // + // Determine Hash Algorithm of Certificate in the forbidden database. + // + if (CompareGuid (&DbxList->SignatureType, &gEfiCertX509Sha256Guid)) { + HashAlg = HASHALG_SHA256; + } else if (CompareGuid (&DbxList->SignatureType, &gEfiCertX509Sha384Guid)) { + HashAlg = HASHALG_SHA384; + } else if (CompareGuid (&DbxList->SignatureType, &gEfiCertX509Sha512Guid)) { + HashAlg = HASHALG_SHA512; + } else { + DataSize -= DbxList->SignatureListSize; + DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize); + continue; + } + + // + // Calculate the hash value of current db certificate for comparision. + // + if (!CalculateCertHash (Certificate, CertSize, HashAlg, CertDigest)) { + goto Done; + } + + SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) + DbxList->SignatureHeaderSize; + CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) DbxList + SiglistHeaderSize); + CertHashCount = (DbxList->SignatureListSize - SiglistHeaderSize) / DbxList->SignatureSize; + for (Index = 0; Index < CertHashCount; Index++) { + // + // Iterate each Signature Data Node within this CertList for verify. + // + DbxCertHash = CertHash->SignatureData; + if (CompareMem (DbxCertHash, CertDigest, mHash[HashAlg].DigestLength) == 0) { + // + // Hash of Certificate is found in forbidden database. + // + IsFound = TRUE; + goto Done; + } + CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertHash + DbxList->SignatureSize); + } + + DataSize -= DbxList->SignatureListSize; + DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize); + } + +Done: + if (Data != NULL) { + FreePool (Data); + } + + return IsFound; +} + +/** + Check whether the signature list exists in given variable data. + + It searches the signature list for the certificate hash by CertType. + If the signature list is found, get the offset of Database for the + next hash of a certificate. + + @param[in] Database Variable data to save signature list. + @param[in] DatabaseSize Variable size. + @param[in] SignatureType The type of the signature. + @param[out] Offset The offset to save a new hash of certificate. + + @return TRUE The signature list is found in the forbidden database. + @return FALSE The signature list is not found in the forbidden database. +**/ +BOOLEAN +GetSignaturelistOffset ( + IN EFI_SIGNATURE_LIST *Database, + IN UINTN DatabaseSize, + IN EFI_GUID *SignatureType, + OUT UINTN *Offset + ) +{ + EFI_SIGNATURE_LIST *SigList; + UINTN SiglistSize; + + if ((Database == NULL) || (DatabaseSize == 0)) { + *Offset = 0; + return FALSE; + } + + SigList = Database; + SiglistSize = DatabaseSize; + while ((SiglistSize > 0) && (SiglistSize >= SigList->SignatureListSize)) { + if (CompareGuid (&SigList->SignatureType, SignatureType)) { + *Offset = DatabaseSize - SiglistSize; + return TRUE; + } + SiglistSize -= SigList->SignatureListSize; + SigList = (EFI_SIGNATURE_LIST *) ((UINT8 *) SigList + SigList->SignatureListSize); + } + *Offset = 0; + return FALSE; +} + +/** + Enroll a new X509 certificate hash into Signature Database (dbx) without + KEK's authentication. + + @param[in] PrivateData The module's private data. + @param[in] HashAlg The hash algorithm to enroll the certificate. + @param[in] RevocationDate The revocation date of the certificate. + @param[in] RevocationTime The revocation time of the certificate. + @param[in] AlwaysRevocation Indicate whether the certificate is always revoked. + + @retval EFI_SUCCESS New X509 is enrolled successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. + +**/ +EFI_STATUS +EnrollX509HashtoSigDB ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN UINT32 HashAlg, + IN EFI_HII_DATE *RevocationDate, + IN EFI_HII_TIME *RevocationTime, + IN BOOLEAN AlwaysRevocation + ) +{ + EFI_STATUS Status; + UINTN X509DataSize; + VOID *X509Data; + EFI_SIGNATURE_LIST *SignatureList; + UINTN SignatureListSize; + UINT8 *Data; + UINT8 *NewData; + UINTN DataSize; + UINTN DbSize; + UINT32 Attr; + EFI_SIGNATURE_DATA *SignatureData; + UINTN SignatureSize; + EFI_GUID SignatureType; + UINTN Offset; + UINT8 CertHash[MAX_DIGEST_SIZE]; + UINT16* FilePostFix; + UINTN NameLength; + EFI_TIME *Time; + + X509DataSize = 0; + DbSize = 0; + X509Data = NULL; + SignatureData = NULL; + SignatureList = NULL; + Data = NULL; + NewData = NULL; + + if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Parse the file's postfix. + // + NameLength = StrLen (Private->FileContext->FileName); + if (NameLength <= 4) { + return EFI_INVALID_PARAMETER; + } + FilePostFix = Private->FileContext->FileName + NameLength - 4; + if (!IsDerEncodeCertificate(FilePostFix)) { + // + // Only supports DER-encoded X509 certificate. + // + return EFI_INVALID_PARAMETER; + } + + // + // Get the certificate from file and calculate its hash. + // + Status = ReadFileContent ( + Private->FileContext->FHandle, + &X509Data, + &X509DataSize, + 0 + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + ASSERT (X509Data != NULL); + + if (!CalculateCertHash (X509Data, X509DataSize, HashAlg, CertHash)) { + goto ON_EXIT; + } + + // + // Get the variable for enrollment. + // + DataSize = 0; + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL); + if (Status == EFI_BUFFER_TOO_SMALL) { + Data = (UINT8 *) AllocateZeroPool (DataSize); + if (Data == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, Data); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + } + + // + // Allocate memory for Signature and fill the Signature + // + SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + sizeof (EFI_TIME) + mHash[HashAlg].DigestLength; + SignatureData = (EFI_SIGNATURE_DATA *) AllocateZeroPool (SignatureSize); + if (SignatureData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + CopyGuid (&SignatureData->SignatureOwner, Private->SignatureGUID); + CopyMem (SignatureData->SignatureData, CertHash, mHash[HashAlg].DigestLength); + + // + // Fill the time. + // + if (!AlwaysRevocation) { + Time = (EFI_TIME *)(&SignatureData->SignatureData + mHash[HashAlg].DigestLength); + Time->Year = RevocationDate->Year; + Time->Month = RevocationDate->Month; + Time->Day = RevocationDate->Day; + Time->Hour = RevocationTime->Hour; + Time->Minute = RevocationTime->Minute; + Time->Second = RevocationTime->Second; + } + + // + // Determine the GUID for certificate hash. + // + switch (HashAlg) { + case HASHALG_SHA256: + SignatureType = gEfiCertX509Sha256Guid; + break; + case HASHALG_SHA384: + SignatureType = gEfiCertX509Sha384Guid; + break; + case HASHALG_SHA512: + SignatureType = gEfiCertX509Sha512Guid; + break; + default: + return FALSE; + } + + // + // Add signature into the new variable data buffer + // + if (GetSignaturelistOffset((EFI_SIGNATURE_LIST *)Data, DataSize, &SignatureType, &Offset)) { + // + // Add the signature to the found signaturelist. + // + DbSize = DataSize + SignatureSize; + NewData = AllocateZeroPool (DbSize); + if (NewData == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + SignatureList = (EFI_SIGNATURE_LIST *)(Data + Offset); + SignatureListSize = (UINTN) ReadUnaligned32 ((UINT32 *)&SignatureList->SignatureListSize); + CopyMem (NewData, Data, Offset + SignatureListSize); + + SignatureList = (EFI_SIGNATURE_LIST *)(NewData + Offset); + WriteUnaligned32 ((UINT32 *) &SignatureList->SignatureListSize, (UINT32)(SignatureListSize + SignatureSize)); + + Offset += SignatureListSize; + CopyMem (NewData + Offset, SignatureData, SignatureSize); + CopyMem (NewData + Offset + SignatureSize, Data + Offset, DataSize - Offset); + + FreePool (Data); + Data = NewData; + DataSize = DbSize; + } else { + // + // Create a new signaturelist, and add the signature into the signaturelist. + // + DbSize = DataSize + sizeof(EFI_SIGNATURE_LIST) + SignatureSize; + NewData = AllocateZeroPool (DbSize); + if (NewData == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + // + // Fill Certificate Database parameters. + // + SignatureList = (EFI_SIGNATURE_LIST*) (NewData + DataSize); + SignatureListSize = sizeof(EFI_SIGNATURE_LIST) + SignatureSize; + WriteUnaligned32 ((UINT32 *) &SignatureList->SignatureListSize, (UINT32) SignatureListSize); + WriteUnaligned32 ((UINT32 *) &SignatureList->SignatureSize, (UINT32) SignatureSize); + CopyGuid (&SignatureList->SignatureType, &SignatureType); + CopyMem ((UINT8* ) SignatureList + sizeof (EFI_SIGNATURE_LIST), SignatureData, SignatureSize); + if ((DataSize != 0) && (Data != NULL)) { + CopyMem (NewData, Data, DataSize); + FreePool (Data); + } + Data = NewData; + DataSize = DbSize; + } + + Status = CreateTimeBasedPayload (&DataSize, (UINT8**) &Data); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + Status = gRT->SetVariable( + EFI_IMAGE_SECURITY_DATABASE1, + &gEfiImageSecurityDatabaseGuid, + Attr, + DataSize, + Data + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + +ON_EXIT: + + CloseEnrolledFile(Private->FileContext); + + if (Private->SignatureGUID != NULL) { + FreePool (Private->SignatureGUID); + Private->SignatureGUID = NULL; + } + + if (Data != NULL) { + FreePool (Data); + } + + if (SignatureData != NULL) { + FreePool (SignatureData); + } + + if (X509Data != NULL) { + FreePool (X509Data); + } + + return Status; +} + +/** + Check whether a certificate from a file exists in dbx. + + @param[in] PrivateData The module's private data. + @param[in] VariableName Variable name of signature database, must be + EFI_IMAGE_SECURITY_DATABASE1. + + @retval TRUE The X509 certificate is found in dbx successfully. + @retval FALSE The X509 certificate is not found in dbx. +**/ +BOOLEAN +IsX509CertInDbx ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName + ) +{ + EFI_STATUS Status; + UINTN X509DataSize; + VOID *X509Data; + BOOLEAN IsFound; + + // + // Read the certificate from file + // + X509DataSize = 0; + X509Data = NULL; + Status = ReadFileContent ( + Private->FileContext->FHandle, + &X509Data, + &X509DataSize, + 0 + ); + if (EFI_ERROR (Status)) { + return FALSE; + } + + // + // Check the raw certificate. + // + IsFound = FALSE; + if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, X509Data, X509DataSize)) { + IsFound = TRUE; + goto ON_EXIT; + } + + // + // Check the hash of certificate. + // + if (IsCertHashFoundInDbx (X509Data, X509DataSize)) { + IsFound = TRUE; + goto ON_EXIT; + } + +ON_EXIT: + if (X509Data != NULL) { + FreePool (X509Data); + } + + return IsFound; +} + +/** + Reads contents of a PE/COFF image in memory buffer. + + Caution: This function may receive untrusted input. + PE/COFF image is external input, so this function will make sure the PE/COFF image content + read is within the image buffer. + + @param FileHandle Pointer to the file handle to read the PE/COFF image. + @param FileOffset Offset into the PE/COFF image to begin the read operation. + @param ReadSize On input, the size in bytes of the requested read operation. + On output, the number of bytes actually read. + @param Buffer Output buffer that contains the data read from the PE/COFF image. + + @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size +**/ +EFI_STATUS +EFIAPI +SecureBootConfigImageRead ( + IN VOID *FileHandle, + IN UINTN FileOffset, + IN OUT UINTN *ReadSize, + OUT VOID *Buffer + ) +{ + UINTN EndPosition; + + if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) { + return EFI_INVALID_PARAMETER; + } + + if (MAX_ADDRESS - FileOffset < *ReadSize) { + return EFI_INVALID_PARAMETER; + } + + EndPosition = FileOffset + *ReadSize; + if (EndPosition > mImageSize) { + *ReadSize = (UINT32)(mImageSize - FileOffset); + } + + if (FileOffset >= mImageSize) { + *ReadSize = 0; + } + + CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize); + + return EFI_SUCCESS; +} + +/** + Load PE/COFF image information into internal buffer and check its validity. + + @retval EFI_SUCCESS Successful + @retval EFI_UNSUPPORTED Invalid PE/COFF file + @retval EFI_ABORTED Serious error occurs, like file I/O error etc. + +**/ +EFI_STATUS +LoadPeImage ( + VOID + ) +{ + EFI_IMAGE_DOS_HEADER *DosHdr; + EFI_IMAGE_NT_HEADERS32 *NtHeader32; + EFI_IMAGE_NT_HEADERS64 *NtHeader64; + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + EFI_STATUS Status; + + NtHeader32 = NULL; + NtHeader64 = NULL; + + ZeroMem (&ImageContext, sizeof (ImageContext)); + ImageContext.Handle = (VOID *) mImageBase; + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) SecureBootConfigImageRead; + + // + // Get information about the image being loaded + // + Status = PeCoffLoaderGetImageInfo (&ImageContext); + if (EFI_ERROR (Status)) { + // + // The information can't be got from the invalid PeImage + // + DEBUG ((DEBUG_INFO, "SecureBootConfigDxe: PeImage invalid. \n")); + return Status; + } + + // + // Read the Dos header + // + DosHdr = (EFI_IMAGE_DOS_HEADER*)(mImageBase); + if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) + { + // + // DOS image header is present, + // So read the PE header after the DOS image header + // + mPeCoffHeaderOffset = DosHdr->e_lfanew; + } + else + { + mPeCoffHeaderOffset = 0; + } + + // + // Read PE header and check the signature validity and machine compatibility + // + NtHeader32 = (EFI_IMAGE_NT_HEADERS32*) (mImageBase + mPeCoffHeaderOffset); + if (NtHeader32->Signature != EFI_IMAGE_NT_SIGNATURE) + { + return EFI_UNSUPPORTED; + } + + mNtHeader.Pe32 = NtHeader32; + + // + // Check the architecture field of PE header and get the Certificate Data Directory data + // Note the size of FileHeader field is constant for both IA32 and X64 arch + // + if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32) + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC) + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_ARMTHUMB_MIXED)) { + // + // 32-bits Architecture + // + mImageType = ImageType_IA32; + mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]); + } + else if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA64) + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64) + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_AARCH64)) { + // + // 64-bits Architecture + // + mImageType = ImageType_X64; + NtHeader64 = (EFI_IMAGE_NT_HEADERS64 *) (mImageBase + mPeCoffHeaderOffset); + mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader64->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]); + } else { + return EFI_UNSUPPORTED; + } + + return EFI_SUCCESS; +} + +/** + Calculate hash of Pe/Coff image based on the authenticode image hashing in + PE/COFF Specification 8.0 Appendix A + + Notes: PE/COFF image has been checked by BasePeCoffLib PeCoffLoaderGetImageInfo() in + the function LoadPeImage (). + + @param[in] HashAlg Hash algorithm type. + + @retval TRUE Successfully hash image. + @retval FALSE Fail in hash image. + +**/ +BOOLEAN +HashPeImage ( + IN UINT32 HashAlg + ) +{ + BOOLEAN Status; + EFI_IMAGE_SECTION_HEADER *Section; + VOID *HashCtx; + UINTN CtxSize; + UINT8 *HashBase; + UINTN HashSize; + UINTN SumOfBytesHashed; + EFI_IMAGE_SECTION_HEADER *SectionHeader; + UINTN Index; + UINTN Pos; + + HashCtx = NULL; + SectionHeader = NULL; + Status = FALSE; + + if (HashAlg != HASHALG_SHA256) { + return FALSE; + } + + // + // Initialize context of hash. + // + ZeroMem (mImageDigest, MAX_DIGEST_SIZE); + + mImageDigestSize = SHA256_DIGEST_SIZE; + mCertType = gEfiCertSha256Guid; + + CtxSize = mHash[HashAlg].GetContextSize(); + + HashCtx = AllocatePool (CtxSize); + ASSERT (HashCtx != NULL); + + // 1. Load the image header into memory. + + // 2. Initialize a SHA hash context. + Status = mHash[HashAlg].HashInit(HashCtx); + if (!Status) { + goto Done; + } + // + // Measuring PE/COFF Image Header; + // But CheckSum field and SECURITY data directory (certificate) are excluded + // + + // + // 3. Calculate the distance from the base of the image header to the image checksum address. + // 4. Hash the image header from its base to beginning of the image checksum. + // + HashBase = mImageBase; + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; + } else { + // + // Use PE32+ offset. + // + HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase; + } + + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + // + // 5. Skip over the image checksum (it occupies a single ULONG). + // 6. Get the address of the beginning of the Cert Directory. + // 7. Hash everything from the end of the checksum to the start of the Cert Directory. + // + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + } else { + // + // Use PE32+ offset. + // + HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); + HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase; + } + + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + // + // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) + // 9. Hash everything from the end of the Cert Directory to the end of image header. + // + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset + // + HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINTN) mImageBase); + } else { + // + // Use PE32+ offset. + // + HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - (UINTN) mImageBase); + } + + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + // + // 10. Set the SUM_OF_BYTES_HASHED to the size of the header. + // + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + SumOfBytesHashed = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders; + } else { + // + // Use PE32+ offset + // + SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders; + } + + // + // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER + // structures in the image. The 'NumberOfSections' field of the image + // header indicates how big the table should be. Do not include any + // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. + // + SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections); + ASSERT (SectionHeader != NULL); + // + // 12. Using the 'PointerToRawData' in the referenced section headers as + // a key, arrange the elements in the table in ascending order. In other + // words, sort the section headers according to the disk-file offset of + // the section. + // + Section = (EFI_IMAGE_SECTION_HEADER *) ( + mImageBase + + mPeCoffHeaderOffset + + sizeof (UINT32) + + sizeof (EFI_IMAGE_FILE_HEADER) + + mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader + ); + for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) { + Pos = Index; + while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) { + CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER)); + Pos--; + } + CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER)); + Section += 1; + } + + // + // 13. Walk through the sorted table, bring the corresponding section + // into memory, and hash the entire section (using the 'SizeOfRawData' + // field in the section header to determine the amount of data to hash). + // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED . + // 15. Repeat steps 13 and 14 for all the sections in the sorted table. + // + for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) { + Section = &SectionHeader[Index]; + if (Section->SizeOfRawData == 0) { + continue; + } + HashBase = mImageBase + Section->PointerToRawData; + HashSize = (UINTN) Section->SizeOfRawData; + + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + + SumOfBytesHashed += HashSize; + } + + // + // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra + // data in the file that needs to be added to the hash. This data begins + // at file offset SUM_OF_BYTES_HASHED and its length is: + // FileSize - (CertDirectory->Size) + // + if (mImageSize > SumOfBytesHashed) { + HashBase = mImageBase + SumOfBytesHashed; + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // Use PE32 offset. + // + HashSize = (UINTN)( + mImageSize - + mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - + SumOfBytesHashed); + } else { + // + // Use PE32+ offset. + // + HashSize = (UINTN)( + mImageSize - + mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size - + SumOfBytesHashed); + } + + Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize); + if (!Status) { + goto Done; + } + } + + Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest); + +Done: + if (HashCtx != NULL) { + FreePool (HashCtx); + } + if (SectionHeader != NULL) { + FreePool (SectionHeader); + } + return Status; +} + +/** + Recognize the Hash algorithm in PE/COFF Authenticode and calculate hash of + Pe/Coff image based on the authenticated image hashing in PE/COFF Specification + 8.0 Appendix A + + @retval EFI_UNSUPPORTED Hash algorithm is not supported. + @retval EFI_SUCCESS Hash successfully. + +**/ +EFI_STATUS +HashPeImageByType ( + VOID + ) +{ + UINT8 Index; + WIN_CERTIFICATE_EFI_PKCS *PkcsCertData; + + PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->Offset); + + for (Index = 0; Index < HASHALG_MAX; Index++) { + // + // Check the Hash algorithm in PE/COFF Authenticode. + // According to PKCS#7 Definition: + // SignedData ::= SEQUENCE { + // version Version, + // digestAlgorithms DigestAlgorithmIdentifiers, + // contentInfo ContentInfo, + // .... } + // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing + // This field has the fixed offset (+32) in final Authenticode ASN.1 data. + // Fixed offset (+32) is calculated based on two bytes of length encoding. + // + if ((*(PkcsCertData->CertData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) { + // + // Only support two bytes of Long Form of Length Encoding. + // + continue; + } + + // + if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) { + break; + } + } + + if (Index == HASHALG_MAX) { + return EFI_UNSUPPORTED; + } + + // + // HASH PE Image based on Hash algorithm in PE/COFF Authenticode. + // + if (!HashPeImage(Index)) { + return EFI_UNSUPPORTED; + } + + return EFI_SUCCESS; +} + +/** + Enroll a new signature of executable into Signature Database. + + @param[in] PrivateData The module's private data. + @param[in] VariableName Variable name of signature database, must be + EFI_IMAGE_SECURITY_DATABASE, EFI_IMAGE_SECURITY_DATABASE1 + or EFI_IMAGE_SECURITY_DATABASE2. + + @retval EFI_SUCCESS New signature is enrolled successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED Unsupported command. + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. + +**/ +EFI_STATUS +EnrollAuthentication2Descriptor ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName + ) +{ + EFI_STATUS Status; + VOID *Data; + UINTN DataSize; + UINT32 Attr; + + Data = NULL; + + // + // DBT only support DER-X509 Cert Enrollment + // + if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0) { + return EFI_UNSUPPORTED; + } + + // + // Read the whole file content + // + Status = ReadFileContent( + Private->FileContext->FHandle, + (VOID **) &mImageBase, + &mImageSize, + 0 + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + ASSERT (mImageBase != NULL); + + Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + + // + // Check if SigDB variable has been already existed. + // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the + // new signature data to original variable + // + DataSize = 0; + Status = gRT->GetVariable( + VariableName, + &gEfiImageSecurityDatabaseGuid, + NULL, + &DataSize, + NULL + ); + if (Status == EFI_BUFFER_TOO_SMALL) { + Attr |= EFI_VARIABLE_APPEND_WRITE; + } else if (Status != EFI_NOT_FOUND) { + goto ON_EXIT; + } + + // + // Directly set AUTHENTICATION_2 data to SetVariable + // + Status = gRT->SetVariable( + VariableName, + &gEfiImageSecurityDatabaseGuid, + Attr, + mImageSize, + mImageBase + ); + + DEBUG((DEBUG_INFO, "Enroll AUTH_2 data to Var:%s Status: %x\n", VariableName, Status)); + +ON_EXIT: + + CloseEnrolledFile(Private->FileContext); + + if (Data != NULL) { + FreePool (Data); + } + + if (mImageBase != NULL) { + FreePool (mImageBase); + mImageBase = NULL; + } + + return Status; + +} + + +/** + Enroll a new signature of executable into Signature Database. + + @param[in] PrivateData The module's private data. + @param[in] VariableName Variable name of signature database, must be + EFI_IMAGE_SECURITY_DATABASE, EFI_IMAGE_SECURITY_DATABASE1 + or EFI_IMAGE_SECURITY_DATABASE2. + + @retval EFI_SUCCESS New signature is enrolled successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval EFI_UNSUPPORTED Unsupported command. + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. + +**/ +EFI_STATUS +EnrollImageSignatureToSigDB ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *SigDBCert; + EFI_SIGNATURE_DATA *SigDBCertData; + VOID *Data; + UINTN DataSize; + UINTN SigDBSize; + UINT32 Attr; + WIN_CERTIFICATE_UEFI_GUID *GuidCertData; + + Data = NULL; + GuidCertData = NULL; + + if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE2) == 0) { + return EFI_UNSUPPORTED; + } + + // + // Form the SigDB certificate list. + // Format the data item into EFI_SIGNATURE_LIST type. + // + // We need to parse signature data of executable from specified signed executable file. + // In current implementation, we simply trust the pass-in signed executable file. + // In reality, it's OS's responsibility to verify the signed executable file. + // + + // + // Read the whole file content + // + Status = ReadFileContent( + Private->FileContext->FHandle, + (VOID **) &mImageBase, + &mImageSize, + 0 + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + ASSERT (mImageBase != NULL); + + Status = LoadPeImage (); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + if (mSecDataDir->SizeOfCert == 0) { + if (!HashPeImage (HASHALG_SHA256)) { + Status = EFI_SECURITY_VIOLATION; + goto ON_EXIT; + } + } else { + + // + // Read the certificate data + // + mCertificate = (WIN_CERTIFICATE *)(mImageBase + mSecDataDir->Offset); + + if (mCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) { + GuidCertData = (WIN_CERTIFICATE_UEFI_GUID*) mCertificate; + if (CompareMem (&GuidCertData->CertType, &gEfiCertTypeRsa2048Sha256Guid, sizeof(EFI_GUID)) != 0) { + Status = EFI_ABORTED; + goto ON_EXIT; + } + + if (!HashPeImage (HASHALG_SHA256)) { + Status = EFI_ABORTED; + goto ON_EXIT;; + } + + } else if (mCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) { + + Status = HashPeImageByType (); + if (EFI_ERROR (Status)) { + goto ON_EXIT;; + } + } else { + Status = EFI_ABORTED; + goto ON_EXIT; + } + } + + // + // Create a new SigDB entry. + // + SigDBSize = sizeof(EFI_SIGNATURE_LIST) + + sizeof(EFI_SIGNATURE_DATA) - 1 + + (UINT32) mImageDigestSize; + + Data = (UINT8*) AllocateZeroPool (SigDBSize); + if (Data == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Adjust the Certificate Database parameters. + // + SigDBCert = (EFI_SIGNATURE_LIST*) Data; + SigDBCert->SignatureListSize = (UINT32) SigDBSize; + SigDBCert->SignatureHeaderSize = 0; + SigDBCert->SignatureSize = sizeof(EFI_SIGNATURE_DATA) - 1 + (UINT32) mImageDigestSize; + CopyGuid (&SigDBCert->SignatureType, &mCertType); + + SigDBCertData = (EFI_SIGNATURE_DATA*)((UINT8*)SigDBCert + sizeof(EFI_SIGNATURE_LIST)); + CopyGuid (&SigDBCertData->SignatureOwner, Private->SignatureGUID); + CopyMem (SigDBCertData->SignatureData, mImageDigest, mImageDigestSize); + + Attr = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS + | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS; + Status = CreateTimeBasedPayload (&SigDBSize, (UINT8**) &Data); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status)); + goto ON_EXIT; + } + + // + // Check if SigDB variable has been already existed. + // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the + // new signature data to original variable + // + DataSize = 0; + Status = gRT->GetVariable( + VariableName, + &gEfiImageSecurityDatabaseGuid, + NULL, + &DataSize, + NULL + ); + if (Status == EFI_BUFFER_TOO_SMALL) { + Attr |= EFI_VARIABLE_APPEND_WRITE; + } else if (Status != EFI_NOT_FOUND) { + goto ON_EXIT; + } + + // + // Enroll the variable. + // + Status = gRT->SetVariable( + VariableName, + &gEfiImageSecurityDatabaseGuid, + Attr, + SigDBSize, + Data + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + +ON_EXIT: + + CloseEnrolledFile(Private->FileContext); + + if (Private->SignatureGUID != NULL) { + FreePool (Private->SignatureGUID); + Private->SignatureGUID = NULL; + } + + if (Data != NULL) { + FreePool (Data); + } + + if (mImageBase != NULL) { + FreePool (mImageBase); + mImageBase = NULL; + } + + return Status; +} + +/** + Enroll signature into DB/DBX/DBT without KEK's authentication. + The SignatureOwner GUID will be Private->SignatureGUID. + + @param[in] PrivateData The module's private data. + @param[in] VariableName Variable name of signature database, must be + EFI_IMAGE_SECURITY_DATABASE or EFI_IMAGE_SECURITY_DATABASE1. + + @retval EFI_SUCCESS New signature enrolled successfully. + @retval EFI_INVALID_PARAMETER The parameter is invalid. + @retval others Fail to enroll signature data. + +**/ +EFI_STATUS +EnrollSignatureDatabase ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN CHAR16 *VariableName + ) +{ + UINT16* FilePostFix; + EFI_STATUS Status; + UINTN NameLength; + + if ((Private->FileContext->FileName == NULL) || (Private->FileContext->FHandle == NULL) || (Private->SignatureGUID == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Parse the file's postfix. + // + NameLength = StrLen (Private->FileContext->FileName); + if (NameLength <= 4) { + return EFI_INVALID_PARAMETER; + } + FilePostFix = Private->FileContext->FileName + NameLength - 4; + if (IsDerEncodeCertificate (FilePostFix)) { + // + // Supports DER-encoded X509 certificate. + // + return EnrollX509toSigDB (Private, VariableName); + } else if (IsAuthentication2Format(Private->FileContext->FHandle)){ + return EnrollAuthentication2Descriptor(Private, VariableName); + } else { + return EnrollImageSignatureToSigDB (Private, VariableName); + } +} + +/** + List all signatures in specified signature database (e.g. KEK/DB/DBX/DBT) + by GUID in the page for user to select and delete as needed. + + @param[in] PrivateData Module's private data. + @param[in] VariableName The variable name of the vendor's signature database. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] LabelNumber Label number to insert opcodes. + @param[in] FormId Form ID of current page. + @param[in] QuestionIdBase Base question id of the signature list. + + @retval EFI_SUCCESS Success to update the signature list page + @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources. + +**/ +EFI_STATUS +UpdateDeletePage ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT16 LabelNumber, + IN EFI_FORM_ID FormId, + IN EFI_QUESTION_ID QuestionIdBase + ) +{ + EFI_STATUS Status; + UINT32 Index; + UINTN CertCount; + UINTN GuidIndex; + VOID *StartOpCodeHandle; + VOID *EndOpCodeHandle; + EFI_IFR_GUID_LABEL *StartLabel; + EFI_IFR_GUID_LABEL *EndLabel; + UINTN DataSize; + UINT8 *Data; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_DATA *Cert; + UINT32 ItemDataSize; + CHAR16 *GuidStr; + EFI_STRING_ID GuidID; + EFI_STRING_ID Help; + + Data = NULL; + CertList = NULL; + Cert = NULL; + GuidStr = NULL; + StartOpCodeHandle = NULL; + EndOpCodeHandle = NULL; + + // + // Initialize the container for dynamic opcodes. + // + StartOpCodeHandle = HiiAllocateOpCodeHandle (); + if (StartOpCodeHandle == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + EndOpCodeHandle = HiiAllocateOpCodeHandle (); + if (EndOpCodeHandle == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Create Hii Extend Label OpCode. + // + StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + StartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartLabel->Number = LabelNumber; + + EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + EndOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number = LABEL_END; + + // + // Read Variable. + // + DataSize = 0; + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data); + if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { + goto ON_EXIT; + } + + Data = (UINT8 *) AllocateZeroPool (DataSize); + if (Data == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, Data); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + GuidStr = AllocateZeroPool (100); + if (GuidStr == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Enumerate all KEK pub data. + // + ItemDataSize = (UINT32) DataSize; + CertList = (EFI_SIGNATURE_LIST *) Data; + GuidIndex = 0; + + while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) { + + if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid)) { + Help = STRING_TOKEN (STR_CERT_TYPE_RSA2048_SHA256_GUID); + } else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { + Help = STRING_TOKEN (STR_CERT_TYPE_PCKS7_GUID); + } else if (CompareGuid (&CertList->SignatureType, &gEfiCertSha1Guid)) { + Help = STRING_TOKEN (STR_CERT_TYPE_SHA1_GUID); + } else if (CompareGuid (&CertList->SignatureType, &gEfiCertSha256Guid)) { + Help = STRING_TOKEN (STR_CERT_TYPE_SHA256_GUID); + } else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha256Guid)) { + Help = STRING_TOKEN (STR_CERT_TYPE_X509_SHA256_GUID); + } else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha384Guid)) { + Help = STRING_TOKEN (STR_CERT_TYPE_X509_SHA384_GUID); + } else if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha512Guid)) { + Help = STRING_TOKEN (STR_CERT_TYPE_X509_SHA512_GUID); + } else { + // + // The signature type is not supported in current implementation. + // + ItemDataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + continue; + } + + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + for (Index = 0; Index < CertCount; Index++) { + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + + sizeof (EFI_SIGNATURE_LIST) + + CertList->SignatureHeaderSize + + Index * CertList->SignatureSize); + // + // Display GUID and help + // + GuidToString (&Cert->SignatureOwner, GuidStr, 100); + GuidID = HiiSetString (PrivateData->HiiHandle, 0, GuidStr, NULL); + HiiCreateCheckBoxOpCode ( + StartOpCodeHandle, + (EFI_QUESTION_ID) (QuestionIdBase + GuidIndex++), + 0, + 0, + GuidID, + Help, + EFI_IFR_FLAG_CALLBACK, + 0, + NULL + ); + } + + ItemDataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + +ON_EXIT: + HiiUpdateForm ( + PrivateData->HiiHandle, + &gSecureBootConfigFormSetGuid, + FormId, + StartOpCodeHandle, + EndOpCodeHandle + ); + + if (StartOpCodeHandle != NULL) { + HiiFreeOpCodeHandle (StartOpCodeHandle); + } + + if (EndOpCodeHandle != NULL) { + HiiFreeOpCodeHandle (EndOpCodeHandle); + } + + if (Data != NULL) { + FreePool (Data); + } + + if (GuidStr != NULL) { + FreePool (GuidStr); + } + + return EFI_SUCCESS; +} + +/** + Delete a KEK entry from KEK database. + + @param[in] PrivateData Module's private data. + @param[in] QuestionId Question id of the KEK item to delete. + + @retval EFI_SUCCESS Delete kek item successfully. + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. + +**/ +EFI_STATUS +DeleteKeyExchangeKey ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN EFI_QUESTION_ID QuestionId + ) +{ + EFI_STATUS Status; + UINTN DataSize; + UINT8 *Data; + UINT8 *OldData; + UINT32 Attr; + UINT32 Index; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_LIST *NewCertList; + EFI_SIGNATURE_DATA *Cert; + UINTN CertCount; + UINT32 Offset; + BOOLEAN IsKEKItemFound; + UINT32 KekDataSize; + UINTN DeleteKekIndex; + UINTN GuidIndex; + + Data = NULL; + OldData = NULL; + CertList = NULL; + Cert = NULL; + Attr = 0; + DeleteKekIndex = QuestionId - OPTION_DEL_KEK_QUESTION_ID; + + Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Get original KEK variable. + // + DataSize = 0; + Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &DataSize, NULL); + if (EFI_ERROR(Status) && Status != EFI_BUFFER_TOO_SMALL) { + goto ON_EXIT; + } + + OldData = (UINT8*)AllocateZeroPool(DataSize); + if (OldData == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, &Attr, &DataSize, OldData); + if (EFI_ERROR(Status)) { + goto ON_EXIT; + } + + // + // Allocate space for new variable. + // + Data = (UINT8*) AllocateZeroPool (DataSize); + if (Data == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Enumerate all KEK pub data and erasing the target item. + // + IsKEKItemFound = FALSE; + KekDataSize = (UINT32) DataSize; + CertList = (EFI_SIGNATURE_LIST *) OldData; + Offset = 0; + GuidIndex = 0; + while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) { + if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) { + CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize)); + NewCertList = (EFI_SIGNATURE_LIST *)(Data + Offset); + Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + for (Index = 0; Index < CertCount; Index++) { + if (GuidIndex == DeleteKekIndex ) { + // + // Find it! Skip it! + // + NewCertList->SignatureListSize -= CertList->SignatureSize; + IsKEKItemFound = TRUE; + } else { + // + // This item doesn't match. Copy it to the Data buffer. + // + CopyMem (Data + Offset, Cert, CertList->SignatureSize); + Offset += CertList->SignatureSize; + } + GuidIndex++; + Cert = (EFI_SIGNATURE_DATA *) ((UINT8*) Cert + CertList->SignatureSize); + } + } else { + // + // This List doesn't match. Copy it to the Data buffer. + // + CopyMem (Data + Offset, CertList, CertList->SignatureListSize); + Offset += CertList->SignatureListSize; + } + + KekDataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST*) ((UINT8*) CertList + CertList->SignatureListSize); + } + + if (!IsKEKItemFound) { + // + // Doesn't find the Kek Item! + // + Status = EFI_NOT_FOUND; + goto ON_EXIT; + } + + // + // Delete the Signature header if there is no signature in the list. + // + KekDataSize = Offset; + CertList = (EFI_SIGNATURE_LIST*) Data; + Offset = 0; + ZeroMem (OldData, KekDataSize); + while ((KekDataSize > 0) && (KekDataSize >= CertList->SignatureListSize)) { + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount)); + if (CertCount != 0) { + CopyMem (OldData + Offset, CertList, CertList->SignatureListSize); + Offset += CertList->SignatureListSize; + } + KekDataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + + DataSize = Offset; + if ((Attr & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { + Status = CreateTimeBasedPayload (&DataSize, &OldData); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status)); + goto ON_EXIT; + } + } + + Status = gRT->SetVariable( + EFI_KEY_EXCHANGE_KEY_NAME, + &gEfiGlobalVariableGuid, + Attr, + DataSize, + OldData + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status)); + goto ON_EXIT; + } + +ON_EXIT: + if (Data != NULL) { + FreePool(Data); + } + + if (OldData != NULL) { + FreePool(OldData); + } + + return UpdateDeletePage ( + PrivateData, + EFI_KEY_EXCHANGE_KEY_NAME, + &gEfiGlobalVariableGuid, + LABEL_KEK_DELETE, + FORMID_DELETE_KEK_FORM, + OPTION_DEL_KEK_QUESTION_ID + ); +} + +/** + Delete a signature entry from signature database. + + @param[in] PrivateData Module's private data. + @param[in] VariableName The variable name of the vendor's signature database. + @param[in] VendorGuid A unique identifier for the vendor. + @param[in] LabelNumber Label number to insert opcodes. + @param[in] FormId Form ID of current page. + @param[in] QuestionIdBase Base question id of the signature list. + @param[in] DeleteIndex Signature index to delete. + + @retval EFI_SUCCESS Delete signature successfully. + @retval EFI_NOT_FOUND Can't find the signature item, + @retval EFI_OUT_OF_RESOURCES Could not allocate needed resources. +**/ +EFI_STATUS +DeleteSignature ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN CHAR16 *VariableName, + IN EFI_GUID *VendorGuid, + IN UINT16 LabelNumber, + IN EFI_FORM_ID FormId, + IN EFI_QUESTION_ID QuestionIdBase, + IN UINTN DeleteIndex + ) +{ + EFI_STATUS Status; + UINTN DataSize; + UINT8 *Data; + UINT8 *OldData; + UINT32 Attr; + UINT32 Index; + EFI_SIGNATURE_LIST *CertList; + EFI_SIGNATURE_LIST *NewCertList; + EFI_SIGNATURE_DATA *Cert; + UINTN CertCount; + UINT32 Offset; + BOOLEAN IsItemFound; + UINT32 ItemDataSize; + UINTN GuidIndex; + + Data = NULL; + OldData = NULL; + CertList = NULL; + Cert = NULL; + Attr = 0; + + Status = SetSecureBootMode(CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Get original signature list data. + // + DataSize = 0; + Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL); + if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { + goto ON_EXIT; + } + + OldData = (UINT8 *) AllocateZeroPool (DataSize); + if (OldData == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + Status = gRT->GetVariable (VariableName, VendorGuid, &Attr, &DataSize, OldData); + if (EFI_ERROR(Status)) { + goto ON_EXIT; + } + + // + // Allocate space for new variable. + // + Data = (UINT8*) AllocateZeroPool (DataSize); + if (Data == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Enumerate all signature data and erasing the target item. + // + IsItemFound = FALSE; + ItemDataSize = (UINT32) DataSize; + CertList = (EFI_SIGNATURE_LIST *) OldData; + Offset = 0; + GuidIndex = 0; + while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) { + if (CompareGuid (&CertList->SignatureType, &gEfiCertRsa2048Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertSha1Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertSha256Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha256Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha384Guid) || + CompareGuid (&CertList->SignatureType, &gEfiCertX509Sha512Guid) + ) { + // + // Copy EFI_SIGNATURE_LIST header then calculate the signature count in this list. + // + CopyMem (Data + Offset, CertList, (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize)); + NewCertList = (EFI_SIGNATURE_LIST*) (Data + Offset); + Offset += (sizeof(EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize); + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + for (Index = 0; Index < CertCount; Index++) { + if (GuidIndex == DeleteIndex) { + // + // Find it! Skip it! + // + NewCertList->SignatureListSize -= CertList->SignatureSize; + IsItemFound = TRUE; + } else { + // + // This item doesn't match. Copy it to the Data buffer. + // + CopyMem (Data + Offset, (UINT8*)(Cert), CertList->SignatureSize); + Offset += CertList->SignatureSize; + } + GuidIndex++; + Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize); + } + } else { + // + // This List doesn't match. Just copy it to the Data buffer. + // + CopyMem (Data + Offset, (UINT8*)(CertList), CertList->SignatureListSize); + Offset += CertList->SignatureListSize; + } + + ItemDataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + + if (!IsItemFound) { + // + // Doesn't find the signature Item! + // + Status = EFI_NOT_FOUND; + goto ON_EXIT; + } + + // + // Delete the EFI_SIGNATURE_LIST header if there is no signature in the list. + // + ItemDataSize = Offset; + CertList = (EFI_SIGNATURE_LIST *) Data; + Offset = 0; + ZeroMem (OldData, ItemDataSize); + while ((ItemDataSize > 0) && (ItemDataSize >= CertList->SignatureListSize)) { + CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize; + DEBUG ((DEBUG_INFO, " CertCount = %x\n", CertCount)); + if (CertCount != 0) { + CopyMem (OldData + Offset, (UINT8*)(CertList), CertList->SignatureListSize); + Offset += CertList->SignatureListSize; + } + ItemDataSize -= CertList->SignatureListSize; + CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize); + } + + DataSize = Offset; + if ((Attr & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { + Status = CreateTimeBasedPayload (&DataSize, &OldData); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Fail to create time-based data payload: %r", Status)); + goto ON_EXIT; + } + } + + Status = gRT->SetVariable( + VariableName, + VendorGuid, + Attr, + DataSize, + OldData + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r\n", Status)); + goto ON_EXIT; + } + +ON_EXIT: + if (Data != NULL) { + FreePool(Data); + } + + if (OldData != NULL) { + FreePool(OldData); + } + + return UpdateDeletePage ( + PrivateData, + VariableName, + VendorGuid, + LabelNumber, + FormId, + QuestionIdBase + ); +} + +/** + This function to delete signature list or data, according by DelType. + + @param[in] PrivateData Module's private data. + @param[in] DelType Indicate delete signature list or data. + @param[in] CheckedCount Indicate how many signature data have + been checked in current signature list. + + @retval EFI_SUCCESS Success to update the signature list page + @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources. +**/ +EFI_STATUS +DeleteSignatureEx ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN SIGNATURE_DELETE_TYPE DelType, + IN UINT32 CheckedCount + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *ListWalker; + EFI_SIGNATURE_LIST *NewCertList; + EFI_SIGNATURE_DATA *DataWalker; + CHAR16 VariableName[BUFFER_MAX_SIZE]; + UINT32 VariableAttr; + UINTN VariableDataSize; + UINTN RemainingSize; + UINTN ListIndex; + UINTN Index; + UINTN Offset; + UINT8 *VariableData; + UINT8 *NewVariableData; + + Status = EFI_SUCCESS; + VariableAttr = 0; + VariableDataSize = 0; + ListIndex = 0; + Offset = 0; + VariableData = NULL; + NewVariableData = NULL; + + if (PrivateData->VariableName == Variable_DB) { + UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE); + } else if (PrivateData->VariableName == Variable_DBX) { + UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE1); + } else if (PrivateData->VariableName == Variable_DBT) { + UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE2); + } else { + goto ON_EXIT; + } + + Status = gRT->GetVariable ( + VariableName, + &gEfiImageSecurityDatabaseGuid, + &VariableAttr, + &VariableDataSize, + VariableData + ); + if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { + goto ON_EXIT; + } + + VariableData = AllocateZeroPool (VariableDataSize); + if (VariableData == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + Status = gRT->GetVariable ( + VariableName, + &gEfiImageSecurityDatabaseGuid, + &VariableAttr, + &VariableDataSize, + VariableData + ); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + Status = SetSecureBootMode (CUSTOM_SECURE_BOOT_MODE); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + NewVariableData = AllocateZeroPool (VariableDataSize); + if (NewVariableData == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + RemainingSize = VariableDataSize; + ListWalker = (EFI_SIGNATURE_LIST *)(VariableData); + if (DelType == Delete_Signature_List_All) { + VariableDataSize = 0; + } else { + // + // Traverse to target EFI_SIGNATURE_LIST but others will be skipped. + // + while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize) && ListIndex < PrivateData->ListIndex) { + CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, ListWalker->SignatureListSize); + Offset += ListWalker->SignatureListSize; + + RemainingSize -= ListWalker->SignatureListSize; + ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); + ListIndex++; + } + + // + // Handle the target EFI_SIGNATURE_LIST. + // If CheckedCount == SIGNATURE_DATA_COUNTS (ListWalker) or DelType == Delete_Signature_List_One + // it means delete the whole EFI_SIGNATURE_LIST, So we just skip this EFI_SIGNATURE_LIST. + // + if (CheckedCount < SIGNATURE_DATA_COUNTS (ListWalker) && DelType == Delete_Signature_Data) { + NewCertList = (EFI_SIGNATURE_LIST *)(NewVariableData + Offset); + // + // Copy header. + // + CopyMem ((UINT8 *)NewVariableData + Offset, ListWalker, sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); + Offset += sizeof (EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize; + + DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); + for (Index = 0; Index < SIGNATURE_DATA_COUNTS(ListWalker); Index = Index + 1) { + if (PrivateData->CheckArray[Index]) { + // + // Delete checked signature data, and update the size of whole signature list. + // + NewCertList->SignatureListSize -= NewCertList->SignatureSize; + } else { + // + // Remain the unchecked signature data. + // + CopyMem ((UINT8 *)NewVariableData + Offset, DataWalker, ListWalker->SignatureSize); + Offset += ListWalker->SignatureSize; + } + DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize); + } + } + + RemainingSize -= ListWalker->SignatureListSize; + ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); + + // + // Copy remaining data, maybe 0. + // + CopyMem((UINT8 *)NewVariableData + Offset, ListWalker, RemainingSize); + Offset += RemainingSize; + + VariableDataSize = Offset; + } + + if ((VariableAttr & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) { + Status = CreateTimeBasedPayload (&VariableDataSize, &NewVariableData); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Fail to create time-based data payload: %r", Status)); + goto ON_EXIT; + } + } + + Status = gRT->SetVariable ( + VariableName, + &gEfiImageSecurityDatabaseGuid, + VariableAttr, + VariableDataSize, + NewVariableData + ); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to set variable, Status = %r", Status)); + goto ON_EXIT; + } + +ON_EXIT: + SECUREBOOT_FREE_NON_NULL (VariableData); + SECUREBOOT_FREE_NON_NULL (NewVariableData); + + return Status; +} + +/** + + Update SecureBoot strings based on new Secure Boot Mode State. String includes STR_SECURE_BOOT_STATE_CONTENT + and STR_CUR_SECURE_BOOT_MODE_CONTENT. + + @param[in] PrivateData Module's private data. + + @return EFI_SUCCESS Update secure boot strings successfully. + @return other Fail to update secure boot strings. + +**/ +EFI_STATUS +UpdateSecureBootString( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private + ) +{ + UINT8 *SecureBoot; + + SecureBoot = NULL; + + // + // Get current secure boot state. + // + GetVariable2 (EFI_SECURE_BOOT_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SecureBoot, NULL); + if (SecureBoot == NULL) { + return EFI_NOT_FOUND; + } + + if (*SecureBoot == SECURE_BOOT_MODE_ENABLE) { + HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Enabled", NULL); + } else { + HiiSetString (Private->HiiHandle, STRING_TOKEN (STR_SECURE_BOOT_STATE_CONTENT), L"Disabled", NULL); + } + + FreePool(SecureBoot); + + return EFI_SUCCESS; +} + +/** + This function extracts configuration from variable. + + @param[in] Private Point to SecureBoot configuration driver private data. + @param[in, out] ConfigData Point to SecureBoot configuration private data. + +**/ +VOID +SecureBootExtractConfigFromVariable ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *Private, + IN OUT SECUREBOOT_CONFIGURATION *ConfigData + ) +{ + UINT8 *SecureBootEnable; + UINT8 *SetupMode; + UINT8 *SecureBootMode; + EFI_TIME CurrTime; + + SecureBootEnable = NULL; + SetupMode = NULL; + SecureBootMode = NULL; + + // + // Initialize the Date and Time using system time. + // + ConfigData->CertificateFormat = HASHALG_RAW; + ConfigData->AlwaysRevocation = TRUE; + gRT->GetTime (&CurrTime, NULL); + ConfigData->RevocationDate.Year = CurrTime.Year; + ConfigData->RevocationDate.Month = CurrTime.Month; + ConfigData->RevocationDate.Day = CurrTime.Day; + ConfigData->RevocationTime.Hour = CurrTime.Hour; + ConfigData->RevocationTime.Minute = CurrTime.Minute; + ConfigData->RevocationTime.Second = 0; + if (Private->FileContext->FHandle != NULL) { + ConfigData->FileEnrollType = Private->FileContext->FileType; + } else { + ConfigData->FileEnrollType = UNKNOWN_FILE_TYPE; + } + + // + // If it is Physical Presence User, set the PhysicalPresent to true. + // + if (UserPhysicalPresent()) { + ConfigData->PhysicalPresent = TRUE; + } else { + ConfigData->PhysicalPresent = FALSE; + } + + // + // If there is no PK then the Delete Pk button will be gray. + // + GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL); + if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) { + ConfigData->HasPk = FALSE; + } else { + ConfigData->HasPk = TRUE; + } + + // + // Check SecureBootEnable & Pk status, fix the inconsistency. + // If the SecureBootEnable Variable doesn't exist, hide the SecureBoot Enable/Disable + // Checkbox. + // + ConfigData->AttemptSecureBoot = FALSE; + GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); + + // + // Fix Pk and SecureBootEnable inconsistency + // + if ((SetupMode != NULL) && (*SetupMode) == USER_MODE) { + ConfigData->HideSecureBoot = FALSE; + if ((SecureBootEnable != NULL) && (*SecureBootEnable == SECURE_BOOT_ENABLE)) { + ConfigData->AttemptSecureBoot = TRUE; + } + } else { + ConfigData->HideSecureBoot = TRUE; + } + + // + // Get the SecureBootMode from CustomMode variable. + // + GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL); + if (SecureBootMode == NULL) { + ConfigData->SecureBootMode = STANDARD_SECURE_BOOT_MODE; + } else { + ConfigData->SecureBootMode = *(SecureBootMode); + } + + if (SecureBootEnable != NULL) { + FreePool (SecureBootEnable); + } + if (SetupMode != NULL) { + FreePool (SetupMode); + } + if (SecureBootMode != NULL) { + FreePool (SecureBootMode); + } +} + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Request A null-terminated Unicode string in + <ConfigRequest> format. + @param[out] Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param[out] Results A null-terminated Unicode string in + <ConfigAltResp> format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +SecureBootExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ) +{ + EFI_STATUS Status; + UINTN BufferSize; + UINTN Size; + SECUREBOOT_CONFIGURATION Configuration; + EFI_STRING ConfigRequest; + EFI_STRING ConfigRequestHdr; + SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + BOOLEAN AllocatedRequest; + + if (Progress == NULL || Results == NULL) { + return EFI_INVALID_PARAMETER; + } + + AllocatedRequest = FALSE; + ConfigRequestHdr = NULL; + ConfigRequest = NULL; + Size = 0; + + ZeroMem (&Configuration, sizeof (Configuration)); + PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); + *Progress = Request; + + if ((Request != NULL) && !HiiIsConfigHdrMatch (Request, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) { + return EFI_NOT_FOUND; + } + + ZeroMem(&Configuration, sizeof(SECUREBOOT_CONFIGURATION)); + + // + // Get Configuration from Variable. + // + SecureBootExtractConfigFromVariable (PrivateData, &Configuration); + + BufferSize = sizeof (SECUREBOOT_CONFIGURATION); + ConfigRequest = Request; + if ((Request == NULL) || (StrStr (Request, L"OFFSET") == NULL)) { + // + // Request is set to NULL or OFFSET is NULL, construct full request string. + // + // Allocate and fill a buffer large enough to hold the <ConfigHdr> template + // followed by "&OFFSET=0&WIDTH=WWWWWWWWWWWWWWWW" followed by a Null-terminator + // + ConfigRequestHdr = HiiConstructConfigHdr (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, PrivateData->DriverHandle); + Size = (StrLen (ConfigRequestHdr) + 32 + 1) * sizeof (CHAR16); + ConfigRequest = AllocateZeroPool (Size); + ASSERT (ConfigRequest != NULL); + AllocatedRequest = TRUE; + UnicodeSPrint (ConfigRequest, Size, L"%s&OFFSET=0&WIDTH=%016LX", ConfigRequestHdr, (UINT64)BufferSize); + FreePool (ConfigRequestHdr); + ConfigRequestHdr = NULL; + } + + Status = gHiiConfigRouting->BlockToConfig ( + gHiiConfigRouting, + ConfigRequest, + (UINT8 *) &Configuration, + BufferSize, + Results, + Progress + ); + + // + // Free the allocated config request string. + // + if (AllocatedRequest) { + FreePool (ConfigRequest); + } + + // + // Set Progress string to the original request string. + // + if (Request == NULL) { + *Progress = NULL; + } else if (StrStr (Request, L"OFFSET") == NULL) { + *Progress = Request + StrLen (Request); + } + + return Status; +} + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Configuration A null-terminated Unicode string in <ConfigResp> + format. + @param[out] Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +SecureBootRouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ) +{ + SECUREBOOT_CONFIGURATION IfrNvData; + UINTN BufferSize; + SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + EFI_STATUS Status; + + if (Configuration == NULL || Progress == NULL) { + return EFI_INVALID_PARAMETER; + } + + *Progress = Configuration; + if (!HiiIsConfigHdrMatch (Configuration, &gSecureBootConfigFormSetGuid, mSecureBootStorageName)) { + return EFI_NOT_FOUND; + } + + PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); + + // + // Get Configuration from Variable. + // + SecureBootExtractConfigFromVariable (PrivateData, &IfrNvData); + + // + // Map the Configuration to the configuration block. + // + BufferSize = sizeof (SECUREBOOT_CONFIGURATION); + Status = gHiiConfigRouting->ConfigToBlock ( + gHiiConfigRouting, + Configuration, + (UINT8 *)&IfrNvData, + &BufferSize, + Progress + ); + if (EFI_ERROR (Status)) { + return Status; + } + + // + // Store Buffer Storage back to EFI variable if needed + // + if (!IfrNvData.HideSecureBoot) { + Status = SaveSecureBootVariable (IfrNvData.AttemptSecureBoot); + if (EFI_ERROR (Status)) { + return Status; + } + } + + *Progress = Configuration + StrLen (Configuration); + return EFI_SUCCESS; +} + +/** + This function to load signature list, the update the menu page. + + @param[in] PrivateData Module's private data. + @param[in] LabelId Label number to insert opcodes. + @param[in] FormId Form ID of current page. + @param[in] QuestionIdBase Base question id of the signature list. + + @retval EFI_SUCCESS Success to update the signature list page + @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources. +**/ +EFI_STATUS +LoadSignatureList ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN UINT16 LabelId, + IN EFI_FORM_ID FormId, + IN EFI_QUESTION_ID QuestionIdBase + ) +{ + EFI_STATUS Status; + EFI_STRING_ID ListType; + EFI_STRING FormatNameString; + EFI_STRING FormatHelpString; + EFI_STRING FormatTypeString; + EFI_SIGNATURE_LIST *ListWalker; + EFI_IFR_GUID_LABEL *StartLabel; + EFI_IFR_GUID_LABEL *EndLabel; + EFI_IFR_GUID_LABEL *StartGoto; + EFI_IFR_GUID_LABEL *EndGoto; + EFI_FORM_ID DstFormId; + VOID *StartOpCodeHandle; + VOID *EndOpCodeHandle; + VOID *StartGotoHandle; + VOID *EndGotoHandle; + UINTN DataSize; + UINTN RemainingSize; + UINT16 Index; + UINT8 *VariableData; + CHAR16 VariableName[BUFFER_MAX_SIZE]; + CHAR16 NameBuffer[BUFFER_MAX_SIZE]; + CHAR16 HelpBuffer[BUFFER_MAX_SIZE]; + + Status = EFI_SUCCESS; + FormatNameString = NULL; + FormatHelpString = NULL; + StartOpCodeHandle = NULL; + EndOpCodeHandle = NULL; + StartGotoHandle = NULL; + EndGotoHandle = NULL; + Index = 0; + VariableData = NULL; + + // + // Initialize the container for dynamic opcodes. + // + StartOpCodeHandle = HiiAllocateOpCodeHandle (); + if (StartOpCodeHandle == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + EndOpCodeHandle = HiiAllocateOpCodeHandle (); + if (EndOpCodeHandle == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + StartGotoHandle = HiiAllocateOpCodeHandle (); + if (StartGotoHandle == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + EndGotoHandle = HiiAllocateOpCodeHandle (); + if (EndGotoHandle == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Create Hii Extend Label OpCode. + // + StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + StartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartLabel->Number = LabelId; + + EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + EndOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number = LABEL_END; + + StartGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode( + StartGotoHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof(EFI_IFR_GUID_LABEL) + ); + StartGoto->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartGoto->Number = LABEL_DELETE_ALL_LIST_BUTTON; + + EndGoto = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode( + EndGotoHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof(EFI_IFR_GUID_LABEL) + ); + EndGoto->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndGoto->Number = LABEL_END; + + if (PrivateData->VariableName == Variable_DB) { + UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE); + DstFormId = FORMID_SECURE_BOOT_DB_OPTION_FORM; + } else if (PrivateData->VariableName == Variable_DBX) { + UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE1); + DstFormId = FORMID_SECURE_BOOT_DBX_OPTION_FORM; + } else if (PrivateData->VariableName == Variable_DBT) { + UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE2); + DstFormId = FORMID_SECURE_BOOT_DBT_OPTION_FORM; + } else { + goto ON_EXIT; + } + + HiiCreateGotoOpCode ( + StartGotoHandle, + DstFormId, + STRING_TOKEN (STR_SECURE_BOOT_DELETE_ALL_LIST), + STRING_TOKEN (STR_SECURE_BOOT_DELETE_ALL_LIST), + EFI_IFR_FLAG_CALLBACK, + KEY_SECURE_BOOT_DELETE_ALL_LIST + ); + + // + // Read Variable, the variable name save in the PrivateData->VariableName. + // + DataSize = 0; + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData); + if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { + goto ON_EXIT; + } + + VariableData = AllocateZeroPool (DataSize); + if (VariableData == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_NAME_FORMAT), NULL); + FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_LIST_HELP_FORMAT), NULL); + if (FormatNameString == NULL || FormatHelpString == NULL) { + goto ON_EXIT; + } + + RemainingSize = DataSize; + ListWalker = (EFI_SIGNATURE_LIST *)VariableData; + while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize)) { + if (CompareGuid (&ListWalker->SignatureType, &gEfiCertRsa2048Guid)) { + ListType = STRING_TOKEN (STR_LIST_TYPE_RSA2048_SHA256); + } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertX509Guid)) { + ListType = STRING_TOKEN (STR_LIST_TYPE_X509); + } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertSha1Guid)) { + ListType = STRING_TOKEN (STR_LIST_TYPE_SHA1); + } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertSha256Guid)) { + ListType = STRING_TOKEN (STR_LIST_TYPE_SHA256); + } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertX509Sha256Guid)) { + ListType = STRING_TOKEN (STR_LIST_TYPE_X509_SHA256); + } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertX509Sha384Guid)) { + ListType = STRING_TOKEN (STR_LIST_TYPE_X509_SHA384); + } else if (CompareGuid (&ListWalker->SignatureType, &gEfiCertX509Sha512Guid)) { + ListType = STRING_TOKEN (STR_LIST_TYPE_X509_SHA512); + } else { + ListType = STRING_TOKEN (STR_LIST_TYPE_UNKNOWN); + } + FormatTypeString = HiiGetString (PrivateData->HiiHandle, ListType, NULL); + if (FormatTypeString == NULL) { + goto ON_EXIT; + } + + ZeroMem (NameBuffer, sizeof (NameBuffer)); + UnicodeSPrint (NameBuffer, sizeof (NameBuffer), FormatNameString, Index + 1); + + ZeroMem (HelpBuffer, sizeof (HelpBuffer)); + UnicodeSPrint (HelpBuffer, + sizeof (HelpBuffer), + FormatHelpString, + FormatTypeString, + SIGNATURE_DATA_COUNTS (ListWalker) + ); + SECUREBOOT_FREE_NON_NULL (FormatTypeString); + FormatTypeString = NULL; + + HiiCreateGotoOpCode ( + StartOpCodeHandle, + SECUREBOOT_DELETE_SIGNATURE_DATA_FORM, + HiiSetString (PrivateData->HiiHandle, 0, NameBuffer, NULL), + HiiSetString (PrivateData->HiiHandle, 0, HelpBuffer, NULL), + EFI_IFR_FLAG_CALLBACK, + QuestionIdBase + Index++ + ); + + RemainingSize -= ListWalker->SignatureListSize; + ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); + } + +ON_EXIT: + HiiUpdateForm ( + PrivateData->HiiHandle, + &gSecureBootConfigFormSetGuid, + FormId, + StartOpCodeHandle, + EndOpCodeHandle + ); + + HiiUpdateForm ( + PrivateData->HiiHandle, + &gSecureBootConfigFormSetGuid, + FormId, + StartGotoHandle, + EndGotoHandle + ); + + SECUREBOOT_FREE_NON_OPCODE (StartOpCodeHandle); + SECUREBOOT_FREE_NON_OPCODE (EndOpCodeHandle); + SECUREBOOT_FREE_NON_OPCODE (StartGotoHandle); + SECUREBOOT_FREE_NON_OPCODE (EndGotoHandle); + + SECUREBOOT_FREE_NON_NULL (VariableData); + SECUREBOOT_FREE_NON_NULL (FormatNameString); + SECUREBOOT_FREE_NON_NULL (FormatHelpString); + + PrivateData->ListCount = Index; + + return Status; +} + +/** + Parse hash value from EFI_SIGNATURE_DATA, and save in the CHAR16 type array. + The buffer is callee allocated and should be freed by the caller. + + @param[in] ListEntry The pointer point to the signature list. + @param[in] DataEntry The signature data we are processing. + @param[out] BufferToReturn Buffer to save the hash value. + + @retval EFI_INVALID_PARAMETER Invalid List or Data or Buffer. + @retval EFI_OUT_OF_RESOURCES A memory allocation failed. + @retval EFI_SUCCESS Operation success. +**/ +EFI_STATUS +ParseHashValue ( + IN EFI_SIGNATURE_LIST *ListEntry, + IN EFI_SIGNATURE_DATA *DataEntry, + OUT CHAR16 **BufferToReturn + ) +{ + UINTN Index; + UINTN BufferIndex; + UINTN TotalSize; + UINTN DataSize; + UINTN Line; + UINTN OneLineBytes; + + // + // Assume that, display 8 bytes in one line. + // + OneLineBytes = 8; + + if (ListEntry == NULL || DataEntry == NULL || BufferToReturn == NULL) { + return EFI_INVALID_PARAMETER; + } + + DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID); + Line = (DataSize + OneLineBytes - 1) / OneLineBytes; + + // + // Each byte will split two Hex-number, and each line need additional memory to save '\r\n'. + // + TotalSize = ((DataSize + Line) * 2 * sizeof(CHAR16)); + + *BufferToReturn = AllocateZeroPool(TotalSize); + if (*BufferToReturn == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + for (Index = 0, BufferIndex = 0; Index < DataSize; Index = Index + 1) { + if ((Index > 0) && (Index % OneLineBytes == 0)) { + BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"\n"); + } + BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"%02x", DataEntry->SignatureData[Index]); + } + BufferIndex += UnicodeSPrint(&(*BufferToReturn)[BufferIndex], TotalSize - sizeof(CHAR16) * BufferIndex, L"\n"); + + return EFI_SUCCESS; +} + +/** + Function to get the common name from the X509 format certificate. + The buffer is callee allocated and should be freed by the caller. + + @param[in] ListEntry The pointer point to the signature list. + @param[in] DataEntry The signature data we are processing. + @param[out] BufferToReturn Buffer to save the CN of X509 certificate. + + @retval EFI_INVALID_PARAMETER Invalid List or Data or Buffer. + @retval EFI_OUT_OF_RESOURCES A memory allocation failed. + @retval EFI_SUCCESS Operation success. + @retval EFI_NOT_FOUND Not found CN field in the X509 certificate. +**/ +EFI_STATUS +GetCommonNameFromX509 ( + IN EFI_SIGNATURE_LIST *ListEntry, + IN EFI_SIGNATURE_DATA *DataEntry, + OUT CHAR16 **BufferToReturn + ) +{ + EFI_STATUS Status; + CHAR8 *CNBuffer; + UINTN CNBufferSize; + + Status = EFI_SUCCESS; + CNBuffer = NULL; + + CNBuffer = AllocateZeroPool(256); + if (CNBuffer == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + CNBufferSize = 256; + X509GetCommonName ( + (UINT8 *)DataEntry + sizeof(EFI_GUID), + ListEntry->SignatureSize - sizeof(EFI_GUID), + CNBuffer, + &CNBufferSize + ); + + *BufferToReturn = AllocateZeroPool(256 * sizeof(CHAR16)); + if (*BufferToReturn == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + AsciiStrToUnicodeStrS (CNBuffer, *BufferToReturn, 256); + +ON_EXIT: + SECUREBOOT_FREE_NON_NULL (CNBuffer); + + return Status; +} + +/** + Format the help info for the signature data, each help info contain 3 parts. + 1. Onwer Guid. + 2. Content, depends on the type of the signature list. + 3. Revocation time. + + @param[in] PrivateData Module's private data. + @param[in] ListEntry Point to the signature list. + @param[in] DataEntry Point to the signature data we are processing. + @param[out] StringId Save the string id of help info. + + @retval EFI_SUCCESS Operation success. + @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources. +**/ +EFI_STATUS +FormatHelpInfo ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN EFI_SIGNATURE_LIST *ListEntry, + IN EFI_SIGNATURE_DATA *DataEntry, + OUT EFI_STRING_ID *StringId + ) +{ + EFI_STATUS Status; + EFI_TIME *Time; + EFI_STRING_ID ListTypeId; + EFI_STRING FormatHelpString; + EFI_STRING FormatTypeString; + UINTN DataSize; + UINTN HelpInfoIndex; + UINTN TotalSize; + CHAR16 GuidString[BUFFER_MAX_SIZE]; + CHAR16 TimeString[BUFFER_MAX_SIZE]; + CHAR16 *DataString; + CHAR16 *HelpInfoString; + BOOLEAN IsCert; + + Status = EFI_SUCCESS; + Time = NULL; + FormatTypeString = NULL; + HelpInfoIndex = 0; + DataString = NULL; + HelpInfoString = NULL; + IsCert = FALSE; + + if (CompareGuid(&ListEntry->SignatureType, &gEfiCertRsa2048Guid)) { + ListTypeId = STRING_TOKEN(STR_LIST_TYPE_RSA2048_SHA256); + DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID); + IsCert = TRUE; + } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Guid)) { + ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509); + DataSize = ListEntry->SignatureSize - sizeof(EFI_GUID); + IsCert = TRUE; + } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertSha1Guid)) { + ListTypeId = STRING_TOKEN(STR_LIST_TYPE_SHA1); + DataSize = 20; + } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertSha256Guid)) { + ListTypeId = STRING_TOKEN(STR_LIST_TYPE_SHA256); + DataSize = 32; + } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha256Guid)) { + ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA256); + DataSize = 32; + Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize); + } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha384Guid)) { + ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA384); + DataSize = 48; + Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize); + } else if (CompareGuid(&ListEntry->SignatureType, &gEfiCertX509Sha512Guid)) { + ListTypeId = STRING_TOKEN(STR_LIST_TYPE_X509_SHA512); + DataSize = 64; + Time = (EFI_TIME *)(DataEntry->SignatureData + DataSize); + } else { + Status = EFI_UNSUPPORTED; + goto ON_EXIT; + } + + FormatTypeString = HiiGetString (PrivateData->HiiHandle, ListTypeId, NULL); + if (FormatTypeString == NULL) { + goto ON_EXIT; + } + + TotalSize = 1024; + HelpInfoString = AllocateZeroPool (TotalSize); + if (HelpInfoString == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Format GUID part. + // + ZeroMem (GuidString, sizeof (GuidString)); + GuidToString(&DataEntry->SignatureOwner, GuidString, BUFFER_MAX_SIZE); + FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_GUID), NULL); + if (FormatHelpString == NULL) { + goto ON_EXIT; + } + HelpInfoIndex += UnicodeSPrint ( + &HelpInfoString[HelpInfoIndex], + TotalSize - sizeof(CHAR16) * HelpInfoIndex, + FormatHelpString, + GuidString + ); + SECUREBOOT_FREE_NON_NULL (FormatHelpString); + FormatHelpString = NULL; + + // + // Format content part, it depends on the type of signature list, hash value or CN. + // + if (IsCert) { + GetCommonNameFromX509 (ListEntry, DataEntry, &DataString); + FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_CN), NULL); + } else { + // + // Format hash value for each signature data entry. + // + ParseHashValue (ListEntry, DataEntry, &DataString); + FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_HASH), NULL); + } + if (FormatHelpString == NULL) { + goto ON_EXIT; + } + HelpInfoIndex += UnicodeSPrint ( + &HelpInfoString[HelpInfoIndex], + TotalSize - sizeof (CHAR16) * HelpInfoIndex, + FormatHelpString, + FormatTypeString, + DataSize, + DataString + ); + SECUREBOOT_FREE_NON_NULL (FormatHelpString); + FormatHelpString = NULL; + + // + // Format revocation time part. + // + if (Time != NULL) { + ZeroMem (TimeString, sizeof (TimeString)); + UnicodeSPrint ( + TimeString, + sizeof (TimeString), + L"%d-%d-%d %d:%d:%d", + Time->Year, + Time->Month, + Time->Day, + Time->Hour, + Time->Minute, + Time->Second + ); + FormatHelpString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_HELP_FORMAT_TIME), NULL); + if (FormatHelpString == NULL) { + goto ON_EXIT; + } + UnicodeSPrint ( + &HelpInfoString[HelpInfoIndex], + TotalSize - sizeof (CHAR16) * HelpInfoIndex, + FormatHelpString, + TimeString + ); + SECUREBOOT_FREE_NON_NULL (FormatHelpString); + FormatHelpString = NULL; + } + + *StringId = HiiSetString (PrivateData->HiiHandle, 0, HelpInfoString, NULL); +ON_EXIT: + SECUREBOOT_FREE_NON_NULL (DataString); + SECUREBOOT_FREE_NON_NULL (HelpInfoString); + + SECUREBOOT_FREE_NON_NULL (FormatTypeString); + + return Status; +} + +/** + This function to load signature data under the signature list. + + @param[in] PrivateData Module's private data. + @param[in] LabelId Label number to insert opcodes. + @param[in] FormId Form ID of current page. + @param[in] QuestionIdBase Base question id of the signature list. + @param[in] ListIndex Indicate to load which signature list. + + @retval EFI_SUCCESS Success to update the signature list page + @retval EFI_OUT_OF_RESOURCES Unable to allocate required resources. +**/ +EFI_STATUS +LoadSignatureData ( + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData, + IN UINT16 LabelId, + IN EFI_FORM_ID FormId, + IN EFI_QUESTION_ID QuestionIdBase, + IN UINT16 ListIndex + ) +{ + EFI_STATUS Status; + EFI_SIGNATURE_LIST *ListWalker; + EFI_SIGNATURE_DATA *DataWalker; + EFI_IFR_GUID_LABEL *StartLabel; + EFI_IFR_GUID_LABEL *EndLabel; + EFI_STRING_ID HelpStringId; + EFI_STRING FormatNameString; + VOID *StartOpCodeHandle; + VOID *EndOpCodeHandle; + UINTN DataSize; + UINTN RemainingSize; + UINT16 Index; + UINT8 *VariableData; + CHAR16 VariableName[BUFFER_MAX_SIZE]; + CHAR16 NameBuffer[BUFFER_MAX_SIZE]; + + Status = EFI_SUCCESS; + FormatNameString = NULL; + StartOpCodeHandle = NULL; + EndOpCodeHandle = NULL; + Index = 0; + VariableData = NULL; + + // + // Initialize the container for dynamic opcodes. + // + StartOpCodeHandle = HiiAllocateOpCodeHandle (); + if (StartOpCodeHandle == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + EndOpCodeHandle = HiiAllocateOpCodeHandle (); + if (EndOpCodeHandle == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + + // + // Create Hii Extend Label OpCode. + // + StartLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + StartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + StartLabel->Number = LabelId; + + EndLabel = (EFI_IFR_GUID_LABEL *)HiiCreateGuidOpCode ( + EndOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + EndLabel->Number = LABEL_END; + + if (PrivateData->VariableName == Variable_DB) { + UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE); + } else if (PrivateData->VariableName == Variable_DBX) { + UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE1); + } else if (PrivateData->VariableName == Variable_DBT) { + UnicodeSPrint (VariableName, sizeof (VariableName), EFI_IMAGE_SECURITY_DATABASE2); + } else { + goto ON_EXIT; + } + + // + // Read Variable, the variable name save in the PrivateData->VariableName. + // + DataSize = 0; + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData); + if (EFI_ERROR (Status) && Status != EFI_BUFFER_TOO_SMALL) { + goto ON_EXIT; + } + + VariableData = AllocateZeroPool (DataSize); + if (VariableData == NULL) { + Status = EFI_OUT_OF_RESOURCES; + goto ON_EXIT; + } + Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, VariableData); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + RemainingSize = DataSize; + ListWalker = (EFI_SIGNATURE_LIST *)VariableData; + + // + // Skip signature list. + // + while ((RemainingSize > 0) && (RemainingSize >= ListWalker->SignatureListSize) && ListIndex-- > 0) { + RemainingSize -= ListWalker->SignatureListSize; + ListWalker = (EFI_SIGNATURE_LIST *)((UINT8 *)ListWalker + ListWalker->SignatureListSize); + } + + FormatNameString = HiiGetString (PrivateData->HiiHandle, STRING_TOKEN (STR_SIGNATURE_DATA_NAME_FORMAT), NULL); + if (FormatNameString == NULL) { + goto ON_EXIT; + } + + DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)ListWalker + sizeof(EFI_SIGNATURE_LIST) + ListWalker->SignatureHeaderSize); + for (Index = 0; Index < SIGNATURE_DATA_COUNTS(ListWalker); Index = Index + 1) { + // + // Format name buffer. + // + ZeroMem (NameBuffer, sizeof (NameBuffer)); + UnicodeSPrint (NameBuffer, sizeof (NameBuffer), FormatNameString, Index + 1); + + // + // Format help info buffer. + // + Status = FormatHelpInfo (PrivateData, ListWalker, DataWalker, &HelpStringId); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + HiiCreateCheckBoxOpCode ( + StartOpCodeHandle, + (EFI_QUESTION_ID)(QuestionIdBase + Index), + 0, + 0, + HiiSetString (PrivateData->HiiHandle, 0, NameBuffer, NULL), + HelpStringId, + EFI_IFR_FLAG_CALLBACK, + 0, + NULL + ); + + ZeroMem(NameBuffer, 100); + DataWalker = (EFI_SIGNATURE_DATA *)((UINT8 *)DataWalker + ListWalker->SignatureSize); + } + + // + // Allocate a buffer to record which signature data will be checked. + // This memory buffer will be freed when exit from the SECUREBOOT_DELETE_SIGNATURE_DATA_FORM form. + // + PrivateData->CheckArray = AllocateZeroPool (SIGNATURE_DATA_COUNTS (ListWalker) * sizeof (BOOLEAN)); +ON_EXIT: + HiiUpdateForm ( + PrivateData->HiiHandle, + &gSecureBootConfigFormSetGuid, + FormId, + StartOpCodeHandle, + EndOpCodeHandle + ); + + SECUREBOOT_FREE_NON_OPCODE (StartOpCodeHandle); + SECUREBOOT_FREE_NON_OPCODE (EndOpCodeHandle); + + SECUREBOOT_FREE_NON_NULL (VariableData); + SECUREBOOT_FREE_NON_NULL (FormatNameString); + + return Status; +} + +/** + This function is called to provide results data to the driver. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Action Specifies the type of action taken by the browser. + @param[in] QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the original + exporting driver. + @param[out] ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +SecureBootCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ) +{ + EFI_INPUT_KEY Key; + EFI_STATUS Status; + RETURN_STATUS RStatus; + SECUREBOOT_CONFIG_PRIVATE_DATA *Private; + UINTN BufferSize; + SECUREBOOT_CONFIGURATION *IfrNvData; + UINT16 LabelId; + UINT8 *SecureBootEnable; + UINT8 *Pk; + UINT8 *SecureBootMode; + UINT8 *SetupMode; + CHAR16 PromptString[100]; + EFI_DEVICE_PATH_PROTOCOL *File; + UINTN NameLength; + UINT16 *FilePostFix; + SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData; + BOOLEAN GetBrowserDataResult; + ENROLL_KEY_ERROR EnrollKeyErrorCode; + + Status = EFI_SUCCESS; + SecureBootEnable = NULL; + SecureBootMode = NULL; + SetupMode = NULL; + File = NULL; + EnrollKeyErrorCode = None_Error; + + if ((This == NULL) || (Value == NULL) || (ActionRequest == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Private = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); + + gSecureBootPrivateData = Private; + + // + // Retrieve uncommitted data from Browser + // + BufferSize = sizeof (SECUREBOOT_CONFIGURATION); + IfrNvData = AllocateZeroPool (BufferSize); + if (IfrNvData == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + GetBrowserDataResult = HiiGetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8 *) IfrNvData); + + if (Action == EFI_BROWSER_ACTION_FORM_OPEN) { + if (QuestionId == KEY_SECURE_BOOT_MODE) { + // + // Update secure boot strings when opening this form + // + Status = UpdateSecureBootString(Private); + SecureBootExtractConfigFromVariable (Private, IfrNvData); + mIsEnterSecureBootForm = TRUE; + } else { + // + // When entering SecureBoot OPTION Form + // always close opened file & free resource + // + if ((QuestionId == KEY_SECURE_BOOT_PK_OPTION) || + (QuestionId == KEY_SECURE_BOOT_KEK_OPTION) || + (QuestionId == KEY_SECURE_BOOT_DB_OPTION) || + (QuestionId == KEY_SECURE_BOOT_DBX_OPTION) || + (QuestionId == KEY_SECURE_BOOT_DBT_OPTION)) { + CloseEnrolledFile(Private->FileContext); + } else if (QuestionId == KEY_SECURE_BOOT_DELETE_ALL_LIST) { + // + // Update ListCount field in varstore + // Button "Delete All Signature List" is + // enable when ListCount is greater than 0. + // + IfrNvData->ListCount = Private->ListCount; + } + } + goto EXIT; + } + + if (Action == EFI_BROWSER_ACTION_RETRIEVE) { + Status = EFI_UNSUPPORTED; + if (QuestionId == KEY_SECURE_BOOT_MODE) { + if (mIsEnterSecureBootForm) { + Value->u8 = SECURE_BOOT_MODE_STANDARD; + Status = EFI_SUCCESS; + } + } + goto EXIT; + } + + if ((Action != EFI_BROWSER_ACTION_CHANGED) && + (Action != EFI_BROWSER_ACTION_CHANGING) && + (Action != EFI_BROWSER_ACTION_FORM_CLOSE) && + (Action != EFI_BROWSER_ACTION_DEFAULT_STANDARD)) { + Status = EFI_UNSUPPORTED; + goto EXIT; + } + + if (Action == EFI_BROWSER_ACTION_CHANGING) { + + switch (QuestionId) { + case KEY_SECURE_BOOT_ENABLE: + GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); + if (NULL != SecureBootEnable) { + FreePool (SecureBootEnable); + if (EFI_ERROR (SaveSecureBootVariable (Value->u8))) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Only Physical Presence User could disable secure boot!", + NULL + ); + Status = EFI_UNSUPPORTED; + } else { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Configuration changed, please reset the platform to take effect!", + NULL + ); + } + } + break; + + case KEY_SECURE_BOOT_KEK_OPTION: + case KEY_SECURE_BOOT_DB_OPTION: + case KEY_SECURE_BOOT_DBX_OPTION: + case KEY_SECURE_BOOT_DBT_OPTION: + PrivateData = SECUREBOOT_CONFIG_PRIVATE_FROM_THIS (This); + // + // Clear Signature GUID. + // + ZeroMem (IfrNvData->SignatureGuid, sizeof (IfrNvData->SignatureGuid)); + if (Private->SignatureGUID == NULL) { + Private->SignatureGUID = (EFI_GUID *) AllocateZeroPool (sizeof (EFI_GUID)); + if (Private->SignatureGUID == NULL) { + return EFI_OUT_OF_RESOURCES; + } + } + + // + // Cleanup VFRData once leaving PK/KEK/DB/DBX/DBT enroll/delete page + // + SecureBootExtractConfigFromVariable (PrivateData, IfrNvData); + + if (QuestionId == KEY_SECURE_BOOT_DB_OPTION) { + LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DB; + } else if (QuestionId == KEY_SECURE_BOOT_DBX_OPTION) { + LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBX; + } else if (QuestionId == KEY_SECURE_BOOT_DBT_OPTION) { + LabelId = SECUREBOOT_ENROLL_SIGNATURE_TO_DBT; + } else { + LabelId = FORMID_ENROLL_KEK_FORM; + } + + // + // Refresh selected file. + // + CleanUpPage (LabelId, Private); + break; + case KEY_SECURE_BOOT_PK_OPTION: + LabelId = FORMID_ENROLL_PK_FORM; + // + // Refresh selected file. + // + CleanUpPage (LabelId, Private); + break; + + case FORMID_ENROLL_PK_FORM: + ChooseFile (NULL, NULL, UpdatePKFromFile, &File); + break; + + case FORMID_ENROLL_KEK_FORM: + ChooseFile (NULL, NULL, UpdateKEKFromFile, &File); + break; + + case SECUREBOOT_ENROLL_SIGNATURE_TO_DB: + ChooseFile (NULL, NULL, UpdateDBFromFile, &File); + break; + + case SECUREBOOT_ENROLL_SIGNATURE_TO_DBX: + ChooseFile (NULL, NULL, UpdateDBXFromFile, &File); + + if (Private->FileContext->FHandle != NULL) { + // + // Parse the file's postfix. + // + NameLength = StrLen (Private->FileContext->FileName); + if (NameLength <= 4) { + return FALSE; + } + FilePostFix = Private->FileContext->FileName + NameLength - 4; + + if (IsDerEncodeCertificate (FilePostFix)) { + // + // Supports DER-encoded X509 certificate. + // + IfrNvData->FileEnrollType = X509_CERT_FILE_TYPE; + } else if (IsAuthentication2Format(Private->FileContext->FHandle)){ + IfrNvData->FileEnrollType = AUTHENTICATION_2_FILE_TYPE; + } else { + IfrNvData->FileEnrollType = PE_IMAGE_FILE_TYPE; + } + Private->FileContext->FileType = IfrNvData->FileEnrollType; + + // + // Clean up Certificate Format if File type is not X509 DER + // + if (IfrNvData->FileEnrollType != X509_CERT_FILE_TYPE) { + IfrNvData->CertificateFormat = HASHALG_RAW; + } + DEBUG((DEBUG_ERROR, "IfrNvData->FileEnrollType %d\n", Private->FileContext->FileType)); + } + + break; + + case SECUREBOOT_ENROLL_SIGNATURE_TO_DBT: + ChooseFile (NULL, NULL, UpdateDBTFromFile, &File); + break; + + case KEY_SECURE_BOOT_DELETE_PK: + if (Value->u8) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Are you sure you want to delete PK? Secure boot will be disabled!", + L"Press 'Y' to delete PK and exit, 'N' to discard change and return", + NULL + ); + if (Key.UnicodeChar == 'y' || Key.UnicodeChar == 'Y') { + Status = DeletePlatformKey (); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Only Physical Presence User could delete PK in custom mode!", + NULL + ); + } + } + } + break; + + case KEY_DELETE_KEK: + UpdateDeletePage ( + Private, + EFI_KEY_EXCHANGE_KEY_NAME, + &gEfiGlobalVariableGuid, + LABEL_KEK_DELETE, + FORMID_DELETE_KEK_FORM, + OPTION_DEL_KEK_QUESTION_ID + ); + break; + + case SECUREBOOT_DELETE_SIGNATURE_FROM_DB: + UpdateDeletePage ( + Private, + EFI_IMAGE_SECURITY_DATABASE, + &gEfiImageSecurityDatabaseGuid, + LABEL_DB_DELETE, + SECUREBOOT_DELETE_SIGNATURE_FROM_DB, + OPTION_DEL_DB_QUESTION_ID + ); + break; + + // + // From DBX option to the level-1 form, display signature list. + // + case KEY_VALUE_FROM_DBX_TO_LIST_FORM: + Private->VariableName = Variable_DBX; + LoadSignatureList ( + Private, + LABEL_SIGNATURE_LIST_START, + SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + OPTION_SIGNATURE_LIST_QUESTION_ID + ); + break; + + // + // Delete all signature list and reload. + // + case KEY_SECURE_BOOT_DELETE_ALL_LIST: + CreatePopUp( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press 'Y' to delete signature list.", + L"Press other key to cancel and exit.", + NULL + ); + + if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') { + DeleteSignatureEx (Private, Delete_Signature_List_All, IfrNvData->CheckedDataCount); + } + + LoadSignatureList ( + Private, + LABEL_SIGNATURE_LIST_START, + SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + OPTION_SIGNATURE_LIST_QUESTION_ID + ); + break; + + // + // Delete one signature list and reload. + // + case KEY_SECURE_BOOT_DELETE_ALL_DATA: + CreatePopUp( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press 'Y' to delete signature data.", + L"Press other key to cancel and exit.", + NULL + ); + + if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') { + DeleteSignatureEx (Private, Delete_Signature_List_One, IfrNvData->CheckedDataCount); + } + + LoadSignatureList ( + Private, + LABEL_SIGNATURE_LIST_START, + SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + OPTION_SIGNATURE_LIST_QUESTION_ID + ); + break; + + // + // Delete checked signature data and reload. + // + case KEY_SECURE_BOOT_DELETE_CHECK_DATA: + CreatePopUp( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Press 'Y' to delete signature data.", + L"Press other key to cancel and exit.", + NULL + ); + + if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') { + DeleteSignatureEx (Private, Delete_Signature_Data, IfrNvData->CheckedDataCount); + } + + LoadSignatureList ( + Private, + LABEL_SIGNATURE_LIST_START, + SECUREBOOT_DELETE_SIGNATURE_LIST_FORM, + OPTION_SIGNATURE_LIST_QUESTION_ID + ); + break; + + case SECUREBOOT_DELETE_SIGNATURE_FROM_DBT: + UpdateDeletePage ( + Private, + EFI_IMAGE_SECURITY_DATABASE2, + &gEfiImageSecurityDatabaseGuid, + LABEL_DBT_DELETE, + SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, + OPTION_DEL_DBT_QUESTION_ID + ); + + break; + + case KEY_VALUE_SAVE_AND_EXIT_KEK: + Status = EnrollKeyExchangeKey (Private); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate", + NULL + ); + } + break; + + case KEY_VALUE_SAVE_AND_EXIT_DB: + Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate and executable EFI image", + NULL + ); + } + break; + + case KEY_VALUE_SAVE_AND_EXIT_DBX: + if (IsX509CertInDbx (Private, EFI_IMAGE_SECURITY_DATABASE1)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"Enrollment failed! Same certificate had already been in the dbx!", + NULL + ); + + // + // Cert already exists in DBX. Close opened file before exit. + // + CloseEnrolledFile(Private->FileContext); + break; + } + + if ((IfrNvData != NULL) && (IfrNvData->CertificateFormat < HASHALG_MAX)) { + Status = EnrollX509HashtoSigDB ( + Private, + IfrNvData->CertificateFormat, + &IfrNvData->RevocationDate, + &IfrNvData->RevocationTime, + IfrNvData->AlwaysRevocation + ); + IfrNvData->CertificateFormat = HASHALG_RAW; + } else { + Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE1); + } + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate, AUTH_2 format data & executable EFI image", + NULL + ); + } + break; + + case KEY_VALUE_SAVE_AND_EXIT_DBT: + Status = EnrollSignatureDatabase (Private, EFI_IMAGE_SECURITY_DATABASE2); + if (EFI_ERROR (Status)) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Unsupported file type!", + L"Only supports DER-encoded X509 certificate.", + NULL + ); + } + break; + case KEY_VALUE_SAVE_AND_EXIT_PK: + // + // Check the suffix, encode type and the key strength of PK certificate. + // + Status = CheckX509Certificate (Private->FileContext, &EnrollKeyErrorCode); + if (EFI_ERROR (Status)) { + if (EnrollKeyErrorCode != None_Error && EnrollKeyErrorCode < Enroll_Error_Max) { + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + mX509EnrollPromptTitle[EnrollKeyErrorCode], + mX509EnrollPromptString[EnrollKeyErrorCode], + NULL + ); + break; + } + } else { + Status = EnrollPlatformKey (Private); + } + if (EFI_ERROR (Status)) { + UnicodeSPrint ( + PromptString, + sizeof (PromptString), + L"Error status: %x.", + Status + ); + CreatePopUp ( + EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, + &Key, + L"ERROR: Enrollment failed!", + PromptString, + NULL + ); + } + break; + default: + if ((QuestionId >= OPTION_DEL_KEK_QUESTION_ID) && + (QuestionId < (OPTION_DEL_KEK_QUESTION_ID + OPTION_CONFIG_RANGE))) { + DeleteKeyExchangeKey (Private, QuestionId); + } else if ((QuestionId >= OPTION_DEL_DB_QUESTION_ID) && + (QuestionId < (OPTION_DEL_DB_QUESTION_ID + OPTION_CONFIG_RANGE))) { + DeleteSignature ( + Private, + EFI_IMAGE_SECURITY_DATABASE, + &gEfiImageSecurityDatabaseGuid, + LABEL_DB_DELETE, + SECUREBOOT_DELETE_SIGNATURE_FROM_DB, + OPTION_DEL_DB_QUESTION_ID, + QuestionId - OPTION_DEL_DB_QUESTION_ID + ); + } else if ((QuestionId >= OPTION_SIGNATURE_LIST_QUESTION_ID) && + (QuestionId < (OPTION_SIGNATURE_LIST_QUESTION_ID + OPTION_CONFIG_RANGE))) { + LoadSignatureData ( + Private, + LABEL_SIGNATURE_DATA_START, + SECUREBOOT_DELETE_SIGNATURE_DATA_FORM, + OPTION_SIGNATURE_DATA_QUESTION_ID, + QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID + ); + Private->ListIndex = QuestionId - OPTION_SIGNATURE_LIST_QUESTION_ID; + } else if ((QuestionId >= OPTION_SIGNATURE_DATA_QUESTION_ID) && + (QuestionId < (OPTION_SIGNATURE_DATA_QUESTION_ID + OPTION_CONFIG_RANGE))) { + if (Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID]) { + IfrNvData->CheckedDataCount--; + Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = FALSE; + } else { + IfrNvData->CheckedDataCount++; + Private->CheckArray[QuestionId - OPTION_SIGNATURE_DATA_QUESTION_ID] = TRUE; + } + } else if ((QuestionId >= OPTION_DEL_DBT_QUESTION_ID) && + (QuestionId < (OPTION_DEL_DBT_QUESTION_ID + OPTION_CONFIG_RANGE))) { + DeleteSignature ( + Private, + EFI_IMAGE_SECURITY_DATABASE2, + &gEfiImageSecurityDatabaseGuid, + LABEL_DBT_DELETE, + SECUREBOOT_DELETE_SIGNATURE_FROM_DBT, + OPTION_DEL_DBT_QUESTION_ID, + QuestionId - OPTION_DEL_DBT_QUESTION_ID + ); + } + break; + + case KEY_VALUE_NO_SAVE_AND_EXIT_PK: + case KEY_VALUE_NO_SAVE_AND_EXIT_KEK: + case KEY_VALUE_NO_SAVE_AND_EXIT_DB: + case KEY_VALUE_NO_SAVE_AND_EXIT_DBX: + case KEY_VALUE_NO_SAVE_AND_EXIT_DBT: + CloseEnrolledFile(Private->FileContext); + + if (Private->SignatureGUID != NULL) { + FreePool (Private->SignatureGUID); + Private->SignatureGUID = NULL; + } + break; + } + } else if (Action == EFI_BROWSER_ACTION_CHANGED) { + switch (QuestionId) { + case KEY_SECURE_BOOT_ENABLE: + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + break; + case KEY_SECURE_BOOT_MODE: + mIsEnterSecureBootForm = FALSE; + break; + case KEY_SECURE_BOOT_KEK_GUID: + case KEY_SECURE_BOOT_SIGNATURE_GUID_DB: + case KEY_SECURE_BOOT_SIGNATURE_GUID_DBX: + case KEY_SECURE_BOOT_SIGNATURE_GUID_DBT: + ASSERT (Private->SignatureGUID != NULL); + RStatus = StrToGuid (IfrNvData->SignatureGuid, Private->SignatureGUID); + if (RETURN_ERROR (RStatus) || (IfrNvData->SignatureGuid[GUID_STRING_LENGTH] != L'\0')) { + Status = EFI_INVALID_PARAMETER; + break; + } + + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + break; + case KEY_SECURE_BOOT_DELETE_PK: + GetVariable2 (EFI_SETUP_MODE_NAME, &gEfiGlobalVariableGuid, (VOID**)&SetupMode, NULL); + if (SetupMode == NULL || (*SetupMode) == SETUP_MODE) { + IfrNvData->DeletePk = TRUE; + IfrNvData->HasPk = FALSE; + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_SUBMIT; + } else { + IfrNvData->DeletePk = FALSE; + IfrNvData->HasPk = TRUE; + *ActionRequest = EFI_BROWSER_ACTION_REQUEST_FORM_APPLY; + } + if (SetupMode != NULL) { + FreePool (SetupMode); + } + break; + default: + break; + } + } else if (Action == EFI_BROWSER_ACTION_DEFAULT_STANDARD) { + if (QuestionId == KEY_HIDE_SECURE_BOOT) { + GetVariable2 (EFI_PLATFORM_KEY_NAME, &gEfiGlobalVariableGuid, (VOID**)&Pk, NULL); + if (Pk == NULL) { + IfrNvData->HideSecureBoot = TRUE; + } else { + FreePool (Pk); + IfrNvData->HideSecureBoot = FALSE; + } + Value->b = IfrNvData->HideSecureBoot; + } + } else if (Action == EFI_BROWSER_ACTION_FORM_CLOSE) { + // + // Force the platform back to Standard Mode once user leave the setup screen. + // + GetVariable2 (EFI_CUSTOM_MODE_NAME, &gEfiCustomModeEnableGuid, (VOID**)&SecureBootMode, NULL); + if (NULL != SecureBootMode && *SecureBootMode == CUSTOM_SECURE_BOOT_MODE) { + IfrNvData->SecureBootMode = STANDARD_SECURE_BOOT_MODE; + SetSecureBootMode(STANDARD_SECURE_BOOT_MODE); + } + if (SecureBootMode != NULL) { + FreePool (SecureBootMode); + } + + if (QuestionId == KEY_SECURE_BOOT_DELETE_ALL_DATA) { + // + // Free memory when exit from the SECUREBOOT_DELETE_SIGNATURE_DATA_FORM form. + // + SECUREBOOT_FREE_NON_NULL (Private->CheckArray); + IfrNvData->CheckedDataCount = 0; + } + } + +EXIT: + + if (!EFI_ERROR (Status) && GetBrowserDataResult) { + BufferSize = sizeof (SECUREBOOT_CONFIGURATION); + HiiSetBrowserData (&gSecureBootConfigFormSetGuid, mSecureBootStorageName, BufferSize, (UINT8*) IfrNvData, NULL); + } + + FreePool (IfrNvData); + + if (File != NULL){ + FreePool(File); + File = NULL; + } + + return EFI_SUCCESS; +} + +/** + This function publish the SecureBoot configuration Form. + + @param[in, out] PrivateData Points to SecureBoot configuration private data. + + @retval EFI_SUCCESS HII Form is installed successfully. + @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +InstallSecureBootConfigForm ( + IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + EFI_STATUS Status; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; + + DriverHandle = NULL; + ConfigAccess = &PrivateData->ConfigAccess; + Status = gBS->InstallMultipleProtocolInterfaces ( + &DriverHandle, + &gEfiDevicePathProtocolGuid, + &mSecureBootHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); + if (EFI_ERROR (Status)) { + return Status; + } + + PrivateData->DriverHandle = DriverHandle; + + // + // Publish the HII package list + // + HiiHandle = HiiAddPackages ( + &gSecureBootConfigFormSetGuid, + DriverHandle, + SecureBootConfigDxeStrings, + SecureBootConfigBin, + NULL + ); + if (HiiHandle == NULL) { + gBS->UninstallMultipleProtocolInterfaces ( + DriverHandle, + &gEfiDevicePathProtocolGuid, + &mSecureBootHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + ConfigAccess, + NULL + ); + return EFI_OUT_OF_RESOURCES; + } + + PrivateData->HiiHandle = HiiHandle; + + PrivateData->FileContext = AllocateZeroPool (sizeof (SECUREBOOT_FILE_CONTEXT)); + + if (PrivateData->FileContext == NULL) { + UninstallSecureBootConfigForm (PrivateData); + return EFI_OUT_OF_RESOURCES; + } + + // + // Init OpCode Handle and Allocate space for creation of Buffer + // + mStartOpCodeHandle = HiiAllocateOpCodeHandle (); + if (mStartOpCodeHandle == NULL) { + UninstallSecureBootConfigForm (PrivateData); + return EFI_OUT_OF_RESOURCES; + } + + mEndOpCodeHandle = HiiAllocateOpCodeHandle (); + if (mEndOpCodeHandle == NULL) { + UninstallSecureBootConfigForm (PrivateData); + return EFI_OUT_OF_RESOURCES; + } + + // + // Create Hii Extend Label OpCode as the start opcode + // + mStartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + mStartOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + mStartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + + // + // Create Hii Extend Label OpCode as the end opcode + // + mEndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( + mEndOpCodeHandle, + &gEfiIfrTianoGuid, + NULL, + sizeof (EFI_IFR_GUID_LABEL) + ); + mEndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; + mEndLabel->Number = LABEL_END; + + return EFI_SUCCESS; +} + +/** + This function removes SecureBoot configuration Form. + + @param[in, out] PrivateData Points to SecureBoot configuration private data. + +**/ +VOID +UninstallSecureBootConfigForm ( + IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData + ) +{ + // + // Uninstall HII package list + // + if (PrivateData->HiiHandle != NULL) { + HiiRemovePackages (PrivateData->HiiHandle); + PrivateData->HiiHandle = NULL; + } + + // + // Uninstall HII Config Access Protocol + // + if (PrivateData->DriverHandle != NULL) { + gBS->UninstallMultipleProtocolInterfaces ( + PrivateData->DriverHandle, + &gEfiDevicePathProtocolGuid, + &mSecureBootHiiVendorDevicePath, + &gEfiHiiConfigAccessProtocolGuid, + &PrivateData->ConfigAccess, + NULL + ); + PrivateData->DriverHandle = NULL; + } + + if (PrivateData->SignatureGUID != NULL) { + FreePool (PrivateData->SignatureGUID); + } + + if (PrivateData->FileContext != NULL) { + FreePool (PrivateData->FileContext); + } + + FreePool (PrivateData); + + if (mStartOpCodeHandle != NULL) { + HiiFreeOpCodeHandle (mStartOpCodeHandle); + } + + if (mEndOpCodeHandle != NULL) { + HiiFreeOpCodeHandle (mEndOpCodeHandle); + } +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h new file mode 100644 index 00000000..d021ec8f --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.h @@ -0,0 +1,617 @@ +/** @file + The header file of HII Config Access protocol implementation of SecureBoot + configuration module. + +Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SECUREBOOT_CONFIG_IMPL_H__ +#define __SECUREBOOT_CONFIG_IMPL_H__ + +#include <Uefi.h> + +#include <Protocol/HiiConfigAccess.h> +#include <Protocol/HiiConfigRouting.h> +#include <Protocol/SimpleFileSystem.h> +#include <Protocol/BlockIo.h> +#include <Protocol/DevicePath.h> +#include <Protocol/DebugPort.h> +#include <Protocol/LoadFile.h> + +#include <Library/BaseLib.h> +#include <Library/BaseMemoryLib.h> +#include <Library/DebugLib.h> +#include <Library/MemoryAllocationLib.h> +#include <Library/UefiBootServicesTableLib.h> +#include <Library/UefiRuntimeServicesTableLib.h> +#include <Library/UefiHiiServicesLib.h> +#include <Library/UefiLib.h> +#include <Library/HiiLib.h> +#include <Library/DevicePathLib.h> +#include <Library/PrintLib.h> +#include <Library/PlatformSecureLib.h> +#include <Library/BaseCryptLib.h> +#include <Library/FileExplorerLib.h> +#include <Library/PeCoffLib.h> + +#include <Guid/MdeModuleHii.h> +#include <Guid/AuthenticatedVariableFormat.h> +#include <Guid/FileSystemVolumeLabelInfo.h> +#include <Guid/ImageAuthentication.h> +#include <Guid/FileInfo.h> +#include <Guid/WinCertificate.h> + +#include "SecureBootConfigNvData.h" + +// +// Tool generated IFR binary data and String package data +// +extern UINT8 SecureBootConfigBin[]; +extern UINT8 SecureBootConfigDxeStrings[]; + +// +// Shared IFR form update data +// +extern VOID *mStartOpCodeHandle; +extern VOID *mEndOpCodeHandle; +extern EFI_IFR_GUID_LABEL *mStartLabel; +extern EFI_IFR_GUID_LABEL *mEndLabel; + +#define MAX_CHAR 480 +#define TWO_BYTE_ENCODE 0x82 +#define BUFFER_MAX_SIZE 100 + +// +// SHA-256 digest size in bytes +// +#define SHA256_DIGEST_SIZE 32 +// +// SHA-384 digest size in bytes +// +#define SHA384_DIGEST_SIZE 48 +// +// SHA-512 digest size in bytes +// +#define SHA512_DIGEST_SIZE 64 + +// +// Set max digest size as SHA512 Output (64 bytes) by far +// +#define MAX_DIGEST_SIZE SHA512_DIGEST_SIZE + +#define WIN_CERT_UEFI_RSA2048_SIZE 256 + +// +// Support hash types +// +#define HASHALG_SHA224 0x00000000 +#define HASHALG_SHA256 0x00000001 +#define HASHALG_SHA384 0x00000002 +#define HASHALG_SHA512 0x00000003 +#define HASHALG_RAW 0x00000004 +#define HASHALG_MAX 0x00000004 + +// +// Certificate public key minimum size (bytes) +// +#define CER_PUBKEY_MIN_SIZE 256 + +// +// Types of errors may occur during certificate enrollment. +// +typedef enum { + None_Error = 0, + // + // Unsupported_type indicates the certificate type is not supported. + // + Unsupported_Type, + // + // Unqualified_key indicates the key strength of certificate is not + // strong enough. + // + Unqualified_Key, + Enroll_Error_Max +}ENROLL_KEY_ERROR; + +typedef struct { + UINTN Signature; + LIST_ENTRY Head; + UINTN MenuNumber; +} SECUREBOOT_MENU_OPTION; + +typedef struct { + EFI_FILE_HANDLE FHandle; + UINT16 *FileName; + UINT8 FileType; +} SECUREBOOT_FILE_CONTEXT; + +#define SECUREBOOT_FREE_NON_NULL(Pointer) \ + do { \ + if ((Pointer) != NULL) { \ + FreePool((Pointer)); \ + (Pointer) = NULL; \ + } \ + } while (FALSE) + +#define SECUREBOOT_FREE_NON_OPCODE(Handle) \ + do{ \ + if ((Handle) != NULL) { \ + HiiFreeOpCodeHandle((Handle)); \ + } \ + } while (FALSE) + +#define SIGNATURE_DATA_COUNTS(List) \ + (((List)->SignatureListSize - sizeof(EFI_SIGNATURE_LIST) - (List)->SignatureHeaderSize) / (List)->SignatureSize) + +// +// We define another format of 5th directory entry: security directory +// +typedef struct { + UINT32 Offset; // Offset of certificate + UINT32 SizeOfCert; // size of certificate appended +} EFI_IMAGE_SECURITY_DATA_DIRECTORY; + +typedef enum{ + ImageType_IA32, + ImageType_X64 +} IMAGE_TYPE; + +/// +/// HII specific Vendor Device Path definition. +/// +typedef struct { + VENDOR_DEVICE_PATH VendorDevicePath; + EFI_DEVICE_PATH_PROTOCOL End; +} HII_VENDOR_DEVICE_PATH; + +typedef enum { + Variable_DB, + Variable_DBX, + Variable_DBT, + Variable_MAX +} CURRENT_VARIABLE_NAME; + +typedef enum { + Delete_Signature_List_All, + Delete_Signature_List_One, + Delete_Signature_Data +}SIGNATURE_DELETE_TYPE; + +typedef struct { + UINTN Signature; + + EFI_HII_CONFIG_ACCESS_PROTOCOL ConfigAccess; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + + SECUREBOOT_FILE_CONTEXT *FileContext; + + EFI_GUID *SignatureGUID; + + CURRENT_VARIABLE_NAME VariableName; // The variable name we are processing. + UINT32 ListCount; // Record current variable has how many signature list. + UINTN ListIndex; // Record which signature list is processing. + BOOLEAN *CheckArray; // Record which signature data checked. +} SECUREBOOT_CONFIG_PRIVATE_DATA; + +extern SECUREBOOT_CONFIG_PRIVATE_DATA mSecureBootConfigPrivateDateTemplate; +extern SECUREBOOT_CONFIG_PRIVATE_DATA *gSecureBootPrivateData; + +#define SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE SIGNATURE_32 ('S', 'E', 'C', 'B') +#define SECUREBOOT_CONFIG_PRIVATE_FROM_THIS(a) CR (a, SECUREBOOT_CONFIG_PRIVATE_DATA, ConfigAccess, SECUREBOOT_CONFIG_PRIVATE_DATA_SIGNATURE) + +// +// Cryptographic Key Information +// +#pragma pack(1) +typedef struct _CPL_KEY_INFO { + UINT32 KeyLengthInBits; // Key Length In Bits + UINT32 BlockSize; // Operation Block Size in Bytes + UINT32 CipherBlockSize; // Output Cipher Block Size in Bytes + UINT32 KeyType; // Key Type + UINT32 CipherMode; // Cipher Mode for Symmetric Algorithm + UINT32 Flags; // Additional Key Property Flags +} CPL_KEY_INFO; +#pragma pack() + + +/** + Retrieves the size, in bytes, of the context buffer required for hash operations. + + @return The size, in bytes, of the context buffer required for hash operations. + +**/ +typedef +EFI_STATUS +(EFIAPI *HASH_GET_CONTEXT_SIZE)( + VOID + ); + +/** + Initializes user-supplied memory pointed by HashContext as hash context for + subsequent use. + + If HashContext is NULL, then ASSERT(). + + @param[in, out] HashContext Pointer to Context being initialized. + + @retval TRUE HASH context initialization succeeded. + @retval FALSE HASH context initialization failed. + +**/ +typedef +BOOLEAN +(EFIAPI *HASH_INIT)( + IN OUT VOID *HashContext + ); + + +/** + Performs digest on a data buffer of the specified length. This function can + be called multiple times to compute the digest of long or discontinuous data streams. + + If HashContext is NULL, then ASSERT(). + + @param[in, out] HashContext Pointer to the MD5 context. + @param[in] Data Pointer to the buffer containing the data to be hashed. + @param[in] DataLength Length of Data buffer in bytes. + + @retval TRUE HASH data digest succeeded. + @retval FALSE Invalid HASH context. After HashFinal function has been called, the + HASH context cannot be reused. + +**/ +typedef +BOOLEAN +(EFIAPI *HASH_UPDATE)( + IN OUT VOID *HashContext, + IN CONST VOID *Data, + IN UINTN DataLength + ); + +/** + Completes hash computation and retrieves the digest value into the specified + memory. After this function has been called, the context cannot be used again. + + If HashContext is NULL, then ASSERT(). + If HashValue is NULL, then ASSERT(). + + @param[in, out] HashContext Pointer to the MD5 context + @param[out] HashValue Pointer to a buffer that receives the HASH digest + value (16 bytes). + + @retval TRUE HASH digest computation succeeded. + @retval FALSE HASH digest computation failed. + +**/ +typedef +BOOLEAN +(EFIAPI *HASH_FINAL)( + IN OUT VOID *HashContext, + OUT UINT8 *HashValue + ); + +// +// Hash Algorithm Table +// +typedef struct { + CHAR16 *Name; ///< Name for Hash Algorithm + UINTN DigestLength; ///< Digest Length + UINT8 *OidValue; ///< Hash Algorithm OID ASN.1 Value + UINTN OidLength; ///< Length of Hash OID Value + HASH_GET_CONTEXT_SIZE GetContextSize; ///< Pointer to Hash GetContentSize function + HASH_INIT HashInit; ///< Pointer to Hash Init function + HASH_UPDATE HashUpdate; ///< Pointer to Hash Update function + HASH_FINAL HashFinal; ///< Pointer to Hash Final function +} HASH_TABLE; + +typedef struct { + WIN_CERTIFICATE Hdr; + UINT8 CertData[1]; +} WIN_CERTIFICATE_EFI_PKCS; + + +/** + This function publish the SecureBoot configuration Form. + + @param[in, out] PrivateData Points to SecureBoot configuration private data. + + @retval EFI_SUCCESS HII Form is installed successfully. + @retval EFI_OUT_OF_RESOURCES Not enough resource for HII Form installation. + @retval Others Other errors as indicated. + +**/ +EFI_STATUS +InstallSecureBootConfigForm ( + IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData + ); + + +/** + This function removes SecureBoot configuration Form. + + @param[in, out] PrivateData Points to SecureBoot configuration private data. + +**/ +VOID +UninstallSecureBootConfigForm ( + IN OUT SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData + ); + + +/** + This function allows a caller to extract the current configuration for one + or more named elements from the target driver. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Request A null-terminated Unicode string in + <ConfigRequest> format. + @param[out] Progress On return, points to a character in the Request + string. Points to the string's null terminator if + request was successful. Points to the most recent + '&' before the first failing name/value pair (or + the beginning of the string if the failure is in + the first name/value pair) if the request was not + successful. + @param[out] Results A null-terminated Unicode string in + <ConfigAltResp> format which has all values filled + in for the names in the Request string. String to + be allocated by the called function. + + @retval EFI_SUCCESS The Results is filled with the requested values. + @retval EFI_OUT_OF_RESOURCES Not enough memory to store the results. + @retval EFI_INVALID_PARAMETER Request is illegal syntax, or unknown name. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +SecureBootExtractConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Request, + OUT EFI_STRING *Progress, + OUT EFI_STRING *Results + ); + + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Configuration A null-terminated Unicode string in <ConfigResp> + format. + @param[out] Progress A pointer to a string filled in with the offset of + the most recent '&' before the first failing + name/value pair (or the beginning of the string if + the failure is in the first name/value pair) or + the terminating NULL if all was successful. + + @retval EFI_SUCCESS The Results is processed successfully. + @retval EFI_INVALID_PARAMETER Configuration is NULL. + @retval EFI_NOT_FOUND Routing data doesn't match any storage in this + driver. + +**/ +EFI_STATUS +EFIAPI +SecureBootRouteConfig ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN CONST EFI_STRING Configuration, + OUT EFI_STRING *Progress + ); + + +/** + This function processes the results of changes in configuration. + + @param[in] This Points to the EFI_HII_CONFIG_ACCESS_PROTOCOL. + @param[in] Action Specifies the type of action taken by the browser. + @param[in] QuestionId A unique value which is sent to the original + exporting driver so that it can identify the type + of data to expect. + @param[in] Type The type of value for the question. + @param[in] Value A pointer to the data being sent to the original + exporting driver. + @param[out] ActionRequest On return, points to the action requested by the + callback function. + + @retval EFI_SUCCESS The callback successfully handled the action. + @retval EFI_OUT_OF_RESOURCES Not enough storage is available to hold the + variable and its data. + @retval EFI_DEVICE_ERROR The variable could not be saved. + @retval EFI_UNSUPPORTED The specified Action is not supported by the + callback. + +**/ +EFI_STATUS +EFIAPI +SecureBootCallback ( + IN CONST EFI_HII_CONFIG_ACCESS_PROTOCOL *This, + IN EFI_BROWSER_ACTION Action, + IN EFI_QUESTION_ID QuestionId, + IN UINT8 Type, + IN EFI_IFR_TYPE_VALUE *Value, + OUT EFI_BROWSER_ACTION_REQUEST *ActionRequest + ); + + +/** + This function converts an input device structure to a Unicode string. + + @param[in] DevPath A pointer to the device path structure. + + @return A new allocated Unicode string that represents the device path. + +**/ +CHAR16 * +EFIAPI +DevicePathToStr ( + IN EFI_DEVICE_PATH_PROTOCOL *DevPath + ); + + +/** + Clean up the dynamic opcode at label and form specified by both LabelId. + + @param[in] LabelId It is both the Form ID and Label ID for opcode deletion. + @param[in] PrivateData Module private data. + +**/ +VOID +CleanUpPage ( + IN UINT16 LabelId, + IN SECUREBOOT_CONFIG_PRIVATE_DATA *PrivateData + ); + + +/** + Read file content into BufferPtr, the size of the allocate buffer + is *FileSize plus AdditionAllocateSize. + + @param[in] FileHandle The file to be read. + @param[in, out] BufferPtr Pointers to the pointer of allocated buffer. + @param[out] FileSize Size of input file + @param[in] AdditionAllocateSize Addition size the buffer need to be allocated. + In case the buffer need to contain others besides the file content. + + @retval EFI_SUCCESS The file was read into the buffer. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_OUT_OF_RESOURCES A memory allocation failed. + @retval others Unexpected error. + +**/ +EFI_STATUS +ReadFileContent ( + IN EFI_FILE_HANDLE FileHandle, + IN OUT VOID **BufferPtr, + OUT UINTN *FileSize, + IN UINTN AdditionAllocateSize + ); + + +/** + Close an open file handle. + + @param[in] FileHandle The file handle to close. + +**/ +VOID +CloseFile ( + IN EFI_FILE_HANDLE FileHandle + ); + + +/** + Converts a nonnegative integer to an octet string of a specified length. + + @param[in] Integer Pointer to the nonnegative integer to be converted + @param[in] IntSizeInWords Length of integer buffer in words + @param[out] OctetString Converted octet string of the specified length + @param[in] OSSizeInBytes Intended length of resulting octet string in bytes + +Returns: + + @retval EFI_SUCCESS Data conversion successfully + @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string + +**/ +EFI_STATUS +EFIAPI +Int2OctStr ( + IN CONST UINTN *Integer, + IN UINTN IntSizeInWords, + OUT UINT8 *OctetString, + IN UINTN OSSizeInBytes + ); + +/** + Worker function that prints an EFI_GUID into specified Buffer. + + @param[in] Guid Pointer to GUID to print. + @param[in] Buffer Buffer to print Guid into. + @param[in] BufferSize Size of Buffer. + + @retval Number of characters printed. + +**/ +UINTN +GuidToString ( + IN EFI_GUID *Guid, + IN CHAR16 *Buffer, + IN UINTN BufferSize + ); + +/** + Update the PK form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +EFIAPI +UpdatePKFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ); + +/** + Update the KEK form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +EFIAPI +UpdateKEKFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ); + +/** + Update the DB form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +EFIAPI +UpdateDBFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ); + +/** + Update the DBX form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +EFIAPI +UpdateDBXFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ); + +/** + Update the DBT form base on the input file path info. + + @param FilePath Point to the file path. + + @retval TRUE Exit caller function. + @retval FALSE Not exit caller function. +**/ +BOOLEAN +EFIAPI +UpdateDBTFromFile ( + IN EFI_DEVICE_PATH_PROTOCOL *FilePath + ); + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c new file mode 100644 index 00000000..cafb1a4c --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigMisc.c @@ -0,0 +1,189 @@ +/** @file + Helper functions for SecureBoot configuration module. + +Copyright (c) 2015 - 2018, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include "SecureBootConfigImpl.h" + +/** + Read file content into BufferPtr, the size of the allocate buffer + is *FileSize plus AdditionAllocateSize. + + @param[in] FileHandle The file to be read. + @param[in, out] BufferPtr Pointers to the pointer of allocated buffer. + @param[out] FileSize Size of input file + @param[in] AdditionAllocateSize Addition size the buffer need to be allocated. + In case the buffer need to contain others besides the file content. + + @retval EFI_SUCCESS The file was read into the buffer. + @retval EFI_INVALID_PARAMETER A parameter was invalid. + @retval EFI_OUT_OF_RESOURCES A memory allocation failed. + @retval others Unexpected error. + +**/ +EFI_STATUS +ReadFileContent ( + IN EFI_FILE_HANDLE FileHandle, + IN OUT VOID **BufferPtr, + OUT UINTN *FileSize, + IN UINTN AdditionAllocateSize + ) + +{ + UINTN BufferSize; + UINT64 SourceFileSize; + VOID *Buffer; + EFI_STATUS Status; + + if ((FileHandle == NULL) || (FileSize == NULL)) { + return EFI_INVALID_PARAMETER; + } + + Buffer = NULL; + + // + // Get the file size + // + Status = FileHandle->SetPosition (FileHandle, (UINT64) -1); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + Status = FileHandle->GetPosition (FileHandle, &SourceFileSize); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + Status = FileHandle->SetPosition (FileHandle, 0); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + BufferSize = (UINTN) SourceFileSize + AdditionAllocateSize; + Buffer = AllocateZeroPool(BufferSize); + if (Buffer == NULL) { + return EFI_OUT_OF_RESOURCES; + } + + BufferSize = (UINTN) SourceFileSize; + *FileSize = BufferSize; + + Status = FileHandle->Read (FileHandle, &BufferSize, Buffer); + if (EFI_ERROR (Status) || BufferSize != *FileSize) { + FreePool (Buffer); + Buffer = NULL; + Status = EFI_BAD_BUFFER_SIZE; + goto ON_EXIT; + } + +ON_EXIT: + + *BufferPtr = Buffer; + return Status; +} + +/** + Close an open file handle. + + @param[in] FileHandle The file handle to close. + +**/ +VOID +CloseFile ( + IN EFI_FILE_HANDLE FileHandle + ) +{ + if (FileHandle != NULL) { + FileHandle->Close (FileHandle); + } +} + +/** + Convert a nonnegative integer to an octet string of a specified length. + + @param[in] Integer Pointer to the nonnegative integer to be converted + @param[in] IntSizeInWords Length of integer buffer in words + @param[out] OctetString Converted octet string of the specified length + @param[in] OSSizeInBytes Intended length of resulting octet string in bytes + +Returns: + + @retval EFI_SUCCESS Data conversion successfully + @retval EFI_BUFFER_TOOL_SMALL Buffer is too small for output string + +**/ +EFI_STATUS +EFIAPI +Int2OctStr ( + IN CONST UINTN *Integer, + IN UINTN IntSizeInWords, + OUT UINT8 *OctetString, + IN UINTN OSSizeInBytes + ) +{ + CONST UINT8 *Ptr1; + UINT8 *Ptr2; + + for (Ptr1 = (CONST UINT8 *)Integer, Ptr2 = OctetString + OSSizeInBytes - 1; + Ptr1 < (UINT8 *)(Integer + IntSizeInWords) && Ptr2 >= OctetString; + Ptr1++, Ptr2--) { + *Ptr2 = *Ptr1; + } + + for (; Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords) && *Ptr1 == 0; Ptr1++); + + if (Ptr1 < (CONST UINT8 *)(Integer + IntSizeInWords)) { + return EFI_BUFFER_TOO_SMALL; + } + + if (Ptr2 >= OctetString) { + ZeroMem (OctetString, Ptr2 - OctetString + 1); + } + + return EFI_SUCCESS; +} + +/** + Worker function that prints an EFI_GUID into specified Buffer. + + @param[in] Guid Pointer to GUID to print. + @param[in] Buffer Buffer to print Guid into. + @param[in] BufferSize Size of Buffer. + + @retval Number of characters printed. + +**/ +UINTN +GuidToString ( + IN EFI_GUID *Guid, + IN CHAR16 *Buffer, + IN UINTN BufferSize + ) +{ + UINTN Size; + + Size = UnicodeSPrint ( + Buffer, + BufferSize, + L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + (UINTN)Guid->Data1, + (UINTN)Guid->Data2, + (UINTN)Guid->Data3, + (UINTN)Guid->Data4[0], + (UINTN)Guid->Data4[1], + (UINTN)Guid->Data4[2], + (UINTN)Guid->Data4[3], + (UINTN)Guid->Data4[4], + (UINTN)Guid->Data4[5], + (UINTN)Guid->Data4[6], + (UINTN)Guid->Data4[7] + ); + + // + // SPrint will null terminate the string. The -1 skips the null + // + return Size - 1; +} diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h new file mode 100644 index 00000000..1f56754d --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigNvData.h @@ -0,0 +1,140 @@ +/** @file + Header file for NV data structure definition. + +Copyright (c) 2011 - 2017, Intel Corporation. All rights reserved.<BR> +SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef __SECUREBOOT_CONFIG_NV_DATA_H__ +#define __SECUREBOOT_CONFIG_NV_DATA_H__ + +#include <Guid/HiiPlatformSetupFormset.h> +#include <Guid/SecureBootConfigHii.h> + +// +// Used by VFR for form or button identification +// +#define SECUREBOOT_CONFIGURATION_VARSTORE_ID 0x0001 +#define SECUREBOOT_CONFIGURATION_FORM_ID 0x01 +#define FORMID_SECURE_BOOT_OPTION_FORM 0x02 +#define FORMID_SECURE_BOOT_PK_OPTION_FORM 0x03 +#define FORMID_SECURE_BOOT_KEK_OPTION_FORM 0x04 +#define FORMID_SECURE_BOOT_DB_OPTION_FORM 0x05 +#define FORMID_SECURE_BOOT_DBX_OPTION_FORM 0x06 +#define FORMID_ENROLL_PK_FORM 0x07 +#define SECUREBOOT_ADD_PK_FILE_FORM_ID 0x08 +#define FORMID_ENROLL_KEK_FORM 0x09 +#define FORMID_DELETE_KEK_FORM 0x0a +#define SECUREBOOT_ENROLL_SIGNATURE_TO_DB 0x0b +#define SECUREBOOT_DELETE_SIGNATURE_FROM_DB 0x0c +#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBX 0x0d +#define FORMID_SECURE_BOOT_DBT_OPTION_FORM 0x14 +#define SECUREBOOT_ENROLL_SIGNATURE_TO_DBT 0x15 +#define SECUREBOOT_DELETE_SIGNATURE_FROM_DBT 0x16 +#define SECUREBOOT_DELETE_SIGNATURE_LIST_FORM 0x17 +#define SECUREBOOT_DELETE_SIGNATURE_DATA_FORM 0x18 + +#define SECURE_BOOT_MODE_CUSTOM 0x01 +#define SECURE_BOOT_MODE_STANDARD 0x00 + +#define KEY_SECURE_BOOT_ENABLE 0x1000 +#define KEY_SECURE_BOOT_MODE 0x1001 +#define KEY_VALUE_SAVE_AND_EXIT_DB 0x1002 +#define KEY_VALUE_NO_SAVE_AND_EXIT_DB 0x1003 +#define KEY_VALUE_SAVE_AND_EXIT_PK 0x1004 +#define KEY_VALUE_NO_SAVE_AND_EXIT_PK 0x1005 +#define KEY_VALUE_SAVE_AND_EXIT_KEK 0x1008 +#define KEY_VALUE_NO_SAVE_AND_EXIT_KEK 0x1009 +#define KEY_VALUE_SAVE_AND_EXIT_DBX 0x100a +#define KEY_VALUE_NO_SAVE_AND_EXIT_DBX 0x100b +#define KEY_HIDE_SECURE_BOOT 0x100c +#define KEY_VALUE_SAVE_AND_EXIT_DBT 0x100d +#define KEY_VALUE_NO_SAVE_AND_EXIT_DBT 0x100e + +#define KEY_VALUE_FROM_DBX_TO_LIST_FORM 0x100f + +#define KEY_SECURE_BOOT_OPTION 0x1100 +#define KEY_SECURE_BOOT_PK_OPTION 0x1101 +#define KEY_SECURE_BOOT_KEK_OPTION 0x1102 +#define KEY_SECURE_BOOT_DB_OPTION 0x1103 +#define KEY_SECURE_BOOT_DBX_OPTION 0x1104 +#define KEY_SECURE_BOOT_DELETE_PK 0x1105 +#define KEY_ENROLL_PK 0x1106 +#define KEY_ENROLL_KEK 0x1107 +#define KEY_DELETE_KEK 0x1108 +#define KEY_SECURE_BOOT_KEK_GUID 0x110a +#define KEY_SECURE_BOOT_SIGNATURE_GUID_DB 0x110b +#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBX 0x110c +#define KEY_SECURE_BOOT_DBT_OPTION 0x110d +#define KEY_SECURE_BOOT_SIGNATURE_GUID_DBT 0x110e +#define KEY_SECURE_BOOT_DELETE_ALL_LIST 0x110f +#define KEY_SECURE_BOOT_DELETE_ALL_DATA 0x1110 +#define KEY_SECURE_BOOT_DELETE_CHECK_DATA 0x1111 + +#define LABEL_KEK_DELETE 0x1200 +#define LABEL_DB_DELETE 0x1201 +#define LABEL_SIGNATURE_LIST_START 0x1202 +#define LABEL_DBT_DELETE 0x1203 +#define LABEL_SIGNATURE_DATA_START 0x1204 +#define LABEL_DELETE_ALL_LIST_BUTTON 0x1300 +#define LABEL_END 0xffff + +#define SECURE_BOOT_MAX_ATTEMPTS_NUM 255 + +#define CONFIG_OPTION_OFFSET 0x2000 + +#define OPTION_CONFIG_QUESTION_ID 0x2000 +#define OPTION_CONFIG_RANGE 0x1000 + +// +// Question ID 0x2000 ~ 0x2FFF is for KEK +// +#define OPTION_DEL_KEK_QUESTION_ID 0x2000 +// +// Question ID 0x3000 ~ 0x3FFF is for DB +// +#define OPTION_DEL_DB_QUESTION_ID 0x3000 +// +// Question ID 0x4000 ~ 0x4FFF is for signature list. +// +#define OPTION_SIGNATURE_LIST_QUESTION_ID 0X4000 +// +// Question ID 0x6000 ~ 0x6FFF is for signature data. +// +#define OPTION_SIGNATURE_DATA_QUESTION_ID 0x6000 + +// +// Question ID 0x5000 ~ 0x5FFF is for DBT +// +#define OPTION_DEL_DBT_QUESTION_ID 0x5000 + +#define SECURE_BOOT_GUID_SIZE 36 +#define SECURE_BOOT_GUID_STORAGE_SIZE 37 + +#define UNKNOWN_FILE_TYPE 0 +#define X509_CERT_FILE_TYPE 1 +#define PE_IMAGE_FILE_TYPE 2 +#define AUTHENTICATION_2_FILE_TYPE 3 + +// +// Nv Data structure referenced by IFR +// +typedef struct { + BOOLEAN AttemptSecureBoot; // Attempt to enable/disable Secure Boot + BOOLEAN HideSecureBoot; // Hidden Attempt Secure Boot + CHAR16 SignatureGuid[SECURE_BOOT_GUID_STORAGE_SIZE]; + BOOLEAN PhysicalPresent; // If a Physical Present User + UINT8 SecureBootMode; // Secure Boot Mode: Standard Or Custom + BOOLEAN DeletePk; + BOOLEAN HasPk; // If Pk is existed it is true + BOOLEAN AlwaysRevocation; // If the certificate is always revoked. Revocation time is hidden + UINT8 CertificateFormat; // The type of the certificate + EFI_HII_DATE RevocationDate; // The revocation date of the certificate + EFI_HII_TIME RevocationTime; // The revocation time of the certificate + UINT8 FileEnrollType; // File type of signature enroll + UINT32 ListCount; // The count of signature list. + UINT32 CheckedDataCount; // The count of checked signature data. +} SECUREBOOT_CONFIGURATION; + +#endif diff --git a/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni new file mode 100644 index 00000000..ac783453 --- /dev/null +++ b/src/VBox/Devices/EFI/Firmware/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigStrings.uni @@ -0,0 +1,136 @@ +/** @file
+ String definitions for Secure Boot Configuration form.
+
+Copyright (c) 2011 - 2018, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#langdef en-US "English"
+
+#string STR_SECUREBOOT_TITLE #language en-US "Secure Boot Configuration"
+#string STR_SECUREBOOT_HELP #language en-US "Press <Enter> to select Secure Boot options."
+
+#string STR_NULL #language en-US ""
+#string STR_DBX_SUBTITLE_TEXT #language en-US ""
+
+#string STR_SECURE_BOOT_STATE_PROMPT #language en-US "Current Secure Boot State"
+#string STR_SECURE_BOOT_STATE_HELP #language en-US "Current Secure Boot state: enabled or disabled."
+#string STR_SECURE_BOOT_STATE_CONTENT #language en-US " "
+
+#string STR_SECURE_BOOT_PROMPT #language en-US "Attempt Secure Boot"
+#string STR_SECURE_BOOT_HELP #language en-US "Enable/Disable the Secure Boot feature after platform reset"
+
+#string STR_SECURE_BOOT_ENROLL_SIGNATURE #language en-US "Enroll Signature"
+#string STR_SECURE_BOOT_DELETE_SIGNATURE #language en-US "Delete Signature"
+#string STR_SECURE_BOOT_DELETE_LIST_FORM #language en-US "Delete Signature List Form"
+#string STR_SECURE_BOOT_DELETE_DATA_FORM #language en-US "Delete Signature Data Form"
+#string STR_SECURE_BOOT_DELETE_ALL_LIST #language en-US "Delete All Signature List"
+#string STR_SECURE_BOOT_DELETE_ALL_DATA #language en-US "Delete All Signature Data"
+#string STR_SECURE_BOOT_DELETE_CHECK_DATA #language en-US "Delete Checked Signature Data"
+#string STR_SECURE_BOOT_DELETE_ALL_DATA_HELP #language en-US "All signature data will be deleted, no matter how many signature data have you checked."
+#string STR_SECURE_BOOT_DELETE_CHECK_DATA_HELP #language en-US "All checked signature data will be deleted."
+
+#string STR_SECURE_BOOT_SIGNATURE_GUID #language en-US "Signature GUID"
+#string STR_SECURE_BOOT_SIGNATURE_GUID_HELP #language en-US "Input digit character in 11111111-2222-3333-4444-1234567890ab format."
+#string STR_SECURE_BOOT_ADD_SIGNATURE_FILE #language en-US "Enroll Signature Using File"
+
+#string STR_DBX_CERTIFICATE_FORMAT_PROMPT #language en-US "Signature Format"
+#string STR_DBX_CERTIFICATE_FORMAT_HELP #language en-US "X509 DER-Cert enrolled. Select different option to enroll it into DBX."
+#string STR_DBX_CERTIFICATE_FORMAT_SHA256 #language en-US "X509 CERT SHA256"
+#string STR_DBX_CERTIFICATE_FORMAT_SHA384 #language en-US "X509 CERT SHA384"
+#string STR_DBX_CERTIFICATE_FORMAT_SHA512 #language en-US "X509 CERT SHA512"
+#string STR_DBX_CERTIFICATE_FORMAT_RAW #language en-US "X509 CERT"
+
+#string STR_DBX_PE_IMAGE_FORMAT_HELP #language en-US "PE image enrolled. Use SHA256 hash to enroll it into DBX"
+#string STR_DBX_PE_FORMAT_SHA256 #language en-US "PE Image SHA256"
+
+#string STR_DBX_AUTH_2_FORMAT_HELP #language en-US "VARIABLE_AUTHENTICATION_2 binary enrolled. Use raw binary to enroll it into DBX"
+#string STR_DBX_AUTH_2_FORMAT #language en-US "VARIABLE_AUTHENTICATION_2"
+
+#string STR_CERTIFICATE_REVOCATION_TIME_PROMPT #language en-US " Revocation Time"
+#string STR_CERTIFICATE_REVOCATION_TIME_HELP #language en-US "Input the revocation time of the certificate"
+#string STR_CERTIFICATE_REVOCATION_DATE_PROMPT #language en-US " Revocation Date"
+#string STR_CERTIFICATE_REVOCATION_DATE_HELP #language en-US "Input the revocation date of the certificate"
+
+#string STR_ALWAYS_CERTIFICATE_REVOCATION_PROMPT #language en-US "Always Revocation"
+#string STR_ALWAYS_CERTIFICATE_REVOCATION_HELP #language en-US "Indicate whether the certificate is always revoked."
+
+
+#string STR_SAVE_SIGNATURE_FILE #language en-US "Save Signature File"
+
+#string STR_SAVE_AND_EXIT #language en-US "Commit Changes and Exit"
+#string STR_NO_SAVE_AND_EXIT #language en-US "Discard Changes and Exit"
+
+#string STR_FILE_EXPLORER_TITLE #language en-US "File Explorer"
+
+#string STR_SECURE_BOOT_MODE_PROMPT #language en-US "Secure Boot Mode"
+#string STR_SECURE_BOOT_MODE_HELP #language en-US "Secure Boot Mode: Custom Mode or Standard Mode"
+
+#string STR_STANDARD_MODE #language en-US "Standard Mode"
+#string STR_CUSTOM_MODE #language en-US "Custom Mode"
+
+#string STR_SECURE_BOOT_OPTION #language en-US "Custom Secure Boot Options"
+#string STR_SECURE_BOOT_OPTION_HELP #language en-US "Enter into Custom Secure Boot Options Form"
+
+#string STR_SECURE_BOOT_OPTION_TITLE #language en-US "Custom Secure Boot Options"
+
+#string STR_SECURE_BOOT_PK_OPTION #language en-US "PK Options"
+#string STR_SECURE_BOOT_PK_OPTION_HELP #language en-US "Enroll/Delete PK"
+#string STR_SECURE_BOOT_KEK_OPTION #language en-US "KEK Options"
+#string STR_SECURE_BOOT_KEK_OPTION_HELP #language en-US "Enroll/Delete KEK"
+#string STR_SECURE_BOOT_DB_OPTION #language en-US "DB Options"
+#string STR_SECURE_BOOT_DB_OPTION_HELP #language en-US "Enroll/Delete Signature"
+#string STR_SECURE_BOOT_DBX_OPTION #language en-US "DBX Options"
+#string STR_SECURE_BOOT_DBX_OPTION_HELP #language en-US "Enroll/Delete DBX"
+#string STR_SECURE_BOOT_DBT_OPTION #language en-US "DBT Options"
+#string STR_SECURE_BOOT_DBT_OPTION_HELP #language en-US "Enroll/Delete DBT"
+
+#string STR_ENROLL_PK #language en-US "Enroll PK"
+#string STR_ENROLL_PK_HELP #language en-US "Enter into Enroll PK Form"
+#string STR_SAVE_PK_FILE #language en-US "Save PK file"
+#string STR_SECURE_BOOT_ENROLL_PK_FILE #language en-US "Enroll PK Using File"
+
+#string STR_DELETE_PK #language en-US "Delete Pk"
+#string STR_DELETE_PK_HELP #language en-US "Choose to Delete PK, Otherwise keep the PK"
+
+#string STR_ENROLL_PK_TITLE #language en-US "Enroll PK"
+
+#string STR_ENROLL_KEK #language en-US "Enroll KEK"
+#string STR_ENROLL_KEK_HELP #language en-US "Enter into Enroll KEK Form"
+
+#string STR_DELETE_KEK #language en-US "Delete KEK"
+#string STR_DELETE_KEK_HELP #language en-US "Enter into Delete KEK Form"
+
+#string STR_ENROLL_KEK_TITLE #language en-US "Enroll KEK"
+#string STR_DELETE_KEK_TITLE #language en-US "Delete KEK"
+
+#string STR_FORM_ENROLL_KEK_FROM_FILE_TITLE #language en-US "Enroll KEK using File"
+#string STR_FORM_ENROLL_KEK_FROM_FILE_TITLE_HELP #language en-US "Read the public key of KEK from file"
+#string STR_FILE_EXPLORER_TITLE #language en-US "File Explorer"
+#string STR_CERT_TYPE_RSA2048_SHA256_GUID #language en-US "RSA2048_SHA256_GUID"
+#string STR_CERT_TYPE_PCKS7_GUID #language en-US "PKCS7_GUID"
+#string STR_CERT_TYPE_SHA1_GUID #language en-US "SHA1_GUID"
+#string STR_CERT_TYPE_SHA256_GUID #language en-US "SHA256_GUID"
+#string STR_CERT_TYPE_X509_SHA256_GUID #language en-US "X509_SHA256_GUID"
+#string STR_CERT_TYPE_X509_SHA384_GUID #language en-US "X509_SHA384_GUID"
+#string STR_CERT_TYPE_X509_SHA512_GUID #language en-US "X509_SHA512_GUID"
+
+#string STR_LIST_TYPE_RSA2048_SHA256 #language en-US "RSA2048_SHA256"
+#string STR_LIST_TYPE_X509 #language en-US "X509"
+#string STR_LIST_TYPE_SHA1 #language en-US "SHA1"
+#string STR_LIST_TYPE_SHA256 #language en-US "SHA256"
+#string STR_LIST_TYPE_X509_SHA256 #language en-US "X509_SHA256"
+#string STR_LIST_TYPE_X509_SHA384 #language en-US "X509_SHA384"
+#string STR_LIST_TYPE_X509_SHA512 #language en-US "X509_SHA512"
+#string STR_LIST_TYPE_UNKNOWN #language en-US "UnKnown"
+
+#string STR_SIGNATURE_LIST_NAME_FORMAT #language en-US "Signature List, Entry-%d"
+#string STR_SIGNATURE_DATA_NAME_FORMAT #language en-US "Signature Data, Entry-%d"
+#string STR_SIGNATURE_LIST_HELP_FORMAT #language en-US "List Type:\n %s\n\nEntry Number:\n %d"
+#string STR_SIGNATURE_DATA_HELP_FORMAT_GUID #language en-US "Owner GUID:\n%s\n\n"
+#string STR_SIGNATURE_DATA_HELP_FORMAT_CN #language en-US "%s(%d bytes):\nCN = %s\n"
+#string STR_SIGNATURE_DATA_HELP_FORMAT_HASH #language en-US "%s(%d bytes):\n%s\n"
+#string STR_SIGNATURE_DATA_HELP_FORMAT_TIME #language en-US "Revocation Time:\n%s"
+
+#string STR_SIGNATURE_DELETE_ALL_CONFIRM #language en-US "Press 'Y' to delete all signature List."
|