1 // SPDX-License-Identifier: GPL-2.0+
3 * Defines APIs that allow an OS to interact with UEFI firmware to query
4 * information about the device.
5 * https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/
7 * Copyright (c) 2020, Linaro Limited
10 #define LOG_CATEGORY LOGC_EFI
13 #include <efi_loader.h>
14 #include <efi_variable.h>
19 #include <version_string.h>
22 #include <u-boot/hash-checksum.h>
23 #include <u-boot/sha1.h>
24 #include <u-boot/sha256.h>
25 #include <u-boot/sha512.h>
26 #include <linux/unaligned/be_byteshift.h>
27 #include <linux/unaligned/le_byteshift.h>
28 #include <linux/unaligned/generic.h>
32 * struct event_log_buffer - internal eventlog management structure
34 * @buffer: eventlog buffer
35 * @final_buffer: finalevent config table buffer
36 * @pos: current position of 'buffer'
37 * @final_pos: current position of 'final_buffer'
38 * @get_event_called: true if GetEventLog has been invoked at least once
39 * @ebs_called: true if ExitBootServices has been invoked
40 * @truncated: true if the 'buffer' is truncated
42 struct event_log_buffer {
45 size_t pos; /* eventlog position */
46 size_t final_pos; /* final events config table position */
47 size_t last_event_size;
48 bool get_event_called;
53 static struct event_log_buffer event_log;
54 static bool tcg2_efi_app_invoked;
56 * When requesting TPM2_CAP_TPM_PROPERTIES the value is on a standard offset.
57 * Since the current tpm2_get_capability() response buffers starts at
58 * 'union tpmu_capabilities data' of 'struct tpms_capability_data', calculate
59 * the response size and offset once for all consumers
61 #define TPM2_RESPONSE_BUFFER_SIZE (sizeof(struct tpms_capability_data) - \
62 offsetof(struct tpms_capability_data, data))
63 #define properties_offset (offsetof(struct tpml_tagged_tpm_property, tpm_property) + \
64 offsetof(struct tpms_tagged_property, value))
66 static const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID;
67 static const efi_guid_t efi_guid_final_events = EFI_TCG2_FINAL_EVENTS_TABLE_GUID;
75 static const struct digest_info hash_algo_list[] = {
78 EFI_TCG2_BOOT_HASH_ALG_SHA1,
79 TPM2_SHA1_DIGEST_SIZE,
83 EFI_TCG2_BOOT_HASH_ALG_SHA256,
84 TPM2_SHA256_DIGEST_SIZE,
88 EFI_TCG2_BOOT_HASH_ALG_SHA384,
89 TPM2_SHA384_DIGEST_SIZE,
93 EFI_TCG2_BOOT_HASH_ALG_SHA512,
94 TPM2_SHA512_DIGEST_SIZE,
98 struct variable_info {
104 static struct variable_info secure_variables[] = {
105 {u"SecureBoot", true, 7},
112 {u"DeployedMode", false, 1},
113 {u"AuditMode", false, 1},
116 #define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list)
119 * alg_to_mask - Get a TCG hash mask for algorithms
121 * @hash_alg: TCG defined algorithm
123 * @Return: TCG hashing algorithm bitmaps, 0 if the algorithm is not supported
125 static u32 alg_to_mask(u16 hash_alg)
129 for (i = 0; i < MAX_HASH_COUNT; i++) {
130 if (hash_algo_list[i].hash_alg == hash_alg)
131 return hash_algo_list[i].hash_mask;
138 * alg_to_len - Get a TCG hash len for algorithms
140 * @hash_alg: TCG defined algorithm
142 * @Return: len of chosen algorithm, 0 if the algorithm is not supported
144 static u16 alg_to_len(u16 hash_alg)
148 for (i = 0; i < MAX_HASH_COUNT; i++) {
149 if (hash_algo_list[i].hash_alg == hash_alg)
150 return hash_algo_list[i].hash_len;
156 static bool is_tcg2_protocol_installed(void)
158 struct efi_handler *handler;
161 ret = efi_search_protocol(efi_root, &efi_guid_tcg2_protocol, &handler);
162 return ret == EFI_SUCCESS;
165 static u32 tcg_event_final_size(struct tpml_digest_values *digest_list)
170 len = offsetof(struct tcg_pcr_event2, digests);
171 len += offsetof(struct tpml_digest_values, digests);
172 for (i = 0; i < digest_list->count; i++) {
173 u16 hash_alg = digest_list->digests[i].hash_alg;
175 len += offsetof(struct tpmt_ha, digest);
176 len += alg_to_len(hash_alg);
178 len += sizeof(u32); /* tcg_pcr_event2 event_size*/
183 /* tcg2_pcr_extend - Extend PCRs for a TPM2 device for a given tpml_digest_values
186 * @digest_list: list of digest algorithms to extend
188 * @Return: status code
190 static efi_status_t tcg2_pcr_extend(struct udevice *dev, u32 pcr_index,
191 struct tpml_digest_values *digest_list)
196 for (i = 0; i < digest_list->count; i++) {
197 u32 alg = digest_list->digests[i].hash_alg;
199 rc = tpm2_pcr_extend(dev, pcr_index, alg,
200 (u8 *)&digest_list->digests[i].digest,
203 EFI_PRINT("Failed to extend PCR\n");
204 return EFI_DEVICE_ERROR;
211 /* tcg2_pcr_read - Read PCRs for a TPM2 device for a given tpml_digest_values
214 * @pcr_index: PCR index
215 * @digest_list: list of digest algorithms to extend
217 * @Return: status code
219 static efi_status_t tcg2_pcr_read(struct udevice *dev, u32 pcr_index,
220 struct tpml_digest_values *digest_list)
222 struct tpm_chip_priv *priv;
223 unsigned int updates, pcr_select_min;
227 priv = dev_get_uclass_priv(dev);
229 return EFI_DEVICE_ERROR;
231 pcr_select_min = priv->pcr_select_min;
233 for (i = 0; i < digest_list->count; i++) {
234 u16 hash_alg = digest_list->digests[i].hash_alg;
235 u8 *digest = (u8 *)&digest_list->digests[i].digest;
237 rc = tpm2_pcr_read(dev, pcr_index, pcr_select_min,
238 hash_alg, digest, alg_to_len(hash_alg),
241 EFI_PRINT("Failed to read PCR\n");
242 return EFI_DEVICE_ERROR;
249 /* put_event - Append an agile event to an eventlog
251 * @pcr_index: PCR index
252 * @event_type: type of event added
253 * @digest_list: list of digest algorithms to add
254 * @size: size of event
255 * @event: event to add
256 * @log: log buffer to append the event
259 static void put_event(u32 pcr_index, u32 event_type,
260 struct tpml_digest_values *digest_list, u32 size,
261 u8 event[], void *log)
268 * size refers to the length of event[] only, we need to check against
269 * the final tcg_pcr_event2 size
271 event_size = size + tcg_event_final_size(digest_list);
273 put_unaligned_le32(pcr_index, log);
274 pos = offsetof(struct tcg_pcr_event2, event_type);
275 put_unaligned_le32(event_type, (void *)((uintptr_t)log + pos));
276 pos = offsetof(struct tcg_pcr_event2, digests); /* count */
277 put_unaligned_le32(digest_list->count, (void *)((uintptr_t)log + pos));
279 pos += offsetof(struct tpml_digest_values, digests);
280 for (i = 0; i < digest_list->count; i++) {
281 u16 hash_alg = digest_list->digests[i].hash_alg;
282 u8 *digest = (u8 *)&digest_list->digests[i].digest;
284 put_unaligned_le16(hash_alg, (void *)((uintptr_t)log + pos));
285 pos += offsetof(struct tpmt_ha, digest);
286 memcpy((void *)((uintptr_t)log + pos), digest, alg_to_len(hash_alg));
287 pos += alg_to_len(hash_alg);
290 put_unaligned_le32(size, (void *)((uintptr_t)log + pos));
291 pos += sizeof(u32); /* tcg_pcr_event2 event_size*/
292 memcpy((void *)((uintptr_t)log + pos), event, size);
296 * make sure the calculated buffer is what we checked against
297 * This check should never fail. It checks the code above is
298 * calculating the right length for the event we are adding
300 if (pos != event_size)
301 log_err("Appending to the EventLog failed\n");
304 /* tcg2_agile_log_append - Append an agile event to an eventlog
306 * @pcr_index: PCR index
307 * @event_type: type of event added
308 * @digest_list: list of digest algorithms to add
309 * @size: size of event
310 * @event: event to add
311 * @log: log buffer to append the event
313 * @Return: status code
315 static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
316 struct tpml_digest_values *digest_list,
317 u32 size, u8 event[])
319 void *log = (void *)((uintptr_t)event_log.buffer + event_log.pos);
320 u32 event_size = size + tcg_event_final_size(digest_list);
321 struct efi_tcg2_final_events_table *final_event;
322 efi_status_t ret = EFI_SUCCESS;
324 /* if ExitBootServices hasn't been called update the normal log */
325 if (!event_log.ebs_called) {
326 if (event_log.truncated ||
327 event_log.pos + event_size > TPM2_EVENT_LOG_SIZE) {
328 event_log.truncated = true;
329 return EFI_VOLUME_FULL;
331 put_event(pcr_index, event_type, digest_list, size, event, log);
332 event_log.pos += event_size;
333 event_log.last_event_size = event_size;
336 if (!event_log.get_event_called)
339 /* if GetEventLog has been called update FinalEventLog as well */
340 if (event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE)
341 return EFI_VOLUME_FULL;
343 log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos);
344 put_event(pcr_index, event_type, digest_list, size, event, log);
346 final_event = event_log.final_buffer;
347 final_event->number_of_events++;
348 event_log.final_pos += event_size;
354 * platform_get_tpm_device() - retrieve TPM device
356 * This function retrieves the udevice implementing a TPM
358 * This function may be overridden if special initialization is needed.
361 * Return: status code
363 __weak efi_status_t platform_get_tpm2_device(struct udevice **dev)
365 for_each_tpm_device(*dev) {
366 /* Only support TPMv2 devices */
367 if (tpm_get_version(*dev) == TPM_V2)
371 return EFI_NOT_FOUND;
375 * platform_get_eventlog() - retrieve the eventlog address and size
377 * This function retrieves the eventlog address and size if the underlying
378 * firmware has done some measurements and passed them.
380 * This function may be overridden based on platform specific method of
381 * passing the eventlog address and size.
384 * @addr: eventlog address
386 * Return: status code
388 __weak efi_status_t platform_get_eventlog(struct udevice *dev, u64 *addr,
394 basep = dev_read_prop(dev, "tpm_event_log_addr", NULL);
396 return EFI_NOT_FOUND;
398 *addr = be64_to_cpup((__force __be64 *)basep);
400 sizep = dev_read_prop(dev, "tpm_event_log_size", NULL);
402 return EFI_NOT_FOUND;
404 *sz = be32_to_cpup((__force __be32 *)sizep);
406 log_debug("event log empty\n");
407 return EFI_NOT_FOUND;
414 * tpm2_get_max_command_size() - get the supported max command size
417 * @max_command_size: output buffer for the size
419 * Return: 0 on success, -1 on error
421 static int tpm2_get_max_command_size(struct udevice *dev, u16 *max_command_size)
423 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
426 memset(response, 0, sizeof(response));
427 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
428 TPM2_PT_MAX_COMMAND_SIZE, response, 1);
432 *max_command_size = (uint16_t)get_unaligned_be32(response +
439 * tpm2_get_max_response_size() - get the supported max response size
442 * @max_response_size: output buffer for the size
444 * Return: 0 on success, -1 on error
446 static int tpm2_get_max_response_size(struct udevice *dev,
447 u16 *max_response_size)
449 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
452 memset(response, 0, sizeof(response));
453 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
454 TPM2_PT_MAX_RESPONSE_SIZE, response, 1);
458 *max_response_size = (uint16_t)get_unaligned_be32(response +
465 * tpm2_get_manufacturer_id() - get the manufacturer ID
468 * @manufacturer_id: output buffer for the id
470 * Return: 0 on success, -1 on error
472 static int tpm2_get_manufacturer_id(struct udevice *dev, u32 *manufacturer_id)
474 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
477 memset(response, 0, sizeof(response));
478 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
479 TPM2_PT_MANUFACTURER, response, 1);
483 *manufacturer_id = get_unaligned_be32(response + properties_offset);
489 * tpm2_get_num_pcr() - get the number of PCRs
492 * @manufacturer_id: output buffer for the number
494 * Return: 0 on success, -1 on error
496 static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr)
498 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
501 memset(response, 0, sizeof(response));
502 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
503 TPM2_PT_PCR_COUNT, response, 1);
507 *num_pcr = get_unaligned_be32(response + properties_offset);
508 if (*num_pcr > TPM2_MAX_PCRS)
515 * is_active_pcr() - Check if a supported algorithm is active
518 * @selection: struct of PCR information
520 * Return: true if PCR is active
522 static bool is_active_pcr(struct tpms_pcr_selection *selection)
526 * check the pcr_select. If at least one of the PCRs supports the
527 * algorithm add it on the active ones
529 for (i = 0; i < selection->size_of_select; i++) {
530 if (selection->pcr_select[i])
538 * tpm2_get_pcr_info() - get the supported, active PCRs and number of banks
541 * @supported_pcr: bitmask with the algorithms supported
542 * @active_pcr: bitmask with the active algorithms
543 * @pcr_banks: number of PCR banks
545 * Return: 0 on success, -1 on error
547 static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr,
548 u32 *active_pcr, u32 *pcr_banks)
550 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
551 struct tpml_pcr_selection pcrs;
559 memset(response, 0, sizeof(response));
560 ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1);
564 pcrs.count = get_unaligned_be32(response);
566 * We only support 5 algorithms for now so check against that
567 * instead of TPM2_NUM_PCR_BANKS
569 if (pcrs.count > MAX_HASH_COUNT || pcrs.count < 1)
572 tpm_ret = tpm2_get_num_pcr(dev, &num_pcr);
576 for (i = 0; i < pcrs.count; i++) {
578 * Definition of TPMS_PCR_SELECTION Structure
581 * pcr_select: u8 array
583 * The offsets depend on the number of the device PCRs
584 * so we have to calculate them based on that
586 u32 hash_offset = offsetof(struct tpml_pcr_selection, selection) +
587 i * offsetof(struct tpms_pcr_selection, pcr_select) +
588 i * ((num_pcr + 7) / 8);
589 u32 size_select_offset =
590 hash_offset + offsetof(struct tpms_pcr_selection,
592 u32 pcr_select_offset =
593 hash_offset + offsetof(struct tpms_pcr_selection,
596 pcrs.selection[i].hash =
597 get_unaligned_be16(response + hash_offset);
598 pcrs.selection[i].size_of_select =
599 __get_unaligned_be(response + size_select_offset);
600 if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX)
602 /* copy the array of pcr_select */
603 memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset,
604 pcrs.selection[i].size_of_select);
607 for (i = 0; i < pcrs.count; i++) {
608 u32 hash_mask = alg_to_mask(pcrs.selection[i].hash);
611 *supported_pcr |= hash_mask;
612 if (is_active_pcr(&pcrs.selection[i]))
613 *active_pcr |= hash_mask;
615 EFI_PRINT("Unknown algorithm %x\n", pcrs.selection[i].hash);
619 *pcr_banks = pcrs.count;
627 * __get_active_pcr_banks() - returns the currently active PCR banks
629 * @active_pcr_banks: pointer for receiving the bitmap of currently
632 * Return: status code
634 static efi_status_t __get_active_pcr_banks(u32 *active_pcr_banks)
637 u32 active = 0, supported = 0, pcr_banks = 0;
641 ret = platform_get_tpm2_device(&dev);
642 if (ret != EFI_SUCCESS)
645 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks);
647 ret = EFI_DEVICE_ERROR;
651 *active_pcr_banks = active;
657 /* tcg2_create_digest - create a list of digests of the supported PCR banks
658 * for a given memory range
660 * @input: input memory
661 * @length: length of buffer to calculate the digest
662 * @digest_list: list of digests to fill in
664 * Return: status code
666 static efi_status_t tcg2_create_digest(const u8 *input, u32 length,
667 struct tpml_digest_values *digest_list)
670 sha256_context ctx_256;
671 sha512_context ctx_512;
672 u8 final[TPM2_SHA512_DIGEST_SIZE];
677 ret = __get_active_pcr_banks(&active);
678 if (ret != EFI_SUCCESS)
681 digest_list->count = 0;
682 for (i = 0; i < MAX_HASH_COUNT; i++) {
683 u16 hash_alg = hash_algo_list[i].hash_alg;
685 if (!(active & alg_to_mask(hash_alg)))
690 sha1_update(&ctx, input, length);
691 sha1_finish(&ctx, final);
693 case TPM2_ALG_SHA256:
694 sha256_starts(&ctx_256);
695 sha256_update(&ctx_256, input, length);
696 sha256_finish(&ctx_256, final);
698 case TPM2_ALG_SHA384:
699 sha384_starts(&ctx_512);
700 sha384_update(&ctx_512, input, length);
701 sha384_finish(&ctx_512, final);
703 case TPM2_ALG_SHA512:
704 sha512_starts(&ctx_512);
705 sha512_update(&ctx_512, input, length);
706 sha512_finish(&ctx_512, final);
709 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
710 return EFI_INVALID_PARAMETER;
712 digest_list->digests[digest_list->count].hash_alg = hash_alg;
713 memcpy(&digest_list->digests[digest_list->count].digest, final,
714 (u32)alg_to_len(hash_alg));
715 digest_list->count++;
722 * efi_tcg2_get_capability() - protocol capability information and state information
724 * @this: TCG2 protocol instance
725 * @capability: caller allocated memory with size field to the size of
726 * the structure allocated
728 * Return: status code
730 static efi_status_t EFIAPI
731 efi_tcg2_get_capability(struct efi_tcg2_protocol *this,
732 struct efi_tcg2_boot_service_capability *capability)
735 efi_status_t efi_ret;
738 EFI_ENTRY("%p, %p", this, capability);
740 if (!this || !capability) {
741 efi_ret = EFI_INVALID_PARAMETER;
745 if (capability->size < BOOT_SERVICE_CAPABILITY_MIN) {
746 capability->size = BOOT_SERVICE_CAPABILITY_MIN;
747 efi_ret = EFI_BUFFER_TOO_SMALL;
751 if (capability->size < sizeof(*capability)) {
752 capability->size = sizeof(*capability);
753 efi_ret = EFI_BUFFER_TOO_SMALL;
757 capability->structure_version.major = 1;
758 capability->structure_version.minor = 1;
759 capability->protocol_version.major = 1;
760 capability->protocol_version.minor = 1;
762 efi_ret = platform_get_tpm2_device(&dev);
763 if (efi_ret != EFI_SUCCESS) {
764 capability->supported_event_logs = 0;
765 capability->hash_algorithm_bitmap = 0;
766 capability->tpm_present_flag = false;
767 capability->max_command_size = 0;
768 capability->max_response_size = 0;
769 capability->manufacturer_id = 0;
770 capability->number_of_pcr_banks = 0;
771 capability->active_pcr_banks = 0;
773 efi_ret = EFI_SUCCESS;
777 /* We only allow a TPMv2 device to register the EFI protocol */
778 capability->supported_event_logs = TCG2_EVENT_LOG_FORMAT_TCG_2;
780 capability->tpm_present_flag = true;
782 /* Supported and active PCRs */
783 capability->hash_algorithm_bitmap = 0;
784 capability->active_pcr_banks = 0;
785 ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap,
786 &capability->active_pcr_banks,
787 &capability->number_of_pcr_banks);
789 efi_ret = EFI_DEVICE_ERROR;
793 /* Max command size */
794 ret = tpm2_get_max_command_size(dev, &capability->max_command_size);
796 efi_ret = EFI_DEVICE_ERROR;
800 /* Max response size */
801 ret = tpm2_get_max_response_size(dev, &capability->max_response_size);
803 efi_ret = EFI_DEVICE_ERROR;
807 /* Manufacturer ID */
808 ret = tpm2_get_manufacturer_id(dev, &capability->manufacturer_id);
810 efi_ret = EFI_DEVICE_ERROR;
814 return EFI_EXIT(EFI_SUCCESS);
816 return EFI_EXIT(efi_ret);
820 * efi_tcg2_get_eventlog() - retrieve the the address of an event log and its
823 * @this: TCG2 protocol instance
824 * @log_format: type of event log format
825 * @event_log_location: pointer to the memory address of the event log
826 * @event_log_last_entry: pointer to the address of the start of the last
827 * entry in the event log in memory, if log contains
829 * @event_log_truncated: set to true, if the Event Log is missing at i
832 * Return: status code
834 static efi_status_t EFIAPI
835 efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this,
836 efi_tcg_event_log_format log_format,
837 u64 *event_log_location, u64 *event_log_last_entry,
838 bool *event_log_truncated)
840 efi_status_t ret = EFI_SUCCESS;
843 EFI_ENTRY("%p, %u, %p, %p, %p", this, log_format, event_log_location,
844 event_log_last_entry, event_log_truncated);
846 if (!this || !event_log_location || !event_log_last_entry ||
847 !event_log_truncated) {
848 ret = EFI_INVALID_PARAMETER;
852 /* Only support TPMV2 */
853 if (log_format != TCG2_EVENT_LOG_FORMAT_TCG_2) {
854 ret = EFI_INVALID_PARAMETER;
858 ret = platform_get_tpm2_device(&dev);
859 if (ret != EFI_SUCCESS) {
860 event_log_location = NULL;
861 event_log_last_entry = NULL;
862 *event_log_truncated = false;
866 *event_log_location = (uintptr_t)event_log.buffer;
867 *event_log_last_entry = (uintptr_t)(event_log.buffer + event_log.pos -
868 event_log.last_event_size);
869 *event_log_truncated = event_log.truncated;
870 event_log.get_event_called = true;
873 return EFI_EXIT(ret);
877 * tcg2_hash_pe_image() - calculate PE/COFF image hash
879 * @efi: pointer to the EFI binary
880 * @efi_size: size of @efi binary
881 * @digest_list: list of digest algorithms to extend
883 * Return: status code
885 static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
886 struct tpml_digest_values *digest_list)
888 WIN_CERTIFICATE *wincerts = NULL;
890 struct efi_image_regions *regs = NULL;
891 void *new_efi = NULL;
892 u8 hash[TPM2_SHA512_DIGEST_SIZE];
897 new_efi = efi_prepare_aligned_image(efi, &efi_size);
899 return EFI_OUT_OF_RESOURCES;
901 if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts,
903 log_err("Parsing PE executable image failed\n");
904 ret = EFI_UNSUPPORTED;
908 ret = __get_active_pcr_banks(&active);
909 if (ret != EFI_SUCCESS) {
913 digest_list->count = 0;
914 for (i = 0; i < MAX_HASH_COUNT; i++) {
915 u16 hash_alg = hash_algo_list[i].hash_alg;
917 if (!(active & alg_to_mask(hash_alg)))
921 hash_calculate("sha1", regs->reg, regs->num, hash);
923 case TPM2_ALG_SHA256:
924 hash_calculate("sha256", regs->reg, regs->num, hash);
926 case TPM2_ALG_SHA384:
927 hash_calculate("sha384", regs->reg, regs->num, hash);
929 case TPM2_ALG_SHA512:
930 hash_calculate("sha512", regs->reg, regs->num, hash);
933 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
934 return EFI_INVALID_PARAMETER;
936 digest_list->digests[digest_list->count].hash_alg = hash_alg;
937 memcpy(&digest_list->digests[digest_list->count].digest, hash,
938 (u32)alg_to_len(hash_alg));
939 digest_list->count++;
951 * tcg2_measure_pe_image() - measure PE/COFF image
953 * @efi: pointer to the EFI binary
954 * @efi_size: size of @efi binary
955 * @handle: loaded image handle
956 * @loaded_image: loaded image protocol
958 * Return: status code
960 efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
961 struct efi_loaded_image_obj *handle,
962 struct efi_loaded_image *loaded_image)
964 struct tpml_digest_values digest_list;
967 u32 pcr_index, event_type, event_size;
968 struct uefi_image_load_event *image_load_event;
969 struct efi_device_path *device_path;
970 u32 device_path_length;
971 IMAGE_DOS_HEADER *dos;
972 IMAGE_NT_HEADERS32 *nt;
973 struct efi_handler *handler;
975 if (!is_tcg2_protocol_installed())
978 ret = platform_get_tpm2_device(&dev);
979 if (ret != EFI_SUCCESS)
980 return EFI_SECURITY_VIOLATION;
982 switch (handle->image_type) {
983 case IMAGE_SUBSYSTEM_EFI_APPLICATION:
985 event_type = EV_EFI_BOOT_SERVICES_APPLICATION;
987 case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:
989 event_type = EV_EFI_BOOT_SERVICES_DRIVER;
991 case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:
993 event_type = EV_EFI_RUNTIME_SERVICES_DRIVER;
996 return EFI_UNSUPPORTED;
999 ret = tcg2_hash_pe_image(efi, efi_size, &digest_list);
1000 if (ret != EFI_SUCCESS)
1003 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
1004 if (ret != EFI_SUCCESS)
1007 ret = efi_search_protocol(&handle->header,
1008 &efi_guid_loaded_image_device_path, &handler);
1009 if (ret != EFI_SUCCESS)
1012 device_path = handler->protocol_interface;
1013 device_path_length = efi_dp_size(device_path);
1014 if (device_path_length > 0) {
1015 /* add end node size */
1016 device_path_length += sizeof(struct efi_device_path);
1018 event_size = sizeof(struct uefi_image_load_event) + device_path_length;
1019 image_load_event = calloc(1, event_size);
1020 if (!image_load_event)
1021 return EFI_OUT_OF_RESOURCES;
1023 image_load_event->image_location_in_memory = (uintptr_t)efi;
1024 image_load_event->image_length_in_memory = efi_size;
1025 image_load_event->length_of_device_path = device_path_length;
1027 dos = (IMAGE_DOS_HEADER *)efi;
1028 nt = (IMAGE_NT_HEADERS32 *)(efi + dos->e_lfanew);
1029 if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
1030 IMAGE_NT_HEADERS64 *nt64 = (IMAGE_NT_HEADERS64 *)nt;
1032 image_load_event->image_link_time_address =
1033 nt64->OptionalHeader.ImageBase;
1034 } else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
1035 image_load_event->image_link_time_address =
1036 nt->OptionalHeader.ImageBase;
1038 ret = EFI_INVALID_PARAMETER;
1042 /* device_path_length might be zero */
1043 memcpy(image_load_event->device_path, device_path, device_path_length);
1045 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1046 event_size, (u8 *)image_load_event);
1049 free(image_load_event);
1055 * efi_tcg2_hash_log_extend_event() - extend and optionally log events
1057 * @this: TCG2 protocol instance
1058 * @flags: bitmap providing additional information on the
1060 * @data_to_hash: physical address of the start of the data buffer
1062 * @data_to_hash_len: the length in bytes of the buffer referenced by
1064 * @efi_tcg_event: pointer to data buffer containing information
1067 * Return: status code
1069 static efi_status_t EFIAPI
1070 efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
1071 u64 data_to_hash, u64 data_to_hash_len,
1072 struct efi_tcg2_event *efi_tcg_event)
1074 struct udevice *dev;
1076 u32 event_type, pcr_index, event_size;
1077 struct tpml_digest_values digest_list;
1079 EFI_ENTRY("%p, %llu, %llu, %llu, %p", this, flags, data_to_hash,
1080 data_to_hash_len, efi_tcg_event);
1082 if (!this || !data_to_hash || !efi_tcg_event) {
1083 ret = EFI_INVALID_PARAMETER;
1087 ret = platform_get_tpm2_device(&dev);
1088 if (ret != EFI_SUCCESS)
1091 if (efi_tcg_event->size < efi_tcg_event->header.header_size +
1093 ret = EFI_INVALID_PARAMETER;
1097 if (efi_tcg_event->header.pcr_index > EFI_TCG2_MAX_PCR_INDEX) {
1098 ret = EFI_INVALID_PARAMETER;
1103 * if PE_COFF_IMAGE is set we need to make sure the image is not
1104 * corrupted, verify it and hash the PE/COFF image in accordance with
1105 * the procedure specified in "Calculating the PE Image Hash"
1106 * section of the "Windows Authenticode Portable Executable Signature
1109 if (flags & PE_COFF_IMAGE) {
1110 IMAGE_NT_HEADERS32 *nt;
1112 ret = efi_check_pe((void *)(uintptr_t)data_to_hash,
1113 data_to_hash_len, (void **)&nt);
1114 if (ret != EFI_SUCCESS) {
1115 log_err("Not a valid PE-COFF file\n");
1116 ret = EFI_UNSUPPORTED;
1119 ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash,
1120 data_to_hash_len, &digest_list);
1122 ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash,
1123 data_to_hash_len, &digest_list);
1126 if (ret != EFI_SUCCESS)
1129 pcr_index = efi_tcg_event->header.pcr_index;
1130 event_type = efi_tcg_event->header.event_type;
1132 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
1133 if (ret != EFI_SUCCESS)
1136 if (flags & EFI_TCG2_EXTEND_ONLY) {
1137 if (event_log.truncated)
1138 ret = EFI_VOLUME_FULL;
1143 * The efi_tcg_event size includes the size component and the
1146 event_size = efi_tcg_event->size - sizeof(efi_tcg_event->size) -
1147 efi_tcg_event->header.header_size;
1148 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1149 event_size, efi_tcg_event->event);
1151 return EFI_EXIT(ret);
1155 * efi_tcg2_submit_command() - Send command to the TPM
1157 * @this: TCG2 protocol instance
1158 * @input_param_block_size: size of the TPM input parameter block
1159 * @input_param_block: pointer to the TPM input parameter block
1160 * @output_param_block_size: size of the TPM output parameter block
1161 * @output_param_block: pointer to the TPM output parameter block
1163 * Return: status code
1165 static efi_status_t EFIAPI
1166 efi_tcg2_submit_command(struct efi_tcg2_protocol *this,
1167 u32 input_param_block_size,
1168 u8 *input_param_block,
1169 u32 output_param_block_size,
1170 u8 *output_param_block)
1172 struct udevice *dev;
1175 size_t resp_buf_size = output_param_block_size;
1177 EFI_ENTRY("%p, %u, %p, %u, %p", this, input_param_block_size,
1178 input_param_block, output_param_block_size, output_param_block);
1180 if (!this || !input_param_block || !input_param_block_size) {
1181 ret = EFI_INVALID_PARAMETER;
1185 ret = platform_get_tpm2_device(&dev);
1186 if (ret != EFI_SUCCESS)
1189 rc = tpm2_submit_command(dev, input_param_block,
1190 output_param_block, &resp_buf_size);
1192 ret = (rc == -ENOSPC) ? EFI_OUT_OF_RESOURCES : EFI_DEVICE_ERROR;
1198 return EFI_EXIT(ret);
1202 * efi_tcg2_get_active_pcr_banks() - returns the currently active PCR banks
1204 * @this: TCG2 protocol instance
1205 * @active_pcr_banks: pointer for receiving the bitmap of currently
1208 * Return: status code
1210 static efi_status_t EFIAPI
1211 efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this,
1212 u32 *active_pcr_banks)
1216 if (!this || !active_pcr_banks) {
1217 ret = EFI_INVALID_PARAMETER;
1221 EFI_ENTRY("%p, %p", this, active_pcr_banks);
1222 ret = __get_active_pcr_banks(active_pcr_banks);
1225 return EFI_EXIT(ret);
1229 * efi_tcg2_set_active_pcr_banks() - sets the currently active PCR banks
1231 * @this: TCG2 protocol instance
1232 * @active_pcr_banks: bitmap of the requested active PCR banks
1234 * Return: status code
1236 static efi_status_t EFIAPI
1237 efi_tcg2_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this,
1238 u32 __maybe_unused active_pcr_banks)
1240 return EFI_UNSUPPORTED;
1244 * efi_tcg2_get_result_of_set_active_pcr_banks() - retrieve result for previous
1245 * set_active_pcr_banks()
1247 * @this: TCG2 protocol instance
1248 * @operation_present: non-zero value to indicate a
1249 * set_active_pcr_banks operation was
1250 * invoked during last boot
1251 * @response: result value could be returned
1253 * Return: status code
1255 static efi_status_t EFIAPI
1256 efi_tcg2_get_result_of_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this,
1257 u32 __maybe_unused *operation_present,
1258 u32 __maybe_unused *response)
1260 return EFI_UNSUPPORTED;
1263 static const struct efi_tcg2_protocol efi_tcg2_protocol = {
1264 .get_capability = efi_tcg2_get_capability,
1265 .get_eventlog = efi_tcg2_get_eventlog,
1266 .hash_log_extend_event = efi_tcg2_hash_log_extend_event,
1267 .submit_command = efi_tcg2_submit_command,
1268 .get_active_pcr_banks = efi_tcg2_get_active_pcr_banks,
1269 .set_active_pcr_banks = efi_tcg2_set_active_pcr_banks,
1270 .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks,
1274 * parse_event_log_header() - Parse and verify the event log header fields
1276 * @buffer: Pointer to the start of the eventlog
1277 * @size: Size of the eventlog
1278 * @pos: Return offset of the next event in buffer right
1279 * after the event header i.e specID
1281 * Return: status code
1283 static efi_status_t parse_event_log_header(void *buffer, u32 size, u32 *pos)
1285 struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer;
1288 if (size < sizeof(*event_header))
1289 return EFI_COMPROMISED_DATA;
1291 if (get_unaligned_le32(&event_header->pcr_index) != 0 ||
1292 get_unaligned_le32(&event_header->event_type) != EV_NO_ACTION)
1293 return EFI_COMPROMISED_DATA;
1295 for (i = 0; i < sizeof(event_header->digest); i++) {
1296 if (event_header->digest[i])
1297 return EFI_COMPROMISED_DATA;
1300 *pos += sizeof(*event_header);
1306 * parse_specid_event() - Parse and verify the specID Event in the eventlog
1309 * @buffer: Pointer to the start of the eventlog
1310 * @log_size: Size of the eventlog
1311 * @pos: [in] Offset of specID event in the eventlog buffer
1312 * [out] Return offset of the next event in the buffer
1314 * @digest_list: list of digests in the event
1316 * Return: status code
1317 * @pos Offset in the eventlog where the specID event ends
1318 * @digest_list: list of digests in the event
1320 static efi_status_t parse_specid_event(struct udevice *dev, void *buffer,
1321 u32 log_size, u32 *pos,
1322 struct tpml_digest_values *digest_list)
1324 struct tcg_efi_spec_id_event *spec_event;
1325 struct tcg_pcr_event *event_header = (struct tcg_pcr_event *)buffer;
1326 size_t spec_event_size;
1327 u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0;
1328 u32 spec_active = 0;
1333 if (*pos >= log_size || (*pos + sizeof(*spec_event)) > log_size)
1334 return EFI_COMPROMISED_DATA;
1336 /* Check specID event data */
1337 spec_event = (struct tcg_efi_spec_id_event *)((uintptr_t)buffer + *pos);
1338 /* Check for signature */
1339 if (memcmp(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
1340 sizeof(TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03))) {
1341 log_err("specID Event: Signature mismatch\n");
1342 return EFI_COMPROMISED_DATA;
1345 if (spec_event->spec_version_minor !=
1346 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2 ||
1347 spec_event->spec_version_major !=
1348 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2)
1349 return EFI_COMPROMISED_DATA;
1351 if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
1352 spec_event->number_of_algorithms < 1) {
1353 log_err("specID Event: Number of algorithms incorrect\n");
1354 return EFI_COMPROMISED_DATA;
1357 alg_count = spec_event->number_of_algorithms;
1359 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count);
1361 return EFI_DEVICE_ERROR;
1363 digest_list->count = 0;
1365 * We have to take care that the sequence of algorithms that we record
1366 * in digest_list matches the sequence in eventlog.
1368 for (i = 0; i < alg_count; i++) {
1370 get_unaligned_le16(&spec_event->digest_sizes[i].algorithm_id);
1372 if (!(supported & alg_to_mask(hash_alg))) {
1373 log_err("specID Event: Unsupported algorithm\n");
1374 return EFI_COMPROMISED_DATA;
1376 digest_list->digests[digest_list->count++].hash_alg = hash_alg;
1378 spec_active |= alg_to_mask(hash_alg);
1382 * TCG specification expects the event log to have hashes for all
1385 if (spec_active != active) {
1387 * Previous stage bootloader should know all the active PCR's
1388 * and use them in the Eventlog.
1390 log_err("specID Event: All active hash alg not present\n");
1391 return EFI_COMPROMISED_DATA;
1395 * the size of the spec event and placement of vendor_info_size
1396 * depends on supported algoriths
1399 offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
1400 alg_count * sizeof(spec_event->digest_sizes[0]);
1402 if (*pos + spec_event_size >= log_size)
1403 return EFI_COMPROMISED_DATA;
1405 vendor_sz = *(uint8_t *)((uintptr_t)buffer + *pos + spec_event_size);
1407 spec_event_size += sizeof(vendor_sz) + vendor_sz;
1408 *pos += spec_event_size;
1410 if (get_unaligned_le32(&event_header->event_size) != spec_event_size) {
1411 log_err("specID event: header event size mismatch\n");
1412 /* Right way to handle this can be to call SetActive PCR's */
1413 return EFI_COMPROMISED_DATA;
1420 * tcg2_parse_event() - Parse the event in the eventlog
1423 * @buffer: Pointer to the start of the eventlog
1424 * @log_size: Size of the eventlog
1425 * @offset: [in] Offset of the event in the eventlog buffer
1426 * [out] Return offset of the next event in the buffer
1427 * @digest_list: list of digests in the event
1428 * @pcr Index of the PCR in the event
1430 * Return: status code
1432 static efi_status_t tcg2_parse_event(struct udevice *dev, void *buffer,
1433 u32 log_size, u32 *offset,
1434 struct tpml_digest_values *digest_list,
1437 struct tcg_pcr_event2 *event = NULL;
1438 u32 count, size, event_size;
1441 event_size = tcg_event_final_size(digest_list);
1442 if (*offset >= log_size || *offset + event_size > log_size) {
1443 log_err("Event exceeds log size\n");
1444 return EFI_COMPROMISED_DATA;
1447 event = (struct tcg_pcr_event2 *)((uintptr_t)buffer + *offset);
1448 *pcr = get_unaligned_le32(&event->pcr_index);
1451 count = get_unaligned_le32(&event->digests.count);
1452 if (count != digest_list->count)
1453 return EFI_COMPROMISED_DATA;
1455 pos = offsetof(struct tcg_pcr_event2, digests);
1456 pos += offsetof(struct tpml_digest_values, digests);
1458 for (int i = 0; i < digest_list->count; i++) {
1460 u16 hash_alg = digest_list->digests[i].hash_alg;
1461 u8 *digest = (u8 *)&digest_list->digests[i].digest;
1463 alg = get_unaligned_le16((void *)((uintptr_t)event + pos));
1465 if (alg != hash_alg)
1466 return EFI_COMPROMISED_DATA;
1468 pos += offsetof(struct tpmt_ha, digest);
1469 memcpy(digest, (void *)((uintptr_t)event + pos), alg_to_len(hash_alg));
1470 pos += alg_to_len(hash_alg);
1473 size = get_unaligned_le32((void *)((uintptr_t)event + pos));
1475 pos += sizeof(u32); /* tcg_pcr_event2 event_size*/
1478 /* make sure the calculated buffer is what we checked against */
1479 if (pos != event_size)
1480 return EFI_COMPROMISED_DATA;
1483 return EFI_COMPROMISED_DATA;
1491 * tcg2_get_fw_eventlog() - Get the eventlog address and size
1493 * If the previous firmware has passed some eventlog, this function get it's
1494 * location and check for it's validity.
1497 * @log_buffer: eventlog address
1498 * @log_sz: eventlog size
1500 * Return: status code
1502 static efi_status_t tcg2_get_fw_eventlog(struct udevice *dev, void *log_buffer,
1505 struct tpml_digest_values digest_list;
1511 bool extend_pcr = false;
1514 ret = platform_get_eventlog(dev, &base, &sz);
1515 if (ret != EFI_SUCCESS)
1518 if (sz > TPM2_EVENT_LOG_SIZE)
1519 return EFI_VOLUME_FULL;
1521 buffer = (void *)(uintptr_t)base;
1523 /* Parse the eventlog to check for its validity */
1524 ret = parse_event_log_header(buffer, sz, &pos);
1528 ret = parse_specid_event(dev, buffer, sz, &pos, &digest_list);
1530 log_err("Error parsing SPEC ID Event\n");
1534 ret = tcg2_pcr_read(dev, 0, &digest_list);
1536 log_err("Error reading PCR 0\n");
1541 * If PCR0 is 0, previous firmware didn't have the capability
1542 * to extend the PCR. In this scenario, extend the PCR as
1543 * the eventlog is parsed.
1545 for (i = 0; i < digest_list.count; i++) {
1546 u8 hash_buf[TPM2_SHA512_DIGEST_SIZE] = { 0 };
1547 u16 hash_alg = digest_list.digests[i].hash_alg;
1549 if (!memcmp((u8 *)&digest_list.digests[i].digest, hash_buf,
1550 alg_to_len(hash_alg)))
1555 ret = tcg2_parse_event(dev, buffer, sz, &pos, &digest_list,
1558 log_err("Error parsing event\n");
1562 ret = tcg2_pcr_extend(dev, pcr, &digest_list);
1563 if (ret != EFI_SUCCESS) {
1564 log_err("Error in extending PCR\n");
1568 /* Clear the digest for next event */
1569 for (i = 0; i < digest_list.count; i++) {
1570 u16 hash_alg = digest_list.digests[i].hash_alg;
1572 (u8 *)&digest_list.digests[i].digest;
1574 memset(digest, 0, alg_to_len(hash_alg));
1579 memcpy(log_buffer, buffer, sz);
1586 * create_specid_event() - Create the first event in the eventlog
1589 * @event_header: Pointer to the final event header
1590 * @event_size: final spec event size
1592 * Return: status code
1594 static efi_status_t create_specid_event(struct udevice *dev, void *buffer,
1597 struct tcg_efi_spec_id_event *spec_event;
1598 size_t spec_event_size;
1599 efi_status_t ret = EFI_DEVICE_ERROR;
1600 u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0;
1605 * Create Spec event. This needs to be the first event in the log
1606 * according to the TCG EFI protocol spec
1609 /* Setup specID event data */
1610 spec_event = (struct tcg_efi_spec_id_event *)buffer;
1611 memcpy(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
1612 sizeof(spec_event->signature));
1613 put_unaligned_le32(0, &spec_event->platform_class); /* type client */
1614 spec_event->spec_version_minor =
1615 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2;
1616 spec_event->spec_version_major =
1617 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2;
1618 spec_event->spec_errata =
1619 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2;
1620 spec_event->uintn_size = sizeof(efi_uintn_t) / sizeof(u32);
1622 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count);
1627 for (i = 0; i < pcr_count; i++) {
1628 u16 hash_alg = hash_algo_list[i].hash_alg;
1629 u16 hash_len = hash_algo_list[i].hash_len;
1631 if (active & alg_to_mask(hash_alg)) {
1632 put_unaligned_le16(hash_alg,
1633 &spec_event->digest_sizes[alg_count].algorithm_id);
1634 put_unaligned_le16(hash_len,
1635 &spec_event->digest_sizes[alg_count].digest_size);
1640 spec_event->number_of_algorithms = alg_count;
1641 if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
1642 spec_event->number_of_algorithms < 1)
1646 * the size of the spec event and placement of vendor_info_size
1647 * depends on supported algoriths
1650 offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
1651 spec_event->number_of_algorithms * sizeof(spec_event->digest_sizes[0]);
1652 /* no vendor info for us */
1653 memset(buffer + spec_event_size, 0, 1);
1654 /* add a byte for vendor_info_size in the spec event */
1655 spec_event_size += 1;
1656 *event_size = spec_event_size;
1665 * tcg2_uninit - remove the final event table and free efi memory on failures
1667 void tcg2_uninit(void)
1671 ret = efi_install_configuration_table(&efi_guid_final_events, NULL);
1672 if (ret != EFI_SUCCESS)
1673 log_err("Failed to delete final events config table\n");
1675 efi_free_pool(event_log.buffer);
1676 event_log.buffer = NULL;
1677 efi_free_pool(event_log.final_buffer);
1678 event_log.final_buffer = NULL;
1680 if (!is_tcg2_protocol_installed())
1683 ret = efi_uninstall_multiple_protocol_interfaces(efi_root, &efi_guid_tcg2_protocol,
1684 &efi_tcg2_protocol, NULL);
1685 if (ret != EFI_SUCCESS)
1686 log_err("Failed to remove EFI TCG2 protocol\n");
1690 * create_final_event() - Create the final event and install the config
1691 * defined by the TCG EFI spec
1693 static efi_status_t create_final_event(void)
1695 struct efi_tcg2_final_events_table *final_event;
1699 * All events generated after the invocation of
1700 * EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an
1701 * EFI_CONFIGURATION_TABLE
1703 ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE,
1704 &event_log.final_buffer);
1705 if (ret != EFI_SUCCESS)
1708 memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1709 final_event = event_log.final_buffer;
1710 final_event->number_of_events = 0;
1711 final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
1712 event_log.final_pos = sizeof(*final_event);
1713 ret = efi_install_configuration_table(&efi_guid_final_events,
1715 if (ret != EFI_SUCCESS) {
1716 efi_free_pool(event_log.final_buffer);
1717 event_log.final_buffer = NULL;
1725 * tcg2_measure_event() - common function to add event log and extend PCR
1728 * @pcr_index: PCR index
1729 * @event_type: type of event added
1731 * @event: event data
1733 * Return: status code
1736 tcg2_measure_event(struct udevice *dev, u32 pcr_index, u32 event_type,
1737 u32 size, u8 event[])
1739 struct tpml_digest_values digest_list;
1742 ret = tcg2_create_digest(event, size, &digest_list);
1743 if (ret != EFI_SUCCESS)
1746 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
1747 if (ret != EFI_SUCCESS)
1750 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1758 * efi_append_scrtm_version - Append an S-CRTM EV_S_CRTM_VERSION event on the
1759 * eventlog and extend the PCRs
1763 * @Return: status code
1765 static efi_status_t efi_append_scrtm_version(struct udevice *dev)
1769 ret = tcg2_measure_event(dev, 0, EV_S_CRTM_VERSION,
1770 strlen(version_string) + 1,
1771 (u8 *)version_string);
1777 * efi_init_event_log() - initialize an eventlog
1779 * Return: status code
1781 static efi_status_t efi_init_event_log(void)
1784 * vendor_info_size is currently set to 0, we need to change the length
1785 * and allocate the flexible array member if this changes
1787 struct tcg_pcr_event *event_header = NULL;
1788 struct udevice *dev;
1789 size_t spec_event_size;
1792 ret = platform_get_tpm2_device(&dev);
1793 if (ret != EFI_SUCCESS)
1796 ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE,
1797 (void **)&event_log.buffer);
1798 if (ret != EFI_SUCCESS)
1802 * initialize log area as 0xff so the OS can easily figure out the
1805 memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1808 * The log header is defined to be in SHA1 event log entry format.
1809 * Setup event header
1811 event_header = (struct tcg_pcr_event *)event_log.buffer;
1813 event_log.last_event_size = 0;
1814 event_log.get_event_called = false;
1815 event_log.ebs_called = false;
1816 event_log.truncated = false;
1819 * Check if earlier firmware have passed any eventlog. Different
1820 * platforms can use different ways to do so.
1822 ret = tcg2_get_fw_eventlog(dev, event_log.buffer, &event_log.pos);
1824 * If earlier firmware hasn't passed any eventlog, go ahead and
1825 * create the eventlog header.
1827 if (ret == EFI_NOT_FOUND) {
1828 put_unaligned_le32(0, &event_header->pcr_index);
1829 put_unaligned_le32(EV_NO_ACTION, &event_header->event_type);
1830 memset(&event_header->digest, 0, sizeof(event_header->digest));
1831 ret = create_specid_event(dev,
1832 (void *)((uintptr_t)event_log.buffer +
1833 sizeof(*event_header)),
1835 if (ret != EFI_SUCCESS)
1837 put_unaligned_le32(spec_event_size, &event_header->event_size);
1838 event_log.pos = spec_event_size + sizeof(*event_header);
1839 event_log.last_event_size = event_log.pos;
1842 * Add SCRTM version to the log if previous firmmware
1843 * doesn't pass an eventlog.
1845 ret = efi_append_scrtm_version(dev);
1848 if (ret != EFI_SUCCESS)
1851 ret = create_final_event();
1852 if (ret != EFI_SUCCESS)
1858 efi_free_pool(event_log.buffer);
1859 event_log.buffer = NULL;
1864 * tcg2_measure_variable() - add variable event log and extend PCR
1867 * @pcr_index: PCR index
1868 * @event_type: type of event added
1869 * @var_name: variable name
1871 * @data_size: variable data size
1872 * @data: variable data
1874 * Return: status code
1876 static efi_status_t tcg2_measure_variable(struct udevice *dev, u32 pcr_index,
1877 u32 event_type, const u16 *var_name,
1878 const efi_guid_t *guid,
1879 efi_uintn_t data_size, u8 *data)
1883 struct efi_tcg2_uefi_variable_data *event;
1885 event_size = sizeof(event->variable_name) +
1886 sizeof(event->unicode_name_length) +
1887 sizeof(event->variable_data_length) +
1888 (u16_strlen(var_name) * sizeof(u16)) + data_size;
1889 event = malloc(event_size);
1891 return EFI_OUT_OF_RESOURCES;
1893 guidcpy(&event->variable_name, guid);
1894 event->unicode_name_length = u16_strlen(var_name);
1895 event->variable_data_length = data_size;
1896 memcpy(event->unicode_name, var_name,
1897 (event->unicode_name_length * sizeof(u16)));
1899 memcpy((u16 *)event->unicode_name + event->unicode_name_length,
1902 ret = tcg2_measure_event(dev, pcr_index, event_type, event_size,
1909 * tcg2_measure_boot_variable() - measure boot variables
1913 * Return: status code
1915 static efi_status_t tcg2_measure_boot_variable(struct udevice *dev)
1919 u16 var_name[] = u"BootOrder";
1920 u16 boot_name[] = u"Boot####";
1922 efi_uintn_t var_data_size;
1926 boot_order = efi_get_var(var_name, &efi_global_variable_guid,
1929 /* If "BootOrder" is not defined, skip the boot variable measurement */
1933 ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2, var_name,
1934 &efi_global_variable_guid, var_data_size,
1936 if (ret != EFI_SUCCESS)
1939 count = var_data_size / sizeof(*boot_order);
1940 boot_index = boot_order;
1941 for (i = 0; i < count; i++) {
1942 efi_create_indexed_name(boot_name, sizeof(boot_name),
1943 "Boot", *boot_index++);
1945 bootvar = efi_get_var(boot_name, &efi_global_variable_guid,
1949 log_debug("%ls not found\n", boot_name);
1953 ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2,
1955 &efi_global_variable_guid,
1956 var_data_size, bootvar);
1958 if (ret != EFI_SUCCESS)
1968 * tcg2_measure_smbios() - measure smbios table
1971 * @entry: pointer to the smbios_entry structure
1973 * Return: status code
1976 tcg2_measure_smbios(struct udevice *dev,
1977 const struct smbios_entry *entry)
1980 struct smbios_header *smbios_copy;
1981 struct smbios_handoff_table_pointers2 *event = NULL;
1985 * TCG PC Client PFP Spec says
1986 * "SMBIOS structures that contain static configuration information
1987 * (e.g. Platform Manufacturer Enterprise Number assigned by IANA,
1988 * platform model number, Vendor and Device IDs for each SMBIOS table)
1989 * that is relevant to the security of the platform MUST be measured".
1990 * Device dependent parameters such as serial number are cleared to
1991 * zero or spaces for the measurement.
1993 event_size = sizeof(struct smbios_handoff_table_pointers2) +
1994 FIELD_SIZEOF(struct efi_configuration_table, guid) +
1995 entry->struct_table_length;
1996 event = calloc(1, event_size);
1998 ret = EFI_OUT_OF_RESOURCES;
2002 event->table_description_size = sizeof(SMBIOS_HANDOFF_TABLE_DESC);
2003 memcpy(event->table_description, SMBIOS_HANDOFF_TABLE_DESC,
2004 sizeof(SMBIOS_HANDOFF_TABLE_DESC));
2005 put_unaligned_le64(1, &event->number_of_tables);
2006 guidcpy(&event->table_entry[0].guid, &smbios_guid);
2007 smbios_copy = (struct smbios_header *)((uintptr_t)&event->table_entry[0].table);
2008 memcpy(&event->table_entry[0].table,
2009 (void *)((uintptr_t)entry->struct_table_address),
2010 entry->struct_table_length);
2012 smbios_prepare_measurement(entry, smbios_copy);
2014 ret = tcg2_measure_event(dev, 1, EV_EFI_HANDOFF_TABLES2, event_size,
2016 if (ret != EFI_SUCCESS)
2026 * find_smbios_table() - find smbios table
2028 * Return: pointer to the smbios table
2030 static void *find_smbios_table(void)
2034 for (i = 0; i < systab.nr_tables; i++) {
2035 if (!guidcmp(&smbios_guid, &systab.tables[i].guid))
2036 return systab.tables[i].table;
2043 * tcg2_measure_gpt_table() - measure gpt table
2046 * @loaded_image: handle to the loaded image
2048 * Return: status code
2051 tcg2_measure_gpt_data(struct udevice *dev,
2052 struct efi_loaded_image_obj *loaded_image)
2055 efi_handle_t handle;
2056 struct efi_handler *dp_handler, *io_handler;
2057 struct efi_device_path *orig_device_path;
2058 struct efi_device_path *device_path;
2059 struct efi_device_path *dp;
2060 struct efi_block_io *block_io;
2061 struct efi_gpt_data *event = NULL;
2062 efi_guid_t null_guid = NULL_GUID;
2064 gpt_entry *entry = NULL;
2066 u32 num_of_valid_entry = 0;
2069 u32 total_gpt_entry_size;
2071 ret = efi_search_protocol(&loaded_image->header,
2072 &efi_guid_loaded_image_device_path,
2074 if (ret != EFI_SUCCESS)
2077 orig_device_path = dp_handler->protocol_interface;
2078 if (!orig_device_path) /* no device path, skip GPT measurement */
2081 device_path = efi_dp_dup(orig_device_path);
2083 return EFI_OUT_OF_RESOURCES;
2085 dp = search_gpt_dp_node(device_path);
2087 /* no GPT device path node found, skip GPT measurement */
2092 /* read GPT header */
2093 dp->type = DEVICE_PATH_TYPE_END;
2094 dp->sub_type = DEVICE_PATH_SUB_TYPE_END;
2096 ret = EFI_CALL(systab.boottime->locate_device_path(&efi_block_io_guid,
2098 if (ret != EFI_SUCCESS)
2101 ret = efi_search_protocol(handle, &efi_block_io_guid, &io_handler);
2102 if (ret != EFI_SUCCESS)
2104 block_io = io_handler->protocol_interface;
2106 gpt_h = memalign(block_io->media->io_align, block_io->media->block_size);
2108 ret = EFI_OUT_OF_RESOURCES;
2112 ret = block_io->read_blocks(block_io, block_io->media->media_id, 1,
2113 block_io->media->block_size, gpt_h);
2114 if (ret != EFI_SUCCESS)
2117 /* read GPT entry */
2118 total_gpt_entry_size = gpt_h->num_partition_entries *
2119 gpt_h->sizeof_partition_entry;
2120 entry = memalign(block_io->media->io_align, total_gpt_entry_size);
2122 ret = EFI_OUT_OF_RESOURCES;
2126 ret = block_io->read_blocks(block_io, block_io->media->media_id,
2127 gpt_h->partition_entry_lba,
2128 total_gpt_entry_size, entry);
2129 if (ret != EFI_SUCCESS)
2132 /* count valid GPT entry */
2134 for (i = 0; i < gpt_h->num_partition_entries; i++) {
2135 if (guidcmp(&null_guid, &gpt_e->partition_type_guid))
2136 num_of_valid_entry++;
2138 gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry);
2141 /* prepare event data for measurement */
2142 event_size = sizeof(struct efi_gpt_data) +
2143 (num_of_valid_entry * gpt_h->sizeof_partition_entry);
2144 event = calloc(1, event_size);
2146 ret = EFI_OUT_OF_RESOURCES;
2149 memcpy(event, gpt_h, sizeof(gpt_header));
2150 put_unaligned_le64(num_of_valid_entry, &event->number_of_partitions);
2152 /* copy valid GPT entry */
2154 num_of_valid_entry = 0;
2155 for (i = 0; i < gpt_h->num_partition_entries; i++) {
2156 if (guidcmp(&null_guid, &gpt_e->partition_type_guid)) {
2157 memcpy((u8 *)event->partitions +
2158 (num_of_valid_entry * gpt_h->sizeof_partition_entry),
2159 gpt_e, gpt_h->sizeof_partition_entry);
2160 num_of_valid_entry++;
2163 gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry);
2166 ret = tcg2_measure_event(dev, 5, EV_EFI_GPT_EVENT, event_size, (u8 *)event);
2173 efi_free_pool(device_path);
2178 /* Return the byte size of reserved map area in DTB or -1 upon error */
2179 static ssize_t size_of_rsvmap(void *dtb)
2181 struct fdt_reserve_entry e;
2186 rsvmap_base = (u8 *)dtb + fdt_off_mem_rsvmap(dtb);
2187 size_max = fdt_totalsize(dtb) - fdt_off_mem_rsvmap(dtb);
2191 memcpy(&e, rsvmap_base + size, sizeof(e));
2193 if (size > size_max)
2201 * efi_tcg2_measure_dtb() - measure DTB passed to the OS
2203 * @dtb: pointer to the device tree blob
2205 * Return: status code
2207 efi_status_t efi_tcg2_measure_dtb(void *dtb)
2209 struct uefi_platform_firmware_blob2 *blob;
2210 struct fdt_header *header;
2211 sha256_context hash_ctx;
2212 struct udevice *dev;
2213 ssize_t rsvmap_size;
2217 if (!is_tcg2_protocol_installed())
2220 ret = platform_get_tpm2_device(&dev);
2221 if (ret != EFI_SUCCESS)
2222 return EFI_SECURITY_VIOLATION;
2224 rsvmap_size = size_of_rsvmap(dtb);
2225 if (rsvmap_size < 0)
2226 return EFI_SECURITY_VIOLATION;
2228 event_size = sizeof(*blob) + sizeof(EFI_DTB_EVENT_STRING) + SHA256_SUM_LEN;
2229 blob = calloc(1, event_size);
2231 return EFI_OUT_OF_RESOURCES;
2233 blob->blob_description_size = sizeof(EFI_DTB_EVENT_STRING);
2234 memcpy(blob->data, EFI_DTB_EVENT_STRING, blob->blob_description_size);
2236 /* Measure populated areas of the DTB */
2238 sha256_starts(&hash_ctx);
2239 sha256_update(&hash_ctx, (u8 *)header, sizeof(struct fdt_header));
2240 sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_dt_struct(dtb), fdt_size_dt_strings(dtb));
2241 sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_dt_strings(dtb), fdt_size_dt_struct(dtb));
2242 sha256_update(&hash_ctx, (u8 *)dtb + fdt_off_mem_rsvmap(dtb), rsvmap_size);
2243 sha256_finish(&hash_ctx, blob->data + blob->blob_description_size);
2245 ret = tcg2_measure_event(dev, 0, EV_POST_CODE, event_size, (u8 *)blob);
2252 * efi_tcg2_measure_efi_app_invocation() - measure efi app invocation
2254 * Return: status code
2256 efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *handle)
2260 struct udevice *dev;
2262 struct smbios_entry *entry;
2264 if (!is_tcg2_protocol_installed())
2267 if (tcg2_efi_app_invoked)
2270 ret = platform_get_tpm2_device(&dev);
2271 if (ret != EFI_SUCCESS)
2272 return EFI_SECURITY_VIOLATION;
2274 ret = tcg2_measure_boot_variable(dev);
2275 if (ret != EFI_SUCCESS)
2278 ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
2279 strlen(EFI_CALLING_EFI_APPLICATION),
2280 (u8 *)EFI_CALLING_EFI_APPLICATION);
2281 if (ret != EFI_SUCCESS)
2284 entry = (struct smbios_entry *)find_smbios_table();
2286 ret = tcg2_measure_smbios(dev, entry);
2287 if (ret != EFI_SUCCESS)
2291 ret = tcg2_measure_gpt_data(dev, handle);
2292 if (ret != EFI_SUCCESS)
2295 for (pcr_index = 0; pcr_index <= 7; pcr_index++) {
2296 ret = tcg2_measure_event(dev, pcr_index, EV_SEPARATOR,
2297 sizeof(event), (u8 *)&event);
2298 if (ret != EFI_SUCCESS)
2302 tcg2_efi_app_invoked = true;
2308 * efi_tcg2_measure_efi_app_exit() - measure efi app exit
2310 * Return: status code
2312 efi_status_t efi_tcg2_measure_efi_app_exit(void)
2315 struct udevice *dev;
2317 if (!is_tcg2_protocol_installed())
2320 ret = platform_get_tpm2_device(&dev);
2321 if (ret != EFI_SUCCESS)
2324 ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
2325 strlen(EFI_RETURNING_FROM_EFI_APPLICATION),
2326 (u8 *)EFI_RETURNING_FROM_EFI_APPLICATION);
2331 * efi_tcg2_notify_exit_boot_services() - ExitBootService callback
2333 * @event: callback event
2334 * @context: callback context
2337 efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)
2340 struct udevice *dev;
2342 EFI_ENTRY("%p, %p", event, context);
2344 event_log.ebs_called = true;
2346 if (!is_tcg2_protocol_installed()) {
2351 ret = platform_get_tpm2_device(&dev);
2352 if (ret != EFI_SUCCESS)
2355 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
2356 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
2357 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
2358 if (ret != EFI_SUCCESS)
2361 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
2362 strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED),
2363 (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED);
2370 * efi_tcg2_notify_exit_boot_services_failed()
2371 * - notify ExitBootServices() is failed
2373 * Return: status code
2375 efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)
2377 struct udevice *dev;
2380 if (!is_tcg2_protocol_installed())
2383 ret = platform_get_tpm2_device(&dev);
2384 if (ret != EFI_SUCCESS)
2387 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
2388 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
2389 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
2390 if (ret != EFI_SUCCESS)
2393 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
2394 strlen(EFI_EXIT_BOOT_SERVICES_FAILED),
2395 (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED);
2402 * tcg2_measure_secure_boot_variable() - measure secure boot variables
2406 * Return: status code
2408 static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev)
2411 efi_uintn_t data_size;
2416 u32 deployed_audit_pcr_index = 1;
2418 size = sizeof(deployed_mode);
2419 ret = efi_get_variable_int(u"DeployedMode", &efi_global_variable_guid,
2420 NULL, &size, &deployed_mode, NULL);
2421 if (ret != EFI_SUCCESS || !deployed_mode)
2422 deployed_audit_pcr_index = 7;
2424 count = ARRAY_SIZE(secure_variables);
2425 for (i = 0; i < count; i++) {
2426 const efi_guid_t *guid;
2428 guid = efi_auth_var_get_guid(secure_variables[i].name);
2430 data = efi_get_var(secure_variables[i].name, guid, &data_size);
2431 if (!data && !secure_variables[i].accept_empty)
2434 if (u16_strcmp(u"DeployedMode", secure_variables[i].name))
2435 secure_variables[i].pcr_index = deployed_audit_pcr_index;
2436 if (u16_strcmp(u"AuditMode", secure_variables[i].name))
2437 secure_variables[i].pcr_index = deployed_audit_pcr_index;
2439 ret = tcg2_measure_variable(dev, secure_variables[i].pcr_index,
2440 EV_EFI_VARIABLE_DRIVER_CONFIG,
2441 secure_variables[i].name, guid,
2444 if (ret != EFI_SUCCESS)
2453 * efi_tcg2_do_initial_measurement() - do initial measurement
2455 * Return: status code
2457 efi_status_t efi_tcg2_do_initial_measurement(void)
2460 struct udevice *dev;
2462 if (!is_tcg2_protocol_installed())
2465 ret = platform_get_tpm2_device(&dev);
2466 if (ret != EFI_SUCCESS)
2467 return EFI_SECURITY_VIOLATION;
2469 ret = tcg2_measure_secure_boot_variable(dev);
2470 if (ret != EFI_SUCCESS)
2478 * efi_tcg2_register() - register EFI_TCG2_PROTOCOL
2480 * If a TPM2 device is available, the TPM TCG2 Protocol is registered
2482 * Return: status code
2484 efi_status_t efi_tcg2_register(void)
2486 efi_status_t ret = EFI_SUCCESS;
2487 struct udevice *dev;
2488 struct efi_event *event;
2491 ret = platform_get_tpm2_device(&dev);
2492 if (ret != EFI_SUCCESS) {
2493 log_warning("Missing TPMv2 device for EFI_TCG_PROTOCOL\n");
2497 /* initialize the TPM as early as possible. */
2498 err = tpm_auto_start(dev);
2500 log_err("TPM startup failed\n");
2504 ret = efi_init_event_log();
2505 if (ret != EFI_SUCCESS) {
2510 ret = efi_install_multiple_protocol_interfaces(&efi_root, &efi_guid_tcg2_protocol,
2511 &efi_tcg2_protocol, NULL);
2512 if (ret != EFI_SUCCESS) {
2517 ret = efi_create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK,
2518 efi_tcg2_notify_exit_boot_services, NULL,
2520 if (ret != EFI_SUCCESS) {
2528 log_err("Cannot install EFI_TCG2_PROTOCOL\n");
projects / platform / kernel / u-boot.git / blob