1 // SPDX-License-Identifier: GPL-2.0+
3 * Defines APIs that allow an OS to interact with UEFI firmware to query
4 * information about the device.
5 * https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/
7 * Copyright (c) 2020, Linaro Limited
10 #define LOG_CATEGORY LOGC_EFI
13 #include <efi_loader.h>
19 #include <u-boot/hash-checksum.h>
20 #include <u-boot/sha1.h>
21 #include <u-boot/sha256.h>
22 #include <u-boot/sha512.h>
23 #include <linux/unaligned/access_ok.h>
24 #include <linux/unaligned/generic.h>
27 struct event_log_buffer {
30 size_t pos; /* eventlog position */
31 size_t final_pos; /* final events config table position */
32 size_t last_event_size;
33 bool get_event_called;
37 static struct event_log_buffer event_log;
38 static bool tcg2_efi_app_invoked;
40 * When requesting TPM2_CAP_TPM_PROPERTIES the value is on a standard offset.
41 * Since the current tpm2_get_capability() response buffers starts at
42 * 'union tpmu_capabilities data' of 'struct tpms_capability_data', calculate
43 * the response size and offset once for all consumers
45 #define TPM2_RESPONSE_BUFFER_SIZE (sizeof(struct tpms_capability_data) - \
46 offsetof(struct tpms_capability_data, data))
47 #define properties_offset (offsetof(struct tpml_tagged_tpm_property, tpm_property) + \
48 offsetof(struct tpms_tagged_property, value))
50 static const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID;
51 static const efi_guid_t efi_guid_final_events = EFI_TCG2_FINAL_EVENTS_TABLE_GUID;
59 static const struct digest_info hash_algo_list[] = {
62 EFI_TCG2_BOOT_HASH_ALG_SHA1,
63 TPM2_SHA1_DIGEST_SIZE,
67 EFI_TCG2_BOOT_HASH_ALG_SHA256,
68 TPM2_SHA256_DIGEST_SIZE,
72 EFI_TCG2_BOOT_HASH_ALG_SHA384,
73 TPM2_SHA384_DIGEST_SIZE,
77 EFI_TCG2_BOOT_HASH_ALG_SHA512,
78 TPM2_SHA512_DIGEST_SIZE,
82 struct variable_info {
84 const efi_guid_t *guid;
87 static struct variable_info secure_variables[] = {
88 {L"SecureBoot", &efi_global_variable_guid},
89 {L"PK", &efi_global_variable_guid},
90 {L"KEK", &efi_global_variable_guid},
91 {L"db", &efi_guid_image_security_database},
92 {L"dbx", &efi_guid_image_security_database},
95 #define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list)
98 * alg_to_mask - Get a TCG hash mask for algorithms
100 * @hash_alg: TCG defined algorithm
102 * @Return: TCG hashing algorithm bitmaps, 0 if the algorithm is not supported
104 static u32 alg_to_mask(u16 hash_alg)
108 for (i = 0; i < MAX_HASH_COUNT; i++) {
109 if (hash_algo_list[i].hash_alg == hash_alg)
110 return hash_algo_list[i].hash_mask;
117 * alg_to_len - Get a TCG hash len for algorithms
119 * @hash_alg: TCG defined algorithm
121 * @Return: len of chosen algorithm, 0 if the algorithm is not supported
123 static u16 alg_to_len(u16 hash_alg)
127 for (i = 0; i < MAX_HASH_COUNT; i++) {
128 if (hash_algo_list[i].hash_alg == hash_alg)
129 return hash_algo_list[i].hash_len;
135 static u32 tcg_event_final_size(struct tpml_digest_values *digest_list)
140 len = offsetof(struct tcg_pcr_event2, digests);
141 len += offsetof(struct tpml_digest_values, digests);
142 for (i = 0; i < digest_list->count; i++) {
143 u16 hash_alg = digest_list->digests[i].hash_alg;
145 len += offsetof(struct tpmt_ha, digest);
146 len += alg_to_len(hash_alg);
148 len += sizeof(u32); /* tcg_pcr_event2 event_size*/
153 /* tcg2_pcr_extend - Extend PCRs for a TPM2 device for a given tpml_digest_values
156 * @digest_list: list of digest algorithms to extend
158 * @Return: status code
160 static efi_status_t tcg2_pcr_extend(struct udevice *dev, u32 pcr_index,
161 struct tpml_digest_values *digest_list)
166 for (i = 0; i < digest_list->count; i++) {
167 u32 alg = digest_list->digests[i].hash_alg;
169 rc = tpm2_pcr_extend(dev, pcr_index, alg,
170 (u8 *)&digest_list->digests[i].digest,
173 EFI_PRINT("Failed to extend PCR\n");
174 return EFI_DEVICE_ERROR;
181 /* tcg2_agile_log_append - Append an agile event to out eventlog
183 * @pcr_index: PCR index
184 * @event_type: type of event added
185 * @digest_list: list of digest algorithms to add
186 * @size: size of event
187 * @event: event to add
189 * @Return: status code
191 static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
192 struct tpml_digest_values *digest_list,
193 u32 size, u8 event[])
195 void *log = (void *)((uintptr_t)event_log.buffer + event_log.pos);
200 if (event_log.get_event_called)
201 log = (void *)((uintptr_t)event_log.final_buffer +
202 event_log.final_pos);
205 * size refers to the length of event[] only, we need to check against
206 * the final tcg_pcr_event2 size
208 event_size = size + tcg_event_final_size(digest_list);
209 if (event_log.pos + event_size > TPM2_EVENT_LOG_SIZE ||
210 event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE) {
211 event_log.truncated = true;
212 return EFI_VOLUME_FULL;
215 put_unaligned_le32(pcr_index, log);
216 pos = offsetof(struct tcg_pcr_event2, event_type);
217 put_unaligned_le32(event_type, (void *)((uintptr_t)log + pos));
218 pos = offsetof(struct tcg_pcr_event2, digests); /* count */
219 put_unaligned_le32(digest_list->count, (void *)((uintptr_t)log + pos));
221 pos += offsetof(struct tpml_digest_values, digests);
222 for (i = 0; i < digest_list->count; i++) {
223 u16 hash_alg = digest_list->digests[i].hash_alg;
224 u8 *digest = (u8 *)&digest_list->digests[i].digest;
226 put_unaligned_le16(hash_alg, (void *)((uintptr_t)log + pos));
227 pos += offsetof(struct tpmt_ha, digest);
228 memcpy((void *)((uintptr_t)log + pos), digest, alg_to_len(hash_alg));
229 pos += alg_to_len(hash_alg);
232 put_unaligned_le32(size, (void *)((uintptr_t)log + pos));
233 pos += sizeof(u32); /* tcg_pcr_event2 event_size*/
234 memcpy((void *)((uintptr_t)log + pos), event, size);
237 /* make sure the calculated buffer is what we checked against */
238 if (pos != event_size)
239 return EFI_INVALID_PARAMETER;
241 /* if GetEventLog hasn't been called update the normal log */
242 if (!event_log.get_event_called) {
243 event_log.pos += pos;
244 event_log.last_event_size = pos;
246 /* if GetEventLog has been called update config table log */
247 struct efi_tcg2_final_events_table *final_event;
250 (struct efi_tcg2_final_events_table *)(event_log.final_buffer);
251 final_event->number_of_events++;
252 event_log.final_pos += pos;
259 * platform_get_tpm_device() - retrieve TPM device
261 * This function retrieves the udevice implementing a TPM
263 * This function may be overridden if special initialization is needed.
266 * Return: status code
268 __weak efi_status_t platform_get_tpm2_device(struct udevice **dev)
270 for_each_tpm_device(*dev) {
271 /* Only support TPMv2 devices */
272 if (tpm_get_version(*dev) == TPM_V2)
276 return EFI_NOT_FOUND;
280 * tpm2_get_max_command_size() - get the supported max command size
283 * @max_command_size: output buffer for the size
285 * Return: 0 on success, -1 on error
287 static int tpm2_get_max_command_size(struct udevice *dev, u16 *max_command_size)
289 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
292 memset(response, 0, sizeof(response));
293 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
294 TPM2_PT_MAX_COMMAND_SIZE, response, 1);
298 *max_command_size = (uint16_t)get_unaligned_be32(response +
305 * tpm2_get_max_response_size() - get the supported max response size
308 * @max_response_size: output buffer for the size
310 * Return: 0 on success, -1 on error
312 static int tpm2_get_max_response_size(struct udevice *dev,
313 u16 *max_response_size)
315 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
318 memset(response, 0, sizeof(response));
319 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
320 TPM2_PT_MAX_RESPONSE_SIZE, response, 1);
324 *max_response_size = (uint16_t)get_unaligned_be32(response +
331 * tpm2_get_manufacturer_id() - get the manufacturer ID
334 * @manufacturer_id: output buffer for the id
336 * Return: 0 on success, -1 on error
338 static int tpm2_get_manufacturer_id(struct udevice *dev, u32 *manufacturer_id)
340 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
343 memset(response, 0, sizeof(response));
344 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
345 TPM2_PT_MANUFACTURER, response, 1);
349 *manufacturer_id = get_unaligned_be32(response + properties_offset);
355 * tpm2_get_num_pcr() - get the number of PCRs
358 * @manufacturer_id: output buffer for the number
360 * Return: 0 on success, -1 on error
362 static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr)
364 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
367 memset(response, 0, sizeof(response));
368 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
369 TPM2_PT_PCR_COUNT, response, 1);
373 *num_pcr = get_unaligned_be32(response + properties_offset);
374 if (*num_pcr > TPM2_MAX_PCRS)
381 * is_active_pcr() - Check if a supported algorithm is active
384 * @selection: struct of PCR information
386 * Return: true if PCR is active
388 static bool is_active_pcr(struct tpms_pcr_selection *selection)
392 * check the pcr_select. If at least one of the PCRs supports the
393 * algorithm add it on the active ones
395 for (i = 0; i < selection->size_of_select; i++) {
396 if (selection->pcr_select[i])
404 * tpm2_get_pcr_info() - get the supported, active PCRs and number of banks
407 * @supported_pcr: bitmask with the algorithms supported
408 * @active_pcr: bitmask with the active algorithms
409 * @pcr_banks: number of PCR banks
411 * Return: 0 on success, -1 on error
413 static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr,
414 u32 *active_pcr, u32 *pcr_banks)
416 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
417 struct tpml_pcr_selection pcrs;
425 memset(response, 0, sizeof(response));
426 ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1);
430 pcrs.count = get_unaligned_be32(response);
432 * We only support 5 algorithms for now so check against that
433 * instead of TPM2_NUM_PCR_BANKS
435 if (pcrs.count > MAX_HASH_COUNT || pcrs.count < 1)
438 tpm_ret = tpm2_get_num_pcr(dev, &num_pcr);
442 for (i = 0; i < pcrs.count; i++) {
444 * Definition of TPMS_PCR_SELECTION Structure
447 * pcr_select: u8 array
449 * The offsets depend on the number of the device PCRs
450 * so we have to calculate them based on that
452 u32 hash_offset = offsetof(struct tpml_pcr_selection, selection) +
453 i * offsetof(struct tpms_pcr_selection, pcr_select) +
454 i * ((num_pcr + 7) / 8);
455 u32 size_select_offset =
456 hash_offset + offsetof(struct tpms_pcr_selection,
458 u32 pcr_select_offset =
459 hash_offset + offsetof(struct tpms_pcr_selection,
462 pcrs.selection[i].hash =
463 get_unaligned_be16(response + hash_offset);
464 pcrs.selection[i].size_of_select =
465 __get_unaligned_be(response + size_select_offset);
466 if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX)
468 /* copy the array of pcr_select */
469 memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset,
470 pcrs.selection[i].size_of_select);
473 for (i = 0; i < pcrs.count; i++) {
474 u32 hash_mask = alg_to_mask(pcrs.selection[i].hash);
477 *supported_pcr |= hash_mask;
478 if (is_active_pcr(&pcrs.selection[i]))
479 *active_pcr |= hash_mask;
481 EFI_PRINT("Unknown algorithm %x\n", pcrs.selection[i].hash);
485 *pcr_banks = pcrs.count;
493 * __get_active_pcr_banks() - returns the currently active PCR banks
495 * @active_pcr_banks: pointer for receiving the bitmap of currently
498 * Return: status code
500 static efi_status_t __get_active_pcr_banks(u32 *active_pcr_banks)
503 u32 active = 0, supported = 0, pcr_banks = 0;
507 ret = platform_get_tpm2_device(&dev);
508 if (ret != EFI_SUCCESS)
511 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks);
513 ret = EFI_DEVICE_ERROR;
517 *active_pcr_banks = active;
523 /* tcg2_create_digest - create a list of digests of the supported PCR banks
524 * for a given memory range
526 * @input: input memory
527 * @length: length of buffer to calculate the digest
528 * @digest_list: list of digests to fill in
530 * Return: status code
532 static efi_status_t tcg2_create_digest(const u8 *input, u32 length,
533 struct tpml_digest_values *digest_list)
536 sha256_context ctx_256;
537 sha512_context ctx_512;
538 u8 final[TPM2_SHA512_DIGEST_SIZE];
543 ret = __get_active_pcr_banks(&active);
544 if (ret != EFI_SUCCESS)
547 digest_list->count = 0;
548 for (i = 0; i < MAX_HASH_COUNT; i++) {
549 u16 hash_alg = hash_algo_list[i].hash_alg;
551 if (!(active & alg_to_mask(hash_alg)))
556 sha1_update(&ctx, input, length);
557 sha1_finish(&ctx, final);
559 case TPM2_ALG_SHA256:
560 sha256_starts(&ctx_256);
561 sha256_update(&ctx_256, input, length);
562 sha256_finish(&ctx_256, final);
564 case TPM2_ALG_SHA384:
565 sha384_starts(&ctx_512);
566 sha384_update(&ctx_512, input, length);
567 sha384_finish(&ctx_512, final);
569 case TPM2_ALG_SHA512:
570 sha512_starts(&ctx_512);
571 sha512_update(&ctx_512, input, length);
572 sha512_finish(&ctx_512, final);
575 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
576 return EFI_INVALID_PARAMETER;
578 digest_list->count++;
579 digest_list->digests[i].hash_alg = hash_alg;
580 memcpy(&digest_list->digests[i].digest, final, (u32)alg_to_len(hash_alg));
587 * efi_tcg2_get_capability() - protocol capability information and state information
589 * @this: TCG2 protocol instance
590 * @capability: caller allocated memory with size field to the size of
591 * the structure allocated
593 * Return: status code
595 static efi_status_t EFIAPI
596 efi_tcg2_get_capability(struct efi_tcg2_protocol *this,
597 struct efi_tcg2_boot_service_capability *capability)
600 efi_status_t efi_ret;
603 EFI_ENTRY("%p, %p", this, capability);
605 if (!this || !capability) {
606 efi_ret = EFI_INVALID_PARAMETER;
610 if (capability->size < BOOT_SERVICE_CAPABILITY_MIN) {
611 capability->size = BOOT_SERVICE_CAPABILITY_MIN;
612 efi_ret = EFI_BUFFER_TOO_SMALL;
616 if (capability->size < sizeof(*capability)) {
617 capability->size = sizeof(*capability);
618 efi_ret = EFI_BUFFER_TOO_SMALL;
622 capability->structure_version.major = 1;
623 capability->structure_version.minor = 1;
624 capability->protocol_version.major = 1;
625 capability->protocol_version.minor = 1;
627 efi_ret = platform_get_tpm2_device(&dev);
628 if (efi_ret != EFI_SUCCESS) {
629 capability->supported_event_logs = 0;
630 capability->hash_algorithm_bitmap = 0;
631 capability->tpm_present_flag = false;
632 capability->max_command_size = 0;
633 capability->max_response_size = 0;
634 capability->manufacturer_id = 0;
635 capability->number_of_pcr_banks = 0;
636 capability->active_pcr_banks = 0;
638 efi_ret = EFI_SUCCESS;
642 /* We only allow a TPMv2 device to register the EFI protocol */
643 capability->supported_event_logs = TCG2_EVENT_LOG_FORMAT_TCG_2;
645 capability->tpm_present_flag = true;
647 /* Supported and active PCRs */
648 capability->hash_algorithm_bitmap = 0;
649 capability->active_pcr_banks = 0;
650 ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap,
651 &capability->active_pcr_banks,
652 &capability->number_of_pcr_banks);
654 efi_ret = EFI_DEVICE_ERROR;
658 /* Max command size */
659 ret = tpm2_get_max_command_size(dev, &capability->max_command_size);
661 efi_ret = EFI_DEVICE_ERROR;
665 /* Max response size */
666 ret = tpm2_get_max_response_size(dev, &capability->max_response_size);
668 efi_ret = EFI_DEVICE_ERROR;
672 /* Manufacturer ID */
673 ret = tpm2_get_manufacturer_id(dev, &capability->manufacturer_id);
675 efi_ret = EFI_DEVICE_ERROR;
679 return EFI_EXIT(EFI_SUCCESS);
681 return EFI_EXIT(efi_ret);
685 * efi_tcg2_get_eventlog() - retrieve the the address of an event log and its
688 * @this: TCG2 protocol instance
689 * @log_format: type of event log format
690 * @event_log_location: pointer to the memory address of the event log
691 * @event_log_last_entry: pointer to the address of the start of the last
692 * entry in the event log in memory, if log contains
694 * @event_log_truncated: set to true, if the Event Log is missing at i
697 * Return: status code
699 static efi_status_t EFIAPI
700 efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this,
701 efi_tcg_event_log_format log_format,
702 u64 *event_log_location, u64 *event_log_last_entry,
703 bool *event_log_truncated)
705 efi_status_t ret = EFI_SUCCESS;
708 EFI_ENTRY("%p, %u, %p, %p, %p", this, log_format, event_log_location,
709 event_log_last_entry, event_log_truncated);
711 if (!this || !event_log_location || !event_log_last_entry ||
712 !event_log_truncated) {
713 ret = EFI_INVALID_PARAMETER;
717 /* Only support TPMV2 */
718 if (log_format != TCG2_EVENT_LOG_FORMAT_TCG_2) {
719 ret = EFI_INVALID_PARAMETER;
723 ret = platform_get_tpm2_device(&dev);
724 if (ret != EFI_SUCCESS) {
725 event_log_location = NULL;
726 event_log_last_entry = NULL;
727 *event_log_truncated = false;
731 *event_log_location = (uintptr_t)event_log.buffer;
732 *event_log_last_entry = (uintptr_t)(event_log.buffer + event_log.pos -
733 event_log.last_event_size);
734 *event_log_truncated = event_log.truncated;
735 event_log.get_event_called = true;
738 return EFI_EXIT(ret);
742 * tcg2_hash_pe_image() - calculate PE/COFF image hash
744 * @efi: pointer to the EFI binary
745 * @efi_size: size of @efi binary
746 * @digest_list: list of digest algorithms to extend
748 * Return: status code
750 static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
751 struct tpml_digest_values *digest_list)
753 WIN_CERTIFICATE *wincerts = NULL;
755 struct efi_image_regions *regs = NULL;
756 void *new_efi = NULL;
757 u8 hash[TPM2_SHA512_DIGEST_SIZE];
762 new_efi = efi_prepare_aligned_image(efi, &efi_size);
764 return EFI_OUT_OF_RESOURCES;
766 if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts,
768 log_err("Parsing PE executable image failed\n");
769 ret = EFI_UNSUPPORTED;
773 ret = __get_active_pcr_banks(&active);
774 if (ret != EFI_SUCCESS) {
778 digest_list->count = 0;
779 for (i = 0; i < MAX_HASH_COUNT; i++) {
780 u16 hash_alg = hash_algo_list[i].hash_alg;
782 if (!(active & alg_to_mask(hash_alg)))
786 hash_calculate("sha1", regs->reg, regs->num, hash);
788 case TPM2_ALG_SHA256:
789 hash_calculate("sha256", regs->reg, regs->num, hash);
791 case TPM2_ALG_SHA384:
792 hash_calculate("sha384", regs->reg, regs->num, hash);
794 case TPM2_ALG_SHA512:
795 hash_calculate("sha512", regs->reg, regs->num, hash);
798 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
799 return EFI_INVALID_PARAMETER;
801 digest_list->digests[i].hash_alg = hash_alg;
802 memcpy(&digest_list->digests[i].digest, hash, (u32)alg_to_len(hash_alg));
803 digest_list->count++;
815 * tcg2_measure_pe_image() - measure PE/COFF image
817 * @efi: pointer to the EFI binary
818 * @efi_size: size of @efi binary
819 * @handle: loaded image handle
820 * @loaded_image: loaded image protocol
822 * Return: status code
824 efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
825 struct efi_loaded_image_obj *handle,
826 struct efi_loaded_image *loaded_image)
828 struct tpml_digest_values digest_list;
831 u32 pcr_index, event_type, event_size;
832 struct uefi_image_load_event *image_load_event;
833 struct efi_device_path *device_path;
834 u32 device_path_length;
835 IMAGE_DOS_HEADER *dos;
836 IMAGE_NT_HEADERS32 *nt;
837 struct efi_handler *handler;
839 ret = platform_get_tpm2_device(&dev);
840 if (ret != EFI_SUCCESS)
843 switch (handle->image_type) {
844 case IMAGE_SUBSYSTEM_EFI_APPLICATION:
846 event_type = EV_EFI_BOOT_SERVICES_APPLICATION;
848 case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:
850 event_type = EV_EFI_BOOT_SERVICES_DRIVER;
852 case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:
854 event_type = EV_EFI_RUNTIME_SERVICES_DRIVER;
857 return EFI_UNSUPPORTED;
860 ret = tcg2_hash_pe_image(efi, efi_size, &digest_list);
861 if (ret != EFI_SUCCESS)
864 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
865 if (ret != EFI_SUCCESS)
868 ret = efi_search_protocol(&handle->header,
869 &efi_guid_loaded_image_device_path, &handler);
870 if (ret != EFI_SUCCESS)
873 device_path = handler->protocol_interface;
874 device_path_length = efi_dp_size(device_path);
875 if (device_path_length > 0) {
876 /* add end node size */
877 device_path_length += sizeof(struct efi_device_path);
879 event_size = sizeof(struct uefi_image_load_event) + device_path_length;
880 image_load_event = calloc(1, event_size);
881 if (!image_load_event)
882 return EFI_OUT_OF_RESOURCES;
884 image_load_event->image_location_in_memory = (uintptr_t)efi;
885 image_load_event->image_length_in_memory = efi_size;
886 image_load_event->length_of_device_path = device_path_length;
888 dos = (IMAGE_DOS_HEADER *)efi;
889 nt = (IMAGE_NT_HEADERS32 *)(efi + dos->e_lfanew);
890 if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
891 IMAGE_NT_HEADERS64 *nt64 = (IMAGE_NT_HEADERS64 *)nt;
893 image_load_event->image_link_time_address =
894 nt64->OptionalHeader.ImageBase;
895 } else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
896 image_load_event->image_link_time_address =
897 nt->OptionalHeader.ImageBase;
899 ret = EFI_INVALID_PARAMETER;
903 /* device_path_length might be zero */
904 memcpy(image_load_event->device_path, device_path, device_path_length);
906 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
907 event_size, (u8 *)image_load_event);
910 free(image_load_event);
916 * efi_tcg2_hash_log_extend_event() - extend and optionally log events
918 * @this: TCG2 protocol instance
919 * @flags: bitmap providing additional information on the
921 * @data_to_hash: physical address of the start of the data buffer
923 * @data_to_hash_len: the length in bytes of the buffer referenced by
925 * @efi_tcg_event: pointer to data buffer containing information
928 * Return: status code
930 static efi_status_t EFIAPI
931 efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
932 u64 data_to_hash, u64 data_to_hash_len,
933 struct efi_tcg2_event *efi_tcg_event)
937 u32 event_type, pcr_index, event_size;
938 struct tpml_digest_values digest_list;
940 EFI_ENTRY("%p, %llu, %llu, %llu, %p", this, flags, data_to_hash,
941 data_to_hash_len, efi_tcg_event);
943 if (!this || !data_to_hash || !efi_tcg_event) {
944 ret = EFI_INVALID_PARAMETER;
948 ret = platform_get_tpm2_device(&dev);
949 if (ret != EFI_SUCCESS)
952 if (efi_tcg_event->size < efi_tcg_event->header.header_size +
954 ret = EFI_INVALID_PARAMETER;
958 if (efi_tcg_event->header.pcr_index > EFI_TCG2_MAX_PCR_INDEX) {
959 ret = EFI_INVALID_PARAMETER;
964 * if PE_COFF_IMAGE is set we need to make sure the image is not
965 * corrupted, verify it and hash the PE/COFF image in accordance with
966 * the procedure specified in "Calculating the PE Image Hash"
967 * section of the "Windows Authenticode Portable Executable Signature
970 if (flags & PE_COFF_IMAGE) {
971 IMAGE_NT_HEADERS32 *nt;
973 ret = efi_check_pe((void *)(uintptr_t)data_to_hash,
974 data_to_hash_len, (void **)&nt);
975 if (ret != EFI_SUCCESS) {
976 log_err("Not a valid PE-COFF file\n");
977 ret = EFI_UNSUPPORTED;
980 ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash,
981 data_to_hash_len, &digest_list);
983 ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash,
984 data_to_hash_len, &digest_list);
987 if (ret != EFI_SUCCESS)
990 pcr_index = efi_tcg_event->header.pcr_index;
991 event_type = efi_tcg_event->header.event_type;
993 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
994 if (ret != EFI_SUCCESS)
997 if (flags & EFI_TCG2_EXTEND_ONLY) {
998 if (event_log.truncated)
999 ret = EFI_VOLUME_FULL;
1004 * The efi_tcg_event size includes the size component and the
1007 event_size = efi_tcg_event->size - sizeof(efi_tcg_event->size) -
1008 efi_tcg_event->header.header_size;
1009 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1010 event_size, efi_tcg_event->event);
1012 return EFI_EXIT(ret);
1016 * efi_tcg2_submit_command() - Send command to the TPM
1018 * @this: TCG2 protocol instance
1019 * @input_param_block_size: size of the TPM input parameter block
1020 * @input_param_block: pointer to the TPM input parameter block
1021 * @output_param_block_size: size of the TPM output parameter block
1022 * @output_param_block: pointer to the TPM output parameter block
1024 * Return: status code
1026 static efi_status_t EFIAPI
1027 efi_tcg2_submit_command(__maybe_unused struct efi_tcg2_protocol *this,
1028 u32 __maybe_unused input_param_block_size,
1029 u8 __maybe_unused *input_param_block,
1030 u32 __maybe_unused output_param_block_size,
1031 u8 __maybe_unused *output_param_block)
1033 return EFI_UNSUPPORTED;
1037 * efi_tcg2_get_active_pcr_banks() - returns the currently active PCR banks
1039 * @this: TCG2 protocol instance
1040 * @active_pcr_banks: pointer for receiving the bitmap of currently
1043 * Return: status code
1045 static efi_status_t EFIAPI
1046 efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this,
1047 u32 *active_pcr_banks)
1051 if (!this || !active_pcr_banks) {
1052 ret = EFI_INVALID_PARAMETER;
1056 EFI_ENTRY("%p, %p", this, active_pcr_banks);
1057 ret = __get_active_pcr_banks(active_pcr_banks);
1060 return EFI_EXIT(ret);
1064 * efi_tcg2_set_active_pcr_banks() - sets the currently active PCR banks
1066 * @this: TCG2 protocol instance
1067 * @active_pcr_banks: bitmap of the requested active PCR banks
1069 * Return: status code
1071 static efi_status_t EFIAPI
1072 efi_tcg2_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this,
1073 u32 __maybe_unused active_pcr_banks)
1075 return EFI_UNSUPPORTED;
1079 * efi_tcg2_get_result_of_set_active_pcr_banks() - retrieve result for previous
1080 * set_active_pcr_banks()
1082 * @this: TCG2 protocol instance
1083 * @operation_present: non-zero value to indicate a
1084 * set_active_pcr_banks operation was
1085 * invoked during last boot
1086 * @response: result value could be returned
1088 * Return: status code
1090 static efi_status_t EFIAPI
1091 efi_tcg2_get_result_of_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this,
1092 u32 __maybe_unused *operation_present,
1093 u32 __maybe_unused *response)
1095 return EFI_UNSUPPORTED;
1098 static const struct efi_tcg2_protocol efi_tcg2_protocol = {
1099 .get_capability = efi_tcg2_get_capability,
1100 .get_eventlog = efi_tcg2_get_eventlog,
1101 .hash_log_extend_event = efi_tcg2_hash_log_extend_event,
1102 .submit_command = efi_tcg2_submit_command,
1103 .get_active_pcr_banks = efi_tcg2_get_active_pcr_banks,
1104 .set_active_pcr_banks = efi_tcg2_set_active_pcr_banks,
1105 .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks,
1109 * create_specid_event() - Create the first event in the eventlog
1112 * @event_header: Pointer to the final event header
1113 * @event_size: final spec event size
1115 * Return: status code
1117 static efi_status_t create_specid_event(struct udevice *dev, void *buffer,
1120 struct tcg_efi_spec_id_event *spec_event;
1121 size_t spec_event_size;
1122 efi_status_t ret = EFI_DEVICE_ERROR;
1123 u32 active = 0, supported = 0;
1128 * Create Spec event. This needs to be the first event in the log
1129 * according to the TCG EFI protocol spec
1132 /* Setup specID event data */
1133 spec_event = (struct tcg_efi_spec_id_event *)buffer;
1134 memcpy(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
1135 sizeof(spec_event->signature));
1136 put_unaligned_le32(0, &spec_event->platform_class); /* type client */
1137 spec_event->spec_version_minor =
1138 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2;
1139 spec_event->spec_version_major =
1140 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2;
1141 spec_event->spec_errata =
1142 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2;
1143 spec_event->uintn_size = sizeof(efi_uintn_t) / sizeof(u32);
1145 err = tpm2_get_pcr_info(dev, &supported, &active,
1146 &spec_event->number_of_algorithms);
1149 if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
1150 spec_event->number_of_algorithms < 1)
1153 for (i = 0; i < spec_event->number_of_algorithms; i++) {
1154 u16 hash_alg = hash_algo_list[i].hash_alg;
1155 u16 hash_len = hash_algo_list[i].hash_len;
1157 if (active && alg_to_mask(hash_alg)) {
1158 put_unaligned_le16(hash_alg,
1159 &spec_event->digest_sizes[i].algorithm_id);
1160 put_unaligned_le16(hash_len,
1161 &spec_event->digest_sizes[i].digest_size);
1165 * the size of the spec event and placement of vendor_info_size
1166 * depends on supported algoriths
1169 offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
1170 spec_event->number_of_algorithms * sizeof(spec_event->digest_sizes[0]);
1171 /* no vendor info for us */
1172 memset(buffer + spec_event_size, 0,
1173 sizeof(spec_event->vendor_info_size));
1174 spec_event_size += sizeof(spec_event->vendor_info_size);
1175 *event_size = spec_event_size;
1184 * tcg2_uninit - remove the final event table and free efi memory on failures
1186 void tcg2_uninit(void)
1190 ret = efi_install_configuration_table(&efi_guid_final_events, NULL);
1191 if (ret != EFI_SUCCESS)
1192 log_err("Failed to delete final events config table\n");
1194 efi_free_pool(event_log.buffer);
1195 event_log.buffer = NULL;
1196 efi_free_pool(event_log.final_buffer);
1197 event_log.final_buffer = NULL;
1201 * create_final_event() - Create the final event and install the config
1202 * defined by the TCG EFI spec
1204 static efi_status_t create_final_event(void)
1206 struct efi_tcg2_final_events_table *final_event;
1210 * All events generated after the invocation of
1211 * EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an
1212 * EFI_CONFIGURATION_TABLE
1214 ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE,
1215 &event_log.final_buffer);
1216 if (ret != EFI_SUCCESS)
1219 memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1220 final_event = event_log.final_buffer;
1221 final_event->number_of_events = 0;
1222 final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
1223 event_log.final_pos = sizeof(*final_event);
1224 ret = efi_install_configuration_table(&efi_guid_final_events,
1226 if (ret != EFI_SUCCESS) {
1227 efi_free_pool(event_log.final_buffer);
1228 event_log.final_buffer = NULL;
1236 * efi_init_event_log() - initialize an eventlog
1238 static efi_status_t efi_init_event_log(void)
1241 * vendor_info_size is currently set to 0, we need to change the length
1242 * and allocate the flexible array member if this changes
1244 struct tcg_pcr_event *event_header = NULL;
1245 struct udevice *dev;
1246 size_t spec_event_size;
1249 ret = platform_get_tpm2_device(&dev);
1250 if (ret != EFI_SUCCESS)
1253 ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE,
1254 (void **)&event_log.buffer);
1255 if (ret != EFI_SUCCESS)
1259 * initialize log area as 0xff so the OS can easily figure out the
1262 memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1264 event_log.last_event_size = 0;
1265 event_log.get_event_called = false;
1266 event_log.truncated = false;
1269 * The log header is defined to be in SHA1 event log entry format.
1270 * Setup event header
1272 event_header = (struct tcg_pcr_event *)event_log.buffer;
1273 put_unaligned_le32(0, &event_header->pcr_index);
1274 put_unaligned_le32(EV_NO_ACTION, &event_header->event_type);
1275 memset(&event_header->digest, 0, sizeof(event_header->digest));
1276 ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)),
1278 if (ret != EFI_SUCCESS)
1280 put_unaligned_le32(spec_event_size, &event_header->event_size);
1281 event_log.pos = spec_event_size + sizeof(*event_header);
1282 event_log.last_event_size = event_log.pos;
1284 ret = create_final_event();
1285 if (ret != EFI_SUCCESS)
1292 efi_free_pool(event_log.buffer);
1293 event_log.buffer = NULL;
1298 * tcg2_measure_event() - common function to add event log and extend PCR
1301 * @pcr_index: PCR index
1302 * @event_type: type of event added
1304 * @event: event data
1306 * Return: status code
1309 tcg2_measure_event(struct udevice *dev, u32 pcr_index, u32 event_type,
1310 u32 size, u8 event[])
1312 struct tpml_digest_values digest_list;
1315 ret = tcg2_create_digest(event, size, &digest_list);
1316 if (ret != EFI_SUCCESS)
1319 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
1320 if (ret != EFI_SUCCESS)
1323 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1331 * efi_append_scrtm_version - Append an S-CRTM EV_S_CRTM_VERSION event on the
1332 * eventlog and extend the PCRs
1336 * @Return: status code
1338 static efi_status_t efi_append_scrtm_version(struct udevice *dev)
1342 ret = tcg2_measure_event(dev, 0, EV_S_CRTM_VERSION,
1343 strlen(version_string) + 1,
1344 (u8 *)version_string);
1350 * tcg2_measure_variable() - add variable event log and extend PCR
1353 * @pcr_index: PCR index
1354 * @event_type: type of event added
1355 * @var_name: variable name
1357 * @data_size: variable data size
1358 * @data: variable data
1360 * Return: status code
1362 static efi_status_t tcg2_measure_variable(struct udevice *dev, u32 pcr_index,
1363 u32 event_type, u16 *var_name,
1364 const efi_guid_t *guid,
1365 efi_uintn_t data_size, u8 *data)
1369 struct efi_tcg2_uefi_variable_data *event;
1371 event_size = sizeof(event->variable_name) +
1372 sizeof(event->unicode_name_length) +
1373 sizeof(event->variable_data_length) +
1374 (u16_strlen(var_name) * sizeof(u16)) + data_size;
1375 event = malloc(event_size);
1377 return EFI_OUT_OF_RESOURCES;
1379 guidcpy(&event->variable_name, guid);
1380 event->unicode_name_length = u16_strlen(var_name);
1381 event->variable_data_length = data_size;
1382 memcpy(event->unicode_name, var_name,
1383 (event->unicode_name_length * sizeof(u16)));
1385 memcpy((u16 *)event->unicode_name + event->unicode_name_length,
1388 ret = tcg2_measure_event(dev, pcr_index, event_type, event_size,
1395 * tcg2_measure_boot_variable() - measure boot variables
1399 * Return: status code
1401 static efi_status_t tcg2_measure_boot_variable(struct udevice *dev)
1405 u16 var_name[] = L"BootOrder";
1406 u16 boot_name[] = L"Boot####";
1408 efi_uintn_t var_data_size;
1412 boot_order = efi_get_var(var_name, &efi_global_variable_guid,
1415 ret = EFI_NOT_FOUND;
1419 ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2, var_name,
1420 &efi_global_variable_guid, var_data_size,
1422 if (ret != EFI_SUCCESS)
1425 count = var_data_size / sizeof(*boot_order);
1426 boot_index = boot_order;
1427 for (i = 0; i < count; i++) {
1428 efi_create_indexed_name(boot_name, sizeof(boot_name),
1429 "Boot", *boot_index++);
1431 bootvar = efi_get_var(boot_name, &efi_global_variable_guid,
1435 log_info("%ls not found\n", boot_name);
1439 ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2,
1441 &efi_global_variable_guid,
1442 var_data_size, bootvar);
1444 if (ret != EFI_SUCCESS)
1454 * efi_tcg2_measure_efi_app_invocation() - measure efi app invocation
1456 * Return: status code
1458 efi_status_t efi_tcg2_measure_efi_app_invocation(void)
1462 struct udevice *dev;
1465 if (tcg2_efi_app_invoked)
1468 ret = platform_get_tpm2_device(&dev);
1469 if (ret != EFI_SUCCESS)
1472 ret = tcg2_measure_boot_variable(dev);
1473 if (ret != EFI_SUCCESS)
1476 ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
1477 strlen(EFI_CALLING_EFI_APPLICATION),
1478 (u8 *)EFI_CALLING_EFI_APPLICATION);
1479 if (ret != EFI_SUCCESS)
1482 for (pcr_index = 0; pcr_index <= 7; pcr_index++) {
1483 ret = tcg2_measure_event(dev, pcr_index, EV_SEPARATOR,
1484 sizeof(event), (u8 *)&event);
1485 if (ret != EFI_SUCCESS)
1489 tcg2_efi_app_invoked = true;
1495 * efi_tcg2_measure_efi_app_exit() - measure efi app exit
1497 * Return: status code
1499 efi_status_t efi_tcg2_measure_efi_app_exit(void)
1502 struct udevice *dev;
1504 ret = platform_get_tpm2_device(&dev);
1505 if (ret != EFI_SUCCESS)
1508 ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
1509 strlen(EFI_RETURNING_FROM_EFI_APPLICATION),
1510 (u8 *)EFI_RETURNING_FROM_EFI_APPLICATION);
1515 * efi_tcg2_notify_exit_boot_services() - ExitBootService callback
1517 * @event: callback event
1518 * @context: callback context
1521 efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)
1524 struct udevice *dev;
1526 EFI_ENTRY("%p, %p", event, context);
1528 ret = platform_get_tpm2_device(&dev);
1529 if (ret != EFI_SUCCESS)
1532 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1533 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
1534 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
1535 if (ret != EFI_SUCCESS)
1538 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1539 strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED),
1540 (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED);
1547 * efi_tcg2_notify_exit_boot_services_failed()
1548 * - notify ExitBootServices() is failed
1550 * Return: status code
1552 efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)
1554 struct udevice *dev;
1557 ret = platform_get_tpm2_device(&dev);
1558 if (ret != EFI_SUCCESS)
1561 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1562 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
1563 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
1564 if (ret != EFI_SUCCESS)
1567 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1568 strlen(EFI_EXIT_BOOT_SERVICES_FAILED),
1569 (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED);
1576 * tcg2_measure_secure_boot_variable() - measure secure boot variables
1580 * Return: status code
1582 static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev)
1585 efi_uintn_t data_size;
1589 count = ARRAY_SIZE(secure_variables);
1590 for (i = 0; i < count; i++) {
1592 * According to the TCG2 PC Client PFP spec, "SecureBoot",
1593 * "PK", "KEK", "db" and "dbx" variables must be measured
1594 * even if they are empty.
1596 data = efi_get_var(secure_variables[i].name,
1597 secure_variables[i].guid,
1600 ret = tcg2_measure_variable(dev, 7,
1601 EV_EFI_VARIABLE_DRIVER_CONFIG,
1602 secure_variables[i].name,
1603 secure_variables[i].guid,
1606 if (ret != EFI_SUCCESS)
1611 * TCG2 PC Client PFP spec says "dbt" and "dbr" are
1612 * measured if present and not empty.
1614 data = efi_get_var(L"dbt",
1615 &efi_guid_image_security_database,
1618 ret = tcg2_measure_variable(dev, 7,
1619 EV_EFI_VARIABLE_DRIVER_CONFIG,
1621 &efi_guid_image_security_database,
1626 data = efi_get_var(L"dbr",
1627 &efi_guid_image_security_database,
1630 ret = tcg2_measure_variable(dev, 7,
1631 EV_EFI_VARIABLE_DRIVER_CONFIG,
1633 &efi_guid_image_security_database,
1643 * efi_tcg2_register() - register EFI_TCG2_PROTOCOL
1645 * If a TPM2 device is available, the TPM TCG2 Protocol is registered
1647 * Return: An error status is only returned if adding the protocol fails.
1649 efi_status_t efi_tcg2_register(void)
1651 efi_status_t ret = EFI_SUCCESS;
1652 struct udevice *dev;
1653 struct efi_event *event;
1655 ret = platform_get_tpm2_device(&dev);
1656 if (ret != EFI_SUCCESS) {
1657 log_warning("Unable to find TPMv2 device\n");
1661 ret = efi_init_event_log();
1662 if (ret != EFI_SUCCESS)
1665 ret = efi_append_scrtm_version(dev);
1666 if (ret != EFI_SUCCESS) {
1671 ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol,
1672 (void *)&efi_tcg2_protocol);
1673 if (ret != EFI_SUCCESS) {
1678 ret = efi_create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK,
1679 efi_tcg2_notify_exit_boot_services, NULL,
1681 if (ret != EFI_SUCCESS) {
1686 ret = tcg2_measure_secure_boot_variable(dev);
1687 if (ret != EFI_SUCCESS) {
1695 log_err("Cannot install EFI_TCG2_PROTOCOL\n");
1697 * Return EFI_SUCCESS and don't stop the EFI subsystem.
1698 * That's done for 2 reasons
1699 * - If the protocol is not installed the PCRs won't be extended. So
1700 * someone later in the boot flow will notice that and take the
1701 * necessary actions.
1702 * - The TPM sandbox is limited and we won't be able to run any efi
1703 * related tests with TCG2 enabled