1 // SPDX-License-Identifier: GPL-2.0+
3 * Defines APIs that allow an OS to interact with UEFI firmware to query
4 * information about the device.
5 * https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/
7 * Copyright (c) 2020, Linaro Limited
10 #define LOG_CATEGORY LOGC_EFI
13 #include <efi_loader.h>
17 #include <u-boot/sha1.h>
18 #include <u-boot/sha256.h>
19 #include <u-boot/sha512.h>
20 #include <linux/unaligned/access_ok.h>
21 #include <linux/unaligned/generic.h>
24 struct event_log_buffer {
27 size_t pos; /* eventlog position */
28 size_t final_pos; /* final events config table position */
29 size_t last_event_size;
30 bool get_event_called;
34 static struct event_log_buffer event_log;
36 * When requesting TPM2_CAP_TPM_PROPERTIES the value is on a standard offset.
37 * Since the current tpm2_get_capability() response buffers starts at
38 * 'union tpmu_capabilities data' of 'struct tpms_capability_data', calculate
39 * the response size and offset once for all consumers
41 #define TPM2_RESPONSE_BUFFER_SIZE (sizeof(struct tpms_capability_data) - \
42 offsetof(struct tpms_capability_data, data))
43 #define properties_offset (offsetof(struct tpml_tagged_tpm_property, tpm_property) + \
44 offsetof(struct tpms_tagged_property, value))
46 static const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID;
47 static const efi_guid_t efi_guid_final_events = EFI_TCG2_FINAL_EVENTS_TABLE_GUID;
55 const static struct digest_info hash_algo_list[] = {
58 EFI_TCG2_BOOT_HASH_ALG_SHA1,
59 TPM2_SHA1_DIGEST_SIZE,
63 EFI_TCG2_BOOT_HASH_ALG_SHA256,
64 TPM2_SHA256_DIGEST_SIZE,
68 EFI_TCG2_BOOT_HASH_ALG_SHA384,
69 TPM2_SHA384_DIGEST_SIZE,
73 EFI_TCG2_BOOT_HASH_ALG_SHA512,
74 TPM2_SHA512_DIGEST_SIZE,
78 #define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list)
81 * alg_to_mask - Get a TCG hash mask for algorithms
83 * @hash_alg: TCG defined algorithm
85 * @Return: TCG hashing algorithm bitmaps, 0 if the algorithm is not supported
87 static u32 alg_to_mask(u16 hash_alg)
91 for (i = 0; i < MAX_HASH_COUNT; i++) {
92 if (hash_algo_list[i].hash_alg == hash_alg)
93 return hash_algo_list[i].hash_mask;
100 * alg_to_len - Get a TCG hash len for algorithms
102 * @hash_alg: TCG defined algorithm
104 * @Return: len of chosen algorithm, 0 if the algorithm is not supported
106 static u16 alg_to_len(u16 hash_alg)
110 for (i = 0; i < MAX_HASH_COUNT; i++) {
111 if (hash_algo_list[i].hash_alg == hash_alg)
112 return hash_algo_list[i].hash_len;
118 static u32 tcg_event_final_size(struct tpml_digest_values *digest_list)
123 len = offsetof(struct tcg_pcr_event2, digests);
124 len += offsetof(struct tpml_digest_values, digests);
125 for (i = 0; i < digest_list->count; i++) {
126 u16 hash_alg = digest_list->digests[i].hash_alg;
128 len += offsetof(struct tpmt_ha, digest);
129 len += alg_to_len(hash_alg);
131 len += sizeof(u32); /* tcg_pcr_event2 event_size*/
136 /* tcg2_pcr_extend - Extend PCRs for a TPM2 device for a given tpml_digest_values
139 * @digest_list: list of digest algorithms to extend
141 * @Return: status code
143 static efi_status_t tcg2_pcr_extend(struct udevice *dev, u32 pcr_index,
144 struct tpml_digest_values *digest_list)
149 for (i = 0; i < digest_list->count; i++) {
150 u32 alg = digest_list->digests[i].hash_alg;
152 rc = tpm2_pcr_extend(dev, pcr_index, alg,
153 (u8 *)&digest_list->digests[i].digest,
156 EFI_PRINT("Failed to extend PCR\n");
157 return EFI_DEVICE_ERROR;
164 /* tcg2_agile_log_append - Append an agile event to out eventlog
166 * @pcr_index: PCR index
167 * @event_type: type of event added
168 * @digest_list: list of digest algorithms to add
169 * @size: size of event
170 * @event: event to add
172 * @Return: status code
174 static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
175 struct tpml_digest_values *digest_list,
176 u32 size, u8 event[])
178 void *log = event_log.buffer + event_log.pos;
183 if (event_log.get_event_called)
184 log = event_log.final_buffer + event_log.final_pos;
187 * size refers to the length of event[] only, we need to check against
188 * the final tcg_pcr_event2 size
190 event_size = size + tcg_event_final_size(digest_list);
191 if (event_log.pos + event_size > TPM2_EVENT_LOG_SIZE ||
192 event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE) {
193 event_log.truncated = true;
194 return EFI_VOLUME_FULL;
197 put_unaligned_le32(pcr_index, log);
198 pos = offsetof(struct tcg_pcr_event2, event_type);
199 put_unaligned_le32(event_type, log + pos);
200 pos = offsetof(struct tcg_pcr_event2, digests); /* count */
201 put_unaligned_le32(digest_list->count, log + pos);
203 pos += offsetof(struct tpml_digest_values, digests);
204 for (i = 0; i < digest_list->count; i++) {
205 u16 hash_alg = digest_list->digests[i].hash_alg;
206 u8 *digest = (u8 *)&digest_list->digests[i].digest;
208 put_unaligned_le16(hash_alg, log + pos);
209 pos += offsetof(struct tpmt_ha, digest);
210 memcpy(log + pos, digest, alg_to_len(hash_alg));
211 pos += alg_to_len(hash_alg);
214 put_unaligned_le32(size, log + pos);
215 pos += sizeof(u32); /* tcg_pcr_event2 event_size*/
216 memcpy(log + pos, event, size);
219 /* make sure the calculated buffer is what we checked against */
220 if (pos != event_size)
221 return EFI_INVALID_PARAMETER;
223 /* if GetEventLog hasn't been called update the normal log */
224 if (!event_log.get_event_called) {
225 event_log.pos += pos;
226 event_log.last_event_size = pos;
228 /* if GetEventLog has been called update config table log */
229 struct efi_tcg2_final_events_table *final_event;
232 (struct efi_tcg2_final_events_table *)(event_log.final_buffer);
233 final_event->number_of_events++;
234 event_log.final_pos += pos;
241 * platform_get_tpm_device() - retrieve TPM device
243 * This function retrieves the udevice implementing a TPM
245 * This function may be overridden if special initialization is needed.
248 * Return: status code
250 __weak efi_status_t platform_get_tpm2_device(struct udevice **dev)
252 for_each_tpm_device(*dev) {
253 /* Only support TPMv2 devices */
254 if (tpm_get_version(*dev) == TPM_V2)
258 return EFI_NOT_FOUND;
262 * tpm2_get_max_command_size() - get the supported max command size
265 * @max_command_size: output buffer for the size
267 * Return: 0 on success, -1 on error
269 static int tpm2_get_max_command_size(struct udevice *dev, u16 *max_command_size)
271 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
274 memset(response, 0, sizeof(response));
275 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
276 TPM2_PT_MAX_COMMAND_SIZE, response, 1);
280 *max_command_size = (uint16_t)get_unaligned_be32(response +
287 * tpm2_get_max_response_size() - get the supported max response size
290 * @max_response_size: output buffer for the size
292 * Return: 0 on success, -1 on error
294 static int tpm2_get_max_response_size(struct udevice *dev,
295 u16 *max_response_size)
297 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
300 memset(response, 0, sizeof(response));
301 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
302 TPM2_PT_MAX_RESPONSE_SIZE, response, 1);
306 *max_response_size = (uint16_t)get_unaligned_be32(response +
313 * tpm2_get_manufacturer_id() - get the manufacturer ID
316 * @manufacturer_id: output buffer for the id
318 * Return: 0 on success, -1 on error
320 static int tpm2_get_manufacturer_id(struct udevice *dev, u32 *manufacturer_id)
322 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
325 memset(response, 0, sizeof(response));
326 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
327 TPM2_PT_MANUFACTURER, response, 1);
331 *manufacturer_id = get_unaligned_be32(response + properties_offset);
337 * tpm2_get_num_pcr() - get the number of PCRs
340 * @manufacturer_id: output buffer for the number
342 * Return: 0 on success, -1 on error
344 static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr)
346 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
349 memset(response, 0, sizeof(response));
350 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
351 TPM2_PT_PCR_COUNT, response, 1);
355 *num_pcr = get_unaligned_be32(response + properties_offset);
356 if (*num_pcr > TPM2_MAX_PCRS)
363 * is_active_pcr() - Check if a supported algorithm is active
366 * @selection: struct of PCR information
368 * Return: true if PCR is active
370 static bool is_active_pcr(struct tpms_pcr_selection *selection)
374 * check the pcr_select. If at least one of the PCRs supports the
375 * algorithm add it on the active ones
377 for (i = 0; i < selection->size_of_select; i++) {
378 if (selection->pcr_select[i])
386 * tpm2_get_pcr_info() - get the supported, active PCRs and number of banks
389 * @supported_pcr: bitmask with the algorithms supported
390 * @active_pcr: bitmask with the active algorithms
391 * @pcr_banks: number of PCR banks
393 * Return: 0 on success, -1 on error
395 static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr,
396 u32 *active_pcr, u32 *pcr_banks)
398 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
399 struct tpml_pcr_selection pcrs;
403 memset(response, 0, sizeof(response));
404 ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1);
408 pcrs.count = get_unaligned_be32(response);
410 * We only support 5 algorithms for now so check against that
411 * instead of TPM2_NUM_PCR_BANKS
413 if (pcrs.count > MAX_HASH_COUNT || pcrs.count < 1)
416 tpm_ret = tpm2_get_num_pcr(dev, &num_pcr);
420 for (i = 0; i < pcrs.count; i++) {
422 * Definition of TPMS_PCR_SELECTION Structure
425 * pcr_select: u8 array
427 * The offsets depend on the number of the device PCRs
428 * so we have to calculate them based on that
430 u32 hash_offset = offsetof(struct tpml_pcr_selection, selection) +
431 i * offsetof(struct tpms_pcr_selection, pcr_select) +
432 i * ((num_pcr + 7) / 8);
433 u32 size_select_offset =
434 hash_offset + offsetof(struct tpms_pcr_selection,
436 u32 pcr_select_offset =
437 hash_offset + offsetof(struct tpms_pcr_selection,
440 pcrs.selection[i].hash =
441 get_unaligned_be16(response + hash_offset);
442 pcrs.selection[i].size_of_select =
443 __get_unaligned_be(response + size_select_offset);
444 if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX)
446 /* copy the array of pcr_select */
447 memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset,
448 pcrs.selection[i].size_of_select);
451 for (i = 0; i < pcrs.count; i++) {
452 u32 hash_mask = alg_to_mask(pcrs.selection[i].hash);
455 *supported_pcr |= hash_mask;
456 if (is_active_pcr(&pcrs.selection[i]))
457 *active_pcr |= hash_mask;
459 EFI_PRINT("Unknown algorithm %x\n", pcrs.selection[i].hash);
463 *pcr_banks = pcrs.count;
471 * __get_active_pcr_banks() - returns the currently active PCR banks
473 * @active_pcr_banks: pointer for receiving the bitmap of currently
476 * Return: status code
478 static efi_status_t __get_active_pcr_banks(u32 *active_pcr_banks)
481 u32 active, supported, pcr_banks;
485 ret = platform_get_tpm2_device(&dev);
486 if (ret != EFI_SUCCESS)
489 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks);
491 ret = EFI_DEVICE_ERROR;
495 *active_pcr_banks = active;
501 /* tcg2_create_digest - create a list of digests of the supported PCR banks
502 * for a given memory range
504 * @input: input memory
505 * @length: length of buffer to calculate the digest
506 * @digest_list: list of digests to fill in
508 * Return: status code
510 static efi_status_t tcg2_create_digest(const u8 *input, u32 length,
511 struct tpml_digest_values *digest_list)
514 sha256_context ctx_256;
515 sha512_context ctx_512;
516 u8 final[TPM2_ALG_SHA512];
521 ret = __get_active_pcr_banks(&active);
522 if (ret != EFI_SUCCESS)
525 digest_list->count = 0;
526 for (i = 0; i < MAX_HASH_COUNT; i++) {
527 u16 hash_alg = hash_algo_list[i].hash_alg;
529 if (!(active & alg_to_mask(hash_alg)))
534 sha1_update(&ctx, input, length);
535 sha1_finish(&ctx, final);
536 digest_list->count++;
538 case TPM2_ALG_SHA256:
539 sha256_starts(&ctx_256);
540 sha256_update(&ctx_256, input, length);
541 sha256_finish(&ctx_256, final);
542 digest_list->count++;
544 case TPM2_ALG_SHA384:
545 sha384_starts(&ctx_512);
546 sha384_update(&ctx_512, input, length);
547 sha384_finish(&ctx_512, final);
548 digest_list->count++;
550 case TPM2_ALG_SHA512:
551 sha512_starts(&ctx_512);
552 sha512_update(&ctx_512, input, length);
553 sha512_finish(&ctx_512, final);
554 digest_list->count++;
557 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
558 return EFI_INVALID_PARAMETER;
560 digest_list->digests[i].hash_alg = hash_alg;
561 memcpy(&digest_list->digests[i].digest, final, (u32)alg_to_len(hash_alg));
568 * efi_tcg2_get_capability() - protocol capability information and state information
570 * @this: TCG2 protocol instance
571 * @capability: caller allocated memory with size field to the size of
572 * the structure allocated
574 * Return: status code
576 static efi_status_t EFIAPI
577 efi_tcg2_get_capability(struct efi_tcg2_protocol *this,
578 struct efi_tcg2_boot_service_capability *capability)
581 efi_status_t efi_ret;
584 EFI_ENTRY("%p, %p", this, capability);
586 if (!this || !capability) {
587 efi_ret = EFI_INVALID_PARAMETER;
591 if (capability->size < boot_service_capability_min) {
592 capability->size = boot_service_capability_min;
593 efi_ret = EFI_BUFFER_TOO_SMALL;
597 if (capability->size < sizeof(*capability)) {
598 capability->size = sizeof(*capability);
599 efi_ret = EFI_BUFFER_TOO_SMALL;
603 capability->structure_version.major = 1;
604 capability->structure_version.minor = 1;
605 capability->protocol_version.major = 1;
606 capability->protocol_version.minor = 1;
608 efi_ret = platform_get_tpm2_device(&dev);
609 if (efi_ret != EFI_SUCCESS) {
610 capability->supported_event_logs = 0;
611 capability->hash_algorithm_bitmap = 0;
612 capability->tpm_present_flag = false;
613 capability->max_command_size = 0;
614 capability->max_response_size = 0;
615 capability->manufacturer_id = 0;
616 capability->number_of_pcr_banks = 0;
617 capability->active_pcr_banks = 0;
619 efi_ret = EFI_SUCCESS;
623 /* We only allow a TPMv2 device to register the EFI protocol */
624 capability->supported_event_logs = TCG2_EVENT_LOG_FORMAT_TCG_2;
626 capability->tpm_present_flag = true;
628 /* Supported and active PCRs */
629 capability->hash_algorithm_bitmap = 0;
630 capability->active_pcr_banks = 0;
631 ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap,
632 &capability->active_pcr_banks,
633 &capability->number_of_pcr_banks);
635 efi_ret = EFI_DEVICE_ERROR;
639 /* Max command size */
640 ret = tpm2_get_max_command_size(dev, &capability->max_command_size);
642 efi_ret = EFI_DEVICE_ERROR;
646 /* Max response size */
647 ret = tpm2_get_max_response_size(dev, &capability->max_response_size);
649 efi_ret = EFI_DEVICE_ERROR;
653 /* Manufacturer ID */
654 ret = tpm2_get_manufacturer_id(dev, &capability->manufacturer_id);
656 efi_ret = EFI_DEVICE_ERROR;
660 return EFI_EXIT(EFI_SUCCESS);
662 return EFI_EXIT(efi_ret);
666 * efi_tcg2_get_eventlog() - retrieve the the address of an event log and its
669 * @this: TCG2 protocol instance
670 * @log_format: type of event log format
671 * @event_log_location: pointer to the memory address of the event log
672 * @event_log_last_entry: pointer to the address of the start of the last
673 * entry in the event log in memory, if log contains
675 * @event_log_truncated: set to true, if the Event Log is missing at i
678 * Return: status code
680 static efi_status_t EFIAPI
681 efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this,
682 efi_tcg_event_log_format log_format,
683 u64 *event_log_location, u64 *event_log_last_entry,
684 bool *event_log_truncated)
686 efi_status_t ret = EFI_SUCCESS;
689 EFI_ENTRY("%p, %u, %p, %p, %p", this, log_format, event_log_location,
690 event_log_last_entry, event_log_truncated);
692 ret = platform_get_tpm2_device(&dev);
693 if (ret != EFI_SUCCESS) {
694 event_log_location = NULL;
695 event_log_last_entry = NULL;
696 *event_log_truncated = false;
700 *event_log_location = (uintptr_t)event_log.buffer;
701 *event_log_last_entry = (uintptr_t)(event_log.buffer + event_log.pos -
702 event_log.last_event_size);
703 *event_log_truncated = event_log.truncated;
704 event_log.get_event_called = true;
707 return EFI_EXIT(ret);
711 * efi_tcg2_hash_log_extend_event() - extend and optionally log events
713 * @this: TCG2 protocol instance
714 * @flags: bitmap providing additional information on the
716 * @data_to_hash: physical address of the start of the data buffer
718 * @data_to_hash_len: the length in bytes of the buffer referenced by
720 * @efi_tcg_event: pointer to data buffer containing information
723 * Return: status code
725 static efi_status_t EFIAPI
726 efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
727 u64 data_to_hash, u64 data_to_hash_len,
728 struct efi_tcg2_event *efi_tcg_event)
732 u32 event_type, pcr_index, event_size;
733 struct tpml_digest_values digest_list;
735 EFI_ENTRY("%p, %llu, %llu, %llu, %p", this, flags, data_to_hash,
736 data_to_hash_len, efi_tcg_event);
738 if (!this || !data_to_hash || !efi_tcg_event) {
739 ret = EFI_INVALID_PARAMETER;
743 ret = platform_get_tpm2_device(&dev);
744 if (ret != EFI_SUCCESS)
747 if (efi_tcg_event->size < efi_tcg_event->header.header_size +
749 ret = EFI_INVALID_PARAMETER;
753 if (efi_tcg_event->header.pcr_index < 0 ||
754 efi_tcg_event->header.pcr_index > TPM2_MAX_PCRS) {
755 ret = EFI_INVALID_PARAMETER;
760 * if PE_COFF_IMAGE is set we need to make sure the image is not
761 * corrupted, verify it and hash the PE/COFF image in accordance with
762 * the procedure specified in "Calculating the PE Image Hash"
763 * section of the "Windows Authenticode Portable Executable Signature
765 * Not supported for now
767 if (flags & PE_COFF_IMAGE) {
768 ret = EFI_UNSUPPORTED;
772 pcr_index = efi_tcg_event->header.pcr_index;
773 event_type = efi_tcg_event->header.event_type;
775 ret = tcg2_create_digest((u8 *)data_to_hash, data_to_hash_len,
777 if (ret != EFI_SUCCESS)
780 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
781 if (ret != EFI_SUCCESS)
784 if (flags & EFI_TCG2_EXTEND_ONLY) {
785 if (event_log.truncated)
786 ret = EFI_VOLUME_FULL;
791 * The efi_tcg_event size includes the size component and the
794 event_size = efi_tcg_event->size - sizeof(efi_tcg_event->size) -
795 efi_tcg_event->header.header_size;
796 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
797 event_size, efi_tcg_event->event);
799 return EFI_EXIT(ret);
803 * efi_tcg2_submit_command() - Send command to the TPM
805 * @this: TCG2 protocol instance
806 * @input_param_block_size: size of the TPM input parameter block
807 * @input_param_block: pointer to the TPM input parameter block
808 * @output_param_block_size: size of the TPM output parameter block
809 * @output_param_block: pointer to the TPM output parameter block
811 * Return: status code
813 static efi_status_t EFIAPI
814 efi_tcg2_submit_command(struct efi_tcg2_protocol *this,
815 u32 input_param_block_size, u8 *input_param_block,
816 u32 output_param_block_size, u8 *output_param_block)
818 return EFI_UNSUPPORTED;
822 * efi_tcg2_get_active_pcr_banks() - returns the currently active PCR banks
824 * @this: TCG2 protocol instance
825 * @active_pcr_banks: pointer for receiving the bitmap of currently
828 * Return: status code
830 static efi_status_t EFIAPI
831 efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this,
832 u32 *active_pcr_banks)
836 EFI_ENTRY("%p, %p", this, active_pcr_banks);
837 ret = __get_active_pcr_banks(active_pcr_banks);
839 return EFI_EXIT(ret);
843 * efi_tcg2_set_active_pcr_banks() - sets the currently active PCR banks
845 * @this: TCG2 protocol instance
846 * @active_pcr_banks: bitmap of the requested active PCR banks
848 * Return: status code
850 static efi_status_t EFIAPI
851 efi_tcg2_set_active_pcr_banks(struct efi_tcg2_protocol *this,
852 u32 active_pcr_banks)
854 return EFI_UNSUPPORTED;
858 * efi_tcg2_get_result_of_set_active_pcr_banks() - retrieve result for previous
859 * set_active_pcr_banks()
861 * @this: TCG2 protocol instance
862 * @operation_present: non-zero value to indicate a
863 * set_active_pcr_banks operation was
864 * invoked during last boot
865 * @response: result value could be returned
867 * Return: status code
869 static efi_status_t EFIAPI
870 efi_tcg2_get_result_of_set_active_pcr_banks(struct efi_tcg2_protocol *this,
871 u32 *operation_present, u32 *response)
873 return EFI_UNSUPPORTED;
876 static const struct efi_tcg2_protocol efi_tcg2_protocol = {
877 .get_capability = efi_tcg2_get_capability,
878 .get_eventlog = efi_tcg2_get_eventlog,
879 .hash_log_extend_event = efi_tcg2_hash_log_extend_event,
880 .submit_command = efi_tcg2_submit_command,
881 .get_active_pcr_banks = efi_tcg2_get_active_pcr_banks,
882 .set_active_pcr_banks = efi_tcg2_set_active_pcr_banks,
883 .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks,
887 * create_specid_event() - Create the first event in the eventlog
890 * @event_header: Pointer to the final event header
891 * @event_size: final spec event size
893 * Return: status code
895 static efi_status_t create_specid_event(struct udevice *dev, void *buffer,
898 struct tcg_efi_spec_id_event *spec_event;
899 size_t spec_event_size;
900 efi_status_t ret = EFI_DEVICE_ERROR;
901 u32 active, supported;
905 * Create Spec event. This needs to be the first event in the log
906 * according to the TCG EFI protocol spec
909 /* Setup specID event data */
910 spec_event = (struct tcg_efi_spec_id_event *)buffer;
911 memcpy(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
912 sizeof(spec_event->signature));
913 put_unaligned_le32(0, &spec_event->platform_class); /* type client */
914 spec_event->spec_version_minor =
915 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2;
916 spec_event->spec_version_major =
917 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2;
918 spec_event->spec_errata =
919 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2;
920 spec_event->uintn_size = sizeof(efi_uintn_t) / sizeof(u32);
922 err = tpm2_get_pcr_info(dev, &supported, &active,
923 &spec_event->number_of_algorithms);
926 if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
927 spec_event->number_of_algorithms < 1)
930 for (i = 0; i < spec_event->number_of_algorithms; i++) {
931 u16 hash_alg = hash_algo_list[i].hash_alg;
932 u16 hash_len = hash_algo_list[i].hash_len;
934 if (active && alg_to_mask(hash_alg)) {
935 put_unaligned_le16(hash_alg,
936 &spec_event->digest_sizes[i].algorithm_id);
937 put_unaligned_le16(hash_len,
938 &spec_event->digest_sizes[i].digest_size);
942 * the size of the spec event and placement of vendor_info_size
943 * depends on supported algoriths
946 offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
947 spec_event->number_of_algorithms * sizeof(spec_event->digest_sizes[0]);
948 /* no vendor info for us */
949 memset(buffer + spec_event_size, 0,
950 sizeof(spec_event->vendor_info_size));
951 spec_event_size += sizeof(spec_event->vendor_info_size);
952 *event_size = spec_event_size;
961 * create_final_event() - Create the final event and install the config
962 * defined by the TCG EFI spec
964 static efi_status_t create_final_event(void)
966 struct efi_tcg2_final_events_table *final_event;
970 * All events generated after the invocation of
971 * EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an
972 * EFI_CONFIGURATION_TABLE
974 ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE,
975 &event_log.final_buffer);
976 if (ret != EFI_SUCCESS)
979 memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE);
980 final_event = event_log.final_buffer;
981 final_event->number_of_events = 0;
982 final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
983 event_log.final_pos = sizeof(*final_event);
984 ret = efi_install_configuration_table(&efi_guid_final_events,
986 if (ret != EFI_SUCCESS)
995 * efi_init_event_log() - initialize an eventlog
997 static efi_status_t efi_init_event_log(void)
1000 * vendor_info_size is currently set to 0, we need to change the length
1001 * and allocate the flexible array member if this changes
1003 struct tcg_pcr_event *event_header = NULL;
1004 struct udevice *dev;
1005 size_t spec_event_size;
1008 ret = platform_get_tpm2_device(&dev);
1009 if (ret != EFI_SUCCESS)
1012 ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE,
1013 (void **)&event_log.buffer);
1014 if (ret != EFI_SUCCESS)
1018 * initialize log area as 0xff so the OS can easily figure out the
1021 memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1023 event_log.last_event_size = 0;
1024 event_log.get_event_called = false;
1025 event_log.truncated = false;
1028 * The log header is defined to be in SHA1 event log entry format.
1029 * Setup event header
1031 event_header = (struct tcg_pcr_event *)event_log.buffer;
1032 put_unaligned_le32(0, &event_header->pcr_index);
1033 put_unaligned_le32(EV_NO_ACTION, &event_header->event_type);
1034 memset(&event_header->digest, 0, sizeof(event_header->digest));
1035 ret = create_specid_event(dev, event_log.buffer + sizeof(*event_header),
1037 if (ret != EFI_SUCCESS)
1039 put_unaligned_le32(spec_event_size, &event_header->event_size);
1040 event_log.pos = spec_event_size + sizeof(*event_header);
1041 event_log.last_event_size = event_log.pos;
1043 ret = create_final_event();
1050 * efi_tcg2_register() - register EFI_TCG2_PROTOCOL
1052 * If a TPM2 device is available, the TPM TCG2 Protocol is registered
1054 * Return: An error status is only returned if adding the protocol fails.
1056 efi_status_t efi_tcg2_register(void)
1059 struct udevice *dev;
1061 ret = platform_get_tpm2_device(&dev);
1062 if (ret != EFI_SUCCESS) {
1063 log_warning("Unable to find TPMv2 device\n");
1067 ret = efi_init_event_log();
1068 if (ret != EFI_SUCCESS)
1071 ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol,
1072 (void *)&efi_tcg2_protocol);
1073 if (ret != EFI_SUCCESS)
1074 log_err("Cannot install EFI_TCG2_PROTOCOL\n");
projects / platform / kernel / u-boot.git / blob