1 // SPDX-License-Identifier: GPL-2.0+
3 * Defines APIs that allow an OS to interact with UEFI firmware to query
4 * information about the device.
5 * https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/
7 * Copyright (c) 2020, Linaro Limited
10 #define LOG_CATEGORY LOGC_EFI
13 #include <efi_loader.h>
14 #include <efi_variable.h>
19 #include <version_string.h>
22 #include <u-boot/hash-checksum.h>
23 #include <u-boot/sha1.h>
24 #include <u-boot/sha256.h>
25 #include <u-boot/sha512.h>
26 #include <linux/unaligned/be_byteshift.h>
27 #include <linux/unaligned/le_byteshift.h>
28 #include <linux/unaligned/generic.h>
32 * struct event_log_buffer - internal eventlog management structure
34 * @buffer: eventlog buffer
35 * @final_buffer: finalevent config table buffer
36 * @pos: current position of 'buffer'
37 * @final_pos: current position of 'final_buffer'
38 * @get_event_called: true if GetEventLog has been invoked at least once
39 * @ebs_called: true if ExitBootServices has been invoked
40 * @truncated: true if the 'buffer' is truncated
42 struct event_log_buffer {
45 size_t pos; /* eventlog position */
46 size_t final_pos; /* final events config table position */
47 size_t last_event_size;
48 bool get_event_called;
53 static struct event_log_buffer event_log;
54 static bool tcg2_efi_app_invoked;
56 * When requesting TPM2_CAP_TPM_PROPERTIES the value is on a standard offset.
57 * Since the current tpm2_get_capability() response buffers starts at
58 * 'union tpmu_capabilities data' of 'struct tpms_capability_data', calculate
59 * the response size and offset once for all consumers
61 #define TPM2_RESPONSE_BUFFER_SIZE (sizeof(struct tpms_capability_data) - \
62 offsetof(struct tpms_capability_data, data))
63 #define properties_offset (offsetof(struct tpml_tagged_tpm_property, tpm_property) + \
64 offsetof(struct tpms_tagged_property, value))
66 static const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID;
67 static const efi_guid_t efi_guid_final_events = EFI_TCG2_FINAL_EVENTS_TABLE_GUID;
75 static const struct digest_info hash_algo_list[] = {
78 EFI_TCG2_BOOT_HASH_ALG_SHA1,
79 TPM2_SHA1_DIGEST_SIZE,
83 EFI_TCG2_BOOT_HASH_ALG_SHA256,
84 TPM2_SHA256_DIGEST_SIZE,
88 EFI_TCG2_BOOT_HASH_ALG_SHA384,
89 TPM2_SHA384_DIGEST_SIZE,
93 EFI_TCG2_BOOT_HASH_ALG_SHA512,
94 TPM2_SHA512_DIGEST_SIZE,
98 struct variable_info {
104 static struct variable_info secure_variables[] = {
105 {u"SecureBoot", true, 7},
112 {u"DeployedMode", false, 1},
113 {u"AuditMode", false, 1},
116 #define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list)
119 * alg_to_mask - Get a TCG hash mask for algorithms
121 * @hash_alg: TCG defined algorithm
123 * @Return: TCG hashing algorithm bitmaps, 0 if the algorithm is not supported
125 static u32 alg_to_mask(u16 hash_alg)
129 for (i = 0; i < MAX_HASH_COUNT; i++) {
130 if (hash_algo_list[i].hash_alg == hash_alg)
131 return hash_algo_list[i].hash_mask;
138 * alg_to_len - Get a TCG hash len for algorithms
140 * @hash_alg: TCG defined algorithm
142 * @Return: len of chosen algorithm, 0 if the algorithm is not supported
144 static u16 alg_to_len(u16 hash_alg)
148 for (i = 0; i < MAX_HASH_COUNT; i++) {
149 if (hash_algo_list[i].hash_alg == hash_alg)
150 return hash_algo_list[i].hash_len;
156 static u32 tcg_event_final_size(struct tpml_digest_values *digest_list)
161 len = offsetof(struct tcg_pcr_event2, digests);
162 len += offsetof(struct tpml_digest_values, digests);
163 for (i = 0; i < digest_list->count; i++) {
164 u16 hash_alg = digest_list->digests[i].hash_alg;
166 len += offsetof(struct tpmt_ha, digest);
167 len += alg_to_len(hash_alg);
169 len += sizeof(u32); /* tcg_pcr_event2 event_size*/
174 /* tcg2_pcr_extend - Extend PCRs for a TPM2 device for a given tpml_digest_values
177 * @digest_list: list of digest algorithms to extend
179 * @Return: status code
181 static efi_status_t tcg2_pcr_extend(struct udevice *dev, u32 pcr_index,
182 struct tpml_digest_values *digest_list)
187 for (i = 0; i < digest_list->count; i++) {
188 u32 alg = digest_list->digests[i].hash_alg;
190 rc = tpm2_pcr_extend(dev, pcr_index, alg,
191 (u8 *)&digest_list->digests[i].digest,
194 EFI_PRINT("Failed to extend PCR\n");
195 return EFI_DEVICE_ERROR;
202 /* put_event - Append an agile event to an eventlog
204 * @pcr_index: PCR index
205 * @event_type: type of event added
206 * @digest_list: list of digest algorithms to add
207 * @size: size of event
208 * @event: event to add
209 * @log: log buffer to append the event
212 static void put_event(u32 pcr_index, u32 event_type,
213 struct tpml_digest_values *digest_list, u32 size,
214 u8 event[], void *log)
221 * size refers to the length of event[] only, we need to check against
222 * the final tcg_pcr_event2 size
224 event_size = size + tcg_event_final_size(digest_list);
226 put_unaligned_le32(pcr_index, log);
227 pos = offsetof(struct tcg_pcr_event2, event_type);
228 put_unaligned_le32(event_type, (void *)((uintptr_t)log + pos));
229 pos = offsetof(struct tcg_pcr_event2, digests); /* count */
230 put_unaligned_le32(digest_list->count, (void *)((uintptr_t)log + pos));
232 pos += offsetof(struct tpml_digest_values, digests);
233 for (i = 0; i < digest_list->count; i++) {
234 u16 hash_alg = digest_list->digests[i].hash_alg;
235 u8 *digest = (u8 *)&digest_list->digests[i].digest;
237 put_unaligned_le16(hash_alg, (void *)((uintptr_t)log + pos));
238 pos += offsetof(struct tpmt_ha, digest);
239 memcpy((void *)((uintptr_t)log + pos), digest, alg_to_len(hash_alg));
240 pos += alg_to_len(hash_alg);
243 put_unaligned_le32(size, (void *)((uintptr_t)log + pos));
244 pos += sizeof(u32); /* tcg_pcr_event2 event_size*/
245 memcpy((void *)((uintptr_t)log + pos), event, size);
249 * make sure the calculated buffer is what we checked against
250 * This check should never fail. It checks the code above is
251 * calculating the right length for the event we are adding
253 if (pos != event_size)
254 log_err("Appending to the EventLog failed\n");
257 /* tcg2_agile_log_append - Append an agile event to an eventlog
259 * @pcr_index: PCR index
260 * @event_type: type of event added
261 * @digest_list: list of digest algorithms to add
262 * @size: size of event
263 * @event: event to add
264 * @log: log buffer to append the event
266 * @Return: status code
268 static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
269 struct tpml_digest_values *digest_list,
270 u32 size, u8 event[])
272 void *log = (void *)((uintptr_t)event_log.buffer + event_log.pos);
273 u32 event_size = size + tcg_event_final_size(digest_list);
274 struct efi_tcg2_final_events_table *final_event;
275 efi_status_t ret = EFI_SUCCESS;
277 /* if ExitBootServices hasn't been called update the normal log */
278 if (!event_log.ebs_called) {
279 if (event_log.truncated ||
280 event_log.pos + event_size > TPM2_EVENT_LOG_SIZE) {
281 event_log.truncated = true;
282 return EFI_VOLUME_FULL;
284 put_event(pcr_index, event_type, digest_list, size, event, log);
285 event_log.pos += event_size;
286 event_log.last_event_size = event_size;
289 if (!event_log.get_event_called)
292 /* if GetEventLog has been called update FinalEventLog as well */
293 if (event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE)
294 return EFI_VOLUME_FULL;
296 log = (void *)((uintptr_t)event_log.final_buffer + event_log.final_pos);
297 put_event(pcr_index, event_type, digest_list, size, event, log);
299 final_event = event_log.final_buffer;
300 final_event->number_of_events++;
301 event_log.final_pos += event_size;
307 * platform_get_tpm_device() - retrieve TPM device
309 * This function retrieves the udevice implementing a TPM
311 * This function may be overridden if special initialization is needed.
314 * Return: status code
316 __weak efi_status_t platform_get_tpm2_device(struct udevice **dev)
318 for_each_tpm_device(*dev) {
319 /* Only support TPMv2 devices */
320 if (tpm_get_version(*dev) == TPM_V2)
324 return EFI_NOT_FOUND;
328 * tpm2_get_max_command_size() - get the supported max command size
331 * @max_command_size: output buffer for the size
333 * Return: 0 on success, -1 on error
335 static int tpm2_get_max_command_size(struct udevice *dev, u16 *max_command_size)
337 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
340 memset(response, 0, sizeof(response));
341 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
342 TPM2_PT_MAX_COMMAND_SIZE, response, 1);
346 *max_command_size = (uint16_t)get_unaligned_be32(response +
353 * tpm2_get_max_response_size() - get the supported max response size
356 * @max_response_size: output buffer for the size
358 * Return: 0 on success, -1 on error
360 static int tpm2_get_max_response_size(struct udevice *dev,
361 u16 *max_response_size)
363 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
366 memset(response, 0, sizeof(response));
367 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
368 TPM2_PT_MAX_RESPONSE_SIZE, response, 1);
372 *max_response_size = (uint16_t)get_unaligned_be32(response +
379 * tpm2_get_manufacturer_id() - get the manufacturer ID
382 * @manufacturer_id: output buffer for the id
384 * Return: 0 on success, -1 on error
386 static int tpm2_get_manufacturer_id(struct udevice *dev, u32 *manufacturer_id)
388 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
391 memset(response, 0, sizeof(response));
392 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
393 TPM2_PT_MANUFACTURER, response, 1);
397 *manufacturer_id = get_unaligned_be32(response + properties_offset);
403 * tpm2_get_num_pcr() - get the number of PCRs
406 * @manufacturer_id: output buffer for the number
408 * Return: 0 on success, -1 on error
410 static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr)
412 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
415 memset(response, 0, sizeof(response));
416 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
417 TPM2_PT_PCR_COUNT, response, 1);
421 *num_pcr = get_unaligned_be32(response + properties_offset);
422 if (*num_pcr > TPM2_MAX_PCRS)
429 * is_active_pcr() - Check if a supported algorithm is active
432 * @selection: struct of PCR information
434 * Return: true if PCR is active
436 static bool is_active_pcr(struct tpms_pcr_selection *selection)
440 * check the pcr_select. If at least one of the PCRs supports the
441 * algorithm add it on the active ones
443 for (i = 0; i < selection->size_of_select; i++) {
444 if (selection->pcr_select[i])
452 * tpm2_get_pcr_info() - get the supported, active PCRs and number of banks
455 * @supported_pcr: bitmask with the algorithms supported
456 * @active_pcr: bitmask with the active algorithms
457 * @pcr_banks: number of PCR banks
459 * Return: 0 on success, -1 on error
461 static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr,
462 u32 *active_pcr, u32 *pcr_banks)
464 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
465 struct tpml_pcr_selection pcrs;
473 memset(response, 0, sizeof(response));
474 ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1);
478 pcrs.count = get_unaligned_be32(response);
480 * We only support 5 algorithms for now so check against that
481 * instead of TPM2_NUM_PCR_BANKS
483 if (pcrs.count > MAX_HASH_COUNT || pcrs.count < 1)
486 tpm_ret = tpm2_get_num_pcr(dev, &num_pcr);
490 for (i = 0; i < pcrs.count; i++) {
492 * Definition of TPMS_PCR_SELECTION Structure
495 * pcr_select: u8 array
497 * The offsets depend on the number of the device PCRs
498 * so we have to calculate them based on that
500 u32 hash_offset = offsetof(struct tpml_pcr_selection, selection) +
501 i * offsetof(struct tpms_pcr_selection, pcr_select) +
502 i * ((num_pcr + 7) / 8);
503 u32 size_select_offset =
504 hash_offset + offsetof(struct tpms_pcr_selection,
506 u32 pcr_select_offset =
507 hash_offset + offsetof(struct tpms_pcr_selection,
510 pcrs.selection[i].hash =
511 get_unaligned_be16(response + hash_offset);
512 pcrs.selection[i].size_of_select =
513 __get_unaligned_be(response + size_select_offset);
514 if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX)
516 /* copy the array of pcr_select */
517 memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset,
518 pcrs.selection[i].size_of_select);
521 for (i = 0; i < pcrs.count; i++) {
522 u32 hash_mask = alg_to_mask(pcrs.selection[i].hash);
525 *supported_pcr |= hash_mask;
526 if (is_active_pcr(&pcrs.selection[i]))
527 *active_pcr |= hash_mask;
529 EFI_PRINT("Unknown algorithm %x\n", pcrs.selection[i].hash);
533 *pcr_banks = pcrs.count;
541 * __get_active_pcr_banks() - returns the currently active PCR banks
543 * @active_pcr_banks: pointer for receiving the bitmap of currently
546 * Return: status code
548 static efi_status_t __get_active_pcr_banks(u32 *active_pcr_banks)
551 u32 active = 0, supported = 0, pcr_banks = 0;
555 ret = platform_get_tpm2_device(&dev);
556 if (ret != EFI_SUCCESS)
559 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks);
561 ret = EFI_DEVICE_ERROR;
565 *active_pcr_banks = active;
571 /* tcg2_create_digest - create a list of digests of the supported PCR banks
572 * for a given memory range
574 * @input: input memory
575 * @length: length of buffer to calculate the digest
576 * @digest_list: list of digests to fill in
578 * Return: status code
580 static efi_status_t tcg2_create_digest(const u8 *input, u32 length,
581 struct tpml_digest_values *digest_list)
584 sha256_context ctx_256;
585 sha512_context ctx_512;
586 u8 final[TPM2_SHA512_DIGEST_SIZE];
591 ret = __get_active_pcr_banks(&active);
592 if (ret != EFI_SUCCESS)
595 digest_list->count = 0;
596 for (i = 0; i < MAX_HASH_COUNT; i++) {
597 u16 hash_alg = hash_algo_list[i].hash_alg;
599 if (!(active & alg_to_mask(hash_alg)))
604 sha1_update(&ctx, input, length);
605 sha1_finish(&ctx, final);
607 case TPM2_ALG_SHA256:
608 sha256_starts(&ctx_256);
609 sha256_update(&ctx_256, input, length);
610 sha256_finish(&ctx_256, final);
612 case TPM2_ALG_SHA384:
613 sha384_starts(&ctx_512);
614 sha384_update(&ctx_512, input, length);
615 sha384_finish(&ctx_512, final);
617 case TPM2_ALG_SHA512:
618 sha512_starts(&ctx_512);
619 sha512_update(&ctx_512, input, length);
620 sha512_finish(&ctx_512, final);
623 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
624 return EFI_INVALID_PARAMETER;
626 digest_list->digests[digest_list->count].hash_alg = hash_alg;
627 memcpy(&digest_list->digests[digest_list->count].digest, final,
628 (u32)alg_to_len(hash_alg));
629 digest_list->count++;
636 * efi_tcg2_get_capability() - protocol capability information and state information
638 * @this: TCG2 protocol instance
639 * @capability: caller allocated memory with size field to the size of
640 * the structure allocated
642 * Return: status code
644 static efi_status_t EFIAPI
645 efi_tcg2_get_capability(struct efi_tcg2_protocol *this,
646 struct efi_tcg2_boot_service_capability *capability)
649 efi_status_t efi_ret;
652 EFI_ENTRY("%p, %p", this, capability);
654 if (!this || !capability) {
655 efi_ret = EFI_INVALID_PARAMETER;
659 if (capability->size < BOOT_SERVICE_CAPABILITY_MIN) {
660 capability->size = BOOT_SERVICE_CAPABILITY_MIN;
661 efi_ret = EFI_BUFFER_TOO_SMALL;
665 if (capability->size < sizeof(*capability)) {
666 capability->size = sizeof(*capability);
667 efi_ret = EFI_BUFFER_TOO_SMALL;
671 capability->structure_version.major = 1;
672 capability->structure_version.minor = 1;
673 capability->protocol_version.major = 1;
674 capability->protocol_version.minor = 1;
676 efi_ret = platform_get_tpm2_device(&dev);
677 if (efi_ret != EFI_SUCCESS) {
678 capability->supported_event_logs = 0;
679 capability->hash_algorithm_bitmap = 0;
680 capability->tpm_present_flag = false;
681 capability->max_command_size = 0;
682 capability->max_response_size = 0;
683 capability->manufacturer_id = 0;
684 capability->number_of_pcr_banks = 0;
685 capability->active_pcr_banks = 0;
687 efi_ret = EFI_SUCCESS;
691 /* We only allow a TPMv2 device to register the EFI protocol */
692 capability->supported_event_logs = TCG2_EVENT_LOG_FORMAT_TCG_2;
694 capability->tpm_present_flag = true;
696 /* Supported and active PCRs */
697 capability->hash_algorithm_bitmap = 0;
698 capability->active_pcr_banks = 0;
699 ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap,
700 &capability->active_pcr_banks,
701 &capability->number_of_pcr_banks);
703 efi_ret = EFI_DEVICE_ERROR;
707 /* Max command size */
708 ret = tpm2_get_max_command_size(dev, &capability->max_command_size);
710 efi_ret = EFI_DEVICE_ERROR;
714 /* Max response size */
715 ret = tpm2_get_max_response_size(dev, &capability->max_response_size);
717 efi_ret = EFI_DEVICE_ERROR;
721 /* Manufacturer ID */
722 ret = tpm2_get_manufacturer_id(dev, &capability->manufacturer_id);
724 efi_ret = EFI_DEVICE_ERROR;
728 return EFI_EXIT(EFI_SUCCESS);
730 return EFI_EXIT(efi_ret);
734 * efi_tcg2_get_eventlog() - retrieve the the address of an event log and its
737 * @this: TCG2 protocol instance
738 * @log_format: type of event log format
739 * @event_log_location: pointer to the memory address of the event log
740 * @event_log_last_entry: pointer to the address of the start of the last
741 * entry in the event log in memory, if log contains
743 * @event_log_truncated: set to true, if the Event Log is missing at i
746 * Return: status code
748 static efi_status_t EFIAPI
749 efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this,
750 efi_tcg_event_log_format log_format,
751 u64 *event_log_location, u64 *event_log_last_entry,
752 bool *event_log_truncated)
754 efi_status_t ret = EFI_SUCCESS;
757 EFI_ENTRY("%p, %u, %p, %p, %p", this, log_format, event_log_location,
758 event_log_last_entry, event_log_truncated);
760 if (!this || !event_log_location || !event_log_last_entry ||
761 !event_log_truncated) {
762 ret = EFI_INVALID_PARAMETER;
766 /* Only support TPMV2 */
767 if (log_format != TCG2_EVENT_LOG_FORMAT_TCG_2) {
768 ret = EFI_INVALID_PARAMETER;
772 ret = platform_get_tpm2_device(&dev);
773 if (ret != EFI_SUCCESS) {
774 event_log_location = NULL;
775 event_log_last_entry = NULL;
776 *event_log_truncated = false;
780 *event_log_location = (uintptr_t)event_log.buffer;
781 *event_log_last_entry = (uintptr_t)(event_log.buffer + event_log.pos -
782 event_log.last_event_size);
783 *event_log_truncated = event_log.truncated;
784 event_log.get_event_called = true;
787 return EFI_EXIT(ret);
791 * tcg2_hash_pe_image() - calculate PE/COFF image hash
793 * @efi: pointer to the EFI binary
794 * @efi_size: size of @efi binary
795 * @digest_list: list of digest algorithms to extend
797 * Return: status code
799 static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
800 struct tpml_digest_values *digest_list)
802 WIN_CERTIFICATE *wincerts = NULL;
804 struct efi_image_regions *regs = NULL;
805 void *new_efi = NULL;
806 u8 hash[TPM2_SHA512_DIGEST_SIZE];
811 new_efi = efi_prepare_aligned_image(efi, &efi_size);
813 return EFI_OUT_OF_RESOURCES;
815 if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts,
817 log_err("Parsing PE executable image failed\n");
818 ret = EFI_UNSUPPORTED;
822 ret = __get_active_pcr_banks(&active);
823 if (ret != EFI_SUCCESS) {
827 digest_list->count = 0;
828 for (i = 0; i < MAX_HASH_COUNT; i++) {
829 u16 hash_alg = hash_algo_list[i].hash_alg;
831 if (!(active & alg_to_mask(hash_alg)))
835 hash_calculate("sha1", regs->reg, regs->num, hash);
837 case TPM2_ALG_SHA256:
838 hash_calculate("sha256", regs->reg, regs->num, hash);
840 case TPM2_ALG_SHA384:
841 hash_calculate("sha384", regs->reg, regs->num, hash);
843 case TPM2_ALG_SHA512:
844 hash_calculate("sha512", regs->reg, regs->num, hash);
847 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
848 return EFI_INVALID_PARAMETER;
850 digest_list->digests[digest_list->count].hash_alg = hash_alg;
851 memcpy(&digest_list->digests[digest_list->count].digest, hash,
852 (u32)alg_to_len(hash_alg));
853 digest_list->count++;
865 * tcg2_measure_pe_image() - measure PE/COFF image
867 * @efi: pointer to the EFI binary
868 * @efi_size: size of @efi binary
869 * @handle: loaded image handle
870 * @loaded_image: loaded image protocol
872 * Return: status code
874 efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
875 struct efi_loaded_image_obj *handle,
876 struct efi_loaded_image *loaded_image)
878 struct tpml_digest_values digest_list;
881 u32 pcr_index, event_type, event_size;
882 struct uefi_image_load_event *image_load_event;
883 struct efi_device_path *device_path;
884 u32 device_path_length;
885 IMAGE_DOS_HEADER *dos;
886 IMAGE_NT_HEADERS32 *nt;
887 struct efi_handler *handler;
889 ret = platform_get_tpm2_device(&dev);
890 if (ret != EFI_SUCCESS)
893 switch (handle->image_type) {
894 case IMAGE_SUBSYSTEM_EFI_APPLICATION:
896 event_type = EV_EFI_BOOT_SERVICES_APPLICATION;
898 case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:
900 event_type = EV_EFI_BOOT_SERVICES_DRIVER;
902 case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:
904 event_type = EV_EFI_RUNTIME_SERVICES_DRIVER;
907 return EFI_UNSUPPORTED;
910 ret = tcg2_hash_pe_image(efi, efi_size, &digest_list);
911 if (ret != EFI_SUCCESS)
914 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
915 if (ret != EFI_SUCCESS)
918 ret = efi_search_protocol(&handle->header,
919 &efi_guid_loaded_image_device_path, &handler);
920 if (ret != EFI_SUCCESS)
923 device_path = handler->protocol_interface;
924 device_path_length = efi_dp_size(device_path);
925 if (device_path_length > 0) {
926 /* add end node size */
927 device_path_length += sizeof(struct efi_device_path);
929 event_size = sizeof(struct uefi_image_load_event) + device_path_length;
930 image_load_event = calloc(1, event_size);
931 if (!image_load_event)
932 return EFI_OUT_OF_RESOURCES;
934 image_load_event->image_location_in_memory = (uintptr_t)efi;
935 image_load_event->image_length_in_memory = efi_size;
936 image_load_event->length_of_device_path = device_path_length;
938 dos = (IMAGE_DOS_HEADER *)efi;
939 nt = (IMAGE_NT_HEADERS32 *)(efi + dos->e_lfanew);
940 if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
941 IMAGE_NT_HEADERS64 *nt64 = (IMAGE_NT_HEADERS64 *)nt;
943 image_load_event->image_link_time_address =
944 nt64->OptionalHeader.ImageBase;
945 } else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
946 image_load_event->image_link_time_address =
947 nt->OptionalHeader.ImageBase;
949 ret = EFI_INVALID_PARAMETER;
953 /* device_path_length might be zero */
954 memcpy(image_load_event->device_path, device_path, device_path_length);
956 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
957 event_size, (u8 *)image_load_event);
960 free(image_load_event);
966 * efi_tcg2_hash_log_extend_event() - extend and optionally log events
968 * @this: TCG2 protocol instance
969 * @flags: bitmap providing additional information on the
971 * @data_to_hash: physical address of the start of the data buffer
973 * @data_to_hash_len: the length in bytes of the buffer referenced by
975 * @efi_tcg_event: pointer to data buffer containing information
978 * Return: status code
980 static efi_status_t EFIAPI
981 efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
982 u64 data_to_hash, u64 data_to_hash_len,
983 struct efi_tcg2_event *efi_tcg_event)
987 u32 event_type, pcr_index, event_size;
988 struct tpml_digest_values digest_list;
990 EFI_ENTRY("%p, %llu, %llu, %llu, %p", this, flags, data_to_hash,
991 data_to_hash_len, efi_tcg_event);
993 if (!this || !data_to_hash || !efi_tcg_event) {
994 ret = EFI_INVALID_PARAMETER;
998 ret = platform_get_tpm2_device(&dev);
999 if (ret != EFI_SUCCESS)
1002 if (efi_tcg_event->size < efi_tcg_event->header.header_size +
1004 ret = EFI_INVALID_PARAMETER;
1008 if (efi_tcg_event->header.pcr_index > EFI_TCG2_MAX_PCR_INDEX) {
1009 ret = EFI_INVALID_PARAMETER;
1014 * if PE_COFF_IMAGE is set we need to make sure the image is not
1015 * corrupted, verify it and hash the PE/COFF image in accordance with
1016 * the procedure specified in "Calculating the PE Image Hash"
1017 * section of the "Windows Authenticode Portable Executable Signature
1020 if (flags & PE_COFF_IMAGE) {
1021 IMAGE_NT_HEADERS32 *nt;
1023 ret = efi_check_pe((void *)(uintptr_t)data_to_hash,
1024 data_to_hash_len, (void **)&nt);
1025 if (ret != EFI_SUCCESS) {
1026 log_err("Not a valid PE-COFF file\n");
1027 ret = EFI_UNSUPPORTED;
1030 ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash,
1031 data_to_hash_len, &digest_list);
1033 ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash,
1034 data_to_hash_len, &digest_list);
1037 if (ret != EFI_SUCCESS)
1040 pcr_index = efi_tcg_event->header.pcr_index;
1041 event_type = efi_tcg_event->header.event_type;
1043 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
1044 if (ret != EFI_SUCCESS)
1047 if (flags & EFI_TCG2_EXTEND_ONLY) {
1048 if (event_log.truncated)
1049 ret = EFI_VOLUME_FULL;
1054 * The efi_tcg_event size includes the size component and the
1057 event_size = efi_tcg_event->size - sizeof(efi_tcg_event->size) -
1058 efi_tcg_event->header.header_size;
1059 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1060 event_size, efi_tcg_event->event);
1062 return EFI_EXIT(ret);
1066 * efi_tcg2_submit_command() - Send command to the TPM
1068 * @this: TCG2 protocol instance
1069 * @input_param_block_size: size of the TPM input parameter block
1070 * @input_param_block: pointer to the TPM input parameter block
1071 * @output_param_block_size: size of the TPM output parameter block
1072 * @output_param_block: pointer to the TPM output parameter block
1074 * Return: status code
1076 static efi_status_t EFIAPI
1077 efi_tcg2_submit_command(struct efi_tcg2_protocol *this,
1078 u32 input_param_block_size,
1079 u8 *input_param_block,
1080 u32 output_param_block_size,
1081 u8 *output_param_block)
1083 struct udevice *dev;
1086 size_t resp_buf_size = output_param_block_size;
1088 EFI_ENTRY("%p, %u, %p, %u, %p", this, input_param_block_size,
1089 input_param_block, output_param_block_size, output_param_block);
1091 if (!this || !input_param_block || !input_param_block_size) {
1092 ret = EFI_INVALID_PARAMETER;
1096 ret = platform_get_tpm2_device(&dev);
1097 if (ret != EFI_SUCCESS)
1100 rc = tpm2_submit_command(dev, input_param_block,
1101 output_param_block, &resp_buf_size);
1103 ret = (rc == -ENOSPC) ? EFI_OUT_OF_RESOURCES : EFI_DEVICE_ERROR;
1109 return EFI_EXIT(ret);
1113 * efi_tcg2_get_active_pcr_banks() - returns the currently active PCR banks
1115 * @this: TCG2 protocol instance
1116 * @active_pcr_banks: pointer for receiving the bitmap of currently
1119 * Return: status code
1121 static efi_status_t EFIAPI
1122 efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this,
1123 u32 *active_pcr_banks)
1127 if (!this || !active_pcr_banks) {
1128 ret = EFI_INVALID_PARAMETER;
1132 EFI_ENTRY("%p, %p", this, active_pcr_banks);
1133 ret = __get_active_pcr_banks(active_pcr_banks);
1136 return EFI_EXIT(ret);
1140 * efi_tcg2_set_active_pcr_banks() - sets the currently active PCR banks
1142 * @this: TCG2 protocol instance
1143 * @active_pcr_banks: bitmap of the requested active PCR banks
1145 * Return: status code
1147 static efi_status_t EFIAPI
1148 efi_tcg2_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this,
1149 u32 __maybe_unused active_pcr_banks)
1151 return EFI_UNSUPPORTED;
1155 * efi_tcg2_get_result_of_set_active_pcr_banks() - retrieve result for previous
1156 * set_active_pcr_banks()
1158 * @this: TCG2 protocol instance
1159 * @operation_present: non-zero value to indicate a
1160 * set_active_pcr_banks operation was
1161 * invoked during last boot
1162 * @response: result value could be returned
1164 * Return: status code
1166 static efi_status_t EFIAPI
1167 efi_tcg2_get_result_of_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this,
1168 u32 __maybe_unused *operation_present,
1169 u32 __maybe_unused *response)
1171 return EFI_UNSUPPORTED;
1174 static const struct efi_tcg2_protocol efi_tcg2_protocol = {
1175 .get_capability = efi_tcg2_get_capability,
1176 .get_eventlog = efi_tcg2_get_eventlog,
1177 .hash_log_extend_event = efi_tcg2_hash_log_extend_event,
1178 .submit_command = efi_tcg2_submit_command,
1179 .get_active_pcr_banks = efi_tcg2_get_active_pcr_banks,
1180 .set_active_pcr_banks = efi_tcg2_set_active_pcr_banks,
1181 .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks,
1185 * create_specid_event() - Create the first event in the eventlog
1188 * @event_header: Pointer to the final event header
1189 * @event_size: final spec event size
1191 * Return: status code
1193 static efi_status_t create_specid_event(struct udevice *dev, void *buffer,
1196 struct tcg_efi_spec_id_event *spec_event;
1197 size_t spec_event_size;
1198 efi_status_t ret = EFI_DEVICE_ERROR;
1199 u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0;
1204 * Create Spec event. This needs to be the first event in the log
1205 * according to the TCG EFI protocol spec
1208 /* Setup specID event data */
1209 spec_event = (struct tcg_efi_spec_id_event *)buffer;
1210 memcpy(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
1211 sizeof(spec_event->signature));
1212 put_unaligned_le32(0, &spec_event->platform_class); /* type client */
1213 spec_event->spec_version_minor =
1214 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2;
1215 spec_event->spec_version_major =
1216 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2;
1217 spec_event->spec_errata =
1218 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2;
1219 spec_event->uintn_size = sizeof(efi_uintn_t) / sizeof(u32);
1221 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count);
1226 for (i = 0; i < pcr_count; i++) {
1227 u16 hash_alg = hash_algo_list[i].hash_alg;
1228 u16 hash_len = hash_algo_list[i].hash_len;
1230 if (active & alg_to_mask(hash_alg)) {
1231 put_unaligned_le16(hash_alg,
1232 &spec_event->digest_sizes[alg_count].algorithm_id);
1233 put_unaligned_le16(hash_len,
1234 &spec_event->digest_sizes[alg_count].digest_size);
1239 spec_event->number_of_algorithms = alg_count;
1240 if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
1241 spec_event->number_of_algorithms < 1)
1245 * the size of the spec event and placement of vendor_info_size
1246 * depends on supported algoriths
1249 offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
1250 spec_event->number_of_algorithms * sizeof(spec_event->digest_sizes[0]);
1251 /* no vendor info for us */
1252 memset(buffer + spec_event_size, 0, 1);
1253 /* add a byte for vendor_info_size in the spec event */
1254 spec_event_size += 1;
1255 *event_size = spec_event_size;
1264 * tcg2_uninit - remove the final event table and free efi memory on failures
1266 void tcg2_uninit(void)
1270 ret = efi_install_configuration_table(&efi_guid_final_events, NULL);
1271 if (ret != EFI_SUCCESS)
1272 log_err("Failed to delete final events config table\n");
1274 efi_free_pool(event_log.buffer);
1275 event_log.buffer = NULL;
1276 efi_free_pool(event_log.final_buffer);
1277 event_log.final_buffer = NULL;
1281 * create_final_event() - Create the final event and install the config
1282 * defined by the TCG EFI spec
1284 static efi_status_t create_final_event(void)
1286 struct efi_tcg2_final_events_table *final_event;
1290 * All events generated after the invocation of
1291 * EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an
1292 * EFI_CONFIGURATION_TABLE
1294 ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE,
1295 &event_log.final_buffer);
1296 if (ret != EFI_SUCCESS)
1299 memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1300 final_event = event_log.final_buffer;
1301 final_event->number_of_events = 0;
1302 final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
1303 event_log.final_pos = sizeof(*final_event);
1304 ret = efi_install_configuration_table(&efi_guid_final_events,
1306 if (ret != EFI_SUCCESS) {
1307 efi_free_pool(event_log.final_buffer);
1308 event_log.final_buffer = NULL;
1316 * efi_init_event_log() - initialize an eventlog
1318 static efi_status_t efi_init_event_log(void)
1321 * vendor_info_size is currently set to 0, we need to change the length
1322 * and allocate the flexible array member if this changes
1324 struct tcg_pcr_event *event_header = NULL;
1325 struct udevice *dev;
1326 size_t spec_event_size;
1329 ret = platform_get_tpm2_device(&dev);
1330 if (ret != EFI_SUCCESS)
1333 ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE,
1334 (void **)&event_log.buffer);
1335 if (ret != EFI_SUCCESS)
1339 * initialize log area as 0xff so the OS can easily figure out the
1342 memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1344 event_log.last_event_size = 0;
1345 event_log.get_event_called = false;
1346 event_log.ebs_called = false;
1347 event_log.truncated = false;
1350 * The log header is defined to be in SHA1 event log entry format.
1351 * Setup event header
1353 event_header = (struct tcg_pcr_event *)event_log.buffer;
1354 put_unaligned_le32(0, &event_header->pcr_index);
1355 put_unaligned_le32(EV_NO_ACTION, &event_header->event_type);
1356 memset(&event_header->digest, 0, sizeof(event_header->digest));
1357 ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)),
1359 if (ret != EFI_SUCCESS)
1361 put_unaligned_le32(spec_event_size, &event_header->event_size);
1362 event_log.pos = spec_event_size + sizeof(*event_header);
1363 event_log.last_event_size = event_log.pos;
1365 ret = create_final_event();
1366 if (ret != EFI_SUCCESS)
1373 efi_free_pool(event_log.buffer);
1374 event_log.buffer = NULL;
1379 * tcg2_measure_event() - common function to add event log and extend PCR
1382 * @pcr_index: PCR index
1383 * @event_type: type of event added
1385 * @event: event data
1387 * Return: status code
1390 tcg2_measure_event(struct udevice *dev, u32 pcr_index, u32 event_type,
1391 u32 size, u8 event[])
1393 struct tpml_digest_values digest_list;
1396 ret = tcg2_create_digest(event, size, &digest_list);
1397 if (ret != EFI_SUCCESS)
1400 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
1401 if (ret != EFI_SUCCESS)
1404 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1412 * efi_append_scrtm_version - Append an S-CRTM EV_S_CRTM_VERSION event on the
1413 * eventlog and extend the PCRs
1417 * @Return: status code
1419 static efi_status_t efi_append_scrtm_version(struct udevice *dev)
1423 ret = tcg2_measure_event(dev, 0, EV_S_CRTM_VERSION,
1424 strlen(version_string) + 1,
1425 (u8 *)version_string);
1431 * tcg2_measure_variable() - add variable event log and extend PCR
1434 * @pcr_index: PCR index
1435 * @event_type: type of event added
1436 * @var_name: variable name
1438 * @data_size: variable data size
1439 * @data: variable data
1441 * Return: status code
1443 static efi_status_t tcg2_measure_variable(struct udevice *dev, u32 pcr_index,
1444 u32 event_type, const u16 *var_name,
1445 const efi_guid_t *guid,
1446 efi_uintn_t data_size, u8 *data)
1450 struct efi_tcg2_uefi_variable_data *event;
1452 event_size = sizeof(event->variable_name) +
1453 sizeof(event->unicode_name_length) +
1454 sizeof(event->variable_data_length) +
1455 (u16_strlen(var_name) * sizeof(u16)) + data_size;
1456 event = malloc(event_size);
1458 return EFI_OUT_OF_RESOURCES;
1460 guidcpy(&event->variable_name, guid);
1461 event->unicode_name_length = u16_strlen(var_name);
1462 event->variable_data_length = data_size;
1463 memcpy(event->unicode_name, var_name,
1464 (event->unicode_name_length * sizeof(u16)));
1466 memcpy((u16 *)event->unicode_name + event->unicode_name_length,
1469 ret = tcg2_measure_event(dev, pcr_index, event_type, event_size,
1476 * tcg2_measure_boot_variable() - measure boot variables
1480 * Return: status code
1482 static efi_status_t tcg2_measure_boot_variable(struct udevice *dev)
1486 u16 var_name[] = L"BootOrder";
1487 u16 boot_name[] = L"Boot####";
1489 efi_uintn_t var_data_size;
1493 boot_order = efi_get_var(var_name, &efi_global_variable_guid,
1496 /* If "BootOrder" is not defined, skip the boot variable measurement */
1500 ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2, var_name,
1501 &efi_global_variable_guid, var_data_size,
1503 if (ret != EFI_SUCCESS)
1506 count = var_data_size / sizeof(*boot_order);
1507 boot_index = boot_order;
1508 for (i = 0; i < count; i++) {
1509 efi_create_indexed_name(boot_name, sizeof(boot_name),
1510 "Boot", *boot_index++);
1512 bootvar = efi_get_var(boot_name, &efi_global_variable_guid,
1516 log_debug("%ls not found\n", boot_name);
1520 ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2,
1522 &efi_global_variable_guid,
1523 var_data_size, bootvar);
1525 if (ret != EFI_SUCCESS)
1535 * tcg2_measure_smbios() - measure smbios table
1538 * @entry: pointer to the smbios_entry structure
1540 * Return: status code
1543 tcg2_measure_smbios(struct udevice *dev,
1544 const struct smbios_entry *entry)
1547 struct smbios_header *smbios_copy;
1548 struct smbios_handoff_table_pointers2 *event = NULL;
1552 * TCG PC Client PFP Spec says
1553 * "SMBIOS structures that contain static configuration information
1554 * (e.g. Platform Manufacturer Enterprise Number assigned by IANA,
1555 * platform model number, Vendor and Device IDs for each SMBIOS table)
1556 * that is relevant to the security of the platform MUST be measured".
1557 * Device dependent parameters such as serial number are cleared to
1558 * zero or spaces for the measurement.
1560 event_size = sizeof(struct smbios_handoff_table_pointers2) +
1561 FIELD_SIZEOF(struct efi_configuration_table, guid) +
1562 entry->struct_table_length;
1563 event = calloc(1, event_size);
1565 ret = EFI_OUT_OF_RESOURCES;
1569 event->table_description_size = sizeof(SMBIOS_HANDOFF_TABLE_DESC);
1570 memcpy(event->table_description, SMBIOS_HANDOFF_TABLE_DESC,
1571 sizeof(SMBIOS_HANDOFF_TABLE_DESC));
1572 put_unaligned_le64(1, &event->number_of_tables);
1573 guidcpy(&event->table_entry[0].guid, &smbios_guid);
1574 smbios_copy = (struct smbios_header *)((uintptr_t)&event->table_entry[0].table);
1575 memcpy(&event->table_entry[0].table,
1576 (void *)((uintptr_t)entry->struct_table_address),
1577 entry->struct_table_length);
1579 smbios_prepare_measurement(entry, smbios_copy);
1581 ret = tcg2_measure_event(dev, 1, EV_EFI_HANDOFF_TABLES2, event_size,
1583 if (ret != EFI_SUCCESS)
1593 * find_smbios_table() - find smbios table
1595 * Return: pointer to the smbios table
1597 static void *find_smbios_table(void)
1601 for (i = 0; i < systab.nr_tables; i++) {
1602 if (!guidcmp(&smbios_guid, &systab.tables[i].guid))
1603 return systab.tables[i].table;
1610 * tcg2_measure_gpt_table() - measure gpt table
1613 * @loaded_image: handle to the loaded image
1615 * Return: status code
1618 tcg2_measure_gpt_data(struct udevice *dev,
1619 struct efi_loaded_image_obj *loaded_image)
1622 efi_handle_t handle;
1623 struct efi_handler *dp_handler;
1624 struct efi_device_path *orig_device_path;
1625 struct efi_device_path *device_path;
1626 struct efi_device_path *dp;
1627 struct efi_block_io *block_io;
1628 struct efi_gpt_data *event = NULL;
1629 efi_guid_t null_guid = NULL_GUID;
1631 gpt_entry *entry = NULL;
1633 u32 num_of_valid_entry = 0;
1636 u32 total_gpt_entry_size;
1638 ret = efi_search_protocol(&loaded_image->header,
1639 &efi_guid_loaded_image_device_path,
1641 if (ret != EFI_SUCCESS)
1644 orig_device_path = dp_handler->protocol_interface;
1645 if (!orig_device_path) /* no device path, skip GPT measurement */
1648 device_path = efi_dp_dup(orig_device_path);
1650 return EFI_OUT_OF_RESOURCES;
1652 dp = search_gpt_dp_node(device_path);
1654 /* no GPT device path node found, skip GPT measurement */
1659 /* read GPT header */
1660 dp->type = DEVICE_PATH_TYPE_END;
1661 dp->sub_type = DEVICE_PATH_SUB_TYPE_END;
1663 ret = EFI_CALL(systab.boottime->locate_device_path(&efi_block_io_guid,
1665 if (ret != EFI_SUCCESS)
1668 ret = EFI_CALL(efi_handle_protocol(handle,
1669 &efi_block_io_guid, (void **)&block_io));
1670 if (ret != EFI_SUCCESS)
1673 gpt_h = memalign(block_io->media->io_align, block_io->media->block_size);
1675 ret = EFI_OUT_OF_RESOURCES;
1679 ret = block_io->read_blocks(block_io, block_io->media->media_id, 1,
1680 block_io->media->block_size, gpt_h);
1681 if (ret != EFI_SUCCESS)
1684 /* read GPT entry */
1685 total_gpt_entry_size = gpt_h->num_partition_entries *
1686 gpt_h->sizeof_partition_entry;
1687 entry = memalign(block_io->media->io_align, total_gpt_entry_size);
1689 ret = EFI_OUT_OF_RESOURCES;
1693 ret = block_io->read_blocks(block_io, block_io->media->media_id,
1694 gpt_h->partition_entry_lba,
1695 total_gpt_entry_size, entry);
1696 if (ret != EFI_SUCCESS)
1699 /* count valid GPT entry */
1701 for (i = 0; i < gpt_h->num_partition_entries; i++) {
1702 if (guidcmp(&null_guid, &gpt_e->partition_type_guid))
1703 num_of_valid_entry++;
1705 gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry);
1708 /* prepare event data for measurement */
1709 event_size = sizeof(struct efi_gpt_data) +
1710 (num_of_valid_entry * gpt_h->sizeof_partition_entry);
1711 event = calloc(1, event_size);
1713 ret = EFI_OUT_OF_RESOURCES;
1716 memcpy(event, gpt_h, sizeof(gpt_header));
1717 put_unaligned_le64(num_of_valid_entry, &event->number_of_partitions);
1719 /* copy valid GPT entry */
1721 num_of_valid_entry = 0;
1722 for (i = 0; i < gpt_h->num_partition_entries; i++) {
1723 if (guidcmp(&null_guid, &gpt_e->partition_type_guid)) {
1724 memcpy((u8 *)event->partitions +
1725 (num_of_valid_entry * gpt_h->sizeof_partition_entry),
1726 gpt_e, gpt_h->sizeof_partition_entry);
1727 num_of_valid_entry++;
1730 gpt_e = (gpt_entry *)((u8 *)gpt_e + gpt_h->sizeof_partition_entry);
1733 ret = tcg2_measure_event(dev, 5, EV_EFI_GPT_EVENT, event_size, (u8 *)event);
1734 if (ret != EFI_SUCCESS)
1738 EFI_CALL(efi_close_protocol((efi_handle_t)block_io, &efi_block_io_guid,
1744 efi_free_pool(device_path);
1750 * efi_tcg2_measure_efi_app_invocation() - measure efi app invocation
1752 * Return: status code
1754 efi_status_t efi_tcg2_measure_efi_app_invocation(struct efi_loaded_image_obj *handle)
1758 struct udevice *dev;
1760 struct smbios_entry *entry;
1762 if (tcg2_efi_app_invoked)
1765 ret = platform_get_tpm2_device(&dev);
1766 if (ret != EFI_SUCCESS)
1769 ret = tcg2_measure_boot_variable(dev);
1770 if (ret != EFI_SUCCESS)
1773 ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
1774 strlen(EFI_CALLING_EFI_APPLICATION),
1775 (u8 *)EFI_CALLING_EFI_APPLICATION);
1776 if (ret != EFI_SUCCESS)
1779 entry = (struct smbios_entry *)find_smbios_table();
1781 ret = tcg2_measure_smbios(dev, entry);
1782 if (ret != EFI_SUCCESS)
1786 ret = tcg2_measure_gpt_data(dev, handle);
1787 if (ret != EFI_SUCCESS)
1790 for (pcr_index = 0; pcr_index <= 7; pcr_index++) {
1791 ret = tcg2_measure_event(dev, pcr_index, EV_SEPARATOR,
1792 sizeof(event), (u8 *)&event);
1793 if (ret != EFI_SUCCESS)
1797 tcg2_efi_app_invoked = true;
1803 * efi_tcg2_measure_efi_app_exit() - measure efi app exit
1805 * Return: status code
1807 efi_status_t efi_tcg2_measure_efi_app_exit(void)
1810 struct udevice *dev;
1812 ret = platform_get_tpm2_device(&dev);
1813 if (ret != EFI_SUCCESS)
1816 ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
1817 strlen(EFI_RETURNING_FROM_EFI_APPLICATION),
1818 (u8 *)EFI_RETURNING_FROM_EFI_APPLICATION);
1823 * efi_tcg2_notify_exit_boot_services() - ExitBootService callback
1825 * @event: callback event
1826 * @context: callback context
1829 efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)
1832 struct udevice *dev;
1834 EFI_ENTRY("%p, %p", event, context);
1836 event_log.ebs_called = true;
1837 ret = platform_get_tpm2_device(&dev);
1838 if (ret != EFI_SUCCESS)
1841 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1842 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
1843 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
1844 if (ret != EFI_SUCCESS)
1847 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1848 strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED),
1849 (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED);
1856 * efi_tcg2_notify_exit_boot_services_failed()
1857 * - notify ExitBootServices() is failed
1859 * Return: status code
1861 efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)
1863 struct udevice *dev;
1866 ret = platform_get_tpm2_device(&dev);
1867 if (ret != EFI_SUCCESS)
1870 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1871 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
1872 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
1873 if (ret != EFI_SUCCESS)
1876 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1877 strlen(EFI_EXIT_BOOT_SERVICES_FAILED),
1878 (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED);
1885 * tcg2_measure_secure_boot_variable() - measure secure boot variables
1889 * Return: status code
1891 static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev)
1894 efi_uintn_t data_size;
1899 u32 deployed_audit_pcr_index = 1;
1901 size = sizeof(deployed_mode);
1902 ret = efi_get_variable_int(u"DeployedMode", &efi_global_variable_guid,
1903 NULL, &size, &deployed_mode, NULL);
1904 if (ret != EFI_SUCCESS || !deployed_mode)
1905 deployed_audit_pcr_index = 7;
1907 count = ARRAY_SIZE(secure_variables);
1908 for (i = 0; i < count; i++) {
1909 const efi_guid_t *guid;
1911 guid = efi_auth_var_get_guid(secure_variables[i].name);
1913 data = efi_get_var(secure_variables[i].name, guid, &data_size);
1914 if (!data && !secure_variables[i].accept_empty)
1917 if (u16_strcmp(u"DeployedMode", secure_variables[i].name))
1918 secure_variables[i].pcr_index = deployed_audit_pcr_index;
1919 if (u16_strcmp(u"AuditMode", secure_variables[i].name))
1920 secure_variables[i].pcr_index = deployed_audit_pcr_index;
1922 ret = tcg2_measure_variable(dev, secure_variables[i].pcr_index,
1923 EV_EFI_VARIABLE_DRIVER_CONFIG,
1924 secure_variables[i].name, guid,
1927 if (ret != EFI_SUCCESS)
1936 * efi_tcg2_register() - register EFI_TCG2_PROTOCOL
1938 * If a TPM2 device is available, the TPM TCG2 Protocol is registered
1940 * Return: An error status is only returned if adding the protocol fails.
1942 efi_status_t efi_tcg2_register(void)
1944 efi_status_t ret = EFI_SUCCESS;
1945 struct udevice *dev;
1946 struct efi_event *event;
1949 ret = platform_get_tpm2_device(&dev);
1950 if (ret != EFI_SUCCESS) {
1951 log_warning("Unable to find TPMv2 device\n");
1955 /* initialize the TPM as early as possible. */
1956 err = tpm_startup(dev, TPM_ST_CLEAR);
1958 log_err("TPM startup failed\n");
1962 ret = efi_init_event_log();
1963 if (ret != EFI_SUCCESS)
1966 ret = efi_append_scrtm_version(dev);
1967 if (ret != EFI_SUCCESS) {
1972 ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol,
1973 (void *)&efi_tcg2_protocol);
1974 if (ret != EFI_SUCCESS) {
1979 ret = efi_create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK,
1980 efi_tcg2_notify_exit_boot_services, NULL,
1982 if (ret != EFI_SUCCESS) {
1987 ret = tcg2_measure_secure_boot_variable(dev);
1988 if (ret != EFI_SUCCESS) {
1996 log_err("Cannot install EFI_TCG2_PROTOCOL\n");
1998 * Return EFI_SUCCESS and don't stop the EFI subsystem.
1999 * That's done for 2 reasons
2000 * - If the protocol is not installed the PCRs won't be extended. So
2001 * someone later in the boot flow will notice that and take the
2002 * necessary actions.
2003 * - The TPM sandbox is limited and we won't be able to run any efi
2004 * related tests with TCG2 enabled