1 // SPDX-License-Identifier: GPL-2.0+
3 * Defines APIs that allow an OS to interact with UEFI firmware to query
4 * information about the device.
5 * https://trustedcomputinggroup.org/resource/tcg-efi-protocol-specification/
7 * Copyright (c) 2020, Linaro Limited
10 #define LOG_CATEGORY LOGC_EFI
13 #include <efi_loader.h>
17 #include <version_string.h>
19 #include <u-boot/hash-checksum.h>
20 #include <u-boot/sha1.h>
21 #include <u-boot/sha256.h>
22 #include <u-boot/sha512.h>
23 #include <linux/unaligned/access_ok.h>
24 #include <linux/unaligned/generic.h>
27 struct event_log_buffer {
30 size_t pos; /* eventlog position */
31 size_t final_pos; /* final events config table position */
32 size_t last_event_size;
33 bool get_event_called;
37 static struct event_log_buffer event_log;
38 static bool tcg2_efi_app_invoked;
40 * When requesting TPM2_CAP_TPM_PROPERTIES the value is on a standard offset.
41 * Since the current tpm2_get_capability() response buffers starts at
42 * 'union tpmu_capabilities data' of 'struct tpms_capability_data', calculate
43 * the response size and offset once for all consumers
45 #define TPM2_RESPONSE_BUFFER_SIZE (sizeof(struct tpms_capability_data) - \
46 offsetof(struct tpms_capability_data, data))
47 #define properties_offset (offsetof(struct tpml_tagged_tpm_property, tpm_property) + \
48 offsetof(struct tpms_tagged_property, value))
50 static const efi_guid_t efi_guid_tcg2_protocol = EFI_TCG2_PROTOCOL_GUID;
51 static const efi_guid_t efi_guid_final_events = EFI_TCG2_FINAL_EVENTS_TABLE_GUID;
59 static const struct digest_info hash_algo_list[] = {
62 EFI_TCG2_BOOT_HASH_ALG_SHA1,
63 TPM2_SHA1_DIGEST_SIZE,
67 EFI_TCG2_BOOT_HASH_ALG_SHA256,
68 TPM2_SHA256_DIGEST_SIZE,
72 EFI_TCG2_BOOT_HASH_ALG_SHA384,
73 TPM2_SHA384_DIGEST_SIZE,
77 EFI_TCG2_BOOT_HASH_ALG_SHA512,
78 TPM2_SHA512_DIGEST_SIZE,
82 struct variable_info {
84 const efi_guid_t *guid;
87 static struct variable_info secure_variables[] = {
88 {L"SecureBoot", &efi_global_variable_guid},
89 {L"PK", &efi_global_variable_guid},
90 {L"KEK", &efi_global_variable_guid},
91 {L"db", &efi_guid_image_security_database},
92 {L"dbx", &efi_guid_image_security_database},
95 #define MAX_HASH_COUNT ARRAY_SIZE(hash_algo_list)
98 * alg_to_mask - Get a TCG hash mask for algorithms
100 * @hash_alg: TCG defined algorithm
102 * @Return: TCG hashing algorithm bitmaps, 0 if the algorithm is not supported
104 static u32 alg_to_mask(u16 hash_alg)
108 for (i = 0; i < MAX_HASH_COUNT; i++) {
109 if (hash_algo_list[i].hash_alg == hash_alg)
110 return hash_algo_list[i].hash_mask;
117 * alg_to_len - Get a TCG hash len for algorithms
119 * @hash_alg: TCG defined algorithm
121 * @Return: len of chosen algorithm, 0 if the algorithm is not supported
123 static u16 alg_to_len(u16 hash_alg)
127 for (i = 0; i < MAX_HASH_COUNT; i++) {
128 if (hash_algo_list[i].hash_alg == hash_alg)
129 return hash_algo_list[i].hash_len;
135 static u32 tcg_event_final_size(struct tpml_digest_values *digest_list)
140 len = offsetof(struct tcg_pcr_event2, digests);
141 len += offsetof(struct tpml_digest_values, digests);
142 for (i = 0; i < digest_list->count; i++) {
143 u16 hash_alg = digest_list->digests[i].hash_alg;
145 len += offsetof(struct tpmt_ha, digest);
146 len += alg_to_len(hash_alg);
148 len += sizeof(u32); /* tcg_pcr_event2 event_size*/
153 /* tcg2_pcr_extend - Extend PCRs for a TPM2 device for a given tpml_digest_values
156 * @digest_list: list of digest algorithms to extend
158 * @Return: status code
160 static efi_status_t tcg2_pcr_extend(struct udevice *dev, u32 pcr_index,
161 struct tpml_digest_values *digest_list)
166 for (i = 0; i < digest_list->count; i++) {
167 u32 alg = digest_list->digests[i].hash_alg;
169 rc = tpm2_pcr_extend(dev, pcr_index, alg,
170 (u8 *)&digest_list->digests[i].digest,
173 EFI_PRINT("Failed to extend PCR\n");
174 return EFI_DEVICE_ERROR;
181 /* tcg2_agile_log_append - Append an agile event to out eventlog
183 * @pcr_index: PCR index
184 * @event_type: type of event added
185 * @digest_list: list of digest algorithms to add
186 * @size: size of event
187 * @event: event to add
189 * @Return: status code
191 static efi_status_t tcg2_agile_log_append(u32 pcr_index, u32 event_type,
192 struct tpml_digest_values *digest_list,
193 u32 size, u8 event[])
195 void *log = (void *)((uintptr_t)event_log.buffer + event_log.pos);
200 if (event_log.get_event_called)
201 log = (void *)((uintptr_t)event_log.final_buffer +
202 event_log.final_pos);
205 * size refers to the length of event[] only, we need to check against
206 * the final tcg_pcr_event2 size
208 event_size = size + tcg_event_final_size(digest_list);
209 if (event_log.pos + event_size > TPM2_EVENT_LOG_SIZE ||
210 event_log.final_pos + event_size > TPM2_EVENT_LOG_SIZE) {
211 event_log.truncated = true;
212 return EFI_VOLUME_FULL;
215 put_unaligned_le32(pcr_index, log);
216 pos = offsetof(struct tcg_pcr_event2, event_type);
217 put_unaligned_le32(event_type, (void *)((uintptr_t)log + pos));
218 pos = offsetof(struct tcg_pcr_event2, digests); /* count */
219 put_unaligned_le32(digest_list->count, (void *)((uintptr_t)log + pos));
221 pos += offsetof(struct tpml_digest_values, digests);
222 for (i = 0; i < digest_list->count; i++) {
223 u16 hash_alg = digest_list->digests[i].hash_alg;
224 u8 *digest = (u8 *)&digest_list->digests[i].digest;
226 put_unaligned_le16(hash_alg, (void *)((uintptr_t)log + pos));
227 pos += offsetof(struct tpmt_ha, digest);
228 memcpy((void *)((uintptr_t)log + pos), digest, alg_to_len(hash_alg));
229 pos += alg_to_len(hash_alg);
232 put_unaligned_le32(size, (void *)((uintptr_t)log + pos));
233 pos += sizeof(u32); /* tcg_pcr_event2 event_size*/
234 memcpy((void *)((uintptr_t)log + pos), event, size);
237 /* make sure the calculated buffer is what we checked against */
238 if (pos != event_size)
239 return EFI_INVALID_PARAMETER;
241 /* if GetEventLog hasn't been called update the normal log */
242 if (!event_log.get_event_called) {
243 event_log.pos += pos;
244 event_log.last_event_size = pos;
246 /* if GetEventLog has been called update config table log */
247 struct efi_tcg2_final_events_table *final_event;
250 (struct efi_tcg2_final_events_table *)(event_log.final_buffer);
251 final_event->number_of_events++;
252 event_log.final_pos += pos;
259 * platform_get_tpm_device() - retrieve TPM device
261 * This function retrieves the udevice implementing a TPM
263 * This function may be overridden if special initialization is needed.
266 * Return: status code
268 __weak efi_status_t platform_get_tpm2_device(struct udevice **dev)
270 for_each_tpm_device(*dev) {
271 /* Only support TPMv2 devices */
272 if (tpm_get_version(*dev) == TPM_V2)
276 return EFI_NOT_FOUND;
280 * tpm2_get_max_command_size() - get the supported max command size
283 * @max_command_size: output buffer for the size
285 * Return: 0 on success, -1 on error
287 static int tpm2_get_max_command_size(struct udevice *dev, u16 *max_command_size)
289 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
292 memset(response, 0, sizeof(response));
293 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
294 TPM2_PT_MAX_COMMAND_SIZE, response, 1);
298 *max_command_size = (uint16_t)get_unaligned_be32(response +
305 * tpm2_get_max_response_size() - get the supported max response size
308 * @max_response_size: output buffer for the size
310 * Return: 0 on success, -1 on error
312 static int tpm2_get_max_response_size(struct udevice *dev,
313 u16 *max_response_size)
315 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
318 memset(response, 0, sizeof(response));
319 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
320 TPM2_PT_MAX_RESPONSE_SIZE, response, 1);
324 *max_response_size = (uint16_t)get_unaligned_be32(response +
331 * tpm2_get_manufacturer_id() - get the manufacturer ID
334 * @manufacturer_id: output buffer for the id
336 * Return: 0 on success, -1 on error
338 static int tpm2_get_manufacturer_id(struct udevice *dev, u32 *manufacturer_id)
340 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
343 memset(response, 0, sizeof(response));
344 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
345 TPM2_PT_MANUFACTURER, response, 1);
349 *manufacturer_id = get_unaligned_be32(response + properties_offset);
355 * tpm2_get_num_pcr() - get the number of PCRs
358 * @manufacturer_id: output buffer for the number
360 * Return: 0 on success, -1 on error
362 static int tpm2_get_num_pcr(struct udevice *dev, u32 *num_pcr)
364 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
367 memset(response, 0, sizeof(response));
368 ret = tpm2_get_capability(dev, TPM2_CAP_TPM_PROPERTIES,
369 TPM2_PT_PCR_COUNT, response, 1);
373 *num_pcr = get_unaligned_be32(response + properties_offset);
374 if (*num_pcr > TPM2_MAX_PCRS)
381 * is_active_pcr() - Check if a supported algorithm is active
384 * @selection: struct of PCR information
386 * Return: true if PCR is active
388 static bool is_active_pcr(struct tpms_pcr_selection *selection)
392 * check the pcr_select. If at least one of the PCRs supports the
393 * algorithm add it on the active ones
395 for (i = 0; i < selection->size_of_select; i++) {
396 if (selection->pcr_select[i])
404 * tpm2_get_pcr_info() - get the supported, active PCRs and number of banks
407 * @supported_pcr: bitmask with the algorithms supported
408 * @active_pcr: bitmask with the active algorithms
409 * @pcr_banks: number of PCR banks
411 * Return: 0 on success, -1 on error
413 static int tpm2_get_pcr_info(struct udevice *dev, u32 *supported_pcr,
414 u32 *active_pcr, u32 *pcr_banks)
416 u8 response[TPM2_RESPONSE_BUFFER_SIZE];
417 struct tpml_pcr_selection pcrs;
425 memset(response, 0, sizeof(response));
426 ret = tpm2_get_capability(dev, TPM2_CAP_PCRS, 0, response, 1);
430 pcrs.count = get_unaligned_be32(response);
432 * We only support 5 algorithms for now so check against that
433 * instead of TPM2_NUM_PCR_BANKS
435 if (pcrs.count > MAX_HASH_COUNT || pcrs.count < 1)
438 tpm_ret = tpm2_get_num_pcr(dev, &num_pcr);
442 for (i = 0; i < pcrs.count; i++) {
444 * Definition of TPMS_PCR_SELECTION Structure
447 * pcr_select: u8 array
449 * The offsets depend on the number of the device PCRs
450 * so we have to calculate them based on that
452 u32 hash_offset = offsetof(struct tpml_pcr_selection, selection) +
453 i * offsetof(struct tpms_pcr_selection, pcr_select) +
454 i * ((num_pcr + 7) / 8);
455 u32 size_select_offset =
456 hash_offset + offsetof(struct tpms_pcr_selection,
458 u32 pcr_select_offset =
459 hash_offset + offsetof(struct tpms_pcr_selection,
462 pcrs.selection[i].hash =
463 get_unaligned_be16(response + hash_offset);
464 pcrs.selection[i].size_of_select =
465 __get_unaligned_be(response + size_select_offset);
466 if (pcrs.selection[i].size_of_select > TPM2_PCR_SELECT_MAX)
468 /* copy the array of pcr_select */
469 memcpy(pcrs.selection[i].pcr_select, response + pcr_select_offset,
470 pcrs.selection[i].size_of_select);
473 for (i = 0; i < pcrs.count; i++) {
474 u32 hash_mask = alg_to_mask(pcrs.selection[i].hash);
477 *supported_pcr |= hash_mask;
478 if (is_active_pcr(&pcrs.selection[i]))
479 *active_pcr |= hash_mask;
481 EFI_PRINT("Unknown algorithm %x\n", pcrs.selection[i].hash);
485 *pcr_banks = pcrs.count;
493 * __get_active_pcr_banks() - returns the currently active PCR banks
495 * @active_pcr_banks: pointer for receiving the bitmap of currently
498 * Return: status code
500 static efi_status_t __get_active_pcr_banks(u32 *active_pcr_banks)
503 u32 active = 0, supported = 0, pcr_banks = 0;
507 ret = platform_get_tpm2_device(&dev);
508 if (ret != EFI_SUCCESS)
511 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_banks);
513 ret = EFI_DEVICE_ERROR;
517 *active_pcr_banks = active;
523 /* tcg2_create_digest - create a list of digests of the supported PCR banks
524 * for a given memory range
526 * @input: input memory
527 * @length: length of buffer to calculate the digest
528 * @digest_list: list of digests to fill in
530 * Return: status code
532 static efi_status_t tcg2_create_digest(const u8 *input, u32 length,
533 struct tpml_digest_values *digest_list)
536 sha256_context ctx_256;
537 sha512_context ctx_512;
538 u8 final[TPM2_SHA512_DIGEST_SIZE];
543 ret = __get_active_pcr_banks(&active);
544 if (ret != EFI_SUCCESS)
547 digest_list->count = 0;
548 for (i = 0; i < MAX_HASH_COUNT; i++) {
549 u16 hash_alg = hash_algo_list[i].hash_alg;
551 if (!(active & alg_to_mask(hash_alg)))
556 sha1_update(&ctx, input, length);
557 sha1_finish(&ctx, final);
559 case TPM2_ALG_SHA256:
560 sha256_starts(&ctx_256);
561 sha256_update(&ctx_256, input, length);
562 sha256_finish(&ctx_256, final);
564 case TPM2_ALG_SHA384:
565 sha384_starts(&ctx_512);
566 sha384_update(&ctx_512, input, length);
567 sha384_finish(&ctx_512, final);
569 case TPM2_ALG_SHA512:
570 sha512_starts(&ctx_512);
571 sha512_update(&ctx_512, input, length);
572 sha512_finish(&ctx_512, final);
575 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
576 return EFI_INVALID_PARAMETER;
578 digest_list->digests[digest_list->count].hash_alg = hash_alg;
579 memcpy(&digest_list->digests[digest_list->count].digest, final,
580 (u32)alg_to_len(hash_alg));
581 digest_list->count++;
588 * efi_tcg2_get_capability() - protocol capability information and state information
590 * @this: TCG2 protocol instance
591 * @capability: caller allocated memory with size field to the size of
592 * the structure allocated
594 * Return: status code
596 static efi_status_t EFIAPI
597 efi_tcg2_get_capability(struct efi_tcg2_protocol *this,
598 struct efi_tcg2_boot_service_capability *capability)
601 efi_status_t efi_ret;
604 EFI_ENTRY("%p, %p", this, capability);
606 if (!this || !capability) {
607 efi_ret = EFI_INVALID_PARAMETER;
611 if (capability->size < BOOT_SERVICE_CAPABILITY_MIN) {
612 capability->size = BOOT_SERVICE_CAPABILITY_MIN;
613 efi_ret = EFI_BUFFER_TOO_SMALL;
617 if (capability->size < sizeof(*capability)) {
618 capability->size = sizeof(*capability);
619 efi_ret = EFI_BUFFER_TOO_SMALL;
623 capability->structure_version.major = 1;
624 capability->structure_version.minor = 1;
625 capability->protocol_version.major = 1;
626 capability->protocol_version.minor = 1;
628 efi_ret = platform_get_tpm2_device(&dev);
629 if (efi_ret != EFI_SUCCESS) {
630 capability->supported_event_logs = 0;
631 capability->hash_algorithm_bitmap = 0;
632 capability->tpm_present_flag = false;
633 capability->max_command_size = 0;
634 capability->max_response_size = 0;
635 capability->manufacturer_id = 0;
636 capability->number_of_pcr_banks = 0;
637 capability->active_pcr_banks = 0;
639 efi_ret = EFI_SUCCESS;
643 /* We only allow a TPMv2 device to register the EFI protocol */
644 capability->supported_event_logs = TCG2_EVENT_LOG_FORMAT_TCG_2;
646 capability->tpm_present_flag = true;
648 /* Supported and active PCRs */
649 capability->hash_algorithm_bitmap = 0;
650 capability->active_pcr_banks = 0;
651 ret = tpm2_get_pcr_info(dev, &capability->hash_algorithm_bitmap,
652 &capability->active_pcr_banks,
653 &capability->number_of_pcr_banks);
655 efi_ret = EFI_DEVICE_ERROR;
659 /* Max command size */
660 ret = tpm2_get_max_command_size(dev, &capability->max_command_size);
662 efi_ret = EFI_DEVICE_ERROR;
666 /* Max response size */
667 ret = tpm2_get_max_response_size(dev, &capability->max_response_size);
669 efi_ret = EFI_DEVICE_ERROR;
673 /* Manufacturer ID */
674 ret = tpm2_get_manufacturer_id(dev, &capability->manufacturer_id);
676 efi_ret = EFI_DEVICE_ERROR;
680 return EFI_EXIT(EFI_SUCCESS);
682 return EFI_EXIT(efi_ret);
686 * efi_tcg2_get_eventlog() - retrieve the the address of an event log and its
689 * @this: TCG2 protocol instance
690 * @log_format: type of event log format
691 * @event_log_location: pointer to the memory address of the event log
692 * @event_log_last_entry: pointer to the address of the start of the last
693 * entry in the event log in memory, if log contains
695 * @event_log_truncated: set to true, if the Event Log is missing at i
698 * Return: status code
700 static efi_status_t EFIAPI
701 efi_tcg2_get_eventlog(struct efi_tcg2_protocol *this,
702 efi_tcg_event_log_format log_format,
703 u64 *event_log_location, u64 *event_log_last_entry,
704 bool *event_log_truncated)
706 efi_status_t ret = EFI_SUCCESS;
709 EFI_ENTRY("%p, %u, %p, %p, %p", this, log_format, event_log_location,
710 event_log_last_entry, event_log_truncated);
712 if (!this || !event_log_location || !event_log_last_entry ||
713 !event_log_truncated) {
714 ret = EFI_INVALID_PARAMETER;
718 /* Only support TPMV2 */
719 if (log_format != TCG2_EVENT_LOG_FORMAT_TCG_2) {
720 ret = EFI_INVALID_PARAMETER;
724 ret = platform_get_tpm2_device(&dev);
725 if (ret != EFI_SUCCESS) {
726 event_log_location = NULL;
727 event_log_last_entry = NULL;
728 *event_log_truncated = false;
732 *event_log_location = (uintptr_t)event_log.buffer;
733 *event_log_last_entry = (uintptr_t)(event_log.buffer + event_log.pos -
734 event_log.last_event_size);
735 *event_log_truncated = event_log.truncated;
736 event_log.get_event_called = true;
739 return EFI_EXIT(ret);
743 * tcg2_hash_pe_image() - calculate PE/COFF image hash
745 * @efi: pointer to the EFI binary
746 * @efi_size: size of @efi binary
747 * @digest_list: list of digest algorithms to extend
749 * Return: status code
751 static efi_status_t tcg2_hash_pe_image(void *efi, u64 efi_size,
752 struct tpml_digest_values *digest_list)
754 WIN_CERTIFICATE *wincerts = NULL;
756 struct efi_image_regions *regs = NULL;
757 void *new_efi = NULL;
758 u8 hash[TPM2_SHA512_DIGEST_SIZE];
763 new_efi = efi_prepare_aligned_image(efi, &efi_size);
765 return EFI_OUT_OF_RESOURCES;
767 if (!efi_image_parse(new_efi, efi_size, ®s, &wincerts,
769 log_err("Parsing PE executable image failed\n");
770 ret = EFI_UNSUPPORTED;
774 ret = __get_active_pcr_banks(&active);
775 if (ret != EFI_SUCCESS) {
779 digest_list->count = 0;
780 for (i = 0; i < MAX_HASH_COUNT; i++) {
781 u16 hash_alg = hash_algo_list[i].hash_alg;
783 if (!(active & alg_to_mask(hash_alg)))
787 hash_calculate("sha1", regs->reg, regs->num, hash);
789 case TPM2_ALG_SHA256:
790 hash_calculate("sha256", regs->reg, regs->num, hash);
792 case TPM2_ALG_SHA384:
793 hash_calculate("sha384", regs->reg, regs->num, hash);
795 case TPM2_ALG_SHA512:
796 hash_calculate("sha512", regs->reg, regs->num, hash);
799 EFI_PRINT("Unsupported algorithm %x\n", hash_alg);
800 return EFI_INVALID_PARAMETER;
802 digest_list->digests[digest_list->count].hash_alg = hash_alg;
803 memcpy(&digest_list->digests[digest_list->count].digest, hash,
804 (u32)alg_to_len(hash_alg));
805 digest_list->count++;
817 * tcg2_measure_pe_image() - measure PE/COFF image
819 * @efi: pointer to the EFI binary
820 * @efi_size: size of @efi binary
821 * @handle: loaded image handle
822 * @loaded_image: loaded image protocol
824 * Return: status code
826 efi_status_t tcg2_measure_pe_image(void *efi, u64 efi_size,
827 struct efi_loaded_image_obj *handle,
828 struct efi_loaded_image *loaded_image)
830 struct tpml_digest_values digest_list;
833 u32 pcr_index, event_type, event_size;
834 struct uefi_image_load_event *image_load_event;
835 struct efi_device_path *device_path;
836 u32 device_path_length;
837 IMAGE_DOS_HEADER *dos;
838 IMAGE_NT_HEADERS32 *nt;
839 struct efi_handler *handler;
841 ret = platform_get_tpm2_device(&dev);
842 if (ret != EFI_SUCCESS)
845 switch (handle->image_type) {
846 case IMAGE_SUBSYSTEM_EFI_APPLICATION:
848 event_type = EV_EFI_BOOT_SERVICES_APPLICATION;
850 case IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER:
852 event_type = EV_EFI_BOOT_SERVICES_DRIVER;
854 case IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER:
856 event_type = EV_EFI_RUNTIME_SERVICES_DRIVER;
859 return EFI_UNSUPPORTED;
862 ret = tcg2_hash_pe_image(efi, efi_size, &digest_list);
863 if (ret != EFI_SUCCESS)
866 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
867 if (ret != EFI_SUCCESS)
870 ret = efi_search_protocol(&handle->header,
871 &efi_guid_loaded_image_device_path, &handler);
872 if (ret != EFI_SUCCESS)
875 device_path = handler->protocol_interface;
876 device_path_length = efi_dp_size(device_path);
877 if (device_path_length > 0) {
878 /* add end node size */
879 device_path_length += sizeof(struct efi_device_path);
881 event_size = sizeof(struct uefi_image_load_event) + device_path_length;
882 image_load_event = calloc(1, event_size);
883 if (!image_load_event)
884 return EFI_OUT_OF_RESOURCES;
886 image_load_event->image_location_in_memory = (uintptr_t)efi;
887 image_load_event->image_length_in_memory = efi_size;
888 image_load_event->length_of_device_path = device_path_length;
890 dos = (IMAGE_DOS_HEADER *)efi;
891 nt = (IMAGE_NT_HEADERS32 *)(efi + dos->e_lfanew);
892 if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
893 IMAGE_NT_HEADERS64 *nt64 = (IMAGE_NT_HEADERS64 *)nt;
895 image_load_event->image_link_time_address =
896 nt64->OptionalHeader.ImageBase;
897 } else if (nt->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
898 image_load_event->image_link_time_address =
899 nt->OptionalHeader.ImageBase;
901 ret = EFI_INVALID_PARAMETER;
905 /* device_path_length might be zero */
906 memcpy(image_load_event->device_path, device_path, device_path_length);
908 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
909 event_size, (u8 *)image_load_event);
912 free(image_load_event);
918 * efi_tcg2_hash_log_extend_event() - extend and optionally log events
920 * @this: TCG2 protocol instance
921 * @flags: bitmap providing additional information on the
923 * @data_to_hash: physical address of the start of the data buffer
925 * @data_to_hash_len: the length in bytes of the buffer referenced by
927 * @efi_tcg_event: pointer to data buffer containing information
930 * Return: status code
932 static efi_status_t EFIAPI
933 efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
934 u64 data_to_hash, u64 data_to_hash_len,
935 struct efi_tcg2_event *efi_tcg_event)
939 u32 event_type, pcr_index, event_size;
940 struct tpml_digest_values digest_list;
942 EFI_ENTRY("%p, %llu, %llu, %llu, %p", this, flags, data_to_hash,
943 data_to_hash_len, efi_tcg_event);
945 if (!this || !data_to_hash || !efi_tcg_event) {
946 ret = EFI_INVALID_PARAMETER;
950 ret = platform_get_tpm2_device(&dev);
951 if (ret != EFI_SUCCESS)
954 if (efi_tcg_event->size < efi_tcg_event->header.header_size +
956 ret = EFI_INVALID_PARAMETER;
960 if (efi_tcg_event->header.pcr_index > EFI_TCG2_MAX_PCR_INDEX) {
961 ret = EFI_INVALID_PARAMETER;
966 * if PE_COFF_IMAGE is set we need to make sure the image is not
967 * corrupted, verify it and hash the PE/COFF image in accordance with
968 * the procedure specified in "Calculating the PE Image Hash"
969 * section of the "Windows Authenticode Portable Executable Signature
972 if (flags & PE_COFF_IMAGE) {
973 IMAGE_NT_HEADERS32 *nt;
975 ret = efi_check_pe((void *)(uintptr_t)data_to_hash,
976 data_to_hash_len, (void **)&nt);
977 if (ret != EFI_SUCCESS) {
978 log_err("Not a valid PE-COFF file\n");
979 ret = EFI_UNSUPPORTED;
982 ret = tcg2_hash_pe_image((void *)(uintptr_t)data_to_hash,
983 data_to_hash_len, &digest_list);
985 ret = tcg2_create_digest((u8 *)(uintptr_t)data_to_hash,
986 data_to_hash_len, &digest_list);
989 if (ret != EFI_SUCCESS)
992 pcr_index = efi_tcg_event->header.pcr_index;
993 event_type = efi_tcg_event->header.event_type;
995 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
996 if (ret != EFI_SUCCESS)
999 if (flags & EFI_TCG2_EXTEND_ONLY) {
1000 if (event_log.truncated)
1001 ret = EFI_VOLUME_FULL;
1006 * The efi_tcg_event size includes the size component and the
1009 event_size = efi_tcg_event->size - sizeof(efi_tcg_event->size) -
1010 efi_tcg_event->header.header_size;
1011 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1012 event_size, efi_tcg_event->event);
1014 return EFI_EXIT(ret);
1018 * efi_tcg2_submit_command() - Send command to the TPM
1020 * @this: TCG2 protocol instance
1021 * @input_param_block_size: size of the TPM input parameter block
1022 * @input_param_block: pointer to the TPM input parameter block
1023 * @output_param_block_size: size of the TPM output parameter block
1024 * @output_param_block: pointer to the TPM output parameter block
1026 * Return: status code
1028 static efi_status_t EFIAPI
1029 efi_tcg2_submit_command(__maybe_unused struct efi_tcg2_protocol *this,
1030 u32 __maybe_unused input_param_block_size,
1031 u8 __maybe_unused *input_param_block,
1032 u32 __maybe_unused output_param_block_size,
1033 u8 __maybe_unused *output_param_block)
1035 return EFI_UNSUPPORTED;
1039 * efi_tcg2_get_active_pcr_banks() - returns the currently active PCR banks
1041 * @this: TCG2 protocol instance
1042 * @active_pcr_banks: pointer for receiving the bitmap of currently
1045 * Return: status code
1047 static efi_status_t EFIAPI
1048 efi_tcg2_get_active_pcr_banks(struct efi_tcg2_protocol *this,
1049 u32 *active_pcr_banks)
1053 if (!this || !active_pcr_banks) {
1054 ret = EFI_INVALID_PARAMETER;
1058 EFI_ENTRY("%p, %p", this, active_pcr_banks);
1059 ret = __get_active_pcr_banks(active_pcr_banks);
1062 return EFI_EXIT(ret);
1066 * efi_tcg2_set_active_pcr_banks() - sets the currently active PCR banks
1068 * @this: TCG2 protocol instance
1069 * @active_pcr_banks: bitmap of the requested active PCR banks
1071 * Return: status code
1073 static efi_status_t EFIAPI
1074 efi_tcg2_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this,
1075 u32 __maybe_unused active_pcr_banks)
1077 return EFI_UNSUPPORTED;
1081 * efi_tcg2_get_result_of_set_active_pcr_banks() - retrieve result for previous
1082 * set_active_pcr_banks()
1084 * @this: TCG2 protocol instance
1085 * @operation_present: non-zero value to indicate a
1086 * set_active_pcr_banks operation was
1087 * invoked during last boot
1088 * @response: result value could be returned
1090 * Return: status code
1092 static efi_status_t EFIAPI
1093 efi_tcg2_get_result_of_set_active_pcr_banks(__maybe_unused struct efi_tcg2_protocol *this,
1094 u32 __maybe_unused *operation_present,
1095 u32 __maybe_unused *response)
1097 return EFI_UNSUPPORTED;
1100 static const struct efi_tcg2_protocol efi_tcg2_protocol = {
1101 .get_capability = efi_tcg2_get_capability,
1102 .get_eventlog = efi_tcg2_get_eventlog,
1103 .hash_log_extend_event = efi_tcg2_hash_log_extend_event,
1104 .submit_command = efi_tcg2_submit_command,
1105 .get_active_pcr_banks = efi_tcg2_get_active_pcr_banks,
1106 .set_active_pcr_banks = efi_tcg2_set_active_pcr_banks,
1107 .get_result_of_set_active_pcr_banks = efi_tcg2_get_result_of_set_active_pcr_banks,
1111 * create_specid_event() - Create the first event in the eventlog
1114 * @event_header: Pointer to the final event header
1115 * @event_size: final spec event size
1117 * Return: status code
1119 static efi_status_t create_specid_event(struct udevice *dev, void *buffer,
1122 struct tcg_efi_spec_id_event *spec_event;
1123 size_t spec_event_size;
1124 efi_status_t ret = EFI_DEVICE_ERROR;
1125 u32 active = 0, supported = 0, pcr_count = 0, alg_count = 0;
1130 * Create Spec event. This needs to be the first event in the log
1131 * according to the TCG EFI protocol spec
1134 /* Setup specID event data */
1135 spec_event = (struct tcg_efi_spec_id_event *)buffer;
1136 memcpy(spec_event->signature, TCG_EFI_SPEC_ID_EVENT_SIGNATURE_03,
1137 sizeof(spec_event->signature));
1138 put_unaligned_le32(0, &spec_event->platform_class); /* type client */
1139 spec_event->spec_version_minor =
1140 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MINOR_TPM2;
1141 spec_event->spec_version_major =
1142 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_MAJOR_TPM2;
1143 spec_event->spec_errata =
1144 TCG_EFI_SPEC_ID_EVENT_SPEC_VERSION_ERRATA_TPM2;
1145 spec_event->uintn_size = sizeof(efi_uintn_t) / sizeof(u32);
1147 err = tpm2_get_pcr_info(dev, &supported, &active, &pcr_count);
1152 for (i = 0; i < pcr_count; i++) {
1153 u16 hash_alg = hash_algo_list[i].hash_alg;
1154 u16 hash_len = hash_algo_list[i].hash_len;
1156 if (active & alg_to_mask(hash_alg)) {
1157 put_unaligned_le16(hash_alg,
1158 &spec_event->digest_sizes[alg_count].algorithm_id);
1159 put_unaligned_le16(hash_len,
1160 &spec_event->digest_sizes[alg_count].digest_size);
1165 spec_event->number_of_algorithms = alg_count;
1166 if (spec_event->number_of_algorithms > MAX_HASH_COUNT ||
1167 spec_event->number_of_algorithms < 1)
1171 * the size of the spec event and placement of vendor_info_size
1172 * depends on supported algoriths
1175 offsetof(struct tcg_efi_spec_id_event, digest_sizes) +
1176 spec_event->number_of_algorithms * sizeof(spec_event->digest_sizes[0]);
1177 /* no vendor info for us */
1178 memset(buffer + spec_event_size, 0, 1);
1179 /* add a byte for vendor_info_size in the spec event */
1180 spec_event_size += 1;
1181 *event_size = spec_event_size;
1190 * tcg2_uninit - remove the final event table and free efi memory on failures
1192 void tcg2_uninit(void)
1196 ret = efi_install_configuration_table(&efi_guid_final_events, NULL);
1197 if (ret != EFI_SUCCESS)
1198 log_err("Failed to delete final events config table\n");
1200 efi_free_pool(event_log.buffer);
1201 event_log.buffer = NULL;
1202 efi_free_pool(event_log.final_buffer);
1203 event_log.final_buffer = NULL;
1207 * create_final_event() - Create the final event and install the config
1208 * defined by the TCG EFI spec
1210 static efi_status_t create_final_event(void)
1212 struct efi_tcg2_final_events_table *final_event;
1216 * All events generated after the invocation of
1217 * EFI_TCG2_GET_EVENT_LOGS need to be stored in an instance of an
1218 * EFI_CONFIGURATION_TABLE
1220 ret = efi_allocate_pool(EFI_ACPI_MEMORY_NVS, TPM2_EVENT_LOG_SIZE,
1221 &event_log.final_buffer);
1222 if (ret != EFI_SUCCESS)
1225 memset(event_log.final_buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1226 final_event = event_log.final_buffer;
1227 final_event->number_of_events = 0;
1228 final_event->version = EFI_TCG2_FINAL_EVENTS_TABLE_VERSION;
1229 event_log.final_pos = sizeof(*final_event);
1230 ret = efi_install_configuration_table(&efi_guid_final_events,
1232 if (ret != EFI_SUCCESS) {
1233 efi_free_pool(event_log.final_buffer);
1234 event_log.final_buffer = NULL;
1242 * efi_init_event_log() - initialize an eventlog
1244 static efi_status_t efi_init_event_log(void)
1247 * vendor_info_size is currently set to 0, we need to change the length
1248 * and allocate the flexible array member if this changes
1250 struct tcg_pcr_event *event_header = NULL;
1251 struct udevice *dev;
1252 size_t spec_event_size;
1255 ret = platform_get_tpm2_device(&dev);
1256 if (ret != EFI_SUCCESS)
1259 ret = efi_allocate_pool(EFI_BOOT_SERVICES_DATA, TPM2_EVENT_LOG_SIZE,
1260 (void **)&event_log.buffer);
1261 if (ret != EFI_SUCCESS)
1265 * initialize log area as 0xff so the OS can easily figure out the
1268 memset(event_log.buffer, 0xff, TPM2_EVENT_LOG_SIZE);
1270 event_log.last_event_size = 0;
1271 event_log.get_event_called = false;
1272 event_log.truncated = false;
1275 * The log header is defined to be in SHA1 event log entry format.
1276 * Setup event header
1278 event_header = (struct tcg_pcr_event *)event_log.buffer;
1279 put_unaligned_le32(0, &event_header->pcr_index);
1280 put_unaligned_le32(EV_NO_ACTION, &event_header->event_type);
1281 memset(&event_header->digest, 0, sizeof(event_header->digest));
1282 ret = create_specid_event(dev, (void *)((uintptr_t)event_log.buffer + sizeof(*event_header)),
1284 if (ret != EFI_SUCCESS)
1286 put_unaligned_le32(spec_event_size, &event_header->event_size);
1287 event_log.pos = spec_event_size + sizeof(*event_header);
1288 event_log.last_event_size = event_log.pos;
1290 ret = create_final_event();
1291 if (ret != EFI_SUCCESS)
1298 efi_free_pool(event_log.buffer);
1299 event_log.buffer = NULL;
1304 * tcg2_measure_event() - common function to add event log and extend PCR
1307 * @pcr_index: PCR index
1308 * @event_type: type of event added
1310 * @event: event data
1312 * Return: status code
1315 tcg2_measure_event(struct udevice *dev, u32 pcr_index, u32 event_type,
1316 u32 size, u8 event[])
1318 struct tpml_digest_values digest_list;
1321 ret = tcg2_create_digest(event, size, &digest_list);
1322 if (ret != EFI_SUCCESS)
1325 ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
1326 if (ret != EFI_SUCCESS)
1329 ret = tcg2_agile_log_append(pcr_index, event_type, &digest_list,
1337 * efi_append_scrtm_version - Append an S-CRTM EV_S_CRTM_VERSION event on the
1338 * eventlog and extend the PCRs
1342 * @Return: status code
1344 static efi_status_t efi_append_scrtm_version(struct udevice *dev)
1348 ret = tcg2_measure_event(dev, 0, EV_S_CRTM_VERSION,
1349 strlen(version_string) + 1,
1350 (u8 *)version_string);
1356 * tcg2_measure_variable() - add variable event log and extend PCR
1359 * @pcr_index: PCR index
1360 * @event_type: type of event added
1361 * @var_name: variable name
1363 * @data_size: variable data size
1364 * @data: variable data
1366 * Return: status code
1368 static efi_status_t tcg2_measure_variable(struct udevice *dev, u32 pcr_index,
1369 u32 event_type, const u16 *var_name,
1370 const efi_guid_t *guid,
1371 efi_uintn_t data_size, u8 *data)
1375 struct efi_tcg2_uefi_variable_data *event;
1377 event_size = sizeof(event->variable_name) +
1378 sizeof(event->unicode_name_length) +
1379 sizeof(event->variable_data_length) +
1380 (u16_strlen(var_name) * sizeof(u16)) + data_size;
1381 event = malloc(event_size);
1383 return EFI_OUT_OF_RESOURCES;
1385 guidcpy(&event->variable_name, guid);
1386 event->unicode_name_length = u16_strlen(var_name);
1387 event->variable_data_length = data_size;
1388 memcpy(event->unicode_name, var_name,
1389 (event->unicode_name_length * sizeof(u16)));
1391 memcpy((u16 *)event->unicode_name + event->unicode_name_length,
1394 ret = tcg2_measure_event(dev, pcr_index, event_type, event_size,
1401 * tcg2_measure_boot_variable() - measure boot variables
1405 * Return: status code
1407 static efi_status_t tcg2_measure_boot_variable(struct udevice *dev)
1411 u16 var_name[] = L"BootOrder";
1412 u16 boot_name[] = L"Boot####";
1414 efi_uintn_t var_data_size;
1418 boot_order = efi_get_var(var_name, &efi_global_variable_guid,
1421 ret = EFI_NOT_FOUND;
1425 ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2, var_name,
1426 &efi_global_variable_guid, var_data_size,
1428 if (ret != EFI_SUCCESS)
1431 count = var_data_size / sizeof(*boot_order);
1432 boot_index = boot_order;
1433 for (i = 0; i < count; i++) {
1434 efi_create_indexed_name(boot_name, sizeof(boot_name),
1435 "Boot", *boot_index++);
1437 bootvar = efi_get_var(boot_name, &efi_global_variable_guid,
1441 log_info("%ls not found\n", boot_name);
1445 ret = tcg2_measure_variable(dev, 1, EV_EFI_VARIABLE_BOOT2,
1447 &efi_global_variable_guid,
1448 var_data_size, bootvar);
1450 if (ret != EFI_SUCCESS)
1460 * efi_tcg2_measure_efi_app_invocation() - measure efi app invocation
1462 * Return: status code
1464 efi_status_t efi_tcg2_measure_efi_app_invocation(void)
1468 struct udevice *dev;
1471 if (tcg2_efi_app_invoked)
1474 ret = platform_get_tpm2_device(&dev);
1475 if (ret != EFI_SUCCESS)
1478 ret = tcg2_measure_boot_variable(dev);
1479 if (ret != EFI_SUCCESS)
1482 ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
1483 strlen(EFI_CALLING_EFI_APPLICATION),
1484 (u8 *)EFI_CALLING_EFI_APPLICATION);
1485 if (ret != EFI_SUCCESS)
1488 for (pcr_index = 0; pcr_index <= 7; pcr_index++) {
1489 ret = tcg2_measure_event(dev, pcr_index, EV_SEPARATOR,
1490 sizeof(event), (u8 *)&event);
1491 if (ret != EFI_SUCCESS)
1495 tcg2_efi_app_invoked = true;
1501 * efi_tcg2_measure_efi_app_exit() - measure efi app exit
1503 * Return: status code
1505 efi_status_t efi_tcg2_measure_efi_app_exit(void)
1508 struct udevice *dev;
1510 ret = platform_get_tpm2_device(&dev);
1511 if (ret != EFI_SUCCESS)
1514 ret = tcg2_measure_event(dev, 4, EV_EFI_ACTION,
1515 strlen(EFI_RETURNING_FROM_EFI_APPLICATION),
1516 (u8 *)EFI_RETURNING_FROM_EFI_APPLICATION);
1521 * efi_tcg2_notify_exit_boot_services() - ExitBootService callback
1523 * @event: callback event
1524 * @context: callback context
1527 efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)
1530 struct udevice *dev;
1532 EFI_ENTRY("%p, %p", event, context);
1534 ret = platform_get_tpm2_device(&dev);
1535 if (ret != EFI_SUCCESS)
1538 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1539 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
1540 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
1541 if (ret != EFI_SUCCESS)
1544 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1545 strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED),
1546 (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED);
1553 * efi_tcg2_notify_exit_boot_services_failed()
1554 * - notify ExitBootServices() is failed
1556 * Return: status code
1558 efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)
1560 struct udevice *dev;
1563 ret = platform_get_tpm2_device(&dev);
1564 if (ret != EFI_SUCCESS)
1567 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1568 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
1569 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
1570 if (ret != EFI_SUCCESS)
1573 ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
1574 strlen(EFI_EXIT_BOOT_SERVICES_FAILED),
1575 (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED);
1582 * tcg2_measure_secure_boot_variable() - measure secure boot variables
1586 * Return: status code
1588 static efi_status_t tcg2_measure_secure_boot_variable(struct udevice *dev)
1591 efi_uintn_t data_size;
1595 count = ARRAY_SIZE(secure_variables);
1596 for (i = 0; i < count; i++) {
1598 * According to the TCG2 PC Client PFP spec, "SecureBoot",
1599 * "PK", "KEK", "db" and "dbx" variables must be measured
1600 * even if they are empty.
1602 data = efi_get_var(secure_variables[i].name,
1603 secure_variables[i].guid,
1606 ret = tcg2_measure_variable(dev, 7,
1607 EV_EFI_VARIABLE_DRIVER_CONFIG,
1608 secure_variables[i].name,
1609 secure_variables[i].guid,
1612 if (ret != EFI_SUCCESS)
1617 * TCG2 PC Client PFP spec says "dbt" and "dbr" are
1618 * measured if present and not empty.
1620 data = efi_get_var(L"dbt",
1621 &efi_guid_image_security_database,
1624 ret = tcg2_measure_variable(dev, 7,
1625 EV_EFI_VARIABLE_DRIVER_CONFIG,
1627 &efi_guid_image_security_database,
1632 data = efi_get_var(L"dbr",
1633 &efi_guid_image_security_database,
1636 ret = tcg2_measure_variable(dev, 7,
1637 EV_EFI_VARIABLE_DRIVER_CONFIG,
1639 &efi_guid_image_security_database,
1649 * efi_tcg2_register() - register EFI_TCG2_PROTOCOL
1651 * If a TPM2 device is available, the TPM TCG2 Protocol is registered
1653 * Return: An error status is only returned if adding the protocol fails.
1655 efi_status_t efi_tcg2_register(void)
1657 efi_status_t ret = EFI_SUCCESS;
1658 struct udevice *dev;
1659 struct efi_event *event;
1661 ret = platform_get_tpm2_device(&dev);
1662 if (ret != EFI_SUCCESS) {
1663 log_warning("Unable to find TPMv2 device\n");
1667 ret = efi_init_event_log();
1668 if (ret != EFI_SUCCESS)
1671 ret = efi_append_scrtm_version(dev);
1672 if (ret != EFI_SUCCESS) {
1677 ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol,
1678 (void *)&efi_tcg2_protocol);
1679 if (ret != EFI_SUCCESS) {
1684 ret = efi_create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK,
1685 efi_tcg2_notify_exit_boot_services, NULL,
1687 if (ret != EFI_SUCCESS) {
1692 ret = tcg2_measure_secure_boot_variable(dev);
1693 if (ret != EFI_SUCCESS) {
1701 log_err("Cannot install EFI_TCG2_PROTOCOL\n");
1703 * Return EFI_SUCCESS and don't stop the EFI subsystem.
1704 * That's done for 2 reasons
1705 * - If the protocol is not installed the PCRs won't be extended. So
1706 * someone later in the boot flow will notice that and take the
1707 * necessary actions.
1708 * - The TPM sandbox is limited and we won't be able to run any efi
1709 * related tests with TCG2 enabled
projects / platform / kernel / u-boot.git / blob