Enable TPM measurement lib to measure all PE image from a FV unmeasured by TcgPei

Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by  : Dong, Guo  <guo.dong@intel.com>

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13714 6f19259b-4bc3-4df7-8a09-765794883524

2 files changed, 84 insertions, 19 deletions

diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
index 300a15fe6b..9b13806e89 100644
--- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
+++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
@@ -29,10 +29,12 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <PiDxe.h>

 

 #include <Protocol/TcgService.h>

-#include <Protocol/FirmwareVolume2.h>

 #include <Protocol/BlockIo.h>

 #include <Protocol/DiskIo.h>

 #include <Protocol/DevicePathToText.h>

+#include <Protocol/FirmwareVolumeBlock.h>

+

+#include <Guid/TrustedFvHob.h>

 

 #include <Library/BaseLib.h>

 #include <Library/DebugLib.h>

@@ -43,6 +45,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/BaseCryptLib.h>

 #include <Library/PeCoffLib.h>

 #include <Library/SecurityManagementLib.h>

+#include <Library/HobLib.h>

 

 //

 // Flag to check GPT partition. It only need be measured once.

@@ -52,6 +55,11 @@ EFI_GUID                          mZeroGuid = {0, 0, 0, {0, 0, 0, 0, 0, 0, 0, 0}
 UINTN                             mMeasureGptCount = 0;

 VOID                              *mFileBuffer;

 UINTN                             mImageSize;

+//

+// Measured FV handle cache

+//

+EFI_HANDLE                        mCacheMeasuredHandle  = NULL;

+UINT32                            *mGuidHobData         = NULL;

 

 /**

   Reads contents of a PE/COFF image in memory buffer.

@@ -718,17 +726,22 @@ DxeTpmMeasureBootHandler (
   IN  BOOLEAN                          BootPolicy

   )

 {

-  EFI_TCG_PROTOCOL                  *TcgProtocol;

-  EFI_STATUS                        Status;

-  TCG_EFI_BOOT_SERVICE_CAPABILITY   ProtocolCapability;

-  UINT32                            TCGFeatureFlags;

-  EFI_PHYSICAL_ADDRESS              EventLogLocation;

-  EFI_PHYSICAL_ADDRESS              EventLogLastEntry;

-  EFI_DEVICE_PATH_PROTOCOL          *DevicePathNode;

-  EFI_DEVICE_PATH_PROTOCOL          *OrigDevicePathNode;

-  EFI_HANDLE                        Handle;

-  BOOLEAN                           ApplicationRequired;

-  PE_COFF_LOADER_IMAGE_CONTEXT      ImageContext;

+  EFI_TCG_PROTOCOL                    *TcgProtocol;

+  EFI_STATUS                          Status;

+  TCG_EFI_BOOT_SERVICE_CAPABILITY     ProtocolCapability;

+  UINT32                              TCGFeatureFlags;

+  EFI_PHYSICAL_ADDRESS                EventLogLocation;

+  EFI_PHYSICAL_ADDRESS                EventLogLastEntry;

+  EFI_DEVICE_PATH_PROTOCOL            *DevicePathNode;

+  EFI_DEVICE_PATH_PROTOCOL            *OrigDevicePathNode;

+  EFI_HANDLE                          Handle;

+  EFI_HANDLE                          TempHandle;

+  BOOLEAN                             ApplicationRequired;

+  PE_COFF_LOADER_IMAGE_CONTEXT        ImageContext;

+  EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL  *FvbProtocol;

+  EFI_PHYSICAL_ADDRESS                FvAddress;

+  EFI_PLATFORM_FIRMWARE_BLOB          *TrustedFvBuf;

+  UINT32                              Index;

 

   Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);

   if (EFI_ERROR (Status)) {

@@ -822,10 +835,10 @@ DxeTpmMeasureBootHandler (
   ApplicationRequired = FALSE;

 

   //

-  // Check whether this device path support FV2 protocol.

+  // Check whether this device path support FVB protocol.

   //

   DevicePathNode = OrigDevicePathNode;

-  Status = gBS->LocateDevicePath (&gEfiFirmwareVolume2ProtocolGuid, &DevicePathNode, &Handle);

+  Status = gBS->LocateDevicePath (&gEfiFirmwareVolumeBlockProtocolGuid, &DevicePathNode, &Handle);

   if (!EFI_ERROR (Status)) {

     //

     // Don't check FV image, and directly return EFI_SUCCESS.

@@ -835,13 +848,51 @@ DxeTpmMeasureBootHandler (
       return EFI_SUCCESS;

     }

     //

-    // The image from Firmware image will not be mearsured.

-    // Current policy doesn't measure PeImage from Firmware if it is driver

-    // If the got PeImage is application, it will be still be measured.

+    // The PE image from untrusted Firmware volume need be measured

+    // The PE image from trusted Firmware volume will be mearsured according to policy below.

+    //   if it is driver, do not measure

+    //   If it is application, still measure.

     //

     ApplicationRequired = TRUE;

+

+    if (mCacheMeasuredHandle != Handle && mGuidHobData != NULL) {

+      //

+      // Search for Root FV of this PE image

+      //

+      TempHandle = Handle;

+      do {

+        Status = gBS->HandleProtocol(

+                        TempHandle, 

+                        &gEfiFirmwareVolumeBlockProtocolGuid,

+                        &FvbProtocol

+                        );

+        TempHandle = FvbProtocol->ParentHandle;

+      } while (!EFI_ERROR(Status) && FvbProtocol->ParentHandle != NULL);

+

+      //

+      // Search in measured FV Hob

+      //

+      Status = FvbProtocol->GetPhysicalAddress(FvbProtocol, &FvAddress);

+      if (EFI_ERROR(Status)){

+        return Status;

+      }

+

+      TrustedFvBuf        = (EFI_PLATFORM_FIRMWARE_BLOB *)(mGuidHobData + 1);

+      ApplicationRequired = FALSE;

+

+      for (Index = 0; Index < *mGuidHobData; Index++) {

+        if(TrustedFvBuf[Index].BlobBase == FvAddress) {

+          //

+          // Cache measured FV for next measurement

+          //

+          mCacheMeasuredHandle = Handle;

+          ApplicationRequired  = TRUE;

+          break;

+        }

+      }

+    }

   }

-  

+

   //

   // File is not found.

   //

@@ -941,6 +992,16 @@ DxeTpmMeasureBootLibConstructor (
   IN EFI_SYSTEM_TABLE  *SystemTable

   )

 {

+  EFI_HOB_GUID_TYPE  *GuidHob;

+

+  GuidHob = NULL;

+

+  GuidHob = GetFirstGuidHob (&gTrustedFvHobGuid);

+

+  if (GuidHob != NULL) {

+    mGuidHobData = GET_GUID_HOB_DATA (GuidHob);

+  }

+

   return RegisterSecurity2Handler (

           DxeTpmMeasureBootHandler,

           EFI_AUTH_OPERATION_MEASURE_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED

diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
index 44d27a0887..9b0e3cb79b 100644
--- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
+++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf
@@ -50,10 +50,14 @@
   PeCoffLib

   BaseLib

   SecurityManagementLib

+  HobLib

+

+[Guids]

+  gTrustedFvHobGuid

 

 [Protocols]

   gEfiTcgProtocolGuid                   ## CONSUMES

-  gEfiFirmwareVolume2ProtocolGuid       ## CONSUMES

+  gEfiFirmwareVolumeBlockProtocolGuid   ## CONSUMES

   gEfiBlockIoProtocolGuid               ## CONSUMES

   gEfiDiskIoProtocolGuid                ## CONSUMES

   gEfiDevicePathToTextProtocolGuid      ## SOMETIMES_CONSUMES (Only used in debug mode)