SecurityPkg: Debug code to audit BIOS TPM extend operations

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2858

In V2: Fixed patch format and uncrustify cleanup

In V1: Add debug functionality to examine TPM extend operations
performed by BIOS and inspect the PCR 00 value prior to
any BIOS measurements.

Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

1 files changed, 8 insertions, 1 deletions

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index a97a4e7f2d..622989aff3 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -1,7 +1,7 @@
 /** @file

   Initialize TPM2 device and measure FVs before handing off control to DXE.

 

-Copyright (c) 2015 - 2020, Intel Corporation. All rights reserved.<BR>

+Copyright (c) 2015 - 2021, Intel Corporation. All rights reserved.<BR>

 Copyright (c) 2017, Microsoft Corporation.  All rights reserved. <BR>

 SPDX-License-Identifier: BSD-2-Clause-Patent

 

@@ -1106,6 +1106,13 @@ PeimEntryMA (
       }

     }

 

+    DEBUG_CODE_BEGIN ();

+    //

+    // Peek into TPM PCR 00 before any BIOS measurement.

+    //

+    Tpm2PcrReadForActiveBank (00, NULL);

+    DEBUG_CODE_END ();

+

     //

     // Only install TpmInitializedPpi on success

     //