SecurityPkg: Fix TPM2 ACPI measurement.

We have discussed in this thread.
https://edk2.groups.io/g/devel/topic/32205028

Before the change, TPM FW upgrade will impact TPM2 ACPI PCR value because
TPM2 ACPI HID include FW version.

This change make the measurement before TPM2 HID fixup. So, after TPM FW
upgrade, the ACPI PCR record remains the same.

Signed-off-by: Derek Lin <derek.lin2@hpe.com>
Reviewed by: Jiewen Yao <Jiewen.yao@intel.com>
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

1 files changed, 16 insertions, 14 deletions

diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
index bd786bf479..54966c83ce 100644
--- a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
+++ b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
@@ -664,7 +664,22 @@ PublishAcpiTable (
     ));

 

   //

-  // Update TPM2 HID before measuring it to PCR

+  // Measure to PCR[0] with event EV_POST_CODE ACPI DATA.

+  // The measurement has to be done before UpdateHID since TPM2 ACPI HID

+  // imply TPM Firmware Version. Otherwise, the PCR record would be

+  // different after TPM FW update.

+  //

+  TpmMeasureAndLogData(

+    0,

+    EV_POST_CODE,

+    EV_POSTCODE_INFO_ACPI_DATA,

+    ACPI_DATA_LEN,

+    Table,

+    TableSize

+    );

+

+  //

+  // Update TPM2 HID after measuring it to PCR

   //

   Status = UpdateHID(Table);

   if (EFI_ERROR(Status)) {

@@ -694,19 +709,6 @@ PublishAcpiTable (
     }

   }

 

-  //

-  // Measure to PCR[0] with event EV_POST_CODE ACPI DATA

-  //

-  TpmMeasureAndLogData(

-    0,

-    EV_POST_CODE,

-    EV_POSTCODE_INFO_ACPI_DATA,

-    ACPI_DATA_LEN,

-    Table,

-    TableSize

-    );

-

-

   ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'p', 'm', '2', 'T', 'a', 'b', 'l'));

   CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId) );

   mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS));