diff options
| -rw-r--r-- | SecurityPkg/Include/Guid/MeasuredFvHob.h (renamed from SecurityPkg/Include/Guid/TrustedFvHob.h) | 19 | ||||
| -rw-r--r-- | SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c | 22 | ||||
| -rw-r--r-- | SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf | 2 | ||||
| -rw-r--r-- | SecurityPkg/SecurityPkg.dec | 4 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/TcgPei/TcgPei.c | 26 | ||||
| -rw-r--r-- | SecurityPkg/Tcg/TcgPei/TcgPei.inf | 2 |
6 files changed, 39 insertions, 36 deletions
diff --git a/SecurityPkg/Include/Guid/TrustedFvHob.h b/SecurityPkg/Include/Guid/MeasuredFvHob.h index 3a3a607079..a2e6922335 100644 --- a/SecurityPkg/Include/Guid/TrustedFvHob.h +++ b/SecurityPkg/Include/Guid/MeasuredFvHob.h @@ -1,5 +1,5 @@ /** @file
- Defines the HOB GUID used to pass all PEI trusted FV info to
+ Defines the HOB GUID used to pass all PEI measured FV info to
DXE Driver.
Copyright (c) 2012, Intel Corporation. All rights reserved.<BR>
@@ -13,17 +13,24 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. **/
-#ifndef _TRUSTED_FV_HOB_H_
-#define _TRUSTED_FV_HOB_H_
+#ifndef _MEASURED_FV_HOB_H_
+#define _MEASURED_FV_HOB_H_
+
+#include <IndustryStandard/UefiTcgPlatform.h>
///
-/// The Global ID of a GUIDed HOB used to pass all PEI trusted FV info to DXE Driver.
+/// The Global ID of a GUIDed HOB used to pass all PEI measured FV info to DXE Driver.
///
-#define EFI_TRUSTED_FV_HOB_GUID \
+#define EFI_MEASURED_FV_HOB_GUID \
{ \
0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 } \
}
-extern EFI_GUID gTrustedFvHobGuid;
+extern EFI_GUID gMeasuredFvHobGuid;
+
+typedef struct {
+ UINT32 Num;
+ EFI_PLATFORM_FIRMWARE_BLOB MeasuredFvBuf[1];
+} MEASURED_HOB_DATA;
#endif
diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c index f3e486eadc..eae68eab6b 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c @@ -34,7 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Protocol/DevicePathToText.h>
#include <Protocol/FirmwareVolumeBlock.h>
-#include <Guid/TrustedFvHob.h>
+#include <Guid/MeasuredFvHob.h>
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
@@ -59,7 +59,7 @@ UINTN mImageSize; // Measured FV handle cache
//
EFI_HANDLE mCacheMeasuredHandle = NULL;
-UINT32 *mGuidHobData = NULL;
+MEASURED_HOB_DATA *mMeasuredHobData = NULL;
/**
Reads contents of a PE/COFF image in memory buffer.
@@ -740,7 +740,6 @@ DxeTpmMeasureBootHandler ( PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
EFI_FIRMWARE_VOLUME_BLOCK_PROTOCOL *FvbProtocol;
EFI_PHYSICAL_ADDRESS FvAddress;
- EFI_PLATFORM_FIRMWARE_BLOB *TrustedFvBuf;
UINT32 Index;
Status = gBS->LocateProtocol (&gEfiTcgProtocolGuid, NULL, (VOID **) &TcgProtocol);
@@ -848,14 +847,14 @@ DxeTpmMeasureBootHandler ( return EFI_SUCCESS;
}
//
- // The PE image from untrusted Firmware volume need be measured
- // The PE image from trusted Firmware volume will be mearsured according to policy below.
- // if it is driver, do not measure
+ // The PE image from unmeasured Firmware volume need be measured
+ // The PE image from measured Firmware volume will be mearsured according to policy below.
+ // If it is driver, do not measure
// If it is application, still measure.
//
ApplicationRequired = TRUE;
- if (mCacheMeasuredHandle != Handle && mGuidHobData != NULL) {
+ if (mCacheMeasuredHandle != Handle && mMeasuredHobData != NULL) {
//
// Search for Root FV of this PE image
//
@@ -877,11 +876,10 @@ DxeTpmMeasureBootHandler ( return Status;
}
- TrustedFvBuf = (EFI_PLATFORM_FIRMWARE_BLOB *)(mGuidHobData + 1);
ApplicationRequired = FALSE;
- for (Index = 0; Index < *mGuidHobData; Index++) {
- if(TrustedFvBuf[Index].BlobBase == FvAddress) {
+ for (Index = 0; Index < mMeasuredHobData->Num; Index++) {
+ if(mMeasuredHobData->MeasuredFvBuf[Index].BlobBase == FvAddress) {
//
// Cache measured FV for next measurement
//
@@ -996,10 +994,10 @@ DxeTpmMeasureBootLibConstructor ( GuidHob = NULL;
- GuidHob = GetFirstGuidHob (&gTrustedFvHobGuid);
+ GuidHob = GetFirstGuidHob (&gMeasuredFvHobGuid);
if (GuidHob != NULL) {
- mGuidHobData = GET_GUID_HOB_DATA (GuidHob);
+ mMeasuredHobData = GET_GUID_HOB_DATA (GuidHob);
}
return RegisterSecurity2Handler (
diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf index 9b0e3cb79b..53b26b0284 100644 --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.inf @@ -53,7 +53,7 @@ HobLib
[Guids]
- gTrustedFvHobGuid
+ gMeasuredFvHobGuid
[Protocols]
gEfiTcgProtocolGuid ## CONSUMES
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index 2438f987b6..8bd7145a2d 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -47,8 +47,8 @@ ## Include/Guid/TcgEventHob.h
gTcgEventEntryHobGuid = { 0x2e3044ac, 0x879f, 0x490f, {0x97, 0x60, 0xbb, 0xdf, 0xaf, 0x69, 0x5f, 0x50 }}
- ## Include/Guid/TrustedFvHob.h
- gTrustedFvHobGuid = { 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }}
+ ## Include/Guid/MeasuredFvHob.h
+ gMeasuredFvHobGuid = { 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }}
## Include/Guid/PhysicalPresenceData.h
gEfiPhysicalPresenceGuid = { 0xf6499b1, 0xe9ad, 0x493d, { 0xb9, 0xc2, 0x2f, 0x90, 0x81, 0x5c, 0x6c, 0xbc }}
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.c b/SecurityPkg/Tcg/TcgPei/TcgPei.c index e8fd1f12d0..60d9192103 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.c +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.c @@ -23,7 +23,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <Ppi/EndOfPeiPhase.h>
#include <Guid/TcgEventHob.h>
-#include <Guid/TrustedFvHob.h>
+#include <Guid/MeasuredFvHob.h>
#include <Library/DebugLib.h>
#include <Library/BaseMemoryLib.h>
@@ -148,35 +148,33 @@ EndofPeiSignalNotifyCallBack ( IN VOID *Ppi
)
{
- UINT8 *HobData;
+ MEASURED_HOB_DATA *MeasuredHobData;
- HobData = NULL;
+ MeasuredHobData = NULL;
//
- // Create a Guid hob to save all trusted Fv
+ // Create a Guid hob to save all measured Fv
//
- HobData = BuildGuidHob(
- &gTrustedFvHobGuid,
- sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex)
- );
+ MeasuredHobData = BuildGuidHob(
+ &gMeasuredFvHobGuid,
+ sizeof(UINTN) + sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex + mMeasuredChildFvIndex)
+ );
- if (HobData != NULL){
+ if (MeasuredHobData != NULL){
//
// Save measured FV info enty number
//
- *(UINT32 *)HobData = mMeasuredBaseFvIndex + mMeasuredChildFvIndex;
+ MeasuredHobData->Num = mMeasuredBaseFvIndex + mMeasuredChildFvIndex;
- HobData += sizeof(UINT32);
//
// Save measured base Fv info
//
- CopyMem (HobData, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex));
+ CopyMem (MeasuredHobData->MeasuredFvBuf, mMeasuredBaseFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex));
- HobData += sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredBaseFvIndex);
//
// Save measured child Fv info
//
- CopyMem (HobData, mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));
+ CopyMem (&MeasuredHobData->MeasuredFvBuf[mMeasuredBaseFvIndex] , mMeasuredChildFvInfo, sizeof(EFI_PLATFORM_FIRMWARE_BLOB) * (mMeasuredChildFvIndex));
}
return EFI_SUCCESS;
diff --git a/SecurityPkg/Tcg/TcgPei/TcgPei.inf b/SecurityPkg/Tcg/TcgPei/TcgPei.inf index 0143baa687..48d4efce5c 100644 --- a/SecurityPkg/Tcg/TcgPei/TcgPei.inf +++ b/SecurityPkg/Tcg/TcgPei/TcgPei.inf @@ -51,7 +51,7 @@ [Guids]
gTcgEventEntryHobGuid
- gTrustedFvHobGuid
+ gMeasuredFvHobGuid
[Ppis]
gPeiLockPhysicalPresencePpiGuid
|