source: vbox/trunk/src/VBox/Devices/EFI/Firmware/IntelFsp2WrapperPkg/Library/BaseFspMeasurementLib/FspMeasurementLib.c@ 105681

/** @file
  This library is used by FSP modules to measure data to TPM.

Copyright (c) 2020, Intel Corporation. All rights reserved. <BR>
SPDX-License-Identifier: BSD-2-Clause-Patent

**/

#include <PiPei.h>
#include <Uefi.h>

#include <Library/BaseMemoryLib.h>
#include <Library/PeiServicesLib.h>
#include <Library/PeiServicesTablePointerLib.h>
#include <Library/PcdLib.h>
#include <Library/PrintLib.h>
#include <Library/DebugLib.h>
#include <Library/FspWrapperApiLib.h>
#include <Library/TpmMeasurementLib.h>
#include <Library/FspMeasurementLib.h>
#include <Library/TcgEventLogRecordLib.h>
#include <Library/HashLib.h>

#include <Ppi/Tcg.h>
#include <IndustryStandard/UefiTcgPlatform.h>

/**
  Tpm measure and log data, and extend the measurement result into a specific PCR.

  @param[in]  PcrIndex         PCR Index.
  @param[in]  EventType        Event type.
  @param[in]  EventLog         Measurement event log.
  @param[in]  LogLen           Event log length in bytes.
  @param[in]  HashData         The start of the data buffer to be hashed, extended.
  @param[in]  HashDataLen      The length, in bytes, of the buffer referenced by HashData
  @param[in]  Flags            Bitmap providing additional information.

  @retval EFI_SUCCESS           Operation completed successfully.
  @retval EFI_UNSUPPORTED       TPM device not available.
  @retval EFI_OUT_OF_RESOURCES  Out of memory.
  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
**/
EFI_STATUS
EFIAPI
TpmMeasureAndLogDataWithFlags (
  IN UINT32  PcrIndex,
  IN UINT32  EventType,
  IN VOID    *EventLog,
  IN UINT32  LogLen,
  IN VOID    *HashData,
  IN UINT64  HashDataLen,
  IN UINT64  Flags
  )
{
  EFI_STATUS         Status;
  EDKII_TCG_PPI      *TcgPpi;
  TCG_PCR_EVENT_HDR  TcgEventHdr;

  Status = PeiServicesLocatePpi (
             &gEdkiiTcgPpiGuid,
             0,
             NULL,
             (VOID **)&TcgPpi
             );
  if (EFI_ERROR (Status)) {
    return Status;
  }

  TcgEventHdr.PCRIndex  = PcrIndex;
  TcgEventHdr.EventType = EventType;
  TcgEventHdr.EventSize = LogLen;

  Status = TcgPpi->HashLogExtendEvent (
                     TcgPpi,
                     Flags,
                     HashData,
                     (UINTN)HashDataLen,
                     &TcgEventHdr,
                     EventLog
                     );
  return Status;
}

/**
  Measure a FSP FirmwareBlob.

  @param[in]  Description             Description for this FirmwareBlob.
  @param[in]  FirmwareBlobBase        Base address of this FirmwareBlob.
  @param[in]  FirmwareBlobLength      Size in bytes of this FirmwareBlob.
  @param[in]  CfgRegionOffset         Configuration region offset in bytes.
  @param[in]  CfgRegionSize           Configuration region in bytes.

  @retval EFI_SUCCESS           Operation completed successfully.
  @retval EFI_UNSUPPORTED       TPM device not available.
  @retval EFI_OUT_OF_RESOURCES  Out of memory.
  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
**/
STATIC
EFI_STATUS
EFIAPI
MeasureFspFirmwareBlobWithCfg (
  IN CHAR8                 *Description OPTIONAL,
  IN EFI_PHYSICAL_ADDRESS  FirmwareBlobBase,
  IN UINT64                FirmwareBlobLength,
  IN UINT32                CfgRegionOffset,
  IN UINT32                CfgRegionSize
  )
{
  EFI_PLATFORM_FIRMWARE_BLOB      FvBlob, UpdBlob;
  PLATFORM_FIRMWARE_BLOB2_STRUCT  FvBlob2, UpdBlob2;
  VOID                            *FvName;
  UINT32                          FvEventType;
  VOID                            *FvEventLog, *UpdEventLog;
  UINT32                          FvEventLogSize, UpdEventLogSize;
  EFI_STATUS                      Status;
  HASH_HANDLE                     HashHandle;
  UINT8                           *HashBase;
  UINTN                           HashSize;
  TPML_DIGEST_VALUES              DigestList;

  FvName = TpmMeasurementGetFvName (FirmwareBlobBase, FirmwareBlobLength);

  if (((Description != NULL) || (FvName != NULL)) &&
      (PcdGet32 (PcdTcgPfpMeasurementRevision) >= TCG_EfiSpecIDEventStruct_SPEC_ERRATA_TPM2_REV_105))
  {
    if (Description != NULL) {
      AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "%a", Description);
      AsciiSPrint ((CHAR8 *)UpdBlob2.BlobDescription, sizeof (UpdBlob2.BlobDescription), "%aUDP", Description);
    } else {
      AsciiSPrint ((CHAR8 *)FvBlob2.BlobDescription, sizeof (FvBlob2.BlobDescription), "Fv(%g)", FvName);
      AsciiSPrint ((CHAR8 *)UpdBlob2.BlobDescription, sizeof (UpdBlob2.BlobDescription), "(%g)UDP", FvName);
    }

    FvBlob2.BlobDescriptionSize = sizeof (FvBlob2.BlobDescription);
    FvBlob2.BlobBase            = FirmwareBlobBase;
    FvBlob2.BlobLength          = FirmwareBlobLength;
    FvEventType                 = EV_EFI_PLATFORM_FIRMWARE_BLOB2;
    FvEventLog                  = &FvBlob2;
    FvEventLogSize              = sizeof (FvBlob2);

    UpdBlob2.BlobDescriptionSize = sizeof (UpdBlob2.BlobDescription);
    UpdBlob2.BlobBase            = CfgRegionOffset;
    UpdBlob2.BlobLength          = CfgRegionSize;
    UpdEventLog                  = &UpdBlob2;
    UpdEventLogSize              = sizeof (UpdBlob2);
  } else {
    FvBlob.BlobBase   = FirmwareBlobBase;
    FvBlob.BlobLength = FirmwareBlobLength;
    FvEventType       = EV_EFI_PLATFORM_FIRMWARE_BLOB;
    FvEventLog        = &FvBlob;
    FvEventLogSize    = sizeof (FvBlob);

    UpdBlob.BlobBase   = CfgRegionOffset;
    UpdBlob.BlobLength = CfgRegionSize;
    UpdEventLog        = &UpdBlob;
    UpdEventLogSize    = sizeof (UpdBlob);
  }

  /** Initialize a SHA hash context. **/
  Status = HashStart (&HashHandle);
  if (EFI_ERROR (Status)) {
    DEBUG ((DEBUG_ERROR, "HashStart failed - %r\n", Status));
    return Status;
  }

  /** Hash FSP binary before UDP **/
  HashBase = (UINT8 *)(UINTN)FirmwareBlobBase;
  HashSize = (UINTN)CfgRegionOffset;
  Status   = HashUpdate (HashHandle, HashBase, HashSize);
  if (EFI_ERROR (Status)) {
    DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
    return Status;
  }

  /** Hash FSP binary after UDP **/
  HashBase = (UINT8 *)(UINTN)FirmwareBlobBase + CfgRegionOffset + CfgRegionSize;
  HashSize = (UINTN)(FirmwareBlobLength - CfgRegionOffset - CfgRegionSize);
  Status   = HashUpdate (HashHandle, HashBase, HashSize);
  if (EFI_ERROR (Status)) {
    DEBUG ((DEBUG_ERROR, "HashUpdate failed - %r\n", Status));
    return Status;
  }

  /** Finalize the SHA hash. **/
  Status = HashCompleteAndExtend (HashHandle, 0, NULL, 0, &DigestList);
  if (EFI_ERROR (Status)) {
    DEBUG ((DEBUG_ERROR, "HashCompleteAndExtend failed - %r\n", Status));
    return Status;
  }

  Status = TpmMeasureAndLogDataWithFlags (
             0,
             FvEventType,
             FvEventLog,
             FvEventLogSize,
             (UINT8 *)&DigestList,
             (UINTN)sizeof (DigestList),
             EDKII_TCG_PRE_HASH_LOG_ONLY
             );
  if (EFI_ERROR (Status)) {
    DEBUG ((DEBUG_ERROR, "TpmMeasureAndLogDataWithFlags failed - %r\n", Status));
    return Status;
  }

  Status = TpmMeasureAndLogData (
             1,
             EV_PLATFORM_CONFIG_FLAGS,
             UpdEventLog,
             UpdEventLogSize,
             (UINT8 *)(UINTN)FirmwareBlobBase + CfgRegionOffset,
             CfgRegionSize
             );

  return Status;
}

/**
  Measure a FSP FirmwareBlob.

  @param[in]  PcrIndex                PCR Index.
  @param[in]  Description             Description for this FirmwareBlob.
  @param[in]  FirmwareBlobBase        Base address of this FirmwareBlob.
  @param[in]  FirmwareBlobLength      Size in bytes of this FirmwareBlob.

  @retval EFI_SUCCESS           Operation completed successfully.
  @retval EFI_UNSUPPORTED       TPM device not available.
  @retval EFI_OUT_OF_RESOURCES  Out of memory.
  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
**/
EFI_STATUS
EFIAPI
MeasureFspFirmwareBlob (
  IN UINT32                PcrIndex,
  IN CHAR8                 *Description OPTIONAL,
  IN EFI_PHYSICAL_ADDRESS  FirmwareBlobBase,
  IN UINT64                FirmwareBlobLength
  )
{
  UINT32           FspMeasureMask;
  FSP_INFO_HEADER  *FspHeaderPtr;

  FspMeasureMask = PcdGet32 (PcdFspMeasurementConfig);
  if ((FspMeasureMask & FSP_MEASURE_FSPUPD) != 0) {
    FspHeaderPtr = (FSP_INFO_HEADER *)FspFindFspHeader (FirmwareBlobBase);
    if (FspHeaderPtr != NULL) {
      return MeasureFspFirmwareBlobWithCfg (
               Description,
               FirmwareBlobBase,
               FirmwareBlobLength,
               FspHeaderPtr->CfgRegionOffset,
               FspHeaderPtr->CfgRegionSize
               );
    }
  }

  return MeasureFirmwareBlob (PcrIndex, Description, FirmwareBlobBase, FirmwareBlobLength);
}