[thirdparty/systemd.git] / src / boot / efi / measure.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#if ENABLE_TPM

#include <efi.h>
#include <efilib.h>
#include "measure.h"

#define EFI_TCG_PROTOCOL_GUID { 0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd} }

typedef struct _TCG_VERSION {
        UINT8 Major;
        UINT8 Minor;
        UINT8 RevMajor;
        UINT8 RevMinor;
} TCG_VERSION;

typedef struct tdEFI_TCG2_VERSION {
        UINT8 Major;
        UINT8 Minor;
} EFI_TCG2_VERSION;

typedef struct _TCG_BOOT_SERVICE_CAPABILITY {
        UINT8 Size;
        struct _TCG_VERSION StructureVersion;
        struct _TCG_VERSION ProtocolSpecVersion;
        UINT8 HashAlgorithmBitmap;
        BOOLEAN TPMPresentFlag;
        BOOLEAN TPMDeactivatedFlag;
} TCG_BOOT_SERVICE_CAPABILITY;

typedef struct tdTREE_BOOT_SERVICE_CAPABILITY {
        UINT8 Size;
        EFI_TCG2_VERSION StructureVersion;
        EFI_TCG2_VERSION ProtocolVersion;
        UINT32 HashAlgorithmBitmap;
        UINT32 SupportedEventLogs;
        BOOLEAN TrEEPresentFlag;
        UINT16 MaxCommandSize;
        UINT16 MaxResponseSize;
        UINT32 ManufacturerID;
} TREE_BOOT_SERVICE_CAPABILITY;

typedef UINT32 TCG_ALGORITHM_ID;
#define TCG_ALG_SHA 0x00000004  // The SHA1 algorithm

#define SHA1_DIGEST_SIZE 20

typedef struct _TCG_DIGEST {
        UINT8 Digest[SHA1_DIGEST_SIZE];
} TCG_DIGEST;

#define EV_IPL 13

typedef struct _TCG_PCR_EVENT {
        UINT32 PCRIndex;
        UINT32 EventType;
        struct _TCG_DIGEST digest;
        UINT32 EventSize;
        UINT8 Event[1];
} TCG_PCR_EVENT;

INTERFACE_DECL(_EFI_TCG);

typedef EFI_STATUS(EFIAPI * EFI_TCG_STATUS_CHECK) (IN struct _EFI_TCG * This,
                                                   OUT struct _TCG_BOOT_SERVICE_CAPABILITY * ProtocolCapability,
                                                   OUT UINT32 * TCGFeatureFlags,
                                                   OUT EFI_PHYSICAL_ADDRESS * EventLogLocation,
                                                   OUT EFI_PHYSICAL_ADDRESS * EventLogLastEntry);

typedef EFI_STATUS(EFIAPI * EFI_TCG_HASH_ALL) (IN struct _EFI_TCG * This,
                                               IN UINT8 * HashData,
                                               IN UINT64 HashDataLen,
                                               IN TCG_ALGORITHM_ID AlgorithmId,
                                               IN OUT UINT64 * HashedDataLen, IN OUT UINT8 ** HashedDataResult);

typedef EFI_STATUS(EFIAPI * EFI_TCG_LOG_EVENT) (IN struct _EFI_TCG * This,
                                                IN struct _TCG_PCR_EVENT * TCGLogData,
                                                IN OUT UINT32 * EventNumber, IN UINT32 Flags);

typedef EFI_STATUS(EFIAPI * EFI_TCG_PASS_THROUGH_TO_TPM) (IN struct _EFI_TCG * This,
                                                          IN UINT32 TpmInputParameterBlockSize,
                                                          IN UINT8 * TpmInputParameterBlock,
                                                          IN UINT32 TpmOutputParameterBlockSize,
                                                          IN UINT8 * TpmOutputParameterBlock);

typedef EFI_STATUS(EFIAPI * EFI_TCG_HASH_LOG_EXTEND_EVENT) (IN struct _EFI_TCG * This,
                                                            IN EFI_PHYSICAL_ADDRESS HashData,
                                                            IN UINT64 HashDataLen,
                                                            IN TCG_ALGORITHM_ID AlgorithmId,
                                                            IN struct _TCG_PCR_EVENT * TCGLogData,
                                                            IN OUT UINT32 * EventNumber,
                                                            OUT EFI_PHYSICAL_ADDRESS * EventLogLastEntry);

typedef struct _EFI_TCG {
        EFI_TCG_STATUS_CHECK StatusCheck;
        EFI_TCG_HASH_ALL HashAll;
        EFI_TCG_LOG_EVENT LogEvent;
        EFI_TCG_PASS_THROUGH_TO_TPM PassThroughToTPM;
        EFI_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
} EFI_TCG;

#define EFI_TCG2_PROTOCOL_GUID {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}

typedef struct tdEFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL;

typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP;
typedef UINT32 EFI_TCG2_EVENT_LOG_FORMAT;
typedef UINT32 EFI_TCG2_EVENT_ALGORITHM_BITMAP;

#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2       0x00000001
#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2         0x00000002

typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY {
        UINT8 Size;
        EFI_TCG2_VERSION StructureVersion;
        EFI_TCG2_VERSION ProtocolVersion;
        EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
        EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs;
        BOOLEAN TPMPresentFlag;
        UINT16 MaxCommandSize;
        UINT16 MaxResponseSize;
        UINT32 ManufacturerID;
        UINT32 NumberOfPCRBanks;
        EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks;
} EFI_TCG2_BOOT_SERVICE_CAPABILITY;

#define EFI_TCG2_EVENT_HEADER_VERSION  1

typedef struct {
        UINT32 HeaderSize;
        UINT16 HeaderVersion;
        UINT32 PCRIndex;
        UINT32 EventType;
} __attribute__((packed)) EFI_TCG2_EVENT_HEADER;

typedef struct tdEFI_TCG2_EVENT {
        UINT32 Size;
        EFI_TCG2_EVENT_HEADER Header;
        UINT8 Event[1];
} __attribute__((packed)) EFI_TCG2_EVENT;

typedef EFI_STATUS(EFIAPI * EFI_TCG2_GET_CAPABILITY) (IN EFI_TCG2_PROTOCOL * This,
                                                      IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY * ProtocolCapability);

typedef EFI_STATUS(EFIAPI * EFI_TCG2_GET_EVENT_LOG) (IN EFI_TCG2_PROTOCOL * This,
                                                     IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,
                                                     OUT EFI_PHYSICAL_ADDRESS * EventLogLocation,
                                                     OUT EFI_PHYSICAL_ADDRESS * EventLogLastEntry,
                                                     OUT BOOLEAN * EventLogTruncated);

typedef EFI_STATUS(EFIAPI * EFI_TCG2_HASH_LOG_EXTEND_EVENT) (IN EFI_TCG2_PROTOCOL * This,
                                                             IN UINT64 Flags,
                                                             IN EFI_PHYSICAL_ADDRESS DataToHash,
                                                             IN UINT64 DataToHashLen, IN EFI_TCG2_EVENT * EfiTcgEvent);

typedef EFI_STATUS(EFIAPI * EFI_TCG2_SUBMIT_COMMAND) (IN EFI_TCG2_PROTOCOL * This,
                                                      IN UINT32 InputParameterBlockSize,
                                                      IN UINT8 * InputParameterBlock,
                                                      IN UINT32 OutputParameterBlockSize, IN UINT8 * OutputParameterBlock);

typedef EFI_STATUS(EFIAPI * EFI_TCG2_GET_ACTIVE_PCR_BANKS) (IN EFI_TCG2_PROTOCOL * This, OUT UINT32 * ActivePcrBanks);

typedef EFI_STATUS(EFIAPI * EFI_TCG2_SET_ACTIVE_PCR_BANKS) (IN EFI_TCG2_PROTOCOL * This, IN UINT32 ActivePcrBanks);

typedef EFI_STATUS(EFIAPI * EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS) (IN EFI_TCG2_PROTOCOL * This,
                                                                          OUT UINT32 * OperationPresent, OUT UINT32 * Response);

typedef struct tdEFI_TCG2_PROTOCOL {
        EFI_TCG2_GET_CAPABILITY GetCapability;
        EFI_TCG2_GET_EVENT_LOG GetEventLog;
        EFI_TCG2_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
        EFI_TCG2_SUBMIT_COMMAND SubmitCommand;
        EFI_TCG2_GET_ACTIVE_PCR_BANKS GetActivePcrBanks;
        EFI_TCG2_SET_ACTIVE_PCR_BANKS SetActivePcrBanks;
        EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS GetResultOfSetActivePcrBanks;
} EFI_TCG2;

static EFI_STATUS tpm1_measure_to_pcr_and_event_log(const EFI_TCG *tcg, UINT32 pcrindex, const EFI_PHYSICAL_ADDRESS buffer,
                                                    UINTN buffer_size, const CHAR16 *description) {
        EFI_STATUS status;
        TCG_PCR_EVENT *tcg_event;
        UINT32 event_number;
        EFI_PHYSICAL_ADDRESS event_log_last;
        UINTN desc_len;

        desc_len = (StrLen(description) + 1) * sizeof(CHAR16);

        tcg_event = AllocateZeroPool(desc_len + sizeof(TCG_PCR_EVENT));

        if (!tcg_event)
                return EFI_OUT_OF_RESOURCES;

        tcg_event->EventSize = desc_len;
        CopyMem((VOID *) & tcg_event->Event[0], (VOID *) description, desc_len);

        tcg_event->PCRIndex = pcrindex;
        tcg_event->EventType = EV_IPL;

        event_number = 1;
        status = uefi_call_wrapper(tcg->HashLogExtendEvent, 7,
                                   (EFI_TCG *) tcg, buffer, buffer_size, TCG_ALG_SHA, tcg_event, &event_number, &event_log_last);

        if (EFI_ERROR(status))
                return status;

        uefi_call_wrapper(BS->FreePool, 1, tcg_event);

        return EFI_SUCCESS;
}

/*
 * According to TCG EFI Protocol Specification for TPM 2.0 family,
 * all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
 * shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
 * EFI TCG 2.0 final events table. Hence, it is necessary to trigger the
 * internal switch through calling get_event_log() in order to allow
 * to retrieve the logs from OS runtime.
 */
static EFI_STATUS trigger_tcg2_final_events_table(const EFI_TCG2 *tcg, EFI_TCG2_EVENT_LOG_FORMAT log_fmt)
{
        EFI_PHYSICAL_ADDRESS loc;
        EFI_PHYSICAL_ADDRESS last_loc;
        BOOLEAN truncated;
        return uefi_call_wrapper(tcg->GetEventLog, 5, (EFI_TCG2 *) tcg,
                                 log_fmt, &loc, &last_loc, &truncated);
}

static EFI_STATUS tpm2_measure_to_pcr_and_event_log(const EFI_TCG2 *tcg, UINT32 pcrindex, const EFI_PHYSICAL_ADDRESS buffer,
                                                    UINT64 buffer_size, const CHAR16 *description, EFI_TCG2_EVENT_LOG_FORMAT log_fmt) {
        EFI_STATUS status;
        EFI_TCG2_EVENT *tcg_event;
        UINTN desc_len;
        static BOOLEAN triggered = FALSE;

        if (triggered == FALSE) {
                status = trigger_tcg2_final_events_table(tcg, log_fmt);
                if (EFI_ERROR(status))
                        return status;

                triggered = TRUE;
        }

        desc_len = StrLen(description) * sizeof(CHAR16);

        tcg_event = AllocateZeroPool(sizeof(*tcg_event) - sizeof(tcg_event->Event) + desc_len + 1);

        if (!tcg_event)
                return EFI_OUT_OF_RESOURCES;

        tcg_event->Size = sizeof(*tcg_event) - sizeof(tcg_event->Event) + desc_len + 1;
        tcg_event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
        tcg_event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
        tcg_event->Header.PCRIndex = pcrindex;
        tcg_event->Header.EventType = EV_IPL;

        CopyMem((VOID *) tcg_event->Event, (VOID *) description, desc_len);

        status = uefi_call_wrapper(tcg->HashLogExtendEvent, 5, (EFI_TCG2 *) tcg, 0, buffer, (UINT64) buffer_size, tcg_event);

        uefi_call_wrapper(BS->FreePool, 1, tcg_event);

        if (EFI_ERROR(status))
                return status;

        return EFI_SUCCESS;
}

static EFI_TCG * tcg1_interface_check(void) {
        EFI_GUID tpm_guid = EFI_TCG_PROTOCOL_GUID;
        EFI_STATUS status;
        EFI_TCG *tcg;
        TCG_BOOT_SERVICE_CAPABILITY capability;
        UINT32 features;
        EFI_PHYSICAL_ADDRESS event_log_location;
        EFI_PHYSICAL_ADDRESS event_log_last_entry;

        status = LibLocateProtocol(&tpm_guid, (void **) &tcg);

        if (EFI_ERROR(status))
                return NULL;

        capability.Size = (UINT8) sizeof(capability);
        status = uefi_call_wrapper(tcg->StatusCheck, 5, tcg, &capability, &features, &event_log_location, &event_log_last_entry);

        if (EFI_ERROR(status))
                return NULL;

        if (capability.TPMDeactivatedFlag)
                return NULL;

        if (!capability.TPMPresentFlag)
                return NULL;

        return tcg;
}

static EFI_TCG2 * tcg2_interface_check(EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps) {
        EFI_GUID tpm2_guid = EFI_TCG2_PROTOCOL_GUID;
        EFI_STATUS status;
        EFI_TCG2 *tcg;

        status = LibLocateProtocol(&tpm2_guid, (void **) &tcg);

        if (EFI_ERROR(status))
                return NULL;

        caps->Size = (UINT8) sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY);
        status = uefi_call_wrapper(tcg->GetCapability, 2, tcg, caps);

        if (EFI_ERROR(status))
                return NULL;

        if (caps->StructureVersion.Major == 1 &&
            caps->StructureVersion.Minor == 0) {
                TCG_BOOT_SERVICE_CAPABILITY *caps_1_0;
                caps_1_0 = (TCG_BOOT_SERVICE_CAPABILITY *)caps;
                if (caps_1_0->TPMPresentFlag)
                        return tcg;
        }

        if (!caps->TPMPresentFlag)
                return NULL;

        return tcg;
}

EFI_STATUS tpm_log_event(UINT32 pcrindex, const EFI_PHYSICAL_ADDRESS buffer, UINTN buffer_size, const CHAR16 *description) {
        EFI_TCG *tpm1;
        EFI_TCG2 *tpm2;
        EFI_TCG2_BOOT_SERVICE_CAPABILITY caps;

        tpm2 = tcg2_interface_check(&caps);
        if (tpm2) {
                EFI_TCG2_EVENT_LOG_BITMAP supported_logs;
                EFI_TCG2_EVENT_LOG_FORMAT log_fmt;

                if (caps.StructureVersion.Major == 1 &&
                    caps.StructureVersion.Minor == 0)
                        supported_logs = ((TREE_BOOT_SERVICE_CAPABILITY *)&caps)->SupportedEventLogs;
                else
                        supported_logs = caps.SupportedEventLogs;

                if (supported_logs & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
                        log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
                else
                        log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;

                return tpm2_measure_to_pcr_and_event_log(tpm2, pcrindex, buffer, buffer_size, description, log_fmt);
        }

        tpm1 = tcg1_interface_check();
        if (tpm1)
                return tpm1_measure_to_pcr_and_event_log(tpm1, pcrindex, buffer, buffer_size, description);

        /* No active TPM found, so don't return an error */
        return EFI_SUCCESS;
}

#endif
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
92ed3bb4	2
349cc4a5	3	#if ENABLE_TPM
92ed3bb4 HH	4
	5	#include <efi.h>
	6	#include <efilib.h>
	7	#include "measure.h"
	8
	9	#define EFI_TCG_PROTOCOL_GUID { 0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd} }
	10
	11	typedef struct _TCG_VERSION {
	12	UINT8 Major;
	13	UINT8 Minor;
	14	UINT8 RevMajor;
	15	UINT8 RevMinor;
	16	} TCG_VERSION;
	17
bfdf8c3b HH	18	typedef struct tdEFI_TCG2_VERSION {
	19	UINT8 Major;
	20	UINT8 Minor;
	21	} EFI_TCG2_VERSION;
	22
92ed3bb4 HH	23	typedef struct _TCG_BOOT_SERVICE_CAPABILITY {
	24	UINT8 Size;
	25	struct _TCG_VERSION StructureVersion;
	26	struct _TCG_VERSION ProtocolSpecVersion;
	27	UINT8 HashAlgorithmBitmap;
	28	BOOLEAN TPMPresentFlag;
	29	BOOLEAN TPMDeactivatedFlag;
	30	} TCG_BOOT_SERVICE_CAPABILITY;
	31
bfdf8c3b HH	32	typedef struct tdTREE_BOOT_SERVICE_CAPABILITY {
	33	UINT8 Size;
	34	EFI_TCG2_VERSION StructureVersion;
	35	EFI_TCG2_VERSION ProtocolVersion;
	36	UINT32 HashAlgorithmBitmap;
	37	UINT32 SupportedEventLogs;
	38	BOOLEAN TrEEPresentFlag;
	39	UINT16 MaxCommandSize;
	40	UINT16 MaxResponseSize;
	41	UINT32 ManufacturerID;
	42	} TREE_BOOT_SERVICE_CAPABILITY;
	43
92ed3bb4 HH	44	typedef UINT32 TCG_ALGORITHM_ID;
	45	#define TCG_ALG_SHA 0x00000004 // The SHA1 algorithm
	46
	47	#define SHA1_DIGEST_SIZE 20
	48
	49	typedef struct _TCG_DIGEST {
	50	UINT8 Digest[SHA1_DIGEST_SIZE];
	51	} TCG_DIGEST;
	52
	53	#define EV_IPL 13
	54
	55	typedef struct _TCG_PCR_EVENT {
	56	UINT32 PCRIndex;
	57	UINT32 EventType;
	58	struct _TCG_DIGEST digest;
	59	UINT32 EventSize;
	60	UINT8 Event[1];
	61	} TCG_PCR_EVENT;
	62
	63	INTERFACE_DECL(_EFI_TCG);
	64
	65	typedef EFI_STATUS(EFIAPI * EFI_TCG_STATUS_CHECK) (IN struct _EFI_TCG * This,
	66	OUT struct _TCG_BOOT_SERVICE_CAPABILITY * ProtocolCapability,
	67	OUT UINT32 * TCGFeatureFlags,
	68	OUT EFI_PHYSICAL_ADDRESS * EventLogLocation,
	69	OUT EFI_PHYSICAL_ADDRESS * EventLogLastEntry);
	70
	71	typedef EFI_STATUS(EFIAPI * EFI_TCG_HASH_ALL) (IN struct _EFI_TCG * This,
	72	IN UINT8 * HashData,
	73	IN UINT64 HashDataLen,
	74	IN TCG_ALGORITHM_ID AlgorithmId,
	75	IN OUT UINT64 * HashedDataLen, IN OUT UINT8 ** HashedDataResult);
	76
	77	typedef EFI_STATUS(EFIAPI * EFI_TCG_LOG_EVENT) (IN struct _EFI_TCG * This,
	78	IN struct _TCG_PCR_EVENT * TCGLogData,
	79	IN OUT UINT32 * EventNumber, IN UINT32 Flags);
	80
	81	typedef EFI_STATUS(EFIAPI * EFI_TCG_PASS_THROUGH_TO_TPM) (IN struct _EFI_TCG * This,
	82	IN UINT32 TpmInputParameterBlockSize,
	83	IN UINT8 * TpmInputParameterBlock,
	84	IN UINT32 TpmOutputParameterBlockSize,
	85	IN UINT8 * TpmOutputParameterBlock);
	86
	87	typedef EFI_STATUS(EFIAPI * EFI_TCG_HASH_LOG_EXTEND_EVENT) (IN struct _EFI_TCG * This,
	88	IN EFI_PHYSICAL_ADDRESS HashData,
	89	IN UINT64 HashDataLen,
	90	IN TCG_ALGORITHM_ID AlgorithmId,
	91	IN struct _TCG_PCR_EVENT * TCGLogData,
	92	IN OUT UINT32 * EventNumber,
	93	OUT EFI_PHYSICAL_ADDRESS * EventLogLastEntry);
	94
	95	typedef struct _EFI_TCG {
	96	EFI_TCG_STATUS_CHECK StatusCheck;
	97	EFI_TCG_HASH_ALL HashAll;
	98	EFI_TCG_LOG_EVENT LogEvent;
	99	EFI_TCG_PASS_THROUGH_TO_TPM PassThroughToTPM;
	100	EFI_TCG_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
	101	} EFI_TCG;
	102
	103	#define EFI_TCG2_PROTOCOL_GUID {0x607f766c, 0x7455, 0x42be, { 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f }}
	104
	105	typedef struct tdEFI_TCG2_PROTOCOL EFI_TCG2_PROTOCOL;
	106
92ed3bb4 HH	107	typedef UINT32 EFI_TCG2_EVENT_LOG_BITMAP;
	108	typedef UINT32 EFI_TCG2_EVENT_LOG_FORMAT;
	109	typedef UINT32 EFI_TCG2_EVENT_ALGORITHM_BITMAP;
	110
	111	#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 0x00000001
	112	#define EFI_TCG2_EVENT_LOG_FORMAT_TCG_2 0x00000002
	113
	114	typedef struct tdEFI_TCG2_BOOT_SERVICE_CAPABILITY {
	115	UINT8 Size;
	116	EFI_TCG2_VERSION StructureVersion;
	117	EFI_TCG2_VERSION ProtocolVersion;
	118	EFI_TCG2_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
	119	EFI_TCG2_EVENT_LOG_BITMAP SupportedEventLogs;
	120	BOOLEAN TPMPresentFlag;
	121	UINT16 MaxCommandSize;
	122	UINT16 MaxResponseSize;
	123	UINT32 ManufacturerID;
	124	UINT32 NumberOfPCRBanks;
	125	EFI_TCG2_EVENT_ALGORITHM_BITMAP ActivePcrBanks;
	126	} EFI_TCG2_BOOT_SERVICE_CAPABILITY;
	127
	128	#define EFI_TCG2_EVENT_HEADER_VERSION 1
	129
	130	typedef struct {
	131	UINT32 HeaderSize;
	132	UINT16 HeaderVersion;
	133	UINT32 PCRIndex;
	134	UINT32 EventType;
2ee1c55d	135	} __attribute__((packed)) EFI_TCG2_EVENT_HEADER;
92ed3bb4 HH	136
	137	typedef struct tdEFI_TCG2_EVENT {
	138	UINT32 Size;
	139	EFI_TCG2_EVENT_HEADER Header;
	140	UINT8 Event[1];
2ee1c55d	141	} __attribute__((packed)) EFI_TCG2_EVENT;
92ed3bb4 HH	142
	143	typedef EFI_STATUS(EFIAPI * EFI_TCG2_GET_CAPABILITY) (IN EFI_TCG2_PROTOCOL * This,
	144	IN OUT EFI_TCG2_BOOT_SERVICE_CAPABILITY * ProtocolCapability);
	145
	146	typedef EFI_STATUS(EFIAPI * EFI_TCG2_GET_EVENT_LOG) (IN EFI_TCG2_PROTOCOL * This,
	147	IN EFI_TCG2_EVENT_LOG_FORMAT EventLogFormat,
	148	OUT EFI_PHYSICAL_ADDRESS * EventLogLocation,
	149	OUT EFI_PHYSICAL_ADDRESS * EventLogLastEntry,
	150	OUT BOOLEAN * EventLogTruncated);
	151
	152	typedef EFI_STATUS(EFIAPI * EFI_TCG2_HASH_LOG_EXTEND_EVENT) (IN EFI_TCG2_PROTOCOL * This,
	153	IN UINT64 Flags,
	154	IN EFI_PHYSICAL_ADDRESS DataToHash,
	155	IN UINT64 DataToHashLen, IN EFI_TCG2_EVENT * EfiTcgEvent);
	156
	157	typedef EFI_STATUS(EFIAPI * EFI_TCG2_SUBMIT_COMMAND) (IN EFI_TCG2_PROTOCOL * This,
	158	IN UINT32 InputParameterBlockSize,
	159	IN UINT8 * InputParameterBlock,
	160	IN UINT32 OutputParameterBlockSize, IN UINT8 * OutputParameterBlock);
	161
	162	typedef EFI_STATUS(EFIAPI * EFI_TCG2_GET_ACTIVE_PCR_BANKS) (IN EFI_TCG2_PROTOCOL * This, OUT UINT32 * ActivePcrBanks);
	163
	164	typedef EFI_STATUS(EFIAPI * EFI_TCG2_SET_ACTIVE_PCR_BANKS) (IN EFI_TCG2_PROTOCOL * This, IN UINT32 ActivePcrBanks);
	165
	166	typedef EFI_STATUS(EFIAPI * EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS) (IN EFI_TCG2_PROTOCOL * This,
	167	OUT UINT32 * OperationPresent, OUT UINT32 * Response);
	168
	169	typedef struct tdEFI_TCG2_PROTOCOL {
	170	EFI_TCG2_GET_CAPABILITY GetCapability;
	171	EFI_TCG2_GET_EVENT_LOG GetEventLog;
	172	EFI_TCG2_HASH_LOG_EXTEND_EVENT HashLogExtendEvent;
	173	EFI_TCG2_SUBMIT_COMMAND SubmitCommand;
	174	EFI_TCG2_GET_ACTIVE_PCR_BANKS GetActivePcrBanks;
	175	EFI_TCG2_SET_ACTIVE_PCR_BANKS SetActivePcrBanks;
	176	EFI_TCG2_GET_RESULT_OF_SET_ACTIVE_PCR_BANKS GetResultOfSetActivePcrBanks;
	177	} EFI_TCG2;
	178
92ed3bb4 HH	179	static EFI_STATUS tpm1_measure_to_pcr_and_event_log(const EFI_TCG *tcg, UINT32 pcrindex, const EFI_PHYSICAL_ADDRESS buffer,
	180	UINTN buffer_size, const CHAR16 *description) {
	181	EFI_STATUS status;
	182	TCG_PCR_EVENT *tcg_event;
	183	UINT32 event_number;
	184	EFI_PHYSICAL_ADDRESS event_log_last;
	185	UINTN desc_len;
	186
	187	desc_len = (StrLen(description) + 1) * sizeof(CHAR16);
	188
	189	tcg_event = AllocateZeroPool(desc_len + sizeof(TCG_PCR_EVENT));
	190
234519ae	191	if (!tcg_event)
92ed3bb4 HH	192	return EFI_OUT_OF_RESOURCES;
	193
	194	tcg_event->EventSize = desc_len;
	195	CopyMem((VOID ) & tcg_event->Event[0], (VOID ) description, desc_len);
	196
	197	tcg_event->PCRIndex = pcrindex;
	198	tcg_event->EventType = EV_IPL;
	199
	200	event_number = 1;
	201	status = uefi_call_wrapper(tcg->HashLogExtendEvent, 7,
a0693fc9	202	(EFI_TCG *) tcg, buffer, buffer_size, TCG_ALG_SHA, tcg_event, &event_number, &event_log_last);
92ed3bb4 HH	203
	204	if (EFI_ERROR(status))
	205	return status;
	206
	207	uefi_call_wrapper(BS->FreePool, 1, tcg_event);
	208
	209	return EFI_SUCCESS;
	210	}
	211
59991e3f LZ	212	/*
	213	* According to TCG EFI Protocol Specification for TPM 2.0 family,
	214	* all events generated after the invocation of EFI_TCG2_GET_EVENT_LOG
	215	* shall be stored in an instance of an EFI_CONFIGURATION_TABLE aka
	216	* EFI TCG 2.0 final events table. Hence, it is necessary to trigger the
	217	* internal switch through calling get_event_log() in order to allow
	218	* to retrieve the logs from OS runtime.
	219	*/
bfdf8c3b	220	static EFI_STATUS trigger_tcg2_final_events_table(const EFI_TCG2 *tcg, EFI_TCG2_EVENT_LOG_FORMAT log_fmt)
59991e3f	221	{
16c73c76 RV	222	EFI_PHYSICAL_ADDRESS loc;
	223	EFI_PHYSICAL_ADDRESS last_loc;
	224	BOOLEAN truncated;
a0693fc9	225	return uefi_call_wrapper(tcg->GetEventLog, 5, (EFI_TCG2 *) tcg,
16c73c76	226	log_fmt, &loc, &last_loc, &truncated);
59991e3f	227	}
92ed3bb4 HH	228
92ed3bb4 HH	229	static EFI_STATUS tpm2_measure_to_pcr_and_event_log(const EFI_TCG2 *tcg, UINT32 pcrindex, const EFI_PHYSICAL_ADDRESS buffer,
bfdf8c3b	230	UINT64 buffer_size, const CHAR16 *description, EFI_TCG2_EVENT_LOG_FORMAT log_fmt) {
92ed3bb4 HH	231	EFI_STATUS status;
	232	EFI_TCG2_EVENT *tcg_event;
	233	UINTN desc_len;
59991e3f LZ	234	static BOOLEAN triggered = FALSE;
	235
	236	if (triggered == FALSE) {
bfdf8c3b	237	status = trigger_tcg2_final_events_table(tcg, log_fmt);
59991e3f LZ	238	if (EFI_ERROR(status))
	239	return status;
	240
	241	triggered = TRUE;
	242	}
92ed3bb4 HH	243
	244	desc_len = StrLen(description) * sizeof(CHAR16);
	245
	246	tcg_event = AllocateZeroPool(sizeof(*tcg_event) - sizeof(tcg_event->Event) + desc_len + 1);
	247
234519ae	248	if (!tcg_event)
92ed3bb4 HH	249	return EFI_OUT_OF_RESOURCES;
92ed3bb4 HH	250
bfdf8c3b	251	tcg_event->Size = sizeof(*tcg_event) - sizeof(tcg_event->Event) + desc_len + 1;
92ed3bb4 HH	252	tcg_event->Header.HeaderSize = sizeof(EFI_TCG2_EVENT_HEADER);
	253	tcg_event->Header.HeaderVersion = EFI_TCG2_EVENT_HEADER_VERSION;
	254	tcg_event->Header.PCRIndex = pcrindex;
	255	tcg_event->Header.EventType = EV_IPL;
	256
	257	CopyMem((VOID ) tcg_event->Event, (VOID ) description, desc_len);
	258
bfdf8c3b	259	status = uefi_call_wrapper(tcg->HashLogExtendEvent, 5, (EFI_TCG2 *) tcg, 0, buffer, (UINT64) buffer_size, tcg_event);
92ed3bb4 HH	260
	261	uefi_call_wrapper(BS->FreePool, 1, tcg_event);
	262
	263	if (EFI_ERROR(status))
	264	return status;
	265
	266	return EFI_SUCCESS;
	267	}
	268
	269	static EFI_TCG * tcg1_interface_check(void) {
	270	EFI_GUID tpm_guid = EFI_TCG_PROTOCOL_GUID;
	271	EFI_STATUS status;
	272	EFI_TCG *tcg;
	273	TCG_BOOT_SERVICE_CAPABILITY capability;
	274	UINT32 features;
	275	EFI_PHYSICAL_ADDRESS event_log_location;
	276	EFI_PHYSICAL_ADDRESS event_log_last_entry;
	277
	278	status = LibLocateProtocol(&tpm_guid, (void **) &tcg);
	279
	280	if (EFI_ERROR(status))
	281	return NULL;
	282
	283	capability.Size = (UINT8) sizeof(capability);
	284	status = uefi_call_wrapper(tcg->StatusCheck, 5, tcg, &capability, &features, &event_log_location, &event_log_last_entry);
	285
	286	if (EFI_ERROR(status))
	287	return NULL;
	288
	289	if (capability.TPMDeactivatedFlag)
	290	return NULL;
	291
	292	if (!capability.TPMPresentFlag)
	293	return NULL;
	294
	295	return tcg;
	296	}
	297
bfdf8c3b	298	static EFI_TCG2 * tcg2_interface_check(EFI_TCG2_BOOT_SERVICE_CAPABILITY *caps) {
92ed3bb4 HH	299	EFI_GUID tpm2_guid = EFI_TCG2_PROTOCOL_GUID;
	300	EFI_STATUS status;
	301	EFI_TCG2 *tcg;
92ed3bb4 HH	302
	303	status = LibLocateProtocol(&tpm2_guid, (void **) &tcg);
	304
	305	if (EFI_ERROR(status))
	306	return NULL;
	307
bfdf8c3b HH	308	caps->Size = (UINT8) sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY);
bfdf8c3b HH	309	status = uefi_call_wrapper(tcg->GetCapability, 2, tcg, caps);
92ed3bb4 HH	310
	311	if (EFI_ERROR(status))
	312	return NULL;
	313
bfdf8c3b HH	314	if (caps->StructureVersion.Major == 1 &&
	315	caps->StructureVersion.Minor == 0) {
	316	TCG_BOOT_SERVICE_CAPABILITY *caps_1_0;
	317	caps_1_0 = (TCG_BOOT_SERVICE_CAPABILITY *)caps;
	318	if (caps_1_0->TPMPresentFlag)
	319	return tcg;
	320	}
	321
	322	if (!caps->TPMPresentFlag)
92ed3bb4 HH	323	return NULL;
	324
	325	return tcg;
	326	}
	327
	328	EFI_STATUS tpm_log_event(UINT32 pcrindex, const EFI_PHYSICAL_ADDRESS buffer, UINTN buffer_size, const CHAR16 *description) {
	329	EFI_TCG *tpm1;
	330	EFI_TCG2 *tpm2;
bfdf8c3b HH	331	EFI_TCG2_BOOT_SERVICE_CAPABILITY caps;
	332
	333	tpm2 = tcg2_interface_check(&caps);
	334	if (tpm2) {
	335	EFI_TCG2_EVENT_LOG_BITMAP supported_logs;
	336	EFI_TCG2_EVENT_LOG_FORMAT log_fmt;
	337
	338	if (caps.StructureVersion.Major == 1 &&
	339	caps.StructureVersion.Minor == 0)
	340	supported_logs = ((TREE_BOOT_SERVICE_CAPABILITY *)&caps)->SupportedEventLogs;
	341	else
	342	supported_logs = caps.SupportedEventLogs;
	343
	344	if (supported_logs & EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
	345	log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_2;
	346	else
	347	log_fmt = EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2;
	348
bfdf8c3b HH	349	return tpm2_measure_to_pcr_and_event_log(tpm2, pcrindex, buffer, buffer_size, description, log_fmt);
bfdf8c3b HH	350	}
92ed3bb4 HH	351
	352	tpm1 = tcg1_interface_check();
	353	if (tpm1)
	354	return tpm1_measure_to_pcr_and_event_log(tpm1, pcrindex, buffer, buffer_size, description);
	355
	356	/* No active TPM found, so don't return an error */
	357	return EFI_SUCCESS;
	358	}
	359
	360	#endif