This is patch to remove smbios measurement in TCG driver. There will be other patch to add it in Smbios driver.
The problem of current SMBIOS measurement is: 1) TCG drivers do not support SMBIOS3.0 table. 2) TCG drivers do not follow TCG platform spec on: "Platform configuration information that is automatically updated, such as clock registers, and system unique information, such as asset numbers or serial numbers, MUST NOT be measured into PCR [1], or any other PCR." So we decide to move Smbios measurement from TCG drivers to Smbios driver. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yao, Jiewen <[email protected]> Cc: Zhang, Chao B <[email protected]> Cc: Zeng, Star <[email protected]> --- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 33 +-------------------------------- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 ---- SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 33 +-------------------------------- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 4 ---- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 33 +-------------------------------- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 4 ---- 6 files changed, 3 insertions(+), 108 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index 9ad970a..7076772 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -15,11 +15,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <PiDxe.h> #include <IndustryStandard/Acpi.h> #include <IndustryStandard/PeImage.h> -#include <IndustryStandard/SmBios.h> #include <IndustryStandard/TcpaAcpi.h> #include <Guid/GlobalVariable.h> -#include <Guid/SmBios.h> #include <Guid/HobList.h> #include <Guid/TcgEventHob.h> #include <Guid/EventGroup.h> @@ -1690,42 +1688,13 @@ MeasureHandoffTables ( ) { EFI_STATUS Status; - SMBIOS_TABLE_ENTRY_POINT *SmbiosTable; TCG_PCR_EVENT_HDR TcgEvent; EFI_HANDOFF_TABLE_POINTERS HandoffTables; UINTN ProcessorNum; EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; ProcessorLocBuf = NULL; - - // - // Measure SMBIOS with EV_EFI_HANDOFF_TABLES to PCR[1] - // - Status = EfiGetSystemConfigurationTable ( - &gEfiSmbiosTableGuid, - (VOID **) &SmbiosTable - ); - - if (!EFI_ERROR (Status) && SmbiosTable != NULL) { - TcgEvent.PCRIndex = 1; - TcgEvent.EventType = EV_EFI_HANDOFF_TABLES; - TcgEvent.EventSize = sizeof (HandoffTables); - - HandoffTables.NumberOfTables = 1; - HandoffTables.TableEntry[0].VendorGuid = gEfiSmbiosTableGuid; - HandoffTables.TableEntry[0].VendorTable = SmbiosTable; - - DEBUG ((DEBUG_INFO, "The Smbios Table starts at: 0x%x\n", SmbiosTable->TableAddress)); - DEBUG ((DEBUG_INFO, "The Smbios Table size: 0x%x\n", SmbiosTable->TableLength)); - - Status = TcgDxeHashLogExtendEvent ( - 0, - (UINT8*)(UINTN)SmbiosTable->TableAddress, - SmbiosTable->TableLength, - &TcgEvent, - (UINT8*)&HandoffTables - ); - } + Status = EFI_SUCCESS; if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) { // diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf index d6ac07e..ca6741b 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -61,10 +61,6 @@ Tcg2PhysicalPresenceLib [Guids] - ## SOMETIMES_CONSUMES ## SystemTable # Smbios Table - ## SOMETIMES_CONSUMES ## GUID # Handoff Table for measurement. - gEfiSmbiosTableGuid - ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" ## SOMETIMES_CONSUMES ## Variable:L"PK" ## SOMETIMES_CONSUMES ## Variable:L"KEK" diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index 4b9afe3..8091941 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -23,11 +23,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <IndustryStandard/Tpm12.h> #include <IndustryStandard/Acpi.h> #include <IndustryStandard/PeImage.h> -#include <IndustryStandard/SmBios.h> #include <IndustryStandard/TcpaAcpi.h> #include <Guid/GlobalVariable.h> -#include <Guid/SmBios.h> #include <Guid/HobList.h> #include <Guid/TcgEventHob.h> #include <Guid/EventGroup.h> @@ -748,42 +746,13 @@ MeasureHandoffTables ( ) { EFI_STATUS Status; - SMBIOS_TABLE_ENTRY_POINT *SmbiosTable; TCG_PCR_EVENT_HDR TcgEvent; EFI_HANDOFF_TABLE_POINTERS HandoffTables; UINTN ProcessorNum; EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; ProcessorLocBuf = NULL; - - // - // Measure SMBIOS with EV_EFI_HANDOFF_TABLES to PCR[1] - // - Status = EfiGetSystemConfigurationTable ( - &gEfiSmbiosTableGuid, - (VOID **) &SmbiosTable - ); - - if (!EFI_ERROR (Status) && SmbiosTable != NULL) { - TcgEvent.PCRIndex = 1; - TcgEvent.EventType = EV_EFI_HANDOFF_TABLES; - TcgEvent.EventSize = sizeof (HandoffTables); - - HandoffTables.NumberOfTables = 1; - HandoffTables.TableEntry[0].VendorGuid = gEfiSmbiosTableGuid; - HandoffTables.TableEntry[0].VendorTable = SmbiosTable; - - DEBUG ((DEBUG_INFO, "The Smbios Table starts at: 0x%x\n", SmbiosTable->TableAddress)); - DEBUG ((DEBUG_INFO, "The Smbios Table size: 0x%x\n", SmbiosTable->TableLength)); - - Status = TcgDxeHashLogExtendEventI ( - &mTcgDxeData, - (UINT8*)(UINTN)SmbiosTable->TableAddress, - SmbiosTable->TableLength, - &TcgEvent, - (UINT8*)&HandoffTables - ); - } + Status = EFI_SUCCESS; if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) { // diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf index 39aeb8b..0976304 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf @@ -54,10 +54,6 @@ ReportStatusCodeLib [Guids] - ## SOMETIMES_CONSUMES ## SystemTable # Smbios Table - ## SOMETIMES_CONSUMES ## GUID # Handoff Table for measurement. - gEfiSmbiosTableGuid - gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"BootXXXX" gTcgEventEntryHobGuid ## SOMETIMES_CONSUMES ## HOB gTpmErrorHobGuid ## SOMETIMES_CONSUMES ## HOB diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c index 582f09f..41e7207 100644 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c @@ -15,11 +15,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include <PiDxe.h> #include <IndustryStandard/Acpi.h> #include <IndustryStandard/PeImage.h> -#include <IndustryStandard/SmBios.h> #include <IndustryStandard/TcpaAcpi.h> #include <Guid/GlobalVariable.h> -#include <Guid/SmBios.h> #include <Guid/HobList.h> #include <Guid/TcgEventHob.h> #include <Guid/EventGroup.h> @@ -1046,42 +1044,13 @@ MeasureHandoffTables ( ) { EFI_STATUS Status; - SMBIOS_TABLE_ENTRY_POINT *SmbiosTable; TCG_PCR_EVENT_HDR TcgEvent; EFI_HANDOFF_TABLE_POINTERS HandoffTables; UINTN ProcessorNum; EFI_CPU_PHYSICAL_LOCATION *ProcessorLocBuf; ProcessorLocBuf = NULL; - - // - // Measure SMBIOS with EV_EFI_HANDOFF_TABLES to PCR[1] - // - Status = EfiGetSystemConfigurationTable ( - &gEfiSmbiosTableGuid, - (VOID **) &SmbiosTable - ); - - if (!EFI_ERROR (Status) && SmbiosTable != NULL) { - TcgEvent.PCRIndex = 1; - TcgEvent.EventType = EV_EFI_HANDOFF_TABLES; - TcgEvent.EventSize = sizeof (HandoffTables); - - HandoffTables.NumberOfTables = 1; - HandoffTables.TableEntry[0].VendorGuid = gEfiSmbiosTableGuid; - HandoffTables.TableEntry[0].VendorTable = SmbiosTable; - - DEBUG ((DEBUG_INFO, "The Smbios Table starts at: 0x%x\n", SmbiosTable->TableAddress)); - DEBUG ((DEBUG_INFO, "The Smbios Table size: 0x%x\n", SmbiosTable->TableLength)); - - Status = TcgDxeHashLogExtendEvent ( - 0, - (UINT8*)(UINTN)SmbiosTable->TableAddress, - SmbiosTable->TableLength, - &TcgEvent, - (UINT8*)&HandoffTables - ); - } + Status = EFI_SUCCESS; if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) { // diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf index e564c8f..258ab46 100644 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf @@ -60,10 +60,6 @@ ReportStatusCodeLib [Guids] - ## SOMETIMES_CONSUMES ## SystemTable # Smbios Table - ## SOMETIMES_CONSUMES ## GUID # Handoff Table for measurement. - gEfiSmbiosTableGuid - ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" ## SOMETIMES_CONSUMES ## Variable:L"PK" ## SOMETIMES_CONSUMES ## Variable:L"KEK" -- 1.9.5.msysgit.0 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
