TCG event log and TCG2 final event log area length can be configurable to meet platform event log requirement. PcdTcgLogAreaMinLen : 0x10000 based on minimum requirement in TCG ACPI Spec 00.37 PcdTcg2FinalLogAreaLen : 0x8000 based on experience value
Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <[email protected]> --- SecurityPkg/SecurityPkg.dec | 11 ++++++++++- SecurityPkg/SecurityPkg.uni | 11 ++++++++++- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 15 ++++++--------- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +++- SecurityPkg/Tcg/TcgDxe/TcgDxe.c | 14 ++++++-------- SecurityPkg/Tcg/TcgDxe/TcgDxe.inf | 3 ++- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 12 +++++------- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 3 ++- 8 files changed, 44 insertions(+), 29 deletions(-) diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec index d568b47..b5f4eb7 100644 --- a/SecurityPkg/SecurityPkg.dec +++ b/SecurityPkg/SecurityPkg.dec @@ -5,7 +5,7 @@ # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) # and libraries instances, which are used for those features. # -# Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR> # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR> # This program and the accompanying materials are licensed and made available under # the terms and conditions of the BSD License which accompanies this distribution. @@ -389,6 +389,15 @@ # gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, 0x96, 0xa2, 0xd4, 0xa6, 0x4d}|VOID*|0x00010013 + ## This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML). + # For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB. + # @Prompt Minimum length(in bytes) of the system preboot TCG event log area(LAML). + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen|0x10000|UINT32|0x00010017 + + ## This PCD defines length(in bytes) of the TCG2 Final event log area. + # @Prompt Length(in bytes) of the TCG2 Final event log area. + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen|0x8000|UINT32|0x00010018 + [PcdsDynamic, PcdsDynamicEx] ## This PCD indicates Hash mask for TPM 2.0.<BR><BR> diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni index 91fff94..5fcd3f9 100644 --- a/SecurityPkg/SecurityPkg.uni +++ b/SecurityPkg/SecurityPkg.uni @@ -5,7 +5,7 @@ // It also provides the definitions(including PPIs/PROTOCOLs/GUIDs and library classes) // and libraries instances, which are used for those features. // -// Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR> +// Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR> // // This program and the accompanying materials are licensed and made available under // the terms and conditions of the BSD License which accompanies this distribution. @@ -192,3 +192,12 @@ "Bios may choose to register a subset of PcdTpm2HashMask.\n" "So this PCD is final value of how many hash algo is extended to PCR." +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_PROMPT #language en-US "Minimum length(in bytes) of the system preboot TCG event log area(LAML)." + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_HELP #language en-US "This PCD defines minimum length(in bytes) of the system preboot TCG event log area(LAML).\n" + "For PC Client Implementation spec up to and including 1.2 the minimum log size is 64KB." + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_PROMPT #language en-US "Length(in bytes) of the TCG2 Final event log area." + +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2FinalLogAreaLen_HELP #language en-US "This PCD defines length(in bytes) of the TCG2 Final event log area." + diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index ae5e084..f0dbbac 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -56,9 +56,6 @@ typedef struct { EFI_GUID *VendorGuid; } VARIABLE_TYPE; -#define EFI_TCG_LOG_AREA_SIZE 0x10000 -#define EFI_TCG_FINAL_LOG_AREA_SIZE 0x1000 - #define TCG2_DEFAULT_MAX_COMMAND_SIZE 0x1000 #define TCG2_DEFAULT_MAX_RESPONSE_SIZE 0x1000 @@ -1470,19 +1467,19 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { return Status; } mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; - mTcgDxeData.EventLogAreaStruct[Index].Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen); // // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); // // Create first entry for Log Header Entry Data // @@ -1571,13 +1568,13 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_FINAL_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcg2FinalLogAreaLen)), &Lasa ); if (EFI_ERROR (Status)) { return Status; } - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_FINAL_LOG_AREA_SIZE, 0xFF); + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcg2FinalLogAreaLen), 0xFF); // // Initialize @@ -1588,7 +1585,7 @@ SetupEventLog ( mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogFormat = mTcg2EventInfo[Index].LogFormat; mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa = Lasa + sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); - mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = EFI_TCG_FINAL_LOG_AREA_SIZE - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); + mTcgDxeData.FinalEventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcg2FinalLogAreaLen) - sizeof(EFI_TCG2_FINAL_EVENTS_TABLE); mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogSize = 0; mTcgDxeData.FinalEventLogAreaStruct[Index].LastEvent = (VOID *)(UINTN)mTcgDxeData.FinalEventLogAreaStruct[Index].Lasa; mTcgDxeData.FinalEventLogAreaStruct[Index].EventLogStarted = FALSE; diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf index ca6741b..fd120e5 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -7,7 +7,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR> # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -100,6 +100,8 @@ gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap ## CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdTcg2NumberOfPCRBanks ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcg2FinalLogAreaLen ## CONSUMES [Depex] TRUE diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c index 4e2741c..1e52179 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c @@ -53,8 +53,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #include "TpmComm.h" -#define EFI_TCG_LOG_AREA_SIZE 0x10000 - #define TCG_DXE_DATA_FROM_THIS(this) \ BASE_CR (this, TCG_DXE_DATA, TcgProtocol) @@ -653,7 +651,7 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { @@ -664,8 +662,8 @@ SetupEventLog ( // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); - mTcgClientAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + SetMem ((VOID *)(UINTN)mTcgClientAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); + mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } else { Lasa = mTcgServerAcpiTemplate.Lasa; @@ -673,7 +671,7 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { @@ -684,8 +682,8 @@ SetupEventLog ( // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); - mTcgServerAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + SetMem ((VOID *)(UINTN)mTcgServerAcpiTemplate.Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); + mTcgServerAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } GuidHob.Raw = GetHobList (); diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf index 0976304..e5409df 100644 --- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf @@ -2,7 +2,7 @@ # Produces TCG protocol and measures boot environment # This module will produce TCG protocol and measure boot environment. # -# Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2006 - 2016, Intel Corporation. All rights reserved.<BR> # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -75,6 +75,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES [Depex] TRUE diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c index 8f344fe..dfdee04 100644 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c @@ -55,8 +55,6 @@ typedef struct { EFI_GUID *VendorGuid; } VARIABLE_TYPE; -#define EFI_TCG_LOG_AREA_SIZE 0x10000 - #define TREE_DEFAULT_MAX_COMMAND_SIZE 0x1000 #define TREE_DEFAULT_MAX_RESPONSE_SIZE 0x1000 @@ -949,19 +947,19 @@ SetupEventLog ( Status = gBS->AllocatePages ( AllocateMaxAddress, EfiACPIMemoryNVS, - EFI_SIZE_TO_PAGES (EFI_TCG_LOG_AREA_SIZE), + EFI_SIZE_TO_PAGES (PcdGet32 (PcdTcgLogAreaMinLen)), &Lasa ); if (EFI_ERROR (Status)) { return Status; } mTcgDxeData.EventLogAreaStruct[Index].Lasa = Lasa; - mTcgDxeData.EventLogAreaStruct[Index].Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgDxeData.EventLogAreaStruct[Index].Laml = PcdGet32 (PcdTcgLogAreaMinLen); // // To initialize them as 0xFF is recommended // because the OS can know the last entry for that. // - SetMem ((VOID *)(UINTN)Lasa, EFI_TCG_LOG_AREA_SIZE, 0xFF); + SetMem ((VOID *)(UINTN)Lasa, PcdGet32 (PcdTcgLogAreaMinLen), 0xFF); } // @@ -969,10 +967,10 @@ SetupEventLog ( // if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_CLIENT) { mTcgClientAcpiTemplate.Lasa = mTcgDxeData.EventLogAreaStruct[0].Lasa; - mTcgClientAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgClientAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } else { mTcgServerAcpiTemplate.Lasa = mTcgDxeData.EventLogAreaStruct[0].Lasa; - mTcgServerAcpiTemplate.Laml = EFI_TCG_LOG_AREA_SIZE; + mTcgServerAcpiTemplate.Laml = PcdGet32 (PcdTcgLogAreaMinLen); } // diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf index 258ab46..c22e8f0 100644 --- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf +++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf @@ -7,7 +7,7 @@ # This external input must be validated carefully to avoid security issue like # buffer overflow, integer overflow. # -# Copyright (c) 2013 - 2015, Intel Corporation. All rights reserved.<BR> +# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR> # This program and the accompanying materials # are licensed and made available under the terms and conditions of the BSD License # which accompanies this distribution. The full text of the license may be found at @@ -94,6 +94,7 @@ gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorId ## SOMETIMES_CONSUMES gEfiMdeModulePkgTokenSpaceGuid.PcdAcpiDefaultCreatorRevision ## SOMETIMES_CONSUMES gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice ## SOMETIMES_CONSUMES + gEfiSecurityPkgTokenSpaceGuid.PcdTcgLogAreaMinLen ## CONSUMES [Depex] TRUE -- 1.9.5.msysgit.1 _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
