summaryrefslogtreecommitdiff
path: root/include/efi_tcg2.h
AgeCommit message (Collapse)AuthorFilesLines
2023-02-19efi_loader: Measure the loaded DTBEtienne Carriere1-0/+10
Measures the DTB passed to the EFI application upon new boolean config switch CONFIG_EFI_TCG2_PROTOCOL_MEASURE_DTB. For platforms where the content of the DTB passed to the OS can change across reboots, there is not point measuring it hence the config switch to allow platform to not embed this feature. Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2022-01-19efi_loader: printing TCG2 protocol GUIDHeinrich Schuchardt1-4/+0
We support the TCG2 protocol. Allow command efidebug to print it. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-26efi_loader: add UEFI GPT measurementMasahisa Kojima1-0/+12
This commit adds the UEFI GPT disk partition topology measurement required in TCG PC Client Platform Firmware Profile Specification Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-10-26efi_loader: add SMBIOS table measurementMasahisa Kojima1-0/+15
TCG PC Client Platform Firmware Profile Specification requires to measure the SMBIOS table that contains static configuration information (e.g. Platform Manufacturer Enterprise Number assigned by IANA, platform model number, Vendor and Device IDs for each SMBIOS table). The device- and environment-dependent information such as serial number is cleared to zero or space character for the measurement. Existing smbios_string() function returns pointer to the string with const qualifier, but exisintg use case is updating version string and const qualifier must be removed. This commit removes const qualifier from smbios_string() return value and reuses to clear the strings for the measurement. This commit also fixes the following compiler warning: lib/smbios-parser.c:59:39: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] const struct smbios_header *header = (struct smbios_header *)entry->struct_table_address; Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-09-25efi_loader: Fix spec ID event creationRuchika Gupta1-6/+1
TCG EFI Protocol Specification defines the number_of_algorithms field in spec ID event to be equal to the number of active algorithms supported by the TPM device. In current implementation, this field is populated with the count of all algorithms supported by the TPM which leads to incorrect spec ID event creation. Similarly, the algorithm array in spec ID event should be a variable length array with length being equal to the number_of_algorithms field. In current implementation this is defined as a fixed length array which has been fixed. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> CC: Masahisa Kojima <masahisa.kojima@linaro.org> CC: Ilias Apalodimas <ilias.apalodimas@linaro.org> CC: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-11efi_loader: boot_service_capability_min should be capitalizedMasahisa Kojima1-1/+1
boot_service_capability_min is constant, it should be capitalized. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-09-04efi_loader: fix efi_tcg2_hash_log_extend_event() parameter checkMasahisa Kojima1-0/+2
TCG EFI Protocol Specification defines that PCRIndex parameter passed from caller must be 0 to 23. TPM2_MAX_PCRS is currently used to check the range of PCRIndex, but TPM2_MAX_PCRS is tpm2 device dependent and may have larger value. This commit newly adds EFI_TCG2_MAX_PCR_INDEX macro, it is used to check the range of PCRIndex parameter. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2021-09-04efi_loader: fix boot_service_capability_min calculationMasahisa Kojima1-1/+1
TCG EFI Protocol Specification requires to the input ProtocolCapability.Size < size of the EFI_TCG2_BOOT_SERVICE_CAPABILITY up to and including the vendor ID field. Current implementation does different calculation, let's fix it. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-17efi_loader: add comment for efi_tcg2.hMasahisa Kojima1-3/+54
This commit adds the comment of the TCG Specification efi_tcg2.h file refers, and comment for the structure. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
2021-08-14efi_loader: add secure boot variable measurementMasahisa Kojima1-0/+20
TCG PC Client PFP spec requires to measure the secure boot policy before validating the UEFI image. This commit adds the secure boot variable measurement of "SecureBoot", "PK", "KEK", "db", "dbx", "dbt", and "dbr". Note that this implementation assumes that secure boot variables are pre-configured and not be set/updated in runtime. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2021-05-28efi_loader: add PE/COFF image measurementMasahisa Kojima1-0/+9
"TCG PC Client Platform Firmware Profile Specification" requires to measure every attempt to load and execute a OS Loader(a UEFI application) into PCR[4]. This commit adds the PE/COFF image measurement, extends PCR, and appends measurement into Event Log. Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Replace CONFIG_HASH_CALCULATE by CONFIG_HASH Fix conversions between pointers and u64. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-12-03efi_loader: Introduce eventlog support for TCG2_PROTOCOLIlias Apalodimas1-1/+70
In the previous patches we only introduced a minimal subset of the EFI_TCG2_PROTOCOL protocol implementing GetCapability(). So let's continue adding features to it, introducing the GetEventLog() and HashLogExtendEvent() functions. In order to do that we first need to construct the eventlog in memory, specifically in EFI_BOOT_SERVICES_DATA memory and a configuration table from EFI_ACPI_MEMORY_NVS. U-Boot won't currently add any events to the log or measure any components, but will expose the necessary EFI APIs for applications to do so. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-11-21efi_loader: tcg2 protocol updatesIlias Apalodimas1-2/+0
On pull reuqest https://lists.denx.de/pipermail/u-boot/2020-November/432735.html V4 of the patchset was sent instead of the v5. This is the v4->v5 missing diff Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2020-11-14efi_loader: Add basic EFI_TCG2_PROTOCOL supportIlias Apalodimas1-0/+94
Since U-boot EFI implementation is getting richer it makes sense to add support for EFI_TCG2_PROTOCOL taking advantage of any hardware TPM available on the device. This is the initial implementation of the protocol which only adds support for GetCapability(). It's limited in the newer and safer TPMv2 devices. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>