Sync patches r13963, r13964, r13970, r13971, r13976 and r13978 from main trunk.

1.Measure ACPI table data comes from flash event type EV_POST_CODE ACPI DATA to PCR[0].
2.Re-measure ACPI table after fix up with event type EV_EFI_HANDOFF_TABLES to PCR[1].
3. Measure Processor location as system identity to PCR[1] according to Tcg server spec.


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/branches/UDK2010.SR1@14237 6f19259b-4bc3-4df7-8a09-765794883524

5 files changed, 135 insertions, 0 deletions

diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
index aa16641fde..6779230917 100644
--- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
+++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.c
@@ -34,6 +34,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Protocol/DevicePath.h>

 #include <Protocol/TcgService.h>

 #include <Protocol/AcpiTable.h>

+#include <Protocol/MpService.h>

 

 #include <Library/DebugLib.h>

 #include <Library/BaseMemoryLib.h>

@@ -159,6 +160,87 @@ UINTN  mBootAttempts  = 0;
 CHAR16 mBootVarName[] = L"BootOrder";

 

 /**

+  Get All processors EFI_CPU_LOCATION in system. LocationBuf is allocated inside the function

+  Caller is responsible to free LocationBuf.

+

+  @param[out] LocationBuf          Returns Processor Location Buffer.

+  @param[out] Num                  Returns processor number.

+

+  @retval EFI_SUCCESS              Operation completed successfully.

+  @retval EFI_UNSUPPORTED       MpService protocol not found.

+

+**/

+EFI_STATUS

+GetProcessorsCpuLocation (

+    OUT  EFI_CPU_PHYSICAL_LOCATION   **LocationBuf,

+    OUT  UINTN                       *Num

+  )

+{

+  EFI_STATUS                        Status;

+  EFI_MP_SERVICES_PROTOCOL          *MpProtocol;

+  UINTN                             ProcessorNum;

+  UINTN                             EnabledProcessorNum;

+  EFI_PROCESSOR_INFORMATION         ProcessorInfo;

+  EFI_CPU_PHYSICAL_LOCATION         *ProcessorLocBuf;

+  UINTN                             Index;

+

+  Status = gBS->LocateProtocol (&gEfiMpServiceProtocolGuid, NULL, (VOID **) &MpProtocol);

+  if (EFI_ERROR (Status)) {

+    //

+    // MP protocol is not installed

+    //

+    return EFI_UNSUPPORTED;

+  }

+

+  Status = MpProtocol->GetNumberOfProcessors(

+                         MpProtocol,

+                         &ProcessorNum,

+                         &EnabledProcessorNum

+                         );

+  if (EFI_ERROR(Status)){

+    return Status;

+  }

+

+  Status = gBS->AllocatePool(

+                  EfiBootServicesData,

+                  sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,

+                  (VOID **) &ProcessorLocBuf

+                  );

+  if (EFI_ERROR(Status)){

+    return Status;

+  }

+

+  //

+  // Get each processor Location info

+  //

+  for (Index = 0; Index < ProcessorNum; Index++) {

+    Status = MpProtocol->GetProcessorInfo(

+                           MpProtocol,

+                           Index,

+                           &ProcessorInfo

+                           );

+    if (EFI_ERROR(Status)){

+      FreePool(ProcessorLocBuf);

+      return Status;

+    }

+

+    //

+    // Get all Processor Location info & measure

+    //

+    CopyMem(

+      &ProcessorLocBuf[Index],

+      &ProcessorInfo.Location,

+      sizeof(EFI_CPU_PHYSICAL_LOCATION)

+      );

+  }

+

+  *LocationBuf = ProcessorLocBuf;

+  *Num = ProcessorNum;

+

+  return Status;

+}

+

+/**

   This service provides EFI protocol capability information, state information 

   about the TPM, and Event Log state information.

 

@@ -679,7 +761,12 @@ MeasureHandoffTables (
   SMBIOS_TABLE_ENTRY_POINT          *SmbiosTable;

   TCG_PCR_EVENT_HDR                 TcgEvent;

   EFI_HANDOFF_TABLE_POINTERS        HandoffTables;

+  UINTN                             ProcessorNum;

+  EFI_CPU_PHYSICAL_LOCATION         *ProcessorLocBuf;

 

+  //

+  // Measure SMBIOS with EV_EFI_HANDOFF_TABLES to PCR[1]

+  //

   Status = EfiGetSystemConfigurationTable (

              &gEfiSmbiosTableGuid,

              (VOID **) &SmbiosTable

@@ -708,6 +795,34 @@ MeasureHandoffTables (
                );

   }

 

+  if (PcdGet8 (PcdTpmPlatformClass) == TCG_PLATFORM_TYPE_SERVER) {

+    //

+    // Tcg Server spec. 

+    // Measure each processor EFI_CPU_PHYSICAL_LOCATION with EV_TABLE_OF_DEVICES to PCR[1]

+    //

+    Status = GetProcessorsCpuLocation(&ProcessorLocBuf, &ProcessorNum);

+

+    if (!EFI_ERROR(Status)){

+      TcgEvent.PCRIndex  = 1;

+      TcgEvent.EventType = EV_TABLE_OF_DEVICES;

+      TcgEvent.EventSize = sizeof (HandoffTables);

+

+      HandoffTables.NumberOfTables = 1;

+      HandoffTables.TableEntry[0].VendorGuid  = gEfiMpServiceProtocolGuid;

+      HandoffTables.TableEntry[0].VendorTable = ProcessorLocBuf;

+

+      Status = TcgDxeHashLogExtendEventI (

+                 &mTcgDxeData,

+                 (UINT8*)(UINTN)ProcessorLocBuf,

+                 sizeof(EFI_CPU_PHYSICAL_LOCATION) * ProcessorNum,

+                 &TcgEvent,

+                 (UINT8*)&HandoffTables

+                 );

+

+      FreePool(ProcessorLocBuf);

+    }

+  }

+

   return Status;

 }

 

diff --git a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
index 239997db7d..ba53d328d6 100644
--- a/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
+++ b/SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
@@ -62,6 +62,7 @@
   gEfiTcgProtocolGuid                           ## PRODUCES

   gEfiAcpiTableProtocolGuid                     # PROTOCOL ALWAYS_CONSUMED

   gEfiDevicePathProtocolGuid                    # PROTOCOL ALWAYS_CONSUMED

+  gEfiMpServiceProtocolGuid                     # PROTOCOL ALWAYS_CONSUMED

 

 [Pcd]

   gEfiSecurityPkgTokenSpaceGuid.PcdTpmPlatformClass

diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
index 6fa383d46d..7a16b9ca26 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.c
@@ -309,6 +309,20 @@ PublishAcpiTable (
              );

   ASSERT_EFI_ERROR (Status);

 

+

+  //

+  // Measure to PCR[0] with event EV_POST_CODE ACPI DATA

+  //

+  TpmMeasureAndLogData(

+    0,

+    EV_POST_CODE,

+    EV_POSTCODE_INFO_ACPI_DATA,

+    ACPI_DATA_LEN,

+    Table,

+    TableSize

+    );

+

+

   ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'c', 'g', 'T', 'a', 'b', 'l', 'e'));

   mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS));

   ASSERT (mTcgNvs != NULL);

diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
index 1706132d39..b03e49d6c9 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.h
@@ -17,8 +17,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 

 #include <PiDxe.h>

 #include <IndustryStandard/Acpi.h>

+#include <IndustryStandard/UefiTcgPlatform.h>

+

 #include <Guid/PhysicalPresenceData.h>

 #include <Guid/MemoryOverwriteControl.h>

+

 #include <Protocol/SmmSwDispatch2.h>

 #include <Protocol/AcpiTable.h>

 #include <Protocol/SmmVariable.h>

@@ -30,6 +33,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/UefiDriverEntryPoint.h>

 #include <Library/UefiBootServicesTableLib.h>

 #include <Library/DxeServicesLib.h>

+#include <Library/TpmMeasurementLib.h>

 

 #pragma pack(1)

 typedef struct {

diff --git a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
index 9c023cfa90..ff20a43193 100644
--- a/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
+++ b/SecurityPkg/Tcg/TcgSmm/TcgSmm.inf
@@ -44,6 +44,7 @@
   UefiBootServicesTableLib

   DebugLib

   DxeServicesLib

+  TpmMeasurementLib

 

 [Guids]

   gEfiPhysicalPresenceGuid