Add standalone STM hash record in PCR 0.

So that STM hash can be known in non-TXT launch path. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
2016-08-17 16:16:39 +08:00 · 2016-08-17 16:16:39 +08:00 · 2d49504a94
parent ac2a67c8b9
commit 2d49504a94
5 changed files with 25 additions and 0 deletions
--- a/Bios/StmCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
+++ b/Bios/StmCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.c
@ -93,6 +93,8 @@ SMM_S3_RESUME_STATE *mSmmS3ResumeState = NULL;
 UINTN mMaxNumberOfCpus = 1;
 UINTN mNumberOfCpus = 1;

+extern BOOLEAN mLockLoadMonitor;
+
 //
 // SMM ready to lock flag
 //
@ -832,6 +834,8 @@ SmmEndOfDxeEventNotify (
      Psd = (TXT_PROCESSOR_SMM_DESCRIPTOR*)(VOID*)(UINTN)(mCpuHotPlugData.SmBase[Index] + SMM_PSD_OFFSET);
      Psd->AcpiRsdp = (UINT64)(UINTN)Rsdp;
    }
+
+    mLockLoadMonitor = FALSE;
  }

  return EFI_SUCCESS;
--- a/Bios/StmCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
+++ b/Bios/StmCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.h
@ -51,6 +51,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/ReportStatusCodeLib.h>
 #include <Library/SmmCpuFeaturesLib.h>
 #include <Library/PeCoffGetEntryPointLib.h>
+#include <Library/TpmMeasurementLib.h>

 #include <AcpiCpuData.h>
 #include <CpuHotPlugData.h>
--- a/Bios/StmCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
+++ b/Bios/StmCpuPkg/PiSmmCpuDxeSmm/PiSmmCpuDxeSmm.inf
@ -122,6 +122,7 @@
  ReportStatusCodeLib
  SmmCpuFeaturesLib
  PeCoffGetEntryPointLib
+  TpmMeasurementLib

 [Protocols]
  gEfiSmmAccess2ProtocolGuid               ## CONSUMES
--- a/Bios/StmCpuPkg/PiSmmCpuDxeSmm/SmmStm.c
+++ b/Bios/StmCpuPkg/PiSmmCpuDxeSmm/SmmStm.c
@ -20,11 +20,16 @@
 #include "PiSmmCpuDxeSmm.h"
 #include "SmmStm.h"

+#define TXT_EVTYPE_BASE                  0x400
+#define TXT_EVTYPE_STM_HASH              (TXT_EVTYPE_BASE + 14)
+
 #define RDWR_ACCS             3
 #define FULL_ACCS             7

 extern EFI_HANDLE  mSmmCpuHandle;

+BOOLEAN mLockLoadMonitor = FALSE;
+
 //
 // Template of STM_RSC_END structure for copying.
 //
@ -911,6 +916,9 @@ LoadMonitor (
  IN UINTN                StmImageSize
  )
 {
+  if (mLockLoadMonitor) {
+    return EFI_ACCESS_DENIED;
+  }
  if ((AsmReadMsr64 (IA32_SMM_MONITOR_CTL_MSR_INDEX) & 0xFFFFF000) == 0) {
    return EFI_UNSUPPORTED;
  }
@ -923,6 +931,16 @@ LoadMonitor (
    return EFI_BUFFER_TOO_SMALL;
  }

+  // Record STM_HASH to PCR 0, just in case it is NOT TXT launch, we still need provide the evidence.
+  TpmMeasureAndLogData(
+    0,                        // PcrIndex
+    TXT_EVTYPE_STM_HASH,      // EventType
+    NULL,                     // EventLog
+    0,                        // LogLen
+    (VOID *)(UINTN)StmImage,  // HashData
+    StmImageSize              // HashDataLen
+    );
+
  StmLoadStmImage (StmImage, StmImageSize);

  mStmState |= EFI_SM_MONITOR_STATE_ENABLED;
--- a/Bios/StmCpuPkg/StmCpuPkg.dsc
+++ b/Bios/StmCpuPkg/StmCpuPkg.dsc
@ -58,6 +58,7 @@
  PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf
  PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
  PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
+  TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf

 [LibraryClasses.common.DXE_SMM_DRIVER]
  SmmServicesTableLib|MdePkg/Library/SmmServicesTableLib/SmmServicesTableLib.inf