Publish EDK's TPM eventlog that contains coreboot's entries #139
Commits on Aug 8, 2024
-
DasharoPayloadPkg,SecurityPkg: import coreboot's TPM log
Find the log using DasharoPayloadPkg/CbParseLib in DasharoPayloadPkg/BlSupportPei and create HOBs like those produced by TcgPei and Tcg2Pei all of which will be picked up by TcgDxe and Tcg2Dxe. TPM1 case is quite simple: - use coreboot's Spec ID Event as EDK doesn't seem to add one of its own TPM2 case is more advanced and is more complicated: - don't create a HOB for coreboot's Spec ID Event (the first entry) because TPM2 can have multiple digests and coreboot produces at most one - when importing HOBs in Tcg2Dxe add missing hashes of OneDigest kind from TXT spec (0x01 followed by 0x00 bytes) just to not come up with some custom placeholder Signed-off-by: Sergii Dmytruk <[email protected]>
-
SecurityPkg: publish TPM2 event log in ACPI
Basically a copy&paste from Tcg2Smm. Intentionally not making any changes (like dropping use of PCDs to pass data) beyond what's necessary to make it work. No need for an analogous change for TPM1 because TcgDxe already publishes the log. Signed-off-by: Sergii Dmytruk <[email protected]>
-
DasharoModulePkg/DasharoVariablesLib: fix non-deterministic measurements
This fixes "SecurityPkg: measure Dasharo variables before boot". gRT->GetNextVariableName() doesn't return variables in any fixed order. Seems like the order matches order in SMMSTORE. This means that measuring variables while enumerating them will produce different results depending on which variables were update last (setting a variable in SMMSTORE is marking old entry as deleted and appending of a new one). Sort list of variables that share the same GUID before measuring any of them to impose a fixed order. Also fix spacing in several places. Signed-off-by: Sergii Dmytruk <[email protected]>
-
SecurityPkg/Tcg2Pei: allow enabling PCR banks according to configuration
Prior to this change the code could only disable banks unsupported by the BIOS and not enable those which are supported. This resulted in not touching TPM configuration if an unsupported bank was already selected instead of automatically switching on supported banks. Signed-off-by: Sergii Dmytruk <[email protected]>
-
SecurityPkg/Tcg2Config: hide unsupported hashes
Selecting them won't result in enabling them, so they shouldn't show up in the UI. Signed-off-by: Sergii Dmytruk <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.