This reverts commit 2f277eb9f1.
Due to entire binaries being dumped in eventlog, many event
getting skipped for space constraint. Hence reverting.
Signed-off-by: Antara Borwankar <antara.borwankar@intel.com>
Update copyright years
Initialize pointers to NULL
Check pointers for NULL before de-reference
Standardize debug logs
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* [ADL] Update TPM event logging to match BIOS
If measured boot disabled via BtG profile but enabled via SBL
config flag, skip logging startup locality TPM event
If measured boot enabled via BtG profile or SBL config flag, log
CRTM version TPM event
Set startup locality based off startup locality on ACM policy status
Log detail and authority PCR events based off SCTRM status on ACM
policy status
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
* Initialize startup locality and remove measured boot check
Initialize startup locality variable used in setting up event
log
Remove measured boot check as it is not seen in BIOS and it
occurs at higher level
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
---------
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
Whenever EV_EFI_VARIABLE_DRIVER_CONFIG is specified as TPM event type,
the data that accompanies it is expected to be an UEFI variable in the
appropriate format
This change fixes an erroneously typed TPM event so that the tpm2_eventlog
command works in Linux
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
In BIOS, all stage measurements are of type
EV_EFI_PLATFORM_FIRMWARE_BLOB. This change aligns SBL
with BIOS.
Signed-off-by: Sean McGinn <sean.mcginn@intel.com>
Universal paayload hobs are updated for secure boot
and measured boot. Event logs Hobs are created to consume
by TCG2Dxe in uefi payload.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Convert the line endings stored for all text files in the repository to
LF. The majority previously used DOS-style CRLF line endings. Add a
.gitattributes file to enforce this and treat certain extensions as
never being text files.
Update PatchCheck.py to insist on LF line endings rather than CRLF.
However, its other checks fail on this commit due to lots of
pre-existing complaints that it only notices because the line endings
have changed.
Silicon/QemuSocPkg/FspBin/Patches/0001-Build-QEMU-FSP-2.0-binaries.patch
needs to be treated as binary since it contains a mixture of line
endings.
This change has implications depending on the client platform you are
using the repository from:
* Windows
The usual configuration for Git on Windows means that text files will
be checked out to the work tree with DOS-style CRLF line endings. If
that's not the case then you can configure Git to do so for the entire
machine with:
git config --global core.autocrlf true
or for just the repository with:
git config core.autocrlf true
Line endings will be normalised to LF when they are committed to the
repository. If you commit a text file with only LF line endings then it
will be converted to CRLF line endings in your work tree.
* Linux, MacOS and other Unices
The usual configuration for Git on such platforms is to check files out
of the repository with LF line endings. This is probably the right thing
for you. In the unlikely even that you are using Git on Unix but editing
or compiling on Windows for some reason then you may need to tweak your
configuration to force the use of CRLF line endings as described above.
* General
For more information see
https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings .
Fixes: https://github.com/slimbootloader/slimbootloader/issues/1400
Signed-off-by: Mike Crowe <mac@mcrowe.com>
As per TCG spec, if a Tpm2Startup(TPM_SU_STATE) fails during
S3 resume, a host reset should be done.
When BootGuard is enabled, ACM will notify of this failure via Bit46 in
BootGuardBootStatus register.
Signed-off-by: Sachin Agrawal <sachin.agrawal@intel.com>
Platform debug mode is extended to PCR[7]
as part of secure boot policy. Updated bit setting
to LoaderPlatformInfo for payloads to consume.
Debug mode is checked in payload.
ArchitecturalMsr.h ported fom EDK2 repo.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Unified interface is added in TpmLib to extend stage and
OS Image digest. For Container OS Image this interface
is added as callback functionality. IAS image utilizes same
functionality to extend TPM digest.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
- Added GetHashToExtend to bootloader common API to
retrive digest to extend
- Hash calculations for stage component and config date updated
to use bootloader common API
- Added functionality to extend KeyHashManifest digest
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
LoadComponentCallback is extended to perfom TPM extend
for firmware component stages. Component callback would be
invoked after authentication.
TpmExtendStageHash would extend hash based on hash validity.
TpmExtendConfigData is added to handle the Config data blob extend.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
Current Slimbootloader supports only TPM for SHA256 PCR.
This patch introduces flexibility for user to select TPM
PCR bank available while build. Support of SHA384 and
SM3 to TPM measured boot are added.
Added/modified TPMLib APIs to support multiple PCR
usecases. Currently one PCR active bank usecase is supported.
For first boot SHA256/default TPM PCR would be available which
is default for most supported TPM's. Selected TPM PCR will be
available after reboot.
TPM selection would be based on PcdMeasuredBootHashMask set at
build time.
Signed-off-by: Subash Lakkimsetti <subash.lakkimsetti@intel.com>
HASH_STORE_TABLE is updated and HASH_STORE_DATA is added
to provide info with variable length sizes. Usage bits would
notify for multiple component/key using the same hash.
These data structure would optimize the hash store size
in storage.
PcdHashStoreSize would define the size of Hash store
to allocate in bios bootup.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
Component Hash is passed with TpmExtendHash if available.
Hash Store is getting optimized on storage and this would avoid
setting component hash in hash table. SetComponent Hash API is
removed in bootloaderlib.
Added HashAlg param to TpmExtendHash for future purposes
where TPM PCR bank would be selected based on HashAlg.
Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
This will fully support PatchCheck.py.
- Remove all trailing whitespace
- Convert LF to CRLF by default
- Update EFI_D_* to DEBUG_*
- Re-enable CRLF check in PatchCheck.py
Signed-off-by: Aiden Park <aiden.park@intel.com>
aborwank
sean-m-mcginn
Sean McGinn
Subash Lakkimsetti
Mike Crowe
Sachin Agrawal
Subash Lakkimsetti
Subash Lakkimsetti
Aiden Park
Guo Dong
Maurice Ma