Skip to content

Commit f31a543

Browse files
committed
SecurityPkg: Introduce Dynamic TCG Log Scaling
Implemented dynamic TCG log scaling in Tcg2Dxe. When the log would become truncated it instead now dynamically scales doubling the size each time. An ERROR log is reported that an increase to your base log size should occur such that scaling is not necessary. This is a precaution against platforms that log a lot and the addition of new hashing algorithms for PQC. The log is allocated in BootServices memory. Tests were added via TcgLogTest which includes a DXE driver and a UEFI shell UnitTest app. The DXE driver handles pre-ReadyToBoot tests while the TestApp handles post-ReadyToBoot tests as well as gathering the test results from the DXE driver. Markdown documents were created to detail the changes. The dynamic scaling functionality removes setting the LAML/LASA in the ACPI table. Updated the ACPI code to fix an issue where the template was outdated and the revision was reporting V5 but the template was still using the V4 version of the Start Method specific parameters. Added the Truncation event marker to the end of the FinalEventLog when it becomes truncated. Added a event signal for when scaling occurs on the normal event log. Consumers can trigger callbacks on this event; the test app uses this to know when scaling occurs. Signed-off-by: Raymond Diaz <raymonddiaz@microsoft.com>
1 parent 945c142 commit f31a543

18 files changed

Lines changed: 2414 additions & 116 deletions

File tree

MdePkg/Include/IndustryStandard/Tpm2Acpi.h

Lines changed: 60 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -24,19 +24,25 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
2424
#define EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE_REVISION_5 16
2525
#define EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE_REVISION_5
2626

27-
typedef struct {
28-
EFI_ACPI_DESCRIPTION_HEADER Header;
29-
// Flags field is replaced in version 4 and above
30-
// BIT0~15: PlatformClass This field is only valid for version 4 and above
31-
// BIT16~31: Reserved
32-
UINT32 Flags;
33-
UINT64 AddressOfControlArea;
27+
// MU_CHANGE - [BEGIN]
28+
29+
// Common fields shared across all TPM2 ACPI table revisions.
30+
// Flags field is replaced in version 4 and above:
31+
// BIT0~15: PlatformClass This field is only valid for version 4 and above
32+
// BIT16~31: Reserved
33+
//
34+
#define EFI_TPM2_ACPI_TABLE_COMMON_FIELDS \
35+
EFI_ACPI_DESCRIPTION_HEADER Header; \
36+
UINT32 Flags; \
37+
UINT64 AddressOfControlArea; \
3438
UINT32 StartMethod;
35-
// UINT8 PlatformSpecificParameters[]; // size up to 16
36-
// UINT32 Laml; // Optional
37-
// UINT64 Lasa; // Optional
39+
40+
typedef struct {
41+
EFI_TPM2_ACPI_TABLE_COMMON_FIELDS
3842
} EFI_TPM2_ACPI_TABLE;
3943

44+
// MU_CHANGE - [END]
45+
4046
#define EFI_TPM2_ACPI_TABLE_START_METHOD_ACPI 2
4147
#define EFI_TPM2_ACPI_TABLE_START_METHOD_TIS 6
4248
#define EFI_TPM2_ACPI_TABLE_START_METHOD_COMMAND_RESPONSE_BUFFER_INTERFACE 7
@@ -64,7 +70,8 @@ typedef struct {
6470
UINT32 Interrupt;
6571
UINT8 Flags;
6672
UINT8 OperationFlags;
67-
UINT8 Reserved[2];
73+
UINT8 Attributes; // MU_CHANGE
74+
UINT8 Reserved; // MU_CHANGE
6875
UINT32 SmcFunctionId;
6976
} EFI_TPM2_ACPI_START_METHOD_SPECIFIC_PARAMETERS_ARM_SMC;
7077

@@ -80,6 +87,48 @@ typedef struct {
8087
UINT8 Reserved[8];
8188
} EFI_TPM2_ACPI_START_METHOD_SPECIFIC_PARAMETERS_ARM_FFA;
8289

90+
// MU_CHANGE - [BEGIN]
91+
92+
typedef struct {
93+
EFI_TPM2_ACPI_TABLE_COMMON_FIELDS
94+
95+
// StartMethodSpecificParameters is variable in size and LAML/LASA are
96+
// optional fields. It is the user's responsibility to access the
97+
// Header.Length field to determine what is accessible in the table.
98+
union {
99+
UINT8 PlatformSpecificParameters[EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE_REVISION_4];
100+
EFI_TPM2_ACPI_START_METHOD_SPECIFIC_PARAMETERS_ARM_SMC SmcParameters;
101+
} StartMethodSpecificParameters;
102+
103+
UINT32 Laml; // Optional
104+
UINT64 Lasa; // Optional
105+
} EFI_TPM2_ACPI_TABLE_V4;
106+
107+
typedef struct {
108+
EFI_TPM2_ACPI_TABLE_COMMON_FIELDS
109+
110+
// StartMethodSpecificParameters is variable in size and LAML/LASA are
111+
// optional fields. It is the user's responsibility to access the
112+
// Header.Length field to determine what is accessible in the table.
113+
union {
114+
UINT8 PlatformSpecificParameters[EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE_REVISION_5];
115+
EFI_TPM2_ACPI_START_METHOD_SPECIFIC_PARAMETERS_ARM_SMC SmcParameters;
116+
EFI_TPM2_ACPI_START_METHOD_SPECIFIC_PARAMETERS_ARM_FFA FfaParameters;
117+
} StartMethodSpecificParameters;
118+
119+
UINT32 Laml; // Optional
120+
UINT64 Lasa; // Optional
121+
} EFI_TPM2_ACPI_TABLE_V5;
122+
123+
typedef struct {
124+
EFI_TPM2_ACPI_TABLE_COMMON_FIELDS
125+
UINT8 PlatformSpecificParameters[EFI_TPM2_ACPI_TABLE_START_METHOD_SPECIFIC_PARAMETERS_MAX_SIZE];
126+
UINT32 Laml; // Optional
127+
UINT64 Lasa; // Optional
128+
} EFI_TPM2_ACPI_TABLE_TEMPLATE;
129+
130+
// MU_CHANGE - [END]
131+
83132
#define EFI_TPM2_ACPI_TABLE_ARM_FFA_PARAMETER_FLAG_NOTIFICATION_SUPPORT BIT0
84133

85134
#define EFI_TPM2_ACPI_TABLE_ARM_FFA_PARAMETER_ATTR_MEM_TYPE_MASK 0x3
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
/** @file
2+
Defines the GUID used to signal that the TCG event log has been dynamically
3+
scaled. Consumers may register a notification callback on this event group
4+
to react to the scaling event.
5+
6+
Copyright (c), Microsoft Corporation.
7+
SPDX-License-Identifier: BSD-2-Clause-Patent
8+
**/
9+
10+
#ifndef TCG2_EVENT_LOG_SCALED_H_
11+
#define TCG2_EVENT_LOG_SCALED_H_
12+
13+
#define TCG2_EVENT_LOG_SCALED_GUID \
14+
{ \
15+
0x9b4f7c2a, 0x1d3e, 0x4a8b, { 0x9c, 0x6f, 0x5e, 0x8d, 0x2a, 0x1b, 0x4c, 0x7f } \
16+
}
17+
18+
extern EFI_GUID gTcg2EventLogScaledGuid;
19+
20+
#endif // TCG2_EVENT_LOG_SCALED_H_

SecurityPkg/SecurityPkg.dec

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -202,6 +202,11 @@
202202
## Include/Guid/TcgEventHob.h
203203
gTcg800155PlatformIdEventHobGuid = { 0xe2c3bc69, 0x615c, 0x4b5b, { 0x8e, 0x5c, 0xa0, 0x33, 0xa9, 0xc2, 0x5e, 0xd6 }}
204204

205+
## MU_CHANGE
206+
## GUID used to signal dynamic scaling of the TCG event log.
207+
## Include/Guid/Tcg2EventLogScaled.h
208+
gTcg2EventLogScaledGuid = { 0x9b4f7c2a, 0x1d3e, 0x4a8b, { 0x9c, 0x6f, 0x5e, 0x8d, 0x2a, 0x1b, 0x4c, 0x7f }}
209+
205210
## HOB GUID used to pass all PEI measured FV info to DXE Driver.
206211
# Include/Guid/MeasuredFvHob.h
207212
gMeasuredFvHobGuid = { 0xb2360b42, 0x7173, 0x420a, { 0x86, 0x96, 0x46, 0xca, 0x6b, 0xab, 0x10, 0x60 }}
@@ -301,6 +306,14 @@
301306
# Include/Protocol/MuTcg2Protocol.h
302307
gMuTcg2ProtocolExGuid = {0x227e7984, 0x1a77, 0x4762, { 0x96, 0x69, 0x57, 0x4c, 0xda, 0xd1, 0xa0, 0x1e }}
303308
## MU_CHANGE - END - Add a new protocol to support Log-only events.
309+
310+
## MU_CHANGE - [BEGIN]
311+
## Protocol used to test dynamic TCG log scaling functionality. This is a private protocol with visibility to
312+
## only the TestApp and DXE driver.
313+
# Tcg/TcgLogTest/TcgLogTest.h
314+
gTcgLogTestProtocolGuid = {0xa3c12f80, 0x7d9e, 0x4b5a, { 0x91, 0xe4, 0x6c, 0xf8, 0x2d, 0xa1, 0xb7, 0x03 }}
315+
## MU_CHANGE - [END]
316+
304317
[Ppis]
305318
## The PPI GUID for that TPM physical presence should be locked.
306319
# Include/Ppi/LockPhysicalPresence.h

SecurityPkg/SecurityPkg.dsc

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -249,6 +249,16 @@
249249

250250
SecurityPkg/Applications/TpmShellApp/TpmShellApp.inf ## MU_CHANGE
251251

252+
## MU_CHANGE - [BEGIN]
253+
SecurityPkg/Tcg/TcgLogTest/TcgLogTestDxe.inf
254+
SecurityPkg/Tcg/TcgLogTest/TcgLogTestApp.inf {
255+
<LibraryClasses>
256+
UnitTestLib|UnitTestFrameworkPkg/Library/UnitTestLib/UnitTestLib.inf
257+
UnitTestPersistenceLib|UnitTestFrameworkPkg/Library/UnitTestPersistenceLibNull/UnitTestPersistenceLibNull.inf
258+
UnitTestResultReportLib|UnitTestFrameworkPkg/Library/UnitTestResultReportLib/UnitTestResultReportLibConOut.inf
259+
}
260+
## MU_CHANGE - [END]
261+
252262
#
253263
# TCG Storage.
254264
#

SecurityPkg/Tcg/Tcg2Acpi/Tcg2Acpi.c

Lines changed: 60 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
7474
//
7575
#define MAX_PRS_INT_BUF_SIZE (15*4)
7676

77-
#pragma pack(1)
77+
// MU_CHANGE - [BEGIN]
78+
79+
#if 0
80+
81+
#pragma pack(1)
7882

7983
typedef struct {
8084
EFI_ACPI_DESCRIPTION_HEADER Header;
@@ -89,23 +93,13 @@ typedef struct {
8993
UINT64 Lasa; // Optional
9094
} EFI_TPM2_ACPI_TABLE_V4;
9195

92-
#pragma pack()
96+
#pragma pack()
9397

94-
EFI_TPM2_ACPI_TABLE_V4 mTpm2AcpiTemplate = {
95-
{
96-
EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE,
97-
sizeof (mTpm2AcpiTemplate),
98-
EFI_TPM2_ACPI_TABLE_REVISION,
99-
//
100-
// Compiler initializes the remaining bytes to 0
101-
// These fields should be filled in in production
102-
//
103-
},
104-
0, // BIT0~15: PlatformClass
105-
// BIT16~31: Reserved
106-
0, // Control Area
107-
EFI_TPM2_ACPI_TABLE_START_METHOD_TIS, // StartMethod
108-
};
98+
#endif
99+
100+
EFI_TPM2_ACPI_TABLE_TEMPLATE mTpm2AcpiTemplate;
101+
102+
// MU_CHANGE - [END]
109103

110104
TCG_NVS *mTcgNvs;
111105

@@ -793,6 +787,8 @@ PublishTpm2 (
793787
UINT64 OemTableId;
794788
EFI_TPM2_ACPI_CONTROL_AREA *ControlArea;
795789
TPM2_PTP_INTERFACE_TYPE InterfaceType;
790+
EFI_TPM2_ACPI_TABLE_V4 *Tpm2AcpiTableV4; // MU_CHANGE
791+
EFI_TPM2_ACPI_TABLE_V5 *Tpm2AcpiTableV5; // MU_CHANGE
796792

797793
//
798794
// Measure to PCR[0] with event EV_POST_CODE ACPI DATA.
@@ -810,13 +806,14 @@ PublishTpm2 (
810806
EV_POSTCODE_INFO_ACPI_DATA,
811807
ACPI_DATA_LEN,
812808
&mTpm2AcpiTemplate,
813-
mTpm2AcpiTemplate.Header.Length
809+
sizeof (EFI_TPM2_ACPI_TABLE_TEMPLATE)
814810
);
815811
}
816812

817813
// MU_CHANGE [END]
818814

819-
mTpm2AcpiTemplate.Header.Revision = PcdGet8 (PcdTpm2AcpiTableRev);
815+
mTpm2AcpiTemplate.Header.Signature = EFI_ACPI_5_0_TRUSTED_COMPUTING_PLATFORM_2_TABLE_SIGNATURE; // MU_CHANGE
816+
mTpm2AcpiTemplate.Header.Revision = PcdGet8 (PcdTpm2AcpiTableRev); // MU_CHANGE
820817
DEBUG ((DEBUG_INFO, "Tpm2 ACPI table revision is %d\n", mTpm2AcpiTemplate.Header.Revision));
821818

822819
//
@@ -829,17 +826,50 @@ PublishTpm2 (
829826
DEBUG ((DEBUG_INFO, "Tpm2 ACPI table PlatformClass is %d\n", (mTpm2AcpiTemplate.Flags & 0x0000FFFF)));
830827
}
831828

832-
mTpm2AcpiTemplate.Laml = PcdGet32 (PcdTpm2AcpiTableLaml);
833-
mTpm2AcpiTemplate.Lasa = PcdGet64 (PcdTpm2AcpiTableLasa);
834-
if ((mTpm2AcpiTemplate.Header.Revision < EFI_TPM2_ACPI_TABLE_REVISION_4) ||
835-
(mTpm2AcpiTemplate.Laml == 0) || (mTpm2AcpiTemplate.Lasa == 0))
836-
{
837-
//
838-
// If version is smaller than 4 or Laml/Lasa is not valid, rollback to original Length.
839-
//
840-
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE);
829+
// MU_CHANGE - [BEGIN]
830+
831+
switch (mTpm2AcpiTemplate.Header.Revision) {
832+
case EFI_TPM2_ACPI_TABLE_REVISION_3:
833+
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE);
834+
break;
835+
836+
case EFI_TPM2_ACPI_TABLE_REVISION_4:
837+
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE_V4);
838+
Tpm2AcpiTableV4 = (EFI_TPM2_ACPI_TABLE_V4 *)&mTpm2AcpiTemplate;
839+
Tpm2AcpiTableV4->Laml = PcdGet32 (PcdTpm2AcpiTableLaml);
840+
Tpm2AcpiTableV4->Lasa = PcdGet64 (PcdTpm2AcpiTableLasa);
841+
842+
if ((Tpm2AcpiTableV4->Laml == 0) || (Tpm2AcpiTableV4->Lasa == 0)) {
843+
// Remove LAML/LASA from the length if either is 0.
844+
mTpm2AcpiTemplate.Header.Length -= (sizeof (UINT32) + sizeof (UINT64));
845+
}
846+
847+
break;
848+
849+
case EFI_TPM2_ACPI_TABLE_REVISION_5:
850+
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE_V5);
851+
Tpm2AcpiTableV5 = (EFI_TPM2_ACPI_TABLE_V5 *)&mTpm2AcpiTemplate;
852+
Tpm2AcpiTableV5->Laml = PcdGet32 (PcdTpm2AcpiTableLaml);
853+
Tpm2AcpiTableV5->Lasa = PcdGet64 (PcdTpm2AcpiTableLasa);
854+
855+
if ((Tpm2AcpiTableV5->Laml == 0) || (Tpm2AcpiTableV5->Lasa == 0)) {
856+
// Remove LAML/LASA from the length if either is 0.
857+
mTpm2AcpiTemplate.Header.Length -= (sizeof (UINT32) + sizeof (UINT64));
858+
}
859+
860+
break;
861+
862+
default:
863+
mTpm2AcpiTemplate.Header.Length = sizeof (EFI_TPM2_ACPI_TABLE_TEMPLATE);
864+
DEBUG ((DEBUG_ERROR, "TPM2 revision get error! %d\n", mTpm2AcpiTemplate.Header.Revision));
865+
ASSERT (FALSE);
866+
break;
841867
}
842868

869+
DEBUG ((DEBUG_INFO, "Tpm2 ACPI table size %d\n", mTpm2AcpiTemplate.Header.Length));
870+
871+
// MU_CHANGE - [END]
872+
843873
InterfaceType = PcdGet8 (PcdActiveTpmInterfaceType);
844874
switch (InterfaceType) {
845875
case Tpm2PtpInterfaceCrb:
@@ -853,9 +883,11 @@ PublishTpm2 (
853883
break;
854884
case Tpm2PtpInterfaceFifo:
855885
case Tpm2PtpInterfaceTis:
886+
mTpm2AcpiTemplate.StartMethod = EFI_TPM2_ACPI_TABLE_START_METHOD_TIS; // MU_CHANGE
856887
break;
857888
default:
858889
DEBUG ((DEBUG_ERROR, "TPM2 InterfaceType get error! %d\n", InterfaceType));
890+
ASSERT (FALSE); // MU_CHANGE
859891
break;
860892
}
861893

0 commit comments

Comments
 (0)