Added debug trace messages on LocateProtocol failure for
gEfiDxeSmmReadyToLockProtocolGuid. Returned device error in case of
EfiCreateProtocolNotifyEvent failure.
Removed ASSERT due to if condition.
Signed-off-by: Arun Subramanian Baskaran <arun.subramanian.baskaran@intel.com>
[Issue] : There is no DLINK_FLAGS definition for CLANGPDB,
leading to potential discrepancies in build alignments
[Resolution] : This change adds a CLANGPDB line for DLINK_FLAGS.
Maintaining the alignment with existing standards in place for
other compiler packages.
Signed-off-by: Deepak5x <deepakx.singh@intel.com>
Previously, the implementation restricted usage to TPM instances with the
DTPM ID, which worked only if the system supported TPM over FFA but still
set the instance ID to DTPM. However, Tpm2InstanceLibFfa requires the
`PcdTpmInstanceGuid` to be set to `gTpm2ServiceFfaGuid`.
This update expands support by allowing the `PcdTpmInstanceGuid` to
include the TPM-over-FFA instance GUID, enabling proper registration of
the PPI.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
The current implementation checks `PcdTpmInstanceGuid` and enforces the
use of the DTPM instance GUID. However, for FFA-specific modules, the
correct value should be `gTpm2ServiceFfaGuid`.
This update fixes the validation logic to support routing through
Tpm2DeviceLibRouter* with the appropriate instance library, which
requires the instance ID to be set to `gTpm2ServiceFfaGuid`.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
By edk2 convention, a NULL library should be called *LibNull.
This library did not follow this convention, so rename i.
Signed-off-by: Leif Lindholm <leif.lindholm@oss.qualcomm.com>
PeilessSecMeasureLib is library to support
measurement and extend PCR in PeilessSec where no PEI phase exist.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
PeilessSec couldn't use the HasLibTpm2 since:
- HashLibTpm2 uses memory allocation/free for Hash interface.
But in PeilessSecPhase doesn't support the free memory since
the allocation of memory via MemoryAllocation APIs is allocated
using HOB which couldn't be freed.
- In SEC phase, it couldn't use DynamicPcd -- PcdHashMasks
- PeilessSec utilises the algorithm passed in
the SpecId event log handed off by TF-A
To address theses, introduce HashLibTpm2PeilessSec used for
measurements in the PeilessSec.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
edk2 is dropping support for the ARM32 architecture. This
commit removes ARM32 code in SecurityPkg.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
As a BASE type library, currently the TCG PEI driver, Tcg2Pei.inf links
the library. On edk2-stable202508 version, it is found that the driver
includes and updates the global variable of mLastCommandSent in debug
build. Also found that the previous commit (460f270) for the library adds
and uses the global variable. Updating the global variable in PEI drivers
could affect the following issues. To address these issues, remove the
global variable usage.
PEI ROM Boot : Global variable is not updated
PEI RAM Boot : PEI FV integration/security check is failed
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
When ArmFfaLibDirectMsgReq(2) is preempted, caller of these functions
should resume it works via ArmFfaLibRun() and the secure partition
will be return with FFA_DIRECT_MSG_RESP(2) with return arguments.
However, since ArmFfaLibRun() gets its return in its stack variable,
So caller of ArmFfaLibRun() doesn't get the return arguments from
secure partition.
To resolve this, add output parameter to ArmFfaLibRun() to
receive return arguments.
Continuous-integration-options: PatchCheck.ignore-multi-package
Fixes: 5d1b38dd07 ("ArmPkg: Add ArmFfaLib used in Dxe driver")
Reported-by: Mariam Elshakfy <Mariam.Elshakfy@arm.com>
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Adds more detail to the function description so the dependencies
and outcomes of the verification process are easier for a reviewer
and consumer to understand.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Currently a EFI_DEVICE_ERROR is returned if `TPM_RC_HANDLE` is the
return code from a TPM2_NV_ReadPublic command. However, in the TCG
TPM Library Part 3: Commands specification, `TPM_RC_HANDLE` is a
return code if:
1. An Index does not exist that corresponds to the handle
(TPM_RC_HANDLE)
2. The hierarchy associated with the existing NV Index is not
enabled (TPM_RC_HANDLE)
Therefore, return EFI_NOT_FOUND in this case, since that more
precisely allows a caller to identify this condition and act on
it as opposed to a more generic device error.
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
First, If there are multiple devices in DeviceList and are going to
remove the first device in the DeviceList, the DeviceList will be
cleared up with setting to NULL.
This is not the expected behavior, as it should keep the rest of the
devices in the DeviceList. DeviceList should point to the next device,
Dev->Next.
Second, there is a potential infinite while loop if TmpDev->Next not
equal to Dev. TmpDev should point to next device.
Signed-off-by: Hunter Chang <hunter.chang@intel.com>
Add initial unit test for DxeImageVerificationHandler to
validate signature verification bypass for selected image types.
Signed-off-by: Alexander Gryanko <xpahos@gmail.com>
To support TPM2 devices that operate over the FF-A specification using CRB
in the Tcg2Pei PEIM, add the Tcg2ConfigFfaPei PEIM to
detect the presence of such TPM2 devices.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
To support measurement and extend PCR in PeilessSec with
TPM device using FF-A over CRB, add Tpm2DeviceSecLibFfa for PeilessSec.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
This is preparation patch to add Tpm2DeviceSecLibFfa for SEC
used in PeilessSec.
In SEC phase, DynamicPcd used for cacahing TPM2 information
couldn't be used.
To resolve this, writes wrapper functions to get TPM2 information
so that in the wrapper functions used in SEC wouldn't use the
related DyanmicPcd.
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
When DEBUG_SECURITY was added, not all prints in
Tpm2DeviceLibDTpmDump.c were updated. This commit updates
the remaining prints.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
The Event3 memory comparison is technically correct since the
definitions of the struct types are the same. The extended
bodies of the events are different. The Event2 size guard
for the Event3 comparison should be split to use the Event3
in its sizeof for better clarity.
The large single condition makes the function difficult to
understand, so the combined logic is split into different
conditional statements.
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
[ardb: whitespace fixes]
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
This commit adds additional dumping logic to Tpm2DeviceLibDTpm,
print at DEBUG_SECURITY to aid in TPM debugging.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
Co-authored-by: Bret Barkelew <brbarkel@microsoft.com>
The TPM code is currently very noisy (e.g. in a sample platform,
4,000 of the 5,700 lines printed to the serial port at DEBUG_INFO
level were from the TPM code). For TPM debugging, this is very
critical information, but for most builds it simply spams the logs
and slows down the build.
This commit moves the event log and PCR dumping to log at
DEBUG_SECURITY level.
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
The TCG code is very noisy when a TPM is connected. This
commit downgrades some prints to verbose and removes some
others that do not have value (such as function enter and
exit prints).
Signed-off-by: Oliver Smith-Denny <osde@microsoft.com>
CC_MR_INDEX_0_MRTD indicates the MRTD register. This register is NOT
extendable in TDVF. So the return value of TdxMeasurementMapPcrToMrIndex
must be checked.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Ceping Sun <cepingx.sun@intel.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3267
Adds two new helper functions.
Currently, a function exists in Tpm2CommandLib to copy a digest list
to a buffer. A function to perform the inverse operation - copying
from a buffer to a digest list is added.
A function is also added to compute the total digest size for a given
hash algorithm mask.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Some of the spdmlib crypto functions return 'false' in
functions that return a pointer to indicate a null
return. false is mapped to FALSE to cover other usages
to return a boolean value.
Add -Wno-non-literal-null-conversion for CLANGPDB and
CLANGDWARF to ignore these types of errors from CLANG
builds within this one library build that uses the
spdmlib git submodule.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
Fix CLANG 20.1.0 enum conversion errors
Address implied conversion between enum types by using
the enum type from spdmlib and remove the enum types
that are never used after this update.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
This change introduces a `Tpm2InstanceLibFfa` library to support TPM over
FF-A and works with Tpm2DeviceLibRouter* libraries.
The implementation follows the TPM over FF-A spec v1.0 BET:
https://developer.arm.com/documentation/den0138/latest/
The change is tested on QEMU SBSA virtual platform and proprietary
hardware platforms.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
TPM over FF-A is a mechanism enabling the normal world to communicate
with TPM devices offered as a FF-A service in the secure world.
This update introduces a header file containing definitions from the TPM
over FF-A specification, as detailed in the following documentation:
https://developer.arm.com/documentation/den0138/latest/
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change adds a new driver Tcg2AcpiFfa. It will publish the TPM2 and
the corresponding SSDT table that is responsible for supporting the
physical presence interface through ASL methods during OS runtime.
Co-authored-by: Raymond Diaz <raymonddiaz@microsoft.com>
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change adds a new library instance of SmmTcg2PhysicalPresenceLib. It
will directly check on the PCD value instead of relying on the HOB value,
which will require change on the TFA/SPMC side.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change adds a new driver Tcg2StandaloneMmArm. It will register an
MMI handler that is responsible for supporting the physical presence
interface from ASL methods during OS runtime.
Platforms need to expose the PPI ACPI function GUID in the Standalone MM
secure partition.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
This change adds a GUID for the physical presence interface. This is
defined in TCG Physical Presence Interface v1.30, Rev. 00.52: Section
8.1 ACPI Functions.
Signed-off-by: Kun Qin <kun.qin@microsoft.com>
Improve OpalDriverGetDriverDeviceName function that gets device name
through the component name protocol. Currently the function searches for
all handles (as controller handle) to find the right GetControllerName
service for the child handle. The update improves the way to get device
name and supports better performance (e.g. 1681(μs) -> 3(μs) for 1 NVMe
device). This can prevent a compatibility issue for GetControllerName
service of some drivers, which is not flexible for handle parameter
information (e.g. it was found that an EFI driver caused an exception
error/hang when GetControllerName service for the driver is called in
OpalDriverGetDeviceNameByProtocol function).
Signed-off-by: Phil Noh <Phil.Noh@amd.com>
AmdSvsmLib currently doesn't check if SNP enabled, thus using AmdSvsmLib
may errantly cause the caller code to believe SVSM is present. This
leads to boot failure on non-SNP enabled VMs.
We use the PcdConfidentialComputingGuestAttr since it remains valid
after MpInitLib runs which invalidates PcdSevEsWorkArea's cached
sev-status msr which we use to check for SNP enabled in other places.
The added functions ConfidentialComputingGuestHas() and
AmdMemEncryptionAttrCheck() are copied from MpLib.c, which is intended
to be replaced later on with a more minimal library perhaps in MdePkg to
cleanup some of the circular dependencies currently surrounding SvsmLib.
Signed-off-by: Jacob Xu <jacobhxu@google.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
This commit adds the ability to skip the setting the Dbx variable if
the Default being provided is less than the size of the
EFI_SIGNATURE_LIST structure. This is to prevent the
setting of an invalid DBX which would cause the system to fail to boot.
Additionally, this can be used to signal that setting the DBX
should leave DBX undefined for Platforms that want to let the OS
be the sole servicer of the DBX.
Breakdown of the math is as follows:
1. **`sizeof(EFI_SIGNATURE_LIST)`**:
- This is the size of the `EFI_SIGNATURE_LIST` structure itself,
which includes:
- `EFI_GUID SignatureType` (16 bytes)
- `UINT32 SignatureListSize` (4 bytes)
- `UINT32 SignatureHeaderSize` (4 bytes)
- `UINT32 SignatureSize` (4 bytes)
- Total: `16 + 4 + 4 + 4 = 28 bytes`
2. **`SignatureHeaderSize`**:
- This is the size of the optional signature header. If no header is
provided, this value is `0`.
3. **`SignatureSize`**:
- This is the size of each `EFI_SIGNATURE_DATA` entry. For an empty
list, this value is `0`.
The total size of an empty `EFI_SIGNATURE_LIST` is:
```c
sizeof(EFI_SIGNATURE_LIST) + SignatureHeaderSize
```
1. **No Signature Header**:
- If `SignatureHeaderSize = 0`, the size is:
```c
28 + 0 = 28 bytes
```
2. **With a Signature Header**:
- If `SignatureHeaderSize = 16` (example size for a header), the
size is:
```c
28 + 16 = 44 bytes
```
- **Minimum Size**: `28 bytes` (if `SignatureHeaderSize = 0`).
- **Additional Size**: Add the value of `SignatureHeaderSize` if a
header is included.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
RsaGetPublicKeyFromX509 allocates memory for RsaContext parameter
and the memory allocated earlier is not necessary
Signed-off-by: Anbazhagan Baraneedharan <anbazhagan@hp.com>
This commit updates the SecurityFixes.yaml file to include
information about the CVE-2024-38797 vulnerability.
Signed-off-by: Doug Flick <DougFlick@microsoft.com>
Namely:
(1) The TWO_BYTE_ENCODE check is independent of Index. If it evalutes
to TRUE for Index==0, then it will evaluate to TRUE for all other
Index values as well. As a result, the (Index == HASHALG_MAX)
condition will fire after the loop, and we'll return
EFI_UNSUPPORTED.
While this is correct, functionally speaking, it is wasteful to
keep re-checking TWO_BYTE_ENCODE in the loop body. The check
should be made at the top of the function, and EFI_UNSUPPORTED
should be returned at once, if appropriate.
(2) If the hash algorithm selected by Index has such a large OID that
the OID comparison cannot even be performed (because AuthDataSize
is not large enough for containing the OID in question, starting
at offset 32), then the function returns EFI_UNSUPPORTED at once.
This is bogus; this case should simply be treated as an OID
mismatch, and the loop should advance to the next Index value /
hash algorithm candidate. A remaining hash algo may have a shorter
OID and yield an OID match.
Signed-off-by: Doug Flick <DougFlick@microsoft.com>
Namely:
(1) The TWO_BYTE_ENCODE check is independent of Index. If it evalutes
to TRUE for Index==0, then it will evaluate to TRUE for all other
Index values as well. As a result, the (Index == HASHALG_MAX)
condition will fire after the loop, and we'll return
EFI_UNSUPPORTED.
While this is correct, functionally speaking, it is wasteful to
keep re-checking TWO_BYTE_ENCODE in the loop body. The check
should be made at the top of the function, and EFI_UNSUPPORTED
should be returned at once, if appropriate.
(2) If the hash algorithm selected by Index has such a large OID that
the OID comparison cannot even be performed (because AuthDataSize
is not large enough for containing the OID in question, starting
at offset 32), then the function returns EFI_UNSUPPORTED at once.
This is bogus; this case should simply be treated as an OID
mismatch, and the loop should advance to the next Index value /
hash algorithm candidate. A remaining hash algo may have a shorter
OID and yield an OID match.
Signed-off-by: Doug Flick <DougFlick@microsoft.com>
