From 345dd87f8a28b0086145e0d74d6eaaaa951b614a Mon Sep 17 00:00:00 2001 From: Michael Kubacki Date: Mon, 6 Nov 2023 12:10:21 -0800 Subject: [PATCH] TpmTestingPkg: Add InputChannelLib (#352) ## Description Adds a new library class (InputChannelLib) that allows the TPM replay event log to be passed through a platform-specific mechanism. - [x] Impacts functionality? - **Functionality** - Does the change ultimately impact how firmware functions? - Examples: Add a new library, publish a new PPI, update an algorithm, ... - [ ] Impacts security? - **Security** - Does the change have a direct security impact on an application, flow, or firmware? - Examples: Crypto algorithm change, buffer overflow fix, parameter validation improvement, ... - [ ] Breaking change? - **Breaking change** - Will anyone consuming this change experience a break in build or boot behavior? - Examples: Add a new library class, move a module to a different repo, call a function in a new library class in a pre-existing module, ... - [ ] Includes tests? - **Tests** - Does the change include any explicit test code? - Examples: Unit tests, integration tests, robot tests, ... - [ ] Includes documentation? - **Documentation** - Does the change contain explicit documentation additions outside direct code modifications (and comments)? - Examples: Update readme file, add feature readme file, link to documentation on an a separate Web page, ... ## How This Was Tested - Passed FW CFG TPM event log through QemuQ35Pkg - Verified library integrated without a custom log being passed uses lower priority input channels as expected - Verified BaseInputChannelLibNull is functionally usable for skipping custom log input. ## Integration Instructions Add `InputChannelLib|TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.inf` to a platform that uses the TPM Replay feature but does not provide a custom input channel instance. Signed-off-by: Michael Kubacki --- .../Guid}/TpmReplayEventLog.h | 0 .../Include/Library/InputChannelLib.h | 36 +++++++++++++++++++ .../BaseInputChannelLibNull.c | 33 +++++++++++++++++ .../BaseInputChannelLibNull.inf | 24 +++++++++++++ .../InputChannel/TpmReplayFfsFilePei.c | 2 +- .../InputChannel/TpmReplayInputChannel.c | 15 ++++++-- .../InputChannel/TpmReplayInputChannel.h | 2 +- .../TpmReplayInputChannelInternal.h | 2 +- .../InputChannel/TpmReplayUefiVariable.c | 2 +- .../TpmReplayPei/Pei/TpmReplayPei.inf | 2 +- .../Pei/TpmReplayPeiTpmInitialized.c | 2 +- TpmTestingPkg/TpmTestingPkg.dec | 1 + TpmTestingPkg/TpmTestingPkg.dsc | 2 ++ 13 files changed, 115 insertions(+), 8 deletions(-) rename TpmTestingPkg/{TpmReplayPei => Include/Guid}/TpmReplayEventLog.h (100%) create mode 100644 TpmTestingPkg/Include/Library/InputChannelLib.h create mode 100644 TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.c create mode 100644 TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.inf diff --git a/TpmTestingPkg/TpmReplayPei/TpmReplayEventLog.h b/TpmTestingPkg/Include/Guid/TpmReplayEventLog.h similarity index 100% rename from TpmTestingPkg/TpmReplayPei/TpmReplayEventLog.h rename to TpmTestingPkg/Include/Guid/TpmReplayEventLog.h diff --git a/TpmTestingPkg/Include/Library/InputChannelLib.h b/TpmTestingPkg/Include/Library/InputChannelLib.h new file mode 100644 index 0000000000..5bf96b1144 --- /dev/null +++ b/TpmTestingPkg/Include/Library/InputChannelLib.h @@ -0,0 +1,36 @@ +/** @file + TPM Event Log Input Channel Library + + Allows a TPM replay log to be passed through a custom interface. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#ifndef INPUT_CHANNEL_LIB_H +#define INPUT_CHANNEL_LIB_H + +#include + +/** + Retrieves a TPM Replay Event Log through a custom interface. + + @param[out] ReplayEventLog A pointer to a pointer to the buffer to hold the event log data. + @param[out] ReplayEventLogSize The size of the data placed in the buffer. + + @retval EFI_SUCCESS The TPM Replay event log was returned successfully. + @retval EFI_INVALID_PARAMETER A pointer argument given is NULL. + @retval EFI_UNSUPPORTED The function is not implemented yet. The arguments are not used. + @retval EFI_COMPROMISED_DATA The event log data found is not valid. + @retval EFI_NOT_FOUND The event log data was not found. The input channel is ignored in this case. + +**/ +EFI_STATUS +EFIAPI +GetReplayEventLogFromCustomInterface ( + OUT VOID **ReplayEventLog, + OUT UINTN *ReplayEventLogSize + ); + +#endif diff --git a/TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.c b/TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.c new file mode 100644 index 0000000000..c104d90efc --- /dev/null +++ b/TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.c @@ -0,0 +1,33 @@ +/** @file + A null instance of the Input Channel Library. + + Copyright (c) Microsoft Corporation. + SPDX-License-Identifier: BSD-2-Clause-Patent + +**/ + +#include +#include + +/** + Retrieves a TPM Replay Event Log through a custom interface. + + @param[out] ReplayEventLog A pointer to a pointer to the buffer to hold the event log data. + @param[out] ReplayEventLogSize The size of the data placed in the buffer. + + @retval EFI_SUCCESS The TPM Replay event log was returned successfully. + @retval EFI_INVALID_PARAMETER A pointer argument given is NULL. + @retval EFI_UNSUPPORTED The function is not implemented yet. The arguments are not used. + @retval EFI_COMPROMISED_DATA The event log data found is not valid. + @retval EFI_NOT_FOUND The event log data was not found. The input channel is ignored in this case. + +**/ +EFI_STATUS +EFIAPI +GetReplayEventLogFromCustomInterface ( + OUT VOID **ReplayEventLog, + OUT UINTN *ReplayEventLogSize + ) +{ + return EFI_UNSUPPORTED; +} diff --git a/TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.inf b/TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.inf new file mode 100644 index 0000000000..4d4036e419 --- /dev/null +++ b/TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.inf @@ -0,0 +1,24 @@ +## @file +# A null instance of the Input Channel Library. +# +# Copyright (c) Microsoft Corporation. +# +# SPDX-License-Identifier: BSD-2-Clause-Patent +# +## + +[Defines] + INF_VERSION = 0x00010005 + BASE_NAME = BaseInputChannelLibNull + FILE_GUID = F35B1671-08BC-4231-9CEB-A08E809E32FF + MODULE_TYPE = BASE + VERSION_STRING = 1.0 + LIBRARY_CLASS = InputChannelLib + +[Packages] + MdePkg/MdePkg.dec + SecurityPkg/SecurityPkg.dec + TpmTestingPkg/TpmTestingPkg.dec + +[Sources] + BaseInputChannelLibNull.c diff --git a/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayFfsFilePei.c b/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayFfsFilePei.c index 92a86d0d58..e452f98344 100644 --- a/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayFfsFilePei.c +++ b/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayFfsFilePei.c @@ -8,10 +8,10 @@ **/ #include +#include #include #include -#include "../TpmReplayEventLog.h" #include "TpmReplayInputChannelInternal.h" /** diff --git a/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannel.c b/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannel.c index 71e0ea6e6e..b04daceff7 100644 --- a/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannel.c +++ b/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannel.c @@ -8,9 +8,10 @@ **/ #include +#include #include +#include -#include "../TpmReplayEventLog.h" #include "TpmReplayInputChannel.h" #include "TpmReplayInputChannelInternal.h" @@ -48,10 +49,20 @@ GetReplayEventLog ( goto Done; } - // Second priority: FFS in the FW image + // Second priority: Custom interface + Status = GetReplayEventLogFromCustomInterface (&ReplayEventLogData, &ReplayEventLogDataSize); + if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "[%a] - Using TPM replay event log from a custom interface.\n", __func__)); + goto Done; + } else if (EFI_ERROR (Status) && ((Status != EFI_UNSUPPORTED) && (Status != EFI_NOT_FOUND))) { + DEBUG ((DEBUG_ERROR, "[%a] - TPM replay event log from custom interface failed - %r.\n", __func__, Status)); + } + + // Third priority: FFS in the FW image Status = GetTpmReplayEventLogFfsFile (&ReplayEventLogData, &ReplayEventLogDataSize); ASSERT (Status == EFI_SUCCESS || Status == EFI_NOT_FOUND); if (!EFI_ERROR (Status)) { + DEBUG ((DEBUG_INFO, "[%a] - Using TPM replay event log from the firmware flash image.\n", __func__)); goto Done; } diff --git a/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannel.h b/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannel.h index da0ecea30e..74d480840a 100644 --- a/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannel.h +++ b/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannel.h @@ -10,7 +10,7 @@ #ifndef TPM_REPLAY_INPUT_CHANNEL_H_ #define TPM_REPLAY_INPUT_CHANNEL_H_ -#include "../TpmReplayEventLog.h" +#include /** Retrieves a TPM Replay Event Log from the highest priority input channel. diff --git a/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannelInternal.h b/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannelInternal.h index 262ea7d099..6ef6c2c9b3 100644 --- a/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannelInternal.h +++ b/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayInputChannelInternal.h @@ -10,7 +10,7 @@ #ifndef TPM_REPLAY_INPUT_CHANNEL_INTERNAL_H_ #define TPM_REPLAY_INPUT_CHANNEL_INTERNAL_H_ -#include "../TpmReplayEventLog.h" +#include /** Retrieves a TPM Replay Event Log from a FFS file. diff --git a/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayUefiVariable.c b/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayUefiVariable.c index 51e08b3016..d68dc44c14 100644 --- a/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayUefiVariable.c +++ b/TpmTestingPkg/TpmReplayPei/InputChannel/TpmReplayUefiVariable.c @@ -8,12 +8,12 @@ **/ #include +#include #include #include #include #include -#include "../TpmReplayEventLog.h" #include "TpmReplayInputChannelInternal.h" /** diff --git a/TpmTestingPkg/TpmReplayPei/Pei/TpmReplayPei.inf b/TpmTestingPkg/TpmReplayPei/Pei/TpmReplayPei.inf index 1f492991e3..9cebc86dfc 100644 --- a/TpmTestingPkg/TpmReplayPei/Pei/TpmReplayPei.inf +++ b/TpmTestingPkg/TpmReplayPei/Pei/TpmReplayPei.inf @@ -20,7 +20,6 @@ ENTRY_POINT = TpmReplayPeiEntryPoint [Sources] - ../TpmReplayEventLog.h ../TpmReplayReportingManager.c ../TpmReplayReportingManager.h ../TpmReplayTcg.c @@ -51,6 +50,7 @@ DebugLib FvMeasurementExclusionLib HobLib + InputChannelLib IoLib MemoryAllocationLib PcdLib diff --git a/TpmTestingPkg/TpmReplayPei/Pei/TpmReplayPeiTpmInitialized.c b/TpmTestingPkg/TpmReplayPei/Pei/TpmReplayPeiTpmInitialized.c index 3dff6e5d8e..4db96d4dd3 100644 --- a/TpmTestingPkg/TpmReplayPei/Pei/TpmReplayPeiTpmInitialized.c +++ b/TpmTestingPkg/TpmReplayPei/Pei/TpmReplayPeiTpmInitialized.c @@ -15,6 +15,7 @@ #include #include +#include #include // For locality code #include // For locality code #include @@ -32,7 +33,6 @@ #include #include "../InputChannel/TpmReplayInputChannel.h" -#include "../TpmReplayEventLog.h" #include "../TpmReplayReportingManager.h" #include "../TpmReplayTcg.h" #include "../TpmReplayTcgRegs.h" diff --git a/TpmTestingPkg/TpmTestingPkg.dec b/TpmTestingPkg/TpmTestingPkg.dec index 46f1fb0e7d..492b0ed2d8 100644 --- a/TpmTestingPkg/TpmTestingPkg.dec +++ b/TpmTestingPkg/TpmTestingPkg.dec @@ -20,6 +20,7 @@ [LibraryClasses] FvMeasurementExclusionLib|Include/Library/FvMeasurementExclusionLib.h + InputChannelLib|Include/Library/InputChannelLib.h [Guids] ## Tokenspace GUID for TPM Testing Package PCDs diff --git a/TpmTestingPkg/TpmTestingPkg.dsc b/TpmTestingPkg/TpmTestingPkg.dsc index 155f9da486..93665553e1 100644 --- a/TpmTestingPkg/TpmTestingPkg.dsc +++ b/TpmTestingPkg/TpmTestingPkg.dsc @@ -23,6 +23,7 @@ CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf FvMeasurementExclusionLib|TpmTestingPkg/Library/BaseFvMeasurementExclusionLibNull/BaseFvMeasurementExclusionLibNull.inf + InputChannelLib|TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.inf IoLib|MdePkg/Library/BaseIoLibIntrinsic/BaseIoLibIntrinsic.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf @@ -85,6 +86,7 @@ [Components] TpmTestingPkg/Library/BaseFvMeasurementExclusionLibNull/BaseFvMeasurementExclusionLibNull.inf + TpmTestingPkg/Library/BaseInputChannelLibNull/BaseInputChannelLibNull.inf TpmTestingPkg/TpmReplayPei/Pei/TpmReplayPei.inf #