Skip to content

Commit

Permalink
SecurityPkg: measure Dasharo variables before boot
Browse files Browse the repository at this point in the history
Signed-off-by: Sergii Dmytruk <[email protected]>
  • Loading branch information
SergiiDmytruk committed May 28, 2024
1 parent 8fb76d9 commit 46e98a1
Show file tree
Hide file tree
Showing 6 changed files with 20 additions and 0 deletions.
2 changes: 2 additions & 0 deletions OvmfPkg/OvmfPkgX64.dsc
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,8 @@
!endif
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf

DasharoVariablesLib|DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf


#
# Network libraries
Expand Down
6 changes: 6 additions & 0 deletions SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/PerformanceLib.h>
#include <Library/ReportStatusCodeLib.h>
#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Library/DasharoVariablesLib.h>

#define PERF_ID_TCG2_DXE 0x3120

Expand Down Expand Up @@ -2374,6 +2375,11 @@ OnReadyToBoot (
PERF_START_EX (mImageHandle, "EventRec", "Tcg2Dxe", 0, PERF_ID_TCG2_DXE);
if (mBootAttempts == 0) {

Status = DasharoMeasureVariables ();
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "Dasharo variables not Measured. Error: %r!\n", Status));
}

//
// Measure handoff tables.
//
Expand Down
2 changes: 2 additions & 0 deletions SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
MdeModulePkg/MdeModulePkg.dec
SecurityPkg/SecurityPkg.dec
CryptoPkg/CryptoPkg.dec
DasharoModulePkg/DasharoModulePkg.dec

[LibraryClasses]
MemoryAllocationLib
Expand All @@ -64,6 +65,7 @@
ReportStatusCodeLib
Tcg2PhysicalPresenceLib
PeCoffLib
DasharoVariablesLib

[Guids]
## SOMETIMES_CONSUMES ## Variable:L"SecureBoot"
Expand Down
6 changes: 6 additions & 0 deletions SecurityPkg/Tcg/TcgDxe/TcgDxe.c
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/ReportStatusCodeLib.h>
#include <Library/Tpm12CommandLib.h>
#include <Library/BaseCryptLib.h>
#include <Library/DasharoVariablesLib.h>

#define TCG_DXE_DATA_FROM_THIS(this) \
BASE_CR (this, TCG_DXE_DATA, TcgProtocol)
Expand Down Expand Up @@ -1122,6 +1123,11 @@ OnReadyToBoot (

if (mBootAttempts == 0) {

Status = DasharoMeasureVariables ();
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "Dasharo variables not Measured. Error: %r!\n", Status));
}

//
// Measure handoff tables.
//
Expand Down
2 changes: 2 additions & 0 deletions SecurityPkg/Tcg/TcgDxe/TcgDxe.inf
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
MdeModulePkg/MdeModulePkg.dec
CryptoPkg/CryptoPkg.dec
SecurityPkg/SecurityPkg.dec
DasharoModulePkg/DasharoModulePkg.dec

[LibraryClasses]
MemoryAllocationLib
Expand All @@ -47,6 +48,7 @@
PcdLib
ReportStatusCodeLib
Tpm12CommandLib
DasharoVariablesLib

[Guids]
gEfiGlobalVariableGuid ## SOMETIMES_CONSUMES ## Variable:L"BootXXXX"
Expand Down
2 changes: 2 additions & 0 deletions UefiPayloadPkg/UefiPayloadPkg.dsc
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,8 @@
TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurementLibNull.inf
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf

DasharoVariablesLib|DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.inf

SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
ShellCEntryLib|ShellPkg/Library/UefiShellCEntryLib/UefiShellCEntryLib.inf
Expand Down

0 comments on commit 46e98a1

Please sign in to comment.