SecurityPkg: Add measurement of Firmware Debugger

Enabled based on DeviceState. Added both to Tcg2Pei and Tcg2Dxe. The measurement is redundant in Tcg2Dxe, but is added for consistency with Tcg2Pei. The plan is to remove the PcdFirmwareDebuggerInitialized PCD and replace its usage with the DeviceStateLib This will prevent the system from booting if the device is in an an insecure state, as determined by the DeviceStateLib from MdeModulePkg. Signed-off-by: Vivian Nowka-Keane <[email protected]>
microsoft · Oct 21, 2024 · b461728 · b461728
1 parent 522d1ee
commit b461728
Show file tree

Hide file tree

Showing 5 changed files with 97 additions and 6 deletions.
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
@@ -95,6 +95,11 @@
   MemLibWrapper|SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
   NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support
 
+  ## MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  DeviceStateLib|MdeModulePkg/Library/DeviceStateLib/DeviceStateLib.inf 
+  PanicLib|MdePkg/Library/BasePanicLibNull/BasePanicLibNull.inf 
+  # MU_CHANGE [END]
+
 [LibraryClasses.X64, LibraryClasses.IA32]
   Tcg2PreUefiEventLogLib|SecurityPkg/Library/Tcg2PreUefiEventLogLibNull/Tcg2PreUefiEventLogLibNull.inf  ## MU_CHANGE
 

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -50,6 +50,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // MU_CHANGE [BEGIN] - Add the OemTpm2InitLib
 #include <Library/OemTpm2InitLib.h>
 // MU_CHANGE [END]
+// MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+#include <Library/DeviceStateLib.h>
+#include <Library/PanicLib.h>
+// MU_CHANGE [END]
 
 // #define PERF_ID_TCG2_DXE  0x3120 // MU_CHANGE
 
@@ -2497,14 +2501,32 @@ MeasureSecureBootPolicy (
   IN VOID       *Context
   )
 {
-  EFI_STATUS  Status;
-  VOID        *Protocol;
+  EFI_STATUS    Status;
+  VOID          *Protocol;
+  DEVICE_STATE  CurrentDeviceState; // MU_CHANGE - Measure Firmware Debugger Enabled
 
   Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, (VOID **)&Protocol);
   if (EFI_ERROR (Status)) {
     return;
   }
 
+  // MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  CurrentDeviceState = GetDeviceState ();
+
+  if ((CurrentDeviceState & DEVICE_STATE_SOURCE_DEBUG_ENABLED) != 0) {
+    Status = MeasureLaunchOfFirmwareDebugger ();
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Failed to measure Firmware Debugger Enabled!\n"));
+      ASSERT_EFI_ERROR (Status);
+
+      PanicReport (__FILE__, __LINE__, "Failed to measure Firmware Debugger Enabled!\n");
+      // TODO cap PCR?
+      return;
+    }
+  }
+
+  // MU_CHANGE [END]
+
   if (PcdGetBool (PcdFirmwareDebuggerInitialized)) {
     Status = MeasureLaunchOfFirmwareDebugger ();
     DEBUG ((DEBUG_INFO, "MeasureLaunchOfFirmwareDebugger - %r\n", Status));

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -71,6 +71,10 @@
   OemTpm2InitLib
 ## MU_CHANGE [END]
   PcdLib  # MU_CHANGE
+  ## MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  DeviceStateLib
+  PanicLib
+  ## MU_CHANGE [END]
 
 [Guids]
   ## SOMETIMES_CONSUMES     ## Variable:L"SecureBoot"
@@ -97,7 +101,7 @@
 
 [Protocols]
   gEfiTcg2ProtocolGuid                               ## PRODUCES
-  gMuTcg2ProtocolExGuid                              ## PRODUCES # MU_CHANGE - Add a new protocol to support Log-only events.
+  gMuTcg2ProtocolExGuid                              ## PRODUCES # MU_CHANGE - Add a new protocol to support Log-only events.
   gEfiTcg2FinalEventsTableGuid                       ## PRODUCES
   gEfiMpServiceProtocolGuid                          ## SOMETIMES_CONSUMES
   gEfiVariableWriteArchProtocolGuid                  ## NOTIFY

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -50,6 +50,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // MU_CHANGE [BEGIN] - Move to 256-bit PCRs.
 #include <Library/Tcg2PreUefiEventLogLib.h>
 // MU_CHANGE [END]
+// MU_CHANGE [BEGIN] - Measure DebugEnabled and Insecure Device State into PCR7
+#include <Library/DeviceStateLib.h>
+#include <Library/PanicLib.h>
+// MU_CHANGE [END]
 #define PERF_ID_TCG2_PEI  0x3080
 
 typedef struct {
@@ -644,6 +648,39 @@ MeasureCRTMVersion (
            );
 }
 
+// MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+
+/**
+  Measure and log firmware debugger enabled, and extend the measurement result into a specific PCR.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_OUT_OF_RESOURCES  Out of memory.
+  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
+**/
+EFI_STATUS
+MeasureFirmwareDebuggerEnabled (
+  VOID
+  )
+{
+  TCG_PCR_EVENT_HDR  TcgEventHdr;
+
+  TcgEventHdr.PCRIndex  = 7;
+  TcgEventHdr.EventType = EV_EFI_ACTION;
+  TcgEventHdr.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1;
+
+  DEBUG ((DEBUG_INFO, "Measuring Device State: Firmware Debugger Enabled\n"));
+  return HashLogExtendEvent (
+           &mEdkiiTcgPpi,
+           0,
+           (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING,
+           sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1,
+           &TcgEventHdr,
+           (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING
+           );
+}
+
+// MU_CHANGE [END]
+
 /**
   Get the FvName from the FV header.
 
@@ -1060,7 +1097,11 @@ PeimEntryMP (
   IN      EFI_PEI_SERVICES  **PeiServices
   )
 {
-  EFI_STATUS  Status;
+  // MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  EFI_STATUS    Status;
+  DEVICE_STATE  CurrentDeviceState;
+
+  // MU_CHANGE [END]
 
   //
   // install Tcg Services
@@ -1073,6 +1114,23 @@ PeimEntryMP (
   CreateTcg2PreUefiEventLogEntries ();
   // MU_CHANGE [END]
 
+  // MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  CurrentDeviceState = GetDeviceState ();
+
+  if ((CurrentDeviceState & DEVICE_STATE_SOURCE_DEBUG_ENABLED) != 0) {
+    Status = MeasureFirmwareDebuggerEnabled ();
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Failed to measure Firmware Debugger Enabled!\n"));
+      ASSERT_EFI_ERROR (Status);
+
+      PanicReport (__FILE__, __LINE__, "Failed to measure Firmware Debugger Enabled!\n");
+      // TODO cap PCR?
+      return Status;
+    }
+  }
+
+  // MU_CHANGE [END]
+
   if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {
     Status = MeasureCRTMVersion ();
   }

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -62,8 +62,10 @@
 ## MU_CHANGE_103691
 ## MU_CHANGE [BEGIN] - Add the Tcg2PreUefiEventLogLib
   Tcg2PreUefiEventLogLib
-## MU_CHANGE [END]
-
+  ## MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  DeviceStateLib
+  PanicLib
+  ## MU_CHANGE [END]
 [Guids]
   gTcgEventEntryHobGuid                                                ## PRODUCES               ## HOB
   gTpmErrorHobGuid                                                     ## SOMETIMES_PRODUCES     ## HOB