SecurityPkg: Add measurement of Firmware Debugger

Enabled based on DeviceState. Added both to Tcg2Pei and Tcg2Dxe. The measurement is redundant in Tcg2Dxe, but is added for consistency with Tcg2Pei. The plan is to remove the PcdFirmwareDebuggerInitialized PCD and replace its usage with the DeviceStateLib This will prevent the system from booting if the device is in an an insecure state, as determined by the DeviceStateLib from MdeModulePkg. Signed-off-by: Vivian Nowka-Keane <[email protected]>
microsoft · Oct 23, 2024 · bb9e989 · bb9e989
1 parent 522d1ee
commit bb9e989
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 0 deletions.
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
@@ -95,6 +95,11 @@
   MemLibWrapper|SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf
   NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support
 
+  ## MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  DeviceStateLib|MdeModulePkg/Library/DeviceStateLib/DeviceStateLib.inf 
+  PanicLib|MdePkg/Library/BasePanicLibNull/BasePanicLibNull.inf 
+  # MU_CHANGE [END]
+
 [LibraryClasses.X64, LibraryClasses.IA32]
   Tcg2PreUefiEventLogLib|SecurityPkg/Library/Tcg2PreUefiEventLogLibNull/Tcg2PreUefiEventLogLibNull.inf  ## MU_CHANGE
 

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -50,6 +50,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // MU_CHANGE [BEGIN] - Add the OemTpm2InitLib
 #include <Library/OemTpm2InitLib.h>
 // MU_CHANGE [END]
+// MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+#include <Library/DeviceStateLib.h>
+#include <Library/PanicLib.h>
+// MU_CHANGE [END]
 
 // #define PERF_ID_TCG2_DXE  0x3120 // MU_CHANGE
 
@@ -2500,11 +2504,27 @@ MeasureSecureBootPolicy (
   EFI_STATUS  Status;
   VOID        *Protocol;
 
+  DEVICE_STATE  CurrentDeviceState; // MU_CHANGE - Measure Firmware Debugger Enabled
+
   Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, (VOID **)&Protocol);
   if (EFI_ERROR (Status)) {
     return;
   }
 
+  // MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  CurrentDeviceState = GetDeviceState ();
+
+  if ((CurrentDeviceState & DEVICE_STATE_SOURCE_DEBUG_ENABLED) != 0) {
+    Status = MeasureLaunchOfFirmwareDebugger ();
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Failed to measure Firmware Debugger Enabled!\n"));
+      PanicReport (__FILE__, __LINE__, "Failed to measure Firmware Debugger Enabled!\n");
+      return;
+    }
+  }
+
+  // MU_CHANGE [END]
+
   if (PcdGetBool (PcdFirmwareDebuggerInitialized)) {
     Status = MeasureLaunchOfFirmwareDebugger ();
     DEBUG ((DEBUG_INFO, "MeasureLaunchOfFirmwareDebugger - %r\n", Status));

diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
@@ -71,6 +71,10 @@
   OemTpm2InitLib
 ## MU_CHANGE [END]
   PcdLib  # MU_CHANGE
+  ## MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  DeviceStateLib
+  PanicLib
+  ## MU_CHANGE [END]
 
 [Guids]
   ## SOMETIMES_CONSUMES     ## Variable:L"SecureBoot"

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -50,6 +50,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // MU_CHANGE [BEGIN] - Move to 256-bit PCRs.
 #include <Library/Tcg2PreUefiEventLogLib.h>
 // MU_CHANGE [END]
+// MU_CHANGE [BEGIN] - Measure DebugEnabled and Insecure Device State into PCR7
+#include <Library/DeviceStateLib.h>
+#include <Library/PanicLib.h>
+// MU_CHANGE [END]
 #define PERF_ID_TCG2_PEI  0x3080
 
 typedef struct {
@@ -644,6 +648,39 @@ MeasureCRTMVersion (
            );
 }
 
+// MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+
+/**
+  Measure and log firmware debugger enabled, and extend the measurement result into a specific PCR.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_OUT_OF_RESOURCES  Out of memory.
+  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
+**/
+EFI_STATUS
+MeasureFirmwareDebuggerEnabled (
+  VOID
+  )
+{
+  TCG_PCR_EVENT_HDR  TcgEventHdr;
+
+  TcgEventHdr.PCRIndex  = 7;
+  TcgEventHdr.EventType = EV_EFI_ACTION;
+  TcgEventHdr.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1;
+
+  DEBUG ((DEBUG_INFO, "Measuring Device State: Firmware Debugger Enabled\n"));
+  return HashLogExtendEvent (
+           &mEdkiiTcgPpi,
+           0,
+           (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING,
+           sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1,
+           &TcgEventHdr,
+           (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING
+           );
+}
+
+// MU_CHANGE [END]
+
 /**
   Get the FvName from the FV header.
 
@@ -1062,6 +1099,8 @@ PeimEntryMP (
 {
   EFI_STATUS  Status;
 
+  DEVICE_STATE  CurrentDeviceState; // MU_CHANGE - Measure Firmware Debugger Enabled
+
   //
   // install Tcg Services
   //
@@ -1073,6 +1112,20 @@ PeimEntryMP (
   CreateTcg2PreUefiEventLogEntries ();
   // MU_CHANGE [END]
 
+  // MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  CurrentDeviceState = GetDeviceState ();
+
+  if ((CurrentDeviceState & DEVICE_STATE_SOURCE_DEBUG_ENABLED) != 0) {
+    Status = MeasureFirmwareDebuggerEnabled ();
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Failed to measure Firmware Debugger Enabled!\n"));
+      PanicReport (__FILE__, __LINE__, "Failed to measure Firmware Debugger Enabled!\n");
+      return Status;
+    }
+  }
+
+  // MU_CHANGE [END]
+
   if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {
     Status = MeasureCRTMVersion ();
   }

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf
@@ -64,6 +64,10 @@
   Tcg2PreUefiEventLogLib
 ## MU_CHANGE [END]
 
+  ## MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  DeviceStateLib
+  PanicLib
+  ## MU_CHANGE [END]
 [Guids]
   gTcgEventEntryHobGuid                                                ## PRODUCES               ## HOB
   gTpmErrorHobGuid                                                     ## SOMETIMES_PRODUCES     ## HOB