(WIP) SecurityPkg: Tcg2Pei: Add measurement if

DeviceState is not secure This will prevent the system from booting if the device is in an an insecure state, as determined by the FixedAtBuild PCD from MdeModulePkg. Signed-off-by: Vivian Nowka-Keane <[email protected]>
microsoft · Oct 12, 2024 · c1f3c50 · c1f3c50
1 parent 522d1ee
commit c1f3c50
Showing 1 changed file with 131 additions and 1 deletion.
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -50,6 +50,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // MU_CHANGE [BEGIN] - Move to 256-bit PCRs.
 #include <Library/Tcg2PreUefiEventLogLib.h>
 // MU_CHANGE [END]
+// MU_CHANGE [BEGIN] - Measure DebugEnabled and Insecure Device State into PCR7
+#include <Library/DeviceStateLib.h>
+#include <Library/PanicLib.h>
+// MU_CHANGE [END]
 #define PERF_ID_TCG2_PEI  0x3080
 
 typedef struct {
@@ -644,6 +648,97 @@ MeasureCRTMVersion (
            );
 }
 
+// MU_CHANGE [BEGIN] - Measure Insecure Device State
+
+/**
+  Measure FIRMWARE_DEBUGGER_EVENT_STRING into PCR 7.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_OUT_OF_RESOURCES  Not enough memory to log the new event.
+  @retval EFI_DEVICE_ERROR      The command was unsuccessful.
+**/
+EFI_STATUS
+MeasureDebugEnabled (
+  VOID
+  )
+{
+  TCG_PCR_EVENT_HDR  TcgEventHdr;
+  CHAR8              *String;
+  EFI_STATUS         Status;
+
+  TcgEventHdr.PCRIndex  = 7;
+  TcgEventHdr.EventType = EV_EFI_ACTION;
+  TcgEventHdr.EventSize = (UINT32)sizeof (FIRMWARE_DEBUGGER_EVENT_STRING);
+
+  DEBUG ((DEBUG_INFO, "Measuring Device State: Source Debug Enabled\n"));
+  String = FIRMWARE_DEBUGGER_EVENT_STRING;
+  Status = HashLogExtendEvent (
+             &mEdkiiTcgPpi,
+             0,
+             (UINT8 *)String,
+             TcgEventHdr.EventSize,
+             &TcgEventHdr,
+             (UINT8 *)String
+             );
+
+  return Status;
+}
+
+/**
+   Measure InsecureDeviceState into PCR 7.
+
+  @param[in] DeviceState                The current device state.
+  @param[in] InsecureDeviceStateSetting The insecure device state setting.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_OUT_OF_RESOURCES  Not enough memory to log the new event.
+  @retval EFI_DEVICE_ERROR      The command was unsuccessful.
+**/
+EFI_STATUS
+MeasureInsecureDeviceState (
+  IN DEVICE_STATE  DeviceState,
+  IN DEVICE_STATE  InsecureDeviceStateSetting
+  )
+
+{
+  TCG_PCR_EVENT_HDR  TcgEventHdr;
+  EFI_STATUS         Status;
+  UINTN              BitmaskIndex;
+  UINTN              StringSize;
+  CHAR8              *Buffer;
+  UINTN              *StringSizePtr = &StringSize;
+
+  Buffer = (CHAR8 *)AllocateZeroPool (MAX_INSECURE_DEVICE_STATE_STRING_SIZE);
+  if (Buffer == NULL) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  Status = GetInsecureDeviceStateString (Buffer, MAX_INSECURE_DEVICE_STATE_STRING_SIZE, StringSizePtr);
+  if (EFI_ERROR (Status)) {
+    FreePool (Buffer);
+    return Status;
+  }
+
+  TcgEventHdr.PCRIndex  = 7;
+  TcgEventHdr.EventType = EV_EFI_ACTION;
+  TcgEventHdr.EventSize = (UINT32)(*StringSizePtr);
+
+  DEBUG ((DEBUG_INFO, "Measuring insecure device state string\n"));
+  Status = HashLogExtendEvent (
+             &mEdkiiTcgPpi,
+             0,
+             (UINT8 *)Buffer,
+             TcgEventHdr.EventSize,
+             &TcgEventHdr,
+             (UINT8 *)Buffer
+             );
+
+  FreePool (Buffer);
+  return Status;
+}
+
+// MU_CHANGE [END]
+
 /**
   Get the FvName from the FV header.
 
@@ -1060,7 +1155,12 @@ PeimEntryMP (
   IN      EFI_PEI_SERVICES  **PeiServices
   )
 {
-  EFI_STATUS  Status;
+  // MU_CHANGE [BEGIN] - Measure DebugEnabled and Insecure Device State into PCR7
+  EFI_STATUS    Status;
+  DEVICE_STATE  CurrentDeviceState;
+  DEVICE_STATE  InsecureDeviceState;
+
+  // MU_CHANGE [END]
 
   //
   // install Tcg Services
@@ -1073,6 +1173,36 @@ PeimEntryMP (
   CreateTcg2PreUefiEventLogEntries ();
   // MU_CHANGE [END]
 
+  // MU_CHANGE [BEGIN] - Measure DebugEnabled and Insecure Device State into PCR7
+  CurrentDeviceState  = GetDeviceState ();
+  InsecureDeviceState = GetInsecureDeviceStateSetting ();
+
+  if (CurrentDeviceState & DEVICE_STATE_SOURCE_DEBUG_ENABLED != 0) {
+    Status = MeasureDebugEnabled ();
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Failed to measure Source Debug Enabled!\n"));
+      ASSERT_EFI_ERROR (Status);
+
+      PanicReport (__FILE__, __LINE__, "Failed to measure Source Debug Enabled!\n");
+      // TODO cap PCR?
+      return Status;
+    }
+  }
+
+  if (CurrentDeviceState & InsecureDeviceState != 0) {
+    Status = MeasureInsecureDeviceState (CurrentDeviceState, InsecureDeviceState);
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Failed to measure Insecure Device State!\n"));
+      ASSERT_EFI_ERROR (Status);
+
+      PanicReport (__FILE__, __LINE__, "Failed to measure Insecure Device State!\n");
+      // TODO cap PCR?
+      return Status;
+    }
+  }
+
+  // MU_CHANGE [END]
+
   if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {
     Status = MeasureCRTMVersion ();
   }