SecurityPkg: Add measurement of Firmware Debugger

Enabled based on DeviceState. Added both to Tcg2Pei and Tcg2Dxe. The measurement is redundant in Tcg2Dxe, but is added for consistency with Tcg2Pei. The plan is to remove the PcdFirmwareDebuggerInitialized PCD and replace its usage with the DeviceStateLib This will prevent the system from booting if the device is in an an insecure state, as determined by the DeviceStateLib from MdeModulePkg. Signed-off-by: Vivian Nowka-Keane <[email protected]>
microsoft · Oct 14, 2024 · f864518 · f864518
1 parent 522d1ee
commit f864518
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 3 deletions.
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -50,6 +50,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // MU_CHANGE [BEGIN] - Add the OemTpm2InitLib
 #include <Library/OemTpm2InitLib.h>
 // MU_CHANGE [END]
+// MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+#include <Library/DeviceStateLib.h>
+#include <Library/PanicLib.h>
+// MU_CHANGE [END]
 
 // #define PERF_ID_TCG2_DXE  0x3120 // MU_CHANGE
 
@@ -2497,14 +2501,32 @@ MeasureSecureBootPolicy (
   IN VOID       *Context
   )
 {
-  EFI_STATUS  Status;
-  VOID        *Protocol;
+  EFI_STATUS    Status;
+  VOID          *Protocol;
+  DEVICE_STATE  CurrentDeviceState; // MU_CHANGE - Measure Firmware Debugger Enabled
 
   Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, (VOID **)&Protocol);
   if (EFI_ERROR (Status)) {
     return;
   }
 
+  // MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  CurrentDeviceState = GetDeviceState ();
+
+  if (CurrentDeviceState & DEVICE_STATE_SOURCE_DEBUG_ENABLED != 0) {
+    Status = MeasureLaunchOfFirmwareDebugger ();
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Failed to measure Firmware Debugger Enabled!\n"));
+      ASSERT_EFI_ERROR (Status);
+
+      PanicReport (__FILE__, __LINE__, "Failed to measure Firmware Debugger Enabled!\n");
+      // TODO cap PCR?
+      return Status;
+    }
+  }
+
+  // MU_CHANGE [END]
+
   if (PcdGetBool (PcdFirmwareDebuggerInitialized)) {
     Status = MeasureLaunchOfFirmwareDebugger ();
     DEBUG ((DEBUG_INFO, "MeasureLaunchOfFirmwareDebugger - %r\n", Status));

diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -50,6 +50,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 // MU_CHANGE [BEGIN] - Move to 256-bit PCRs.
 #include <Library/Tcg2PreUefiEventLogLib.h>
 // MU_CHANGE [END]
+// MU_CHANGE [BEGIN] - Measure DebugEnabled and Insecure Device State into PCR7
+#include <Library/DeviceStateLib.h>
+#include <Library/PanicLib.h>
+// MU_CHANGE [END]
 #define PERF_ID_TCG2_PEI  0x3080
 
 typedef struct {
@@ -644,6 +648,38 @@ MeasureCRTMVersion (
            );
 }
 
+// MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+
+/**
+  Measure and log firmware debugger enabled, and extend the measurement result into a specific PCR.
+
+  @retval EFI_SUCCESS           Operation completed successfully.
+  @retval EFI_OUT_OF_RESOURCES  Out of memory.
+  @retval EFI_DEVICE_ERROR      The operation was unsuccessful.
+**/
+EFI_STATUS
+MeasureFirmwareDebuggerEnabled (
+  VOID
+  )
+{
+  TCG_PCR_EVENT_HDR  TcgEvent;
+
+  TcgEvent.PCRIndex  = 7;
+  TcgEvent.EventType = EV_EFI_ACTION;
+  TcgEvent.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1;
+
+  DEBUG ((DEBUG_INFO, "Measuring Device State: Firmware Debugger Enabled\n"));
+  return HashLogExtendEvent (
+           0,
+           (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING,
+           sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1,
+           &TcgEvent,
+           (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING
+           );
+}
+
+// MU_CHANGE [END]
+
 /**
   Get the FvName from the FV header.
 
@@ -1060,7 +1096,11 @@ PeimEntryMP (
   IN      EFI_PEI_SERVICES  **PeiServices
   )
 {
-  EFI_STATUS  Status;
+  // MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  EFI_STATUS    Status;
+  DEVICE_STATE  CurrentDeviceState;
+
+  // MU_CHANGE [END]
 
   //
   // install Tcg Services
@@ -1073,6 +1113,23 @@ PeimEntryMP (
   CreateTcg2PreUefiEventLogEntries ();
   // MU_CHANGE [END]
 
+  // MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled
+  CurrentDeviceState = GetDeviceState ();
+
+  if (CurrentDeviceState & DEVICE_STATE_SOURCE_DEBUG_ENABLED != 0) {
+    Status = MeasureFirmwareDebuggerEnabled ();
+    if (EFI_ERROR (Status)) {
+      DEBUG ((DEBUG_ERROR, "Failed to measure Firmware Debugger Enabled!\n"));
+      ASSERT_EFI_ERROR (Status);
+
+      PanicReport (__FILE__, __LINE__, "Failed to measure Firmware Debugger Enabled!\n");
+      // TODO cap PCR?
+      return Status;
+    }
+  }
+
+  // MU_CHANGE [END]
+
   if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) {
     Status = MeasureCRTMVersion ();
   }