From bb9e98935bd46865bf3bcfaa55ec044cc1aea217 Mon Sep 17 00:00:00 2001 From: Vivian Nowka-Keane Date: Wed, 23 Oct 2024 13:56:18 -0700 Subject: [PATCH] SecurityPkg: Add measurement of Firmware Debugger Enabled based on DeviceState. Added both to Tcg2Pei and Tcg2Dxe. The measurement is redundant in Tcg2Dxe, but is added for consistency with Tcg2Pei. The plan is to remove the PcdFirmwareDebuggerInitialized PCD and replace its usage with the DeviceStateLib This will prevent the system from booting if the device is in an an insecure state, as determined by the DeviceStateLib from MdeModulePkg. Signed-off-by: Vivian Nowka-Keane --- SecurityPkg/SecurityPkg.dsc | 5 +++ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 20 +++++++++++ SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 4 +++ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 53 +++++++++++++++++++++++++++++ SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf | 4 +++ 5 files changed, 86 insertions(+) diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 5312de456b..553e9d22a9 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -95,6 +95,11 @@ MemLibWrapper|SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf # MU_CHANGE: /GS and -fstack-protector support + ## MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled + DeviceStateLib|MdeModulePkg/Library/DeviceStateLib/DeviceStateLib.inf + PanicLib|MdePkg/Library/BasePanicLibNull/BasePanicLibNull.inf + # MU_CHANGE [END] + [LibraryClasses.X64, LibraryClasses.IA32] Tcg2PreUefiEventLogLib|SecurityPkg/Library/Tcg2PreUefiEventLogLibNull/Tcg2PreUefiEventLogLibNull.inf ## MU_CHANGE diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c index 2b7181703f..968872063a 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c @@ -50,6 +50,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // MU_CHANGE [BEGIN] - Add the OemTpm2InitLib #include // MU_CHANGE [END] +// MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled +#include +#include +// MU_CHANGE [END] // #define PERF_ID_TCG2_DXE 0x3120 // MU_CHANGE @@ -2500,11 +2504,27 @@ MeasureSecureBootPolicy ( EFI_STATUS Status; VOID *Protocol; + DEVICE_STATE CurrentDeviceState; // MU_CHANGE - Measure Firmware Debugger Enabled + Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, (VOID **)&Protocol); if (EFI_ERROR (Status)) { return; } + // MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled + CurrentDeviceState = GetDeviceState (); + + if ((CurrentDeviceState & DEVICE_STATE_SOURCE_DEBUG_ENABLED) != 0) { + Status = MeasureLaunchOfFirmwareDebugger (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to measure Firmware Debugger Enabled!\n")); + PanicReport (__FILE__, __LINE__, "Failed to measure Firmware Debugger Enabled!\n"); + return; + } + } + + // MU_CHANGE [END] + if (PcdGetBool (PcdFirmwareDebuggerInitialized)) { Status = MeasureLaunchOfFirmwareDebugger (); DEBUG ((DEBUG_INFO, "MeasureLaunchOfFirmwareDebugger - %r\n", Status)); diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf index 06304be77e..c359ade3f8 100644 --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf @@ -71,6 +71,10 @@ OemTpm2InitLib ## MU_CHANGE [END] PcdLib # MU_CHANGE + ## MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled + DeviceStateLib + PanicLib + ## MU_CHANGE [END] [Guids] ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c index 771b7e604b..4029944262 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c @@ -50,6 +50,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // MU_CHANGE [BEGIN] - Move to 256-bit PCRs. #include // MU_CHANGE [END] +// MU_CHANGE [BEGIN] - Measure DebugEnabled and Insecure Device State into PCR7 +#include +#include +// MU_CHANGE [END] #define PERF_ID_TCG2_PEI 0x3080 typedef struct { @@ -644,6 +648,39 @@ MeasureCRTMVersion ( ); } +// MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled + +/** + Measure and log firmware debugger enabled, and extend the measurement result into a specific PCR. + + @retval EFI_SUCCESS Operation completed successfully. + @retval EFI_OUT_OF_RESOURCES Out of memory. + @retval EFI_DEVICE_ERROR The operation was unsuccessful. +**/ +EFI_STATUS +MeasureFirmwareDebuggerEnabled ( + VOID + ) +{ + TCG_PCR_EVENT_HDR TcgEventHdr; + + TcgEventHdr.PCRIndex = 7; + TcgEventHdr.EventType = EV_EFI_ACTION; + TcgEventHdr.EventSize = sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1; + + DEBUG ((DEBUG_INFO, "Measuring Device State: Firmware Debugger Enabled\n")); + return HashLogExtendEvent ( + &mEdkiiTcgPpi, + 0, + (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING, + sizeof (FIRMWARE_DEBUGGER_EVENT_STRING) - 1, + &TcgEventHdr, + (UINT8 *)FIRMWARE_DEBUGGER_EVENT_STRING + ); +} + +// MU_CHANGE [END] + /** Get the FvName from the FV header. @@ -1062,6 +1099,8 @@ PeimEntryMP ( { EFI_STATUS Status; + DEVICE_STATE CurrentDeviceState; // MU_CHANGE - Measure Firmware Debugger Enabled + // // install Tcg Services // @@ -1073,6 +1112,20 @@ PeimEntryMP ( CreateTcg2PreUefiEventLogEntries (); // MU_CHANGE [END] + // MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled + CurrentDeviceState = GetDeviceState (); + + if ((CurrentDeviceState & DEVICE_STATE_SOURCE_DEBUG_ENABLED) != 0) { + Status = MeasureFirmwareDebuggerEnabled (); + if (EFI_ERROR (Status)) { + DEBUG ((DEBUG_ERROR, "Failed to measure Firmware Debugger Enabled!\n")); + PanicReport (__FILE__, __LINE__, "Failed to measure Firmware Debugger Enabled!\n"); + return Status; + } + } + + // MU_CHANGE [END] + if (PcdGet8 (PcdTpm2ScrtmPolicy) == 1) { Status = MeasureCRTMVersion (); } diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf index 8bea3aaf39..b75d4f6eba 100644 --- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf @@ -64,6 +64,10 @@ Tcg2PreUefiEventLogLib ## MU_CHANGE [END] + ## MU_CHANGE [BEGIN] - Measure Firmware Debugger Enabled + DeviceStateLib + PanicLib + ## MU_CHANGE [END] [Guids] gTcgEventEntryHobGuid ## PRODUCES ## HOB gTpmErrorHobGuid ## SOMETIMES_PRODUCES ## HOB