From 6701b862aa96775609a7d42662ae4a98e43071bb Mon Sep 17 00:00:00 2001 From: kavsrf Date: Sun, 4 Dec 2016 13:46:48 +0300 Subject: TPM12 support --- DcsInt/DcsInt.c | 44 ++++++++++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 14 deletions(-) (limited to 'DcsInt') diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c index 6d008cc..af2391b 100644 --- a/DcsInt/DcsInt.c +++ b/DcsInt/DcsInt.c @@ -23,6 +23,7 @@ https://opensource.org/licenses/LGPL-3.0 #include #include #include +#include #include "common/Tcdefs.h" #include "common/Crypto.h" @@ -262,7 +263,7 @@ IntBlockIO_Write( writeCrypted = MEM_ALLOC(BufferSize); if (writeCrypted == NULL) { Status = EFI_BAD_BUFFER_SIZE; - return Status; + return Status; } CopyMem(writeCrypted, Buffer, BufferSize); // Print(L"*"); @@ -354,7 +355,7 @@ IntBlockIo_Hook( DcsIntBlockIo->Controller = DeviceHandle; DcsIntBlockIo->BlockIo = BlockIo; DcsIntBlockIo->IsReinstalled = 0; -// Block +// Block // Tpl = gBS->RaiseTPL(TPL_NOTIFY); // Install new routines DcsIntBlockIo->CryptInfo = SecRegionCryptInfo; @@ -570,28 +571,28 @@ SecRegionChangePwd() { if (vcres != 0) { ERR_PRINT(L"header create error(%x)\n", vcres); - Status = EFI_INVALID_PARAMETER; - goto ret; + Status = EFI_INVALID_PARAMETER; + goto ret; } // get BlockIo protocol bio = EfiGetBlockIO(SecRegionHandle); if (bio == NULL) { ERR_PRINT(L"Block io not supported\n,"); - Status = EFI_NOT_FOUND; - goto ret; + Status = EFI_NOT_FOUND; + goto ret; } Status = bio->WriteBlocks(bio, bio->Media->MediaId, SecRegionSector, 512, Header); if (EFI_ERROR(Status)) { ERR_PRINT(L"Write: %r\n", Status); - goto ret; + goto ret; } CopyMem(&gAuthPassword, &newPassword, sizeof(gAuthPassword)); CopyMem(SecRegionData + SecRegionOffset, Header, 512); ERR_PRINT(L"Update (%r)\n", Status); - -ret: + +ret: MEM_BURN(&newPassword, sizeof(newPassword)); MEM_BURN(&confirmPassword, sizeof(confirmPassword)); return Status; @@ -644,7 +645,7 @@ SecRegionTryDecrypt() } while (SecRegionOffset < SecRegionSize && vcres != 0); if (vcres == 0) { OUT_PRINT(L"Success\n"); - OUT_PRINT(L"start %lld len %lld\n", SecRegionCryptInfo->EncryptedAreaStart.Value, SecRegionCryptInfo->EncryptedAreaLength.Value); + OUT_PRINT(L"Start %d %lld len %lld\n", SecRegionOffset / (1024*128), SecRegionCryptInfo->EncryptedAreaStart.Value, SecRegionCryptInfo->EncryptedAreaLength.Value); break; } else { ERR_PRINT(L"Authorization failed. Wrong password, PIM or hash. Decrypt error(%x)\n\r", vcres); @@ -963,6 +964,7 @@ UefiMain( if (key.UnicodeChar != 0) { GetKey(); } + OUT_PRINT(L"\n"); } } else if (gRUD != 0) { // RUD defined @@ -1020,12 +1022,26 @@ UefiMain( return res; } + res = GetTpm(); // Try to get TPM + if (!EFI_ERROR(res)) { + if (gConfigBuffer != NULL) { + TpmMeasure(gConfigBuffer, gConfigBufferSize); // Measure configuration + } + RndInit(RndTypeTpm, NULL, 0, &gRnd); + if (gTpm->IsConfigured(gTpm) && !gTpm->IsOpen(gTpm)) { + ERR_PRINT(L"TPM is configured but locked. Probably boot chain is modified!\n"); + KeyWait(L"%1d\r", 9, 0, 0); + } + } + DetectX86Features(); res = SecRegionTryDecrypt(); - - // Reset Console buffer - gST->ConIn->Reset(gST->ConIn, FALSE); - + if (gTpm != NULL) { + gTpm->Lock(gTpm); + } + // Reset Console buffer + gST->ConIn->Reset(gST->ConIn, FALSE); + if (EFI_ERROR(res)) { return OnExit(gOnExitFailed, OnExitAuthFaild, res); } -- cgit v1.2.3