SecurityPkg: Fix TPM2 ACPI measurement.

We have discussed in this thread. https://edk2.groups.io/g/devel/topic/32205028 Before the change, TPM FW upgrade will impact TPM2 ACPI PCR value because TPM2 ACPI HID include FW version. This change make the measurement before TPM2 HID fixup. So, after TPM FW upgrade, the ACPI PCR record remains the same. Signed-off-by: Derek Lin <derek.lin2@hpe.com> Reviewed by: Jiewen Yao <Jiewen.yao@intel.com> Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
corthon · Nov 7, 2019 · 3a63c17 · 3a63c17
1 parent 1a04951
commit 3a63c17
Showing 1 changed file with 16 additions and 14 deletions.
diff --git a/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c b/SecurityPkg/Tcg/Tcg2Smm/Tcg2Smm.c
@@ -664,7 +664,22 @@ PublishAcpiTable (
     ));
 
   //
-  // Update TPM2 HID before measuring it to PCR
+  // Measure to PCR[0] with event EV_POST_CODE ACPI DATA.
+  // The measurement has to be done before UpdateHID since TPM2 ACPI HID
+  // imply TPM Firmware Version. Otherwise, the PCR record would be
+  // different after TPM FW update.
+  //
+  TpmMeasureAndLogData(
+    0,
+    EV_POST_CODE,
+    EV_POSTCODE_INFO_ACPI_DATA,
+    ACPI_DATA_LEN,
+    Table,
+    TableSize
+    );
+
+  //
+  // Update TPM2 HID after measuring it to PCR
   //
   Status = UpdateHID(Table);
   if (EFI_ERROR(Status)) {
@@ -694,19 +709,6 @@ PublishAcpiTable (
     }
   }
 
-  //
-  // Measure to PCR[0] with event EV_POST_CODE ACPI DATA
-  //
-  TpmMeasureAndLogData(
-    0,
-    EV_POST_CODE,
-    EV_POSTCODE_INFO_ACPI_DATA,
-    ACPI_DATA_LEN,
-    Table,
-    TableSize
-    );
-
-
   ASSERT (Table->OemTableId == SIGNATURE_64 ('T', 'p', 'm', '2', 'T', 'a', 'b', 'l'));
   CopyMem (Table->OemId, PcdGetPtr (PcdAcpiDefaultOemId), sizeof (Table->OemId) );
   mTcgNvs = AssignOpRegion (Table, SIGNATURE_32 ('T', 'N', 'V', 'S'), (UINT16) sizeof (TCG_NVS));