31. TCG2 Protocol#

31.1. TCG2_PROTOCOL Test#

Reference Document:

EFI Protocol Specification, Level 00 Revision 00.13, March 30, 2016. EFI_TCG2_PROTOCOL Chapter 6. The implementation of the EFI_TCG2_BOOT_SERVICE_CAPABILITY struct is assumed to be version 1.1.

Tests in this chapter support TPMs based TCG PC Client Platform TPM Profile Specification for TPM 2.0.

31.1.1. GetCapability()#

Number

GUID

Assertion

Test Description

31.1.1.1

0xca93b02a, 0xe897, 0x4400, 0x81, 0x38, 0xc8, 0xa8, 0xcb, 0x2f, 0xc1, 0xed

EFI_TCG2_PROTOCOL.GetCapability() - GetCapabilty() returns EFI_INVALID_PARAMTERwith NULL pointer Capability Struct Passed in.

Call GetCapability()with NULL for capability struct pointer.

Verify Status returned == EFI_INVALID_PARAMETER.

31.1.1.2

0xfdee7001, 0x7e28, 0x4e35, 0x99, 0x66, 0x98, 0x0b, 0xeb, 0xba, 0xf1, 0x57

EFI_TCG2_PROTOCOL.GetCapability() - GetCapability() shall populate all structure elements and return with a Status of EFI_SUCCESS when the incoming Size field is greater than or equal to the size of EFI_TCG2_BOOT_SERVICE_CAPABILITY supported by the firmware.

Invoke GetCapabilty()with Protocol Capability. Size set to sizeof(EFI_TCG2_BOOT_SEVICE_CAPABILTY)

  1. Verify that StructureVersion->Major == 1
  2. Verify that StructureVersion->Minor == 1
  3. Verify that ProtocolVersion->Major == 1
  4. Verify that ProtocolVersion->Minor == 1
  5. Verify that HashAlgorithmBitmapincludes SHA256
  6. Verify that SupportedEventLogs is EFI_TCG2_EVENT_LOG_FORMAT_TCG_2
  7. Verify that ~ActivePcrBanks & HashAlgorithmBitMap == 0
  8. Verify that NumberofPcrBanks is at least 1
  9. Verify that ActivePcrBanks includes SHA256, SHA384, or SHA512

Verify returned Status == EFI_SUCCESS.

31.1.1.3

0xda8821d9, 0x3d2c, 0x4698, 0x8c, 0xd5, 0x0f, 0x0c, 0x82, 0x94, 0x1d, 0x0c

EFI_TCG2_PROTOCOL.GetCapability() – If the incoming Size parameter to GetCapability() is less than the size of EFI_TCG2_BOOT_SERVICE_CAPABILITY up to and including the ManufacturerID field then the output Size field is populated with the full size of the capability struct supported by the firmware and return code is BUFFER_TOO_SMALL. This allows a client to determine the size of EFI_TCG2_BOOT_SERVICE_CAPABILITY supported by the firmware.

Invoke GetCapability() with ProtocolCapability.Size set to a value less than the size of EFI_TCG2_BOOT_SERVICE_CAPABILITY up to and including the ManufacturerID field.

  1. Verify Status returned == EFI_BUFFER_TOO_SMALL.

Verify returned Size equal to sizeof(EFI_TCG2_BOOT_SERVICE_CAPABILITY).

31.1.1.4

0x8ddb031b, 0x7448, 0x40ee, 0xb1, 0xa2, 0xe6, 0xf8, 0xe8, 0xc4, 0xe5, 0x5f

EFI_TCG2_PROTOCOL.GetCapability() – If the incoming Size parameter to GetCapability() is greater than or equal to the size of EFI_TCG2_BOOT_SERVICE_CAPABILITY up to and including the ManufacturerID field and is less than sizeof(EFI_TCG2_BOOT_SEVICE_CAPABILTY) supported by the firmware, then the fields up to and including the ManufacturerID are populated. This is a case of client that supports version 1.0 of the EFI_TCG2_BOOT_SERVICE_CAPABILITY struct.

Invoke GetCapability() with ProtocolCapability.Size set to a value equal to the size of EFI_TCG2_BOOT_SERVICE_CAPABILITY up to and including the ManufacturerID field.

  1. Verify Status returned == EFI_SUCCESS.

Verify returned Size equals the size of EFI_TCG2_BOOT_SERVICE_CAPABILITY up to and including the ManufacturerID field.

31.1.2. GetActivePcrBanks()#

Number

GUID

Assertion

Test Description

31.1.2.1

0x7a1e79a3, 0x4064, 0x4372, 0xbb, 0x64,0x55, 0xb8, 0xf2, 0xa5, 0xa3, 0x26

EFI_TCG2_PROTOCOL. GetActivePcrBanks() - GetActivePcrBanks() returns EFI_INVALID_PARAMETERwith NULL pointer Passed in.

Invoke GetActivePcrBanks()with ActivePcrBanks=NULL.

Verify Status returned == EFI_INVALID_PARAMETER.

31.1.2.2

0xb0e717c4, 0xb1e2, 0x49f7, 0xb2, 0xd7,0x60, 0x58,0x97, 0x7d, 0x09, 0x2c

EFI_TCG2_PROTOCOL. GetActivePcrBanks() - GetActivePcrBanks()should return with EFI_SUCCESSand have SHA256/384/512 Algorithms in its Bitmap.

1. Invoke GetActivePcrBanks()with valid ActivePcrBanks buffer. Should return EFI_SUCCESS.

  1. Verify Status returned == EFI_SUCCESS

Verify that returned ActivePcrBanks bitmap includes SHA256, SHA384, or SHA512.c. Verify that returned ActivePcrBanks bitmap matches one returned by GetCapabilty().

31.1.3. HashLogExtendEvent()#

Number

GUID

Assertion

Test Description

31.1.3.1

0xa8e1b5e6, 0xfc09, 0x461c, 0xb0, 0xe9, 0x2a, 0x49, 0xcd, 0x25, 0xc1, 0x24

EFI_TCG2_PROTOCOL. HashLogExtendEvent() - HashLogExtendEvent()Test with NULL DataToHash Pointer should return EFI_INVALID_PARAMETER.

Invoke HashLogExtendEvent()with DataToHash=NULL.

Verify Status returned == EFI_INVALID_PARAMETER.

31.1.3.2

0x26f04a9b, 0x7b7a, 0x4f47, 0xbe, 0xa8, 0xb1, 0xa6, 0x02, 0x65, 0x19, 0x8a

EFI_TCG2_PROTOCOL. HashLogExtendEvent() - HashLogExtendEvent()Test with NULL EfiTcgEvent Pointer should return EFI_INVALID_PARAMETER.

Invoke HashLogExtendEvent() with EfiTcgEvent=NULL

Verify Status returned == EFI_INVALID_PARAMETER.

31.1.3.3

0x4d1d9985, 0x91e2, 0x4948, 0x89, 0x16, 0xbb, 0x98, 0x13, 0x62, 0x39, 0x1d

EFI_TCG2_PROTOCOL. HashLogExtendEvent() - HashLogExtendEvent()Test with Event.Size < Event.Header.HeaderSize + sizeof(UINT32) should return EFI_INVALID_PARAMETER.

Invoke HashLogExtendEvent() with EfiTcgEvent.Size is less than EfiTcgEvent.Header.HeaderSize + sizeof(UINT32).

Verify Status returned == EFI_INVALID_PARAMETER.

31.1.3.4

0xfb59cab7, 0x4f8c, 0x4ded, 0xa4, 0x1c, 0xc8, 0x41, 0x20, 0x1c, 0x37, 0x22

EFI_TCG2_PROTOCOL. HashLogExtendEvent() - HashLogExtendEvent()Test with PCRIndex > 23 should return EFI_INVALID_PARAMETER.

Invoke HashLogExtendEvent with EfiTcgEvent.Header.PCRIndex=24.

Verify Status returned == EFI_INVALID_PARAMETER.

31.1.3.5

0x0363d22f, 0xc66a, 0x4872, 0xa5, 0x46, 0x06, 0x7f, 0x6a, 0x0d, 0xdb, 0xcd

EFI_TCG2_PROTOCOL. HashLogExtendEvent() - HashLogExtendEvent() Test with valid parameters should return EFI_SUCCESS.

Invoke HashLogExtendEvent() with:

  • DataToHash = "The quick brown fox jumps over the lazy dog"
  • PCRIndex = 16
  • EventType = EV_POST_CODE
  • Event data = "TCG2 Protocol Test"

Verify Status returned == EFI_SUCCESS.

31.1.3.6

0x9cd6d636, 0x603a, 0x4b78, 0x80, 0xa3, 0xa3, 0xb9, 0xcc, 0x6a, 0x0b, 0x08

EFI_TCG2_PROTOCOL. HashLogExtendEvent() - HashLogExtendEvent()Test Handling of PE_COFF_IMAGE flag.

Invoke HashLogExtendEvent() with:

  • DataToHash = "The quick brown fox jumps over the lazy dog"
  • PCRIndex = 16
  • EventType = EV_POST_CODE
  • Event data = "TCG2 Protocol Test"
  • Flags = PE_COFF_IMAGE

Verify Status returned == EFI_UNSUPPORTED.

31.1.3.7

0xa8e1b5e6, 0xfc09, 0x461c, 0xb0, 0xe9, 0x2a, 0x49, 0xcd, 0x25, 0xc1, 0x24

EFI_TCG2_PROTOCOL. HashLogExtendEvent() - HashLogExtendEvent()Test with NULL DataToHash Pointer should return EFI_INVALID_PARAMETER.

Invoke HashLogExtendEvent()with DataToHash=NULL.

Verify Status returned == EFI_INVALID_PARAMETER.

31.1.4. GetEventLog()#

Number

GUID

Assertion

Test Description

31.1.4.1

0xfc80408e, 0x9a3c, 0x4054, 0x96, 0xf9, 0x31, 0x23, 0x35, 0xc2, 0x31, 0x35

EFI_TCG2_PROTOCOL. GetEventLog() - GetEventLog() should return EFI_INVALID_PARAMTER when passed in invalid EventLog Format.

Invoke GetEventLog() with invalid EventLogFormat.

Verify Status returned == EFI_SUCCESS.

31.1.4.2

0x45fa1a42, 0x912a, 0x5124, 0x84, 0xf4, 0x41, 0x67, 0xab, 0xb5, 0x89, 0x90

EFI_TCG2_PROTOCOL. GetEventLog() - GetEventLog() shall return EFI_SUCCESS when a valid EventLogFormat is passed in.

Invoke GetEventLog() with EventLogFormat=EFI_TCG2_EVENT_LOG_FORMAT_TCG_2. Should return EFI_SUCCESS.

Verify Status returned == EFI_SUCCESS.

31.1.4.3

0x1689bc3a, 0x2298, 0xa116, 0x28, 0x4c, 0xc1, 0xdd, 0xaa, 0xd8, 0xef, 0x51

EFI_TCG2_PROTOCOL. GetEventLog() - GetEventLog() should return correct EventLogHeader

Verify that the returned event log is present at EventLogLocation address by verifying event log header.

31.1.4.4

0x126a789a, 0x1932, 0x3234, 0x21, 0xab, 0x42, 0x64, 0x8a, 0x7b, 0x63, 0x76

EFI_TCG2_PROTOCOL. GetEventLog() - GetEventLog() should record Event from Test 0x0363d22f as last EventLogEntry.

Verify that an event log entry is present at EventLogLastEntry by verifying the last entry. The last entry should be the one added with the HashLogExtendEvent in test 0x0363d22f:

  1. Verify TCG_PCR_EVENT2.PCRIndex = 16
  2. Verify TCG_PCR_EVENT2.EventType = EV_POST_CODE

Verify TCG_PCR_EVENT2.Digests.Count = [must equal number of active PCR banks]

31.1.5. SubmitCommmand()#

Number

GUID

Assertion

Test Description

31.1.5.1

0x3aac8b9a, 0x312a, 0x4dcf, 0x12, 0x76, 0x54, 0x55, 0x32, 0xcd, 0x3a, 0xea

EFI_TCG2_PROTOCOL.SubmitComand() - SubmitCommand() shall populate the response buffer and return with a status of EFI_SUCCESS when valid command parameters are passed in.

Invoke SubmitCommand() with a command buffer containing Command TPM2_HASH Command, and Data to Hash is "The quick brown fox jumps over the lazy dog".

  1. Verify Status returned == EFI_SUCCESS.

Verify returned outHash matches expected result

31.1.6. SetActivePcrBanks()#

Number

GUID

Assertion

Test Description

31.1.6.1

0x48586d48, 0xa8a4, 0x4129, 0x99, 0x8e, 0x78, 0x62, 0x3a, 0xac, 0x43, 0x6a

EFI_TCG2_PROTOCOL.SetActivePcrBanks () - SetActivePcrBanks() should return EFI_INVALID_PARAMETER with bitmap value of zero.

Invoke SetActivePcrBanks() with ActivePcrBanks=0

Verify Status returned == EFI_INVALID_PARAMETER.

31.1.6.2

0x1ed1b506, 0xc3c9, 0x45ea, 0xbf, 0x1e, 0x9b, 0xf2, 0x87, 0x08, 0x4e, 0x17

EFI_TCG2_PROTOCOL.SetActivePcrBanks () - SetActivePcrBanks() should return EFI_INVALID_PARAMETER with an ActivePcrBanks value with a bit set but not defined in HashAlgorithmBitMap.

  1. Invoke GetCapabilty() to retrieve HashAlgorithmBitmap.
  2. Invoke SetActivePcrBanks() with a bit set that is not in HashAlgorithmBitMap
    1. Verify Status returned == EFI_INVALID_PARAMETER

31.1.6.3

0x2923c2b2, 0x5a83, 0x4977, 0xbd, 0xed, 0x78, 0xb0, 0xd8, 0xbb, 0xcc, 0x77

EFI_TCG2_PROTOCOL.SetActivePcrBanks () - SetActivePcrBanks() should return EFI_SUCESS for all bank permutations defined in HashAlgorithmmBitmap.

Using the HashAlgorithmBitMap from 30.1.6.2, invoke SetActivePcrBanks() with ActivePcrBanks from all permutations of banks reported in HashAlgorithmBitMap retrieved via GetCapabilities(). For each Permutation:

Verify Status returned == EFI_SUCCESS.

31.1.6.4

0x181bc213, 0x4512, 0x47ea, 0x8a, 0xb6, 0x44, 0x76, 0xbf, 0x9a, 0x44, 0x6d

EFI_TCG2_PROTOCOL.SetActivePcrBanks () - Verify that the ActivePcrBanks value set by SetActivePcrBanks() is active following a reboot.

  1. Identify the first algorithm in HashAlgorithmBitMap retrieved in test 30.1.6.3
  2. Invoke ActivePcrBanks() to set the ActivePcrBanks to the first algorithm.
  3. Reboot the system

Invoke GetActivePcrBanks(). Should return EFI_SUCCESS, and ActivePcrBanks should be equal to the value set in step #2