Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / TcgPlatformSetupPolicy / TcgPlatformSetupPolicy.md
@Ajax Dong Ajax Dong 2 days ago 9 KB Init
Raw Blame History

TcgPlatformSetupPolicy

Function Table

Address Name Description
ReportAssert
CompareGuid
ReadUnaligned64
TpmBootPathCmosCheck
TcgPlatformInitPolicyFromSetup
TcgPlatformSetPolicyData
TcgPlatformSetupPolicyNotify
TcgPlatformSetupPolicyDxeEntryPoint
GUID Definitions
TCG Platform Setup Policy Protocol GUID:
EFI_GUID gTcgPlatformSetupPolicyProtocolGuid = TCG_PLATFORM_SETUP_POLICY_PROTOCOL_GUID;
TCG Internal Sync Flag variable GUID:
EFI_GUID gTcgInternalSyncFlagGuid = TCG_INTERNAL_SYNC_FLAG_GUID;
Setup variable GUID:
EFI_GUID gSetupVariableGuid = SETUP_VARIABLE_GUID;
EFI_GUID gPcrBitmapVariableGuid = PCR_BITMAP_VARIABLE_GUID;
Global Variables .data section (0x1410..0x1467)
mTcgPolicyBuffer -- qword_1410
The allocated protocol interface buffer (40 bytes allocated, 32 used).
byte [0] = Revision (3)
bytes [1..27] = TCG_PLATFORM_SETUP_POLICY data
TCG_PLATFORM_SETUP_POLICY_PROTOCOL *mTcgPolicyProtocol = NULL;
mHobList -- qword_1440
Cached pointer to the HOB list, located from the system configuration table.
VOID *mHobList = NULL;
mDebugProtocol -- qword_1438
Cached pointer to the debug/assert protocol interface.
Located (under TPL protection) and cached on first use.
Protocol interface has a function pointer at offset +8 for assert.
VOID *mDebugProtocol = NULL;
mVariableAttributes -- n3 at 0x1448
Attributes used for GetVariable/SetVariable calls.
Set **to 3 (EFI_VARIABLE_NON_VOLATILE EFI_VARIABLE_BOOTSERVICE_ACCESS).**
UINT32 mVariableAttributes = 3;
Shadow copies of policy bytes byte_1450..byte_1466
These are populated by the entry point and can be read by external
debug tools or other firmware components via direct memory access.
UINT8 mTpm1Enable = 0; // byte_1450 Policy[0]: TPM 1.2 Enable
byte_1451 -- Policy[1]: TPM Operation
byte_1452 -- Policy[2]: TPM 2.0 Enable
byte_1453 -- Policy[3]: TPM Select
byte_1454 -- (not set by entry point)
byte_1455 -- Policy[5]: PCR Bank TPM2
byte_1456 -- Policy[6]: PCR Bank TPM1.2
byte_1458 -- Policy[8]: TPM 1.2 Support
byte_1459 -- Policy[9]: TPM 2.0 Support
byte_145A -- Policy[10]: TPM Existence
byte_145D -- Policy[13]: TPM Policy
byte_145E -- Policy[15]: TPM Physical Presence
byte_145F -- Policy[16]: (reserved / extra)
byte_1460 -- (not set)
byte_1463 (actually at 0x1462 in IDA, but Policy[19])
byte_1464 -- Policy[20]
byte_1465 -- Policy[21]
byte_1466 -- Policy[22]
dword_1467 -- Policy[23..26]
Library Helpers
Raise TPL to TPL_HIGH_LEVEL (31) to guard against re-entrancy.
OldTpl = gBS->RaiseTPL (TPL_HIGH_LEVEL);
Only proceed if the system was at TPL_NOTIFY or below.
if (OldTpl <= TPL_NOTIFY) {
Locate the debug protocol via its custom GUID.
The actual GUID is proprietary to Lenovo.
The function pointer is at offset +8 in the protocol interface.
AssertFunc = (VOID ()(CONST CHAR8 , UINTN, CONST CHAR8 *))
HOB list not found assert (this is a fatal firmware error).
ReportAssert (
Write CMOS address 0x4B to port 0x70 (preserving NMI disable bit 7).
IoWrite8 **(0x70, (IoRead8 (0x70) & 0x80) 0x4B);**
Read the TPM boot path value from CMOS port 0x71.
CmosValue = IoRead8 (0x71);
Read the platform type register at MMIO 0xFDAF0490.
CmosValue **= (IoRead8 (0xFDAF0490) & 2) 1;**
Translate CMOS value:
CmosValue == 1 -> TPM boot is disabled
CmosValue == 2 -> TPM1 boot path
CmosValue == 3 -> TPM2 boot path
if (CmosValue == 1) {
Feature 0x8000000C (debug print) is active.
ExecuteFunc = (UINT64 (*)(UINT32, UINT64, ...))
Features 0x80000004-0x8000000C may be active.
return (BOOLEAN)((FeatureMask & TCG_BOOT_PATH_ENABLE) != 0);
Core Driver Functions
Zero the entire 27-byte policy structure.
ZeroMem (Bytes, TCG_PLATFORM_SETUP_POLICY_DATA_SIZE);
Map each Setup field to the corresponding policy byte.
TPM1 Enable
TPM Operation
TPM Select
PCR Bank TPM2
PCR Bank TPM1.2
TPM1 Support
TPM Existence
TPM Policy
TPM Physical Presence
TPM Firmware Update
TPM Supplier Config
TPM Supplier
TPM Device
PCR Bitmap: DWORD at Setup offsets 38-41.
PcrBitmapValue = SetupBuffer[38];
Update shadow global variables from the policy data.
mTpm1Enable = Bytes[ 0];
Read the current Setup variable.
Attributes = mVariableAttributes;
Write back all policy fields at their respective Setup offsets.
PCR Bitmap DWORD at offsets 38-41.
PcrBitmapCopy = (UINT32 )(Bytes + 23);
Write the modified Setup variable.
Status = gRT->SetVariable (
Apply PCR variable flags (bits 0-4 -> SHA1/SHA256/SHA384/SHA512/SM3).
Read the PCRBitmap variable.
PcrBitmapSize = sizeof (PcrBitmapArray);
Apply PCR enable bits to policy.
Bit 0 -> Bytes[4] = 1 (SHA1 enable v12 in dec)
Bit 1 -> Bytes[5] = 1 (SHA256 enable v13 in dec)
Bit 2 -> Bytes[6] = 1 (SHA384 enable v14 in dec)
Bit 3 -> Bytes[7] = 1 (SHA512 enable v15 in dec)
Bit 4 -> Bytes[8] = 1 (SM3 enable v16 in dec)
if (PcrBitmapArray[0] & 1) Bytes[4] = 1;
Write TcgInternalSyncFlag to 1 to signal sync completion.
Set the sync flag in policy
Variable does not exist yet; create it.
Notification Callback
Locate our protocol interface.
Status = gBS->LocateProtocol (
Copy the 27-byte policy data from the protocol interface (offset 1).
Call the SetPolicy function (at offset 32 in the protocol interface).
Close the notification event.
Driver Entry Point
The UEFI core initializes gImageHandle, gST, gBS, gRT in the
library constructors. sub_DD8 (GetHobList) is called here in the
original decompilation.
GetHobList ();
Allocate runtime pool for the protocol interface (40 bytes).
Status = gBS->AllocatePool (
Read the TcgInternalSyncFlag to check for pending sync.
SyncFlagSize = 1;
Read the Setup variable.
Initialize policy from Setup.
Propagate TcgInternalSyncFlag.
if (SyncFlagSize == 1) {
Read PCRBitmap variable and apply PCR enable bits.
Apply PCR bits to the policy structure (v12..v16 fields).
UINT8 PolicyBytes = (UINT8 )&mTcgPolicyProtocol->PolicyData;
v12 if (PcrBitmapArray[0] & 1) PolicyBytes[ 4] = 1; // SHA1
SHA256 (actually
already set from
Setup variable not found; policy was zeroed by ZeroMem.
Cache all policy fields to shadow global variables.
byte_1450 mTpmOperation = Bytes[ 1]; // byte_1451
byte_1452 mTpmSelect = Bytes[ 3]; // byte_1453
byte_1454 -- NOT saved to global!
byte_1455 mPcrBankTpm12 = Bytes[ 6]; // byte_1456
byte_1458 mTpm2Support = Bytes[ 9]; // byte_1459
byte_145A // Bytes[11]; // byte_145B NOT saved to global!
byte_145D mTpmPhysicalPresence = Bytes[15]; // byte_145E
byte_145F // Bytes[17]; // byte_1460 NOT saved to global!
byte_1462 mTpmSupplierConfig = Bytes[20]; // byte_1463
byte_1464 mTpmDevice = Bytes[22]; // byte_1465
dword_1467 }
Install the protocol on ImageHandle.
Type = EVT_NOTIFY_SIGNAL (512), NotifyTpl = TPL_CALLBACK (8)
NotifyFunction = TcgPlatformSetupPolicyNotify
notification event fails.
Function Summary for Reference
Address Name Size Role
0x280 ZeroBuffer 17 memset(buf, val, size)
0x350 _ModuleEntryPoint 184 UEFI entry, calls sub_DD8 + sub_860
0x408 TcgPlatformSetPolicyData 1002 Read Setup, merge policy, write NV
0x7F4 TcgPlatformSetupPolicyNotify 107 Locate protocol, copy policy, call SetPolicy
0x860 TcgPlatformSetupPolicyDxe.. 990 Main entry: alloc, init, install protocol
0xC40 ZeroMem/SetMem 80 Wrapper for ZeroBuffer
0xC90 LocateDebugProtocol 127 RaiseTPL, LocateProtocol, cache result
0xD10 TpmBootPathCmosCheck 136 Read CMOS 0x4B for TPM boot path
0xD98 ReportAssert 62 Call assert via debug protocol offset+8
0xDD8 GetHobList 214 Search config table for gEfiHobListGuid
0xEB0 ReadUnaligned64 47 64-bit unaligned read with NULL check
0xEE0 CompareGuid 110 Compare two GUIDs via 64-bit halves

Generated by HR650X BIOS Decompilation Project