Fork: 0
ajax / AMI-Aptio-BIOS-Reversed
Transfer to URL with SHA Find file
Newer
Older
AMI-Aptio-BIOS-Reversed / AmiTpm20PlatformPei / AmiTpm20PlatformPei_report.md
@Ajax Dong Ajax Dong 2 days ago 8 KB Init
Raw Blame History

AmiTpm20PlatformPei - TPM 2.0 Platform PEIM

Binary Information

  • File: AmiTpm20PlatformPei.efi
  • MD5: 25c2ce5883bbe0ec3af8f070073ce99d
  • SHA256: 60bd49067898d0f6639b2b05218a81ff22c875670fc5bf5189d724fdbd1cf39b
  • Architecture: IA32 (32-bit)
  • Base Address: 0xffe21a14
  • Image Size: 0xafc0 (45,504 bytes)
  • Index: 0392

Source Files

  • AmiModulePkg/TCG2/Common/AmiTcgPlatformPei/AmiTpm20PlatformPei.c - Main platform PEIM
  • PurleyPlatPkg/BootGuard/BootGuardTCG2/BootGuardTCG2.c - Boot Guard TCG2 support

Module Statistics

  • Total Functions: 100
  • Total Strings: 197
  • Total Segments: 6 (.text, .rdata, .data, .reloc, HEADER, GAP)
  • Entry Point: _ModuleEntryPoint at 0xffe21e04
  • Main Entry: AmiTpm20PlatformPeiEntry at 0xffe2361b

All Functions (sorted by address)

Address Name Description
0xffe21c74 RdRand16 RDRAND instruction wrapper
0xffe21cc4 BaseCopyMem Overlap-safe memory copy
0xffe21d04 BaseSetMem8 Fill memory region with byte value
0xffe21d44 BaseDivU64x32Remainder 64/32-bit division with remainder
0xffe21d64 BaseSetMem32 Fill memory with 32-bit values
0xffe21e04 _ModuleEntryPoint PEI module entry point
0xffe21e34 AmiTpm20GetPpiPointer Get PPI pointer from PEI services
0xffe21efd AmiTpm20GetTrEEProtocol Obtain TrEE protocol instance
0xffe21f2d AmiTpm20SubmitCommand Submit raw TPM command via protocol/SubmitCommand
0xffe22064 AmiTpm20CreateTpmHob Create TCG/TPM GUID HOB
0xffe220ba MeasureLogDxeFwVol Measure and log DXE firmware volumes into TPM
0xffe2240f Tpm2GetCapability Send TPM2_GetCapability command
0xffe224e1 Tpm2GetFwVersion Read TPM firmware version info
0xffe22590 Tpm2SelfTest Send TPM2_SelfTest command
0xffe22726 Tpm2HierarchyChangeAuth TPM2_HierarchyChangeAuth command
0xffe22873 Tpm2GetRandom TPM2_GetRandom with error handling
0xffe229f5 Tpm2SetPhRandomization Set TPM physical randomization
0xffe22ac0 AmiTpm20PlatformPeiCheckError ASSERT_EFI_ERROR wrapper
0xffe22c52 AmiTpm20HandleTpmResume Handle TPM resume failure scenario
0xffe22d3f Tpm2Startup Send TPM2_Startup command, check response
0xffe230d5 AmiTpm20IsFirstBoot Check first-boot scenario via monotonic counter
0xffe23163 MeasureTcgPcClientSpecId Measure TCG_PCClientSpecID event
0xffe23392 AmiTpm20GetTpmFwVolHobFromGuid Get TPM FW Vol HOB matching GUID
0xffe233d0 AmiTpm20InstallTpmFwVolHobs Install TPM FW Vol HOBs from BootGuard/ROM areas
0xffe2361b AmiTpm20PlatformPeiEntry Main platform PEIM entry function
0xffe23796 AsciiStrnCpy_s Safe ASCII string copy
0xffe237f1 SwapBytes16 16-bit byte swap
0xffe2380a WriteUnaligned16 Unaligned 16-bit write
0xffe23839 ReadUnaligned32 Unaligned 32-bit read
0xffe23868 ReadUnaligned64 Unaligned 64-bit read
0xffe23894 WriteUnaligned32 Unaligned 32-bit write
0xffe238c8 CopyMem Copy memory with source/dest overlap assertions
0xffe23937 SetMem Set memory with assertion guards
0xffe23975 BaseIsEqualMemGuid Compare two GUIDs for equality
0xffe239a6 BaseIsZeroGuid Check if GUID is zero
0xffe23a05 InternalGetBestGuid Find best matching GUID
0xffe23a23 IoRead32 I/O port 32-bit read
0xffe23a4f IoWrite32 I/O port 32-bit write
0xffe23a81 BaseReadMsr64 RDMSR wrapper
0xffe23aa9 DebugPrint Debug output via PEI debug protocol
0xffe23ad3 AmiTpm20LocatePpi Locate PPI by GUID
0xffe23af1 GetGuidHobDataSize Get data size from GUID HOB
0xffe23b37 Tpm20MeasureDigest TPM 2.0 digest/hash computation core
0xffe24d71 InitHashContext Initialize hash context structure
0xffe24d9c HashUpdateSha256 SHA-256 hash update
0xffe24e32 HashUpdateSha1 SHA-1 hash update
0xffe24ef3 HashUpdateSha384 SHA-384 hash update
0xffe24f44 Tpm20HashAll Multi-algorithm hash all (SHA1/256/384/512)
0xffe27758 InitHashContextSm3 Initialize SM3 hash context
0xffe2779b HashUpdateSm3 SM3 (Chinese national crypto) hash update
0xffe2783b HashUpdateSha512 SHA-512 hash update
0xffe279ca Tpm12HashAll TPM 1.2 hash all
0xffe27a4d Tpm12HashExport TPM 1.2 hash export
0xffe27a88 Tpm20HashDigestExtend Hash digest extend across PCR banks
0xffe28807 Tpm20MettleHashAll Alternate hash-all for mettle/policy
0xffe2888a Tpm20MettleHashUpdate Alternate hash update
0xffe2892a Tpm20MettleHashComplete Alternate hash complete/finalize
0xffe28a34 BootGuardIsTpmPresent Check TPM presence at MMIO 0xFED40030
0xffe28a68 BootGuardGetTpmType Get TPM type from MMIO register
0xffe28abd BootGuardFindFitEntry Find FIT (Firmware Interface Table) entry pointer
0xffe28bb7 BootGuardIsAcmPostSuccess Check if ACM POST was successful
0xffe28bda BootGuardGetFitEntryCount Count FIT entries
0xffe28c1b BootGuardInitialize Initialize Boot Guard subsystem
0xffe28c36 BootGuardCheckCapability Check Boot Guard capability (MSR 0x13A)
0xffe28c88 BootGuardPrintHexBuffer Print hex dump for debug
0xffe28cd2 BootGuardPrintStructId Print structure identifier
0xffe28d17 BootGuardCheckMsrBootState Check NEM/MeasureBoot/TPM state in MSR 0x13A
0xffe28da0 BootGuardReadFitPointer Read FIT pointer register
0xffe28df9 BootGuardReadBpmMsr Read BPM MSR
0xffe28e44 BootGuardGetTcgHob Get TCG HOB for event logs
0xffe28eef CreateBootGuardTpm12Event Create TPM 1.2 Boot Guard event
0xffe28fa4 LogBootGuardTpm20Event Log TPM 2.0 Boot Guard event
0xffe2912c CreateBootGuardTpm20Event Create TPM 2.0 Boot Guard event
0xffe2927e BootGuardFindBpmStruct Locate BPM (Boot Policy Manifest) structure
0xffe29315 BootGuardCheckAmiTreePpi Check for AMI TrEE PPI presence
0xffe293e0 BootGuardDetectTpmDevice Detect TPM device type (1.2, 2.0, PTT)
0xffe2950d BootGuardFindFitEntryInTable Find specific entry in FIT table
0xffe2956f LogTpm20LocalityStartup Log TPM 2.0 locality startup event
0xffe295da BootGuardSkipLogAuthority Skip logging authority event
0xffe29650 LogAuthorityPcrEvent Log authority PCR event with BP data
0xffe29805 LogDetailPcrEvent Log detailed PCR event (MSRs, ACM_STATUS, KM/BPM structures)
0xffe29ade LogTxtTpm12CrtmEvent Log TXT TPM 1.2 CRTM event via FIT table
0xffe29d13 LogTxtTpm20CrtmEvent Log TXT TPM 2.0 CRTM event via FIT table
0xffe29fcd BootGuardTcg2MeasureCrtm Boot Guard CRTM measurement (main orchestrator)
0xffe2a1f0 BootGuardFitGetEntryType Get FIT entry type
0xffe2a23f PeiServicesGetPointer Get PEI Services pointer
0xffe2a271 BaseReadIdtr Read IDT register
0xffe2a2b1 InternalGetHobList Get HOB list pointer
0xffe2a31f GetFirstHob Get first HOB from list
0xffe2a364 GetNextHob Get next HOB from list
0xffe2a390 GetFirstGuidHob Get first GUID-type HOB
0xffe2a3a4 GetNextGuidHob Get next GUID-type HOB
0xffe2a3f4 BuildGuidHob Build GUID HOB
0xffe2a43a IoWrite8 I/O port 8-bit write
0xffe2a498 BootGuardGetPcdPttSkip Get PCD for PTT skip (returns 0)
0xffe2a49b BootGuardPcdGetFunc Boot Guard PCD get function
0xffe2a4df LibPcdGet32 PCD 32-bit value getter
0xffe2a4eb LibPcdSet32 PCD 32-bit value setter with bitwise OR
0xffe2a4fc LibPcdGetPtr PCD pointer getter
0xffe2a6b8 LShiftU64 64-bit left shift

Key Functions Details

AmiTpm20PlatformPeiEntry (0xffe2361b)

Main entry function of the PEIM. It performs:

  1. Locates TrEE protocols and PPIs
  2. Calls Tpm2Startup() to initialize the TPM
  3. On first boot, disables EH (Error Handling) and SH (Session Handling)
  4. If TPM 2.0 device found, calls MeasureTcgPcClientSpecId() to measure Spec ID Event
  5. Calls BootGuardTcg2MeasureCrtm() for Boot Guard CRTM measurement
  6. Calls AmiTpm20InstallTpmFwVolHobs() to install firmware volume HOBs

BootGuardTcg2MeasureCrtm (0xffe29fcd)

Main Boot Guard measurement function. It:

  1. Reads FIT pointer from MMIO 0xFED300A0
  2. Checks Boot Guard capability (MSR 0x13A)
  3. Iterates FIT entries to find Measured S-CRTM entries
  4. Logs detailed PCR events for each measured component
  5. Creates TXT TPM 1.2/2.0 CRTM events

Decompilation Output

  • AmiTpm20PlatformPei_decompiled.c - Full decompiled C source (100 functions, 5232 lines)
  • AmiTpm20PlatformPei.h - Function prototypes header
  • AmiTpm20PlatformPei_report.md - This report
  • IDB saved to: 0392_AmiTpm20PlatformPei.../AmiTpm20PlatformPei.efi.i64