[v4,3/5] efi_loader: add ExitBootServices() measurement

Message ID 20210813071243.18885-4-masahisa.kojima@linaro.org
State New
Headers show
Series
  • add measurement support
Related show

Commit Message

Masahisa Kojima Aug. 13, 2021, 7:12 a.m.
TCG PC Client PFP spec requires to measure
"Exit Boot Services Invocation" if ExitBootServices() is invoked.
Depending upon the return code from the ExitBootServices() call,
"Exit Boot Services Returned with Success" or "Exit Boot Services
Returned with Failure" is also measured.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

---
Changes in v4:
- remove unnecessary EFIAPI specifier

Changes in v2:
- use strlen instead of sizeof, event log for EV_EFI_ACTION string

  shall not include NUL terminator
 include/efi_loader.h          |  1 +
 lib/efi_loader/efi_boottime.c |  5 +++
 lib/efi_loader/efi_tcg2.c     | 70 +++++++++++++++++++++++++++++++++++
 3 files changed, 76 insertions(+)

-- 
2.17.1

Comments

Heinrich Schuchardt Aug. 14, 2021, 8:28 a.m. | #1
On 8/13/21 9:12 AM, Masahisa Kojima wrote:
> TCG PC Client PFP spec requires to measure

> "Exit Boot Services Invocation" if ExitBootServices() is invoked.

> Depending upon the return code from the ExitBootServices() call,

> "Exit Boot Services Returned with Success" or "Exit Boot Services

> Returned with Failure" is also measured.

>

> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

> ---

> Changes in v4:

> - remove unnecessary EFIAPI specifier

>

> Changes in v2:

> - use strlen instead of sizeof, event log for EV_EFI_ACTION string

>

>    shall not include NUL terminator

>   include/efi_loader.h          |  1 +

>   lib/efi_loader/efi_boottime.c |  5 +++

>   lib/efi_loader/efi_tcg2.c     | 70 +++++++++++++++++++++++++++++++++++

>   3 files changed, 76 insertions(+)

>

> diff --git a/include/efi_loader.h b/include/efi_loader.h

> index 6f61e9faac..32cb8d0f1e 100644

> --- a/include/efi_loader.h

> +++ b/include/efi_loader.h

> @@ -499,6 +499,7 @@ efi_status_t efi_run_image(void *source_buffer, efi_uintn_t source_size);

>   efi_status_t efi_init_variables(void);

>   /* Notify ExitBootServices() is called */

>   void efi_variables_boot_exit_notify(void);

> +efi_status_t efi_tcg2_notify_exit_boot_services_failed(void);

>   /* Measure efi application invocation */

>   efi_status_t efi_tcg2_measure_efi_app_invocation(void);

>   /* Measure efi application exit */

> diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c

> index 13ab139222..b818cbb540 100644

> --- a/lib/efi_loader/efi_boottime.c

> +++ b/lib/efi_loader/efi_boottime.c

> @@ -2182,6 +2182,11 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,

>   	efi_set_watchdog(0);

>   	WATCHDOG_RESET();

>   out:

> +	if (ret != EFI_SUCCESS) {

> +		if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL))


There is not need to check ret if the configuration is not enabled.

I make 'if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL))' the first check when
merging.

Best regards

Heinrich

> +			efi_tcg2_notify_exit_boot_services_failed();

> +	}

> +

>   	return EFI_EXIT(ret);

>   }

>

> diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c

> index ed71337780..8557fce1da 100644

> --- a/lib/efi_loader/efi_tcg2.c

> +++ b/lib/efi_loader/efi_tcg2.c

> @@ -1506,6 +1506,67 @@ efi_status_t efi_tcg2_measure_efi_app_exit(void)

>   	return ret;

>   }

>

> +/**

> + * efi_tcg2_notify_exit_boot_services() - ExitBootService callback

> + *

> + * @event:	callback event

> + * @context:	callback context

> + */

> +static void

> +efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)

> +{

> +	efi_status_t ret;

> +	struct udevice *dev;

> +

> +	EFI_ENTRY("%p, %p", event, context);

> +

> +	ret = platform_get_tpm2_device(&dev);

> +	if (ret != EFI_SUCCESS)

> +		goto out;

> +

> +	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> +				 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),

> +				 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);

> +	if (ret != EFI_SUCCESS)

> +		goto out;

> +

> +	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> +				 strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED),

> +				 (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED);

> +

> +out:

> +	EFI_EXIT(ret);

> +}

> +

> +/**

> + * efi_tcg2_notify_exit_boot_services_failed()

> + *  - notify ExitBootServices() is failed

> + *

> + * Return:	status code

> + */

> +efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)

> +{

> +	struct udevice *dev;

> +	efi_status_t ret;

> +

> +	ret = platform_get_tpm2_device(&dev);

> +	if (ret != EFI_SUCCESS)

> +		goto out;

> +

> +	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> +				 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),

> +				 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);

> +	if (ret != EFI_SUCCESS)

> +		goto out;

> +

> +	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> +				 strlen(EFI_EXIT_BOOT_SERVICES_FAILED),

> +				 (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED);

> +

> +out:

> +	return ret;

> +}

> +

>   /**

>    * tcg2_measure_secure_boot_variable() - measure secure boot variables

>    *

> @@ -1584,6 +1645,7 @@ efi_status_t efi_tcg2_register(void)

>   {

>   	efi_status_t ret = EFI_SUCCESS;

>   	struct udevice *dev;

> +	struct efi_event *event;

>

>   	ret = platform_get_tpm2_device(&dev);

>   	if (ret != EFI_SUCCESS) {

> @@ -1608,6 +1670,14 @@ efi_status_t efi_tcg2_register(void)

>   		goto fail;

>   	}

>

> +	ret = efi_create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK,

> +			       efi_tcg2_notify_exit_boot_services, NULL,

> +			       NULL, &event);

> +	if (ret != EFI_SUCCESS) {

> +		tcg2_uninit();

> +		goto fail;

> +	}

> +

>   	ret = tcg2_measure_secure_boot_variable(dev);

>   	if (ret != EFI_SUCCESS) {

>   		tcg2_uninit();

>
Heinrich Schuchardt Aug. 14, 2021, 9:06 a.m. | #2
On 8/13/21 9:12 AM, Masahisa Kojima wrote:
> TCG PC Client PFP spec requires to measure

> "Exit Boot Services Invocation" if ExitBootServices() is invoked.

> Depending upon the return code from the ExitBootServices() call,

> "Exit Boot Services Returned with Success" or "Exit Boot Services

> Returned with Failure" is also measured.

>

> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

> ---

> Changes in v4:

> - remove unnecessary EFIAPI specifier

>

> Changes in v2:

> - use strlen instead of sizeof, event log for EV_EFI_ACTION string

>

>    shall not include NUL terminator

>   include/efi_loader.h          |  1 +

>   lib/efi_loader/efi_boottime.c |  5 +++

>   lib/efi_loader/efi_tcg2.c     | 70 +++++++++++++++++++++++++++++++++++

>   3 files changed, 76 insertions(+)

>

> diff --git a/include/efi_loader.h b/include/efi_loader.h

> index 6f61e9faac..32cb8d0f1e 100644

> --- a/include/efi_loader.h

> +++ b/include/efi_loader.h

> @@ -499,6 +499,7 @@ efi_status_t efi_run_image(void *source_buffer, efi_uintn_t source_size);

>   efi_status_t efi_init_variables(void);

>   /* Notify ExitBootServices() is called */

>   void efi_variables_boot_exit_notify(void);

> +efi_status_t efi_tcg2_notify_exit_boot_services_failed(void);

>   /* Measure efi application invocation */

>   efi_status_t efi_tcg2_measure_efi_app_invocation(void);

>   /* Measure efi application exit */

> diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c

> index 13ab139222..b818cbb540 100644

> --- a/lib/efi_loader/efi_boottime.c

> +++ b/lib/efi_loader/efi_boottime.c

> @@ -2182,6 +2182,11 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,

>   	efi_set_watchdog(0);

>   	WATCHDOG_RESET();

>   out:

> +	if (ret != EFI_SUCCESS) {

> +		if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL))

> +			efi_tcg2_notify_exit_boot_services_failed();

> +	}

> +

>   	return EFI_EXIT(ret);

>   }

>

> diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c

> index ed71337780..8557fce1da 100644

> --- a/lib/efi_loader/efi_tcg2.c

> +++ b/lib/efi_loader/efi_tcg2.c

> @@ -1506,6 +1506,67 @@ efi_status_t efi_tcg2_measure_efi_app_exit(void)

>   	return ret;

>   }

>

> +/**

> + * efi_tcg2_notify_exit_boot_services() - ExitBootService callback

> + *

> + * @event:	callback event

> + * @context:	callback context

> + */

> +static void


Event notification functions must be of return type void EFIAPI to match
the ABI used by the x86_64 in the UEFI API.

I will fix this when merging.

Best regards

Heinrich

> +efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)

> +{

> +	efi_status_t ret;

> +	struct udevice *dev;

> +

> +	EFI_ENTRY("%p, %p", event, context);

> +

> +	ret = platform_get_tpm2_device(&dev);

> +	if (ret != EFI_SUCCESS)

> +		goto out;

> +

> +	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> +				 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),

> +				 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);

> +	if (ret != EFI_SUCCESS)

> +		goto out;

> +

> +	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> +				 strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED),

> +				 (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED);

> +

> +out:

> +	EFI_EXIT(ret);

> +}

> +

> +/**

> + * efi_tcg2_notify_exit_boot_services_failed()

> + *  - notify ExitBootServices() is failed

> + *

> + * Return:	status code

> + */

> +efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)

> +{

> +	struct udevice *dev;

> +	efi_status_t ret;

> +

> +	ret = platform_get_tpm2_device(&dev);

> +	if (ret != EFI_SUCCESS)

> +		goto out;

> +

> +	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> +				 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),

> +				 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);

> +	if (ret != EFI_SUCCESS)

> +		goto out;

> +

> +	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> +				 strlen(EFI_EXIT_BOOT_SERVICES_FAILED),

> +				 (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED);

> +

> +out:

> +	return ret;

> +}

> +

>   /**

>    * tcg2_measure_secure_boot_variable() - measure secure boot variables

>    *

> @@ -1584,6 +1645,7 @@ efi_status_t efi_tcg2_register(void)

>   {

>   	efi_status_t ret = EFI_SUCCESS;

>   	struct udevice *dev;

> +	struct efi_event *event;

>

>   	ret = platform_get_tpm2_device(&dev);

>   	if (ret != EFI_SUCCESS) {

> @@ -1608,6 +1670,14 @@ efi_status_t efi_tcg2_register(void)

>   		goto fail;

>   	}

>

> +	ret = efi_create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK,

> +			       efi_tcg2_notify_exit_boot_services, NULL,

> +			       NULL, &event);

> +	if (ret != EFI_SUCCESS) {

> +		tcg2_uninit();

> +		goto fail;

> +	}

> +

>   	ret = tcg2_measure_secure_boot_variable(dev);

>   	if (ret != EFI_SUCCESS) {

>   		tcg2_uninit();

>
Masahisa Kojima Aug. 16, 2021, 12:33 a.m. | #3
On Sat, 14 Aug 2021 at 18:06, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
>

> On 8/13/21 9:12 AM, Masahisa Kojima wrote:

> > TCG PC Client PFP spec requires to measure

> > "Exit Boot Services Invocation" if ExitBootServices() is invoked.

> > Depending upon the return code from the ExitBootServices() call,

> > "Exit Boot Services Returned with Success" or "Exit Boot Services

> > Returned with Failure" is also measured.

> >

> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

> > ---

> > Changes in v4:

> > - remove unnecessary EFIAPI specifier

> >

> > Changes in v2:

> > - use strlen instead of sizeof, event log for EV_EFI_ACTION string

> >

> >    shall not include NUL terminator

> >   include/efi_loader.h          |  1 +

> >   lib/efi_loader/efi_boottime.c |  5 +++

> >   lib/efi_loader/efi_tcg2.c     | 70 +++++++++++++++++++++++++++++++++++

> >   3 files changed, 76 insertions(+)

> >

> > diff --git a/include/efi_loader.h b/include/efi_loader.h

> > index 6f61e9faac..32cb8d0f1e 100644

> > --- a/include/efi_loader.h

> > +++ b/include/efi_loader.h

> > @@ -499,6 +499,7 @@ efi_status_t efi_run_image(void *source_buffer, efi_uintn_t source_size);

> >   efi_status_t efi_init_variables(void);

> >   /* Notify ExitBootServices() is called */

> >   void efi_variables_boot_exit_notify(void);

> > +efi_status_t efi_tcg2_notify_exit_boot_services_failed(void);

> >   /* Measure efi application invocation */

> >   efi_status_t efi_tcg2_measure_efi_app_invocation(void);

> >   /* Measure efi application exit */

> > diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c

> > index 13ab139222..b818cbb540 100644

> > --- a/lib/efi_loader/efi_boottime.c

> > +++ b/lib/efi_loader/efi_boottime.c

> > @@ -2182,6 +2182,11 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,

> >       efi_set_watchdog(0);

> >       WATCHDOG_RESET();

> >   out:

> > +     if (ret != EFI_SUCCESS) {

> > +             if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL))

> > +                     efi_tcg2_notify_exit_boot_services_failed();

> > +     }

> > +

> >       return EFI_EXIT(ret);

> >   }

> >

> > diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c

> > index ed71337780..8557fce1da 100644

> > --- a/lib/efi_loader/efi_tcg2.c

> > +++ b/lib/efi_loader/efi_tcg2.c

> > @@ -1506,6 +1506,67 @@ efi_status_t efi_tcg2_measure_efi_app_exit(void)

> >       return ret;

> >   }

> >

> > +/**

> > + * efi_tcg2_notify_exit_boot_services() - ExitBootService callback

> > + *

> > + * @event:   callback event

> > + * @context: callback context

> > + */

> > +static void

>

> Event notification functions must be of return type void EFIAPI to match

> the ABI used by the x86_64 in the UEFI API.

>

> I will fix this when merging.


Hi Heinrich,

Thank you for your fix and merging.

Regards,
Masahisa Kojima

>

> Best regards

>

> Heinrich

>

> > +efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)

> > +{

> > +     efi_status_t ret;

> > +     struct udevice *dev;

> > +

> > +     EFI_ENTRY("%p, %p", event, context);

> > +

> > +     ret = platform_get_tpm2_device(&dev);

> > +     if (ret != EFI_SUCCESS)

> > +             goto out;

> > +

> > +     ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> > +                              strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),

> > +                              (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);

> > +     if (ret != EFI_SUCCESS)

> > +             goto out;

> > +

> > +     ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> > +                              strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED),

> > +                              (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED);

> > +

> > +out:

> > +     EFI_EXIT(ret);

> > +}

> > +

> > +/**

> > + * efi_tcg2_notify_exit_boot_services_failed()

> > + *  - notify ExitBootServices() is failed

> > + *

> > + * Return:   status code

> > + */

> > +efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)

> > +{

> > +     struct udevice *dev;

> > +     efi_status_t ret;

> > +

> > +     ret = platform_get_tpm2_device(&dev);

> > +     if (ret != EFI_SUCCESS)

> > +             goto out;

> > +

> > +     ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> > +                              strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),

> > +                              (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);

> > +     if (ret != EFI_SUCCESS)

> > +             goto out;

> > +

> > +     ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,

> > +                              strlen(EFI_EXIT_BOOT_SERVICES_FAILED),

> > +                              (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED);

> > +

> > +out:

> > +     return ret;

> > +}

> > +

> >   /**

> >    * tcg2_measure_secure_boot_variable() - measure secure boot variables

> >    *

> > @@ -1584,6 +1645,7 @@ efi_status_t efi_tcg2_register(void)

> >   {

> >       efi_status_t ret = EFI_SUCCESS;

> >       struct udevice *dev;

> > +     struct efi_event *event;

> >

> >       ret = platform_get_tpm2_device(&dev);

> >       if (ret != EFI_SUCCESS) {

> > @@ -1608,6 +1670,14 @@ efi_status_t efi_tcg2_register(void)

> >               goto fail;

> >       }

> >

> > +     ret = efi_create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK,

> > +                            efi_tcg2_notify_exit_boot_services, NULL,

> > +                            NULL, &event);

> > +     if (ret != EFI_SUCCESS) {

> > +             tcg2_uninit();

> > +             goto fail;

> > +     }

> > +

> >       ret = tcg2_measure_secure_boot_variable(dev);

> >       if (ret != EFI_SUCCESS) {

> >               tcg2_uninit();

> >

>

Patch

diff --git a/include/efi_loader.h b/include/efi_loader.h
index 6f61e9faac..32cb8d0f1e 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h
@@ -499,6 +499,7 @@  efi_status_t efi_run_image(void *source_buffer, efi_uintn_t source_size);
 efi_status_t efi_init_variables(void);
 /* Notify ExitBootServices() is called */
 void efi_variables_boot_exit_notify(void);
+efi_status_t efi_tcg2_notify_exit_boot_services_failed(void);
 /* Measure efi application invocation */
 efi_status_t efi_tcg2_measure_efi_app_invocation(void);
 /* Measure efi application exit */
diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
index 13ab139222..b818cbb540 100644
--- a/lib/efi_loader/efi_boottime.c
+++ b/lib/efi_loader/efi_boottime.c
@@ -2182,6 +2182,11 @@  static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
 	efi_set_watchdog(0);
 	WATCHDOG_RESET();
 out:
+	if (ret != EFI_SUCCESS) {
+		if (IS_ENABLED(CONFIG_EFI_TCG2_PROTOCOL))
+			efi_tcg2_notify_exit_boot_services_failed();
+	}
+
 	return EFI_EXIT(ret);
 }
 
diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c
index ed71337780..8557fce1da 100644
--- a/lib/efi_loader/efi_tcg2.c
+++ b/lib/efi_loader/efi_tcg2.c
@@ -1506,6 +1506,67 @@  efi_status_t efi_tcg2_measure_efi_app_exit(void)
 	return ret;
 }
 
+/**
+ * efi_tcg2_notify_exit_boot_services() - ExitBootService callback
+ *
+ * @event:	callback event
+ * @context:	callback context
+ */
+static void
+efi_tcg2_notify_exit_boot_services(struct efi_event *event, void *context)
+{
+	efi_status_t ret;
+	struct udevice *dev;
+
+	EFI_ENTRY("%p, %p", event, context);
+
+	ret = platform_get_tpm2_device(&dev);
+	if (ret != EFI_SUCCESS)
+		goto out;
+
+	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
+				 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
+				 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
+	if (ret != EFI_SUCCESS)
+		goto out;
+
+	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
+				 strlen(EFI_EXIT_BOOT_SERVICES_SUCCEEDED),
+				 (u8 *)EFI_EXIT_BOOT_SERVICES_SUCCEEDED);
+
+out:
+	EFI_EXIT(ret);
+}
+
+/**
+ * efi_tcg2_notify_exit_boot_services_failed()
+ *  - notify ExitBootServices() is failed
+ *
+ * Return:	status code
+ */
+efi_status_t efi_tcg2_notify_exit_boot_services_failed(void)
+{
+	struct udevice *dev;
+	efi_status_t ret;
+
+	ret = platform_get_tpm2_device(&dev);
+	if (ret != EFI_SUCCESS)
+		goto out;
+
+	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
+				 strlen(EFI_EXIT_BOOT_SERVICES_INVOCATION),
+				 (u8 *)EFI_EXIT_BOOT_SERVICES_INVOCATION);
+	if (ret != EFI_SUCCESS)
+		goto out;
+
+	ret = tcg2_measure_event(dev, 5, EV_EFI_ACTION,
+				 strlen(EFI_EXIT_BOOT_SERVICES_FAILED),
+				 (u8 *)EFI_EXIT_BOOT_SERVICES_FAILED);
+
+out:
+	return ret;
+}
+
 /**
  * tcg2_measure_secure_boot_variable() - measure secure boot variables
  *
@@ -1584,6 +1645,7 @@  efi_status_t efi_tcg2_register(void)
 {
 	efi_status_t ret = EFI_SUCCESS;
 	struct udevice *dev;
+	struct efi_event *event;
 
 	ret = platform_get_tpm2_device(&dev);
 	if (ret != EFI_SUCCESS) {
@@ -1608,6 +1670,14 @@  efi_status_t efi_tcg2_register(void)
 		goto fail;
 	}
 
+	ret = efi_create_event(EVT_SIGNAL_EXIT_BOOT_SERVICES, TPL_CALLBACK,
+			       efi_tcg2_notify_exit_boot_services, NULL,
+			       NULL, &event);
+	if (ret != EFI_SUCCESS) {
+		tcg2_uninit();
+		goto fail;
+	}
+
 	ret = tcg2_measure_secure_boot_variable(dev);
 	if (ret != EFI_SUCCESS) {
 		tcg2_uninit();