[PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Bret Barkelew]

Used to provision and maintain certain HW-defined NV spaces.

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2994

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)
 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)
 
+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)
+
 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)
 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)
 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)
@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;
 } TPM2_NV_UNDEFINESPACE_RESPONSE;
 
+typedef struct {
+  TPM2_COMMAND_HEADER       Header;
+  TPMI_RH_NV_INDEX          NvIndex;
+  TPMI_RH_PLATFORM          Platform;
+  UINT32                    AuthSessionSize;
+  TPMS_AUTH_COMMAND         AuthSession;
+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;
+
+typedef struct {
+  TPM2_RESPONSE_HEADER       Header;
+  UINT32                     AuthSessionSize;
+  TPMS_AUTH_RESPONSE         AuthSession;
+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;
+
 typedef struct {
   TPM2_COMMAND_HEADER       Header;
   TPMI_RH_NV_AUTH           AuthHandle;
@@ -506,6 +522,112 @@ Done:
   return Status;
 }
 
+/**
+  This command removes an index from the TPM.
+
+  @param[in]  NvIndex             The NV Index.
+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy
+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy
+
+  @retval EFI_SUCCESS             Operation completed successfully.
+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.
+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.
+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.
+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.
+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2NvUndefineSpaceSpecial (
+  IN      TPMI_RH_NV_INDEX          NvIndex,
+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,
+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL
+  )
+{
+  EFI_STATUS                              Status;
+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;
+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;
+  UINT32                                  SendBufferSize;
+  UINT32                                  RecvBufferSize;
+  UINT8                                   *Buffer;
+  UINT32                                  IndexAuthSize, PlatAuthSize;
+  TPM_RC                                  ResponseCode;
+
+  //
+  // Construct command
+  //
+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);
+
+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);
+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);
+
+  //
+  // Marshall the Auth Sessions for the two handles.
+  Buffer = (UINT8 *)&SendBuffer.AuthSession;
+  // IndexAuthSession
+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);
+  Buffer += IndexAuthSize;
+  // PlatAuthSession
+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);
+  Buffer += PlatAuthSize;
+  // AuthSessionSize
+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);
+
+  // Update total command size.
+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
+
+  //
+  // send Tpm command
+  //
+  RecvBufferSize = sizeof (RecvBuffer);
+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);
+  if (EFI_ERROR (Status)) {
+    goto Done;
+  }
+
+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));
+    Status = EFI_DEVICE_ERROR;
+    goto Done;
+  }
+
+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
+  if (ResponseCode != TPM_RC_SUCCESS) {
+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
+  }
+  switch (ResponseCode) {
+  case TPM_RC_SUCCESS:
+    // return data
+    break;
+  case TPM_RC_ATTRIBUTES:
+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:
+    Status = EFI_UNSUPPORTED;
+    break;
+  case TPM_RC_NV_AUTHORIZATION:
+    Status = EFI_SECURITY_VIOLATION;
+    break;
+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:
+    Status = EFI_NOT_FOUND;
+    break;
+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:
+    Status = EFI_INVALID_PARAMETER;
+    break;
+  default:
+    Status = EFI_DEVICE_ERROR;
+    break;
+  }
+
+Done:
+  //
+  // Clear AuthSession Content
+  //
+  ZeroMem (&SendBuffer, sizeof(SendBuffer));
+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
+  return Status;
+} // Tpm2NvUndefineSpaceSpecial()
+
 /**
   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().
 
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL
   );
 
+/**
+  This command removes an index from the TPM.
+
+  @param[in]  NvIndex             The NV Index.
+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy
+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy
+
+  @retval EFI_SUCCESS             Operation completed successfully.
+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.
+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.
+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.
+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.
+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2NvUndefineSpaceSpecial (
+  IN      TPMI_RH_NV_INDEX          NvIndex,
+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,
+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL
+  );
+
 /**
   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().
 
-- 
2.31.1.windows.1

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Bret Barkelew]

[-- Attachment #1: Type: text/plain, Size: 10930 bytes --]

Note, even though this keeps with the style of the rest of the file, it breaks ECC:
SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon · Pull Request #1848 · tianocore/edk2 (github.com)<https://github.com/tianocore/edk2/pull/1848>

PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --
ERROR -
ERROR -
ERROR - EFI coding style error
ERROR - *Error code: 8001
ERROR - *Only capital letters are allowed to be used for #define declarations
ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
ERROR - *Line number: 27
ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no

Thoughts?

- Bret

From: Bret Barkelew via groups.io<mailto:bret=corthon.com@groups.io>
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)



+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;



+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0 [brbarkel@microsoft.com]
-=-=-=-=-=-=



[-- Attachment #2: Type: text/html, Size: 22701 bytes --]

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Bret Barkelew]

[-- Attachment #1.1: Type: text/plain, Size: 13853 bytes --]

Poking this one.


  1.  It’s a easy review with small, obvious code change.
  2.  I need some answers on “when is it okay to violate ECC/PatchCheck, if the new code matches the style of the existing code. Should I endeavor to pass the PatchCheck and ECCCheck with this patch only, and leave it in conflict with the rest of the file?

Thanks!

- Bret

From: Bret Barkelew via groups.io<mailto:bret.barkelew=microsoft.com@groups.io>
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

Note, even though this keeps with the style of the rest of the file, it breaks ECC:
SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon · Pull Request #1848 · tianocore/edk2 (github.com)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C54f6a1acc6bb476e2ecb08d953850ece%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632653231745775%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=FsjyOQ%2FlBlbUlCBndVhxVbROhW%2Bd66q2g4m63sBg%2BHc%3D&reserved=0>

PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --
ERROR -
ERROR -
ERROR - EFI coding style error
ERROR - *Error code: 8001
ERROR - *Only capital letters are allowed to be used for #define declarations
ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
ERROR - *Line number: 27
ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no

Thoughts?

- Bret

From: Bret Barkelew via groups.io<mailto:bret=corthon.com@groups.io>
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C54f6a1acc6bb476e2ecb08d953850ece%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632653231755738%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3Os5cZEtbmZ9h5Jz0Zz5er2gG%2FNO%2FSSmnqVGuoYiqdY%3D&reserved=0>

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)



+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;



+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C54f6a1acc6bb476e2ecb08d953850ece%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632653231895126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=B%2F3nLuwt9gFDuhNUND6M2bkSZIm5hrDOMoff6gMyGqg%3D&reserved=0>
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C54f6a1acc6bb476e2ecb08d953850ece%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632653231905080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BF9PwG0Bq1qUfwz4IMyUnvTULrxgPAqwER3y3OEo%2FI4%3D&reserved=0>
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C54f6a1acc6bb476e2ecb08d953850ece%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632653231905080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=jV0EF5RFetp5FaSpWkJGwBC38c9zIsLOaFp0%2FKtDE44%3D&reserved=0> [brbarkel@microsoft.com]
-=-=-=-=-=-=




[-- Attachment #1.2: Type: text/html, Size: 26672 bytes --]

[-- Attachment #2: 4D96BF5B4EAA45B6A42D57A0600780E3.png --]
[-- Type: image/png, Size: 140 bytes --]

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Bret Barkelew]

[-- Attachment #1: Type: text/plain, Size: 14504 bytes --]

Thoughts?

- Bret

________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io>
Sent: Wednesday, August 4, 2021 9:32:32 AM
To: devel@edk2.groups.io <devel@edk2.groups.io>; bret@corthon.com <bret@corthon.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Qi Zhang <qi1.zhang@intel.com>; Rahul Kumar <rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Poking this one.



  1.  It’s a easy review with small, obvious code change.
  2.  I need some answers on “when is it okay to violate ECC/PatchCheck, if the new code matches the style of the existing code. Should I endeavor to pass the PatchCheck and ECCCheck with this patch only, and leave it in conflict with the rest of the file?



Thanks!



- Bret



From: Bret Barkelew via groups.io<mailto:bret.barkelew=microsoft.com@groups.io>
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Note, even though this keeps with the style of the rest of the file, it breaks ECC:

SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon · Pull Request #1848 · tianocore/edk2 (github.com)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cfe8eb7e487664492e2cc08d957657978%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637636917288577969%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=02RQYngWn6MoSWUvzakivPEZKpu%2BQ0QzV1oDnrxugno%3D&reserved=0>



PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --

ERROR -

ERROR -

ERROR - EFI coding style error

ERROR - *Error code: 8001

ERROR - *Only capital letters are allowed to be used for #define declarations

ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c

ERROR - *Line number: 27

ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no



Thoughts?



- Bret



From: Bret Barkelew via groups.io<mailto:bret=corthon.com@groups.io>
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cfe8eb7e487664492e2cc08d957657978%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637636917288587926%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=0A5MYpi%2FFRfhR3UMP9GoXcakIsXTDMwoMpnIiWM%2FaXc%3D&reserved=0>

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)



+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;



+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cfe8eb7e487664492e2cc08d957657978%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637636917288587926%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=MTMeENvbWKzzFt2YieL5n8pfJjXIQANy4HQeRUswNBE%3D&reserved=0>
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cfe8eb7e487664492e2cc08d957657978%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637636917288597883%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=tpjITyzc9QGjS0qLGRxqqnQ%2F%2Fll7Oa1WCIE%2FBMrBbCA%3D&reserved=0>
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cfe8eb7e487664492e2cc08d957657978%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637636917288597883%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=vjPbkjmrz4mEE2mKSiFfnMd1F8uEGZfH0cpKaNCiCaY%3D&reserved=0> [brbarkel@microsoft.com]
-=-=-=-=-=-=







[-- Attachment #2: Type: text/html, Size: 28831 bytes --]

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Bret Barkelew]

[-- Attachment #1: Type: text/plain, Size: 15111 bytes --]

Thoughts?

- Bret

________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io>
Sent: Wednesday, August 11, 2021 12:37:52 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>; bret@corthon.com <bret@corthon.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Qi Zhang <qi1.zhang@intel.com>; Rahul Kumar <rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Thoughts?



- Bret



________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io>
Sent: Wednesday, August 4, 2021 9:32:32 AM
To: devel@edk2.groups.io <devel@edk2.groups.io>; bret@corthon.com <bret@corthon.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Jian J Wang <jian.j.wang@intel.com>; Qi Zhang <qi1.zhang@intel.com>; Rahul Kumar <rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Poking this one.



  1.  It’s a easy review with small, obvious code change.
  2.  I need some answers on “when is it okay to violate ECC/PatchCheck, if the new code matches the style of the existing code. Should I endeavor to pass the PatchCheck and ECCCheck with this patch only, and leave it in conflict with the rest of the file?



Thanks!



- Bret



From: Bret Barkelew via groups.io<mailto:bret.barkelew=microsoft.com@groups.io>
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Note, even though this keeps with the style of the rest of the file, it breaks ECC:

SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon · Pull Request #1848 · tianocore/edk2 (github.com)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cba78a3e7f9c74b56180308d95cff85ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637643074816403966%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=W6%2FZUYQmTc5I6ks8woDCoBw%2FtTmYrNn79jtLB8fEeYE%3D&reserved=0>



PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --

ERROR -

ERROR -

ERROR - EFI coding style error

ERROR - *Error code: 8001

ERROR - *Only capital letters are allowed to be used for #define declarations

ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c

ERROR - *Line number: 27

ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no



Thoughts?



- Bret



From: Bret Barkelew via groups.io<mailto:bret=corthon.com@groups.io>
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cba78a3e7f9c74b56180308d95cff85ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637643074816413922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AaKL%2BDQTryN6x9nNVyvMDuV%2B04EkYV%2BVYuXC2aVw4n4%3D&reserved=0>

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Cc: Rahul Kumar <rahul1.kumar@intel.com>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)



+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;



+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cba78a3e7f9c74b56180308d95cff85ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637643074816413922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=K0A5SdqSU5yx3b3r8tm7h6aCPrN14q8IaFUnACvj%2BJM%3D&reserved=0>
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cba78a3e7f9c74b56180308d95cff85ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637643074816423877%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=v1MYXgPFzvCFw%2FQuWkawIHp4Qptang3Apwu%2BUWh9pYI%3D&reserved=0>
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cba78a3e7f9c74b56180308d95cff85ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637643074816423877%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=z1FcgbeOOFrnnzd7U5bgjlwsdc1i8msijhK3g1qtw38%3D&reserved=0> [brbarkel@microsoft.com]
-=-=-=-=-=-=







[-- Attachment #2: Type: text/html, Size: 30266 bytes --]

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Yao, Jiewen]

[-- Attachment #1: Type: text/plain, Size: 16498 bytes --]

I don't know the answer about ECC or PatchChecker.
I  just know we need pass CI to merge the patch.

Thank you
Yao Jiewen

From: Bret Barkelew <Bret.Barkelew@microsoft.com>
Sent: Friday, August 13, 2021 1:52 AM
To: devel@edk2.groups.io; bret@corthon.com
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

Thoughts?

- Bret

________________________________
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io<mailto:bret.barkelew=microsoft.com@groups.io>>
Sent: Wednesday, August 11, 2021 12:37:52 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; bret@corthon.com<mailto:bret@corthon.com> <bret@corthon.com<mailto:bret@corthon.com>>
Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Thoughts?



- Bret



________________________________
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io<mailto:bret.barkelew=microsoft.com@groups.io>>
Sent: Wednesday, August 4, 2021 9:32:32 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; bret@corthon.com<mailto:bret@corthon.com> <bret@corthon.com<mailto:bret@corthon.com>>
Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Poking this one.



  1.  It's a easy review with small, obvious code change.
  2.  I need some answers on "when is it okay to violate ECC/PatchCheck, if the new code matches the style of the existing code. Should I endeavor to pass the PatchCheck and ECCCheck with this patch only, and leave it in conflict with the rest of the file?



Thanks!



- Bret



From: Bret Barkelew via groups.io<mailto:bret.barkelew=microsoft.com@groups.io>
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Note, even though this keeps with the style of the rest of the file, it breaks ECC:

SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon * Pull Request #1848 * tianocore/edk2 (github.com)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cba78a3e7f9c74b56180308d95cff85ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637643074816403966%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=W6%2FZUYQmTc5I6ks8woDCoBw%2FtTmYrNn79jtLB8fEeYE%3D&reserved=0>



PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --

ERROR -

ERROR -

ERROR - EFI coding style error

ERROR - *Error code: 8001

ERROR - *Only capital letters are allowed to be used for #define declarations

ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c

ERROR - *Line number: 27

ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no



Thoughts?



- Bret



From: Bret Barkelew via groups.io<mailto:bret=corthon.com@groups.io>
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cba78a3e7f9c74b56180308d95cff85ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637643074816413922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AaKL%2BDQTryN6x9nNVyvMDuV%2B04EkYV%2BVYuXC2aVw4n4%3D&reserved=0>

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com<mailto:bret.barkelew@microsoft.com>>
Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)



+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;



+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cba78a3e7f9c74b56180308d95cff85ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637643074816413922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=K0A5SdqSU5yx3b3r8tm7h6aCPrN14q8IaFUnACvj%2BJM%3D&reserved=0>
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cba78a3e7f9c74b56180308d95cff85ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637643074816423877%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=v1MYXgPFzvCFw%2FQuWkawIHp4Qptang3Apwu%2BUWh9pYI%3D&reserved=0>
Group Owner: devel+owner@edk2.groups.io<mailto:devel+owner@edk2.groups.io>
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7Cbret.barkelew%40microsoft.com%7Cba78a3e7f9c74b56180308d95cff85ac%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637643074816423877%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=z1FcgbeOOFrnnzd7U5bgjlwsdc1i8msijhK3g1qtw38%3D&reserved=0> [brbarkel@microsoft.com]
-=-=-=-=-=-=






[-- Attachment #2: Type: text/html, Size: 30211 bytes --]

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Bret Barkelew]

[-- Attachment #1.1: Type: text/plain, Size: 17141 bytes --]

+ @Kinney, Michael D<mailto:michael.d.kinney@intel.com>

Mike, any thoughts on when “sticking with the file convention” breaks ECC? Should I just ignore the rest of the file and pass ECC at all costs?

- Bret

From: Yao, Jiewen<mailto:jiewen.yao@intel.com>
Sent: Thursday, August 12, 2021 5:06 PM
To: Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Zhang, Qi1<mailto:qi1.zhang@intel.com>; Kumar, Rahul1<mailto:rahul1.kumar@intel.com>
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

I don’t know the answer about ECC or PatchChecker.
I  just know we need pass CI to merge the patch.

Thank you
Yao Jiewen

From: Bret Barkelew <Bret.Barkelew@microsoft.com>
Sent: Friday, August 13, 2021 1:52 AM
To: devel@edk2.groups.io; bret@corthon.com
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

Thoughts?

- Bret


From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io<mailto:bret.barkelew=microsoft.com@groups.io>>
Sent: Wednesday, August 11, 2021 12:37:52 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; bret@corthon.com<mailto:bret@corthon.com> <bret@corthon.com<mailto:bret@corthon.com>>
Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Thoughts?



- Bret



From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io<mailto:bret.barkelew=microsoft.com@groups.io>>
Sent: Wednesday, August 4, 2021 9:32:32 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; bret@corthon.com<mailto:bret@corthon.com> <bret@corthon.com<mailto:bret@corthon.com>>
Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Poking this one.



  1.  It’s a easy review with small, obvious code change.
  2.  I need some answers on “when is it okay to violate ECC/PatchCheck, if the new code matches the style of the existing code. Should I endeavor to pass the PatchCheck and ECCCheck with this patch only, and leave it in conflict with the rest of the file?



Thanks!



- Bret



From: Bret Barkelew via groups.io<mailto:bret.barkelew=microsoft.com@groups.io>
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Note, even though this keeps with the style of the rest of the file, it breaks ECC:

SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon · Pull Request #1848 · tianocore/edk2 (github.com)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117879377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7uX%2FX1sJDbWsxeqYtqfQIFXBbDRVnii7kcJ1nri65T4%3D&reserved=0>



PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --

ERROR -

ERROR -

ERROR - EFI coding style error

ERROR - *Error code: 8001

ERROR - *Only capital letters are allowed to be used for #define declarations

ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c

ERROR - *Line number: 27

ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no



Thoughts?



- Bret



From: Bret Barkelew via groups.io<mailto:bret=corthon.com@groups.io>
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117889332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=padkn1C%2BUQzKQSPo5gyurkMYW5ihwyf2Wm2mp2lrRKg%3D&reserved=0>

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com<mailto:bret.barkelew@microsoft.com>>
Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)



+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;



+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117889332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5xF1G1wVYzxVg8d6jArEFdAZnDdNqdWIAOvw8FJV07M%3D&reserved=0>
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117899289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=2FYy4OplAG2hC8gFxfV3zySEX4SPryroOsIJ9BpQ8v0%3D&reserved=0>
Group Owner: devel+owner@edk2.groups.io<mailto:devel+owner@edk2.groups.io>
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117909246%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uaOZ7%2FL3FmNlZ%2Fj0jKkSVLWQElFkWKNORPvvZW%2Bu8AM%3D&reserved=0> [brbarkel@microsoft.com]
-=-=-=-=-=-=







[-- Attachment #1.2: Type: text/html, Size: 32057 bytes --]

[-- Attachment #2: 3878A2CE54124E7896BE6AF78E1D56B9.png --]
[-- Type: image/png, Size: 152 bytes --]

[-- Attachment #3: 8CAE4F0ABE5B4D61AD65239F3B1D6AA0.png --]
[-- Type: image/png, Size: 151 bytes --]

回复: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[gaoliming]

[-- Attachment #1.1: Type: text/plain, Size: 18403 bytes --]

Bret:

 I suggest to define new macro that follows EDKII style. This MACRO is only
used in CommandLib. Its impact should be small. 

 

Thanks

Liming

发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Bret Barkelew via
groups.io
发送时间: 2021年8月13日 8:24
收件人: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
bret@corthon.com; Kinney, Michael D <michael.d.kinney@intel.com>
抄送: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1
<qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
主题: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add
Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

+  <mailto:michael.d.kinney@intel.com> @Kinney, Michael D

 

Mike, any thoughts on when “sticking with the file convention” breaks ECC?
Should I just ignore the rest of the file and pass ECC at all costs?

 

- Bret 

 

From: Yao, Jiewen <mailto:jiewen.yao@intel.com> 
Sent: Thursday, August 12, 2021 5:06 PM
To: Bret Barkelew <mailto:Bret.Barkelew@microsoft.com> ;
devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; bret@corthon.com
<mailto:bret@corthon.com> 
Cc: Wang, Jian J <mailto:jian.j.wang@intel.com> ; Zhang, Qi1
<mailto:qi1.zhang@intel.com> ; Kumar, Rahul1 <mailto:rahul1.kumar@intel.com>

Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add
Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

I don’t know the answer about ECC or PatchChecker.

I  just know we need pass CI to merge the patch.

 

Thank you

Yao Jiewen

 

From: Bret Barkelew <Bret.Barkelew@microsoft.com
<mailto:Bret.Barkelew@microsoft.com> > 
Sent: Friday, August 13, 2021 1:52 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; bret@corthon.com
<mailto:bret@corthon.com> 
Cc: Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; Wang,
Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Zhang, Qi1
<qi1.zhang@intel.com <mailto:qi1.zhang@intel.com> >; Kumar, Rahul1
<rahul1.kumar@intel.com <mailto:rahul1.kumar@intel.com> >
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add
Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

Thoughts?

 

- Bret 

 



From: devel@edk2.groups.io <mailto:devel@edk2.groups.io>
<devel@edk2.groups.io <mailto:devel@edk2.groups.io> > on behalf of Bret
Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io
<mailto:bret.barkelew=microsoft.com@groups.io> >
Sent: Wednesday, August 11, 2021 12:37:52 PM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io>
<devel@edk2.groups.io <mailto:devel@edk2.groups.io> >; bret@corthon.com
<mailto:bret@corthon.com>  <bret@corthon.com <mailto:bret@corthon.com> >
Cc: Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; Jian
J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Qi Zhang
<qi1.zhang@intel.com <mailto:qi1.zhang@intel.com> >; Rahul Kumar
<rahul1.kumar@intel.com <mailto:rahul1.kumar@intel.com> >
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add
Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib 

 

Thoughts?

 

- Bret 

 



From: devel@edk2.groups.io <mailto:devel@edk2.groups.io>
<devel@edk2.groups.io <mailto:devel@edk2.groups.io> > on behalf of Bret
Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io
<mailto:bret.barkelew=microsoft.com@groups.io> >
Sent: Wednesday, August 4, 2021 9:32:32 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io>
<devel@edk2.groups.io <mailto:devel@edk2.groups.io> >; bret@corthon.com
<mailto:bret@corthon.com>  <bret@corthon.com <mailto:bret@corthon.com> >
Cc: Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; Jian
J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Qi Zhang
<qi1.zhang@intel.com <mailto:qi1.zhang@intel.com> >; Rahul Kumar
<rahul1.kumar@intel.com <mailto:rahul1.kumar@intel.com> >
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add
Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib 

 

Poking this one.

 

1.	It’s a easy review with small, obvious code change.
2.	I need some answers on “when is it okay to violate ECC/PatchCheck,
if the new code matches the style of the existing code. Should I endeavor to
pass the PatchCheck and ECCCheck with this patch only, and leave it in
conflict with the rest of the file?

 

Thanks!

 

- Bret 

 

From: Bret Barkelew via groups.io
<mailto:bret.barkelew=microsoft.com@groups.io> 
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; bret@corthon.com
<mailto:bret@corthon.com> 
Cc: Yao, Jiewen <mailto:jiewen.yao@intel.com> ; Jian J Wang
<mailto:jian.j.wang@intel.com> ; Qi Zhang <mailto:qi1.zhang@intel.com> ;
Rahul Kumar <mailto:rahul1.kumar@intel.com> 
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add
Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

Note, even though this keeps with the style of the rest of the file, it
breaks ECC:

SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by
corthon ・ Pull Request #1848 ・ tianocore/edk2 (github.com) <https://nam06.
safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2
Fedk2%2Fpull%2F1848&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5
a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6376441
00117879377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7uX%2FX1sJDbWsxeqYtqfQIFXBbDRVnii7kc
J1nri65T4%3D&reserved=0> 

 

PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET -- 

ERROR - 

ERROR - 

ERROR - EFI coding style error 

ERROR - *Error code: 8001 

ERROR - *Only capital letters are allowed to be used for #define
declarations 

ERROR - *file:
//home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c 

ERROR - *Line number: 27 

ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no

 

Thoughts?

 

- Bret 

 

From: Bret Barkelew via groups.io <mailto:bret=corthon.com@groups.io> 
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> 
Cc: Yao, Jiewen <mailto:jiewen.yao@intel.com> ; Jian J Wang
<mailto:jian.j.wang@intel.com> ; Qi Zhang <mailto:qi1.zhang@intel.com> ;
Rahul Kumar <mailto:rahul1.kumar@intel.com> 
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add
Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

Used to provision and maintain certain HW-defined NV spaces.

REF:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.t
ianocore.org%2Fshow_bug.cgi%3Fid%3D2994 <https://nam06.safelinks.protection.
outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D
2994&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d9
5dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117889332%7CU
nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJ
XVCI6Mn0%3D%7C1000&sdata=padkn1C%2BUQzKQSPo5gyurkMYW5ihwyf2Wm2mp2lrRKg%3D&re
served=0>
&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d9
53833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CU
nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJ
XVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3
D&amp;reserved=0

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com
<mailto:bret.barkelew@microsoft.com> >
Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >
Cc: Jian J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >
Cc: Qi Zhang <qi1.zhang@intel.com <mailto:qi1.zhang@intel.com> >
Cc: Rahul Kumar <rahul1.kumar@intel.com <mailto:rahul1.kumar@intel.com> >
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122
++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)

 

+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;

 

+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }

 

+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index
auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform
auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully,
but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support
deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current
policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode =
SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer,
&RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error
- %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode -
%x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: //
TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined
by TPM2_NV_DefineSpace().

 

diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );

 

+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index
auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform
auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully,
but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support
deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current
policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined
by TPM2_NV_DefineSpace().

 

-- 
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450):
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.group
s.io%2Fg%2Fdevel%2Fmessage%2F78450
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.grou
ps.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7CBret.Barkelew%40microsoft
.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7
C1%7C0%7C637644100117889332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQ
IjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5xF1G1wVYzxVg8d6jArE
FdAZnDdNqdWIAOvw8FJV07M%3D&reserved=0>
&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d9
53833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CU
nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJ
XVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3
D&amp;reserved=0
Mute This Topic:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%
2Fmt%2F84555713%2F1822150
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io
%2Fmt%2F84555713%2F1822150&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce9
0f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C
637644100117899289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luM
zIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=2FYy4OplAG2hC8gFxfV3zySEX4SPr
yroOsIJ9BpQ8v0%3D&reserved=0> &amp;data=04%7C01%7CBret.Barkelew%40microsoft.
com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C
1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI
joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLY
Qa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0
Group Owner: devel+owner@edk2.groups.io <mailto:devel+owner@edk2.groups.io> 
Unsubscribe:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.group
s.io%2Fg%2Fdevel%2Funsub
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.grou
ps.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90
f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6
37644100117909246%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMz
IiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uaOZ7%2FL3FmNlZ%2Fj0jKkSVLWQEl
FkWKNORPvvZW%2Bu8AM%3D&reserved=0>
&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d9
53833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CU
nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJ
XVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&
amp;reserved=0 [brbarkel@microsoft.com]
-=-=-=-=-=-=

 

 

 




[-- Attachment #1.2: Type: text/html, Size: 35761 bytes --]

[-- Attachment #2: image001.png --]
[-- Type: image/png, Size: 235 bytes --]

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Yao, Jiewen]

[-- Attachment #1.1: Type: text/plain, Size: 21265 bytes --]

Hi
I have seen such exception in the industry standard file, such as

https://github.com/tianocore/edk2/blob/master/MdePkg/Include/IndustryStandard/Tpm20.h

#define TPM_CC_NV_UndefineSpaceSpecial    (TPM_CC)(0x0000011F)
#define TPM_CC_EvictControl               (TPM_CC)(0x00000120)
#define TPM_CC_HierarchyControl           (TPM_CC)(0x00000121)
#define TPM_CC_NV_UndefineSpace           (TPM_CC)(0x00000122)
#define TPM_CC_ChangeEPS                  (TPM_CC)(0x00000124)
#define TPM_CC_ChangePPS                  (TPM_CC)(0x00000125)
#define TPM_CC_Clear                      (TPM_CC)(0x00000126)
#define TPM_CC_ClearControl               (TPM_CC)(0x00000127)
#define TPM_CC_ClockSet                   (TPM_CC)(0x00000128)
#define TPM_CC_HierarchyChangeAuth        (TPM_CC)(0x00000129)
#define TPM_CC_NV_DefineSpace             (TPM_CC)(0x0000012A)
#define TPM_CC_PCR_Allocate               (TPM_CC)(0x0000012B)
#define TPM_CC_PCR_SetAuthPolicy          (TPM_CC)(0x0000012C)
#define TPM_CC_PP_Commands                (TPM_CC)(0x0000012D)
#define TPM_CC_SetPrimaryPolicy           (TPM_CC)(0x0000012E)
#define TPM_CC_FieldUpgradeStart          (TPM_CC)(0x0000012F)
#define TPM_CC_ClockRateAdjust            (TPM_CC)(0x00000130)

https://github.com/tianocore/edk2/blob/master/MdePkg/Include/IndustryStandard/Tpm12.h

#define TPM_ORD_ActivateIdentity                  ((TPM_COMMAND_CODE) 0x0000007A)
#define TPM_ORD_AuthorizeMigrationKey             ((TPM_COMMAND_CODE) 0x0000002B)
#define TPM_ORD_CertifyKey                        ((TPM_COMMAND_CODE) 0x00000032)
#define TPM_ORD_CertifyKey2                       ((TPM_COMMAND_CODE) 0x00000033)
#define TPM_ORD_CertifySelfTest                   ((TPM_COMMAND_CODE) 0x00000052)
#define TPM_ORD_ChangeAuth                        ((TPM_COMMAND_CODE) 0x0000000C)
#define TPM_ORD_ChangeAuthAsymFinish              ((TPM_COMMAND_CODE) 0x0000000F)
#define TPM_ORD_ChangeAuthAsymStart               ((TPM_COMMAND_CODE) 0x0000000E)
#define TPM_ORD_ChangeAuthOwner                   ((TPM_COMMAND_CODE) 0x00000010)


I agree with Liming that if this is something completely defined by EDKII, we should align with EDKII.

But if this is something copied from other standard, I prefer we keep them as is and add those to exception list.
That makes easy for the domain specific expert to review the code.

Can we submit patch to add those to ECC exception list?

Thank you
Yao Jiewen

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of gaoliming
Sent: Friday, August 13, 2021 9:38 AM
To: devel@edk2.groups.io; bret.barkelew@microsoft.com; Yao, Jiewen <jiewen.yao@intel.com>; bret@corthon.com; Kinney, Michael D <michael.d.kinney@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
Subject: 回复: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

Bret:
 I suggest to define new macro that follows EDKII style. This MACRO is only used in CommandLib. Its impact should be small.

Thanks
Liming
发件人: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> 代表 Bret Barkelew via groups.io
发送时间: 2021年8月13日 8:24
收件人: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>; Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
抄送: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Kumar, Rahul1 <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
主题: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

+ @Kinney, Michael D<mailto:michael.d.kinney@intel.com>

Mike, any thoughts on when “sticking with the file convention” breaks ECC? Should I just ignore the rest of the file and pass ECC at all costs?

- Bret

From: Yao, Jiewen<mailto:jiewen.yao@intel.com>
Sent: Thursday, August 12, 2021 5:06 PM
To: Bret Barkelew<mailto:Bret.Barkelew@microsoft.com>; devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Wang, Jian J<mailto:jian.j.wang@intel.com>; Zhang, Qi1<mailto:qi1.zhang@intel.com>; Kumar, Rahul1<mailto:rahul1.kumar@intel.com>
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

I don’t know the answer about ECC or PatchChecker.
I  just know we need pass CI to merge the patch.

Thank you
Yao Jiewen

From: Bret Barkelew <Bret.Barkelew@microsoft.com<mailto:Bret.Barkelew@microsoft.com>>
Sent: Friday, August 13, 2021 1:52 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Kumar, Rahul1 <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

Thoughts?

- Bret


From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io<mailto:bret.barkelew=microsoft.com@groups.io>>
Sent: Wednesday, August 11, 2021 12:37:52 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; bret@corthon.com<mailto:bret@corthon.com> <bret@corthon.com<mailto:bret@corthon.com>>
Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Thoughts?



- Bret



From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io<mailto:bret.barkelew=microsoft.com@groups.io>>
Sent: Wednesday, August 4, 2021 9:32:32 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; bret@corthon.com<mailto:bret@corthon.com> <bret@corthon.com<mailto:bret@corthon.com>>
Cc: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Poking this one.



  1.  It’s a easy review with small, obvious code change.
  2.  I need some answers on “when is it okay to violate ECC/PatchCheck, if the new code matches the style of the existing code. Should I endeavor to pass the PatchCheck and ECCCheck with this patch only, and leave it in conflict with the rest of the file?



Thanks!



- Bret



From: Bret Barkelew via groups.io<mailto:bret.barkelew=microsoft.com@groups.io>
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Note, even though this keeps with the style of the rest of the file, it breaks ECC:

SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon · Pull Request #1848 · tianocore/edk2 (github.com)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117879377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7uX%2FX1sJDbWsxeqYtqfQIFXBbDRVnii7kcJ1nri65T4%3D&reserved=0>



PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --

ERROR -

ERROR -

ERROR - EFI coding style error

ERROR - *Error code: 8001

ERROR - *Only capital letters are allowed to be used for #define declarations

ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c

ERROR - *Line number: 27

ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no



Thoughts?



- Bret



From: Bret Barkelew via groups.io<mailto:bret=corthon.com@groups.io>
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117889332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=padkn1C%2BUQzKQSPo5gyurkMYW5ihwyf2Wm2mp2lrRKg%3D&reserved=0>

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com<mailto:bret.barkelew@microsoft.com>>
Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)



+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;



+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117889332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5xF1G1wVYzxVg8d6jArEFdAZnDdNqdWIAOvw8FJV07M%3D&reserved=0>
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117899289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=2FYy4OplAG2hC8gFxfV3zySEX4SPryroOsIJ9BpQ8v0%3D&reserved=0>
Group Owner: devel+owner@edk2.groups.io<mailto:devel+owner@edk2.groups.io>
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117909246%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uaOZ7%2FL3FmNlZ%2Fj0jKkSVLWQElFkWKNORPvvZW%2Bu8AM%3D&reserved=0> [brbarkel@microsoft.com]
-=-=-=-=-=-=







[-- Attachment #1.2: Type: text/html, Size: 43499 bytes --]

[-- Attachment #2: image001.png --]
[-- Type: image/png, Size: 235 bytes --]

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Yao, Jiewen]

[-- Attachment #1: Type: text/plain, Size: 14545 bytes --]

Hi Bret
Since it took much long time to get ECC feedback than I expected, I would give feedback on code while we are waiting.

1) Please confirm how you test the code, such as Microsoft platform ?
2) Please remove “+} // Tpm2NvUndefineSpaceSpecial()” at the end of the function. We do not use that style in other code.
3) Please copy the definition from TPM spec “This command allows removal of a platform-created NV Index that has TPMA_NV_POLICY_DELETE SET” to the function header description. The current one “This command removes an index from the TPM.” is for TPM2_NV_UndefineSpace instead of TPM2_NV_UndefineSpaceSpecial.

Since above comment does not impact any function, I would like to give RB.

With about change, reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>

Thank you
Yao Jiewen


From: Bret Barkelew via groups.io<mailto:bret.barkelew=microsoft.com@groups.io>
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Note, even though this keeps with the style of the rest of the file, it breaks ECC:

SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon · Pull Request #1848 · tianocore/edk2 (github.com)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117879377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7uX%2FX1sJDbWsxeqYtqfQIFXBbDRVnii7kcJ1nri65T4%3D&reserved=0>



PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --

ERROR -

ERROR -

ERROR - EFI coding style error

ERROR - *Error code: 8001

ERROR - *Only capital letters are allowed to be used for #define declarations

ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c

ERROR - *Line number: 27

ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no



Thoughts?



- Bret



From: Bret Barkelew via groups.io<mailto:bret=corthon.com@groups.io>
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117889332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=padkn1C%2BUQzKQSPo5gyurkMYW5ihwyf2Wm2mp2lrRKg%3D&reserved=0>

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com<mailto:bret.barkelew@microsoft.com>>
Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)



+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;



+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117889332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5xF1G1wVYzxVg8d6jArEFdAZnDdNqdWIAOvw8FJV07M%3D&reserved=0>
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117899289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=2FYy4OplAG2hC8gFxfV3zySEX4SPryroOsIJ9BpQ8v0%3D&reserved=0>
Group Owner: devel+owner@edk2.groups.io<mailto:devel+owner@edk2.groups.io>
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117909246%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uaOZ7%2FL3FmNlZ%2Fj0jKkSVLWQElFkWKNORPvvZW%2Bu8AM%3D&reserved=0> [brbarkel@microsoft.com]
-=-=-=-=-=-=







[-- Attachment #2: Type: text/html, Size: 30100 bytes --]

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Bret Barkelew]

[-- Attachment #1: Type: text/plain, Size: 15244 bytes --]

Thanks, Jiewen! I’ll make those changes!

- Bret
________________________________
From: Yao, Jiewen <jiewen.yao@intel.com>
Sent: Thursday, August 12, 2021 7:47:04 PM
To: devel@edk2.groups.io <devel@edk2.groups.io>; Yao, Jiewen <jiewen.yao@intel.com>; gaoliming@byosoft.com.cn <gaoliming@byosoft.com.cn>; Bret Barkelew <Bret.Barkelew@microsoft.com>; bret@corthon.com <bret@corthon.com>; Kinney, Michael D <michael.d.kinney@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Hi Bret

Since it took much long time to get ECC feedback than I expected, I would give feedback on code while we are waiting.



1) Please confirm how you test the code, such as Microsoft platform ?

2) Please remove “+} // Tpm2NvUndefineSpaceSpecial()” at the end of the function. We do not use that style in other code.

3) Please copy the definition from TPM spec “This command allows removal of a platform-created NV Index that has TPMA_NV_POLICY_DELETE SET” to the function header description. The current one “This command removes an index from the TPM.” is for TPM2_NV_UndefineSpace instead of TPM2_NV_UndefineSpaceSpecial.



Since above comment does not impact any function, I would like to give RB.



With about change, reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>



Thank you

Yao Jiewen



From: Bret Barkelew via groups.io<mailto:bret.barkelew=microsoft.com@groups.io>
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Note, even though this keeps with the style of the rest of the file, it breaks ECC:

SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon · Pull Request #1848 · tianocore/edk2 (github.com)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321232497%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1TMpHKJ9Mwh6VW4fBAjs0Cf2hIqcmbtDfNqsJY47z5U%3D&reserved=0>



PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --

ERROR -

ERROR -

ERROR - EFI coding style error

ERROR - *Error code: 8001

ERROR - *Only capital letters are allowed to be used for #define declarations

ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c

ERROR - *Line number: 27

ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no



Thoughts?



- Bret



From: Bret Barkelew via groups.io<mailto:bret=corthon.com@groups.io>
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321232497%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=q%2FGqsG776H1TD9bqGRw8ihZNDnJscXK0dwzEVGCNYf0%3D&reserved=0>

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com<mailto:bret.barkelew@microsoft.com>>
Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)



+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;



+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321232497%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9RfO5tO2iBj%2BR7eTmtcOkdgCyIXFOCVKtqxRt3sWNUA%3D&reserved=0>
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321242452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=C1krPlgEdkk%2FZ9PLVv6e3AwJCFAI%2BYl1uYU0kGXmkyY%3D&reserved=0>
Group Owner: devel+owner@edk2.groups.io<mailto:devel+owner@edk2.groups.io>
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321242452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FKgT0i6BOB11aRu2kw8yFoQ8y1jcg1eOgzg8CSEGXUA%3D&reserved=0> [brbarkel@microsoft.com]
-=-=-=-=-=-=









[-- Attachment #2: Type: text/html, Size: 27638 bytes --]

回复: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[gaoliming]

[-- Attachment #1.1: Type: text/plain, Size: 22616 bytes --]

Jiewen:

 Yes. If the definition is to align the industry standard definition, I am OK to add them into ECC exception. 

 

Thanks

Liming

发件人: devel@edk2.groups.io <devel@edk2.groups.io> 代表 Yao, Jiewen
发送时间: 2021年8月13日 10:30
收件人: devel@edk2.groups.io; gaoliming@byosoft.com.cn; bret.barkelew@microsoft.com; bret@corthon.com; Kinney, Michael D <michael.d.kinney@intel.com>
抄送: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
主题: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

Hi

I have seen such exception in the industry standard file, such as 

 

https://github.com/tianocore/edk2/blob/master/MdePkg/Include/IndustryStandard/Tpm20.h

 

#define TPM_CC_NV_UndefineSpaceSpecial    (TPM_CC)(0x0000011F)

#define TPM_CC_EvictControl               (TPM_CC)(0x00000120)

#define TPM_CC_HierarchyControl           (TPM_CC)(0x00000121)

#define TPM_CC_NV_UndefineSpace           (TPM_CC)(0x00000122)

#define TPM_CC_ChangeEPS                  (TPM_CC)(0x00000124)

#define TPM_CC_ChangePPS                  (TPM_CC)(0x00000125)

#define TPM_CC_Clear                      (TPM_CC)(0x00000126)

#define TPM_CC_ClearControl               (TPM_CC)(0x00000127)

#define TPM_CC_ClockSet                   (TPM_CC)(0x00000128)

#define TPM_CC_HierarchyChangeAuth        (TPM_CC)(0x00000129)

#define TPM_CC_NV_DefineSpace             (TPM_CC)(0x0000012A)

#define TPM_CC_PCR_Allocate               (TPM_CC)(0x0000012B)

#define TPM_CC_PCR_SetAuthPolicy          (TPM_CC)(0x0000012C)

#define TPM_CC_PP_Commands                (TPM_CC)(0x0000012D)

#define TPM_CC_SetPrimaryPolicy           (TPM_CC)(0x0000012E)

#define TPM_CC_FieldUpgradeStart          (TPM_CC)(0x0000012F)

#define TPM_CC_ClockRateAdjust            (TPM_CC)(0x00000130)

 

https://github.com/tianocore/edk2/blob/master/MdePkg/Include/IndustryStandard/Tpm12.h

 

#define TPM_ORD_ActivateIdentity                  ((TPM_COMMAND_CODE) 0x0000007A)

#define TPM_ORD_AuthorizeMigrationKey             ((TPM_COMMAND_CODE) 0x0000002B)

#define TPM_ORD_CertifyKey                        ((TPM_COMMAND_CODE) 0x00000032)

#define TPM_ORD_CertifyKey2                       ((TPM_COMMAND_CODE) 0x00000033)

#define TPM_ORD_CertifySelfTest                   ((TPM_COMMAND_CODE) 0x00000052)

#define TPM_ORD_ChangeAuth                        ((TPM_COMMAND_CODE) 0x0000000C)

#define TPM_ORD_ChangeAuthAsymFinish              ((TPM_COMMAND_CODE) 0x0000000F)

#define TPM_ORD_ChangeAuthAsymStart               ((TPM_COMMAND_CODE) 0x0000000E)

#define TPM_ORD_ChangeAuthOwner                   ((TPM_COMMAND_CODE) 0x00000010)

 

 

I agree with Liming that if this is something completely defined by EDKII, we should align with EDKII.

 

But if this is something copied from other standard, I prefer we keep them as is and add those to exception list.

That makes easy for the domain specific expert to review the code.

 

Can we submit patch to add those to ECC exception list?

 

Thank you

Yao Jiewen

 

From: devel@edk2.groups.io <mailto:devel@edk2.groups.io>  <devel@edk2.groups.io <mailto:devel@edk2.groups.io> > On Behalf Of gaoliming
Sent: Friday, August 13, 2021 9:38 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; bret.barkelew@microsoft.com <mailto:bret.barkelew@microsoft.com> ; Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; bret@corthon.com <mailto:bret@corthon.com> ; Kinney, Michael D <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com> >
Cc: Wang, Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Zhang, Qi1 <qi1.zhang@intel.com <mailto:qi1.zhang@intel.com> >; Kumar, Rahul1 <rahul1.kumar@intel.com <mailto:rahul1.kumar@intel.com> >
Subject: 回复: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

Bret:

 I suggest to define new macro that follows EDKII style. This MACRO is only used in CommandLib. Its impact should be small. 

 

Thanks

Liming

发件人: devel@edk2.groups.io <mailto:devel@edk2.groups.io>  <devel@edk2.groups.io <mailto:devel@edk2.groups.io> > 代表 Bret Barkelew via groups.io
发送时间: 2021年8月13日 8:24
收件人: Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; bret@corthon.com <mailto:bret@corthon.com> ; Kinney, Michael D <michael.d.kinney@intel.com <mailto:michael.d.kinney@intel.com> >
抄送: Wang, Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Zhang, Qi1 <qi1.zhang@intel.com <mailto:qi1.zhang@intel.com> >; Kumar, Rahul1 <rahul1.kumar@intel.com <mailto:rahul1.kumar@intel.com> >
主题: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

+  <mailto:michael.d.kinney@intel.com> @Kinney, Michael D

 

Mike, any thoughts on when “sticking with the file convention” breaks ECC? Should I just ignore the rest of the file and pass ECC at all costs?

 

- Bret 

 

From: Yao, Jiewen <mailto:jiewen.yao@intel.com> 
Sent: Thursday, August 12, 2021 5:06 PM
To: Bret Barkelew <mailto:Bret.Barkelew@microsoft.com> ; devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; bret@corthon.com <mailto:bret@corthon.com> 
Cc: Wang, Jian J <mailto:jian.j.wang@intel.com> ; Zhang, Qi1 <mailto:qi1.zhang@intel.com> ; Kumar, Rahul1 <mailto:rahul1.kumar@intel.com> 
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

I don’t know the answer about ECC or PatchChecker.

I  just know we need pass CI to merge the patch.

 

Thank you

Yao Jiewen

 

From: Bret Barkelew <Bret.Barkelew@microsoft.com <mailto:Bret.Barkelew@microsoft.com> > 
Sent: Friday, August 13, 2021 1:52 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; bret@corthon.com <mailto:bret@corthon.com> 
Cc: Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; Wang, Jian J <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Zhang, Qi1 <qi1.zhang@intel.com <mailto:qi1.zhang@intel.com> >; Kumar, Rahul1 <rahul1.kumar@intel.com <mailto:rahul1.kumar@intel.com> >
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

Thoughts?

 

- Bret 

 



From: devel@edk2.groups.io <mailto:devel@edk2.groups.io>  <devel@edk2.groups.io <mailto:devel@edk2.groups.io> > on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io <mailto:bret.barkelew=microsoft.com@groups.io> >
Sent: Wednesday, August 11, 2021 12:37:52 PM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io>  <devel@edk2.groups.io <mailto:devel@edk2.groups.io> >; bret@corthon.com <mailto:bret@corthon.com>  <bret@corthon.com <mailto:bret@corthon.com> >
Cc: Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; Jian J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Qi Zhang <qi1.zhang@intel.com <mailto:qi1.zhang@intel.com> >; Rahul Kumar <rahul1.kumar@intel.com <mailto:rahul1.kumar@intel.com> >
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib 

 

Thoughts?

 

- Bret 

 



From: devel@edk2.groups.io <mailto:devel@edk2.groups.io>  <devel@edk2.groups.io <mailto:devel@edk2.groups.io> > on behalf of Bret Barkelew via groups.io <bret.barkelew=microsoft.com@groups.io <mailto:bret.barkelew=microsoft.com@groups.io> >
Sent: Wednesday, August 4, 2021 9:32:32 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io>  <devel@edk2.groups.io <mailto:devel@edk2.groups.io> >; bret@corthon.com <mailto:bret@corthon.com>  <bret@corthon.com <mailto:bret@corthon.com> >
Cc: Yao, Jiewen <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >; Jian J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >; Qi Zhang <qi1.zhang@intel.com <mailto:qi1.zhang@intel.com> >; Rahul Kumar <rahul1.kumar@intel.com <mailto:rahul1.kumar@intel.com> >
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib 

 

Poking this one.

 

1.	It’s a easy review with small, obvious code change.
2.	I need some answers on “when is it okay to violate ECC/PatchCheck, if the new code matches the style of the existing code. Should I endeavor to pass the PatchCheck and ECCCheck with this patch only, and leave it in conflict with the rest of the file?

 

Thanks!

 

- Bret 

 

From: Bret Barkelew via groups.io <mailto:bret.barkelew=microsoft.com@groups.io> 
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> ; bret@corthon.com <mailto:bret@corthon.com> 
Cc: Yao, Jiewen <mailto:jiewen.yao@intel.com> ; Jian J Wang <mailto:jian.j.wang@intel.com> ; Qi Zhang <mailto:qi1.zhang@intel.com> ; Rahul Kumar <mailto:rahul1.kumar@intel.com> 
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

Note, even though this keeps with the style of the rest of the file, it breaks ECC:

SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon · Pull Request #1848 · tianocore/edk2 (github.com) <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117879377%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7uX%2FX1sJDbWsxeqYtqfQIFXBbDRVnii7kcJ1nri65T4%3D&reserved=0> 

 

PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET -- 

ERROR - 

ERROR - 

ERROR - EFI coding style error 

ERROR - *Error code: 8001 

ERROR - *Only capital letters are allowed to be used for #define declarations 

ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c 

ERROR - *Line number: 27 

ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no

 

Thoughts?

 

- Bret 

 

From: Bret Barkelew via groups.io <mailto:bret=corthon.com@groups.io> 
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io <mailto:devel@edk2.groups.io> 
Cc: Yao, Jiewen <mailto:jiewen.yao@intel.com> ; Jian J Wang <mailto:jian.j.wang@intel.com> ; Qi Zhang <mailto:qi1.zhang@intel.com> ; Rahul Kumar <mailto:rahul1.kumar@intel.com> 
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

 

Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117889332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=padkn1C%2BUQzKQSPo5gyurkMYW5ihwyf2Wm2mp2lrRKg%3D&reserved=0> &amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com <mailto:bret.barkelew@microsoft.com> >
Cc: Jiewen Yao <jiewen.yao@intel.com <mailto:jiewen.yao@intel.com> >
Cc: Jian J Wang <jian.j.wang@intel.com <mailto:jian.j.wang@intel.com> >
Cc: Qi Zhang <qi1.zhang@intel.com <mailto:qi1.zhang@intel.com> >
Cc: Rahul Kumar <rahul1.kumar@intel.com <mailto:rahul1.kumar@intel.com> >
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)

 

+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;

 

+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }

 

+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().

 

diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );

 

+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().

 

-- 
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117889332%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=5xF1G1wVYzxVg8d6jArEFdAZnDdNqdWIAOvw8FJV07M%3D&reserved=0> &amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150 <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117899289%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=2FYy4OplAG2hC8gFxfV3zySEX4SPryroOsIJ9BpQ8v0%3D&reserved=0> &amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0
Group Owner: devel+owner@edk2.groups.io <mailto:devel+owner@edk2.groups.io> 
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7CBret.Barkelew%40microsoft.com%7Ce90f066a5a8c4feae73108d95dee3ec3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644100117909246%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=uaOZ7%2FL3FmNlZ%2Fj0jKkSVLWQElFkWKNORPvvZW%2Bu8AM%3D&reserved=0> &amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0 [brbarkel@microsoft.com]
-=-=-=-=-=-=

 

 

 




[-- Attachment #1.2: Type: text/html, Size: 46779 bytes --]

[-- Attachment #2: image002.png --]
[-- Type: image/png, Size: 235 bytes --]

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Yao, Jiewen]

[-- Attachment #1: Type: text/plain, Size: 16302 bytes --]

Hey
Is that any update for this patch?

I did not see the v2 patch. Just want to ensure I did not miss that by mistake.

Thank you
Yao Jiewen

From: Bret Barkelew <Bret.Barkelew@microsoft.com>
Sent: Friday, August 13, 2021 11:22 AM
To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io; gaoliming@byosoft.com.cn; bret@corthon.com; Kinney, Michael D <michael.d.kinney@intel.com>
Cc: Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

Thanks, Jiewen! I'll make those changes!

- Bret
________________________________
From: Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Sent: Thursday, August 12, 2021 7:47:04 PM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>>; Yao, Jiewen <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>; gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn> <gaoliming@byosoft.com.cn<mailto:gaoliming@byosoft.com.cn>>; Bret Barkelew <Bret.Barkelew@microsoft.com<mailto:Bret.Barkelew@microsoft.com>>; bret@corthon.com<mailto:bret@corthon.com> <bret@corthon.com<mailto:bret@corthon.com>>; Kinney, Michael D <michael.d.kinney@intel.com<mailto:michael.d.kinney@intel.com>>
Cc: Wang, Jian J <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>; Zhang, Qi1 <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>; Kumar, Rahul1 <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
Subject: RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib


Hi Bret

Since it took much long time to get ECC feedback than I expected, I would give feedback on code while we are waiting.



1) Please confirm how you test the code, such as Microsoft platform ?

2) Please remove "+} // Tpm2NvUndefineSpaceSpecial()" at the end of the function. We do not use that style in other code.

3) Please copy the definition from TPM spec "This command allows removal of a platform-created NV Index that has TPMA_NV_POLICY_DELETE SET" to the function header description. The current one "This command removes an index from the TPM." is for TPM2_NV_UndefineSpace instead of TPM2_NV_UndefineSpaceSpecial.



Since above comment does not impact any function, I would like to give RB.



With about change, reviewed-by: Jiewen Yao <Jiewen.yao@intel.com<mailto:Jiewen.yao@intel.com>>



Thank you

Yao Jiewen



From: Bret Barkelew via groups.io<mailto:bret.barkelew=microsoft.com@groups.io>
Sent: Friday, July 30, 2021 11:08 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; bret@corthon.com<mailto:bret@corthon.com>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Note, even though this keeps with the style of the rest of the file, it breaks ECC:

SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by corthon * Pull Request #1848 * tianocore/edk2 (github.com)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321232497%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1TMpHKJ9Mwh6VW4fBAjs0Cf2hIqcmbtDfNqsJY47z5U%3D&reserved=0>



PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --

ERROR -

ERROR -

ERROR - EFI coding style error

ERROR - *Error code: 8001

ERROR - *Only capital letters are allowed to be used for #define declarations

ERROR - *file: //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c

ERROR - *Line number: 27

ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no



Thoughts?



- Bret



From: Bret Barkelew via groups.io<mailto:bret=corthon.com@groups.io>
Sent: Friday, July 30, 2021 10:55 AM
To: devel@edk2.groups.io<mailto:devel@edk2.groups.io>
Cc: Yao, Jiewen<mailto:jiewen.yao@intel.com>; Jian J Wang<mailto:jian.j.wang@intel.com>; Qi Zhang<mailto:qi1.zhang@intel.com>; Rahul Kumar<mailto:rahul1.kumar@intel.com>
Subject: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib



Used to provision and maintain certain HW-defined NV spaces.

REF: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321232497%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=q%2FGqsG776H1TD9bqGRw8ihZNDnJscXK0dwzEVGCNYf0%3D&reserved=0>

Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com<mailto:bret.barkelew@microsoft.com>>
Cc: Jiewen Yao <jiewen.yao@intel.com<mailto:jiewen.yao@intel.com>>
Cc: Jian J Wang <jian.j.wang@intel.com<mailto:jian.j.wang@intel.com>>
Cc: Qi Zhang <qi1.zhang@intel.com<mailto:qi1.zhang@intel.com>>
Cc: Rahul Kumar <rahul1.kumar@intel.com<mailto:rahul1.kumar@intel.com>>
---
 SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 ++++++++++++++++++++
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
 2 files changed, 144 insertions(+)

diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
index 87572de20164..7931fade9190 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
@@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)

 #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)



+#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)

+

 #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)

 #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)

 #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)

@@ -74,6 +76,20 @@ typedef struct {
   TPMS_AUTH_RESPONSE         AuthSession;

 } TPM2_NV_UNDEFINESPACE_RESPONSE;



+typedef struct {

+  TPM2_COMMAND_HEADER       Header;

+  TPMI_RH_NV_INDEX          NvIndex;

+  TPMI_RH_PLATFORM          Platform;

+  UINT32                    AuthSessionSize;

+  TPMS_AUTH_COMMAND         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;

+

+typedef struct {

+  TPM2_RESPONSE_HEADER       Header;

+  UINT32                     AuthSessionSize;

+  TPMS_AUTH_RESPONSE         AuthSession;

+} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;

+

 typedef struct {

   TPM2_COMMAND_HEADER       Header;

   TPMI_RH_NV_AUTH           AuthHandle;

@@ -506,6 +522,112 @@ Done:
   return Status;

 }



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  )

+{

+  EFI_STATUS                              Status;

+  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;

+  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;

+  UINT32                                  SendBufferSize;

+  UINT32                                  RecvBufferSize;

+  UINT8                                   *Buffer;

+  UINT32                                  IndexAuthSize, PlatAuthSize;

+  TPM_RC                                  ResponseCode;

+

+  //

+  // Construct command

+  //

+  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);

+  SendBuffer.Header.commandCode = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);

+

+  SendBuffer.NvIndex = SwapBytes32 (NvIndex);

+  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);

+

+  //

+  // Marshall the Auth Sessions for the two handles.

+  Buffer = (UINT8 *)&SendBuffer.AuthSession;

+  // IndexAuthSession

+  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);

+  Buffer += IndexAuthSize;

+  // PlatAuthSession

+  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);

+  Buffer += PlatAuthSize;

+  // AuthSessionSize

+  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);

+

+  // Update total command size.

+  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);

+  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);

+

+  //

+  // send Tpm command

+  //

+  RecvBufferSize = sizeof (RecvBuffer);

+  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, &RecvBufferSize, (UINT8 *)&RecvBuffer);

+  if (EFI_ERROR (Status)) {

+    goto Done;

+  }

+

+  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize Error - %x\n", RecvBufferSize));

+    Status = EFI_DEVICE_ERROR;

+    goto Done;

+  }

+

+  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);

+  if (ResponseCode != TPM_RC_SUCCESS) {

+    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));

+  }

+  switch (ResponseCode) {

+  case TPM_RC_SUCCESS:

+    // return data

+    break;

+  case TPM_RC_ATTRIBUTES:

+  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:

+    Status = EFI_UNSUPPORTED;

+    break;

+  case TPM_RC_NV_AUTHORIZATION:

+    Status = EFI_SECURITY_VIOLATION;

+    break;

+  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // TPM_RC_NV_DEFINED:

+    Status = EFI_NOT_FOUND;

+    break;

+  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:

+    Status = EFI_INVALID_PARAMETER;

+    break;

+  default:

+    Status = EFI_DEVICE_ERROR;

+    break;

+  }

+

+Done:

+  //

+  // Clear AuthSession Content

+  //

+  ZeroMem (&SendBuffer, sizeof(SendBuffer));

+  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));

+  return Status;

+} // Tpm2NvUndefineSpaceSpecial()

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index ee8eb622951c..8d7b4998d98d 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
   IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL

   );



+/**

+  This command removes an index from the TPM.

+

+  @param[in]  NvIndex             The NV Index.

+  @param[in]  IndexAuthSession    Auth session context for the Index auth/policy

+  @param[in]  PlatAuthSession     Auth session context for the Platform auth/policy

+

+  @retval EFI_SUCCESS             Operation completed successfully.

+  @retval EFI_NOT_FOUND           The command was returned successfully, but NvIndex is not found.

+  @retval EFI_UNSUPPORTED         Selected NvIndex does not support deletion through this call.

+  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current policy session.

+  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.

+  @retval EFI_DEVICE_ERROR        The command was unsuccessful.

+**/

+EFI_STATUS

+EFIAPI

+Tpm2NvUndefineSpaceSpecial (

+  IN      TPMI_RH_NV_INDEX          NvIndex,

+  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,

+  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL

+  );

+

 /**

   This command reads a value from an area in NV memory previously defined by TPM2_NV_DefineSpace().



--
2.31.1.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#78450): https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321232497%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9RfO5tO2iBj%2BR7eTmtcOkdgCyIXFOCVKtqxRt3sWNUA%3D&reserved=0>
Mute This Topic: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321242452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=C1krPlgEdkk%2FZ9PLVv6e3AwJCFAI%2BYl1uYU0kGXmkyY%3D&reserved=0>
Group Owner: devel+owner@edk2.groups.io<mailto:devel+owner@edk2.groups.io>
Unsubscribe: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321242452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FKgT0i6BOB11aRu2kw8yFoQ8y1jcg1eOgzg8CSEGXUA%3D&reserved=0> [brbarkel@microsoft.com]
-=-=-=-=-=-=









[-- Attachment #2: Type: text/html, Size: 30275 bytes --]

Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib

[Bret Barkelew]

[-- Attachment #1: Type: text/plain, Size: 16787 bytes --]

Good question! I had a kid in September and then everything fell off my
radar. I think I can find this branch and knock out a second patch, though.

On Fri, Oct 8, 2021 at 7:31 PM Yao, Jiewen <jiewen.yao@intel.com> wrote:

> Hey
>
> Is that any update for this patch?
>
>
>
> I did not see the v2 patch. Just want to ensure I did not miss that by
> mistake.
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> *From:* Bret Barkelew <Bret.Barkelew@microsoft.com>
> *Sent:* Friday, August 13, 2021 11:22 AM
> *To:* Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io;
> gaoliming@byosoft.com.cn; bret@corthon.com; Kinney, Michael D <
> michael.d.kinney@intel.com>
> *Cc:* Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1 <
> qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> *Subject:* Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1]
> SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib
>
>
>
> Thanks, Jiewen! I’ll make those changes!
>
>
>
> - Bret
> ------------------------------
>
> *From:* Yao, Jiewen <jiewen.yao@intel.com>
> *Sent:* Thursday, August 12, 2021 7:47:04 PM
> *To:* devel@edk2.groups.io <devel@edk2.groups.io>; Yao, Jiewen <
> jiewen.yao@intel.com>; gaoliming@byosoft.com.cn <gaoliming@byosoft.com.cn>;
> Bret Barkelew <Bret.Barkelew@microsoft.com>; bret@corthon.com <
> bret@corthon.com>; Kinney, Michael D <michael.d.kinney@intel.com>
> *Cc:* Wang, Jian J <jian.j.wang@intel.com>; Zhang, Qi1 <
> qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> *Subject:* RE: [EXTERNAL] [edk2-devel] [PATCH v1 1/1]
> SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib
>
>
>
> Hi Bret
>
> Since it took much long time to get ECC feedback than I expected, I would
> give feedback on code while we are waiting.
>
>
>
> 1) Please confirm how you test the code, such as Microsoft platform ?
>
> 2) Please remove “+} // Tpm2NvUndefineSpaceSpecial()” at the end of the
> function. We do not use that style in other code.
>
> 3) Please copy the definition from TPM spec “This command allows removal
> of a platform-created NV Index that has TPMA_NV_POLICY_DELETE SET” to the
> function header description. The current one “This command removes an index
> from the TPM.” is for TPM2_NV_UndefineSpace instead of
> TPM2_NV_UndefineSpaceSpecial.
>
>
>
> Since above comment does not impact any function, I would like to give RB.
>
>
>
> With about change, reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>
>
>
> Thank you
>
> Yao Jiewen
>
>
>
> *From: *Bret Barkelew via groups.io
> <bret.barkelew=microsoft.com@groups.io>
> *Sent: *Friday, July 30, 2021 11:08 AM
> *To: *devel@edk2.groups.io; bret@corthon.com
> *Cc: *Yao, Jiewen <jiewen.yao@intel.com>; Jian J Wang
> <jian.j.wang@intel.com>; Qi Zhang <qi1.zhang@intel.com>; Rahul Kumar
> <rahul1.kumar@intel.com>
> *Subject: *Re: [EXTERNAL] [edk2-devel] [PATCH v1 1/1]
> SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib
>
>
>
> Note, even though this keeps with the style of the rest of the file, it
> breaks ECC:
>
> SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib by
> corthon · Pull Request #1848 · tianocore/edk2 (github.com)
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Fedk2%2Fpull%2F1848&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321232497%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=1TMpHKJ9Mwh6VW4fBAjs0Cf2hIqcmbtDfNqsJY47z5U%3D&reserved=0>
>
>
>
> PROGRESS - --Running SecurityPkg: EccCheck Test NO-TARGET --
>
> ERROR -
>
> ERROR -
>
> ERROR - EFI coding style error
>
> ERROR - *Error code: 8001
>
> ERROR - *Only capital letters are allowed to be used for #define
> declarations
>
> ERROR - *file:
> //home/vsts/work/1/s/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
>
> ERROR - *Line number: 27
>
> ERROR - *The #define name [RC_NV_UndefineSpaceSpecial_nvIndex] does no
>
>
>
> Thoughts?
>
>
>
> - Bret
>
>
>
> *From: *Bret Barkelew via groups.io <bret=corthon.com@groups.io>
> *Sent: *Friday, July 30, 2021 10:55 AM
> *To: *devel@edk2.groups.io
> *Cc: *Yao, Jiewen <jiewen.yao@intel.com>; Jian J Wang
> <jian.j.wang@intel.com>; Qi Zhang <qi1.zhang@intel.com>; Rahul Kumar
> <rahul1.kumar@intel.com>
> *Subject: *[EXTERNAL] [edk2-devel] [PATCH v1 1/1] SecurityPkg/Library:
> Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib
>
>
>
> Used to provision and maintain certain HW-defined NV spaces.
>
> REF:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397602953%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=s96M3RvxMOY831Vfr1nt%2Fz1h3cyb6jU9eFzvjKO7Dtc%3D&amp;reserved=0
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2994&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321232497%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=q%2FGqsG776H1TD9bqGRw8ihZNDnJscXK0dwzEVGCNYf0%3D&reserved=0>
>
> Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Qi Zhang <qi1.zhang@intel.com>
> Cc: Rahul Kumar <rahul1.kumar@intel.com>
> ---
>  SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122
> ++++++++++++++++++++
>  SecurityPkg/Include/Library/Tpm2CommandLib.h       |  22 ++++
>  2 files changed, 144 insertions(+)
>
> diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> index 87572de20164..7931fade9190 100644
> --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> @@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + TPM_RC_1)
>
>  #define RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + TPM_RC_2)
>
>
>
> +#define RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)
>
> +
>
>  #define RC_NV_Read_authHandle               (TPM_RC_H + TPM_RC_1)
>
>  #define RC_NV_Read_nvIndex                  (TPM_RC_H + TPM_RC_2)
>
>  #define RC_NV_Read_size                     (TPM_RC_P + TPM_RC_1)
>
> @@ -74,6 +76,20 @@ typedef struct {
>    TPMS_AUTH_RESPONSE         AuthSession;
>
>  } TPM2_NV_UNDEFINESPACE_RESPONSE;
>
>
>
> +typedef struct {
>
> +  TPM2_COMMAND_HEADER       Header;
>
> +  TPMI_RH_NV_INDEX          NvIndex;
>
> +  TPMI_RH_PLATFORM          Platform;
>
> +  UINT32                    AuthSessionSize;
>
> +  TPMS_AUTH_COMMAND         AuthSession;
>
> +} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;
>
> +
>
> +typedef struct {
>
> +  TPM2_RESPONSE_HEADER       Header;
>
> +  UINT32                     AuthSessionSize;
>
> +  TPMS_AUTH_RESPONSE         AuthSession;
>
> +} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;
>
> +
>
>  typedef struct {
>
>    TPM2_COMMAND_HEADER       Header;
>
>    TPMI_RH_NV_AUTH           AuthHandle;
>
> @@ -506,6 +522,112 @@ Done:
>    return Status;
>
>  }
>
>
>
> +/**
>
> +  This command removes an index from the TPM.
>
> +
>
> +  @param[in]  NvIndex             The NV Index.
>
> +  @param[in]  IndexAuthSession    Auth session context for the Index
> auth/policy
>
> +  @param[in]  PlatAuthSession     Auth session context for the Platform
> auth/policy
>
> +
>
> +  @retval EFI_SUCCESS             Operation completed successfully.
>
> +  @retval EFI_NOT_FOUND           The command was returned successfully,
> but NvIndex is not found.
>
> +  @retval EFI_UNSUPPORTED         Selected NvIndex does not support
> deletion through this call.
>
> +  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current
> policy session.
>
> +  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.
>
> +  @retval EFI_DEVICE_ERROR        The command was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +Tpm2NvUndefineSpaceSpecial (
>
> +  IN      TPMI_RH_NV_INDEX          NvIndex,
>
> +  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,
>
> +  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL
>
> +  )
>
> +{
>
> +  EFI_STATUS                              Status;
>
> +  TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;
>
> +  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE   RecvBuffer;
>
> +  UINT32                                  SendBufferSize;
>
> +  UINT32                                  RecvBufferSize;
>
> +  UINT8                                   *Buffer;
>
> +  UINT32                                  IndexAuthSize, PlatAuthSize;
>
> +  TPM_RC                                  ResponseCode;
>
> +
>
> +  //
>
> +  // Construct command
>
> +  //
>
> +  SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
>
> +  SendBuffer.Header.commandCode =
> SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);
>
> +
>
> +  SendBuffer.NvIndex = SwapBytes32 (NvIndex);
>
> +  SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);
>
> +
>
> +  //
>
> +  // Marshall the Auth Sessions for the two handles.
>
> +  Buffer = (UINT8 *)&SendBuffer.AuthSession;
>
> +  // IndexAuthSession
>
> +  IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);
>
> +  Buffer += IndexAuthSize;
>
> +  // PlatAuthSession
>
> +  PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);
>
> +  Buffer += PlatAuthSize;
>
> +  // AuthSessionSize
>
> +  SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize + PlatAuthSize);
>
> +
>
> +  // Update total command size.
>
> +  SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
>
> +  SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
>
> +
>
> +  //
>
> +  // send Tpm command
>
> +  //
>
> +  RecvBufferSize = sizeof (RecvBuffer);
>
> +  Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer,
> &RecvBufferSize, (UINT8 *)&RecvBuffer);
>
> +  if (EFI_ERROR (Status)) {
>
> +    goto Done;
>
> +  }
>
> +
>
> +  if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
>
> +    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize
> Error - %x\n", RecvBufferSize));
>
> +    Status = EFI_DEVICE_ERROR;
>
> +    goto Done;
>
> +  }
>
> +
>
> +  ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
>
> +  if (ResponseCode != TPM_RC_SUCCESS) {
>
> +    DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode -
> %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
>
> +  }
>
> +  switch (ResponseCode) {
>
> +  case TPM_RC_SUCCESS:
>
> +    // return data
>
> +    break;
>
> +  case TPM_RC_ATTRIBUTES:
>
> +  case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:
>
> +    Status = EFI_UNSUPPORTED;
>
> +    break;
>
> +  case TPM_RC_NV_AUTHORIZATION:
>
> +    Status = EFI_SECURITY_VIOLATION;
>
> +    break;
>
> +  case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: //
> TPM_RC_NV_DEFINED:
>
> +    Status = EFI_NOT_FOUND;
>
> +    break;
>
> +  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:
>
> +    Status = EFI_INVALID_PARAMETER;
>
> +    break;
>
> +  default:
>
> +    Status = EFI_DEVICE_ERROR;
>
> +    break;
>
> +  }
>
> +
>
> +Done:
>
> +  //
>
> +  // Clear AuthSession Content
>
> +  //
>
> +  ZeroMem (&SendBuffer, sizeof(SendBuffer));
>
> +  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
>
> +  return Status;
>
> +} // Tpm2NvUndefineSpaceSpecial()
>
> +
>
>  /**
>
>    This command reads a value from an area in NV memory previously defined
> by TPM2_NV_DefineSpace().
>
>
>
> diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index ee8eb622951c..8d7b4998d98d 100644
> --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
>    IN      TPMS_AUTH_COMMAND         *AuthSession OPTIONAL
>
>    );
>
>
>
> +/**
>
> +  This command removes an index from the TPM.
>
> +
>
> +  @param[in]  NvIndex             The NV Index.
>
> +  @param[in]  IndexAuthSession    Auth session context for the Index
> auth/policy
>
> +  @param[in]  PlatAuthSession     Auth session context for the Platform
> auth/policy
>
> +
>
> +  @retval EFI_SUCCESS             Operation completed successfully.
>
> +  @retval EFI_NOT_FOUND           The command was returned successfully,
> but NvIndex is not found.
>
> +  @retval EFI_UNSUPPORTED         Selected NvIndex does not support
> deletion through this call.
>
> +  @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by current
> policy session.
>
> +  @retval EFI_INVALID_PARAMETER   The command was unsuccessful.
>
> +  @retval EFI_DEVICE_ERROR        The command was unsuccessful.
>
> +**/
>
> +EFI_STATUS
>
> +EFIAPI
>
> +Tpm2NvUndefineSpaceSpecial (
>
> +  IN      TPMI_RH_NV_INDEX          NvIndex,
>
> +  IN      TPMS_AUTH_COMMAND         *IndexAuthSession OPTIONAL,
>
> +  IN      TPMS_AUTH_COMMAND         *PlatAuthSession OPTIONAL
>
> +  );
>
> +
>
>  /**
>
>    This command reads a value from an area in NV memory previously defined
> by TPM2_NV_DefineSpace().
>
>
>
> --
> 2.31.1.windows.1
>
>
>
> -=-=-=-=-=-=
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#78450):
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=CWxLwgp73z2XQEa%2FN77gsCwRF73xha0RZCKwcFTlrRE%3D&amp;reserved=0
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F78450&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321232497%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9RfO5tO2iBj%2BR7eTmtcOkdgCyIXFOCVKtqxRt3sWNUA%3D&reserved=0>
> Mute This Topic:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=IWQ6E4yP0ECt3oYLYQa%2BnddGfcQEDMgfASlcxRuda%2BQ%3D&amp;reserved=0
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.io%2Fmt%2F84555713%2F1822150&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321242452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=C1krPlgEdkk%2FZ9PLVv6e3AwJCFAI%2BYl1uYU0kGXmkyY%3D&reserved=0>
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&amp;data=04%7C01%7CBret.Barkelew%40microsoft.com%7Cb7ae3c62047c48fc85d908d953833ca0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637632645397612922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qor4Y5FZEH8ch0AEmWDbe97FIQk4V1qx7IURcTHzjAU%3D&amp;reserved=0
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Funsub&data=04%7C01%7Cbret.barkelew%40microsoft.com%7C887b6ef599664679e21808d95e04a428%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637644196321242452%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=%2FKgT0i6BOB11aRu2kw8yFoQ8y1jcg1eOgzg8CSEGXUA%3D&reserved=0>
> [brbarkel@microsoft.com]
> -=-=-=-=-=-=
>
>
>
>
>
>
>
> 
>

[-- Attachment #2: Type: text/html, Size: 28356 bytes --]