From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by mx.groups.io with SMTP id smtpd.web11.3892.1634262983319924046 for ; Thu, 14 Oct 2021 18:56:25 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=none, err=permanent DNS error (domain: byosoft.com.cn, ip: 58.240.74.242, mailfrom: gaoliming@byosoft.com.cn) Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP for ; Fri, 15 Oct 2021 09:56:13 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming" To: "'Yao, Jiewen'" , "'Bret Barkelew'" , "'Kinney, Michael D'" Cc: , "'Wang, Jian J'" , "'Zhang, Qi1'" , "'Kumar, Rahul1'" References: <20211013173309.1300-1-brbarkel@microsoft.com> In-Reply-To: Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIIHYyIDEvMV0gU2VjdXJpdHlQa2cvTGlicmFyeTogQWRkIFRwbTJOdlVuZGVmaW5lU3BhY2VTcGVjaWFsIHRvIFRwbTJDb21tYW5kTGli?= Date: Fri, 15 Oct 2021 09:56:15 +0800 Message-ID: <018401d7c167$d69f5f00$83de1d00$@byosoft.com.cn> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQIBdAJYtS54pxD+e2SNh3cRJvFpvwIbmqxMAcB+bSABs1aYNKtTa9Ww Content-Type: multipart/alternative; boundary="----=_NextPart_000_0185_01D7C1AA.E4C49AD0" Content-Language: zh-cn ------=_NextPart_000_0185_01D7C1AA.E4C49AD0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Jiewen: You can refer to MdeModulePkg\MdeModulePkg.ci.yaml ExceptionList to = skip the specific keyword.=20 =20 Thanks Liming =E5=8F=91=E4=BB=B6=E4=BA=BA: Yao, Jiewen =20 =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: = 2021=E5=B9=B410=E6=9C=8815=E6=97=A5 8:54 =E6=94=B6=E4=BB=B6=E4=BA=BA: Bret Barkelew ; Liming = Gao ; Kinney, Michael D = =E6=8A=84=E9=80=81: devel@edk2.groups.io; Wang, Jian J = ; Zhang, Qi1 ; Kumar, Rahul1 = =E4=B8=BB=E9=A2=98: RE: [edk2-devel] [PATCH v2 1/1] SecurityPkg/Library: = Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib =20 Hi Liming/Mike Do you have any suggestion here? =20 How do we change CI to add the name to exception list ? =20 Thank you Yao Jiewen =20 From: Bret Barkelew >=20 Sent: Friday, October 15, 2021 1:07 AM To: Yao, Jiewen > Cc: devel@edk2.groups.io ; Wang, Jian J = >; Zhang, Qi1 = >; Kumar, Rahul1 = > Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg/Library: Add = Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib =20 It looks like all errors are still related to ECC and PatchCheck, even = though I'm just matching the rest of the file. =20 Please advise if we want to update the entire file. =20 On Thu, Oct 14, 2021 at 3:48 AM Yao, Jiewen > wrote: Hi Bret I saw PR failure - https://github.com/tianocore/edk2/pull/2066 Thank you > -----Original Message----- > From: devel@edk2.groups.io = > On Behalf Of Bret > Barkelew > Sent: Thursday, October 14, 2021 1:33 AM > To: devel@edk2.groups.io =20 > Cc: Yao, Jiewen >; = Wang, Jian J >; > Zhang, Qi1 >; Kumar, = Rahul1 > > Subject: [edk2-devel] [PATCH v2 1/1] SecurityPkg/Library: Add > Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib >=20 > Used to provision and maintain certain HW-defined NV spaces. >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2994 >=20 > Signed-off-by: Bret Barkelew > > Reviewed-by: Jiewen Yao > > Cc: Jiewen Yao > > Cc: Jian J Wang = > > Cc: Qi Zhang > > Cc: Rahul Kumar > > --- > SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122 > ++++++++++++++++++++ > SecurityPkg/Include/Library/Tpm2CommandLib.h | 22 ++++ > 2 files changed, 144 insertions(+) >=20 > diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c > b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c > index 87572de20164..275cb1683f51 100644 > --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c > +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c > @@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > #define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) >=20 > #define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) >=20 >=20 >=20 > +#define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1) >=20 > + >=20 > #define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) >=20 > #define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) >=20 > #define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) >=20 > @@ -74,6 +76,20 @@ typedef struct { > TPMS_AUTH_RESPONSE AuthSession; >=20 > } TPM2_NV_UNDEFINESPACE_RESPONSE; >=20 >=20 >=20 > +typedef struct { >=20 > + TPM2_COMMAND_HEADER Header; >=20 > + TPMI_RH_NV_INDEX NvIndex; >=20 > + TPMI_RH_PLATFORM Platform; >=20 > + UINT32 AuthSessionSize; >=20 > + TPMS_AUTH_COMMAND AuthSession; >=20 > +} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND; >=20 > + >=20 > +typedef struct { >=20 > + TPM2_RESPONSE_HEADER Header; >=20 > + UINT32 AuthSessionSize; >=20 > + TPMS_AUTH_RESPONSE AuthSession; >=20 > +} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE; >=20 > + >=20 > typedef struct { >=20 > TPM2_COMMAND_HEADER Header; >=20 > TPMI_RH_NV_AUTH AuthHandle; >=20 > @@ -506,6 +522,112 @@ Done: > return Status; >=20 > } >=20 >=20 >=20 > +/** >=20 > + This command allows removal of a platform-created NV Index that has > TPMA_NV_POLICY_DELETE SET. >=20 > + >=20 > + @param[in] NvIndex The NV Index. >=20 > + @param[in] IndexAuthSession Auth session context for the Index > auth/policy >=20 > + @param[in] PlatAuthSession Auth session context for the = Platform > auth/policy >=20 > + >=20 > + @retval EFI_SUCCESS Operation completed successfully. >=20 > + @retval EFI_NOT_FOUND The command was returned = successfully, but > NvIndex is not found. >=20 > + @retval EFI_UNSUPPORTED Selected NvIndex does not support = deletion > through this call. >=20 > + @retval EFI_SECURITY_VIOLATION Deletion is not authorized by = current > policy session. >=20 > + @retval EFI_INVALID_PARAMETER The command was unsuccessful. >=20 > + @retval EFI_DEVICE_ERROR The command was unsuccessful. >=20 > +**/ >=20 > +EFI_STATUS >=20 > +EFIAPI >=20 > +Tpm2NvUndefineSpaceSpecial ( >=20 > + IN TPMI_RH_NV_INDEX NvIndex, >=20 > + IN TPMS_AUTH_COMMAND *IndexAuthSession OPTIONAL, >=20 > + IN TPMS_AUTH_COMMAND *PlatAuthSession OPTIONAL >=20 > + ) >=20 > +{ >=20 > + EFI_STATUS Status; >=20 > + TPM2_NV_UNDEFINESPACESPECIAL_COMMAND SendBuffer; >=20 > + TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE RecvBuffer; >=20 > + UINT32 SendBufferSize; >=20 > + UINT32 RecvBufferSize; >=20 > + UINT8 *Buffer; >=20 > + UINT32 IndexAuthSize, = PlatAuthSize; >=20 > + TPM_RC ResponseCode; >=20 > + >=20 > + // >=20 > + // Construct command >=20 > + // >=20 > + SendBuffer.Header.tag =3D SwapBytes16(TPM_ST_SESSIONS); >=20 > + SendBuffer.Header.commandCode =3D > SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial); >=20 > + >=20 > + SendBuffer.NvIndex =3D SwapBytes32 (NvIndex); >=20 > + SendBuffer.Platform =3D SwapBytes32 (TPM_RH_PLATFORM); >=20 > + >=20 > + // >=20 > + // Marshall the Auth Sessions for the two handles. >=20 > + Buffer =3D (UINT8 *)&SendBuffer.AuthSession; >=20 > + // IndexAuthSession >=20 > + IndexAuthSize =3D CopyAuthSessionCommand (IndexAuthSession, = Buffer); >=20 > + Buffer +=3D IndexAuthSize; >=20 > + // PlatAuthSession >=20 > + PlatAuthSize =3D CopyAuthSessionCommand (PlatAuthSession, Buffer); >=20 > + Buffer +=3D PlatAuthSize; >=20 > + // AuthSessionSize >=20 > + SendBuffer.AuthSessionSize =3D SwapBytes32(IndexAuthSize + = PlatAuthSize); >=20 > + >=20 > + // Update total command size. >=20 > + SendBufferSize =3D (UINT32)(Buffer - (UINT8 *)&SendBuffer); >=20 > + SendBuffer.Header.paramSize =3D SwapBytes32 (SendBufferSize); >=20 > + >=20 > + // >=20 > + // send Tpm command >=20 > + // >=20 > + RecvBufferSize =3D sizeof (RecvBuffer); >=20 > + Status =3D Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer, > &RecvBufferSize, (UINT8 *)&RecvBuffer); >=20 > + if (EFI_ERROR (Status)) { >=20 > + goto Done; >=20 > + } >=20 > + >=20 > + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { >=20 > + DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize > Error - %x\n", RecvBufferSize)); >=20 > + Status =3D EFI_DEVICE_ERROR; >=20 > + goto Done; >=20 > + } >=20 > + >=20 > + ResponseCode =3D SwapBytes32(RecvBuffer.Header.responseCode); >=20 > + if (ResponseCode !=3D TPM_RC_SUCCESS) { >=20 > + DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode - > %x\n", SwapBytes32(RecvBuffer.Header.responseCode))); >=20 > + } >=20 > + switch (ResponseCode) { >=20 > + case TPM_RC_SUCCESS: >=20 > + // return data >=20 > + break; >=20 > + case TPM_RC_ATTRIBUTES: >=20 > + case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex: >=20 > + Status =3D EFI_UNSUPPORTED; >=20 > + break; >=20 > + case TPM_RC_NV_AUTHORIZATION: >=20 > + Status =3D EFI_SECURITY_VIOLATION; >=20 > + break; >=20 > + case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: // > TPM_RC_NV_DEFINED: >=20 > + Status =3D EFI_NOT_FOUND; >=20 > + break; >=20 > + case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex: >=20 > + Status =3D EFI_INVALID_PARAMETER; >=20 > + break; >=20 > + default: >=20 > + Status =3D EFI_DEVICE_ERROR; >=20 > + break; >=20 > + } >=20 > + >=20 > +Done: >=20 > + // >=20 > + // Clear AuthSession Content >=20 > + // >=20 > + ZeroMem (&SendBuffer, sizeof(SendBuffer)); >=20 > + ZeroMem (&RecvBuffer, sizeof(RecvBuffer)); >=20 > + return Status; >=20 > +} >=20 > + >=20 > /** >=20 > This command reads a value from an area in NV memory previously = defined by > TPM2_NV_DefineSpace(). >=20 >=20 >=20 > diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h > b/SecurityPkg/Include/Library/Tpm2CommandLib.h > index ee8eb622951c..92967662ce96 100644 > --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h > +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h > @@ -364,6 +364,28 @@ Tpm2NvUndefineSpace ( > IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL >=20 > ); >=20 >=20 >=20 > +/** >=20 > + This command allows removal of a platform-created NV Index that has > TPMA_NV_POLICY_DELETE SET. >=20 > + >=20 > + @param[in] NvIndex The NV Index. >=20 > + @param[in] IndexAuthSession Auth session context for the Index > auth/policy >=20 > + @param[in] PlatAuthSession Auth session context for the = Platform > auth/policy >=20 > + >=20 > + @retval EFI_SUCCESS Operation completed successfully. >=20 > + @retval EFI_NOT_FOUND The command was returned = successfully, but > NvIndex is not found. >=20 > + @retval EFI_UNSUPPORTED Selected NvIndex does not support = deletion > through this call. >=20 > + @retval EFI_SECURITY_VIOLATION Deletion is not authorized by = current > policy session. >=20 > + @retval EFI_INVALID_PARAMETER The command was unsuccessful. >=20 > + @retval EFI_DEVICE_ERROR The command was unsuccessful. >=20 > +**/ >=20 > +EFI_STATUS >=20 > +EFIAPI >=20 > +Tpm2NvUndefineSpaceSpecial ( >=20 > + IN TPMI_RH_NV_INDEX NvIndex, >=20 > + IN TPMS_AUTH_COMMAND *IndexAuthSession OPTIONAL, >=20 > + IN TPMS_AUTH_COMMAND *PlatAuthSession OPTIONAL >=20 > + ); >=20 > + >=20 > /** >=20 > This command reads a value from an area in NV memory previously = defined by > TPM2_NV_DefineSpace(). >=20 >=20 >=20 > -- > 2.31.1.windows.1 >=20 >=20 >=20 > -=3D-=3D-=3D-=3D-=3D-=3D > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#81922): = https://edk2.groups.io/g/devel/message/81922 > Mute This Topic: https://groups.io/mt/86293842/1772286 > Group Owner: devel+owner@edk2.groups.io = =20 > Unsubscribe: https://edk2.groups.io/g/devel/unsub = [jiewen.yao@intel.com ] > -=3D-=3D-=3D-=3D-=3D-=3D >=20 ------=_NextPart_000_0185_01D7C1AA.E4C49AD0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Jiewen:

= =C2=A0You can refer to MdeModulePkg\MdeModulePkg.ci.yaml ExceptionList = to skip the specific keyword.

 

Thanks

Liming

=E5=8F=91=E4=BB=B6=E4=BA=BA: Yao, Jiewen = <jiewen.yao@intel.com>
=E5=8F=91=E9=80=81=E6=97=B6=E9=97= =B4: 2021=E5=B9=B410=E6=9C=8815=E6=97=A5 = 8:54
=E6=94=B6=E4=BB=B6=E4=BA=BA: Bret Barkelew = <bret@corthon.com>; Liming Gao <gaoliming@byosoft.com.cn>; = Kinney, Michael D = <michael.d.kinney@intel.com>
=E6=8A=84=E9=80=81: devel@edk2.groups.io; Wang, = Jian J <jian.j.wang@intel.com>; Zhang, Qi1 = <qi1.zhang@intel.com>; Kumar, Rahul1 = <rahul1.kumar@intel.com>
=E4=B8=BB=E9=A2=98: RE: [edk2-devel] [PATCH v2 = 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to = Tpm2CommandLib

 

Hi = Liming/Mike

Do you have any suggestion here?

 

How do we change CI to add the name = to exception list ?

 

Thank you

Yao Jiewen

 

From: Bret Barkelew <bret@corthon.com> =
Sent: Friday, October 15, 2021 1:07 AM
To: Yao, = Jiewen <jiewen.yao@intel.com>
C= c: devel@edk2.groups.io; = Wang, Jian J <jian.j.wang@intel.com>; = Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, = Rahul1 <rahul1.kumar@intel.com>
= Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg/Library: Add = Tpm2NvUndefineSpaceSpecial to = Tpm2CommandLib

 

It looks like all errors are still = related to ECC and PatchCheck, even though I'm just matching the rest of = the file.

 

Please advise if we want to update = the entire file.

 

On Thu, Oct 14, 2021 at 3:48 AM = Yao, Jiewen <jiewen.yao@intel.com> = wrote:

Hi Bret
I saw PR failure - https://github.com/tianocore/edk2/pull/2066

= Thank you

> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret
> = Barkelew
> Sent: Thursday, October 14, 2021 1:33 AM
> To: devel@edk2.groups.io
> Cc: Yao, Jiewen = <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
> Zhang, Qi1 = <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> Subject: = [edk2-devel] [PATCH v2 1/1] SecurityPkg/Library: Add
> = Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib
>
> Used to = provision and maintain certain HW-defined NV spaces.
>
> = REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2994
>
> Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
> = Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jiewen Yao = <jiewen.yao@intel.com>
> Cc: Jian J Wang = <jian.j.wang@intel.com>
> Cc: Qi Zhang = <qi1.zhang@intel.com>
> Cc: Rahul Kumar = <rahul1.kumar@intel.com>
> = ---
>  SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | = 122
> ++++++++++++++++++++
>  = SecurityPkg/Include/Library/Tpm2CommandLib.h      =  |  22 ++++
>  2 files changed, 144 = insertions(+)
>
> diff --git = a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> = b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> index = 87572de20164..275cb1683f51 100644
> --- = a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> +++ = b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> @@ -24,6 = +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  = #define RC_NV_UndefineSpace_authHandle      (TPM_RC_H + = TPM_RC_1)
>
>  #define = RC_NV_UndefineSpace_nvIndex         (TPM_RC_H + = TPM_RC_2)
>
>
>
> +#define = RC_NV_UndefineSpaceSpecial_nvIndex  (TPM_RC_H + TPM_RC_1)
> =
> +
>
>  #define RC_NV_Read_authHandle  =              (TPM_RC_H + = TPM_RC_1)
>
>  #define RC_NV_Read_nvIndex    =               (TPM_RC_H + = TPM_RC_2)
>
>  #define RC_NV_Read_size    =                  (TPM_RC_P = + TPM_RC_1)
>
> @@ -74,6 +76,20 @@ typedef struct = {
>    TPMS_AUTH_RESPONSE        =  AuthSession;
>
>  } = TPM2_NV_UNDEFINESPACE_RESPONSE;
>
>
>
> = +typedef struct {
>
> +  TPM2_COMMAND_HEADER  =      Header;
>
> +  = TPMI_RH_NV_INDEX          NvIndex;
> =
> +  TPMI_RH_PLATFORM          = Platform;
>
> +  UINT32        =             AuthSessionSize;
> =
> +  TPMS_AUTH_COMMAND        =  AuthSession;
>
> +} = TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;
>
> +
> =
> +typedef struct {
>
> +  = TPM2_RESPONSE_HEADER       Header;
>
> = +  UINT32                =      AuthSessionSize;
>
> +  = TPMS_AUTH_RESPONSE         AuthSession;
> =
> +} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;
>
> = +
>
>  typedef struct {
>
>    = TPM2_COMMAND_HEADER       Header;
> =
>    TPMI_RH_NV_AUTH          =  AuthHandle;
>
> @@ -506,6 +522,112 @@ = Done:
>    return Status;
>
>  = }
>
>
>
> +/**
>
> +  This = command allows removal of a platform-created NV Index that has
> = TPMA_NV_POLICY_DELETE SET.
>
> +
>
> +  = @param[in]  NvIndex            =  The NV Index.
>
> +  @param[in]  = IndexAuthSession    Auth session context for the Index
> = auth/policy
>
> +  @param[in]  = PlatAuthSession     Auth session context for the = Platform
> auth/policy
>
> +
>
> +  = @retval EFI_SUCCESS            =  Operation completed successfully.
>
> +  @retval = EFI_NOT_FOUND           The command was = returned successfully, but
> NvIndex is not found.
> =
> +  @retval EFI_UNSUPPORTED        =  Selected NvIndex does not support deletion
> through this = call.
>
> +  @retval EFI_SECURITY_VIOLATION  = Deletion is not authorized by current
> policy session.
> =
> +  @retval EFI_INVALID_PARAMETER   The command = was unsuccessful.
>
> +  @retval = EFI_DEVICE_ERROR        The command was = unsuccessful.
>
> +**/
>
> +EFI_STATUS
> =
> +EFIAPI
>
> +Tpm2NvUndefineSpaceSpecial (
> =
> +  IN      TPMI_RH_NV_INDEX    =       NvIndex,
>
> +  IN    =   TPMS_AUTH_COMMAND        =  *IndexAuthSession OPTIONAL,
>
> +  IN  =     TPMS_AUTH_COMMAND        =  *PlatAuthSession OPTIONAL
>
> +  )
> =
> +{
>
> +  EFI_STATUS      =                     =     Status;
>
> +  = TPM2_NV_UNDEFINESPACESPECIAL_COMMAND    SendBuffer;
> =
> +  TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE  =  RecvBuffer;
>
> +  UINT32      =                     =         SendBufferSize;
>
> +  = UINT32                  =                 = RecvBufferSize;
>
> +  UINT8      =                     =          *Buffer;
>
> +  = UINT32                  =                 IndexAuthSize, = PlatAuthSize;
>
> +  TPM_RC        =                     =       ResponseCode;
>
> +
>
> = +  //
>
> +  // Construct command
> =
> +  //
>
> +  SendBuffer.Header.tag =3D = SwapBytes16(TPM_ST_SESSIONS);
>
> +  = SendBuffer.Header.commandCode =3D
> = SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);
>
> +
> =
> +  SendBuffer.NvIndex =3D SwapBytes32 (NvIndex);
> =
> +  SendBuffer.Platform =3D SwapBytes32 = (TPM_RH_PLATFORM);
>
> +
>
> +  = //
>
> +  // Marshall the Auth Sessions for the two = handles.
>
> +  Buffer =3D (UINT8 = *)&SendBuffer.AuthSession;
>
> +  // = IndexAuthSession
>
> +  IndexAuthSize =3D = CopyAuthSessionCommand (IndexAuthSession, Buffer);
>
> = +  Buffer +=3D IndexAuthSize;
>
> +  // = PlatAuthSession
>
> +  PlatAuthSize =3D = CopyAuthSessionCommand (PlatAuthSession, Buffer);
>
> = +  Buffer +=3D PlatAuthSize;
>
> +  // = AuthSessionSize
>
> +  SendBuffer.AuthSessionSize =3D = SwapBytes32(IndexAuthSize + PlatAuthSize);
>
> +
> =
> +  // Update total command size.
>
> +  = SendBufferSize =3D (UINT32)(Buffer - (UINT8 *)&SendBuffer);
> =
> +  SendBuffer.Header.paramSize =3D SwapBytes32 = (SendBufferSize);
>
> +
>
> +  //
> =
> +  // send Tpm command
>
> +  //
> =
> +  RecvBufferSize =3D sizeof (RecvBuffer);
> =
> +  Status =3D Tpm2SubmitCommand (SendBufferSize, (UINT8 = *)&SendBuffer,
> &RecvBufferSize, (UINT8 = *)&RecvBuffer);
>
> +  if (EFI_ERROR (Status)) = {
>
> +    goto Done;
>
> +  = }
>
> +
>
> +  if (RecvBufferSize < = sizeof (TPM2_RESPONSE_HEADER)) {
>
> +    DEBUG = ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize
> = Error - %x\n", RecvBufferSize));
>
> +    = Status =3D EFI_DEVICE_ERROR;
>
> +    goto = Done;
>
> +  }
>
> +
>
> = +  ResponseCode =3D = SwapBytes32(RecvBuffer.Header.responseCode);
>
> +  if = (ResponseCode !=3D TPM_RC_SUCCESS) {
>
> +    = DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode = -
>  %x\n", = SwapBytes32(RecvBuffer.Header.responseCode)));
>
> +  = }
>
> +  switch (ResponseCode) {
>
> = +  case TPM_RC_SUCCESS:
>
> +    // return = data
>
> +    break;
>
> +  = case TPM_RC_ATTRIBUTES:
>
> +  case TPM_RC_ATTRIBUTES = + RC_NV_UndefineSpaceSpecial_nvIndex:
>
> +    = Status =3D EFI_UNSUPPORTED;
>
> +    = break;
>
> +  case TPM_RC_NV_AUTHORIZATION:
> =
> +    Status =3D EFI_SECURITY_VIOLATION;
> =
> +    break;
>
> +  case = TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: //
> = TPM_RC_NV_DEFINED:
>
> +    Status =3D = EFI_NOT_FOUND;
>
> +    break;
>
> = +  case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:
> =
> +    Status =3D EFI_INVALID_PARAMETER;
> =
> +    break;
>
> +  default:
> =
> +    Status =3D EFI_DEVICE_ERROR;
>
> = +    break;
>
> +  }
>
> = +
>
> +Done:
>
> +  //
>
> = +  // Clear AuthSession Content
>
> +  //
> =
> +  ZeroMem (&SendBuffer, sizeof(SendBuffer));
> =
> +  ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
> =
> +  return Status;
>
> +}
>
> = +
>
>  /**
>
>    This command = reads a value from an area in NV memory previously defined by
> = TPM2_NV_DefineSpace().
>
>
>
> diff --git = a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> = b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> index = ee8eb622951c..92967662ce96 100644
> --- = a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> +++ = b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> @@ -364,6 +364,28 = @@ Tpm2NvUndefineSpace (
>    IN      = TPMS_AUTH_COMMAND         *AuthSession = OPTIONAL
>
>    );
>
>
> =
> +/**
>
> +  This command allows removal of a = platform-created NV Index that has
> TPMA_NV_POLICY_DELETE = SET.
>
> +
>
> +  @param[in]  = NvIndex             The NV = Index.
>
> +  @param[in]  IndexAuthSession  =   Auth session context for the Index
> auth/policy
> =
> +  @param[in]  PlatAuthSession    =  Auth session context for the Platform
> auth/policy
> =
> +
>
> +  @retval EFI_SUCCESS    =          Operation completed = successfully.
>
> +  @retval EFI_NOT_FOUND  =          The command was returned successfully, = but
> NvIndex is not found.
>
> +  @retval = EFI_UNSUPPORTED         Selected NvIndex does = not support deletion
> through this call.
>
> +  = @retval EFI_SECURITY_VIOLATION  Deletion is not authorized by = current
> policy session.
>
> +  @retval = EFI_INVALID_PARAMETER   The command was unsuccessful.
> =
> +  @retval EFI_DEVICE_ERROR        The = command was unsuccessful.
>
> +**/
>
> = +EFI_STATUS
>
> +EFIAPI
>
> = +Tpm2NvUndefineSpaceSpecial (
>
> +  IN    =   TPMI_RH_NV_INDEX          = NvIndex,
>
> +  IN      = TPMS_AUTH_COMMAND         *IndexAuthSession = OPTIONAL,
>
> +  IN      = TPMS_AUTH_COMMAND         *PlatAuthSession = OPTIONAL
>
> +  );
>
> +
> =
>  /**
>
>    This command reads a = value from an area in NV memory previously defined by
> = TPM2_NV_DefineSpace().
>
>
>
> --
> = 2.31.1.windows.1
>
>
>
> = -=3D-=3D-=3D-=3D-=3D-=3D
> Groups.io Links: You receive all = messages sent to this group.
> View/Reply Online (#81922): https://edk2.groups.io/g/devel/message/81922
>= ; Mute This Topic: https://groups.io/mt/86293842/1772286
> = Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
> = -=3D-=3D-=3D-=3D-=3D-=3D
> =

------=_NextPart_000_0185_01D7C1AA.E4C49AD0--