From: Star Zeng <star.zeng@intel.com>
To: edk2-devel@lists.01.org
Cc: Jiewen Yao <jiewen.yao@intel.com>,
Chao B Zhang <chao.b.zhang@intel.com>,
Star Zeng <star.zeng@intel.com>
Subject: [PATCH 1/6] SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib
Date: Tue, 20 Sep 2016 18:51:28 +0800 [thread overview]
Message-ID: <1474368693-180984-2-git-send-email-star.zeng@intel.com> (raw)
In-Reply-To: <1474368693-180984-1-git-send-email-star.zeng@intel.com>
From: Jiewen Yao <jiewen.yao@intel.com>
This patch just moves function Tpm2CommandAllocPcr() from
DxeTcg2PhysicalPresenceLib.c to Tpm2CommandLib as Tpm2PcrAllocateBanks()
and no functionality change.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 19 ++-
.../DxeTcg2PhysicalPresenceLib.c | 137 +--------------------
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134 ++++++++++++++++++++
3 files changed, 154 insertions(+), 136 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index c4915496ddb6..162db193cb4f 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -1,7 +1,7 @@
/** @file
This library is used by other modules to send TPM2 command.
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -561,6 +561,23 @@ Tpm2PcrAllocate (
);
/**
+ Alloc PCR data.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+ @param[in] SupportedPCRBanks Supported PCR banks
+ @param[in] PCRBanks PCR banks
+
+ @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL
+ IN UINT32 SupportedPCRBanks,
+ IN UINT32 PCRBanks
+ );
+
+/**
This command returns various information regarding the TPM and its current state.
The capability parameter determines the category of data returned. The property parameter
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index e34fd8da2572..d1ed7e83c7ae 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -106,139 +106,6 @@ Done:
}
/**
- Alloc PCR data.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] SupportedPCRBanks Supported PCR banks
- @param[in] PCRBanks PCR banks
-
- @retval EFI_SUCCESS Operation completed successfully.
-**/
-EFI_STATUS
-Tpm2CommandAllocPcr (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN UINT32 SupportedPCRBanks,
- IN UINT32 PCRBanks
- )
-{
- EFI_STATUS Status;
- TPMS_AUTH_COMMAND *AuthSession;
- TPMS_AUTH_COMMAND LocalAuthSession;
- TPML_PCR_SELECTION PcrAllocation;
- TPMI_YES_NO AllocationSuccess;
- UINT32 MaxPCR;
- UINT32 SizeNeeded;
- UINT32 SizeAvailable;
-
- if (PlatformAuth == NULL) {
- AuthSession = NULL;
- } else {
- AuthSession = &LocalAuthSession;
- ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
- LocalAuthSession.sessionHandle = TPM_RS_PW;
- LocalAuthSession.hmac.size = PlatformAuth->size;
- CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
- }
-
- //
- // Fill input
- //
- ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- Status = Tpm2PcrAllocate (
- TPM_RH_PLATFORM,
- AuthSession,
- &PcrAllocation,
- &AllocationSuccess,
- &MaxPCR,
- &SizeNeeded,
- &SizeAvailable
- );
- DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status));
- if (EFI_ERROR (Status)) {
- goto Done;
- }
-
- DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
- DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
- DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
- DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
-
-Done:
- ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
- return Status;
-}
-
-/**
Change EPS.
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@@ -327,7 +194,7 @@ Tcg2ExecutePhysicalPresence (
return TCG_PP_OPERATION_RESPONSE_SUCCESS;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
- Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
@@ -343,7 +210,7 @@ Tcg2ExecutePhysicalPresence (
}
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
- Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
index fa4318dd5fba..8eacfe6c137c 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
@@ -535,3 +535,137 @@ Done:
ZeroMem (&Res, sizeof(Res));
return Status;
}
+
+/**
+ Alloc PCR data.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+ @param[in] SupportedPCRBanks Supported PCR banks
+ @param[in] PCRBanks PCR banks
+
+ @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL
+ IN UINT32 SupportedPCRBanks,
+ IN UINT32 PCRBanks
+ )
+{
+ EFI_STATUS Status;
+ TPMS_AUTH_COMMAND *AuthSession;
+ TPMS_AUTH_COMMAND LocalAuthSession;
+ TPML_PCR_SELECTION PcrAllocation;
+ TPMI_YES_NO AllocationSuccess;
+ UINT32 MaxPCR;
+ UINT32 SizeNeeded;
+ UINT32 SizeAvailable;
+
+ if (PlatformAuth == NULL) {
+ AuthSession = NULL;
+ } else {
+ AuthSession = &LocalAuthSession;
+ ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
+ LocalAuthSession.sessionHandle = TPM_RS_PW;
+ LocalAuthSession.hmac.size = PlatformAuth->size;
+ CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
+ }
+
+ //
+ // Fill input
+ //
+ ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
+ if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA1 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA256 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA384 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA512 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SM3_256 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ Status = Tpm2PcrAllocate (
+ TPM_RH_PLATFORM,
+ AuthSession,
+ &PcrAllocation,
+ &AllocationSuccess,
+ &MaxPCR,
+ &SizeNeeded,
+ &SizeAvailable
+ );
+ DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
+ if (EFI_ERROR (Status)) {
+ goto Done;
+ }
+
+ DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
+ DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
+ DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
+ DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
+
+Done:
+ ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
+ return Status;
+}
\ No newline at end of file
--
2.7.0.windows.1
next prev parent reply other threads:[~2016-09-20 10:51 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
2016-09-20 10:51 ` Star Zeng [this message]
2016-09-20 10:51 ` [PATCH 2/6] SecuriryPkg/TPM2: Move GetDigestFromDigestList() " Star Zeng
2016-09-20 10:51 ` [PATCH 3/6] SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList() Star Zeng
2016-09-20 10:51 ` [PATCH 4/6] SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib Star Zeng
2016-09-20 10:51 ` [PATCH 5/6] SecuriryPkg/TPM2: Move CopyDigestListToBuffer() " Star Zeng
2016-09-20 10:51 ` [PATCH 6/6] SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs " Star Zeng
2016-09-21 6:05 ` Zhang, Chao B
2016-09-20 10:58 ` [PATCH 0/6] Move/Extract generic duplicated code " Zeng, Star
2016-09-20 14:47 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1474368693-180984-2-git-send-email-star.zeng@intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox