public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: Star Zeng <star.zeng@intel.com>
To: edk2-devel@lists.01.org
Cc: Jiewen Yao <jiewen.yao@intel.com>,
	Chao B Zhang <chao.b.zhang@intel.com>,
	Star Zeng <star.zeng@intel.com>
Subject: [PATCH 1/6] SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib
Date: Tue, 20 Sep 2016 18:51:28 +0800	[thread overview]
Message-ID: <1474368693-180984-2-git-send-email-star.zeng@intel.com> (raw)
In-Reply-To: <1474368693-180984-1-git-send-email-star.zeng@intel.com>

From: Jiewen Yao <jiewen.yao@intel.com>

This patch just moves function Tpm2CommandAllocPcr() from
DxeTcg2PhysicalPresenceLib.c to Tpm2CommandLib as Tpm2PcrAllocateBanks()
and no functionality change.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
 SecurityPkg/Include/Library/Tpm2CommandLib.h       |  19 ++-
 .../DxeTcg2PhysicalPresenceLib.c                   | 137 +--------------------
 SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134 ++++++++++++++++++++
 3 files changed, 154 insertions(+), 136 deletions(-)

diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index c4915496ddb6..162db193cb4f 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -1,7 +1,7 @@
 /** @file
   This library is used by other modules to send TPM2 command.
 
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
 This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -561,6 +561,23 @@ Tpm2PcrAllocate (
   );
 
 /**
+  Alloc PCR data.
+
+  @param[in]  PlatformAuth      platform auth value. NULL means no platform auth change.
+  @param[in]  SupportedPCRBanks Supported PCR banks
+  @param[in]  PCRBanks          PCR banks
+
+  @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+  IN TPM2B_AUTH                *PlatformAuth,  OPTIONAL
+  IN UINT32                    SupportedPCRBanks,
+  IN UINT32                    PCRBanks
+  );
+
+/**
   This command returns various information regarding the TPM and its current state.
 
   The capability parameter determines the category of data returned. The property parameter 
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index e34fd8da2572..d1ed7e83c7ae 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -106,139 +106,6 @@ Done:
 }
 
 /**
-  Alloc PCR data.
-
-  @param[in]  PlatformAuth      platform auth value. NULL means no platform auth change.
-  @param[in]  SupportedPCRBanks Supported PCR banks
-  @param[in]  PCRBanks          PCR banks
-  
-  @retval EFI_SUCCESS Operation completed successfully.
-**/
-EFI_STATUS
-Tpm2CommandAllocPcr (
-  IN TPM2B_AUTH                *PlatformAuth,  OPTIONAL
-  IN UINT32                    SupportedPCRBanks,
-  IN UINT32                    PCRBanks
-  )
-{
-  EFI_STATUS                Status;
-  TPMS_AUTH_COMMAND         *AuthSession;
-  TPMS_AUTH_COMMAND         LocalAuthSession;
-  TPML_PCR_SELECTION        PcrAllocation;
-  TPMI_YES_NO               AllocationSuccess;
-  UINT32                    MaxPCR;
-  UINT32                    SizeNeeded;
-  UINT32                    SizeAvailable;
-
-  if (PlatformAuth == NULL) {
-    AuthSession = NULL;
-  } else {
-    AuthSession = &LocalAuthSession;
-    ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
-    LocalAuthSession.sessionHandle = TPM_RS_PW;
-    LocalAuthSession.hmac.size = PlatformAuth->size;
-    CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
-  }
-
-  //
-  // Fill input
-  //
-  ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
-  if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
-    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
-    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
-    if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & PCRBanks) != 0) {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
-    } else {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
-    }
-    PcrAllocation.count++;
-  }
-  if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
-    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
-    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
-    if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & PCRBanks) != 0) {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
-    } else {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
-    }
-    PcrAllocation.count++;
-  }
-  if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
-    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
-    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
-    if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & PCRBanks) != 0) {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
-    } else {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
-    }
-    PcrAllocation.count++;
-  }
-  if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
-    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
-    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
-    if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & PCRBanks) != 0) {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
-    } else {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
-    }
-    PcrAllocation.count++;
-  }
-  if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
-    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
-    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
-    if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & PCRBanks) != 0) {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
-    } else {
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
-      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
-    }
-    PcrAllocation.count++;
-  }
-  Status = Tpm2PcrAllocate (
-             TPM_RH_PLATFORM,
-             AuthSession,
-             &PcrAllocation,
-             &AllocationSuccess,
-             &MaxPCR,
-             &SizeNeeded,
-             &SizeAvailable
-             );
-  DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status));
-  if (EFI_ERROR (Status)) {
-    goto Done;
-  }
-
-  DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
-  DEBUG ((EFI_D_INFO, "MaxPCR            - %08x\n", MaxPCR));
-  DEBUG ((EFI_D_INFO, "SizeNeeded        - %08x\n", SizeNeeded));
-  DEBUG ((EFI_D_INFO, "SizeAvailable     - %08x\n", SizeAvailable));
-
-Done:
-  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
-  return Status;
-}
-
-/**
   Change EPS.
 
   @param[in]  PlatformAuth      platform auth value. NULL means no platform auth change.
@@ -327,7 +194,7 @@ Tcg2ExecutePhysicalPresence (
       return TCG_PP_OPERATION_RESPONSE_SUCCESS;
 
     case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
-      Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
+      Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
       if (EFI_ERROR (Status)) {
         return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
       } else {
@@ -343,7 +210,7 @@ Tcg2ExecutePhysicalPresence (
       }
 
     case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
-      Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
+      Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
       if (EFI_ERROR (Status)) {
         return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
       } else {
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
index fa4318dd5fba..8eacfe6c137c 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
@@ -535,3 +535,137 @@ Done:
   ZeroMem (&Res, sizeof(Res));
   return Status;
 }
+
+/**
+  Alloc PCR data.
+
+  @param[in]  PlatformAuth      platform auth value. NULL means no platform auth change.
+  @param[in]  SupportedPCRBanks Supported PCR banks
+  @param[in]  PCRBanks          PCR banks
+  
+  @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+  IN TPM2B_AUTH                *PlatformAuth,  OPTIONAL
+  IN UINT32                    SupportedPCRBanks,
+  IN UINT32                    PCRBanks
+  )
+{
+  EFI_STATUS                Status;
+  TPMS_AUTH_COMMAND         *AuthSession;
+  TPMS_AUTH_COMMAND         LocalAuthSession;
+  TPML_PCR_SELECTION        PcrAllocation;
+  TPMI_YES_NO               AllocationSuccess;
+  UINT32                    MaxPCR;
+  UINT32                    SizeNeeded;
+  UINT32                    SizeAvailable;
+
+  if (PlatformAuth == NULL) {
+    AuthSession = NULL;
+  } else {
+    AuthSession = &LocalAuthSession;
+    ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
+    LocalAuthSession.sessionHandle = TPM_RS_PW;
+    LocalAuthSession.hmac.size = PlatformAuth->size;
+    CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
+  }
+
+  //
+  // Fill input
+  //
+  ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
+  if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
+    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
+    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+    if ((HASH_ALG_SHA1 & PCRBanks) != 0) {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+    } else {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+    }
+    PcrAllocation.count++;
+  }
+  if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
+    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
+    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+    if ((HASH_ALG_SHA256 & PCRBanks) != 0) {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+    } else {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+    }
+    PcrAllocation.count++;
+  }
+  if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
+    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
+    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+    if ((HASH_ALG_SHA384 & PCRBanks) != 0) {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+    } else {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+    }
+    PcrAllocation.count++;
+  }
+  if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
+    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
+    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+    if ((HASH_ALG_SHA512 & PCRBanks) != 0) {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+    } else {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+    }
+    PcrAllocation.count++;
+  }
+  if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
+    PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
+    PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+    if ((HASH_ALG_SM3_256 & PCRBanks) != 0) {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+    } else {
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+      PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+    }
+    PcrAllocation.count++;
+  }
+  Status = Tpm2PcrAllocate (
+             TPM_RH_PLATFORM,
+             AuthSession,
+             &PcrAllocation,
+             &AllocationSuccess,
+             &MaxPCR,
+             &SizeNeeded,
+             &SizeAvailable
+             );
+  DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
+  if (EFI_ERROR (Status)) {
+    goto Done;
+  }
+
+  DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
+  DEBUG ((EFI_D_INFO, "MaxPCR            - %08x\n", MaxPCR));
+  DEBUG ((EFI_D_INFO, "SizeNeeded        - %08x\n", SizeNeeded));
+  DEBUG ((EFI_D_INFO, "SizeAvailable     - %08x\n", SizeAvailable));
+
+Done:
+  ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
+  return Status;
+}
\ No newline at end of file
-- 
2.7.0.windows.1



  reply	other threads:[~2016-09-20 10:51 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
2016-09-20 10:51 ` Star Zeng [this message]
2016-09-20 10:51 ` [PATCH 2/6] SecuriryPkg/TPM2: Move GetDigestFromDigestList() " Star Zeng
2016-09-20 10:51 ` [PATCH 3/6] SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList() Star Zeng
2016-09-20 10:51 ` [PATCH 4/6] SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib Star Zeng
2016-09-20 10:51 ` [PATCH 5/6] SecuriryPkg/TPM2: Move CopyDigestListToBuffer() " Star Zeng
2016-09-20 10:51 ` [PATCH 6/6] SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs " Star Zeng
2016-09-21  6:05   ` Zhang, Chao B
2016-09-20 10:58 ` [PATCH 0/6] Move/Extract generic duplicated code " Zeng, Star
2016-09-20 14:47 ` Yao, Jiewen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1474368693-180984-2-git-send-email-star.zeng@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox