From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id AB9F91A1DF7 for ; Tue, 20 Sep 2016 03:51:46 -0700 (PDT) Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga101.fm.intel.com with ESMTP; 20 Sep 2016 03:51:46 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.30,367,1470726000"; d="scan'208";a="11682940" Received: from shwdeopenpsi068.ccr.corp.intel.com ([10.239.9.9]) by orsmga004.jf.intel.com with ESMTP; 20 Sep 2016 03:51:45 -0700 From: Star Zeng To: edk2-devel@lists.01.org Cc: Jiewen Yao , Chao B Zhang , Star Zeng Date: Tue, 20 Sep 2016 18:51:28 +0800 Message-Id: <1474368693-180984-2-git-send-email-star.zeng@intel.com> X-Mailer: git-send-email 2.7.0.windows.1 In-Reply-To: <1474368693-180984-1-git-send-email-star.zeng@intel.com> References: <1474368693-180984-1-git-send-email-star.zeng@intel.com> Subject: [PATCH 1/6] SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Sep 2016 10:51:47 -0000 From: Jiewen Yao This patch just moves function Tpm2CommandAllocPcr() from DxeTcg2PhysicalPresenceLib.c to Tpm2CommandLib as Tpm2PcrAllocateBanks() and no functionality change. Cc: Chao B Zhang Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiewen Yao Signed-off-by: Star Zeng --- SecurityPkg/Include/Library/Tpm2CommandLib.h | 19 ++- .../DxeTcg2PhysicalPresenceLib.c | 137 +-------------------- SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134 ++++++++++++++++++++ 3 files changed, 154 insertions(+), 136 deletions(-) diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h index c4915496ddb6..162db193cb4f 100644 --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h @@ -1,7 +1,7 @@ /** @file This library is used by other modules to send TPM2 command. -Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -561,6 +561,23 @@ Tpm2PcrAllocate ( ); /** + Alloc PCR data. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] SupportedPCRBanks Supported PCR banks + @param[in] PCRBanks PCR banks + + @retval EFI_SUCCESS Operation completed successfully. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrAllocateBanks ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN UINT32 SupportedPCRBanks, + IN UINT32 PCRBanks + ); + +/** This command returns various information regarding the TPM and its current state. The capability parameter determines the category of data returned. The property parameter diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c index e34fd8da2572..d1ed7e83c7ae 100644 --- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c +++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c @@ -106,139 +106,6 @@ Done: } /** - Alloc PCR data. - - @param[in] PlatformAuth platform auth value. NULL means no platform auth change. - @param[in] SupportedPCRBanks Supported PCR banks - @param[in] PCRBanks PCR banks - - @retval EFI_SUCCESS Operation completed successfully. -**/ -EFI_STATUS -Tpm2CommandAllocPcr ( - IN TPM2B_AUTH *PlatformAuth, OPTIONAL - IN UINT32 SupportedPCRBanks, - IN UINT32 PCRBanks - ) -{ - EFI_STATUS Status; - TPMS_AUTH_COMMAND *AuthSession; - TPMS_AUTH_COMMAND LocalAuthSession; - TPML_PCR_SELECTION PcrAllocation; - TPMI_YES_NO AllocationSuccess; - UINT32 MaxPCR; - UINT32 SizeNeeded; - UINT32 SizeAvailable; - - if (PlatformAuth == NULL) { - AuthSession = NULL; - } else { - AuthSession = &LocalAuthSession; - ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); - LocalAuthSession.sessionHandle = TPM_RS_PW; - LocalAuthSession.hmac.size = PlatformAuth->size; - CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); - } - - // - // Fill input - // - ZeroMem (&PcrAllocation, sizeof(PcrAllocation)); - if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & SupportedPCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1; - PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; - if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & PCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; - } else { - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; - } - PcrAllocation.count++; - } - if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & SupportedPCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256; - PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; - if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & PCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; - } else { - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; - } - PcrAllocation.count++; - } - if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & SupportedPCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384; - PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; - if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & PCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; - } else { - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; - } - PcrAllocation.count++; - } - if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & SupportedPCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512; - PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; - if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & PCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; - } else { - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; - } - PcrAllocation.count++; - } - if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256; - PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; - if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & PCRBanks) != 0) { - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; - } else { - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; - PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; - } - PcrAllocation.count++; - } - Status = Tpm2PcrAllocate ( - TPM_RH_PLATFORM, - AuthSession, - &PcrAllocation, - &AllocationSuccess, - &MaxPCR, - &SizeNeeded, - &SizeAvailable - ); - DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status)); - if (EFI_ERROR (Status)) { - goto Done; - } - - DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); - DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR)); - DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded)); - DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable)); - -Done: - ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); - return Status; -} - -/** Change EPS. @param[in] PlatformAuth platform auth value. NULL means no platform auth change. @@ -327,7 +194,7 @@ Tcg2ExecutePhysicalPresence ( return TCG_PP_OPERATION_RESPONSE_SUCCESS; case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS: - Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter); + Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter); if (EFI_ERROR (Status)) { return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; } else { @@ -343,7 +210,7 @@ Tcg2ExecutePhysicalPresence ( } case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS: - Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap); + Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap); if (EFI_ERROR (Status)) { return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE; } else { diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c index fa4318dd5fba..8eacfe6c137c 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c @@ -535,3 +535,137 @@ Done: ZeroMem (&Res, sizeof(Res)); return Status; } + +/** + Alloc PCR data. + + @param[in] PlatformAuth platform auth value. NULL means no platform auth change. + @param[in] SupportedPCRBanks Supported PCR banks + @param[in] PCRBanks PCR banks + + @retval EFI_SUCCESS Operation completed successfully. +**/ +EFI_STATUS +EFIAPI +Tpm2PcrAllocateBanks ( + IN TPM2B_AUTH *PlatformAuth, OPTIONAL + IN UINT32 SupportedPCRBanks, + IN UINT32 PCRBanks + ) +{ + EFI_STATUS Status; + TPMS_AUTH_COMMAND *AuthSession; + TPMS_AUTH_COMMAND LocalAuthSession; + TPML_PCR_SELECTION PcrAllocation; + TPMI_YES_NO AllocationSuccess; + UINT32 MaxPCR; + UINT32 SizeNeeded; + UINT32 SizeAvailable; + + if (PlatformAuth == NULL) { + AuthSession = NULL; + } else { + AuthSession = &LocalAuthSession; + ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession)); + LocalAuthSession.sessionHandle = TPM_RS_PW; + LocalAuthSession.hmac.size = PlatformAuth->size; + CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size); + } + + // + // Fill input + // + ZeroMem (&PcrAllocation, sizeof(PcrAllocation)); + if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1; + PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; + if ((HASH_ALG_SHA1 & PCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; + } else { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; + } + PcrAllocation.count++; + } + if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256; + PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; + if ((HASH_ALG_SHA256 & PCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; + } else { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; + } + PcrAllocation.count++; + } + if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384; + PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; + if ((HASH_ALG_SHA384 & PCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; + } else { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; + } + PcrAllocation.count++; + } + if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512; + PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; + if ((HASH_ALG_SHA512 & PCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; + } else { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; + } + PcrAllocation.count++; + } + if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256; + PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX; + if ((HASH_ALG_SM3_256 & PCRBanks) != 0) { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF; + } else { + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00; + PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00; + } + PcrAllocation.count++; + } + Status = Tpm2PcrAllocate ( + TPM_RH_PLATFORM, + AuthSession, + &PcrAllocation, + &AllocationSuccess, + &MaxPCR, + &SizeNeeded, + &SizeAvailable + ); + DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status)); + if (EFI_ERROR (Status)) { + goto Done; + } + + DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess)); + DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR)); + DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded)); + DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable)); + +Done: + ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac)); + return Status; +} \ No newline at end of file -- 2.7.0.windows.1