* [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib
@ 2016-09-20 10:51 Star Zeng
2016-09-20 10:51 ` [PATCH 1/6] SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() " Star Zeng
` (7 more replies)
0 siblings, 8 replies; 10+ messages in thread
From: Star Zeng @ 2016-09-20 10:51 UTC (permalink / raw)
To: edk2-devel; +Cc: Star Zeng, Chao B Zhang, Jiewen Yao
These patches move/extract Tpm2PcrAllocateBanks(),
Tpm2GetCapabilitySupportedAndActivePcrs(), CopyDigestListToBuffer(),
GetDigestListSize() and GetDigestFromDigestList() to Tpm2CommandLib.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Jiewen Yao (5):
SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib
SecuriryPkg/TPM2: Move GetDigestFromDigestList() to Tpm2CommandLib
SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib
SecuriryPkg/TPM2: Move CopyDigestListToBuffer() to Tpm2CommandLib
SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib
Star Zeng (1):
SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList()
SecurityPkg/Include/Library/Tpm2CommandLib.h | 85 ++++++++-
.../DxeTcg2PhysicalPresenceLib.c | 150 +---------------
.../Library/Tpm2CommandLib/Tpm2Capability.c | 92 ++++++++++
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 147 +++++++++++++++-
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134 +++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 191 +--------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 145 +---------------
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 37 +---
SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 37 +---
9 files changed, 470 insertions(+), 548 deletions(-)
--
2.7.0.windows.1
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 1/6] SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
@ 2016-09-20 10:51 ` Star Zeng
2016-09-20 10:51 ` [PATCH 2/6] SecuriryPkg/TPM2: Move GetDigestFromDigestList() " Star Zeng
` (6 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: Star Zeng @ 2016-09-20 10:51 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang, Star Zeng
From: Jiewen Yao <jiewen.yao@intel.com>
This patch just moves function Tpm2CommandAllocPcr() from
DxeTcg2PhysicalPresenceLib.c to Tpm2CommandLib as Tpm2PcrAllocateBanks()
and no functionality change.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 19 ++-
.../DxeTcg2PhysicalPresenceLib.c | 137 +--------------------
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134 ++++++++++++++++++++
3 files changed, 154 insertions(+), 136 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index c4915496ddb6..162db193cb4f 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -1,7 +1,7 @@
/** @file
This library is used by other modules to send TPM2 command.
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -561,6 +561,23 @@ Tpm2PcrAllocate (
);
/**
+ Alloc PCR data.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+ @param[in] SupportedPCRBanks Supported PCR banks
+ @param[in] PCRBanks PCR banks
+
+ @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL
+ IN UINT32 SupportedPCRBanks,
+ IN UINT32 PCRBanks
+ );
+
+/**
This command returns various information regarding the TPM and its current state.
The capability parameter determines the category of data returned. The property parameter
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index e34fd8da2572..d1ed7e83c7ae 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -106,139 +106,6 @@ Done:
}
/**
- Alloc PCR data.
-
- @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
- @param[in] SupportedPCRBanks Supported PCR banks
- @param[in] PCRBanks PCR banks
-
- @retval EFI_SUCCESS Operation completed successfully.
-**/
-EFI_STATUS
-Tpm2CommandAllocPcr (
- IN TPM2B_AUTH *PlatformAuth, OPTIONAL
- IN UINT32 SupportedPCRBanks,
- IN UINT32 PCRBanks
- )
-{
- EFI_STATUS Status;
- TPMS_AUTH_COMMAND *AuthSession;
- TPMS_AUTH_COMMAND LocalAuthSession;
- TPML_PCR_SELECTION PcrAllocation;
- TPMI_YES_NO AllocationSuccess;
- UINT32 MaxPCR;
- UINT32 SizeNeeded;
- UINT32 SizeAvailable;
-
- if (PlatformAuth == NULL) {
- AuthSession = NULL;
- } else {
- AuthSession = &LocalAuthSession;
- ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
- LocalAuthSession.sessionHandle = TPM_RS_PW;
- LocalAuthSession.hmac.size = PlatformAuth->size;
- CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
- }
-
- //
- // Fill input
- //
- ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA1 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA256 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA384 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SHA512 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
- PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
- if ((EFI_TCG2_BOOT_HASH_ALG_SM3_256 & PCRBanks) != 0) {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
- } else {
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
- PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
- }
- PcrAllocation.count++;
- }
- Status = Tpm2PcrAllocate (
- TPM_RH_PLATFORM,
- AuthSession,
- &PcrAllocation,
- &AllocationSuccess,
- &MaxPCR,
- &SizeNeeded,
- &SizeAvailable
- );
- DEBUG ((EFI_D_INFO, "Tpm2PcrAllocate - %r\n", Status));
- if (EFI_ERROR (Status)) {
- goto Done;
- }
-
- DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
- DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
- DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
- DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
-
-Done:
- ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
- return Status;
-}
-
-/**
Change EPS.
@param[in] PlatformAuth platform auth value. NULL means no platform auth change.
@@ -327,7 +194,7 @@ Tcg2ExecutePhysicalPresence (
return TCG_PP_OPERATION_RESPONSE_SUCCESS;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
- Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
@@ -343,7 +210,7 @@ Tcg2ExecutePhysicalPresence (
}
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
- Status = Tpm2CommandAllocPcr (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
index fa4318dd5fba..8eacfe6c137c 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c
@@ -535,3 +535,137 @@ Done:
ZeroMem (&Res, sizeof(Res));
return Status;
}
+
+/**
+ Alloc PCR data.
+
+ @param[in] PlatformAuth platform auth value. NULL means no platform auth change.
+ @param[in] SupportedPCRBanks Supported PCR banks
+ @param[in] PCRBanks PCR banks
+
+ @retval EFI_SUCCESS Operation completed successfully.
+**/
+EFI_STATUS
+EFIAPI
+Tpm2PcrAllocateBanks (
+ IN TPM2B_AUTH *PlatformAuth, OPTIONAL
+ IN UINT32 SupportedPCRBanks,
+ IN UINT32 PCRBanks
+ )
+{
+ EFI_STATUS Status;
+ TPMS_AUTH_COMMAND *AuthSession;
+ TPMS_AUTH_COMMAND LocalAuthSession;
+ TPML_PCR_SELECTION PcrAllocation;
+ TPMI_YES_NO AllocationSuccess;
+ UINT32 MaxPCR;
+ UINT32 SizeNeeded;
+ UINT32 SizeAvailable;
+
+ if (PlatformAuth == NULL) {
+ AuthSession = NULL;
+ } else {
+ AuthSession = &LocalAuthSession;
+ ZeroMem (&LocalAuthSession, sizeof(LocalAuthSession));
+ LocalAuthSession.sessionHandle = TPM_RS_PW;
+ LocalAuthSession.hmac.size = PlatformAuth->size;
+ CopyMem (LocalAuthSession.hmac.buffer, PlatformAuth->buffer, PlatformAuth->size);
+ }
+
+ //
+ // Fill input
+ //
+ ZeroMem (&PcrAllocation, sizeof(PcrAllocation));
+ if ((HASH_ALG_SHA1 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA1;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA1 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA256 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA256;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA256 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA384 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA384;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA384 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SHA512 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SHA512;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SHA512 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ if ((HASH_ALG_SM3_256 & SupportedPCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].hash = TPM_ALG_SM3_256;
+ PcrAllocation.pcrSelections[PcrAllocation.count].sizeofSelect = PCR_SELECT_MAX;
+ if ((HASH_ALG_SM3_256 & PCRBanks) != 0) {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0xFF;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0xFF;
+ } else {
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[0] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[1] = 0x00;
+ PcrAllocation.pcrSelections[PcrAllocation.count].pcrSelect[2] = 0x00;
+ }
+ PcrAllocation.count++;
+ }
+ Status = Tpm2PcrAllocate (
+ TPM_RH_PLATFORM,
+ AuthSession,
+ &PcrAllocation,
+ &AllocationSuccess,
+ &MaxPCR,
+ &SizeNeeded,
+ &SizeAvailable
+ );
+ DEBUG ((EFI_D_INFO, "Tpm2PcrAllocateBanks call Tpm2PcrAllocate - %r\n", Status));
+ if (EFI_ERROR (Status)) {
+ goto Done;
+ }
+
+ DEBUG ((EFI_D_INFO, "AllocationSuccess - %02x\n", AllocationSuccess));
+ DEBUG ((EFI_D_INFO, "MaxPCR - %08x\n", MaxPCR));
+ DEBUG ((EFI_D_INFO, "SizeNeeded - %08x\n", SizeNeeded));
+ DEBUG ((EFI_D_INFO, "SizeAvailable - %08x\n", SizeAvailable));
+
+Done:
+ ZeroMem(&LocalAuthSession.hmac, sizeof(LocalAuthSession.hmac));
+ return Status;
+}
\ No newline at end of file
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 2/6] SecuriryPkg/TPM2: Move GetDigestFromDigestList() to Tpm2CommandLib
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
2016-09-20 10:51 ` [PATCH 1/6] SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() " Star Zeng
@ 2016-09-20 10:51 ` Star Zeng
2016-09-20 10:51 ` [PATCH 3/6] SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList() Star Zeng
` (5 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: Star Zeng @ 2016-09-20 10:51 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang, Star Zeng
From: Jiewen Yao <jiewen.yao@intel.com>
This patch just moves function Tpm2GetDigestFromDigestList() from
drivers to library as GetDigestFromDigestList() and no functionality change.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 18 +++++++++++++
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 38 ++++++++++++++++++++++++++-
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 37 +-------------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 37 +-------------------------
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 37 +-------------------------
SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 37 +-------------------------
6 files changed, 59 insertions(+), 145 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 162db193cb4f..197d64958634 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -988,4 +988,22 @@ GetHashSizeFromAlgo (
IN TPMI_ALG_HASH HashAlgo
);
+/**
+ This function get digest from digest list.
+
+ @param HashAlg digest algorithm
+ @param DigestList digest list
+ @param Digest digest
+
+ @retval EFI_SUCCESS Sha1Digest is found and returned.
+ @retval EFI_NOT_FOUND Sha1Digest is not found.
+**/
+EFI_STATUS
+EFIAPI
+GetDigestFromDigestList(
+ IN TPMI_ALG_HASH HashAlg,
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN VOID *Digest
+ );
+
#endif
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
index 5e24290f7c8a..b40c2ab09d30 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
@@ -1,7 +1,7 @@
/** @file
Implement TPM2 help.
-Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved. <BR>
+Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved. <BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -164,3 +164,39 @@ CopyAuthSessionResponse (
return (UINT32)(UINTN)(Buffer - (UINT8 *)AuthSessionIn);
}
+
+/**
+ This function get digest from digest list.
+
+ @param HashAlg digest algorithm
+ @param DigestList digest list
+ @param Digest digest
+
+ @retval EFI_SUCCESS Sha1Digest is found and returned.
+ @retval EFI_NOT_FOUND Sha1Digest is not found.
+**/
+EFI_STATUS
+EFIAPI
+GetDigestFromDigestList (
+ IN TPMI_ALG_HASH HashAlg,
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN VOID *Digest
+ )
+{
+ UINTN Index;
+ UINT16 DigestSize;
+
+ DigestSize = GetHashSizeFromAlgo (HashAlg);
+ for (Index = 0; Index < DigestList->count; Index++) {
+ if (DigestList->digests[Index].hashAlg == HashAlg) {
+ CopyMem (
+ Digest,
+ &DigestList->digests[Index].digest,
+ DigestSize
+ );
+ return EFI_SUCCESS;
+ }
+ }
+
+ return EFI_NOT_FOUND;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 319f24544ac3..9080e4703233 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -864,41 +864,6 @@ TcgDxeLogEvent (
}
/**
- This function get digest from digest list.
-
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
-
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
-**/
-EFI_STATUS
-Tpm2GetDigestFromDigestList (
- IN TPMI_ALG_HASH HashAlg,
- IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- DigestSize = GetHashSizeFromAlgo (HashAlg);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (DigestList->digests[Index].hashAlg == HashAlg) {
- CopyMem (
- Digest,
- &DigestList->digests[Index].digest,
- DigestSize
- );
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
Get TPML_DIGEST_VALUES data size.
@param[in] DigestList TPML_DIGEST_VALUES data.
@@ -1067,7 +1032,7 @@ TcgDxeLogHashEvent (
DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
switch (mTcg2EventInfo[Index].LogFormat) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
- Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
+ Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
//
// Enter critical region
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 0d779f1e3b17..adc0350a48e3 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -135,41 +135,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;
/**
- This function get digest from digest list.
-
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
-
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
-**/
-EFI_STATUS
-Tpm2GetDigestFromDigestList (
- IN TPMI_ALG_HASH HashAlg,
- IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- DigestSize = GetHashSizeFromAlgo (HashAlg);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (DigestList->digests[Index].hashAlg == HashAlg) {
- CopyMem (
- Digest,
- &DigestList->digests[Index].digest,
- DigestSize
- );
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
Record all measured Firmware Volum Information into a Guid Hob
Guid Hob payload layout is
@@ -420,7 +385,7 @@ LogHashEvent (
DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTcg2EventInfo[Index].LogFormat));
switch (mTcg2EventInfo[Index].LogFormat) {
case EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2:
- Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
+ Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
HobData = BuildGuidHob (
&gTcgEventEntryHobGuid,
diff --git a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
index ecafc12efe1c..fb69fa1860e8 100644
--- a/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
+++ b/SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c
@@ -625,41 +625,6 @@ TcgDxeLogEvent (
}
/**
- This function get digest from digest list.
-
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
-
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
-**/
-EFI_STATUS
-Tpm2GetDigestFromDigestList (
- IN TPMI_ALG_HASH HashAlg,
- IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- DigestSize = GetHashSizeFromAlgo (HashAlg);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (DigestList->digests[Index].hashAlg == HashAlg) {
- CopyMem (
- Digest,
- &DigestList->digests[Index].digest,
- DigestSize
- );
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
Add a new entry to the Event Log.
@param[in] DigestList A list of digest.
@@ -686,7 +651,7 @@ TcgDxeLogHashEvent (
DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].LogFormat));
switch (mTreeEventInfo[Index].LogFormat) {
case TREE_EVENT_LOG_FORMAT_TCG_1_2:
- Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
+ Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
//
// Enter critical region
diff --git a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
index 41edfdd0e6ec..8d8639d271c7 100644
--- a/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
+++ b/SecurityPkg/Tcg/TrEEPei/TrEEPei.c
@@ -133,41 +133,6 @@ EFI_PEI_NOTIFY_DESCRIPTOR mNotifyList[] = {
EFI_PEI_FIRMWARE_VOLUME_INFO_MEASUREMENT_EXCLUDED_PPI *mMeasurementExcludedFvPpi;
/**
- This function get digest from digest list.
-
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
-
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
-**/
-EFI_STATUS
-Tpm2GetDigestFromDigestList (
- IN TPMI_ALG_HASH HashAlg,
- IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- DigestSize = GetHashSizeFromAlgo (HashAlg);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (DigestList->digests[Index].hashAlg == HashAlg) {
- CopyMem (
- Digest,
- &DigestList->digests[Index].digest,
- DigestSize
- );
- return EFI_SUCCESS;
- }
- }
-
- return EFI_NOT_FOUND;
-}
-
-/**
Record all measured Firmware Volum Information into a Guid Hob
Guid Hob payload layout is
@@ -249,7 +214,7 @@ LogHashEvent (
DEBUG ((EFI_D_INFO, " LogFormat - 0x%08x\n", mTreeEventInfo[Index].LogFormat));
switch (mTreeEventInfo[Index].LogFormat) {
case TREE_EVENT_LOG_FORMAT_TCG_1_2:
- Status = Tpm2GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
+ Status = GetDigestFromDigestList (TPM_ALG_SHA1, DigestList, &NewEventHdr->Digest);
if (!EFI_ERROR (Status)) {
HobData = BuildGuidHob (
&gTcgEventEntryHobGuid,
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 3/6] SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList()
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
2016-09-20 10:51 ` [PATCH 1/6] SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() " Star Zeng
2016-09-20 10:51 ` [PATCH 2/6] SecuriryPkg/TPM2: Move GetDigestFromDigestList() " Star Zeng
@ 2016-09-20 10:51 ` Star Zeng
2016-09-20 10:51 ` [PATCH 4/6] SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib Star Zeng
` (4 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: Star Zeng @ 2016-09-20 10:51 UTC (permalink / raw)
To: edk2-devel; +Cc: Star Zeng, Chao B Zhang, Jiewen Yao
Update the return status description and use OUT identifier instead of
IN for Digest parameter, no functionality change.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 12 ++++++------
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 14 +++++++-------
2 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 197d64958634..1a837fd11f42 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -991,19 +991,19 @@ GetHashSizeFromAlgo (
/**
This function get digest from digest list.
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
+ @param[in] HashAlg Digest algorithm
+ @param[in] DigestList Digest list
+ @param[out] Digest Digest
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
+ @retval EFI_SUCCESS Digest is found and returned.
+ @retval EFI_NOT_FOUND Digest is not found.
**/
EFI_STATUS
EFIAPI
GetDigestFromDigestList(
IN TPMI_ALG_HASH HashAlg,
IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
+ OUT VOID *Digest
);
#endif
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
index b40c2ab09d30..2df18dfe070a 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
@@ -168,19 +168,19 @@ CopyAuthSessionResponse (
/**
This function get digest from digest list.
- @param HashAlg digest algorithm
- @param DigestList digest list
- @param Digest digest
+ @param[in] HashAlg Digest algorithm
+ @param[in] DigestList Digest list
+ @param[out] Digest Digest
- @retval EFI_SUCCESS Sha1Digest is found and returned.
- @retval EFI_NOT_FOUND Sha1Digest is not found.
+ @retval EFI_SUCCESS Digest is found and returned.
+ @retval EFI_NOT_FOUND Digest is not found.
**/
EFI_STATUS
EFIAPI
GetDigestFromDigestList (
IN TPMI_ALG_HASH HashAlg,
IN TPML_DIGEST_VALUES *DigestList,
- IN VOID *Digest
+ OUT VOID *Digest
)
{
UINTN Index;
@@ -199,4 +199,4 @@ GetDigestFromDigestList (
}
return EFI_NOT_FOUND;
-}
\ No newline at end of file
+}
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 4/6] SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
` (2 preceding siblings ...)
2016-09-20 10:51 ` [PATCH 3/6] SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList() Star Zeng
@ 2016-09-20 10:51 ` Star Zeng
2016-09-20 10:51 ` [PATCH 5/6] SecuriryPkg/TPM2: Move CopyDigestListToBuffer() " Star Zeng
` (3 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: Star Zeng @ 2016-09-20 10:51 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang, Star Zeng
From: Jiewen Yao <jiewen.yao@intel.com>
This patch just moves function GetDigestListSize() from
drivers to library and no functionality change.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 13 +++++++++++++
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 26 ++++++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 25 -------------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 25 -------------------------
4 files changed, 39 insertions(+), 50 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 1a837fd11f42..563cfc26e367 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -989,6 +989,19 @@ GetHashSizeFromAlgo (
);
/**
+ Get TPML_DIGEST_VALUES data size.
+
+ @param[in] DigestList TPML_DIGEST_VALUES data.
+
+ @return TPML_DIGEST_VALUES data size.
+**/
+UINT32
+EFIAPI
+GetDigestListSize(
+ IN TPML_DIGEST_VALUES *DigestList
+ );
+
+/**
This function get digest from digest list.
@param[in] HashAlg Digest algorithm
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
index 2df18dfe070a..96753b79d5e5 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
@@ -166,6 +166,32 @@ CopyAuthSessionResponse (
}
/**
+ Get TPML_DIGEST_VALUES data size.
+
+ @param[in] DigestList TPML_DIGEST_VALUES data.
+
+ @return TPML_DIGEST_VALUES data size.
+**/
+UINT32
+EFIAPI
+GetDigestListSize (
+ IN TPML_DIGEST_VALUES *DigestList
+ )
+{
+ UINTN Index;
+ UINT16 DigestSize;
+ UINT32 TotalSize;
+
+ TotalSize = sizeof(DigestList->count);
+ for (Index = 0; Index < DigestList->count; Index++) {
+ DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
+ TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize;
+ }
+
+ return TotalSize;
+}
+
+/**
This function get digest from digest list.
@param[in] HashAlg Digest algorithm
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 9080e4703233..4d582c03d4c1 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -864,31 +864,6 @@ TcgDxeLogEvent (
}
/**
- Get TPML_DIGEST_VALUES data size.
-
- @param[in] DigestList TPML_DIGEST_VALUES data.
-
- @return TPML_DIGEST_VALUES data size.
-**/
-UINT32
-GetDigestListSize (
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
- UINT32 TotalSize;
-
- TotalSize = sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize;
- }
-
- return TotalSize;
-}
-
-/**
Get TPML_DIGEST_VALUES compact binary buffer size.
@param[in] DigestListBin TPML_DIGEST_VALUES compact binary buffer.
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index adc0350a48e3..c67cdffe48a8 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -190,31 +190,6 @@ EndofPeiSignalNotifyCallBack (
}
/**
- Get TPML_DIGEST_VALUES data size.
-
- @param[in] DigestList TPML_DIGEST_VALUES data.
-
- @return TPML_DIGEST_VALUES data size.
-**/
-UINT32
-GetDigestListSize (
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
- UINT32 TotalSize;
-
- TotalSize = sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- TotalSize += sizeof(DigestList->digests[Index].hashAlg) + DigestSize;
- }
-
- return TotalSize;
-}
-
-/**
Return if hash alg is supported in TPM PCR bank.
@param HashAlg Hash algorithm to be checked.
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 5/6] SecuriryPkg/TPM2: Move CopyDigestListToBuffer() to Tpm2CommandLib
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
` (3 preceding siblings ...)
2016-09-20 10:51 ` [PATCH 4/6] SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib Star Zeng
@ 2016-09-20 10:51 ` Star Zeng
2016-09-20 10:51 ` [PATCH 6/6] SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs " Star Zeng
` (2 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: Star Zeng @ 2016-09-20 10:51 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang, Star Zeng
From: Jiewen Yao <jiewen.yao@intel.com>
This patch just moves function CopyDigestListToBuffer() from
drivers to library with HashAlgorithmMask parameter added to
make the interface more applicable.
The related function IsHashAlgSupportedInHashAlgorithmMask()
is also moved from drivers to library as internal function.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 17 ++++++
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 83 +++++++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 80 +-------------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 83 +--------------------------
4 files changed, 102 insertions(+), 161 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 563cfc26e367..825ffc37a466 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -989,6 +989,23 @@ GetHashSizeFromAlgo (
);
/**
+ Copy TPML_DIGEST_VALUES into a buffer
+
+ @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
+ @param[in] DigestList TPML_DIGEST_VALUES to be copied.
+ @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.
+
+ @return The end of buffer to hold TPML_DIGEST_VALUES.
+**/
+VOID *
+EFIAPI
+CopyDigestListToBuffer(
+ IN OUT VOID *Buffer,
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN UINT32 HashAlgorithmMask
+ );
+
+/**
Get TPML_DIGEST_VALUES data size.
@param[in] DigestList TPML_DIGEST_VALUES data.
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
index 96753b79d5e5..43574a246829 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c
@@ -166,6 +166,89 @@ CopyAuthSessionResponse (
}
/**
+ Return if hash alg is supported in HashAlgorithmMask.
+
+ @param HashAlg Hash algorithm to be checked.
+ @param HashAlgorithmMask Bitfield of allowed hash algorithms.
+
+ @retval TRUE Hash algorithm is supported.
+ @retval FALSE Hash algorithm is not supported.
+**/
+BOOLEAN
+IsHashAlgSupportedInHashAlgorithmMask(
+ IN TPMI_ALG_HASH HashAlg,
+ IN UINT32 HashAlgorithmMask
+ )
+{
+ switch (HashAlg) {
+ case TPM_ALG_SHA1:
+ if ((HashAlgorithmMask & HASH_ALG_SHA1) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SHA256:
+ if ((HashAlgorithmMask & HASH_ALG_SHA256) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SHA384:
+ if ((HashAlgorithmMask & HASH_ALG_SHA384) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SHA512:
+ if ((HashAlgorithmMask & HASH_ALG_SHA512) != 0) {
+ return TRUE;
+ }
+ break;
+ case TPM_ALG_SM3_256:
+ if ((HashAlgorithmMask & HASH_ALG_SM3_256) != 0) {
+ return TRUE;
+ }
+ break;
+ }
+
+ return FALSE;
+}
+
+/**
+ Copy TPML_DIGEST_VALUES into a buffer
+
+ @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
+ @param[in] DigestList TPML_DIGEST_VALUES to be copied.
+ @param[in] HashAlgorithmMask HASH bits corresponding to the desired digests to copy.
+
+ @return The end of buffer to hold TPML_DIGEST_VALUES.
+**/
+VOID *
+EFIAPI
+CopyDigestListToBuffer (
+ IN OUT VOID *Buffer,
+ IN TPML_DIGEST_VALUES *DigestList,
+ IN UINT32 HashAlgorithmMask
+ )
+{
+ UINTN Index;
+ UINT16 DigestSize;
+
+ CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));
+ Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
+ for (Index = 0; Index < DigestList->count; Index++) {
+ if (!IsHashAlgSupportedInHashAlgorithmMask(DigestList->digests[Index].hashAlg, HashAlgorithmMask)) {
+ DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
+ continue;
+ }
+ CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
+ Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
+ DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
+ CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
+ Buffer = (UINT8 *)Buffer + DigestSize;
+ }
+
+ return Buffer;
+}
+
+/**
Get TPML_DIGEST_VALUES data size.
@param[in] DigestList TPML_DIGEST_VALUES data.
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index 4d582c03d4c1..f3cc47796448 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -898,84 +898,6 @@ GetDigestListBinSize (
}
/**
- Return if hash alg is supported in TPM PCR bank.
-
- @param HashAlg Hash algorithm to be checked.
-
- @retval TRUE Hash algorithm is supported.
- @retval FALSE Hash algorithm is not supported.
-**/
-BOOLEAN
-IsHashAlgSupportedInPcrBank (
- IN TPMI_ALG_HASH HashAlg
- )
-{
- switch (HashAlg) {
- case TPM_ALG_SHA1:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA256:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA384:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA512:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SM3_256:
- if ((mTcgDxeData.BsCap.ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
- return TRUE;
- }
- break;
- }
-
- return FALSE;
-}
-
-/**
- Copy TPML_DIGEST_VALUES into a buffer
-
- @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
- @param[in] DigestList TPML_DIGEST_VALUES to be copied.
-
- @return The end of buffer to hold TPML_DIGEST_VALUES.
-**/
-VOID *
-CopyDigestListToBuffer (
- IN OUT VOID *Buffer,
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (!IsHashAlgSupportedInPcrBank (DigestList->digests[Index].hashAlg)) {
- DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
- continue;
- }
- CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
- Buffer = (UINT8 *)Buffer + DigestSize;
- }
-
- return Buffer;
-}
-
-/**
Add a new entry to the Event Log.
@param[in] DigestList A list of digest.
@@ -1034,7 +956,7 @@ TcgDxeLogHashEvent (
TcgPcrEvent2.PCRIndex = NewEventHdr->PCRIndex;
TcgPcrEvent2.EventType = NewEventHdr->EventType;
DigestBuffer = (UINT8 *)&TcgPcrEvent2.Digest;
- DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList);
+ DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, mTcgDxeData.BsCap.ActivePcrBanks);
CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(NewEventHdr->EventSize));
DigestBuffer = DigestBuffer + sizeof(NewEventHdr->EventSize);
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index c67cdffe48a8..a72b8d9bda1f 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -190,87 +190,6 @@ EndofPeiSignalNotifyCallBack (
}
/**
- Return if hash alg is supported in TPM PCR bank.
-
- @param HashAlg Hash algorithm to be checked.
-
- @retval TRUE Hash algorithm is supported.
- @retval FALSE Hash algorithm is not supported.
-**/
-BOOLEAN
-IsHashAlgSupportedInPcrBank (
- IN TPMI_ALG_HASH HashAlg
- )
-{
- UINT32 ActivePcrBanks;
-
- ActivePcrBanks = PcdGet32 (PcdTpm2HashMask);
- switch (HashAlg) {
- case TPM_ALG_SHA1:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA1) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA256:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA256) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA384:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA384) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SHA512:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SHA512) != 0) {
- return TRUE;
- }
- break;
- case TPM_ALG_SM3_256:
- if ((ActivePcrBanks & EFI_TCG2_BOOT_HASH_ALG_SM3_256) != 0) {
- return TRUE;
- }
- break;
- }
-
- return FALSE;
-}
-
-/**
- Copy TPML_DIGEST_VALUES into a buffer
-
- @param[in,out] Buffer Buffer to hold TPML_DIGEST_VALUES.
- @param[in] DigestList TPML_DIGEST_VALUES to be copied.
-
- @return The end of buffer to hold TPML_DIGEST_VALUES.
-**/
-VOID *
-CopyDigestListToBuffer (
- IN OUT VOID *Buffer,
- IN TPML_DIGEST_VALUES *DigestList
- )
-{
- UINTN Index;
- UINT16 DigestSize;
-
- CopyMem (Buffer, &DigestList->count, sizeof(DigestList->count));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->count);
- for (Index = 0; Index < DigestList->count; Index++) {
- if (!IsHashAlgSupportedInPcrBank (DigestList->digests[Index].hashAlg)) {
- DEBUG ((EFI_D_ERROR, "WARNING: TPM2 Event log has HashAlg unsupported by PCR bank (0x%x)\n", DigestList->digests[Index].hashAlg));
- continue;
- }
- CopyMem (Buffer, &DigestList->digests[Index].hashAlg, sizeof(DigestList->digests[Index].hashAlg));
- Buffer = (UINT8 *)Buffer + sizeof(DigestList->digests[Index].hashAlg);
- DigestSize = GetHashSizeFromAlgo (DigestList->digests[Index].hashAlg);
- CopyMem (Buffer, &DigestList->digests[Index].digest, DigestSize);
- Buffer = (UINT8 *)Buffer + DigestSize;
- }
-
- return Buffer;
-}
-
-/**
Set Tpm2HashMask PCD value according to TPM2 PCR bank.
**/
VOID
@@ -390,7 +309,7 @@ LogHashEvent (
TcgPcrEvent2->PCRIndex = NewEventHdr->PCRIndex;
TcgPcrEvent2->EventType = NewEventHdr->EventType;
DigestBuffer = (UINT8 *)&TcgPcrEvent2->Digest;
- DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList);
+ DigestBuffer = CopyDigestListToBuffer (DigestBuffer, DigestList, PcdGet32 (PcdTpm2HashMask));
CopyMem (DigestBuffer, &NewEventHdr->EventSize, sizeof(TcgPcrEvent2->EventSize));
DigestBuffer = DigestBuffer + sizeof(TcgPcrEvent2->EventSize);
CopyMem (DigestBuffer, NewEventData, NewEventHdr->EventSize);
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH 6/6] SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
` (4 preceding siblings ...)
2016-09-20 10:51 ` [PATCH 5/6] SecuriryPkg/TPM2: Move CopyDigestListToBuffer() " Star Zeng
@ 2016-09-20 10:51 ` Star Zeng
2016-09-21 6:05 ` Zhang, Chao B
2016-09-20 10:58 ` [PATCH 0/6] Move/Extract generic duplicated code " Zeng, Star
2016-09-20 14:47 ` Yao, Jiewen
7 siblings, 1 reply; 10+ messages in thread
From: Star Zeng @ 2016-09-20 10:51 UTC (permalink / raw)
To: edk2-devel; +Cc: Jiewen Yao, Chao B Zhang, Star Zeng
From: Jiewen Yao <jiewen.yao@intel.com>
This patch extracts function Tpm2GetCapabilitySupportedAndActivePcrs()
from drivers and also update Tcg2ExecutePhysicalPresence() to call
Tpm2GetCapabilitySupportedAndActivePcrs() instead of
Tcg2Protocol->GetCapability to query the TPM to determine which
hashing algorithms are supported.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 18 +++++
.../DxeTcg2PhysicalPresenceLib.c | 17 ++--
.../Library/Tpm2CommandLib/Tpm2Capability.c | 92 ++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 49 +-----------
4 files changed, 118 insertions(+), 58 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 825ffc37a466..9a1dd8d8aceb 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -763,6 +763,24 @@ Tpm2GetCapabilityPcrs (
);
/**
+ This function will query the TPM to determine which hashing algorithms
+ are supported and which PCR banks are currently active.
+
+ @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
+ @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.
+
+ @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.
+ @retval Others An error occurred, likely in communication with the TPM.
+
+**/
+EFI_STATUS
+EFIAPI
+Tpm2GetCapabilitySupportedAndActivePcrs(
+ OUT UINT32 *TpmHashAlgorithmBitmap,
+ OUT UINT32 *ActivePcrBanks
+ );
+
+/**
This command returns the information of TPM AlgorithmSet.
This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index d1ed7e83c7ae..4cec0f75278b 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -160,17 +160,10 @@ Tcg2ExecutePhysicalPresence (
)
{
EFI_STATUS Status;
- EFI_TCG2_PROTOCOL *Tcg2Protocol;
- EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;
-
- Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
- ASSERT_EFI_ERROR (Status);
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
+ UINT32 ActivePcrBanks;
- ProtocolCapability.Size = sizeof(ProtocolCapability);
- Status = Tcg2Protocol->GetCapability (
- Tcg2Protocol,
- &ProtocolCapability
- );
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
ASSERT_EFI_ERROR (Status);
switch (CommandCode) {
@@ -194,7 +187,7 @@ Tcg2ExecutePhysicalPresence (
return TCG_PP_OPERATION_RESPONSE_SUCCESS;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
- Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
@@ -210,7 +203,7 @@ Tcg2ExecutePhysicalPresence (
}
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
- Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
index 0fe2c367d269..9aab17f9345f 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
@@ -486,6 +486,98 @@ Tpm2GetCapabilityPcrs (
}
/**
+ This function will query the TPM to determine which hashing algorithms
+ are supported and which PCR banks are currently active.
+
+ @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
+ @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.
+
+ @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.
+ @retval Others An error occurred, likely in communication with the TPM.
+
+**/
+EFI_STATUS
+EFIAPI
+Tpm2GetCapabilitySupportedAndActivePcrs (
+ OUT UINT32 *TpmHashAlgorithmBitmap,
+ OUT UINT32 *ActivePcrBanks
+ )
+{
+ EFI_STATUS Status;
+ TPML_PCR_SELECTION Pcrs;
+ UINTN Index;
+
+ //
+ // Get supported PCR and current Active PCRs.
+ //
+ Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+ //
+ // If error, assume that we have at least SHA-1 (and return the error.)
+ //
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n"));
+ *TpmHashAlgorithmBitmap = HASH_ALG_SHA1;
+ *ActivePcrBanks = HASH_ALG_SHA1;
+ }
+ //
+ // Otherwise, process the return data to determine what algorithms are supported
+ // and currently allocated.
+ //
+ else {
+ DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count = %08x\n", Pcrs.count));
+ *TpmHashAlgorithmBitmap = 0;
+ *ActivePcrBanks = 0;
+ for (Index = 0; Index < Pcrs.count; Index++) {
+ switch (Pcrs.pcrSelections[Index].hash) {
+ case TPM_ALG_SHA1:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA1;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA1;
+ }
+ break;
+ case TPM_ALG_SHA256:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA256;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA256;
+ }
+ break;
+ case TPM_ALG_SHA384:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA384;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA384;
+ }
+ break;
+ case TPM_ALG_SHA512:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA512;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA512;
+ }
+ break;
+ case TPM_ALG_SM3_256:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SM3_256;
+ }
+ break;
+ }
+ }
+ }
+
+ return Status;
+}
+
+/**
This command returns the information of TPM AlgorithmSet.
This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index f3cc47796448..db8d662f80dc 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -2222,7 +2222,6 @@ DriverEntry (
VOID *Registration;
UINT32 MaxCommandSize;
UINT32 MaxResponseSize;
- TPML_PCR_SELECTION Pcrs;
UINTN Index;
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePCRBanks;
@@ -2292,51 +2291,9 @@ DriverEntry (
//
// Get supported PCR and current Active PCRs
//
- Status = Tpm2GetCapabilityPcrs (&Pcrs);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
- TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- } else {
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
- TpmHashAlgorithmBitmap = 0;
- ActivePCRBanks = 0;
- for (Index = 0; Index < Pcrs.count; Index++) {
- DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash));
- switch (Pcrs.pcrSelections[Index].hash) {
- case TPM_ALG_SHA1:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- }
- break;
- case TPM_ALG_SHA256:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- }
- break;
- case TPM_ALG_SHA384:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- }
- break;
- case TPM_ALG_SHA512:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- }
- break;
- case TPM_ALG_SM3_256:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- }
- break;
- }
- }
- }
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePCRBanks);
+ ASSERT_EFI_ERROR (Status);
+
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
` (5 preceding siblings ...)
2016-09-20 10:51 ` [PATCH 6/6] SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs " Star Zeng
@ 2016-09-20 10:58 ` Zeng, Star
2016-09-20 14:47 ` Yao, Jiewen
7 siblings, 0 replies; 10+ messages in thread
From: Zeng, Star @ 2016-09-20 10:58 UTC (permalink / raw)
To: edk2-devel@lists.01.org; +Cc: Zhang, Chao B, Yao, Jiewen, Zeng, Star
There is typo in the title of patches, SecuriryPkg should be SecurityPkg and I have correct it at local, you may skip it when reviewing patches.
Thanks,
Star
-----Original Message-----
From: Zeng, Star
Sent: Tuesday, September 20, 2016 6:51 PM
To: edk2-devel@lists.01.org
Cc: Zeng, Star <star.zeng@intel.com>; Zhang, Chao B <chao.b.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib
These patches move/extract Tpm2PcrAllocateBanks(), Tpm2GetCapabilitySupportedAndActivePcrs(), CopyDigestListToBuffer(),
GetDigestListSize() and GetDigestFromDigestList() to Tpm2CommandLib.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Jiewen Yao (5):
SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib
SecuriryPkg/TPM2: Move GetDigestFromDigestList() to Tpm2CommandLib
SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib
SecuriryPkg/TPM2: Move CopyDigestListToBuffer() to Tpm2CommandLib
SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib
Star Zeng (1):
SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList()
SecurityPkg/Include/Library/Tpm2CommandLib.h | 85 ++++++++-
.../DxeTcg2PhysicalPresenceLib.c | 150 +---------------
.../Library/Tpm2CommandLib/Tpm2Capability.c | 92 ++++++++++
SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 147 +++++++++++++++-
SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134 +++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 191 +--------------------
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 145 +---------------
SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 37 +---
SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 37 +---
9 files changed, 470 insertions(+), 548 deletions(-)
--
2.7.0.windows.1
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
` (6 preceding siblings ...)
2016-09-20 10:58 ` [PATCH 0/6] Move/Extract generic duplicated code " Zeng, Star
@ 2016-09-20 14:47 ` Yao, Jiewen
7 siblings, 0 replies; 10+ messages in thread
From: Yao, Jiewen @ 2016-09-20 14:47 UTC (permalink / raw)
To: Zeng, Star, edk2-devel@lists.01.org; +Cc: Zhang, Chao B
Reviewed-by: Jiewen.yao@intel.com
> -----Original Message-----
> From: Zeng, Star
> Sent: Tuesday, September 20, 2016 6:51 PM
> To: edk2-devel@lists.01.org
> Cc: Zeng, Star <star.zeng@intel.com>; Zhang, Chao B
> <chao.b.zhang@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
> Subject: [PATCH 0/6] Move/Extract generic duplicated code to
> Tpm2CommandLib
>
> These patches move/extract Tpm2PcrAllocateBanks(),
> Tpm2GetCapabilitySupportedAndActivePcrs(), CopyDigestListToBuffer(),
> GetDigestListSize() and GetDigestFromDigestList() to Tpm2CommandLib.
>
> Cc: Chao B Zhang <chao.b.zhang@intel.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
>
> Jiewen Yao (5):
> SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() to Tpm2CommandLib
> SecuriryPkg/TPM2: Move GetDigestFromDigestList() to Tpm2CommandLib
> SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib
> SecuriryPkg/TPM2: Move CopyDigestListToBuffer() to Tpm2CommandLib
> SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs to
> Tpm2CommandLib
>
> Star Zeng (1):
> SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList()
>
> SecurityPkg/Include/Library/Tpm2CommandLib.h | 85 ++++++++-
> .../DxeTcg2PhysicalPresenceLib.c | 150
> +---------------
> .../Library/Tpm2CommandLib/Tpm2Capability.c | 92
> ++++++++++
> SecurityPkg/Library/Tpm2CommandLib/Tpm2Help.c | 147
> +++++++++++++++-
> SecurityPkg/Library/Tpm2CommandLib/Tpm2Integrity.c | 134
> +++++++++++++++
> SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 191
> +--------------------
> SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 145
> +---------------
> SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 37 +---
> SecurityPkg/Tcg/TrEEPei/TrEEPei.c | 37 +---
> 9 files changed, 470 insertions(+), 548 deletions(-)
>
> --
> 2.7.0.windows.1
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 6/6] SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib
2016-09-20 10:51 ` [PATCH 6/6] SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs " Star Zeng
@ 2016-09-21 6:05 ` Zhang, Chao B
0 siblings, 0 replies; 10+ messages in thread
From: Zhang, Chao B @ 2016-09-21 6:05 UTC (permalink / raw)
To: Zeng, Star, edk2-devel@lists.01.org; +Cc: Yao, Jiewen
Serial reviewed by: Chao Zhang <chao.b.zhang@intel.com>
Thanks & Best regards
Chao Zhang
-----Original Message-----
From: Zeng, Star
Sent: Tuesday, September 20, 2016 6:52 PM
To: edk2-devel@lists.01.org
Cc: Yao, Jiewen; Zhang, Chao B; Zeng, Star
Subject: [PATCH 6/6] SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib
From: Jiewen Yao <jiewen.yao@intel.com>
This patch extracts function Tpm2GetCapabilitySupportedAndActivePcrs()
from drivers and also update Tcg2ExecutePhysicalPresence() to call
Tpm2GetCapabilitySupportedAndActivePcrs() instead of
Tcg2Protocol->GetCapability to query the TPM to determine which
hashing algorithms are supported.
Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
---
SecurityPkg/Include/Library/Tpm2CommandLib.h | 18 +++++
.../DxeTcg2PhysicalPresenceLib.c | 17 ++--
.../Library/Tpm2CommandLib/Tpm2Capability.c | 92 ++++++++++++++++++++++
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 49 +-----------
4 files changed, 118 insertions(+), 58 deletions(-)
diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h b/SecurityPkg/Include/Library/Tpm2CommandLib.h
index 825ffc37a466..9a1dd8d8aceb 100644
--- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
+++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
@@ -763,6 +763,24 @@ Tpm2GetCapabilityPcrs (
);
/**
+ This function will query the TPM to determine which hashing algorithms
+ are supported and which PCR banks are currently active.
+
+ @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
+ @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.
+
+ @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.
+ @retval Others An error occurred, likely in communication with the TPM.
+
+**/
+EFI_STATUS
+EFIAPI
+Tpm2GetCapabilitySupportedAndActivePcrs(
+ OUT UINT32 *TpmHashAlgorithmBitmap,
+ OUT UINT32 *ActivePcrBanks
+ );
+
+/**
This command returns the information of TPM AlgorithmSet.
This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.
diff --git a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
index d1ed7e83c7ae..4cec0f75278b 100644
--- a/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
+++ b/SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
@@ -160,17 +160,10 @@ Tcg2ExecutePhysicalPresence (
)
{
EFI_STATUS Status;
- EFI_TCG2_PROTOCOL *Tcg2Protocol;
- EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;
-
- Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
- ASSERT_EFI_ERROR (Status);
+ EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
+ UINT32 ActivePcrBanks;
- ProtocolCapability.Size = sizeof(ProtocolCapability);
- Status = Tcg2Protocol->GetCapability (
- Tcg2Protocol,
- &ProtocolCapability
- );
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
ASSERT_EFI_ERROR (Status);
switch (CommandCode) {
@@ -194,7 +187,7 @@ Tcg2ExecutePhysicalPresence (
return TCG_PP_OPERATION_RESPONSE_SUCCESS;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
- Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
@@ -210,7 +203,7 @@ Tcg2ExecutePhysicalPresence (
}
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
- Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
+ Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
index 0fe2c367d269..9aab17f9345f 100644
--- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
+++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
@@ -486,6 +486,98 @@ Tpm2GetCapabilityPcrs (
}
/**
+ This function will query the TPM to determine which hashing algorithms
+ are supported and which PCR banks are currently active.
+
+ @param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
+ @param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.
+
+ @retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.
+ @retval Others An error occurred, likely in communication with the TPM.
+
+**/
+EFI_STATUS
+EFIAPI
+Tpm2GetCapabilitySupportedAndActivePcrs (
+ OUT UINT32 *TpmHashAlgorithmBitmap,
+ OUT UINT32 *ActivePcrBanks
+ )
+{
+ EFI_STATUS Status;
+ TPML_PCR_SELECTION Pcrs;
+ UINTN Index;
+
+ //
+ // Get supported PCR and current Active PCRs.
+ //
+ Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+ //
+ // If error, assume that we have at least SHA-1 (and return the error.)
+ //
+ if (EFI_ERROR (Status)) {
+ DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n"));
+ *TpmHashAlgorithmBitmap = HASH_ALG_SHA1;
+ *ActivePcrBanks = HASH_ALG_SHA1;
+ }
+ //
+ // Otherwise, process the return data to determine what algorithms are supported
+ // and currently allocated.
+ //
+ else {
+ DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count = %08x\n", Pcrs.count));
+ *TpmHashAlgorithmBitmap = 0;
+ *ActivePcrBanks = 0;
+ for (Index = 0; Index < Pcrs.count; Index++) {
+ switch (Pcrs.pcrSelections[Index].hash) {
+ case TPM_ALG_SHA1:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA1;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA1;
+ }
+ break;
+ case TPM_ALG_SHA256:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA256;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA256;
+ }
+ break;
+ case TPM_ALG_SHA384:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA384;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA384;
+ }
+ break;
+ case TPM_ALG_SHA512:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SHA512;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SHA512;
+ }
+ break;
+ case TPM_ALG_SM3_256:
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
+ *TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256;
+ if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
+ DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n"));
+ *ActivePcrBanks |= HASH_ALG_SM3_256;
+ }
+ break;
+ }
+ }
+ }
+
+ return Status;
+}
+
+/**
This command returns the information of TPM AlgorithmSet.
This function parse the value got from TPM2_GetCapability and return the AlgorithmSet.
diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
index f3cc47796448..db8d662f80dc 100644
--- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
+++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
@@ -2222,7 +2222,6 @@ DriverEntry (
VOID *Registration;
UINT32 MaxCommandSize;
UINT32 MaxResponseSize;
- TPML_PCR_SELECTION Pcrs;
UINTN Index;
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePCRBanks;
@@ -2292,51 +2291,9 @@ DriverEntry (
//
// Get supported PCR and current Active PCRs
//
- Status = Tpm2GetCapabilityPcrs (&Pcrs);
- if (EFI_ERROR (Status)) {
- DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
- TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
- } else {
- DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
- TpmHashAlgorithmBitmap = 0;
- ActivePCRBanks = 0;
- for (Index = 0; Index < Pcrs.count; Index++) {
- DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash));
- switch (Pcrs.pcrSelections[Index].hash) {
- case TPM_ALG_SHA1:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
- }
- break;
- case TPM_ALG_SHA256:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
- }
- break;
- case TPM_ALG_SHA384:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
- }
- break;
- case TPM_ALG_SHA512:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
- }
- break;
- case TPM_ALG_SM3_256:
- TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
- ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
- }
- break;
- }
- }
- }
+ Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePCRBanks);
+ ASSERT_EFI_ERROR (Status);
+
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
--
2.7.0.windows.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
end of thread, other threads:[~2016-09-21 6:07 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-09-20 10:51 [PATCH 0/6] Move/Extract generic duplicated code to Tpm2CommandLib Star Zeng
2016-09-20 10:51 ` [PATCH 1/6] SecuriryPkg/TPM2: Move Tpm2PcrAllocateBanks() " Star Zeng
2016-09-20 10:51 ` [PATCH 2/6] SecuriryPkg/TPM2: Move GetDigestFromDigestList() " Star Zeng
2016-09-20 10:51 ` [PATCH 3/6] SecuriryPkg/TPM2: Update function header of GetDigestFromDigestList() Star Zeng
2016-09-20 10:51 ` [PATCH 4/6] SecuriryPkg/TPM2: Move GetDigestListSize() to Tpm2CommandLib Star Zeng
2016-09-20 10:51 ` [PATCH 5/6] SecuriryPkg/TPM2: Move CopyDigestListToBuffer() " Star Zeng
2016-09-20 10:51 ` [PATCH 6/6] SecuriryPkg/TPM2: Extract GetSupportedAndActivePcrs " Star Zeng
2016-09-21 6:05 ` Zhang, Chao B
2016-09-20 10:58 ` [PATCH 0/6] Move/Extract generic duplicated code " Zeng, Star
2016-09-20 14:47 ` Yao, Jiewen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox