* [edk2-platforms][Patch V4 0/2] MinPlatformPkg: Introduce library for customizing TPM platform configuration
@ 2019-11-14 18:03 Rodrigo Gonzalez del Cueto
2019-11-14 18:03 ` [edk2-platforms][Patch V4 1/2] MinPlatformPkg: Library for customizing TPM platform hierarchy Rodrigo Gonzalez del Cueto
2019-11-14 18:03 ` [edk2-platforms][Patch V4 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib Rodrigo Gonzalez del Cueto
0 siblings, 2 replies; 3+ messages in thread
From: Rodrigo Gonzalez del Cueto @ 2019-11-14 18:03 UTC (permalink / raw)
To: devel; +Cc: Rodrigo Gonzalez del Cueto
[PATCH 4] Split up TpmPlatformHierarchyLib from Tcg2PlatformDxe modifications
[PATCH 1/2] Introduction of TpmPlatformHierarchyLib
[PATCH 2/2] Modification on Tcg2PlatformDxe to use TpmPlatformHierarchyLib
Rodrigo Gonzalez del Cueto (2):
MinPlatformPkg: Library for customizing TPM platform hierarchy
MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib
.../Include/Library/TpmPlatformHierarchyLib.h | 29 +++
.../Intel/MinPlatformPkg/MinPlatformPkg.dec | 2 +
.../Intel/MinPlatformPkg/MinPlatformPkg.dsc | 1 +
.../TpmPlatformHierarchyLib.c | 216 ++++++++++++++++++
.../TpmPlatformHierarchyLib.inf | 45 ++++
.../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c | 168 ++------------
.../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf | 12 +-
7 files changed, 317 insertions(+), 156 deletions(-)
create mode 100644 Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h
create mode 100644 Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.c
create mode 100644 Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.inf
--
2.22.0.windows.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* [edk2-platforms][Patch V4 1/2] MinPlatformPkg: Library for customizing TPM platform hierarchy
2019-11-14 18:03 [edk2-platforms][Patch V4 0/2] MinPlatformPkg: Introduce library for customizing TPM platform configuration Rodrigo Gonzalez del Cueto
@ 2019-11-14 18:03 ` Rodrigo Gonzalez del Cueto
2019-11-14 18:03 ` [edk2-platforms][Patch V4 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib Rodrigo Gonzalez del Cueto
1 sibling, 0 replies; 3+ messages in thread
From: Rodrigo Gonzalez del Cueto @ 2019-11-14 18:03 UTC (permalink / raw)
To: devel
Cc: Rodrigo Gonzalez del Cueto, Michael Kubacki, Chasel Chiu,
Nate DeSimone, Liming Gao
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2331
In V4:
+ Splitting changes into two patches:
1) Creation on TpmPlatformHierarchyLib
2) Modification to Tcg2PlatformDxe
In order to enable some TPM use cases BIOS should enable to customize
the configuration of the TPM platform, provisioning of endorsement,
platform and storage hierarchy.
Cc: Michael Kubacki <michael.a.kubacki@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
---
.../Include/Library/TpmPlatformHierarchyLib.h | 29 +++
.../Intel/MinPlatformPkg/MinPlatformPkg.dec | 2 +
.../Intel/MinPlatformPkg/MinPlatformPkg.dsc | 1 +
.../TpmPlatformHierarchyLib.c | 216 ++++++++++++++++++
.../TpmPlatformHierarchyLib.inf | 45 ++++
5 files changed, 293 insertions(+)
create mode 100644 Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h
create mode 100644 Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.c
create mode 100644 Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.inf
diff --git a/Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h b/Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h
new file mode 100644
index 000000000000..ed9709b24a73
--- /dev/null
+++ b/Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib.h
@@ -0,0 +1,29 @@
+/** @file
+ TPM Platform Hierarchy configuration library.
+
+ This library provides functions for customizing the TPM's Platform Hierarchy
+ Authorization Value (platformAuth) and Platform Hierarchy Authorization
+ Policy (platformPolicy) can be defined through this function.
+
+Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef _TPM_PLATFORM_HIERARCHY_LIB_H_
+#define _TPM_PLATFORM_HIERARCHY_LIB_H_
+
+#include <PiDxe.h>
+#include <Uefi.h>
+
+/**
+ This service will perform the TPM Platform Hierarchy configuration at the SmmReadyToLock event.
+
+**/
+VOID
+EFIAPI
+ConfigureTpmPlatformHierarchy (
+ VOID
+ );
+
+#endif
diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
index a851021c0b79..92bda3784ffc 100644
--- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
+++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec
@@ -62,6 +62,8 @@ BoardInitLib|Include/Library/BoardInitLib.h
MultiBoardInitSupportLib|Include/Library/MultiBoardInitSupportLib.h
SecBoardInitLib|Include/Library/SecBoardInitLib.h
+TpmPlatformHierarchyLib|Include/Library/TpmPlatformHierarchyLib.h
+
TestPointLib|Include/Library/TestPointLib.h
TestPointCheckLib|Include/Library/TestPointCheckLib.h
diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
index 5f9363ff3228..a01f229a891d 100644
--- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
+++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
@@ -102,6 +102,7 @@
FspWrapperPlatformLib|MinPlatformPkg/FspWrapper/Library/DxeFspWrapperPlatformLib/DxeFspWrapperPlatformLib.inf
TestPointCheckLib|MinPlatformPkg/Test/Library/TestPointCheckLib/DxeTestPointCheckLib.inf
TestPointLib|MinPlatformPkg/Test/Library/TestPointLib/DxeTestPointLib.inf
+ TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.inf
[LibraryClasses.common.DXE_SMM_DRIVER]
SpiFlashCommonLib|MinPlatformPkg/Flash/Library/SpiFlashCommonLibNull/SpiFlashCommonLibNull.inf
diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.c b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.c
new file mode 100644
index 000000000000..448a47cf9f3e
--- /dev/null
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.c
@@ -0,0 +1,216 @@
+/** @file
+ TPM Platform Hierarchy configuration library.
+
+ This library provides functions for customizing the TPM's Platform Hierarchy
+ Authorization Value (platformAuth) and Platform Hierarchy Authorization
+ Policy (platformPolicy) can be defined through this function.
+
+ Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+
+ @par Specification Reference:
+ https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/
+**/
+
+#include <PiDxe.h>
+
+#include <Library/DebugLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/Tpm2CommandLib.h>
+#include <Library/RngLib.h>
+#include <Library/UefiLib.h>
+#include <Protocol/DxeSmmReadyToLock.h>
+
+//
+// The authorization value may be no larger than the digest produced by the hash
+// algorithm used for context integrity.
+//
+#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
+
+/**
+ Generate high-quality entropy source through RDRAND.
+
+ @param[in] Length Size of the buffer, in bytes, to fill with.
+ @param[out] Entropy Pointer to the buffer to store the entropy data.
+
+ @retval EFI_SUCCESS Entropy generation succeeded.
+ @retval EFI_NOT_READY Failed to request random data.
+
+**/
+EFI_STATUS
+EFIAPI
+RdRandGenerateEntropy (
+ IN UINTN Length,
+ OUT UINT8 *Entropy
+ )
+{
+ EFI_STATUS Status;
+ UINTN BlockCount;
+ UINT64 Seed[2];
+ UINT8 *Ptr;
+
+ Status = EFI_NOT_READY;
+ BlockCount = Length / 64;
+ Ptr = (UINT8 *)Entropy;
+
+ //
+ // Generate high-quality seed for DRBG Entropy
+ //
+ while (BlockCount > 0) {
+ Status = GetRandomNumber128 (Seed);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ CopyMem (Ptr, Seed, 64);
+
+ BlockCount--;
+ Ptr = Ptr + 64;
+ }
+
+ //
+ // Populate the remained data as request.
+ //
+ Status = GetRandomNumber128 (Seed);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ CopyMem (Ptr, Seed, (Length % 64));
+
+ return Status;
+}
+
+/**
+ This function returns the maximum size of TPM2B_AUTH; this structure is used for an authorization value
+ and limits an authValue to being no larger than the largest digest produced by a TPM.
+
+ @param[out] AuthSize Tpm2 Auth size
+
+ @retval EFI_SUCCESS Auth size returned.
+ @retval EFI_DEVICE_ERROR Can not return platform auth due to device error.
+
+**/
+EFI_STATUS
+EFIAPI
+GetAuthSize (
+ OUT UINT16 *AuthSize
+ )
+{
+ EFI_STATUS Status;
+ TPML_PCR_SELECTION Pcrs;
+ UINTN Index;
+ UINT16 DigestSize;
+
+ Status = EFI_SUCCESS;
+
+ while (mAuthSize == 0) {
+
+ mAuthSize = SHA1_DIGEST_SIZE;
+ ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));
+ Status = Tpm2GetCapabilityPcrs (&Pcrs);
+
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
+ break;
+ }
+
+ DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n", Pcrs.count));
+
+ for (Index = 0; Index < Pcrs.count; Index++) {
+ DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash));
+
+ switch (Pcrs.pcrSelections[Index].hash) {
+ case TPM_ALG_SHA1:
+ DigestSize = SHA1_DIGEST_SIZE;
+ break;
+ case TPM_ALG_SHA256:
+ DigestSize = SHA256_DIGEST_SIZE;
+ break;
+ case TPM_ALG_SHA384:
+ DigestSize = SHA384_DIGEST_SIZE;
+ break;
+ case TPM_ALG_SHA512:
+ DigestSize = SHA512_DIGEST_SIZE;
+ break;
+ case TPM_ALG_SM3_256:
+ DigestSize = SM3_256_DIGEST_SIZE;
+ break;
+ default:
+ DigestSize = SHA1_DIGEST_SIZE;
+ break;
+ }
+
+ if (DigestSize > mAuthSize) {
+ mAuthSize = DigestSize;
+ }
+ }
+ break;
+ }
+
+ *AuthSize = mAuthSize;
+ return Status;
+}
+
+/**
+ Set PlatformAuth to random value.
+**/
+VOID
+RandomizePlatformAuth (
+ VOID
+ )
+{
+ EFI_STATUS Status;
+ UINT16 AuthSize;
+ UINT32 Index;
+ UINT8 *Rand;
+ UINTN RandSize;
+ TPM2B_AUTH NewPlatformAuth;
+
+ //
+ // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
+ //
+
+ GetAuthSize (&AuthSize);
+
+ ZeroMem (NewPlatformAuth.buffer, AuthSize);
+ NewPlatformAuth.size = AuthSize;
+
+ //
+ // Allocate one buffer to store random data.
+ //
+ RandSize = MAX_NEW_AUTHORIZATION_SIZE;
+ Rand = AllocatePool (RandSize);
+
+ RdRandGenerateEntropy (RandSize, Rand);
+ CopyMem (NewPlatformAuth.buffer, Rand, AuthSize);
+
+ FreePool (Rand);
+
+ //
+ // Send Tpm2HierarchyChangeAuth command with the new Auth value
+ //
+ Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
+ DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
+ ZeroMem (NewPlatformAuth.buffer, AuthSize);
+ ZeroMem (Rand, RandSize);
+}
+
+/**
+ This service defines the configuration of the Platform Hierarchy Authorization Value (platformAuth)
+ and Platform Hierarchy Authorization Policy (platformPolicy)
+
+**/
+VOID
+EFIAPI
+ConfigureTpmPlatformHierarchy (
+ )
+{
+ EFI_STATUS Status;
+ VOID *Interface;
+
+ //
+ // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
+ //
+ RandomizePlatformAuth ();
+}
diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.inf b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.inf
new file mode 100644
index 000000000000..0911bdffa01f
--- /dev/null
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmPlatformHierarchyLib.inf
@@ -0,0 +1,45 @@
+### @file
+#
+# TPM Platform Hierarchy configuration library.
+#
+# This library provides functions for customizing the TPM's Platform Hierarchy
+# Authorization Value (platformAuth) and Platform Hierarchy Authorization
+# Policy (platformPolicy) can be defined through this function.
+#
+# Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+#
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+###
+
+[Defines]
+ INF_VERSION = 0x00010005
+ BASE_NAME = TpmPlatformHierarchyLib
+ FILE_GUID = 7794F92C-4E8E-4E57-9E4A-49A0764C7D73
+ MODULE_TYPE = DXE_DRIVER
+ VERSION_STRING = 1.0
+ LIBRARY_CLASS = TpmPlatformHierarchyLib
+
+[LibraryClasses]
+ MemoryAllocationLib
+ BaseLib
+ UefiBootServicesTableLib
+ UefiDriverEntryPoint
+ BaseMemoryLib
+ DebugLib
+ Tpm2CommandLib
+ Tpm2DeviceLib
+ RngLib
+ UefiLib
+
+[Packages]
+ MdePkg/MdePkg.dec
+ MdeModulePkg/MdeModulePkg.dec
+ SecurityPkg/SecurityPkg.dec
+ CryptoPkg/CryptoPkg.dec
+
+[Sources]
+ TpmPlatformHierarchyLib.c
+
+[Depex]
+ gEfiTcg2ProtocolGuid
--
2.22.0.windows.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [edk2-platforms][Patch V4 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib
2019-11-14 18:03 [edk2-platforms][Patch V4 0/2] MinPlatformPkg: Introduce library for customizing TPM platform configuration Rodrigo Gonzalez del Cueto
2019-11-14 18:03 ` [edk2-platforms][Patch V4 1/2] MinPlatformPkg: Library for customizing TPM platform hierarchy Rodrigo Gonzalez del Cueto
@ 2019-11-14 18:03 ` Rodrigo Gonzalez del Cueto
1 sibling, 0 replies; 3+ messages in thread
From: Rodrigo Gonzalez del Cueto @ 2019-11-14 18:03 UTC (permalink / raw)
To: devel
Cc: Rodrigo Gonzalez del Cueto, Michael Kubacki, Chasel Chiu,
Nate DeSimone, Liming Gao
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2331
Tcg2PlatformDxe will now leverage from TpmPlatformHierarchyLib's
ConfigureTpmPlatformHierarchy function to configure the TPM's Platform
Hierarchy.
Cc: Michael Kubacki <michael.a.kubacki@intel.com>
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Rodrigo Gonzalez del Cueto <rodrigo.gonzalez.del.cueto@intel.com>
---
.../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c | 168 +++---------------
.../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf | 12 +-
2 files changed, 24 insertions(+), 156 deletions(-)
diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
index d0d88b2e91d5..704c6d8d6baa 100644
--- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
@@ -1,157 +1,31 @@
/** @file
- Platform specific TPM2 component.
+ Platform specific TPM2 component for configuring the Platform Hierarchy.
-Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
-SPDX-License-Identifier: BSD-2-Clause-Patent
+ Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
+ SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <PiDxe.h>
#include <Library/DebugLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/UefiRuntimeServicesTableLib.h>
#include <Library/UefiBootServicesTableLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/Tpm2CommandLib.h>
-#include <Library/RngLib.h>
#include <Library/UefiLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
#include <Protocol/DxeSmmReadyToLock.h>
-#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
-
/**
- Generate high-quality entropy source through RDRAND.
-
- @param[in] Length Size of the buffer, in bytes, to fill with.
- @param[out] Entropy Pointer to the buffer to store the entropy data.
-
- @retval EFI_SUCCESS Entropy generation succeeded.
- @retval EFI_NOT_READY Failed to request random data.
-
-**/
-EFI_STATUS
-EFIAPI
-RdRandGenerateEntropy (
- IN UINTN Length,
- OUT UINT8 *Entropy
- )
-{
- EFI_STATUS Status;
- UINTN BlockCount;
- UINT64 Seed[2];
- UINT8 *Ptr;
-
- Status = EFI_NOT_READY;
- BlockCount = Length / 64;
- Ptr = (UINT8 *)Entropy;
+ This callback function will run at the SmmReadyToLock event.
- //
- // Generate high-quality seed for DRBG Entropy
- //
- while (BlockCount > 0) {
- Status = GetRandomNumber128(Seed);
- if (EFI_ERROR(Status)) {
- return Status;
- }
- CopyMem(Ptr, Seed, 64);
-
- BlockCount--;
- Ptr = Ptr + 64;
- }
-
- //
- // Populate the remained data as request.
- //
- Status = GetRandomNumber128(Seed);
- if (EFI_ERROR(Status)) {
- return Status;
- }
- CopyMem(Ptr, Seed, (Length % 64));
-
- return Status;
-}
-
-/**
- Set PlatformAuth to random value.
-**/
-VOID
-RandomizePlatformAuth (
- VOID
- )
-{
- EFI_STATUS Status;
- UINT16 AuthSize;
- TPML_PCR_SELECTION Pcrs;
- UINT32 Index;
- UINT8 *Rand;
- UINTN RandSize;
- TPM2B_AUTH NewPlatformAuth;
-
- //
- // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
- //
- ZeroMem(&Pcrs, sizeof(TPML_PCR_SELECTION));
- AuthSize = MAX_NEW_AUTHORIZATION_SIZE;
-
- Status = Tpm2GetCapabilityPcrs(&Pcrs);
- if (EFI_ERROR(Status)) {
- DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
- } else {
- for (Index = 0; Index < Pcrs.count; Index++) {
- switch (Pcrs.pcrSelections[Index].hash) {
- case TPM_ALG_SHA1:
- AuthSize = SHA1_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA256:
- AuthSize = SHA256_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA384:
- AuthSize = SHA384_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA512:
- AuthSize = SHA512_DIGEST_SIZE;
- break;
- case TPM_ALG_SM3_256:
- AuthSize = SM3_256_DIGEST_SIZE;
- break;
- }
- }
- }
-
- ZeroMem(NewPlatformAuth.buffer, AuthSize);
- NewPlatformAuth.size = AuthSize;
-
- //
- // Allocate one buffer to store random data.
- //
- RandSize = MAX_NEW_AUTHORIZATION_SIZE;
- Rand = AllocatePool(RandSize);
-
- RdRandGenerateEntropy(RandSize, Rand);
- CopyMem(NewPlatformAuth.buffer, Rand, AuthSize);
-
- FreePool(Rand);
-
- //
- // Send Tpm2HierarchyChangeAuth command with the new Auth value
- //
- Status = Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
- DEBUG((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
- ZeroMem(NewPlatformAuth.buffer, AuthSize);
- ZeroMem(Rand, RandSize);
-}
-
-/**
- This is the Event call back function to notify the Library the system is entering
- run time phase.
+ Configuration of the TPM's Platform Hierarchy Authorization Value (platformAuth)
+ and Platform Hierarchy Authorization Policy (platformPolicy) can be defined through this function.
@param Event Pointer to this event
@param Context Event hanlder private data
**/
VOID
EFIAPI
-ReadyToLockEventCallBack (
+SmmReadyToLockEventCallBack (
IN EFI_EVENT Event,
IN VOID *Context
)
@@ -172,22 +46,20 @@ ReadyToLockEventCallBack (
return ;
}
- //
- // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
- //
- RandomizePlatformAuth();
+ ConfigureTpmPlatformHierarchy ();
gBS->CloseEvent (Event);
}
/**
- The driver's entry point.
+ The driver's entry point. Will register a function for callback during SmmReadyToLock event to
+ configure the TPM's platform authorization.
- @param[in] ImageHandle The firmware allocated handle for the EFI image.
- @param[in] SystemTable A pointer to the EFI System Table.
+ @param[in] ImageHandle The firmware allocated handle for the EFI image.
+ @param[in] SystemTable A pointer to the EFI System Table.
- @retval EFI_SUCCESS The entry point is executed successfully.
- @retval other Some error occurs when executing this entry point.
+ @retval EFI_SUCCESS The entry point is executed successfully.
+ @retval other Some error occurs when executing this entry point.
**/
EFI_STATUS
EFIAPI
@@ -196,17 +68,19 @@ Tcg2PlatformDxeEntryPoint (
IN EFI_SYSTEM_TABLE *SystemTable
)
{
- VOID *Registration;
- EFI_EVENT Event;
+ VOID *Registration;
+ EFI_EVENT Event;
- Event = EfiCreateProtocolNotifyEvent (
+ Event = EfiCreateProtocolNotifyEvent (
&gEfiDxeSmmReadyToLockProtocolGuid,
TPL_CALLBACK,
- ReadyToLockEventCallBack,
+ SmmReadyToLockEventCallBack,
NULL,
&Registration
);
+
ASSERT (Event != NULL);
return EFI_SUCCESS;
}
+
diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
index e8ab5f35a0da..af29c1cd98c9 100644
--- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf
@@ -1,7 +1,7 @@
### @file
# Platform specific TPM2 component.
#
-# Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.<BR>
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -21,23 +21,18 @@
#
[LibraryClasses]
- MemoryAllocationLib
BaseLib
UefiBootServicesTableLib
UefiDriverEntryPoint
- UefiRuntimeServicesTableLib
- BaseMemoryLib
DebugLib
- Tpm2CommandLib
- Tpm2DeviceLib
- RngLib
UefiLib
+ TpmPlatformHierarchyLib
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
+ MinPlatformPkg/MinPlatformPkg.dec
SecurityPkg/SecurityPkg.dec
- CryptoPkg/CryptoPkg.dec
[Sources]
Tcg2PlatformDxe.c
@@ -47,4 +42,3 @@
[Depex]
gEfiTcg2ProtocolGuid
-
--
2.22.0.windows.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-14 18:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-11-14 18:03 [edk2-platforms][Patch V4 0/2] MinPlatformPkg: Introduce library for customizing TPM platform configuration Rodrigo Gonzalez del Cueto
2019-11-14 18:03 ` [edk2-platforms][Patch V4 1/2] MinPlatformPkg: Library for customizing TPM platform hierarchy Rodrigo Gonzalez del Cueto
2019-11-14 18:03 ` [edk2-platforms][Patch V4 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib Rodrigo Gonzalez del Cueto
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox