From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com []) by mx.groups.io with SMTP id smtpd.web12.3876.1573765517348861963 for ; Thu, 14 Nov 2019 13:05:20 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=fail (domain: intel.com, ip: , mailfrom: rodrigo.gonzalez.del.cueto@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Nov 2019 13:05:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,305,1569308400"; d="scan'208";a="230236681" Received: from fm73lab177-1.amr.corp.intel.com ([10.80.209.189]) by fmsmga004.fm.intel.com with ESMTP; 14 Nov 2019 13:05:19 -0800 From: Rodrigo Gonzalez del Cueto To: devel@edk2.groups.io. Cc: Rodrigo Gonzalez del Cueto , Michael Kubacki , Chasel Chiu , Nate DeSimone , Liming Gao Subject: [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib Date: Thu, 14 Nov 2019 13:05:10 -0800 Message-Id: <20191114210510.1736-3-rodrigo.gonzalez.del.cueto@intel.com> X-Mailer: git-send-email 2.22.0.windows.1 In-Reply-To: <20191114210510.1736-1-rodrigo.gonzalez.del.cueto@intel.com> References: <20191114210510.1736-1-rodrigo.gonzalez.del.cueto@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable This change is split into two commits: 1) First commit: Add new library class TpmPlatformHierarchyLib 2) This commit: Add usage in Tcg2PlatformDxe Tcg2PlatformDxe will now leverage from TpmPlatformHierarchyLib's ConfigureTpmPlatformHierarchy function to configure the TPM's Platform Hierarchy. Cc: Michael Kubacki Cc: Chasel Chiu Cc: Nate DeSimone Cc: Liming Gao Signed-off-by: Rodrigo Gonzalez del Cueto --- .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c | 168 +++--------------- .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf | 12 +- 2 files changed, 24 insertions(+), 156 deletions(-) diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2Platform= Dxe.c b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c index d0d88b2e91d5..704c6d8d6baa 100644 --- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c +++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c @@ -1,157 +1,31 @@ /** @file=0D - Platform specific TPM2 component.=0D + Platform specific TPM2 component for configuring the Platform Hierarchy.= =0D =0D -Copyright (c) 2017, Intel Corporation. All rights reserved.
=0D -SPDX-License-Identifier: BSD-2-Clause-Patent=0D + Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.
=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D =0D **/=0D =0D #include =0D =0D #include =0D -#include =0D -#include =0D #include =0D -#include =0D -#include =0D -#include =0D #include =0D +#include =0D #include =0D =0D -#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE=0D -=0D /**=0D - Generate high-quality entropy source through RDRAND.=0D -=0D - @param[in] Length Size of the buffer, in bytes, to fill with.=0D - @param[out] Entropy Pointer to the buffer to store the entropy da= ta.=0D -=0D - @retval EFI_SUCCESS Entropy generation succeeded.=0D - @retval EFI_NOT_READY Failed to request random data.=0D -=0D -**/=0D -EFI_STATUS=0D -EFIAPI=0D -RdRandGenerateEntropy (=0D - IN UINTN Length,=0D - OUT UINT8 *Entropy=0D - )=0D -{=0D - EFI_STATUS Status;=0D - UINTN BlockCount;=0D - UINT64 Seed[2];=0D - UINT8 *Ptr;=0D -=0D - Status =3D EFI_NOT_READY;=0D - BlockCount =3D Length / 64;=0D - Ptr =3D (UINT8 *)Entropy;=0D + This callback function will run at the SmmReadyToLock event.=0D =0D - //=0D - // Generate high-quality seed for DRBG Entropy=0D - //=0D - while (BlockCount > 0) {=0D - Status =3D GetRandomNumber128(Seed);=0D - if (EFI_ERROR(Status)) {=0D - return Status;=0D - }=0D - CopyMem(Ptr, Seed, 64);=0D -=0D - BlockCount--;=0D - Ptr =3D Ptr + 64;=0D - }=0D -=0D - //=0D - // Populate the remained data as request.=0D - //=0D - Status =3D GetRandomNumber128(Seed);=0D - if (EFI_ERROR(Status)) {=0D - return Status;=0D - }=0D - CopyMem(Ptr, Seed, (Length % 64));=0D -=0D - return Status;=0D -}=0D -=0D -/**=0D - Set PlatformAuth to random value.=0D -**/=0D -VOID=0D -RandomizePlatformAuth (=0D - VOID=0D - )=0D -{=0D - EFI_STATUS Status;=0D - UINT16 AuthSize;=0D - TPML_PCR_SELECTION Pcrs;=0D - UINT32 Index;=0D - UINT8 *Rand;=0D - UINTN RandSize;=0D - TPM2B_AUTH NewPlatformAuth;=0D -=0D - //=0D - // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth= being null=0D - //=0D - ZeroMem(&Pcrs, sizeof(TPML_PCR_SELECTION));=0D - AuthSize =3D MAX_NEW_AUTHORIZATION_SIZE;=0D -=0D - Status =3D Tpm2GetCapabilityPcrs(&Pcrs);=0D - if (EFI_ERROR(Status)) {=0D - DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));=0D - } else {=0D - for (Index =3D 0; Index < Pcrs.count; Index++) {=0D - switch (Pcrs.pcrSelections[Index].hash) {=0D - case TPM_ALG_SHA1:=0D - AuthSize =3D SHA1_DIGEST_SIZE;=0D - break;=0D - case TPM_ALG_SHA256:=0D - AuthSize =3D SHA256_DIGEST_SIZE;=0D - break;=0D - case TPM_ALG_SHA384:=0D - AuthSize =3D SHA384_DIGEST_SIZE;=0D - break;=0D - case TPM_ALG_SHA512:=0D - AuthSize =3D SHA512_DIGEST_SIZE;=0D - break;=0D - case TPM_ALG_SM3_256:=0D - AuthSize =3D SM3_256_DIGEST_SIZE;=0D - break;=0D - }=0D - }=0D - }=0D -=0D - ZeroMem(NewPlatformAuth.buffer, AuthSize);=0D - NewPlatformAuth.size =3D AuthSize;=0D -=0D - //=0D - // Allocate one buffer to store random data.=0D - //=0D - RandSize =3D MAX_NEW_AUTHORIZATION_SIZE;=0D - Rand =3D AllocatePool(RandSize);=0D -=0D - RdRandGenerateEntropy(RandSize, Rand);=0D - CopyMem(NewPlatformAuth.buffer, Rand, AuthSize);=0D -=0D - FreePool(Rand);=0D -=0D - //=0D - // Send Tpm2HierarchyChangeAuth command with the new Auth value=0D - //=0D - Status =3D Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL, &NewPlatformAu= th);=0D - DEBUG((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));=0D - ZeroMem(NewPlatformAuth.buffer, AuthSize);=0D - ZeroMem(Rand, RandSize);=0D -}=0D -=0D -/**=0D - This is the Event call back function to notify the Library the system is= entering=0D - run time phase.=0D + Configuration of the TPM's Platform Hierarchy Authorization Value (plat= formAuth)=0D + and Platform Hierarchy Authorization Policy (platformPolicy) can be def= ined through this function.=0D =0D @param Event Pointer to this event=0D @param Context Event hanlder private data=0D **/=0D VOID=0D EFIAPI=0D -ReadyToLockEventCallBack (=0D +SmmReadyToLockEventCallBack (=0D IN EFI_EVENT Event,=0D IN VOID *Context=0D )=0D @@ -172,22 +46,20 @@ ReadyToLockEventCallBack ( return ;=0D }=0D =0D - //=0D - // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth= being null=0D - //=0D - RandomizePlatformAuth();=0D + ConfigureTpmPlatformHierarchy ();=0D =0D gBS->CloseEvent (Event);=0D }=0D =0D /**=0D - The driver's entry point.=0D + The driver's entry point. Will register a function for callback during = SmmReadyToLock event to=0D + configure the TPM's platform authorization.=0D =0D - @param[in] ImageHandle The firmware allocated handle for the EFI image.= =0D - @param[in] SystemTable A pointer to the EFI System Table.=0D + @param[in] ImageHandle The firmware allocated handle for the EFI image= .=0D + @param[in] SystemTable A pointer to the EFI System Table.=0D =0D - @retval EFI_SUCCESS The entry point is executed successfully.=0D - @retval other Some error occurs when executing this entry poin= t.=0D + @retval EFI_SUCCESS The entry point is executed successfully.=0D + @retval other Some error occurs when executing this entry poi= nt.=0D **/=0D EFI_STATUS=0D EFIAPI=0D @@ -196,17 +68,19 @@ Tcg2PlatformDxeEntryPoint ( IN EFI_SYSTEM_TABLE *SystemTable=0D )=0D {=0D - VOID *Registration;=0D - EFI_EVENT Event;=0D + VOID *Registration;=0D + EFI_EVENT Event;=0D =0D - Event =3D EfiCreateProtocolNotifyEvent (=0D + Event =3D EfiCreateProtocolNotifyEvent (=0D &gEfiDxeSmmReadyToLockProtocolGuid,=0D TPL_CALLBACK,=0D - ReadyToLockEventCallBack,=0D + SmmReadyToLockEventCallBack,=0D NULL,=0D &Registration=0D );=0D +=0D ASSERT (Event !=3D NULL);=0D =0D return EFI_SUCCESS;=0D }=0D +=0D diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2Platform= Dxe.inf b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe= .inf index e8ab5f35a0da..af29c1cd98c9 100644 --- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf +++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf @@ -1,7 +1,7 @@ ### @file=0D # Platform specific TPM2 component.=0D #=0D -# Copyright (c) 2017, Intel Corporation. All rights reserved.
=0D +# Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.
=0D #=0D # SPDX-License-Identifier: BSD-2-Clause-Patent=0D #=0D @@ -21,23 +21,18 @@ #=0D =0D [LibraryClasses]=0D - MemoryAllocationLib=0D BaseLib=0D UefiBootServicesTableLib=0D UefiDriverEntryPoint=0D - UefiRuntimeServicesTableLib=0D - BaseMemoryLib=0D DebugLib=0D - Tpm2CommandLib=0D - Tpm2DeviceLib=0D - RngLib=0D UefiLib=0D + TpmPlatformHierarchyLib=0D =0D [Packages]=0D MdePkg/MdePkg.dec=0D MdeModulePkg/MdeModulePkg.dec=0D + MinPlatformPkg/MinPlatformPkg.dec=0D SecurityPkg/SecurityPkg.dec=0D - CryptoPkg/CryptoPkg.dec=0D =0D [Sources]=0D Tcg2PlatformDxe.c=0D @@ -47,4 +42,3 @@ =0D [Depex]=0D gEfiTcg2ProtocolGuid=0D -=0D --=20 2.22.0.windows.1