public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [PATCH v1 2/6] SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism for SHA1
  2019-12-18 21:32 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
@ 2019-12-18 21:32 ` Sukerkar, Amol N
  0 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:32 UTC (permalink / raw)
  To: devel

This is the HashApiInstance implementation for SHA1 which registers the SHA1
hash library in CryptoPkg with BaseHashLib based on whether a platform supports
SHA1 hash algorithm (provided by PcdTpm2HashMask).

Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c   | 128 ++++++++++++++++++++
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf |  40 ++++++
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni |  16 +++
 SecurityPkg/SecurityPkg.dsc                                     |   5 +
 4 files changed, 189 insertions(+)

diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
new file mode 100644
index 000000000000..06e88f00d70b
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
@@ -0,0 +1,128 @@
+/** @file
+  This library is BaseCrypto SHA1 hash instance.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha1_Init (
+  OUT HASH_HANDLE    *HashHandle
+  )
+{
+  VOID     *Sha1Ctx;
+  UINTN    CtxSize;
+
+  CtxSize = Sha1GetContextSize ();
+  Sha1Ctx = AllocatePool (CtxSize);
+  ASSERT (Sha1Ctx != NULL);
+
+  Sha1Init (Sha1Ctx);
+
+  *HashHandle = (HASH_HANDLE)Sha1Ctx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha1_Update (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  )
+{
+  VOID     *Sha1Ctx;
+
+  Sha1Ctx = (VOID *)HashHandle;
+  Sha1Update (Sha1Ctx, DataToHash, DataToHashLen);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Complete hash sequence complete.
+
+  @param HashHandle    Hash handle.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha1_Final (
+  IN HASH_HANDLE         HashHandle,
+  OUT UINT8            **Digest
+  )
+{
+  UINT8         Sha1Digest[SHA1_DIGEST_SIZE];
+  VOID          *Sha1Ctx;
+
+  Sha1Ctx = (VOID *)HashHandle;
+  Sha1Final (Sha1Ctx, Sha1Digest);
+
+  CopyMem (*Digest, Sha1Digest, SHA1_DIGEST_SIZE);
+
+  FreePool (Sha1Ctx);
+
+  return EFI_SUCCESS;
+}
+
+HASH_INTERFACE_UNIFIED_API  mSha1InternalHashApiInstance = {
+  HASH_ALGORITHM_SHA1_GUID,
+  Sha1_Init,
+  Sha1_Update,
+  Sha1_Final,
+};
+
+/**
+  The function register SHA1 instance.
+
+  @retval EFI_SUCCESS   SHA1 instance is registered, or system dose not surpport registr SHA1 instance
+**/
+EFI_STATUS
+EFIAPI
+HashApiInstanceSha1Constructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = RegisterHashApiLib (&mSha1InternalHashApiInstance);
+  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+    //
+    // Unsupported means platform policy does not need this instance enabled.
+    //
+    DEBUG ((DEBUG_ERROR, "[ansukerk]: Hash Interface SHA1 is registered\n"));
+    return EFI_SUCCESS;
+  }
+  return Status;
+}
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
new file mode 100644
index 000000000000..b59c4d883439
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
@@ -0,0 +1,40 @@
+## @file
+#  Provides BaseCrypto SHA1 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = HashApiInstanceSha1
+  MODULE_UNI_FILE                = HashApiInstanceSha1.uni
+  FILE_GUID                      = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+  CONSTRUCTOR                    = HashApiInstanceSha1Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  HashApiInstanceSha1.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni
new file mode 100644
index 000000000000..716369d2fb8a
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Provides BaseCrypto SHA1 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides BaseCrypto SHA1 hash service API"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library can be registered to Base Hash API, to serve as hash engine."
+
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 9ae134ffee53..6c0832d48e88 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -241,6 +241,11 @@ [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
 [Components.IA32, Components.X64]
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 
+  #
+  # Hash API
+  #
+  SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
+
   #
   # TPM
   #
-- 
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation
@ 2019-12-18 21:50 Sukerkar, Amol N
  2019-12-18 21:50 ` [PATCH v1 1/6] SecurityPkg/BaseHashLib: Implement a unified " Sukerkar, Amol N
                   ` (5 more replies)
  0 siblings, 6 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
  To: devel; +Cc: michael.d.kinney, sachin.agrawal, self

Currently the UEFI drivers using the SHA/SM3 hashing algorithms use hard-coded API to calculate the hash, such as, sha_256(…), etc. Since SHA384 and/or SM3 are being increasingly adopted, it becomes cumbersome to modify the driver with SHA384 or SM3 calls for each application.

To better achieve this, we are proposing a unified API which can be used by UEFI drivers that provides the drivers with flexibility to use the hashing algorithm they desired or the strongest hashing algorithm the system supports (with openssl). Attached is the design proposal for the same and we request feedback from the community before we begin the process of making the changes to EDK2 repo.

Alternatively, the design document is also attached to Bugzilla, https://bugzilla.tianocore.org/show_bug.cgi?id=2151. You can also provide the feedback in the Bugzilla.

Sukerkar, Amol N (6):
  SecurityPkg/BaseHashLib: Implement a unified API for Hash Calculation
  SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism
    for SHA1
  SecurityPkg/HashApiInstanceSha256: Implement API registration
    mechanism for SHA256
  SecurityPkg/HashApiInstanceSha384: Implement API registration
    mechanism for SHA384
  SecurityPkg/BaseHashLib: Modified the Registation Mechanism for
    BaseHashLib
  SecurityPkg/HashApiInstanceSM3: Implement API registration mechanism
    for SM3

 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c                    | 252 +++++++++++++
 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c                    | 396 ++++++++++++++++++++
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c       | 128 +++++++
 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c   | 128 +++++++
 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c   | 128 +++++++
 SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.c         | 128 +++++++
 SecurityPkg/Include/Library/BaseHashLib.h                           | 153 ++++++++
 SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h                 |  35 ++
 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf                  |  47 +++
 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni                  |  18 +
 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf                  |  48 +++
 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni                  |  18 +
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf     |  40 ++
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni     |  16 +
 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf |  40 ++
 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.uni |  16 +
 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf |  40 ++
 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.uni |  16 +
 SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.inf       |  40 ++
 SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.uni       |  16 +
 SecurityPkg/SecurityPkg.dec                                         |  19 +
 SecurityPkg/SecurityPkg.dsc                                         |  11 +
 SecurityPkg/SecurityPkg.uni                                         |  14 +
 23 files changed, 1747 insertions(+)
 create mode 100644 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
 create mode 100644 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
 create mode 100644 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
 create mode 100644 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
 create mode 100644 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
 create mode 100644 SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.c
 create mode 100644 SecurityPkg/Include/Library/BaseHashLib.h
 create mode 100644 SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
 create mode 100644 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
 create mode 100644 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
 create mode 100644 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
 create mode 100644 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
 create mode 100644 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
 create mode 100644 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni
 create mode 100644 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf
 create mode 100644 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.uni
 create mode 100644 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf
 create mode 100644 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.uni
 create mode 100644 SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.inf
 create mode 100644 SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.uni

-- 
2.16.2.windows.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v1 1/6] SecurityPkg/BaseHashLib: Implement a unified API for Hash Calculation
  2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
  2019-12-18 21:50 ` [PATCH v1 2/6] SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism for SHA1 Sukerkar, Amol N
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
  To: devel; +Cc: michael.d.kinney, sachin.agrawal, self

This implementation eliminates the need to use hard-coded API to calculate hash
by PEI and DXE drivers by introducing a common and unified API for hash
calculation.

The common API will execute the hash algorithm specified by the PCD,
PcdSystemHashPolicy.

Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
 SecurityPkg/Library/BaseHashLib/BaseHashLib.c      | 236 ++++++++++++++++++++
 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c   |  62 +++++
 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c   |  62 +++++
 SecurityPkg/Include/Library/HashLib.h              |  83 +++++++
 SecurityPkg/Library/BaseHashLib/BaseHashLib.h      |  85 +++++++
 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf |  49 ++++
 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni |  18 ++
 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf |  50 +++++
 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni |  18 ++
 SecurityPkg/SecurityPkg.dec                        |  28 +++
 SecurityPkg/SecurityPkg.dsc                        |   4 +
 SecurityPkg/SecurityPkg.uni                        |  23 ++
 12 files changed, 718 insertions(+)

diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c b/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
new file mode 100644
index 000000000000..2ad83387799d
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
@@ -0,0 +1,236 @@
+/** @file
+  Implement image verification services for secure boot service
+
+  Caution: This file requires additional review when modified.
+  This library will have external input - PE/COFF image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
+  read is within the image buffer.
+
+  DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
+  untrusted PE/COFF image and validate its data structure within this image buffer before use.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/HashLib.h>
+
+//#include "BaseHashLib.h"
+
+typedef struct {
+  EFI_GUID  Guid;
+  UINT32    Mask;
+} HASH_MASK;
+
+HASH_MASK mHashMask[] = {
+  {HASH_ALGORITHM_SHA1_GUID,         HASH_ALG_SHA1},
+  {HASH_ALGORITHM_SHA256_GUID,       HASH_ALG_SHA256},
+  {HASH_ALGORITHM_SHA384_GUID,       HASH_ALG_SHA384},
+  {HASH_ALGORITHM_SHA512_GUID,       HASH_ALG_SHA512},
+};
+
+HASH_INTERFACE_UNIFIED_API mHashOps[HASH_COUNT] = {{{0}, NULL, NULL, NULL}};
+
+UINTN mHashInterfaceCount = 0;
+UINT32 mCurrentHashMask = 0;
+
+UINT32
+EFIAPI
+GetApiHashMaskFromAlgo (
+  IN EFI_GUID  *HashGuid
+  )
+{
+  UINTN  Index;
+
+  for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
+    if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
+      return mHashMask[Index].Mask;
+    }
+  }
+  return 0;
+}
+
+/**
+  Init hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash start and HashHandle returned.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+  OUT  HASH_HANDLE   *HashHandle
+)
+{
+  HASH_HANDLE    *HashCtx;
+  UINTN   Index;
+  UINT32  HashMask;
+
+  if (mHashInterfaceCount == 0) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = AllocatePool (sizeof(*HashCtx));
+  ASSERT (HashCtx != NULL);
+
+  for (Index = 0; Index < mHashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+    if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
+        (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
+      mHashOps[Index].HashInit (HashCtx);
+    }
+  }
+
+  *HashHandle = (HASH_HANDLE)HashCtx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS          Hash updated.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+)
+{
+  HASH_HANDLE  *HashCtx;
+  UINTN        Index;
+  UINT32       HashMask;
+
+  if (mHashInterfaceCount == 0) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = (HASH_HANDLE *)HashHandle;
+
+  for (Index = 0; Index < mHashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+    if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
+        (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
+      mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  OUT UINT8       *Digest
+)
+{
+  HASH_HANDLE  *HashCtx;
+  UINTN        Index;
+  UINT32       HashMask;
+
+  if (mHashInterfaceCount == 0) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = (HASH_HANDLE *)HashHandle;
+
+  for (Index = 0; Index < mHashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+    if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
+        (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
+      mHashOps[Index].HashFinal (HashCtx[0], &Digest);
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  This service registers Hash Interface.
+
+  @param HashInterface  Hash interface
+
+  @retval EFI_SUCCESS          This hash interface is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this interface.
+  @retval EFI_ALREADY_STARTED  System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+  IN HASH_INTERFACE_UNIFIED_API   *HashInterface
+  )
+{
+  EFI_STATUS  Status;
+  UINTN       Index;
+  UINT32      HashMask;
+
+  //
+  // Check Allow
+  //
+  HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
+
+  // check if Hash Mask is supported
+  if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {
+    return EFI_UNSUPPORTED;
+  }
+
+  if (mHashInterfaceCount >= sizeof(mHashOps)/sizeof(mHashOps[0])) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Check duplication
+  //
+  for (Index = 0; Index < mHashInterfaceCount; Index++) {
+    if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid)) {
+      DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));
+      return EFI_ALREADY_STARTED;
+    }
+  }
+
+  //
+  // Register the Hash Algo.
+  //
+  mCurrentHashMask = PcdGet32 (PcdHashAlgorithmBitmap) | HashMask;
+  Status = PcdSet32S (PcdHashAlgorithmBitmap, mCurrentHashMask);
+  ASSERT_EFI_ERROR (Status);
+
+  CopyMem (&mHashOps[mHashInterfaceCount], HashInterface, sizeof(*HashInterface));
+  mHashInterfaceCount ++;
+
+  return EFI_SUCCESS;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
new file mode 100644
index 000000000000..5de94d80fad5
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
@@ -0,0 +1,62 @@
+/** @file
+  Implement image verification services for secure boot service
+
+  Caution: This file requires additional review when modified.
+  This library will have external input - PE/COFF image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
+  read is within the image buffer.
+
+  DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
+  untrusted PE/COFF image and validate its data structure within this image buffer before use.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/HashLib.h>
+
+#include "BaseHashLib.h"
+
+/**
+  The constructor function of BaseHashLib Dxe.
+
+  @param  FileHandle   The handle of FFS header the loaded driver.
+  @param  PeiServices  The pointer to the PEI services.
+
+  @retval EFI_SUCCESS           The constructor executes successfully.
+  @retval EFI_OUT_OF_RESOURCES  There is no enough resource for the constructor.
+
+**/
+EFI_STATUS
+EFIAPI
+BaseHashLibApiPeiConstructor (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  EFI_STATUS    Status;
+
+  //
+  // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
+  //
+  Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
+  ASSERT_EFI_ERROR (Status);
+
+  return EFI_SUCCESS;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
new file mode 100644
index 000000000000..8ffe356b60e7
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
@@ -0,0 +1,62 @@
+/** @file
+  Implement image verification services for secure boot service
+
+  Caution: This file requires additional review when modified.
+  This library will have external input - PE/COFF image.
+  This external input must be validated carefully to avoid security issue like
+  buffer overflow, integer overflow.
+
+  DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
+  read is within the image buffer.
+
+  DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
+  untrusted PE/COFF image and validate its data structure within this image buffer before use.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/DebugLib.h>
+#include <Library/PcdLib.h>
+#include <Library/HashLib.h>
+
+#include "BaseHashLib.h"
+
+/**
+  The constructor function of BaseHashLib Pei.
+
+  @param  FileHandle   The handle of FFS header the loaded driver.
+  @param  PeiServices  The pointer to the PEI services.
+
+  @retval EFI_SUCCESS           The constructor executes successfully.
+  @retval EFI_OUT_OF_RESOURCES  There is no enough resource for the constructor.
+
+**/
+EFI_STATUS
+EFIAPI
+BaseHashLibApiPeiConstructor (
+  IN EFI_PEI_FILE_HANDLE        FileHandle,
+  IN CONST EFI_PEI_SERVICES     **PeiServices
+  )
+{
+  EFI_STATUS    Status;
+
+  //
+  // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
+  //
+  Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
+  ASSERT_EFI_ERROR (Status);
+
+  return EFI_SUCCESS;
+}
\ No newline at end of file
diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 6ad960ad70ee..740cb8188e51 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -87,6 +87,53 @@ HashAndExtend (
   OUT TPML_DIGEST_VALUES            *DigestList
   );
 
+/**
+  Init hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash start and HashHandle returned.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+  OUT  HASH_HANDLE   *HashHandle
+);
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS          Hash updated.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+);
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  OUT UINT8       *Digest
+);
+
 /**
   Start hash sequence.
 
@@ -133,6 +180,21 @@ EFI_STATUS
   OUT TPML_DIGEST_VALUES *DigestList
   );
 
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *HASH_FINAL_EX) (
+  IN  HASH_HANDLE      HashHandle,
+  OUT UINT8            **Digest
+  );
+
 #define HASH_ALGORITHM_SHA1_GUID    EFI_HASH_ALGORITHM_SHA1_GUID
 #define HASH_ALGORITHM_SHA256_GUID  EFI_HASH_ALGORITHM_SHA256_GUID
 #define HASH_ALGORITHM_SHA384_GUID  EFI_HASH_ALGORITHM_SHA384_GUID
@@ -149,6 +211,13 @@ typedef struct {
   HASH_FINAL                         HashFinal;
 } HASH_INTERFACE;
 
+typedef struct {
+  EFI_GUID                           HashGuid;
+  HASH_INIT                          HashInit;
+  HASH_UPDATE                        HashUpdate;
+  HASH_FINAL_EX                      HashFinal;
+} HASH_INTERFACE_UNIFIED_API;
+
 /**
   This service register Hash.
 
@@ -164,4 +233,18 @@ RegisterHashInterfaceLib (
   IN HASH_INTERFACE   *HashInterface
   );
 
+/**
+  This service registers Hash Interface.
+
+  @param HashInterface  Hash interface
+
+  @retval EFI_SUCCESS          This hash interface is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this interface.
+  @retval EFI_ALREADY_STARTED  System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+  IN HASH_INTERFACE_UNIFIED_API *HashInterface
+);
 #endif
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h b/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
new file mode 100644
index 000000000000..70676c1716c3
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
@@ -0,0 +1,85 @@
+/** @file
+  The internal header file includes the common header files, defines
+  internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BASEHASHLIB_H_
+#define __BASEHASHLIB_H_
+
+#define HASH_ALGO_COUNT 7
+
+//
+// Hash Algorithms
+//
+#define HASH_ALG_SHA1    0x00000001
+#define HASH_ALG_SHA256  0x00000002
+#define HASH_ALG_SHA384  0x00000004
+#define HASH_ALG_SHA512  0x00000008
+#define HASH_ALG_SM3_256 0x00000010
+#if 0
+typedef 
+UINTN
+(EFIAPI *GET_HASH_CTX_SIZE) (
+  VOID
+  );
+
+typedef
+BOOLEAN
+(EFIAPI *_HASH_INIT) (
+  OUT  VOID  *ShaContext
+  );
+
+typedef
+BOOLEAN
+(EFIAPI *_HASH_DUPLICATE) (
+  IN   CONST VOID  *ShaContext,
+  OUT  VOID        *NewShaContext
+  );
+
+typedef
+BOOLEAN
+(EFIAPI *_HASH_UPDATE) (
+  IN OUT  VOID        *ShaContext,
+  IN      CONST VOID  *Data,
+  IN      UINTN       DataSize
+  );
+
+typedef
+BOOLEAN
+(EFIAPI *_HASH_FINAL) (
+  IN OUT  VOID   *ShaContext,
+  OUT     UINT8  *HashValue
+  );
+
+HASH_ALGO_IDX
+GetHashAlgoIndex (
+  VOID
+);
+
+typedef struct {
+  HASH_ALGO_IDX     HashAlgo;
+  GET_HASH_CTX_SIZE  GetHashCtxSize;
+  _HASH_INIT          HashInit;
+  _HASH_DUPLICATE     HashDuplicate;
+  _HASH_UPDATE        HashUpdate;
+  _HASH_FINAL         HashFinal;
+} HASH_OPERATIONS;
+
+
+EFI_STATUS
+EFIAPI
+RegisterHashLib (
+  IN HASH_OPERATIONS   *HashInterface
+);
+#endif
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
new file mode 100644
index 000000000000..f5dcbedb2cd9
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
@@ -0,0 +1,49 @@
+## @file
+#  Provides hash service by registered hash handler
+#
+#  This library is Base Hash Lib. It will redirect hash request to each individual
+#  hash handler registered, such as SHA1, SHA256, SHA384, SM3. Platform can use
+#  PcdTpm2HashMask to register hash engines.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = BaseHashLibDxe
+  MODULE_UNI_FILE                = BaseHashLibDxe.uni
+  FILE_GUID                      = 158DC712-F15A-44dc-93BB-1675045BE066
+  MODULE_TYPE                    = DXE_DRIVER
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BaseHashLib|DXE_DRIVER DXE_RUNTIME_DRIVER DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
+  CONSTRUCTOR                    = BaseHashLibApiDxeConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  BaseHashLib.h
+  BaseHashLibDxe.c
+  BaseHashLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  PcdLib
+
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask             ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap    ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
+
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
new file mode 100644
index 000000000000..d8b03ea4da63
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
@@ -0,0 +1,18 @@
+// /** @file
+// Provides hash service by registered hash handler
+//
+// This library is BaseCrypto router. It will redirect hash request to each individual
+// hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
+// mask some hash engines.
+//
+// Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides hash service by registered hash handler"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library is BaseCrypto router. It will redirect hash request to each individual hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to mask some hash engines."
+
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
new file mode 100644
index 000000000000..07e95a5a9c0f
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
@@ -0,0 +1,50 @@
+## @file
+#  Provides hash service by registered hash handler
+#
+#  This library is BaseCrypto router. It will redirect hash request to each individual
+#  hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
+#  mask some hash engines.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = BaseHashLibPei
+  MODULE_UNI_FILE                = BaseHashLibPei.uni
+  FILE_GUID                      = DDCBCFBA-8EEB-488a-96D6-097831A6E50B
+  MODULE_TYPE                    = PEIM
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = BaseHashLib|PEIM
+  CONSTRUCTOR                    = BaseHashLibApiPeiConstructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  BaseHashLib.h
+  BaseHashLibPei.c
+  BaseHashLib.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  PcdLib
+
+[Pcd]
+  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask             ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap    ## CONSUMES
+  gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
+
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
new file mode 100644
index 000000000000..d8b03ea4da63
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
@@ -0,0 +1,18 @@
+// /** @file
+// Provides hash service by registered hash handler
+//
+// This library is BaseCrypto router. It will redirect hash request to each individual
+// hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to
+// mask some hash engines.
+//
+// Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides hash service by registered hash handler"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library is BaseCrypto router. It will redirect hash request to each individual hash handler registered, such as SHA1, SHA256. Platform can use PcdTpm2HashMask to mask some hash engines."
+
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index cac36caf0a0d..b03677a5411c 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -27,6 +27,10 @@ [LibraryClasses]
   #
   HashLib|Include/Library/HashLib.h
 
+  ##  @libraryclass  Provides hash interfaces from different implementations.
+  #
+  BaseHashLib|Include/Library/HashLib.h
+
   ##  @libraryclass  Provides a platform specific interface to detect physically present user.
   #
   PlatformSecureLib|Include/Library/PlatformSecureLib.h
@@ -496,5 +500,29 @@ [PcdsDynamic, PcdsDynamicEx]
   # @Prompt Tpm2AcpiTableLasa LASA field in TPM2 ACPI table.
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLasa|0|UINT64|0x00010023
 
+  [PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
+  ## This PCD indicates the HASH algorithm to verify unsigned PE/COFF image
+  #  Based on the value set, the required algorithm is chosen to verify
+  #  the unsigned image during Secure Boot.<BR>
+  #  The hashing algorithm selected must match the hashing algorithm used to
+  #  hash the image to be added to DB using tools such as KeyEnroll.<BR>
+  #     0x00000001    - SHA1.<BR>
+  #     0x00000002    - SHA256.<BR>
+  #     0x00000004    - SHA384.<BR>
+  #     0x00000008    - SHA512.<BR>
+  #     0x00000010    - SM3_256.<BR>
+  # @Prompt Set policy for hashing unsigned image for Secure Boot.
+  # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
+  gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy|0x02|UINT32|0x00010024
+
+  ## This PCD indicated final BIOS supported Hash mask for Base Hash API.
+  #    Bios may choose to register a subset of PcdTpm2HashMask.
+  #    This PCD is final value of how many hash algo are registered with
+  #    Base Hash API.
+  # This PCD will start with value 0 by the Base Hash API constructor and
+  # the value will be updated as Hash Algo are registered.
+  # @Prompt Hash Algorithm bitmap for Base Hash API.
+  gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap|0xFFFFFFFF|UINT32|0x00010025
+
 [UserExtensions.TianoCore."ExtraFiles"]
   SecurityPkgExtra.uni
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index a2eeadda7a7e..9ae134ffee53 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -95,6 +95,7 @@ [LibraryClasses.common.PEIM]
   Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf
   Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib/PeiTcg2PhysicalPresenceLib.inf
   RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+  BaseHashLib|SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
 
 [LibraryClasses.common.DXE_DRIVER]
   HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
@@ -170,6 +171,7 @@ [PcdsDynamicDefault.common.DEFAULT]
   gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1
   gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|3
   gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|3
+  gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap|3
 
 [PcdsDynamicHii.common.DEFAULT]
   gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS
@@ -211,6 +213,8 @@ [Components]
 
   SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf
 
+  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
+
   #
   # TCG Storage.
   #
diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni
index 68587304d779..2dc77279210c 100644
--- a/SecurityPkg/SecurityPkg.uni
+++ b/SecurityPkg/SecurityPkg.uni
@@ -295,3 +295,26 @@
 
 #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableLasa_HELP  #language en-US "This PCD defines LASA of TPM2 ACPI table\n\n"
                                                                                      "0 means this field is unsupported\n"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSystemHashPolicy_PROMPT  #language en-US "HASH algorithm to verify unsigned PE/COFF image"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSystemHashPolicy_HELP  #language en-US "This PCD indicates the HASH algorithm to verify unsigned PE/COFF image.<BR><BR>\n"
+                                                                                        "Based on the value set, the required algorithm is chosen to verify\n"
+                                                                                        "the unsigned image during Secure Boot.<BR>\n"
+                                                                                        "The hashing algorithm selected must match the hashing algorithm used to\n"
+                                                                                        "hash the image to be added to DB using tools such as KeyEnroll.<BR>\n"
+                                                                                        "0x00000000  -  SHA1.<BR>\n"
+                                                                                        "0x00000001  -  SHA224.<BR>"
+                                                                                        "0x00000002  -  SHA256.<BR>\n"
+                                                                                        "0x00000003  -  SHA384.<BR>\n"
+                                                                                        "0x00000004  -  SHA512.<BR>\n"
+                                                                                        "0x00000005  -  SM3.<BR>"
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_PROMPT  #language en-US "Hash Algorithm bitmap for Base Hash API."
+
+#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_HELP  #language en-US "This PCD indicated final BIOS supported Hash mask for Base Hash API.\n"
+                                                                                        "Bios may choose to register a subset of PcdTpm2HashMask.<BR>\n"
+                                                                                        "This PCD is final value of how many hash algo are registered with\n"
+                                                                                        "Base Hash API.<BR>\n"
+                                                                                        "This PCD will start with value 0 by the Base Hash API constructor and\n"
+                                                                                        "the value will be updated as Hash Algo are registered.<BR>\n"
-- 
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH v1 2/6] SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism for SHA1
  2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
  2019-12-18 21:50 ` [PATCH v1 1/6] SecurityPkg/BaseHashLib: Implement a unified " Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
  2019-12-18 21:50 ` [PATCH v1 3/6] SecurityPkg/HashApiInstanceSha256: Implement API registration mechanism for SHA256 Sukerkar, Amol N
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
  To: devel; +Cc: michael.d.kinney, sachin.agrawal, self

This is the HashApiInstance implementation for SHA1 which registers the SHA1
hash library in CryptoPkg with BaseHashLib based on whether a platform supports
SHA1 hash algorithm (provided by PcdTpm2HashMask).

Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c   | 128 ++++++++++++++++++++
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf |  40 ++++++
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni |  16 +++
 SecurityPkg/SecurityPkg.dsc                                     |   5 +
 4 files changed, 189 insertions(+)

diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
new file mode 100644
index 000000000000..06e88f00d70b
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
@@ -0,0 +1,128 @@
+/** @file
+  This library is BaseCrypto SHA1 hash instance.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha1_Init (
+  OUT HASH_HANDLE    *HashHandle
+  )
+{
+  VOID     *Sha1Ctx;
+  UINTN    CtxSize;
+
+  CtxSize = Sha1GetContextSize ();
+  Sha1Ctx = AllocatePool (CtxSize);
+  ASSERT (Sha1Ctx != NULL);
+
+  Sha1Init (Sha1Ctx);
+
+  *HashHandle = (HASH_HANDLE)Sha1Ctx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha1_Update (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  )
+{
+  VOID     *Sha1Ctx;
+
+  Sha1Ctx = (VOID *)HashHandle;
+  Sha1Update (Sha1Ctx, DataToHash, DataToHashLen);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Complete hash sequence complete.
+
+  @param HashHandle    Hash handle.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha1_Final (
+  IN HASH_HANDLE         HashHandle,
+  OUT UINT8            **Digest
+  )
+{
+  UINT8         Sha1Digest[SHA1_DIGEST_SIZE];
+  VOID          *Sha1Ctx;
+
+  Sha1Ctx = (VOID *)HashHandle;
+  Sha1Final (Sha1Ctx, Sha1Digest);
+
+  CopyMem (*Digest, Sha1Digest, SHA1_DIGEST_SIZE);
+
+  FreePool (Sha1Ctx);
+
+  return EFI_SUCCESS;
+}
+
+HASH_INTERFACE_UNIFIED_API  mSha1InternalHashApiInstance = {
+  HASH_ALGORITHM_SHA1_GUID,
+  Sha1_Init,
+  Sha1_Update,
+  Sha1_Final,
+};
+
+/**
+  The function register SHA1 instance.
+
+  @retval EFI_SUCCESS   SHA1 instance is registered, or system dose not surpport registr SHA1 instance
+**/
+EFI_STATUS
+EFIAPI
+HashApiInstanceSha1Constructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = RegisterHashApiLib (&mSha1InternalHashApiInstance);
+  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+    //
+    // Unsupported means platform policy does not need this instance enabled.
+    //
+    DEBUG ((DEBUG_ERROR, "[ansukerk]: Hash Interface SHA1 is registered\n"));
+    return EFI_SUCCESS;
+  }
+  return Status;
+}
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
new file mode 100644
index 000000000000..b59c4d883439
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
@@ -0,0 +1,40 @@
+## @file
+#  Provides BaseCrypto SHA1 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = HashApiInstanceSha1
+  MODULE_UNI_FILE                = HashApiInstanceSha1.uni
+  FILE_GUID                      = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+  CONSTRUCTOR                    = HashApiInstanceSha1Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  HashApiInstanceSha1.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni
new file mode 100644
index 000000000000..716369d2fb8a
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Provides BaseCrypto SHA1 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides BaseCrypto SHA1 hash service API"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library can be registered to Base Hash API, to serve as hash engine."
+
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 9ae134ffee53..6c0832d48e88 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -241,6 +241,11 @@ [Components.IA32, Components.X64, Components.ARM, Components.AARCH64]
 [Components.IA32, Components.X64]
   SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
 
+  #
+  # Hash API
+  #
+  SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
+
   #
   # TPM
   #
-- 
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH v1 3/6] SecurityPkg/HashApiInstanceSha256: Implement API registration mechanism for SHA256
  2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
  2019-12-18 21:50 ` [PATCH v1 1/6] SecurityPkg/BaseHashLib: Implement a unified " Sukerkar, Amol N
  2019-12-18 21:50 ` [PATCH v1 2/6] SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism for SHA1 Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
  2019-12-18 21:50 ` [PATCH v1 4/6] SecurityPkg/HashApiInstanceSha384: Implement API registration mechanism for SHA384 Sukerkar, Amol N
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
  To: devel; +Cc: michael.d.kinney, sachin.agrawal, self

This is the HashApiInstance implementation for SHA256 which registers the
SHA256 hash library in CryptoPkg with BaseHashLib based on whether a platform
supports SHA256 hash algorithm (provided by PcdTpm2HashMask).

Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c   | 128 ++++++++++++++++++++
 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf |  40 ++++++
 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.uni |  16 +++
 SecurityPkg/SecurityPkg.dsc                                         |   1 +
 4 files changed, 185 insertions(+)

diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
new file mode 100644
index 000000000000..129d60a387fd
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
@@ -0,0 +1,128 @@
+/** @file
+  This library is BaseCrypto SHA256 hash instance.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha256_Init (
+  OUT HASH_HANDLE    *HashHandle
+  )
+{
+  VOID     *Sha256Ctx;
+  UINTN    CtxSize;
+
+  CtxSize = Sha256GetContextSize ();
+  Sha256Ctx = AllocatePool (CtxSize);
+  ASSERT (Sha256Ctx != NULL);
+
+  Sha256Init (Sha256Ctx);
+
+  *HashHandle = (HASH_HANDLE)Sha256Ctx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha256_Update (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  )
+{
+  VOID     *Sha256Ctx;
+
+  Sha256Ctx = (VOID *)HashHandle;
+  Sha256Update (Sha256Ctx, DataToHash, DataToHashLen);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Complete hash sequence complete.
+
+  @param HashHandle    Hash handle.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha256_Final (
+  IN HASH_HANDLE         HashHandle,
+  OUT UINT8            **Digest
+  )
+{
+  UINT8         Sha256Digest[SHA256_DIGEST_SIZE];
+  VOID          *Sha256Ctx;
+
+  Sha256Ctx = (VOID *)HashHandle;
+  Sha256Final (Sha256Ctx, Sha256Digest);
+
+  CopyMem (*Digest, Sha256Digest, SHA256_DIGEST_SIZE);
+
+  FreePool (Sha256Ctx);
+
+  return EFI_SUCCESS;
+}
+
+HASH_INTERFACE_UNIFIED_API  mSha256InternalHashApiInstance = {
+  HASH_ALGORITHM_SHA256_GUID,
+  Sha256_Init,
+  Sha256_Update,
+  Sha256_Final,
+};
+
+/**
+  The function register SHA256 instance.
+
+  @retval EFI_SUCCESS   SHA256 instance is registered, or system dose not surpport registr SHA256 instance
+**/
+EFI_STATUS
+EFIAPI
+HashApiInstanceSha256Constructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = RegisterHashApiLib (&mSha256InternalHashApiInstance);
+  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+    //
+    // Unsupported means platform policy does not need this instance enabled.
+    //
+    DEBUG ((DEBUG_ERROR, "[ansukerk]: Hash Interface SHA256 is registered\n"));
+    return EFI_SUCCESS;
+  }
+  return Status;
+}
diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf
new file mode 100644
index 000000000000..08d802cd69f4
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf
@@ -0,0 +1,40 @@
+## @file
+#  Provides BaseCrypto SHA1 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = HashApiInstanceSha256
+  MODULE_UNI_FILE                = HashApiInstanceSha256.uni
+  FILE_GUID                      = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+  CONSTRUCTOR                    = HashApiInstanceSha256Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  HashApiInstanceSha256.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.uni b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.uni
new file mode 100644
index 000000000000..b2121464c552
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Provides BaseCrypto SHA256 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides BaseCrypto SHA256 hash service API"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library can be registered to Base Hash API, to serve as hash engine."
+
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 6c0832d48e88..95a5710735e0 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -245,6 +245,7 @@ [Components.IA32, Components.X64]
   # Hash API
   #
   SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
+  SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf
 
   #
   # TPM
-- 
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH v1 4/6] SecurityPkg/HashApiInstanceSha384: Implement API registration mechanism for SHA384
  2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
                   ` (2 preceding siblings ...)
  2019-12-18 21:50 ` [PATCH v1 3/6] SecurityPkg/HashApiInstanceSha256: Implement API registration mechanism for SHA256 Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
  2019-12-18 21:50 ` [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib Sukerkar, Amol N
  2019-12-18 21:50 ` [PATCH v1 6/6] SecurityPkg/HashApiInstanceSM3: Implement API registration mechanism for SM3 Sukerkar, Amol N
  5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
  To: devel; +Cc: michael.d.kinney, sachin.agrawal, self

This is the HashApiInstance implementation for SHA384 which registers the
SHA384 hash library in CryptoPkg with BaseHashLib based on whether a platform
supports SHA384 hash algorithm (provided by PcdTpm2HashMask).

Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c   | 128 ++++++++++++++++++++
 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf |  40 ++++++
 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.uni |  16 +++
 SecurityPkg/SecurityPkg.dsc                                         |   1 +
 4 files changed, 185 insertions(+)

diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
new file mode 100644
index 000000000000..0d1b8f3e877a
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
@@ -0,0 +1,128 @@
+/** @file
+  This library is BaseCrypto SHA384 hash instance.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/HashLib.h>
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sha384_Init (
+  OUT HASH_HANDLE    *HashHandle
+  )
+{
+  VOID     *Sha384Ctx;
+  UINTN    CtxSize;
+
+  CtxSize = Sha384GetContextSize ();
+  Sha384Ctx = AllocatePool (CtxSize);
+  ASSERT (Sha384Ctx != NULL);
+
+  Sha384Init (Sha384Ctx);
+
+  *HashHandle = (HASH_HANDLE)Sha384Ctx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sha384_Update (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  )
+{
+  VOID     *Sha384Ctx;
+
+  Sha384Ctx = (VOID *)HashHandle;
+  Sha384Update (Sha384Ctx, DataToHash, DataToHashLen);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Complete hash sequence complete.
+
+  @param HashHandle    Hash handle.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sha384_Final (
+  IN HASH_HANDLE         HashHandle,
+  OUT UINT8            **Digest
+  )
+{
+  UINT8         Sha384Digest[SHA384_DIGEST_SIZE];
+  VOID          *Sha384Ctx;
+
+  Sha384Ctx = (VOID *)HashHandle;
+  Sha384Final (Sha384Ctx, Sha384Digest);
+
+  CopyMem (*Digest, Sha384Digest, SHA384_DIGEST_SIZE);
+
+  FreePool (Sha384Ctx);
+
+  return EFI_SUCCESS;
+}
+
+HASH_INTERFACE_UNIFIED_API  mSha384InternalHashApiInstance = {
+  HASH_ALGORITHM_SHA384_GUID,
+  Sha384_Init,
+  Sha384_Update,
+  Sha384_Final,
+};
+
+/**
+  The function register SHA384 instance.
+
+  @retval EFI_SUCCESS   SHA384 instance is registered, or system dose not surpport registr SHA384 instance
+**/
+EFI_STATUS
+EFIAPI
+HashApiInstanceSha384Constructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = RegisterHashApiLib (&mSha384InternalHashApiInstance);
+  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+    //
+    // Unsupported means platform policy does not need this instance enabled.
+    //
+    DEBUG ((DEBUG_ERROR, "[ansukerk]: Hash Interface SHA384 is registered\n"));
+    return EFI_SUCCESS;
+  }
+  return Status;
+}
diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf
new file mode 100644
index 000000000000..ee36a926a8b8
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf
@@ -0,0 +1,40 @@
+## @file
+#  Provides BaseCrypto SHA1 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2013 - 2018, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = HashApiInstanceSha384
+  MODULE_UNI_FILE                = HashApiInstanceSha384.uni
+  FILE_GUID                      = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+  CONSTRUCTOR                    = HashApiInstanceSha384Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  HashApiInstanceSha384.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.uni b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.uni
new file mode 100644
index 000000000000..be41375bca7a
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Provides BaseCrypto SHA384 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2013 - 2014, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides BaseCrypto SHA384 hash service API"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library can be registered to Base Hash API, to serve as hash engine."
+
diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
index 95a5710735e0..c03822872718 100644
--- a/SecurityPkg/SecurityPkg.dsc
+++ b/SecurityPkg/SecurityPkg.dsc
@@ -246,6 +246,7 @@ [Components.IA32, Components.X64]
   #
   SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.inf
   SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.inf
+  SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.inf
 
   #
   # TPM
-- 
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib
  2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
                   ` (3 preceding siblings ...)
  2019-12-18 21:50 ` [PATCH v1 4/6] SecurityPkg/HashApiInstanceSha384: Implement API registration mechanism for SHA384 Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
  2019-12-18 21:50 ` [PATCH v1 6/6] SecurityPkg/HashApiInstanceSM3: Implement API registration mechanism for SM3 Sukerkar, Amol N
  5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
  To: devel; +Cc: michael.d.kinney, sachin.agrawal, self

A gEfiCallerIdGuid needs to be introduced in the BaseHashLibPei method to save
the hash mask of registered API instances of hashing algorithms.

gEfiCallerIdGuid saves the last registered hash mask as a HOB that can be
modified or updated with the subsequent registration of API instances of
hashing algorithms based on PcdSystemHashPolicy.

Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
 SecurityPkg/Library/BaseHashLib/BaseHashLib.c                     | 236 -------------
 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c                  | 210 +++++++++++-
 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c                  | 348 +++++++++++++++++++-
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c     |   2 +-
 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c |   2 +-
 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c |   2 +-
 SecurityPkg/Include/Library/BaseHashLib.h                         | 153 +++++++++
 SecurityPkg/Include/Library/HashLib.h                             |  83 -----
 SecurityPkg/Library/BaseHashLib/BaseHashLib.h                     |  85 -----
 SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h               |  35 ++
 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf                |   2 -
 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf                |   4 +-
 SecurityPkg/SecurityPkg.dec                                       |   9 -
 SecurityPkg/SecurityPkg.uni                                       |   9 -
 14 files changed, 733 insertions(+), 447 deletions(-)

diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c b/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
deleted file mode 100644
index 2ad83387799d..000000000000
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/** @file
-  Implement image verification services for secure boot service
-
-  Caution: This file requires additional review when modified.
-  This library will have external input - PE/COFF image.
-  This external input must be validated carefully to avoid security issue like
-  buffer overflow, integer overflow.
-
-  DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
-  read is within the image buffer.
-
-  DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
-  untrusted PE/COFF image and validate its data structure within this image buffer before use.
-
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution.  The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/DebugLib.h>
-#include <Library/PcdLib.h>
-#include <Library/HashLib.h>
-
-//#include "BaseHashLib.h"
-
-typedef struct {
-  EFI_GUID  Guid;
-  UINT32    Mask;
-} HASH_MASK;
-
-HASH_MASK mHashMask[] = {
-  {HASH_ALGORITHM_SHA1_GUID,         HASH_ALG_SHA1},
-  {HASH_ALGORITHM_SHA256_GUID,       HASH_ALG_SHA256},
-  {HASH_ALGORITHM_SHA384_GUID,       HASH_ALG_SHA384},
-  {HASH_ALGORITHM_SHA512_GUID,       HASH_ALG_SHA512},
-};
-
-HASH_INTERFACE_UNIFIED_API mHashOps[HASH_COUNT] = {{{0}, NULL, NULL, NULL}};
-
-UINTN mHashInterfaceCount = 0;
-UINT32 mCurrentHashMask = 0;
-
-UINT32
-EFIAPI
-GetApiHashMaskFromAlgo (
-  IN EFI_GUID  *HashGuid
-  )
-{
-  UINTN  Index;
-
-  for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
-    if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
-      return mHashMask[Index].Mask;
-    }
-  }
-  return 0;
-}
-
-/**
-  Init hash sequence.
-
-  @param HashHandle Hash handle.
-
-  @retval EFI_SUCCESS          Hash start and HashHandle returned.
-  @retval EFI_UNSUPPORTED      System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiInit (
-  OUT  HASH_HANDLE   *HashHandle
-)
-{
-  HASH_HANDLE    *HashCtx;
-  UINTN   Index;
-  UINT32  HashMask;
-
-  if (mHashInterfaceCount == 0) {
-    return EFI_UNSUPPORTED;
-  }
-
-  HashCtx = AllocatePool (sizeof(*HashCtx));
-  ASSERT (HashCtx != NULL);
-
-  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
-    if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
-        (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
-      mHashOps[Index].HashInit (HashCtx);
-    }
-  }
-
-  *HashHandle = (HASH_HANDLE)HashCtx;
-
-  return EFI_SUCCESS;
-}
-
-/**
-  Update hash data.
-
-  @param HashHandle    Hash handle.
-  @param DataToHash    Data to be hashed.
-  @param DataToHashLen Data size.
-
-  @retval EFI_SUCCESS          Hash updated.
-  @retval EFI_UNSUPPORTED      System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiUpdate (
-  IN HASH_HANDLE    HashHandle,
-  IN VOID           *DataToHash,
-  IN UINTN          DataToHashLen
-)
-{
-  HASH_HANDLE  *HashCtx;
-  UINTN        Index;
-  UINT32       HashMask;
-
-  if (mHashInterfaceCount == 0) {
-    return EFI_UNSUPPORTED;
-  }
-
-  HashCtx = (HASH_HANDLE *)HashHandle;
-
-  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
-    if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
-        (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
-      mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
-    }
-  }
-
-  return EFI_SUCCESS;
-}
-
-/**
-  Hash complete.
-
-  @param HashHandle    Hash handle.
-  @param Digest        Hash Digest.
-
-  @retval EFI_SUCCESS     Hash complete and Digest is returned.
-**/
-EFI_STATUS
-EFIAPI
-HashApiFinal (
-  IN  HASH_HANDLE HashHandle,
-  OUT UINT8       *Digest
-)
-{
-  HASH_HANDLE  *HashCtx;
-  UINTN        Index;
-  UINT32       HashMask;
-
-  if (mHashInterfaceCount == 0) {
-    return EFI_UNSUPPORTED;
-  }
-
-  HashCtx = (HASH_HANDLE *)HashHandle;
-
-  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
-    if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
-        (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
-      mHashOps[Index].HashFinal (HashCtx[0], &Digest);
-    }
-  }
-
-  return EFI_SUCCESS;
-}
-
-/**
-  This service registers Hash Interface.
-
-  @param HashInterface  Hash interface
-
-  @retval EFI_SUCCESS          This hash interface is registered successfully.
-  @retval EFI_UNSUPPORTED      System does not support register this interface.
-  @retval EFI_ALREADY_STARTED  System already register this interface.
-**/
-EFI_STATUS
-EFIAPI
-RegisterHashApiLib (
-  IN HASH_INTERFACE_UNIFIED_API   *HashInterface
-  )
-{
-  EFI_STATUS  Status;
-  UINTN       Index;
-  UINT32      HashMask;
-
-  //
-  // Check Allow
-  //
-  HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
-
-  // check if Hash Mask is supported
-  if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {
-    return EFI_UNSUPPORTED;
-  }
-
-  if (mHashInterfaceCount >= sizeof(mHashOps)/sizeof(mHashOps[0])) {
-    return EFI_OUT_OF_RESOURCES;
-  }
-
-  //
-  // Check duplication
-  //
-  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid)) {
-      DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));
-      return EFI_ALREADY_STARTED;
-    }
-  }
-
-  //
-  // Register the Hash Algo.
-  //
-  mCurrentHashMask = PcdGet32 (PcdHashAlgorithmBitmap) | HashMask;
-  Status = PcdSet32S (PcdHashAlgorithmBitmap, mCurrentHashMask);
-  ASSERT_EFI_ERROR (Status);
-
-  CopyMem (&mHashOps[mHashInterfaceCount], HashInterface, sizeof(*HashInterface));
-  mHashInterfaceCount ++;
-
-  return EFI_SUCCESS;
-}
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
index 5de94d80fad5..f292558e3e40 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
@@ -29,9 +29,204 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/MemoryAllocationLib.h>
 #include <Library/DebugLib.h>
 #include <Library/PcdLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
 
-#include "BaseHashLib.h"
+#include "BaseHashLibCommon.h"
+
+
+HASH_INTERFACE_UNIFIED_API mHashOps[HASH_ALGO_COUNT] = {{{0}, NULL, NULL, NULL}};
+
+UINTN mBaseHashInterfaceCount = 0;
+UINT32 mCurrentHashMask = 0;
+
+UINT32
+EFIAPI
+GetApiHashMaskFromAlgo (
+  IN EFI_GUID  *HashGuid
+  )
+{
+  UINTN  Index;
+
+  for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
+    if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
+      return mHashMask[Index].Mask;
+    }
+  }
+  return 0;
+}
+
+/**
+  Init hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash start and HashHandle returned.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+  OUT  HASH_HANDLE   *HashHandle
+)
+{
+  HASH_HANDLE    *HashCtx;
+  UINTN   Index;
+  UINT32  HashMask;
+  UINT32  HashPolicy;
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = AllocatePool (sizeof(*HashCtx));
+  ASSERT (HashCtx != NULL);
+
+  for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+    if ((HashMask & HashPolicy) != 0) {
+      mHashOps[Index].HashInit (HashCtx);
+      break;
+    }
+  }
+
+  *HashHandle = (HASH_HANDLE)HashCtx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS          Hash updated.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+)
+{
+  HASH_HANDLE  *HashCtx;
+  UINTN        Index;
+  UINT32       HashMask;
+  UINT32       HashPolicy;
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = (HASH_HANDLE *)HashHandle;
+
+  for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+    if ((HashMask & HashPolicy) != 0) {
+      mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
+      break;
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  OUT UINT8       *Digest
+)
+{
+  HASH_HANDLE  *HashCtx;
+  UINTN        Index;
+  UINT32       HashMask;
+  UINT32       HashPolicy;
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = (HASH_HANDLE *)HashHandle;
+
+  for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+    if ((HashMask & HashPolicy) != 0) {
+      mHashOps[Index].HashFinal (HashCtx[0], &Digest);
+      break;
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  This service registers Hash Interface.
+
+  @param HashInterface  Hash interface
+
+  @retval EFI_SUCCESS          This hash interface is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this interface.
+  @retval EFI_ALREADY_STARTED  System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+  IN HASH_INTERFACE_UNIFIED_API   *HashInterface
+  )
+{
+  UINTN       Index;
+  UINT32      HashMask;
+
+  //
+  // Check Allow
+  //
+  HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
+
+
+  if (mBaseHashInterfaceCount >= sizeof(mHashOps)/sizeof(mHashOps[0])) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Check duplication
+  //
+  for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+    if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid)) {
+      DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has already been registered\n", &HashInterface->HashGuid));
+      return EFI_ALREADY_STARTED;
+    }
+  }
+
+  //
+  // Register the Hash Algo.
+  //
+  mCurrentHashMask = mCurrentHashMask | HashMask;
+
+  CopyMem (&mHashOps[mBaseHashInterfaceCount], HashInterface, sizeof(*HashInterface));
+  mBaseHashInterfaceCount ++;
+
+  DEBUG ((DEBUG_INFO,"RegisterHashApiLib: mBaseHashInterfaceCount update to 0x%x \n", mBaseHashInterfaceCount));
+
+  return EFI_SUCCESS;
+}
 
 /**
   The constructor function of BaseHashLib Dxe.
@@ -45,18 +240,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 EFI_STATUS
 EFIAPI
-BaseHashLibApiPeiConstructor (
+BaseHashLibApiDxeConstructor (
   IN EFI_HANDLE        ImageHandle,
   IN EFI_SYSTEM_TABLE  *SystemTable
   )
 {
-  EFI_STATUS    Status;
-
-  //
-  // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
-  //
-  Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
-  ASSERT_EFI_ERROR (Status);
+  mBaseHashInterfaceCount = 0;
+  mCurrentHashMask = 0;
 
   return EFI_SUCCESS;
 }
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
index 8ffe356b60e7..0fd0e2f42612 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
@@ -30,8 +30,318 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/DebugLib.h>
 #include <Library/PcdLib.h>
 #include <Library/HashLib.h>
+#include <Library/HobLib.h>
+#include <Guid/ZeroGuid.h>
 
-#include "BaseHashLib.h"
+#include <Library/BaseHashLib.h>
+#include "BaseHashLibCommon.h"
+
+#define BASEHASH_LIB_PEI_ROUTER_GUID \
+  { 0x19ea22c7, 0xf870, 0x4b5e, { 0x98, 0x86, 0x9c, 0x29, 0xb2, 0x20, 0xf0, 0x39 } }
+
+
+EFI_GUID mBaseHashLibPeiRouterGuid = BASEHASH_LIB_PEI_ROUTER_GUID;
+
+typedef struct {
+  //
+  // If gZeroGuid, SupportedHashMask is 0 for FIRST module which consumes HashLib
+  //   or the hash algorithm bitmap of LAST module which consumes HashLib.
+  //   HashInterfaceCount and HashInterface are all 0.
+  // If gEfiCallerIdGuid, HashInterfaceCount, HashInterface and SupportedHashMask
+  //   are the hash interface information of CURRENT module which consumes HashLib.
+  //
+  EFI_GUID         Identifier;
+  UINTN            HashInterfaceCount;
+  HASH_INTERFACE_UNIFIED_API HashInterface[HASH_ALGO_COUNT];
+  UINT32           SupportedHashMask;
+} HASH_INTERFACE_HOB;
+
+
+UINT32
+EFIAPI
+GetApiHashMaskFromAlgo (
+  IN EFI_GUID  *HashGuid
+  )
+{
+  UINTN  Index;
+
+  for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
+    if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
+      return mHashMask[Index].Mask;
+    }
+  }
+  return 0;
+}
+
+/**
+  This function gets hash interface hob.
+
+  @param Identifier    Identifier to get hash interface hob.
+
+  @retval hash interface hob.
+**/
+HASH_INTERFACE_HOB *
+InternalGetBaseHashInterfaceHob (
+  EFI_GUID      *Identifier
+  )
+{
+  EFI_PEI_HOB_POINTERS  Hob;
+  HASH_INTERFACE_HOB    *HashInterfaceHob;
+
+  Hob.Raw = GetFirstGuidHob (&mBaseHashLibPeiRouterGuid);
+  while (Hob.Raw != NULL) {
+    HashInterfaceHob = GET_GUID_HOB_DATA (Hob);
+    if (CompareGuid (&HashInterfaceHob->Identifier, Identifier)) {
+      //
+      // Found the matched one.
+      //
+      return HashInterfaceHob;
+    }
+    Hob.Raw = GET_NEXT_HOB (Hob);
+    Hob.Raw = GetNextGuidHob (&mBaseHashLibPeiRouterGuid, Hob.Raw);
+  }
+
+  return NULL;
+}
+
+/**
+  This function creates hash interface hob.
+
+  @param Identifier    Identifier to create hash interface hob.
+
+  @retval hash interface hob.
+**/
+HASH_INTERFACE_HOB *
+InternalCreateBaseHashInterfaceHob (
+  EFI_GUID      *Identifier
+  )
+{
+  HASH_INTERFACE_HOB LocalHashInterfaceHob;
+
+  ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
+  CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier);
+  return BuildGuidDataHob (&mBaseHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
+}
+
+/**
+  Init hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash start and HashHandle returned.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+  OUT  HASH_HANDLE   *HashHandle
+)
+{
+  HASH_HANDLE    *HashCtx;
+  HASH_INTERFACE_HOB *HashInterfaceHob;
+  UINTN   Index;
+  UINT32  HashMask;
+  UINT32  HashPolicy;
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+  if (HashInterfaceHob == NULL) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+    DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = AllocatePool (sizeof(*HashCtx));
+  ASSERT (HashCtx != NULL);
+
+  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+    if ((HashMask & HashPolicy) != 0) {
+      HashInterfaceHob->HashInterface[Index].HashInit (HashCtx);
+      break;
+    }
+  }
+
+  // Check for hash type supported
+  if(Index == HashInterfaceHob->HashInterfaceCount)
+    return EFI_UNSUPPORTED;
+
+  *HashHandle = (HASH_HANDLE)HashCtx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS          Hash updated.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+)
+{
+  HASH_INTERFACE_HOB *HashInterfaceHob;
+  HASH_HANDLE  *HashCtx;
+  UINTN        Index;
+  UINT32       HashMask;
+  UINT32       HashPolicy;
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+  if (HashInterfaceHob == NULL) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+    DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = (HASH_HANDLE *)HashHandle;
+
+  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+    if ((HashMask & HashPolicy) != 0) {
+      HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
+      break;
+    }
+  }
+
+    // Check for hash type supported
+  if(Index == HashInterfaceHob->HashInterfaceCount) {
+    return EFI_UNSUPPORTED;
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  OUT UINT8      *Digest
+)
+{
+  HASH_INTERFACE_HOB *HashInterfaceHob;
+  HASH_HANDLE  *HashCtx;
+  UINTN        Index;
+  UINT32       HashMask;
+  UINT32       HashPolicy;
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+  if (HashInterfaceHob == NULL) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+      DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = (HASH_HANDLE *)HashHandle;
+
+  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+    if (HashMask & HashPolicy) {
+      HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[0], &Digest);
+      break;
+    }
+  }
+
+  // Check for hash type supported
+  if(Index == HashInterfaceHob->HashInterfaceCount){
+    return EFI_UNSUPPORTED;
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  This service registers Hash Interface.
+
+  @param HashInterface  Hash interface
+
+  @retval EFI_SUCCESS          This hash interface is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this interface.
+  @retval EFI_ALREADY_STARTED  System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+  IN HASH_INTERFACE_UNIFIED_API   *HashInterface
+  )
+{
+//  EFI_STATUS  Status;
+  UINTN       Index;
+  UINT32      HashMask;
+  HASH_INTERFACE_HOB *HashInterfaceHob;
+
+  //
+  // Check Allow
+  //
+  HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+  if (HashInterfaceHob == NULL) {
+    HashInterfaceHob = InternalCreateBaseHashInterfaceHob (&gEfiCallerIdGuid);
+    if (HashInterfaceHob == NULL) {
+      return EFI_OUT_OF_RESOURCES;
+    } else {
+        // Initialize SupportedHashMask
+        HashInterfaceHob->SupportedHashMask = 0;
+    }
+  }
+
+  if (HashInterfaceHob->HashInterfaceCount >= HASH_COUNT) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Check duplication
+  //
+  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+    if (CompareGuid (&HashInterfaceHob->HashInterface[Index].HashGuid, &HashInterface->HashGuid)) {
+      DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been already registered\n", &HashInterface->HashGuid));
+      return EFI_ALREADY_STARTED;
+    }
+  }
+
+  //
+  // Register the Hash Algo.
+  //
+  HashInterfaceHob->SupportedHashMask = HashInterfaceHob->SupportedHashMask | HashMask;
+
+  CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface));
+  HashInterfaceHob->HashInterfaceCount ++;
+
+  DEBUG ((DEBUG_INFO,"RegisterHashApiLib: HashInterfaceCount 0x%x  SupportedHashMask 0x%x \n",  HashInterfaceHob->HashInterfaceCount, HashInterfaceHob->SupportedHashMask));
+
+  return EFI_SUCCESS;
+}
 
 /**
   The constructor function of BaseHashLib Pei.
@@ -50,13 +360,37 @@ BaseHashLibApiPeiConstructor (
   IN CONST EFI_PEI_SERVICES     **PeiServices
   )
 {
-  EFI_STATUS    Status;
+//  EFI_STATUS    Status;
+  HASH_INTERFACE_HOB    *HashInterfaceHob;
 
-  //
-  // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
-  //
-  Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
-  ASSERT_EFI_ERROR (Status);
+  DEBUG ((DEBUG_INFO,"Calling BaseHashLibApiPeiConstructor.. \n"));
+
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gZeroGuid);
+  if (HashInterfaceHob == NULL) {
+    //
+    // No HOB with gZeroGuid Identifier has been created,
+    // this is FIRST module which consumes HashLib.
+    // Create the HOB with gZeroGuid Identifier.
+    //
+    HashInterfaceHob = InternalCreateBaseHashInterfaceHob (&gZeroGuid);
+    if (HashInterfaceHob == NULL) {
+      return EFI_OUT_OF_RESOURCES;
+    }
+  }
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+  if (HashInterfaceHob != NULL) {
+    //
+    // In PEI phase, some modules may call RegisterForShadow and will be
+    // shadowed and executed again after memory is discovered.
+    // This is the second execution of this module, clear the hash interface
+    // information registered at its first execution.
+    //
+    ZeroMem (&HashInterfaceHob->HashInterface, sizeof (HashInterfaceHob->HashInterface));
+    HashInterfaceHob->HashInterfaceCount = 0;
+    HashInterfaceHob->SupportedHashMask = 0;
+  }
 
   return EFI_SUCCESS;
 }
\ No newline at end of file
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
index 06e88f00d70b..175499e7609c 100644
--- a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/DebugLib.h>
 #include <Library/BaseCryptLib.h>
 #include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
 
 /**
   Start hash sequence.
diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
index 129d60a387fd..9222a12a3273 100644
--- a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
+++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/DebugLib.h>
 #include <Library/BaseCryptLib.h>
 #include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
 
 /**
   Start hash sequence.
diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
index 0d1b8f3e877a..c23b1a567172 100644
--- a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
+++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/DebugLib.h>
 #include <Library/BaseCryptLib.h>
 #include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
 
 /**
   Start hash sequence.
diff --git a/SecurityPkg/Include/Library/BaseHashLib.h b/SecurityPkg/Include/Library/BaseHashLib.h
new file mode 100644
index 000000000000..36dd2912d7eb
--- /dev/null
+++ b/SecurityPkg/Include/Library/BaseHashLib.h
@@ -0,0 +1,153 @@
+/** @file
+  The internal header file includes the common header files, defines
+  internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BASEHASHLIB_H_
+#define __BASEHASHLIB_H_
+
+#include <Uefi.h>
+#include <Protocol/Hash.h>
+#include <Library/HashLib.h>
+
+//
+// Hash Algorithms
+//
+#define HASH_ALG_DEFAULT    0x00000000
+#define HASH_ALG_SHA1       0x00000001
+#define HASH_ALG_SHA256     0x00000002
+#define HASH_ALG_SHA384     0x00000004
+#define HASH_ALG_SHA512     0x00000008
+#define HASH_ALG_SM3_256    0x00000010
+
+
+/**
+  Init hash sequence.
+
+  @param HashType   Type of hash algorithm.
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash start and HashHandle returned.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+  IN   UINT32         HashType,
+  OUT  HASH_HANDLE   *HashHandle
+);
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param HashType   Type of hash algorithm.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS          Hash updated.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN UINT32         HashType,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+);
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param HashType      Type of hash algorithm.
+  @param Digest        Hash Digest.
+
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  IN  UINT32      HashType,
+  OUT UINT8       *Digest
+);
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_INIT) (
+  OUT HASH_HANDLE    *HashHandle
+  );
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_UPDATE) (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  );
+
+/**
+  Hash complete.
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_FINAL_EX) (
+  IN  HASH_HANDLE      HashHandle,
+  OUT UINT8            **Digest
+  );
+
+typedef struct {
+  EFI_GUID                                HashGuid;
+  BASE_HASH_INIT                          HashInit;
+  BASE_HASH_UPDATE                        HashUpdate;
+  BASE_HASH_FINAL_EX                      HashFinal;
+} HASH_INTERFACE_UNIFIED_API;
+
+/**
+  This service registers Hash Interface.
+
+  @param HashInterface  Hash interface
+
+  @retval EFI_SUCCESS          This hash interface is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this interface.
+  @retval EFI_ALREADY_STARTED  System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+  IN HASH_INTERFACE_UNIFIED_API *HashInterface
+);
+
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 740cb8188e51..6ad960ad70ee 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -87,53 +87,6 @@ HashAndExtend (
   OUT TPML_DIGEST_VALUES            *DigestList
   );
 
-/**
-  Init hash sequence.
-
-  @param HashHandle Hash handle.
-
-  @retval EFI_SUCCESS          Hash start and HashHandle returned.
-  @retval EFI_UNSUPPORTED      System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiInit (
-  OUT  HASH_HANDLE   *HashHandle
-);
-
-/**
-  Update hash data.
-
-  @param HashHandle    Hash handle.
-  @param DataToHash    Data to be hashed.
-  @param DataToHashLen Data size.
-
-  @retval EFI_SUCCESS          Hash updated.
-  @retval EFI_UNSUPPORTED      System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiUpdate (
-  IN HASH_HANDLE    HashHandle,
-  IN VOID           *DataToHash,
-  IN UINTN          DataToHashLen
-);
-
-/**
-  Hash complete.
-
-  @param HashHandle    Hash handle.
-  @param Digest        Hash Digest.
-
-  @retval EFI_SUCCESS     Hash complete and Digest is returned.
-**/
-EFI_STATUS
-EFIAPI
-HashApiFinal (
-  IN  HASH_HANDLE HashHandle,
-  OUT UINT8       *Digest
-);
-
 /**
   Start hash sequence.
 
@@ -180,21 +133,6 @@ EFI_STATUS
   OUT TPML_DIGEST_VALUES *DigestList
   );
 
-/**
-  Hash complete.
-
-  @param HashHandle    Hash handle.
-  @param Digest        Hash Digest.
-
-  @retval EFI_SUCCESS     Hash complete and Digest is returned.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *HASH_FINAL_EX) (
-  IN  HASH_HANDLE      HashHandle,
-  OUT UINT8            **Digest
-  );
-
 #define HASH_ALGORITHM_SHA1_GUID    EFI_HASH_ALGORITHM_SHA1_GUID
 #define HASH_ALGORITHM_SHA256_GUID  EFI_HASH_ALGORITHM_SHA256_GUID
 #define HASH_ALGORITHM_SHA384_GUID  EFI_HASH_ALGORITHM_SHA384_GUID
@@ -211,13 +149,6 @@ typedef struct {
   HASH_FINAL                         HashFinal;
 } HASH_INTERFACE;
 
-typedef struct {
-  EFI_GUID                           HashGuid;
-  HASH_INIT                          HashInit;
-  HASH_UPDATE                        HashUpdate;
-  HASH_FINAL_EX                      HashFinal;
-} HASH_INTERFACE_UNIFIED_API;
-
 /**
   This service register Hash.
 
@@ -233,18 +164,4 @@ RegisterHashInterfaceLib (
   IN HASH_INTERFACE   *HashInterface
   );
 
-/**
-  This service registers Hash Interface.
-
-  @param HashInterface  Hash interface
-
-  @retval EFI_SUCCESS          This hash interface is registered successfully.
-  @retval EFI_UNSUPPORTED      System does not support register this interface.
-  @retval EFI_ALREADY_STARTED  System already register this interface.
-**/
-EFI_STATUS
-EFIAPI
-RegisterHashApiLib (
-  IN HASH_INTERFACE_UNIFIED_API *HashInterface
-);
 #endif
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h b/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
deleted file mode 100644
index 70676c1716c3..000000000000
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/** @file
-  The internal header file includes the common header files, defines
-  internal structure and functions used by ImageVerificationLib.
-
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution.  The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __BASEHASHLIB_H_
-#define __BASEHASHLIB_H_
-
-#define HASH_ALGO_COUNT 7
-
-//
-// Hash Algorithms
-//
-#define HASH_ALG_SHA1    0x00000001
-#define HASH_ALG_SHA256  0x00000002
-#define HASH_ALG_SHA384  0x00000004
-#define HASH_ALG_SHA512  0x00000008
-#define HASH_ALG_SM3_256 0x00000010
-#if 0
-typedef 
-UINTN
-(EFIAPI *GET_HASH_CTX_SIZE) (
-  VOID
-  );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_INIT) (
-  OUT  VOID  *ShaContext
-  );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_DUPLICATE) (
-  IN   CONST VOID  *ShaContext,
-  OUT  VOID        *NewShaContext
-  );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_UPDATE) (
-  IN OUT  VOID        *ShaContext,
-  IN      CONST VOID  *Data,
-  IN      UINTN       DataSize
-  );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_FINAL) (
-  IN OUT  VOID   *ShaContext,
-  OUT     UINT8  *HashValue
-  );
-
-HASH_ALGO_IDX
-GetHashAlgoIndex (
-  VOID
-);
-
-typedef struct {
-  HASH_ALGO_IDX     HashAlgo;
-  GET_HASH_CTX_SIZE  GetHashCtxSize;
-  _HASH_INIT          HashInit;
-  _HASH_DUPLICATE     HashDuplicate;
-  _HASH_UPDATE        HashUpdate;
-  _HASH_FINAL         HashFinal;
-} HASH_OPERATIONS;
-
-
-EFI_STATUS
-EFIAPI
-RegisterHashLib (
-  IN HASH_OPERATIONS   *HashInterface
-);
-#endif
-#endif
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
new file mode 100644
index 000000000000..dc4839d16600
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
@@ -0,0 +1,35 @@
+/** @file
+  The internal header file includes the common header files, defines
+  internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BASEHASHLIB_COMMON_H_
+#define __BASEHASHLIB_COMMON_H_
+
+#define HASH_ALGO_COUNT 5
+
+
+typedef struct {
+  EFI_GUID  Guid;
+  UINT32    Mask;
+} HASH_MASK;
+
+HASH_MASK mHashMask[] = {
+  {HASH_ALGORITHM_SHA1_GUID,         HASH_ALG_SHA1},
+  {HASH_ALGORITHM_SHA256_GUID,       HASH_ALG_SHA256},
+  {HASH_ALGORITHM_SHA384_GUID,       HASH_ALG_SHA384},
+  {HASH_ALGORITHM_SHA512_GUID,       HASH_ALG_SHA512},
+  {HASH_ALGORITHM_SM3_256_GUID,      HASH_ALG_SM3_256},
+};
+
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
index f5dcbedb2cd9..a8d6c0f37570 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
@@ -43,7 +43,5 @@ [LibraryClasses]
   PcdLib
 
 [Pcd]
-  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask             ## CONSUMES
-  gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap    ## CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
 
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
index 07e95a5a9c0f..872989f2352d 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
@@ -44,7 +44,5 @@ [LibraryClasses]
   PcdLib
 
 [Pcd]
-  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask             ## CONSUMES
-  gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap    ## CONSUMES
-  gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
 
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index b03677a5411c..2f31b0192fdb 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -515,14 +515,5 @@ [PcdsDynamic, PcdsDynamicEx]
   # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
   gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy|0x02|UINT32|0x00010024
 
-  ## This PCD indicated final BIOS supported Hash mask for Base Hash API.
-  #    Bios may choose to register a subset of PcdTpm2HashMask.
-  #    This PCD is final value of how many hash algo are registered with
-  #    Base Hash API.
-  # This PCD will start with value 0 by the Base Hash API constructor and
-  # the value will be updated as Hash Algo are registered.
-  # @Prompt Hash Algorithm bitmap for Base Hash API.
-  gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap|0xFFFFFFFF|UINT32|0x00010025
-
 [UserExtensions.TianoCore."ExtraFiles"]
   SecurityPkgExtra.uni
diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni
index 2dc77279210c..c9d12535b5f4 100644
--- a/SecurityPkg/SecurityPkg.uni
+++ b/SecurityPkg/SecurityPkg.uni
@@ -309,12 +309,3 @@
                                                                                         "0x00000003  -  SHA384.<BR>\n"
                                                                                         "0x00000004  -  SHA512.<BR>\n"
                                                                                         "0x00000005  -  SM3.<BR>"
-
-#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_PROMPT  #language en-US "Hash Algorithm bitmap for Base Hash API."
-
-#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_HELP  #language en-US "This PCD indicated final BIOS supported Hash mask for Base Hash API.\n"
-                                                                                        "Bios may choose to register a subset of PcdTpm2HashMask.<BR>\n"
-                                                                                        "This PCD is final value of how many hash algo are registered with\n"
-                                                                                        "Base Hash API.<BR>\n"
-                                                                                        "This PCD will start with value 0 by the Base Hash API constructor and\n"
-                                                                                        "the value will be updated as Hash Algo are registered.<BR>\n"
-- 
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH v1 6/6] SecurityPkg/HashApiInstanceSM3: Implement API registration mechanism for SM3
  2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
                   ` (4 preceding siblings ...)
  2019-12-18 21:50 ` [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib Sukerkar, Amol N
@ 2019-12-18 21:50 ` Sukerkar, Amol N
  5 siblings, 0 replies; 8+ messages in thread
From: Sukerkar, Amol N @ 2019-12-18 21:50 UTC (permalink / raw)
  To: devel; +Cc: michael.d.kinney, sachin.agrawal, self, Subash Lakkimsetti

This is the HashApiInstance implementation for SM3 which registers the SM3
hash library in CryptoPkg with BaseHashLib based on whether a platform supports
SM3 hash algorithm.

Signed-off-by: Subash Lakkimsetti <subashx.lakkimsetti@intel.com>
Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
 SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.c   | 128 ++++++++++++++++++++
 SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.inf |  40 ++++++
 SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.uni |  16 +++
 3 files changed, 184 insertions(+)

diff --git a/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.c b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.c
new file mode 100644
index 000000000000..391f482c1520
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.c
@@ -0,0 +1,128 @@
+/** @file
+  This library is BaseCrypto Sm3 hash instance.
+  It can be registered to BaseCrypto router, to serve as hash engine.
+
+Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved. <BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiPei.h>
+#include <Library/BaseLib.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/DebugLib.h>
+#include <Library/BaseCryptLib.h>
+#include <Library/MemoryAllocationLib.h>
+#include <Library/BaseHashLib.h>
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+EFI_STATUS
+EFIAPI
+Sm3_Init (
+  OUT HASH_HANDLE    *HashHandle
+  )
+{
+  VOID     *Sm3Ctx;
+  UINTN    CtxSize;
+
+  CtxSize = Sm3GetContextSize ();
+  Sm3Ctx = AllocatePool (CtxSize);
+  ASSERT (Sm3Ctx != NULL);
+
+  Sm3Init (Sm3Ctx);
+
+  *HashHandle = (HASH_HANDLE)Sm3Ctx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+EFI_STATUS
+EFIAPI
+Sm3_Update (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  )
+{
+  VOID     *Sm3Ctx;
+
+  Sm3Ctx = (VOID *)HashHandle;
+  Sm3Update (Sm3Ctx, DataToHash, DataToHashLen);
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Complete hash sequence complete.
+
+  @param HashHandle    Hash handle.
+  @param DigestList    Digest list.
+
+  @retval EFI_SUCCESS     Hash sequence complete and DigestList is returned.
+**/
+EFI_STATUS
+EFIAPI
+Sm3_Final (
+  IN HASH_HANDLE         HashHandle,
+  OUT UINT8            **Digest
+  )
+{
+  UINT8         Sm3Digest[SM3_256_DIGEST_SIZE];
+  VOID          *Sm3Ctx;
+
+  Sm3Ctx = (VOID *)HashHandle;
+  Sm3Final (Sm3Ctx, Sm3Digest);
+
+  CopyMem (*Digest, Sm3Digest, SM3_256_DIGEST_SIZE);
+
+  FreePool (Sm3Ctx);
+
+  return EFI_SUCCESS;
+}
+
+HASH_INTERFACE_UNIFIED_API  mSm3InternalHashApiInstance = {
+  HASH_ALGORITHM_SM3_256_GUID,
+  Sm3_Init,
+  Sm3_Update,
+  Sm3_Final,
+};
+
+/**
+  The function register Sm3 instance.
+
+  @retval EFI_SUCCESS   Sm3 instance is registered, or system dose not surpport registr Sm3 instance
+**/
+EFI_STATUS
+EFIAPI
+HashApiInstanceSm3Constructor (
+  VOID
+  )
+{
+  EFI_STATUS  Status;
+
+  Status = RegisterHashApiLib (&mSm3InternalHashApiInstance);
+  if ((Status == EFI_SUCCESS) || (Status == EFI_UNSUPPORTED)) {
+    //
+    // Unsupported means platform policy does not need this instance enabled.
+    //
+    DEBUG ((DEBUG_ERROR, "[ansukerk]: Hash Interface Sm3 is registered\n"));
+    return EFI_SUCCESS;
+  }
+  return Status;
+}
diff --git a/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.inf b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.inf
new file mode 100644
index 000000000000..ae328bfbf41f
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.inf
@@ -0,0 +1,40 @@
+## @file
+#  Provides BaseCrypto SM3 hash service
+#
+#  This library can be registered to BaseCrypto router, to serve as hash engine.
+#
+# Copyright (c) 2013 - 2019, Intel Corporation. All rights reserved.<BR>
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+##
+
+[Defines]
+  INF_VERSION                    = 0x00010005
+  BASE_NAME                      = HashApiInstanceSm3
+  MODULE_UNI_FILE                = HashApiInstanceSm3.uni
+  FILE_GUID                      = 9A7A6AB4-9DA6-4aa4-90CB-6D4B79EDA7B9
+  MODULE_TYPE                    = BASE
+  VERSION_STRING                 = 1.0
+  LIBRARY_CLASS                  = NULL
+  CONSTRUCTOR                    = HashApiInstanceSm3Constructor
+
+#
+# The following information is for reference only and not required by the build tools.
+#
+#  VALID_ARCHITECTURES           = IA32 X64
+#
+
+[Sources]
+  HashApiInstanceSm3.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  CryptoPkg/CryptoPkg.dec
+
+[LibraryClasses]
+  BaseLib
+  BaseMemoryLib
+  DebugLib
+  MemoryAllocationLib
+  BaseCryptLib
diff --git a/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.uni b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.uni
new file mode 100644
index 000000000000..8f9712b1520e
--- /dev/null
+++ b/SecurityPkg/Library/HashApiInstanceSm3/HashApiInstanceSm3.uni
@@ -0,0 +1,16 @@
+// /** @file
+// Provides BaseCrypto SM3 hash service
+//
+// This library can be registered to BaseCrypto router, to serve as hash engine.
+//
+// Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+//
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+//
+// **/
+
+
+#string STR_MODULE_ABSTRACT             #language en-US "Provides BaseCrypto SM3 hash service API"
+
+#string STR_MODULE_DESCRIPTION          #language en-US "This library can be registered to Base Hash API, to serve as hash engine."
+
-- 
2.16.2.windows.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2019-12-18 21:50 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 1/6] SecurityPkg/BaseHashLib: Implement a unified " Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 2/6] SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism for SHA1 Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 3/6] SecurityPkg/HashApiInstanceSha256: Implement API registration mechanism for SHA256 Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 4/6] SecurityPkg/HashApiInstanceSha384: Implement API registration mechanism for SHA384 Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 6/6] SecurityPkg/HashApiInstanceSM3: Implement API registration mechanism for SM3 Sukerkar, Amol N
  -- strict thread matches above, loose matches on Subject: below --
2019-12-18 21:32 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
2019-12-18 21:32 ` [PATCH v1 2/6] SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism for SHA1 Sukerkar, Amol N

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox