public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Sukerkar, Amol N" <amol.n.sukerkar@intel.com>
To: devel@edk2.groups.io
Cc: michael.d.kinney@intel.com, sachin.agrawal@intel.com, self
Subject: [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib
Date: Wed, 18 Dec 2019 14:50:36 -0700	[thread overview]
Message-ID: <20191218215037.1630-6-amol.n.sukerkar@intel.com> (raw)
In-Reply-To: <20191218215037.1630-1-amol.n.sukerkar@intel.com>

A gEfiCallerIdGuid needs to be introduced in the BaseHashLibPei method to save
the hash mask of registered API instances of hashing algorithms.

gEfiCallerIdGuid saves the last registered hash mask as a HOB that can be
modified or updated with the subsequent registration of API instances of
hashing algorithms based on PcdSystemHashPolicy.

Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
---
 SecurityPkg/Library/BaseHashLib/BaseHashLib.c                     | 236 -------------
 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c                  | 210 +++++++++++-
 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c                  | 348 +++++++++++++++++++-
 SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c     |   2 +-
 SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c |   2 +-
 SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c |   2 +-
 SecurityPkg/Include/Library/BaseHashLib.h                         | 153 +++++++++
 SecurityPkg/Include/Library/HashLib.h                             |  83 -----
 SecurityPkg/Library/BaseHashLib/BaseHashLib.h                     |  85 -----
 SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h               |  35 ++
 SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf                |   2 -
 SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf                |   4 +-
 SecurityPkg/SecurityPkg.dec                                       |   9 -
 SecurityPkg/SecurityPkg.uni                                       |   9 -
 14 files changed, 733 insertions(+), 447 deletions(-)

diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c b/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
deleted file mode 100644
index 2ad83387799d..000000000000
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLib.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/** @file
-  Implement image verification services for secure boot service
-
-  Caution: This file requires additional review when modified.
-  This library will have external input - PE/COFF image.
-  This external input must be validated carefully to avoid security issue like
-  buffer overflow, integer overflow.
-
-  DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
-  read is within the image buffer.
-
-  DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
-  untrusted PE/COFF image and validate its data structure within this image buffer before use.
-
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
-(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution.  The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/DebugLib.h>
-#include <Library/PcdLib.h>
-#include <Library/HashLib.h>
-
-//#include "BaseHashLib.h"
-
-typedef struct {
-  EFI_GUID  Guid;
-  UINT32    Mask;
-} HASH_MASK;
-
-HASH_MASK mHashMask[] = {
-  {HASH_ALGORITHM_SHA1_GUID,         HASH_ALG_SHA1},
-  {HASH_ALGORITHM_SHA256_GUID,       HASH_ALG_SHA256},
-  {HASH_ALGORITHM_SHA384_GUID,       HASH_ALG_SHA384},
-  {HASH_ALGORITHM_SHA512_GUID,       HASH_ALG_SHA512},
-};
-
-HASH_INTERFACE_UNIFIED_API mHashOps[HASH_COUNT] = {{{0}, NULL, NULL, NULL}};
-
-UINTN mHashInterfaceCount = 0;
-UINT32 mCurrentHashMask = 0;
-
-UINT32
-EFIAPI
-GetApiHashMaskFromAlgo (
-  IN EFI_GUID  *HashGuid
-  )
-{
-  UINTN  Index;
-
-  for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
-    if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
-      return mHashMask[Index].Mask;
-    }
-  }
-  return 0;
-}
-
-/**
-  Init hash sequence.
-
-  @param HashHandle Hash handle.
-
-  @retval EFI_SUCCESS          Hash start and HashHandle returned.
-  @retval EFI_UNSUPPORTED      System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiInit (
-  OUT  HASH_HANDLE   *HashHandle
-)
-{
-  HASH_HANDLE    *HashCtx;
-  UINTN   Index;
-  UINT32  HashMask;
-
-  if (mHashInterfaceCount == 0) {
-    return EFI_UNSUPPORTED;
-  }
-
-  HashCtx = AllocatePool (sizeof(*HashCtx));
-  ASSERT (HashCtx != NULL);
-
-  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
-    if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
-        (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
-      mHashOps[Index].HashInit (HashCtx);
-    }
-  }
-
-  *HashHandle = (HASH_HANDLE)HashCtx;
-
-  return EFI_SUCCESS;
-}
-
-/**
-  Update hash data.
-
-  @param HashHandle    Hash handle.
-  @param DataToHash    Data to be hashed.
-  @param DataToHashLen Data size.
-
-  @retval EFI_SUCCESS          Hash updated.
-  @retval EFI_UNSUPPORTED      System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiUpdate (
-  IN HASH_HANDLE    HashHandle,
-  IN VOID           *DataToHash,
-  IN UINTN          DataToHashLen
-)
-{
-  HASH_HANDLE  *HashCtx;
-  UINTN        Index;
-  UINT32       HashMask;
-
-  if (mHashInterfaceCount == 0) {
-    return EFI_UNSUPPORTED;
-  }
-
-  HashCtx = (HASH_HANDLE *)HashHandle;
-
-  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
-    if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
-        (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
-      mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
-    }
-  }
-
-  return EFI_SUCCESS;
-}
-
-/**
-  Hash complete.
-
-  @param HashHandle    Hash handle.
-  @param Digest        Hash Digest.
-
-  @retval EFI_SUCCESS     Hash complete and Digest is returned.
-**/
-EFI_STATUS
-EFIAPI
-HashApiFinal (
-  IN  HASH_HANDLE HashHandle,
-  OUT UINT8       *Digest
-)
-{
-  HASH_HANDLE  *HashCtx;
-  UINTN        Index;
-  UINT32       HashMask;
-
-  if (mHashInterfaceCount == 0) {
-    return EFI_UNSUPPORTED;
-  }
-
-  HashCtx = (HASH_HANDLE *)HashHandle;
-
-  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
-    if ((HashMask & PcdGet32 (PcdHashAlgorithmBitmap)) != 0 &&
-        (HashMask & PcdGet32 (PcdSystemHashPolicy)) != 0) {
-      mHashOps[Index].HashFinal (HashCtx[0], &Digest);
-    }
-  }
-
-  return EFI_SUCCESS;
-}
-
-/**
-  This service registers Hash Interface.
-
-  @param HashInterface  Hash interface
-
-  @retval EFI_SUCCESS          This hash interface is registered successfully.
-  @retval EFI_UNSUPPORTED      System does not support register this interface.
-  @retval EFI_ALREADY_STARTED  System already register this interface.
-**/
-EFI_STATUS
-EFIAPI
-RegisterHashApiLib (
-  IN HASH_INTERFACE_UNIFIED_API   *HashInterface
-  )
-{
-  EFI_STATUS  Status;
-  UINTN       Index;
-  UINT32      HashMask;
-
-  //
-  // Check Allow
-  //
-  HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
-
-  // check if Hash Mask is supported
-  if ((HashMask & PcdGet32 (PcdTpm2HashMask)) == 0) {
-    return EFI_UNSUPPORTED;
-  }
-
-  if (mHashInterfaceCount >= sizeof(mHashOps)/sizeof(mHashOps[0])) {
-    return EFI_OUT_OF_RESOURCES;
-  }
-
-  //
-  // Check duplication
-  //
-  for (Index = 0; Index < mHashInterfaceCount; Index++) {
-    if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid)) {
-      DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n", &HashInterface->HashGuid));
-      return EFI_ALREADY_STARTED;
-    }
-  }
-
-  //
-  // Register the Hash Algo.
-  //
-  mCurrentHashMask = PcdGet32 (PcdHashAlgorithmBitmap) | HashMask;
-  Status = PcdSet32S (PcdHashAlgorithmBitmap, mCurrentHashMask);
-  ASSERT_EFI_ERROR (Status);
-
-  CopyMem (&mHashOps[mHashInterfaceCount], HashInterface, sizeof(*HashInterface));
-  mHashInterfaceCount ++;
-
-  return EFI_SUCCESS;
-}
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
index 5de94d80fad5..f292558e3e40 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
@@ -29,9 +29,204 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/MemoryAllocationLib.h>
 #include <Library/DebugLib.h>
 #include <Library/PcdLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
 
-#include "BaseHashLib.h"
+#include "BaseHashLibCommon.h"
+
+
+HASH_INTERFACE_UNIFIED_API mHashOps[HASH_ALGO_COUNT] = {{{0}, NULL, NULL, NULL}};
+
+UINTN mBaseHashInterfaceCount = 0;
+UINT32 mCurrentHashMask = 0;
+
+UINT32
+EFIAPI
+GetApiHashMaskFromAlgo (
+  IN EFI_GUID  *HashGuid
+  )
+{
+  UINTN  Index;
+
+  for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
+    if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
+      return mHashMask[Index].Mask;
+    }
+  }
+  return 0;
+}
+
+/**
+  Init hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash start and HashHandle returned.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+  OUT  HASH_HANDLE   *HashHandle
+)
+{
+  HASH_HANDLE    *HashCtx;
+  UINTN   Index;
+  UINT32  HashMask;
+  UINT32  HashPolicy;
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = AllocatePool (sizeof(*HashCtx));
+  ASSERT (HashCtx != NULL);
+
+  for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+    if ((HashMask & HashPolicy) != 0) {
+      mHashOps[Index].HashInit (HashCtx);
+      break;
+    }
+  }
+
+  *HashHandle = (HASH_HANDLE)HashCtx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS          Hash updated.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+)
+{
+  HASH_HANDLE  *HashCtx;
+  UINTN        Index;
+  UINT32       HashMask;
+  UINT32       HashPolicy;
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = (HASH_HANDLE *)HashHandle;
+
+  for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+    if ((HashMask & HashPolicy) != 0) {
+      mHashOps[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
+      break;
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  OUT UINT8       *Digest
+)
+{
+  HASH_HANDLE  *HashCtx;
+  UINTN        Index;
+  UINT32       HashMask;
+  UINT32       HashPolicy;
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((mBaseHashInterfaceCount == 0) || !(mCurrentHashMask & HashPolicy)) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = (HASH_HANDLE *)HashHandle;
+
+  for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&mHashOps[Index].HashGuid);
+    if ((HashMask & HashPolicy) != 0) {
+      mHashOps[Index].HashFinal (HashCtx[0], &Digest);
+      break;
+    }
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  This service registers Hash Interface.
+
+  @param HashInterface  Hash interface
+
+  @retval EFI_SUCCESS          This hash interface is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this interface.
+  @retval EFI_ALREADY_STARTED  System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+  IN HASH_INTERFACE_UNIFIED_API   *HashInterface
+  )
+{
+  UINTN       Index;
+  UINT32      HashMask;
+
+  //
+  // Check Allow
+  //
+  HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
+
+
+  if (mBaseHashInterfaceCount >= sizeof(mHashOps)/sizeof(mHashOps[0])) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Check duplication
+  //
+  for (Index = 0; Index < mBaseHashInterfaceCount; Index++) {
+    if (CompareGuid (&mHashOps[Index].HashGuid, &HashInterface->HashGuid)) {
+      DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has already been registered\n", &HashInterface->HashGuid));
+      return EFI_ALREADY_STARTED;
+    }
+  }
+
+  //
+  // Register the Hash Algo.
+  //
+  mCurrentHashMask = mCurrentHashMask | HashMask;
+
+  CopyMem (&mHashOps[mBaseHashInterfaceCount], HashInterface, sizeof(*HashInterface));
+  mBaseHashInterfaceCount ++;
+
+  DEBUG ((DEBUG_INFO,"RegisterHashApiLib: mBaseHashInterfaceCount update to 0x%x \n", mBaseHashInterfaceCount));
+
+  return EFI_SUCCESS;
+}
 
 /**
   The constructor function of BaseHashLib Dxe.
@@ -45,18 +240,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 EFI_STATUS
 EFIAPI
-BaseHashLibApiPeiConstructor (
+BaseHashLibApiDxeConstructor (
   IN EFI_HANDLE        ImageHandle,
   IN EFI_SYSTEM_TABLE  *SystemTable
   )
 {
-  EFI_STATUS    Status;
-
-  //
-  // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
-  //
-  Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
-  ASSERT_EFI_ERROR (Status);
+  mBaseHashInterfaceCount = 0;
+  mCurrentHashMask = 0;
 
   return EFI_SUCCESS;
 }
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
index 8ffe356b60e7..0fd0e2f42612 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
@@ -30,8 +30,318 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #include <Library/DebugLib.h>
 #include <Library/PcdLib.h>
 #include <Library/HashLib.h>
+#include <Library/HobLib.h>
+#include <Guid/ZeroGuid.h>
 
-#include "BaseHashLib.h"
+#include <Library/BaseHashLib.h>
+#include "BaseHashLibCommon.h"
+
+#define BASEHASH_LIB_PEI_ROUTER_GUID \
+  { 0x19ea22c7, 0xf870, 0x4b5e, { 0x98, 0x86, 0x9c, 0x29, 0xb2, 0x20, 0xf0, 0x39 } }
+
+
+EFI_GUID mBaseHashLibPeiRouterGuid = BASEHASH_LIB_PEI_ROUTER_GUID;
+
+typedef struct {
+  //
+  // If gZeroGuid, SupportedHashMask is 0 for FIRST module which consumes HashLib
+  //   or the hash algorithm bitmap of LAST module which consumes HashLib.
+  //   HashInterfaceCount and HashInterface are all 0.
+  // If gEfiCallerIdGuid, HashInterfaceCount, HashInterface and SupportedHashMask
+  //   are the hash interface information of CURRENT module which consumes HashLib.
+  //
+  EFI_GUID         Identifier;
+  UINTN            HashInterfaceCount;
+  HASH_INTERFACE_UNIFIED_API HashInterface[HASH_ALGO_COUNT];
+  UINT32           SupportedHashMask;
+} HASH_INTERFACE_HOB;
+
+
+UINT32
+EFIAPI
+GetApiHashMaskFromAlgo (
+  IN EFI_GUID  *HashGuid
+  )
+{
+  UINTN  Index;
+
+  for (Index = 0; Index < sizeof(mHashMask)/sizeof(mHashMask[0]); Index++) {
+    if (CompareGuid (HashGuid, &mHashMask[Index].Guid)) {
+      return mHashMask[Index].Mask;
+    }
+  }
+  return 0;
+}
+
+/**
+  This function gets hash interface hob.
+
+  @param Identifier    Identifier to get hash interface hob.
+
+  @retval hash interface hob.
+**/
+HASH_INTERFACE_HOB *
+InternalGetBaseHashInterfaceHob (
+  EFI_GUID      *Identifier
+  )
+{
+  EFI_PEI_HOB_POINTERS  Hob;
+  HASH_INTERFACE_HOB    *HashInterfaceHob;
+
+  Hob.Raw = GetFirstGuidHob (&mBaseHashLibPeiRouterGuid);
+  while (Hob.Raw != NULL) {
+    HashInterfaceHob = GET_GUID_HOB_DATA (Hob);
+    if (CompareGuid (&HashInterfaceHob->Identifier, Identifier)) {
+      //
+      // Found the matched one.
+      //
+      return HashInterfaceHob;
+    }
+    Hob.Raw = GET_NEXT_HOB (Hob);
+    Hob.Raw = GetNextGuidHob (&mBaseHashLibPeiRouterGuid, Hob.Raw);
+  }
+
+  return NULL;
+}
+
+/**
+  This function creates hash interface hob.
+
+  @param Identifier    Identifier to create hash interface hob.
+
+  @retval hash interface hob.
+**/
+HASH_INTERFACE_HOB *
+InternalCreateBaseHashInterfaceHob (
+  EFI_GUID      *Identifier
+  )
+{
+  HASH_INTERFACE_HOB LocalHashInterfaceHob;
+
+  ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
+  CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier);
+  return BuildGuidDataHob (&mBaseHashLibPeiRouterGuid, &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob));
+}
+
+/**
+  Init hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash start and HashHandle returned.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+  OUT  HASH_HANDLE   *HashHandle
+)
+{
+  HASH_HANDLE    *HashCtx;
+  HASH_INTERFACE_HOB *HashInterfaceHob;
+  UINTN   Index;
+  UINT32  HashMask;
+  UINT32  HashPolicy;
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+  if (HashInterfaceHob == NULL) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+    DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = AllocatePool (sizeof(*HashCtx));
+  ASSERT (HashCtx != NULL);
+
+  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+    if ((HashMask & HashPolicy) != 0) {
+      HashInterfaceHob->HashInterface[Index].HashInit (HashCtx);
+      break;
+    }
+  }
+
+  // Check for hash type supported
+  if(Index == HashInterfaceHob->HashInterfaceCount)
+    return EFI_UNSUPPORTED;
+
+  *HashHandle = (HASH_HANDLE)HashCtx;
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS          Hash updated.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+)
+{
+  HASH_INTERFACE_HOB *HashInterfaceHob;
+  HASH_HANDLE  *HashCtx;
+  UINTN        Index;
+  UINT32       HashMask;
+  UINT32       HashPolicy;
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+  if (HashInterfaceHob == NULL) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+    DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = (HASH_HANDLE *)HashHandle;
+
+  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+    if ((HashMask & HashPolicy) != 0) {
+      HashInterfaceHob->HashInterface[Index].HashUpdate (HashCtx[0], DataToHash, DataToHashLen);
+      break;
+    }
+  }
+
+    // Check for hash type supported
+  if(Index == HashInterfaceHob->HashInterfaceCount) {
+    return EFI_UNSUPPORTED;
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  OUT UINT8      *Digest
+)
+{
+  HASH_INTERFACE_HOB *HashInterfaceHob;
+  HASH_HANDLE  *HashCtx;
+  UINTN        Index;
+  UINT32       HashMask;
+  UINT32       HashPolicy;
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+  if (HashInterfaceHob == NULL) {
+    return EFI_UNSUPPORTED;
+  }
+
+  HashPolicy = PcdGet32 (PcdSystemHashPolicy);
+
+  if ((HashInterfaceHob->HashInterfaceCount == 0) || !(HashInterfaceHob->SupportedHashMask & HashPolicy)) {
+      DEBUG ((DEBUG_INFO,"Unsupported Hash Type 0x%x \n", HashPolicy));
+    return EFI_UNSUPPORTED;
+  }
+
+  HashCtx = (HASH_HANDLE *)HashHandle;
+
+  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+    HashMask = GetApiHashMaskFromAlgo (&HashInterfaceHob->HashInterface[Index].HashGuid);
+    if (HashMask & HashPolicy) {
+      HashInterfaceHob->HashInterface[Index].HashFinal (HashCtx[0], &Digest);
+      break;
+    }
+  }
+
+  // Check for hash type supported
+  if(Index == HashInterfaceHob->HashInterfaceCount){
+    return EFI_UNSUPPORTED;
+  }
+
+  return EFI_SUCCESS;
+}
+
+/**
+  This service registers Hash Interface.
+
+  @param HashInterface  Hash interface
+
+  @retval EFI_SUCCESS          This hash interface is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this interface.
+  @retval EFI_ALREADY_STARTED  System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+  IN HASH_INTERFACE_UNIFIED_API   *HashInterface
+  )
+{
+//  EFI_STATUS  Status;
+  UINTN       Index;
+  UINT32      HashMask;
+  HASH_INTERFACE_HOB *HashInterfaceHob;
+
+  //
+  // Check Allow
+  //
+  HashMask = GetApiHashMaskFromAlgo (&HashInterface->HashGuid);
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+  if (HashInterfaceHob == NULL) {
+    HashInterfaceHob = InternalCreateBaseHashInterfaceHob (&gEfiCallerIdGuid);
+    if (HashInterfaceHob == NULL) {
+      return EFI_OUT_OF_RESOURCES;
+    } else {
+        // Initialize SupportedHashMask
+        HashInterfaceHob->SupportedHashMask = 0;
+    }
+  }
+
+  if (HashInterfaceHob->HashInterfaceCount >= HASH_COUNT) {
+    return EFI_OUT_OF_RESOURCES;
+  }
+
+  //
+  // Check duplication
+  //
+  for (Index = 0; Index < HashInterfaceHob->HashInterfaceCount; Index++) {
+    if (CompareGuid (&HashInterfaceHob->HashInterface[Index].HashGuid, &HashInterface->HashGuid)) {
+      DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been already registered\n", &HashInterface->HashGuid));
+      return EFI_ALREADY_STARTED;
+    }
+  }
+
+  //
+  // Register the Hash Algo.
+  //
+  HashInterfaceHob->SupportedHashMask = HashInterfaceHob->SupportedHashMask | HashMask;
+
+  CopyMem (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], HashInterface, sizeof(*HashInterface));
+  HashInterfaceHob->HashInterfaceCount ++;
+
+  DEBUG ((DEBUG_INFO,"RegisterHashApiLib: HashInterfaceCount 0x%x  SupportedHashMask 0x%x \n",  HashInterfaceHob->HashInterfaceCount, HashInterfaceHob->SupportedHashMask));
+
+  return EFI_SUCCESS;
+}
 
 /**
   The constructor function of BaseHashLib Pei.
@@ -50,13 +360,37 @@ BaseHashLibApiPeiConstructor (
   IN CONST EFI_PEI_SERVICES     **PeiServices
   )
 {
-  EFI_STATUS    Status;
+//  EFI_STATUS    Status;
+  HASH_INTERFACE_HOB    *HashInterfaceHob;
 
-  //
-  // Set PcdHashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT module.
-  //
-  Status = PcdSet32S (PcdHashAlgorithmBitmap, 0);
-  ASSERT_EFI_ERROR (Status);
+  DEBUG ((DEBUG_INFO,"Calling BaseHashLibApiPeiConstructor.. \n"));
+
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gZeroGuid);
+  if (HashInterfaceHob == NULL) {
+    //
+    // No HOB with gZeroGuid Identifier has been created,
+    // this is FIRST module which consumes HashLib.
+    // Create the HOB with gZeroGuid Identifier.
+    //
+    HashInterfaceHob = InternalCreateBaseHashInterfaceHob (&gZeroGuid);
+    if (HashInterfaceHob == NULL) {
+      return EFI_OUT_OF_RESOURCES;
+    }
+  }
+
+  HashInterfaceHob = InternalGetBaseHashInterfaceHob (&gEfiCallerIdGuid);
+  if (HashInterfaceHob != NULL) {
+    //
+    // In PEI phase, some modules may call RegisterForShadow and will be
+    // shadowed and executed again after memory is discovered.
+    // This is the second execution of this module, clear the hash interface
+    // information registered at its first execution.
+    //
+    ZeroMem (&HashInterfaceHob->HashInterface, sizeof (HashInterfaceHob->HashInterface));
+    HashInterfaceHob->HashInterfaceCount = 0;
+    HashInterfaceHob->SupportedHashMask = 0;
+  }
 
   return EFI_SUCCESS;
 }
\ No newline at end of file
diff --git a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
index 06e88f00d70b..175499e7609c 100644
--- a/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
+++ b/SecurityPkg/Library/HashApiInstanceSha1/HashApiInstanceSha1.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/DebugLib.h>
 #include <Library/BaseCryptLib.h>
 #include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
 
 /**
   Start hash sequence.
diff --git a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
index 129d60a387fd..9222a12a3273 100644
--- a/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
+++ b/SecurityPkg/Library/HashApiInstanceSha256/HashApiInstanceSha256.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/DebugLib.h>
 #include <Library/BaseCryptLib.h>
 #include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
 
 /**
   Start hash sequence.
diff --git a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
index 0d1b8f3e877a..c23b1a567172 100644
--- a/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
+++ b/SecurityPkg/Library/HashApiInstanceSha384/HashApiInstanceSha384.c
@@ -13,7 +13,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/DebugLib.h>
 #include <Library/BaseCryptLib.h>
 #include <Library/MemoryAllocationLib.h>
-#include <Library/HashLib.h>
+#include <Library/BaseHashLib.h>
 
 /**
   Start hash sequence.
diff --git a/SecurityPkg/Include/Library/BaseHashLib.h b/SecurityPkg/Include/Library/BaseHashLib.h
new file mode 100644
index 000000000000..36dd2912d7eb
--- /dev/null
+++ b/SecurityPkg/Include/Library/BaseHashLib.h
@@ -0,0 +1,153 @@
+/** @file
+  The internal header file includes the common header files, defines
+  internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BASEHASHLIB_H_
+#define __BASEHASHLIB_H_
+
+#include <Uefi.h>
+#include <Protocol/Hash.h>
+#include <Library/HashLib.h>
+
+//
+// Hash Algorithms
+//
+#define HASH_ALG_DEFAULT    0x00000000
+#define HASH_ALG_SHA1       0x00000001
+#define HASH_ALG_SHA256     0x00000002
+#define HASH_ALG_SHA384     0x00000004
+#define HASH_ALG_SHA512     0x00000008
+#define HASH_ALG_SM3_256    0x00000010
+
+
+/**
+  Init hash sequence.
+
+  @param HashType   Type of hash algorithm.
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash start and HashHandle returned.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiInit (
+  IN   UINT32         HashType,
+  OUT  HASH_HANDLE   *HashHandle
+);
+
+/**
+  Update hash data.
+
+  @param HashHandle    Hash handle.
+  @param HashType   Type of hash algorithm.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS          Hash updated.
+  @retval EFI_UNSUPPORTED      System has no HASH library registered.
+**/
+EFI_STATUS
+EFIAPI
+HashApiUpdate (
+  IN HASH_HANDLE    HashHandle,
+  IN UINT32         HashType,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+);
+
+/**
+  Hash complete.
+
+  @param HashHandle    Hash handle.
+  @param HashType      Type of hash algorithm.
+  @param Digest        Hash Digest.
+
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+EFI_STATUS
+EFIAPI
+HashApiFinal (
+  IN  HASH_HANDLE HashHandle,
+  IN  UINT32      HashType,
+  OUT UINT8       *Digest
+);
+
+/**
+  Start hash sequence.
+
+  @param HashHandle Hash handle.
+
+  @retval EFI_SUCCESS          Hash sequence start and HandleHandle returned.
+  @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_INIT) (
+  OUT HASH_HANDLE    *HashHandle
+  );
+
+/**
+  Update hash sequence data.
+
+  @param HashHandle    Hash handle.
+  @param DataToHash    Data to be hashed.
+  @param DataToHashLen Data size.
+
+  @retval EFI_SUCCESS     Hash sequence updated.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_UPDATE) (
+  IN HASH_HANDLE    HashHandle,
+  IN VOID           *DataToHash,
+  IN UINTN          DataToHashLen
+  );
+
+/**
+  Hash complete.
+  @param HashHandle    Hash handle.
+  @param Digest        Hash Digest.
+  @retval EFI_SUCCESS     Hash complete and Digest is returned.
+**/
+typedef
+EFI_STATUS
+(EFIAPI *BASE_HASH_FINAL_EX) (
+  IN  HASH_HANDLE      HashHandle,
+  OUT UINT8            **Digest
+  );
+
+typedef struct {
+  EFI_GUID                                HashGuid;
+  BASE_HASH_INIT                          HashInit;
+  BASE_HASH_UPDATE                        HashUpdate;
+  BASE_HASH_FINAL_EX                      HashFinal;
+} HASH_INTERFACE_UNIFIED_API;
+
+/**
+  This service registers Hash Interface.
+
+  @param HashInterface  Hash interface
+
+  @retval EFI_SUCCESS          This hash interface is registered successfully.
+  @retval EFI_UNSUPPORTED      System does not support register this interface.
+  @retval EFI_ALREADY_STARTED  System already register this interface.
+**/
+EFI_STATUS
+EFIAPI
+RegisterHashApiLib (
+  IN HASH_INTERFACE_UNIFIED_API *HashInterface
+);
+
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h
index 740cb8188e51..6ad960ad70ee 100644
--- a/SecurityPkg/Include/Library/HashLib.h
+++ b/SecurityPkg/Include/Library/HashLib.h
@@ -87,53 +87,6 @@ HashAndExtend (
   OUT TPML_DIGEST_VALUES            *DigestList
   );
 
-/**
-  Init hash sequence.
-
-  @param HashHandle Hash handle.
-
-  @retval EFI_SUCCESS          Hash start and HashHandle returned.
-  @retval EFI_UNSUPPORTED      System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiInit (
-  OUT  HASH_HANDLE   *HashHandle
-);
-
-/**
-  Update hash data.
-
-  @param HashHandle    Hash handle.
-  @param DataToHash    Data to be hashed.
-  @param DataToHashLen Data size.
-
-  @retval EFI_SUCCESS          Hash updated.
-  @retval EFI_UNSUPPORTED      System has no HASH library registered.
-**/
-EFI_STATUS
-EFIAPI
-HashApiUpdate (
-  IN HASH_HANDLE    HashHandle,
-  IN VOID           *DataToHash,
-  IN UINTN          DataToHashLen
-);
-
-/**
-  Hash complete.
-
-  @param HashHandle    Hash handle.
-  @param Digest        Hash Digest.
-
-  @retval EFI_SUCCESS     Hash complete and Digest is returned.
-**/
-EFI_STATUS
-EFIAPI
-HashApiFinal (
-  IN  HASH_HANDLE HashHandle,
-  OUT UINT8       *Digest
-);
-
 /**
   Start hash sequence.
 
@@ -180,21 +133,6 @@ EFI_STATUS
   OUT TPML_DIGEST_VALUES *DigestList
   );
 
-/**
-  Hash complete.
-
-  @param HashHandle    Hash handle.
-  @param Digest        Hash Digest.
-
-  @retval EFI_SUCCESS     Hash complete and Digest is returned.
-**/
-typedef
-EFI_STATUS
-(EFIAPI *HASH_FINAL_EX) (
-  IN  HASH_HANDLE      HashHandle,
-  OUT UINT8            **Digest
-  );
-
 #define HASH_ALGORITHM_SHA1_GUID    EFI_HASH_ALGORITHM_SHA1_GUID
 #define HASH_ALGORITHM_SHA256_GUID  EFI_HASH_ALGORITHM_SHA256_GUID
 #define HASH_ALGORITHM_SHA384_GUID  EFI_HASH_ALGORITHM_SHA384_GUID
@@ -211,13 +149,6 @@ typedef struct {
   HASH_FINAL                         HashFinal;
 } HASH_INTERFACE;
 
-typedef struct {
-  EFI_GUID                           HashGuid;
-  HASH_INIT                          HashInit;
-  HASH_UPDATE                        HashUpdate;
-  HASH_FINAL_EX                      HashFinal;
-} HASH_INTERFACE_UNIFIED_API;
-
 /**
   This service register Hash.
 
@@ -233,18 +164,4 @@ RegisterHashInterfaceLib (
   IN HASH_INTERFACE   *HashInterface
   );
 
-/**
-  This service registers Hash Interface.
-
-  @param HashInterface  Hash interface
-
-  @retval EFI_SUCCESS          This hash interface is registered successfully.
-  @retval EFI_UNSUPPORTED      System does not support register this interface.
-  @retval EFI_ALREADY_STARTED  System already register this interface.
-**/
-EFI_STATUS
-EFIAPI
-RegisterHashApiLib (
-  IN HASH_INTERFACE_UNIFIED_API *HashInterface
-);
 #endif
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h b/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
deleted file mode 100644
index 70676c1716c3..000000000000
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLib.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/** @file
-  The internal header file includes the common header files, defines
-  internal structure and functions used by ImageVerificationLib.
-
-Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution.  The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
-
-**/
-
-#ifndef __BASEHASHLIB_H_
-#define __BASEHASHLIB_H_
-
-#define HASH_ALGO_COUNT 7
-
-//
-// Hash Algorithms
-//
-#define HASH_ALG_SHA1    0x00000001
-#define HASH_ALG_SHA256  0x00000002
-#define HASH_ALG_SHA384  0x00000004
-#define HASH_ALG_SHA512  0x00000008
-#define HASH_ALG_SM3_256 0x00000010
-#if 0
-typedef 
-UINTN
-(EFIAPI *GET_HASH_CTX_SIZE) (
-  VOID
-  );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_INIT) (
-  OUT  VOID  *ShaContext
-  );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_DUPLICATE) (
-  IN   CONST VOID  *ShaContext,
-  OUT  VOID        *NewShaContext
-  );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_UPDATE) (
-  IN OUT  VOID        *ShaContext,
-  IN      CONST VOID  *Data,
-  IN      UINTN       DataSize
-  );
-
-typedef
-BOOLEAN
-(EFIAPI *_HASH_FINAL) (
-  IN OUT  VOID   *ShaContext,
-  OUT     UINT8  *HashValue
-  );
-
-HASH_ALGO_IDX
-GetHashAlgoIndex (
-  VOID
-);
-
-typedef struct {
-  HASH_ALGO_IDX     HashAlgo;
-  GET_HASH_CTX_SIZE  GetHashCtxSize;
-  _HASH_INIT          HashInit;
-  _HASH_DUPLICATE     HashDuplicate;
-  _HASH_UPDATE        HashUpdate;
-  _HASH_FINAL         HashFinal;
-} HASH_OPERATIONS;
-
-
-EFI_STATUS
-EFIAPI
-RegisterHashLib (
-  IN HASH_OPERATIONS   *HashInterface
-);
-#endif
-#endif
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
new file mode 100644
index 000000000000..dc4839d16600
--- /dev/null
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
@@ -0,0 +1,35 @@
+/** @file
+  The internal header file includes the common header files, defines
+  internal structure and functions used by ImageVerificationLib.
+
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#ifndef __BASEHASHLIB_COMMON_H_
+#define __BASEHASHLIB_COMMON_H_
+
+#define HASH_ALGO_COUNT 5
+
+
+typedef struct {
+  EFI_GUID  Guid;
+  UINT32    Mask;
+} HASH_MASK;
+
+HASH_MASK mHashMask[] = {
+  {HASH_ALGORITHM_SHA1_GUID,         HASH_ALG_SHA1},
+  {HASH_ALGORITHM_SHA256_GUID,       HASH_ALG_SHA256},
+  {HASH_ALGORITHM_SHA384_GUID,       HASH_ALG_SHA384},
+  {HASH_ALGORITHM_SHA512_GUID,       HASH_ALG_SHA512},
+  {HASH_ALGORITHM_SM3_256_GUID,      HASH_ALG_SM3_256},
+};
+
+#endif
\ No newline at end of file
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
index f5dcbedb2cd9..a8d6c0f37570 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
@@ -43,7 +43,5 @@ [LibraryClasses]
   PcdLib
 
 [Pcd]
-  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask             ## CONSUMES
-  gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap    ## CONSUMES
   gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
 
diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
index 07e95a5a9c0f..872989f2352d 100644
--- a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
+++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
@@ -44,7 +44,5 @@ [LibraryClasses]
   PcdLib
 
 [Pcd]
-  gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask             ## CONSUMES
-  gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap    ## CONSUMES
-  gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
+ gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
 
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index b03677a5411c..2f31b0192fdb 100644
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -515,14 +515,5 @@ [PcdsDynamic, PcdsDynamicEx]
   # @ValidRange 0x80000001 | 0x00000000 - 0x00000005
   gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy|0x02|UINT32|0x00010024
 
-  ## This PCD indicated final BIOS supported Hash mask for Base Hash API.
-  #    Bios may choose to register a subset of PcdTpm2HashMask.
-  #    This PCD is final value of how many hash algo are registered with
-  #    Base Hash API.
-  # This PCD will start with value 0 by the Base Hash API constructor and
-  # the value will be updated as Hash Algo are registered.
-  # @Prompt Hash Algorithm bitmap for Base Hash API.
-  gEfiSecurityPkgTokenSpaceGuid.PcdHashAlgorithmBitmap|0xFFFFFFFF|UINT32|0x00010025
-
 [UserExtensions.TianoCore."ExtraFiles"]
   SecurityPkgExtra.uni
diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni
index 2dc77279210c..c9d12535b5f4 100644
--- a/SecurityPkg/SecurityPkg.uni
+++ b/SecurityPkg/SecurityPkg.uni
@@ -309,12 +309,3 @@
                                                                                         "0x00000003  -  SHA384.<BR>\n"
                                                                                         "0x00000004  -  SHA512.<BR>\n"
                                                                                         "0x00000005  -  SM3.<BR>"
-
-#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_PROMPT  #language en-US "Hash Algorithm bitmap for Base Hash API."
-
-#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdHashAlgorithmBitmap_HELP  #language en-US "This PCD indicated final BIOS supported Hash mask for Base Hash API.\n"
-                                                                                        "Bios may choose to register a subset of PcdTpm2HashMask.<BR>\n"
-                                                                                        "This PCD is final value of how many hash algo are registered with\n"
-                                                                                        "Base Hash API.<BR>\n"
-                                                                                        "This PCD will start with value 0 by the Base Hash API constructor and\n"
-                                                                                        "the value will be updated as Hash Algo are registered.<BR>\n"
-- 
2.16.2.windows.1


  parent reply	other threads:[~2019-12-18 21:50 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-18 21:50 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 1/6] SecurityPkg/BaseHashLib: Implement a unified " Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 2/6] SecurityPkg/HashApiInstanceSha1: Implement API registration mechanism for SHA1 Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 3/6] SecurityPkg/HashApiInstanceSha256: Implement API registration mechanism for SHA256 Sukerkar, Amol N
2019-12-18 21:50 ` [PATCH v1 4/6] SecurityPkg/HashApiInstanceSha384: Implement API registration mechanism for SHA384 Sukerkar, Amol N
2019-12-18 21:50 ` Sukerkar, Amol N [this message]
2019-12-18 21:50 ` [PATCH v1 6/6] SecurityPkg/HashApiInstanceSM3: Implement API registration mechanism for SM3 Sukerkar, Amol N
  -- strict thread matches above, loose matches on Subject: below --
2019-12-18 21:32 [PATCH v1 0/6] SecurityPkg/BaseHashLib: Implement a Unified API for Hash Calculation Sukerkar, Amol N
2019-12-18 21:32 ` [PATCH v1 5/6] SecurityPkg/BaseHashLib: Modified the Registation Mechanism for BaseHashLib Sukerkar, Amol N

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191218215037.1630-6-amol.n.sukerkar@intel.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox