From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io
Cc: Chasel Chiu <chasel.chiu@intel.com>,
Nate DeSimone <nathaniel.l.desimone@intel.com>,
Liming Gao <gaoliming@byosoft.com.cn>,
Eric Dong <eric.dong@intel.com>
Subject: [edk2-platforms][PATCH v2 3/4] MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib
Date: Mon, 7 Jun 2021 12:05:05 -0400 [thread overview]
Message-ID: <20210607160506.2411-4-mikuback@linux.microsoft.com> (raw)
In-Reply-To: <20210607160506.2411-1-mikuback@linux.microsoft.com>
From: Michael Kubacki <michael.kubacki@microsoft.com>
Eliminates code duplication in the module with
TpmPlatformHierarchyLib. Pre-existing behavior of randomzing the
TPM platform auth is retained by calling the implementation of
ConfigureTpmPlatformHierarchy() in TpmPlatformHierarchyLib.
Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Eric Dong <eric.dong@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
---
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c | 130 +-------------------
Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc | 1 +
Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf | 2 +
3 files changed, 8 insertions(+), 125 deletions(-)
diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
index 3a2d7d31e983..66ec75ad0e0f 100644
--- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c
@@ -1,6 +1,7 @@
/** @file
Copyright (c) 2017, Intel Corporation. All rights reserved.<BR>
+Copyright (c) Microsoft Corporation.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -13,134 +14,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/HobLib.h>
#include <Library/Tpm2CommandLib.h>
#include <Library/Tpm2DeviceLib.h>
+#include <Library/TpmPlatformHierarchyLib.h>
#include <Library/RngLib.h>
#include <Ppi/EndOfPeiPhase.h>
#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE
-/**
- Generate high-quality entropy source through RDRAND.
-
- @param[in] Length Size of the buffer, in bytes, to fill with.
- @param[out] Entropy Pointer to the buffer to store the entropy data.
-
- @retval EFI_SUCCESS Entropy generation succeeded.
- @retval EFI_NOT_READY Failed to request random data.
-
-**/
-EFI_STATUS
-EFIAPI
-RdRandGenerateEntropy (
- IN UINTN Length,
- OUT UINT8 *Entropy
- )
-{
- EFI_STATUS Status;
- UINTN BlockCount;
- UINT64 Seed[2];
- UINT8 *Ptr;
-
- Status = EFI_NOT_READY;
- BlockCount = Length / 64;
- Ptr = (UINT8 *)Entropy;
-
- //
- // Generate high-quality seed for DRBG Entropy
- //
- while (BlockCount > 0) {
- Status = GetRandomNumber128(Seed);
- if (EFI_ERROR(Status)) {
- return Status;
- }
- CopyMem(Ptr, Seed, 64);
-
- BlockCount--;
- Ptr = Ptr + 64;
- }
-
- //
- // Populate the remained data as request.
- //
- Status = GetRandomNumber128(Seed);
- if (EFI_ERROR(Status)) {
- return Status;
- }
- CopyMem(Ptr, Seed, (Length % 64));
-
- return Status;
-}
-
-/**
- Set PlatformAuth to random value.
-**/
-VOID
-RandomizePlatformAuth (
- VOID
- )
-{
- EFI_STATUS Status;
- UINT16 AuthSize;
- TPML_PCR_SELECTION Pcrs;
- UINT32 Index;
- UINT8 *Rand;
- UINTN RandSize;
- TPM2B_AUTH NewPlatformAuth;
-
- //
- // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
- //
- ZeroMem(&Pcrs, sizeof(TPML_PCR_SELECTION));
- AuthSize = MAX_NEW_AUTHORIZATION_SIZE;
-
- Status = Tpm2GetCapabilityPcrs(&Pcrs);
- if (EFI_ERROR(Status)) {
- DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
- } else {
- for (Index = 0; Index < Pcrs.count; Index++) {
- switch (Pcrs.pcrSelections[Index].hash) {
- case TPM_ALG_SHA1:
- AuthSize = SHA1_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA256:
- AuthSize = SHA256_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA384:
- AuthSize = SHA384_DIGEST_SIZE;
- break;
- case TPM_ALG_SHA512:
- AuthSize = SHA512_DIGEST_SIZE;
- break;
- case TPM_ALG_SM3_256:
- AuthSize = SM3_256_DIGEST_SIZE;
- break;
- }
- }
- }
-
- ZeroMem(NewPlatformAuth.buffer, AuthSize);
- NewPlatformAuth.size = AuthSize;
-
- //
- // Allocate one buffer to store random data.
- //
- RandSize = MAX_NEW_AUTHORIZATION_SIZE;
- Rand = AllocatePool(RandSize);
-
- RdRandGenerateEntropy(RandSize, Rand);
- CopyMem(NewPlatformAuth.buffer, Rand, AuthSize);
-
- FreePool(Rand);
-
- //
- // Send Tpm2HierarchyChangeAuth command with the new Auth value
- //
- Status = Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL, &NewPlatformAuth);
- DEBUG((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status));
- ZeroMem(NewPlatformAuth.buffer, AuthSize);
- ZeroMem(Rand, RandSize);
-}
-
/**
This function handles PlatformInit task at the end of PEI
@@ -179,9 +59,9 @@ PlatformInitEndOfPei (
//
// If there is S3 error on TPM_SU_STATE and success on TPM_SU_CLEAR,
- // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAuth being null
+ // configure the TPM Platform Hierarchy.
//
- RandomizePlatformAuth();
+ ConfigureTpmPlatformHierarchy ();
return EFI_SUCCESS;
}
@@ -198,7 +78,7 @@ static EFI_PEI_NOTIFY_DESCRIPTOR mEndOfPeiNotifyList = {
@param[in] FileHandle Handle of the file being invoked.
@param[in] PeiServices Pointer to PEI Services table.
- @retval EFI_SUCCESS Install function successfully.
+ @retval EFI_SUCCESS Install function successfully.
**/
EFI_STATUS
diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
index 0240a803f868..0665a18cdcbe 100644
--- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
+++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
@@ -98,6 +98,7 @@ [LibraryClasses.common.PEIM]
TestPointCheckLib|MinPlatformPkg/Test/Library/TestPointCheckLib/PeiTestPointCheckLib.inf
TestPointLib|MinPlatformPkg/Test/Library/TestPointLib/PeiTestPointLib.inf
SetCacheMtrrLib|MinPlatformPkg/Library/SetCacheMtrrLib/SetCacheMtrrLibNull.inf
+ TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf
[LibraryClasses.common.DXE_DRIVER]
#
diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
index 1aabfe7ba88d..579f09b940e7 100644
--- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
+++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf
@@ -29,11 +29,13 @@ [LibraryClasses]
DebugLib
Tpm2DeviceLib
Tpm2CommandLib
+ TpmPlatformHierarchyLib
RngLib
[Packages]
MdePkg/MdePkg.dec
SecurityPkg/SecurityPkg.dec
+ MinPlatformPkg/MinPlatformPkg.dec
[Sources]
Tcg2PlatformPei.c
--
2.28.0.windows.1
next prev parent reply other threads:[~2021-06-07 16:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-07 16:05 [edk2-platforms][PATCH v2 0/4] MinPlatformPkg: Add TPM platform hier disable support Michael Kubacki
2021-06-07 16:05 ` [edk2-platforms][PATCH v2 1/4] MinPlatformPkg: Add TpmPlatformHierarchyLib to Components in DSC Michael Kubacki
2021-06-07 16:05 ` [edk2-platforms][PATCH v2 2/4] MinPlatformPkg/TpmPlatformHierarchyLib: Add PEI support Michael Kubacki
2021-06-07 16:05 ` Michael Kubacki [this message]
2021-06-07 16:05 ` [edk2-platforms][PATCH v2 4/4] MinPlatformPkg/TpmPlatformHierarchyLib: Add disable support Michael Kubacki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210607160506.2411-4-mikuback@linux.microsoft.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox