From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web09.443.1623081933482873446 for ; Mon, 07 Jun 2021 09:05:33 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=oVMtZnMT; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from localhost.localdomain (unknown [167.220.2.74]) by linux.microsoft.com (Postfix) with ESMTPSA id 2D85720B83EC; Mon, 7 Jun 2021 09:05:33 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 2D85720B83EC DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1623081933; bh=lrawoxvVp0bTo3FrDY7n5b+42LCWHU2Jr/iRhGy9oDc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oVMtZnMTFABMgp+FcjqddiJfQC4dBuUTgEfXqqM8kj/LuuCtHUunMy1SMTc7Vi4SO 17jhVF40B7pJo59OvKD6obT4Rurzbudbmp8LVrxym74j4EGLD8dGLGr23tsENouh4X DGyll+2kzK/0BskJILbzSGuNvU24tz37+52aicqo= From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Chasel Chiu , Nate DeSimone , Liming Gao , Eric Dong Subject: [edk2-platforms][PATCH v2 3/4] MinPlatformPkg/Tcg2PlatformPei: Use TpmPlatformHierarchyLib Date: Mon, 7 Jun 2021 12:05:05 -0400 Message-Id: <20210607160506.2411-4-mikuback@linux.microsoft.com> X-Mailer: git-send-email 2.28.0.windows.1 In-Reply-To: <20210607160506.2411-1-mikuback@linux.microsoft.com> References: <20210607160506.2411-1-mikuback@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Michael Kubacki Eliminates code duplication in the module with TpmPlatformHierarchyLib. Pre-existing behavior of randomzing the TPM platform auth is retained by calling the implementation of ConfigureTpmPlatformHierarchy() in TpmPlatformHierarchyLib. Cc: Chasel Chiu Cc: Nate DeSimone Cc: Liming Gao Cc: Eric Dong Signed-off-by: Michael Kubacki --- Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c | = 130 +------------------- Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc | = 1 + Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf | = 2 + 3 files changed, 8 insertions(+), 125 deletions(-) diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2Platfo= rmPei.c b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformP= ei.c index 3a2d7d31e983..66ec75ad0e0f 100644 --- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c +++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.c @@ -1,6 +1,7 @@ /** @file =20 Copyright (c) 2017, Intel Corporation. All rights reserved.
+Copyright (c) Microsoft Corporation.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -13,134 +14,13 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +#include #include =20 #include =20 #define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE =20 -/** - Generate high-quality entropy source through RDRAND. - - @param[in] Length Size of the buffer, in bytes, to fill with. - @param[out] Entropy Pointer to the buffer to store the entropy = data. - - @retval EFI_SUCCESS Entropy generation succeeded. - @retval EFI_NOT_READY Failed to request random data. - -**/ -EFI_STATUS -EFIAPI -RdRandGenerateEntropy ( - IN UINTN Length, - OUT UINT8 *Entropy - ) -{ - EFI_STATUS Status; - UINTN BlockCount; - UINT64 Seed[2]; - UINT8 *Ptr; - - Status =3D EFI_NOT_READY; - BlockCount =3D Length / 64; - Ptr =3D (UINT8 *)Entropy; - - // - // Generate high-quality seed for DRBG Entropy - // - while (BlockCount > 0) { - Status =3D GetRandomNumber128(Seed); - if (EFI_ERROR(Status)) { - return Status; - } - CopyMem(Ptr, Seed, 64); - - BlockCount--; - Ptr =3D Ptr + 64; - } - - // - // Populate the remained data as request. - // - Status =3D GetRandomNumber128(Seed); - if (EFI_ERROR(Status)) { - return Status; - } - CopyMem(Ptr, Seed, (Length % 64)); - - return Status; -} - -/** - Set PlatformAuth to random value. -**/ -VOID -RandomizePlatformAuth ( - VOID - ) -{ - EFI_STATUS Status; - UINT16 AuthSize; - TPML_PCR_SELECTION Pcrs; - UINT32 Index; - UINT8 *Rand; - UINTN RandSize; - TPM2B_AUTH NewPlatformAuth; - - // - // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAu= th being null - // - ZeroMem(&Pcrs, sizeof(TPML_PCR_SELECTION)); - AuthSize =3D MAX_NEW_AUTHORIZATION_SIZE; - - Status =3D Tpm2GetCapabilityPcrs(&Pcrs); - if (EFI_ERROR(Status)) { - DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n")); - } else { - for (Index =3D 0; Index < Pcrs.count; Index++) { - switch (Pcrs.pcrSelections[Index].hash) { - case TPM_ALG_SHA1: - AuthSize =3D SHA1_DIGEST_SIZE; - break; - case TPM_ALG_SHA256: - AuthSize =3D SHA256_DIGEST_SIZE; - break; - case TPM_ALG_SHA384: - AuthSize =3D SHA384_DIGEST_SIZE; - break; - case TPM_ALG_SHA512: - AuthSize =3D SHA512_DIGEST_SIZE; - break; - case TPM_ALG_SM3_256: - AuthSize =3D SM3_256_DIGEST_SIZE; - break; - } - } - } - - ZeroMem(NewPlatformAuth.buffer, AuthSize); - NewPlatformAuth.size =3D AuthSize; - - // - // Allocate one buffer to store random data. - // - RandSize =3D MAX_NEW_AUTHORIZATION_SIZE; - Rand =3D AllocatePool(RandSize); - - RdRandGenerateEntropy(RandSize, Rand); - CopyMem(NewPlatformAuth.buffer, Rand, AuthSize); - - FreePool(Rand); - - // - // Send Tpm2HierarchyChangeAuth command with the new Auth value - // - Status =3D Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL, &NewPlatform= Auth); - DEBUG((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); - ZeroMem(NewPlatformAuth.buffer, AuthSize); - ZeroMem(Rand, RandSize); -} - /** This function handles PlatformInit task at the end of PEI =20 @@ -179,9 +59,9 @@ PlatformInitEndOfPei ( =20 // // If there is S3 error on TPM_SU_STATE and success on TPM_SU_CLEAR, - // Send Tpm2HierarchyChange Auth with random value to avoid PlatformAu= th being null + // configure the TPM Platform Hierarchy. // - RandomizePlatformAuth(); + ConfigureTpmPlatformHierarchy (); =20 return EFI_SUCCESS; } @@ -198,7 +78,7 @@ static EFI_PEI_NOTIFY_DESCRIPTOR mEndOfPeiNotifyList = =3D { @param[in] FileHandle Handle of the file being invoked. @param[in] PeiServices Pointer to PEI Services table. =20 - @retval EFI_SUCCESS Install function successfully.=20 + @retval EFI_SUCCESS Install function successfully. =20 **/ EFI_STATUS diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc b/Platform/= Intel/MinPlatformPkg/MinPlatformPkg.dsc index 0240a803f868..0665a18cdcbe 100644 --- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc +++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc @@ -98,6 +98,7 @@ [LibraryClasses.common.PEIM] TestPointCheckLib|MinPlatformPkg/Test/Library/TestPointCheckLib/PeiTes= tPointCheckLib.inf TestPointLib|MinPlatformPkg/Test/Library/TestPointLib/PeiTestPointLib.= inf SetCacheMtrrLib|MinPlatformPkg/Library/SetCacheMtrrLib/SetCacheMtrrLib= Null.inf + TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/PeiDxeTpmPlatformHi= erarchyLib/PeiDxeTpmPlatformHierarchyLib.inf =20 [LibraryClasses.common.DXE_DRIVER] # diff --git a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2Platfo= rmPei.inf b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2Platfor= mPei.inf index 1aabfe7ba88d..579f09b940e7 100644 --- a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.i= nf +++ b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.i= nf @@ -29,11 +29,13 @@ [LibraryClasses] DebugLib Tpm2DeviceLib Tpm2CommandLib + TpmPlatformHierarchyLib RngLib =20 [Packages] MdePkg/MdePkg.dec SecurityPkg/SecurityPkg.dec + MinPlatformPkg/MinPlatformPkg.dec =20 [Sources] Tcg2PlatformPei.c --=20 2.28.0.windows.1