* [PATCH v1 0/1] Sync the PcdTpm2HashMask to the active PCR banks
@ 2022-07-01 17:42 snehal.kangralkar
2022-07-01 17:42 ` [PATCH v1 1/1] SecurityPkg : Sync PcdTpm2HashMask to the active PCR banks in the TPM Snehal Kangralkar
0 siblings, 1 reply; 2+ messages in thread
From: snehal.kangralkar @ 2022-07-01 17:42 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Qi Zhang
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3923
According to definition of PcdTpm2HashMask, the mask reflects the PCR
banks which need to be extended.
In the Tcg2Pei SyncPcrAllocationsAndPcrMask function, we are setting
PcdTpm2HashMask to match the active PCR banks, but this will only occur
if the mask was originally set to 0.
Always syncing the PcdTpm2HashMask to the active PCR banks in the TPM.
Only then we do see the computed hashes are limited to those PCRs
which are active.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Snehal Kangralkar <snehal.kangralkar@intel.com>
Snehal Kangralkar (1):
SecurityPkg : Sync PcdTpm2HashMask to the active PCR banks in the TPM
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
--
2.36.1.windows.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* [PATCH v1 1/1] SecurityPkg : Sync PcdTpm2HashMask to the active PCR banks in the TPM
2022-07-01 17:42 [PATCH v1 0/1] Sync the PcdTpm2HashMask to the active PCR banks snehal.kangralkar
@ 2022-07-01 17:42 ` Snehal Kangralkar
0 siblings, 0 replies; 2+ messages in thread
From: Snehal Kangralkar @ 2022-07-01 17:42 UTC (permalink / raw)
To: devel; +Cc: Jiewen Yao, Qi Zhang
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3923
According to definition of PcdTpm2HashMask, the mask reflects the PCR
banks which need to be extended.
In the Tcg2Pei SyncPcrAllocationsAndPcrMask function, we are setting
PcdTpm2HashMask to match the active PCR banks, but this will only occur
if the mask was originally set to 0.
Always syncing the PcdTpm2HashMask to the active PCR banks in the TPM.
Only then we do see the computed hashes are limited to those PCRs
which are active.
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Qi Zhang <qi1.zhang@intel.com>
Signed-off-by: Snehal Kangralkar <snehal.kangralkar@intel.com>
---
SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
index 26bb5282a58b..a77d8c0a083c 100644
--- a/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
+++ b/SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.c
@@ -279,15 +279,10 @@ SyncPcrAllocationsAndPcrMask (
DEBUG ((DEBUG_INFO, "Tpm2GetCapabilitySupportedAndActivePcrs - TpmActivePcrBanks 0x%08x\n", TpmActivePcrBanks));
Tpm2PcrMask = PcdGet32 (PcdTpm2HashMask);
- if (Tpm2PcrMask == 0) {
- //
- // If PcdTpm2HashMask is zero, use ActivePcr setting.
- // Only when PcdTpm2HashMask is initialized to 0, will it be updated to current Active Pcrs.
- //
- PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
- Tpm2PcrMask = TpmActivePcrBanks;
- }
+ // Sync the PcdTpm2HashMask to the active PCR banks.
+ PcdSet32S (PcdTpm2HashMask, TpmActivePcrBanks);
+ Tpm2PcrMask = TpmActivePcrBanks;
DEBUG ((DEBUG_INFO, "Tpm2PcrMask 0x%08x\n", Tpm2PcrMask));
//
--
2.36.1.windows.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-07-01 17:43 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-01 17:42 [PATCH v1 0/1] Sync the PcdTpm2HashMask to the active PCR banks snehal.kangralkar
2022-07-01 17:42 ` [PATCH v1 1/1] SecurityPkg : Sync PcdTpm2HashMask to the active PCR banks in the TPM Snehal Kangralkar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox