public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
* [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI
       [not found] <cover.1710775554.git.wei6.xu@intel.com>
@ 2024-03-18 15:41 ` Xu, Wei6
  2024-03-29  3:33   ` rahul.r.kumar
       [not found] ` <17BDE62823C9261A.11133@groups.io>
  1 sibling, 1 reply; 4+ messages in thread
From: Xu, Wei6 @ 2024-03-18 15:41 UTC (permalink / raw)
  To: devel; +Cc: Wei6 Xu, Rahul Kumar, Jiewen Yao

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731

TCG2 configuration UI shows all the hash algorithms that TPM hardware
supports in the checkbox. If user only selects one algorithm that is
supported by TPM hardware but not supported by BIOS and uncheck the
others, the SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able
to decide a viable PCR to activate, then an assert occurs.

Add check against PcdTcg2HashAlgorithmBitmap when deciding whether
to suppress the hash algorithm checkbox to avoid user to select the
hash algorithm which may cause an assert.

Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
---
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 61 ++++++++++++++-------
 1 file changed, 41 insertions(+), 20 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
index 6eb04c014448..39b639039525 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
@@ -722,33 +722,50 @@ FillBufferWithBootHashAlg (
 }
 
 /**
-  Set ConfigInfo according to TpmAlgHash.
+  Set ConfigInfo according to TpmAlgHash and BiosHashAlgBitmap.
 
   @param[in,out] Tcg2ConfigInfo       TCG2 config info.
   @param[in]     TpmAlgHash           TpmAlgHash.
+  @param[in]     BiosHashAlgBitmap    Bios Hash Algorithm Bitmap.
 
 **/
 VOID
 SetConfigInfo (
   IN OUT TCG2_CONFIGURATION_INFO  *Tcg2ConfigInfo,
-  IN UINT32                       TpmAlgHash
+  IN UINT32                       TpmAlgHash,
+  IN UINT32                       BiosHashAlgBitmap
   )
 {
   switch (TpmAlgHash) {
     case TPM_ALG_SHA1:
-      Tcg2ConfigInfo->Sha1Supported = TRUE;
+      if ((BiosHashAlgBitmap & HASH_ALG_SHA1) != 0) {
+        Tcg2ConfigInfo->Sha1Supported = TRUE;
+      }
+
       break;
     case TPM_ALG_SHA256:
-      Tcg2ConfigInfo->Sha256Supported = TRUE;
+      if ((BiosHashAlgBitmap & HASH_ALG_SHA256) != 0) {
+        Tcg2ConfigInfo->Sha256Supported = TRUE;
+      }
+
       break;
     case TPM_ALG_SHA384:
-      Tcg2ConfigInfo->Sha384Supported = TRUE;
+      if ((BiosHashAlgBitmap & HASH_ALG_SHA384) != 0) {
+        Tcg2ConfigInfo->Sha384Supported = TRUE;
+      }
+
       break;
     case TPM_ALG_SHA512:
-      Tcg2ConfigInfo->Sha512Supported = TRUE;
+      if ((BiosHashAlgBitmap & HASH_ALG_SHA512) != 0) {
+        Tcg2ConfigInfo->Sha512Supported = TRUE;
+      }
+
       break;
     case TPM_ALG_SM3_256:
-      Tcg2ConfigInfo->Sm3Supported = TRUE;
+      if ((BiosHashAlgBitmap & HASH_ALG_SM3_256) != 0) {
+        Tcg2ConfigInfo->Sm3Supported = TRUE;
+      }
+
       break;
   }
 }
@@ -809,16 +826,17 @@ InstallTcg2ConfigForm (
   IN OUT TCG2_CONFIG_PRIVATE_DATA  *PrivateData
   )
 {
-  EFI_STATUS                      Status;
-  EFI_HII_HANDLE                  HiiHandle;
-  EFI_HANDLE                      DriverHandle;
-  EFI_HII_CONFIG_ACCESS_PROTOCOL  *ConfigAccess;
-  UINTN                           Index;
-  TPML_PCR_SELECTION              Pcrs;
-  CHAR16                          TempBuffer[1024];
-  TCG2_CONFIGURATION_INFO         Tcg2ConfigInfo;
-  TPM2_PTP_INTERFACE_TYPE         TpmDeviceInterfaceDetected;
-  BOOLEAN                         IsCmdImp = FALSE;
+  EFI_STATUS                       Status;
+  EFI_HII_HANDLE                   HiiHandle;
+  EFI_HANDLE                       DriverHandle;
+  EFI_HII_CONFIG_ACCESS_PROTOCOL   *ConfigAccess;
+  UINTN                            Index;
+  TPML_PCR_SELECTION               Pcrs;
+  CHAR16                           TempBuffer[1024];
+  TCG2_CONFIGURATION_INFO          Tcg2ConfigInfo;
+  TPM2_PTP_INTERFACE_TYPE          TpmDeviceInterfaceDetected;
+  BOOLEAN                          IsCmdImp;
+  EFI_TCG2_EVENT_ALGORITHM_BITMAP  BiosHashAlgorithmBitmap;
 
   DriverHandle = NULL;
   ConfigAccess = &PrivateData->ConfigAccess;
@@ -879,6 +897,8 @@ InstallTcg2ConfigForm (
       break;
   }
 
+  BiosHashAlgorithmBitmap = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
+
   ZeroMem (&Tcg2ConfigInfo, sizeof (Tcg2ConfigInfo));
   Status = Tpm2GetCapabilityPcrs (&Pcrs);
   if (EFI_ERROR (Status)) {
@@ -897,20 +917,21 @@ InstallTcg2ConfigForm (
     TempBuffer[0] = 0;
     for (Index = 0; Index < Pcrs.count; Index++) {
       AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), Pcrs.pcrSelections[Index].hash);
-      SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash);
+      SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash, BiosHashAlgorithmBitmap);
     }
 
     HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL);
   }
 
-  Status = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, &IsCmdImp);
+  IsCmdImp = FALSE;
+  Status   = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, &IsCmdImp);
   if (EFI_ERROR (Status)) {
     DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status));
   }
 
   Tcg2ConfigInfo.ChangeEPSSupported = IsCmdImp;
 
-  FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32 (PcdTcg2HashAlgorithmBitmap));
+  FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), BiosHashAlgorithmBitmap);
   HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_BIOS_HASH_ALGO_CONTENT), TempBuffer, NULL);
 
   //
-- 
2.29.2.windows.2



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#116844): https://edk2.groups.io/g/devel/message/116844
Mute This Topic: https://groups.io/mt/105005532/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI
  2024-03-18 15:41 ` [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI Xu, Wei6
@ 2024-03-29  3:33   ` rahul.r.kumar
  0 siblings, 0 replies; 4+ messages in thread
From: rahul.r.kumar @ 2024-03-29  3:33 UTC (permalink / raw)
  To: Xu, Wei6, devel

[-- Attachment #1: Type: text/plain, Size: 419 bytes --]

Reviewed-by: Rahul Kumar < rahul1.kumar@intel.com >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117227): https://edk2.groups.io/g/devel/message/117227
Mute This Topic: https://groups.io/mt/105005532/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



[-- Attachment #2: Type: text/html, Size: 913 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI
       [not found] ` <17BDE62823C9261A.11133@groups.io>
@ 2024-03-29  3:36   ` Kumar, Rahul R
  2024-04-10  1:29     ` Xu, Wei6
  0 siblings, 1 reply; 4+ messages in thread
From: Kumar, Rahul R @ 2024-03-29  3:36 UTC (permalink / raw)
  To: devel@edk2.groups.io, Xu, Wei6; +Cc: Yao, Jiewen

Looks good. 
Reviewed-by: Rahul Kumar <rahul1.kumar@intel.com>

-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Xu, Wei6
Sent: Monday, March 18, 2024 8:41 AM
To: devel@edk2.groups.io
Cc: Xu, Wei6 <wei6.xu@intel.com>; Kumar, Rahul R <rahul.r.kumar@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
Subject: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731

TCG2 configuration UI shows all the hash algorithms that TPM hardware supports in the checkbox. If user only selects one algorithm that is supported by TPM hardware but not supported by BIOS and uncheck the others, the SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able to decide a viable PCR to activate, then an assert occurs.

Add check against PcdTcg2HashAlgorithmBitmap when deciding whether to suppress the hash algorithm checkbox to avoid user to select the hash algorithm which may cause an assert.

Cc: Rahul Kumar <rahul1.kumar@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
---
 SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 61 ++++++++++++++-------
 1 file changed, 41 insertions(+), 20 deletions(-)

diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
index 6eb04c014448..39b639039525 100644
--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
@@ -722,33 +722,50 @@ FillBufferWithBootHashAlg (  }
 
 /**
-  Set ConfigInfo according to TpmAlgHash.
+  Set ConfigInfo according to TpmAlgHash and BiosHashAlgBitmap.
 
   @param[in,out] Tcg2ConfigInfo       TCG2 config info.
   @param[in]     TpmAlgHash           TpmAlgHash.
+  @param[in]     BiosHashAlgBitmap    Bios Hash Algorithm Bitmap.
 
 **/
 VOID
 SetConfigInfo (
   IN OUT TCG2_CONFIGURATION_INFO  *Tcg2ConfigInfo,
-  IN UINT32                       TpmAlgHash
+  IN UINT32                       TpmAlgHash,
+  IN UINT32                       BiosHashAlgBitmap
   )
 {
   switch (TpmAlgHash) {
     case TPM_ALG_SHA1:
-      Tcg2ConfigInfo->Sha1Supported = TRUE;
+      if ((BiosHashAlgBitmap & HASH_ALG_SHA1) != 0) {
+        Tcg2ConfigInfo->Sha1Supported = TRUE;
+      }
+
       break;
     case TPM_ALG_SHA256:
-      Tcg2ConfigInfo->Sha256Supported = TRUE;
+      if ((BiosHashAlgBitmap & HASH_ALG_SHA256) != 0) {
+        Tcg2ConfigInfo->Sha256Supported = TRUE;
+      }
+
       break;
     case TPM_ALG_SHA384:
-      Tcg2ConfigInfo->Sha384Supported = TRUE;
+      if ((BiosHashAlgBitmap & HASH_ALG_SHA384) != 0) {
+        Tcg2ConfigInfo->Sha384Supported = TRUE;
+      }
+
       break;
     case TPM_ALG_SHA512:
-      Tcg2ConfigInfo->Sha512Supported = TRUE;
+      if ((BiosHashAlgBitmap & HASH_ALG_SHA512) != 0) {
+        Tcg2ConfigInfo->Sha512Supported = TRUE;
+      }
+
       break;
     case TPM_ALG_SM3_256:
-      Tcg2ConfigInfo->Sm3Supported = TRUE;
+      if ((BiosHashAlgBitmap & HASH_ALG_SM3_256) != 0) {
+        Tcg2ConfigInfo->Sm3Supported = TRUE;
+      }
+
       break;
   }
 }
@@ -809,16 +826,17 @@ InstallTcg2ConfigForm (
   IN OUT TCG2_CONFIG_PRIVATE_DATA  *PrivateData
   )
 {
-  EFI_STATUS                      Status;
-  EFI_HII_HANDLE                  HiiHandle;
-  EFI_HANDLE                      DriverHandle;
-  EFI_HII_CONFIG_ACCESS_PROTOCOL  *ConfigAccess;
-  UINTN                           Index;
-  TPML_PCR_SELECTION              Pcrs;
-  CHAR16                          TempBuffer[1024];
-  TCG2_CONFIGURATION_INFO         Tcg2ConfigInfo;
-  TPM2_PTP_INTERFACE_TYPE         TpmDeviceInterfaceDetected;
-  BOOLEAN                         IsCmdImp = FALSE;
+  EFI_STATUS                       Status;
+  EFI_HII_HANDLE                   HiiHandle;
+  EFI_HANDLE                       DriverHandle;
+  EFI_HII_CONFIG_ACCESS_PROTOCOL   *ConfigAccess;
+  UINTN                            Index;
+  TPML_PCR_SELECTION               Pcrs;
+  CHAR16                           TempBuffer[1024];
+  TCG2_CONFIGURATION_INFO          Tcg2ConfigInfo;
+  TPM2_PTP_INTERFACE_TYPE          TpmDeviceInterfaceDetected;
+  BOOLEAN                          IsCmdImp;
+  EFI_TCG2_EVENT_ALGORITHM_BITMAP  BiosHashAlgorithmBitmap;
 
   DriverHandle = NULL;
   ConfigAccess = &PrivateData->ConfigAccess; @@ -879,6 +897,8 @@ InstallTcg2ConfigForm (
       break;
   }
 
+  BiosHashAlgorithmBitmap = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
+
   ZeroMem (&Tcg2ConfigInfo, sizeof (Tcg2ConfigInfo));
   Status = Tpm2GetCapabilityPcrs (&Pcrs);
   if (EFI_ERROR (Status)) {
@@ -897,20 +917,21 @@ InstallTcg2ConfigForm (
     TempBuffer[0] = 0;
     for (Index = 0; Index < Pcrs.count; Index++) {
       AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), Pcrs.pcrSelections[Index].hash);
-      SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash);
+      SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash, 
+ BiosHashAlgorithmBitmap);
     }
 
     HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL);
   }
 
-  Status = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, &IsCmdImp);
+  IsCmdImp = FALSE;
+  Status   = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, &IsCmdImp);
   if (EFI_ERROR (Status)) {
     DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status));
   }
 
   Tcg2ConfigInfo.ChangeEPSSupported = IsCmdImp;
 
-  FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32 (PcdTcg2HashAlgorithmBitmap));
+  FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), 
+ BiosHashAlgorithmBitmap);
   HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_BIOS_HASH_ALGO_CONTENT), TempBuffer, NULL);
 
   //
--
2.29.2.windows.2








-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117228): https://edk2.groups.io/g/devel/message/117228
Mute This Topic: https://groups.io/mt/105005532/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI
  2024-03-29  3:36   ` Kumar, Rahul R
@ 2024-04-10  1:29     ` Xu, Wei6
  0 siblings, 0 replies; 4+ messages in thread
From: Xu, Wei6 @ 2024-04-10  1:29 UTC (permalink / raw)
  To: Kumar, Rahul R, devel@edk2.groups.io; +Cc: Yao, Jiewen

Thanks Rahul for reviewing this patch.
I created a PR with adding Rahul's 'Reviewed-by' in the commit message: https://github.com/tianocore/edk2/pull/5538
Could anyone help to merge it? Thanks a lot.

BR,
Wei

>-----Original Message-----
>From: Kumar, Rahul R <rahul.r.kumar@intel.com>
>Sent: Friday, March 29, 2024 11:36 AM
>To: devel@edk2.groups.io; Xu, Wei6 <wei6.xu@intel.com>
>Cc: Yao, Jiewen <jiewen.yao@intel.com>
>Subject: RE: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS
>unsupported hash algorithm from UI
>
>Looks good.
>Reviewed-by: Rahul Kumar <rahul1.kumar@intel.com>
>
>-----Original Message-----
>From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Xu, Wei6
>Sent: Monday, March 18, 2024 8:41 AM
>To: devel@edk2.groups.io
>Cc: Xu, Wei6 <wei6.xu@intel.com>; Kumar, Rahul R
><rahul.r.kumar@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>
>Subject: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS
>unsupported hash algorithm from UI
>
>REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731
>
>TCG2 configuration UI shows all the hash algorithms that TPM hardware
>supports in the checkbox. If user only selects one algorithm that is supported
>by TPM hardware but not supported by BIOS and uncheck the others, the
>SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able to decide a viable
>PCR to activate, then an assert occurs.
>
>Add check against PcdTcg2HashAlgorithmBitmap when deciding whether to
>suppress the hash algorithm checkbox to avoid user to select the hash
>algorithm which may cause an assert.
>
>Cc: Rahul Kumar <rahul1.kumar@intel.com>
>Cc: Jiewen Yao <jiewen.yao@intel.com>
>Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
>---
> SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 61 ++++++++++++++-------
> 1 file changed, 41 insertions(+), 20 deletions(-)
>
>diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
>b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
>index 6eb04c014448..39b639039525 100644
>--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
>+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c
>@@ -722,33 +722,50 @@ FillBufferWithBootHashAlg (  }
>
> /**
>-  Set ConfigInfo according to TpmAlgHash.
>+  Set ConfigInfo according to TpmAlgHash and BiosHashAlgBitmap.
>
>   @param[in,out] Tcg2ConfigInfo       TCG2 config info.
>   @param[in]     TpmAlgHash           TpmAlgHash.
>+  @param[in]     BiosHashAlgBitmap    Bios Hash Algorithm Bitmap.
>
> **/
> VOID
> SetConfigInfo (
>   IN OUT TCG2_CONFIGURATION_INFO  *Tcg2ConfigInfo,
>-  IN UINT32                       TpmAlgHash
>+  IN UINT32                       TpmAlgHash,
>+  IN UINT32                       BiosHashAlgBitmap
>   )
> {
>   switch (TpmAlgHash) {
>     case TPM_ALG_SHA1:
>-      Tcg2ConfigInfo->Sha1Supported = TRUE;
>+      if ((BiosHashAlgBitmap & HASH_ALG_SHA1) != 0) {
>+        Tcg2ConfigInfo->Sha1Supported = TRUE;
>+      }
>+
>       break;
>     case TPM_ALG_SHA256:
>-      Tcg2ConfigInfo->Sha256Supported = TRUE;
>+      if ((BiosHashAlgBitmap & HASH_ALG_SHA256) != 0) {
>+        Tcg2ConfigInfo->Sha256Supported = TRUE;
>+      }
>+
>       break;
>     case TPM_ALG_SHA384:
>-      Tcg2ConfigInfo->Sha384Supported = TRUE;
>+      if ((BiosHashAlgBitmap & HASH_ALG_SHA384) != 0) {
>+        Tcg2ConfigInfo->Sha384Supported = TRUE;
>+      }
>+
>       break;
>     case TPM_ALG_SHA512:
>-      Tcg2ConfigInfo->Sha512Supported = TRUE;
>+      if ((BiosHashAlgBitmap & HASH_ALG_SHA512) != 0) {
>+        Tcg2ConfigInfo->Sha512Supported = TRUE;
>+      }
>+
>       break;
>     case TPM_ALG_SM3_256:
>-      Tcg2ConfigInfo->Sm3Supported = TRUE;
>+      if ((BiosHashAlgBitmap & HASH_ALG_SM3_256) != 0) {
>+        Tcg2ConfigInfo->Sm3Supported = TRUE;
>+      }
>+
>       break;
>   }
> }
>@@ -809,16 +826,17 @@ InstallTcg2ConfigForm (
>   IN OUT TCG2_CONFIG_PRIVATE_DATA  *PrivateData
>   )
> {
>-  EFI_STATUS                      Status;
>-  EFI_HII_HANDLE                  HiiHandle;
>-  EFI_HANDLE                      DriverHandle;
>-  EFI_HII_CONFIG_ACCESS_PROTOCOL  *ConfigAccess;
>-  UINTN                           Index;
>-  TPML_PCR_SELECTION              Pcrs;
>-  CHAR16                          TempBuffer[1024];
>-  TCG2_CONFIGURATION_INFO         Tcg2ConfigInfo;
>-  TPM2_PTP_INTERFACE_TYPE         TpmDeviceInterfaceDetected;
>-  BOOLEAN                         IsCmdImp = FALSE;
>+  EFI_STATUS                       Status;
>+  EFI_HII_HANDLE                   HiiHandle;
>+  EFI_HANDLE                       DriverHandle;
>+  EFI_HII_CONFIG_ACCESS_PROTOCOL   *ConfigAccess;
>+  UINTN                            Index;
>+  TPML_PCR_SELECTION               Pcrs;
>+  CHAR16                           TempBuffer[1024];
>+  TCG2_CONFIGURATION_INFO          Tcg2ConfigInfo;
>+  TPM2_PTP_INTERFACE_TYPE          TpmDeviceInterfaceDetected;
>+  BOOLEAN                          IsCmdImp;
>+  EFI_TCG2_EVENT_ALGORITHM_BITMAP  BiosHashAlgorithmBitmap;
>
>   DriverHandle = NULL;
>   ConfigAccess = &PrivateData->ConfigAccess; @@ -879,6 +897,8 @@
>InstallTcg2ConfigForm (
>       break;
>   }
>
>+  BiosHashAlgorithmBitmap = PcdGet32 (PcdTcg2HashAlgorithmBitmap);
>+
>   ZeroMem (&Tcg2ConfigInfo, sizeof (Tcg2ConfigInfo));
>   Status = Tpm2GetCapabilityPcrs (&Pcrs);
>   if (EFI_ERROR (Status)) {
>@@ -897,20 +917,21 @@ InstallTcg2ConfigForm (
>     TempBuffer[0] = 0;
>     for (Index = 0; Index < Pcrs.count; Index++) {
>       AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer),
>Pcrs.pcrSelections[Index].hash);
>-      SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash);
>+      SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash,
>+ BiosHashAlgorithmBitmap);
>     }
>
>     HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
>(STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL);
>   }
>
>-  Status = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS,
>&IsCmdImp);
>+  IsCmdImp = FALSE;
>+  Status   = Tpm2GetCapabilityIsCommandImplemented
>(TPM_CC_ChangeEPS, &IsCmdImp);
>   if (EFI_ERROR (Status)) {
>     DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n",
>Status));
>   }
>
>   Tcg2ConfigInfo.ChangeEPSSupported = IsCmdImp;
>
>-  FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32
>(PcdTcg2HashAlgorithmBitmap));
>+  FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer),
>+ BiosHashAlgorithmBitmap);
>   HiiSetString (PrivateData->HiiHandle, STRING_TOKEN
>(STR_BIOS_HASH_ALGO_CONTENT), TempBuffer, NULL);
>
>   //
>--
>2.29.2.windows.2
>
>
>
>
>



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#117559): https://edk2.groups.io/g/devel/message/117559
Mute This Topic: https://groups.io/mt/105005532/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-04-10  1:29 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <cover.1710775554.git.wei6.xu@intel.com>
2024-03-18 15:41 ` [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI Xu, Wei6
2024-03-29  3:33   ` rahul.r.kumar
     [not found] ` <17BDE62823C9261A.11133@groups.io>
2024-03-29  3:36   ` Kumar, Rahul R
2024-04-10  1:29     ` Xu, Wei6

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox