From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail03.groups.io (mail03.groups.io [45.79.227.220]) by spool.mail.gandi.net (Postfix) with ESMTPS id 3DBA378003C for ; Fri, 12 Apr 2024 07:14:51 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=CHU7zrcizCq1YucnLNpu6YshpW7hFfvsYltPRxIV2f4=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1712906089; v=1; b=AdCuvjXvCUU8E75vm9ZpL1puPiXN3olbC7lNACocTH4KzXRbjMZ3PaLmvps7GMUrEuaDI3gi q33wre77+iViqNAZqi0SwZo7hUQhbbfQFxMgEKm9W4n31Eon0xv4nvfHI2xPPkqDsUsSoazd/oe nhApVHjPP/RlIp2nux49oT7CEr794Hmb87p8+XaRxMM8cwwsU2Gh6uOUKBnMPvI+ZS+/1BsMIaw 279ff1jskhRVKdYsv+63yQB8WNkD5eguubM/JgzaH5HQSesATfjWHPUfhpMGwsw1w8T3P6o87Zz XOrf/GeAObcZBzP1cl5zB1HjYSgNEiWgTP+TOXitshPEQ== X-Received: by 127.0.0.2 with SMTP id 6t62YY7687511xynEw0wF8Sa; Fri, 12 Apr 2024 00:14:49 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) by mx.groups.io with SMTP id smtpd.web11.40836.1712906085762232201 for ; Fri, 12 Apr 2024 00:14:49 -0700 X-CSE-ConnectionGUID: Qa5Dgg4iRguUD6RekpdXeA== X-CSE-MsgGUID: bEcLbt8iQ/SfGnzwtm4v4A== X-IronPort-AV: E=McAfee;i="6600,9927,11041"; a="8529187" X-IronPort-AV: E=Sophos;i="6.07,195,1708416000"; d="scan'208";a="8529187" X-Received: from orviesa009.jf.intel.com ([10.64.159.149]) by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Apr 2024 00:14:49 -0700 X-CSE-ConnectionGUID: sm5+xLoISB2xP770o9R8zA== X-CSE-MsgGUID: +YeterJ4QrivekEhBhC+ug== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,195,1708416000"; d="scan'208";a="21114412" X-Received: from shpfwdbuild003.ccr.corp.intel.com ([10.239.56.82]) by orviesa009.jf.intel.com with ESMTP; 12 Apr 2024 00:14:48 -0700 From: "Xu, Wei6" To: devel@edk2.groups.io Cc: Wei6 Xu , Rahul Kumar , Jiewen Yao Subject: [edk2-devel] [PATCH v2 1/1] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI Date: Fri, 12 Apr 2024 15:14:40 +0800 Message-Id: <5d0cae0a83edd296cf084398820feffaff8b89d0.1712904739.git.wei6.xu@intel.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 12 Apr 2024 00:14:49 -0700 Resent-From: wei6.xu@intel.com Reply-To: devel@edk2.groups.io,wei6.xu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: h3rCxAkZd90Wsd2jOqAKFknkx7686176AA= Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=AdCuvjXv; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.227.220 as permitted sender) smtp.mailfrom=bounce@groups.io REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4731 TCG2 configuration UI shows all the hash algorithms that TPM hardware supports in the checkbox. If user only selects one algorithm that is supported by TPM hardware but not supported by BIOS and uncheck the others, the SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able to decide a viable PCR to activate, then an assert occurs. Add check against PcdTcg2HashAlgorithmBitmap when deciding whether to suppress the hash algorithm checkbox to avoid user to select the hash algorithm which may cause an assert. Cc: Rahul Kumar Cc: Jiewen Yao Signed-off-by: Wei6 Xu Reviewed-by: Rahul Kumar --- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 61 ++++++++++++++------- 1 file changed, 41 insertions(+), 20 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c index 6eb04c014448..aec7a903cf89 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -722,33 +722,50 @@ FillBufferWithBootHashAlg ( } /** - Set ConfigInfo according to TpmAlgHash. + Set ConfigInfo according to TpmAlgHash and Tcg2HashAlgBitmap. @param[in,out] Tcg2ConfigInfo TCG2 config info. @param[in] TpmAlgHash TpmAlgHash. + @param[in] Tcg2HashAlgBitmap TCG2 Hash Algorithm Bitmap. **/ VOID SetConfigInfo ( IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo, - IN UINT32 TpmAlgHash + IN UINT32 TpmAlgHash, + IN UINT32 Tcg2HashAlgBitmap ) { switch (TpmAlgHash) { case TPM_ALG_SHA1: - Tcg2ConfigInfo->Sha1Supported = TRUE; + if ((Tcg2HashAlgBitmap & HASH_ALG_SHA1) != 0) { + Tcg2ConfigInfo->Sha1Supported = TRUE; + } + break; case TPM_ALG_SHA256: - Tcg2ConfigInfo->Sha256Supported = TRUE; + if ((Tcg2HashAlgBitmap & HASH_ALG_SHA256) != 0) { + Tcg2ConfigInfo->Sha256Supported = TRUE; + } + break; case TPM_ALG_SHA384: - Tcg2ConfigInfo->Sha384Supported = TRUE; + if ((Tcg2HashAlgBitmap & HASH_ALG_SHA384) != 0) { + Tcg2ConfigInfo->Sha384Supported = TRUE; + } + break; case TPM_ALG_SHA512: - Tcg2ConfigInfo->Sha512Supported = TRUE; + if ((Tcg2HashAlgBitmap & HASH_ALG_SHA512) != 0) { + Tcg2ConfigInfo->Sha512Supported = TRUE; + } + break; case TPM_ALG_SM3_256: - Tcg2ConfigInfo->Sm3Supported = TRUE; + if ((Tcg2HashAlgBitmap & HASH_ALG_SM3_256) != 0) { + Tcg2ConfigInfo->Sm3Supported = TRUE; + } + break; } } @@ -809,16 +826,17 @@ InstallTcg2ConfigForm ( IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData ) { - EFI_STATUS Status; - EFI_HII_HANDLE HiiHandle; - EFI_HANDLE DriverHandle; - EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; - UINTN Index; - TPML_PCR_SELECTION Pcrs; - CHAR16 TempBuffer[1024]; - TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; - TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; - BOOLEAN IsCmdImp = FALSE; + EFI_STATUS Status; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; + UINTN Index; + TPML_PCR_SELECTION Pcrs; + CHAR16 TempBuffer[1024]; + TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; + TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; + BOOLEAN IsCmdImp; + EFI_TCG2_EVENT_ALGORITHM_BITMAP Tcg2HashAlgorithmBitmap; DriverHandle = NULL; ConfigAccess = &PrivateData->ConfigAccess; @@ -879,6 +897,8 @@ InstallTcg2ConfigForm ( break; } + Tcg2HashAlgorithmBitmap = PcdGet32 (PcdTcg2HashAlgorithmBitmap); + ZeroMem (&Tcg2ConfigInfo, sizeof (Tcg2ConfigInfo)); Status = Tpm2GetCapabilityPcrs (&Pcrs); if (EFI_ERROR (Status)) { @@ -897,20 +917,21 @@ InstallTcg2ConfigForm ( TempBuffer[0] = 0; for (Index = 0; Index < Pcrs.count; Index++) { AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), Pcrs.pcrSelections[Index].hash); - SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash); + SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash, Tcg2HashAlgorithmBitmap); } HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL); } - Status = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, &IsCmdImp); + IsCmdImp = FALSE; + Status = Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, &IsCmdImp); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status)); } Tcg2ConfigInfo.ChangeEPSSupported = IsCmdImp; - FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32 (PcdTcg2HashAlgorithmBitmap)); + FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), Tcg2HashAlgorithmBitmap); HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_BIOS_HASH_ALGO_CONTENT), TempBuffer, NULL); // -- 2.29.2.windows.2 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117645): https://edk2.groups.io/g/devel/message/117645 Mute This Topic: https://groups.io/mt/105478366/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-