From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id A91B581F9C for ; Wed, 25 Jan 2017 18:29:19 -0800 (PST) Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga102.fm.intel.com with ESMTP; 25 Jan 2017 18:29:19 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,287,1477983600"; d="scan'208";a="813411801" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by FMSMGA003.fm.intel.com with ESMTP; 25 Jan 2017 18:29:19 -0800 Received: from fmsmsx116.amr.corp.intel.com (10.18.116.20) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 25 Jan 2017 18:29:19 -0800 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by fmsmsx116.amr.corp.intel.com (10.18.116.20) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 25 Jan 2017 18:29:18 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.88]) by SHSMSX104.ccr.corp.intel.com ([10.239.4.70]) with mapi id 14.03.0248.002; Thu, 26 Jan 2017 10:29:16 +0800 From: "Yao, Jiewen" To: "Zeng, Star" , "edk2-devel@lists.01.org" CC: "Zhang, Chao B" Thread-Topic: [PATCH] SecurityPkg HashLibRouter: Avoid incorrect PcdTcg2HashAlgorithmBitmap Thread-Index: AQHSdimfaON0nfsXg0utM0Ey9IEg66FKC4WQ Date: Thu, 26 Jan 2017 02:29:16 +0000 Message-ID: <74D8A39837DF1E4DA445A8C0B3885C503A8E5AD6@shsmsx102.ccr.corp.intel.com> References: <1485252410-17656-1-git-send-email-star.zeng@intel.com> In-Reply-To: <1485252410-17656-1-git-send-email-star.zeng@intel.com> Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [PATCH] SecurityPkg HashLibRouter: Avoid incorrect PcdTcg2HashAlgorithmBitmap X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2017 02:29:19 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Good feature to catch mis-configuration. Reviewed-by: Jiewen.yao@intel.com > -----Original Message----- > From: Zeng, Star > Sent: Tuesday, January 24, 2017 6:07 PM > To: edk2-devel@lists.01.org > Cc: Zeng, Star ; Yao, Jiewen ; > Zhang, Chao B > Subject: [PATCH] SecurityPkg HashLibRouter: Avoid incorrect > PcdTcg2HashAlgorithmBitmap >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D244 >=20 > Currently, when software HashLib (HashLibBaseCryptoRouter) and related > HashInstanceLib instances are used, PcdTcg2HashAlgorithmBitmap is > expected to be configured to 0 in platform dsc. > But PcdTcg2HashAlgorithmBitmap has default value 0xFFFFFFFF in > SecurityPkg.dec, and some platforms forget to configure it to 0 or > still configure it to 0xFFFFFFFF in platform dsc, that will make final > PcdTcg2HashAlgorithmBitmap value incorrect. >=20 > This patch is to add CONSTRUCTOR in HashLib (HashLibBaseCryptoRouter) > and PcdTcg2HashAlgorithmBitmap will be set to 0 in the CONSTRUCTOR. >=20 > Current HASH_LIB_PEI_ROUTER_GUID HOB created in > HashLibBaseCryptoRouterPei is shared between modules that links > HashLibBaseCryptoRouterPei. > To avoid mutual interference, separated HASH_LIB_PEI_ROUTER_GUID HOBs > with gEfiCallerIdGuid Identifier will be created for those modules. >=20 > This patch is also to add check in HashLib (HashLibBaseCryptoRouter) > for the mismatch of supported HashMask between modules that may link > different HashInstanceLib instances, warning will be reported if > mismatch is found. >=20 > Cc: Yao Jiewen > Cc: Chao Zhang > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Star Zeng > --- > .../HashLibBaseCryptoRouterDxe.c | 80 ++++++++- > .../HashLibBaseCryptoRouterDxe.inf | 3 +- > .../HashLibBaseCryptoRouterPei.c | 190 > +++++++++++++++++---- > .../HashLibBaseCryptoRouterPei.inf | 8 +- > SecurityPkg/SecurityPkg.dec | 4 + > SecurityPkg/SecurityPkg.uni | 8 +- > 6 files changed, 254 insertions(+), 39 deletions(-) >=20 > diff --git > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe. > c > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe. > c > index 3250c3a01a0c..4775cfee2d7a 100644 > --- > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe. > c > +++ > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe. > c > @@ -3,7 +3,7 @@ > hash handler registerd, such as SHA1, SHA256. > Platform can use PcdTpm2HashMask to mask some hash engines. >=20 > -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e found > at > @@ -28,6 +28,30 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY > KIND, EITHER EXPRESS OR IMPLIED. > HASH_INTERFACE mHashInterface[HASH_COUNT] =3D {{{0}, NULL, NULL, > NULL}}; > UINTN mHashInterfaceCount =3D 0; >=20 > +UINT32 mSupportedHashMaskLast =3D 0; > +UINT32 mSupportedHashMaskCurrent =3D 0; > + > +/** > + Check mismatch of supported HashMask between modules > + that may link different HashInstanceLib instances. > + > +**/ > +VOID > +CheckSupportedHashMaskMismatch ( > + VOID > + ) > +{ > + if (mSupportedHashMaskCurrent !=3D mSupportedHashMaskLast) { > + DEBUG (( > + DEBUG_WARN, > + "WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) > between modules\n", > + mSupportedHashMaskCurrent, > + mSupportedHashMaskLast > + )); > + DEBUG ((DEBUG_WARN, "that are linking different HashInstanceLib > instances!\n")); > + } > +} > + > /** > Start hash sequence. >=20 > @@ -50,6 +74,8 @@ HashStart ( > return EFI_UNSUPPORTED; > } >=20 > + CheckSupportedHashMaskMismatch (); > + > HashCtx =3D AllocatePool (sizeof(*HashCtx) * mHashInterfaceCount); > ASSERT (HashCtx !=3D NULL); >=20 > @@ -90,6 +116,8 @@ HashUpdate ( > return EFI_UNSUPPORTED; > } >=20 > + CheckSupportedHashMaskMismatch (); > + > HashCtx =3D (HASH_HANDLE *)HashHandle; >=20 > for (Index =3D 0; Index < mHashInterfaceCount; Index++) { > @@ -133,6 +161,8 @@ HashCompleteAndExtend ( > return EFI_UNSUPPORTED; > } >=20 > + CheckSupportedHashMaskMismatch (); > + > HashCtx =3D (HASH_HANDLE *)HashHandle; > ZeroMem (DigestList, sizeof(*DigestList)); >=20 > @@ -180,6 +210,8 @@ HashAndExtend ( > return EFI_UNSUPPORTED; > } >=20 > + CheckSupportedHashMaskMismatch (); > + > HashStart (&HashHandle); > HashUpdate (HashHandle, DataToHash, DataToHashLen); > Status =3D HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, > DigestList); > @@ -204,7 +236,6 @@ RegisterHashInterfaceLib ( > { > UINTN Index; > UINT32 HashMask; > - UINT32 BiosSupportedHashMask; > EFI_STATUS Status; >=20 > // > @@ -218,21 +249,58 @@ RegisterHashInterfaceLib ( > if (mHashInterfaceCount >=3D > sizeof(mHashInterface)/sizeof(mHashInterface[0])) { > return EFI_OUT_OF_RESOURCES; > } > - BiosSupportedHashMask =3D PcdGet32 (PcdTcg2HashAlgorithmBitmap); > - Status =3D PcdSet32S (PcdTcg2HashAlgorithmBitmap, BiosSupportedHashMas= k | > HashMask); > - ASSERT_EFI_ERROR (Status); >=20 > // > // Check duplication > // > for (Index =3D 0; Index < mHashInterfaceCount; Index++) { > if (CompareGuid (&mHashInterface[Index].HashGuid, > &HashInterface->HashGuid)) { > + DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n"))= ; > return EFI_ALREADY_STARTED; > } > } >=20 > + // > + // Record hash algorithm bitmap of CURRENT module which consumes > HashLib. > + // > + mSupportedHashMaskCurrent =3D PcdGet32 (PcdTcg2HashAlgorithmBitmap) | > HashMask; > + Status =3D PcdSet32S (PcdTcg2HashAlgorithmBitmap, > mSupportedHashMaskCurrent); > + ASSERT_EFI_ERROR (Status); > + > CopyMem (&mHashInterface[mHashInterfaceCount], HashInterface, > sizeof(*HashInterface)); > mHashInterfaceCount ++; >=20 > return EFI_SUCCESS; > -} > \ No newline at end of file > +} > + > +/** > + The constructor function of HashLibBaseCryptoRouterDxe. > + > + @param ImageHandle The firmware allocated handle for the EFI image. > + @param SystemTable A pointer to the EFI System Table. > + > + @retval EFI_SUCCESS The constructor executed correctly. > + > +**/ > +EFI_STATUS > +EFIAPI > +HashLibBaseCryptoRouterDxeConstructor ( > + IN EFI_HANDLE ImageHandle, > + IN EFI_SYSTEM_TABLE *SystemTable > + ) > +{ > + EFI_STATUS Status; > + > + // > + // Record hash algorithm bitmap of LAST module which also consumes > HashLib. > + // > + mSupportedHashMaskLast =3D PcdGet32 (PcdTcg2HashAlgorithmBitmap); > + > + // > + // Set PcdTcg2HashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT > module. > + // > + Status =3D PcdSet32S (PcdTcg2HashAlgorithmBitmap, 0); > + ASSERT_EFI_ERROR (Status); > + > + return EFI_SUCCESS; > +} > diff --git > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.= i > nf > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.= i > nf > index c4e40d47d998..6e660d4f14f8 100644 > --- > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.= i > nf > +++ > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterDxe.= i > nf > @@ -5,7 +5,7 @@ > # hash handler registered, such as SHA1, SHA256. Platform can use > PcdTpm2HashMask to > # mask some hash engines. > # > -# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
> +# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
> # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the = BSD > License > # which accompanies this distribution. The full text of the license may = be found > at > @@ -23,6 +23,7 @@ [Defines] > MODULE_TYPE =3D DXE_DRIVER > VERSION_STRING =3D 1.0 > LIBRARY_CLASS =3D HashLib|DXE_DRIVER > DXE_RUNTIME_DRIVER DXE_SAL_DRIVER DXE_SMM_DRIVER > UEFI_APPLICATION UEFI_DRIVER > + CONSTRUCTOR =3D > HashLibBaseCryptoRouterDxeConstructor >=20 > # > # The following information is for reference only and not required by th= e build > tools. > diff --git > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= c > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= c > index a4fc0c6595d8..3ed56f337942 100644 > --- > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= c > +++ > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= c > @@ -3,7 +3,7 @@ > hash handler registerd, such as SHA1, SHA256. > Platform can use PcdTpm2HashMask to mask some hash engines. >=20 > -Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
> +Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
> This program and the accompanying materials > are licensed and made available under the terms and conditions of the BS= D > License > which accompanies this distribution. The full text of the license may b= e found > at > @@ -23,6 +23,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, > EITHER EXPRESS OR IMPLIED. > #include > #include > #include > +#include >=20 > #include "HashLibBaseCryptoRouterCommon.h" >=20 > @@ -32,27 +33,95 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY > KIND, EITHER EXPRESS OR IMPLIED. > EFI_GUID mHashLibPeiRouterGuid =3D HASH_LIB_PEI_ROUTER_GUID; >=20 > typedef struct { > + // > + // If gZeroGuid, SupportedHashMask is 0 for FIRST module which consume= s > HashLib > + // or the hash algorithm bitmap of LAST module which consumes HashLi= b. > + // HashInterfaceCount and HashInterface are all 0. > + // If gEfiCallerIdGuid, HashInterfaceCount, HashInterface and > SupportedHashMask > + // are the hash interface information of CURRENT module which consum= es > HashLib. > + // > + EFI_GUID Identifier; > UINTN HashInterfaceCount; > HASH_INTERFACE HashInterface[HASH_COUNT]; > + UINT32 SupportedHashMask; > } HASH_INTERFACE_HOB; >=20 > /** > - This function get hash interface. > + This function gets hash interface hob. > + > + @param Identifier Identifier to get hash interface hob. > + > + @retval hash interface hob. > +**/ > +HASH_INTERFACE_HOB * > +InternalGetHashInterfaceHob ( > + EFI_GUID *Identifier > + ) > +{ > + EFI_PEI_HOB_POINTERS Hob; > + HASH_INTERFACE_HOB *HashInterfaceHob; > + > + Hob.Raw =3D GetFirstGuidHob (&mHashLibPeiRouterGuid); > + while (Hob.Raw !=3D NULL) { > + HashInterfaceHob =3D GET_GUID_HOB_DATA (Hob); > + if (CompareGuid (&HashInterfaceHob->Identifier, Identifier)) { > + // > + // Found the matched one. > + // > + return HashInterfaceHob; > + } > + Hob.Raw =3D GET_NEXT_HOB (Hob); > + Hob.Raw =3D GetNextGuidHob (&mHashLibPeiRouterGuid, Hob.Raw); > + } > + return NULL; > +} > + > +/** > + This function creates hash interface hob. >=20 > - @retval hash interface. > + @param Identifier Identifier to create hash interface hob. > + > + @retval hash interface hob. > **/ > HASH_INTERFACE_HOB * > -InternalGetHashInterface ( > - VOID > +InternalCreateHashInterfaceHob ( > + EFI_GUID *Identifier > ) > { > - EFI_HOB_GUID_TYPE *Hob; > + HASH_INTERFACE_HOB LocalHashInterfaceHob; > + > + ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob)); > + CopyGuid (&LocalHashInterfaceHob.Identifier, Identifier); > + return BuildGuidDataHob (&mHashLibPeiRouterGuid, > &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob)); > +} >=20 > - Hob =3D GetFirstGuidHob (&mHashLibPeiRouterGuid); > - if (Hob =3D=3D NULL) { > - return NULL; > +/** > + Check mismatch of supported HashMask between modules > + that may link different HashInstanceLib instances. > + > + @param HashInterfaceHobCurrent Pointer to hash interface hob for > CURRENT module. > + > +**/ > +VOID > +CheckSupportedHashMaskMismatch ( > + IN HASH_INTERFACE_HOB *HashInterfaceHobCurrent > + ) > +{ > + HASH_INTERFACE_HOB *HashInterfaceHobLast; > + > + HashInterfaceHobLast =3D InternalGetHashInterfaceHob (&gZeroGuid); > + ASSERT (HashInterfaceHobLast !=3D NULL); > + > + if ((HashInterfaceHobLast->SupportedHashMask !=3D 0) && > + (HashInterfaceHobCurrent->SupportedHashMask !=3D > HashInterfaceHobLast->SupportedHashMask)) { > + DEBUG (( > + DEBUG_WARN, > + "WARNING: There is mismatch of supported HashMask (0x%x - 0x%x) > between modules\n", > + HashInterfaceHobCurrent->SupportedHashMask, > + HashInterfaceHobLast->SupportedHashMask > + )); > + DEBUG ((DEBUG_WARN, "that are linking different HashInstanceLib > instances!\n")); > } > - return (HASH_INTERFACE_HOB *)(Hob + 1); > } >=20 > /** > @@ -74,7 +143,7 @@ HashStart ( > UINTN Index; > UINT32 HashMask; >=20 > - HashInterfaceHob =3D InternalGetHashInterface (); > + HashInterfaceHob =3D InternalGetHashInterfaceHob (&gEfiCallerIdGuid); > if (HashInterfaceHob =3D=3D NULL) { > return EFI_UNSUPPORTED; > } > @@ -83,6 +152,8 @@ HashStart ( > return EFI_UNSUPPORTED; > } >=20 > + CheckSupportedHashMaskMismatch (HashInterfaceHob); > + > HashCtx =3D AllocatePool (sizeof(*HashCtx) * > HashInterfaceHob->HashInterfaceCount); > ASSERT (HashCtx !=3D NULL); >=20 > @@ -120,7 +191,7 @@ HashUpdate ( > UINTN Index; > UINT32 HashMask; >=20 > - HashInterfaceHob =3D InternalGetHashInterface (); > + HashInterfaceHob =3D InternalGetHashInterfaceHob (&gEfiCallerIdGuid); > if (HashInterfaceHob =3D=3D NULL) { > return EFI_UNSUPPORTED; > } > @@ -129,6 +200,8 @@ HashUpdate ( > return EFI_UNSUPPORTED; > } >=20 > + CheckSupportedHashMaskMismatch (HashInterfaceHob); > + > HashCtx =3D (HASH_HANDLE *)HashHandle; >=20 > for (Index =3D 0; Index < HashInterfaceHob->HashInterfaceCount; Index+= +) { > @@ -169,7 +242,7 @@ HashCompleteAndExtend ( > EFI_STATUS Status; > UINT32 HashMask; >=20 > - HashInterfaceHob =3D InternalGetHashInterface (); > + HashInterfaceHob =3D InternalGetHashInterfaceHob (&gEfiCallerIdGuid); > if (HashInterfaceHob =3D=3D NULL) { > return EFI_UNSUPPORTED; > } > @@ -178,6 +251,8 @@ HashCompleteAndExtend ( > return EFI_UNSUPPORTED; > } >=20 > + CheckSupportedHashMaskMismatch (HashInterfaceHob); > + > HashCtx =3D (HASH_HANDLE *)HashHandle; > ZeroMem (DigestList, sizeof(*DigestList)); >=20 > @@ -222,7 +297,7 @@ HashAndExtend ( > HASH_HANDLE HashHandle; > EFI_STATUS Status; >=20 > - HashInterfaceHob =3D InternalGetHashInterface (); > + HashInterfaceHob =3D InternalGetHashInterfaceHob (&gEfiCallerIdGuid); > if (HashInterfaceHob =3D=3D NULL) { > return EFI_UNSUPPORTED; > } > @@ -231,6 +306,8 @@ HashAndExtend ( > return EFI_UNSUPPORTED; > } >=20 > + CheckSupportedHashMaskMismatch (HashInterfaceHob); > + > HashStart (&HashHandle); > HashUpdate (HashHandle, DataToHash, DataToHashLen); > Status =3D HashCompleteAndExtend (HashHandle, PcrIndex, NULL, 0, > DigestList); > @@ -255,9 +332,7 @@ RegisterHashInterfaceLib ( > { > UINTN Index; > HASH_INTERFACE_HOB *HashInterfaceHob; > - HASH_INTERFACE_HOB LocalHashInterfaceHob; > UINT32 HashMask; > - UINT32 BiosSupportedHashMask; > EFI_STATUS Status; >=20 > // > @@ -268,10 +343,9 @@ RegisterHashInterfaceLib ( > return EFI_UNSUPPORTED; > } >=20 > - HashInterfaceHob =3D InternalGetHashInterface (); > + HashInterfaceHob =3D InternalGetHashInterfaceHob (&gEfiCallerIdGuid); > if (HashInterfaceHob =3D=3D NULL) { > - ZeroMem (&LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob)); > - HashInterfaceHob =3D BuildGuidDataHob (&mHashLibPeiRouterGuid, > &LocalHashInterfaceHob, sizeof(LocalHashInterfaceHob)); > + HashInterfaceHob =3D InternalCreateHashInterfaceHob (&gEfiCallerIdGu= id); > if (HashInterfaceHob =3D=3D NULL) { > return EFI_OUT_OF_RESOURCES; > } > @@ -280,26 +354,84 @@ RegisterHashInterfaceLib ( > if (HashInterfaceHob->HashInterfaceCount >=3D HASH_COUNT) { > return EFI_OUT_OF_RESOURCES; > } > - BiosSupportedHashMask =3D PcdGet32 (PcdTcg2HashAlgorithmBitmap); > - Status =3D PcdSet32S (PcdTcg2HashAlgorithmBitmap, BiosSupportedHashMas= k | > HashMask); > - ASSERT_EFI_ERROR (Status); >=20 > // > // Check duplication > // > for (Index =3D 0; Index < HashInterfaceHob->HashInterfaceCount; Index+= +) { > if (CompareGuid (&HashInterfaceHob->HashInterface[Index].HashGuid, > &HashInterface->HashGuid)) { > - // > - // In PEI phase, there will be shadow driver dispatched again. > - // > - DEBUG ((EFI_D_INFO, "RegisterHashInterfaceLib - Override\n")); > - CopyMem (&HashInterfaceHob->HashInterface[Index], HashInterface, > sizeof(*HashInterface)); > - return EFI_SUCCESS; > + DEBUG ((DEBUG_ERROR, "Hash Interface (%g) has been registered\n"))= ; > + return EFI_ALREADY_STARTED; > } > } >=20 > + // > + // Record hash algorithm bitmap of CURRENT module which consumes > HashLib. > + // > + HashInterfaceHob->SupportedHashMask =3D PcdGet32 > (PcdTcg2HashAlgorithmBitmap) | HashMask; > + Status =3D PcdSet32S (PcdTcg2HashAlgorithmBitmap, > HashInterfaceHob->SupportedHashMask); > + ASSERT_EFI_ERROR (Status); > + > CopyMem > (&HashInterfaceHob->HashInterface[HashInterfaceHob->HashInterfaceCount], > HashInterface, sizeof(*HashInterface)); > HashInterfaceHob->HashInterfaceCount ++; >=20 > return EFI_SUCCESS; > -} > \ No newline at end of file > +} > + > +/** > + The constructor function of HashLibBaseCryptoRouterPei. > + > + @param FileHandle The handle of FFS header the loaded driver. > + @param PeiServices The pointer to the PEI services. > + > + @retval EFI_SUCCESS The constructor executes successfully. > + @retval EFI_OUT_OF_RESOURCES There is no enough resource for the > constructor. > + > +**/ > +EFI_STATUS > +EFIAPI > +HashLibBaseCryptoRouterPeiConstructor ( > + IN EFI_PEI_FILE_HANDLE FileHandle, > + IN CONST EFI_PEI_SERVICES **PeiServices > + ) > +{ > + EFI_STATUS Status; > + HASH_INTERFACE_HOB *HashInterfaceHob; > + > + HashInterfaceHob =3D InternalGetHashInterfaceHob (&gZeroGuid); > + if (HashInterfaceHob =3D=3D NULL) { > + // > + // No HOB with gZeroGuid Identifier has been created, > + // this is FIRST module which consumes HashLib. > + // Create the HOB with gZeroGuid Identifier. > + // > + HashInterfaceHob =3D InternalCreateHashInterfaceHob (&gZeroGuid); > + if (HashInterfaceHob =3D=3D NULL) { > + return EFI_OUT_OF_RESOURCES; > + } > + } else { > + // > + // Record hash algorithm bitmap of LAST module which also consumes > HashLib. > + // > + HashInterfaceHob->SupportedHashMask =3D PcdGet32 > (PcdTcg2HashAlgorithmBitmap); > + } > + > + HashInterfaceHob =3D InternalGetHashInterfaceHob (&gEfiCallerIdGuid); > + if (HashInterfaceHob !=3D NULL) { > + // > + // In PEI phase, some modules may call RegisterForShadow and will be > + // shadowed and executed again after memory is discovered. > + // This is the second execution of this module, clear the hash inter= face > + // information registered at its first execution. > + // > + ZeroMem (&HashInterfaceHob->HashInterface, sizeof (*HashInterfaceHob= ) > - sizeof (EFI_GUID)); > + } > + > + // > + // Set PcdTcg2HashAlgorithmBitmap to 0 in CONSTRUCTOR for CURRENT > module. > + // > + Status =3D PcdSet32S (PcdTcg2HashAlgorithmBitmap, 0); > + ASSERT_EFI_ERROR (Status); > + > + return EFI_SUCCESS; > +} > diff --git > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= i > nf > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= i > nf > index f5ca5d4635d8..eebf90e2ef40 100644 > --- > a/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= i > nf > +++ > b/SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCryptoRouterPei.= i > nf > @@ -5,7 +5,7 @@ > # hash handler registered, such as SHA1, SHA256. Platform can use > PcdTpm2HashMask to > # mask some hash engines. > # > -# Copyright (c) 2013 - 2016, Intel Corporation. All rights reserved.
> +# Copyright (c) 2013 - 2017, Intel Corporation. All rights reserved.
> # This program and the accompanying materials > # are licensed and made available under the terms and conditions of the = BSD > License > # which accompanies this distribution. The full text of the license may = be found > at > @@ -23,6 +23,7 @@ [Defines] > MODULE_TYPE =3D PEIM > VERSION_STRING =3D 1.0 > LIBRARY_CLASS =3D HashLib|PEIM > + CONSTRUCTOR =3D > HashLibBaseCryptoRouterPeiConstructor >=20 > # > # The following information is for reference only and not required by th= e build > tools. > @@ -38,6 +39,7 @@ [Sources] > [Packages] > MdePkg/MdePkg.dec > SecurityPkg/SecurityPkg.dec > + MdeModulePkg/MdeModulePkg.dec >=20 > [LibraryClasses] > BaseLib > @@ -48,6 +50,10 @@ [LibraryClasses] > PcdLib > HobLib >=20 > +[Guids] > + ## CONSUMES ## GUID > + gZeroGuid > + > [Pcd] > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask ## > CONSUMES > ## SOMETIMES_CONSUMES > diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec > index 0c64d25b0cbc..88154611ae9c 100644 > --- a/SecurityPkg/SecurityPkg.dec > +++ b/SecurityPkg/SecurityPkg.dec > @@ -458,6 +458,10 @@ [PcdsDynamic, PcdsDynamicEx] > ## This PCD indicated final BIOS supported Hash mask. > # Bios may choose to register a subset of PcdTpm2HashMask. > # So this PCD is final value of how many hash algo is extended to P= CR. > + # If software HashLib(HashLibBaseCryptoRouter) solution is chosen, thi= s PCD > + # has no need to be configured in platform dsc and will be set to corr= ect > + # value by the HashLib instance according to the HashInstanceLib insta= nces > + # linked, and the value of this PCD should be got in module entrypoint= . > # @Prompt Hash Algorithm bitmap. >=20 > gEfiSecurityPkgTokenSpaceGuid.PcdTcg2HashAlgorithmBitmap|0xFFFFFFFF|UINT > 32|0x00010016 >=20 > diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni > index 17d36c0d6014..126351624056 100644 > --- a/SecurityPkg/SecurityPkg.uni > +++ b/SecurityPkg/SecurityPkg.uni > @@ -191,7 +191,11 @@ >=20 > #string > STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcg2HashAlgorithmBitmap_HELP > #language en-US "This PCD indicated final BIOS supported Hash mask.\n" >=20 > "Bios may choose to register a subset of PcdTpm2HashMask.\n" > - > "So this PCD is final value of how many hash algo is extended to PCR." > + > "So this PCD is final value of how many hash algo is extended to PCR.\n" > + > "If software HashLib(HashLibBaseCryptoRouter) solution is chosen, this PC= D\n" > + > "has no need to be configured in platform dsc and will be set to correct\= n" > + > "value by the HashLib instance according to the HashInstanceLib instances= \n" > + > "linked, and the value of this PCD should be got in module entrypoint." >=20 > #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTcgLogAreaMinLen_PROMPT > #language en-US "Minimum length(in bytes) of the system preboot TCG event > log area(LAML)." >=20 > @@ -233,4 +237,4 @@ > #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableRev_HELP > #language en-US "This PCD defines initial revision of TPM2 ACPI table\n" >=20 > "To support configuring from setup page, this PCD can be DynamicHii type = and > map to a setup option.
\n" >=20 > "For example, map to TCG2_VERSION.Tpm2AcpiTableRev to be configured by > Tcg2ConfigDxe driver.
\n" > - > "gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L\"TCG2_VERSION\"|gT > cg2ConfigFormSetGuid|0x8|3|NV,BS
" > \ No newline at end of file > + > "gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L\"TCG2_VERSION\"|gT > cg2ConfigFormSetGuid|0x8|3|NV,BS
" > -- > 2.7.0.windows.1