Re: [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Kubacki, Michael A" <michael.a.kubacki@intel.com>
To: "Gonzalez Del Cueto,
	Rodrigo" <rodrigo.gonzalez.del.cueto@intel.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Chiu, Chasel" <chasel.chiu@intel.com>,
	"Desimone, Nathaniel L" <nathaniel.l.desimone@intel.com>,
	"Gao, Liming" <liming.gao@intel.com>
Subject: Re: [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib
Date: Thu, 14 Nov 2019 23:19:51 +0000	[thread overview]
Message-ID: <BY5PR11MB44840FCBBD5A5618C782E539B5710@BY5PR11MB4484.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20191114210510.1736-3-rodrigo.gonzalez.del.cueto@intel.com>

Reviewed-by: Michael Kubacki <michael.a.kubacki@intel.com>

> -----Original Message-----
> From: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>
> Sent: Thursday, November 14, 2019 1:05 PM
> To: devel@edk2.groups.io.
> Cc: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>;
> Kubacki, Michael A <michael.a.kubacki@intel.com>; Chiu, Chasel
> <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Gao, Liming <liming.gao@intel.com>
> Subject: [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe
> to use TpmPlatformHierarchyLib
> 
> This change is split into two commits:
>   1) First commit: Add new library class TpmPlatformHierarchyLib
>   2) This commit: Add usage in Tcg2PlatformDxe
> 
> Tcg2PlatformDxe will now leverage from TpmPlatformHierarchyLib's
> ConfigureTpmPlatformHierarchy function to configure the TPM's Platform
> Hierarchy.
> 
> Cc: Michael Kubacki <michael.a.kubacki@intel.com>
> Cc: Chasel Chiu <chasel.chiu@intel.com>
> Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> 
> Signed-off-by: Rodrigo Gonzalez del Cueto
> <rodrigo.gonzalez.del.cueto@intel.com>
> ---
>  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c     | 168 +++---------------
>  .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf   |  12 +-
>  2 files changed, 24 insertions(+), 156 deletions(-)
> 
> diff --git
> a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> index d0d88b2e91d5..704c6d8d6baa 100644
> ---
> a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> +++
> b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.
> +++ c
> @@ -1,157 +1,31 @@
>  /** @file-  Platform specific TPM2 component.+  Platform specific TPM2
> component for configuring the Platform Hierarchy. -Copyright (c) 2017, Intel
> Corporation. All rights reserved.<BR>-SPDX-License-Identifier: BSD-2-Clause-
> Patent+  Copyright (c) 2017 - 2019, Intel Corporation. All rights
> reserved.<BR>+  SPDX-License-Identifier: BSD-2-Clause-Patent  **/  #include
> <PiDxe.h>  #include <Library/DebugLib.h>-#include
> <Library/BaseMemoryLib.h>-#include
> <Library/UefiRuntimeServicesTableLib.h> #include
> <Library/UefiBootServicesTableLib.h>-#include
> <Library/MemoryAllocationLib.h>-#include <Library/Tpm2CommandLib.h>-
> #include <Library/RngLib.h> #include <Library/UefiLib.h>+#include
> <Library/TpmPlatformHierarchyLib.h> #include
> <Protocol/DxeSmmReadyToLock.h> -#define
> MAX_NEW_AUTHORIZATION_SIZE        SHA512_DIGEST_SIZE- /**-  Generate
> high-quality entropy source through RDRAND.--  @param[in]   Length        Size
> of the buffer, in bytes, to fill with.-  @param[out]  Entropy       Pointer to the
> buffer to store the entropy data.--  @retval EFI_SUCCESS        Entropy
> generation succeeded.-  @retval EFI_NOT_READY      Failed to request
> random data.--**/-EFI_STATUS-EFIAPI-RdRandGenerateEntropy (-  IN
> UINTN         Length,-  OUT UINT8        *Entropy-  )-{-  EFI_STATUS  Status;-
> UINTN       BlockCount;-  UINT64      Seed[2];-  UINT8       *Ptr;--  Status =
> EFI_NOT_READY;-  BlockCount = Length / 64;-  Ptr = (UINT8 *)Entropy;+   This
> callback function will run at the SmmReadyToLock event. -  //-  // Generate
> high-quality seed for DRBG Entropy-  //-  while (BlockCount > 0) {-    Status =
> GetRandomNumber128(Seed);-    if (EFI_ERROR(Status)) {-      return Status;-
> }-    CopyMem(Ptr, Seed, 64);--    BlockCount--;-    Ptr = Ptr + 64;-  }--  //-  //
> Populate the remained data as request.-  //-  Status =
> GetRandomNumber128(Seed);-  if (EFI_ERROR(Status)) {-    return Status;-  }-
> CopyMem(Ptr, Seed, (Length % 64));--  return Status;-}--/**-  Set
> PlatformAuth to random value.-**/-VOID-RandomizePlatformAuth (-  VOID-
> )-{-  EFI_STATUS                        Status;-  UINT16                            AuthSize;-
> TPML_PCR_SELECTION                Pcrs;-  UINT32                            Index;-  UINT8
> *Rand;-  UINTN                             RandSize;-  TPM2B_AUTH
> NewPlatformAuth;--  //-  // Send Tpm2HierarchyChange Auth with random
> value to avoid PlatformAuth being null-  //-  ZeroMem(&Pcrs,
> sizeof(TPML_PCR_SELECTION));-  AuthSize =
> MAX_NEW_AUTHORIZATION_SIZE;--  Status =
> Tpm2GetCapabilityPcrs(&Pcrs);-  if (EFI_ERROR(Status)) {-
> DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));-  } else {-    for
> (Index = 0; Index < Pcrs.count; Index++) {-      switch
> (Pcrs.pcrSelections[Index].hash) {-      case TPM_ALG_SHA1:-        AuthSize =
> SHA1_DIGEST_SIZE;-        break;-      case TPM_ALG_SHA256:-        AuthSize =
> SHA256_DIGEST_SIZE;-        break;-      case TPM_ALG_SHA384:-        AuthSize =
> SHA384_DIGEST_SIZE;-        break;-      case TPM_ALG_SHA512:-        AuthSize =
> SHA512_DIGEST_SIZE;-        break;-      case TPM_ALG_SM3_256:-        AuthSize
> = SM3_256_DIGEST_SIZE;-        break;-      }-    }-  }--
> ZeroMem(NewPlatformAuth.buffer, AuthSize);-  NewPlatformAuth.size =
> AuthSize;--  //-  // Allocate one buffer to store random data.-  //-  RandSize =
> MAX_NEW_AUTHORIZATION_SIZE;-  Rand = AllocatePool(RandSize);--
> RdRandGenerateEntropy(RandSize, Rand);-
> CopyMem(NewPlatformAuth.buffer, Rand, AuthSize);--  FreePool(Rand);--
> //-  // Send Tpm2HierarchyChangeAuth command with the new Auth value-
> //-  Status = Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL,
> &NewPlatformAuth);-  DEBUG((DEBUG_INFO, "Tpm2HierarchyChangeAuth
> Result: - %r\n", Status));-  ZeroMem(NewPlatformAuth.buffer, AuthSize);-
> ZeroMem(Rand, RandSize);-}--/**-  This is the Event call back function to
> notify the Library the system is entering-  run time phase.+   Configuration of
> the TPM's Platform Hierarchy Authorization Value (platformAuth)+   and
> Platform Hierarchy Authorization Policy (platformPolicy) can be defined
> through this function.    @param  Event   Pointer to this event   @param
> Context Event hanlder private data  **/ VOID EFIAPI-
> ReadyToLockEventCallBack (+SmmReadyToLockEventCallBack (   IN
> EFI_EVENT  Event,   IN VOID       *Context   )@@ -172,22 +46,20 @@
> ReadyToLockEventCallBack (
>      return ;   } -  //-  // Send Tpm2HierarchyChange Auth with random value to
> avoid PlatformAuth being null-  //-  RandomizePlatformAuth();+
> ConfigureTpmPlatformHierarchy ();    gBS->CloseEvent (Event); }  /**-  The
> driver's entry point.+   The driver's entry point. Will register a function for
> callback during SmmReadyToLock event to+   configure the TPM's platform
> authorization. -  @param[in] ImageHandle  The firmware allocated handle for
> the EFI image.-  @param[in] SystemTable  A pointer to the EFI System
> Table.+   @param[in] ImageHandle  The firmware allocated handle for the EFI
> image.+   @param[in] SystemTable  A pointer to the EFI System Table. -
> @retval EFI_SUCCESS     The entry point is executed successfully.-  @retval
> other           Some error occurs when executing this entry point.+   @retval
> EFI_SUCCESS     The entry point is executed successfully.+   @retval other
> Some error occurs when executing this entry point. **/ EFI_STATUS
> EFIAPI@@ -196,17 +68,19 @@ Tcg2PlatformDxeEntryPoint (
>    IN    EFI_SYSTEM_TABLE            *SystemTable   ) {-  VOID
> *Registration;-  EFI_EVENT                 Event;+  VOID       *Registration;+
> EFI_EVENT  Event; -  Event = EfiCreateProtocolNotifyEvent  (+  Event =
> EfiCreateProtocolNotifyEvent (
> &gEfiDxeSmmReadyToLockProtocolGuid,             TPL_CALLBACK,-
> ReadyToLockEventCallBack,+            SmmReadyToLockEventCallBack,
> NULL,             &Registration             );+   ASSERT (Event != NULL);    return
> EFI_SUCCESS; }+diff --git
> a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.in
> f
> b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.in
> f
> index e8ab5f35a0da..af29c1cd98c9 100644
> ---
> a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.in
> f
> +++
> b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.
> +++ inf
> @@ -1,7 +1,7 @@
>  ### @file # Platform specific TPM2 component. #-# Copyright (c) 2017, Intel
> Corporation. All rights reserved.<BR>+# Copyright (c) 2017 - 2019, Intel
> Corporation. All rights reserved.<BR> # # SPDX-License-Identifier: BSD-2-
> Clause-Patent #@@ -21,23 +21,18 @@
>  #  [LibraryClasses]-  MemoryAllocationLib   BaseLib
> UefiBootServicesTableLib   UefiDriverEntryPoint-
> UefiRuntimeServicesTableLib-  BaseMemoryLib   DebugLib-
> Tpm2CommandLib-  Tpm2DeviceLib-  RngLib   UefiLib+
> TpmPlatformHierarchyLib  [Packages]   MdePkg/MdePkg.dec
> MdeModulePkg/MdeModulePkg.dec+
> MinPlatformPkg/MinPlatformPkg.dec   SecurityPkg/SecurityPkg.dec-
> CryptoPkg/CryptoPkg.dec  [Sources]   Tcg2PlatformDxe.c@@ -47,4 +42,3 @@
>   [Depex]   gEfiTcg2ProtocolGuid---
> 2.22.0.windows.1

     prev parent reply	other threads:[~2019-11-14 23:20 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-14 21:05 [edk2-platforms][Patch V5 0/2] MinPlatformPkg: Introduce library for customizing TPM platform configuration Rodrigo Gonzalez del Cueto
2019-11-14 21:05 ` [edk2-platforms][Patch V5 1/2] MinPlatformPkg: Library for customizing TPM platform hierarchy Rodrigo Gonzalez del Cueto
2019-11-14 23:16   ` Nate DeSimone
2019-11-14 23:19   ` Kubacki, Michael A
     [not found]   ` <3C3EFB470A303B4AB093197B6777CCEC505A6334@PGSMSX111.gar.corp.intel.com>
2019-11-15  1:11     ` Kubacki, Michael A
2019-11-14 21:05 ` [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib Rodrigo Gonzalez del Cueto
2019-11-14 23:16   ` Nate DeSimone
2019-11-14 23:19   ` Kubacki, Michael A [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BY5PR11MB44840FCBBD5A5618C782E539B5710@BY5PR11MB4484.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox