From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web12.766.1573773614368808941 for ; Thu, 14 Nov 2019 15:20:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=mF39pBO8; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: michael.a.kubacki@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Nov 2019 15:20:13 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,306,1569308400"; d="scan'208";a="379745412" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by orsmga005.jf.intel.com with ESMTP; 14 Nov 2019 15:20:13 -0800 Received: from fmsmsx608.amr.corp.intel.com (10.18.126.88) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 14 Nov 2019 15:20:13 -0800 Received: from fmsmsx604.amr.corp.intel.com (10.18.126.84) by fmsmsx608.amr.corp.intel.com (10.18.126.88) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Thu, 14 Nov 2019 15:20:12 -0800 Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Thu, 14 Nov 2019 15:20:12 -0800 Received: from NAM01-SN1-obe.outbound.protection.outlook.com (104.47.32.53) by edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 14 Nov 2019 15:20:12 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZicvAV2KsN8C87/FUJ3DvTRW3z/+r002U4dg8GVdMBSkoIHwlJ+OJrpc36BVtYzBoc1tM4E35ep9RE5Z7WMxinSev76Rd88PeQCJOx95ZURwxiQkOm5jJdvEUTB0+D+mnuxAcCkpc2tr6+RCduY/bjPB/p31loQOZhPylttycdr5wB90gOYK93DNSQtapxKd75PuxALTDX4nrX7vlhJ47uuIqUYiPDBOhLxSWtO4OwcvdkIFw0z5PNFUvOnqu9rcT6bNZkBB0nNV38ToCJtWpN79PDbb8tWCQhCR/tGQb2ibYSnNV6ADECi8kC+7xWZwwu1r8/0atBTo8LZ+EN+Pug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tnXkkpqeJg+UNdHk67d3691ZR9yn/MIF/ZPSp1YFRps=; b=nP0EqujsrvDUETu5QZiNQ6FKaJPN+zzv/M2VZLEKcIKetNVsB2Rpo5s+osmo95s6cmmOb4md8OKoyEV2F3KAM6YkAwesrwzaVJQuFlAwzAMGD1Jct+/CPZ1Xres0yZbmB45vJuQg1ZL71dO0iai1ljy/wPeEi7j4nU0rgWGCY8475AkN+6+r3Kl5Lp7zbKAA/KpH4i6Ud+CZasOSs9PRKnZP2Tg1QsEBjqR8gEbEsCl28IVbAEGMWItuRTGnyn84WaVBmj5A6ycq/xdETC9KtzACAmz9+lWOC97399dEqw2mv6CxFHex8GWRxBZ85qWaUBdvNUePfttinrzHKHtxXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tnXkkpqeJg+UNdHk67d3691ZR9yn/MIF/ZPSp1YFRps=; b=mF39pBO8Lqj+wYBM+Vafw00kCIEUX7MYdcXV+b2Lob78VdQOAlP36+/VFtO/VMkraSUflOE4n8bCwVSfByPwPakQ+8pAoY8jORWA7naYZiyB/70zHkaxaMes2ecGZMFzj5o8zVCSK8jOQQfGKd6h5SVL0VzoWrv4HLblvpk5fds= Received: from BY5PR11MB4484.namprd11.prod.outlook.com (52.132.254.155) by BY5PR11MB4386.namprd11.prod.outlook.com (52.132.252.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.23; Thu, 14 Nov 2019 23:19:51 +0000 Received: from BY5PR11MB4484.namprd11.prod.outlook.com ([fe80::a114:604b:7ca3:5420]) by BY5PR11MB4484.namprd11.prod.outlook.com ([fe80::a114:604b:7ca3:5420%7]) with mapi id 15.20.2451.027; Thu, 14 Nov 2019 23:19:51 +0000 From: "Kubacki, Michael A" To: "Gonzalez Del Cueto, Rodrigo" , "devel@edk2.groups.io" CC: "Chiu, Chasel" , "Desimone, Nathaniel L" , "Gao, Liming" Subject: Re: [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib Thread-Topic: [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe to use TpmPlatformHierarchyLib Thread-Index: AQHVmy9HXYQJyMtrWUeqn+P15hjta6eLTZbg Date: Thu, 14 Nov 2019 23:19:51 +0000 Message-ID: References: <20191114210510.1736-1-rodrigo.gonzalez.del.cueto@intel.com> <20191114210510.1736-3-rodrigo.gonzalez.del.cueto@intel.com> In-Reply-To: <20191114210510.1736-3-rodrigo.gonzalez.del.cueto@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMDRmMmE3ODUtMmUyZS00MWU3LWE3MjktOGI0YWE4MTIzZGFhIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiTVBMWjlVM2VBR3VlQUxnWlNFYjFHUWpZQktWQWFaT2hEQ1FlR0VMMW1PZnBPbzRXZjFQdTlxTm5mb1V0RGc2RyJ9 dlp-reaction: no-action dlp-version: 11.2.0.6 authentication-results: spf=none (sender IP is ) smtp.mailfrom=michael.a.kubacki@intel.com; x-originating-ip: [134.134.136.217] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 1dadce66-fee1-41ae-a1a8-08d769592689 x-ms-traffictypediagnostic: BY5PR11MB4386: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; x-forefront-prvs: 02213C82F8 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(396003)(136003)(366004)(39860400002)(376002)(189003)(199004)(13464003)(66556008)(64756008)(99286004)(446003)(316002)(33656002)(55016002)(52536014)(54906003)(76176011)(66446008)(11346002)(86362001)(66476007)(81166006)(7696005)(5660300002)(53546011)(74316002)(76116006)(8936002)(6506007)(8676002)(66946007)(25786009)(2906002)(71190400001)(71200400001)(107886003)(186003)(478600001)(14454004)(256004)(110136005)(9686003)(14444005)(305945005)(81156014)(7736002)(6436002)(26005)(102836004)(19627235002)(6116002)(229853002)(3846002)(2501003)(66066001)(6246003)(4326008)(486006)(476003);DIR:OUT;SFP:1102;SCL:1;SRVR:BY5PR11MB4386;H:BY5PR11MB4484.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 8nPpqPt22WgxW1Y5snOxMiRcVXYPm34/FrksW3le84YGbhQZ33bUk2rJC7LpPLetZ5gJohk+x+CaPYEwbi4mTRoSimu9qWtk9vz36mVSDa1kUrjNAw08aUeCIk7GfGsXI0wtC0coiZY4KsdLxLDmhVL0lENsa9R40YnY4m4I4INGRy+kSB2xEHF20yOoGqB6Y3bO4NpZudp7dcpmc3GUXoHnsPlm5pApE8JCljUVbNDHmIihpEX19j9sxRHd1KAuh6CL4JxPBv6w06I5s0folAOs7BC9SXuf2l0WhjNMl453Q3ApACY4vdkop8OLfo+HgIstoRKTW2hDmfkQ/j4oes54S7NUyq5jJ9koXliT3LWyVChvmlXngq1WynCq/gdmdh+XctVGKbNEjbOf1z+/eWwGkdepBFLYDF/xcSFEWFSl36Icj6XsRuAHrBdeujOW MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 1dadce66-fee1-41ae-a1a8-08d769592689 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2019 23:19:51.3375 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: kBf45UttR0BiTcb9S4RiMoCPcd3yMPgd71TQagfPO+zm6hpCTBQf9PrWSYLrJxJ2pD0nZJEb1xub9Nex/soaWy3vjZ+04eb761m6PQ6xSH0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4386 Return-Path: michael.a.kubacki@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Michael Kubacki > -----Original Message----- > From: Gonzalez Del Cueto, Rodrigo > Sent: Thursday, November 14, 2019 1:05 PM > To: devel@edk2.groups.io. > Cc: Gonzalez Del Cueto, Rodrigo ; > Kubacki, Michael A ; Chiu, Chasel > ; Desimone, Nathaniel L > ; Gao, Liming > Subject: [edk2-platforms][Patch V5 2/2] MinPlatformPkg: Tcg2PlatformDxe > to use TpmPlatformHierarchyLib >=20 > This change is split into two commits: > 1) First commit: Add new library class TpmPlatformHierarchyLib > 2) This commit: Add usage in Tcg2PlatformDxe >=20 > Tcg2PlatformDxe will now leverage from TpmPlatformHierarchyLib's > ConfigureTpmPlatformHierarchy function to configure the TPM's Platform > Hierarchy. >=20 > Cc: Michael Kubacki > Cc: Chasel Chiu > Cc: Nate DeSimone > Cc: Liming Gao >=20 > Signed-off-by: Rodrigo Gonzalez del Cueto > > --- > .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c | 168 +++--------------- > .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf | 12 +- > 2 files changed, 24 insertions(+), 156 deletions(-) >=20 > diff --git > a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c > b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c > index d0d88b2e91d5..704c6d8d6baa 100644 > --- > a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c > +++ > b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe. > +++ c > @@ -1,157 +1,31 @@ > /** @file- Platform specific TPM2 component.+ Platform specific TPM2 > component for configuring the Platform Hierarchy. -Copyright (c) 2017, In= tel > Corporation. All rights reserved.
-SPDX-License-Identifier: BSD-2-Clau= se- > Patent+ Copyright (c) 2017 - 2019, Intel Corporation. All rights > reserved.
+ SPDX-License-Identifier: BSD-2-Clause-Patent **/ #inclu= de > #include -#include > -#include > #include > -#include > -#include - > #include #include +#include > #include > -#define > MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE- /**- Generate > high-quality entropy source through RDRAND.-- @param[in] Length = Size > of the buffer, in bytes, to fill with.- @param[out] Entropy Point= er to the > buffer to store the entropy data.-- @retval EFI_SUCCESS Entropy > generation succeeded.- @retval EFI_NOT_READY Failed to request > random data.--**/-EFI_STATUS-EFIAPI-RdRandGenerateEntropy (- IN > UINTN Length,- OUT UINT8 *Entropy- )-{- EFI_STATUS Sta= tus;- > UINTN BlockCount;- UINT64 Seed[2];- UINT8 *Ptr;-- Sta= tus =3D > EFI_NOT_READY;- BlockCount =3D Length / 64;- Ptr =3D (UINT8 *)Entropy;+= This > callback function will run at the SmmReadyToLock event. - //- // Genera= te > high-quality seed for DRBG Entropy- //- while (BlockCount > 0) {- St= atus =3D > GetRandomNumber128(Seed);- if (EFI_ERROR(Status)) {- return Statu= s;- > }- CopyMem(Ptr, Seed, 64);-- BlockCount--;- Ptr =3D Ptr + 64;- = }-- //- // > Populate the remained data as request.- //- Status =3D > GetRandomNumber128(Seed);- if (EFI_ERROR(Status)) {- return Status;- = }- > CopyMem(Ptr, Seed, (Length % 64));-- return Status;-}--/**- Set > PlatformAuth to random value.-**/-VOID-RandomizePlatformAuth (- VOID- > )-{- EFI_STATUS Status;- UINT16 = AuthSize;- > TPML_PCR_SELECTION Pcrs;- UINT32 = Index;- UINT8 > *Rand;- UINTN RandSize;- TPM2B_AUTH > NewPlatformAuth;-- //- // Send Tpm2HierarchyChange Auth with random > value to avoid PlatformAuth being null- //- ZeroMem(&Pcrs, > sizeof(TPML_PCR_SELECTION));- AuthSize =3D > MAX_NEW_AUTHORIZATION_SIZE;-- Status =3D > Tpm2GetCapabilityPcrs(&Pcrs);- if (EFI_ERROR(Status)) {- > DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));- } else {- for > (Index =3D 0; Index < Pcrs.count; Index++) {- switch > (Pcrs.pcrSelections[Index].hash) {- case TPM_ALG_SHA1:- AuthS= ize =3D > SHA1_DIGEST_SIZE;- break;- case TPM_ALG_SHA256:- AuthS= ize =3D > SHA256_DIGEST_SIZE;- break;- case TPM_ALG_SHA384:- Aut= hSize =3D > SHA384_DIGEST_SIZE;- break;- case TPM_ALG_SHA512:- Aut= hSize =3D > SHA512_DIGEST_SIZE;- break;- case TPM_ALG_SM3_256:- Au= thSize > =3D SM3_256_DIGEST_SIZE;- break;- }- }- }-- > ZeroMem(NewPlatformAuth.buffer, AuthSize);- NewPlatformAuth.size =3D > AuthSize;-- //- // Allocate one buffer to store random data.- //- Ran= dSize =3D > MAX_NEW_AUTHORIZATION_SIZE;- Rand =3D AllocatePool(RandSize);-- > RdRandGenerateEntropy(RandSize, Rand);- > CopyMem(NewPlatformAuth.buffer, Rand, AuthSize);-- FreePool(Rand);-- > //- // Send Tpm2HierarchyChangeAuth command with the new Auth value- > //- Status =3D Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL, > &NewPlatformAuth);- DEBUG((DEBUG_INFO, "Tpm2HierarchyChangeAuth > Result: - %r\n", Status));- ZeroMem(NewPlatformAuth.buffer, AuthSize);- > ZeroMem(Rand, RandSize);-}--/**- This is the Event call back function to > notify the Library the system is entering- run time phase.+ Configurat= ion of > the TPM's Platform Hierarchy Authorization Value (platformAuth)+ and > Platform Hierarchy Authorization Policy (platformPolicy) can be defined > through this function. @param Event Pointer to this event @param > Context Event hanlder private data **/ VOID EFIAPI- > ReadyToLockEventCallBack (+SmmReadyToLockEventCallBack ( IN > EFI_EVENT Event, IN VOID *Context )@@ -172,22 +46,20 @@ > ReadyToLockEventCallBack ( > return ; } - //- // Send Tpm2HierarchyChange Auth with random va= lue to > avoid PlatformAuth being null- //- RandomizePlatformAuth();+ > ConfigureTpmPlatformHierarchy (); gBS->CloseEvent (Event); } /**- Th= e > driver's entry point.+ The driver's entry point. Will register a functi= on for > callback during SmmReadyToLock event to+ configure the TPM's platform > authorization. - @param[in] ImageHandle The firmware allocated handle f= or > the EFI image.- @param[in] SystemTable A pointer to the EFI System > Table.+ @param[in] ImageHandle The firmware allocated handle for the E= FI > image.+ @param[in] SystemTable A pointer to the EFI System Table. - > @retval EFI_SUCCESS The entry point is executed successfully.- @retv= al > other Some error occurs when executing this entry point.+ @re= tval > EFI_SUCCESS The entry point is executed successfully.+ @retval othe= r > Some error occurs when executing this entry point. **/ EFI_STATUS > EFIAPI@@ -196,17 +68,19 @@ Tcg2PlatformDxeEntryPoint ( > IN EFI_SYSTEM_TABLE *SystemTable ) {- VOID > *Registration;- EFI_EVENT Event;+ VOID *Registrat= ion;+ > EFI_EVENT Event; - Event =3D EfiCreateProtocolNotifyEvent (+ Event = =3D > EfiCreateProtocolNotifyEvent ( > &gEfiDxeSmmReadyToLockProtocolGuid, TPL_CALLBACK,- > ReadyToLockEventCallBack,+ SmmReadyToLockEventCallBack, > NULL, &Registration );+ ASSERT (Event !=3D NULL= ); return > EFI_SUCCESS; }+diff --git > a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.in > f > b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.in > f > index e8ab5f35a0da..af29c1cd98c9 100644 > --- > a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.in > f > +++ > b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe. > +++ inf > @@ -1,7 +1,7 @@ > ### @file # Platform specific TPM2 component. #-# Copyright (c) 2017, In= tel > Corporation. All rights reserved.
+# Copyright (c) 2017 - 2019, Intel > Corporation. All rights reserved.
# # SPDX-License-Identifier: BSD-2- > Clause-Patent #@@ -21,23 +21,18 @@ > # [LibraryClasses]- MemoryAllocationLib BaseLib > UefiBootServicesTableLib UefiDriverEntryPoint- > UefiRuntimeServicesTableLib- BaseMemoryLib DebugLib- > Tpm2CommandLib- Tpm2DeviceLib- RngLib UefiLib+ > TpmPlatformHierarchyLib [Packages] MdePkg/MdePkg.dec > MdeModulePkg/MdeModulePkg.dec+ > MinPlatformPkg/MinPlatformPkg.dec SecurityPkg/SecurityPkg.dec- > CryptoPkg/CryptoPkg.dec [Sources] Tcg2PlatformDxe.c@@ -47,4 +42,3 @@ > [Depex] gEfiTcg2ProtocolGuid--- > 2.22.0.windows.1