From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.1065.1573780308170263268 for ; Thu, 14 Nov 2019 17:11:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=xgJI3dHA; spf=pass (domain: intel.com, ip: 192.55.52.151, mailfrom: michael.a.kubacki@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Nov 2019 17:11:47 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,306,1569308400"; d="scan'208";a="214666398" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga001.fm.intel.com with ESMTP; 14 Nov 2019 17:11:47 -0800 Received: from fmsmsx115.amr.corp.intel.com (10.18.116.19) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 14 Nov 2019 17:11:47 -0800 Received: from FMSEDG001.ED.cps.intel.com (10.1.192.133) by fmsmsx115.amr.corp.intel.com (10.18.116.19) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 14 Nov 2019 17:11:47 -0800 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.36.56) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 14 Nov 2019 17:11:47 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=filu2EvFN1g7pVT5ELkOVLM0WlTcTU38rqGSUVVY569aL+3TAzIpvsy/RrBCx/Pnnjcq0XVS8rXaZDG0iXyqJwACVCP7CAMPg8sc2G8LKdhdRSqkYqzUjlFgfOzJpuvFsStOCePANLHGz5gvsCxxdbqc+iULZ2PgyoN+Z+7ML/CEK7eHR+iueyFDDd73IXQ1lTtabHX1HeeQ1pDYQfjiDlEaP52F6QMobl85yI33+JTr7SC6ad2oMtw49OZAJLAmtffs9MiBVzLNnH1mUr88ZIG4adG7dLCcadF2xVpYFKxMUMM0sgMzJyCp0K07uWjRvWn9PfBVFMf8lrtCmDC+PA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ivgrgfHchTLJ/l7h6fMxB/0y5LWS/hsaKqHYKZX1/nM=; b=hQ3MZP4YRY3GxyCoGG2j5VMIRVkHx4OnnNQv9JmkRerKq3v2TE3yOrcWjeNVb6C12iuKYjQ1zEA23A4U6W/SSwyQMGT5vtRQ+2lEZaf70u5vTRfDLdYqw40wpj53Ta0nhGebyYrc5DeYFUEYeqH2OGTxLJb59Lh7yIJyMaY3cTm9SYqYzADL3WR5dm+qMjWEnH4lJfBEaLSSA+z/Eya2T7fp3gN1dEGX300mkXQNCA0BjTWoy0mKsR2CEiqx9CEAsoHrxC97cF4B4GaPuiePuDr18dJ3fHkNFue7plk88LZBZy2R5j22nNUx95g/RGfKuxdrDvDGOwYgwjzv9DCXmQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ivgrgfHchTLJ/l7h6fMxB/0y5LWS/hsaKqHYKZX1/nM=; b=xgJI3dHAQzuY+8jnn2od0FXaNe/dgxSj698+nUCC1pfKMTxUeSKapsdA7UZpHwvZzL/PWAuNB6HBKzpCFuZwMekX2Ig9HAQfPZg7030dVlWB4ByMtT+2HzeWigmjEKU0wYXSVll5fwBCf+SoSJWTKOpWJNJz93261law8HhzhyM= Received: from BY5PR11MB4484.namprd11.prod.outlook.com (52.132.254.155) by BY5PR11MB3990.namprd11.prod.outlook.com (10.255.162.95) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2451.22; Fri, 15 Nov 2019 01:11:45 +0000 Received: from BY5PR11MB4484.namprd11.prod.outlook.com ([fe80::a114:604b:7ca3:5420]) by BY5PR11MB4484.namprd11.prod.outlook.com ([fe80::a114:604b:7ca3:5420%7]) with mapi id 15.20.2451.027; Fri, 15 Nov 2019 01:11:45 +0000 From: "Kubacki, Michael A" To: "Chiu, Chasel" , "Gonzalez Del Cueto, Rodrigo" , "devel@edk2.groups.io" CC: "Desimone, Nathaniel L" , "Gao, Liming" Subject: Re: [edk2-platforms][Patch V5 1/2] MinPlatformPkg: Library for customizing TPM platform hierarchy Thread-Topic: [edk2-platforms][Patch V5 1/2] MinPlatformPkg: Library for customizing TPM platform hierarchy Thread-Index: AQHVmy9J4cc/NGCi/kCfbJ1mJOEd9aeLaPyAgAADsvA= Date: Fri, 15 Nov 2019 01:11:45 +0000 Message-ID: References: <20191114210510.1736-1-rodrigo.gonzalez.del.cueto@intel.com> <20191114210510.1736-2-rodrigo.gonzalez.del.cueto@intel.com> <3C3EFB470A303B4AB093197B6777CCEC505A6334@PGSMSX111.gar.corp.intel.com> In-Reply-To: <3C3EFB470A303B4AB093197B6777CCEC505A6334@PGSMSX111.gar.corp.intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOWIzMTg0ZDEtYjRjYi00MGU4LWJhYjUtYzliZWFmNGJhYjU0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiSTVNQk5SOGNCWGYzUHlxcllOMDJjZEowcUlQb3JDeE1neWpGcUFWdUFaUXg2U1FLVU5GMmp4bXUrNTFXdjlxKyJ9 dlp-reaction: no-action dlp-version: 11.2.0.6 authentication-results: spf=none (sender IP is ) smtp.mailfrom=michael.a.kubacki@intel.com; x-originating-ip: [134.134.136.217] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b2d0a973-25da-41c2-6c2e-08d76968c82a x-ms-traffictypediagnostic: BY5PR11MB3990: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3826; x-forefront-prvs: 02229A4115 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(376002)(396003)(136003)(39860400002)(366004)(189003)(199004)(13464003)(966005)(25786009)(229853002)(110136005)(6436002)(486006)(476003)(9686003)(6306002)(52536014)(55016002)(2501003)(8936002)(76176011)(19627235002)(7736002)(2906002)(102836004)(53546011)(71190400001)(30864003)(8676002)(86362001)(81156014)(81166006)(71200400001)(107886003)(4326008)(446003)(11346002)(256004)(305945005)(26005)(66946007)(5024004)(6246003)(5660300002)(186003)(66476007)(66556008)(64756008)(7696005)(66066001)(6506007)(3846002)(74316002)(54906003)(33656002)(478600001)(99286004)(6116002)(316002)(76116006)(66446008)(14444005)(14454004);DIR:OUT;SFP:1102;SCL:1;SRVR:BY5PR11MB3990;H:BY5PR11MB4484.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: pDle7cGRmp8tM+UGUCRpVmYY7dZQzOhPWUhDb45u8o5xKfML7bDalDjT+eHpYYCC8HsZydtOkbZT5fxDv7L9ytVKDziTPxd6ayU1wGtQy2EQBq0hY2RBqr5p6et53ZrLX5M/le9DhvFbBjsIWK4nVm8xPOVXbf8yjAYDB+BrJrBTO7zAEi5OAMLFIkR05yAFfOVy7iBjZzBDd3Cz3fuM6JiPgoVF0+qy5CMb9zNCCX3NYhGYN9G2ia/Rd60IIohsSm26byfnByeYYeycxlv/12OqzS3PzSuDHA1RGdhtVIDJIguE7wYjTzLiGDeWe/DITardf7Id6/wvMZJY7a9w3XoIi7MIAKOZcP8oX8gM983wTZVe4o1mXVUg5cMg81y2ShBHsuykz/uve5ofXqBqTxrJwTT4gzzUDR4l3JglV39ZBYFbw37CW8FuZG/3/ane MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: b2d0a973-25da-41c2-6c2e-08d76968c82a X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Nov 2019 01:11:45.0703 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: WUB/3a/1vi4EmLT07s4LXx15Dz2TRvToA+oAlgO0tLE+tzB4vXjCCwZ5gQWgrKQ9aQYB8Xf12QYDFsvTuxsXK5WoYdQzpTmT4mhDcv1NirU= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB3990 Return-Path: michael.a.kubacki@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Please include the version changes in a git note attached to the patch in t= he future. Thanks, Michael > -----Original Message----- > From: Chiu, Chasel > Sent: Thursday, November 14, 2019 4:58 PM > To: Gonzalez Del Cueto, Rodrigo ; > devel@edk2.groups.io. > Cc: Kubacki, Michael A ; Desimone, Nathaniel > L ; Gao, Liming > Subject: RE: [edk2-platforms][Patch V5 1/2] MinPlatformPkg: Library for > customizing TPM platform hierarchy >=20 >=20 > You can remove V5 information when pushing the patch, only final version > will be pushed so no need to describe different versions in commit messag= e. >=20 > Reviewed-by: Chasel Chiu >=20 >=20 > > -----Original Message----- > > From: Gonzalez Del Cueto, Rodrigo > > > > Sent: Friday, November 15, 2019 5:05 AM > > To: devel@edk2.groups.io. > > Cc: Gonzalez Del Cueto, Rodrigo > > ; > > Kubacki, Michael A ; Chiu, Chasel > > ; Desimone, Nathaniel L > > ; Gao, Liming > > Subject: [edk2-platforms][Patch V5 1/2] MinPlatformPkg: Library for > > customizing TPM platform hierarchy > > > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2331 > > > > In V5: > > + Fixed build of MinPlatformPkg > > > > This change is split into two commits: > > 1) This commit: Add new library class TpmPlatformHierarchyLib > > 2) Second commit: Add usage in Tcg2PlatformDxe > > > > In order to enable some TPM use cases BIOS should enable to customize > > the configuration of the TPM platform, provisioning of endorsement, > > platform and storage hierarchy. > > > > Cc: Michael Kubacki > > Cc: Chasel Chiu > > Cc: Nate DeSimone > > Cc: Liming Gao > > > > Signed-off-by: Rodrigo Gonzalez del Cueto > > > > --- > > .../Include/Library/TpmPlatformHierarchyLib.h | 29 +++ > > .../Intel/MinPlatformPkg/MinPlatformPkg.dec | 2 + > > .../Intel/MinPlatformPkg/MinPlatformPkg.dsc | 1 + > > .../TpmPlatformHierarchyLib.c | 214 > > ++++++++++++++++++ > > .../TpmPlatformHierarchyLib.inf | 45 ++++ > > 5 files changed, 291 insertions(+) > > create mode 100644 > > Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib. > > h > > create mode 100644 > > > Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmP > > la > > tformHierarchyLib.c > > create mode 100644 > > > Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/TpmP > > la > > tformHierarchyLib.inf > > > > diff --git > > a/Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLi > > b.h > > > b/Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarchyLib. > > h > > new file mode 100644 > > index 000000000000..ed9709b24a73 > > --- /dev/null > > +++ > b/Platform/Intel/MinPlatformPkg/Include/Library/TpmPlatformHierarc > > +++ hy > > +++ Lib.h > > @@ -0,0 +1,29 @@ > > +/** @file+ TPM Platform Hierarchy configuration library.++ This > > library provides functions for customizing the TPM's Platform > > Hierarchy+ Authorization Value (platformAuth) and Platform Hierarchy > > Authorization+ Policy (platformPolicy) can be defined through this > > function.++Copyright (c) 2019, Intel Corporation. All rights > reserved.
+SPDX-License-Identifier: > > BSD-2-Clause-Patent++**/++#ifndef > > _TPM_PLATFORM_HIERARCHY_LIB_H_+#define > > _TPM_PLATFORM_HIERARCHY_LIB_H_++#include +#include > > ++/**+ This service will perform the TPM Platform Hierarchy > > configuration at the SmmReadyToLock > > event.++**/+VOID+EFIAPI+ConfigureTpmPlatformHierarchy (+ > > VOID+ );++#endifdiff --git > > a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec > > b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec > > index a851021c0b79..92bda3784ffc 100644 > > --- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec > > +++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dec > > @@ -62,6 +62,8 @@ BoardInitLib|Include/Library/BoardInitLib.h > > MultiBoardInitSupportLib|Include/Library/MultiBoardInitSupportLib.h > > SecBoardInitLib|Include/Library/SecBoardInitLib.h > > +TpmPlatformHierarchyLib|Include/Library/TpmPlatformHierarchyLib.h+ > > TestPointLib|Include/Library/TestPointLib.h > > TestPointCheckLib|Include/Library/TestPointCheckLib.h diff --git > > a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > > b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > > index 5f9363ff3228..a01f229a891d 100644 > > --- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > > +++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc > > @@ -102,6 +102,7 @@ > > > > > FspWrapperPlatformLib|MinPlatformPkg/FspWrapper/Library/DxeFspWrap > p > > erPlatformLib/DxeFspWrapperPlatformLib.inf > > > TestPointCheckLib|MinPlatformPkg/Test/Library/TestPointCheckLib/DxeTes > > TestPointCheckLib|tP > > ointCheckLib.inf > > TestPointLib|MinPlatformPkg/Test/Library/TestPointLib/DxeTestPointLib. > > TestPointLib|inf+ > > > TpmPlatformHierarchyLib|MinPlatformPkg/Tcg/Library/TpmPlatformHierarc > h > > yLib/TpmPlatformHierarchyLib.inf > > [LibraryClasses.common.DXE_SMM_DRIVER] > > > SpiFlashCommonLib|MinPlatformPkg/Flash/Library/SpiFlashCommonLibNull > > /SpiFlashCommonLibNull.infdiff --git > > > a/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/Tp > > m > > PlatformHierarchyLib.c > > > b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/Tp > > m > > PlatformHierarchyLib.c > > new file mode 100644 > > index 000000000000..41ddb26f4046 > > --- /dev/null > > +++ b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLi > > +++ b/ > > +++ TpmPlatformHierarchyLib.c > > @@ -0,0 +1,214 @@ > > +/** @file+ TPM Platform Hierarchy configuration library.++ This > > library provides functions for customizing the TPM's Platform > > Hierarchy+ Authorization Value (platformAuth) and Platform Hierarchy > Authorization+ > > Policy (platformPolicy) can be defined through this function.++ Copy= right > > (c) 2019, Intel Corporation. All rights reserved.
+ > > SPDX-License-Identifier: BSD-2-Clause-Patent++ @par Specification > > Reference:+ > > https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-g > > uid ance/+**/++#include ++#include > > +#include +#include > > +#include > > +#include > > +#include +#include > > +#include ++//+// > The > > authorization value may be no larger than the digest produced by the > > hash+// algorithm used for context integrity.+//+#define > > MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE++UINT16 > mAuthSize;++/**+ > > Generate high-quality entropy source through > > RDRAND.++ @param[in] Length Size of the buffer, in bytes, to > > fill with.+ @param[out] Entropy Pointer to the buffer to store = the > > entropy data.++ @retval EFI_SUCCESS Entropy generation > > succeeded.+ @retval EFI_NOT_READY Failed to request random > > data.++**/+EFI_STATUS+EFIAPI+RdRandGenerateEntropy (+ IN UINTN > > Length,+ OUT UINT8 *Entropy+ )+{+ EFI_STATUS Status;+ > > UINTN BlockCount;+ UINT64 Seed[2];+ UINT8 > > *Ptr;++ Status =3D EFI_NOT_READY;+ BlockCount =3D Length / 64;+ Ptr = =3D > > (UINT8 *)Entropy;++ //+ // Generate high-quality seed for DRBG Entrop= y+ > > //+ while (BlockCount > 0) {+ Status =3D GetRandomNumber128 (Seed);= + > > if (EFI_ERROR (Status)) {+ return Status;+ }+ CopyMem (Ptr, > > Seed, 64);++ BlockCount--;+ Ptr =3D Ptr + 64;+ }++ //+ // Popu= late > > the remained data as request.+ //+ Status =3D GetRandomNumber128 > > (Seed);+ if (EFI_ERROR (Status)) {+ return Status;+ }+ CopyMem (P= tr, > > Seed, (Length % 64));++ return Status;+}++/**+ This function returns > > the maximum size of TPM2B_AUTH; this structure is used for an > > authorization > > value+ and limits an authValue to being no larger than the largest > > value+ digest > > produced by a TPM.++ @param[out] AuthSize Tpm2 > > Auth size++ @retval EFI_SUCCESS Auth size > > returned.+ @retval EFI_DEVICE_ERROR Can not return > > platform auth due to device error.++**/+EFI_STATUS+EFIAPI+GetAuthSize > (+ > > OUT UINT16 *AuthSize+ )+{+ EFI_STATUS > > Status;+ TPML_PCR_SELECTION Pcrs;+ UINTN > > Index;+ UINT16 DigestSize;++ Status =3D EFI_SUCCESS;++ > > while (mAuthSize =3D=3D 0) {++ mAuthSize =3D SHA1_DIGEST_SIZE;+ > > ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));+ Status =3D > > Tpm2GetCapabilityPcrs (&Pcrs);++ if (EFI_ERROR (Status)) {+ > > DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));+ > > break;+ }++ DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - > > %08x\n", Pcrs.count));++ for (Index =3D 0; Index < Pcrs.count; Index= ++) {+ > > DEBUG ((DEBUG_ERROR, "alg - %x\n", Pcrs.pcrSelections[Index].hash));++ > > switch (Pcrs.pcrSelections[Index].hash) {+ case TPM_ALG_SHA1:+ > > DigestSize =3D SHA1_DIGEST_SIZE;+ break;+ case > > TPM_ALG_SHA256:+ DigestSize =3D SHA256_DIGEST_SIZE;+ > > break;+ case TPM_ALG_SHA384:+ DigestSize =3D > > SHA384_DIGEST_SIZE;+ break;+ case TPM_ALG_SHA512:+ > > DigestSize =3D SHA512_DIGEST_SIZE;+ break;+ case > > TPM_ALG_SM3_256:+ DigestSize =3D SM3_256_DIGEST_SIZE;+ > > break;+ default:+ DigestSize =3D SHA1_DIGEST_SIZE;+ > > break;+ }++ if (DigestSize > mAuthSize) {+ mAuthSize = =3D > > DigestSize;+ }+ }+ break;+ }++ *AuthSize =3D mAuthSize;+ > > return Status;+}++/**+ Set PlatformAuth to random > > value.+**/+VOID+RandomizePlatformAuth (+ VOID+ )+{+ EFI_STATUS > > Status;+ UINT16 AuthSize;+ UINT8 > > *Rand;+ UINTN RandSize;+ > > TPM2B_AUTH NewPlatformAuth;++ //+ // > > Send Tpm2HierarchyChange Auth with random value to avoid > PlatformAuth > > being null+ //++ GetAuthSize (&AuthSize);++ ZeroMem > > (NewPlatformAuth.buffer, AuthSize);+ NewPlatformAuth.size =3D > > AuthSize;++ //+ // Allocate one buffer to store random data.+ //+ > > RandSize =3D MAX_NEW_AUTHORIZATION_SIZE;+ Rand =3D AllocatePool > > (RandSize);++ RdRandGenerateEntropy (RandSize, Rand);+ CopyMem > > (NewPlatformAuth.buffer, Rand, AuthSize);++ FreePool (Rand);++ //+ > > // Send Tpm2HierarchyChangeAuth command with the new Auth value+ > //+ > > Status =3D Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, > > &NewPlatformAuth);+ DEBUG ((DEBUG_INFO, > "Tpm2HierarchyChangeAuth > > Result: - %r\n", Status));+ ZeroMem (NewPlatformAuth.buffer, > AuthSize);+ > > ZeroMem (Rand, RandSize);+}++/**+ This service defines the > > configuration of the Platform Hierarchy Authorization Value > > (platformAuth)+ and Platform Hierarchy Authorization Policy > > (platformPolicy)++**/+VOID+EFIAPI+ConfigureTpmPlatformHierarchy (+ > > )+{+ //+ // Send Tpm2HierarchyChange Auth with random value to avoid > > PlatformAuth being null+ //+ RandomizePlatformAuth ();+}diff --git > > > a/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/Tp > > m > > PlatformHierarchyLib.inf > > > b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLib/Tp > > m > > PlatformHierarchyLib.inf > > new file mode 100644 > > index 000000000000..0911bdffa01f > > --- /dev/null > > +++ b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformHierarchyLi > > +++ b/ > > +++ TpmPlatformHierarchyLib.inf > > @@ -0,0 +1,45 @@ > > +### @file+#+# TPM Platform Hierarchy configuration library.+#+# Th= is > > library provides functions for customizing the TPM's Platform > > Hierarchy+# Authorization Value (platformAuth) and Platform Hierarchy > > Authorization+# Policy (platformPolicy) can be defined through this > > function.+#+# Copyright > > (c) 2019, Intel Corporation. All rights reserved.
+#+# > > SPDX-License-Identifier: BSD-2-Clause-Patent+#+###++[Defines]+ > > INF_VERSION =3D 0x00010005+ BASE_NAME > > =3D TpmPlatformHierarchyLib+ FILE_GUID =3D > > 7794F92C-4E8E-4E57-9E4A-49A0764C7D73+ MODULE_TYPE > > =3D DXE_DRIVER+ VERSION_STRING =3D 1.0+ > > LIBRARY_CLASS =3D > > TpmPlatformHierarchyLib++[LibraryClasses]+ MemoryAllocationLib+ > > BaseLib+ UefiBootServicesTableLib+ UefiDriverEntryPoint+ > > BaseMemoryLib+ DebugLib+ Tpm2CommandLib+ Tpm2DeviceLib+ > > RngLib+ UefiLib++[Packages]+ MdePkg/MdePkg.dec+ > > MdeModulePkg/MdeModulePkg.dec+ SecurityPkg/SecurityPkg.dec+ > > CryptoPkg/CryptoPkg.dec++[Sources]+ > > TpmPlatformHierarchyLib.c++[Depex]+ gEfiTcg2ProtocolGuid-- > > 2.22.0.windows.1 >=20