* Re: [PATCH] MinPlatformPkg: Introduce library for customizing TPM platform configuration
[not found] ` <BY5PR11MB448430BB2FCC874E338AD839B57B0@BY5PR11MB4484.namprd11.prod.outlook.com>
@ 2019-11-08 21:47 ` Kubacki, Michael A
0 siblings, 0 replies; only message in thread
From: Kubacki, Michael A @ 2019-11-08 21:47 UTC (permalink / raw)
To: Gonzalez Del Cueto, Rodrigo, devel@edk2.groups.io
Cc: Chiu, Chasel, Desimone, Nathaniel L, Gao, Liming
Also, the V1 patch was sent to edk2-devel@lists.01.org. Please use devel@edk2.groups.io.
Thanks,
Michael
> -----Original Message-----
> From: Kubacki, Michael A
> Sent: Friday, November 8, 2019 12:11 PM
> To: Gonzalez Del Cueto, Rodrigo <rodrigo.gonzalez.del.cueto@intel.com>;
> edk2-devel@lists.01.org
> Cc: Chiu, Chasel <chasel.chiu@intel.com>; Desimone, Nathaniel L
> <nathaniel.l.desimone@intel.com>; Gao, Liming <liming.gao@intel.com>
> Subject: RE: [PATCH] MinPlatformPkg: Introduce library for customizing TPM
> platform configuration
>
> Hi Rodrigo,
>
> Can you please update these for V2?
>
> Patch format:
> * Run the patch through edk2/BaseTools/Scripts/PatchCheck.py as some
> errors are reported
> * Add "[edk2-platforms]" in the subject prefix for patches targeting the
> edk2-platforms repository
>
> Commit message:
> * Remove the "Change-Id" line
> * I suggest adding the "Signed-off-by" line after the "Cc" lines
>
> Source:
> * All files must use the BSD-2-Clause-Patent license
> * Correct this for TpmPlatformAuthLib
>
> * I suggest keeping the gEfiDxeSmmReadyToLockProtocolGuid callback in
> Tcg2PlatformDxe and adding a new library class with a single function whose
> responsibility is platform auth at SMM ready to lock. Then Tcg2PlatformDxe
> can simply call this function in the callback function in the module. This allows
> closed source implementation to easily substitute functionality with a
> defined library class API and better defines the control flow in the module.
>
> * If you add back "ReadyToLockEventCallBack ()" in Tcg2PlatformDxe, update
> the function description so it accurately describes the purpose of the
> callback.
>
> * Remove any resources from Tcg2PlatformDxe no longer needed after
> moving code out to the library class. For example, RngLib and
> Tpm2CommandLib should no longer be needed in the module, they will be
> linked against TpmPlatformAuthLib which will ultimately bring them to the
> module.
>
> * Update the copyright years in modified files. For example,
> Tcg2PlatformDxe should be updated to
> "2017 - 2019".
>
> * Update the file descriptions in Tcg2PlatformDxe to clearly describe the
> purpose of the module.
>
> * Update the file descriptions in TpmPlatformAuthLib to clearly describe the
> purpose of the library.
>
> Thanks,
> Michael
>
> > -----Original Message-----
> > From: Gonzalez Del Cueto, Rodrigo
> > <rodrigo.gonzalez.del.cueto@intel.com>
> > Sent: Friday, November 8, 2019 3:06 AM
> > To: edk2-devel@lists.01.org
> > Cc: Gonzalez Del Cueto, Rodrigo
> > <rodrigo.gonzalez.del.cueto@intel.com>;
> > Kubacki, Michael A <michael.a.kubacki@intel.com>; Chiu, Chasel
> > <chasel.chiu@intel.com>; Desimone, Nathaniel L
> > <nathaniel.l.desimone@intel.com>; Gao, Liming <liming.gao@intel.com>
> > Subject: [PATCH] MinPlatformPkg: Introduce library for customizing TPM
> > platform configuration
> >
> > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=2331
> >
> > In order to enable some TPM use cases BIOS should enable to customize
> > the configuration of the TPM platform, provisioning of endorsement,
> > platform and storage hierarchy.
> >
> > This is implemented through a NULL library that registers a custom
> > callback during ReadyToLock event to perform the TPM platform
> configuration.
> >
> > Change-Id: I513c0dda7f047e452f2a1fdf7b921f744a02df7f
> > Signed-off-by: Rodrigo Gonzalez del Cueto
> > <rodrigo.gonzalez.del.cueto@intel.com>
> >
> > Cc: Michael Kubacki <michael.a.kubacki@intel.com>
> > Cc: Chasel Chiu <chasel.chiu@intel.com>
> > Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
> > Cc: Liming Gao <liming.gao@intel.com>
> > ---
> > .../Intel/MinPlatformPkg/MinPlatformPkg.dsc | 5 +-
> > .../TpmPlatformAuthLib/TpmPlatformAuthLib.c | 287
> > ++++++++++++++++++
> > .../TpmPlatformAuthLib/TpmPlatformAuthLib.inf | 75 +++++
> > .../Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c | 174 -----------
> > 4 files changed, 366 insertions(+), 175 deletions(-) create mode
> > 100644
> >
> Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformAuthLib/TpmPlatfo
> > rmAuthLib.c
> > create mode 100644
> >
> Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformAuthLib/TpmPlatfo
> > rmAuthLib.inf
> >
> > diff --git a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
> > b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
> > index 5f9363ff..82b91b0e 100644
> > --- a/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
> > +++ b/Platform/Intel/MinPlatformPkg/MinPlatformPkg.dsc
> > @@ -185,7 +185,10 @@
> > !if gMinPlatformPkgTokenSpaceGuid.PcdTpm2Enable == TRUE
> > MinPlatformPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf-
> > MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf+
> > MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf {+
> > <LibraryClasses>+
> >
> NULL|MinPlatformPkg/Tcg/Library/TpmPlatformAuthLib/TpmPlatformAuthLi
> > b.inf+ } !endif [BuildOptions]diff --git
> >
> a/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformAuthLib/TpmPlat
> > formAuthLib.c
> >
> b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformAuthLib/TpmPlat
> > formAuthLib.c
> > new file mode 100644
> > index 00000000..651faf1d
> > --- /dev/null
> > +++
> > b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformAuthLib/TpmPl
> > +++ atformAuthLib.c
> > @@ -0,0 +1,287 @@
> > +/** @file++ TPM Platform Auth library.++@copyright+ INTEL
> > CONFIDENTIAL+ Copyright 2019 Intel Corporation.++ The source code
> > contained or described herein and all documents related to the+
> > source code ("Material") are owned by Intel Corporation or its
> > suppliers or+ licensors. Title to the Material remains with Intel
> > Corporation or its suppliers+ and licensors. The Material may contain
> > trade secrets and proprietary and+ confidential information of Intel
> > Corporation and its suppliers and licensors,+ and is protected by
> > worldwide copyright and trade secret laws and treaty+ provisions. No
> > part of the Material may be used, copied, reproduced, modified,+
> > published, uploaded, posted, transmitted, distributed, or disclosed in
> > any way+ without Intel's prior express written permission.++ No
> > license under any patent, copyright, trade secret or other
> > intellectual+ property right is granted to or conferred upon you by
> > disclosure or delivery+ of the Materials, either expressly, by
> > implication, inducement, estoppel or+ otherwise. Any license under
> > such intellectual property rights must be+ express and approved by
> > Intel in writing.++ Unless otherwise agreed by Intel in writing, you
> > may not remove or alter+ this notice or any other notice embedded in
> > Materials by Intel or+ Intel's suppliers or licensors in any way.++
> > This file contains a 'Sample Driver' and is licensed as such under the
> > terms+ of your license agreement with Intel or your vendor. This file
> > terms+ may be
> > modified+ by the user, subject to the additional terms of the license
> > agreement.++@par Specification Reference:+**/++#include
> > <PiDxe.h>++#include <Library/DebugLib.h>+#include
> > <Library/BaseMemoryLib.h>+#include
> > <Library/UefiRuntimeServicesTableLib.h>+#include
> > <Library/UefiBootServicesTableLib.h>+#include
> > <Library/MemoryAllocationLib.h>+#include
> > <Library/Tpm2CommandLib.h>+#include <Library/RngLib.h>+#include
> > <Library/UefiLib.h>+#include <Protocol/DxeSmmReadyToLock.h>++//+//
> > The authorization value may be no larger than the digest produced by
> > the
> > hash+// algorithm used for context integrity.+//+#define
> > MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE++/**+ Generate
> > high-quality entropy source through RDRAND.++ @param[in] Length
> > Size of the buffer, in bytes, to fill with.+ @param[out] Entropy Pointer
> to
> > the buffer to store the entropy data.++ @retval EFI_SUCCESS Entropy
> > generation succeeded.+ @retval EFI_NOT_READY Failed to request
> > random data.++**/+EFI_STATUS+EFIAPI+RdRandGenerateEntropy (+ IN
> > UINTN Length,+ OUT UINT8 *Entropy+ )+{+ EFI_STATUS Status;+
> > UINTN BlockCount;+ UINT64 Seed[2];+ UINT8 *Ptr;++ Status =
> > EFI_NOT_READY;+ BlockCount = Length / 64;+ Ptr = (UINT8 *)Entropy;++
> > //+ // Generate high-quality seed for DRBG Entropy+ //+ while
> > (BlockCount
> > > 0) {+ Status = GetRandomNumber128 (Seed);+ if (EFI_ERROR (Status))
> > {+ return Status;+ }+ CopyMem (Ptr, Seed, 64);++ BlockCount--;+
> Ptr
> > = Ptr + 64;+ }++ //+ // Populate the remained data as request.+ //+
> Status
> > = GetRandomNumber128 (Seed);+ if (EFI_ERROR (Status)) {+ return
> > Status;+ }+ CopyMem (Ptr, Seed, (Length % 64));++ return
> > Status;+}++/**+ This function returns the maximum size of TPM2B_AUTH;
> > this structure is used for an authorization value+ and limits an
> > authValue to being no larger than the largest digest produced by a TPM.++
> @param[out] AuthSize
> > Tpm2 Auth size++ @retval EFI_SUCCESS Auth size returned.+
> > @retval EFI_DEVICE_ERROR Can not return platform auth due to
> > device error.++**/+EFI_STATUS+EFIAPI+GetAuthSize (+ OUT UINT16
> > *AuthSize+ )+{+ EFI_STATUS Status;+ TPML_PCR_SELECTION
> Pcrs;+
> > UINTN Index;+ UINT16 DigestSize;++ Status =
> > EFI_SUCCESS;++ while (mAuthSize == 0) {++ mAuthSize =
> > SHA1_DIGEST_SIZE;+ ZeroMem (&Pcrs, sizeof (TPML_PCR_SELECTION));+
> > Status = Tpm2GetCapabilityPcrs (&Pcrs);++ if (EFI_ERROR (Status)) {+
> > DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));+ break;+
> }++
> > DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityPcrs - %08x\n",
> Pcrs.count));++
> > for (Index = 0; Index < Pcrs.count; Index++) {+ DEBUG ((DEBUG_ERROR,
> > "alg - %x\n", Pcrs.pcrSelections[Index].hash));++ switch
> > (Pcrs.pcrSelections[Index].hash) {+ case TPM_ALG_SHA1:+
> DigestSize
> > = SHA1_DIGEST_SIZE;+ break;+ case TPM_ALG_SHA256:+
> > DigestSize = SHA256_DIGEST_SIZE;+ break;+ case
> TPM_ALG_SHA384:+
> > DigestSize = SHA384_DIGEST_SIZE;+ break;+ case
> TPM_ALG_SHA512:+
> > DigestSize = SHA512_DIGEST_SIZE;+ break;+ case
> > TPM_ALG_SM3_256:+ DigestSize = SM3_256_DIGEST_SIZE;+
> break;+
> > default:+ DigestSize = SHA1_DIGEST_SIZE;+ break;+ }++ if
> > (DigestSize > mAuthSize) {+ mAuthSize = DigestSize;+ }+ }+
> break;+
> > }++ *AuthSize = mAuthSize;+ return Status;+}++/**+ Set PlatformAuth
> > to random value.+**/+VOID+RandomizePlatformAuth (+ VOID+ )+{+
> > EFI_STATUS Status;+ UINT16 AuthSize;+ UINT32
> > Index;+ UINT8 *Rand;+ UINTN RandSize;+
> > TPM2B_AUTH NewPlatformAuth;++ //+ // Send
> > Tpm2HierarchyChange Auth with random value to avoid PlatformAuth
> being
> > null+ //++ GetAuthSize (&AuthSize);++ ZeroMem
> > (NewPlatformAuth.buffer, AuthSize);+ NewPlatformAuth.size =
> > AuthSize;++ //+ // Allocate one buffer to store random data.+ //+
> > RandSize = MAX_NEW_AUTHORIZATION_SIZE;+ Rand = AllocatePool
> > (RandSize);++ RdRandGenerateEntropy (RandSize, Rand);+ CopyMem
> > (NewPlatformAuth.buffer, Rand, AuthSize);++ FreePool (Rand);++ //+
> > // Send Tpm2HierarchyChangeAuth command with the new Auth value+
> //+
> > Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL,
> > &NewPlatformAuth);+ DEBUG ((DEBUG_INFO,
> "Tpm2HierarchyChangeAuth
> > Result: - %r\n", Status));+ ZeroMem (NewPlatformAuth.buffer,
> > AuthSize);+ ZeroMem (Rand, RandSize);+}++/**+ This is the Event call
> > back function to notify the Library the system is entering+ run time
> > phase.++ @param Event Pointer to this event+ @param Context Event
> > hanlder private data+ **/+VOID+EFIAPI+PlatformAuthConfigCallback (+ IN
> EFI_EVENT Event,+ IN
> > VOID *Context+ )+{+ EFI_STATUS Status;+ VOID *Interface;++
> //+
> > // Try to locate it because EfiCreateProtocolNotifyEvent will trigger
> > it once when registration.+ // Just return if it is not found.+ //+
> > Status = gBS-
> > >LocateProtocol (+ &gEfiDxeSmmReadyToLockProtocolGuid,+
> > NULL,+ &Interface+ );++ if (EFI_ERROR (Status)) {+
> > return;+ }++ //+ // Send Tpm2HierarchyChange Auth with random value
> > to avoid PlatformAuth being null+ //+ RandomizePlatformAuth ();+
> > gBS-
> > >CloseEvent (Event);+}++/**+ The library constructor will register a
> function
> > for callback during ReadyToLock event to+ configure the TPM's platform
> > authorization.++ @param ImageHandle The firmware allocated handle
> for
> > the EFI image.+ @param SystemTable A pointer to the EFI System
> Table.++
> > @retval EFI_SUCCESS Always return
> > EFI_SUCCESS++**/+EFI_STATUS+EFIAPI+TpmPlatformAuthLibContructor
> (+
> > )+{+ VOID *Registration;+ EFI_EVENT Event;++ Event =
> > EfiCreateProtocolNotifyEvent (+
> > &gEfiDxeSmmReadyToLockProtocolGuid,+ TPL_CALLBACK,+
> > PlatformAuthConfigCallback,+ NULL,+ &Registration+ );++
> > ASSERT (Event != NULL);+ return EFI_SUCCESS;+}diff --git
> >
> a/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformAuthLib/TpmPlat
> > formAuthLib.inf
> >
> b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformAuthLib/TpmPlat
> > formAuthLib.inf
> > new file mode 100644
> > index 00000000..e26db830
> > --- /dev/null
> > +++
> > b/Platform/Intel/MinPlatformPkg/Tcg/Library/TpmPlatformAuthLib/TpmPl
> > +++ atformAuthLib.inf
> > @@ -0,0 +1,75 @@
> > +### @file+# Library for customizing the TPM Platform
> > Auth+#+#@copyright+# INTEL CONFIDENTIAL+# Copyright 2019 Intel
> > Corporation.+#+# The source code contained or described herein and
> > all documents related to the+# source code ("Material") are owned by
> > Intel Corporation or its suppliers or+# licensors. Title to the
> > Material remains with Intel Corporation or its suppliers+# and
> > licensors. The Material may contain trade secrets and proprietary
> > and+# confidential information of Intel Corporation and its suppliers
> > and licensors,+# and is protected by worldwide copyright and trade
> > secret laws and treaty+# provisions. No part of the Material may be
> > used, copied, reproduced, modified,+# published, uploaded, posted,
> > transmitted, distributed, or disclosed in any way+# without Intel's
> > prior express written permission.+#+# No license under any patent,
> > copyright, trade secret or other intellectual+# property right is
> > granted to or conferred upon you by disclosure or delivery+# of the
> > Materials, either expressly, by implication, inducement, estoppel or+#
> > otherwise. Any license under such intellectual property rights must
> > be+# express and approved by Intel in writing.+#+# Unless otherwise
> > agreed by Intel in writing, you may not remove or alter+# this notice
> > or any other notice embedded in Materials by Intel or+# Intel's
> > suppliers or licensors in any way.+#+# This file contains a 'Sample
> > Driver' and is licensed as such under the terms+# of your license
> > agreement with Intel or your vendor. This file may be modified+# by the
> user, subject to the additional terms of the license agreement.+#+# @par
> Specification Reference:+#+# @par
> > Glossary:+###++[Defines]+ INF_VERSION = 0x00010005+
> > BASE_NAME = TpmPlatformAuthLib+ FILE_GUID =
> > 7794F92C-4E8E-4E57-9E4A-49A0764C7D73+ MODULE_TYPE =
> BASE+
> > VERSION_STRING = 1.0+ LIBRARY_CLASS = NULL+
> > CONSTRUCTOR =
> > TpmPlatformAuthLibContructor++[LibraryClasses]+ MemoryAllocationLib+
> > BaseLib+ UefiBootServicesTableLib+ UefiDriverEntryPoint+
> > UefiRuntimeServicesTableLib+ BaseMemoryLib+ DebugLib+
> > Tpm2CommandLib+ Tpm2DeviceLib+ RngLib+ UefiLib++[Packages]+
> > MdePkg/MdePkg.dec+ MdeModulePkg/MdeModulePkg.dec+
> > SecurityPkg/SecurityPkg.dec+ CryptoPkg/CryptoPkg.dec++[Sources]+
> > TpmPlatformAuthLib.c++[Protocols]+
> > gEfiDxeSmmReadyToLockProtocolGuid ## SOMETIMES_CONSUMES
> ##
> > NOTIFY++[Guids]+ gEfiEventExitBootServicesGuid ##
> > SOMETIMES_CONSUMES ## Event++[Depex]+ gEfiTcg2ProtocolGuiddiff --
> git
> >
> a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> >
> b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> > index d0d88b2e..20a48649 100644
> > ---
> >
> a/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.c
> > +++
> > b/Platform/Intel/MinPlatformPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.
> > +++ c
> > @@ -18,168 +18,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > #include <Library/UefiLib.h> #include <Protocol/DxeSmmReadyToLock.h> -
> > #define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE--/**-
> > Generate high-quality entropy source through RDRAND.-- @param[in]
> > Length Size of the buffer, in bytes, to fill with.- @param[out] Entropy
> > Pointer to the buffer to store the entropy data.-- @retval EFI_SUCCESS
> > Entropy generation succeeded.- @retval EFI_NOT_READY Failed to
> > request random data.--**/-EFI_STATUS-EFIAPI-RdRandGenerateEntropy (-
> > IN UINTN Length,- OUT UINT8 *Entropy- )-{- EFI_STATUS Status;-
> > UINTN BlockCount;- UINT64 Seed[2];- UINT8 *Ptr;-- Status =
> > EFI_NOT_READY;- BlockCount = Length / 64;- Ptr = (UINT8 *)Entropy;--
> > //- // Generate high-quality seed for DRBG Entropy- //- while (BlockCount
> > 0)
> > {- Status = GetRandomNumber128(Seed);- if (EFI_ERROR(Status)) {-
> > return Status;- }- CopyMem(Ptr, Seed, 64);-- BlockCount--;- Ptr = Ptr
> +
> > 64;- }-- //- // Populate the remained data as request.- //- Status =
> > GetRandomNumber128(Seed);- if (EFI_ERROR(Status)) {- return Status;-
> }-
> > CopyMem(Ptr, Seed, (Length % 64));-- return Status;-}--/**- Set
> > PlatformAuth to random value.-**/-VOID-RandomizePlatformAuth (-
> VOID-
> > )-{- EFI_STATUS Status;- UINT16 AuthSize;-
> > TPML_PCR_SELECTION Pcrs;- UINT32 Index;- UINT8
> > *Rand;- UINTN RandSize;- TPM2B_AUTH
> > NewPlatformAuth;-- //- // Send Tpm2HierarchyChange Auth with random
> > value to avoid PlatformAuth being null- //- ZeroMem(&Pcrs,
> > sizeof(TPML_PCR_SELECTION));- AuthSize =
> > MAX_NEW_AUTHORIZATION_SIZE;-- Status =
> > Tpm2GetCapabilityPcrs(&Pcrs);- if (EFI_ERROR(Status)) {-
> > DEBUG((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));- } else {- for
> > (Index = 0; Index < Pcrs.count; Index++) {- switch
> > (Pcrs.pcrSelections[Index].hash) {- case TPM_ALG_SHA1:- AuthSize =
> > SHA1_DIGEST_SIZE;- break;- case TPM_ALG_SHA256:- AuthSize =
> > SHA256_DIGEST_SIZE;- break;- case TPM_ALG_SHA384:- AuthSize
> =
> > SHA384_DIGEST_SIZE;- break;- case TPM_ALG_SHA512:- AuthSize
> =
> > SHA512_DIGEST_SIZE;- break;- case TPM_ALG_SM3_256:-
> AuthSize
> > = SM3_256_DIGEST_SIZE;- break;- }- }- }--
> > ZeroMem(NewPlatformAuth.buffer, AuthSize);- NewPlatformAuth.size =
> > AuthSize;-- //- // Allocate one buffer to store random data.- //-
> > RandSize =
> > MAX_NEW_AUTHORIZATION_SIZE;- Rand = AllocatePool(RandSize);--
> > RdRandGenerateEntropy(RandSize, Rand);-
> > CopyMem(NewPlatformAuth.buffer, Rand, AuthSize);-- FreePool(Rand);--
> > //- // Send Tpm2HierarchyChangeAuth command with the new Auth
> value-
> > //- Status = Tpm2HierarchyChangeAuth(TPM_RH_PLATFORM, NULL,
> > &NewPlatformAuth);- DEBUG((DEBUG_INFO,
> "Tpm2HierarchyChangeAuth
> > Result: - %r\n", Status));- ZeroMem(NewPlatformAuth.buffer,
> > AuthSize);- ZeroMem(Rand, RandSize);-}--/**- This is the Event call
> > back function to notify the Library the system is entering- run time
> > phase.-- @param Event Pointer to this event- @param Context Event
> > hanlder private data- **/- VOID-EFIAPI-ReadyToLockEventCallBack (- IN
> EFI_EVENT Event,- IN VOID
> > *Context- )-{- EFI_STATUS Status;- VOID *Interface;-- //- // Try to
> > locate it because EfiCreateProtocolNotifyEvent will trigger it once
> > when
> > registration.- // Just return if it is not found.- //- Status =
> > gBS-
> > >LocateProtocol (- &gEfiDxeSmmReadyToLockProtocolGuid,-
> > NULL,- &Interface- );- if (EFI_ERROR (Status)) {- return ;-
> > }-- //- // Send Tpm2HierarchyChange Auth with random value to avoid
> > PlatformAuth being null- //- RandomizePlatformAuth();-- gBS-
> >CloseEvent
> > (Event);-}- /** The driver's entry point. @@ -196,17 +34,5 @@
> > Tcg2PlatformDxeEntryPoint (
> > IN EFI_SYSTEM_TABLE *SystemTable ) {- VOID
> > *Registration;- EFI_EVENT Event;-- Event =
> > EfiCreateProtocolNotifyEvent (-
> > &gEfiDxeSmmReadyToLockProtocolGuid,- TPL_CALLBACK,-
> > ReadyToLockEventCallBack,- NULL,- &Registration- );-
> > ASSERT (Event != NULL);- return EFI_SUCCESS; }--
> > 2.22.0.windows.1
^ permalink raw reply [flat|nested] only message in thread