From: "Bret Barkelew" <bret@corthon.com>
To: "Yao, Jiewen" <jiewen.yao@intel.com>
Cc: "devel@edk2.groups.io" <devel@edk2.groups.io>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Zhang, Qi1" <qi1.zhang@intel.com>,
"Kumar, Rahul1" <rahul1.kumar@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib
Date: Thu, 14 Oct 2021 10:06:58 -0700 [thread overview]
Message-ID: <CAGTkKain8e_UuUoDZRYvimLSiYPzNiHkwJjgUUS3zziZnhhMEw@mail.gmail.com> (raw)
In-Reply-To: <PH0PR11MB48856324154C0BA47B7506E58CB89@PH0PR11MB4885.namprd11.prod.outlook.com>
[-- Attachment #1: Type: text/plain, Size: 10220 bytes --]
It looks like all errors are still related to ECC and PatchCheck, even
though I'm just matching the rest of the file.
Please advise if we want to update the entire file.
On Thu, Oct 14, 2021 at 3:48 AM Yao, Jiewen <jiewen.yao@intel.com> wrote:
> Hi Bret
> I saw PR failure - https://github.com/tianocore/edk2/pull/2066
>
> Thank you
>
> > -----Original Message-----
> > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Bret
> > Barkelew
> > Sent: Thursday, October 14, 2021 1:33 AM
> > To: devel@edk2.groups.io
> > Cc: Yao, Jiewen <jiewen.yao@intel.com>; Wang, Jian J <
> jian.j.wang@intel.com>;
> > Zhang, Qi1 <qi1.zhang@intel.com>; Kumar, Rahul1 <rahul1.kumar@intel.com>
> > Subject: [edk2-devel] [PATCH v2 1/1] SecurityPkg/Library: Add
> > Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib
> >
> > Used to provision and maintain certain HW-defined NV spaces.
> >
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2994
> >
> > Signed-off-by: Bret Barkelew <bret.barkelew@microsoft.com>
> > Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > Cc: Jian J Wang <jian.j.wang@intel.com>
> > Cc: Qi Zhang <qi1.zhang@intel.com>
> > Cc: Rahul Kumar <rahul1.kumar@intel.com>
> > ---
> > SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c | 122
> > ++++++++++++++++++++
> > SecurityPkg/Include/Library/Tpm2CommandLib.h | 22 ++++
> > 2 files changed, 144 insertions(+)
> >
> > diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> > b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> > index 87572de20164..275cb1683f51 100644
> > --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> > +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2NVStorage.c
> > @@ -24,6 +24,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
> > #define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1)
> >
> > #define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2)
> >
> >
> >
> > +#define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1)
> >
> > +
> >
> > #define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1)
> >
> > #define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2)
> >
> > #define RC_NV_Read_size (TPM_RC_P + TPM_RC_1)
> >
> > @@ -74,6 +76,20 @@ typedef struct {
> > TPMS_AUTH_RESPONSE AuthSession;
> >
> > } TPM2_NV_UNDEFINESPACE_RESPONSE;
> >
> >
> >
> > +typedef struct {
> >
> > + TPM2_COMMAND_HEADER Header;
> >
> > + TPMI_RH_NV_INDEX NvIndex;
> >
> > + TPMI_RH_PLATFORM Platform;
> >
> > + UINT32 AuthSessionSize;
> >
> > + TPMS_AUTH_COMMAND AuthSession;
> >
> > +} TPM2_NV_UNDEFINESPACESPECIAL_COMMAND;
> >
> > +
> >
> > +typedef struct {
> >
> > + TPM2_RESPONSE_HEADER Header;
> >
> > + UINT32 AuthSessionSize;
> >
> > + TPMS_AUTH_RESPONSE AuthSession;
> >
> > +} TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE;
> >
> > +
> >
> > typedef struct {
> >
> > TPM2_COMMAND_HEADER Header;
> >
> > TPMI_RH_NV_AUTH AuthHandle;
> >
> > @@ -506,6 +522,112 @@ Done:
> > return Status;
> >
> > }
> >
> >
> >
> > +/**
> >
> > + This command allows removal of a platform-created NV Index that has
> > TPMA_NV_POLICY_DELETE SET.
> >
> > +
> >
> > + @param[in] NvIndex The NV Index.
> >
> > + @param[in] IndexAuthSession Auth session context for the Index
> > auth/policy
> >
> > + @param[in] PlatAuthSession Auth session context for the Platform
> > auth/policy
> >
> > +
> >
> > + @retval EFI_SUCCESS Operation completed successfully.
> >
> > + @retval EFI_NOT_FOUND The command was returned
> successfully, but
> > NvIndex is not found.
> >
> > + @retval EFI_UNSUPPORTED Selected NvIndex does not support
> deletion
> > through this call.
> >
> > + @retval EFI_SECURITY_VIOLATION Deletion is not authorized by current
> > policy session.
> >
> > + @retval EFI_INVALID_PARAMETER The command was unsuccessful.
> >
> > + @retval EFI_DEVICE_ERROR The command was unsuccessful.
> >
> > +**/
> >
> > +EFI_STATUS
> >
> > +EFIAPI
> >
> > +Tpm2NvUndefineSpaceSpecial (
> >
> > + IN TPMI_RH_NV_INDEX NvIndex,
> >
> > + IN TPMS_AUTH_COMMAND *IndexAuthSession OPTIONAL,
> >
> > + IN TPMS_AUTH_COMMAND *PlatAuthSession OPTIONAL
> >
> > + )
> >
> > +{
> >
> > + EFI_STATUS Status;
> >
> > + TPM2_NV_UNDEFINESPACESPECIAL_COMMAND SendBuffer;
> >
> > + TPM2_NV_UNDEFINESPACESPECIAL_RESPONSE RecvBuffer;
> >
> > + UINT32 SendBufferSize;
> >
> > + UINT32 RecvBufferSize;
> >
> > + UINT8 *Buffer;
> >
> > + UINT32 IndexAuthSize, PlatAuthSize;
> >
> > + TPM_RC ResponseCode;
> >
> > +
> >
> > + //
> >
> > + // Construct command
> >
> > + //
> >
> > + SendBuffer.Header.tag = SwapBytes16(TPM_ST_SESSIONS);
> >
> > + SendBuffer.Header.commandCode =
> > SwapBytes32(TPM_CC_NV_UndefineSpaceSpecial);
> >
> > +
> >
> > + SendBuffer.NvIndex = SwapBytes32 (NvIndex);
> >
> > + SendBuffer.Platform = SwapBytes32 (TPM_RH_PLATFORM);
> >
> > +
> >
> > + //
> >
> > + // Marshall the Auth Sessions for the two handles.
> >
> > + Buffer = (UINT8 *)&SendBuffer.AuthSession;
> >
> > + // IndexAuthSession
> >
> > + IndexAuthSize = CopyAuthSessionCommand (IndexAuthSession, Buffer);
> >
> > + Buffer += IndexAuthSize;
> >
> > + // PlatAuthSession
> >
> > + PlatAuthSize = CopyAuthSessionCommand (PlatAuthSession, Buffer);
> >
> > + Buffer += PlatAuthSize;
> >
> > + // AuthSessionSize
> >
> > + SendBuffer.AuthSessionSize = SwapBytes32(IndexAuthSize +
> PlatAuthSize);
> >
> > +
> >
> > + // Update total command size.
> >
> > + SendBufferSize = (UINT32)(Buffer - (UINT8 *)&SendBuffer);
> >
> > + SendBuffer.Header.paramSize = SwapBytes32 (SendBufferSize);
> >
> > +
> >
> > + //
> >
> > + // send Tpm command
> >
> > + //
> >
> > + RecvBufferSize = sizeof (RecvBuffer);
> >
> > + Status = Tpm2SubmitCommand (SendBufferSize, (UINT8 *)&SendBuffer,
> > &RecvBufferSize, (UINT8 *)&RecvBuffer);
> >
> > + if (EFI_ERROR (Status)) {
> >
> > + goto Done;
> >
> > + }
> >
> > +
> >
> > + if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {
> >
> > + DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - RecvBufferSize
> > Error - %x\n", RecvBufferSize));
> >
> > + Status = EFI_DEVICE_ERROR;
> >
> > + goto Done;
> >
> > + }
> >
> > +
> >
> > + ResponseCode = SwapBytes32(RecvBuffer.Header.responseCode);
> >
> > + if (ResponseCode != TPM_RC_SUCCESS) {
> >
> > + DEBUG ((EFI_D_ERROR, "Tpm2NvUndefineSpaceSpecial - responseCode -
> > %x\n", SwapBytes32(RecvBuffer.Header.responseCode)));
> >
> > + }
> >
> > + switch (ResponseCode) {
> >
> > + case TPM_RC_SUCCESS:
> >
> > + // return data
> >
> > + break;
> >
> > + case TPM_RC_ATTRIBUTES:
> >
> > + case TPM_RC_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex:
> >
> > + Status = EFI_UNSUPPORTED;
> >
> > + break;
> >
> > + case TPM_RC_NV_AUTHORIZATION:
> >
> > + Status = EFI_SECURITY_VIOLATION;
> >
> > + break;
> >
> > + case TPM_RC_HANDLE + RC_NV_UndefineSpaceSpecial_nvIndex: //
> > TPM_RC_NV_DEFINED:
> >
> > + Status = EFI_NOT_FOUND;
> >
> > + break;
> >
> > + case TPM_RC_VALUE + RC_NV_UndefineSpace_nvIndex:
> >
> > + Status = EFI_INVALID_PARAMETER;
> >
> > + break;
> >
> > + default:
> >
> > + Status = EFI_DEVICE_ERROR;
> >
> > + break;
> >
> > + }
> >
> > +
> >
> > +Done:
> >
> > + //
> >
> > + // Clear AuthSession Content
> >
> > + //
> >
> > + ZeroMem (&SendBuffer, sizeof(SendBuffer));
> >
> > + ZeroMem (&RecvBuffer, sizeof(RecvBuffer));
> >
> > + return Status;
> >
> > +}
> >
> > +
> >
> > /**
> >
> > This command reads a value from an area in NV memory previously
> defined by
> > TPM2_NV_DefineSpace().
> >
> >
> >
> > diff --git a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> > b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> > index ee8eb622951c..92967662ce96 100644
> > --- a/SecurityPkg/Include/Library/Tpm2CommandLib.h
> > +++ b/SecurityPkg/Include/Library/Tpm2CommandLib.h
> > @@ -364,6 +364,28 @@ Tpm2NvUndefineSpace (
> > IN TPMS_AUTH_COMMAND *AuthSession OPTIONAL
> >
> > );
> >
> >
> >
> > +/**
> >
> > + This command allows removal of a platform-created NV Index that has
> > TPMA_NV_POLICY_DELETE SET.
> >
> > +
> >
> > + @param[in] NvIndex The NV Index.
> >
> > + @param[in] IndexAuthSession Auth session context for the Index
> > auth/policy
> >
> > + @param[in] PlatAuthSession Auth session context for the Platform
> > auth/policy
> >
> > +
> >
> > + @retval EFI_SUCCESS Operation completed successfully.
> >
> > + @retval EFI_NOT_FOUND The command was returned
> successfully, but
> > NvIndex is not found.
> >
> > + @retval EFI_UNSUPPORTED Selected NvIndex does not support
> deletion
> > through this call.
> >
> > + @retval EFI_SECURITY_VIOLATION Deletion is not authorized by current
> > policy session.
> >
> > + @retval EFI_INVALID_PARAMETER The command was unsuccessful.
> >
> > + @retval EFI_DEVICE_ERROR The command was unsuccessful.
> >
> > +**/
> >
> > +EFI_STATUS
> >
> > +EFIAPI
> >
> > +Tpm2NvUndefineSpaceSpecial (
> >
> > + IN TPMI_RH_NV_INDEX NvIndex,
> >
> > + IN TPMS_AUTH_COMMAND *IndexAuthSession OPTIONAL,
> >
> > + IN TPMS_AUTH_COMMAND *PlatAuthSession OPTIONAL
> >
> > + );
> >
> > +
> >
> > /**
> >
> > This command reads a value from an area in NV memory previously
> defined by
> > TPM2_NV_DefineSpace().
> >
> >
> >
> > --
> > 2.31.1.windows.1
> >
> >
> >
> > -=-=-=-=-=-=
> > Groups.io Links: You receive all messages sent to this group.
> > View/Reply Online (#81922): https://edk2.groups.io/g/devel/message/81922
> > Mute This Topic: https://groups.io/mt/86293842/1772286
> > Group Owner: devel+owner@edk2.groups.io
> > Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
> > -=-=-=-=-=-=
> >
>
>
[-- Attachment #2: Type: text/html, Size: 15120 bytes --]
next prev parent reply other threads:[~2021-10-14 17:07 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-13 17:33 [PATCH v2 1/1] SecurityPkg/Library: Add Tpm2NvUndefineSpaceSpecial to Tpm2CommandLib Bret Barkelew
2021-10-14 10:48 ` [edk2-devel] " Yao, Jiewen
2021-10-14 17:06 ` Bret Barkelew [this message]
2021-10-15 0:54 ` Yao, Jiewen
2021-10-15 1:56 ` 回复: " gaoliming
2021-10-15 2:53 ` Yao, Jiewen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGTkKain8e_UuUoDZRYvimLSiYPzNiHkwJjgUUS3zziZnhhMEw@mail.gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox