From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 8E3ADD801B0 for ; Wed, 10 Apr 2024 01:29:16 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=dKIEBqrD21L09YJR6XvIZYt22OHyUOBEarmln28VUCY=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1712712555; v=1; b=PmirdwpL1abvv/10cjaLfcWJfhG2lCMwvVFScSRHGwQRvSgQ10/QDRda3Cq2NfbLuprghZ+L /i6AGmTwNutfvTBLJS7ZTQWTGRJJ9Xn07aLjvseaPVmhz55XPtkm6Wy/lpSuFEzMjD6q+9byqwA PYHUoLUAsQRAVEP0Vsg5fwCwI8U9qsxZkpeOSYvu8kQcJDEbzNAitFR3KZNM5nVKDLRqzN98u3T 7ZB2G5kNMlBCp4VUzhD5UUhC22Tgp45RKr+DVc0SIFzpBpblKaIrk4ps+p1oKS/X8kmHZEuhu/E 0cTdO0lDHBP5bG3E/CMU2BjKRyngXyyxhX3KqhMzSZhCA== X-Received: by 127.0.0.2 with SMTP id WwPUYY7687511xgOG0e2ldOm; Tue, 09 Apr 2024 18:29:15 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) by mx.groups.io with SMTP id smtpd.web10.155011.1712712554163921340 for ; Tue, 09 Apr 2024 18:29:14 -0700 X-CSE-ConnectionGUID: bKn0eA4oS1SzHmj2TQx2eA== X-CSE-MsgGUID: zM2/ayOeSx2RfBOlPMFb6w== X-IronPort-AV: E=McAfee;i="6600,9927,11039"; a="11829756" X-IronPort-AV: E=Sophos;i="6.07,190,1708416000"; d="scan'208";a="11829756" X-Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Apr 2024 18:29:14 -0700 X-CSE-ConnectionGUID: JOskRC5TQamIP9jCsb5gnw== X-CSE-MsgGUID: QS5Zc5DuRSC5Y1A4zWyEmA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,190,1708416000"; d="scan'208";a="24884140" X-Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmviesa005.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 09 Apr 2024 18:29:14 -0700 X-Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 9 Apr 2024 18:29:13 -0700 X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Tue, 9 Apr 2024 18:29:13 -0700 X-Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.40) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Tue, 9 Apr 2024 18:29:12 -0700 X-Received: from CH3PR11MB8342.namprd11.prod.outlook.com (2603:10b6:610:167::10) by MW3PR11MB4650.namprd11.prod.outlook.com (2603:10b6:303:54::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7452.26; Wed, 10 Apr 2024 01:29:05 +0000 X-Received: from CH3PR11MB8342.namprd11.prod.outlook.com ([fe80::f595:4b11:e6c:2a0c]) by CH3PR11MB8342.namprd11.prod.outlook.com ([fe80::f595:4b11:e6c:2a0c%7]) with mapi id 15.20.7452.019; Wed, 10 Apr 2024 01:29:05 +0000 From: "Xu, Wei6" To: "Kumar, Rahul R" , "devel@edk2.groups.io" CC: "Yao, Jiewen" Subject: Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI Thread-Topic: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI Thread-Index: AQHaeUs0HJ6EaKNCeUKUgshvyu4HobFOIdqAgBK3OeA= Date: Wed, 10 Apr 2024 01:29:04 +0000 Message-ID: References: <17BDE62823C9261A.11133@groups.io> In-Reply-To: Accept-Language: en-US, en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CH3PR11MB8342:EE_|MW3PR11MB4650:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: lWCEZHX13XSBtQCBQx884FvrQxX3VjI+6c5Tdl3CHPusLDzFG9iOPmkhs9CMtrA7a2Ts7Zr44svL+kIY/Wqp30jg7qLoOIJH/teGTcCiuyXPW8UOt9C+PNXHNHTCFh3G5BGi0IHBBs7iovkp6CaS2RsoOTCf8usF4fIo55wO2HgYRILe+ETKC5FrQCFUwF0H+/H5nECFCQ+udto3QglIb2LnJWHGZdfsRo+irPtSazm9VfaP82jm3hcNZr7hZ7Je4yt5zVPvt7b9+qvBn9sRswgjRoOW47oGzrCib8seZb2E+81unYs4HU9BUsy+91cALizzX5hett3K7jnx1YzXA4Eu9XW/V5e0ZxIJOl+xg0APbLGEPdHuPvzioDIJjIGh1NBr52QExcGW7GvnyHvHnjmM6k5itE4VMt7MoelvC4FXf1sT+RYQkNRRHWqE8hHB1QhkqbWcuIL5wU6EXQo1kW4PauHsv4DA+8MzWOelOlW3z2DRQVQgo6DYuoWjImTRF9gBqHAHpCqtX+cruCDeZV4E7xedIruWSukdCH+MuEvSSQv/+MNbBRbwcpr5Mj/KtyN3HTHHIObxFdgHOzPKYa5S2xkBSehyLTuD9qCZ1I/zeEyhcu2XauUlGV6tz49g x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Hi85xOB41BNQPMI5WFsfkfL1uS5dgBoZTiQI7tetUsio9uWWfHdOqL09MLrm?= =?us-ascii?Q?NfawNRjt8qPlARv26UBE1rceHxcr0i5Li5JsS41tX97eVy/GH/Fl/PJq9I5m?= =?us-ascii?Q?07ImUf+Jlm35UXtou255xKUnHN4hzSEezHPvKblvRLe+vCEay8TmYQ+Co/rF?= =?us-ascii?Q?K9HQWDCC9mdxLqxsSdj6pvOnc1eDnOGgl22ZAE7wOPpRQc2V1LjxZhAVWqp5?= =?us-ascii?Q?7PjnsHflojz7bYYVi0Rg8L+/vIZD/YXuzkBQckWl3PnnWMFMJP1RaJypjU6H?= =?us-ascii?Q?TyyP527fHalElICxoJJ1uRcAr1nXY/oqXR9zng+qhdCbx0NolhUXXDXRfaPv?= =?us-ascii?Q?XEw6HlkJIWikSbaAUbElpDdUlKnBOtNuE146C98jyu4cPPFUl7GN+Hc0ggFI?= =?us-ascii?Q?bd7BwkQELEiQ+h0EqBGM+zRlJJ+wqN1wkF6D3uLfbbNJbOxFJ0oHQ1kPeGVY?= =?us-ascii?Q?srMn2qtSyvHZ2u+WR0mfv7uoVstrg/KWQfl9zkjhTmeKvALMGDms7KyW/YF6?= =?us-ascii?Q?zsCJ5gW7ooG+pPXgxq8G7jEWbBzOrAGq+BcbYxnzoYBMlxAKapd3LUEtKdkR?= =?us-ascii?Q?0teDyLDbd1rZOLo7DO6pZYh2NuMOq8ZTVBE885NZ9eP/m+vPnp8ZWTG5kVSa?= =?us-ascii?Q?YMzGlVBU9ffuLI7nIOk+N0OvcRSm8ihYy5bGXuLW/p/OGRLRGaO4TWZB3+zl?= =?us-ascii?Q?kdiuFwadlN/iqoHzlwNlpFA0VahazDD0KpwL3lOo2q6RuZabODk4xKCDjmXZ?= =?us-ascii?Q?8Bsz5s4GES3NdtApYaVPBPe2AYB0u+xiYHuANPKoz6sXUtZthOgSAQH32ERw?= =?us-ascii?Q?H59MYfbY2BK+Mm62VsZCgrFI6SsCGBzDLFor3CeaKtrojwigfddQ2zdj1dt1?= =?us-ascii?Q?ClB9GEwDhbrcu/2cq4WLOTwWrFidvYLZS1IBbbjtDx5YCQy2R/EIUnlFHivU?= =?us-ascii?Q?PJJEPlRdGWJncyrluRSHhxqgnSh5LA7kCATPqjJyOi+snGOH1EkGuqnRM+xV?= =?us-ascii?Q?w8pz99HwS9tq5ygsvoSN/uyP/zlGBlc9WuYloPSIsMQmMKaelytSTcBkTUDL?= =?us-ascii?Q?Q6pWZimnh/vVOOoiD7xlzaH7IjVs6s3lZUSW/u5Ac3q6YTeImbptxwLHm+IW?= =?us-ascii?Q?co2Cg/pzqjtdgv1L8pFKqlTCPHBl3fJRee0oGaPjQTkrGPGjx2+jFCpR735T?= =?us-ascii?Q?OwiGEKmNLjjgwqLknO3dWZFa4RYViDXCBzyyz1LvVZHaGfPbIHsH15jTpTLB?= =?us-ascii?Q?+zvgmAdnAzbpBYh2AWJNzOv98OTHA2IECZOzBTjlmlBkB2CI3ONv1+WU9XKy?= =?us-ascii?Q?6YJx3B+oRUUZucodIcg19VrxBOGNRrgYKMxFTA4w1vojkBV18Md9bFr17rPO?= =?us-ascii?Q?HoOef7Pzw1ZkASt5mD5paZLn9BBuabZCKMAniAoccvfhnd0FL6bL1s++6t+H?= =?us-ascii?Q?ZkthIerVgd60+dr4z+apSYtCZKRIYp2i9rgvCM+8kPf/1dnE32wxuw5TrgPV?= =?us-ascii?Q?1ha24H3Kx3CjzwgJu5cd+t8iIk8U/Iayt19zeeUmIwsUL7RVvqoOPIeSyuUR?= =?us-ascii?Q?T/8QR5P6kx6tMqH2xA8=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8342.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 41d2fd3e-8d16-42df-c6c0-08dc58fd9c24 X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Apr 2024 01:29:04.9221 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: T2Pl070gKj1Z6JcaBtKrvhE7XEu/tU4L3RrlJFFRmhSU8a9lDAy4NWpZp+6DJf4zNK3db1CdE4tYRUcWjU1J3g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4650 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Tue, 09 Apr 2024 18:29:14 -0700 Resent-From: wei6.xu@intel.com Reply-To: devel@edk2.groups.io,wei6.xu@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: lT8gpjHxbJ7RFDIExrcUtIWTx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=PmirdwpL; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none) Thanks Rahul for reviewing this patch. I created a PR with adding Rahul's 'Reviewed-by' in the commit message: htt= ps://github.com/tianocore/edk2/pull/5538 Could anyone help to merge it? Thanks a lot. BR, Wei >-----Original Message----- >From: Kumar, Rahul R >Sent: Friday, March 29, 2024 11:36 AM >To: devel@edk2.groups.io; Xu, Wei6 >Cc: Yao, Jiewen >Subject: RE: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS >unsupported hash algorithm from UI > >Looks good. >Reviewed-by: Rahul Kumar > >-----Original Message----- >From: devel@edk2.groups.io On Behalf Of Xu, Wei6 >Sent: Monday, March 18, 2024 8:41 AM >To: devel@edk2.groups.io >Cc: Xu, Wei6 ; Kumar, Rahul R >; Yao, Jiewen >Subject: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS >unsupported hash algorithm from UI > >REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4731 > >TCG2 configuration UI shows all the hash algorithms that TPM hardware >supports in the checkbox. If user only selects one algorithm that is suppo= rted >by TPM hardware but not supported by BIOS and uncheck the others, the >SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able to decide a viabl= e >PCR to activate, then an assert occurs. > >Add check against PcdTcg2HashAlgorithmBitmap when deciding whether to >suppress the hash algorithm checkbox to avoid user to select the hash >algorithm which may cause an assert. > >Cc: Rahul Kumar >Cc: Jiewen Yao >Signed-off-by: Wei6 Xu >--- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 61 ++++++++++++++------- > 1 file changed, 41 insertions(+), 20 deletions(-) > >diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >index 6eb04c014448..39b639039525 100644 >--- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >+++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c >@@ -722,33 +722,50 @@ FillBufferWithBootHashAlg ( } > > /** >- Set ConfigInfo according to TpmAlgHash. >+ Set ConfigInfo according to TpmAlgHash and BiosHashAlgBitmap. > > @param[in,out] Tcg2ConfigInfo TCG2 config info. > @param[in] TpmAlgHash TpmAlgHash. >+ @param[in] BiosHashAlgBitmap Bios Hash Algorithm Bitmap. > > **/ > VOID > SetConfigInfo ( > IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo, >- IN UINT32 TpmAlgHash >+ IN UINT32 TpmAlgHash, >+ IN UINT32 BiosHashAlgBitmap > ) > { > switch (TpmAlgHash) { > case TPM_ALG_SHA1: >- Tcg2ConfigInfo->Sha1Supported =3D TRUE; >+ if ((BiosHashAlgBitmap & HASH_ALG_SHA1) !=3D 0) { >+ Tcg2ConfigInfo->Sha1Supported =3D TRUE; >+ } >+ > break; > case TPM_ALG_SHA256: >- Tcg2ConfigInfo->Sha256Supported =3D TRUE; >+ if ((BiosHashAlgBitmap & HASH_ALG_SHA256) !=3D 0) { >+ Tcg2ConfigInfo->Sha256Supported =3D TRUE; >+ } >+ > break; > case TPM_ALG_SHA384: >- Tcg2ConfigInfo->Sha384Supported =3D TRUE; >+ if ((BiosHashAlgBitmap & HASH_ALG_SHA384) !=3D 0) { >+ Tcg2ConfigInfo->Sha384Supported =3D TRUE; >+ } >+ > break; > case TPM_ALG_SHA512: >- Tcg2ConfigInfo->Sha512Supported =3D TRUE; >+ if ((BiosHashAlgBitmap & HASH_ALG_SHA512) !=3D 0) { >+ Tcg2ConfigInfo->Sha512Supported =3D TRUE; >+ } >+ > break; > case TPM_ALG_SM3_256: >- Tcg2ConfigInfo->Sm3Supported =3D TRUE; >+ if ((BiosHashAlgBitmap & HASH_ALG_SM3_256) !=3D 0) { >+ Tcg2ConfigInfo->Sm3Supported =3D TRUE; >+ } >+ > break; > } > } >@@ -809,16 +826,17 @@ InstallTcg2ConfigForm ( > IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData > ) > { >- EFI_STATUS Status; >- EFI_HII_HANDLE HiiHandle; >- EFI_HANDLE DriverHandle; >- EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; >- UINTN Index; >- TPML_PCR_SELECTION Pcrs; >- CHAR16 TempBuffer[1024]; >- TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; >- TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; >- BOOLEAN IsCmdImp =3D FALSE; >+ EFI_STATUS Status; >+ EFI_HII_HANDLE HiiHandle; >+ EFI_HANDLE DriverHandle; >+ EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; >+ UINTN Index; >+ TPML_PCR_SELECTION Pcrs; >+ CHAR16 TempBuffer[1024]; >+ TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; >+ TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; >+ BOOLEAN IsCmdImp; >+ EFI_TCG2_EVENT_ALGORITHM_BITMAP BiosHashAlgorithmBitmap; > > DriverHandle =3D NULL; > ConfigAccess =3D &PrivateData->ConfigAccess; @@ -879,6 +897,8 @@ >InstallTcg2ConfigForm ( > break; > } > >+ BiosHashAlgorithmBitmap =3D PcdGet32 (PcdTcg2HashAlgorithmBitmap); >+ > ZeroMem (&Tcg2ConfigInfo, sizeof (Tcg2ConfigInfo)); > Status =3D Tpm2GetCapabilityPcrs (&Pcrs); > if (EFI_ERROR (Status)) { >@@ -897,20 +917,21 @@ InstallTcg2ConfigForm ( > TempBuffer[0] =3D 0; > for (Index =3D 0; Index < Pcrs.count; Index++) { > AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), >Pcrs.pcrSelections[Index].hash); >- SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash); >+ SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash, >+ BiosHashAlgorithmBitmap); > } > > HiiSetString (PrivateData->HiiHandle, STRING_TOKEN >(STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL); > } > >- Status =3D Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, >&IsCmdImp); >+ IsCmdImp =3D FALSE; >+ Status =3D Tpm2GetCapabilityIsCommandImplemented >(TPM_CC_ChangeEPS, &IsCmdImp); > if (EFI_ERROR (Status)) { > DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", >Status)); > } > > Tcg2ConfigInfo.ChangeEPSSupported =3D IsCmdImp; > >- FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32 >(PcdTcg2HashAlgorithmBitmap)); >+ FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), >+ BiosHashAlgorithmBitmap); > HiiSetString (PrivateData->HiiHandle, STRING_TOKEN >(STR_BIOS_HASH_ALGO_CONTENT), TempBuffer, NULL); > > // >-- >2.29.2.windows.2 > > > > > -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117559): https://edk2.groups.io/g/devel/message/117559 Mute This Topic: https://groups.io/mt/105005532/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-