From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 82C97780091 for ; Fri, 29 Mar 2024 03:36:08 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Np7mxu+0kEkMjc37Z//oAd6XusNBMEvFBgHJ3Qnm9BQ=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1711683366; v=1; b=jzdEIZ6TGBueCse0K3ky4GU0KScA/TxeHa2XW/nayf/WuqYT8R4PoUM3U47X5f3h9dfP7AOw kpXarXICQg3D0tm+aVz8CP4Ecq2jmaY+nLa+rIXX/kCp21nG5WsVG6qUG07Q3XPGX2ijE7Wp/8W 1AwZVXU1JrQRuSin6dhVoHnTVp5XaI3Vxy6BQW7B9I1wnsCe118GEQvDPb7rhribxX4aq3DtTj+ 8vXredatBY1Ly+bJsFwqjRUJasgx1MgyhyKK7jje9D/aFCY03sDJsKByWiOsQ3a0g52x+JmFI8O tPokExPL3Dkdivk5F7JOgr8SOQrYqF7Yd5Bif0C9N0bYQ== X-Received: by 127.0.0.2 with SMTP id 4uPWYY7687511xMUSONAJbwO; Thu, 28 Mar 2024 20:36:06 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.19]) by mx.groups.io with SMTP id smtpd.web11.9861.1711683366130390109 for ; Thu, 28 Mar 2024 20:36:06 -0700 X-CSE-ConnectionGUID: Afzbye3zQ7eQLf9WCYzzRQ== X-CSE-MsgGUID: GNWxZUoUSMOdrkmRtcmB+g== X-IronPort-AV: E=McAfee;i="6600,9927,11027"; a="6726561" X-IronPort-AV: E=Sophos;i="6.07,162,1708416000"; d="scan'208";a="6726561" X-Received: from orviesa003.jf.intel.com ([10.64.159.143]) by fmvoesa113.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Mar 2024 20:36:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,162,1708416000"; d="scan'208";a="21506129" X-Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orviesa003.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 28 Mar 2024 20:36:06 -0700 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 28 Mar 2024 20:36:05 -0700 X-Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 28 Mar 2024 20:36:05 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.101) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 28 Mar 2024 20:36:05 -0700 X-Received: from CO1PR11MB4882.namprd11.prod.outlook.com (2603:10b6:303:97::8) by LV8PR11MB8559.namprd11.prod.outlook.com (2603:10b6:408:1e6::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.33; Fri, 29 Mar 2024 03:36:02 +0000 X-Received: from CO1PR11MB4882.namprd11.prod.outlook.com ([fe80::91bc:2fc2:a507:cbc5]) by CO1PR11MB4882.namprd11.prod.outlook.com ([fe80::91bc:2fc2:a507:cbc5%7]) with mapi id 15.20.7409.031; Fri, 29 Mar 2024 03:36:01 +0000 From: "Kumar, Rahul R" To: "devel@edk2.groups.io" , "Xu, Wei6" CC: "Yao, Jiewen" Subject: Re: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI Thread-Topic: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI Thread-Index: AQHagYo3Dq+0HwkqsEKWz/OmQk0vjA== Date: Fri, 29 Mar 2024 03:36:01 +0000 Message-ID: References: <17BDE62823C9261A.11133@groups.io> In-Reply-To: <17BDE62823C9261A.11133@groups.io> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CO1PR11MB4882:EE_|LV8PR11MB8559:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: LxqSvO+BAjoH7AP5IaPORQQDsKRW2Eke5xecV+ktstNW+2JXluIv6P0tBL1ftFKtjtDb2SbL3uizzyuMgOplyPW9svf76Uh6cePpNlc/drqvP0+aiwXZjhs7snI178BMmIDCQA9NhsUYK8gxXjrYYiIGRwNsW0c+9uQEZR5fvXZaiX/SVMgq8+XrnyvAbXimeReaGswno3iAdvry1ZDBLxHgnUoc919RL4Fws0ZEWOS6/jW5WgiYPhIGK9KM9id5TGy4B7a8jEeYeJsUoiefH8WLdTkafJfBPjySVdwFhWeYUDJrA8/PlIuloDwCEi/S+w/fzYxi5WNF6rlc/FrHbT/UwAejf1GMXZvzjw3fH5U59CvTitTwmsbJnQXdswaRszxCsLPE/LF4gpX27cumV3P/bk3DdXp23INGA74l/9DjPEI/O9/vgahIo/wco9RzT15NAKlrCGVsytWYG/1qMioUXk3M3y2Z8W+2TLc0XrvwhDg1GNucM6QqPJn++JOuSsLZiPoKzoiDQGtZu8OMBDwo//THkG2TKsvyLSYE7PNR0mkDBA4xopwDHN2UWfboDpyenehNvvAuKR717XoNjQ4vghATzZQW8uzm1/Bt35tOPYLtlzVTRnIPrAJ62FTZ x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?ngLgUNq5ilCoZmfXLcryncAdfhA4gO/GOhcMsjPG6o2fK51SJ9LLPKdGkuti?= =?us-ascii?Q?8NE+O2ZiAamz4SbAF4LvIt6v+8faAqHah/zBnn6gxENc8v123DmM9UFHKoY/?= =?us-ascii?Q?lFA/Zc9OBo/v3o7o4AzpdigaIA6lWGkj9yLgC/uP7IhwTm+/sQouf5hKVYdV?= =?us-ascii?Q?F3sBs8JwzMh4E5RQZ0C91oI+zy5rNHuuohVn392Hf6EEDe/GCjWhjR3odySO?= =?us-ascii?Q?5XuaXWkEB8t+uuaYSOv1aSc6aQ+w1p9dEBNkx6Go+RdaTGsWYLVPvb4XAMST?= =?us-ascii?Q?1paiLbHNEgyfcXN+BohDypXiaYHV+Wl889/l91/iF+iWW2Yy5odpQkNrcewl?= =?us-ascii?Q?Cp5E//aNCe9ZSL1peZo4jQGgND84LLG1Qi5dFPp31otmlYf4fQkwrBBdpDeY?= =?us-ascii?Q?NtCnRYLj0LItR7TcK6XFCCTv0/CRgTvJG/7YpqC++HQubeNAERFnajzO46Jy?= =?us-ascii?Q?vgVvVBOStaGS8NdzIK/tHwBygGBtOWzO3Z30+TsEe0AdyS6yf7N78X4P/2Jh?= =?us-ascii?Q?Y1eqK/lFuhVQ4ryzT9g8swMSiYwIwVIe9BtkgGM3Z6N9zJT4sOIHpufYLU4H?= =?us-ascii?Q?DN2fj7lCpWL3qTezWf6b4SCdoUNEvfe7T+5JjE1Fe6gval5nPA42sDAQKH/V?= =?us-ascii?Q?H2n3aNd2XZHixLDoNlLunMgjngMB7hB3EZeL+NrdmmxW2oa6TnwBsHVoqaMT?= =?us-ascii?Q?XEBw1av4VkMaLqh2Hw+KdgNCI5fR6vkQGIhuX1f9lpqG9svencMHLwjPcERp?= =?us-ascii?Q?3D96gC+RZIYh/uOXGr01UjQ+qBbYxxZdIJc0vVgbBzitEsEUOKfAQzh9+mQ0?= =?us-ascii?Q?oKh24Hud4MWpTOBqFGtPL4eT5quAOniCh9fi2QNzsWVafnKes6/kiCQKSrQA?= =?us-ascii?Q?/eiAMRwGV1roBHh/3eCoXCGl2dinn9qfjiwUX/Gahr2gYYKIQyUXKp2Z0RA2?= =?us-ascii?Q?lKC95IHHtCbV69qOq4Z+DU/tJB8hwTO1MhxyfYRNT7QGraQELnCc3YCf0u44?= =?us-ascii?Q?DRSG23DeznsNa4etznlYGEr0IfQr+QRagJYqiIg5PscuEnRd9IEbm5X/p8eJ?= =?us-ascii?Q?A/FLHMTUod0Wx4n6yL0Q/BOYBvNYdyTRQHH1WAHNkc5A9oW9jAZ8rC1su5FW?= =?us-ascii?Q?r7cQH15Asg8o2jwP2+gEdMyvaS1hbdGh9eoUW7V6HN9mtlOZWYDayuBH2U0+?= =?us-ascii?Q?8M3c6mJ9tAbgPXq0I7sE4p9isCnoobHsoTJTPvAOHttGsd9AFZYi50l8UG/K?= =?us-ascii?Q?1S9rwWXSDZfkLq5wTLeQApMoNGfzWbM6x0iT0NMRaaAlp8iBYNOXghp9+dl+?= =?us-ascii?Q?xW70ii999Q2/TunRtERG+pcFKoVXtaXZlS3M5DH7h1EJpZTm00agITAKDP7D?= =?us-ascii?Q?rQk9YAPXHMW1jCv1paZzotp5h2WQmudnlykFbQ2WlWIhfPDrQOXJayLMetnZ?= =?us-ascii?Q?Ww/EuXTDc9OwNu832cVru/WeL7wBXlAfWLqZhRg8RtfG5X4nojFkC25scTSF?= =?us-ascii?Q?L1EcvDLvrGequBtYTazZOG3WQimk6HAWeLiMJEPFM30yjoCw+/xwW/Zh7rd2?= =?us-ascii?Q?Bi3Olg4bSZMEcTRJH21LlDS9GEaJEE9FeeL+yLj8?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4882.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 10a79c3e-0f90-4d9c-a80c-08dc4fa15adf X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Mar 2024 03:36:01.2218 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ONV56nFDeDfnrW8QcjTFwuljuO75uF9hUOc9MzyF2uTv7QTxVsROFkoaShN2EWSguUvFcYIice1QpAkl4eSV1g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR11MB8559 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 28 Mar 2024 20:36:06 -0700 Reply-To: devel@edk2.groups.io,rahul.r.kumar@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: ItR98OjspU2Oj1heJulPWIXQx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=jzdEIZ6T; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Looks good.=20 Reviewed-by: Rahul Kumar -----Original Message----- From: devel@edk2.groups.io On Behalf Of Xu, Wei6 Sent: Monday, March 18, 2024 8:41 AM To: devel@edk2.groups.io Cc: Xu, Wei6 ; Kumar, Rahul R ;= Yao, Jiewen Subject: [edk2-devel] [PATCH] SecurityPkg/Tcg2Config: Hide BIOS unsupported= hash algorithm from UI REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4731 TCG2 configuration UI shows all the hash algorithms that TPM hardware suppo= rts in the checkbox. If user only selects one algorithm that is supported b= y TPM hardware but not supported by BIOS and uncheck the others, the SyncPc= rAllocationsAndPcrMask in Tcg2Pei will not be able to decide a viable PCR t= o activate, then an assert occurs. Add check against PcdTcg2HashAlgorithmBitmap when deciding whether to suppr= ess the hash algorithm checkbox to avoid user to select the hash algorithm = which may cause an assert. Cc: Rahul Kumar Cc: Jiewen Yao Signed-off-by: Wei6 Xu --- SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 61 ++++++++++++++------- 1 file changed, 41 insertions(+), 20 deletions(-) diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/= Tcg2Config/Tcg2ConfigImpl.c index 6eb04c014448..39b639039525 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -722,33 +722,50 @@ FillBufferWithBootHashAlg ( } =20 /** - Set ConfigInfo according to TpmAlgHash. + Set ConfigInfo according to TpmAlgHash and BiosHashAlgBitmap. =20 @param[in,out] Tcg2ConfigInfo TCG2 config info. @param[in] TpmAlgHash TpmAlgHash. + @param[in] BiosHashAlgBitmap Bios Hash Algorithm Bitmap. =20 **/ VOID SetConfigInfo ( IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo, - IN UINT32 TpmAlgHash + IN UINT32 TpmAlgHash, + IN UINT32 BiosHashAlgBitmap ) { switch (TpmAlgHash) { case TPM_ALG_SHA1: - Tcg2ConfigInfo->Sha1Supported =3D TRUE; + if ((BiosHashAlgBitmap & HASH_ALG_SHA1) !=3D 0) { + Tcg2ConfigInfo->Sha1Supported =3D TRUE; + } + break; case TPM_ALG_SHA256: - Tcg2ConfigInfo->Sha256Supported =3D TRUE; + if ((BiosHashAlgBitmap & HASH_ALG_SHA256) !=3D 0) { + Tcg2ConfigInfo->Sha256Supported =3D TRUE; + } + break; case TPM_ALG_SHA384: - Tcg2ConfigInfo->Sha384Supported =3D TRUE; + if ((BiosHashAlgBitmap & HASH_ALG_SHA384) !=3D 0) { + Tcg2ConfigInfo->Sha384Supported =3D TRUE; + } + break; case TPM_ALG_SHA512: - Tcg2ConfigInfo->Sha512Supported =3D TRUE; + if ((BiosHashAlgBitmap & HASH_ALG_SHA512) !=3D 0) { + Tcg2ConfigInfo->Sha512Supported =3D TRUE; + } + break; case TPM_ALG_SM3_256: - Tcg2ConfigInfo->Sm3Supported =3D TRUE; + if ((BiosHashAlgBitmap & HASH_ALG_SM3_256) !=3D 0) { + Tcg2ConfigInfo->Sm3Supported =3D TRUE; + } + break; } } @@ -809,16 +826,17 @@ InstallTcg2ConfigForm ( IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData ) { - EFI_STATUS Status; - EFI_HII_HANDLE HiiHandle; - EFI_HANDLE DriverHandle; - EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; - UINTN Index; - TPML_PCR_SELECTION Pcrs; - CHAR16 TempBuffer[1024]; - TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; - TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; - BOOLEAN IsCmdImp =3D FALSE; + EFI_STATUS Status; + EFI_HII_HANDLE HiiHandle; + EFI_HANDLE DriverHandle; + EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; + UINTN Index; + TPML_PCR_SELECTION Pcrs; + CHAR16 TempBuffer[1024]; + TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; + TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; + BOOLEAN IsCmdImp; + EFI_TCG2_EVENT_ALGORITHM_BITMAP BiosHashAlgorithmBitmap; =20 DriverHandle =3D NULL; ConfigAccess =3D &PrivateData->ConfigAccess; @@ -879,6 +897,8 @@ Install= Tcg2ConfigForm ( break; } =20 + BiosHashAlgorithmBitmap =3D PcdGet32 (PcdTcg2HashAlgorithmBitmap); + ZeroMem (&Tcg2ConfigInfo, sizeof (Tcg2ConfigInfo)); Status =3D Tpm2GetCapabilityPcrs (&Pcrs); if (EFI_ERROR (Status)) { @@ -897,20 +917,21 @@ InstallTcg2ConfigForm ( TempBuffer[0] =3D 0; for (Index =3D 0; Index < Pcrs.count; Index++) { AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), Pcrs.pc= rSelections[Index].hash); - SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash); + SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash,=20 + BiosHashAlgorithmBitmap); } =20 HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED= _HASH_ALGO_CONTENT), TempBuffer, NULL); } =20 - Status =3D Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, &IsC= mdImp); + IsCmdImp =3D FALSE; + Status =3D Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, &I= sCmdImp); if (EFI_ERROR (Status)) { DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status))= ; } =20 Tcg2ConfigInfo.ChangeEPSSupported =3D IsCmdImp; =20 - FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32 (Pc= dTcg2HashAlgorithmBitmap)); + FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer),=20 + BiosHashAlgorithmBitmap); HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_BIOS_HASH_ALGO_C= ONTENT), TempBuffer, NULL); =20 // -- 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117228): https://edk2.groups.io/g/devel/message/117228 Mute This Topic: https://groups.io/mt/105005532/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-