From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web08.13866.1661135655838446375 for ; Sun, 21 Aug 2022 19:34:16 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=DaCTEiKA; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: jian.j.wang@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1661135655; x=1692671655; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=AZ1vbxaoxmFB8p4NVIBCdCGr1iqDnQ/0PZhAdvtAnRw=; b=DaCTEiKAHPRtmD9dL0o6VgAHIIfqRSaute4KM6oAxaA9fJ4RTDHzLV5l Hqkgt7zlpYtttjsbsK9S2jOnEG3Fh1E/fBAXEN7ZrxCdXNnPhFaO+loUU 3qEoRhuuF7yn0l47ymHt/9UHa6U0IVhnRDs8KZrPVEhIPbdiwMRuGcGWS zIfIBf3+RNxzM1ZT72yGl1Tvo54ShfyoUpGn9Fq1PhgFU96gRVUUEOJoJ 8H/LK4i8X7BliMFZJV2EbEtk2zlCKyFjSdTx+hMZPlF1TbIV+OTJKm0ps ZOENmOaxeujrkzRfzyFBMzdcWRG283JajIEg/oS1XBsGt2W9NxCX+xWy5 w==; X-IronPort-AV: E=McAfee;i="6500,9779,10446"; a="290861436" X-IronPort-AV: E=Sophos;i="5.93,254,1654585200"; d="scan'208";a="290861436" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Aug 2022 19:34:15 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,254,1654585200"; d="scan'208";a="559566879" Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15]) by orsmga003.jf.intel.com with ESMTP; 21 Aug 2022 19:34:15 -0700 Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sun, 21 Aug 2022 19:34:14 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31 via Frontend Transport; Sun, 21 Aug 2022 19:34:14 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.174) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.28; Sun, 21 Aug 2022 19:34:14 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PlzJaMBrFvBxBd98eAowJhn8kikKQcVJWWnuTWRau/2OCoB9CbEb6MNDbih273DOYS/Yrigy5680/9u5Qx57LOrQrq8xLyFAcYVwVu0hhf9a1f5V6WxIy9502Pd+kNI14fQkVdAaq3rzmqH7Uh1LYxVPkHeXl0qOEaOyE6M0i2iIVH7wCttfbvK93ju3bjo0yTNgDV71UjBmE9ayRW+oASukIfEWcCoLNliLVfRNeJCzGMUqfCZj6+JqtIDjeQ09iJbbizzbvegwyiuDEf/6YCSJnooSiq7d+wz5YfNbx5LCPq0p7R6lNscBi5A1d7aM0KdA62xyKa9PR7S+ZaaXKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2Ay7AjaxsH0WfhSum3ifZnvnnefE5ydirkrAeDxbxvo=; b=S9be5mb1WrUZ1AS7w2d76R+ODCU7MwTxI810KzqkCuOqj+Shvepmk8t/Do52eg9ioab+8Z482Rqr7WEUUHI4BPBuTbjQVi1dkukoIoj3abkypheKIqcwLzZb4NQmLf2HQs3KLD5ZI7XFL0g6a/um+O8HhhSCAFTkit55cQCY+QsJBx6OZOpmgL2carnS2M08loWozNNA4BUnyvq20+EQdHppCCYc1OpZ3XMAQZVzbDr7QOph17qhdosnrHLP/EZHij2wnLzT0Ush7kd4KeNUfGp5I4mDzsrJk9xJRbmJA5ABqK3iNW92LoznY7grKI8ysuq+tYafeZTwnka+UKnydA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from CO1PR11MB4945.namprd11.prod.outlook.com (2603:10b6:303:9c::8) by SN6PR11MB3248.namprd11.prod.outlook.com (2603:10b6:805:c4::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5546.21; Mon, 22 Aug 2022 02:34:12 +0000 Received: from CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::ece8:740d:999a:e17d]) by CO1PR11MB4945.namprd11.prod.outlook.com ([fe80::ece8:740d:999a:e17d%5]) with mapi id 15.20.5546.022; Mon, 22 Aug 2022 02:34:12 +0000 From: "Wang, Jian J" To: "Vang, Judah" , "devel@edk2.groups.io" CC: "Yao, Jiewen" , "Mistry, Nishant C" Subject: Re: [PATCH v4 12/28] SecurityPkg: Add new variable types and functions Thread-Topic: [PATCH v4 12/28] SecurityPkg: Add new variable types and functions Thread-Index: AQHYrU8zMNxNB8LiN02nieIAhkAQY626RKow Date: Mon, 22 Aug 2022 02:34:12 +0000 Message-ID: References: <20220811065337.2068-1-judah.vang@intel.com> <20220811065337.2068-13-judah.vang@intel.com> In-Reply-To: <20220811065337.2068-13-judah.vang@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.6.500.17 dlp-product: dlpe-windows authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b687ec70-a360-405d-3abd-08da83e6cc8a x-ms-traffictypediagnostic: SN6PR11MB3248:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: My+4aFVg1gdVRmQFFAnzYR4Mo8AvB8HusSf2zu871euuAISeVXi048v2TzDwJeOdtSboefsE5EdwEFqP1+sgB7BHhNY4X8WVn4Fz+s+dVj8bC5bWc3N+Gvoje8zVqhkzRLXy5P4XzM5xTV6GjBYM8Y7uVO3VDwz7isvvi91HknA/OtGQ3+BMPfo6WNfQ3vKOxmdF4QfcdAmZEegZxG6+FPF3QyRzYAratRsQvGx2GfKZ68hu4/fcKN3yHfWCazM1HeYYFSs1RqUoVM2wjDeyG06y6kWKyxGYTZcVSFeGPca9xGLdVBHsP+Tb85+2a3/lCFnwd1SwUa4ff56azvSrWIXt4quP+qM9jmS8K6M0gh/qVAFBSo8LS+h4g/yk/KfjpFTmrI1cAlhdg0H4SvUnz7Vj7h48reDDS6mYOWZi8AKtHdrx0rXOLDNjyWBpOLkc1eymvMmNvfeyfeIkwrOcBT4alCav8hQ0x3NNiA1iup5WtkhT0TCSEZcEjZszd039qIfS4CwJP5SvGksl1R4u8Yrrmp2tO1v12DApn1ERSyAAJGVnr2ldhGKyyWaY6GAwGNuVGJYgnGBsp/24pOhfuXNZSyDjKIqyWP8ypF3ik63k9BQf4blcZ7ppeHdAXHf7/Rg/3DDac+08N/NFkEO/NJdsnIt4u67KaGJSNny1qPAYKlu3KE3Wdo4jdNDf6yJswVCUNAMC6bCdd+CpnEkpkwSmsd9/+o5TfFKIcYw6ihIIN1OVqqGG1yfD9pwTdwp+KxZ9lMBsVbltPu6WdL9nf6aE77VVlXbuK9hLznLhZTg= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CO1PR11MB4945.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(346002)(366004)(396003)(136003)(376002)(39860400002)(122000001)(5660300002)(66556008)(66446008)(64756008)(66946007)(66476007)(8676002)(82960400001)(4326008)(38070700005)(76116006)(38100700002)(478600001)(6506007)(316002)(7696005)(41300700001)(52536014)(966005)(71200400001)(8936002)(2906002)(54906003)(83380400001)(9686003)(15650500001)(53546011)(107886003)(186003)(110136005)(33656002)(86362001)(55016003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?D6rvI8KJ1h4ohrjq94qRb9LCpCFvZixZheSIe8BD+xaNOYcgUUQ96HFdQWCW?= =?us-ascii?Q?tWT1mJ/r5K2EpdZdGUnX3bc3BirdFnfCIAtpIh2M92Ap81dtHtlTjwjqQXzW?= =?us-ascii?Q?dWEBCpMXY2mpVo/K5RtcQi7iRdkFaPZXayM/Wlb66ggOBZqAGR2+lw6ZgsiA?= =?us-ascii?Q?O3gLca4iw6E1ZJZ1ulj8AyzOCZfMXCZyWVi5XmVK3mHmv4z/85MThlI2SiPY?= =?us-ascii?Q?RPX0S+Jc2RJEcYkHgpseQlGNidc7NfpFEzUUKcoQC4gmNDqjx0Xbn473Zo9O?= =?us-ascii?Q?0JiXdhx+/UrsRWQuz+VJfEw16TFbEf9GQ+Kul2LJOyqwjdVLxJC6UqsdCGFS?= =?us-ascii?Q?Z/MPvcpODdlvmf3kC52O2TCIDit90LmbdUa5U6+bCe/Y6s2jmB2657coKezC?= =?us-ascii?Q?2Jcb5yHUoMTn2gmPKM0h8gdT25xCnB8BELenfgquI4IEto92i0e/M53nMikB?= =?us-ascii?Q?OIlwuNZBc7Ei4knK5mCniIHazMCMy8Z16NQ97v0PxE4B0AtLIvgpudfl3afy?= =?us-ascii?Q?MoSVGWG02lCc6YIxxKNPkO4jsOWBlhA38Zsw9FutZdMDbQr23qXHLCPlg9o/?= =?us-ascii?Q?I5MqwNxBDoQTLktZlMeAnlpE7tBouxWqDJhdxPDzYTT2TntCFdYYhzxfPOOw?= =?us-ascii?Q?uG96pOWLJby1MMMMynvdCMvvuyx/RmgPsM7NleQdCnsJFxvsO83acZ7eu0yr?= =?us-ascii?Q?1p11J36Y3SSXb7gXtGlVhR4SLtMOXRQL5AZwm+3KXkrtanIjg7Bl88G+7E9w?= =?us-ascii?Q?qoPZDuA/xgebCkjSGltbDCe+tLc3/8CNsvtIewugyBijd3BrfD3l+Ql+s90v?= =?us-ascii?Q?dbjQUOfajQo/X1ALGOP+uIjmtAF9YAP+JKSkuiAidiMvRC2S8aarVacjwufA?= =?us-ascii?Q?osCvcIzIw81d3mU2uyLdlOUfJ9PwDSgv/1/nVLPNkvA+OeQwDFg+mzXewP6Q?= =?us-ascii?Q?N3YcsMQSbDX8Y+6U35VwiZhdOv25qpXDYJHhsAYrLxTNWRoIgdNUgUJw7fwe?= =?us-ascii?Q?CcryXJv8S7JDJRTDLnijOd6iJXqgE80hlAr8aIMGATKURdZjk1x7teI4pVNB?= =?us-ascii?Q?oJZDi9cFmgA73n9yO9yNkbuJBV2ImxFeFeaTy6w/aoahT/VAAsbdXVmxrLIX?= =?us-ascii?Q?9Jv8Y5wVg/ObHnkHFFv1rhJtBKiiic6rWdMW3eKV67o9Gz8C1Rqys3hXRYzr?= =?us-ascii?Q?iZde36RWFpQCWfH07ALkygwp79LtB0Ae+0NF3t3Zr+YcClETAqxoanT9lgWR?= =?us-ascii?Q?czkqZjXB7mQQdGkL9hwCSNUNW9yBzFu1Kd1h5l8eBeSWGwXlzOHdUfiETZgL?= =?us-ascii?Q?TQ47lwxDaL4Qxv4DZwqesRWsgW5VDrfIO41rRPlvl9q0USe/45yJ1R4X6qjC?= =?us-ascii?Q?wmF21K9A22BnTbvRhULrghJsMQpQL6PIsQtTdDMWJStT3hY3xelS5IWPutt/?= =?us-ascii?Q?sPv1MnNWwfEQtFzePELQ+j+ZbdCif5wW6xbppiRS0wvcPGCocHzvBF7VwrNw?= =?us-ascii?Q?NxD5lLpDuW+BF9hJR2PEiuwJ9WGQEEWQ6FbMtJ7B0gizuk/Y7o5E0ebQgpNV?= =?us-ascii?Q?tdGZjHyRUJU0fpyCma9G6HBU3ekyjTZcSpv4RwcpjtnBMVK1YRauApnXMFAG?= =?us-ascii?Q?ockVe6hau2MYtfKWNZHkNOJkDPzm211V/j+TCSs/JgrN?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4945.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b687ec70-a360-405d-3abd-08da83e6cc8a X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Aug 2022 02:34:12.3206 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RYg4zqJR1AXwtekVXPIJ6p4gWNTSpq0i9JeX6T1t8Y3tq2aNHeHpmTZ8Rxia3q1QA9/cG22BaFh1ZubdAa/pnw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3248 Return-Path: jian.j.wang@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Vang, Judah > Sent: Thursday, August 11, 2022 2:53 PM > To: devel@edk2.groups.io > Cc: Wang, Jian J ; Yao, Jiewen ; > Mistry, Nishant C > Subject: [PATCH v4 12/28] SecurityPkg: Add new variable types and functio= ns >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2594 >=20 > Add new variable encryption/decryption function prototypes. > Add new variable digest structure. Add new Protected > variable function prototypes. Update RPMC APIs to Add > an index because there is could more than one counter. >=20 > Cc: Jian J Wang > Cc: Jiewen Yao > Cc: Nishant C Mistry > Signed-off-by: Jian J Wang > Signed-off-by: Nishant C Mistry > Signed-off-by: Judah Vang > --- > SecurityPkg/Include/Library/RpmcLib.h | 15 +++++--- > SecurityPkg/Include/Library/VariableKeyLib.h | 37 +++----------------- > 2 files changed, 16 insertions(+), 36 deletions(-) >=20 > diff --git a/SecurityPkg/Include/Library/RpmcLib.h > b/SecurityPkg/Include/Library/RpmcLib.h > index df4ba34ba8cf..cb71dfcd7e4d 100644 > --- a/SecurityPkg/Include/Library/RpmcLib.h > +++ b/SecurityPkg/Include/Library/RpmcLib.h > @@ -1,19 +1,23 @@ > /** @file > Public definitions for the Replay Protected Monotonic Counter (RPMC) L= ibrary. >=20 > -Copyright (c) 2020, Intel Corporation. All rights reserved.
> +Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ >=20 > -#ifndef _RPMC_LIB_H_ > -#define _RPMC_LIB_H_ > +#ifndef RPMC_LIB_H_ > +#define RPMC_LIB_H_ >=20 > #include >=20 > +#define RPMC_COUNTER_1 0 > +#define RPMC_COUNTER_2 1 > + > /** > Requests the monotonic counter from the designated RPMC counter. >=20 > + @param[in] CounterIndex The RPMC index > @param[out] CounterValue A pointer to a buffer to store t= he RPMC > value. >=20 > @retval EFI_SUCCESS The operation completed successf= ully. > @@ -23,12 +27,15 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > EFI_STATUS > EFIAPI > RequestMonotonicCounter ( > + IN UINT8 CounterIndex, > OUT UINT32 *CounterValue > ); >=20 > /** > Increments the monotonic counter in the SPI flash device by 1. >=20 > + @param[in] CounterIndex The RPMC index > + > @retval EFI_SUCCESS The operation completed successf= ully. > @retval EFI_DEVICE_ERROR A device error occurred while at= tempting > to update the counter. > @retval EFI_UNSUPPORTED The operation is un-supported. > @@ -36,7 +43,7 @@ RequestMonotonicCounter ( > EFI_STATUS > EFIAPI > IncrementMonotonicCounter ( > - VOID > + IN UINT8 CounterIndex > ); >=20 > #endif > diff --git a/SecurityPkg/Include/Library/VariableKeyLib.h > b/SecurityPkg/Include/Library/VariableKeyLib.h > index 561ebad09da2..6076c4d4731b 100644 > --- a/SecurityPkg/Include/Library/VariableKeyLib.h > +++ b/SecurityPkg/Include/Library/VariableKeyLib.h > @@ -1,13 +1,13 @@ > /** @file > Public definitions for Variable Key Library. >=20 > -Copyright (c) 2020, Intel Corporation. All rights reserved.
> +Copyright (c) 2020 - 2022, Intel Corporation. All rights reserved.
> SPDX-License-Identifier: BSD-2-Clause-Patent >=20 > **/ >=20 > -#ifndef _VARIABLE_KEY_LIB_H_ > -#define _VARIABLE_KEY_LIB_H_ > +#ifndef VARIABLE_KEY_LIB_H_ > +#define VARIABLE_KEY_LIB_H_ >=20 > #include >=20 > @@ -25,35 +25,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > EFI_STATUS > EFIAPI > GetVariableKey ( > - OUT VOID **VariableKey, > - IN OUT UINTN *VariableKeySize > - ); > - > -/** > - Regenerates the variable key. > - > - @retval EFI_SUCCESS The variable key was regenerated= successfully. > - @retval EFI_DEVICE_ERROR An error occurred while attempti= ng to > regenerate the key. > - @retval EFI_ACCESS_DENIED The function was invoked after l= ocking > the key interface. > - @retval EFI_UNSUPPORTED Key regeneration is not supporte= d in the > current boot configuration. > -**/ > -EFI_STATUS > -EFIAPI > -RegenerateVariableKey ( > - VOID > - ); > - > -/** > - Locks the regenerate key interface. > - > - @retval EFI_SUCCESS The key interface was locked suc= cessfully. > - @retval EFI_UNSUPPORTED Locking the key interface is not= supported > in the current boot configuration. > - @retval Others An error occurred while attempti= ng to lock the > key interface. > -**/ > -EFI_STATUS > -EFIAPI > -LockVariableKeyInterface ( > - VOID > + OUT VOID *VariableKey, > + IN UINTN VariableKeySize > ); >=20 > #endif > -- > 2.35.1.windows.2