From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web12.3985.1595470364512951729 for ; Wed, 22 Jul 2020 19:12:44 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=QYo0fQfb; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: jiewen.yao@intel.com) IronPort-SDR: l2pVPuytfv1oDReQp5zQpZj8u3s/wMhCEp0bzmDGoL09tivXigWDXXGHqykemSCjmNxG1QNSIt 0w3tAHWhPkmQ== X-IronPort-AV: E=McAfee;i="6000,8403,9690"; a="137952545" X-IronPort-AV: E=Sophos;i="5.75,385,1589266800"; d="scan'208";a="137952545" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jul 2020 19:12:43 -0700 IronPort-SDR: KEefvtgXFPymDJS3zqZ8PxhWUynN99tqtQhzUkV3yGddVJnaAXLcnKvtjE28CWLo1gTegmMNSX wGJe1wF1r+0g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,385,1589266800"; d="scan'208";a="488201384" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga006.fm.intel.com with ESMTP; 22 Jul 2020 19:12:43 -0700 Received: from fmsmsx102.amr.corp.intel.com (10.18.124.200) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 22 Jul 2020 19:12:42 -0700 Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by FMSMSX102.amr.corp.intel.com (10.18.124.200) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 22 Jul 2020 19:12:42 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.171) by edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 22 Jul 2020 19:12:42 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fs+qSP7vcZe4GBenlgjjbLJFpxK9ff8WkB1+nomj+WUCuIHoiPEO6PqNj9V+fTdX8EyL53D9JkSkf1g/aHk+0u39xTl6e0EGNEmDoP2AhHk8ARICwfx76uNuzMKfQKKHMb92Y+ENWHAH+hF6phsX0ebwaDKdBh9sgwYGjqj2Ni0VpVbpD5rHmY4QpE5UNeVakQLcTm975p/sw/+khe4bWmbVfws8ECxdaNjhHfl1HotEYkqRDgndaL+vjhiu64mVm+eOt+FCXZDXnDA/Ey8wDNAlAFWwGP7WIv9FNTV8R4sowwW+fwSGtADG7ZFFjqRVI/F/FyAsiIETJJ9v551LPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XWf4j7PFz/vARW0oTNSyDznGo+JL34QrUwkZKP2dZE4=; b=B5jSq3F8hhOHV/BnaICrFz58jx7Ztv1W+9urbKiHJxRFLxkHvC7BDhpJ8cT3LJL5igZFdpDa29PcqiWEfPQIzBKoSLerAZC6Kd10+MSWb6lOakIh4jJ7evmgYy+Y8+1MYMVKgaHfTsSGMMFthyHHk+Ei+4gRQhX6S6MK2hxHPjOzzl5iW3fMHv2qbDFj68Do/m5J6BwFlQICHL/gGT6dvq1ZZ0a3aGE9A3OxQ+XuriM05I+qCF3Ata8c3rDVrtZssmivOmSsx1dznHg3/swN5XNDspFLdttVBKl+jz6vsAhmBlGAXpIbPt7tBt/V4xQXS/JL+McN28Yxvxjo8BsK+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XWf4j7PFz/vARW0oTNSyDznGo+JL34QrUwkZKP2dZE4=; b=QYo0fQfbDdg2N4/8RqNNwZ5+eHJoQEtj6tlVFlN7eEWpx4qpL03+7UggnVCip/zi3JVPhc/AbK9icK2ZordfzEkbjY1SpeUAivO/e/NaXAmdRwDSS1BOpzcEyOCQ0GGXMlLoc+YyIyKcrhgU1YZvfTyUK2VxjfkEp3rluA8lf1I= Received: from DM5PR11MB2026.namprd11.prod.outlook.com (2603:10b6:3:10::17) by DM5PR11MB1883.namprd11.prod.outlook.com (2603:10b6:3:10b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3216.24; Thu, 23 Jul 2020 02:12:40 +0000 Received: from DM5PR11MB2026.namprd11.prod.outlook.com ([fe80::e19d:1de4:c479:da4]) by DM5PR11MB2026.namprd11.prod.outlook.com ([fe80::e19d:1de4:c479:da4%4]) with mapi id 15.20.3216.020; Thu, 23 Jul 2020 02:12:40 +0000 From: "Yao, Jiewen" To: "Gonzalez Del Cueto, Rodrigo" , "devel@edk2.groups.io" CC: "Wang, Jian J" , "Zhang, Qi1" Subject: Re: [PATCH] SecurityPkg: Fix GetSupportedAndActivePcrs counter calculation Thread-Topic: [PATCH] SecurityPkg: Fix GetSupportedAndActivePcrs counter calculation Thread-Index: AQHWXuUJzqGZjvv6fkagUiMsvZeNB6kUbq6w Date: Thu, 23 Jul 2020 02:12:39 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiOTMzNDA0M2QtZTI2MS00YjM5LTg1OWItMjViMDE3NmZiZGM4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiN0l2Q09SZnB2YXBNZFluenE2c3BCQ2ZVWjRYWHhucUJLQmhjaVd5ZVlUSngwSGgzblBwcTFLemVWSWtmb2NudyJ9 x-ctpclassification: CTP_NT dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [122.224.132.227] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5b96d926-6b86-4611-73a0-08d82eade05e x-ms-traffictypediagnostic: DM5PR11MB1883: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:125; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: tjiUo3hAbvH47ThbW3zAUzePoIvCWjCQf7XHel4NJpj7/tc2tyV0a7Qes3h7aPCC6et/1MEEPK6cwbfkFnIvxOmwG2j8cEwI1/eQFlKyiXJOxFPl+hhajmmlaXjy3TUROKQAZ0UfOXIGYuxw8mON6622kzASwLlmtC9GNeaE8180wEgAU7KYrR9eO/AihjLfxzNefJmT//Z3GqjmvGB0QOYHlGCFfKwKgaVqmwhSh/J0LyJJxgwMaGwhrjcQDhruqKUAUzhXZEqd8f8u/mTLKh7OGquEB9HQfBVBn0iVpMFIoVLrruE/hOBI0BIhiywxLxsn0ZbMmH/k8EmVeksqimTYIGQ3Clpd1ROkCmR4WUL4x3jVfZP/wYE1gFXKcJy0mWW3xL3y1IKrjZ1HVVuOAYevDs0d7pYs3JmWDDFgl59w+cJKvfhAZwb5ccrI55e6yC+ngtcJf3Vgqz7Wthl/2A== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM5PR11MB2026.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(136003)(39860400002)(396003)(376002)(366004)(346002)(107886003)(8676002)(26005)(186003)(8936002)(15650500001)(478600001)(64756008)(66446008)(2906002)(33656002)(7696005)(86362001)(83380400001)(316002)(66476007)(66556008)(76116006)(66946007)(55016002)(9686003)(110136005)(19627235002)(6506007)(53546011)(54906003)(52536014)(966005)(4326008)(5660300002)(71200400001)(213903007);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata: bwndw6JKJ96TKWnMVByrJEqKZgfVvPLgHCMKQBi109mohYkdw2GkZrCGYEONVlTVcG2ojCh5NtESAL2cb8mglo8qVuA8VTPVTyjfTTU6qfrtM6b/9RAyPRFYKzK/SE7nbHp9C2Q94JOSJ930uCfCbs0uPcvkrwOxHR6KT1/NeDDm7CEhsfQuzYFchB1D4jbNe5Po1s1eXmB8lew5A5kJqG7S2pkHmcILiANItCO3NJMQTLNYydSRG4Udgodka/O/sm9TYg1Gw2RJCf/UyTqfxOdN7jJtd0DcJLLIgY7Dk0Pblz+cp9/byecaxNqifi2mTKcUOmmDqbeCZ5+bb3dC0CwVI4Yx0wilR+5x3PbCa496LXDFlBWEXHj0dgUZgaxnE6tzAti7/KQa9JqLRqqSAbJWIQ6tTBGHoYmHheVAFMLnzwoduYcdVVsJ6DhHDzZUuYu789TDkKJ9hQwa/HyVu5TR6HSkSMKPMXp1kU3jKLdrj2mj6pYHyRpya/XtGL4e MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM5PR11MB2026.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5b96d926-6b86-4611-73a0-08d82eade05e X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2020 02:12:40.0032 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: iejh/00AboD9OF8fp4e8zOsvtfMomSzmu9irbjtpQv9iXqPPxJHjEsK8VDPh5c+yi843+qQ+CQ748novyl/f4w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR11MB1883 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jiewen Yao > -----Original Message----- > From: Gonzalez Del Cueto, Rodrigo > Sent: Tuesday, July 21, 2020 6:27 AM > To: devel@edk2.groups.io > Cc: Gonzalez Del Cueto, Rodrigo ; Y= ao, > Jiewen ; Wang, Jian J ; Zhan= g, > Qi1 > Subject: [PATCH] SecurityPkg: Fix GetSupportedAndActivePcrs counter > calculation >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2855 > The Tpm2GetCapabilitySupportedAndActivePcrs function prints a > count number that should reflect the *supported and currently > active* PCR banks, but the implementation in place displays > instead the count of the *supported PCR banks* retrieved > directly from the Tpm2GetCapabilityPcrs() > TPML_PCR_SELECTION output. >=20 > The counter should only take into account those PCRs banks > which are active. >=20 > Replaced usage of EFI_D_* for DEBUG_* definitions in debug > messages. >=20 > Cc: Jiewen Yao > Cc: Jian J Wang > Cc: Qi Zhang > Signed-off-by: Rodrigo Gonzalez del Cueto > > --- > .../Library/Tpm2CommandLib/Tpm2Capability.c | 46 ++++++++++++------- > 1 file changed, 29 insertions(+), 17 deletions(-) >=20 > diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c > b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c > index 85b11c7715..07cac08c40 100644 > --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c > +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c > @@ -110,7 +110,7 @@ Tpm2GetCapability ( > // Fail if command failed >=20 > // >=20 > if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2GetCapability: Response Code error! > 0x%08x\r\n", SwapBytes32(RecvBuffer.Header.responseCode))); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! > 0x%08x\r\n", SwapBytes32(RecvBuffer.Header.responseCode))); >=20 > return EFI_DEVICE_ERROR; >=20 > } >=20 >=20 >=20 > @@ -522,74 +522,86 @@ Tpm2GetCapabilitySupportedAndActivePcrs ( > EFI_STATUS Status; >=20 > TPML_PCR_SELECTION Pcrs; >=20 > UINTN Index; >=20 > + UINT8 ActivePcrBankCount; >=20 >=20 >=20 > // >=20 > - // Get supported PCR and current Active PCRs. >=20 > + // Get supported PCR >=20 > // >=20 > Status =3D Tpm2GetCapabilityPcrs (&Pcrs); >=20 > - >=20 > + DEBUG ((DEBUG_INFO, "Supported PCRs - Count =3D %08x\n", Pcrs.count)); >=20 > + ActivePcrBankCount =3D 0; >=20 > // >=20 > // If error, assume that we have at least SHA-1 (and return the error.= ) >=20 > // >=20 > if (EFI_ERROR (Status)) { >=20 > - DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - > Tpm2GetCapabilityPcrs fail!\n")); >=20 > + DEBUG ((DEBUG_ERROR, "GetSupportedAndActivePcrs - > Tpm2GetCapabilityPcrs fail!\n")); >=20 > *TpmHashAlgorithmBitmap =3D HASH_ALG_SHA1; >=20 > *ActivePcrBanks =3D HASH_ALG_SHA1; >=20 > + ActivePcrBankCount =3D 1; >=20 > } >=20 > // >=20 > // Otherwise, process the return data to determine what algorithms are > supported >=20 > // and currently allocated. >=20 > // >=20 > else { >=20 > - DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count =3D %08x\n", > Pcrs.count)); >=20 > *TpmHashAlgorithmBitmap =3D 0; >=20 > *ActivePcrBanks =3D 0; >=20 > for (Index =3D 0; Index < Pcrs.count; Index++) { >=20 > switch (Pcrs.pcrSelections[Index].hash) { >=20 > case TPM_ALG_SHA1: >=20 > - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 1 > present.\n")); >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA1 present.\n")); >=20 > *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA1; >=20 > if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, > Pcrs.pcrSelections[Index].sizeofSelect)) { >=20 > - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA1 active.\n")); >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA1 active.\n")); >=20 > *ActivePcrBanks |=3D HASH_ALG_SHA1; >=20 > + ActivePcrBankCount++; >=20 > } >=20 > break; >=20 > case TPM_ALG_SHA256: >=20 > - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA256 present.\n")); >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA256 present.\n")); >=20 > *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA256; >=20 > if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, > Pcrs.pcrSelections[Index].sizeofSelect)) { >=20 > - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA256 active.\n")); >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA256 active.\n")); >=20 > *ActivePcrBanks |=3D HASH_ALG_SHA256; >=20 > + ActivePcrBankCount++; >=20 > } >=20 > break; >=20 > case TPM_ALG_SHA384: >=20 > - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA384 present.\n")); >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA384 present.\n")); >=20 > *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA384; >=20 > if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, > Pcrs.pcrSelections[Index].sizeofSelect)) { >=20 > - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA384 active.\n")); >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA384 active.\n")); >=20 > *ActivePcrBanks |=3D HASH_ALG_SHA384; >=20 > + ActivePcrBankCount++; >=20 > } >=20 > break; >=20 > case TPM_ALG_SHA512: >=20 > - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA512 present.\n")); >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA512 present.\n")); >=20 > *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA512; >=20 > if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, > Pcrs.pcrSelections[Index].sizeofSelect)) { >=20 > - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA512 active.\n")); >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SHA512 active.\n")); >=20 > *ActivePcrBanks |=3D HASH_ALG_SHA512; >=20 > + ActivePcrBankCount++; >=20 > } >=20 > break; >=20 > case TPM_ALG_SM3_256: >=20 > - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SM3_256 present.\n")); >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SM3_256 present.\n")); >=20 > *TpmHashAlgorithmBitmap |=3D HASH_ALG_SM3_256; >=20 > if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, > Pcrs.pcrSelections[Index].sizeofSelect)) { >=20 > - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SM3_256 active.\n")); >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - > HASH_ALG_SM3_256 active.\n")); >=20 > *ActivePcrBanks |=3D HASH_ALG_SM3_256; >=20 > + ActivePcrBankCount++; >=20 > } >=20 > break; >=20 > + default: >=20 > + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported > bank 0x%04x.\n", Pcrs.pcrSelections[Index].hash)); >=20 > + continue; >=20 > + break; >=20 > } >=20 > } >=20 > } >=20 >=20 >=20 > + DEBUG ((DEBUG_INFO, "GetSupportedAndActivePcrs - Count =3D %08x\n", > ActivePcrBankCount)); >=20 > return Status; >=20 > } >=20 >=20 >=20 > @@ -837,11 +849,11 @@ Tpm2TestParms ( > } >=20 >=20 >=20 > if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", > RecvBufferSize)); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", > RecvBufferSize)); >=20 > return EFI_DEVICE_ERROR; >=20 > } >=20 > if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) { >=20 > - DEBUG ((EFI_D_ERROR, "Tpm2TestParms - responseCode - %x\n", > SwapBytes32(RecvBuffer.Header.responseCode))); >=20 > + DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", > SwapBytes32(RecvBuffer.Header.responseCode))); >=20 > return EFI_UNSUPPORTED; >=20 > } >=20 >=20 >=20 > -- > 2.27.0.windows.1