From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail04.groups.io (mail04.groups.io [45.79.224.9]) by spool.mail.gandi.net (Postfix) with ESMTPS id 45B8FAC142C for ; Mon, 15 Apr 2024 16:00:37 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=jRcyrmSY1dpcn9tTJu7n2B4I8XrXD2mDyIuctdpK5ls=; c=relaxed/simple; d=groups.io; h=From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1713196835; v=1; b=dcwkdaeplGgJiEt8kLntUkqAG5lyAYLmLUEOR3m/QaaUQZ0dzNGT/wualGO4x1jySdgzPk+f oZ67hKJVDx0n3lu/vDIHa4TtyOcSfGGit21V1YjpaB6w2kpx8xsrj0q7vtEhr8NyUtHsTnKSQxz IMfgUEbYdrDLefBVmWZximY3cta8gMDNHv9Tngk5wTHpo2OM8NT7toqRPUTjEdiwD7r6CYUI58E qNaFoqDi0E/uU5+8jSNaAhnlLtBr18I7pi95NNiJzpZwHYnN9u0g1DRpcNeBqmPL0f2EA+JDigy u7IV1chDWkD0/kuB8Dpo4Wyfl/XcXObjJHDcsPzMyTPqQ== X-Received: by 127.0.0.2 with SMTP id JOjUYY7687511xmkBtKsCUWI; Mon, 15 Apr 2024 09:00:35 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.11]) by mx.groups.io with SMTP id smtpd.web10.25019.1713196834566770866 for ; Mon, 15 Apr 2024 09:00:35 -0700 X-CSE-ConnectionGUID: JNGR/p2LRmqbifSa5QACpA== X-CSE-MsgGUID: HjCHLvViTfuHu0hgjmIIqQ== X-IronPort-AV: E=McAfee;i="6600,9927,11045"; a="19157227" X-IronPort-AV: E=Sophos;i="6.07,203,1708416000"; d="scan'208";a="19157227" X-Received: from orviesa008.jf.intel.com ([10.64.159.148]) by orvoesa103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Apr 2024 09:00:33 -0700 X-CSE-ConnectionGUID: pIBVOVy3T5aPzXmmL2LAjA== X-CSE-MsgGUID: O8rGmIJ7Rgijh73YVUgJ5Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,203,1708416000"; d="scan'208";a="22541227" X-Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orviesa008.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 15 Apr 2024 09:00:34 -0700 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 15 Apr 2024 09:00:31 -0700 X-Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 15 Apr 2024 09:00:31 -0700 X-Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.101) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 15 Apr 2024 09:00:30 -0700 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by SA0PR11MB4733.namprd11.prod.outlook.com (2603:10b6:806:9a::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7472.30; Mon, 15 Apr 2024 16:00:28 +0000 X-Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::be3f:5a4f:5180:2ba9]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::be3f:5a4f:5180:2ba9%4]) with mapi id 15.20.7472.027; Mon, 15 Apr 2024 16:00:28 +0000 From: "Yao, Jiewen" To: "Xu, Wei6" , "devel@edk2.groups.io" CC: "Kumar, Rahul R" Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI Thread-Topic: [PATCH v2 1/1] SecurityPkg/Tcg2Config: Hide BIOS unsupported hash algorithm from UI Thread-Index: AQHajKkfbRLbei2qM02WjPAMUWlOkrFpgrRw Date: Mon, 15 Apr 2024 16:00:28 +0000 Message-ID: References: <5d0cae0a83edd296cf084398820feffaff8b89d0.1712904739.git.wei6.xu@intel.com> In-Reply-To: <5d0cae0a83edd296cf084398820feffaff8b89d0.1712904739.git.wei6.xu@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SA0PR11MB4733:EE_ x-ms-office365-filtering-correlation-id: f9d83ca6-3226-40a1-3439-08dc5d652bb6 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: RsqZgtTmdyaO820ml2cN7yfjNCkZQo1IvcT4ydt9WgyF/33bBqCcFWZD3kRD8TqKOGyZM4euLUhWRM6ijxd8yqW1/WWWuitZwDDgIFSfYEjjooJL0BRcEwmW9zjGQUl+MNAVdj8pAQ+Bixq5uwMBcieooHIpEOuQM+uLnv0hVn64Vo2oboBO3aUb4apXHMj8cK2erO8aKAcBlnXL/XJd/u9uLAcrx+y5TD5wvcHva94C1wukZeC6TbwI9Kn5za+3v//pZ80cRRG8+AYvf3fJyFys6hZcmMUKriKKONqAS5xtNN0AUyV5OGs15U5JlvgXNt89jqBlFnLuO7n6jEYHrUxwY0qj2RKrJPt51FEByuXu1qSj+XhzH0p00TxZvrBRPFHQt8SgUW10MAu3fzbG4klVMk7e1IfZhPCg0u4/AIEleINaFRIy0N/UWtsBxK5gnrSdQLnRgEX6dgr9nk1L9u89Bng13zwGvhU39Y4GDQEJ1UBulBrcuJNI5g6ANDr9KDqizRcQgOyp/yuCt/r1HX1v9//CxSZQCVDnr4ybelwWPKg1TOp8/G9N3lW9eOFlD69s8o4nZ/KsQyPRdkiCEgRMqRIcbN3sfHEfP4tn+k0un56kya4aPUvoIRy5xMg9jGZa55RuB3QDWYOM4XHTr8w6LM/GPmH1TvOJJTR1dUGPY1siGxVk3EQqSG98GBx3 x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?516RAfoiUTE+y0oe2YZx5gtTIwquH4j+WD4fSpvXfpe2HE0EyBJ9k7e9G0DK?= =?us-ascii?Q?CK641lX3I0mX8Lu2f4CQCU3qrHLOpLKVpuKYleMQEm1248t3M+U0gAXHPy72?= =?us-ascii?Q?/HVRZ6SNs6CWfWzEMrAWkn525oFRLXs3786REAcNQfON0/Etj1hwGfiuBThS?= =?us-ascii?Q?rWrkqx7xwtE4FBASveGKPRrBAQbmzNH5JOiSHvC5D7xeVkpsP2WZu2gKnyh8?= =?us-ascii?Q?PvEzhU+w8sCO2cBpBWbkXP5Cy5O8FLNTVkAaupuPVGGs0XboHJ4ipPqEPRqT?= =?us-ascii?Q?Ez8OU/tvhVWP/BM1i06BEPMHNQSl46OVeriVC6CyFlqIHeAnmeJu5Ty9uRj6?= =?us-ascii?Q?882n16etYGpSNdVzFPsEjxqHMzQSliULTdAez7W9xgsyXzLBi+hz6o9Xcopr?= =?us-ascii?Q?xpwtTg7ouG1h/cEKqJoKIGPo2xxCfBdkywzDuPTaPSqBK/DWW3e9mhYBQQvT?= =?us-ascii?Q?k5ckixagKzoB5es5jUxVThyISLt2SDC44nM6iDZQSLYphjwdc/FYzVwj8iP6?= =?us-ascii?Q?QnOb6Unfg9BX05xmVY1SK0sk7bCjZjLBKK8EM2Z1lN+XuOopCu0A2A2tLDot?= =?us-ascii?Q?dcWEUEmqKO/2ndwGRRfxQX+c2S9AHfPRUhKgyU2B7M2F/gKPWCKdsqGi1R8h?= =?us-ascii?Q?iETiDKONUwjkxIhp8vuEeauD5eOIY0ml1nXHt6AOmcFBEvtoX9Jpt3ZsLSwA?= =?us-ascii?Q?3LhgF3LuE336qh/z+lh0Iin23OFlWPi9Bg52DESVgwAcYK/+GREoEI7/qmAT?= =?us-ascii?Q?6CSWiJa0Ib4Km3IJlqAqfHeZt9sMKmUq8ofnS+socKCMaYXl8Iv80P7PR+5l?= =?us-ascii?Q?qs5MnKkNFxWPyMur+P3QZLD7PJWRHZP/Y/wNzWOZQpngUx/Jajv6INS/SIIZ?= =?us-ascii?Q?fvyUPoYofVDUKEQlfYs7c0Hg2QMTwe3V/VRhUL52ZZ21vTQlTw1U0SDcg/wa?= =?us-ascii?Q?bQxddXtAoybV470FJKxm1ViT9tnkfolT4TKpF6zGHV9u5ndNj+rK251/fwPw?= =?us-ascii?Q?U2RzWQqvziGdyxpgNqh5M9vXKCJP39ICbe7TTcfh29t0kiZg4zptgD4FvQnj?= =?us-ascii?Q?RpTKUhwAr+MAhSy/xDamsLCenJySwcFyAJwzm/q3EZZgLSCQ+UGpktCAsjR+?= =?us-ascii?Q?2JVdcFcaGGdsGDY1F7czb+94OBN2cLQZTZIKECIIVAgvSJcPXvj8ZwWFXLaJ?= =?us-ascii?Q?/7McjcIx0MYzFEYxPsrzmowMN4kP2JOpr8AvD8NUd3iXq4zy8v32sYdH2Q8H?= =?us-ascii?Q?eTcsIpQQTFnwHtKFpQW+xaJh8xI6BcNKdXptGdm/BIaMBBcVz/ntdmObe3Rj?= =?us-ascii?Q?QOgGBwOQT8Vg2GBmXpjwQOEfaP+UL6QODSd1BGUfL4lQ6SEzojq0G2FQXd7G?= =?us-ascii?Q?iHPnfDsRo1lrDIHSreImEDEKoyDl7W24x2eVadQuY40t61hTpij8m70W0w0p?= =?us-ascii?Q?azQyXK4wy/dhjpBj2roUk5ZdY5H5FIJx0g9rNt8Z7n5z92vKsklVPmia40hx?= =?us-ascii?Q?o6Qlb5hTk3VuVprR72powndmXzFtVROUEPVBClm81BSXF+2DF8iHrwbaYPxp?= =?us-ascii?Q?tcIao/RIzxgyPijVur+7d1IBVeomBWlCUf/jrFBa?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f9d83ca6-3226-40a1-3439-08dc5d652bb6 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2024 16:00:28.6183 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: qhcQV9GJ7XE3ULa38yybnmDU1nSXCCYLzXgsPQt5DyLyDQwbzS9B6+Qxlza/CkxhALVCMCVvijonu07ia5Oobg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR11MB4733 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 15 Apr 2024 09:00:35 -0700 Resent-From: jiewen.yao@intel.com Reply-To: devel@edk2.groups.io,jiewen.yao@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: O79m7xWc0bryxby1tOR07J6Ux7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=dcwkdaep; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.9 as permitted sender) smtp.mailfrom=bounce@groups.io Merged https://github.com/tianocore/edk2/pull/5556 > -----Original Message----- > From: Xu, Wei6 > Sent: Friday, April 12, 2024 3:15 PM > To: devel@edk2.groups.io > Cc: Xu, Wei6 ; Kumar, Rahul R ; > Yao, Jiewen > Subject: [PATCH v2 1/1] SecurityPkg/Tcg2Config: Hide BIOS unsupported has= h > algorithm from UI >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4731 >=20 > TCG2 configuration UI shows all the hash algorithms that TPM hardware > supports in the checkbox. If user only selects one algorithm that is > supported by TPM hardware but not supported by BIOS and uncheck the > others, the SyncPcrAllocationsAndPcrMask in Tcg2Pei will not be able > to decide a viable PCR to activate, then an assert occurs. >=20 > Add check against PcdTcg2HashAlgorithmBitmap when deciding whether > to suppress the hash algorithm checkbox to avoid user to select the > hash algorithm which may cause an assert. >=20 > Cc: Rahul Kumar > Cc: Jiewen Yao > Signed-off-by: Wei6 Xu > Reviewed-by: Rahul Kumar > --- > SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c | 61 ++++++++++++++------- > 1 file changed, 41 insertions(+), 20 deletions(-) >=20 > diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > index 6eb04c014448..aec7a903cf89 100644 > --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c > @@ -722,33 +722,50 @@ FillBufferWithBootHashAlg ( > } >=20 > /** > - Set ConfigInfo according to TpmAlgHash. > + Set ConfigInfo according to TpmAlgHash and Tcg2HashAlgBitmap. >=20 > @param[in,out] Tcg2ConfigInfo TCG2 config info. > @param[in] TpmAlgHash TpmAlgHash. > + @param[in] Tcg2HashAlgBitmap TCG2 Hash Algorithm Bitmap. >=20 > **/ > VOID > SetConfigInfo ( > IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo, > - IN UINT32 TpmAlgHash > + IN UINT32 TpmAlgHash, > + IN UINT32 Tcg2HashAlgBitmap > ) > { > switch (TpmAlgHash) { > case TPM_ALG_SHA1: > - Tcg2ConfigInfo->Sha1Supported =3D TRUE; > + if ((Tcg2HashAlgBitmap & HASH_ALG_SHA1) !=3D 0) { > + Tcg2ConfigInfo->Sha1Supported =3D TRUE; > + } > + > break; > case TPM_ALG_SHA256: > - Tcg2ConfigInfo->Sha256Supported =3D TRUE; > + if ((Tcg2HashAlgBitmap & HASH_ALG_SHA256) !=3D 0) { > + Tcg2ConfigInfo->Sha256Supported =3D TRUE; > + } > + > break; > case TPM_ALG_SHA384: > - Tcg2ConfigInfo->Sha384Supported =3D TRUE; > + if ((Tcg2HashAlgBitmap & HASH_ALG_SHA384) !=3D 0) { > + Tcg2ConfigInfo->Sha384Supported =3D TRUE; > + } > + > break; > case TPM_ALG_SHA512: > - Tcg2ConfigInfo->Sha512Supported =3D TRUE; > + if ((Tcg2HashAlgBitmap & HASH_ALG_SHA512) !=3D 0) { > + Tcg2ConfigInfo->Sha512Supported =3D TRUE; > + } > + > break; > case TPM_ALG_SM3_256: > - Tcg2ConfigInfo->Sm3Supported =3D TRUE; > + if ((Tcg2HashAlgBitmap & HASH_ALG_SM3_256) !=3D 0) { > + Tcg2ConfigInfo->Sm3Supported =3D TRUE; > + } > + > break; > } > } > @@ -809,16 +826,17 @@ InstallTcg2ConfigForm ( > IN OUT TCG2_CONFIG_PRIVATE_DATA *PrivateData > ) > { > - EFI_STATUS Status; > - EFI_HII_HANDLE HiiHandle; > - EFI_HANDLE DriverHandle; > - EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; > - UINTN Index; > - TPML_PCR_SELECTION Pcrs; > - CHAR16 TempBuffer[1024]; > - TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; > - TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; > - BOOLEAN IsCmdImp =3D FALSE; > + EFI_STATUS Status; > + EFI_HII_HANDLE HiiHandle; > + EFI_HANDLE DriverHandle; > + EFI_HII_CONFIG_ACCESS_PROTOCOL *ConfigAccess; > + UINTN Index; > + TPML_PCR_SELECTION Pcrs; > + CHAR16 TempBuffer[1024]; > + TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; > + TPM2_PTP_INTERFACE_TYPE TpmDeviceInterfaceDetected; > + BOOLEAN IsCmdImp; > + EFI_TCG2_EVENT_ALGORITHM_BITMAP Tcg2HashAlgorithmBitmap; >=20 > DriverHandle =3D NULL; > ConfigAccess =3D &PrivateData->ConfigAccess; > @@ -879,6 +897,8 @@ InstallTcg2ConfigForm ( > break; > } >=20 > + Tcg2HashAlgorithmBitmap =3D PcdGet32 (PcdTcg2HashAlgorithmBitmap); > + > ZeroMem (&Tcg2ConfigInfo, sizeof (Tcg2ConfigInfo)); > Status =3D Tpm2GetCapabilityPcrs (&Pcrs); > if (EFI_ERROR (Status)) { > @@ -897,20 +917,21 @@ InstallTcg2ConfigForm ( > TempBuffer[0] =3D 0; > for (Index =3D 0; Index < Pcrs.count; Index++) { > AppendBufferWithTpmAlgHash (TempBuffer, sizeof (TempBuffer), > Pcrs.pcrSelections[Index].hash); > - SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash); > + SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash, > Tcg2HashAlgorithmBitmap); > } >=20 > HiiSetString (PrivateData->HiiHandle, STRING_TOKEN > (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL); > } >=20 > - Status =3D Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, > &IsCmdImp); > + IsCmdImp =3D FALSE; > + Status =3D Tpm2GetCapabilityIsCommandImplemented (TPM_CC_ChangeEPS, > &IsCmdImp); > if (EFI_ERROR (Status)) { > DEBUG ((DEBUG_ERROR, "Tpm2GetCapabilityIsCmdImpl fails %r\n", Status= )); > } >=20 > Tcg2ConfigInfo.ChangeEPSSupported =3D IsCmdImp; >=20 > - FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), PcdGet32 > (PcdTcg2HashAlgorithmBitmap)); > + FillBufferWithBootHashAlg (TempBuffer, sizeof (TempBuffer), > Tcg2HashAlgorithmBitmap); > HiiSetString (PrivateData->HiiHandle, STRING_TOKEN > (STR_BIOS_HASH_ALGO_CONTENT), TempBuffer, NULL); >=20 > // > -- > 2.29.2.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117793): https://edk2.groups.io/g/devel/message/117793 Mute This Topic: https://groups.io/mt/105478366/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-