From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.4486.1579148961211431428 for ; Wed, 15 Jan 2020 20:29:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@intel.onmicrosoft.com header.s=selector2-intel-onmicrosoft-com header.b=rA/M3Pnl; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: amol.n.sukerkar@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Jan 2020 20:29:20 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,324,1574150400"; d="scan'208";a="213943761" Received: from orsmsx101.amr.corp.intel.com ([10.22.225.128]) by orsmga007.jf.intel.com with ESMTP; 15 Jan 2020 20:29:20 -0800 Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by ORSMSX101.amr.corp.intel.com (10.22.225.128) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 15 Jan 2020 20:29:20 -0800 Received: from NAM02-BL2-obe.outbound.protection.outlook.com (104.47.38.59) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 15 Jan 2020 20:27:46 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UMJ7RxsM3IywL90u+DimUfDBkTV2mbTRMVcB0OT4DsX2qb0rZTqp9x7qscyWQhCzO6QM8C/1Z8YajnrX+sPHeknkaGDtdCdQEu+PoRCPRLQiUksAOK9yDN87KJB6KEaDj9YN5YLXXRPdFxiQiM0L6x011cWvbOfeLOmNb2/20BfE8ZGnw/Vz9oS/M/lyrs5KCo0fqVg1PYQSD4qz/c4n7zk6eKjTfKLYjiB2BdNK5aUHYn1sZmqlkY2xRe8cP7HJ0YH+N5CkfGSTAweOXQTTF1PMGsZacv8+mWS78sFjArki78NGDUDhbEJDsTDwxtud3llk51yjwonaznP8frsVjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=82zMWdmeTfgykNq53QJU/mzSEWNMfrgnLgvzOl9ANYA=; b=JnctI7MSJVAMHcxb7Oii+iv5JuJ0mcJx5apfWN60Xw5ts+UghL8Xz7lbjkLiD5RX6vCD8Cu6l41beWx7T/j9Y7/u0bMhXKcg6Yx0r76WwLfR0t8+9pIznozZP6alWML2H5zfWr3B6ubLIGys60IhyRTAPqJ1HpVIOag9RhOR3EH9Z54Pm/4AvERHveqG2DOJgtO0aUeX8rSAOEvGPpTsZbHmmR5OtuPxP5xy/5SSNqcbhsFQHqJ5RV66oL+YffX4C0cpibYxJzh5bXOYA6/ZQWzL9Wvi6EtuLrL2hWfGezz0C0Rq4x5M61PjF6CzswwfMSejj2PR8X3xQrv4GUkyTg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=82zMWdmeTfgykNq53QJU/mzSEWNMfrgnLgvzOl9ANYA=; b=rA/M3PnlsWRN9VKFst9clEBbfKSDzOSNvl5J1F+khMKUeKbf9CQZ0cVOgOsZ62oOB6XzHeJsPMrkIdu3Tg/XKF4rGFtUtG8aPrS47fxmkx8MaIHbH6o3IvCCA4GjAaVhiZDFcLLHZTWlXRUVcq4ydcNKKaNsg2FD6WdAsFn9Sls= Received: from MWHPR11MB0064.namprd11.prod.outlook.com (10.164.192.146) by MWHPR11MB1600.namprd11.prod.outlook.com (10.172.53.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.18; Thu, 16 Jan 2020 04:27:14 +0000 Received: from MWHPR11MB0064.namprd11.prod.outlook.com ([fe80::6921:1be9:8a98:4549]) by MWHPR11MB0064.namprd11.prod.outlook.com ([fe80::6921:1be9:8a98:4549%5]) with mapi id 15.20.2623.018; Thu, 16 Jan 2020 04:27:13 +0000 From: "Sukerkar, Amol N" To: "devel@edk2.groups.io" , "Gao, Liming" , "Wang, Jian J" CC: "Kinney, Michael D" , "Yao, Jiewen" , "Agrawal, Sachin" , "Musti, Srinivas" , "Sukerkar, Amol N" Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API Thread-Topic: [edk2-devel] [PATCH v2 1/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API Thread-Index: AQHVyvETJsClZTDraE6d24/5UbWyCKfrCD2ggAAO3ACAAUHXQIAATh2AgAANR5A= Date: Thu, 16 Jan 2020 04:27:13 +0000 Message-ID: References: <20200114154107.655-1-amol.n.sukerkar@intel.com> <20200114154107.655-2-amol.n.sukerkar@intel.com> <233b34aaf0f241aa8f997c2eac4aa306@intel.com> <204e104f9b3c4cef81cdf6503074d911@intel.com> In-Reply-To: <204e104f9b3c4cef81cdf6503074d911@intel.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.2.0.6 dlp-product: dlpe-windows authentication-results: spf=none (sender IP is ) smtp.mailfrom=amol.n.sukerkar@intel.com; x-originating-ip: [134.134.136.218] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: eeae1871-6b02-4dc3-84cd-08d79a3c5caf x-ms-traffictypediagnostic: MWHPR11MB1600: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 02843AA9E0 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(366004)(136003)(346002)(39860400002)(376002)(396003)(189003)(199004)(30864003)(107886003)(66476007)(19627235002)(478600001)(71200400001)(64756008)(66556008)(966005)(52536014)(76116006)(66446008)(66946007)(8936002)(86362001)(81166006)(8676002)(81156014)(26005)(54906003)(4326008)(316002)(16799955002)(5660300002)(33656002)(66574012)(2906002)(15188155005)(7696005)(55016002)(53546011)(9686003)(45080400002)(6636002)(186003)(15650500001)(6506007)(110136005)(559001)(579004)(569006);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR11MB1600;H:MWHPR11MB0064.namprd11.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: k+CDoVmgJDZD9AGzkoDUVN5Rv9fP089w+NG5nDE3F0SBw6Omtb7eWyUR69AS/Xr+V/s5qiOh1xf+s7XdbKpKVxzAkwi56g0ARnNB9xw+1D+rVnCyxF5x/TMWJtBJe/tw1iJ64wxFxwJwcjj5KboKchg2fW3KEX20KGu5v0/P/y6IP8/+iVw0Eu1jL1QSOaj7Rw8/0ETgc8ou6oLUeg3W/FvBU/6v04z61J3sun1jTblvxYZNdH+50miSoHAbKlJCTpK4JHWeIe7L7T6tMVe/hUjbmTefSQT/EeAAeXcIH/IeXYNUOnf0DQpLT8GC4nzgnBnBgb8L1lXYSuxRzFRg9XzT/XCGPAfrIwPw4HqsAhiacDV+U2XeI7GGh7hgcLOYOmTxBrbo96FeJVy/dcyxyiTAAmCIh6Vnu9kR5nzP8Mf1KGLEbieGHD0ZowrK4+8EsEiY8ZXBTVEt8ReS03ed0ttT7oAH7xB3REeBXKa6NC5ExLqSDzeUNNYbx1VGiW+o+iMZsXyE7oC7vowTOPfUyA== MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: eeae1871-6b02-4dc3-84cd-08d79a3c5caf X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Jan 2020 04:27:13.9306 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: VdLZNJy7yDWc3oNpk3jEkQhgNNvZk+HU2wJB9DxXh27h6yfP/9YLCiqTB78913g8UPet4mxRlgfnxCNIYwQcTcojVWAfR43Pa8UGhzmcv0Q= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1600 Return-Path: amol.n.sukerkar@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable Thanks, Liming! How do I find out if it catches EDK 2020 Q1 stable tag? ~ Amol -----Original Message----- From: devel@edk2.groups.io On Behalf Of Liming Gao Sent: Wednesday, January 15, 2020 8:39 PM To: Sukerkar, Amol N ; devel@edk2.groups.io; Wa= ng, Jian J Cc: Kinney, Michael D ; Yao, Jiewen ; Agrawal, Sachin ; Musti, Srinivas <= srinivas.musti@intel.com> Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg/BaseHashLib: Implemen= t Unified Hash Calculation API Yes. Does it catch EDK2 2020 Q1 stable tag? > -----Original Message----- > From: Sukerkar, Amol N > Sent: Thursday, January 16, 2020 7:02 AM > To: Gao, Liming ; devel@edk2.groups.io; Wang,=20 > Jian J > Cc: Kinney, Michael D ; Yao, Jiewen=20 > ; Agrawal, Sachin ;=20 > Musti, Srinivas ; Sukerkar, Amol N=20 > > Subject: RE: [edk2-devel] [PATCH v2 1/1] SecurityPkg/BaseHashLib:=20 > Implement Unified Hash Calculation API >=20 > Hi Liming, >=20 > We already have a ticket filed in Bugzilla, https://bugzilla.tianocore.o= rg/show_bug.cgi?id=3D2151. Would this be sufficient? >=20 > Thanks, > Amol >=20 > -----Original Message----- > From: Gao, Liming > Sent: Tuesday, January 14, 2020 8:47 PM > To: devel@edk2.groups.io; Wang, Jian J ;=20 > Sukerkar, Amol N > Cc: Kinney, Michael D ; Yao, Jiewen=20 > ; Agrawal, Sachin ;=20 > Musti, Srinivas > Subject: RE: [edk2-devel] [PATCH v2 1/1] SecurityPkg/BaseHashLib:=20 > Implement Unified Hash Calculation API >=20 > Amol: > This is new feature. Please submit BZ=20 > (https://bugzilla.tianocore.org/) to track it. If this feature catches e= dk2 2020 Q1 stable tag, I will add it into edk2 feature planning. >=20 > Thanks > Liming > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Wang,=20 > Jian J > Sent: 2020=1B$BG/=1B(B1=1B$B7n=1B(B15=1B$BF|=1B(B 11:14 > To: Sukerkar, Amol N ; devel@edk2.groups.io > Cc: Kinney, Michael D ; Yao, Jiewen=20 > ; Agrawal, Sachin ;=20 > Musti, Srinivas > Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg/BaseHashLib:=20 > Implement Unified Hash Calculation API >=20 > Amol, >=20 > 1. Your patch doesn't support hashing more than one algorithm at the sam= e time. > Is this on purpose? Sorry I don't remember the conclusion in last dis= cussion. > 2. There're trailing spaces in BaseHashLibCommon.c and BashHashLibCommon= .h. > You can use BaseTools\Scripts\PatchCheck.py to check it before sendin= g patch. >=20 > See my other comments below. >=20 > > -----Original Message----- > > From: Sukerkar, Amol N > > Sent: Tuesday, January 14, 2020 11:41 PM > > To: devel@edk2.groups.io > > Cc: Kinney, Michael D ; Yao, Jiewen=20 > > ; Wang, Jian J ;=20 > > Agrawal, Sachin ; Musti, Srinivas=20 > > > > Subject: [PATCH v2 1/1] SecurityPkg/BaseHashLib: Implement Unified=20 > > Hash Calculation API > > > > This commit introduces a Unified Hash API to calculate hash using a=20 > > hashing algorithm specified by the PCD, PcdSystemHashPolicy. This=20 > > library interfaces with the various hashing API, such as, MD4, MD5,=20 > > SHA1, SHA256, > > SHA512 and SM3_256 implemented in CryptoPkg. The user can calculate=20 > > the desired hash by setting PcdSystemHashPolicy to appropriate value. > > > > Cc: Jiewen Yao > > Cc: Jian J Wang > > Cc: Michael D Kinney > > Signed-off-by: Sukerkar, Amol N > > --- > > > > Notes: > > v2: > > - Fixed the commit message format > > > > SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c | 252 > > ++++++++++++++++++++ > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c | 122 ++++++++++ > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c | 125 ++++++++++ > > SecurityPkg/Include/Library/BaseHashLib.h | 84 +++++++ > > SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h | 71 ++++++=20 > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf | 47 ++++=20 > > SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni | 18 ++=20 > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf | 52 ++++=20 > > SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni | 17 ++ > > SecurityPkg/SecurityPkg.dec | 23 +- > > SecurityPkg/SecurityPkg.dsc | 10 +- > > SecurityPkg/SecurityPkg.uni | 15 +- > > 12 files changed, 833 insertions(+), 3 deletions(-) > > > > diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c > > b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c > > new file mode 100644 > > index 000000000000..f8742e55b5f7 > > --- /dev/null > > +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c > > @@ -0,0 +1,252 @@ > > +/** @file > > > > + Implement image verification services for secure boot service > > > > + > > > > + Caution: This file requires additional review when modified. > > > > + This library will have external input - PE/COFF image. > > > > + This external input must be validated carefully to avoid security= =20 > > + issue like > > > > + buffer overflow, integer overflow. > > > > + > > > > + DxeImageVerificationLibImageRead() function will make sure the=20 > > + PE/COFF > > image content > > > > + read is within the image buffer. > > > > + > > > > + DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() > > function will accept > > > > + untrusted PE/COFF image and validate its data structure within=20 > > + this image > > buffer before use. > > > > + > > > > +Copyright (c) 2009 - 2020, Intel Corporation. All rights=20 > > +reserved.
> > > > +(C) Copyright 2016 Hewlett Packard Enterprise Development LP
> > > > +This program and the accompanying materials > > > > +are licensed and made available under the terms and conditions of=20 > > +the BSD > > License > > > > +which accompanies this distribution. The full text of the license=20 > > +may be found > > at > > > > +http://opensource.org/licenses/bsd-license.php > > > > + > > > > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"=20 > > +BASIS, > > > > +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS > > OR IMPLIED. > > > > + > > > > +**/ > > > > + > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > + > > > > +/** > > > > + Init hash sequence with Hash Algorithm specified by HashPolicy. > > > > + > > > > + @param HashPolicy Hash Algorithm Policy. > > > > + @param HashHandle Hash handle. > > > > + > > > > + @retval TRUE Hash start and HashHandle returned. > > > > + @retval FALSE Hash Init unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashInitInternal ( > > > > + IN UINT8 HashPolicy, > > > > + OUT HASH_HANDLE *HashHandle > > > > + ) > > > > +{ > > > > + BOOLEAN Status; > > > > + VOID *HashCtx; > > > > + UINTN CtxSize; > > > > + > > > > + switch (HashPolicy) { > > > > + case HASH_MD4: > > > > + CtxSize =3D Md4GetContextSize (); > > > > + HashCtx =3D AllocatePool (CtxSize); > > > > + ASSERT (HashCtx !=3D NULL); > > > > + > > > > + Status =3D Md4Init (HashCtx); > > > > + break; > > > > + > > > > + case HASH_MD5: > > > > + CtxSize =3D Md5GetContextSize (); > > > > + HashCtx =3D AllocatePool (CtxSize); > > > > + ASSERT (HashCtx !=3D NULL); > > > > + > > > > + Status =3D Md5Init (HashCtx); > > > > + break; > > > > + > > > > + case HASH_SHA1: > > > > + CtxSize =3D Sha1GetContextSize (); > > > > + HashCtx =3D AllocatePool (CtxSize); > > > > + ASSERT (HashCtx !=3D NULL); > > > > + > > > > + Status =3D Sha1Init (HashCtx); > > > > + break; > > > > + > > > > + case HASH_SHA256: > > > > + CtxSize =3D Sha256GetContextSize (); > > > > + HashCtx =3D AllocatePool (CtxSize); > > > > + ASSERT (HashCtx !=3D NULL); > > > > + > > > > + Status =3D Sha256Init (HashCtx); > > > > + break; > > > > + > > > > + case HASH_SHA384: > > > > + CtxSize =3D Sha384GetContextSize (); > > > > + HashCtx =3D AllocatePool (CtxSize); > > > > + ASSERT (HashCtx !=3D NULL); > > > > + > > > > + Status =3D Sha384Init (HashCtx); > > > > + break; > > > > + > > > > + case HASH_SHA512: > > > > + CtxSize =3D Sha512GetContextSize (); > > > > + HashCtx =3D AllocatePool (CtxSize); > > > > + ASSERT (HashCtx !=3D NULL); > > > > + > > > > + Status =3D Sha512Init (HashCtx); > > > > + break; > > > > + > > > > + case HASH_SM3_256: > > > > + CtxSize =3D Sm3GetContextSize (); > > > > + HashCtx =3D AllocatePool (CtxSize); > > > > + ASSERT (HashCtx !=3D NULL); > > > > + > > > > + Status =3D Sm3Init (HashCtx); > > > > + break; > > > > + > > > > + default: > > > > + ASSERT (FALSE); > > > > + break; > > > > + } > > > > + >=20 > 3. Instead of switch..case, using a global array to defines all=20 > supported interfaces would be more efficient, since you can value of Pcd= SystemHashPolicy to index them directly. >=20 > > > > + *HashHandle =3D (HASH_HANDLE)HashCtx; > > > > + > > > > + return Status; > > > > +} > > > > + > > > > +/** > > > > + Update hash data with Hash Algorithm specified by HashPolicy. > > > > + > > > > + @param HashPolicy Hash Algorithm Policy. > > > > + @param HashHandle Hash handle. > > > > + @param DataToHash Data to be hashed. > > > > + @param DataToHashLen Data size. > > > > + > > > > + @retval TRUE Hash updated. > > > > + @retval FALSE Hash updated unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashUpdateInternal ( > > > > + IN UINT8 HashPolicy, > > > > + IN HASH_HANDLE HashHandle, > > > > + IN VOID *DataToHash, > > > > + IN UINTN DataToHashLen > > > > + ) > > > > +{ > > > > + BOOLEAN Status; > > > > + VOID *HashCtx; > > > > + > > > > + HashCtx =3D (VOID *)HashHandle; > > > > + > > > > + switch (HashPolicy) { > > > > + case HASH_MD4: > > > > + Status =3D Md4Update (HashCtx, DataToHash, DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_MD5: > > > > + Status =3D Md5Update (HashCtx, DataToHash, DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_SHA1: > > > > + Status =3D Sha1Update (HashCtx, DataToHash, DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_SHA256: > > > > + Status =3D Sha256Update (HashCtx, DataToHash, DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_SHA384: > > > > + Status =3D Sha384Update (HashCtx, DataToHash, DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_SHA512: > > > > + Status =3D Sha512Update (HashCtx, DataToHash, DataToHashLen); > > > > + break; > > > > + > > > > + case HASH_SM3_256: > > > > + Status =3D Sm3Update (HashCtx, DataToHash, DataToHashLen); > > > > + break; > > > > + > > > > + default: > > > > + ASSERT (FALSE); > > > > + break; > > > > + } > > >=20 > 4. The same as 3 >=20 > > + > > > > + return Status; > > > > +} > > > > + > > > > +/** > > > > + Hash complete with Hash Algorithm specified by HashPolicy. > > > > + > > > > + @param HashPolicy Hash Algorithm Policy. > > > > + @param HashHandle Hash handle. > > > > + @param Digest Hash Digest. > > > > + > > > > + @retval TRUE Hash complete and Digest is returned. > > > > + @retval FALSE Hash complete unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashFinalInternal ( > > > > + IN UINT8 HashPolicy, > > > > + IN HASH_HANDLE HashHandle, > > > > + OUT UINT8 **Digest > > > > + ) > > > > +{ > > > > + BOOLEAN Status; > > > > + VOID *HashCtx; > > > > + UINT8 DigestData[SHA512_DIGEST_SIZE]; > > > > + > > > > + HashCtx =3D (VOID *)HashHandle; > > > > + > > > > + switch (HashPolicy) { > > > > + case HASH_MD4: > > > > + Status =3D Md4Final (HashCtx, DigestData); > > > > + CopyMem (*Digest, DigestData, MD4_DIGEST_SIZE); > > > > + break; > > > > + > > > > + case HASH_MD5: > > > > + Status =3D Md5Final (HashCtx, DigestData); > > > > + CopyMem (*Digest, DigestData, MD5_DIGEST_SIZE); > > > > + break; > > > > + > > > > + case HASH_SHA1: > > > > + Status =3D Sha1Final (HashCtx, DigestData); > > > > + CopyMem (*Digest, DigestData, SHA1_DIGEST_SIZE); > > > > + break; > > > > + > > > > + case HASH_SHA256: > > > > + Status =3D Sha256Final (HashCtx, DigestData); > > > > + CopyMem (*Digest, DigestData, SHA256_DIGEST_SIZE); > > > > + break; > > > > + > > > > + case HASH_SHA384: > > > > + Status =3D Sha384Final (HashCtx, DigestData); > > > > + CopyMem (*Digest, DigestData, SHA384_DIGEST_SIZE); > > > > + break; > > > > + > > > > + case HASH_SHA512: > > > > + Status =3D Sha512Final (HashCtx, DigestData); > > > > + CopyMem (*Digest, DigestData, SHA512_DIGEST_SIZE); > > > > + break; > > > > + > > > > + case HASH_SM3_256: > > > > + Status =3D Sm3Final (HashCtx, DigestData); > > > > + CopyMem (*Digest, DigestData, SM3_256_DIGEST_SIZE); > > > > + break; > > > > + > > > > + default: > > > > + ASSERT (FALSE); > > > > + break; > > >=20 > 5. The same as 3 >=20 > > + } > > > > + > > > > + FreePool (HashCtx); > > > > + > > > > + return Status; > > > > +} > > \ No newline at end of file > > diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c > > b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c > > new file mode 100644 > > index 000000000000..ea22cfe16e2f > > --- /dev/null > > +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c > > @@ -0,0 +1,122 @@ > > +/** @file > > > > + This library is Unified Hash API. It will redirect hash request=20 > > + to > > > > + the hash handler specified by PcdSystemHashPolicy such as SHA1,=20 > > + SHA256, > > > > + SHA384 and SM3... > > > > + > > > > +Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved. > > +
> > > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > + > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > + > > > > +#include "BaseHashLibCommon.h" > > > > + > > > > +/** > > > > + Init hash sequence. > > > > + > > > > + @param HashHandle Hash handle. > > > > + > > > > + @retval TRUE Hash start and HashHandle returned. > > > > + @retval FALSE Hash Init unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiInit ( > > > > + OUT HASH_HANDLE *HashHandle > > > > +) > > > > +{ > > > > + BOOLEAN Status; > > > > + UINT8 HashPolicy; > > > > + HASH_HANDLE Handle; > > > > + > > > > + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); > > > > + > > > > + Status =3D HashInitInternal (HashPolicy, &Handle); > > > > + > > > > + *HashHandle =3D Handle; > > > > + > > > > + return Status; > > > > +} > > > > + > > > > +/** > > > > + Update hash data. > > > > + > > > > + @param HashHandle Hash handle. > > > > + @param DataToHash Data to be hashed. > > > > + @param DataToHashLen Data size. > > > > + > > > > + @retval TRUE Hash updated. > > > > + @retval FALSE Hash updated unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiUpdate ( > > > > + IN HASH_HANDLE HashHandle, > > > > + IN VOID *DataToHash, > > > > + IN UINTN DataToHashLen > > > > +) > > > > +{ > > > > + BOOLEAN Status; > > > > + UINT8 HashPolicy; > > > > + > > > > + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); > > > > + > > > > + Status =3D HashUpdateInternal (HashPolicy, HashHandle, DataToHash, > > DataToHashLen); > > > > + > > > > + return Status; > > > > +} > > > > + > > > > +/** > > > > + Hash complete. > > > > + > > > > + @param HashHandle Hash handle. > > > > + @param Digest Hash Digest. > > > > + > > > > + @retval TRUE Hash complete and Digest is returned. > > > > + @retval FALSE Hash complete unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiFinal ( > > > > + IN HASH_HANDLE HashHandle, > > > > + OUT UINT8 *Digest > > > > +) > > > > +{ > > > > + BOOLEAN Status; > > > > + UINT8 HashPolicy; > > > > + > > > > + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); > > > > + > > > > + Status =3D HashFinalInternal (HashPolicy, &HashHandle, &Digest); > > > > + > > > > + return Status; > > > > +} > > > > + > > > > +/** > > > > + The constructor function of BaseHashLib Dxe. > > > > + > > > > + @param FileHandle The handle of FFS header the loaded driver. > > > > + @param PeiServices The pointer to the PEI services. > > > > + > > > > + @retval EFI_SUCCESS The constructor executes successfully= . > > > > + @retval EFI_OUT_OF_RESOURCES There is no enough resource for the > > constructor. > > > > + > > > > +**/ > > > > +EFI_STATUS > > > > +EFIAPI > > > > +BaseHashLibApiDxeConstructor ( > > > > + IN EFI_HANDLE ImageHandle, > > > > + IN EFI_SYSTEM_TABLE *SystemTable > > > > + ) > > > > +{ > > > > + DEBUG ((DEBUG_INFO,"Calling BaseHashLibApiDxeConstructor.. \n")); > > > > + > > > > + return EFI_SUCCESS; > > > > +} >=20 > 6. Constructor is not necessary if you don't have anything to do with it= . > You can remove it from inf file and here. >=20 > > \ No newline at end of file > > diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c > > b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c > > new file mode 100644 > > index 000000000000..580ac21fc1d9 > > --- /dev/null > > +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c > > @@ -0,0 +1,125 @@ > > +/** @file > > > > + This library is Unified Hash API. It will redirect hash request=20 > > + to > > > > + the hash handler specified by PcdSystemHashPolicy such as SHA1,=20 > > + SHA256, > > > > + SHA384 and SM3... > > > > + > > > > +Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved. > > +
> > > > +SPDX-License-Identifier: BSD-2-Clause-Patent > > > > + > > > > +**/ > > > > + > > > > + > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > + > > > > +#include > > > > +#include "BaseHashLibCommon.h" > > > > + > > > > +/** > > > > + Init hash sequence. > > > > + > > > > + @param HashHandle Hash handle. > > > > + > > > > + @retval TRUE Hash start and HashHandle returned. > > > > + @retval FALSE Hash Init unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiInit ( > > > > + OUT HASH_HANDLE *HashHandle > > > > +) > > > > +{ > > > > + BOOLEAN Status; > > > > + UINT8 HashPolicy; > > > > + HASH_HANDLE Handle; > > > > + > > > > + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); > > > > + > > > > + Status =3D HashInitInternal (HashPolicy, &Handle); > > > > + > > > > + *HashHandle =3D Handle; > > > > + > > > > + return Status; > > > > +} > > > > + > > > > +/** > > > > + Update hash data. > > > > + > > > > + @param HashHandle Hash handle. > > > > + @param DataToHash Data to be hashed. > > > > + @param DataToHashLen Data size. > > > > + > > > > + @retval TRUE Hash updated. > > > > + @retval FALSE Hash updated unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiUpdate ( > > > > + IN HASH_HANDLE HashHandle, > > > > + IN VOID *DataToHash, > > > > + IN UINTN DataToHashLen > > > > +) > > > > +{ > > > > + BOOLEAN Status; > > > > + UINT8 HashPolicy; > > > > + > > > > + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); > > > > + > > > > + Status =3D HashUpdateInternal (HashPolicy, HashHandle, DataToHash, > > DataToHashLen); > > > > + > > > > + return Status; > > > > +} > > > > + > > > > +/** > > > > + Hash complete. > > > > + > > > > + @param HashHandle Hash handle. > > > > + @param Digest Hash Digest. > > > > + > > > > + @retval TRUE Hash complete and Digest is returned. > > > > + @retval FALSE Hash complete unsuccessful. > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +HashApiFinal ( > > > > + IN HASH_HANDLE HashHandle, > > > > + OUT UINT8 *Digest > > > > +) > > > > +{ > > > > + BOOLEAN Status; > > > > + UINT8 HashPolicy; > > > > + > > > > + HashPolicy =3D PcdGet8 (PcdSystemHashPolicy); > > > > + > > > > + Status =3D HashFinalInternal (HashPolicy, HashHandle, &Digest); > > > > + > > > > + return Status; > > > > +} > > > > + > > > > +/** > > > > + The constructor function of BaseHashLib Pei. > > > > + > > > > + @param FileHandle The handle of FFS header the loaded driver. > > > > + @param PeiServices The pointer to the PEI services. > > > > + > > > > + @retval EFI_SUCCESS The constructor executes successfully= . > > > > + @retval EFI_OUT_OF_RESOURCES There is no enough resource for the > > constructor. > > > > + > > > > +**/ > > > > +EFI_STATUS > > > > +EFIAPI > > > > +BaseHashLibApiPeiConstructor ( > > > > + IN EFI_PEI_FILE_HANDLE FileHandle, > > > > + IN CONST EFI_PEI_SERVICES **PeiServices > > > > + ) > > > > +{ > > > > + DEBUG ((DEBUG_INFO,"Calling BaseHashLibApiPeiConstructor.. \n")); > > > > + > > > > + return EFI_SUCCESS; > > > > +} >=20 > 7. The same as 6 >=20 > > \ No newline at end of file > > diff --git a/SecurityPkg/Include/Library/BaseHashLib.h > > b/SecurityPkg/Include/Library/BaseHashLib.h > > new file mode 100644 > > index 000000000000..e1883fe7ce41 > > --- /dev/null > > +++ b/SecurityPkg/Include/Library/BaseHashLib.h > > @@ -0,0 +1,84 @@ > > +/** @file > > + The internal header file includes the common header files,=20 > > +defines > > + internal structure and functions used by ImageVerificationLib. > > + > > +Copyright (c) 2009 - 2020, Intel Corporation. All rights=20 > > +reserved.
This program and the accompanying materials are=20 > > +licensed and made available under the terms and conditions of the=20 > > +BSD > > License > > +which accompanies this distribution. The full text of the license=20 > > +may be found > > at > > +http://opensource.org/licenses/bsd-license.php > > + > > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"=20 > > +BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER=20 > > +EXPRESS > > OR IMPLIED. > > + > > +**/ > > + > > +#ifndef __BASEHASHLIB_H_ > > +#define __BASEHASHLIB_H_ > > + > > +#include > > +#include > > +#include > > + > > +// > > +// Hash Algorithms > > +// > > +#define HASH_DEFAULT 0x00000000 > > +#define HASH_MD4 0x00000001 > > +#define HASH_MD5 0x00000002 > > +#define HASH_SHA1 0x00000003 > > +#define HASH_SHA256 0x00000004 > > +#define HASH_SHA384 0x00000005 > > +#define HASH_SHA512 0x00000006 > > +#define HASH_SM3_256 0x00000007 > > + > > + > > +/** > > + Init hash sequence. > > + > > + @param HashHandle Hash handle. > > + > > + @retval TRUE Hash start and HashHandle returned. > > + @retval FALSE Hash Init unsuccessful. > > +**/ > > +BOOLEAN > > +EFIAPI > > +HashApiInit ( > > + OUT HASH_HANDLE *HashHandle > > +); > > + > > +/** > > + Update hash data. > > + > > + @param HashHandle Hash handle. > > + @param DataToHash Data to be hashed. > > + @param DataToHashLen Data size. > > + > > + @retval TRUE Hash updated. > > + @retval FALSE Hash updated unsuccessful. > > +**/ > > +BOOLEAN > > +EFIAPI > > +HashApiUpdate ( > > + IN HASH_HANDLE HashHandle, > > + IN VOID *DataToHash, > > + IN UINTN DataToHashLen > > +); > > + > > +/** > > + Hash complete. > > + > > + @param HashHandle Hash handle. > > + @param Digest Hash Digest. > > + > > + @retval TRUE Hash complete and Digest is returned. > > + @retval FALSE Hash complete unsuccessful. > > +**/ > > +BOOLEAN > > +EFIAPI > > +HashApiFinal ( > > + IN HASH_HANDLE HashHandle, > > + OUT UINT8 *Digest > > +); > > + > > +#endif > > \ No newline at end of file > > diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h > > b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h > > new file mode 100644 > > index 000000000000..776b74ad753b > > --- /dev/null > > +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h > > @@ -0,0 +1,71 @@ > > +/** @file > > + The internal header file includes the common header files,=20 > > +defines > > + internal structure and functions used by ImageVerificationLib. > > + > > +Copyright (c) 2009 - 2020, Intel Corporation. All rights=20 > > +reserved.
This program and the accompanying materials are=20 > > +licensed and made available under the terms and conditions of the=20 > > +BSD > > License > > +which accompanies this distribution. The full text of the license=20 > > +may be found > > at > > +http://opensource.org/licenses/bsd-license.php > > + > > +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS"=20 > > +BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER=20 > > +EXPRESS > > OR IMPLIED. > > + > > +**/ > > + > > +#ifndef __BASEHASHLIB_COMMON_H_ > > +#define __BASEHASHLIB_COMMON_H_ > > + > > +/** > > + Init hash sequence with Hash Algorithm specified by HashPolicy. > > + > > + @param HashHandle Hash handle. > > + > > + @retval EFI_SUCCESS Hash start and HashHandle returned. > > + @retval EFI_UNSUPPORTED System has no HASH library registered. > > +**/ > > +BOOLEAN > > +EFIAPI > > +HashInitInternal ( > > + IN UINT8 HashPolicy, > > + OUT HASH_HANDLE *HashHandle > > + ); > > + > > +/** > > + Hash complete with Hash Algorithm specified by HashPolicy. > > + > > + @param HashPolicy Hash Algorithm Policy. > > + @param HashHandle Hash handle. > > + @param Digest Hash Digest. > > + > > + @retval TRUE Hash complete and Digest is returned. > > + @retval FALSE Hash complete unsuccessful. > > +**/ > > +BOOLEAN > > +EFIAPI > > +HashUpdateInternal ( > > + IN UINT8 HashPolicy, > > + IN HASH_HANDLE HashHandle, > > + IN VOID *DataToHash, > > + IN UINTN DataToHashLen > > + ); > > + > > +/** > > + Update hash data with Hash Algorithm specified by HashPolicy. > > + > > + @param HashPolicy Hash Algorithm Policy. > > + @param HashHandle Hash handle. > > + @param DataToHash Data to be hashed. > > + @param DataToHashLen Data size. > > + > > + @retval TRUE Hash updated. > > + @retval FALSE Hash updated unsuccessful. > > +**/ > > +BOOLEAN > > +EFIAPI > > +HashFinalInternal ( > > + IN UINT8 HashPolicy, > > + IN HASH_HANDLE HashHandle, > > + OUT UINT8 **Digest > > + ); > > +#endif > > \ No newline at end of file > > diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf > > b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf > > new file mode 100644 > > index 000000000000..f97bda06108f > > --- /dev/null > > +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf > > @@ -0,0 +1,47 @@ > > +## @file > > > > +# Provides hash service by registered hash handler > > > > +# > > > > +# This library is Base Hash Lib. It will redirect hash request to=20 > > +each individual > > > > +# hash handler registered, such as SHA1, SHA256, SHA384, SM3. > > > > +# > > > > +# Copyright (c) 2018 - 2020, Intel Corporation. All rights=20 > > +reserved.
> > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > > > +# > > > > +## > > > > + > > > > +[Defines] > > > > + INF_VERSION =3D 0x00010005 > > > > + BASE_NAME =3D BaseHashLibDxe > > > > + MODULE_UNI_FILE =3D BaseHashLibDxe.uni > > > > + FILE_GUID =3D 158DC712-F15A-44dc-93BB-1675045B= E066 > > > > + MODULE_TYPE =3D DXE_DRIVER > > > > + VERSION_STRING =3D 1.0 > > > > + LIBRARY_CLASS =3D BaseHashLib|DXE_DRIVER DXE_RUNTI= ME_DRIVER > > DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER > > > > + CONSTRUCTOR =3D BaseHashLibApiDxeConstructor >=20 > 8. Since the above function is actually empty, you can remove above line= and > function in c file. >=20 > > > > + > > > > +# > > > > +# The following information is for reference only and not required=20 > > +by the build > > tools. > > > > +# > > > > +# VALID_ARCHITECTURES =3D IA32 X64 > > > > +# > > > > + > > > > +[Sources] > > > > + BaseHashLibCommon.h > > > > + BaseHashLibCommon.c > > > > + BaseHashLibDxe.c > > > > + > > > > +[Packages] > > > > + MdePkg/MdePkg.dec > > > > + CryptoPkg/CryptoPkg.dec > > > > + SecurityPkg/SecurityPkg.dec > > > > + > > > > +[LibraryClasses] > > > > + BaseLib > > > > + BaseMemoryLib > > > > + DebugLib > > > > + MemoryAllocationLib > > > > + BaseCryptLib > > > > + PcdLib > > > > + > > > > +[Pcd] > > > > + gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES > > > > diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni > > b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni > > new file mode 100644 > > index 000000000000..1865773b4a25 > > --- /dev/null > > +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni > > @@ -0,0 +1,18 @@ > > +// /** @file > > > > +// Provides hash service by registered hash handler > > > > +// > > > > +// This library is Unified Hash API. It will redirect hash request=20 > > +to each individual > > > > +// hash handler registered, such as SHA1, SHA256. Platform can use > > PcdTpm2HashMask to > > > > +// mask some hash engines. > > > > +// > > > > +// Copyright (c) 2018 - 2020, Intel Corporation. All rights=20 > > +reserved.
> > > > +// > > > > +// SPDX-License-Identifier: BSD-2-Clause-Patent > > > > +// > > > > +// **/ > > > > + > > > > + > > > > +#string STR_MODULE_ABSTRACT #language en-US "Provides has= h > > service by specified hash handler" > > > > + > > > > +#string STR_MODULE_DESCRIPTION #language en-US "This library= is > > Unified Hash API. It will redirect hash request to the hash handler=20 > > specified by PcdSystemHashPolicy." > > > > + > > > > diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf > > b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf > > new file mode 100644 > > index 000000000000..4d36030744bd > > --- /dev/null > > +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf > > @@ -0,0 +1,52 @@ > > +## @file > > > > +# Provides hash service by registered hash handler > > > > +# > > > > +# This library is BaseCrypto router. It will redirect hash request= =20 > > +to each > > individual > > > > +# hash handler registered, such as SHA1, SHA256. > > > > +# > > > > +# Copyright (c) 2018 - 2020, Intel Corporation. All rights=20 > > +reserved.
> > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > > > +# > > > > +## > > > > + > > > > +[Defines] > > > > + INF_VERSION =3D 0x00010005 > > > > + BASE_NAME =3D BaseHashLibPei > > > > + MODULE_UNI_FILE =3D BaseHashLibPei.uni > > > > + FILE_GUID =3D DDCBCFBA-8EEB-488a-96D6-097831A6= E50B > > > > + MODULE_TYPE =3D PEIM > > > > + VERSION_STRING =3D 1.0 > > > > + LIBRARY_CLASS =3D BaseHashLib|PEIM > > > > + CONSTRUCTOR =3D BaseHashLibApiPeiConstructor > > >=20 > 9. The same as 8 >=20 > > + > > > > +# > > > > +# The following information is for reference only and not required=20 > > +by the build > > tools. > > > > +# > > > > +# VALID_ARCHITECTURES =3D IA32 X64 > > > > +# > > > > + > > > > +[Sources] > > > > + BaseHashLibCommon.h > > > > + BaseHashLibCommon.c > > > > + BaseHashLibPei.c > > > > + > > > > +[Packages] > > > > + MdePkg/MdePkg.dec > > > > + SecurityPkg/SecurityPkg.dec > > > > + CryptoPkg/CryptoPkg.dec > > > > + MdeModulePkg/MdeModulePkg.dec > > > > + > > > > +[LibraryClasses] > > > > + BaseLib > > > > + BaseMemoryLib > > > > + DebugLib > > > > + MemoryAllocationLib > > > > + BaseCryptLib > > > > + PcdLib > > > > + > > > > +[Guids] > > > > + ## SOMETIMES_CONSUMES ## GUID > > > > + gZeroGuid > > > > + > > > > +[Pcd] > > > > + gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy ## CONSUMES > > > > diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni > > b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni > > new file mode 100644 > > index 000000000000..2131b61bd235 > > --- /dev/null > > +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni > > @@ -0,0 +1,17 @@ > > +// /** @file > > > > +// Provides hash service by registered hash handler > > > > +// > > > > +// This library is Unified Hash API. It will redirect hash request=20 > > +to each individual > > > > +// hash handler registered, such as SHA1, SHA256. > > > > +// > > > > +// Copyright (c) 2018 - 2020, Intel Corporation. All rights=20 > > +reserved.
> > > > +// > > > > +// SPDX-License-Identifier: BSD-2-Clause-Patent > > > > +// > > > > +// **/ > > > > + > > > > + > > > > +#string STR_MODULE_ABSTRACT #language en-US "Provides has= h > > service by specified hash handler" > > > > + > > > > +#string STR_MODULE_DESCRIPTION #language en-US "This library= is > > Unified Hash API. It will redirect hash request to the hash handler=20 > > specified by PcdSystemHashPolicy." > > > > + > > > > diff --git a/SecurityPkg/SecurityPkg.dec=20 > > b/SecurityPkg/SecurityPkg.dec index cac36caf0a0d..e0e144124ddd=20 > > 100644 > > --- a/SecurityPkg/SecurityPkg.dec > > +++ b/SecurityPkg/SecurityPkg.dec > > @@ -5,7 +5,7 @@ > > # It also provides the definitions(including PPIs/PROTOCOLs/GUIDs=20 > > and library > > classes) > > > > # and libraries instances, which are used for those features. > > > > # > > > > -# Copyright (c) 2009 - 2019, Intel Corporation. All rights=20 > > reserved.
> > > > +# Copyright (c) 2009 - 2020, Intel Corporation. All rights=20 > > +reserved.
> > > > # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> > > > # Copyright (c) 2017, Microsoft Corporation. All rights reserved. > >
> > > > # SPDX-License-Identifier: BSD-2-Clause-Patent > > > > @@ -27,6 +27,10 @@ [LibraryClasses] > > # > > > > HashLib|Include/Library/HashLib.h > > > > > > > > + ## @libraryclass Provides hash interfaces from different implemen= tations. > > > > + # > > > > + BaseHashLib|Include/Library/HashLib.h > > > > + > > > > ## @libraryclass Provides a platform specific interface to=20 > > detect physically present user. > > > > # > > > > PlatformSecureLib|Include/Library/PlatformSecureLib.h > > > > @@ -496,5 +500,22 @@ [PcdsDynamic, PcdsDynamicEx] > > # @Prompt Tpm2AcpiTableLasa LASA field in TPM2 ACPI table. > > > > > > gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLasa|0|UINT64|0x000100 > > 23 > > > > > > > > +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic,=20 > > +PcdsDynamicEx] > > > > + ## This PCD indicates the HASH algorithm to verify unsigned=20 > > + PE/COFF image > > > > + # Based on the value set, the required algorithm is chosen to=20 > > + verify > > > > + # the unsigned image during Secure Boot.
> > > > + # The hashing algorithm selected must match the hashing=20 > > + algorithm used to > > > > + # hash the image to be added to DB using tools such as=20 > > + KeyEnroll.
> > > > + # 0x00000001 - MD4.
> > > > + # 0x00000002 - MD5.
> > > > + # 0x00000003 - SHA1.
> > > > + # 0x00000004 - SHA256.
> > > > + # 0x00000005 - SHA384.
> > > > + # 0x00000006 - SHA512.
> > > > + # 0x00000007 - SM3_256.
> > > > + # @Prompt Set policy for hashing unsigned image for Secure Boot. > > > > + # @ValidRange 0x80000001 | 0x00000001 - 0x00000007 > > > > + > > gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy|0x04|UINT8|0x00010 > > 02 > > 4 > > > > + > > > > [UserExtensions.TianoCore."ExtraFiles"] > > > > SecurityPkgExtra.uni > > > > diff --git a/SecurityPkg/SecurityPkg.dsc=20 > > b/SecurityPkg/SecurityPkg.dsc index a2eeadda7a7e..86a5847e2509=20 > > 100644 > > --- a/SecurityPkg/SecurityPkg.dsc > > +++ b/SecurityPkg/SecurityPkg.dsc > > @@ -1,7 +1,7 @@ > > ## @file > > > > # Security Module Package for All Architectures. > > > > # > > > > -# Copyright (c) 2009 - 2019, Intel Corporation. All rights=20 > > reserved.
> > > > +# Copyright (c) 2009 - 2020, Intel Corporation. All rights=20 > > +reserved.
> > > > # (C) Copyright 2015 Hewlett Packard Enterprise Development LP
> > > > # SPDX-License-Identifier: BSD-2-Clause-Patent > > > > # > > > > @@ -95,6 +95,7 @@ [LibraryClasses.common.PEIM] > > > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm. > > inf > > > > > > Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceL > > Tcg2PhysicalPresenceLib|ib > > Tcg2PhysicalPresenceLib|/PeiTc > > g2PhysicalPresenceLib.inf > > > > RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf > > > > + BaseHashLib|SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf > > > > > > > > [LibraryClasses.common.DXE_DRIVER] > > > > HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > > > > @@ -110,6 +111,7 @@ [LibraryClasses.common.DXE_DRIVER] > > > > Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibT > > Tpm12DeviceLib|cg > > Tpm12DeviceLib|.i > > nf > > > > > > Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2. > > Tpm2DeviceLib|in > > f > > > > > > FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib > > FileExplorerLib|.i > > nf > > > > + BaseHashLib|SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf > > > > > > > > [LibraryClasses.common.UEFI_DRIVER, > > LibraryClasses.common.DXE_RUNTIME_DRIVER, > > LibraryClasses.common.DXE_SAL_DRIVER,] > > > > HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf > > > > @@ -211,6 +213,12 @@ [Components] > > > > > > SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf > > > > > > > > + # > > > > + # Unified Hash API > > > > + # > > > > + SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf > > > > + SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf > > > > + > > > > # > > > > # TCG Storage. > > > > # > > > > diff --git a/SecurityPkg/SecurityPkg.uni=20 > > b/SecurityPkg/SecurityPkg.uni index 68587304d779..32ef97f81461=20 > > 100644 > > --- a/SecurityPkg/SecurityPkg.uni > > +++ b/SecurityPkg/SecurityPkg.uni > > @@ -5,7 +5,7 @@ > > // It also provides the definitions(including PPIs/PROTOCOLs/GUIDs=20 > > and library > > classes) > > > > // and libraries instances, which are used for those features. > > > > // > > > > -// Copyright (c) 2009 - 2018, Intel Corporation. All rights=20 > > reserved.
> > > > +// Copyright (c) 2009 - 2020, Intel Corporation. All rights=20 > > +reserved.
> > > > // > > > > // SPDX-License-Identifier: BSD-2-Clause-Patent > > > > // > > > > @@ -295,3 +295,16 @@ > > > > > > #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableLasa_HELP > > #language en-US "This PCD defines LASA of TPM2 ACPI table\n\n" > > > > > > "0 means this field is unsupported\n" > > > > + > > > > > > + > > #string > > STR_gEfiSecurityPkgTokenSpaceGuid_PcdSystemHashPolicy_PROMPT > > #language en-US "HASH algorithm to verify unsigned PE/COFF image" > > > > + > > > > +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSystemHashPolicy_HELP > > #language en-US "This PCD indicates the HASH algorithm used by=20 > > Unified Hash API.

\n" > > > > + > > + "Based on the value set, the > > required algorithm is chosen to calculate\n" > > > > + = "the hash desired.
\n" > > > > + = "0x00000001 - MD4.
\n" > > > > + = "0x00000002 - MD5.
\n" > > > > + = "0x00000003 - SHA1.
\n" > > > > + > > + "0x00000004 - > > SHA256.
\n" > > > > + > > + "0x00000005 - > > SHA384.
\n" > > > > + > > + "0x00000006 - > > SHA512.
\n" > > > > + = "0x00000007 - SM3.
" > > > > -- > > 2.16.2.windows.1 >=20 >=20 >=20 >=20 >=20