public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed
From: "Sukerkar, Amol N" <amol.n.sukerkar@intel.com>
To: "Gao, Liming" <liming.gao@intel.com>,
	"devel@edk2.groups.io" <devel@edk2.groups.io>,
	"Wang, Jian J" <jian.j.wang@intel.com>
Cc: "Kinney, Michael D" <michael.d.kinney@intel.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	"Agrawal, Sachin" <sachin.agrawal@intel.com>,
	"Musti, Srinivas" <srinivas.musti@intel.com>,
	"Sukerkar, Amol N" <amol.n.sukerkar@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API
Date: Wed, 15 Jan 2020 23:01:35 +0000	[thread overview]
Message-ID: <MWHPR11MB0064C462D3FB736508C75CE1AC370@MWHPR11MB0064.namprd11.prod.outlook.com> (raw)
In-Reply-To: <233b34aaf0f241aa8f997c2eac4aa306@intel.com>

Hi Liming,

We already have a ticket filed in Bugzilla, https://bugzilla.tianocore.org/show_bug.cgi?id=2151. Would this be sufficient?

Thanks,
Amol

-----Original Message-----
From: Gao, Liming <liming.gao@intel.com> 
Sent: Tuesday, January 14, 2020 8:47 PM
To: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>; Sukerkar, Amol N <amol.n.sukerkar@intel.com>
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Agrawal, Sachin <sachin.agrawal@intel.com>; Musti, Srinivas <srinivas.musti@intel.com>
Subject: RE: [edk2-devel] [PATCH v2 1/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API

Amol:
  This is new feature. Please submit BZ (https://bugzilla.tianocore.org/) to track it. If this feature catches edk2 2020 Q1 stable tag, I will add it into edk2 feature planning. 

Thanks
Liming
-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wang, Jian J
Sent: 2020年1月15日 11:14
To: Sukerkar, Amol N <amol.n.sukerkar@intel.com>; devel@edk2.groups.io
Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Agrawal, Sachin <sachin.agrawal@intel.com>; Musti, Srinivas <srinivas.musti@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API

Amol,

1. Your patch doesn't support hashing more than one algorithm at the same time.
   Is this on purpose? Sorry I don't remember the conclusion in last discussion.
2. There're trailing spaces in BaseHashLibCommon.c and BashHashLibCommon.h.
   You can use BaseTools\Scripts\PatchCheck.py to check it before sending patch.

See my other comments below.

> -----Original Message-----
> From: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
> Sent: Tuesday, January 14, 2020 11:41 PM
> To: devel@edk2.groups.io
> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Yao, Jiewen 
> <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>; Agrawal, 
> Sachin <sachin.agrawal@intel.com>; Musti, Srinivas 
> <srinivas.musti@intel.com>
> Subject: [PATCH v2 1/1] SecurityPkg/BaseHashLib: Implement Unified 
> Hash Calculation API
> 
> This commit introduces a Unified Hash API to calculate hash using a 
> hashing algorithm specified by the PCD, PcdSystemHashPolicy. This 
> library interfaces with the various hashing API, such as, MD4, MD5, 
> SHA1, SHA256,
> SHA512 and SM3_256 implemented in CryptoPkg. The user can calculate 
> the desired hash by setting PcdSystemHashPolicy to appropriate value.
> 
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Signed-off-by: Sukerkar, Amol N <amol.n.sukerkar@intel.com>
> ---
> 
> Notes:
>     v2:
>     - Fixed the commit message format
> 
>  SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c | 252
> ++++++++++++++++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c    | 122 ++++++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c    | 125 ++++++++++
>  SecurityPkg/Include/Library/BaseHashLib.h           |  84 +++++++
>  SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h |  71 ++++++ 
> SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf  |  47 ++++ 
> SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni  |  18 ++ 
> SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf  |  52 ++++ 
> SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni  |  17 ++
>  SecurityPkg/SecurityPkg.dec                         |  23 +-
>  SecurityPkg/SecurityPkg.dsc                         |  10 +-
>  SecurityPkg/SecurityPkg.uni                         |  15 +-
>  12 files changed, 833 insertions(+), 3 deletions(-)
> 
> diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c
> b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c
> new file mode 100644
> index 000000000000..f8742e55b5f7
> --- /dev/null
> +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.c
> @@ -0,0 +1,252 @@
> +/** @file
> 
> +  Implement image verification services for secure boot service
> 
> +
> 
> +  Caution: This file requires additional review when modified.
> 
> +  This library will have external input - PE/COFF image.
> 
> +  This external input must be validated carefully to avoid security 
> + issue like
> 
> +  buffer overflow, integer overflow.
> 
> +
> 
> +  DxeImageVerificationLibImageRead() function will make sure the 
> + PE/COFF
> image content
> 
> +  read is within the image buffer.
> 
> +
> 
> +  DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage()
> function will accept
> 
> +  untrusted PE/COFF image and validate its data structure within this 
> + image
> buffer before use.
> 
> +
> 
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights 
> +reserved.<BR>
> 
> +(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
> 
> +This program and the accompanying materials
> 
> +are licensed and made available under the terms and conditions of the 
> +BSD
> License
> 
> +which accompanies this distribution.  The full text of the license 
> +may be found
> at
> 
> +http://opensource.org/licenses/bsd-license.php
> 
> +
> 
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
> 
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS
> OR IMPLIED.
> 
> +
> 
> +**/
> 
> +
> 
> +#include <Library/BaseLib.h>
> 
> +#include <Library/BaseMemoryLib.h>
> 
> +#include <Library/MemoryAllocationLib.h>
> 
> +#include <Library/BaseCryptLib.h>
> 
> +#include <Library/DebugLib.h>
> 
> +#include <Library/PcdLib.h>
> 
> +#include <Library/BaseHashLib.h>
> 
> +
> 
> +/**
> 
> +  Init hash sequence with Hash Algorithm specified by HashPolicy.
> 
> +
> 
> +  @param HashPolicy  Hash Algorithm Policy.
> 
> +  @param HashHandle  Hash handle.
> 
> +
> 
> +  @retval TRUE       Hash start and HashHandle returned.
> 
> +  @retval FALSE      Hash Init unsuccessful.
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HashInitInternal (
> 
> +  IN UINT8          HashPolicy,
> 
> +  OUT HASH_HANDLE   *HashHandle
> 
> +  )
> 
> +{
> 
> +  BOOLEAN  Status;
> 
> +  VOID     *HashCtx;
> 
> +  UINTN    CtxSize;
> 
> +
> 
> +  switch (HashPolicy) {
> 
> +    case HASH_MD4:
> 
> +      CtxSize = Md4GetContextSize ();
> 
> +      HashCtx = AllocatePool (CtxSize);
> 
> +      ASSERT (HashCtx != NULL);
> 
> +
> 
> +      Status = Md4Init (HashCtx);
> 
> +      break;
> 
> +
> 
> +    case HASH_MD5:
> 
> +      CtxSize = Md5GetContextSize ();
> 
> +      HashCtx = AllocatePool (CtxSize);
> 
> +      ASSERT (HashCtx != NULL);
> 
> +
> 
> +     Status = Md5Init (HashCtx);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA1:
> 
> +      CtxSize = Sha1GetContextSize ();
> 
> +      HashCtx = AllocatePool (CtxSize);
> 
> +      ASSERT (HashCtx != NULL);
> 
> +
> 
> +      Status = Sha1Init (HashCtx);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA256:
> 
> +      CtxSize = Sha256GetContextSize ();
> 
> +      HashCtx = AllocatePool (CtxSize);
> 
> +      ASSERT (HashCtx != NULL);
> 
> +
> 
> +      Status = Sha256Init (HashCtx);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA384:
> 
> +      CtxSize = Sha384GetContextSize ();
> 
> +      HashCtx = AllocatePool (CtxSize);
> 
> +      ASSERT (HashCtx != NULL);
> 
> +
> 
> +      Status = Sha384Init (HashCtx);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA512:
> 
> +      CtxSize = Sha512GetContextSize ();
> 
> +      HashCtx = AllocatePool (CtxSize);
> 
> +      ASSERT (HashCtx != NULL);
> 
> +
> 
> +      Status = Sha512Init (HashCtx);
> 
> +      break;
> 
> +
> 
> +    case HASH_SM3_256:
> 
> +      CtxSize = Sm3GetContextSize ();
> 
> +      HashCtx = AllocatePool (CtxSize);
> 
> +      ASSERT (HashCtx != NULL);
> 
> +
> 
> +      Status = Sm3Init (HashCtx);
> 
> +      break;
> 
> +
> 
> +    default:
> 
> +      ASSERT (FALSE);
> 
> +      break;
> 
> +  }
> 
> +

3. Instead of switch..case, using a global array to defines all supported interfaces would be more efficient, since you can value of PcdSystemHashPolicy to index them directly.

> 
> +  *HashHandle = (HASH_HANDLE)HashCtx;
> 
> +
> 
> +  return Status;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Update hash data with Hash Algorithm specified by HashPolicy.
> 
> +
> 
> +  @param HashPolicy    Hash Algorithm Policy.
> 
> +  @param HashHandle    Hash handle.
> 
> +  @param DataToHash    Data to be hashed.
> 
> +  @param DataToHashLen Data size.
> 
> +
> 
> +  @retval TRUE         Hash updated.
> 
> +  @retval FALSE        Hash updated unsuccessful.
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HashUpdateInternal (
> 
> +  IN UINT8        HashPolicy,
> 
> +  IN HASH_HANDLE  HashHandle,
> 
> +  IN VOID         *DataToHash,
> 
> +  IN UINTN        DataToHashLen
> 
> +  )
> 
> +{
> 
> +  BOOLEAN  Status;
> 
> +  VOID     *HashCtx;
> 
> +
> 
> +  HashCtx = (VOID *)HashHandle;
> 
> +
> 
> +  switch (HashPolicy) {
> 
> +    case HASH_MD4:
> 
> +      Status = Md4Update (HashCtx, DataToHash, DataToHashLen);
> 
> +      break;
> 
> +
> 
> +    case HASH_MD5:
> 
> +      Status = Md5Update (HashCtx, DataToHash, DataToHashLen);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA1:
> 
> +      Status = Sha1Update (HashCtx, DataToHash, DataToHashLen);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA256:
> 
> +      Status = Sha256Update (HashCtx, DataToHash, DataToHashLen);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA384:
> 
> +      Status = Sha384Update (HashCtx, DataToHash, DataToHashLen);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA512:
> 
> +      Status = Sha512Update (HashCtx, DataToHash, DataToHashLen);
> 
> +      break;
> 
> +
> 
> +    case HASH_SM3_256:
> 
> +      Status = Sm3Update (HashCtx, DataToHash, DataToHashLen);
> 
> +      break;
> 
> +
> 
> +    default:
> 
> +      ASSERT (FALSE);
> 
> +      break;
> 
> +  }
> 

4. The same as 3

> +
> 
> +  return Status;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Hash complete with Hash Algorithm specified by HashPolicy.
> 
> +
> 
> +  @param HashPolicy    Hash Algorithm Policy.
> 
> +  @param HashHandle    Hash handle.
> 
> +  @param Digest        Hash Digest.
> 
> +
> 
> +  @retval TRUE         Hash complete and Digest is returned.
> 
> +  @retval FALSE        Hash complete unsuccessful.
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HashFinalInternal (
> 
> +  IN UINT8        HashPolicy,
> 
> +  IN HASH_HANDLE  HashHandle,
> 
> +  OUT UINT8       **Digest
> 
> +  )
> 
> +{
> 
> +  BOOLEAN  Status;
> 
> +  VOID     *HashCtx;
> 
> +  UINT8    DigestData[SHA512_DIGEST_SIZE];
> 
> +
> 
> +  HashCtx = (VOID *)HashHandle;
> 
> +
> 
> +  switch (HashPolicy) {
> 
> +    case HASH_MD4:
> 
> +      Status = Md4Final (HashCtx, DigestData);
> 
> +      CopyMem (*Digest, DigestData, MD4_DIGEST_SIZE);
> 
> +      break;
> 
> +
> 
> +    case HASH_MD5:
> 
> +      Status = Md5Final (HashCtx, DigestData);
> 
> +      CopyMem (*Digest, DigestData, MD5_DIGEST_SIZE);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA1:
> 
> +      Status = Sha1Final (HashCtx, DigestData);
> 
> +      CopyMem (*Digest, DigestData, SHA1_DIGEST_SIZE);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA256:
> 
> +      Status = Sha256Final (HashCtx, DigestData);
> 
> +      CopyMem (*Digest, DigestData, SHA256_DIGEST_SIZE);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA384:
> 
> +      Status = Sha384Final (HashCtx, DigestData);
> 
> +      CopyMem (*Digest, DigestData, SHA384_DIGEST_SIZE);
> 
> +      break;
> 
> +
> 
> +    case HASH_SHA512:
> 
> +      Status = Sha512Final (HashCtx, DigestData);
> 
> +      CopyMem (*Digest, DigestData, SHA512_DIGEST_SIZE);
> 
> +      break;
> 
> +
> 
> +    case HASH_SM3_256:
> 
> +      Status = Sm3Final (HashCtx, DigestData);
> 
> +      CopyMem (*Digest, DigestData, SM3_256_DIGEST_SIZE);
> 
> +      break;
> 
> +
> 
> +    default:
> 
> +      ASSERT (FALSE);
> 
> +      break;
> 

5. The same as 3

> +  }
> 
> +
> 
> +  FreePool (HashCtx);
> 
> +
> 
> +  return Status;
> 
> +}
> \ No newline at end of file
> diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
> b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
> new file mode 100644
> index 000000000000..ea22cfe16e2f
> --- /dev/null
> +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.c
> @@ -0,0 +1,122 @@
> +/** @file
> 
> +  This library is Unified Hash API. It will redirect hash request to
> 
> +  the hash handler specified by PcdSystemHashPolicy such as SHA1, 
> + SHA256,
> 
> +  SHA384 and SM3...
> 
> +
> 
> +Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved. 
> +<BR>
> 
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +
> 
> +**/
> 
> +
> 
> +
> 
> +#include <Library/BaseLib.h>
> 
> +#include <Library/BaseMemoryLib.h>
> 
> +#include <Library/MemoryAllocationLib.h>
> 
> +#include <Library/DebugLib.h>
> 
> +#include <Library/PcdLib.h>
> 
> +#include <Library/BaseHashLib.h>
> 
> +
> 
> +#include "BaseHashLibCommon.h"
> 
> +
> 
> +/**
> 
> +  Init hash sequence.
> 
> +
> 
> +  @param HashHandle  Hash handle.
> 
> +
> 
> +  @retval TRUE       Hash start and HashHandle returned.
> 
> +  @retval FALSE      Hash Init unsuccessful.
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HashApiInit (
> 
> +  OUT  HASH_HANDLE   *HashHandle
> 
> +)
> 
> +{
> 
> +  BOOLEAN     Status;
> 
> +  UINT8       HashPolicy;
> 
> +  HASH_HANDLE Handle;
> 
> +
> 
> +  HashPolicy = PcdGet8 (PcdSystemHashPolicy);
> 
> +
> 
> +  Status = HashInitInternal (HashPolicy, &Handle);
> 
> +
> 
> +  *HashHandle = Handle;
> 
> +
> 
> +  return Status;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Update hash data.
> 
> +
> 
> +  @param HashHandle    Hash handle.
> 
> +  @param DataToHash    Data to be hashed.
> 
> +  @param DataToHashLen Data size.
> 
> +
> 
> +  @retval TRUE         Hash updated.
> 
> +  @retval FALSE        Hash updated unsuccessful.
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HashApiUpdate (
> 
> +  IN HASH_HANDLE    HashHandle,
> 
> +  IN VOID           *DataToHash,
> 
> +  IN UINTN          DataToHashLen
> 
> +)
> 
> +{
> 
> +  BOOLEAN     Status;
> 
> +  UINT8       HashPolicy;
> 
> +
> 
> +  HashPolicy = PcdGet8 (PcdSystemHashPolicy);
> 
> +
> 
> +  Status = HashUpdateInternal (HashPolicy, HashHandle, DataToHash,
> DataToHashLen);
> 
> +
> 
> +  return Status;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Hash complete.
> 
> +
> 
> +  @param HashHandle    Hash handle.
> 
> +  @param Digest        Hash Digest.
> 
> +
> 
> +  @retval TRUE         Hash complete and Digest is returned.
> 
> +  @retval FALSE        Hash complete unsuccessful.
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HashApiFinal (
> 
> +  IN  HASH_HANDLE HashHandle,
> 
> +  OUT UINT8       *Digest
> 
> +)
> 
> +{
> 
> +  BOOLEAN     Status;
> 
> +  UINT8       HashPolicy;
> 
> +
> 
> +  HashPolicy = PcdGet8 (PcdSystemHashPolicy);
> 
> +
> 
> +  Status = HashFinalInternal (HashPolicy, &HashHandle, &Digest);
> 
> +
> 
> +  return Status;
> 
> +}
> 
> +
> 
> +/**
> 
> +  The constructor function of BaseHashLib Dxe.
> 
> +
> 
> +  @param  FileHandle   The handle of FFS header the loaded driver.
> 
> +  @param  PeiServices  The pointer to the PEI services.
> 
> +
> 
> +  @retval EFI_SUCCESS           The constructor executes successfully.
> 
> +  @retval EFI_OUT_OF_RESOURCES  There is no enough resource for the
> constructor.
> 
> +
> 
> +**/
> 
> +EFI_STATUS
> 
> +EFIAPI
> 
> +BaseHashLibApiDxeConstructor (
> 
> +  IN EFI_HANDLE        ImageHandle,
> 
> +  IN EFI_SYSTEM_TABLE  *SystemTable
> 
> +  )
> 
> +{
> 
> +  DEBUG ((DEBUG_INFO,"Calling BaseHashLibApiDxeConstructor.. \n"));
> 
> +
> 
> +  return EFI_SUCCESS;
> 
> +}

6. Constructor is not necessary if you don't have anything to do with it.
   You can remove it from inf file and here.

> \ No newline at end of file
> diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
> b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
> new file mode 100644
> index 000000000000..580ac21fc1d9
> --- /dev/null
> +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.c
> @@ -0,0 +1,125 @@
> +/** @file
> 
> +  This library is Unified Hash API. It will redirect hash request to
> 
> +  the hash handler specified by PcdSystemHashPolicy such as SHA1, 
> + SHA256,
> 
> +  SHA384 and SM3...
> 
> +
> 
> +Copyright (c) 2013 - 2020, Intel Corporation. All rights reserved. 
> +<BR>
> 
> +SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +
> 
> +**/
> 
> +
> 
> +
> 
> +#include <Library/BaseLib.h>
> 
> +#include <Library/BaseMemoryLib.h>
> 
> +#include <Library/MemoryAllocationLib.h>
> 
> +#include <Library/DebugLib.h>
> 
> +#include <Library/PcdLib.h>
> 
> +#include <Library/HashLib.h>
> 
> +#include <Library/HobLib.h>
> 
> +#include <Guid/ZeroGuid.h>
> 
> +
> 
> +#include <Library/BaseHashLib.h>
> 
> +#include "BaseHashLibCommon.h"
> 
> +
> 
> +/**
> 
> +  Init hash sequence.
> 
> +
> 
> +  @param HashHandle  Hash handle.
> 
> +
> 
> +  @retval TRUE       Hash start and HashHandle returned.
> 
> +  @retval FALSE      Hash Init unsuccessful.
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HashApiInit (
> 
> +  OUT  HASH_HANDLE   *HashHandle
> 
> +)
> 
> +{
> 
> +  BOOLEAN     Status;
> 
> +  UINT8       HashPolicy;
> 
> +  HASH_HANDLE Handle;
> 
> +
> 
> +  HashPolicy = PcdGet8 (PcdSystemHashPolicy);
> 
> +
> 
> +  Status = HashInitInternal (HashPolicy, &Handle);
> 
> +
> 
> +  *HashHandle = Handle;
> 
> +
> 
> +  return Status;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Update hash data.
> 
> +
> 
> +  @param HashHandle    Hash handle.
> 
> +  @param DataToHash    Data to be hashed.
> 
> +  @param DataToHashLen Data size.
> 
> +
> 
> +  @retval TRUE         Hash updated.
> 
> +  @retval FALSE        Hash updated unsuccessful.
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HashApiUpdate (
> 
> +  IN HASH_HANDLE    HashHandle,
> 
> +  IN VOID           *DataToHash,
> 
> +  IN UINTN          DataToHashLen
> 
> +)
> 
> +{
> 
> +  BOOLEAN     Status;
> 
> +  UINT8       HashPolicy;
> 
> +
> 
> +  HashPolicy = PcdGet8 (PcdSystemHashPolicy);
> 
> +
> 
> +  Status = HashUpdateInternal (HashPolicy, HashHandle, DataToHash,
> DataToHashLen);
> 
> +
> 
> +  return Status;
> 
> +}
> 
> +
> 
> +/**
> 
> +  Hash complete.
> 
> +
> 
> +  @param HashHandle    Hash handle.
> 
> +  @param Digest        Hash Digest.
> 
> +
> 
> +  @retval TRUE         Hash complete and Digest is returned.
> 
> +  @retval FALSE        Hash complete unsuccessful.
> 
> +**/
> 
> +BOOLEAN
> 
> +EFIAPI
> 
> +HashApiFinal (
> 
> +  IN  HASH_HANDLE HashHandle,
> 
> +  OUT UINT8      *Digest
> 
> +)
> 
> +{
> 
> +  BOOLEAN     Status;
> 
> +  UINT8       HashPolicy;
> 
> +
> 
> +  HashPolicy = PcdGet8 (PcdSystemHashPolicy);
> 
> +
> 
> +  Status = HashFinalInternal (HashPolicy, HashHandle, &Digest);
> 
> +
> 
> +  return Status;
> 
> +}
> 
> +
> 
> +/**
> 
> +  The constructor function of BaseHashLib Pei.
> 
> +
> 
> +  @param  FileHandle   The handle of FFS header the loaded driver.
> 
> +  @param  PeiServices  The pointer to the PEI services.
> 
> +
> 
> +  @retval EFI_SUCCESS           The constructor executes successfully.
> 
> +  @retval EFI_OUT_OF_RESOURCES  There is no enough resource for the
> constructor.
> 
> +
> 
> +**/
> 
> +EFI_STATUS
> 
> +EFIAPI
> 
> +BaseHashLibApiPeiConstructor (
> 
> +  IN EFI_PEI_FILE_HANDLE        FileHandle,
> 
> +  IN CONST EFI_PEI_SERVICES     **PeiServices
> 
> +  )
> 
> +{
> 
> +  DEBUG ((DEBUG_INFO,"Calling BaseHashLibApiPeiConstructor.. \n"));
> 
> +
> 
> +  return EFI_SUCCESS;
> 
> +}

7. The same as 6

> \ No newline at end of file
> diff --git a/SecurityPkg/Include/Library/BaseHashLib.h
> b/SecurityPkg/Include/Library/BaseHashLib.h
> new file mode 100644
> index 000000000000..e1883fe7ce41
> --- /dev/null
> +++ b/SecurityPkg/Include/Library/BaseHashLib.h
> @@ -0,0 +1,84 @@
> +/** @file
> +  The internal header file includes the common header files, defines
> +  internal structure and functions used by ImageVerificationLib.
> +
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights 
> +reserved.<BR> This program and the accompanying materials are 
> +licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution.  The full text of the license 
> +may be found
> at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS
> OR IMPLIED.
> +
> +**/
> +
> +#ifndef __BASEHASHLIB_H_
> +#define __BASEHASHLIB_H_
> +
> +#include <Uefi.h>
> +#include <Protocol/Hash.h>
> +#include <Library/HashLib.h>
> +
> +//
> +// Hash Algorithms
> +//
> +#define HASH_DEFAULT    0x00000000
> +#define HASH_MD4        0x00000001
> +#define HASH_MD5        0x00000002
> +#define HASH_SHA1       0x00000003
> +#define HASH_SHA256     0x00000004
> +#define HASH_SHA384     0x00000005
> +#define HASH_SHA512     0x00000006
> +#define HASH_SM3_256    0x00000007
> +
> +
> +/**
> +  Init hash sequence.
> +
> +  @param HashHandle  Hash handle.
> +
> +  @retval TRUE       Hash start and HashHandle returned.
> +  @retval FALSE      Hash Init unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiInit (
> +  OUT  HASH_HANDLE   *HashHandle
> +);
> +
> +/**
> +  Update hash data.
> +
> +  @param HashHandle    Hash handle.
> +  @param DataToHash    Data to be hashed.
> +  @param DataToHashLen Data size.
> +
> +  @retval TRUE         Hash updated.
> +  @retval FALSE        Hash updated unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiUpdate (
> +  IN HASH_HANDLE    HashHandle,
> +  IN VOID           *DataToHash,
> +  IN UINTN          DataToHashLen
> +);
> +
> +/**
> +  Hash complete.
> +
> +  @param HashHandle    Hash handle.
> +  @param Digest        Hash Digest.
> +
> +  @retval TRUE         Hash complete and Digest is returned.
> +  @retval FALSE        Hash complete unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashApiFinal (
> +  IN  HASH_HANDLE HashHandle,
> +  OUT UINT8       *Digest
> +);
> +
> +#endif
> \ No newline at end of file
> diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
> b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
> new file mode 100644
> index 000000000000..776b74ad753b
> --- /dev/null
> +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibCommon.h
> @@ -0,0 +1,71 @@
> +/** @file
> +  The internal header file includes the common header files, defines
> +  internal structure and functions used by ImageVerificationLib.
> +
> +Copyright (c) 2009 - 2020, Intel Corporation. All rights 
> +reserved.<BR> This program and the accompanying materials are 
> +licensed and made available under the terms and conditions of the BSD
> License
> +which accompanies this distribution.  The full text of the license 
> +may be found
> at
> +http://opensource.org/licenses/bsd-license.php
> +
> +THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, 
> +WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS
> OR IMPLIED.
> +
> +**/
> +
> +#ifndef __BASEHASHLIB_COMMON_H_
> +#define __BASEHASHLIB_COMMON_H_
> +
> +/**
> +  Init hash sequence with Hash Algorithm specified by HashPolicy.
> +
> +  @param HashHandle Hash handle.
> +
> +  @retval EFI_SUCCESS          Hash start and HashHandle returned.
> +  @retval EFI_UNSUPPORTED      System has no HASH library registered.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashInitInternal (
> +  IN UINT8          HashPolicy,
> +  OUT HASH_HANDLE   *HashHandle
> +  );
> +
> +/**
> +  Hash complete with Hash Algorithm specified by HashPolicy.
> +
> +  @param HashPolicy    Hash Algorithm Policy.
> +  @param HashHandle    Hash handle.
> +  @param Digest        Hash Digest.
> +
> +  @retval TRUE         Hash complete and Digest is returned.
> +  @retval FALSE        Hash complete unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashUpdateInternal (
> +  IN UINT8        HashPolicy,
> +  IN HASH_HANDLE  HashHandle,
> +  IN VOID         *DataToHash,
> +  IN UINTN        DataToHashLen
> +  );
> +
> +/**
> +  Update hash data with Hash Algorithm specified by HashPolicy.
> +
> +  @param HashPolicy    Hash Algorithm Policy.
> +  @param HashHandle    Hash handle.
> +  @param DataToHash    Data to be hashed.
> +  @param DataToHashLen Data size.
> +
> +  @retval TRUE         Hash updated.
> +  @retval FALSE        Hash updated unsuccessful.
> +**/
> +BOOLEAN
> +EFIAPI
> +HashFinalInternal (
> +  IN UINT8        HashPolicy,
> +  IN HASH_HANDLE  HashHandle,
> +  OUT UINT8       **Digest
> +  );
> +#endif
> \ No newline at end of file
> diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
> b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
> new file mode 100644
> index 000000000000..f97bda06108f
> --- /dev/null
> +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
> @@ -0,0 +1,47 @@
> +## @file
> 
> +#  Provides hash service by registered hash handler
> 
> +#
> 
> +#  This library is Base Hash Lib. It will redirect hash request to 
> +each individual
> 
> +#  hash handler registered, such as SHA1, SHA256, SHA384, SM3.
> 
> +#
> 
> +# Copyright (c) 2018 - 2020, Intel Corporation. All rights 
> +reserved.<BR>
> 
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +#
> 
> +##
> 
> +
> 
> +[Defines]
> 
> +  INF_VERSION                    = 0x00010005
> 
> +  BASE_NAME                      = BaseHashLibDxe
> 
> +  MODULE_UNI_FILE                = BaseHashLibDxe.uni
> 
> +  FILE_GUID                      = 158DC712-F15A-44dc-93BB-1675045BE066
> 
> +  MODULE_TYPE                    = DXE_DRIVER
> 
> +  VERSION_STRING                 = 1.0
> 
> +  LIBRARY_CLASS                  = BaseHashLib|DXE_DRIVER DXE_RUNTIME_DRIVER
> DXE_SMM_DRIVER UEFI_APPLICATION UEFI_DRIVER
> 
> +  CONSTRUCTOR                    = BaseHashLibApiDxeConstructor

8. Since the above function is actually empty, you can remove above line and
   function in c file.

> 
> +
> 
> +#
> 
> +# The following information is for reference only and not required by 
> +the build
> tools.
> 
> +#
> 
> +#  VALID_ARCHITECTURES           = IA32 X64
> 
> +#
> 
> +
> 
> +[Sources]
> 
> +  BaseHashLibCommon.h
> 
> +  BaseHashLibCommon.c
> 
> +  BaseHashLibDxe.c
> 
> +
> 
> +[Packages]
> 
> +  MdePkg/MdePkg.dec
> 
> +  CryptoPkg/CryptoPkg.dec
> 
> +  SecurityPkg/SecurityPkg.dec
> 
> +
> 
> +[LibraryClasses]
> 
> +  BaseLib
> 
> +  BaseMemoryLib
> 
> +  DebugLib
> 
> +  MemoryAllocationLib
> 
> +  BaseCryptLib
> 
> +  PcdLib
> 
> +
> 
> +[Pcd]
> 
> +  gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
> 
> diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
> b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
> new file mode 100644
> index 000000000000..1865773b4a25
> --- /dev/null
> +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.uni
> @@ -0,0 +1,18 @@
> +// /** @file
> 
> +// Provides hash service by registered hash handler
> 
> +//
> 
> +// This library is Unified Hash API. It will redirect hash request to 
> +each individual
> 
> +// hash handler registered, such as SHA1, SHA256. Platform can use
> PcdTpm2HashMask to
> 
> +// mask some hash engines.
> 
> +//
> 
> +// Copyright (c) 2018 - 2020, Intel Corporation. All rights 
> +reserved.<BR>
> 
> +//
> 
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +//
> 
> +// **/
> 
> +
> 
> +
> 
> +#string STR_MODULE_ABSTRACT             #language en-US "Provides hash
> service by specified hash handler"
> 
> +
> 
> +#string STR_MODULE_DESCRIPTION          #language en-US "This library is
> Unified Hash API. It will redirect hash request to the hash handler 
> specified by PcdSystemHashPolicy."
> 
> +
> 
> diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
> b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
> new file mode 100644
> index 000000000000..4d36030744bd
> --- /dev/null
> +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
> @@ -0,0 +1,52 @@
> +## @file
> 
> +#  Provides hash service by registered hash handler
> 
> +#
> 
> +#  This library is BaseCrypto router. It will redirect hash request 
> +to each
> individual
> 
> +#  hash handler registered, such as SHA1, SHA256.
> 
> +#
> 
> +# Copyright (c) 2018 - 2020, Intel Corporation. All rights 
> +reserved.<BR>
> 
> +# SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +#
> 
> +##
> 
> +
> 
> +[Defines]
> 
> +  INF_VERSION                    = 0x00010005
> 
> +  BASE_NAME                      = BaseHashLibPei
> 
> +  MODULE_UNI_FILE                = BaseHashLibPei.uni
> 
> +  FILE_GUID                      = DDCBCFBA-8EEB-488a-96D6-097831A6E50B
> 
> +  MODULE_TYPE                    = PEIM
> 
> +  VERSION_STRING                 = 1.0
> 
> +  LIBRARY_CLASS                  = BaseHashLib|PEIM
> 
> +  CONSTRUCTOR                    = BaseHashLibApiPeiConstructor
> 

9. The same as 8

> +
> 
> +#
> 
> +# The following information is for reference only and not required by 
> +the build
> tools.
> 
> +#
> 
> +#  VALID_ARCHITECTURES           = IA32 X64
> 
> +#
> 
> +
> 
> +[Sources]
> 
> +  BaseHashLibCommon.h
> 
> +  BaseHashLibCommon.c
> 
> +  BaseHashLibPei.c
> 
> +
> 
> +[Packages]
> 
> +  MdePkg/MdePkg.dec
> 
> +  SecurityPkg/SecurityPkg.dec
> 
> +  CryptoPkg/CryptoPkg.dec
> 
> +  MdeModulePkg/MdeModulePkg.dec
> 
> +
> 
> +[LibraryClasses]
> 
> +  BaseLib
> 
> +  BaseMemoryLib
> 
> +  DebugLib
> 
> +  MemoryAllocationLib
> 
> +  BaseCryptLib
> 
> +  PcdLib
> 
> +
> 
> +[Guids]
> 
> +  ## SOMETIMES_CONSUMES   ## GUID
> 
> +  gZeroGuid
> 
> +
> 
> +[Pcd]
> 
> +  gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy    ## CONSUMES
> 
> diff --git a/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
> b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
> new file mode 100644
> index 000000000000..2131b61bd235
> --- /dev/null
> +++ b/SecurityPkg/Library/BaseHashLib/BaseHashLibPei.uni
> @@ -0,0 +1,17 @@
> +// /** @file
> 
> +// Provides hash service by registered hash handler
> 
> +//
> 
> +// This library is Unified Hash API. It will redirect hash request to 
> +each individual
> 
> +// hash handler registered, such as SHA1, SHA256.
> 
> +//
> 
> +// Copyright (c) 2018 - 2020, Intel Corporation. All rights 
> +reserved.<BR>
> 
> +//
> 
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> +//
> 
> +// **/
> 
> +
> 
> +
> 
> +#string STR_MODULE_ABSTRACT             #language en-US "Provides hash
> service by specified hash handler"
> 
> +
> 
> +#string STR_MODULE_DESCRIPTION          #language en-US "This library is
> Unified Hash API. It will redirect hash request to the hash handler 
> specified by PcdSystemHashPolicy."
> 
> +
> 
> diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec 
> index cac36caf0a0d..e0e144124ddd 100644
> --- a/SecurityPkg/SecurityPkg.dec
> +++ b/SecurityPkg/SecurityPkg.dec
> @@ -5,7 +5,7 @@
>  #  It also provides the definitions(including PPIs/PROTOCOLs/GUIDs 
> and library
> classes)
> 
>  #  and libraries instances, which are used for those features.
> 
>  #
> 
> -# Copyright (c) 2009 - 2019, Intel Corporation. All rights 
> reserved.<BR>
> 
> +# Copyright (c) 2009 - 2020, Intel Corporation. All rights 
> +reserved.<BR>
> 
>  # (C) Copyright 2015 Hewlett Packard Enterprise Development LP <BR>
> 
>  # Copyright (c) 2017, Microsoft Corporation.  All rights reserved. 
> <BR>
> 
>  # SPDX-License-Identifier: BSD-2-Clause-Patent
> 
> @@ -27,6 +27,10 @@ [LibraryClasses]
>    #
> 
>    HashLib|Include/Library/HashLib.h
> 
> 
> 
> +  ##  @libraryclass  Provides hash interfaces from different implementations.
> 
> +  #
> 
> +  BaseHashLib|Include/Library/HashLib.h
> 
> +
> 
>    ##  @libraryclass  Provides a platform specific interface to detect 
> physically present user.
> 
>    #
> 
>    PlatformSecureLib|Include/Library/PlatformSecureLib.h
> 
> @@ -496,5 +500,22 @@ [PcdsDynamic, PcdsDynamicEx]
>    # @Prompt Tpm2AcpiTableLasa LASA field in TPM2 ACPI table.
> 
> 
> gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableLasa|0|UINT64|0x00010023
> 
> 
> 
> +[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]
> 
> +  ## This PCD indicates the HASH algorithm to verify unsigned PE/COFF 
> + image
> 
> +  #  Based on the value set, the required algorithm is chosen to 
> + verify
> 
> +  #  the unsigned image during Secure Boot.<BR>
> 
> +  #  The hashing algorithm selected must match the hashing algorithm 
> + used to
> 
> +  #  hash the image to be added to DB using tools such as 
> + KeyEnroll.<BR>
> 
> +  #     0x00000001    - MD4.<BR>
> 
> +  #     0x00000002    - MD5.<BR>
> 
> +  #     0x00000003    - SHA1.<BR>
> 
> +  #     0x00000004    - SHA256.<BR>
> 
> +  #     0x00000005    - SHA384.<BR>
> 
> +  #     0x00000006    - SHA512.<BR>
> 
> +  #     0x00000007    - SM3_256.<BR>
> 
> +  # @Prompt Set policy for hashing unsigned image for Secure Boot.
> 
> +  # @ValidRange 0x80000001 | 0x00000001 - 0x00000007
> 
> +
> gEfiSecurityPkgTokenSpaceGuid.PcdSystemHashPolicy|0x04|UINT8|0x0001002
> 4
> 
> +
> 
>  [UserExtensions.TianoCore."ExtraFiles"]
> 
>    SecurityPkgExtra.uni
> 
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc 
> index a2eeadda7a7e..86a5847e2509 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -1,7 +1,7 @@
>  ## @file
> 
>  #  Security Module Package for All Architectures.
> 
>  #
> 
> -# Copyright (c) 2009 - 2019, Intel Corporation. All rights 
> reserved.<BR>
> 
> +# Copyright (c) 2009 - 2020, Intel Corporation. All rights 
> +reserved.<BR>
> 
>  # (C) Copyright 2015 Hewlett Packard Enterprise Development LP<BR>
> 
>  # SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  #
> 
> @@ -95,6 +95,7 @@ [LibraryClasses.common.PEIM]
> 
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.
> inf
> 
> 
> Tcg2PhysicalPresenceLib|SecurityPkg/Library/PeiTcg2PhysicalPresenceLib
> Tcg2PhysicalPresenceLib|/PeiTc
> g2PhysicalPresenceLib.inf
> 
>    RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
> 
> +  BaseHashLib|SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
> 
> 
> 
>  [LibraryClasses.common.DXE_DRIVER]
> 
>    HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
> 
> @@ -110,6 +111,7 @@ [LibraryClasses.common.DXE_DRIVER]
> 
> Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg
> Tpm12DeviceLib|.i
> nf
> 
> 
> Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.
> Tpm2DeviceLib|in
> f
> 
>
> FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.i
> nf
> 
> +  BaseHashLib|SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
> 
> 
> 
>  [LibraryClasses.common.UEFI_DRIVER,
> LibraryClasses.common.DXE_RUNTIME_DRIVER,
> LibraryClasses.common.DXE_SAL_DRIVER,]
> 
>    HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
> 
> @@ -211,6 +213,12 @@ [Components]
> 
> 
>    SecurityPkg/Library/HashLibTpm2/HashLibTpm2.inf
> 
> 
> 
> +  #
> 
> +  # Unified Hash API
> 
> +  #
> 
> +  SecurityPkg/Library/BaseHashLib/BaseHashLibDxe.inf
> 
> +  SecurityPkg/Library/BaseHashLib/BaseHashLibPei.inf
> 
> +
> 
>    #
> 
>    # TCG Storage.
> 
>    #
> 
> diff --git a/SecurityPkg/SecurityPkg.uni b/SecurityPkg/SecurityPkg.uni 
> index 68587304d779..32ef97f81461 100644
> --- a/SecurityPkg/SecurityPkg.uni
> +++ b/SecurityPkg/SecurityPkg.uni
> @@ -5,7 +5,7 @@
>  // It also provides the definitions(including PPIs/PROTOCOLs/GUIDs 
> and library
> classes)
> 
>  // and libraries instances, which are used for those features.
> 
>  //
> 
> -// Copyright (c) 2009 - 2018, Intel Corporation. All rights 
> reserved.<BR>
> 
> +// Copyright (c) 2009 - 2020, Intel Corporation. All rights 
> +reserved.<BR>
> 
>  //
> 
>  // SPDX-License-Identifier: BSD-2-Clause-Patent
> 
>  //
> 
> @@ -295,3 +295,16 @@
> 
> 
>  #string STR_gEfiSecurityPkgTokenSpaceGuid_PcdTpm2AcpiTableLasa_HELP
> #language en-US "This PCD defines LASA of TPM2 ACPI table\n\n"
> 
>                                                                                       
> "0 means this field is unsupported\n"
> 
> +
> 
> 
> +
>      #string
> STR_gEfiSecurityPkgTokenSpaceGuid_PcdSystemHashPolicy_PROMPT
> #language en-US "HASH algorithm to verify unsigned PE/COFF image"
> 
> +
> 
> +#string STR_gEfiSecurityPkgTokenSpaceGuid_PcdSystemHashPolicy_HELP
> #language en-US "This PCD indicates the HASH algorithm used by Unified 
> Hash API.<BR><BR>\n"
> 
> +                                                                       
> + "Based on the value set, the
> required algorithm is chosen to calculate\n"
> 
> +                                                                                        "the hash desired.<BR>\n"
> 
> +                                                                                        "0x00000001  -  MD4.<BR>\n"
> 
> +                                                                                        "0x00000002  -  MD5.<BR>\n"
> 
> +                                                                                        "0x00000003  -  SHA1.<BR>\n"
> 
> +                                                                       
> + "0x00000004  -
> SHA256.<BR>\n"
> 
> +                                                                       
> + "0x00000005  -
> SHA384.<BR>\n"
> 
> +                                                                       
> + "0x00000006  -
> SHA512.<BR>\n"
> 
> +                                                                                        "0x00000007  -  SM3.<BR>"
> 
> --
> 2.16.2.windows.1






  reply	other threads:[~2020-01-15 23:02 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-14 15:41 [PATCH v2 0/1] SecurityPkg/BaseHashLib: Implement Unified Hash Calculation API Sukerkar, Amol N
2020-01-14 15:41 ` [PATCH v2 1/1] " Sukerkar, Amol N
2020-01-15  3:13   ` Wang, Jian J
2020-01-15  3:47     ` [edk2-devel] " Liming Gao
2020-01-15 23:01       ` Sukerkar, Amol N [this message]
2020-01-16  3:38         ` Liming Gao
2020-01-16  4:27           ` Sukerkar, Amol N
2020-01-16  4:35             ` Liming Gao
2020-01-16 16:58               ` Sukerkar, Amol N
2020-01-17  0:31                 ` Liming Gao
2020-01-17  3:47                   ` Sukerkar, Amol N
2020-01-15 20:13     ` Sukerkar, Amol N

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=MWHPR11MB0064C462D3FB736508C75CE1AC370@MWHPR11MB0064.namprd11.prod.outlook.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox