From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mx.groups.io with SMTP id smtpd.web12.7087.1595284077272336356 for ; Mon, 20 Jul 2020 15:27:57 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: rodrigo.gonzalez.del.cueto@intel.com) IronPort-SDR: SinEU5Nvg7sQqxC/LeoXBy4rWSuoxdR+lwqF37GM2OioQJmkj9TZEorAZyUZuFSLl9fsD/ufpV XWR5XNhMrp4w== X-IronPort-AV: E=McAfee;i="6000,8403,9688"; a="147967213" X-IronPort-AV: E=Sophos;i="5.75,375,1589266800"; d="scan'208";a="147967213" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Jul 2020 15:27:56 -0700 IronPort-SDR: 4s2h2tslxYCjsIompqEfiLHcWDa8vm2dzxr4hcBHBVn94oMuN0wM83byvHS0mulmPZwxVDGRaf t35X+XJYjb5Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,375,1589266800"; d="scan'208";a="392164589" Received: from fm73lab177-1.amr.corp.intel.com ([10.80.209.189]) by fmsmga001.fm.intel.com with ESMTP; 20 Jul 2020 15:27:56 -0700 From: rodrigo.gonzalez.del.cueto@intel.com To: devel@edk2.groups.io Cc: Rodrigo Gonzalez del Cueto , Jiewen Yao , Jian J Wang , Qi Zhang Subject: [PATCH] SecurityPkg: Fix GetSupportedAndActivePcrs counter calculation Date: Mon, 20 Jul 2020 15:27:13 -0700 Message-Id: X-Mailer: git-send-email 2.27.0.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2855 The Tpm2GetCapabilitySupportedAndActivePcrs function prints a count number that should reflect the *supported and currently active* PCR banks, but the implementation in place displays instead the count of the *supported PCR banks* retrieved directly from the Tpm2GetCapabilityPcrs() TPML_PCR_SELECTION output. The counter should only take into account those PCRs banks which are active. Replaced usage of EFI_D_* for DEBUG_* definitions in debug messages. Cc: Jiewen Yao Cc: Jian J Wang Cc: Qi Zhang Signed-off-by: Rodrigo Gonzalez del Cueto --- .../Library/Tpm2CommandLib/Tpm2Capability.c | 46 ++++++++++++------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c b/Security= Pkg/Library/Tpm2CommandLib/Tpm2Capability.c index 85b11c7715..07cac08c40 100644 --- a/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c +++ b/SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c @@ -110,7 +110,7 @@ Tpm2GetCapability ( // Fail if command failed=0D //=0D if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r= \n", SwapBytes32(RecvBuffer.Header.responseCode)));=0D + DEBUG ((DEBUG_ERROR, "Tpm2GetCapability: Response Code error! 0x%08x\r= \n", SwapBytes32(RecvBuffer.Header.responseCode)));=0D return EFI_DEVICE_ERROR;=0D }=0D =0D @@ -522,74 +522,86 @@ Tpm2GetCapabilitySupportedAndActivePcrs ( EFI_STATUS Status;=0D TPML_PCR_SELECTION Pcrs;=0D UINTN Index;=0D + UINT8 ActivePcrBankCount;=0D =0D //=0D - // Get supported PCR and current Active PCRs.=0D + // Get supported PCR=0D //=0D Status =3D Tpm2GetCapabilityPcrs (&Pcrs);=0D -=0D + DEBUG ((DEBUG_INFO, "Supported PCRs - Count =3D %08x\n", Pcrs.count));=0D + ActivePcrBankCount =3D 0;=0D //=0D // If error, assume that we have at least SHA-1 (and return the error.)= =0D //=0D if (EFI_ERROR (Status)) {=0D - DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcr= s fail!\n"));=0D + DEBUG ((DEBUG_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcr= s fail!\n"));=0D *TpmHashAlgorithmBitmap =3D HASH_ALG_SHA1;=0D *ActivePcrBanks =3D HASH_ALG_SHA1;=0D + ActivePcrBankCount =3D 1;=0D }=0D //=0D // Otherwise, process the return data to determine what algorithms are s= upported=0D // and currently allocated.=0D //=0D else {=0D - DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count =3D %08x\n", Pc= rs.count));=0D *TpmHashAlgorithmBitmap =3D 0;=0D *ActivePcrBanks =3D 0;=0D for (Index =3D 0; Index < Pcrs.count; Index++) {=0D switch (Pcrs.pcrSelections[Index].hash) {=0D case TPM_ALG_SHA1:=0D - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 = present.\n"));=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 = present.\n"));=0D *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA1;=0D if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe= lections[Index].sizeofSelect)) {=0D - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 1 active.\n"));=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 1 active.\n"));=0D *ActivePcrBanks |=3D HASH_ALG_SHA1;=0D + ActivePcrBankCount++;=0D }=0D break;=0D case TPM_ALG_SHA256:=0D - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA25= 6 present.\n"));=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA25= 6 present.\n"));=0D *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA256;=0D if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe= lections[Index].sizeofSelect)) {=0D - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 256 active.\n"));=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 256 active.\n"));=0D *ActivePcrBanks |=3D HASH_ALG_SHA256;=0D + ActivePcrBankCount++;=0D }=0D break;=0D case TPM_ALG_SHA384:=0D - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA38= 4 present.\n"));=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA38= 4 present.\n"));=0D *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA384;=0D if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe= lections[Index].sizeofSelect)) {=0D - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 384 active.\n"));=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 384 active.\n"));=0D *ActivePcrBanks |=3D HASH_ALG_SHA384;=0D + ActivePcrBankCount++;=0D }=0D break;=0D case TPM_ALG_SHA512:=0D - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA51= 2 present.\n"));=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA51= 2 present.\n"));=0D *TpmHashAlgorithmBitmap |=3D HASH_ALG_SHA512;=0D if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe= lections[Index].sizeofSelect)) {=0D - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 512 active.\n"));=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA= 512 active.\n"));=0D *ActivePcrBanks |=3D HASH_ALG_SHA512;=0D + ActivePcrBankCount++;=0D }=0D break;=0D case TPM_ALG_SM3_256:=0D - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_2= 56 present.\n"));=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_2= 56 present.\n"));=0D *TpmHashAlgorithmBitmap |=3D HASH_ALG_SM3_256;=0D if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSe= lections[Index].sizeofSelect)) {=0D - DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3= _256 active.\n"));=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3= _256 active.\n"));=0D *ActivePcrBanks |=3D HASH_ALG_SM3_256;=0D + ActivePcrBankCount++;=0D }=0D break;=0D + default:=0D + DEBUG ((DEBUG_VERBOSE, "GetSupportedAndActivePcrs - Unsupported ba= nk 0x%04x.\n", Pcrs.pcrSelections[Index].hash));=0D + continue;=0D + break;=0D }=0D }=0D }=0D =0D + DEBUG ((DEBUG_INFO, "GetSupportedAndActivePcrs - Count =3D %08x\n", Acti= vePcrBankCount));=0D return Status;=0D }=0D =0D @@ -837,11 +849,11 @@ Tpm2TestParms ( }=0D =0D if (RecvBufferSize < sizeof (TPM2_RESPONSE_HEADER)) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", Re= cvBufferSize));=0D + DEBUG ((DEBUG_ERROR, "Tpm2TestParms - RecvBufferSize Error - %x\n", Re= cvBufferSize));=0D return EFI_DEVICE_ERROR;=0D }=0D if (SwapBytes32(RecvBuffer.Header.responseCode) !=3D TPM_RC_SUCCESS) {=0D - DEBUG ((EFI_D_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes3= 2(RecvBuffer.Header.responseCode)));=0D + DEBUG ((DEBUG_ERROR, "Tpm2TestParms - responseCode - %x\n", SwapBytes3= 2(RecvBuffer.Header.responseCode)));=0D return EFI_UNSUPPORTED;=0D }=0D =0D --=20 2.27.0.windows.1