tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SecurityPkg/TPM2: Extract GetSupportedAndActivePcrs to Tpm2CommandLib 

This patch extracts function Tpm2GetCapabilitySupportedAndActivePcrs()
from drivers and also update Tcg2ExecutePhysicalPresence() to call
Tpm2GetCapabilitySupportedAndActivePcrs() instead of
Tcg2Protocol->GetCapability to query the TPM to determine which
hashing algorithms are supported.

Cc: Chao B Zhang <chao.b.zhang@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
This commit is contained in:
Jiewen Yao 2016-09-14 16:28:12 +08:00 committed by Star Zeng
parent f5e34e37e0
commit 07cdba18cd
4 changed files with 118 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
SecurityPkg/Include/Library/Tpm2CommandLib.h
View File

@ -762,6 +762,24 @@ Tpm2GetCapabilityPcrs (
OUT TPML_PCR_SELECTION *Pcrs
);
/**
This function will query the TPM to determine which hashing algorithms
are supported and which PCR banks are currently active.
@param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
@param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.
@retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.
@retval Others An error occurred, likely in communication with the TPM.
**/
EFI_STATUS
EFIAPI
Tpm2GetCapabilitySupportedAndActivePcrs(
OUT UINT32 *TpmHashAlgorithmBitmap,
OUT UINT32 *ActivePcrBanks
);
/**
This command returns the information of TPM AlgorithmSet.

17
SecurityPkg/Library/DxeTcg2PhysicalPresenceLib/DxeTcg2PhysicalPresenceLib.c
View File

@ -160,17 +160,10 @@ Tcg2ExecutePhysicalPresence (
)
{
EFI_STATUS Status;
EFI_TCG2_PROTOCOL *Tcg2Protocol;
EFI_TCG2_BOOT_SERVICE_CAPABILITY ProtocolCapability;
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePcrBanks;
Status = gBS->LocateProtocol (&gEfiTcg2ProtocolGuid, NULL, (VOID **) &Tcg2Protocol);
ASSERT_EFI_ERROR (Status);
ProtocolCapability.Size = sizeof(ProtocolCapability);
Status = Tcg2Protocol->GetCapability (
Tcg2Protocol,
&ProtocolCapability
);
Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePcrBanks);
ASSERT_EFI_ERROR (Status);
switch (CommandCode) {
@ -194,7 +187,7 @@ Tcg2ExecutePhysicalPresence (
return TCG_PP_OPERATION_RESPONSE_SUCCESS;
case TCG2_PHYSICAL_PRESENCE_SET_PCR_BANKS:
Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, CommandParameter);
Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, CommandParameter);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {
@ -210,7 +203,7 @@ Tcg2ExecutePhysicalPresence (
}
case TCG2_PHYSICAL_PRESENCE_LOG_ALL_DIGESTS:
Status = Tpm2PcrAllocateBanks (PlatformAuth, ProtocolCapability.HashAlgorithmBitmap, ProtocolCapability.HashAlgorithmBitmap);
Status = Tpm2PcrAllocateBanks (PlatformAuth, TpmHashAlgorithmBitmap, TpmHashAlgorithmBitmap);
if (EFI_ERROR (Status)) {
return TCG_PP_OPERATION_RESPONSE_BIOS_FAILURE;
} else {

92
SecurityPkg/Library/Tpm2CommandLib/Tpm2Capability.c
View File

@ -485,6 +485,98 @@ Tpm2GetCapabilityPcrs (
return EFI_SUCCESS;
}
/**
This function will query the TPM to determine which hashing algorithms
are supported and which PCR banks are currently active.
@param[out] TpmHashAlgorithmBitmap A bitmask containing the algorithms supported by the TPM.
@param[out] ActivePcrBanks A bitmask containing the PCRs currently allocated.
@retval EFI_SUCCESS TPM was successfully queried and return values can be trusted.
@retval Others An error occurred, likely in communication with the TPM.
**/
EFI_STATUS
EFIAPI
Tpm2GetCapabilitySupportedAndActivePcrs (
OUT UINT32 *TpmHashAlgorithmBitmap,
OUT UINT32 *ActivePcrBanks
)
{
EFI_STATUS Status;
TPML_PCR_SELECTION Pcrs;
UINTN Index;
//
// Get supported PCR and current Active PCRs.
//
Status = Tpm2GetCapabilityPcrs (&Pcrs);
//
// If error, assume that we have at least SHA-1 (and return the error.)
//
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "GetSupportedAndActivePcrs - Tpm2GetCapabilityPcrs fail!\n"));
*TpmHashAlgorithmBitmap = HASH_ALG_SHA1;
*ActivePcrBanks = HASH_ALG_SHA1;
}
//
// Otherwise, process the return data to determine what algorithms are supported
// and currently allocated.
//
else {
DEBUG ((EFI_D_INFO, "GetSupportedAndActivePcrs - Count = %08x\n", Pcrs.count));
*TpmHashAlgorithmBitmap = 0;
*ActivePcrBanks = 0;
for (Index = 0; Index < Pcrs.count; Index++) {
switch (Pcrs.pcrSelections[Index].hash) {
case TPM_ALG_SHA1:
DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA1;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA1 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA1;
}
break;
case TPM_ALG_SHA256:
DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA256;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA256 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA256;
}
break;
case TPM_ALG_SHA384:
DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA384;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA384 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA384;
}
break;
case TPM_ALG_SHA512:
DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SHA512;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SHA512 active.\n"));
*ActivePcrBanks |= HASH_ALG_SHA512;
}
break;
case TPM_ALG_SM3_256:
DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 present.\n"));
*TpmHashAlgorithmBitmap |= HASH_ALG_SM3_256;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
DEBUG ((EFI_D_VERBOSE, "GetSupportedAndActivePcrs - HASH_ALG_SM3_256 active.\n"));
*ActivePcrBanks |= HASH_ALG_SM3_256;
}
break;
}
}
}
return Status;
}
/**
This command returns the information of TPM AlgorithmSet.

49
SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
View File

@ -2222,7 +2222,6 @@ DriverEntry (
VOID *Registration;
UINT32 MaxCommandSize;
UINT32 MaxResponseSize;
TPML_PCR_SELECTION Pcrs;
UINTN Index;
EFI_TCG2_EVENT_ALGORITHM_BITMAP TpmHashAlgorithmBitmap;
UINT32 ActivePCRBanks;
@ -2292,51 +2291,9 @@ DriverEntry (
//
// Get supported PCR and current Active PCRs
//
Status = Tpm2GetCapabilityPcrs (&Pcrs);
if (EFI_ERROR (Status)) {
DEBUG ((EFI_D_ERROR, "Tpm2GetCapabilityPcrs fail!\n"));
TpmHashAlgorithmBitmap = EFI_TCG2_BOOT_HASH_ALG_SHA1;
ActivePCRBanks = EFI_TCG2_BOOT_HASH_ALG_SHA1;
} else {
DEBUG ((EFI_D_INFO, "Tpm2GetCapabilityPcrs Count - %08x\n", Pcrs.count));
TpmHashAlgorithmBitmap = 0;
ActivePCRBanks = 0;
for (Index = 0; Index < Pcrs.count; Index++) {
DEBUG ((EFI_D_INFO, "hash - %x\n", Pcrs.pcrSelections[Index].hash));
switch (Pcrs.pcrSelections[Index].hash) {
case TPM_ALG_SHA1:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA1;
}
break;
case TPM_ALG_SHA256:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA256;
}
break;
case TPM_ALG_SHA384:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA384;
}
break;
case TPM_ALG_SHA512:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SHA512;
}
break;
case TPM_ALG_SM3_256:
TpmHashAlgorithmBitmap |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
if (!IsZeroBuffer (Pcrs.pcrSelections[Index].pcrSelect, Pcrs.pcrSelections[Index].sizeofSelect)) {
ActivePCRBanks |= EFI_TCG2_BOOT_HASH_ALG_SM3_256;
}
break;
}
}
}
Status = Tpm2GetCapabilitySupportedAndActivePcrs (&TpmHashAlgorithmBitmap, &ActivePCRBanks);
ASSERT_EFI_ERROR (Status);
mTcgDxeData.BsCap.HashAlgorithmBitmap = TpmHashAlgorithmBitmap & PcdGet32 (PcdTcg2HashAlgorithmBitmap);
mTcgDxeData.BsCap.ActivePcrBanks = ActivePCRBanks & PcdGet32 (PcdTcg2HashAlgorithmBitmap);