From 4d5f39cd2218a67d253212307ec892a178d76798 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Mon, 13 Sep 2021 22:20:58 +0800 Subject: [PATCH] SecurityPkg/TPM: Fix bugs in imported PeiDxeTpmPlatformHierarchyLib Fix some bugs in the original PeiDxeTpmPlatformHierarchyLib.c. Signed-off-by: Stefan Berger Reviewed-by: Jiewen Yao --- .../PeiDxeTpmPlatformHierarchyLib.c | 23 +++++-------------- .../PeiDxeTpmPlatformHierarchyLib.inf | 5 ++-- 2 files changed, 8 insertions(+), 20 deletions(-) diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c index 9812ab99ab..d82a0ae1bd 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.c @@ -18,7 +18,6 @@ #include #include #include -#include #include #include #include @@ -27,7 +26,6 @@ // The authorization value may be no larger than the digest produced by the hash // algorithm used for context integrity. // -#define MAX_NEW_AUTHORIZATION_SIZE SHA512_DIGEST_SIZE UINT16 mAuthSize; @@ -54,7 +52,7 @@ RdRandGenerateEntropy ( UINT8 *Ptr; Status = EFI_NOT_READY; - BlockCount = Length / 64; + BlockCount = Length / sizeof(Seed); Ptr = (UINT8 *)Entropy; // @@ -65,10 +63,10 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } - CopyMem (Ptr, Seed, 64); + CopyMem (Ptr, Seed, sizeof(Seed)); BlockCount--; - Ptr = Ptr + 64; + Ptr = Ptr + sizeof(Seed); } // @@ -78,7 +76,7 @@ RdRandGenerateEntropy ( if (EFI_ERROR (Status)) { return Status; } - CopyMem (Ptr, Seed, (Length % 64)); + CopyMem (Ptr, Seed, (Length % sizeof(Seed))); return Status; } @@ -164,8 +162,6 @@ RandomizePlatformAuth ( { EFI_STATUS Status; UINT16 AuthSize; - UINT8 *Rand; - UINTN RandSize; TPM2B_AUTH NewPlatformAuth; // @@ -174,19 +170,13 @@ RandomizePlatformAuth ( GetAuthSize (&AuthSize); - ZeroMem (NewPlatformAuth.buffer, AuthSize); NewPlatformAuth.size = AuthSize; // - // Allocate one buffer to store random data. + // Create the random bytes in the destination buffer // - RandSize = MAX_NEW_AUTHORIZATION_SIZE; - Rand = AllocatePool (RandSize); - RdRandGenerateEntropy (RandSize, Rand); - CopyMem (NewPlatformAuth.buffer, Rand, AuthSize); - - FreePool (Rand); + RdRandGenerateEntropy (NewPlatformAuth.size, NewPlatformAuth.buffer); // // Send Tpm2HierarchyChangeAuth command with the new Auth value @@ -194,7 +184,6 @@ RandomizePlatformAuth ( Status = Tpm2HierarchyChangeAuth (TPM_RH_PLATFORM, NULL, &NewPlatformAuth); DEBUG ((DEBUG_INFO, "Tpm2HierarchyChangeAuth Result: - %r\n", Status)); ZeroMem (NewPlatformAuth.buffer, AuthSize); - ZeroMem (Rand, RandSize); } /** diff --git a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf index b7a7fb0a08..7bf666794f 100644 --- a/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf +++ b/SecurityPkg/Library/PeiDxeTpmPlatformHierarchyLib/PeiDxeTpmPlatformHierarchyLib.inf @@ -1,6 +1,5 @@ -### @file -# -# TPM Platform Hierarchy configuration library. +## @file +# TPM Platform Hierarchy configuration library. # # This library provides functions for customizing the TPM's Platform Hierarchy # Authorization Value (platformAuth) and Platform Hierarchy Authorization