diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr index fe0ef14c2f..b3504441d0 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2Config.vfr @@ -19,6 +19,12 @@ formset title = STRING_TOKEN(STR_TCG2_TITLE), help = STRING_TOKEN(STR_TCG2_HELP), classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID, + + efivarstore TCG2_CONFIGURATION_INFO, + varid = TCG2_CONFIGURATION_INFO_VARSTORE_ID, + attribute = 0x02, // EFI variable attribures EFI_VARIABLE_BOOTSERVICE_ACCESS + name = TCG2_CONFIGURATION_INFO, + guid = TCG2_CONFIG_FORM_SET_GUID; efivarstore TCG2_CONFIGURATION, varid = TCG2_CONFIGURATION_VARSTORE_ID, @@ -120,6 +126,7 @@ formset subtitle text = STRING_TOKEN(STR_NULL); + suppressif ideqval TCG2_CONFIGURATION_INFO.Sha1Supported == 0; checkbox name = TCG2ActivatePCRBank0, questionid = KEY_TPM2_PCR_BANKS_REQUEST_0, prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA1), @@ -127,7 +134,9 @@ formset flags = INTERACTIVE, default = 1, endcheckbox; + endif; + suppressif ideqval TCG2_CONFIGURATION_INFO.Sha256Supported == 0; checkbox name = TCG2ActivatePCRBank1, questionid = KEY_TPM2_PCR_BANKS_REQUEST_1, prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA256), @@ -135,7 +144,9 @@ formset flags = INTERACTIVE, default = 0, endcheckbox; + endif; + suppressif ideqval TCG2_CONFIGURATION_INFO.Sha384Supported == 0; checkbox name = TCG2ActivatePCRBank2, questionid = KEY_TPM2_PCR_BANKS_REQUEST_2, prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA384), @@ -143,7 +154,9 @@ formset flags = INTERACTIVE, default = 0, endcheckbox; + endif; + suppressif ideqval TCG2_CONFIGURATION_INFO.Sha512Supported == 0; checkbox name = TCG2ActivatePCRBank3, questionid = KEY_TPM2_PCR_BANKS_REQUEST_3, prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA512), @@ -151,7 +164,9 @@ formset flags = INTERACTIVE, default = 0, endcheckbox; + endif; + suppressif ideqval TCG2_CONFIGURATION_INFO.Sm3Supported == 0; checkbox name = TCG2ActivatePCRBank4, questionid = KEY_TPM2_PCR_BANKS_REQUEST_4, prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SM3_256), @@ -159,6 +174,7 @@ formset flags = INTERACTIVE, default = 0, endcheckbox; + endif; endif; diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c index 245376966e..0d2956074a 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigImpl.c @@ -386,6 +386,38 @@ FillBufferWithBootHashAlg ( } } +/** + Set ConfigInfo according to TpmAlgHash. + + @param[in,out] Tcg2ConfigInfo TCG2 config info. + @param[in] TpmAlgHash TpmAlgHash. + +**/ +VOID +SetConfigInfo ( + IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo, + IN UINT32 TpmAlgHash + ) +{ + switch (TpmAlgHash) { + case TPM_ALG_SHA1: + Tcg2ConfigInfo->Sha1Supported = TRUE; + break; + case TPM_ALG_SHA256: + Tcg2ConfigInfo->Sha256Supported = TRUE; + break; + case TPM_ALG_SHA384: + Tcg2ConfigInfo->Sha384Supported = TRUE; + break; + case TPM_ALG_SHA512: + Tcg2ConfigInfo->Sha512Supported = TRUE; + break; + case TPM_ALG_SM3_256: + Tcg2ConfigInfo->Sm3Supported = TRUE; + break; + } +} + /** Fill Buffer With TCG2EventLogFormat. @@ -471,6 +503,7 @@ InstallTcg2ConfigForm ( UINTN Index; TPML_PCR_SELECTION Pcrs; CHAR16 TempBuffer[1024]; + TCG2_CONFIGURATION_INFO Tcg2ConfigInfo; DriverHandle = NULL; ConfigAccess = &PrivateData->ConfigAccess; @@ -531,6 +564,7 @@ InstallTcg2ConfigForm ( break; } + ZeroMem (&Tcg2ConfigInfo, sizeof(Tcg2ConfigInfo)); Status = Tpm2GetCapabilityPcrs (&Pcrs); if (EFI_ERROR (Status)) { HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), L"[Unknown]", NULL); @@ -547,6 +581,7 @@ InstallTcg2ConfigForm ( TempBuffer[0] = 0; for (Index = 0; Index < Pcrs.count; Index++) { AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer), Pcrs.pcrSelections[Index].hash); + SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash); } HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL); } @@ -569,6 +604,19 @@ InstallTcg2ConfigForm ( FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.ActivePcrBanks); HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_ACTIVE_PCR_BANKS_CONTENT), TempBuffer, NULL); + // + // Set ConfigInfo, to control the check box. + // + Status = gRT->SetVariable ( + TCG2_STORAGE_INFO_NAME, + &gTcg2ConfigFormSetGuid, + EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof(Tcg2ConfigInfo), + &Tcg2ConfigInfo + ); + if (EFI_ERROR (Status)) { + DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_INFO_NAME\n")); + } return EFI_SUCCESS; } diff --git a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h index 65044c2bd5..c6b3d32f49 100644 --- a/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h +++ b/SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigNvData.h @@ -29,6 +29,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. #define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2) #define TCG2_CONFIGURATION_VARSTORE_ID 0x0001 +#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002 #define TCG2_CONFIGURATION_FORM_ID 0x0001 #define KEY_TPM_DEVICE 0x2000 @@ -57,6 +58,14 @@ typedef struct { UINT8 TpmDevice; } TCG2_CONFIGURATION; +typedef struct { + UINT8 Sha1Supported; + UINT8 Sha256Supported; + UINT8 Sha384Supported; + UINT8 Sha512Supported; + UINT8 Sm3Supported; +} TCG2_CONFIGURATION_INFO; + // // Variable saved for S3, TPM detected, only valid in S3 path. // This variable is ReadOnly. @@ -65,7 +74,8 @@ typedef struct { UINT8 TpmDeviceDetected; } TCG2_DEVICE_DETECTION; -#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION" +#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION" +#define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO" #define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION" #define TPM_INSTANCE_ID_LIST { \