mirror of https://github.com/acidanthera/audk.git
Add suppressif around TCG hash seleciton checkbox in TCG2
Previous TCG2 configuration UI always add all TCG defined hash algorithm to let user select which one need be used. This brings risk that user might select unsupported hash, and selection is rejected later. So we enhance to UI to hide unsupported hash algorithm. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: "Yao, Jiewen" <jiewen.yao@intel.com> Reviewed-by: "Zhang, Chao B" <chao.b.zhang@intel.com> git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@18676 6f19259b-4bc3-4df7-8a09-765794883524
This commit is contained in:
parent
7919244076
commit
c41eeb447d
|
@ -19,6 +19,12 @@ formset
|
||||||
title = STRING_TOKEN(STR_TCG2_TITLE),
|
title = STRING_TOKEN(STR_TCG2_TITLE),
|
||||||
help = STRING_TOKEN(STR_TCG2_HELP),
|
help = STRING_TOKEN(STR_TCG2_HELP),
|
||||||
classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
|
classguid = EFI_HII_PLATFORM_SETUP_FORMSET_GUID,
|
||||||
|
|
||||||
|
efivarstore TCG2_CONFIGURATION_INFO,
|
||||||
|
varid = TCG2_CONFIGURATION_INFO_VARSTORE_ID,
|
||||||
|
attribute = 0x02, // EFI variable attribures EFI_VARIABLE_BOOTSERVICE_ACCESS
|
||||||
|
name = TCG2_CONFIGURATION_INFO,
|
||||||
|
guid = TCG2_CONFIG_FORM_SET_GUID;
|
||||||
|
|
||||||
efivarstore TCG2_CONFIGURATION,
|
efivarstore TCG2_CONFIGURATION,
|
||||||
varid = TCG2_CONFIGURATION_VARSTORE_ID,
|
varid = TCG2_CONFIGURATION_VARSTORE_ID,
|
||||||
|
@ -120,6 +126,7 @@ formset
|
||||||
|
|
||||||
subtitle text = STRING_TOKEN(STR_NULL);
|
subtitle text = STRING_TOKEN(STR_NULL);
|
||||||
|
|
||||||
|
suppressif ideqval TCG2_CONFIGURATION_INFO.Sha1Supported == 0;
|
||||||
checkbox name = TCG2ActivatePCRBank0,
|
checkbox name = TCG2ActivatePCRBank0,
|
||||||
questionid = KEY_TPM2_PCR_BANKS_REQUEST_0,
|
questionid = KEY_TPM2_PCR_BANKS_REQUEST_0,
|
||||||
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA1),
|
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA1),
|
||||||
|
@ -127,7 +134,9 @@ formset
|
||||||
flags = INTERACTIVE,
|
flags = INTERACTIVE,
|
||||||
default = 1,
|
default = 1,
|
||||||
endcheckbox;
|
endcheckbox;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqval TCG2_CONFIGURATION_INFO.Sha256Supported == 0;
|
||||||
checkbox name = TCG2ActivatePCRBank1,
|
checkbox name = TCG2ActivatePCRBank1,
|
||||||
questionid = KEY_TPM2_PCR_BANKS_REQUEST_1,
|
questionid = KEY_TPM2_PCR_BANKS_REQUEST_1,
|
||||||
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA256),
|
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA256),
|
||||||
|
@ -135,7 +144,9 @@ formset
|
||||||
flags = INTERACTIVE,
|
flags = INTERACTIVE,
|
||||||
default = 0,
|
default = 0,
|
||||||
endcheckbox;
|
endcheckbox;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqval TCG2_CONFIGURATION_INFO.Sha384Supported == 0;
|
||||||
checkbox name = TCG2ActivatePCRBank2,
|
checkbox name = TCG2ActivatePCRBank2,
|
||||||
questionid = KEY_TPM2_PCR_BANKS_REQUEST_2,
|
questionid = KEY_TPM2_PCR_BANKS_REQUEST_2,
|
||||||
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA384),
|
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA384),
|
||||||
|
@ -143,7 +154,9 @@ formset
|
||||||
flags = INTERACTIVE,
|
flags = INTERACTIVE,
|
||||||
default = 0,
|
default = 0,
|
||||||
endcheckbox;
|
endcheckbox;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqval TCG2_CONFIGURATION_INFO.Sha512Supported == 0;
|
||||||
checkbox name = TCG2ActivatePCRBank3,
|
checkbox name = TCG2ActivatePCRBank3,
|
||||||
questionid = KEY_TPM2_PCR_BANKS_REQUEST_3,
|
questionid = KEY_TPM2_PCR_BANKS_REQUEST_3,
|
||||||
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA512),
|
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SHA512),
|
||||||
|
@ -151,7 +164,9 @@ formset
|
||||||
flags = INTERACTIVE,
|
flags = INTERACTIVE,
|
||||||
default = 0,
|
default = 0,
|
||||||
endcheckbox;
|
endcheckbox;
|
||||||
|
endif;
|
||||||
|
|
||||||
|
suppressif ideqval TCG2_CONFIGURATION_INFO.Sm3Supported == 0;
|
||||||
checkbox name = TCG2ActivatePCRBank4,
|
checkbox name = TCG2ActivatePCRBank4,
|
||||||
questionid = KEY_TPM2_PCR_BANKS_REQUEST_4,
|
questionid = KEY_TPM2_PCR_BANKS_REQUEST_4,
|
||||||
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SM3_256),
|
prompt = STRING_TOKEN(STR_TCG2_PCR_BANK_SM3_256),
|
||||||
|
@ -159,6 +174,7 @@ formset
|
||||||
flags = INTERACTIVE,
|
flags = INTERACTIVE,
|
||||||
default = 0,
|
default = 0,
|
||||||
endcheckbox;
|
endcheckbox;
|
||||||
|
endif;
|
||||||
|
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
|
|
@ -386,6 +386,38 @@ FillBufferWithBootHashAlg (
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
Set ConfigInfo according to TpmAlgHash.
|
||||||
|
|
||||||
|
@param[in,out] Tcg2ConfigInfo TCG2 config info.
|
||||||
|
@param[in] TpmAlgHash TpmAlgHash.
|
||||||
|
|
||||||
|
**/
|
||||||
|
VOID
|
||||||
|
SetConfigInfo (
|
||||||
|
IN OUT TCG2_CONFIGURATION_INFO *Tcg2ConfigInfo,
|
||||||
|
IN UINT32 TpmAlgHash
|
||||||
|
)
|
||||||
|
{
|
||||||
|
switch (TpmAlgHash) {
|
||||||
|
case TPM_ALG_SHA1:
|
||||||
|
Tcg2ConfigInfo->Sha1Supported = TRUE;
|
||||||
|
break;
|
||||||
|
case TPM_ALG_SHA256:
|
||||||
|
Tcg2ConfigInfo->Sha256Supported = TRUE;
|
||||||
|
break;
|
||||||
|
case TPM_ALG_SHA384:
|
||||||
|
Tcg2ConfigInfo->Sha384Supported = TRUE;
|
||||||
|
break;
|
||||||
|
case TPM_ALG_SHA512:
|
||||||
|
Tcg2ConfigInfo->Sha512Supported = TRUE;
|
||||||
|
break;
|
||||||
|
case TPM_ALG_SM3_256:
|
||||||
|
Tcg2ConfigInfo->Sm3Supported = TRUE;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
Fill Buffer With TCG2EventLogFormat.
|
Fill Buffer With TCG2EventLogFormat.
|
||||||
|
|
||||||
|
@ -471,6 +503,7 @@ InstallTcg2ConfigForm (
|
||||||
UINTN Index;
|
UINTN Index;
|
||||||
TPML_PCR_SELECTION Pcrs;
|
TPML_PCR_SELECTION Pcrs;
|
||||||
CHAR16 TempBuffer[1024];
|
CHAR16 TempBuffer[1024];
|
||||||
|
TCG2_CONFIGURATION_INFO Tcg2ConfigInfo;
|
||||||
|
|
||||||
DriverHandle = NULL;
|
DriverHandle = NULL;
|
||||||
ConfigAccess = &PrivateData->ConfigAccess;
|
ConfigAccess = &PrivateData->ConfigAccess;
|
||||||
|
@ -531,6 +564,7 @@ InstallTcg2ConfigForm (
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ZeroMem (&Tcg2ConfigInfo, sizeof(Tcg2ConfigInfo));
|
||||||
Status = Tpm2GetCapabilityPcrs (&Pcrs);
|
Status = Tpm2GetCapabilityPcrs (&Pcrs);
|
||||||
if (EFI_ERROR (Status)) {
|
if (EFI_ERROR (Status)) {
|
||||||
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), L"[Unknown]", NULL);
|
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_ACTIVE_HASH_ALGO_CONTENT), L"[Unknown]", NULL);
|
||||||
|
@ -547,6 +581,7 @@ InstallTcg2ConfigForm (
|
||||||
TempBuffer[0] = 0;
|
TempBuffer[0] = 0;
|
||||||
for (Index = 0; Index < Pcrs.count; Index++) {
|
for (Index = 0; Index < Pcrs.count; Index++) {
|
||||||
AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer), Pcrs.pcrSelections[Index].hash);
|
AppendBufferWithTpmAlgHash (TempBuffer, sizeof(TempBuffer), Pcrs.pcrSelections[Index].hash);
|
||||||
|
SetConfigInfo (&Tcg2ConfigInfo, Pcrs.pcrSelections[Index].hash);
|
||||||
}
|
}
|
||||||
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL);
|
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TPM2_SUPPORTED_HASH_ALGO_CONTENT), TempBuffer, NULL);
|
||||||
}
|
}
|
||||||
|
@ -569,6 +604,19 @@ InstallTcg2ConfigForm (
|
||||||
FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.ActivePcrBanks);
|
FillBufferWithBootHashAlg (TempBuffer, sizeof(TempBuffer), PrivateData->ProtocolCapability.ActivePcrBanks);
|
||||||
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_ACTIVE_PCR_BANKS_CONTENT), TempBuffer, NULL);
|
HiiSetString (PrivateData->HiiHandle, STRING_TOKEN (STR_TCG2_ACTIVE_PCR_BANKS_CONTENT), TempBuffer, NULL);
|
||||||
|
|
||||||
|
//
|
||||||
|
// Set ConfigInfo, to control the check box.
|
||||||
|
//
|
||||||
|
Status = gRT->SetVariable (
|
||||||
|
TCG2_STORAGE_INFO_NAME,
|
||||||
|
&gTcg2ConfigFormSetGuid,
|
||||||
|
EFI_VARIABLE_BOOTSERVICE_ACCESS,
|
||||||
|
sizeof(Tcg2ConfigInfo),
|
||||||
|
&Tcg2ConfigInfo
|
||||||
|
);
|
||||||
|
if (EFI_ERROR (Status)) {
|
||||||
|
DEBUG ((EFI_D_ERROR, "Tcg2ConfigDriver: Fail to set TCG2_STORAGE_INFO_NAME\n"));
|
||||||
|
}
|
||||||
return EFI_SUCCESS;
|
return EFI_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
||||||
#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
|
#define EFI_TCG2_EVENT_LOG_FORMAT_ALL (EFI_TCG2_EVENT_LOG_FORMAT_TCG_1_2 | EFI_TCG2_EVENT_LOG_FORMAT_TCG_2)
|
||||||
|
|
||||||
#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001
|
#define TCG2_CONFIGURATION_VARSTORE_ID 0x0001
|
||||||
|
#define TCG2_CONFIGURATION_INFO_VARSTORE_ID 0x0002
|
||||||
#define TCG2_CONFIGURATION_FORM_ID 0x0001
|
#define TCG2_CONFIGURATION_FORM_ID 0x0001
|
||||||
|
|
||||||
#define KEY_TPM_DEVICE 0x2000
|
#define KEY_TPM_DEVICE 0x2000
|
||||||
|
@ -57,6 +58,14 @@ typedef struct {
|
||||||
UINT8 TpmDevice;
|
UINT8 TpmDevice;
|
||||||
} TCG2_CONFIGURATION;
|
} TCG2_CONFIGURATION;
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
UINT8 Sha1Supported;
|
||||||
|
UINT8 Sha256Supported;
|
||||||
|
UINT8 Sha384Supported;
|
||||||
|
UINT8 Sha512Supported;
|
||||||
|
UINT8 Sm3Supported;
|
||||||
|
} TCG2_CONFIGURATION_INFO;
|
||||||
|
|
||||||
//
|
//
|
||||||
// Variable saved for S3, TPM detected, only valid in S3 path.
|
// Variable saved for S3, TPM detected, only valid in S3 path.
|
||||||
// This variable is ReadOnly.
|
// This variable is ReadOnly.
|
||||||
|
@ -65,7 +74,8 @@ typedef struct {
|
||||||
UINT8 TpmDeviceDetected;
|
UINT8 TpmDeviceDetected;
|
||||||
} TCG2_DEVICE_DETECTION;
|
} TCG2_DEVICE_DETECTION;
|
||||||
|
|
||||||
#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION"
|
#define TCG2_STORAGE_NAME L"TCG2_CONFIGURATION"
|
||||||
|
#define TCG2_STORAGE_INFO_NAME L"TCG2_CONFIGURATION_INFO"
|
||||||
#define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION"
|
#define TCG2_DEVICE_DETECTION_NAME L"TCG2_DEVICE_DETECTION"
|
||||||
|
|
||||||
#define TPM_INSTANCE_ID_LIST { \
|
#define TPM_INSTANCE_ID_LIST { \
|
||||||
|
|
Loading…
Reference in New Issue